public async Task GiveMeAName() { // Arrange const string WebHostUrl = "http://localhost:3501"; const string ClientId = "ClientId"; const string ClientSecret = "secret"; const string Scope = "Resource"; var env = Environment.Setup(e => { e.GenericHost(h => { h.IdSvr4(); }); }); await env.StartAsync(); await using (var configId = await env.ConfigureAsync(c => { c.IdSvr4(i => { i.Client(cl => { cl.ClientId = ClientId; cl.AllowedGrantTypes = IdentityServer4.Models.GrantTypes.ClientCredentials; cl.Secret(ClientSecret.Sha256()); cl.AccessTokenType = AccessTokenType.Jwt; cl.Scope(Scope); }); i.ApiResource(new ApiResource(Scope, Scope)); }); })) { var verifier = await env.VerifyAsync(c => c.Expect( c.IdSvr4().EventOccurred <ClientAuthenticationSuccessEvent>(e => e.ClientId == ClientId), e => e.MustOccurWithin(TimeSpan.FromMilliseconds(500)))); var idSvr4Client = env.IdSvr4Client(); await idSvr4Client.RequestClientCredentialsTokenAsync(new ClientCredentialsTokenRequest { ClientId = ClientId, ClientSecret = ClientSecret, Scope = Scope }); var verificationResult = await verifier.VerifyAsync(); Assert.That(verificationResult.ExpectationsMet, Is.True); } await env.StopAsync(); }
public IEnumerable <ApiResource> GetApiResources() { return(new List <ApiResource> { new ApiResource(ApiResource, ApiResource) { ApiSecrets = new List <Secret> { new Secret(ClientSecret.Sha256()) }, Scopes = { new Scope("openid"), }, UserClaims = new string[] { ClaimTypes.NameIdentifier, ClaimTypes.Email } } }); }
private Client WebClient() { return(new Client { ClientId = $"web{ShortName}", ClientName = FriendlyName, AllowedGrantTypes = GrantTypes.CodeAndClientCredentials, ClientSecrets = new[] { new Secret(ClientSecret.Sha256()) }, AlwaysIncludeUserClaimsInIdToken = true, RequireConsent = false, RequirePkce = true, RequireClientSecret = true, RedirectUris = AddLoopback(ExpandUriExtensions(RedirectExtenstions)), FrontChannelLogoutUri = ExpandUriExtension(FrontChannelLogoutExtension), PostLogoutRedirectUris = ExpandUriExtensions(PostLogoutRedirectExtensions), AllowedScopes = BuildScopes(), AllowOfflineAccess = true }); }
public IEnumerable <Client> GetClients() { return(new List <Client>() { //客户端模式 new Client { ClientId = $"{nameof(GrantTypes.ClientCredentials)}_{ClientId}", ClientSecrets = { new Secret(ClientSecret.Sha256()) }, AllowedGrantTypes = GrantTypes.ClientCredentials, AllowedScopes = { AllowedScopes } }, //密码模式 new Client { ClientId = $"{nameof(GrantTypes.ResourceOwnerPassword)}_{ClientId}", ClientSecrets = { new Secret(ClientSecret.Sha256()) }, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AllowedScopes = { AllowedScopes } }, //简单模式 new Client { ClientId = $"{nameof(GrantTypes.Implicit)}_{ClientId}", AllowedGrantTypes = GrantTypes.Implicit, AllowedScopes = { AllowedScopes }, RedirectUris = { RedirectUris }, AllowAccessTokensViaBrowser = true }, //授权码模式 new Client { ClientId = $"{nameof(GrantTypes.Code)}_{ClientId}", ClientSecrets = { new Secret(ClientSecret.Sha256()) }, AllowedGrantTypes = GrantTypes.Code, AllowedScopes = { AllowedScopes }, RedirectUris = { RedirectUris } } }); }
// clients want to access resources (aka scopes) public IEnumerable <Client> GetClients() { // client credentials client return(new List <Client> { new Client { ClientId = ClientId, AllowedGrantTypes = GrantTypes.ResourceOwnerPassword, AlwaysIncludeUserClaimsInIdToken = true, AlwaysSendClientClaims = true, ClientSecrets = { new Secret(ClientSecret.Sha256()) }, AllowedScopes = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile } }, }); }
public async Task Given_IdSvr_When_ConfigureAndRemoveConfiguration_Then_ClientAuthsAndFailsAuth() { // Arrange const string WebHostUrl = "http://localhost:3501"; const string TokenEndpointUrl = WebHostUrl + "/connect/token"; const string ClientId = "ClientId"; const string ClientSecret = "secret"; const string Scope = "Resource"; var tokenRequest = new ClientCredentialsTokenRequest { ClientId = ClientId, ClientSecret = ClientSecret, Scope = Scope }; var env = Environment.Setup(e => { e.GenericHost(h => { h.IdSvr4(); }); }); var client = new HttpClient(); client.BaseAddress = new Uri(TokenEndpointUrl); await env.StartAsync(); try { // Assume the client does not already exist var assumptionResponse = await client.RequestClientCredentialsTokenAsync(tokenRequest); Assume.That(assumptionResponse.IsError); Assume.That(assumptionResponse.HttpStatusCode == HttpStatusCode.BadRequest); Assume.That(assumptionResponse.Error.ToLower() == "invalid_client"); // Act await using (var configHandle = await env.ConfigureAsync(c => { c.IdSvr4("IdSvr4", i => { i.Client(cl => { cl.ClientId = ClientId; cl.AllowedGrantTypes = IdentityServer4.Models.GrantTypes.ClientCredentials; cl.Secret(ClientSecret.Sha256()); cl.AccessTokenType = AccessTokenType.Jwt; cl.Scope(Scope); }); i.ApiResource(new ApiResource(Scope, Scope)); }); })) { // Assert var configuredResponse = await client.RequestClientCredentialsTokenAsync(tokenRequest); Assert.That(configuredResponse.IsError, Is.False); Assert.That(configuredResponse.HttpStatusCode, Is.EqualTo(HttpStatusCode.OK)); Assert.That(!string.IsNullOrWhiteSpace(configuredResponse.AccessToken)); } // Assert var unconfiguredResponse = await client.RequestClientCredentialsTokenAsync(tokenRequest); Assert.That(unconfiguredResponse.IsError, Is.True); Assert.That(unconfiguredResponse.HttpStatusCode, Is.EqualTo(HttpStatusCode.BadRequest)); Assert.That(unconfiguredResponse.Error.ToLower(), Is.EqualTo("invalid_client")); } finally { await env.StopAsync(); } }