public void AllowClientCredentialsFlow_ClientCredentialsFlowIsAddedToGrantTypes()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.AllowClientCredentialsFlow();
var options = GetOptions(services);
// Assert
Assert.Contains(OpenIdConnectConstants.GrantTypes.ClientCredentials, options.GrantTypes);
}
public void AllowCustomFlow_CustomFlowIsAddedToGrantTypes()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.AllowCustomFlow("urn:ietf:params:oauth:grant-type:custom_grant");
var options = GetOptions(services);
// Assert
Assert.Contains("urn:ietf:params:oauth:grant-type:custom_grant", options.GrantTypes);
}
public void AddEphemeralSigningKey_SigningKeyIsCorrectlyAdded()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.AddEphemeralSigningKey();
var options = GetOptions(services);
// Assert
Assert.Equal(1, options.SigningCredentials.Count);
}
public void AllowAuthorizationCodeFlow_CodeFlowIsAddedToGrantTypes()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.AllowAuthorizationCodeFlow();
var options = GetOptions(services);
// Assert
Assert.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode, options.GrantTypes);
}
public void DisableTokenRevocation_TokenRevocationIsDisabled()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.DisableTokenRevocation();
var options = GetOptions(services);
// Assert
Assert.True(options.DisableTokenRevocation);
}
public void EnableRevocationEndpoint_RevocationEndpointIsEnabled()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.EnableRevocationEndpoint("/endpoint-path");
var options = GetOptions(services);
// Assert
Assert.Equal("/endpoint-path", options.RevocationEndpointPath);
}
public void UseReferenceTokens_ReferenceTokensAreEnabled()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.UseReferenceTokens();
var options = GetOptions(services);
// Assert
Assert.True(options.UseReferenceTokens);
}
public void DisableCryptographyEndpoint_CryptographyEndpointIsDisabled()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.DisableCryptographyEndpoint();
var options = GetOptions(services);
// Assert
Assert.Equal(PathString.Empty, options.CryptographyEndpointPath);
}
public void UseDataProtectionProvider_DefaultProviderIsReplaced()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.UseDataProtectionProvider(new EphemeralDataProtectionProvider(new LoggerFactory()));
var options = GetOptions(services);
// Assert
Assert.IsType <EphemeralDataProtectionProvider>(options.DataProtectionProvider);
}
public void UseJsonWebTokens_AccessTokenHandlerIsCorrectlySet()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.UseJsonWebTokens();
var options = GetOptions(services);
// Assert
Assert.IsType <JwtSecurityTokenHandler>(options.AccessTokenHandler);
}
public void AddDevelopmentSigningCertificate_ThrowsAnExceptionForNullSubject()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act and assert
var exception = Assert.Throws <ArgumentNullException>(delegate
{
builder.AddDevelopmentSigningCertificate(subject: null);
});
Assert.Equal("subject", exception.ParamName);
}
public void SetIssuer_AddressIsReplaced()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.SetIssuer(new Uri("http://www.fabrikam.com/"));
var options = GetOptions(services);
// Assert
Assert.Equal(new Uri("http://www.fabrikam.com/"), options.Issuer);
}
public void SetRefreshTokenLifetime_DefaultRefreshTokenLifetimeIsReplaced()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.SetRefreshTokenLifetime(TimeSpan.FromMinutes(42));
var options = GetOptions(services);
// Assert
Assert.Equal(TimeSpan.FromMinutes(42), options.RefreshTokenLifetime);
}
public void RequireClientIdentification_ClientIdentificationIsEnforced()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.RequireClientIdentification();
var options = GetOptions(services);
// Assert
Assert.True(options.RequireClientIdentification);
}
public void AddServer_RegistersDefaultHandler(OpenIddictServerHandlerDescriptor descriptor)
{
// Arrange
var services = new ServiceCollection();
var builder = new OpenIddictBuilder(services);
// Act
builder.AddServer();
// Assert
Assert.Contains(services, service => service.Lifetime == descriptor.ServiceDescriptor.Lifetime &&
service.ServiceType == descriptor.ServiceDescriptor.ServiceType &&
service.ImplementationType == descriptor.ServiceDescriptor.ImplementationType);
}
public void AllowRefreshTokenFlow_RefreshTokenFlowIsAddedToGrantTypes()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.AllowRefreshTokenFlow();
var options = GetOptions(services);
// Assert
Assert.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken, options.GrantTypes);
}
public void AddServer_RegistersRequiredSingletons(Type type)
{
// Arrange
var services = new ServiceCollection();
var builder = new OpenIddictBuilder(services);
// Act
builder.AddServer();
// Assert
Assert.Contains(services, service => service.ServiceType == type &&
service.ImplementationType == type &&
service.Lifetime == ServiceLifetime.Singleton);
}
public void DisableSlidingExpiration_SlidingExpirationIsDisabled()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.DisableSlidingExpiration();
var options = GetOptions(services);
// Assert
Assert.False(options.UseSlidingExpiration);
}
public void AddServer_RegistersServerFactory()
{
// Arrange
var services = new ServiceCollection();
var builder = new OpenIddictBuilder(services);
// Act
builder.AddServer();
// Assert
Assert.Contains(services, service => service.ServiceType == typeof(IOpenIddictServerFactory) &&
service.ImplementationType == typeof(OpenIddictServerFactory) &&
service.Lifetime == ServiceLifetime.Scoped);
}
public void EnableRequestCaching_RequestCachingIsEnabled()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.EnableRequestCaching();
var options = GetOptions(services);
// Assert
Assert.True(options.EnableRequestCaching);
}
public void Configure_OptionsAreCorrectlyAmended()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.Configure(configuration => configuration.AccessTokenLifetime = TimeSpan.FromDays(1));
var options = GetOptions(services);
// Assert
Assert.Equal(TimeSpan.FromDays(1), options.AccessTokenLifetime);
}
public void EnableScopeValidation_ScopeValidationIsDisabled()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.EnableScopeValidation();
var options = GetOptions(services);
// Assert
Assert.True(options.EnableScopeValidation);
}
public static OpenIddictBuilder AddUIStore(
this OpenIddictBuilder builder,
Action <OpenIddictUIStoreOptions> storeOptionsAction = null
)
{
builder.Services.AddInfrastructureServices();
var coreBuilder = new OpenIddictCoreBuilder(builder.Services)
.UseEFCoreUIStore <OpenIddictUIContext>();
builder.Services
.AddOpenIddictUIStore <OpenIddictUIContext>(storeOptionsAction);
return(builder);
}
public void AddEphemeralSigningKey_SigningCredentialsUseSpecifiedAlgorithm(string algorithm)
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.AddEphemeralSigningKey(algorithm);
var options = GetOptions(services);
var credentials = options.SigningCredentials[0];
// Assert
Assert.Equal(algorithm, credentials.Algorithm);
}
/// <summary>
/// Register the Api for the EF based UI Store.
/// </summary>
public static OpenIddictBuilder AddUIApis <TApplicationUser>(
this OpenIddictBuilder builder,
Action <OpenIddictUIApiOptions> uiApiOptions = null
) where TApplicationUser : IdentityUser, new()
{
builder.Services
.AddOpenIddictUIApiServices <TApplicationUser>(uiApiOptions);
var options = new OpenIddictUIApiOptions();
uiApiOptions?.Invoke(options);
builder.AddOpenIddictUIRoutePrefix(options.RoutePrefix);
return(builder);
}
public void RegisterScopes_ScopesAreAdded()
{
// Arrange
var services = CreateServices();
var builder = new OpenIddictBuilder(services);
// Act
builder.RegisterScopes("custom_scope_1", "custom_scope_2");
var options = GetOptions(services);
// Assert
Assert.Contains("custom_scope_1", options.Scopes);
Assert.Contains("custom_scope_2", options.Scopes);
}
/// <summary>
/// Registers the OpenIddict client services in the DI container.
/// </summary>
/// <param name="builder">The services builder used by OpenIddict to register new services.</param>
/// <remarks>This extension can be safely called multiple times.</remarks>
/// <returns>The <see cref="OpenIddictClientBuilder"/>.</returns>
public static OpenIddictClientBuilder AddClient(this OpenIddictBuilder builder)
{
if (builder is null)
{
throw new ArgumentNullException(nameof(builder));
}
builder.Services.AddLogging();
builder.Services.AddOptions();
builder.Services.TryAddScoped <IOpenIddictClientDispatcher, OpenIddictClientDispatcher>();
builder.Services.TryAddScoped <IOpenIddictClientFactory, OpenIddictClientFactory>();
builder.Services.TryAddSingleton <OpenIddictClientService>();
// Register the built-in filters used by the default OpenIddict client event handlers.
builder.Services.TryAddSingleton <RequireAuthorizationCodeOrImplicitGrantType>();
builder.Services.TryAddSingleton <RequireAuthorizationCodeValidated>();
builder.Services.TryAddSingleton <RequireBackchannelAccessTokenValidated>();
builder.Services.TryAddSingleton <RequireBackchannelIdentityTokenValidated>();
builder.Services.TryAddSingleton <RequireBackchannelIdentityTokenPrincipal>();
builder.Services.TryAddSingleton <RequireClientAssertionTokenGenerated>();
builder.Services.TryAddSingleton <RequireFrontchannelAccessTokenValidated>();
builder.Services.TryAddSingleton <RequireFrontchannelIdentityTokenValidated>();
builder.Services.TryAddSingleton <RequireFrontchannelIdentityTokenPrincipal>();
builder.Services.TryAddSingleton <RequireJsonWebTokenFormat>();
builder.Services.TryAddSingleton <RequireRedirectionRequest>();
builder.Services.TryAddSingleton <RequireRefreshTokenValidated>();
builder.Services.TryAddSingleton <RequireStateTokenGenerated>();
builder.Services.TryAddSingleton <RequireStateTokenPrincipal>();
builder.Services.TryAddSingleton <RequireStateTokenValidated>();
builder.Services.TryAddSingleton <RequireTokenEntryCreated>();
builder.Services.TryAddSingleton <RequireTokenPayloadPersisted>();
builder.Services.TryAddSingleton <RequireTokenRequest>();
builder.Services.TryAddSingleton <RequireTokenStorageEnabled>();
builder.Services.TryAddSingleton <RequireUserinfoRequest>();
builder.Services.TryAddSingleton <RequireUserinfoTokenExtracted>();
builder.Services.TryAddSingleton <RequireUserinfoTokenPrincipal>();
// Register the built-in client event handlers used by the OpenIddict client components.
// Note: the order used here is not important, as the actual order is set in the options.
builder.Services.TryAdd(DefaultHandlers.Select(descriptor => descriptor.ServiceDescriptor));
// Note: TryAddEnumerable() is used here to ensure the initializer is registered only once.
builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton <
IPostConfigureOptions <OpenIddictClientOptions>, OpenIddictClientConfiguration>());
return(new OpenIddictClientBuilder(builder.Services));
}
/// <summary>
/// Registers the OpenIddict client services in the DI container.
/// </summary>
/// <param name="builder">The services builder used by OpenIddict to register new services.</param>
/// <param name="configuration">The configuration delegate used to configure the client services.</param>
/// <remarks>This extension can be safely called multiple times.</remarks>
/// <returns>The <see cref="OpenIddictBuilder"/>.</returns>
public static OpenIddictBuilder AddClient(this OpenIddictBuilder builder, Action <OpenIddictClientBuilder> configuration)
{
if (builder is null)
{
throw new ArgumentNullException(nameof(builder));
}
if (configuration is null)
{
throw new ArgumentNullException(nameof(configuration));
}
configuration(builder.AddClient());
return(builder);
}
public void AddServer_RegistersAuthenticationScheme()
{
// Arrange
var services = new ServiceCollection();
var builder = new OpenIddictBuilder(services);
// Act
builder.AddServer();
// Assert
var provider = services.BuildServiceProvider();
var options = provider.GetRequiredService <IOptions <AuthenticationOptions> >().Value;
Assert.Contains(options.Schemes, scheme => scheme.Name == OpenIddictServerDefaults.AuthenticationScheme &&
scheme.HandlerType == typeof(OpenIddictServerHandler));
}
public void AddApplicationStore_ThrowsAnExceptionForInvalidStore()
{
// Arrange
var services = new ServiceCollection();
services.AddOptions();
var builder = new OpenIddictBuilder(services);
builder.ApplicationType = typeof(object);
// Act and assert
var exception = Assert.Throws <InvalidOperationException>(() => builder.AddApplicationStore(typeof(object)));
Assert.Equal("The specified type is invalid.", exception.Message);
}