private AuthenticateInstruction CreateAuthenticateInstruction(RefreshTokenGrantTypeParameter refreshTokenGrantTypeParameter, AuthenticationHeaderValue authenticationHeaderValue, X509Certificate2 certificate) { var result = _authenticateInstructionGenerator.GetAuthenticateInstruction(authenticationHeaderValue); result.ClientAssertion = refreshTokenGrantTypeParameter.ClientAssertion; result.ClientAssertionType = refreshTokenGrantTypeParameter.ClientAssertionType; result.ClientIdFromHttpRequestBody = refreshTokenGrantTypeParameter.ClientId; result.ClientSecretFromHttpRequestBody = refreshTokenGrantTypeParameter.ClientSecret; result.Certificate = certificate; return(result); }
private async Task <GrantedToken> ValidateParameter(RefreshTokenGrantTypeParameter refreshTokenGrantTypeParameter) { var grantedToken = await _tokenStore.GetRefreshToken(refreshTokenGrantTypeParameter.RefreshToken); if (grantedToken == null) { throw new IdentityServerException( ErrorCodes.InvalidGrant, ErrorDescriptions.TheRefreshTokenIsNotValid); } return(grantedToken); }
public void When_Passing_Correct_Request_Then_No_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RefreshTokenGrantTypeParameter { RefreshToken = "refresh_token" }; // ACT & ASSERT var ex = Record.Exception(() => _refreshTokenGrantTypeParameterValidator.Validate(parameter)); Assert.Null(ex); }
public string GetPayload(RefreshTokenGrantTypeParameter parameter) { if (parameter == null) { throw new ArgumentNullException(nameof(parameter)); } var result = new Payload { Content = parameter }; return(JsonConvert.SerializeObject(result)); }
private async Task <GrantedToken> ValidateParameter(RefreshTokenGrantTypeParameter refreshTokenGrantTypeParameter) { // 1. Check refresh token exists var grantedToken = await _grantedTokenRepository.GetTokenByRefreshTokenAsync(refreshTokenGrantTypeParameter.RefreshToken); if (grantedToken == null) { throw new IdentityServerException( ErrorCodes.InvalidGrant, ErrorDescriptions.TheRefreshTokenIsNotValid); } return(grantedToken); }
public async Task When_Passing_Invalid_Refresh_Token_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RefreshTokenGrantTypeParameter(); _grantedTokenRepositoryFake.Setup(g => g.GetTokenByRefreshTokenAsync(It.IsAny <string>())) .Returns(() => Task.FromResult((GrantedToken)null)); // ACT & ASSERT var ex = await Assert.ThrowsAsync <IdentityServerException>(() => _getTokenByRefreshTokenGrantTypeAction.Execute(parameter)); Assert.True(ex.Code == ErrorCodes.InvalidGrant); Assert.True(ex.Message == ErrorDescriptions.TheRefreshTokenIsNotValid); }
public void When_Passing_No_Refresh_Token_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RefreshTokenGrantTypeParameter { RefreshToken = string.Empty }; // ACT & ASSERT var exception = Assert.Throws <IdentityServerException>(() => _refreshTokenGrantTypeParameterValidator.Validate(parameter)); Assert.True(exception.Code == ErrorCodes.InvalidRequestCode); Assert.True(exception.Message == string.Format(ErrorDescriptions.MissingParameter, Constants.StandardTokenRequestParameterNames.RefreshToken)); }
public async Task When_Client_Cannot_Be_Authenticated_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); var parameter = new RefreshTokenGrantTypeParameter(); var authenticateInstruction = new AuthenticateInstruction(); _authenticateInstructionGeneratorStub.Setup(a => a.GetAuthenticateInstruction(It.IsAny <AuthenticationHeaderValue>())) .Returns(authenticateInstruction); _authenticateClientStub.Setup(a => a.AuthenticateAsync(It.IsAny <AuthenticateInstruction>(), null, It.IsAny <bool>())).Returns(Task.FromResult(new AuthenticationResult(null, "error"))); // ACT & ASSERT var ex = await Assert.ThrowsAsync <IdentityServerException>(() => _getTokenByRefreshTokenGrantTypeAction.Execute(parameter, null, null, null)); Assert.True(ex.Code == ErrorCodes.InvalidClient); Assert.True(ex.Message == "error"); }
public async Task When_Client_Cannot_Be_Authenticated_Then_Error_Is_Returned() { var parameter = new RefreshTokenGrantTypeParameter(); _clientStore.Setup(x => x.GetById(It.IsAny <string>(), It.IsAny <CancellationToken>())) .ReturnsAsync((Client)null); var result = await _getTokenByRefreshTokenGrantTypeAction.Execute( parameter, null, null, null, CancellationToken.None) .ConfigureAwait(false) as Option <GrantedToken> .Error; Assert.Equal(ErrorCodes.InvalidClient, result.Details.Title); Assert.Equal(SharedStrings.TheClientDoesntExist, result.Details.Detail); }
public async Task When_Requesting_Token_Then_New_One_Is_Generated() { // ARRANGE InitializeFakeObjects(); var authenticateInstruction = new AuthenticateInstruction(); _authenticateInstructionGeneratorStub.Setup(a => a.GetAuthenticateInstruction(It.IsAny <AuthenticationHeaderValue>())) .Returns(authenticateInstruction); var parameter = new RefreshTokenGrantTypeParameter(); var grantedToken = new GrantedToken { IdTokenPayLoad = new JwsPayload(), ClientId = "id" }; _authenticateClientStub.Setup(a => a.AuthenticateAsync(It.IsAny <AuthenticateInstruction>(), null, It.IsAny <bool>())).Returns(Task.FromResult(new AuthenticationResult(new Client { ClientId = "id", GrantTypes = new System.Collections.Generic.List <GrantType> { GrantType.refresh_token } }, null))); _tokenStoreStub.Setup(g => g.GetRefreshToken(It.IsAny <string>())) .Returns(Task.FromResult(grantedToken)); _grantedTokenGeneratorHelperStub.Setup(g => g.GenerateTokenAsync( It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <JwsPayload>(), It.IsAny <JwsPayload>())).Returns(Task.FromResult(grantedToken)); // ACT await _getTokenByRefreshTokenGrantTypeAction.Execute(parameter, null, null, null); // ASSERT _tokenStoreStub.Verify(g => g.AddToken(It.IsAny <GrantedToken>())); }
public async Task When_Requesting_Token_Then_New_One_Is_Generated() { // ARRANGE InitializeFakeObjects(); var parameter = new RefreshTokenGrantTypeParameter(); var grantedToken = new GrantedToken { IdTokenPayLoad = new JwsPayload() }; _grantedTokenRepositoryFake.Setup(g => g.GetTokenByRefreshTokenAsync(It.IsAny <string>())) .Returns(Task.FromResult(grantedToken)); _grantedTokenGeneratorHelperStub.Setup(g => g.GenerateTokenAsync( It.IsAny <string>(), It.IsAny <string>(), It.IsAny <JwsPayload>(), It.IsAny <JwsPayload>())).Returns(Task.FromResult(grantedToken)); // ACT await _getTokenByRefreshTokenGrantTypeAction.Execute(parameter); // ASSERT _grantedTokenRepositoryFake.Verify(g => g.InsertAsync(It.IsAny <GrantedToken>())); }
public async Task <Option <GrantedToken> > Execute( RefreshTokenGrantTypeParameter refreshTokenGrantTypeParameter, AuthenticationHeaderValue?authenticationHeaderValue, X509Certificate2?certificate, string issuerName, CancellationToken cancellationToken) { // 1. Try to authenticate the client var instruction = authenticationHeaderValue.GetAuthenticateInstruction( refreshTokenGrantTypeParameter, certificate); var authResult = await _authenticateClient.Authenticate(instruction, issuerName, cancellationToken) .ConfigureAwait(false); var client = authResult.Client; if (client == null) { return(new ErrorDetails { Status = HttpStatusCode.BadRequest, Title = ErrorCodes.InvalidClient, Detail = authResult.ErrorMessage ! });
public async Task When_Requesting_Token_Then_New_One_Is_Generated() { var parameter = new RefreshTokenGrantTypeParameter { ClientId = "id", RefreshToken = "abc" }; var grantedToken = new GrantedToken { IdTokenPayLoad = new JwtPayload(), ClientId = "id", Scope = "scope" }; var client = new Client { ClientId = "id", JsonWebKeys = TestKeys.SecretKey.CreateJwk(JsonWebKeyUseNames.Sig, KeyOperations.Sign, KeyOperations.Verify) .ToSet(), IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256, Secrets = new[] { new ClientSecret { Type = ClientSecretTypes.SharedSecret, Value = "secret" } }, GrantTypes = new[] { GrantTypes.RefreshToken } }; _clientStore.Setup(x => x.GetById(It.IsAny <string>(), It.IsAny <CancellationToken>())).ReturnsAsync(client); _tokenStoreStub.Setup(g => g.GetRefreshToken(It.IsAny <string>(), It.IsAny <CancellationToken>())) .ReturnsAsync(grantedToken); var authenticationHeader = new AuthenticationHeaderValue("Basic", "id:secret".Base64Encode()); await _getTokenByRefreshTokenGrantTypeAction.Execute( parameter, authenticationHeader, null, "issuer", CancellationToken.None) .ConfigureAwait(false); _tokenStoreStub.Verify(g => g.AddToken(It.IsAny <GrantedToken>(), It.IsAny <CancellationToken>())); }