public async Task DecodeRefreshToken() { var refreshTokenSource = new TaskCompletionSource <string>(); Handle(AuthorizationServerDescription.AuthorizationEndpoint).By( async(req, ct) => { var server = new AuthorizationServer(AuthorizationServerMock); var request = await server.ReadAuthorizationRequestAsync(req, ct); Assert.That(request, Is.Not.Null); var response = server.PrepareApproveAuthorizationRequest(request, ResourceOwnerUsername); return(await server.Channel.PrepareResponseAsync(response)); }); Handle(AuthorizationServerDescription.TokenEndpoint).By( async(req, ct) => { var server = new AuthorizationServer(AuthorizationServerMock); var response = await server.HandleTokenRequestAsync(req, ct); var authorization = server.DecodeRefreshToken(refreshTokenSource.Task.Result); Assert.That(authorization, Is.Not.Null); Assert.That(authorization.User, Is.EqualTo(ResourceOwnerUsername)); return(response); }); var client = new WebServerClient(AuthorizationServerDescription); try { var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; var authRedirectResponse = await client.PrepareRequestUserAuthorizationAsync(authState); this.HostFactories.CookieContainer.SetCookies(authRedirectResponse, ClientCallback); Uri authCompleteUri; using (var httpClient = this.HostFactories.CreateHttpClient()) { using (var response = await httpClient.GetAsync(authRedirectResponse.Headers.Location)) { response.EnsureSuccessStatusCode(); authCompleteUri = response.Headers.Location; } } var authCompleteRequest = new HttpRequestMessage(HttpMethod.Get, authCompleteUri); this.HostFactories.CookieContainer.ApplyCookies(authCompleteRequest); var result = await client.ProcessUserAuthorizationAsync(authCompleteRequest); Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty); Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty); refreshTokenSource.SetResult(result.RefreshToken); } catch { refreshTokenSource.TrySetCanceled(); } }