public async Task WhenResourceSetDoesNotExistThenReturnsNotAuthorized()
{
var handler = new JwtSecurityTokenHandler();
var jsonWebKey = await _inMemoryJwksRepository.GetDefaultSigningKey().ConfigureAwait(false);
var token = handler.CreateEncodedJwt(
"test",
"test",
new ClaimsIdentity(),
null,
null,
null,
jsonWebKey);
var ticket = new Ticket {
Lines = new[] { new TicketLine {
ResourceSetId = "resource_set_id"
} }
};
_resourceSetRepositoryStub
.Setup(r => r.Get(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <CancellationToken>()))
.Returns(() => Task.FromResult((ResourceSet)null));
var result = await _authorizationPolicyValidator.IsAuthorized(
ticket,
new Client { ClientId = "client_id" },
new ClaimTokenParameter { Format = UmaConstants.IdTokenType, Token = token },
CancellationToken.None)
.ConfigureAwait(false);
Assert.Equal(AuthorizationPolicyResultKind.NotAuthorized, result.Result);
}
When_Generating_AuthorizationResponse_With_AccessToken_And_ThereIs_A_GrantedToken_Then_Token_Is_Added_To_The_Parameters()
{
const string clientId = "clientId";
const string scope = "openid";
var claimsIdentity = new ClaimsIdentity("fake");
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
var authorizationParameter = new AuthorizationParameter
{
ResponseType = ResponseTypeNames.Token,
ClientId = clientId,
Scope = scope
};
var handler = new JwtSecurityTokenHandler();
var issuedAt = DateTime.UtcNow;
const int expiresIn = 20000;
var defaultSigningKey = await _inMemoryJwksRepository.GetDefaultSigningKey().ConfigureAwait(false);
var accessToken = handler.CreateEncodedJwt(
"test",
clientId,
claimsIdentity,
null,
issuedAt.AddSeconds(expiresIn),
issuedAt,
defaultSigningKey);
var grantedToken = new GrantedToken
{
ClientId = clientId,
AccessToken = accessToken,
CreateDateTime = issuedAt,
ExpiresIn = expiresIn
};
_tokenStore.Setup(
x => x.GetToken(
It.IsAny <string>(),
It.IsAny <string>(),
It.IsAny <JwtPayload>(),
It.IsAny <JwtPayload>(),
It.IsAny <CancellationToken>()))
.ReturnsAsync(grantedToken);
var actionResult = await _generateAuthorizationResponse.Generate(
new EndpointResult { RedirectInstruction = new RedirectInstruction() },
authorizationParameter,
claimsPrincipal,
new Client { ClientId = clientId },
"test",
CancellationToken.None)
.ConfigureAwait(false);
Assert.Equal(
grantedToken.AccessToken,
actionResult.RedirectInstruction !.Parameters
.First(x => x.Name == StandardAuthorizationResponseNames.AccessTokenName)
.Value);
}
public async Task When_Requesting_An_Existed_Granted_Token_Then_Check_Id_Token_Is_Signed_And_Encrypted()
{
InitializeFakeObjects(TimeSpan.FromSeconds(3000));
var handler = new JwtSecurityTokenHandler();
var accessToken = handler.CreateEncodedJwt(
"test",
"test",
new ClaimsIdentity(),
null,
null,
DateTime.Now,
await _inMemoryJwksRepository.GetDefaultSigningKey().ConfigureAwait(false));
const string identityToken = "identityToken";
const string clientId = "clientId";
var clientSecret = "clientSecret";
var authorizationCodeGrantTypeParameter = new AuthorizationCodeGrantTypeParameter
{
ClientAssertion = "clientAssertion",
ClientAssertionType = "clientAssertionType",
ClientSecret = clientSecret,
RedirectUri = new Uri("https://redirectUri"),
ClientId = clientId
};
var client = new Client
{
AllowedScopes = new[] { "scope" },
RedirectionUrls = new[] { new Uri("https://redirectUri") },
ClientId = clientId,
Secrets = new[] { new ClientSecret {
Type = ClientSecretTypes.SharedSecret, Value = clientSecret
} },
GrantTypes = new[] { GrantTypes.AuthorizationCode },
ResponseTypes = new[] { ResponseTypeNames.Code },
IdTokenSignedResponseAlg = SecurityAlgorithms.RsaSha256,
IdTokenEncryptedResponseAlg = SecurityAlgorithms.RsaPKCS1,
IdTokenEncryptedResponseEnc = SecurityAlgorithms.Aes128CbcHmacSha256
};
var authorizationCode = new AuthorizationCode
{
ClientId = clientId,
RedirectUri = new Uri("https://redirectUri"),
CreateDateTime = DateTimeOffset.UtcNow,
Scopes = "scope"
};
var grantedToken = new GrantedToken
{
ClientId = clientId,
AccessToken = accessToken,
IdToken = identityToken,
IdTokenPayLoad = new JwtPayload(),
CreateDateTime = DateTimeOffset.UtcNow,
ExpiresIn = 100000
};
_clientStore.Setup(x => x.GetById(It.IsAny <string>(), It.IsAny <CancellationToken>())).ReturnsAsync(client);
_authorizationCodeStoreFake.Setup(a => a.Get(It.IsAny <string>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(authorizationCode);
_tokenStoreFake
.Setup(
x => x.GetToken(
It.IsAny <string>(),
It.IsAny <string>(),
It.IsAny <JwtPayload>(),
It.IsAny <JwtPayload>(),
It.IsAny <CancellationToken>()))
.ReturnsAsync(grantedToken);
var authenticationHeader = new AuthenticationHeaderValue(
"Basic",
$"{clientId}:{clientSecret}".Base64Encode());
var r = await _getTokenByAuthorizationCodeGrantTypeAction.Execute(
authorizationCodeGrantTypeParameter,
authenticationHeader,
null,
null,
CancellationToken.None)
.ConfigureAwait(false);
Assert.NotNull(r);
}