public void Should_Accept_Encrypted_UserInfo() { rpid = "rp-user_info-enc"; // given OpenIdRelyingParty rp = new OpenIdRelyingParty(); string registrationEndopoint = GetBaseUrl("/registration"); OIDCClientInformation clientMetadata = new OIDCClientInformation(); clientMetadata.ApplicationType = "web"; clientMetadata.ResponseTypes = new List <ResponseType>() { ResponseType.IdToken }; clientMetadata.RedirectUris = new List <string>() { myBaseUrl + "id_token_flow_callback" }; clientMetadata.UserinfoEncryptedResponseAlg = "RSA1_5"; clientMetadata.UserinfoEncryptedResponseEnc = "A128CBC-HS256"; clientMetadata.JwksUri = myBaseUrl + "my_public_keys.jwks"; OIDCClientInformation clientInformation = rp.RegisterClient(registrationEndopoint, clientMetadata); OIDClaims requestClaims = new OIDClaims(); requestClaims.IdToken = new Dictionary <string, OIDClaimData>(); requestClaims.IdToken.Add("name", new OIDClaimData()); OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; requestMessage.Scope = new List <MessageScope>() { MessageScope.Openid, MessageScope.Profile, MessageScope.Address, MessageScope.Phone, MessageScope.Email }; requestMessage.ResponseType = new List <ResponseType>() { ResponseType.IdToken, ResponseType.Token }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Nonce = WebOperations.RandomString(); requestMessage.State = WebOperations.RandomString(); requestMessage.Claims = requestClaims; requestMessage.Validate(); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthImplicitResponseMessage authResponse = rp.ParseAuthImplicitResponse(result, requestMessage.Scope, requestMessage.State); X509Certificate2 encCert = new X509Certificate2("server.pfx", "", X509KeyStorageFlags.Exportable); List <OIDCKey> myKeys = KeyManager.GetKeysJwkList(null, encCert); // when OIDCUserInfoResponseMessage response = GetUserInfo(authResponse.Scope, authResponse.State, authResponse.AccessToken, null, true, null, myKeys); // then response.Validate(); Assert.IsNotNullOrEmpty(response.Name); }
public void Should_Accept_Signed_UserInfo() { rpid = "rp-user_info-sign"; // given OpenIdRelyingParty rp = new OpenIdRelyingParty(); string registrationEndopoint = GetBaseUrl("/registration"); OIDCClientInformation clientMetadata = new OIDCClientInformation(); clientMetadata.ApplicationType = "web"; clientMetadata.ResponseTypes = new List <ResponseType>() { ResponseType.IdToken }; clientMetadata.RedirectUris = new List <string>() { myBaseUrl + "id_token_flow_callback" }; clientMetadata.UserinfoSignedResponseAlg = "HS256"; clientMetadata.JwksUri = myBaseUrl + "my_public_keys.jwks"; OIDCClientInformation clientInformation = rp.RegisterClient(registrationEndopoint, clientMetadata); OIDClaims requestClaims = new OIDClaims(); requestClaims.IdToken = new Dictionary <string, OIDClaimData>(); requestClaims.IdToken.Add("name", new OIDClaimData()); OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; requestMessage.Scope = new List <MessageScope>() { MessageScope.Openid, MessageScope.Profile, MessageScope.Address, MessageScope.Phone, MessageScope.Email }; requestMessage.ResponseType = new List <ResponseType>() { ResponseType.IdToken, ResponseType.Token }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Nonce = WebOperations.RandomString(); requestMessage.State = WebOperations.RandomString(); requestMessage.Claims = requestClaims; requestMessage.Validate(); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthImplicitResponseMessage authResponse = rp.ParseAuthImplicitResponse(result, requestMessage.Scope, requestMessage.State); // when OIDCUserInfoResponseMessage response = GetUserInfo(authResponse.Scope, authResponse.State, authResponse.AccessToken, null, true, clientInformation.ClientSecret, null); // then response.Validate(); Assert.IsNotNullOrEmpty(response.Name); }
public void Should_Authenticate_With_Claims_In_Scope_Basic() { rpid = "rp-scope-userinfo_claims"; // given OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; OIDClaims requestClaims = new OIDClaims(); requestClaims.Userinfo = new Dictionary <string, OIDClaimData>(); requestClaims.Userinfo.Add("name", new OIDClaimData()); requestMessage.Scope = new List <MessageScope>() { MessageScope.Openid, MessageScope.Profile, MessageScope.Email, MessageScope.Address, MessageScope.Phone }; requestMessage.ResponseType = new List <ResponseType>() { ResponseType.IdToken, ResponseType.Token }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Nonce = WebOperations.RandomString(); requestMessage.State = WebOperations.RandomString(); requestMessage.Claims = requestClaims; requestMessage.Validate(); OpenIdRelyingParty rp = new OpenIdRelyingParty(); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthImplicitResponseMessage authResponse = rp.ParseAuthImplicitResponse(result, requestMessage.Scope, requestMessage.State); OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage(); userInfoRequestMessage.Scope = authResponse.Scope; userInfoRequestMessage.State = authResponse.State; // when OIDCUserInfoResponseMessage response = rp.GetUserInfo(GetBaseUrl("/userinfo"), userInfoRequestMessage, authResponse.AccessToken); // then response.Validate(); Assert.IsNotNullOrEmpty(response.Name); Assert.IsNotNullOrEmpty(response.GivenName); Assert.IsNotNullOrEmpty(response.FamilyName); Assert.IsNotNullOrEmpty(response.Email); Assert.IsNotNull(response.Address); Assert.IsNotNullOrEmpty(response.Address.StreetAddress); Assert.IsNotNullOrEmpty(response.Address.PostalCode); Assert.IsNotNullOrEmpty(response.Address.Locality); Assert.IsNotNullOrEmpty(response.Address.Country); Assert.IsNotNullOrEmpty(response.PhoneNumber); }
public void Should_Not_Send_AccessToken() { rpid = "rp-user_info-not_query"; // given OIDClaims requestClaims = new OIDClaims(); requestClaims.IdToken = new Dictionary <string, OIDClaimData>(); requestClaims.IdToken.Add("name", new OIDClaimData()); OIDCAuthImplicitResponseMessage authResponse = (OIDCAuthImplicitResponseMessage)GetAuthResponse(ResponseType.IdToken, null, true, requestClaims); // when OIDCUserInfoResponseMessage response = GetUserInfo(authResponse.Scope, authResponse.State, authResponse.AccessToken); // then response.Validate(); Assert.IsNotNullOrEmpty(response.Name); }
public void Should_Request_And_Use_Claims_Userinfo() { rpid = "rp-claims_request-userinfo_claims"; GetProviderMetadata(); // given OIDClaims requestClaims = new OIDClaims(); requestClaims.IdToken = new Dictionary <string, OIDClaimData>(); requestClaims.IdToken.Add("name", new OIDClaimData()); OIDCAuthImplicitResponseMessage authResponse = (OIDCAuthImplicitResponseMessage)GetAuthResponse(ResponseType.IdToken, null, true, requestClaims); // when OIDCUserInfoResponseMessage response = GetUserInfo(authResponse.Scope, authResponse.State, authResponse.AccessToken); // then response.Validate(); Assert.IsNotNullOrEmpty(response.Name); }
public void Should_Reject_Userinfo_With_Invalid_Sub() { rpid = "rp-user_info-bad_sub_claim"; // given OIDClaims requestClaims = new OIDClaims(); requestClaims.IdToken = new Dictionary <string, OIDClaimData>(); requestClaims.IdToken.Add("name", new OIDClaimData()); OIDCAuthImplicitResponseMessage authResponse = (OIDCAuthImplicitResponseMessage)GetAuthResponse(ResponseType.IdToken, null, true, requestClaims); OIDCIdToken idToken = authResponse.GetIdToken(providerMetadata.Keys); idToken.Validate(); // when OIDCUserInfoResponseMessage response = GetUserInfo(authResponse.Scope, authResponse.State, authResponse.AccessToken, idToken.Sub + "Wrong"); // then response.Validate(); Assert.IsNotNullOrEmpty(response.Name); }