public void OldAccessTokenTokenShouldNotPingSuccessfully()
{
// Authenticate and get an access token
var proxy1 = new AuthorisationProxy();
var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType = AuthorisationScopeType.Full } }.ToTextValues();
var response = proxy1.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword, scope);
Assert.IsTrue(response.IsSuccessfull);
Assert.IsNotNull(response.DataObject);
Assert.IsTrue(response.DataObject.IsSuccessfull);
var originalAccessToken = response.DataObject.AccessGrant.access_token;
// Refresh the access token so the old one becomes invalid
response = proxy1.RefreshAccessToken(response.DataObject.AccessGrant.refresh_token, scope);
Assert.IsTrue(response.IsSuccessfull);
Assert.IsNotNull(response.DataObject);
Assert.IsTrue(response.DataObject.IsSuccessfull);
// Now try and authenicate and access a resource with the invalidated original access token which should fail.
var proxy2 = new AuthorisationProxy(originalAccessToken);
var pingResult = proxy2.AuthorisationPing();
Assert.IsNotNull(pingResult);
Assert.IsFalse(pingResult.IsSuccessfull);
//Assert.AreEqual<HttpStatusCode>(HttpStatusCode.Unauthorized, pingResult.StatusCode);
Assert.AreEqual(HttpStatusCode.Unauthorized, pingResult.StatusCode);
}
public void ShouldBeAbleToRefreshValidAccessToken()
{
var proxy = new AuthorisationProxy();
var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType = AuthorisationScopeType.Full } }.ToTextValues();
var response = proxy.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword,scope);
Assert.IsTrue(response.IsSuccessfull);
Assert.IsTrue(response.DataObject.IsSuccessfull);
proxy.BearerToken = response.DataObject.AccessGrant.access_token;
var pingResult = proxy.AuthorisationPing();
Assert.IsNotNull(pingResult);
Assert.IsTrue(pingResult.IsSuccessfull);
// Now ask for a refresh token
var proxy2 = new AuthorisationProxy();
var refreshResponse = proxy2.RefreshAccessToken(response.DataObject.AccessGrant.refresh_token, scope);
Assert.IsNotNull(refreshResponse);
Assert.IsTrue(refreshResponse.IsSuccessfull);
//Assert.AreNotEqual<string>(response.DataObject.AccessGrant.access_token, refreshResponse.DataObject.AccessGrant.access_token);
//Assert.AreEqual<string>(response.DataObject.AccessGrant.refresh_token, refreshResponse.DataObject.AccessGrant.refresh_token);
Assert.AreNotEqual(response.DataObject.AccessGrant.access_token, refreshResponse.DataObject.AccessGrant.access_token);
Assert.AreEqual(response.DataObject.AccessGrant.refresh_token, refreshResponse.DataObject.AccessGrant.refresh_token);
// Now check the access token after refresh works
var proxy3 = new AuthorisationProxy(refreshResponse.DataObject.AccessGrant.access_token);
var pingResult2 = proxy3.AuthorisationPing();
Assert.IsNotNull(pingResult2);
Assert.IsTrue(pingResult2.IsSuccessfull);
// And finally ensure the previous access token (before refresh is invalid)
var proxy4 = new AuthorisationProxy(response.DataObject.AccessGrant.access_token);
var pingResult3 = proxy4.AuthorisationPing();
Assert.IsNotNull(pingResult3);
Assert.IsFalse(pingResult3.IsSuccessfull);
//Assert.AreEqual<HttpStatusCode>(HttpStatusCode.Unauthorized, pingResult3.StatusCode);
Assert.AreEqual(HttpStatusCode.Unauthorized, pingResult3.StatusCode);
}
