public async Task IdentityServerProxy_GetClientCredentialsAsync_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1" }, AllowedGrantTypes = new[] { GrantType.ClientCredentials }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200 }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetClientAccessTokenAsync(clientConfiguration, "api1"); Assert.NotNull(tokenResponse); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); Assert.NotNull(tokenResponse.AccessToken); Assert.Equal(7200, tokenResponse.ExpiresIn); Assert.Equal("Bearer", tokenResponse.TokenType); }
public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Invalid_User_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .CreateWebHostBuider(); var identityServerClient = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerClient.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password1"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.True(tokenResponse.IsError); }
IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilderOptions_Token_Endpoint_Disabled_Fails() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator)) .UseIdentityServerOptionsBuilder(options => options.Endpoints.EnableTokenEndpoint = false) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.True(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); }
public WeatherForecastControllerTest() { var identityServerWebHostBuilder = new WebHostBuilder() .UseStartup <Startup>() .UseDefaultServiceProvider(x => x.ValidateScopes = false) .UseKestrel(); identityServerProxy = new IdentityServerProxy(identityServerWebHostBuilder); var server = new TestServer(new WebHostBuilder() .UseStartup <TestStartup>() .ConfigureServices( services => { services .AddSingleton(identityServerProxy.IdentityServer.CreateHandler()); }) .UseDefaultServiceProvider(x => x.ValidateScopes = false) .UseKestrel()); client = server.CreateClient(); identityClient = identityServerProxy.IdentityServer.CreateClient(); }
private void ConfigureIdentityServer() { var clientConfiguration = new ClientConfiguration("TestClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "jp_api.user", "jp_api.is4" }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200 }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource { Name = "jp_api", DisplayName = "JP API", Description = "OAuth2 Server Management Api", ApiSecrets = { new Secret("Q&tGrEQMypEk.XxPU:%bWDZMdpZeJiyMwpLv4F7d**w9x:7KuJ#fy,E8KPHpKz++".Sha256()) }, UserClaims = { IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile, IdentityServerConstants.StandardScopes.Email, "is4-rights", "username", "roles" }, Scopes = { new Scope() { Name = "jp_api.user", DisplayName = "User Management - Full access", Description = "Full access to User Management", Required = true }, new Scope() { Name = "jp_api.is4", DisplayName = "OAuth2 Server", Description = "Manage mode to IS4", Required = true } } }) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .CreateWebHostBuider(); IdentityServerClient = new IdentityServerProxy(webHostBuilder); }
public async Task IdentityServerProxy_GetUserInfoAsync_Valid_Token_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess, IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddIdentityResources(new IdentityResources.OpenId(), new IdentityResources.Profile()) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .UseProfileService(new SimpleProfileService()) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var scopes = new[] { "api1", "offline_access", "openid", "profile" }; var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), scopes); // We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); var userInfoResponse = await identityServerProxy .GetUserInfoAsync(tokenResponse.AccessToken); Assert.NotNull(userInfoResponse); Assert.False(userInfoResponse.IsError); Assert.NotNull(userInfoResponse.Claims); var subjectClaim = userInfoResponse.Claims.First(claim => claim.Type == JwtClaimTypes.Subject); Assert.NotNull(subjectClaim); Assert.Equal("user", subjectClaim.Value); }
public async Task IdentityServerProxy_GetRefreshTokenAsync_WithScope_In_Parameters_Valid_User_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(new SimpleResourceOwnerPasswordValidator()) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); const string scopes = "api1 offline_access"; var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), new Dictionary <string, string> { { "Scope", scopes } }); // We are breaking the pattern arrange / act / assert here but we need to make sure token requested successfully first Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); var refreshTokenResponse = await identityServerProxy .GetRefreshTokenAsync(clientConfiguration, tokenResponse.RefreshToken, new Dictionary <string, string> { { "Scope", scopes } }); Assert.NotNull(refreshTokenResponse); Assert.False(refreshTokenResponse.IsError, refreshTokenResponse.Error ?? refreshTokenResponse.ErrorDescription); Assert.NotNull(refreshTokenResponse.AccessToken); Assert.NotNull(refreshTokenResponse.RefreshToken); Assert.Equal(7200, refreshTokenResponse.ExpiresIn); Assert.Equal("Bearer", refreshTokenResponse.TokenType); }
public async Task IdentityServerProxy_GetTokenAsync_Extension_Grant_Valid_User_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess, IdentityServerConstants.StandardScopes.OpenId, IdentityServerConstants.StandardScopes.Profile }, AllowedGrantTypes = new[] { "Custom" }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .AddIdentityResources(new IdentityResources.OpenId(), new IdentityResources.Profile()) .UseServices((context, collection) => collection.AddScoped <IExtensionGrantValidator, ExtensionsGrantValidator>()) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var scopes = new[] { "api1", "offline_access", "openid", "profile" }; var tokenResponse = await identityServerProxy.GetTokenAsync(clientConfiguration, "Custom", new Dictionary <string, string> { { "scope", string.Join(" ", scopes) }, { "username", "user" }, { "password", "password" }, }); Assert.NotNull(tokenResponse); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); Assert.Equal(7200, tokenResponse.ExpiresIn); Assert.NotNull(tokenResponse.AccessToken); Assert.NotNull(tokenResponse.RefreshToken); }
public async Task IdentityServerProxy_GetResourceOwnerTokenAsync_Custom_WebHost_Succeeds() { var host = new IdentityServerHostBuilder() .UseWebHostBuilder(Program.CreateWebHostBuilder(new string[] { })) .CreateWebHostBuider(); var proxy = new IdentityServerProxy(host); var scopes = new[] { "api1", "offline_access", "openid", "profile" }; var tokenResponse = await proxy.GetResourceOwnerPasswordAccessTokenAsync( new ClientConfiguration(Clients.Id, Clients.Secret), new UserLoginConfiguration("user1", "password1"), scopes); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); }
public async Task Test_Not_Working() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1" }, AllowedGrantTypes = new[] { GrantType.ClientCredentials }, AccessTokenType = AccessTokenType.Jwt, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerWebHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .CreateWebHostBuilder(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetClientAccessTokenAsync(clientConfiguration, "api1"); var apiServer = new TestServer(new WebHostBuilder() .ConfigureAppConfiguration(builder => { var configuration = new ConfigurationBuilder() .AddJsonFile(Path.Combine(AppContext.BaseDirectory, "appsettings.json")) .Build(); builder.AddConfiguration(configuration); }) .ConfigureServices( services => services.AddSingleton(identityServerProxy.IdentityServer.CreateHandler())) .UseStartup <Startup>()); var apiClient = apiServer.CreateClient(); apiClient.SetBearerToken(tokenResponse.AccessToken); var response = await apiClient.GetAsync("/api/values/"); Assert.Equal(HttpStatusCode.OK, response.StatusCode); }
IdentityServerProxy_GetResourceOwnerTokenAsync_Valid_User_Custom_IdentityServerBuilder_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1", IdentityServerConstants.StandardScopes.OfflineAccess }, AllowedGrantTypes = new[] { GrantType.ClientCredentials, GrantType.ResourceOwnerPassword }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200, AllowOfflineAccess = true }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .UseResourceOwnerPasswordValidator(typeof(SimpleResourceOwnerPasswordValidator)) .UseIdentityServerBuilder(services => services .AddIdentityServer() .AddDefaultEndpoints() .AddDeveloperSigningCredential() ) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetResourceOwnerPasswordAccessTokenAsync(clientConfiguration, new UserLoginConfiguration("user", "password"), "api1", "offline_access"); Assert.NotNull(tokenResponse); Assert.False(tokenResponse.IsError, tokenResponse.Error ?? tokenResponse.ErrorDescription); Assert.NotNull(tokenResponse.AccessToken); Assert.NotNull(tokenResponse.RefreshToken); Assert.Equal(7200, tokenResponse.ExpiresIn); Assert.Equal("Bearer", tokenResponse.TokenType); }
public async Task IdentityServerProxy_GetDiscoverDocumentAsync_Succeeds() { var webHostBuilder = new IdentityServerHostBuilder() .AddClients(new Client { ClientId = "MyClient", ClientSecrets = new List <Secret> { new Secret("MySecret".Sha256()) } }) .AddApiResources(new ApiResource()) .CreateWebHostBuider(); var identityServerClient = new IdentityServerProxy(webHostBuilder); var discoveryResponse = await identityServerClient.GetDiscoverResponseAsync(); Assert.NotNull(discoveryResponse); Assert.False(discoveryResponse.IsError, discoveryResponse.Error); }
public async Task IdentityServerProxy_GetClientCredentialsAsync_Authorize_Api_Succeeds() { var clientConfiguration = new ClientConfiguration("MyClient", "MySecret"); var client = new Client { ClientId = clientConfiguration.Id, ClientSecrets = new List <Secret> { new Secret(clientConfiguration.Secret.Sha256()) }, AllowedScopes = new[] { "api1" }, AllowedGrantTypes = new[] { GrantType.ClientCredentials }, AccessTokenType = AccessTokenType.Jwt, AccessTokenLifetime = 7200 }; var webHostBuilder = new IdentityServerHostBuilder() .AddClients(client) .AddApiResources(new ApiResource("api1", "api1name")) .CreateWebHostBuider(); var identityServerProxy = new IdentityServerProxy(webHostBuilder); var tokenResponse = await identityServerProxy.GetClientAccessTokenAsync(clientConfiguration, "api1"); var apiWebHostBuilder = WebHost.CreateDefaultBuilder() .ConfigureServices(services => services.AddSingleton(identityServerProxy.IdentityServer.CreateHandler())) .UseStartup <IdentityServer4.Api.Startup>(); var apiServer = new TestServer(apiWebHostBuilder); var apiClient = apiServer.CreateClient(); apiClient.SetBearerToken(tokenResponse.AccessToken); var apiResponse = await apiClient.GetAsync("api/auth"); Assert.True(apiResponse.IsSuccessStatusCode, "should have been authenticated!"); }