public void SuccessfulResourceOwnerRefresh() { TokenClient client = null !; GrantedTokenResponse result = null !; "and a properly token client".x( () => client = new TokenClient( TokenCredentials.FromBasicAuthentication("clientCredentials", "clientCredentials"), Fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting auth token".x( async() => { var response = await client.GetToken(TokenRequest.FromScopes("api1", "offline")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); result = response !.Item; }); "then can get new token from refresh token".x( async() => { var response = await client.GetToken(TokenRequest.FromRefreshToken(result.RefreshToken !)) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); }); }
public void SuccessfulResourceOwnerRevocation() { TokenClient client = null !; GrantedTokenResponse result = null !; "and a properly token client".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting auth token".x( async() => { var response = await client.GetToken(TokenRequest.FromScopes("api1", "offline")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); result = response.Item; }); "then can revoke token".x( async() => { var response = await client.RevokeToken(RevokeTokenRequest.Create(result)).ConfigureAwait(false); Assert.IsType <Option.Success>(response); }); }
public void SuccessfulPermissionCreation() { GrantedTokenResponse grantedToken = null !; UmaClient client = null !; JsonWebKeySet jwks = null !; string resourceId = null !; string ticketId = null !; "and the server's signing key".x( async() => { var json = await _fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false); jwks = new JsonWebKeySet(json); Assert.NotEmpty(jwks.Keys); }); "and a valid UMA token".x( async() => { var tokenClient = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), _fixture.Client, new Uri(WellKnownUmaConfiguration)); var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection")) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; grantedToken = token !.Item; }); "and a properly configured uma client".x( () => client = new UmaClient(_fixture.Client, new Uri(WellKnownUmaConfiguration))); "when registering resource".x( async() => { var resource = await client.AddResource( new ResourceSet { Name = "picture", Scopes = new[] { "read" } }, grantedToken.AccessToken) .ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; resourceId = resource.Item.Id; }); "and adding permission".x( async() => { var response = await client.RequestPermission( grantedToken.AccessToken, requests: new PermissionRequest { ResourceSetId = resourceId, Scopes = new[] { "read" } }) .ConfigureAwait(false) as Option <TicketResponse> .Result; ticketId = response !.Item.TicketId; }); "then returns ticket id".x(() => { Assert.NotNull(ticketId); }); }
public void SuccessfulMultiplePermissionsCreation() { GrantedTokenResponse grantedToken = null !; UmaClient client = null !; string resourceId = null !; string ticketId = null !; "and a valid UMA token".x( async() => { var tokenClient = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), Fixture.Client, new Uri(WellKnownUmaConfiguration)); var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection")) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; grantedToken = token !.Item; Assert.NotNull(grantedToken); }); "and a properly configured uma client".x( () => client = new UmaClient(Fixture.Client, new Uri(WellKnownUmaConfiguration))); "when registering resource".x( async() => { var resource = await client.AddResource( new ResourceSet { Name = "picture", Scopes = new[] { "read", "write" } }, grantedToken.AccessToken) .ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; resourceId = resource !.Item.Id; Assert.NotNull(resourceId); }); "and adding permission".x( async() => { var response = await client.RequestPermission( grantedToken.AccessToken, CancellationToken.None, new PermissionRequest { ResourceSetId = resourceId, Scopes = new[] { "write" } }, new PermissionRequest { ResourceSetId = resourceId, Scopes = new[] { "read" } }) .ConfigureAwait(false) as Option <TicketResponse> .Result; ticketId = response !.Item.TicketId; Assert.NotNull(ticketId); }); "then returns ticket id".x(() => { Assert.NotNull(ticketId); }); }
public async Task When_Using_ClientCredentials_Grant_Type_Then_AccessToken_Is_Returned() { var tokenClient = new TokenClient( TokenCredentials.FromClientCredentials("resource_server", "resource_server"), _server.Client, new Uri(BaseUrl + WellKnownUma2Configuration)); var result = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection", "uma_authorization")) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotEmpty(result.Item.AccessToken); }
public async Task WhenPassingClientAccessTokenToUserInfoThenClientClaimsAreReturned() { var tokenClient = new TokenClient( TokenCredentials.FromClientCredentials("stateless_client", "stateless_client"), _server.Client, new Uri(BaseUrl + WellKnownOpenidConfiguration)); var result = await tokenClient.GetToken(TokenRequest.FromScopes("openid")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; var getUserInfoResult = await _userInfoClient.GetUserInfo(result.Item.AccessToken).ConfigureAwait(false); Assert.IsType <Option <JwtPayload> .Result>(getUserInfoResult); }
public void SuccessfulTokenValidationFromMetadata() { GrantedTokenResponse tokenResponse = null !; JsonWebKeySet jwks = null !; "And a valid token".x( async() => { var tokenClient = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), Fixture.Client, new Uri(WellKnownOpenidConfiguration)); var response = await tokenClient.GetToken(TokenRequest.FromScopes("api1")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); tokenResponse = response.Item; }); "then can download json web key set".x( async() => { var jwksJson = await Fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false); Assert.NotNull(jwksJson); jwks = JsonWebKeySet.Create(jwksJson); }); "Then can create token validation parameters from service metadata".x( () => { var validationParameters = new TokenValidationParameters { IssuerSigningKeys = jwks.Keys, ValidIssuer = "https://localhost", ValidAudience = "clientCredentials" }; var handler = new JwtSecurityTokenHandler(); handler.ValidateToken(tokenResponse.AccessToken, validationParameters, out var securityToken); Assert.NotNull(securityToken); }); }
public void InvalidClientCredentials() { TokenClient client = null !; Option <GrantedTokenResponse> result = null !; "and a token client with invalid client credentials".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("xxx", "xxx"), Fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting auth token".x( async() => { result = await client.GetToken(TokenRequest.FromScopes("pwd")).ConfigureAwait(false); }); "then does not have token".x(() => { Assert.IsType <Option <GrantedTokenResponse> .Error>(result); }); }
public void SuccessfulClientCredentialsAuthentication() { TokenClient client = null !; GrantedTokenResponse result = null !; "and a properly configured token client".x( () => client = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), _fixture.Client, new Uri(WellKnownOpenidConfiguration))); "when requesting token".x( async() => { var response = await client.GetToken(TokenRequest.FromScopes("api1")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; Assert.NotNull(response); result = response.Item; }); "then has valid access token".x( () => { var tokenHandler = new JwtSecurityTokenHandler(); var validationParameters = new TokenValidationParameters { IssuerSigningKeys = _jwks.GetSigningKeys(), ValidAudience = "clientCredentials", ValidIssuer = "https://localhost" }; tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token); }); "and can get user info".x( async() => { var userinfo = await client.GetUserInfo(result.AccessToken).ConfigureAwait(false) as Option <JwtPayload> .Result; Assert.NotNull(userinfo); Assert.NotNull(userinfo.Item); }); }
public void SuccessfulPermissionCreation() { TestServerFixture fixture = null !; GrantedTokenResponse grantedToken = null !; UmaClient client = null !; string resourceId = null !; string ticketId = null !; "Given a running auth server".x(() => fixture = new TestServerFixture(_outputHelper, BaseUrl)) .Teardown(() => fixture.Dispose()); "and the server's signing key".x( async() => { var json = await fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false); var jwks = new JsonWebKeySet(json); Assert.NotEmpty(jwks.Keys); }); "and a valid UMA token".x( async() => { var tokenClient = new TokenClient( TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"), fixture.Client, new Uri(WellKnownUmaConfiguration)); var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection")) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; var handler = new JwtSecurityTokenHandler(); var principal = handler.ReadJwtToken(token.Item.AccessToken); Assert.NotNull(principal.Issuer); grantedToken = token.Item; }); "and a properly configured uma client".x( () => client = new UmaClient(fixture.Client, new Uri(WellKnownUmaConfiguration))); "when registering resource".x( async() => { var resource = await client.AddResource( new ResourceSet { Name = "picture", Scopes = new[] { "read" } }, grantedToken.AccessToken) .ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; resourceId = resource.Item.Id; }); "and adding permission".x( async() => { var response = await client.RequestPermission( grantedToken.AccessToken, requests: new PermissionRequest { IdToken = grantedToken.IdToken, ResourceSetId = resourceId, Scopes = new[] { "read" } }) .ConfigureAwait(false) as Option <TicketResponse> .Result; Assert.NotNull(response); ticketId = response.Item.TicketId; }); "then returns ticket id".x(() => { Assert.NotNull(ticketId); }); }
public async Task When_Using_TicketId_Grant_Type_Then_AccessToken_Is_Returned() { var handler = new JwtSecurityTokenHandler(); var set = new JsonWebKeySet(); set.Keys.Add(_server.SharedUmaCtx.SignatureKey); var securityToken = new JwtSecurityToken( "http://server.example.com", "s6BhdRkqt3", new[] { new Claim("sub", "248289761001") }, null, DateTime.UtcNow.AddYears(1), new SigningCredentials(set.GetSignKeys().First(), SecurityAlgorithms.HmacSha256)); var jwt = handler.WriteToken(securityToken); var tc = new TokenClient( TokenCredentials.FromClientCredentials("resource_server", "resource_server"), _server.Client, new Uri(BaseUrl + WellKnownUma2Configuration)); // Get PAT. var result = await tc.GetToken(TokenRequest.FromScopes("uma_protection", "uma_authorization")) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; var resourceSet = new ResourceSet { Name = "name", Scopes = new[] { "read", "write", "execute" }, AuthorizationPolicies = new[] { new PolicyRule { ClientIdsAllowed = new[] { "resource_server" }, Scopes = new[] { "read", "write", "execute" } } } }; var resource = await _umaClient.AddResource(resourceSet, result.Item.AccessToken).ConfigureAwait(false) as Option <AddResourceSetResponse> .Result; resourceSet = resourceSet with { Id = resource.Item.Id }; await _umaClient.UpdateResource(resourceSet, result.Item.AccessToken).ConfigureAwait(false); var ticket = await _umaClient.RequestPermission( "header", requests : new PermissionRequest // Add permission & retrieve a ticket id. { ResourceSetId = resource.Item.Id, Scopes = new[] { "read" } }) .ConfigureAwait(false) as Option <TicketResponse> .Result; Assert.NotNull(ticket.Item); var tokenClient = new TokenClient( TokenCredentials.FromClientCredentials("resource_server", "resource_server"), _server.Client, new Uri(BaseUrl + WellKnownUma2Configuration)); var token = await tokenClient.GetToken(TokenRequest.FromTicketId(ticket.Item.TicketId, jwt)) .ConfigureAwait(false) as Option <GrantedTokenResponse> .Result; var jwtToken = handler.ReadJwtToken(token.Item.AccessToken); Assert.NotNull(jwtToken.Claims); }