// GET /{appName}/oauth/authorize // public ActionResult Index(string appName, AuthorizeRequest request) { Tracing.Start("OAuth2 Authorize Endoint"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return(HttpNotFound()); } ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return(this.AuthorizeValidationError(ex)); } if (validatedRequest.ShowConsent) { validatedRequest.RememberOptions = GetRememberOptions(application); // todo: check first if a remembered consent decision exists if (validatedRequest.ResponseType == OAuthConstants.ResponseTypes.Token) { var handle = _handleManager.Find( ClaimsPrincipal.Current.GetSubject(), validatedRequest.Client, validatedRequest.Application, validatedRequest.Scopes, StoredGrantType.ConsentDecision); if (handle != null) { Tracing.Verbose("Stored consent decision found."); return(PerformGrant(validatedRequest)); } } // show consent screen Tracing.Verbose("Showing consent screen"); return(View("Consent", validatedRequest)); } Tracing.Verbose("No consent configured for application/client"); // workaround for bug #139 validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddYears(50); return(PerformGrant(validatedRequest)); }
public void ValidRequest() { var validator = new TokenRequestValidator(_handleManager); var app = _testConfig.FindApplication("test"); var request = new TokenRequest { Grant_Type = OAuthConstants.GrantTypes.RefreshToken, Refresh_Token = "abc" }; var result = validator.Validate(app, request, _client); }
public void ValidSingleScope() { var validator = new TokenRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new TokenRequest { Grant_Type = "assertion", Assertion = "assertion", Scope = "read" }; var result = validator.Validate(app, request, _client); }
public void ValidSingleScope() { var validator = new TokenRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new TokenRequest { Grant_Type = OAuthConstants.GrantTypes.Password, UserName = "******", Password = "******", Scope = "read" }; var result = validator.Validate(app, request, _client); }
public void MissingClientPassword() { var validator = new TokenRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new TokenRequest { Grant_Type = OAuthConstants.GrantTypes.Password, UserName = "******", Password = "******", Scope = "read" }; try { var client = Principal.Create("Test", new Claim(ClaimTypes.Name, "codeclient")); var result = validator.Validate(app, request, client); } catch (TokenRequestValidationException ex) { Assert.AreEqual(OAuthConstants.Errors.InvalidClient, ex.OAuthError); return; } Assert.Fail("No exception thrown."); }
public void ValidSingleScope() { var validator = new TokenRequestValidator(_handleManager, _clientManager); var app = _testConfig.FindApplication("test"); var request = new TokenRequest { Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode, Code = "abc", Redirect_Uri = "https://validredirect" }; var result = validator.Validate(app, request, _client); }
public void NoParameters() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); try { var result = validator.Validate(app, null); } catch (AuthorizeRequestResourceOwnerException ex) { // todo: inspect exception return; } Assert.Fail("No exception thrown."); }
public void ValidSingleScope() { var validator = new TokenRequestValidator(_clientManager); var app = _testConfig.FindApplication("test"); var request = new TokenRequest { Grant_Type = OAuthConstants.GrantTypes.ClientCredentials, Scope = "read" }; var result = validator.Validate(app, request, _client); }
public HttpResponseMessage Post(string appName, TokenRequest request) { Tracing.Start("OAuth2 Token Endpoint"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Not found")); } // validate token request ValidatedRequest validatedRequest; try { validatedRequest = new TokenRequestValidator(_handleManager).Validate(application, request, ClaimsPrincipal.Current); } catch (TokenRequestValidationException ex) { Tracing.Error("Aborting OAuth2 token request"); return(Request.CreateOAuthErrorResponse(ex.OAuthError)); } // switch over the grant type if (validatedRequest.GrantType.Equals(OAuthConstants.GrantTypes.Password)) { return(ProcessResourceOwnerCredentialRequest(validatedRequest)); } else if (validatedRequest.GrantType.Equals(OAuthConstants.GrantTypes.AuthorizationCode)) { return(ProcessAuthorizationCodeRequest(validatedRequest)); } else if (string.Equals(validatedRequest.GrantType, OAuthConstants.GrantTypes.RefreshToken)) { return(ProcessRefreshTokenRequest(validatedRequest)); } else if (string.Equals(validatedRequest.GrantType, OAuthConstants.GrantTypes.ClientCredentials)) { return(ProcessClientCredentialsRequest(validatedRequest)); } Tracing.Error("invalid grant type: " + request.Grant_Type); return(Request.CreateOAuthErrorResponse(OAuthConstants.Errors.UnsupportedGrantType)); }
public void ValidRequestSingleScope() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "implicitclient", response_type = "token", scope = "read", redirect_uri = "https://test2.local" }; var result = validator.Validate(app, request); }
public void ValidRequestSingleScope() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "codeclient", response_type = "code", scope = "read", redirect_uri = "https://prod.local" }; var result = validator.Validate(app, new List <IdentityMembership>(), request); }
public void NeedsGranted() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "implicitclient", response_type = "token", scope = "needs", redirect_uri = "https://test2.local", context = "11234" }; var memberships = new List <IdentityMembership>(); memberships.Add(new IdentityMembership() { CanAccessNeeds = true, MembershipID = 11234 }); var result = validator.Validate(app, new List <IdentityMembership>(), request); Assert.AreEqual("11234", result.context); }