public void SuccessfulResourceOwnerRevocation()
{
TokenClient client = null !;
GrantedTokenResponse result = null !;
"and a properly token client".x(
() => client = new TokenClient(
TokenCredentials.FromBasicAuthentication("client", "client"),
Fixture.Client,
new Uri(WellKnownOpenidConfiguration)));
"when requesting auth token".x(
async() =>
{
var response = await client
.GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid" }, "pwd"))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
result = response.Item;
});
"then can revoke token".x(
async() =>
{
var response = await client.RevokeToken(RevokeTokenRequest.Create(result)).ConfigureAwait(false);
Assert.IsType <Option.Success>(response);
});
}
public void SuccessfulResourceOwnerRefresh()
{
TokenClient client = null !;
GrantedTokenResponse result = null !;
"and a properly token client".x(
() => client = new TokenClient(
TokenCredentials.FromBasicAuthentication("clientCredentials", "clientCredentials"),
_fixture.Client,
new Uri(WellKnownOpenidConfiguration)));
"when requesting auth token".x(
async() =>
{
var response =
await client.GetToken(TokenRequest.FromScopes("api1", "offline")).ConfigureAwait(false) as
Option <GrantedTokenResponse> .Result;
Assert.NotNull(response);
result = response.Item;
});
"then can get new token from refresh token".x(
async() =>
{
var response = await client.GetToken(TokenRequest.FromRefreshToken(result.RefreshToken))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
Assert.NotNull(response);
});
}
public void SuccessfulResourceOwnerAuthentication()
{
TokenClient client = null !;
GrantedTokenResponse result = null !;
"and a properly configured token client".x(
() => client = new TokenClient(
TokenCredentials.FromBasicAuthentication("client", "client"),
_fixture.Client,
new Uri(WellKnownOpenidConfiguration)));
"when requesting token".x(
async() =>
{
var response = await client
.GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid" }))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
Assert.NotNull(response);
result = response.Item;
});
"then has valid access token".x(
() =>
{
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
IssuerSigningKeys = _jwks.GetSigningKeys(),
ValidAudience = "client",
ValidIssuer = "https://localhost"
};
tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token);
Assert.NotEmpty(((JwtSecurityToken)token).Claims);
});
"and has valid id token".x(
() =>
{
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
IssuerSigningKey = TestKeys.SecretKey.CreateJwk(
JsonWebKeyUseNames.Sig,
KeyOperations.Sign,
KeyOperations.Verify),
ValidAudience = "client",
ValidIssuer = "https://localhost"
};
tokenHandler.ValidateToken(result.IdToken, validationParameters, out _);
});
}
public void UserinfoAfterSuccessfulResourceOwnerAuthentication()
{
TokenClient client = null !;
GrantedTokenResponse result = null !;
"and a properly configured token client".x(
() => client = new TokenClient(
TokenCredentials.FromBasicAuthentication("client", "client"),
_fixture.Client,
new Uri(WellKnownOpenidConfiguration)));
"when requesting token".x(
async() =>
{
var response = await client
.GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid" }))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
result = response.Item;
});
"then has valid access token".x(
() =>
{
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
IssuerSigningKeys = _jwks.GetSigningKeys(),
ValidAudience = "client",
ValidIssuer = "https://localhost"
};
tokenHandler.ValidateToken(result.AccessToken, validationParameters, out var token);
Assert.NotEmpty(((JwtSecurityToken)token).Claims);
});
"and can get user info".x(
async() =>
{
var userinfoRequest = new HttpRequestMessage
{
Method = HttpMethod.Get, RequestUri = new Uri(BaseUrl + "/userinfo")
};
userinfoRequest.Headers.Authorization =
new AuthenticationHeaderValue(result.TokenType, result.AccessToken);
var userinfo = await _fixture.Client().SendAsync(userinfoRequest).ConfigureAwait(false);
Assert.True(userinfo.IsSuccessStatusCode);
});
}
public void InvalidUserCredentials()
{
TokenClient client = null !;
Option <GrantedTokenResponse> result = null !;
"and a token client with invalid client credentials".x(
() => client = new TokenClient(
TokenCredentials.FromBasicAuthentication("client", "client"),
Fixture.Client,
new Uri(WellKnownOpenidConfiguration)));
"when requesting auth token".x(
async() =>
{
result = await client.GetToken(TokenRequest.FromPassword("someone", "xxx", new[] { "openid" }, "pwd"))
.ConfigureAwait(false);
});
"then does not have token".x(() => { Assert.IsType <Option <GrantedTokenResponse> .Error>(result); });
}
public void SuccessfulResourceOwnerRefresh()
{
TokenClient client = null !;
GrantedTokenResponse result = null !;
GrantedTokenResponse refreshed = null !;
"and a properly token client".x(
() => client = new TokenClient(
TokenCredentials.FromBasicAuthentication("client", "client"),
_fixture.Client,
new Uri(WellKnownOpenidConfiguration)));
"when requesting auth token".x(
async() =>
{
var response = await client
.GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid", "offline" }))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
result = response.Item;
});
"then can get new token from refresh token".x(
async() =>
{
var response = await client.GetToken(TokenRequest.FromRefreshToken(result.RefreshToken))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
Assert.NotNull(response);
refreshed = response.Item;
});
"and token has custom custom claims".x(
() =>
{
var handler = new JwtSecurityTokenHandler();
var refreshedClaims = handler.ReadJwtToken(refreshed.AccessToken).Claims;
Assert.Contains(refreshedClaims, c => c.Type == "acceptance_test");
});
}
public void SuccessfulResourceOwnerClaimsUpdate()
{
TokenClient client = null !;
GrantedTokenResponse tokenResponse = null !;
HttpResponseMessage updateResponse = null !;
"and a properly configured token client".x(
() => client = new TokenClient(
TokenCredentials.FromBasicAuthentication("client", "client"),
_fixture.Client,
new Uri(WellKnownOpenidConfiguration)));
"when requesting token".x(
async() =>
{
var response = await client
.GetToken(TokenRequest.FromPassword("user", "password", new[] { "openid", "offline" }))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
tokenResponse = response.Item;
});
"and valid access token is received".x(
() =>
{
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
IssuerSigningKeys = _jwks.GetSigningKeys(),
ValidAudience = "client",
ValidIssuer = "https://localhost"
};
tokenHandler.ValidateToken(tokenResponse.AccessToken, validationParameters, out var token);
Assert.NotEmpty(((JwtSecurityToken)token).Claims);
});
"and updating own claims".x(
async() =>
{
var updateRequest = new UpdateResourceOwnerClaimsRequest
{
Subject = "user", Claims = new[] { new ClaimData {
Type = "test", Value = "something"
} }
};
var json = JsonConvert.SerializeObject(updateRequest);
var request = new HttpRequestMessage
{
Content = new StringContent(json, Encoding.UTF8, "application/json"),
Method = HttpMethod.Post,
RequestUri = new Uri(_fixture.Server.BaseAddress + "resource_owners/claims")
};
request.Headers.Authorization = new AuthenticationHeaderValue(
JwtBearerDefaults.AuthenticationScheme,
tokenResponse.AccessToken);
updateResponse = await _fixture.Client().SendAsync(request).ConfigureAwait(false);
});
"then update is successful".x(() => { Assert.Equal(HttpStatusCode.OK, updateResponse.StatusCode); });
}