public async Task GetToken_InvalidPasswordCredentialsWithOnErrorCallback_OnErrorGetsCalled()
{
HttpStatusCode errorStatusCode = HttpStatusCode.Unused;
string errorMessage = string.Empty;
var options = new AuthorizerOptions
{
AuthorizeEndpointUrl = new Uri(_server.BaseAddress, "/connect/authorize"),
TokenEndpointUrl = new Uri(_server.BaseAddress, "/connect/token"),
ClientId = "MyId",
ClientSecret = "MySecret",
Username = "******",
Password = "******",
GrantType = GrantType.ResourceOwnerPasswordCredentials,
OnError = (statusCode, message) =>
{
errorStatusCode = statusCode;
errorMessage = message;
}
};
var authorizer = new Authorizer.Authorizer(options, () => _httpClient);
await authorizer.GetToken();
Assert.IsTrue(errorMessage.Contains("invalid_grant"));
Assert.AreEqual(HttpStatusCode.BadRequest, errorStatusCode);
}
public async Task GetToken_InvalidClientCredentialsWithOnErrorCallback_OnErrorGetsCalled()
{
HttpStatusCode errorStatusCode = HttpStatusCode.Unused;
string errorMessage = string.Empty;
var options = new AuthorizerOptions
{
AuthorizeEndpointUrl = new Uri("http://localhost/authorize"),
TokenEndpointUrl = new Uri("http://localhost/token"),
ClientId = "WrongId",
ClientSecret = "WrongSecret",
GrantType = GrantType.ClientCredentials,
OnError = (statusCode, message) =>
{
errorStatusCode = statusCode;
errorMessage = message;
}
};
var authorizer = new Authorizer.Authorizer(options, () => server.HttpClient);
await authorizer.GetToken();
Assert.IsTrue(errorMessage.Contains("invalid_client"));
Assert.AreEqual(HttpStatusCode.BadRequest, errorStatusCode);
}
private void ConfigureAuthroizerOptions(AuthorizerOptions options)
{
options.AccessTokenEndpoint = Configuration.GetValue <Uri>("OAuth2:AccessTokenEndpoint");
options.ClientId = Configuration["OAuth2:ClientId"];
options.ClientSecret = Configuration["OAuth2:ClientSecret"];
options.Credentials = new NetworkCredential(Configuration["OAuth2:Credentials:UserName"], Configuration["OAuth2:Credentials:Password"]);
options.Scopes = Configuration.GetSection("OAuth2:Scopes").Get <IEnumerable <string> >();
}
public OAuth2HttpClientTests(OAuth2Fixture fixture)
{
var services = fixture.BuildServiceProvider();
_mockHttp = services.GetService <MockHttpMessageHandler>();
_client = services.GetRequiredService <OAuth2HttpClient>();
_options = services.GetRequiredService <IOptions <AuthorizerOptions> >().Value;
_resourceEndpoint = fixture.Configuration.GetValue <Uri>("OAuth2:ResourceEndpoint");
}
public ClientCredentialsAuthorizerTests(AuthorizerFixture fixture)
{
var services = fixture.BuildServiceProvider();
_authorizer = services.GetRequiredService <ClientCredentialsAuthorizer>();
_error = services.GetRequiredService <AuthorizerError>();
_mockHttp = services.GetService <MockHttpMessageHandler>();
_options = services.GetService <IOptions <AuthorizerOptions> >().Value;
}
private void ConfigureAuthroizerOptions(IServiceProvider resolver, AuthorizerOptions options)
{
options.AccessTokenEndpoint = Configuration.GetValue <Uri>("OAuth2:AccessTokenEndpoint");
options.ClientId = Configuration["OAuth2:ClientId"];
options.ClientSecret = Configuration["OAuth2:ClientSecret"];
options.SendClientCredentialsInRequestBody = true;
options.Credentials = new NetworkCredential(
Configuration["OAuth2:Credentials:UserName"],
Configuration["OAuth2:Credentials:Password"]);
options.Scopes = Configuration.GetSection("OAuth2:Scopes").Get <IEnumerable <string> >();
}
public OAuth2HttpClientTests(OAuth2Fixture fixture)
{
if (fixture.Configuration.GetValue("HttpClient:Mock", true))
{
_mockHttp = new MockHttpMessageHandler();
}
var services = fixture.BuildOAuth2HttpClient(_mockHttp);
_client = services.GetRequiredService <OAuth2HttpClient>();
_options = services.GetRequiredService <IOptions <AuthorizerOptions> >().Value;
_resourceEndpoint = fixture.Configuration.GetValue <Uri>("OAuth2:ResourceEndpoint");
}
public async Task GetToken_ValidClientCredentials_ReturnsValidAccessToken()
{
var options = new AuthorizerOptions
{
AuthorizeEndpointUrl = new Uri("http://localhost/authorize"),
TokenEndpointUrl = new Uri("http://localhost/token"),
ClientId = "MyId",
ClientSecret = "MySecret",
GrantType = GrantType.ClientCredentials
};
var authorizer = new Authorizer.Authorizer(options, () => server.HttpClient);
var result = await authorizer.GetToken();
Assert.NotNull(result.AccessToken);
}
public void GetToken_InvalidTokenEndpointUrl_ThrowsProtocolException()
{
var options = new AuthorizerOptions
{
AuthorizeEndpointUrl = new Uri("http://localhost/authorize"),
TokenEndpointUrl = new Uri("http://localhost/invalid"),
ClientId = "MyId",
ClientSecret = "MySecret",
GrantType = GrantType.ClientCredentials
};
var authorizer = new Authorizer.Authorizer(options, () => server.HttpClient);
var ex = Assert.Throws <ProtocolException>(async() => await authorizer.GetToken());
Assert.AreEqual(HttpStatusCode.NotFound, ex.StatusCode);
}
public void GetToken_InvalidTokenEndpointUrl_ThrowsProtocolException()
{
var options = new AuthorizerOptions
{
AuthorizeEndpointUrl = new Uri(_server.BaseAddress, "/connect/authorize"),
TokenEndpointUrl = new Uri(_server.BaseAddress, "/connect/tokenbla"),
ClientId = "MyId",
ClientSecret = "MySecret",
GrantType = GrantType.ClientCredentials
};
var authorizer = new Authorizer.Authorizer(options, () => _httpClient);
var ex = Assert.ThrowsAsync <ProtocolException>(async() => await authorizer.GetToken());
Assert.AreEqual(HttpStatusCode.NotFound, ex.StatusCode);
}
public void GetToken_ClientCredentialsWithScope_ShouldRequestScope()
{
var options = new AuthorizerOptions
{
AuthorizeEndpointUrl = new Uri("http://localhost/authorize"),
TokenEndpointUrl = new Uri("http://localhost/token"),
ClientId = "MyId",
ClientSecret = "MySecret",
GrantType = GrantType.ClientCredentials,
Scope = new[] { "testscope" }
};
var authorizer = new Authorizer.Authorizer(options, () => server.HttpClient);
var ex = Assert.Throws <ProtocolException>(async() => await authorizer.GetToken());
Assert.IsTrue(ex.Message.Contains("testscope_ok"));
}
public ResourceOwnerCredentialsAuthorizerTests(AuthorizerFixture fixture)
{
if (fixture.Configuration.GetValue("HttpClient:Mock", true))
{
_mockHttp = new MockHttpMessageHandler();
}
var services = fixture.BuildAuthorizer <ResourceOwnerCredentialsAuthorizer>(_mockHttp, (code, s) =>
{
_errorStatusCode = code;
_errorMessage = s;
});
_authorizer = services.GetRequiredService <ResourceOwnerCredentialsAuthorizer>();
_options = services.GetRequiredService <IOptions <AuthorizerOptions> >().Value;
_basicAuthHeaderValue =
$"Basic {Convert.ToBase64String(Encoding.ASCII.GetBytes($"{_options.ClientId}:{_options.ClientSecret}"))}";
}
public async Task GetToken_ValidClientCredentials_FormsAuthentication_ReturnsValidAccessToken()
{
var options = new AuthorizerOptions
{
AuthorizeEndpointUrl = new Uri(_server.BaseAddress, "/connect/authorize"),
TokenEndpointUrl = new Uri(_server.BaseAddress, "/connect/token"),
ClientId = "MyId",
ClientSecret = "MySecret",
GrantType = GrantType.ClientCredentials,
CredentialTransportMethod = CredentialTransportMethod.FormAuthenticationCredentials
};
var authorizer = new Authorizer.Authorizer(options, () => _httpClient);
var result = await authorizer.GetToken();
Assert.NotNull(result.AccessToken);
}
public void GetToken_InvalidClientCredentialsWithoutOnErrorCallback_ThrowsProtocolException()
{
var options = new AuthorizerOptions
{
AuthorizeEndpointUrl = new Uri("http://localhost/authorize"),
TokenEndpointUrl = new Uri("http://localhost/token"),
ClientId = "WrongId",
ClientSecret = "WrongSecret",
GrantType = GrantType.ClientCredentials
};
var authorizer = new Authorizer.Authorizer(options, () => server.HttpClient);
var ex = Assert.Throws <ProtocolException>(async() => await authorizer.GetToken());
Assert.IsTrue(ex.Message.Contains("invalid_client"));
Assert.AreEqual(HttpStatusCode.BadRequest, ex.StatusCode);
}
public async Task GetToken_ValidPasswordCredentials_ReturnsValidAccessToken()
{
var options = new AuthorizerOptions
{
AuthorizeEndpointUrl = new Uri(_server.BaseAddress, "/connect/authorize"),
TokenEndpointUrl = new Uri(_server.BaseAddress, "/connect/token"),
ClientId = "MyId",
ClientSecret = "MySecret",
Username = "******",
Password = "******",
GrantType = GrantType.ResourceOwnerPasswordCredentials
};
var authorizer = new Authorizer.Authorizer(options, () => _httpClient);
var result = await authorizer.GetToken();
Assert.NotNull(result.AccessToken);
}
public async Task GetToken_ClientCredentialsWithScope_ShouldRequestScope()
{
var options = new AuthorizerOptions
{
AuthorizeEndpointUrl = new Uri(_server.BaseAddress, "/connect/authorize"),
TokenEndpointUrl = new Uri(_server.BaseAddress, "/connect/token"),
ClientId = "MyId",
ClientSecret = "MySecret",
GrantType = GrantType.ClientCredentials,
Scope = new[] { "test" }
};
var authorizer = new Authorizer.Authorizer(options, () => _httpClient);
var token = new JwtSecurityToken((await authorizer.GetToken()).AccessToken);
var scope = token.Claims.FirstOrDefault(x => x.Type == "scope");
Assert.That(scope, Is.Not.Null);
Assert.That(scope.Value, Is.EqualTo("test"));
}
public void GetToken_InvalidPasswordCredentialsWithoutOnErrorCallback_ThrowsProtocolException()
{
var options = new AuthorizerOptions
{
AuthorizeEndpointUrl = new Uri(_server.BaseAddress, "/connect/authorize"),
TokenEndpointUrl = new Uri(_server.BaseAddress, "/connect/token"),
ClientId = "MyId",
ClientSecret = "MySecret",
Username = "******",
Password = "******",
GrantType = GrantType.ResourceOwnerPasswordCredentials
};
var authorizer = new Authorizer.Authorizer(options, () => _httpClient);
var ex = Assert.ThrowsAsync <ProtocolException>(async() => await authorizer.GetToken());
Assert.IsTrue(ex.Message.Contains("invalid_grant"));
Assert.AreEqual(HttpStatusCode.BadRequest, ex.StatusCode);
}
public OAuthHttpHandlerOptions()
{
AuthorizerOptions = new AuthorizerOptions();
}
