private async Task <Tokens> GetTokensAsync() { await _mockPipeline.LoginAsync("bob"); var authorizationResponse = await _mockPipeline.RequestAuthorizationEndpointAsync( client_id, "code", "api offline_access", "https://client/callback"); authorizationResponse.IsError.Should().BeFalse(); authorizationResponse.Code.Should().NotBeNull(); var tokenResponse = await _mockPipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest { Address = IdentityServerPipeline.TokenEndpoint, ClientId = client_id, ClientSecret = client_secret, Code = authorizationResponse.Code, RedirectUri = redirect_uri }); tokenResponse.IsError.Should().BeFalse(); tokenResponse.AccessToken.Should().NotBeNull(); tokenResponse.RefreshToken.Should().NotBeNull(); return(new Tokens(tokenResponse)); }
public async Task logout_request_with_params_should_pass_values_in_logout_context() { await _mockPipeline.LoginAsync("bob"); var authorization = await _mockPipeline.RequestAuthorizationEndpointAsync( clientId : "client2", responseType : "id_token", scope : "openid", redirectUri : "https://client2/callback", state : "123_state", nonce : "123_nonce"); var id_token = authorization.IdentityToken; var response = await _mockPipeline.BrowserClient.GetAsync(IdentityServerPipeline.EndSessionEndpoint + "?id_token_hint=" + id_token + "&post_logout_redirect_uri=https://client2/signout-callback2"); _mockPipeline.LogoutWasCalled.Should().BeTrue(); _mockPipeline.LogoutRequest.Should().NotBeNull(); _mockPipeline.LogoutRequest.ClientId.Should().Be("client2"); _mockPipeline.LogoutRequest.PostLogoutRedirectUri.Should().Be("https://client2/signout-callback2"); var parts = _mockPipeline.LogoutRequest.SignOutIFrameUrl.Split('?'); parts[0].Should().Be(IdentityServerPipeline.EndSessionCallbackEndpoint); var iframeUrl = QueryHelpers.ParseNullableQuery(parts[1]); iframeUrl["endSessionId"].FirstOrDefault().Should().NotBeNull(); }
public async Task valid_request_to_federated_signout_endpoint_should_render_page_with_iframe() { await _pipeline.LoginAsync(_user); await _pipeline.RequestAuthorizationEndpointAsync( clientId : "client1", responseType : "id_token", scope : "openid", redirectUri : "https://client1/callback", state : "123_state", nonce : "123_nonce"); var response = await _pipeline.BrowserClient.GetAsync(IdentityServerPipeline.FederatedSignOutUrl + "?sid=123"); response.StatusCode.Should().Be(HttpStatusCode.OK); response.Content.Headers.ContentType.MediaType.Should().Be("text/html"); var html = await response.Content.ReadAsStringAsync(); html.Should().Contain("https://server/connect/endsession/callback?endSessionId="); }
private async Task <Tokens> GetTokensAsync() { await _mockPipeline.LoginAsync("bob"); var authorizationResponse = await _mockPipeline.RequestAuthorizationEndpointAsync( client_id, "code", "api offline_access", "https://client/callback"); authorizationResponse.IsError.Should().BeFalse(); authorizationResponse.Code.Should().NotBeNull(); var tokenClient = new TokenClient(IdentityServerPipeline.TokenEndpoint, client_id, client_secret, _mockPipeline.Handler); var tokenResponse = await tokenClient.RequestAuthorizationCodeAsync(authorizationResponse.Code, redirect_uri); tokenResponse.IsError.Should().BeFalse(); tokenResponse.AccessToken.Should().NotBeNull(); tokenResponse.RefreshToken.Should().NotBeNull(); return(new Tokens(tokenResponse)); }
public async Task Client_cannot_use_plain_code_challenge_method(string clientId) { await _pipeline.LoginAsync("bob"); var nonce = Guid.NewGuid().ToString(); var code_challenge = code_verifier; var authorizeResponse = await _pipeline.RequestAuthorizationEndpointAsync(clientId, response_type, IdentityServerConstants.StandardScopes.OpenId, redirect_uri, nonce : nonce, codeChallenge : code_challenge, codeChallengeMethod : OidcConstants.CodeChallengeMethods.Plain); _pipeline.ErrorWasCalled.Should().BeTrue(); _pipeline.ErrorMessage.Error.Should().Be(OidcConstants.AuthorizeErrors.InvalidRequest); }
public async Task remove_sessions_should_delete_refresh_tokens() { await _pipeline.LoginAsync("alice"); var authzResponse = await _pipeline.RequestAuthorizationEndpointAsync("client", "code", "openid api offline_access", "https://client/callback"); var tokenResponse = await _pipeline.BackChannelClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest { Address = IdentityServerPipeline.TokenEndpoint, ClientId = "client", Code = authzResponse.Code, RedirectUri = "https://client/callback" }); (await _grantStore.GetAllAsync(new PersistedGrantFilter { SubjectId = "alice" })).Should().NotBeEmpty(); await _sessionMgmt.RemoveSessionsAsync(new RemoveSessionsContext { SubjectId = "alice", RemoveServerSideSession = false, RevokeConsents = false, RevokeTokens = true, SendBackchannelLogoutNotification = false }); (await _grantStore.GetAllAsync(new PersistedGrantFilter { SubjectId = "alice" })).Should().BeEmpty(); }