public async Task OnGeneratingClaims_AddsAllScopesToAuthorizationCode() { // Arrange var applicationScopes = new List <ApplicationScope> { ApplicationScope.OpenId, new ApplicationScope("resourceId", "custom") }; var context = new TokenGeneratingContext( new ClaimsPrincipal(), new ClaimsPrincipal(), new OpenIdConnectMessage() { RequestType = OpenIdConnectRequestType.Authentication }, new RequestGrants() { Scopes = applicationScopes.ToList() }); var claimsProvider = new ScopesTokenClaimsProvider(); context.InitializeForToken(TokenTypes.AuthorizationCode); // Act await claimsProvider.OnGeneratingClaims(context); var claims = context.CurrentClaims; // Assert Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Scope) && c.Value.Equals("openid custom")); Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Resource) && c.Value.Equals("resourceId")); }
public async Task OnGeneratingClaims_AddsCustomScopesFromRequest_ToAccessTokenOnAuthorization() { // Arrange var applicationScopes = new List <ApplicationScope> { ApplicationScope.OpenId, new ApplicationScope("resourceId", "custom") }; var expectedResourceValue = applicationScopes.FirstOrDefault(s => s.ClientId != null)?.ClientId; var context = new TokenGeneratingContext( new ClaimsPrincipal(), new ClaimsPrincipal(), new OpenIdConnectMessage() { ClientId = "clientId" }, new RequestGrants() { Scopes = applicationScopes.ToList() }); var claimsProvider = new ScopesTokenClaimsProvider(); context.InitializeForToken(TokenTypes.AccessToken); // Act await claimsProvider.OnGeneratingClaims(context); var claims = context.CurrentClaims; // Assert Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Scope) && c.Value.Equals("custom")); Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Audience) && c.Value.Equals("resourceId")); Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.AuthorizedParty) && c.Value.Equals("clientId")); }
public async Task OnGeneratingClaims_AddsCustomScopesFromRequest_ToAccessTokenOnTokenRequest() { // Arrange var applicationScopes = new List <ApplicationScope> { ApplicationScope.OpenId, new ApplicationScope("resourceId", "custom"), new ApplicationScope("resourceId", "custom2") }; var expectedResourceValue = applicationScopes.FirstOrDefault(s => s.ClientId != null)?.ClientId; var context = new TokenGeneratingContext( new ClaimsPrincipal(), new ClaimsPrincipal(), new OpenIdConnectMessage() { ClientId = "clientId" }, new RequestGrants() { Scopes = applicationScopes.ToList(), // This is just to prove that we always pick the values for the scope related claims // from the set of granted scopes (for access tokens). Claims = new List <Claim> { new Claim(IdentityServiceClaimTypes.Resource, "ridClaim"), new Claim(IdentityServiceClaimTypes.Scope, "custom3") } }); var claimsProvider = new ScopesTokenClaimsProvider(); context.InitializeForToken(TokenTypes.AccessToken); // Act await claimsProvider.OnGeneratingClaims(context); var claims = context.CurrentClaims; // Assert Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Scope) && c.Value.Equals("custom custom2")); Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Audience) && c.Value.Equals("resourceId")); Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.AuthorizedParty) && c.Value.Equals("clientId")); }
public async Task OnGeneratingClaims_AddsAllScopesFromGrantClaims_ToRefreshTokenOnTokenRequest() { // Arrange // This is just to prove that we always transfer the scope and resource claims from the grant // into the refresh token untouched. var applicationScopes = new List <ApplicationScope> { ApplicationScope.OpenId, new ApplicationScope("resourceId", "custom"), new ApplicationScope("resourceId", "custom2") }; var expectedResourceValue = applicationScopes.FirstOrDefault(s => s.ClientId != null)?.ClientId; var context = new TokenGeneratingContext( new ClaimsPrincipal(), new ClaimsPrincipal(), new OpenIdConnectMessage() { ClientId = "clientId" }, new RequestGrants() { Scopes = applicationScopes.ToList(), Claims = new List <Claim> { new Claim(IdentityServiceClaimTypes.Resource, "ridClaim"), new Claim(IdentityServiceClaimTypes.Scope, "openid custom3") } }); var claimsProvider = new ScopesTokenClaimsProvider(); context.InitializeForToken(TokenTypes.RefreshToken); // Act await claimsProvider.OnGeneratingClaims(context); var claims = context.CurrentClaims; // Assert Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Scope) && c.Value.Equals("openid custom3")); Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Resource) && c.Value.Equals("ridClaim")); }