public void ExpiredRefreshToken()
{
TestTokenHandleManager handleManager =
new TestTokenHandleManager("abc", "codeclient", "https://validredirect", expired: true);
var validator = new TokenRequestValidator(handleManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.RefreshToken,
Refresh_Token = "abc"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidGrant, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void EmptyParameters()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var result = validator.Validate(app, new TokenRequest(), _codeClient);
}
public void NoParameters()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var result = validator.Validate(app, null, null);
}
public void MissingClientId()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.Password,
UserName = "******",
Password = "******",
Scope = "read"
};
try
{
var client = Principal.Create("Test",
new Claim("password", "secret"));
var result = validator.Validate(app, request, client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidClient, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void ValidSingleScope()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.ClientCredentials,
Scope = "read"
};
var result = validator.Validate(app, request, _client);
}
public void ValidRequest()
{
var validator = new TokenRequestValidator(_handleManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.RefreshToken,
Refresh_Token = "abc"
};
var result = validator.Validate(app, request, _client);
}
public void ValidCodeGrant()
{
var validator = new TokenRequestValidator(new TestTokenHandleManager("codeclient", "https://todo"));
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
Code = "abc",
Redirect_Uri = "https://todo"
};
var result = validator.Validate(app, request, _codeClient);
}
public void ValidSingleScope()
{
var validator = new TokenRequestValidator(_handleManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
Code = "abc",
Redirect_Uri = "https://validredirect"
};
var result = validator.Validate(app, request, _client);
}
public void ValidSingleScope()
{
var validator = new TokenRequestValidator(_clientManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = "assertion",
Assertion = "assertion",
Scope = "read"
};
var result = validator.Validate(app, request, _client);
}
public void ValidSingleScope()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.Password,
UserName = "******",
Password = "******",
Scope = "read"
};
var result = validator.Validate(app, request, _client);
}
public HttpResponseMessage Post(string appName, TokenRequest request)
{
Tracing.Start("OAuth2 Token Endpoint");
// make sure application is registered
var application = _config.FindApplication(appName);
if (application == null)
{
Tracing.Error("Application not found: " + appName);
return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Not found"));
}
// validate token request
ValidatedRequest validatedRequest;
try
{
validatedRequest = new TokenRequestValidator(_handleManager).Validate(application, request, ClaimsPrincipal.Current);
}
catch (TokenRequestValidationException ex)
{
Tracing.Error("Aborting OAuth2 token request");
return(Request.CreateOAuthErrorResponse(ex.OAuthError));
}
// switch over the grant type
if (validatedRequest.GrantType.Equals(OAuthConstants.GrantTypes.Password))
{
return(ProcessResourceOwnerCredentialRequest(validatedRequest));
}
else if (validatedRequest.GrantType.Equals(OAuthConstants.GrantTypes.AuthorizationCode))
{
return(ProcessAuthorizationCodeRequest(validatedRequest));
}
else if (string.Equals(validatedRequest.GrantType, OAuthConstants.GrantTypes.RefreshToken))
{
return(ProcessRefreshTokenRequest(validatedRequest));
}
else if (string.Equals(validatedRequest.GrantType, OAuthConstants.GrantTypes.ClientCredentials))
{
return(ProcessClientCredentialsRequest(validatedRequest));
}
Tracing.Error("invalid grant type: " + request.Grant_Type);
return(Request.CreateOAuthErrorResponse(OAuthConstants.Errors.UnsupportedGrantType));
}
public HttpResponseMessage Post(string appName, TokenRequest request)
{
Tracing.Start("OAuth2 Token Endpoint");
// make sure application is registered
var application = _config.FindApplication(appName);
if (application == null)
{
Tracing.Error("Application not found: " + appName);
return Request.CreateErrorResponse(HttpStatusCode.NotFound, "Not found");
}
// validate token request
ValidatedRequest validatedRequest;
try
{
validatedRequest = new TokenRequestValidator(_handleManager).Validate(application, request, ClaimsPrincipal.Current);
}
catch (TokenRequestValidationException ex)
{
Tracing.Error("Aborting OAuth2 token request");
return Request.CreateOAuthErrorResponse(ex.OAuthError);
}
// switch over the grant type
if (validatedRequest.GrantType.Equals(OAuthConstants.GrantTypes.Password))
{
return ProcessResourceOwnerCredentialRequest(validatedRequest);
}
else if (validatedRequest.GrantType.Equals(OAuthConstants.GrantTypes.AuthorizationCode))
{
return ProcessAuthorizationCodeRequest(validatedRequest);
}
else if (string.Equals(validatedRequest.GrantType, OAuthConstants.GrantTypes.RefreshToken))
{
return ProcessRefreshTokenRequest(validatedRequest);
}
else if (string.Equals(validatedRequest.GrantType, OAuthConstants.GrantTypes.ClientCredentials))
{
return ProcessClientCredentialsRequest(validatedRequest);
}
Tracing.Error("invalid grant type: " + request.Grant_Type);
return Request.CreateOAuthErrorResponse(OAuthConstants.Errors.UnsupportedGrantType);
}
public void MissingScope()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.ClientCredentials,
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingCode()
{
var validator = new TokenRequestValidator(_handleManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.RefreshToken,
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidGrant, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnknownScope()
{
var validator = new TokenRequestValidator(_clientManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = "assertion",
Assertion = "assertion",
Scope = "unknown"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingScope()
{
var validator = new TokenRequestValidator(_clientManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.Password,
UserName = "******",
Password = "******",
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void NonMatchingRedirectUri()
{
var validator = new TokenRequestValidator(_handleManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
Code = "abc",
Redirect_Uri = "https://invalidredirect"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidRequest, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnknownGrantType()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = "unknown"
};
try
{
var result = validator.Validate(app, request, null);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.UnsupportedGrantType, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void NoParameters()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
try
{
var result = validator.Validate(app, null, null);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidRequest, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedCodeGrant()
{
var validator = new TokenRequestValidator(new TestTokenHandleManager(null, null));
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
Code = "abc"
};
var result = validator.Validate(app, request, _resourceOwnerClient);
}
public void AnonymousCodeGrant()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
Code = "abc",
Redirect_Uri = "https://validredirect"
};
try
{
var result = validator.Validate(app, request, Principal.Anonymous);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidClient, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedScopeMultiple()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.Password,
UserName = "******",
Password = "******",
Scope = "read delete"
};
var result = validator.Validate(app, request, _resourceOwnerClient);
}
public void UnauthorizedClientCredentialGrant()
{
var validator = new TokenRequestValidator(_handleManager, _clientManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.ClientCredentials,
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.UnauthorizedClient, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void DisabledClient()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.ClientCredentials
};
try
{
var client = Principal.Create("Test",
new Claim("client_id", "disabledclient"),
new Claim("secret", "secret"));
var result = validator.Validate(app, request, client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidClient, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedScopeSingle()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.Password,
UserName = "******",
Password = "******",
Scope = "delete"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void InvalidCodeToClientBinding()
{
var handleManager =
new TestTokenHandleManager("abc", "someotherclient", "https://validredirect");
var validator = new TokenRequestValidator(handleManager, _clientManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
Code = "abc",
Redirect_Uri = "https://validredirect"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidGrant, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void AnonymousCodeGrant()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
Code = "abc"
};
var result = validator.Validate(app, request, Principal.Anonymous);
}
public void UnauthorizedCodeGrant()
{
TestTokenHandleManager handleManager =
new TestTokenHandleManager("abc", "codeclient", "https://validredirect");
var validator = new TokenRequestValidator(handleManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.UnauthorizedClient, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingResourceOwnerPassword()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.Password,
UserName = "******",
Scope = "read"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidGrant, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingAssertionValue()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = "assertion",
Scope = "read"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.UnsupportedGrantType, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnknownGrantType()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = "unknown"
};
var result = validator.Validate(app, request, _resourceOwnerClient);
}
