public async Task Valid_Code_Request() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Subject = IdentityServerPrincipal.Create("123", "bob"), Client = client, RedirectUri = "https://server/cb", RequestedScopes = new List<Scope> { new Scope { Name = "openid" } } }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeFalse(); }
public async Task Unknown_Grant_Type() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "unknown"); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.UnsupportedGrantType); }
public async Task AuthorizationCodeTooLong() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var options = new IdentityServerOptions(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var longCode = "x".Repeat(options.InputLengthRestrictions.AuthorizationCode + 1); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, longCode); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant); }
public async Task Expired_AuthorizationCode() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server/cb", CreationTime = DateTimeOffset.UtcNow.AddSeconds(-100) }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant); }
public async Task Different_RedirectUri_Between_Authorize_And_Token_Request() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server1/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server2/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.UnauthorizedClient); }
public async Task Client_Trying_To_Request_Token_Using_Another_Clients_Code() { var client1 = await _clients.FindClientByIdAsync("codeclient"); var client2 = await _clients.FindClientByIdAsync("codeclient_restricted"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client1, IsOpenId = true, RedirectUri = "https://server/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client2); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant); }