public async Task Unknown_Grant_Type() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "unknown"); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.UnsupportedGrantType); }
public async Task Valid_Code_Request() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Subject = IdentityServerPrincipal.Create("123", "bob"), Client = client, RedirectUri = "https://server/cb", RequestedScopes = new List<Scope> { new Scope { Name = "openid" } } }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeFalse(); }
public async Task Expired_AuthorizationCode() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server/cb", CreationTime = DateTimeOffset.UtcNow.AddSeconds(-100) }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant); }
public async Task AuthorizationCodeTooLong() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var options = new IdentityServerOptions(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var longCode = "x".Repeat(options.InputLengthRestrictions.AuthorizationCode + 1); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, longCode); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant); }
public async Task Different_RedirectUri_Between_Authorize_And_Token_Request() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, IsOpenId = true, RedirectUri = "https://server1/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server2/cb"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.UnauthorizedClient); }
public async Task Client_Trying_To_Request_Token_Using_Another_Clients_Code() { var client1 = await _clients.FindClientByIdAsync("codeclient"); var client2 = await _clients.FindClientByIdAsync("codeclient_restricted"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client1, IsOpenId = true, RedirectUri = "https://server/cb", }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client2); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant); }
private async Task<string> CreateCodeAsync(ValidatedAuthorizeRequest request) { var code = new AuthorizationCode { Client = request.Client, Subject = request.Subject, SessionId = request.SessionId, IsOpenId = request.IsOpenIdRequest, RequestedScopes = request.ValidatedScopes.GrantedScopes, RedirectUri = request.RedirectUri, Nonce = request.Nonce, WasConsentShown = request.WasConsentShown, }; // store id token and access token and return authorization code var id = CryptoRandom.CreateUniqueId(); await _authorizationCodes.StoreAsync(id, code); await RaiseCodeIssuedEventAsync(id, code); return id; }
private async Task RaiseCodeIssuedEventAsync(string id, AuthorizationCode code) { await _events.RaiseAuthorizationCodeIssuedEventAsync(id, code); }
/// <summary> /// Stores the data. /// </summary> /// <param name="key">The key.</param> /// <param name="value">The value.</param> /// <returns></returns> public Task StoreAsync(string key, AuthorizationCode value) { _repository[key] = value; return Task.FromResult<object>(null); }