public IActionResult Challenge(
string redirectUri,
string scope,
string loginHint,
string domainHint,
string claims,
string policy,
[FromRoute] string scheme)
{
scheme ??= OpenIdConnectDefaults.AuthenticationScheme;
Dictionary <string, string?> items = new Dictionary <string, string?>
{
{ Constants.Claims, claims },
{ Constants.Policy, policy },
};
Dictionary <string, object?> parameters = new Dictionary <string, object?>
{
{ Constants.LoginHint, loginHint },
{ Constants.DomainHint, domainHint },
};
OAuthChallengeProperties oAuthChallengeProperties = new OAuthChallengeProperties(items, parameters);
oAuthChallengeProperties.Scope = scope?.Split(" ");
oAuthChallengeProperties.RedirectUri = redirectUri;
return(Challenge(
oAuthChallengeProperties,
scheme));
}
public async Task RedirectToAuthorizeEndpoint_HasScopeAsOverwritten()
{
using var host = await CreateHost(
s => s.AddAuthentication ().AddOAuth(
"Weblie",
opt =>
{
ConfigureDefaults(opt);
opt.Scope.Clear();
opt.Scope.Add("foo");
opt.Scope.Add("bar");
}),
async ctx =>
{
var properties = new OAuthChallengeProperties();
properties.SetScope("baz", "qux");
await ctx.ChallengeAsync("Weblie", properties);
return(true);
});
using var server = host.GetTestServer();
var transaction = await server.SendAsync("https://www.example.com/challenge");
var res = transaction.Response;
Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
Assert.Contains("scope=baz%20qux", res.Headers.Location.Query);
}
public async Task ChallengeWillIncludeScopeAsOverwritten()
{
using var host = await CreateHost(
app => app.UseAuthentication(),
services =>
{
services.AddAuthentication().AddFacebook(o =>
{
o.AppId = "Test App Id";
o.AppSecret = "Test App Secret";
o.Scope.Clear();
o.Scope.Add("foo");
o.Scope.Add("bar");
});
},
async context =>
{
var properties = new OAuthChallengeProperties();
properties.SetScope("baz", "qux");
await context.ChallengeAsync(FacebookDefaults.AuthenticationScheme, properties);
return(true);
});
using var server = host.GetTestServer();
var transaction = await server.SendAsync("http://example.com/challenge");
var res = transaction.Response;
Assert.Equal(HttpStatusCode.Redirect, res.StatusCode);
Assert.Contains("scope=baz,qux", res.Headers.Location.Query);
}
private static TestServer CreateServer(Action <MicrosoftAccountOptions> configureOptions)
{
var builder = new WebHostBuilder()
.Configure(app =>
{
app.UseAuthentication();
app.Use(async(context, next) =>
{
var req = context.Request;
var res = context.Response;
if (req.Path == new PathString("/challenge"))
{
await context.ChallengeAsync("Microsoft", new AuthenticationProperties()
{
RedirectUri = "/me"
});
}
else if (req.Path == new PathString("/challengeWithOtherScope"))
{
var properties = new OAuthChallengeProperties();
properties.SetScope("baz", "qux");
await context.ChallengeAsync("Microsoft", properties);
}
else if (req.Path == new PathString("/challengeWithOtherScopeWithBaseAuthenticationProperties"))
{
var properties = new AuthenticationProperties();
properties.SetParameter(OAuthChallengeProperties.ScopeKey, new string[] { "baz", "qux" });
await context.ChallengeAsync("Microsoft", properties);
}
else if (req.Path == new PathString("/me"))
{
await res.DescribeAsync(context.User);
}
else if (req.Path == new PathString("/signIn"))
{
await Assert.ThrowsAsync <InvalidOperationException>(() => context.SignInAsync("Microsoft", new ClaimsPrincipal()));
}
else if (req.Path == new PathString("/signOut"))
{
await Assert.ThrowsAsync <InvalidOperationException>(() => context.SignOutAsync("Microsoft"));
}
else if (req.Path == new PathString("/forbid"))
{
await Assert.ThrowsAsync <InvalidOperationException>(() => context.ForbidAsync("Microsoft"));
}
else
{
await next();
}
});
})
.ConfigureServices(services =>
{
services.AddAuthentication(TestExtensions.CookieAuthenticationScheme)
.AddCookie(TestExtensions.CookieAuthenticationScheme, o => { })
.AddMicrosoftAccount(configureOptions);
});
return(new TestServer(builder));
}
public void SetScope()
{
var properties = new OAuthChallengeProperties();
properties.SetScope("foo", "bar");
Assert.Equal(new string[] { "foo", "bar" }, properties.Scope);
Assert.Equal(new string[] { "foo", "bar" }, properties.Parameters["scope"]);
}
public IActionResult Login()
{
var properties = new OAuthChallengeProperties()
{
RedirectUri = new PathString("/"),
};
return(Challenge(properties, "adobe"));
}
public void ScopeProperty_NullValue()
{
var properties = new OAuthChallengeProperties();
properties.Parameters["scope"] = new string[] { "foo", "bar" };
Assert.Equal(new string[] { "foo", "bar" }, properties.Scope);
properties.Scope = null;
Assert.Null(properties.Scope);
}
public void ScopeProperty()
{
var properties = new OAuthChallengeProperties
{
Scope = new string[] { "foo", "bar" }
};
Assert.Equal(new string[] { "foo", "bar" }, properties.Scope);
Assert.Equal(new string[] { "foo", "bar" }, properties.Parameters["scope"]);
}
private static async Task <IHost> CreateHost(Action <MicrosoftAccountOptions> configureOptions)
{
var host = new HostBuilder()
.ConfigureWebHost(builder =>
builder.UseTestServer()
.Configure(app =>
{
app.UseAuthentication();
app.Use(async(context, next) =>
{
var req = context.Request;
var res = context.Response;
if (req.Path == new PathString("/challenge"))
{
await context.ChallengeAsync("Microsoft", new MicrosoftChallengeProperties
{
Prompt = "select_account",
LoginHint = "username",
DomainHint = "consumers",
#pragma warning disable CS0618 // Type or member is obsolete
ResponseMode = "query",
#pragma warning restore CS0618 // Type or member is obsolete
RedirectUri = "/me"
});
}
else if (req.Path == new PathString("/challengeWithOtherScope"))
{
var properties = new OAuthChallengeProperties();
properties.SetScope("baz", "qux");
await context.ChallengeAsync("Microsoft", properties);
}
else if (req.Path == new PathString("/challengeWithOtherScopeWithBaseAuthenticationProperties"))
{
var properties = new AuthenticationProperties();
properties.SetParameter(OAuthChallengeProperties.ScopeKey, new string[] { "baz", "qux" });
await context.ChallengeAsync("Microsoft", properties);
}
else if (req.Path == new PathString("/me"))
{
await res.DescribeAsync(context.User);
}
else if (req.Path == new PathString("/signIn"))
{
await Assert.ThrowsAsync <InvalidOperationException>(() => context.SignInAsync("Microsoft", new ClaimsPrincipal()));
}
else if (req.Path == new PathString("/signOut"))
{
await Assert.ThrowsAsync <InvalidOperationException>(() => context.SignOutAsync("Microsoft"));
}
else if (req.Path == new PathString("/forbid"))
{
await Assert.ThrowsAsync <InvalidOperationException>(() => context.ForbidAsync("Microsoft"));
}
else
{
await next(context);
}
});
})
.ConfigureServices(services =>
{
services.AddAuthentication(TestExtensions.CookieAuthenticationScheme)
.AddCookie(TestExtensions.CookieAuthenticationScheme, o => { })
.AddMicrosoftAccount(configureOptions);
}))
.Build();
await host.StartAsync();
return(host);
}