public async Task Request_with_response_type_code_supported()
{
await _mockPipeline.LoginAsync("bob");
var metadata = await _mockPipeline.Client.GetAsync(MockIdSvrUiPipeline.DiscoveryEndpoint);
metadata.StatusCode.Should().Be(HttpStatusCode.OK);
var state = Guid.NewGuid().ToString();
var nonce = Guid.NewGuid().ToString();
var url = _mockPipeline.CreateAuthorizeUrl(
clientId: "code_client",
responseType: "code",
scope: "openid",
redirectUri: "https://code_client/callback",
state: state,
nonce: nonce);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.Should().Be(HttpStatusCode.Found);
var authorization = new IdentityModel.Client.AuthorizeResponse(response.Headers.Location.ToString());
authorization.IsError.Should().BeFalse();
authorization.Code.Should().NotBeNull();
authorization.State.Should().Be(state);
}
public async Task get_request_should_redirect_to_configured_logout_path()
{
_mockPipeline.Options.UserInteractionOptions.LogoutUrl = "/logout";
_mockPipeline.Options.UserInteractionOptions.LogoutIdParameter = "id";
await _mockPipeline.LoginAsync(IdentityServerPrincipal.Create("bob", "Bob Loblaw"));
var url = _mockPipeline.CreateAuthorizeUrl(
clientId: "client1",
responseType: "id_token",
scope: "openid",
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url);
var authorization = new IdentityModel.Client.AuthorizeResponse(response.Headers.Location.ToString());
var id_token = authorization.IdentityToken;
response = await _mockPipeline.BrowserClient.GetAsync(MockIdSvrUiPipeline.EndSessionEndpoint +
"?id_token_hint=" + id_token +
"&post_logout_redirect_uri=https://client1/signout-callback");
response.StatusCode.Should().Be(HttpStatusCode.Redirect);
response.Headers.Location.ToString().Should().StartWith("https://server/logout?id=");
}
public async Task client_requires_consent_should_show_consent_page()
{
await _mockPipeline.LoginAsync("bob");
var url = _mockPipeline.CreateAuthorizeUrl(
clientId: "client2",
responseType: "id_token",
scope: "openid",
redirectUri: "https://client2/callback",
state: "123_state",
nonce: "123_nonce"
);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ConsentWasCalled.Should().BeTrue();
}
public async Task anonymous_user_should_be_redirected_to_login_page()
{
var url = _mockPipeline.CreateAuthorizeUrl(
clientId: "client1",
responseType: "id_token",
scope: "openid",
redirectUri: "https://client1/callback",
state: "123_state",
nonce: "123_nonce");
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.LoginWasCalled.Should().BeTrue();
}
public async Task Reject_redirect_uri_not_matching_registered_redirect_uri()
{
await _mockPipeline.LoginAsync("bob");
var nonce = Guid.NewGuid().ToString();
var state = Guid.NewGuid().ToString();
var url = _mockPipeline.CreateAuthorizeUrl(
clientId: "code_client",
responseType: "code",
scope: "openid",
redirectUri: "https://bad",
state: state,
nonce: nonce);
var response = await _mockPipeline.BrowserClient.GetAsync(url);
_mockPipeline.ErrorWasCalled.Should().BeTrue();
_mockPipeline.ErrorMessage.Error.Should().Be("unauthorized_client");
}
public async Task Unrestricted_implicit_client_can_request_IdToken()
{
await _mockPipeline.LoginAsync(_user);
var url = _mockPipeline.CreateAuthorizeUrl("client1",
"id_token", "openid", "https://client1/callback", "state", "nonce");
_mockPipeline.BrowserClient.AllowAutoRedirect = false;
var response = await _mockPipeline.BrowserClient.GetAsync(url);
response.StatusCode.Should().Be(HttpStatusCode.Found);
response.Headers.Location.AbsoluteUri.Should().StartWith("https://client1/callback");
var authorization = new IdentityModel.Client.AuthorizeResponse(response.Headers.Location.ToString());
authorization.IdentityToken.Should().NotBeNull();
authorization.AccessToken.Should().BeNull();
}
public async Task Token_endpoint_supports_client_authentication_with_basic_authentication_with_POST()
{
await _pipeline.LoginAsync("bob");
var nonce = Guid.NewGuid().ToString();
_pipeline.BrowserClient.AllowAutoRedirect = false;
var url = _pipeline.CreateAuthorizeUrl(
clientId: "code_pipeline.Client",
responseType: "code",
scope: "openid",
redirectUri: "https://code_pipeline.Client/callback?foo=bar&baz=quux",
nonce: nonce);
var response = await _pipeline.BrowserClient.GetAsync(url);
var authorization = _pipeline.ParseAuthorizationResponseUrl(response.Headers.Location.ToString());
authorization.Code.Should().NotBeNull();
var code = authorization.Code;
// backchannel client
var wrapper = new MessageHandlerWrapper(_pipeline.Handler);
var tokenClient = new TokenClient(MockIdSvrUiPipeline.TokenEndpoint, "code_pipeline.Client", "secret", wrapper);
var tokenResult = await tokenClient.RequestAuthorizationCodeAsync(code, "https://code_pipeline.Client/callback?foo=bar&baz=quux");
tokenResult.IsError.Should().BeFalse();
tokenResult.HttpErrorReason.Should().BeNull();
tokenResult.TokenType.Should().Be("Bearer");
tokenResult.AccessToken.Should().NotBeNull();
tokenResult.ExpiresIn.Should().BeGreaterThan(0);
tokenResult.IdentityToken.Should().NotBeNull();
wrapper.Response.Headers.CacheControl.NoCache.Should().BeTrue();
wrapper.Response.Headers.CacheControl.NoStore.Should().BeTrue();
}