public void When_Passing_Null_Parameters_To_ClientSecretPost_Then_Exceptions_Are_Thrown() { // ARRANGE InitializeFakeObjects(); // ACT & ASSERT Assert.Throws <ArgumentNullException>(() => _clientAuthSelector.UseClientSecretPostAuth(null, null)); Assert.Throws <ArgumentNullException>(() => _clientAuthSelector.UseClientSecretPostAuth("client_id", null)); }
public async Task When_Using_ClientCredentials_Grant_Type_Then_AccessToken_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("resource_server", "resource_server") .UseClientCredentials("uma_protection", "uma_authorization") .ResolveAsync(baseUrl + "/.well-known/uma2-configuration"); // ASSERTS Assert.NotNull(result); Assert.NotEmpty(result.AccessToken); }
public async Task When_Revoke_Token_And_Client_Cannot_Be_Authenticated_Then_Error_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var ex = await _clientAuthSelector.UseClientSecretPostAuth("invalid_client", "invalid_client") .RevokeToken("access_token", TokenType.AccessToken) .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); // ASSERT Assert.True(ex.ContainsError); Assert.Equal((string)"invalid_client", (string)ex.Error.Error); Assert.Equal((string)"the client doesn't exist", (string)ex.Error.ErrorDescription); }
public async Task When_Using_ClientCredentials_Grant_Type_Then_AccessToken_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("stateless_client", "stateless_client") .UseClientCredentials("openid") .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); // var claims = await _userInfoClient.Resolve(baseUrl + "/.well-known/openid-configuration", result.AccessToken); // ASSERTS Assert.NotNull(result); Assert.NotEmpty(result.AccessToken); }
public async Task When_Ticket_Id_Doesnt_Exist_Then_Error_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var token = await _clientAuthSelector.UseClientSecretPostAuth("resource_server", "resource_server") // Try to get the access token via "ticket_id" grant-type. .UseTicketId("ticket_id", "") .ResolveAsync(baseUrl + "/.well-known/uma2-configuration"); // ASSERT Assert.NotNull(token); Assert.True(token.ContainsError); Assert.Equal("invalid_ticket", token.Error.Error); Assert.Equal("the ticket ticket_id doesn't exist", token.Error.ErrorDescription); }
public async Task When_Pass_Client_Access_Token_To_UserInfo_Then_Error_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("stateless_client", "stateless_client") .UseClientCredentials("openid") .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); var getUserInfoResult = await _userInfoClient.Resolve(baseUrl + "/.well-known/openid-configuration", result.Content.AccessToken); // ASSERTS Assert.NotNull(getUserInfoResult); Assert.True(getUserInfoResult.ContainsError); Assert.Equal("invalid_token", getUserInfoResult.Error.Error); Assert.Equal("not a valid resource owner token", getUserInfoResult.Error.ErrorDescription); }
public async Task When_Introspecting_IdToken_Then_Information_Are_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("client", "client") .UsePassword("administrator", "password", "scim") .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); var introspection = await _clientAuthSelector.UseClientSecretPostAuth("client", "client") .Introspect(result.IdToken, TokenType.AccessToken) .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); // ASSERT Assert.NotNull(introspection); Assert.NotNull(introspection.Scope); Assert.True(introspection.Scope.Count() == 1 && introspection.Scope.First() == "scim"); }
public async Task When_Get_Filter_And_Doesnt_Exist_Then_Not_Found_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); _server.SharedCtx.Oauth2IntrospectionHttpClientFactory.Setup(h => h.GetHttpClient()).Returns(_server.Client); var grantedToken = await _clientAuthSelector.UseClientSecretPostAuth("stateless_client", "stateless_client") .UseClientCredentials("manage_account_filtering") .ResolveAsync($"{baseUrl}/.well-known/openid-configuration").ConfigureAwait(false); // ACT var result = await _filterClient.Get(baseUrl + "/filters", "filter_id", grantedToken.Content.AccessToken); // ASSERTS Assert.True((bool)result.ContainsError); Assert.Equal(HttpStatusCode.NotFound, result.HttpStatus); }
public async Task When_Get_AccessToken_Then_Signature_Is_Correct() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); var jwsParser = new JwsParserFactory().BuildJwsParser(); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("client", "client") .UsePassword("administrator", "password", "scim") .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); var jwks = await _jwksClient.ResolveAsync(baseUrl + "/.well-known/openid-configuration"); // ASSERTS Assert.NotNull(result); Assert.False(result.ContainsError); Assert.NotEmpty(result.Content.AccessToken); var accessToken = result.Content.AccessToken; var payload = jwsParser.ValidateSignature(accessToken, jwks); Assert.NotNull(payload); }
public async Task When_Use_RefreshToken_Grant_Type_And_Another_Client_Tries_ToRefresh_Then_Json_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("stateless_client", "stateless_client") .UseClientCredentials("openid") .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); var refreshToken = await _clientAuthSelector.UseClientSecretPostAuth("client", "client") .UseRefreshToken(result.Content.RefreshToken) .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); // ASSERTS Assert.Equal(HttpStatusCode.BadRequest, refreshToken.Status); Assert.Equal("invalid_grant", refreshToken.Error.Error); Assert.Equal("the refresh token can be used only by the same issuer", refreshToken.Error.ErrorDescription); }
public async Task When_Link_Profile_And_No_UserId_Is_Passed_Then_Error_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); _server.SharedCtx.Oauth2IntrospectionHttpClientFactory.Setup(h => h.GetHttpClient()).Returns(_server.Client); var grantedToken = await _clientAuthSelector.UseClientSecretPostAuth("stateless_client", "stateless_client") .UseClientCredentials("manage_profile") .ResolveAsync($"{baseUrl}/.well-known/openid-configuration").ConfigureAwait(false); // ACT var result = await _profileClient.LinkProfile(baseUrl + "/profiles", "currentSubject", new LinkProfileRequest { }, grantedToken.Content.AccessToken); // ASSERT Assert.True((bool)result.ContainsError); Assert.Equal((string)"invalid_request", (string)result.Error.Error); Assert.Equal((string)"the parameter user_id is missing", (string)result.Error.ErrorDescription); }
public async Task When_Using_Password_Grant_Type_Then_Access_Token_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("client", "client") .UsePassword("administrator", "password", "scim") .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); // var claims = await _userInfoClient.Resolve(baseUrl + "/.well-known/openid-configuration", result.AccessToken); // ASSERTS Assert.NotNull(result); Assert.NotEmpty(result.AccessToken); /* * Assert.NotNull(claims); * Assert.True(claims[Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject].ToString() == "administrator"); * Assert.True(claims[Core.Jwt.Constants.StandardResourceOwnerClaimNames.ScimId].ToString() == "id"); * Assert.True(claims[Core.Jwt.Constants.StandardResourceOwnerClaimNames.ScimLocation].ToString() == "http://localhost:5555/Users/id"); */ }
public async Task When_Introspect_Identity_Token_Then_Claims_Are_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("client", "client") .UsePassword("superuser", "password", "role") .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); var authResult = await UserInfoIntrospectionHandler.HandleAuthenticate(_httpClientFactoryStub.Object, baseUrl + "/.well-known/openid-configuration", result.Content.AccessToken); // ASSERT Assert.True(authResult.Succeeded); }
public async Task When_Empty_Json_Request_Is_Passed_To_Registration_Api_Then_Error_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); _server.SharedCtx.Oauth2IntrospectionHttpClientFactory.Setup(h => h.GetHttpClient()).Returns(_server.Client); var grantedToken = await _clientAuthSelector.UseClientSecretPostAuth("stateless_client", "stateless_client") .UseClientCredentials("register_client") .ResolveAsync($"{baseUrl}/.well-known/openid-configuration").ConfigureAwait(false); var obj = new { fake = "fake" }; var fakeJson = JsonConvert.SerializeObject(obj, new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore }); var httpRequest = new HttpRequestMessage { Method = HttpMethod.Post, RequestUri = new Uri($"{baseUrl}/registration"), Content = new StringContent(fakeJson) }; httpRequest.Content.Headers.ContentType = new MediaTypeHeaderValue("application/json"); httpRequest.Headers.Add("Authorization", "Bearer " + grantedToken.Content.AccessToken); // ACT var httpResult = await _server.Client.SendAsync(httpRequest); var json = await httpResult.Content.ReadAsStringAsync().ConfigureAwait(false); var error = JsonConvert.DeserializeObject <ErrorResponseWithState>(json); // ASSERT Assert.Equal(HttpStatusCode.BadRequest, httpResult.StatusCode); Assert.Equal((string)"invalid_redirect_uri", (string)error.Error); Assert.Equal((string)"the parameter request_uris is missing", (string)error.ErrorDescription); }
private async Task <string> GetAccessToken() { var url = _options.Package.WellKnownConfigurationEdp; try { var response = await _clientAuthSelector.UseClientSecretPostAuth(_options.Package.ClientId, _options.Package.ClientSecret) .UseClientCredentials(Constants.Scope) .ResolveAsync(url); if (response == null) { return(null); } return(response.AccessToken); } catch { return(null); } }
public async Task <string> GetIdentityToken( string login, string password, params string[] scopes) { if (string.IsNullOrWhiteSpace(login)) { throw new ArgumentNullException(nameof(login)); } if (string.IsNullOrWhiteSpace(password)) { throw new ArgumentNullException(nameof(password)); } var grantedToken = await _clientAuthSelector .UseClientSecretPostAuth(_authOptions.ClientId, _authOptions.ClientSecret) .UsePassword(login, password, scopes) .ResolveAsync(_authOptions.OpenIdConfigurationUrl); return(grantedToken.IdToken); }
public async Task When_Introspect_And_Client_Not_Authenticated_Then_Error_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var introspection = await _clientAuthSelector.UseClientSecretPostAuth("invalid_client", "invalid_client") .Introspect("invalid_token", TokenType.AccessToken) .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); // ASSERT Assert.NotNull(introspection); Assert.True(introspection.ContainsError); Assert.Equal("invalid_client", introspection.Error.Error); Assert.Equal("the client doesn't exist", introspection.Error.ErrorDescription); }
public async Task When_Revoking_AccessToken_Then_True_Is_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("client", "client") .UsePassword("administrator", "password", "scim") .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); var revoke = await _clientAuthSelector.UseClientSecretPostAuth("client", "client") .RevokeToken(result.AccessToken, TokenType.AccessToken) .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); var ex = await Assert.ThrowsAsync <HttpRequestException>(() => _clientAuthSelector.UseClientSecretPostAuth("client", "client") .Introspect(result.AccessToken, TokenType.AccessToken) .ResolveAsync(baseUrl + "/.well-known/openid-configuration")); // ASSERT Assert.True(revoke); Assert.NotNull(ex); }