private static void ValidateScopes(AuthorizeRequest request, ValidatedRequest validatedRequest) { // validate scopes if (string.IsNullOrEmpty(request.scope)) { throw new AuthorizeRequestClientException( "Missing scope.", new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.InvalidScope, validatedRequest.ResponseType, validatedRequest.State); } var requestedScopes = request.scope.Split(' ').ToList(); List <Scope> resultingScopes; if (validatedRequest.Application.Scopes.TryValidateScopes(validatedRequest.Client.ClientId, requestedScopes, out resultingScopes)) { validatedRequest.Scopes = resultingScopes; Tracing.InformationFormat("Requested scopes: {0}", request.scope); } else { throw new AuthorizeRequestClientException( "Invalid scope.", new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.InvalidScope, validatedRequest.ResponseType, validatedRequest.State); } }
// GET /{appName}/oauth/authorize // public ActionResult Index(string appName, AuthorizeRequest request) { Tracing.Start("OAuth2 Authorize Endoint"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return HttpNotFound(); } ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return this.AuthorizeValidationError(ex); } if (validatedRequest.ShowConsent) { // show consent screen Tracing.Verbose("Showing consent screen"); return View("Consent", validatedRequest); } Tracing.Verbose("No consent configured for application/client"); return PerformGrant(validatedRequest); }
private void ValidateCodeResponseType(ValidatedRequest validatedRequest, AuthorizeRequest request) { // make sure response type allowed for this client if (validatedRequest.Client.Flow != OAuthFlow.Code) { throw new AuthorizeRequestClientException( "response_type is not allowed: " + request.response_type, new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.UnsupportedResponseType, request.response_type, validatedRequest.State); } if (validatedRequest.Client.AllowRefreshToken && validatedRequest.Application.AllowRefreshToken) { Tracing.Information("The request allows arefresh token."); validatedRequest.RequestingRefreshToken = true; } if (validatedRequest.Client.RequireConsent || validatedRequest.Application.RequireConsent) { Tracing.Information("Consent is required."); validatedRequest.ShowConsent = true; } }
// GET /{appName}/oauth/authorize // public ActionResult Index(string appName, AuthorizeRequest request) { Tracing.Start("OAuth2 Authorize Endoint"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return(HttpNotFound()); } ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return(this.AuthorizeValidationError(ex)); } if (validatedRequest.ShowConsent) { validatedRequest.RememberOptions = GetRememberOptions(application); // todo: check first if a remembered consent decision exists if (validatedRequest.ResponseType == OAuthConstants.ResponseTypes.Token) { var handle = _handleManager.Find( ClaimsPrincipal.Current.GetSubject(), validatedRequest.Client, validatedRequest.Application, validatedRequest.Scopes, StoredGrantType.ConsentDecision); if (handle != null) { Tracing.Verbose("Stored consent decision found."); return(PerformGrant(validatedRequest)); } } // show consent screen Tracing.Verbose("Showing consent screen"); return(View("Consent", validatedRequest)); } Tracing.Verbose("No consent configured for application/client"); // workaround for bug #139 validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddYears(50); return(PerformGrant(validatedRequest)); }
// GET /{appName}/oauth/authorize // public ActionResult Index(string appName, AuthorizeRequest request) { Tracing.Start("OAuth2 Authorize Endoint"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return HttpNotFound(); } ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return this.AuthorizeValidationError(ex); } if (validatedRequest.ShowConsent) { validatedRequest.RememberOptions = GetRememberOptions(application); // todo: check first if a remembered consent decision exists if (validatedRequest.ResponseType == OAuthConstants.ResponseTypes.Token) { var handle = _handleManager.Find( ClaimsPrincipal.Current.GetSubject(), validatedRequest.Client, validatedRequest.Application, validatedRequest.Scopes, StoredGrantType.ConsentDecision); if (handle != null) { Tracing.Verbose("Stored consent decision found."); return PerformGrant(validatedRequest); } } // show consent screen Tracing.Verbose("Showing consent screen"); return View("Consent", validatedRequest); } Tracing.Verbose("No consent configured for application/client"); // workaround for bug #139 validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddYears(50); return PerformGrant(validatedRequest); }
private void ValidateTokenResponseType(ValidatedRequest validatedRequest, AuthorizeRequest request) { if (validatedRequest.Client.Flow != OAuthFlow.Implicit) { throw new AuthorizeRequestClientException( "response_type is not allowed: " + request.response_type, new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.UnsupportedResponseType, request.response_type, validatedRequest.State); } }
public ActionResult HandleConsentResponse(string appName, string button, string[] scopes, AuthorizeRequest request, int? rememberDuration = null) { Tracing.Start("OAuth2 Authorize Endoint - Consent response"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return HttpNotFound(); } if (button == "no") { Tracing.Information("User denies access token request."); return new ClientErrorResult(new Uri(request.redirect_uri), OAuthConstants.Errors.AccessDenied, request.response_type, request.state); } if (button == "yes") { Tracing.Information("User allows access token request."); ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return this.AuthorizeValidationError(ex); } if (scopes == null || scopes.Length == 0) { ModelState.AddModelError("", "Please choose at least one permission."); return View("Consent", validatedRequest); } // todo: parse scopes form post and substitue scopes validatedRequest.Scopes.RemoveAll(x => !scopes.Contains(x.Name)); var grantResult = PerformGrant(validatedRequest); if (grantResult != null) return grantResult; } return new ClientErrorResult( new Uri(request.redirect_uri), OAuthConstants.Errors.InvalidRequest, request.response_type, request.state); }
public void ValidRequestMultipleScope() { var validator = new AuthorizeRequestValidator(_clientManager); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "codeclient", response_type = "code", scope = "read search", redirect_uri = "https://prod.local" }; var result = validator.Validate(app, request); }
public void ValidRequestMultipleScope() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "implicitclient", response_type = "token", scope = "read browse", redirect_uri = "https://test2.local" }; var result = validator.Validate(app, request); }
public void DisabledClient() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "disabledclient", response_type = "code", scope = "read", redirect_uri = "https://prod.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestResourceOwnerException ex) { return; } Assert.Fail("No exception thrown."); }
public void MissingRedirectUri() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "codeclient", response_type = "code", scope = "read" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestResourceOwnerException ex) { // todo: check error code return; } Assert.Fail("No exception thrown."); }
public void UnauthorizedResponseType() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "implicitclient", response_type = "code", scope = "read", redirect_uri = "https://test2.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestClientException ex) { Assert.IsTrue(ex.Error == OAuthConstants.Errors.UnsupportedResponseType); return; } Assert.Fail("No exception thrown."); }
public void UnauthorizedRedirectUri() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "implicitclient", response_type = "token", scope = "read", redirect_uri = "https://unauthorized.com" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestResourceOwnerException ex) { // todo: check error code return; } Assert.Fail("No exception thrown."); }
public ActionResult HandleConsentResponse(string appName, string button, string[] scopes, AuthorizeRequest request, int? rememberDuration = null) { Tracing.Start("OAuth2 Authorize Endoint - Consent response"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return HttpNotFound(); } if (button == "no") { Tracing.Information("User denies access token request."); return new ClientErrorResult(new Uri(request.redirect_uri), OAuthConstants.Errors.AccessDenied, request.response_type, request.state); } if (button == "yes") { Tracing.Information("User allows access token request."); ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return this.AuthorizeValidationError(ex); } if (scopes == null || scopes.Length == 0) { ModelState.AddModelError("", "Please choose at least one permission."); return View("Consent", validatedRequest); } // parse scopes form post and substitue scopes validatedRequest.Scopes.RemoveAll(x => !scopes.Contains(x.Name)); // store consent decision if // checkbox was checked // and storage is allowed // and flow == implicit if (validatedRequest.Application.AllowRememberConsentDecision && validatedRequest.ResponseType == OAuthConstants.ResponseTypes.Token && rememberDuration == -1) { var handle = StoredGrant.CreateConsentDecision( ClaimsPrincipal.Current.GetSubject(), validatedRequest.Client, validatedRequest.Application, validatedRequest.Scopes); _handleManager.Add(handle); Tracing.Information("Consent decision stored."); } // parse refresh token lifetime if // code flow is used // and refresh tokens are allowed if (validatedRequest.RequestingRefreshToken && rememberDuration != null && validatedRequest.Client.Flow == OAuthFlow.Code) { if (rememberDuration == -1) { validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddYears(50); } else { validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddHours(rememberDuration.Value); } Tracing.Information("Selected refresh token lifetime in hours: " + rememberDuration); } var grantResult = PerformGrant(validatedRequest); if (grantResult != null) return grantResult; } return new ClientErrorResult( new Uri(request.redirect_uri), OAuthConstants.Errors.InvalidRequest, request.response_type, request.state); }
public void UnauthorizedResponseType() { var validator = new AuthorizeRequestValidator(_clientManager); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "codeclient", response_type = "token", scope = "read", redirect_uri = "https://prod.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestClientException ex) { Assert.AreEqual(OAuthConstants.Errors.UnsupportedResponseType, ex.Error); return; } Assert.Fail("No exception thrown."); }
public void UnauthorizedScopeMultiple() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "implicitclient", response_type = "token", scope = "read write", redirect_uri = "https://test2.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestClientException ex) { Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.Error); return; } Assert.Fail("No exception thrown."); }
private static void ValidateScopes(AuthorizeRequest request, ValidatedRequest validatedRequest) { // validate scopes if (string.IsNullOrEmpty(request.scope)) { throw new AuthorizeRequestClientException( "Missing scope.", new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.InvalidScope, validatedRequest.ResponseType, validatedRequest.State); } var requestedScopes = request.scope.Split(' ').ToList(); List<Scope> resultingScopes; if (validatedRequest.Application.Scopes.TryValidateScopes(validatedRequest.Client.ClientId, requestedScopes, out resultingScopes)) { validatedRequest.Scopes = resultingScopes; Tracing.InformationFormat("Requested scopes: {0}", request.scope); } else { throw new AuthorizeRequestClientException( "Invalid scope.", new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.InvalidScope, validatedRequest.ResponseType, validatedRequest.State); } }
public ValidatedRequest Validate(Application application, AuthorizeRequest request) { // If the request fails due to a missing, invalid, or mismatching // redirection URI, or if the client identifier is missing or invalid, // the authorization server SHOULD inform the resource owner of the // error and MUST NOT automatically redirect the user-agent to the // invalid redirection URI. var validatedRequest = new ValidatedRequest(); // validate request model binding if (request == null) { throw new AuthorizeRequestResourceOwnerException("Invalid request parameters."); } validatedRequest.Application = application; Tracing.InformationFormat("OAuth2 application: {0} ({1})", validatedRequest.Application.Name, validatedRequest.Application.Namespace); validatedRequest.ShowRememberConsent = application.AllowRememberConsentDecision; // make sure redirect uri is present if (string.IsNullOrWhiteSpace(request.redirect_uri)) { throw new AuthorizeRequestResourceOwnerException("Missing redirect URI"); } // validate client if (string.IsNullOrWhiteSpace(request.client_id)) { throw new AuthorizeRequestResourceOwnerException("Missing client identifier"); } var client = _clientManager.Get(request.client_id); if (client == null) { throw new AuthorizeRequestResourceOwnerException("Invalid client: " + request.client_id); } validatedRequest.Client = client; Tracing.InformationFormat("Client: {0} ({1})", validatedRequest.Client.Name, validatedRequest.Client.ClientId); // make sure redirect_uri is a valid uri, and in case of http is over ssl Uri redirectUri; if (Uri.TryCreate(request.redirect_uri, UriKind.Absolute, out redirectUri)) { if (redirectUri.Scheme == Uri.UriSchemeHttp) { throw new AuthorizeRequestClientException( "Redirect URI not over SSL : " + request.redirect_uri, new Uri(request.redirect_uri), OAuthConstants.Errors.InvalidRequest, string.Empty, validatedRequest.State); } // make sure redirect uri is registered with client var validUri = validatedRequest.Client.RedirectUris.Get(request.redirect_uri); if (validUri == null) { throw new AuthorizeRequestResourceOwnerException("Invalid redirect URI: " + request.redirect_uri); } validatedRequest.RedirectUri = validUri; Tracing.InformationFormat("Redirect URI: {0} ({1})", validatedRequest.RedirectUri.Uri, validatedRequest.RedirectUri.Description); } else { var message = "Invalid redirect URI: " + request.redirect_uri; Tracing.Error(message); throw new AuthorizeRequestResourceOwnerException("Invalid redirect URI: " + request.redirect_uri); } // check state if (!string.IsNullOrWhiteSpace(request.state)) { validatedRequest.State = request.state; Tracing.Information("State: " + validatedRequest.State); } else { Tracing.Information("No state supplied."); } // validate response type if (String.IsNullOrWhiteSpace(request.response_type)) { throw new AuthorizeRequestClientException( "response_type is null or empty", new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.InvalidRequest, string.Empty, validatedRequest.State); } // check response type (only code and token are supported) if (!request.response_type.Equals(OAuthConstants.ResponseTypes.Token, StringComparison.Ordinal) && !request.response_type.Equals(OAuthConstants.ResponseTypes.Code, StringComparison.Ordinal)) { throw new AuthorizeRequestClientException( "response_type is not token or code: " + request.response_type, new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.UnsupportedResponseType, string.Empty, validatedRequest.State); } validatedRequest.ResponseType = request.response_type; Tracing.Information("Response type: " + validatedRequest.ResponseType); if (request.response_type == OAuthConstants.ResponseTypes.Code) { ValidateCodeResponseType(validatedRequest, request); } else if (request.response_type == OAuthConstants.ResponseTypes.Token) { ValidateTokenResponseType(validatedRequest, request); } else { throw new AuthorizeRequestClientException( "Invalid response_type: " + request.response_type, new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.UnsupportedResponseType, request.response_type, validatedRequest.State); } ValidateScopes(request, validatedRequest); // TODO: fix based upon past "remember me" settings validatedRequest.ShowConsent = client.RequireConsent || application.RequireConsent; Tracing.Information("Authorize request validation successful."); return validatedRequest; }
public ActionResult HandleConsentResponse(string appName, string button, string[] scopes, AuthorizeRequest request, int?rememberDuration = null) { Tracing.Start("OAuth2 Authorize Endoint - Consent response"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return(HttpNotFound()); } if (button == "no") { Tracing.Information("User denies access token request."); return(new ClientErrorResult(new Uri(request.redirect_uri), OAuthConstants.Errors.AccessDenied, request.response_type, request.state)); } if (button == "yes") { Tracing.Information("User allows access token request."); ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return(this.AuthorizeValidationError(ex)); } if (scopes == null || scopes.Length == 0) { ModelState.AddModelError("", "Please choose at least one permission."); return(View("Consent", validatedRequest)); } // parse scopes form post and substitue scopes validatedRequest.Scopes.RemoveAll(x => !scopes.Contains(x.Name)); // store consent decision if // checkbox was checked // and storage is allowed // and flow == implicit if (validatedRequest.Application.AllowRememberConsentDecision && validatedRequest.ResponseType == OAuthConstants.ResponseTypes.Token && rememberDuration == -1) { var handle = StoredGrant.CreateConsentDecision( ClaimsPrincipal.Current.GetSubject(), validatedRequest.Client, validatedRequest.Application, validatedRequest.Scopes); _handleManager.Add(handle); Tracing.Information("Consent decision stored."); } // parse refresh token lifetime if // code flow is used // and refresh tokens are allowed if (validatedRequest.RequestingRefreshToken && rememberDuration != null && validatedRequest.Client.Flow == OAuthFlow.Code) { if (rememberDuration == -1) { validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddYears(50); } else { validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddHours(rememberDuration.Value); } Tracing.Information("Selected refresh token lifetime in hours: " + rememberDuration); } var grantResult = PerformGrant(validatedRequest); if (grantResult != null) { return(grantResult); } } return(new ClientErrorResult( new Uri(request.redirect_uri), OAuthConstants.Errors.InvalidRequest, request.response_type, request.state)); }
public ValidatedRequest Validate(Application application, AuthorizeRequest request) { // If the request fails due to a missing, invalid, or mismatching // redirection URI, or if the client identifier is missing or invalid, // the authorization server SHOULD inform the resource owner of the // error and MUST NOT automatically redirect the user-agent to the // invalid redirection URI. var validatedRequest = new ValidatedRequest(); // validate request model binding if (request == null) { throw new AuthorizeRequestResourceOwnerException("Invalid request parameters."); } validatedRequest.Application = application; Tracing.InformationFormat("OAuth2 application: {0} ({1})", validatedRequest.Application.Name, validatedRequest.Application.Namespace); validatedRequest.ShowRememberConsent = application.AllowRememberConsentDecision; // make sure redirect uri is present if (string.IsNullOrWhiteSpace(request.redirect_uri)) { throw new AuthorizeRequestResourceOwnerException("Missing redirect URI"); } // validate client if (string.IsNullOrWhiteSpace(request.client_id)) { throw new AuthorizeRequestResourceOwnerException("Missing client identifier"); } var client = validatedRequest.Application.Clients.Get(request.client_id); if (client == null || client.Enabled == false) { throw new AuthorizeRequestResourceOwnerException("Invalid client or not enabled: " + request.client_id); } validatedRequest.Client = client; Tracing.InformationFormat("Client: {0} ({1})", validatedRequest.Client.Name, validatedRequest.Client.ClientId); // make sure redirect_uri is a valid uri, and in case of http is over ssl Uri redirectUri; if (Uri.TryCreate(request.redirect_uri, UriKind.Absolute, out redirectUri)) { if (redirectUri.Scheme == Uri.UriSchemeHttp) { throw new AuthorizeRequestResourceOwnerException("Redirect URI not over SSL : " + request.redirect_uri); } // make sure redirect uri is registered with client var validUri = validatedRequest.Client.RedirectUris.Get(request.redirect_uri); if (validUri == null) { throw new AuthorizeRequestResourceOwnerException("Invalid redirect URI: " + request.redirect_uri); } validatedRequest.RedirectUri = validUri; Tracing.InformationFormat("Redirect URI: {0} ({1})", validatedRequest.RedirectUri.Uri, validatedRequest.RedirectUri.Description); } else { var message = "Invalid redirect URI: " + request.redirect_uri; Tracing.Error(message); throw new AuthorizeRequestResourceOwnerException("Invalid redirect URI: " + request.redirect_uri); } // check state if (!string.IsNullOrWhiteSpace(request.state)) { validatedRequest.State = request.state; Tracing.Information("State: " + validatedRequest.State); } else { Tracing.Information("No state supplied."); } // validate response type if (String.IsNullOrWhiteSpace(request.response_type)) { throw new AuthorizeRequestClientException( "response_type is null or empty", new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.InvalidRequest, string.Empty, validatedRequest.State); } // check response type (only code and token are supported) if (!request.response_type.Equals(OAuthConstants.ResponseTypes.Token, StringComparison.Ordinal) && !request.response_type.Equals(OAuthConstants.ResponseTypes.Code, StringComparison.Ordinal)) { throw new AuthorizeRequestClientException( "response_type is not token or code: " + request.response_type, new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.UnsupportedResponseType, string.Empty, validatedRequest.State); } validatedRequest.ResponseType = request.response_type; Tracing.Information("Response type: " + validatedRequest.ResponseType); if (request.response_type == OAuthConstants.ResponseTypes.Code) { ValidateCodeResponseType(validatedRequest, request); } else if (request.response_type == OAuthConstants.ResponseTypes.Token) { ValidateTokenResponseType(validatedRequest, request); } else { throw new AuthorizeRequestClientException( "Invalid response_type: " + request.response_type, new Uri(validatedRequest.RedirectUri.Uri), OAuthConstants.Errors.UnsupportedResponseType, request.response_type, validatedRequest.State); } ValidateScopes(request, validatedRequest); // TODO: fix based upon past "remember me" settings validatedRequest.ShowConsent = client.RequireConsent || application.RequireConsent; Tracing.Information("Authorize request validation successful."); return(validatedRequest); }
public void MalformedRedirectUri1() { var validator = new AuthorizeRequestValidator(_clientManager); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "codeclient", response_type = "code", scope = "read", redirect_uri = "https:/prod.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestResourceOwnerException ex) { // todo: check error code return; } Assert.Fail("No exception thrown."); }
public void NonSslRedirectUri() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "codeclient", response_type = "code", scope = "read", redirect_uri = "http://prod.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestClientException ex) { Assert.IsTrue(ex.Error == OAuthConstants.Errors.InvalidRequest); return; } Assert.Fail("No exception thrown."); }