Exemplo n.º 1
0
        public async Task FailsToCreateAuthorizationRequest_IfScopesResolver_DeterminesThereAreInvalidScopes()
        {
            // Arrange
            var parameters =
                new Dictionary <string, string[]>
            {
                [OpenIdConnectParameterNames.State]        = new[] { "state" },
                [OpenIdConnectParameterNames.ClientId]     = new[] { "a" },
                [OpenIdConnectParameterNames.RedirectUri]  = new[] { "http://www.example.com/callback" },
                [OpenIdConnectParameterNames.ResponseType] = new[] { "code" },
                [OpenIdConnectParameterNames.ResponseMode] = new[] { "form_post" },
                [OpenIdConnectParameterNames.Scope]        = new[] { "openid invalid" },
            };

            var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.InvalidScope("openid"), null, null);

            expectedError.Message.State = "state";

            var factory = CreateAuthorizationRequestFactory(validClientId: true, validRedirectUri: true, validScopes: false);

            // Act
            var result = await factory.CreateAuthorizationRequestAsync(parameters);

            // Assert
            Assert.False(result.IsValid);
            Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance);
            Assert.Equal("http://www.example.com/callback", result.Error.RedirectUri);
            Assert.Equal(OpenIdConnectResponseMode.FormPost, result.Error.ResponseMode);
        }
Exemplo n.º 2
0
        public async Task <ScopeResolutionResult> ResolveScopesAsync(string clientId, IEnumerable <string> scopes)
        {
            var authorizedParty = await _applicationManager.FindByClientIdAsync(clientId);

            var authorizedPartyScopes = await _applicationManager.FindScopesAsync(authorizedParty);

            var result = new List <ApplicationScope>();

            string               resourceName              = null;
            TApplication         resourceApplication       = null;
            IEnumerable <string> resourceApplicationScopes = null;

            foreach (var scope in scopes)
            {
                var(wellFormed, canonical, name, scopeValue) = ParseScope(scope);
                if (!wellFormed)
                {
                    return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope)));
                }

                if (canonical && authorizedPartyScopes.Any(s => s.Equals(scope, StringComparison.Ordinal)))
                {
                    result.Add(ApplicationScope.CanonicalScopes[scope]);
                }
                if (canonical)
                {
                    // We purposely ignore canonical scopes not allowed by the client application.
                    continue;
                }

                resourceName = resourceName ?? name;
                if (resourceName != null && !resourceName.Equals(name, StringComparison.Ordinal))
                {
                    return(ScopeResolutionResult.Invalid(_errorProvider.MultipleResourcesNotSupported(resourceName, name)));
                }

                if (resourceApplicationScopes == null)
                {
                    resourceApplication = await _applicationManager.FindByNameAsync(resourceName);

                    if (resourceApplication == null)
                    {
                        return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope)));
                    }

                    resourceApplicationScopes = await _applicationManager.FindScopesAsync(resourceApplication);
                }

                if (!resourceApplicationScopes.Contains(scopeValue, StringComparer.Ordinal))
                {
                    return(ScopeResolutionResult.Invalid(_errorProvider.InvalidScope(scope)));
                }
                else
                {
                    var resourceClientId = await _applicationManager.GetApplicationClientIdAsync(resourceApplication);

                    result.Add(new ApplicationScope(resourceClientId, scopeValue));
                }
            }

            return(ScopeResolutionResult.Valid(result));
        }