public void Should_Spport_Third_Party_Initiated_Login()
{
rpid = "rp-support_3rd_party_init_login";
// given
OIDCThirdPartyLoginRequest thirdPartyRequest = new OIDCThirdPartyLoginRequest();
thirdPartyRequest.Iss = GetBaseUrl("/");
WebRequest webRequest = WebRequest.Create(clientInformation.InitiateLoginUri + "?" + thirdPartyRequest.SerializeToQueryString());
OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage();
requestMessage.ClientId = clientInformation.ClientId;
requestMessage.Scope = new List<MessageScope>{ MessageScope.Openid };
requestMessage.ResponseType = new List<ResponseType>() { ResponseType.Code };
requestMessage.RedirectUri = clientInformation.RedirectUris[0];
requestMessage.Validate();
request = requestMessage.SerializeToQueryString();
param = providerMetadata.AuthorizationEndpoint;
OpenIdRelyingParty rp = new OpenIdRelyingParty();
// when
WebOperations.GetUrlContent(webRequest);
semaphore.WaitOne();
OIDCAuthCodeResponseMessage response = rp.ParseAuthCodeResponse(result);
// then
response.Validate();
}
/// <summary>
/// Method that sends authentication request to the OP.
/// </summary>
/// <param name="AuthenticateUrl">The URL to be used for the authentication request.</param>
/// <param name="RequestMessage">The reuqest message to be sent to the OP.</param>
/// <param name="Certificate">The certificate to be used, in case of a self-issued authentication.</param>
/// <returns>The authentication response from the OP.</returns>
public OIDCAuthImplicitResponseMessage Authenticate(string AuthenticateUrl, OIDCAuthorizationRequestMessage RequestMessage, X509Certificate2 Certificate = null)
{
if (new Uri(AuthenticateUrl).Scheme == "openid")
{
// we are dealing with a Self-Issued OpenID provider
Dictionary<string, object> response = PerformSelfIssuedAuthentication(RequestMessage, Certificate);
OIDCAuthImplicitResponseMessage responseMessage = new OIDCAuthImplicitResponseMessage();
responseMessage.DeserializeFromDictionary(response);
return responseMessage;
}
else
{
string login_url = AuthenticateUrl + "?" + RequestMessage.SerializeToQueryString();
WebOperations.GetUrlContent(WebRequest.Create(login_url));
return null;
}
}
/// <summary>
/// Method to perform third party initiated login.
/// </summary>
/// <param name="queryString">The query string representation of the authentication request</param>
/// <param name="authEndpoint">The OP authorization endpoint</param>
public void ThirdPartyInitiatedLogin(OIDCAuthorizationRequestMessage requestMessage, string authEndpoint)
{
string login_url = authEndpoint + "?" + requestMessage.SerializeToQueryString();
WebOperations.GetUrlContent(WebRequest.Create(login_url));
}
public void Should_Authenticate_With_IdToken_Token_Response_Type_Post()
{
rpid = "rp-response_mode-form_post";
// given
OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage();
requestMessage.ClientId = clientInformation.ClientId;
requestMessage.Scope = new List<MessageScope>() { MessageScope.Openid };
requestMessage.ResponseType = new List<ResponseType>() { ResponseType.IdToken, ResponseType.Token };
requestMessage.ResponseMode = "form_post";
requestMessage.RedirectUri = clientInformation.RedirectUris[1];
requestMessage.Nonce = WebOperations.RandomString();
requestMessage.State = WebOperations.RandomString();
requestMessage.Validate();
string login_url = GetBaseUrl("/authorization") + "?" + requestMessage.SerializeToQueryString();
OpenIdRelyingParty rp = new OpenIdRelyingParty();
// when
Dictionary<string, object> html = WebOperations.GetUrlContent(WebRequest.Create(login_url), false);
// then
Assert.NotNull(html);
CollectionAssert.Contains(html.Keys, "body");
string textHtml = (string)html["body"];
Assert.NotNull(textHtml);
HtmlDocument document = new HtmlDocument();
document.LoadHtml(textHtml);
HtmlNode formNode = document.DocumentNode.SelectNodes("//form")[0];
Assert.NotNull(formNode);
Assert.AreEqual(formNode.Attributes["method"].Value.ToLower(), "post");
Assert.AreEqual(formNode.Attributes["action"].Value.ToLower(), requestMessage.RedirectUri);
bool hasIdTokenInput = false;
foreach (HtmlNode innode in formNode.SelectNodes("//input"))
{
if (innode.Attributes["name"].Value.Equals("access_token"))
{
hasIdTokenInput = true;
}
}
Assert.IsTrue(hasIdTokenInput);
}
