public async Task Valid_Code_Request()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
RedirectUri = "https://server/cb",
RequestedScopes = new List<Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeFalse();
}
public async Task Unknown_Grant_Type()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "unknown");
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.TokenErrors.UnsupportedGrantType, result.Error);
}
public async Task Invalid_AuthorizationCode()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = "https://server/cb",
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "invalid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.InvalidGrant);
}
public async Task Reused_AuthorizationCode()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenValidator(
authorizationCodeStore: store,
customRequestValidator: new DefaultCustomRequestValidator());
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
// request first time
var result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsFalse(result.IsError);
// request second time
validator = Factory.CreateTokenValidator(
authorizationCodeStore: store,
customRequestValidator: new DefaultCustomRequestValidator());
result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error);
}
public async Task Expired_AuthorizationCode()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
CreationTime = DateTime.UtcNow.AddSeconds(-100)
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error);
}
public async Task Client_Trying_To_Request_Token_Using_Another_Clients_Code()
{
var client1 = await _clients.FindClientByIdAsync("codeclient");
var client2 = await _clients.FindClientByIdAsync("codeclient_restricted");
var store = new InMemoryAuthorizationCodeStore();
var code = new AuthorizationCode
{
Client = client1,
IsOpenId = true,
RedirectUri = new Uri("https://server/cb"),
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenValidator(
authorizationCodeStore: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client2);
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error);
}
public async Task Code_Request_with_disabled_User()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var mock = new Mock<IUserService>();
mock.Setup(u => u.IsActiveAsync(It.IsAny<ClaimsPrincipal>())).Returns(Task.FromResult(false));
var code = new AuthorizationCode
{
Client = client,
RedirectUri = "https://server/cb",
RequestedScopes = new List<Scope>
{
new Scope
{
Name = "openid"
}
}
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store,
userService: mock.Object);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode);
parameters.Add(Constants.TokenRequest.Code, "valid");
parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
}