public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Invalid_User_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .CreateWebHostBuider(); var identityServerClient = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerClient.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password1"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.True(tokenResponse.IsError); }
IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilderOptions_Token_Endpoint_Disabled_Fails() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator)) .UseIdentityServerOptionsBuilder(options => options.Endpoints.EnableTokenEndpoint = false) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.True(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); }
public async Task IdentityServerProxy_GetUserInfoAsync_Valid_Token_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess, IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddIdentityResources(new IdentityResources.OpenId(), new IdentityResources.Profile()) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .UseProfileService(new SimpleProfileService()) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var scopes = new[] { "api1", "offline_access", "openid", "profile" }; var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), scopes); // We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); var userInfoResponse = await identityServerProxy .GetUserInfoAsync(tokenResponse.AccessToken); Assert.NotNull(userInfoResponse); Assert.False(userInfoResponse.IsError); Assert.NotNull(userInfoResponse.Claims); var subjectClaim = userInfoResponse.Claims.First(claim => claim.Type == JwtClaimTypes.Subject); Assert.NotNull(subjectClaim); Assert.Equal("user", subjectClaim.Value); }
public async Task IdentityServerProxy_GetRefreshTokenAsync_WithScope_In_Parameters_Valid_User_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); const string scopes = "api1 offline_access"; var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), new Dictionary <string, string> { { "Scope", scopes } }); // We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); var refreshTokenResponse = await identityServerProxy .GetRefreshTokenAsync(clientConfiguration, tokenResponse.RefreshToken, new Dictionary <string, string> { { "Scope", scopes } }); Assert.NotNull(refreshTokenResponse); Assert.False(refreshTokenResponse.IsError, refreshTokenResponse.Error ?? refreshTokenResponse.ErrorDescription); Assert.NotNull(refreshTokenResponse.AccessToken); Assert.NotNull(refreshTokenResponse.RefreshToken); Assert.Equal(7200, refreshTokenResponse.ExpiresIn); Assert.Equal("Bearer", refreshTokenResponse.TokenType); }
public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Custom_WebHost_Succeeds() { var host = new IdentityServerHostBuilder() .UseWebHostBuilder(Program.CreateWebHostBuilder(new string[] { })) .CreateWebHostBuider(); var proxy = new IdentityServerProxy(host); var scopes = new[] { "api1", "offline_access", "openid", "profile" }; var tokenResponse = await proxy.GetResourceOwnerPasswordAccessTokenAsync( new ClientConfiguration(Clients.Id, Clients.Secret), new UserLoginConfiguration("user1", "password1"), scopes); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); }
IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilder_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator)) .UseIdentityServerBuilder(services => services .AddIdentityServer() .AddDefaultEndpoints() .AddDeveloperSigningCredential() ) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); Assert.NotNull(tokenResponse.AccessToken); Assert.NotNull(tokenResponse.RefreshToken); Assert.Equal(7200, tokenResponse.ExpiresIn); Assert.Equal("Bearer", tokenResponse.TokenType); }