public async Task InActive_token_with_inline_event_events_should_be_called()
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Inactive);
bool?validatedCalled = null;
bool?failureCalled = null;
var client = PipelineFactory.CreateClient(o =>
{
_options(o);
o.Events.OnTokenValidated = e =>
{
validatedCalled = true;
return(Task.CompletedTask);
};
o.Events.OnAuthenticationFailed = e =>
{
failureCalled = true;
return(Task.CompletedTask);
};
}, handler);
client.SetBearerToken("sometoken");
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
validatedCalled.Should().BeNull();
failureCalled.Should().BeTrue();
}
public async Task Repeated_inactive_token_with_caching_enabled_should_hit_cache()
{
var expectedToken = "expected_token";
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Inactive);
var server = PipelineFactory.CreateServer(o =>
{
_options(o);
o.SaveToken = true;
o.EnableCaching = true;
o.CacheDuration = TimeSpan.FromMinutes(10);
}, handler, true);
var client = server.CreateClient();
client.SetBearerToken(expectedToken);
var firstResponse = await client.GetAsync("http://test");
firstResponse.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
handler.SentIntrospectionRequest.Should().BeTrue();
handler.SentIntrospectionRequest = false;
var secondResponse = await client.GetAsync("http://test");
secondResponse.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
handler.SentIntrospectionRequest.Should().BeFalse();
AssertCacheItemExists(server, string.Empty, expectedToken);
}
public async Task ActiveToken_With_SavedToken_And_Caching_With_Cache_Key_Prefix()
{
var expectedToken = "expected_token";
var cacheKeyPrefix = "KeyPrefix";
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active, TimeSpan.FromHours(1));
var server = PipelineFactory.CreateServer(o =>
{
_options(o);
o.SaveToken = true;
o.EnableCaching = true;
o.CacheKeyPrefix = cacheKeyPrefix;
o.CacheDuration = TimeSpan.FromMinutes(10);
}, handler, true);
var client = server.CreateClient();
client.SetBearerToken(expectedToken);
var firstResponse = await client.GetAsync("http://test");
firstResponse.StatusCode.Should().Be(HttpStatusCode.OK);
var secondResponse = await client.GetAsync("http://test");
secondResponse.StatusCode.Should().Be(HttpStatusCode.OK);
var responseDataStr = await secondResponse.Content.ReadAsStringAsync();
var responseData = JsonConvert.DeserializeObject <Dictionary <string, string> >(responseDataStr);
responseData.Should().Contain("token", expectedToken);
AssertCacheItemExists(server, cacheKeyPrefix, expectedToken);
}
public async Task Repeated_active_token_with_caching_enabled_should_hit_cache()
{
var expectedToken = "expected_token";
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active, TimeSpan.FromHours(1));
var client = PipelineFactory.CreateClient((o) =>
{
_options(o);
o.SaveToken = true;
o.EnableCaching = true;
o.CacheDuration = TimeSpan.FromMinutes(10);
}, handler, true);
client.SetBearerToken(expectedToken);
var firstResponse = await client.GetAsync("http://test");
firstResponse.StatusCode.Should().Be(HttpStatusCode.OK);
handler.SentIntrospectionRequest.Should().BeTrue();
handler.SentIntrospectionRequest = false;
var secondResponse = await client.GetAsync("http://test");
handler.SentIntrospectionRequest.Should().BeFalse();
}
public void No_ClientName_But_Introspection_Handler()
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
Action act = () => PipelineFactory.CreateClient(options =>
{
options.IntrospectionEndpoint = "http://endpoint";
}, handler).GetAsync("http://test").GetAwaiter().GetResult();
act.Should().NotThrow();
}
public async Task Unauthorized_Client()
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Unauthorized);
var client = PipelineFactory.CreateClient(o => _options(o), handler);
client.SetBearerToken("sometoken");
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.Unauthorized);
}
public async Task ActiveToken_With_Discovery_Unavailable_On_First_Request()
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
var client = PipelineFactory.CreateClient(o => _options(o), handler);
client.SetBearerToken("sometoken");
handler.IsDiscoveryFailureTest = true;
await Assert.ThrowsAsync <InvalidOperationException>(async() => await client.GetAsync("http://test"));
handler.IsDiscoveryFailureTest = false;
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
}
public async Task ActiveToken()
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
var client = PipelineFactory.CreateClient(_options, handler);
client.SetBearerToken("sometoken");
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
var request = handler.LastRequest;
request.Should().ContainKey("client_id").WhichValue.Should().Be(clientId);
request.Should().ContainKey("client_secret").WhichValue.Should().Be(clientSecret);
}
public async Task ActiveToken_With_ClientAssertion(int ttl, string assertion1, string assertion2)
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
var count = 0;
var client = PipelineFactory.CreateClient(o =>
{
_options(o);
o.ClientSecret = null;
o.Events.OnUpdateClientAssertion = e =>
{
count++;
e.ClientAssertion = new ClientAssertion
{
Type = "testType",
Value = "testAssertion" + count
};
e.ClientAssertionExpirationTime = DateTime.UtcNow.AddMilliseconds(ttl);
return(Task.CompletedTask);
};
}, handler);
client.SetBearerToken("sometoken");
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
var request = handler.LastRequest;
request.Should().ContainKey("client_id").WhichValue.Should().Be(clientId);
request.Should().ContainKey("client_assertion_type").WhichValue.Should().Be("testType");
request.Should().ContainKey("client_assertion").WhichValue.Should().Be(assertion1);
result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
request = handler.LastRequest;
request.Should().ContainKey("client_id").WhichValue.Should().Be(clientId);
request.Should().ContainKey("client_assertion_type").WhichValue.Should().Be("testType");
request.Should().ContainKey("client_assertion").WhichValue.Should().Be(assertion2);
}
public async Task Authority_Get_Introspection_Endpoint()
{
OAuth2IntrospectionOptions ops = null;
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
var client = PipelineFactory.CreateClient(options =>
{
options.Authority = "https://authority.com/";
options.ClientId = "scope";
options.DiscoveryPolicy.RequireKeySet = false;
ops = options;
}, handler);
client.SetBearerToken("token");
await client.GetAsync("http://server/api");
ops.IntrospectionEndpoint.Should().Be("https://authority.com/introspection_endpoint");
}
public async Task ActiveToken_With_Caching_Ttl_Longer_Than_Duration()
{
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active, TimeSpan.FromHours(1));
var client = PipelineFactory.CreateClient(o =>
{
_options(o);
o.EnableCaching = true;
o.CacheDuration = TimeSpan.FromMinutes(10);
}, handler, true);
client.SetBearerToken("sometoken");
var result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
result = await client.GetAsync("http://test");
result.StatusCode.Should().Be(HttpStatusCode.OK);
}
public async Task ActiveToken_With_SavedToken()
{
var expectedToken = "expected_token";
var handler = new IntrospectionEndpointHandler(IntrospectionEndpointHandler.Behavior.Active);
var client = PipelineFactory.CreateClient(o =>
{
_options(o);
o.SaveToken = true;
}, handler);
client.SetBearerToken(expectedToken);
var response = await client.GetAsync("http://test");
response.StatusCode.Should().Be(HttpStatusCode.OK);
var responseDataStr = await response.Content.ReadAsStringAsync();
var responseData = JsonConvert.DeserializeObject <Dictionary <string, string> >(responseDataStr);
responseData.Should().Contain("token", expectedToken);
}
