public void PostConfigure_AddIdentityResourcesScopesToClients() { // Arrange var configureClientScopes = new ConfigureClientScopes(new TestLogger <ConfigureClientScopes>()); var options = new ApiAuthorizationOptions(); options.Clients.AddRange( ClientBuilder .IdentityServerSPA("TestSPA") .FromConfiguration() .Build(), ClientBuilder .NativeApp("NativeApp") .FromConfiguration() .Build()); options.ApiResources.AddRange( ApiResourceBuilder.ApiResource("ResourceAPI") .FromConfiguration() .AllowAllClients() .Build()); // Act configureClientScopes.PostConfigure(Options.DefaultName, options); // Assert var spaClient = Assert.Single(options.Clients, c => c.ClientId == "TestSPA"); Assert.Equal(new[] { "openid", "profile", "ResourceAPI" }.OrderBy(id => id).ToArray(), spaClient.AllowedScopes.OrderBy(id => id).ToArray()); var nativeApp = Assert.Single(options.Clients, c => c.ClientId == "NativeApp"); Assert.Equal(new[] { "offline_access", "openid", "profile", "ResourceAPI" }.OrderBy(id => id).ToArray(), nativeApp.AllowedScopes.OrderBy(id => id).ToArray()); }
public void Configure_AddsClientsToExistingClientsList() { // Arrange var config = new ConfigurationBuilder().AddInMemoryCollection(new Dictionary <string, string> { ["MyClient:Profile"] = "IdentityServerSPA" }).Build(); var resources = Array.Empty <ApiResource>(); var expectedScopes = new[] { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile }; var clientLoader = new ConfigureClients(config, new TestLogger <ConfigureClients>()); var options = new ApiAuthorizationOptions(); // Act clientLoader.Configure(options); // Assert var client = Assert.Single(options.Clients); Assert.Equal("MyClient", client.ClientId); Assert.Equal("MyClient", client.ClientName); Assert.True(client.AllowAccessTokensViaBrowser); Assert.Equal(new[] { "/authentication/login-callback" }, client.RedirectUris.ToArray()); Assert.Equal(new[] { "/authentication/logout-callback" }, client.PostLogoutRedirectUris.ToArray()); Assert.Empty(client.AllowedCorsOrigins); Assert.False(client.RequireConsent); Assert.Empty(client.ClientSecrets); Assert.Equal(GrantTypes.Code.ToArray(), client.AllowedGrantTypes.ToArray()); }
public void PostConfigure_AddResourcesScopesToClients() { // Arrange var configureClientScopes = new ConfigureClientScopes(new TestLogger <ConfigureClientScopes>()); var options = new ApiAuthorizationOptions(); options.Clients.AddRange( ClientBuilder .IdentityServerSPA("TestSPA") .FromConfiguration() .Build(), ClientBuilder .NativeApp("NativeApp") .FromConfiguration() .Build()); options.ApiResources.AddRange( ApiResourceBuilder.ApiResource("ResourceApi") .FromConfiguration() .AllowAllClients() .Build()); // Act configureClientScopes.PostConfigure(Options.DefaultName, options); // Assert foreach (var client in options.Clients) { Assert.Contains("ResourceApi", client.AllowedScopes); } }
public void Configure_NoOpsWhenConfigurationIsEmpty() { var expectedKeyPath = Path.Combine(Directory.GetCurrentDirectory(), "./testkey.json"); try { // Arrange var configuration = new ConfigurationBuilder() .AddInMemoryCollection(new Dictionary <string, string>() { }).Build(); var configureSigningCredentials = new ConfigureSigningCredentials( configuration, new TestLogger <ConfigureSigningCredentials>()); var options = new ApiAuthorizationOptions(); // Act configureSigningCredentials.Configure(options); // Assert Assert.NotNull(options); Assert.False(File.Exists(expectedKeyPath)); Assert.Null(options.SigningCredential); } finally { if (File.Exists(expectedKeyPath)) { File.Delete(expectedKeyPath); } } }
public void Configure_LoadsPfxCertificateCredentialFromConfiguration() { // Arrange var configuration = new ConfigurationBuilder() .AddInMemoryCollection(new Dictionary <string, string>() { ["Type"] = "File", ["FilePath"] = "test.pfx", ["Password"] = "******" }).Build(); var configureSigningCredentials = new ConfigureSigningCredentials( configuration, new TestLogger <ConfigureSigningCredentials>()); var options = new ApiAuthorizationOptions(); // Act configureSigningCredentials.Configure(options); // Assert Assert.NotNull(options); Assert.NotNull(options.SigningCredential); var key = Assert.IsType <X509SecurityKey>(options.SigningCredential.Key); Assert.NotNull(key.Certificate); Assert.Equal("AC8FDF4BD4C10841BD24DC88D983225D10B43BB2", key.Certificate.Thumbprint); }
public void Configure_AddsResourcesToExistingResourceList() { // Arrange var configuration = new ConfigurationBuilder().AddInMemoryCollection(new Dictionary <string, string> { ["MyAPI:Profile"] = "API" }).Build(); var localApiDescriptor = new TestLocalApiDescriptor(); var configurationLoader = new ConfigureApiResources( configuration, localApiDescriptor, new TestLogger <ConfigureApiResources>()); var options = new ApiAuthorizationOptions(); // Act configurationLoader.Configure(options); // Assert var resource = Assert.Single(options.ApiResources); var scope = Assert.Single(resource.Scopes); Assert.Equal("MyAPI", resource.Name); Assert.Equal("MyAPI", scope); }
public static void AddRoleAndPermissionClaim(this ApiAuthorizationOptions options) { options.IdentityResources["openid"].UserClaims.Add("role"); options.ApiResources.Single().UserClaims.Add("role"); options.IdentityResources["openid"].UserClaims.Add("permission"); options.ApiResources.Single().UserClaims.Add("permission"); }
public void Configure(string name, ApiAuthorizationOptions options) { // The default Orchard API authentication handler uses "Bearer" as the forwarded // authentication scheme, that corresponds to the default value used by the JWT // bearer handler from Microsoft. Yet, the OpenIddict validation handler uses // a different authentication scheme, so the API scheme must be manually replaced. options.ApiAuthenticationScheme = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme; }
public void Configure_AddsDevelopmentKeyFromConfiguration() { var expectedKeyPath = Path.Combine(Directory.GetCurrentDirectory(), "./testkey.json"); try { // Arrange var configuration = new ConfigurationBuilder() .AddInMemoryCollection(new Dictionary <string, string>() { ["Type"] = "Development", ["FilePath"] = "testkey.json" }).Build(); var configureSigningCredentials = new ConfigureSigningCredentials( configuration, new TestLogger <ConfigureSigningCredentials>()); var options = new ApiAuthorizationOptions(); // Act configureSigningCredentials.Configure(options); // Assert Assert.NotNull(options); Assert.True(File.Exists(expectedKeyPath)); Assert.NotNull(options.SigningCredential); Assert.Equal("Development", options.SigningCredential.Kid); Assert.IsType <RsaSecurityKey>(options.SigningCredential.Key); } finally { if (File.Exists(expectedKeyPath)) { File.Delete(expectedKeyPath); } } }
public void Configure_LoadsCertificateStoreCertificateCredentialFromConfiguration() { try { // Arrange var x509Certificate = new X509Certificate2("test.pfx", "aspnetcore", DefaultFlags); SetupTestCertificate(x509Certificate); var configuration = new ConfigurationBuilder() .AddInMemoryCollection(new Dictionary <string, string>() { ["Type"] = "Store", ["StoreLocation"] = "CurrentUser", ["StoreName"] = "My", ["Name"] = "CN=Test" }).Build(); var configureSigningCredentials = new ConfigureSigningCredentials( configuration, new TestLogger <ConfigureSigningCredentials>()); var options = new ApiAuthorizationOptions(); // Act configureSigningCredentials.Configure(options); // Assert Assert.NotNull(options); Assert.NotNull(options.SigningCredential); var key = Assert.IsType <X509SecurityKey>(options.SigningCredential.Key); Assert.NotNull(key.Certificate); Assert.Equal("AC8FDF4BD4C10841BD24DC88D983225D10B43BB2", key.Certificate.Thumbprint); } finally { CleanupTestCertificate(); } }
public void Configure(ApiAuthorizationOptions options) => Debug.Fail("This infrastructure method shouldn't be called.");
public ApiResourcesClaimsService(ApiAuthorizationOptions options) { this.options = options; }
private static void ConfigureApiAuthorization(ApiAuthorizationOptions options, IConfiguration configuration) { ConfigureClients(options.Clients, configuration); ConfigureApiResources(options.ApiResources); }
public SwaggerGenOptionsConfigure(IOptions<OAuth2Options> oauth2Options, IOptions<ApiAuthorizationOptions> apiAuthorizationOptions) { this.oauth2Options = oauth2Options.Value; this.apiAuthorizationOptions = apiAuthorizationOptions.Value; }