public void AuthorizationCodeGrant() {
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
AuthorizationServerMock,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = new AuthorizationState {
Callback = ClientCallback,
};
client.PrepareRequestUserAuthorization(authState).Respond();
var result = client.ProcessUserAuthorization();
Assert.IsNotNullOrEmpty(result.AccessToken);
Assert.IsNotNullOrEmpty(result.RefreshToken);
},
server => {
var request = server.ReadAuthorizationRequest();
server.ApproveAuthorizationRequest(request, ResourceOwnerUsername);
var tokenRequest = server.ReadAccessTokenRequest();
IAccessTokenRequest accessTokenRequest = tokenRequest;
Assert.IsTrue(accessTokenRequest.ClientAuthenticated);
var tokenResponse = server.PrepareAccessTokenResponse(tokenRequest);
server.Channel.Respond(tokenResponse);
});
coordinator.Run();
}
public void ResourceOwnerPasswordCredentialGrant(bool anonymousClient) {
var authHostMock = CreateAuthorizationServerMock();
if (anonymousClient) {
authHostMock.Setup(
m =>
m.IsAuthorizationValid(
It.Is<IAuthorizationDescription>(
d =>
d.ClientIdentifier == null && d.User == ResourceOwnerUsername &&
MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))).Returns(true);
}
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authHostMock.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
if (anonymousClient) {
client.ClientIdentifier = null;
}
var authState = client.ExchangeUserCredentialForToken(ResourceOwnerUsername, ResourceOwnerPassword, TestScopes);
Assert.That(authState.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(authState.RefreshToken, Is.Not.Null.And.Not.Empty);
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public void DecodeRefreshToken() {
var refreshTokenSource = new TaskCompletionSource<string>();
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
AuthorizationServerMock,
new WebServerClient(AuthorizationServerDescription),
client => {
try {
var authState = new AuthorizationState(TestScopes) {
Callback = ClientCallback,
};
client.PrepareRequestUserAuthorization(authState).Respond();
var result = client.ProcessUserAuthorization();
Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty);
refreshTokenSource.SetResult(result.RefreshToken);
} catch {
refreshTokenSource.TrySetCanceled();
}
},
server => {
var request = server.ReadAuthorizationRequest();
Assert.That(request, Is.Not.Null);
server.ApproveAuthorizationRequest(request, ResourceOwnerUsername);
server.HandleTokenRequest().Respond();
var authorization = server.DecodeRefreshToken(refreshTokenSource.Task.Result);
Assert.That(authorization, Is.Not.Null);
Assert.That(authorization.User, Is.EqualTo(ResourceOwnerUsername));
});
coordinator.Run();
}
public void ImplicitGrant() {
var coordinatorClient = new UserAgentClient(AuthorizationServerDescription);
var coordinator = new OAuth2Coordinator<UserAgentClient>(
AuthorizationServerDescription,
AuthorizationServerMock,
coordinatorClient,
client => {
var authState = new AuthorizationState {
Callback = ClientCallback,
};
var request = client.PrepareRequestUserAuthorization(authState, implicitResponseType: true);
Assert.AreEqual(EndUserAuthorizationResponseType.AccessToken, request.ResponseType);
client.Channel.Respond(request);
var incoming = client.Channel.ReadFromRequest();
var result = client.ProcessUserAuthorization(authState, incoming);
Assert.IsNotNullOrEmpty(result.AccessToken);
Assert.IsNull(result.RefreshToken);
},
server => {
var request = server.ReadAuthorizationRequest();
IAccessTokenRequest accessTokenRequest = (EndUserAuthorizationImplicitRequest)request;
Assert.IsFalse(accessTokenRequest.ClientAuthenticated);
server.ApproveAuthorizationRequest(request, ResourceOwnerUsername);
});
coordinatorClient.ClientSecret = null; // implicit grant clients don't need a secret.
coordinator.Run();
}
public void AuthorizationCodeGrant() {
var coordinator = new OAuth2Coordinator<UserAgentClient>(
AuthorizationServerDescription,
AuthorizationServerMock,
new UserAgentClient(AuthorizationServerDescription),
client => {
var authState = new AuthorizationState(TestScopes) {
Callback = ClientCallback,
};
var request = client.PrepareRequestUserAuthorization(authState);
Assert.AreEqual(EndUserAuthorizationResponseType.AuthorizationCode, request.ResponseType);
client.Channel.Respond(request);
var incoming = client.Channel.ReadFromRequest();
var result = client.ProcessUserAuthorization(authState, incoming);
Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty);
},
server => {
var request = server.ReadAuthorizationRequest();
Assert.That(request, Is.Not.Null);
server.ApproveAuthorizationRequest(request, ResourceOwnerUsername);
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public void ErrorResponseTest() {
var coordinator = new OAuth2Coordinator<UserAgentClient>(
AuthorizationServerDescription,
AuthorizationServerMock,
new UserAgentClient(AuthorizationServerDescription),
client => {
var request = new AccessTokenAuthorizationCodeRequestC(AuthorizationServerDescription) { ClientIdentifier = ClientId, ClientSecret = ClientSecret, AuthorizationCode = "foo" };
var response = client.Channel.Request<AccessTokenFailedResponse>(request);
Assert.That(response.Error, Is.Not.Null.And.Not.Empty);
Assert.That(response.Error, Is.EqualTo(Protocol.AccessTokenRequestErrorCodes.InvalidRequest));
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public void ResourceOwnerPasswordCredentialGrant() {
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
AuthorizationServerMock,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = client.ExchangeUserCredentialForToken(ResourceOwnerUsername, ResourceOwnerPassword);
Assert.IsNotNullOrEmpty(authState.AccessToken);
Assert.IsNotNullOrEmpty(authState.RefreshToken);
},
server => {
var request = server.ReadAccessTokenRequest();
var response = server.PrepareAccessTokenResponse(request);
server.Channel.Respond(response);
});
coordinator.Run();
}
public void ClientCredentialGrant() {
var authServer = CreateAuthorizationServerMock();
authServer.Setup(
a => a.IsAuthorizationValid(It.Is<IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns(true);
authServer.Setup(
a => a.CheckAuthorizeClientCredentialsGrant(It.Is<IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns<IAccessTokenRequest>(req => new AutomatedAuthorizationCheckResponse(req, true));
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authServer.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = client.GetClientAccessToken(TestScopes);
Assert.That(authState.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(authState.RefreshToken, Is.Null);
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public void GetClientAccessTokenReturnsApprovedScope() {
string[] approvedScopes = new[] { "Scope2", "Scope3" };
var authServer = CreateAuthorizationServerMock();
authServer.Setup(
a => a.IsAuthorizationValid(It.Is<IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns(true);
authServer.Setup(
a => a.CheckAuthorizeClientCredentialsGrant(It.Is<IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns<IAccessTokenRequest>(req => {
var response = new AutomatedAuthorizationCheckResponse(req, true);
response.ApprovedScope.ResetContents(approvedScopes);
return response;
});
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authServer.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = client.GetClientAccessToken(TestScopes);
Assert.That(authState.Scope, Is.EquivalentTo(approvedScopes));
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public void ResourceOwnerScopeOverride() {
var clientRequestedScopes = new[] { "scope1", "scope2" };
var serverOverriddenScopes = new[] { "scope1", "differentScope" };
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>()))
.Returns<string, string, IAccessTokenRequest>((un, pw, req) => {
var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername);
response.ApprovedScope.Clear();
response.ApprovedScope.UnionWith(serverOverriddenScopes);
return response;
});
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authServerMock.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = new AuthorizationState(TestScopes) {
Callback = ClientCallback,
};
var result = client.ExchangeUserCredentialForToken(ResourceOwnerUsername, ResourceOwnerPassword, clientRequestedScopes);
Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes));
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public void ClientCredentialScopeOverride() {
var clientRequestedScopes = new[] { "scope1", "scope2" };
var serverOverriddenScopes = new[] { "scope1", "differentScope" };
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeClientCredentialsGrant(It.IsAny<IAccessTokenRequest>()))
.Returns<IAccessTokenRequest>(req => {
var response = new AutomatedAuthorizationCheckResponse(req, true);
response.ApprovedScope.Clear();
response.ApprovedScope.UnionWith(serverOverriddenScopes);
return response;
});
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authServerMock.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = new AuthorizationState(TestScopes) {
Callback = ClientCallback,
};
var result = client.GetClientAccessToken(clientRequestedScopes);
Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes));
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public void CreateAccessTokenSeesAuthorizingUserClientCredentialGrant() {
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeClientCredentialsGrant(It.IsAny<IAccessTokenRequest>()))
.Returns<IAccessTokenRequest>(req => {
Assert.That(req.UserName, Is.Null);
return new AutomatedAuthorizationCheckResponse(req, true);
});
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authServerMock.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = new AuthorizationState(TestScopes) {
Callback = ClientCallback,
};
var result = client.GetClientAccessToken(TestScopes);
Assert.That(result.AccessToken, Is.Not.Null);
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public void CreateAccessTokenSeesAuthorizingUserResourceOwnerGrant() {
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>()))
.Returns<string, string, IAccessTokenRequest>((un, pw, req) => {
var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername);
Assert.That(req.UserName, Is.EqualTo(ResourceOwnerUsername));
return response;
});
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authServerMock.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = new AuthorizationState(TestScopes) {
Callback = ClientCallback,
};
var result = client.ExchangeUserCredentialForToken(ResourceOwnerUsername, ResourceOwnerPassword, TestScopes);
Assert.That(result.AccessToken, Is.Not.Null);
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public void CreateAccessTokenSeesAuthorizingUserAuthorizationCodeGrant() {
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.IsAuthorizationValid(It.IsAny<IAuthorizationDescription>()))
.Returns<IAuthorizationDescription>(req => {
Assert.That(req.User, Is.EqualTo(ResourceOwnerUsername));
return true;
});
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authServerMock.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = new AuthorizationState(TestScopes) {
Callback = ClientCallback,
};
client.PrepareRequestUserAuthorization(authState).Respond();
var result = client.ProcessUserAuthorization();
Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(result.RefreshToken, Is.Not.Null.And.Not.Empty);
},
server => {
var request = server.ReadAuthorizationRequest();
Assert.That(request, Is.Not.Null);
server.ApproveAuthorizationRequest(request, ResourceOwnerUsername);
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
