public async Task Valid_Code_Request()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
RedirectUri = "https://server/cb",
RequestedScopes = new List<Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeFalse();
}
public async Task Invalid_AuthorizationCode()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = "https://server/cb",
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "invalid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.InvalidGrant);
}
private void RaiseCodeIssuedEvent(string id, AuthorizationCode code)
{
_events.RaiseAuthorizationCodeIssuedEvent(id, code);
}
private async Task<string> CreateCodeAsync(ValidatedAuthorizeRequest request)
{
var code = new AuthorizationCode
{
Client = request.Client,
Subject = request.Subject,
IsOpenId = request.IsOpenIdRequest,
RequestedScopes = request.ValidatedScopes.GrantedScopes,
RedirectUri = request.RedirectUri,
Nonce = request.Nonce,
WasConsentShown = request.WasConsentShown,
};
// store id token and access token and return authorization code
var id = CryptoRandom.CreateUniqueId();
await _authorizationCodes.StoreAsync(id, code);
RaiseCodeIssuedEvent(id, code);
return id;
}
public async Task Code_Request_with_disabled_User()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var mock = new Mock<IUserService>();
mock.Setup(u => u.IsActiveAsync(It.IsAny<ClaimsPrincipal>())).Returns(Task.FromResult(false));
var code = new AuthorizationCode
{
Client = client,
RedirectUri = "https://server/cb",
RequestedScopes = new List<Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store,
userService: mock.Object);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
}
public async Task Reused_AuthorizationCode()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = "https://server/cb",
RequestedScopes = new List<Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store,
customRequestValidator: new DefaultCustomRequestValidator());
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
// request first time
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeFalse();
// request second time
validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store,
customRequestValidator: new DefaultCustomRequestValidator());
result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.InvalidGrant);
}
/// <summary>
/// Stores the data.
/// </summary>
/// <param name="key">The key.</param>
/// <param name="value">The value.</param>
/// <returns></returns>
public Task StoreAsync(string key, AuthorizationCode value)
{
_repository[key] = value;
return Task.FromResult<object>(null);
}
