public async Task Unknown_Grant_Type()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "unknown");
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.TokenErrors.UnsupportedGrantType, result.Error);
}
public async Task Valid_Code_Request()
{
var client = await _settings.FindClientByIdAsync("codeclient");
var store = new TestAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
};
await store.StoreAsync("valid", code);
var validator = ValidatorFactory.CreateTokenValidator(_settings, _logger,
authorizationCodeStore: store,
customRequestValidator: _customRequestValidator);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsFalse(result.IsError);
}
public async Task<AuthorizeResponse> CreateCodeFlowResponseAsync(ValidatedAuthorizeRequest request, ClaimsPrincipal subject)
{
var code = new AuthorizationCode
{
Client = request.Client,
Subject = subject,
IsOpenId = request.IsOpenIdRequest,
RequestedScopes = request.ValidatedScopes.GrantedScopes,
RedirectUri = request.RedirectUri,
WasConsentShown = request.WasConsentShown,
RefreshTokenLifetime = request.Client.RefreshTokenLifetime
};
// store id token and access token and return authorization code
var id = Guid.NewGuid().ToString("N");
await _authorizationCodes.StoreAsync(id, code);
return new AuthorizeResponse
{
RedirectUri = request.RedirectUri,
Code = id,
State = request.State
};
}
public Task StoreAsync(string key, AuthorizationCode value)
{
_repository[key] = value;
return Task.FromResult<object>(null);
}
public async Task Reused_AuthorizationCode()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenValidator(
authorizationCodeStore: store,
customRequestValidator: new DefaultCustomRequestValidator());
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
// request first time
var result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsFalse(result.IsError);
// request second time
validator = Factory.CreateTokenValidator(
authorizationCodeStore: store,
customRequestValidator: new DefaultCustomRequestValidator());
result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error);
}
public async Task Expired_AuthorizationCode()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
CreationTime = DateTime.UtcNow.AddSeconds(-100)
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error);
}
public async Task Client_Trying_To_Request_Token_Using_Another_Clients_Code()
{
var client1 = await _clients.FindClientByIdAsync("codeclient");
var client2 = await _clients.FindClientByIdAsync("codeclient_restricted");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client1,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client2);
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error);
}
public async Task Client_Not_Authorized_For_AuthorizationCode_Flow()
{
var client = await _settings.FindClientByIdAsync("implicitclient");
var store = new TestAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
};
await store.StoreAsync("valid", code);
var validator = ValidatorFactory.CreateTokenValidator(_settings, _logger,
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.TokenErrors.UnauthorizedClient, result.Error);
}
