public async Task ActiveToken_With_SavedToken_And_Caching()
{
var expectedToken = "expected_token";
var client = PipelineFactory.CreateClient((o) =>
{
_options(o);
o.IntrospectionHttpHandler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active, TimeSpan.FromHours(1));
o.SaveToken = true;
o.EnableCaching = true;
o.CacheDuration = TimeSpan.FromMinutes(10);
}, true);
client.SetBearerToken(expectedToken);
var firstResponse = await client.GetAsync("http://test");
firstResponse.StatusCode.Should().Be(HttpStatusCode.OK);
var secondResponse = await client.GetAsync("http://test");
secondResponse.StatusCode.Should().Be(HttpStatusCode.OK);
var responseDataStr = await secondResponse.Content.ReadAsStringAsync();
var responseData = JsonConvert.DeserializeObject <Dictionary <string, string> >(responseDataStr);
responseData.Should().Contain("token", expectedToken);
}
public void Empty_Options()
{
Action act = () => PipelineFactory.CreateClient(_options);
act.ShouldThrow <InvalidOperationException>()
.WithMessage("You must either set Authority or IntrospectionEndpoint");
}
public async Task InActive_token_with_inline_event_events_should_be_called()
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Inactive);
bool?validatedCalled = null;
bool?failureCalled = null;
var client = PipelineFactory.CreateClient(o =>
{
_options(o);
o.Events.OnTokenValidated = e =>
{
validatedCalled = true;
return(Task.CompletedTask);
};
o.Events.OnAuthenticationFailed = e =>
{
failureCalled = true;
return(Task.CompletedTask);
};
}, handler);
client.SetBearerToken("sometoken");
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
validatedCalled.Should().BeNull();
failureCalled.Should().BeTrue();
}
public async Task Repeated_inactive_token_with_caching_enabled_should_hit_cache()
{
var expectedToken = "expected_token";
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Inactive);
var client = PipelineFactory.CreateClient((o) =>
{
_options(o);
o.SaveToken = true;
o.EnableCaching = true;
o.CacheDuration = TimeSpan.FromMinutes(10);
}, handler, true);
client.SetBearerToken(expectedToken);
var firstResponse = await client.GetAsync("http://test");
firstResponse.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
handler.SentIntrospectionRequest.Should().BeTrue();
handler.SentIntrospectionRequest = false;
var secondResponse = await client.GetAsync("http://test");
secondResponse.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
handler.SentIntrospectionRequest.Should().BeFalse();
}
public void Empty_Options()
{
Action act = () => PipelineFactory.CreateClient((options) => { })
.GetAsync("http://test").GetAwaiter().GetResult();
act.Should().Throw <InvalidOperationException>()
.WithMessage("You must either set Authority or IntrospectionEndpoint");
}
public void Endpoint_But_No_Authority()
{
_options.IntrospectionEndpoint = "http://endpoint";
_options.ClientId = "scope";
Action act = () => PipelineFactory.CreateClient(_options);
act.ShouldNotThrow();
}
public void Authority_No_Scope_Details()
{
_options.Authority = "http://foo";
Action act = () => PipelineFactory.CreateClient(_options);
act.ShouldThrow <InvalidOperationException>()
.WithMessage("You must either set a ClientId or set an introspection HTTP handler");
}
public void No_ClientName_But_Introspection_Handler()
{
_options.IntrospectionEndpoint = "http://endpoint";
_options.IntrospectionHttpHandler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
Action act = () => PipelineFactory.CreateClient(_options);
act.ShouldNotThrow();
}
public void Authority_No_Network_Delay_Load()
{
_options.Authority = "http://localhost:6666";
_options.ClientId = "scope";
Action act = () => PipelineFactory.CreateClient(_options);
act.ShouldNotThrow();
}
public void Caching_With_Caching_Service()
{
_options.IntrospectionEndpoint = "http://endpoint";
_options.ClientId = "scope";
_options.EnableCaching = true;
Action act = () => PipelineFactory.CreateClient(_options, addCaching: true);
act.ShouldNotThrow();
}
public void Authority_No_Network_Delay_Load()
{
Action act = () => PipelineFactory.CreateClient(options =>
{
options.Authority = "http://localhost:6666";
options.ClientId = "scope";
}).GetAsync("http://test").GetAwaiter().GetResult();
act.Should().NotThrow();
}
public void No_ClientName_But_Introspection_Handler()
{
Action act = () => PipelineFactory.CreateClient(options =>
{
options.IntrospectionEndpoint = "http://endpoint";
options.IntrospectionHttpHandler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
}).GetAsync("http://test").GetAwaiter().GetResult();
act.Should().NotThrow();
}
public void Authority_No_Scope_Details()
{
Action act = () => PipelineFactory.CreateClient((options) =>
{
options.Authority = "http://foo";
}).GetAsync("http://test").GetAwaiter().GetResult();
act.Should().Throw <InvalidOperationException>()
.WithMessage("You must either set a ClientId or set an introspection HTTP handler");
}
public void Endpoint_But_No_Authority()
{
Action act = () => PipelineFactory.CreateClient(options =>
{
options.IntrospectionEndpoint = "http://endpoint";
options.ClientId = "scope";
}).GetAsync("http://test").GetAwaiter().GetResult();
act.Should().NotThrow();
}
public void No_Token_Retriever()
{
_options.Authority = "http://foo";
_options.ClientId = "scope";
_options.TokenRetriever = null;
Action act = () => PipelineFactory.CreateClient(_options);
act.ShouldThrow <ArgumentException>()
.Where(e => e.Message.StartsWith("TokenRetriever must be set"));
}
public void Caching_With_Caching_Service()
{
Action act = () => PipelineFactory.CreateClient(options =>
{
options.IntrospectionEndpoint = "http://endpoint";
options.ClientId = "scope";
options.EnableCaching = true;
}, addCaching: true).GetAsync("http://test").GetAwaiter().GetResult();
act.Should().NotThrow();
}
public void Caching_Without_Caching_Service()
{
_options.IntrospectionEndpoint = "http://endpoint";
_options.ClientId = "scope";
_options.EnableCaching = true;
Action act = () => PipelineFactory.CreateClient(_options);
act.ShouldThrow <ArgumentException>()
.Where(e => e.Message.StartsWith("Caching is enabled, but no cache is found in the services collection"));
}
public async Task ActiveToken()
{
_options.IntrospectionHttpHandler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
var client = PipelineFactory.CreateClient(_options);
client.SetBearerToken("sometoken");
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
}
public async Task no_token_should_return_401()
{
var client = PipelineFactory.CreateClient(options =>
{
options.Authority = "https://authority";
options.ApiName = "api1";
});
var response = await client.GetAsync("http://api");
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
public async Task Unauthorized_Client()
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Unauthorized);
var client = PipelineFactory.CreateClient(o => _options(o), handler);
client.SetBearerToken("sometoken");
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
public void Caching_Without_Caching_Service()
{
Action act = () => PipelineFactory.CreateClient(options =>
{
options.IntrospectionEndpoint = "http://endpoint";
options.ClientId = "scope";
options.EnableCaching = true;
}).GetAsync("http://test").GetAwaiter().GetResult();
act.Should().Throw <ArgumentException>()
.Where(e => e.Message.StartsWith("Caching is enabled, but no IDistributedCache is found in the services collection"));
}
public void No_Token_Retriever()
{
Action act = () => PipelineFactory.CreateClient(options =>
{
options.Authority = "http://foo";
options.ClientId = "scope";
options.TokenRetriever = null;
}).GetAsync("http://test").GetAwaiter().GetResult();
act.Should().Throw <ArgumentException>()
.Where(e => e.Message.StartsWith("TokenRetriever must be set"));
}
public async Task invalid_jwt_token_should_return_401()
{
var client = PipelineFactory.CreateClient(options =>
{
options.Authority = "https://demo.identityserver.io";
options.ApiName = "api1";
});
client.SetBearerToken("header.payload.signature");
var response = await client.GetAsync("http://api");
response.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
public async Task ActiveToken_With_Discovery_Unavailable_On_First_Request()
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
var client = PipelineFactory.CreateClient(o => _options(o), handler);
client.SetBearerToken("sometoken");
handler.IsDiscoveryFailureTest = true;
await Assert.ThrowsAsync <InvalidOperationException>(async() => await client.GetAsync("http://test"));
handler.IsDiscoveryFailureTest = false;
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
}
public async Task Authority_Trailing_Slash()
{
_options.Authority = "http://authority.com/";
_options.ClientId = "scope";
var handler = new DiscoveryEndpointHandler();
_options.DiscoveryHttpHandler = handler;
var client = PipelineFactory.CreateClient(_options);
client.SetBearerToken("token");
var response = await client.GetAsync("http://server/api");
handler.Endpoint.Should().Be("http://authority.com/.well-known/openid-configuration");
}
public async Task Authority_Get_Introspection_Endpoint()
{
_options.Authority = "http://authority.com/";
_options.ClientId = "scope";
var handler = new DiscoveryEndpointHandler();
_options.DiscoveryHttpHandler = handler;
var client = PipelineFactory.CreateClient(_options);
client.SetBearerToken("token");
var response = await client.GetAsync("http://server/api");
_options.IntrospectionEndpoint.Should().Be("http://introspection_endpoint");
}
public async Task ActiveToken()
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
var client = PipelineFactory.CreateClient(_options, handler);
client.SetBearerToken("sometoken");
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
var request = handler.LastRequest;
request.Should().ContainKey("client_id").WhichValue.Should().Be(clientId);
request.Should().ContainKey("client_secret").WhichValue.Should().Be(clientSecret);
}
public async Task ActiveToken_With_ClientAssertion(int ttl, string assertion1, string assertion2)
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
var count = 0;
var client = PipelineFactory.CreateClient(o =>
{
_options(o);
o.ClientSecret = null;
o.Events.OnUpdateClientAssertion = e =>
{
count++;
e.ClientAssertion = new ClientAssertion
{
Type = "testType",
Value = "testAssertion" + count
};
e.ClientAssertionExpirationTime = DateTime.UtcNow.AddMilliseconds(ttl);
return(Task.CompletedTask);
};
}, handler);
client.SetBearerToken("sometoken");
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
var request = handler.LastRequest;
request.Should().ContainKey("client_id").WhichValue.Should().Be(clientId);
request.Should().ContainKey("client_assertion_type").WhichValue.Should().Be("testType");
request.Should().ContainKey("client_assertion").WhichValue.Should().Be(assertion1);
result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
request = handler.LastRequest;
request.Should().ContainKey("client_id").WhichValue.Should().Be(clientId);
request.Should().ContainKey("client_assertion_type").WhichValue.Should().Be("testType");
request.Should().ContainKey("client_assertion").WhichValue.Should().Be(assertion2);
}
public async Task ActiveToken_With_Caching_Ttl_Shorter_Than_Duration()
{
_options.IntrospectionHttpHandler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active, TimeSpan.FromMinutes(5));
_options.EnableCaching = true;
_options.CacheDuration = TimeSpan.FromMinutes(10);
var client = PipelineFactory.CreateClient(_options, addCaching: true);
client.SetBearerToken("sometoken");
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
}
public async Task Authority_Get_Introspection_Endpoint()
{
OAuth2IntrospectionOptions ops = null;
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
var client = PipelineFactory.CreateClient(options =>
{
options.Authority = "https://authority.com/";
options.ClientId = "scope";
options.DiscoveryPolicy.RequireKeySet = false;
ops = options;
}, handler);
client.SetBearerToken("token");
await client.GetAsync("http://server/api");
ops.IntrospectionEndpoint.Should().Be("https://authority.com/introspection_endpoint");
}
