public void ResourceOwnerScopeOverride() { var clientRequestedScopes = new[] { "scope1", "scope2" }; var serverOverriddenScopes = new[] { "scope1", "differentScope" }; var authServerMock = CreateAuthorizationServerMock(); authServerMock .Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny <IAccessTokenRequest>())) .Returns <string, string, IAccessTokenRequest>((un, pw, req) => { var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername); response.ApprovedScope.Clear(); response.ApprovedScope.UnionWith(serverOverriddenScopes); return(response); }); var coordinator = new OAuth2Coordinator <WebServerClient>( AuthorizationServerDescription, authServerMock.Object, new WebServerClient(AuthorizationServerDescription), client => { var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; var result = client.ExchangeUserCredentialForToken(ResourceOwnerUsername, ResourceOwnerPassword, clientRequestedScopes); Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes)); }, server => { server.HandleTokenRequest().Respond(); }); coordinator.Run(); }
public void CreateAccessTokenSeesAuthorizingUserAuthorizationCodeGrant() { var authServerMock = CreateAuthorizationServerMock(); authServerMock .Setup(a => a.IsAuthorizationValid(It.IsAny <IAuthorizationDescription>())) .Returns <IAuthorizationDescription>(req => { Assert.That(req.User, Is.EqualTo(ResourceOwnerUsername)); return(true); }); var coordinator = new OAuth2Coordinator <WebServerClient>( AuthorizationServerDescription, authServerMock.Object, new WebServerClient(AuthorizationServerDescription), client => { var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; client.PrepareRequestUserAuthorization(authState).Respond(); var result = client.ProcessUserAuthorization(); Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty); Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty); }, server => { var request = server.ReadAuthorizationRequest(); Assert.That(request, Is.Not.Null); server.ApproveAuthorizationRequest(request, ResourceOwnerUsername); server.HandleTokenRequest().Respond(); }); coordinator.Run(); }
public void DecodeRefreshToken() { var refreshTokenSource = new TaskCompletionSource <string>(); var coordinator = new OAuth2Coordinator <WebServerClient>( AuthorizationServerDescription, AuthorizationServerMock, new WebServerClient(AuthorizationServerDescription), client => { try { var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; client.PrepareRequestUserAuthorization(authState).Respond(); var result = client.ProcessUserAuthorization(); Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty); Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty); refreshTokenSource.SetResult(result.RefreshToken); } catch { refreshTokenSource.TrySetCanceled(); } }, server => { var request = server.ReadAuthorizationRequest(); Assert.That(request, Is.Not.Null); server.ApproveAuthorizationRequest(request, ResourceOwnerUsername); server.HandleTokenRequest().Respond(); var authorization = server.DecodeRefreshToken(refreshTokenSource.Task.Result); Assert.That(authorization, Is.Not.Null); Assert.That(authorization.User, Is.EqualTo(ResourceOwnerUsername)); }); coordinator.Run(); }
public void ClientCredentialScopeOverride() { var clientRequestedScopes = new[] { "scope1", "scope2" }; var serverOverriddenScopes = new[] { "scope1", "differentScope" }; var authServerMock = CreateAuthorizationServerMock(); authServerMock .Setup(a => a.CheckAuthorizeClientCredentialsGrant(It.IsAny <IAccessTokenRequest>())) .Returns <IAccessTokenRequest>(req => { var response = new AutomatedAuthorizationCheckResponse(req, true); response.ApprovedScope.Clear(); response.ApprovedScope.UnionWith(serverOverriddenScopes); return(response); }); var coordinator = new OAuth2Coordinator <WebServerClient>( AuthorizationServerDescription, authServerMock.Object, new WebServerClient(AuthorizationServerDescription), client => { var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; var result = client.GetClientAccessToken(clientRequestedScopes); Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes)); }, server => { server.HandleTokenRequest().Respond(); }); coordinator.Run(); }
public void CreateAccessTokenSeesAuthorizingUserResourceOwnerGrant() { var authServerMock = CreateAuthorizationServerMock(); authServerMock .Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny <IAccessTokenRequest>())) .Returns <string, string, IAccessTokenRequest>((un, pw, req) => { var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername); Assert.That(req.UserName, Is.EqualTo(ResourceOwnerUsername)); return(response); }); var coordinator = new OAuth2Coordinator <WebServerClient>( AuthorizationServerDescription, authServerMock.Object, new WebServerClient(AuthorizationServerDescription), client => { var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; var result = client.ExchangeUserCredentialForToken(ResourceOwnerUsername, ResourceOwnerPassword, TestScopes); Assert.That(result.AccessToken, Is.Not.Null); }, server => { server.HandleTokenRequest().Respond(); }); coordinator.Run(); }
public void CreateAccessTokenSeesAuthorizingUserClientCredentialGrant() { var authServerMock = CreateAuthorizationServerMock(); authServerMock .Setup(a => a.CheckAuthorizeClientCredentialsGrant(It.IsAny <IAccessTokenRequest>())) .Returns <IAccessTokenRequest>(req => { Assert.That(req.UserName, Is.Null); return(new AutomatedAuthorizationCheckResponse(req, true)); }); var coordinator = new OAuth2Coordinator <WebServerClient>( AuthorizationServerDescription, authServerMock.Object, new WebServerClient(AuthorizationServerDescription), client => { var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; var result = client.GetClientAccessToken(TestScopes); Assert.That(result.AccessToken, Is.Not.Null); }, server => { server.HandleTokenRequest().Respond(); }); coordinator.Run(); }
public void ClientCredentialGrant() { var authServer = CreateAuthorizationServerMock(); authServer.Setup( a => a.IsAuthorizationValid(It.Is <IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))) .Returns(true); authServer.Setup( a => a.CheckAuthorizeClientCredentialsGrant(It.Is <IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))) .Returns <IAccessTokenRequest>(req => new AutomatedAuthorizationCheckResponse(req, true)); var coordinator = new OAuth2Coordinator <WebServerClient>( AuthorizationServerDescription, authServer.Object, new WebServerClient(AuthorizationServerDescription), client => { var authState = client.GetClientAccessToken(TestScopes); Assert.That(authState.AccessToken, Is.Not.Null.And.Not.Empty); Assert.That(authState.RefreshToken, Is.Null); }, server => { server.HandleTokenRequest().Respond(); }); coordinator.Run(); }
public void ResourceOwnerPasswordCredentialGrant(bool anonymousClient) { var authHostMock = CreateAuthorizationServerMock(); if (anonymousClient) { authHostMock.Setup( m => m.IsAuthorizationValid( It.Is <IAuthorizationDescription>( d => d.ClientIdentifier == null && d.User == ResourceOwnerUsername && MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))).Returns(true); } var coordinator = new OAuth2Coordinator <WebServerClient>( AuthorizationServerDescription, authHostMock.Object, new WebServerClient(AuthorizationServerDescription), client => { if (anonymousClient) { client.ClientIdentifier = null; } var authState = client.ExchangeUserCredentialForToken(ResourceOwnerUsername, ResourceOwnerPassword, TestScopes); Assert.That(authState.AccessToken, Is.Not.Null.And.Not.Empty); Assert.That(authState.RefreshToken, Is.Not.Null.And.Not.Empty); }, server => { server.HandleTokenRequest().Respond(); }); coordinator.Run(); }
public void AuthorizationCodeGrant() { var coordinator = new OAuth2Coordinator <WebServerClient>( AuthorizationServerDescription, AuthorizationServerMock, new WebServerClient(AuthorizationServerDescription), client => { var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; client.PrepareRequestUserAuthorization(authState).Respond(); var result = client.ProcessUserAuthorization(); Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty); Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty); }, server => { var request = server.ReadAuthorizationRequest(); Assert.That(request, Is.Not.Null); server.ApproveAuthorizationRequest(request, ResourceOwnerUsername); server.HandleTokenRequest().Respond(); }); coordinator.Run(); }
public void GetClientAccessTokenReturnsApprovedScope() { string[] approvedScopes = new[] { "Scope2", "Scope3" }; var authServer = CreateAuthorizationServerMock(); authServer.Setup( a => a.IsAuthorizationValid(It.Is <IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))) .Returns(true); authServer.Setup( a => a.CheckAuthorizeClientCredentialsGrant(It.Is <IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))) .Returns <IAccessTokenRequest>(req => { var response = new AutomatedAuthorizationCheckResponse(req, true); response.ApprovedScope.ResetContents(approvedScopes); return(response); }); var coordinator = new OAuth2Coordinator <WebServerClient>( AuthorizationServerDescription, authServer.Object, new WebServerClient(AuthorizationServerDescription), client => { var authState = client.GetClientAccessToken(TestScopes); Assert.That(authState.Scope, Is.EquivalentTo(approvedScopes)); }, server => { server.HandleTokenRequest().Respond(); }); coordinator.Run(); }
public void ImplicitGrant() { var coordinatorClient = new UserAgentClient(AuthorizationServerDescription); var coordinator = new OAuth2Coordinator <UserAgentClient>( AuthorizationServerDescription, AuthorizationServerMock, coordinatorClient, client => { var authState = new AuthorizationState(TestScopes) { Callback = ClientCallback, }; var request = client.PrepareRequestUserAuthorization(authState, implicitResponseType: true); Assert.That(request.ResponseType, Is.EqualTo(EndUserAuthorizationResponseType.AccessToken)); client.Channel.Respond(request); var incoming = client.Channel.ReadFromRequest(); var result = client.ProcessUserAuthorization(authState, incoming); Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty); Assert.That(result.RefreshToken, Is.Null); }, server => { var request = server.ReadAuthorizationRequest(); Assert.That(request, Is.Not.Null); IAccessTokenRequest accessTokenRequest = (EndUserAuthorizationImplicitRequest)request; Assert.That(accessTokenRequest.ClientAuthenticated, Is.False); server.ApproveAuthorizationRequest(request, ResourceOwnerUsername); }); coordinatorClient.ClientCredentialApplicator = null; // implicit grant clients don't need a secret. coordinator.Run(); }
public void ErrorResponseTest() { var coordinator = new OAuth2Coordinator <UserAgentClient>( AuthorizationServerDescription, AuthorizationServerMock, new UserAgentClient(AuthorizationServerDescription), client => { var request = new AccessTokenAuthorizationCodeRequestC(AuthorizationServerDescription) { ClientIdentifier = ClientId, ClientSecret = ClientSecret, AuthorizationCode = "foo" }; var response = client.Channel.Request <AccessTokenFailedResponse>(request); Assert.That(response.Error, Is.Not.Null.And.Not.Empty); Assert.That(response.Error, Is.EqualTo(Protocol.AccessTokenRequestErrorCodes.InvalidRequest)); }, server => { server.HandleTokenRequest().Respond(); }); coordinator.Run(); }