public void OldAccessTokenTokenShouldNotPingSuccessfully() { // Authenticate and get an access token var proxy1 = new AuthorisationProxy(); var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType = AuthorisationScopeType.Full } }.ToTextValues(); var response = proxy1.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword, scope); Assert.True(response.IsSuccessfull); Assert.NotNull(response.DataObject); Assert.True(response.DataObject.IsSuccessfull); var originalAccessToken = response.DataObject.AccessGrant.access_token; // Refresh the access token so the old one becomes invalid response = proxy1.RefreshAccessToken(response.DataObject.AccessGrant.refresh_token, scope); Assert.True(response.IsSuccessfull); Assert.NotNull(response.DataObject); Assert.True(response.DataObject.IsSuccessfull); // Now try and authenicate and access a resource with the invalidated original access token which should fail. var proxy2 = new AuthorisationProxy(originalAccessToken); var pingResult = proxy2.AuthorisationPing(); Assert.NotNull(pingResult); Assert.False(pingResult.IsSuccessfull); //Assert.AreEqual<HttpStatusCode>(HttpStatusCode.Unauthorized, pingResult.StatusCode); Assert.Equal(pingResult.StatusCode, HttpStatusCode.Unauthorized); }
public void InValidBearerTokenShouldNotPingSuccessfully() { var proxy = new AuthorisationProxy("bogustoken"); var pingResult = proxy.AuthorisationPing(); Assert.NotNull(pingResult); Assert.False(pingResult.IsSuccessfull); //Assert.AreEqual<HttpStatusCode>(HttpStatusCode.Unauthorized, pingResult.StatusCode); Assert.Equal(pingResult.StatusCode, HttpStatusCode.Unauthorized); }
public void ValidBearerTokenShouldPingSuccessfully() { var proxy = new AuthorisationProxy(); var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType = AuthorisationScopeType.Full } }.ToTextValues(); var response = proxy.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword, scope); Assert.True(response.IsSuccessfull); Assert.True(response.DataObject.IsSuccessfull); proxy.BearerToken = response.DataObject.AccessGrant.access_token; var pingResult = proxy.AuthorisationPing(); Assert.NotNull(pingResult); Assert.True(pingResult.IsSuccessfull); }
public void ShouldBeAbleToRefreshValidAccessToken() { var proxy = new AuthorisationProxy(); var scope = new AuthorisationScope[] { new AuthorisationScope { ScopeType = AuthorisationScopeType.Full } }.ToTextValues(); var response = proxy.PasswordCredentialsGrantRequest(TestConfig.TestUser, TestConfig.TestUserPassword, scope); Assert.True(response.IsSuccessfull); Assert.True(response.DataObject.IsSuccessfull); proxy.BearerToken = response.DataObject.AccessGrant.access_token; var pingResult = proxy.AuthorisationPing(); Assert.NotNull(pingResult); Assert.True(pingResult.IsSuccessfull); // Now ask for a refresh token var proxy2 = new AuthorisationProxy(); var refreshResponse = proxy2.RefreshAccessToken(response.DataObject.AccessGrant.refresh_token, scope); Assert.NotNull(refreshResponse); Assert.True(refreshResponse.IsSuccessfull); //Assert.AreNotEqual<string>(response.DataObject.AccessGrant.access_token, refreshResponse.DataObject.AccessGrant.access_token); //Assert.AreEqual<string>(response.DataObject.AccessGrant.refresh_token, refreshResponse.DataObject.AccessGrant.refresh_token); Assert.NotEqual(response.DataObject.AccessGrant.access_token, refreshResponse.DataObject.AccessGrant.access_token); Assert.Equal(refreshResponse.DataObject.AccessGrant.refresh_token, response.DataObject.AccessGrant.refresh_token); // Now check the access token after refresh works var proxy3 = new AuthorisationProxy(refreshResponse.DataObject.AccessGrant.access_token); var pingResult2 = proxy3.AuthorisationPing(); Assert.NotNull(pingResult2); Assert.True(pingResult2.IsSuccessfull); // And finally ensure the previous access token (before refresh is invalid) var proxy4 = new AuthorisationProxy(response.DataObject.AccessGrant.access_token); var pingResult3 = proxy4.AuthorisationPing(); Assert.NotNull(pingResult3); Assert.False(pingResult3.IsSuccessfull); //Assert.AreEqual<HttpStatusCode>(HttpStatusCode.Unauthorized, pingResult3.StatusCode); Assert.Equal(pingResult3.StatusCode, HttpStatusCode.Unauthorized); }