예제 #1
0
 public ServerStartup(SharedContext context, string connectionString, ITestOutputHelper outputHelper)
 {
     _martenOptions = new SimpleAuthOptions
     {
         AdministratorRoleDefinition = default,
예제 #2
0
        public static IEnumerable <Client> Clients(SharedContext sharedCtx)
        {
            return(new[]
            {
                new Client
                {
                    RequirePkce = false,
                    ClientId = "device",
                    ClientName = "device",
                    Secrets = new[] { new ClientSecret {
                                          Type = ClientSecretTypes.SharedSecret, Value = "client"
                                      } },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,

                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "openid", "role", "profile", "address", "offline" },
                    GrantTypes = new[] { GrantTypes.RefreshToken, GrantTypes.Device, GrantTypes.Password },
                    ResponseTypes = new[] { ResponseTypeNames.Code, ResponseTypeNames.Token, ResponseTypeNames.IdToken },
                    JsonWebKeys =
                        TestKeys.SecretKey.CreateJwk(JsonWebKeyUseNames.Sig, KeyOperations.Sign, KeyOperations.Verify)
                        .ToSet(),
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new[] { new Uri("https://localhost:4200/callback") },
                    UserClaimsToIncludeInAuthToken = Array.Empty <Regex>()
                },
                new Client
                {
                    ClientId = "client",
                    ClientName = "client",
                    Secrets = new[] { new ClientSecret {
                                          Type = ClientSecretTypes.SharedSecret, Value = "client"
                                      } },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "openid", "role", "profile", "address", "offline" },
                    GrantTypes = new[] { GrantTypes.RefreshToken, GrantTypes.Password },
                    ResponseTypes = new[] { ResponseTypeNames.Code, ResponseTypeNames.Token, ResponseTypeNames.IdToken },
                    JsonWebKeys =
                        TestKeys.SecretKey.CreateJwk(JsonWebKeyUseNames.Sig, KeyOperations.Sign, KeyOperations.Verify)
                        .ToSet(),
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("https://localhost:4200/callback") }
                },
                new Client
                {
                    ClientId = "client_userinfo_sig_rs256",
                    ClientName = "client_userinfo_sig_rs256",
                    Secrets = new[]
                    {
                        new ClientSecret
                        {
                            Type = ClientSecretTypes.SharedSecret, Value = "client_userinfo_sig_rs256"
                        }
                    },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "openid", "role", "profile" },
                    GrantTypes = new[] { GrantTypes.RefreshToken, GrantTypes.Password },
                    ResponseTypes = new[] { ResponseTypeNames.Code, ResponseTypeNames.Token, ResponseTypeNames.IdToken },
                    JsonWebKeys = TestKeys.SecretKey.CreateSignatureJwk().ToSet(),
                    IdTokenSignedResponseAlg = SecurityAlgorithms.RsaSha256,
                    UserInfoSignedResponseAlg = SecurityAlgorithms.RsaSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("https://localhost:4200/callback") }
                },
                new Client
                {
                    ClientId = "client_userinfo_enc_rsa15",
                    ClientName = "client_userinfo_enc_rsa15",
                    Secrets = new[]
                    {
                        new ClientSecret
                        {
                            Type = ClientSecretTypes.SharedSecret, Value = "client_userinfo_enc_rsa15"
                        }
                    },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "openid", "role", "profile" },
                    GrantTypes = new[] { GrantTypes.RefreshToken, GrantTypes.Password },
                    ResponseTypes = new[] { ResponseTypeNames.Code, ResponseTypeNames.Token, ResponseTypeNames.IdToken },
                    JsonWebKeys =
                        new JsonWebKeySet().AddKey(TestKeys.SecretKey.CreateSignatureJwk())
                        .AddKey(TestKeys.SecretKey.CreateEncryptionJwk()),
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    UserInfoSignedResponseAlg = SecurityAlgorithms.RsaSha256,
                    UserInfoEncryptedResponseAlg = SecurityAlgorithms.EcdsaSha256,
                    UserInfoEncryptedResponseEnc = SecurityAlgorithms.Aes128CbcHmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("https://localhost:4200/callback") }
                },
                new Client
                {
                    ClientId = "clientWithWrongResponseType",
                    ClientName = "clientWithWrongResponseType",
                    Secrets = new[]
                    {
                        new ClientSecret
                        {
                            Type = ClientSecretTypes.SharedSecret, Value = "clientWithWrongResponseType"
                        }
                    },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "openid", "role", "profile" },
                    GrantTypes = new[] { GrantTypes.RefreshToken, GrantTypes.ClientCredentials },
                    ResponseTypes = new[] { ResponseTypeNames.IdToken },
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("https://localhost:4200/callback") }
                },
                new Client
                {
                    ClientId = "clientCredentials",
                    ClientName = "clientCredentials",
                    Secrets = new[]
                    {
                        new ClientSecret {
                            Type = ClientSecretTypes.SharedSecret, Value = "clientCredentials"
                        }
                    },
                    Claims = new[] { new Claim("test", "test"), new Claim("sub", "ClientCredentials"), },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "api1", "uma_protection", "offline" },
                    GrantTypes = new[] { GrantTypes.RefreshToken, GrantTypes.ClientCredentials },
                    ResponseTypes = new[] { ResponseTypeNames.Token },
                    JsonWebKeys =
                        TestKeys.SecretKey.CreateJwk(JsonWebKeyUseNames.Sig, KeyOperations.Sign, KeyOperations.Verify)
                        .ToSet(),
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("https://localhost:4200/callback") }
                },
                new Client
                {
                    ClientId = "basic_client",
                    ClientName = "basic_client",
                    Secrets = new[] { new ClientSecret {
                                          Type = ClientSecretTypes.SharedSecret, Value = "basic_client"
                                      } },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretBasic,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "api1" },
                    GrantTypes = new[] { GrantTypes.ClientCredentials },
                    ResponseTypes = new[] { ResponseTypeNames.Token },
                    JsonWebKeys = new JsonWebKeySet().AddKey(TestKeys.SecretKey.CreateSignatureJwk()),
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("https://localhost:4200/callback") }
                },
                new Client
                {
                    ClientId = "post_client",
                    ClientName = "post_client",
                    Secrets = new[] { new ClientSecret {
                                          Type = ClientSecretTypes.SharedSecret, Value = "post_client"
                                      } },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "api1", "uma_protection" },
                    GrantTypes = new[] { GrantTypes.ClientCredentials },
                    ResponseTypes = new[] { ResponseTypeNames.Token },
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("https://localhost:4200/callback") }
                },
                new Client
                {
                    ClientId = "jwt_client",
                    ClientName = "jwt_client",
                    Secrets = new[] { new ClientSecret {
                                          Type = ClientSecretTypes.SharedSecret, Value = "jwt_client"
                                      } },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretJwt,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "api1" },
                    GrantTypes = new[] { GrantTypes.ClientCredentials },
                    ResponseTypes = new[] { ResponseTypeNames.Token },
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("https://localhost:4200/callback") },
                    JsonWebKeys = new[] { sharedCtx.ModelSignatureKey, sharedCtx.ModelEncryptionKey }.ToJwks()
                },
                new Client
                {
                    ClientId = "private_key_client",
                    ClientName = "private_key_client",
                    Secrets = new[]
                    {
                        new ClientSecret {
                            Type = ClientSecretTypes.SharedSecret, Value = "private_key_client"
                        }
                    },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.PrivateKeyJwt,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "api1" },
                    GrantTypes = new[] { GrantTypes.ClientCredentials },
                    ResponseTypes = new[] { ResponseTypeNames.Token },
                    JsonWebKeys = new JsonWebKeySet().AddKey(TestKeys.SecretKey.CreateSignatureJwk()),
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256, //SecurityAlgorithms.RsaSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("https://localhost:4200/callback") },
                    //JwksUri = new Uri("http://localhost:5000/jwks_client")
                },
                new Client
                {
                    ClientId = "authcode_client",
                    ClientName = "authcode_client",
                    Secrets = new[]
                    {
                        new ClientSecret {
                            Type = ClientSecretTypes.SharedSecret, Value = "authcode_client"
                        }
                    },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "api1", "openid" },
                    GrantTypes = new[] { GrantTypes.AuthorizationCode },
                    ResponseTypes = new[] { ResponseTypeNames.Code, ResponseTypeNames.Token, ResponseTypeNames.IdToken },
                    JsonWebKeys =
                        TestKeys.SecretKey.CreateSignatureJwk()
                        .ToSet()
                        .AddKey(TestKeys.SuperSecretKey.CreateEncryptionJwk()),
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256, //SecurityAlgorithms.RsaSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("http://localhost:5000/callback") }
                },
                new Client
                {
                    ClientId = "incomplete_authcode_client",
                    ClientName = "incomplete_authcode_client",
                    Secrets = new[]
                    {
                        new ClientSecret
                        {
                            Type = ClientSecretTypes.SharedSecret, Value = "incomplete_authcode_client"
                        }
                    },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "api1", "openid" },
                    GrantTypes = new[] { GrantTypes.AuthorizationCode },
                    ResponseTypes = new[] { ResponseTypeNames.IdToken },
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("http://localhost:5000/callback") }
                },
                new Client
                {
                    ClientId = "implicit_client",
                    ClientName = "implicit_client",
                    Secrets = new[]
                    {
                        new ClientSecret {
                            Type = ClientSecretTypes.SharedSecret, Value = "implicit_client"
                        }
                    },
                    JsonWebKeys = new JsonWebKeySet().AddKey(TestKeys.SecretKey.CreateSignatureJwk()),
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "api1", "openid" },
                    GrantTypes = new[] { GrantTypes.Implicit },
                    ResponseTypes = new[] { ResponseTypeNames.Token, ResponseTypeNames.IdToken },
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("http://localhost:5000/callback") }
                },
                new Client
                {
                    ClientId = "pkce_client",
                    ClientName = "pkce_client",
                    Secrets = new[] { new ClientSecret {
                                          Type = ClientSecretTypes.SharedSecret, Value = "pkce_client"
                                      } },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "api1", "openid" },
                    GrantTypes = new[] { GrantTypes.AuthorizationCode },
                    ResponseTypes = new[] { ResponseTypeNames.Code, ResponseTypeNames.Token, ResponseTypeNames.IdToken },
                    JsonWebKeys = TestKeys.SecretKey.CreateSignatureJwk().ToSet(),
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("http://localhost:5000/callback") },
                    RequirePkce = true
                },
                new Client
                {
                    ClientId = "hybrid_client",
                    ClientName = "hybrid_client",
                    Secrets = new[] { new ClientSecret {
                                          Type = ClientSecretTypes.SharedSecret, Value = "hybrid_client"
                                      } },
                    JsonWebKeys = new JsonWebKeySet().AddKey(TestKeys.SecretKey.CreateSignatureJwk()),
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    PolicyUri = new Uri("http://openid.net"),
                    TosUri = new Uri("http://openid.net"),
                    AllowedScopes = new[] { "api1", "openid" },
                    GrantTypes = new[] { GrantTypes.AuthorizationCode, GrantTypes.Implicit },
                    ResponseTypes = new[] { ResponseTypeNames.Code, ResponseTypeNames.Token, ResponseTypeNames.IdToken },
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256,
                    ApplicationType = ApplicationTypes.Web,
                    RedirectionUrls = new [] { new Uri("http://localhost:5000/callback") },
                },
                // Certificate test client.
                new Client
                {
                    ClientId = "certificate_client",
                    ClientName = "Certificate test client",
                    Secrets =
                        new[]
                    {
                        new ClientSecret
                        {
                            Type = ClientSecretTypes.X509Thumbprint,
                            Value = "0772F57C594FA1EFD619AF8D84A48F4C1741C715"
                        },
                        new ClientSecret
                        {
                            Type = ClientSecretTypes.X509Name, Value = "O=reimers.dk, L=Zurich, S=ZH, C=CH"
                        }
                    },
                    JsonWebKeys =
                        new JsonWebKeySet()
                        .AddKey(
                            new X509Certificate2("mycert.pfx", "simpleauth", X509KeyStorageFlags.Exportable)
                            .CreateJwk(JsonWebKeyUseNames.Sig, KeyOperations.Sign, KeyOperations.Verify))
                        .AddKey(
                            new X509Certificate2("mycert.pfx", "simpleauth", X509KeyStorageFlags.Exportable)
                            .CreateJwk(JsonWebKeyUseNames.Enc, KeyOperations.Encrypt, KeyOperations.Decrypt)),
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.TlsClientAuth,
                    //LogoUri = null,
                    AllowedScopes = new[] { "openid" },
                    GrantTypes = new[] { GrantTypes.Password },
                    ResponseTypes = new[] { ResponseTypeNames.Token, ResponseTypeNames.IdToken },
                    IdTokenSignedResponseAlg = SecurityAlgorithms.RsaV15KeyWrap, //SecurityAlgorithms.RsaSha256,
                    ApplicationType = ApplicationTypes.Native
                },
                // Client credentials + stateless access token.
                new Client
                {
                    ClientId = "stateless_client",
                    ClientName = "Stateless client",
                    Secrets = new[]
                    {
                        new ClientSecret {
                            Type = ClientSecretTypes.SharedSecret, Value = "stateless_client"
                        }
                    },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    AllowedScopes = new[] { "openid", "register_client", "manage_account_filtering" },
                    GrantTypes = new[] { GrantTypes.ClientCredentials },
                    JsonWebKeys =
                        new JsonWebKeySet().AddKey(
                            TestKeys.SecretKey.CreateJwk(
                                JsonWebKeyUseNames.Sig,
                                KeyOperations.Sign,
                                KeyOperations.Verify)),
                    ResponseTypes = new[] { ResponseTypeNames.Token },
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256, // SecurityAlgorithms.RsaSha256,
                    ApplicationType = ApplicationTypes.Native
                },
                new Client
                {
                    ClientId = "manager_client",
                    ClientName = "Manager client",
                    Secrets =
                        new[] { new ClientSecret {
                                    Type = ClientSecretTypes.SharedSecret, Value = "manager_client"
                                } },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    AllowedScopes = new[] { "manager" },
                    GrantTypes = new[] { GrantTypes.ClientCredentials },
                    JsonWebKeys =
                        new JsonWebKeySet().AddKey(
                            TestKeys.SecretKey.CreateJwk(
                                JsonWebKeyUseNames.Sig,
                                KeyOperations.Sign,
                                KeyOperations.Verify)),
                    ResponseTypes = new[] { ResponseTypeNames.Token },
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256, // SecurityAlgorithms.RsaSha256,
                    ApplicationType = ApplicationTypes.Native
                },
                new Client
                {
                    ClientId = "admin_client",
                    ClientName = "Admin client",
                    Secrets =
                        new[] { new ClientSecret {
                                    Type = ClientSecretTypes.SharedSecret, Value = "admin_client"
                                } },
                    TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.ClientSecretPost,
                    //LogoUri = null,
                    AllowedScopes = new[] { "admin" },
                    GrantTypes = new[] { GrantTypes.ClientCredentials },
                    JsonWebKeys =
                        new JsonWebKeySet().AddKey(
                            TestKeys.SecretKey.CreateJwk(
                                JsonWebKeyUseNames.Sig,
                                KeyOperations.Sign,
                                KeyOperations.Verify)),
                    ResponseTypes = new[] { ResponseTypeNames.Token },
                    IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256, // SecurityAlgorithms.RsaSha256,
                    ApplicationType = ApplicationTypes.Native
                }
            });
        }