public async Task Expired_RefreshToken() { var refreshToken = new RefreshToken { AccessToken = new Token("access_token") { Client = new Client() { ClientId = "roclient" } }, LifeTime = 10, CreationTime = DateTimeOffset.UtcNow.AddSeconds(-15) }; var handle = Guid.NewGuid().ToString(); var store = new InMemoryRefreshTokenStore(); await store.StoreAsync(handle, refreshToken); var client = await _clients.FindClientByIdAsync("roclient"); var validator = Factory.CreateTokenRequestValidator( refreshTokens: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "refresh_token"); parameters.Add(Constants.TokenRequest.RefreshToken, handle); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.InvalidGrant); }
public async Task Valid_RefreshToken_Request_using_Restricted_Client() { var mock = new Mock<IUserService>(); var subjectClaim = new Claim(Constants.ClaimTypes.Subject, "foo"); var refreshToken = new RefreshToken { AccessToken = new Token("access_token") { Claims = new List<Claim> { subjectClaim }, Client = new Client { ClientId = "roclient_restricted_refresh"} }, LifeTime = 600, CreationTime = DateTimeOffset.UtcNow }; var handle = Guid.NewGuid().ToString(); var store = new InMemoryRefreshTokenStore(); await store.StoreAsync(handle, refreshToken); var client = await _clients.FindClientByIdAsync("roclient_restricted_refresh"); var validator = Factory.CreateTokenRequestValidator( refreshTokens: store, userService: mock.Object); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "refresh_token"); parameters.Add(Constants.TokenRequest.RefreshToken, handle); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeFalse(); }
public async Task RefreshToken_Request_with_disabled_User() { var mock = new Mock<IUserService>(); mock.Setup(u => u.IsActiveAsync(It.IsAny<IsActiveContext>())).Callback<IsActiveContext>(ctx => { ctx.IsActive = false; }).Returns(Task.FromResult(0)); var subjectClaim = new Claim(Constants.ClaimTypes.Subject, "foo"); var refreshToken = new RefreshToken { AccessToken = new Token("access_token") { Claims = new List<Claim> { subjectClaim }, Client = new Client() { ClientId = "roclient" } }, LifeTime = 600, CreationTime = DateTimeOffset.UtcNow }; var handle = Guid.NewGuid().ToString(); var store = new InMemoryRefreshTokenStore(); await store.StoreAsync(handle, refreshToken); var client = await _clients.FindClientByIdAsync("roclient"); var validator = Factory.CreateTokenRequestValidator( refreshTokens: store, userService: mock.Object); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "refresh_token"); parameters.Add(Constants.TokenRequest.RefreshToken, handle); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); }
public async Task Client_has_no_Resource_Scope_anymore_at_RefreshToken_Request() { var subjectClaim = new Claim(Constants.ClaimTypes.Subject, "foo"); var resourceScope = new Claim("scope", "resource"); var offlineAccessScope = new Claim("scope", "offline_access"); var refreshToken = new RefreshToken { AccessToken = new Token("access_token") { Claims = new List<Claim> { subjectClaim, resourceScope, offlineAccessScope }, Client = new Client { ClientId = "roclient_offline_only", }, }, LifeTime = 600, CreationTime = DateTimeOffset.UtcNow }; var handle = Guid.NewGuid().ToString(); var store = new InMemoryRefreshTokenStore(); await store.StoreAsync(handle, refreshToken); var client = await _clients.FindClientByIdAsync("roclient_offline_only"); var validator = Factory.CreateTokenRequestValidator( refreshTokens: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "refresh_token"); parameters.Add(Constants.TokenRequest.RefreshToken, handle); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.InvalidGrant); }