public async Task Mint_AppId_Refresh_missing_subject()
{
var client = new TokenClient(
_fixture.TestServer.BaseAddress + "connect/token",
ClientId,
_fixture.MessageHandler);
Dictionary <string, string> paramaters = new Dictionary <string, string>()
{
{ OidcConstants.TokenRequest.ClientId, ClientId },
{ OidcConstants.TokenRequest.ClientSecret, ClientSecret },
{ OidcConstants.TokenRequest.GrantType, ArbitraryNoSubjectExtensionGrant.Constants.ArbitraryNoSubject },
{ OidcConstants.TokenRequest.Scope, "nitro metal" },
{
ArbitraryNoSubjectExtensionGrant.Constants.ArbitraryClaims,
$"{{'machineId': ['{Guid.NewGuid().ToString()}'],'appId': ['{Guid.NewGuid().ToString()}']}}"
},
{ ArbitraryNoSubjectExtensionGrant.Constants.AccessTokenLifetime, "3600" },
{ ArbitraryIdentityExtensionGrant.Constants.IdTokenLifetime, "320000" }
};
var result = await client.RequestAsync(paramaters);
result.ErrorDescription.ShouldBeNull();
result.Error.ShouldBeNull();
result.AccessToken.ShouldNotBeNullOrEmpty();
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: appIdentityRefresh!) {
appIdentityRefresh(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
id_token = result.AccessToken
}
}
};
var graphQLResponse = await graphQLHttpClient.PostAsync(appIdentityCreate);
graphQLResponse.ShouldNotBeNull();
var appIdentityResponse =
graphQLResponse
.GetDataFieldAs <AppIdentityResultModel>(
"appIdentityRefresh"); //data->appIdentityCreate is casted as AppIdentityResultModel
appIdentityResponse.ShouldBeNull();
graphQLResponse.Errors.ShouldNotBeNull();
}
}
public async Task success_appIdentityCreate_POST()
{
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: appIdentityCreate!) {
appIdentityCreate(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
appId = "myApp 001",
machineId = "machineId 001"
}
}
};
var graphQLResponse = await graphQLHttpClient.PostAsync(appIdentityCreate);
graphQLResponse.ShouldNotBeNull();
var appIdentityResponse = graphQLResponse.GetDataFieldAs <AppIdentityResultModel>("appIdentityCreate"); //data->appIdentityCreate is casted as AppIdentityResponse
appIdentityResponse.ShouldNotBeNull();
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(appIdentityResponse.id_token) as JwtSecurityToken;
tokenS.ShouldNotBeNull();
}
}
public async Task App_identity_bind_missing_authorized_subject_outofrange()
{
var clientCredentialsResponse = await FetchB2BAccessTokenAsync();
clientCredentialsResponse.ShouldNotBeNull();
clientCredentialsResponse.access_token.ShouldNotBeNull();
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: appIdentityCreate!) {
appIdentityCreate(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
appId = Guid.NewGuid().ToString(),
machineId = Guid.NewGuid().ToString(),
subject = Guid.NewGuid().ToString() + Guid.NewGuid().ToString()
}
}
};
graphQLHttpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {clientCredentialsResponse.access_token}");
graphQLHttpClient.DefaultRequestHeaders.Add("x-authScheme", $"self-testserver");
var graphQLResponse = await graphQLHttpClient.PostAsync(appIdentityCreate);
graphQLResponse.Errors.ShouldNotBeNull();
}
}
public async Task App_identity_bind_missing_argmuments_appid()
{
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: appIdentityCreate!) {
appIdentityCreate(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
machineId = "machineId 001"
}
}
};
Should.Throw <GraphQLHttpException>(() =>
{
graphQLHttpClient.PostAsync(appIdentityCreate).GetAwaiter().GetResult();
});
}
}
public async Task App_identity_bind_missing_unauthorized_subject()
{
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: appIdentityCreate!) {
appIdentityCreate(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
appId = "myApp 001",
machineId = "machineId 001",
subject = Guid.NewGuid().ToString()
}
}
};
var graphQLResponse = await graphQLHttpClient.PostAsync(appIdentityCreate);
graphQLResponse.Errors.ShouldNotBeNull();
}
}
public async Task success_app_identity_bind_and_exchange_selfvalidator()
{
string id_token = "";
var appIdentityResponse = await FetchAppIdentityAsync();
appIdentityResponse.ShouldNotBeNull();
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(appIdentityResponse.id_token) as JwtSecurityToken;
tokenS.ShouldNotBeNull();
id_token = appIdentityResponse.id_token;
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var graphQlRequest = new GraphQLRequest(
@"query q($input: tokenExchange!) {
tokenExchange(input: $input){
authority
access_token
token_type
httpHeaders
{
name
value
}
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
exchange = "google-my-custom",
extras = new string[]
{
"a", "b", "c"
},
tokens = new[]
{
new
{
token = id_token,
tokenScheme = "self"
}
}
}
}
};
var graphQLResponse = await graphQLHttpClient.PostAsync(graphQlRequest);
graphQLResponse.ShouldNotBeNull();
graphQLResponse.Errors.ShouldBeNull();
}
}
public async Task fail_Bad_token_exchange()
{
string id_token = Guid.NewGuid().ToString();
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var graphQlRequest = new GraphQLRequest(
@"query q($input: tokenExchange!) {
tokenExchange(input: $input){
accessToken{
hint
authority
expires_in
access_token
refresh_token
token_type
httpHeaders
{
name
value
}
}
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
exchange = "google-my-custom",
extras = new string[]
{
"a", "b", "c"
},
tokens = new[]
{
new
{
token = id_token,
tokenScheme = "self-testserver"
}
}
}
}
};
var graphQLResponse = await graphQLHttpClient.PostAsync(graphQlRequest);
graphQLResponse.Errors.ShouldNotBeNull();
}
}
public async Task App_identity_bind_machineId_outofrange()
{
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: appIdentityCreate!) {
appIdentityCreate(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
machineId = Guid.NewGuid().ToString() + Guid.NewGuid().ToString(),
appId = Guid.NewGuid().ToString()
}
}
};
var response = graphQLHttpClient.PostAsync(appIdentityCreate).GetAwaiter().GetResult();
response.Errors.ShouldNotBeNull();
}
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: appIdentityCreate!) {
appIdentityCreate(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
machineId = "",
appId = Guid.NewGuid().ToString()
}
}
};
var response = graphQLHttpClient.PostAsync(appIdentityCreate).GetAwaiter().GetResult();
response.Errors.ShouldNotBeNull();
}
}
public async Task success_graphQLDiscovery_GET()
{
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var graphQlRequest = new GraphQLRequest(@"query{
graphQLDiscovery{
graphQLEndpoints{
name
url
}
}
}");
var graphQLResponse = await graphQLHttpClient.GetAsync(graphQlRequest);
graphQLResponse.ShouldNotBeNull();
}
}
public async Task App_identity_bind_missing_authorized_subject()
{
var clientCredentialsResponse = await FetchB2BAccessTokenAsync();
clientCredentialsResponse.ShouldNotBeNull();
clientCredentialsResponse.access_token.ShouldNotBeNull();
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: appIdentityCreate!) {
appIdentityCreate(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
appId = "myApp 001",
machineId = "machineId 001",
subject = Guid.NewGuid().ToString()
}
}
};
graphQLHttpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {clientCredentialsResponse.access_token}");
graphQLHttpClient.DefaultRequestHeaders.Add("x-authScheme", $"self-testserver");
var graphQLResponse = await graphQLHttpClient.PostAsync(appIdentityCreate);
graphQLResponse.ShouldNotBeNull();
var appIdentityResponse = graphQLResponse.GetDataFieldAs <AppIdentityResultModel>("appIdentityCreate"); //data->appIdentityCreate is casted as AppIdentityResponse
appIdentityResponse.ShouldNotBeNull();
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(appIdentityResponse.id_token) as JwtSecurityToken;
tokenS.ShouldNotBeNull();
}
}
public async Task error_unit_test_query()
{
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var graphQlRequest = new GraphQLRequest(
@"query{
unitTestCollectionThrow{
collection{
age
name
}
}
}");
var graphQLResponse = await graphQLHttpClient.PostAsync(graphQlRequest);
graphQLResponse.ShouldNotBeNull();
graphQLResponse.Errors.ShouldNotBeNull();
}
}
async Task <AppIdentityResultModel> FetchAppIdentityAsync()
{
string id_token = "";
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var graphQlRequest = new GraphQLRequest(@"query q($input: appIdentityCreate!) {
appIdentityCreate(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
appId = "myApp 001",
machineId = "machineId 001"
}
}
};
var graphQLResponse = await graphQLHttpClient.PostAsync(graphQlRequest);
graphQLResponse.ShouldNotBeNull();
var appIdentityResponse =
graphQLResponse
.GetDataFieldAs <AppIdentityResultModel>(
"appIdentityCreate"); //data->appIdentityCreate is casted as AppIdentityResponse
appIdentityResponse.ShouldNotBeNull();
return(appIdentityResponse);
}
}
public async Task success_graphQLDiscovery_GET()
{
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var graphQlRequest = new GraphQLRequest(@"query{
graphQLDiscovery{
graphQLEndpoints{
name
url
}
}
}");
var graphQLResponse = await graphQLHttpClient.GetAsync(graphQlRequest);
graphQLResponse.ShouldNotBeNull();
var graphQLDiscoveryModel = (GraphQLDiscoveryModel)graphQLResponse.GetDataFieldAs <GraphQLDiscoveryModel>("graphQLDiscovery"); //data->graphQLDiscovery is casted as GraphQLDiscoveryModel
graphQLDiscoveryModel.ShouldNotBeNull();
graphQLDiscoveryModel.graphQLEndpoints.ShouldNotBeNull();
graphQLDiscoveryModel.graphQLEndpoints.Count.ShouldBeGreaterThan(0);
}
}
/// <summary> /// Send an IntrospectionQuery via POST /// </summary> /// <param name="graphQLClient">The GraphQLClient</param> /// <returns>The GraphQLResponse</returns> public static async Task <GraphQLResponse> PostIntrospectionQueryAsync(this GraphQLClient graphQLClient) => await graphQLClient.PostAsync(IntrospectionQuery).ConfigureAwait(false);
public async Task success_app_identity_bind_and_token_exchange_and_make_auth_call()
{
AppIdentityResultModel appIdentityResponse = null;
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: appIdentityCreate!) {
appIdentityCreate(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
appId = "myApp 001",
machineId = "machineId 001"
}
}
};
var graphQLResponse = await graphQLHttpClient.PostAsync(appIdentityCreate);
appIdentityResponse =
(AppIdentityResultModel)graphQLResponse
.GetDataFieldAs <AppIdentityResultModel>("appIdentityCreate"); //data->appIdentityCreate is casted as AppIdentityResponse
appIdentityResponse.ShouldNotBeNull();
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(appIdentityResponse.id_token) as JwtSecurityToken;
tokenS.ShouldNotBeNull();
}
/*
* This next part fails because the validator calls out to authorities to get the public keys
* The authority in the self case is under this TestServer and for some reason the discovery cache
* cant reach this pretend http://localhost
*/
string access_token = "";
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: tokenExchange!) {
tokenExchange(input: $input){
authority
access_token
token_type
httpHeaders{
name
value
}
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
tokens = new[]
{
new
{
token = appIdentityResponse.id_token,
tokenScheme = "self"
}
},
exchange = "google-my-custom",
extras = new[] { "a", "b", "c" }
}
}
};
var graphQLResponse = await graphQLHttpClient.PostAsync(appIdentityCreate);
graphQLResponse.ShouldNotBeNull();
var bindResponse =
(List <TokenExchangeResponse>)graphQLResponse
.GetDataFieldAs <List <TokenExchangeResponse> >("tokenExchange"); //data->appIdentityCreate is casted as AppIdentityResponse
bindResponse.ShouldNotBeNull();
bindResponse.Count.ShouldBeGreaterThan(0);
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(bindResponse[0].access_token) as JwtSecurityToken;
tokenS.ShouldNotBeNull();
access_token = bindResponse[0].access_token;
}
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var graphQlRequest = new GraphQLRequest(@"query{
authRequired{
claims{
name
value
}
}
}")
{
};
graphQLHttpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {access_token}");
graphQLHttpClient.DefaultRequestHeaders.Add("x-authScheme", $"self-testserver");
var graphQLResponse = await graphQLHttpClient.GetAsync(graphQlRequest);
graphQLResponse.ShouldNotBeNull();
}
}
/// <summary>
/// Send an IntrospectionQuery via GET
/// </summary>
/// <param name="graphQLClient">The GraphQLClient</param>
/// <returns>The GraphQLResponse</returns>
public static async Task <GraphQLResponse> GetIntrospectionQueryAsync(this GraphQLClient graphQLClient)
{
return(await graphQLClient.GetAsync(IntrospectionQuery).ConfigureAwait(false));
}
public async Task success_app_identity_bind_and_refresh()
{
AppIdentityResultModel appIdentityResponse = null;
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: appIdentityCreate!) {
appIdentityCreate(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
appId = "myApp 001",
machineId = "machineId 001"
}
}
};
var graphQLResponse = await graphQLHttpClient.PostAsync(appIdentityCreate);
appIdentityResponse = (AppIdentityResultModel)graphQLResponse.GetDataFieldAs <AppIdentityResultModel>("appIdentityCreate"); //data->appIdentityCreate is casted as AppIdentityResponse
appIdentityResponse.ShouldNotBeNull();
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(appIdentityResponse.id_token) as JwtSecurityToken;
tokenS.ShouldNotBeNull();
}
/*
* This next part fails because the validator calls out to authorities to get the public keys
* The authority in the self case is under this TestServer and for some reason the discovery cache
* cant reach this pretend http://localhost
*/
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var appIdentityCreate = new GraphQLRequest(@"query q($input: appIdentityRefresh!) {
appIdentityRefresh(input: $input){
authority
expires_in
id_token
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
id_token = appIdentityResponse.id_token
}
}
};
var graphQLResponse = await graphQLHttpClient.PostAsync(appIdentityCreate);
graphQLResponse.ShouldNotBeNull();
appIdentityResponse = graphQLResponse.GetDataFieldAs <AppIdentityResultModel>("appIdentityRefresh"); //data->appIdentityCreate is casted as AppIdentityResultModel
appIdentityResponse.ShouldNotBeNull();
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(appIdentityResponse.id_token) as JwtSecurityToken;
tokenS.ShouldNotBeNull();
}
}
/// <summary> /// Send the Query defined in a file via POST /// </summary> /// <param name="graphQLClient">The GraphQLClient</param> /// <param name="filePath">The Path of the File</param> /// <returns>The GraphQLResponse</returns> public static async Task <GraphQLResponse> PostFromFile(this GraphQLClient graphQLClient, string filePath) => await graphQLClient.PostQueryAsync(File.ReadAllText(filePath)).ConfigureAwait(false);
/// <summary> /// Send an IntrospectionQuery via POST /// </summary> /// <param name="graphQLClient">The GraphQLClient</param> /// <param name="cancellationToken"></param> /// <returns>The GraphQLResponse</returns> public static async Task <GraphQLResponse> PostIntrospectionQueryAsync(this GraphQLClient graphQLClient, CancellationToken cancellationToken = default) => await graphQLClient.PostAsync(IntrospectionGraphQLRequest, cancellationToken).ConfigureAwait(false);
public async Task success_app_identity_bind_and_exchange()
{
string id_token = "";
var appIdentityResponse = await FetchAppIdentityAsync();
appIdentityResponse.ShouldNotBeNull();
var handler = new JwtSecurityTokenHandler();
var tokenS = handler.ReadToken(appIdentityResponse.id_token) as JwtSecurityToken;
tokenS.ShouldNotBeNull();
id_token = appIdentityResponse.id_token;
using (var graphQLHttpClient =
new GraphQL.Client.GraphQLClient(_graphQLClientOptions))
{
var graphQlRequest = new GraphQLRequest(
@"query q($input: tokenExchange!) {
tokenExchange(input: $input){
identityToken{
authority
expires_in
hint
httpHeaders{
name
value
}
id_token
}
customToken{
authority
hint
httpHeaders{
name
value
}
token
type
}
accessToken{
hint
authority
expires_in
access_token
refresh_token
token_type
httpHeaders
{
name
value
}
}
}
}")
{
OperationName = null,
Variables = new
{
input = new
{
exchange = "briar-rabbit-inproc",
extras = new string[]
{
"a", "b", "c"
},
tokens = new[]
{
new
{
token = id_token,
tokenScheme = "self-testserver"
}
}
}
}
};
var graphQLResponse = await graphQLHttpClient.PostAsync(graphQlRequest);
graphQLResponse.ShouldNotBeNull();
graphQLResponse.Errors.ShouldBeNull();
var bindResponse = (List <TokenExchangeResponse>)graphQLResponse.GetDataFieldAs <List <TokenExchangeResponse> >("tokenExchange");
bindResponse.ShouldNotBeNull();
bindResponse.Count.ShouldBeGreaterThan(0);
}
}
/// <summary> /// Send an IntrospectionQuery via POST /// </summary> /// <param name="graphQLClient">The GraphQLClient</param> /// <param name="cancellationToken"></param> /// <returns>The GraphQLResponse</returns> public static Task <GraphQLResponse> PostIntrospectionQueryAsync(this GraphQLClient graphQLClient, CancellationToken cancellationToken = default) => graphQLClient.PostAsync(IntrospectionGraphQLRequest, cancellationToken);
