public void GenerateResponse_EncodesParameters_OnTheFragment() { // Arrange var expectedLocation = "http://www.example.com/callback#state=%23%3F%26%3D&code=serializedcode"; var httpContext = new DefaultHttpContext(); var generator = new FragmentResponseGenerator(UrlEncoder.Default); var parameters = new Dictionary <string, string[]> { ["state"] = new[] { "#?&=" }, ["code"] = new[] { "serializedcode" } }; var response = new OpenIdConnectMessage(parameters); response.RedirectUri = "http://www.example.com/callback"; // Act generator.GenerateResponse(httpContext, response.RedirectUri, response.Parameters); // Assert Assert.Equal(StatusCodes.Status302Found, httpContext.Response.StatusCode); Assert.Equal(expectedLocation, httpContext.Response.Headers[HeaderNames.Location]); var uri = new Uri(httpContext.Response.Headers[HeaderNames.Location]); Assert.False(string.IsNullOrEmpty(uri.Fragment)); var fragmentParameters = QueryHelpers.ParseQuery(uri.Fragment.Substring(1)); Assert.Equal(2, fragmentParameters.Count); var codeKvp = Assert.Single(fragmentParameters, kvp => kvp.Key == "code"); Assert.Equal("serializedcode", codeKvp.Value); var stateKvp = Assert.Single(fragmentParameters, kvp => kvp.Key == "state"); Assert.Equal("#?&=", stateKvp.Value); }
public async Task Spec_IdToken_Sample() { // Arrange var httpContext = new DefaultHttpContext(); httpContext.Request.QueryString = QueryString.FromUriComponent("?response_type=id_token&client_id=s6BhdRkqt3&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb&scope=openid%20profile%20email&nonce=n-0S6_WzA2Mj&state=af0ifjsldkj"); var requestParameters = httpContext.Request.Query.ToDictionary(kvp => kvp.Key, kvp => (string[])kvp.Value); var requestFactory = CreateRequestFactory(); var tokenIssuer = GetTokenIssuer(); var fragmentExecutor = new FragmentResponseGenerator(UrlEncoder.Default); var user = CreateUser("248289761001"); var application = CreateApplication("s6BhdRkqt"); var responseFactory = CreateAuthorizationResponseFactory(); // Act var result = await requestFactory.CreateAuthorizationRequestAsync(requestParameters); var tokenContext = result.CreateTokenGeneratingContext(user, application); await tokenIssuer.IssueTokensAsync(tokenContext); var response = await responseFactory.CreateAuthorizationResponseAsync(tokenContext); fragmentExecutor.GenerateResponse(httpContext, response.RedirectUri, response.Message.Parameters); // Assert Assert.Equal(StatusCodes.Status302Found, httpContext.Response.StatusCode); Assert.False(StringValues.IsNullOrEmpty(httpContext.Response.Headers[HeaderNames.Location])); var uri = new Uri(httpContext.Response.Headers[HeaderNames.Location]); Assert.False(string.IsNullOrEmpty(uri.Fragment)); var parameters = QueryHelpers.ParseQuery(uri.Fragment.Substring(1)); Assert.Equal(2, parameters.Count); var idTokenKvp = Assert.Single(parameters, kvp => kvp.Key == "id_token"); var stateKvp = Assert.Single(parameters, kvp => kvp.Key == "state"); Assert.Equal("af0ifjsldkj", stateKvp.Value); }