public async Task Successful_token_request_should_trigger_authenticated_request_to_proper_api_when_multiple_clients_registered() { var tokenEndpointA = TokenEndpointHandler.ValidBearerToken("api-token-a", TimeSpan.MaxValue); var apiA = new DownstreamApiHandler(); var tokenEndpointB = TokenEndpointHandler.ValidBearerToken("api-token-b", TimeSpan.MaxValue); var apiB = new DownstreamApiHandler(); var client = HostFactory.CreateClient( "api-b", services => { services.AddHttpClient("api-a-authority").AddHttpMessageHandler(() => tokenEndpointA); services.AddHttpClient("api-b-authority").AddHttpMessageHandler(() => tokenEndpointB); }, false, new DownstreamApi("api-a", apiA, b => b.AddOidcRefreshToken(o => { _options(o); o.AuthorityHttpClientName = "api-a-authority"; })), new DownstreamApi("api-b", apiB, b => b.AddOidcRefreshToken(o => { _options(o); o.AuthorityHttpClientName = "api-b-authority"; }))); await client.GetAsync("https://api-b"); Check.That(apiA.LastRequestToken).IsNull(); Check.That(apiB.LastRequestToken).IsEqualTo("api-token-b"); }
public async Task Token_request_error_should_trigger_unauthenticated_request_to_api() { var api = new DownstreamApiHandler(); var client = HostFactory.CreateClient( b => b.AddOidcRefreshToken(_options), TokenEndpointHandler.OidcProtocolError("invalid_grant"), api: api); await client.GetAsync("https://default"); Check.That(api.LastRequestToken).IsNull(); }
public void No_ClientId_should_throw() { Task Act() => HostFactory .CreateClient(b => b.AddOidcRefreshToken(o => { o.Authority = "https://authority"; })) .GetAsync("https://default"); Check.ThatAsyncCode(Act) .Throws <InvalidOperationException>() .WithMessage(GetExpectedValidationErrorMessage( "You must set ClientId.", "You must set ClientSecret.", "You must set RefreshTokenRetriever.")); }
public void Empty_options_should_throw() { Task Act() => HostFactory .CreateClient(b => b.AddOidcClientCredentials(o => { })) .GetAsync("https://default"); Check.ThatAsyncCode(Act) .Throws <InvalidOperationException>() .WithMessage(GetExpectedValidationErrorMessage( "You must either set Authority or TokenEndpoint.", "You must set ClientId.", "You must set ClientSecret.", "You must set Scope.")); }
public void No_Authority_but_TokenEndpoint_should_not_throw() { Task Act() => HostFactory .CreateClient( b => b.AddOidcRefreshToken(o => { o.TokenEndpoint = "https://authority/connect/token"; o.ClientId = "test-client"; o.ClientSecret = "test-client secret key"; o.RefreshTokenRetriever = (_) => "some-refresh-token"; }), TokenEndpointHandler.ValidBearerToken("some-token", TimeSpan.MaxValue)) .GetAsync("https://default"); Check.ThatAsyncCode(Act).Not.ThrowsAny(); }
public async Task Successful_token_request_should_trigger_TokenAcquired_event() { var eventsMock = new TokenEventsMock(); var client = HostFactory.CreateClient( b => b.AddOidcRefreshToken(o => { _options(o); o.Events = eventsMock.CreateEvents(); }), TokenEndpointHandler.ValidBearerToken("access-token", TimeSpan.MaxValue)); await client.GetAsync("https://default"); Check.That(eventsMock.LatestTokenAcquired).IsNotNull(); Check.That(eventsMock.LatestTokenAcquired.AccessToken).IsEqualTo("access-token"); }
public async Task Successful_token_request_should_trigger_authenticated_request_to_api() { var tokenEndpoint = TokenEndpointHandler.ValidBearerToken("access-token", TimeSpan.MaxValue); var api = new DownstreamApiHandler(); var client = HostFactory.CreateClient( b => b.AddOidcRefreshToken(_options), tokenEndpoint, api: api); await client.GetAsync("https://default"); Check.That(tokenEndpoint.LastRequestClientId).IsEqualTo(ClientId); Check.That(tokenEndpoint.LastRequestClientSecret).IsEqualTo(ClientSecret); Check.That(tokenEndpoint.LastRequestRefreshToken).IsEqualTo(RefreshToken); Check.That(api.LastRequestToken).IsEqualTo("access-token"); }
public void No_Scope_should_throw() { Task Act() => HostFactory .CreateClient(b => b.AddOidcClientCredentials(o => { o.Authority = "https://authority"; o.ClientId = "test-client"; o.ClientSecret = "test-client secret key"; })) .GetAsync("https://default"); Check.ThatAsyncCode(Act) .Throws <InvalidOperationException>() .WithMessage(GetExpectedValidationErrorMessage( "You must set Scope.")); }
public void EnableCaching_but_no_caching_service_should_throw() { Task Act() => HostFactory .CreateClient(b => b.AddOidcRefreshToken(o => { o.Authority = "https://authority"; o.ClientId = "test-client"; o.ClientSecret = "test-client secret key"; o.RefreshTokenRetriever = (_) => "some-refresh-token"; o.EnableCaching = true; }), addCaching: false) .GetAsync("https://default"); Check.ThatAsyncCode(Act) .Throws <InvalidOperationException>() .WithMessage("Caching is enabled, but no IDistributedCache is found in the services collection."); }
public async Task Token_request_error_should_trigger_TokenRequestFailed_event() { var eventsMock = new TokenEventsMock(); var client = HostFactory.CreateClient( b => b.AddOidcRefreshToken(o => { _options(o); o.Events = eventsMock.CreateEvents(); }), TokenEndpointHandler.OidcProtocolError("invalid_grant")); await client.GetAsync("https://default"); Check.That(eventsMock.LatestTokenRequestFailed).IsNotNull(); Check.That(eventsMock.LatestTokenRequestFailed.ErrorType).IsEqualTo(ResponseErrorType.Protocol); Check.That(eventsMock.LatestTokenRequestFailed.Error).IsEqualTo("invalid_grant"); }
public void EnabledCaching_with_caching_service_should_not_throw() { Task Act() => HostFactory .CreateClient( b => b.AddOidcClientCredentials(o => { o.TokenEndpoint = "https://authority/connect/token"; o.ClientId = "test-client"; o.ClientSecret = "test-client secret key"; o.Scope = "downstream-api"; }), TokenEndpointHandler.ValidBearerToken("some-token", TimeSpan.MaxValue), addCaching: true) .GetAsync("https://default"); Check.ThatAsyncCode(Act).Not.ThrowsAny(); }