public async Task Unknown_Grant_Type() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = new Uri("https://server/cb"), }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "unknown"); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.TokenErrors.UnsupportedGrantType, result.Error); }
public async Task Valid_Code_Request() { var client = await _settings.FindClientByIdAsync("codeclient"); var store = new TestAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = new Uri("https://server/cb"), }; await store.StoreAsync("valid", code); var validator = ValidatorFactory.CreateTokenValidator(_settings, _logger, authorizationCodeStore: store, customRequestValidator: _customRequestValidator); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); Assert.IsFalse(result.IsError); }
public async Task<AuthorizeResponse> CreateCodeFlowResponseAsync(ValidatedAuthorizeRequest request, ClaimsPrincipal subject) { var code = new AuthorizationCode { Client = request.Client, Subject = subject, IsOpenId = request.IsOpenIdRequest, RequestedScopes = request.ValidatedScopes.GrantedScopes, RedirectUri = request.RedirectUri, WasConsentShown = request.WasConsentShown, RefreshTokenLifetime = request.Client.RefreshTokenLifetime }; // store id token and access token and return authorization code var id = Guid.NewGuid().ToString("N"); await _authorizationCodes.StoreAsync(id, code); return new AuthorizeResponse { RedirectUri = request.RedirectUri, Code = id, State = request.State }; }
public Task StoreAsync(string key, AuthorizationCode value) { _repository[key] = value; return Task.FromResult<object>(null); }
public async Task Reused_AuthorizationCode() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = new Uri("https://server/cb"), }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenValidator( authorizationCodeStore: store, customRequestValidator: new DefaultCustomRequestValidator()); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); // request first time var result = await validator.ValidateRequestAsync(parameters, client); Assert.IsFalse(result.IsError); // request second time validator = Factory.CreateTokenValidator( authorizationCodeStore: store, customRequestValidator: new DefaultCustomRequestValidator()); result = await validator.ValidateRequestAsync(parameters, client); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error); }
public async Task Expired_AuthorizationCode() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = new Uri("https://server/cb"), CreationTime = DateTime.UtcNow.AddSeconds(-100) }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error); }
public async Task Client_Trying_To_Request_Token_Using_Another_Clients_Code() { var client1 = await _clients.FindClientByIdAsync("codeclient"); var client2 = await _clients.FindClientByIdAsync("codeclient_restricted"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client1, IsOpenId = true, RedirectUri = new Uri("https://server/cb"), }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client2); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error); }
public async Task Client_Not_Authorized_For_AuthorizationCode_Flow() { var client = await _settings.FindClientByIdAsync("implicitclient"); var store = new TestAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = new Uri("https://server/cb"), }; await store.StoreAsync("valid", code); var validator = ValidatorFactory.CreateTokenValidator(_settings, _logger, authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.TokenErrors.UnauthorizedClient, result.Error); }