private ITokenManager GetTestTokenManager( Token token = null, string userId = null, string clientId = null, IEnumerable <string> grantedTokens = null, IEnumerable <string> grantedScopes = null) { userId = userId ?? "userId"; clientId = clientId ?? "clientId"; grantedTokens = grantedTokens ?? Enumerable.Empty <string>(); var parsedScopes = grantedScopes?.Select(s => ApplicationScope.CanonicalScopes.TryGetValue(s, out var found) ? found : new ApplicationScope(clientId, s)) ?? new[] { ApplicationScope.OpenId, ApplicationScope.OfflineAccess }; var mock = new Mock <ITokenManager>(); if (token == null) { mock.Setup(m => m.ExchangeTokenAsync(It.IsAny <OpenIdConnectMessage>())) .ReturnsAsync(AuthorizationGrant.Invalid(ProtocolErrorProvider.InvalidGrant())); } else { mock.Setup(m => m.ExchangeTokenAsync(It.IsAny <OpenIdConnectMessage>())) .ReturnsAsync(AuthorizationGrant.Valid( userId, clientId, grantedTokens, parsedScopes, token)); } return(mock.Object); }
public async Task <AuthorizationGrant> ExchangeTokenAsync(OpenIdConnectMessage message) { switch (message.GrantType) { case OpenIdConnectGrantTypes.AuthorizationCode: return(await _codeIssuer.ExchangeAuthorizationCodeAsync(message)); case OpenIdConnectGrantTypes.RefreshToken: return(await _refreshTokenIssuer.ExchangeRefreshTokenAsync(message)); default: return(AuthorizationGrant.Invalid(_errorProvider.InvalidGrantType(message.GrantType))); } }
public Task <AuthorizationGrant> ExchangeRefreshTokenAsync(OpenIdConnectMessage message) { var refreshToken = _dataFormat.Unprotect(message.RefreshToken); var resource = refreshToken.Resource; var scopes = refreshToken.Scopes .Select(s => ApplicationScope.CanonicalScopes.TryGetValue(s, out var scope) ? scope : new ApplicationScope(resource, s)); return(Task.FromResult(AuthorizationGrant.Valid( refreshToken.UserId, refreshToken.ClientId, refreshToken.GrantedTokens, scopes, refreshToken))); }
public Task <AuthorizationGrant> ExchangeAuthorizationCodeAsync(OpenIdConnectMessage message) { var code = _dataFormat.Unprotect(message.Code); if (code == null) { return(Task.FromResult(AuthorizationGrant.Invalid(_errorProvider.InvalidAuthorizationCode()))); } var userId = code.UserId; var clientId = code.ClientId; var scopes = code.Scopes; var resource = code.Resource; var nonce = code.Nonce; var tokenTypes = code.GrantedTokens; var grantedScopes = scopes.SelectMany(s => s.Split(new[] { ' ' }, StringSplitOptions.RemoveEmptyEntries)) .Select(s => ApplicationScope.CanonicalScopes.TryGetValue(s, out var canonicalScope) ? canonicalScope : new ApplicationScope(resource, s)) .ToList(); return(Task.FromResult(AuthorizationGrant.Valid(userId, clientId, tokenTypes, grantedScopes, code))); }
private async Task <OpenIdConnectMessage> ValidateAuthorizationCode( IDictionary <string, string[]> requestParameters, string clientId, AuthorizationGrant consentGrant) { if (!(consentGrant.Token is AuthorizationCode code)) { throw new InvalidOperationException("Granted token must be an authorization code."); } var(redirectUri, redirectUriError) = RequestParametersHelper.ValidateOptionalParameterIsUnique(requestParameters, OpenIdConnectParameterNames.RedirectUri, _errorProvider); if (redirectUriError != null) { return(redirectUriError); } var tokenRedirectUri = code.RedirectUri; if (redirectUri == null && tokenRedirectUri != null) { return(_errorProvider.MissingRequiredParameter(OpenIdConnectParameterNames.RedirectUri)); } if (!string.Equals(redirectUri, tokenRedirectUri, StringComparison.Ordinal)) { return(_errorProvider.MismatchedRedirectUrl(redirectUri)); } var resolution = await _redirectUriValidator.ResolveRedirectUriAsync(clientId, redirectUri); if (!resolution.IsValid) { return(_errorProvider.InvalidRedirectUri(redirectUri)); } if (code.CodeChallenge != null) { if (!ProofOfKeyForCodeExchangeChallengeMethods.SHA256.Equals(code.CodeChallengeMethod, StringComparison.Ordinal)) { throw new InvalidOperationException("Unsupported code challenge method."); } var(verifier, verifierError) = RequestParametersHelper.ValidateParameterIsUnique(requestParameters, ProofOfKeyForCodeExchangeParameterNames.CodeVerifier, _errorProvider); if (verifierError != null) { return(verifierError); } // code-verifier = [a-zA-Z0-9\-._~]{43,128} if (verifier.Length < 43 || verifier.Length > 128) { return(_errorProvider.InvalidCodeVerifier()); } for (var i = 0; i < verifier.Length; i++) { if (verifier[i] > 127 || !ValidCodeVerifierCharacters[verifier[i]]) { return(_errorProvider.InvalidCodeVerifier()); } } if (!string.Equals(code.CodeChallenge, GetComputedChallenge(verifier), StringComparison.Ordinal)) { return(_errorProvider.InvalidCodeVerifier()); } } return(null); }