public void HasAcrValue_ReturnsExpectedResult(string value, bool result) { // Arrange var request = new OpenIdConnectRequest { AcrValues = value }; // Act and assert Assert.Equal(result, request.HasAcrValue("mod-mf")); }
public void HasAcrValue_ThrowsAnExceptionForNullOrEmptyAcrValue(string value) { // Arrange var request = new OpenIdConnectRequest(); // Act and assert var exception = Assert.Throws <ArgumentException>(delegate { request.HasAcrValue(value); }); Assert.Equal("value", exception.ParamName); Assert.StartsWith("The value cannot be null or empty.", exception.Message); }
private AuthenticationTicket CreateTicket( OpenIdConnectRequest request, AuthenticateResult result, AuthenticationProperties properties = null) { // Create a new ClaimsIdentity containing the claims that // will be used to create an id_token, a token or a code. var identity = new ClaimsIdentity( result.Principal.Claims, OpenIdConnectServerDefaults.AuthenticationScheme, OpenIdConnectConstants.Claims.Name, OpenIdConnectConstants.Claims.Role); // Create a new authentication ticket holding the user identity. var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), properties, OpenIdConnectServerDefaults.AuthenticationScheme); // Set the list of scopes granted to the client application. if (request.IsAuthorizationRequest() || (!request.IsAuthorizationCodeGrantType() && !request.IsRefreshTokenGrantType())) { ticket.SetScopes(new[] { OpenIdConnectConstants.Scopes.OfflineAccess, OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.Address, OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Phone, OpenIdConnectConstants.Scopes.Profile }.Intersect(request.GetScopes())); } // The OP-Req-acr_values test consists in sending an "acr_values=1 2" parameter // as part of the authorization request. To indicate to the certification client // that the "1" reference value was satisfied, an "acr" claim is added. if (request.IsAuthorizationRequest() && request.HasAcrValue("1")) { identity.AddClaim(new Claim(OpenIdConnectConstants.Claims.AuthenticationContextReference, "1")); } foreach (var claim in identity.Claims) { claim.SetDestinations(destinations: GetDestinations(claim, ticket)); } return(ticket); }