public async Task No_state_should_not_result_in_shash() { await _pipeline.LoginAsync("bob"); var nonce = Guid.NewGuid().ToString(); _pipeline.BrowserClient.AllowAutoRedirect = false; var url = _pipeline.CreateAuthorizeUrl( clientId: "code_pipeline.Client", responseType: "code", scope: "openid", redirectUri: "https://code_pipeline.Client/callback?foo=bar&baz=quux", nonce: nonce); var response = await _pipeline.BrowserClient.GetAsync(url); var authorization = _pipeline.ParseAuthorizationResponseUrl(response.Headers.Location.ToString()); authorization.Code.Should().NotBeNull(); var code = authorization.Code; // backchannel client var wrapper = new MessageHandlerWrapper(_pipeline.Handler); var tokenClient = new HttpClient(wrapper); var tokenResult = await tokenClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest { Address = IdentityServerPipeline.TokenEndpoint, ClientId = "code_pipeline.Client", ClientSecret = "secret", Code = code, RedirectUri = "https://code_pipeline.Client/callback?foo=bar&baz=quux" }); tokenResult.IsError.Should().BeFalse(); tokenResult.HttpErrorReason.Should().Be("OK"); tokenResult.TokenType.Should().Be("Bearer"); tokenResult.AccessToken.Should().NotBeNull(); tokenResult.ExpiresIn.Should().BeGreaterThan(0); tokenResult.IdentityToken.Should().NotBeNull(); var token = new JwtSecurityToken(tokenResult.IdentityToken); token.Claims.Count().Should().Be(12); var s_hash = token.Claims.FirstOrDefault(c => c.Type == "s_hash"); s_hash.Should().BeNull(); }
public async Task Preserves_query_parameters_in_redirect_uri() { await _mockPipeline.LoginAsync("bob"); var nonce = Guid.NewGuid().ToString(); var state = Guid.NewGuid().ToString(); _mockPipeline.BrowserClient.AllowAutoRedirect = false; var url = _mockPipeline.CreateAuthorizeUrl( clientId: "code_client", responseType: "code", scope: "openid", redirectUri: "https://code_client/callback?foo=bar&baz=quux", state: state, nonce: nonce); var response = await _mockPipeline.BrowserClient.GetAsync(url); response.StatusCode.Should().Be(HttpStatusCode.Redirect); response.Headers.Location.ToString().Should().StartWith("https://code_client/callback?"); var authorization = _mockPipeline.ParseAuthorizationResponseUrl(response.Headers.Location.ToString()); authorization.Code.Should().NotBeNull(); authorization.State.Should().Be(state); var query = Microsoft.AspNetCore.WebUtilities.QueryHelpers.ParseQuery(response.Headers.Location.Query); query["foo"].ToString().Should().Be("bar"); query["baz"].ToString().Should().Be("quux"); }
public async Task Token_endpoint_supports_client_authentication_with_basic_authentication_with_POST() { await _pipeline.LoginAsync("bob"); var nonce = Guid.NewGuid().ToString(); _pipeline.BrowserClient.AllowAutoRedirect = false; var url = _pipeline.CreateAuthorizeUrl( clientId: "code_pipeline.Client", responseType: "code", scope: "openid", redirectUri: "https://code_pipeline.Client/callback?foo=bar&baz=quux", nonce: nonce); var response = await _pipeline.BrowserClient.GetAsync(url); var authorization = _pipeline.ParseAuthorizationResponseUrl(response.Headers.Location.ToString()); authorization.Code.Should().NotBeNull(); var code = authorization.Code; // backchannel client var wrapper = new MessageHandlerWrapper(_pipeline.Handler); var tokenClient = new HttpClient(wrapper); var tokenResult = await tokenClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest { Address = IdentityServerPipeline.TokenEndpoint, ClientId = "code_pipeline.Client", ClientSecret = "secret", Code = code, RedirectUri = "https://code_pipeline.Client/callback?foo=bar&baz=quux" }); tokenResult.IsError.Should().BeFalse(); tokenResult.HttpErrorReason.Should().Be("OK"); tokenResult.TokenType.Should().Be("Bearer"); tokenResult.AccessToken.Should().NotBeNull(); tokenResult.ExpiresIn.Should().BeGreaterThan(0); tokenResult.IdentityToken.Should().NotBeNull(); wrapper.Response.Headers.CacheControl.NoCache.Should().BeTrue(); wrapper.Response.Headers.CacheControl.NoStore.Should().BeTrue(); }