public void SuccessfulResourceOwnerRefresh()
{
TokenClient client = null !;
GrantedTokenResponse result = null !;
"and a properly token client".x(
() => client = new TokenClient(
TokenCredentials.FromBasicAuthentication("clientCredentials", "clientCredentials"),
Fixture.Client,
new Uri(WellKnownOpenidConfiguration)));
"when requesting auth token".x(
async() =>
{
var response =
await client.GetToken(TokenRequest.FromScopes("api1", "offline")).ConfigureAwait(false) as
Option <GrantedTokenResponse> .Result;
Assert.NotNull(response);
result = response !.Item;
});
"then can get new token from refresh token".x(
async() =>
{
var response = await client.GetToken(TokenRequest.FromRefreshToken(result.RefreshToken !))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
Assert.NotNull(response);
});
}
public void SuccessfulResourceOwnerRevocation()
{
TokenClient client = null !;
GrantedTokenResponse result = null !;
"and a properly token client".x(
() => client = new TokenClient(
TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"),
_fixture.Client,
new Uri(WellKnownOpenidConfiguration)));
"when requesting auth token".x(
async() =>
{
var response =
await client.GetToken(TokenRequest.FromScopes("api1", "offline")).ConfigureAwait(false) as
Option <GrantedTokenResponse> .Result;
Assert.NotNull(response);
result = response.Item;
});
"then can revoke token".x(
async() =>
{
var response = await client.RevokeToken(RevokeTokenRequest.Create(result)).ConfigureAwait(false);
Assert.IsType <Option.Success>(response);
});
}
public void SuccessfulPermissionCreation()
{
GrantedTokenResponse grantedToken = null !;
UmaClient client = null !;
JsonWebKeySet jwks = null !;
string resourceId = null !;
string ticketId = null !;
"and the server's signing key".x(
async() =>
{
var json = await _fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false);
jwks = new JsonWebKeySet(json);
Assert.NotEmpty(jwks.Keys);
});
"and a valid UMA token".x(
async() =>
{
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"),
_fixture.Client,
new Uri(WellKnownUmaConfiguration));
var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection"))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
grantedToken = token !.Item;
});
"and a properly configured uma client".x(
() => client = new UmaClient(_fixture.Client, new Uri(WellKnownUmaConfiguration)));
"when registering resource".x(
async() =>
{
var resource = await client.AddResource(
new ResourceSet {
Name = "picture", Scopes = new[] { "read" }
},
grantedToken.AccessToken)
.ConfigureAwait(false) as Option <AddResourceSetResponse> .Result;
resourceId = resource.Item.Id;
});
"and adding permission".x(
async() =>
{
var response = await client.RequestPermission(
grantedToken.AccessToken,
requests: new PermissionRequest {
ResourceSetId = resourceId, Scopes = new[] { "read" }
})
.ConfigureAwait(false) as Option <TicketResponse> .Result;
ticketId = response !.Item.TicketId;
});
"then returns ticket id".x(() => { Assert.NotNull(ticketId); });
}
public void SuccessfulMultiplePermissionsCreation()
{
GrantedTokenResponse grantedToken = null !;
UmaClient client = null !;
string resourceId = null !;
string ticketId = null !;
"and a valid UMA token".x(
async() =>
{
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"),
Fixture.Client,
new Uri(WellKnownUmaConfiguration));
var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection"))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
grantedToken = token !.Item;
Assert.NotNull(grantedToken);
});
"and a properly configured uma client".x(
() => client = new UmaClient(Fixture.Client, new Uri(WellKnownUmaConfiguration)));
"when registering resource".x(
async() =>
{
var resource = await client.AddResource(
new ResourceSet {
Name = "picture", Scopes = new[] { "read", "write" }
},
grantedToken.AccessToken)
.ConfigureAwait(false) as Option <AddResourceSetResponse> .Result;
resourceId = resource !.Item.Id;
Assert.NotNull(resourceId);
});
"and adding permission".x(
async() =>
{
var response = await client.RequestPermission(
grantedToken.AccessToken,
CancellationToken.None,
new PermissionRequest {
ResourceSetId = resourceId, Scopes = new[] { "write" }
},
new PermissionRequest {
ResourceSetId = resourceId, Scopes = new[] { "read" }
})
.ConfigureAwait(false) as Option <TicketResponse> .Result;
ticketId = response !.Item.TicketId;
Assert.NotNull(ticketId);
});
"then returns ticket id".x(() => { Assert.NotNull(ticketId); });
}
public async Task When_Using_ClientCredentials_Grant_Type_Then_AccessToken_Is_Returned()
{
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("resource_server", "resource_server"),
_server.Client,
new Uri(BaseUrl + WellKnownUma2Configuration));
var result = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection", "uma_authorization"))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
Assert.NotEmpty(result.Item.AccessToken);
}
public async Task WhenPassingClientAccessTokenToUserInfoThenClientClaimsAreReturned()
{
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("stateless_client", "stateless_client"),
_server.Client,
new Uri(BaseUrl + WellKnownOpenidConfiguration));
var result = await tokenClient.GetToken(TokenRequest.FromScopes("openid")).ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
var getUserInfoResult = await _userInfoClient.GetUserInfo(result.Item.AccessToken).ConfigureAwait(false);
Assert.IsType <Option <JwtPayload> .Result>(getUserInfoResult);
}
public void SuccessfulTokenValidationFromMetadata()
{
GrantedTokenResponse tokenResponse = null !;
JsonWebKeySet jwks = null !;
"And a valid token".x(
async() =>
{
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"),
Fixture.Client,
new Uri(WellKnownOpenidConfiguration));
var response =
await tokenClient.GetToken(TokenRequest.FromScopes("api1")).ConfigureAwait(false) as
Option <GrantedTokenResponse> .Result;
Assert.NotNull(response);
tokenResponse = response.Item;
});
"then can download json web key set".x(
async() =>
{
var jwksJson = await Fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false);
Assert.NotNull(jwksJson);
jwks = JsonWebKeySet.Create(jwksJson);
});
"Then can create token validation parameters from service metadata".x(
() =>
{
var validationParameters = new TokenValidationParameters
{
IssuerSigningKeys = jwks.Keys,
ValidIssuer = "https://localhost",
ValidAudience = "clientCredentials"
};
var handler = new JwtSecurityTokenHandler();
handler.ValidateToken(tokenResponse.AccessToken, validationParameters, out var securityToken);
Assert.NotNull(securityToken);
});
}
public void InvalidClientCredentials()
{
TokenClient client = null !;
Option <GrantedTokenResponse> result = null !;
"and a token client with invalid client credentials".x(
() => client = new TokenClient(
TokenCredentials.FromClientCredentials("xxx", "xxx"),
Fixture.Client,
new Uri(WellKnownOpenidConfiguration)));
"when requesting auth token".x(
async() => { result = await client.GetToken(TokenRequest.FromScopes("pwd")).ConfigureAwait(false); });
"then does not have token".x(() => { Assert.IsType <Option <GrantedTokenResponse> .Error>(result); });
}
public void SuccessfulClientCredentialsAuthentication()
{
TokenClient client = null !;
GrantedTokenResponse result = null !;
"and a properly configured token client".x(
() => client = new TokenClient(
TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"),
_fixture.Client,
new Uri(WellKnownOpenidConfiguration)));
"when requesting token".x(
async() =>
{
var response =
await client.GetToken(TokenRequest.FromScopes("api1")).ConfigureAwait(false) as
Option <GrantedTokenResponse> .Result;
Assert.NotNull(response);
result = response.Item;
});
"then has valid access token".x(
() =>
{
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
IssuerSigningKeys = _jwks.GetSigningKeys(),
ValidAudience = "clientCredentials",
ValidIssuer = "https://localhost"
};
tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token);
});
"and can get user info".x(
async() =>
{
var userinfo = await client.GetUserInfo(result.AccessToken).ConfigureAwait(false) as Option <JwtPayload> .Result;
Assert.NotNull(userinfo);
Assert.NotNull(userinfo.Item);
});
}
public void SuccessfulPermissionCreation()
{
TestServerFixture fixture = null !;
GrantedTokenResponse grantedToken = null !;
UmaClient client = null !;
string resourceId = null !;
string ticketId = null !;
"Given a running auth server".x(() => fixture = new TestServerFixture(_outputHelper, BaseUrl))
.Teardown(() => fixture.Dispose());
"and the server's signing key".x(
async() =>
{
var json = await fixture.Client().GetStringAsync(BaseUrl + "/jwks").ConfigureAwait(false);
var jwks = new JsonWebKeySet(json);
Assert.NotEmpty(jwks.Keys);
});
"and a valid UMA token".x(
async() =>
{
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("clientCredentials", "clientCredentials"),
fixture.Client,
new Uri(WellKnownUmaConfiguration));
var token = await tokenClient.GetToken(TokenRequest.FromScopes("uma_protection"))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
var handler = new JwtSecurityTokenHandler();
var principal = handler.ReadJwtToken(token.Item.AccessToken);
Assert.NotNull(principal.Issuer);
grantedToken = token.Item;
});
"and a properly configured uma client".x(
() => client = new UmaClient(fixture.Client, new Uri(WellKnownUmaConfiguration)));
"when registering resource".x(
async() =>
{
var resource = await client.AddResource(
new ResourceSet {
Name = "picture", Scopes = new[] { "read" }
},
grantedToken.AccessToken)
.ConfigureAwait(false) as Option <AddResourceSetResponse> .Result;
resourceId = resource.Item.Id;
});
"and adding permission".x(
async() =>
{
var response = await client.RequestPermission(
grantedToken.AccessToken,
requests: new PermissionRequest {
IdToken = grantedToken.IdToken, ResourceSetId = resourceId, Scopes = new[] { "read" }
})
.ConfigureAwait(false) as Option <TicketResponse> .Result;
Assert.NotNull(response);
ticketId = response.Item.TicketId;
});
"then returns ticket id".x(() => { Assert.NotNull(ticketId); });
}
public async Task When_Using_TicketId_Grant_Type_Then_AccessToken_Is_Returned()
{
var handler = new JwtSecurityTokenHandler();
var set = new JsonWebKeySet();
set.Keys.Add(_server.SharedUmaCtx.SignatureKey);
var securityToken = new JwtSecurityToken(
"http://server.example.com",
"s6BhdRkqt3",
new[] { new Claim("sub", "248289761001") },
null,
DateTime.UtcNow.AddYears(1),
new SigningCredentials(set.GetSignKeys().First(), SecurityAlgorithms.HmacSha256));
var jwt = handler.WriteToken(securityToken);
var tc = new TokenClient(
TokenCredentials.FromClientCredentials("resource_server", "resource_server"),
_server.Client,
new Uri(BaseUrl + WellKnownUma2Configuration));
// Get PAT.
var result = await tc.GetToken(TokenRequest.FromScopes("uma_protection", "uma_authorization"))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
var resourceSet = new ResourceSet
{
Name = "name",
Scopes = new[] { "read", "write", "execute" },
AuthorizationPolicies = new[]
{
new PolicyRule
{
ClientIdsAllowed = new[] { "resource_server" },
Scopes = new[] { "read", "write", "execute" }
}
}
};
var resource =
await _umaClient.AddResource(resourceSet, result.Item.AccessToken).ConfigureAwait(false) as
Option <AddResourceSetResponse> .Result;
resourceSet = resourceSet with {
Id = resource.Item.Id
};
await _umaClient.UpdateResource(resourceSet, result.Item.AccessToken).ConfigureAwait(false);
var ticket = await _umaClient.RequestPermission(
"header",
requests : new PermissionRequest // Add permission & retrieve a ticket id.
{
ResourceSetId = resource.Item.Id, Scopes = new[] { "read" }
})
.ConfigureAwait(false) as Option <TicketResponse> .Result;
Assert.NotNull(ticket.Item);
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("resource_server", "resource_server"),
_server.Client,
new Uri(BaseUrl + WellKnownUma2Configuration));
var token = await tokenClient.GetToken(TokenRequest.FromTicketId(ticket.Item.TicketId, jwt))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
var jwtToken = handler.ReadJwtToken(token.Item.AccessToken);
Assert.NotNull(jwtToken.Claims);
}
