public async Task Sending_authorization_header_should_succeed()
{
_options.ClientSecret = "secret";
_options.TokenClientCredentialStyle = Client.ClientCredentialStyle.AuthorizationHeader;
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var url = $"?state={state.State}&nonce={state.Nonce}&code=bar";
var idToken = Crypto.CreateJwt(null, "https://authority", "client",
new Claim("at_hash", Crypto.HashData("token")),
new Claim("sub", "123"),
new Claim("nonce", state.Nonce));
var tokenResponse = new Dictionary <string, object>
{
{ "access_token", "token" },
{ "expires_in", 300 },
{ "id_token", idToken },
{ "refresh_token", "refresh_token" }
};
var backChannelHandler = new NetworkHandler(JsonSerializer.Serialize(tokenResponse), HttpStatusCode.OK);
_options.BackchannelHandler = backChannelHandler;
var result = await client.ProcessResponseAsync(url, state);
var request = backChannelHandler.Request;
request.Headers.Authorization.Should().NotBeNull();
request.Headers.Authorization.Scheme.Should().Be("Basic");
request.Headers.Authorization.Parameter.Should()
.Be(BasicAuthenticationOAuthHeaderValue.EncodeCredential("client", "secret"));
}
public void oauth_values_should_decode_correctly(string id, string secret)
{
var header = new BasicAuthenticationOAuthHeaderValue(id, secret);
DecodeOAuthHeader(header.Parameter, out var decodedId, out var decodedSecret);
decodedId.Should().Be(id);
decodedSecret.Should().Be(secret);
}
public async Task Setting_basic_authentication_style_should_send_basic_authentication_header()
{
var response = await _client.RequestTokenAsync(new TokenRequest
{
GrantType = "test",
ClientId = "client",
ClientSecret = "secret",
ClientCredentialStyle = ClientCredentialStyle.AuthorizationHeader
});
var request = _handler.Request;
request.Headers.Authorization.Should().NotBeNull();
request.Headers.Authorization.Scheme.Should().Be("Basic");
request.Headers.Authorization.Parameter.Should().Be(BasicAuthenticationOAuthHeaderValue.EncodeCredential("client", "secret"));
}
public async void Valid_BasicAuthentication_Request_in_various_Formats_IdentityModel(string userName, string password)
{
Encoding encoding = Encoding.UTF8;
var context = new DefaultHttpContext();
var credential = BasicAuthenticationOAuthHeaderValue.EncodeCredential(userName, password);
var headerValue = $"Basic {credential}";
context.Request.Headers.Add("Authorization", new StringValues(headerValue));
var secret = await _parser.ParseAsync(context);
secret.Type.Should().Be(IdentityServerConstants.ParsedSecretTypes.SharedSecret);
secret.Id.Should().Be(userName);
secret.Credential.Should().Be(password);
}
public async Task Setting_client_id_only_and_header_should_put_client_id_in_header()
{
var response = await _client.RequestTokenAsync(new TokenRequest
{
GrantType = "test",
ClientId = "client",
ClientCredentialStyle = ClientCredentialStyle.AuthorizationHeader
});
var request = _handler.Request;
request.Headers.Authorization.Should().NotBeNull();
request.Headers.Authorization.Scheme.Should().Be("Basic");
request.Headers.Authorization.Parameter.Should().Be(BasicAuthenticationOAuthHeaderValue.EncodeCredential("client", ""));
var fields = QueryHelpers.ParseQuery(_handler.Body);
fields.TryGetValue("client_secret", out _).Should().BeFalse();
fields.TryGetValue("client_id", out _).Should().BeFalse();
}
public async Task Setting_basic_authentication_style_should_send_basic_authentication_header()
{
var document = File.ReadAllText(FileName.Create("success_device_authorization_response.json"));
var handler = new NetworkHandler(document, HttpStatusCode.OK);
var client = new HttpClient(handler);
var response = await client.RequestDeviceAuthorizationAsync(new DeviceAuthorizationRequest
{
Address = Endpoint,
ClientId = "client",
ClientSecret = "secret",
ClientCredentialStyle = ClientCredentialStyle.AuthorizationHeader
});
var request = handler.Request;
request.Headers.Authorization.Should().NotBeNull();
request.Headers.Authorization.Scheme.Should().Be("Basic");
request.Headers.Authorization.Parameter.Should().Be(BasicAuthenticationOAuthHeaderValue.EncodeCredential("client", "secret"));
}
