public async Task GetClientAccessTokenReturnsApprovedScope()
{
string[] approvedScopes = new[] { "Scope2", "Scope3" };
var authServer = CreateAuthorizationServerMock();
authServer.Setup(
a => a.IsAuthorizationValid(It.Is <IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns(true);
authServer.Setup(
a => a.CheckAuthorizeClientCredentialsGrant(It.Is <IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns <IAccessTokenRequest>(req => {
var response = new AutomatedAuthorizationCheckResponse(req, true);
response.ApprovedScope.ResetContents(approvedScopes);
return(response);
});
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async(req, ct) => {
var server = new AuthorizationServer(authServer.Object);
return(await server.HandleTokenRequestAsync(req, ct));
});
var client = new WebServerClient(AuthorizationServerDescription, ClientId, ClientSecret, this.HostFactories);
var authState = await client.GetClientAccessTokenAsync(TestScopes);
Assert.That(authState.Scope, Is.EquivalentTo(approvedScopes));
}
public void ClientCredentialScopeOverride()
{
var clientRequestedScopes = new[] { "scope1", "scope2" };
var serverOverriddenScopes = new[] { "scope1", "differentScope" };
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeClientCredentialsGrant(It.IsAny <IAccessTokenRequest>()))
.Returns <IAccessTokenRequest>(req => {
var response = new AutomatedAuthorizationCheckResponse(req, true);
response.ApprovedScope.Clear();
response.ApprovedScope.UnionWith(serverOverriddenScopes);
return(response);
});
var coordinator = new OAuth2Coordinator <WebServerClient>(
AuthorizationServerDescription,
authServerMock.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = new AuthorizationState(TestScopes)
{
Callback = ClientCallback,
};
var result = client.GetClientAccessToken(clientRequestedScopes);
Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes));
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public async Task ClientCredentialScopeOverride()
{
var clientRequestedScopes = new[] { "scope1", "scope2" };
var serverOverriddenScopes = new[] { "scope1", "differentScope" };
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeClientCredentialsGrant(It.IsAny <IAccessTokenRequest>()))
.Returns <IAccessTokenRequest>(req => {
var response = new AutomatedAuthorizationCheckResponse(req, true);
response.ApprovedScope.Clear();
response.ApprovedScope.UnionWith(serverOverriddenScopes);
return(response);
});
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async(req, ct) => {
var server = new AuthorizationServer(authServerMock.Object);
return(await server.HandleTokenRequestAsync(req, ct));
});
var client = new WebServerClient(AuthorizationServerDescription, ClientId, ClientSecret, this.HostFactories);
var result = await client.GetClientAccessTokenAsync(clientRequestedScopes);
Assert.That(result.AccessToken, Is.Not.Null.And.Not.Empty);
Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes));
}
public void GetClientAccessTokenReturnsApprovedScope()
{
string[] approvedScopes = new[] { "Scope2", "Scope3" };
var authServer = CreateAuthorizationServerMock();
authServer.Setup(
a => a.IsAuthorizationValid(It.Is <IAuthorizationDescription>(d => d.User == null && d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns(true);
authServer.Setup(
a => a.CheckAuthorizeClientCredentialsGrant(It.Is <IAccessTokenRequest>(d => d.ClientIdentifier == ClientId && MessagingUtilities.AreEquivalent(d.Scope, TestScopes))))
.Returns <IAccessTokenRequest>(req => {
var response = new AutomatedAuthorizationCheckResponse(req, true);
response.ApprovedScope.ResetContents(approvedScopes);
return(response);
});
var coordinator = new OAuth2Coordinator <WebServerClient>(
AuthorizationServerDescription,
authServer.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = client.GetClientAccessToken(TestScopes);
Assert.That(authState.Scope, Is.EquivalentTo(approvedScopes));
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public void WhenCheckAuthorizeClientCredentialsGrantWithKnownClientApp_ReturnsApprovedScopes()
{
var scopes = new HashSet <string>(new[]
{
"foo"
});
var request = new Mock <IAccessTokenRequest>();
request.Setup(r => r.Scope).Returns(scopes);
request.Setup(r => r.ClientIdentifier).Returns("bar");
clientStore.Setup(cs => cs.GetClient(It.IsAny <string>()))
.Returns(new Mock <IClientDescription>().Object);
AutomatedAuthorizationCheckResponse result = server.CheckAuthorizeClientCredentialsGrant(request.Object);
Assert.Equal(scopes.First(), result.ApprovedScope.First());
Assert.True(result.IsApproved);
}
