public static T Get <T>(this IdentityServerHost host, string path)
{
var result = host.Get(path);
result.IsSuccessStatusCode.Should().BeTrue();
return(result.Content.ReadAsAsync <T>().Result);
}
public static string WriteMessageToCookie <T>(this IdentityServerHost host, T msg)
where T : Message
{
var request_headers = new Dictionary <string, string[]>();
var response_headers = new Dictionary <string, string[]>();
var env = new Dictionary <string, object>()
{
{ "owin.RequestScheme", "https" },
{ "owin.RequestHeaders", request_headers },
{ "owin.ResponseHeaders", response_headers },
{ Constants.OwinEnvironment.IdentityServerBasePath, "/" },
};
var ctx = new OwinContext(env);
var signInCookie = new MessageCookie <T>(ctx, host.Options);
var id = signInCookie.Write(msg);
CookieHeaderValue cookie;
if (!CookieHeaderValue.TryParse(response_headers["Set-Cookie"].First(), out cookie))
{
throw new InvalidOperationException("MessageCookie failed to issue cookie");
}
host.Client.AddCookies(cookie.Cookies);
return(id);
}
public static HttpResponseMessage GetLoginPage(this IdentityServerHost host, SignInMessage msg = null)
{
msg = msg ?? new SignInMessage()
{
ReturnUrl = host.Url.EnsureTrailingSlash()
};
var signInId = host.WriteMessageToCookie(msg);
return(host.Get(host.GetLoginUrl(signInId)));
}
public static HttpResponseMessage Introspect(this IdentityServerHost host, string scopeName, string scopeSecret, string token)
{
var form = new Dictionary <string, string>();
form.Add("token", token);
host.Client.SetBasicAuthentication(scopeName, scopeSecret);
var response = host.Client.PostAsync(host.GetIntrospectionUrl(), new FormUrlEncodedContent(form)).Result;
return(response);
}
public static void Login(this IdentityServerHost host, string username = "******")
{
var resp = host.GetLoginPage();
var model = resp.GetPageModel <LoginViewModel>();
var user = host.Users.Single(x => x.Username == username);
resp = host.PostForm(model.LoginUrl, new LoginCredentials {
Username = user.Username, Password = user.Password
}, model.AntiForgery);
resp.AssertCookie(Constants.PrimaryAuthenticationType);
}
public static HttpResponseMessage Get(this IdentityServerHost host, string path)
{
if (!path.StartsWith("http"))
{
path = host.Url.EnsureTrailingSlash() + path;
}
var result = host.Client.GetAsync(path).Result;
host.ProcessCookies(result);
return(result);
}
static void ProcessCookies(this IdentityServerHost host, HttpResponseMessage response)
{
var cookies = response.GetCookies();
foreach (var cookie in cookies)
{
if (cookie.Expires != null && cookie.Expires < host.UtcNow)
{
var names = cookie.Cookies.Select(x => x.Name);
host.Client.RemoveCookies(names);
}
else
{
host.Client.AddCookies(cookie.Cookies);
}
}
}
public static HttpResponseMessage PostForm(this IdentityServerHost host, string path, object value, AntiForgeryTokenViewModel xsrf = null)
{
if (!path.StartsWith("http"))
{
path = host.Url.EnsureTrailingSlash() + path;
}
var form = Map(value, xsrf);
var body = ToFormBody(form);
var content = new StringContent(body, Encoding.UTF8, FormUrlEncodedMediaTypeFormatter.DefaultMediaType.MediaType);
var response = host.Client.PostAsync(path, content).Result;
host.ProcessCookies(response);
return(response);
}
public static NameValueCollection RequestAuthorizationCode(
this IdentityServerHost host,
string client_id,
string redirect_uri,
string scope,
string nonce = null,
string code_challenge = null,
string code_challenge_method = null)
{
var state = Guid.NewGuid().ToString();
var url = host.GetAuthorizeUrl(client_id, redirect_uri, scope, "code", state, nonce, code_challenge, code_challenge_method);
var result = host.Client.GetAsync(url).Result;
result.StatusCode.Should().Be(HttpStatusCode.Found);
var query = result.Headers.Location.ParseQueryString();
query.AllKeys.Should().Contain("state");
query["state"].Should().Be(state);
return(query);
}
public static X509Certificate2 GetSigningCertificate(this IdentityServerHost host)
{
var meta = host.GetDiscoveryDocument();
meta["jwks_uri"].Should().NotBeNull();
var jwks = meta["jwks_uri"].ToString();
var result = host.Client.GetAsync(jwks).Result;
result.StatusCode.Should().Be(HttpStatusCode.OK);
result.Content.Headers.ContentType.MediaType.Should().Be("application/json");
var json = result.Content.ReadAsStringAsync().Result;
var data = JObject.Parse(json);
data["keys"].Should().NotBeNull();
var keys = (JArray)data["keys"];
var rsa = keys.FirstOrDefault(x => (string)x["kty"] == "RSA" && (string)x["use"] == "sig");
rsa.Should().NotBeNull();
var certs = (JArray)rsa["x5c"];
certs.Should().NotBeNull();
var cert = (string)certs.First();
cert.Should().NotBeNull();
var bytes = Convert.FromBase64String(cert);
var ret = new X509Certificate2(bytes);
ret.Should().NotBeNull();
return(ret);
}
public static JObject GetDiscoveryDocument(this IdentityServerHost host)
{
var disco_url = host.GetDiscoveryUrl();
var result = host.Client.GetAsync(disco_url).Result;
result.StatusCode.Should().Be(HttpStatusCode.OK);
result.Content.Headers.ContentType.MediaType.Should().Be("application/json");
var json = result.Content.ReadAsStringAsync().Result;
var data = JObject.Parse(json);
string[] https_checks = new string[] {
"issuer", "jwks_uri", "authorization_endpoint", "token_endpoint", "userinfo_endpoint", "end_session_endpoint", "check_session_iframe"
};
foreach (var url in https_checks)
{
data[url].Should().NotBeNull();
data[url].ToString().Should().StartWith("https://");
}
var issuer = host.Url;
if (issuer.EndsWith("/"))
{
issuer = issuer.Substring(0, issuer.Length - 1);
}
data["issuer"].ToString().Should().Be(issuer);
var jwks = data["jwks_uri"].ToString();
result = host.Client.GetAsync(jwks).Result;
result.StatusCode.Should().Be(HttpStatusCode.OK);
result.Content.Headers.ContentType.MediaType.Should().Be("application/json");
return(data);
}
public static string GetAuthorizeUrl(
this IdentityServerHost host,
string client_id = null,
string redirect_uri = null,
string scope = null,
string response_type = null,
string state = null,
string nonce = null,
string code_challenge = null,
string code_challenge_method = null)
{
var disco = host.GetDiscoveryDocument();
disco["authorization_endpoint"].Should().NotBeNull();
disco["response_types_supported"].Should().NotBeNull();
var arr = (JArray)disco["response_types_supported"];
var values = arr.Select(x => x.ToString());
values.Should().Contain("code");
var url = disco["authorization_endpoint"].ToString();
var query = "";
if (response_type.IsPresent())
{
query += "&response_type=" + HttpUtility.UrlEncode(response_type);
}
if (scope.IsPresent())
{
query += "&scope=" + HttpUtility.UrlEncode(scope);
}
if (client_id.IsPresent())
{
query += "&client_id=" + HttpUtility.UrlEncode(client_id);
}
if (redirect_uri.IsPresent())
{
query += "&redirect_uri=" + HttpUtility.UrlEncode(redirect_uri);
}
if (state.IsPresent())
{
query += "&state=" + HttpUtility.UrlEncode(state);
}
if (nonce.IsPresent())
{
query += "&nonce=" + HttpUtility.UrlEncode(nonce);
}
if (code_challenge.IsPresent())
{
query += "&code_challenge=" + HttpUtility.UrlEncode(code_challenge);
}
if (code_challenge_method.IsPresent())
{
query += "&code_challenge_method=" + HttpUtility.UrlEncode(code_challenge_method);
}
if (query.StartsWith("&"))
{
url += "?" + query.Substring(1);
}
return(url);
}
public static string GetDiscoveryUrl(this IdentityServerHost host)
{
return(host.Url.EnsureTrailingSlash() + Constants.RoutePaths.Oidc.DiscoveryConfiguration);
}
public static string GetUserInfoUrl(this IdentityServerHost host)
{
return(host.Url.EnsureTrailingSlash() + Constants.RoutePaths.Oidc.UserInfo);
}
public static string GetIntrospectionUrl(this IdentityServerHost host)
{
return(host.Url.EnsureTrailingSlash() + Constants.RoutePaths.Oidc.Introspection);
}
public static string GetLoginUrl(this IdentityServerHost host, string signInId)
{
return(host.Url.EnsureTrailingSlash() + Constants.RoutePaths.Login + "?signin=" + signInId);
}
public static HttpResponseMessage PostJson <T>(this IdentityServerHost host, string path, T value)
{
return(host.Client.PostAsJsonAsync(path, value).Result);
}