public void GenerateResponse_EncodesParameters_OnTheFragment()
{
// Arrange
var expectedLocation = "http://www.example.com/callback#state=%23%3F%26%3D&code=serializedcode";
var httpContext = new DefaultHttpContext();
var generator = new FragmentResponseGenerator(UrlEncoder.Default);
var parameters = new Dictionary <string, string[]>
{
["state"] = new[] { "#?&=" },
["code"] = new[] { "serializedcode" }
};
var response = new OpenIdConnectMessage(parameters);
response.RedirectUri = "http://www.example.com/callback";
// Act
generator.GenerateResponse(httpContext, response.RedirectUri, response.Parameters);
// Assert
Assert.Equal(StatusCodes.Status302Found, httpContext.Response.StatusCode);
Assert.Equal(expectedLocation, httpContext.Response.Headers[HeaderNames.Location]);
var uri = new Uri(httpContext.Response.Headers[HeaderNames.Location]);
Assert.False(string.IsNullOrEmpty(uri.Fragment));
var fragmentParameters = QueryHelpers.ParseQuery(uri.Fragment.Substring(1));
Assert.Equal(2, fragmentParameters.Count);
var codeKvp = Assert.Single(fragmentParameters, kvp => kvp.Key == "code");
Assert.Equal("serializedcode", codeKvp.Value);
var stateKvp = Assert.Single(fragmentParameters, kvp => kvp.Key == "state");
Assert.Equal("#?&=", stateKvp.Value);
}
public async Task Spec_IdToken_Sample()
{
// Arrange
var httpContext = new DefaultHttpContext();
httpContext.Request.QueryString = QueryString.FromUriComponent("?response_type=id_token&client_id=s6BhdRkqt3&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb&scope=openid%20profile%20email&nonce=n-0S6_WzA2Mj&state=af0ifjsldkj");
var requestParameters = httpContext.Request.Query.ToDictionary(kvp => kvp.Key, kvp => (string[])kvp.Value);
var requestFactory = CreateRequestFactory();
var tokenIssuer = GetTokenIssuer();
var fragmentExecutor = new FragmentResponseGenerator(UrlEncoder.Default);
var user = CreateUser("248289761001");
var application = CreateApplication("s6BhdRkqt");
var responseFactory = CreateAuthorizationResponseFactory();
// Act
var result = await requestFactory.CreateAuthorizationRequestAsync(requestParameters);
var tokenContext = result.CreateTokenGeneratingContext(user, application);
await tokenIssuer.IssueTokensAsync(tokenContext);
var response = await responseFactory.CreateAuthorizationResponseAsync(tokenContext);
fragmentExecutor.GenerateResponse(httpContext, response.RedirectUri, response.Message.Parameters);
// Assert
Assert.Equal(StatusCodes.Status302Found, httpContext.Response.StatusCode);
Assert.False(StringValues.IsNullOrEmpty(httpContext.Response.Headers[HeaderNames.Location]));
var uri = new Uri(httpContext.Response.Headers[HeaderNames.Location]);
Assert.False(string.IsNullOrEmpty(uri.Fragment));
var parameters = QueryHelpers.ParseQuery(uri.Fragment.Substring(1));
Assert.Equal(2, parameters.Count);
var idTokenKvp = Assert.Single(parameters, kvp => kvp.Key == "id_token");
var stateKvp = Assert.Single(parameters, kvp => kvp.Key == "state");
Assert.Equal("af0ifjsldkj", stateKvp.Value);
}
