public void SetAuthenticationModeToPassiveWhenLoginModeIsSelfHosted() { var oktaMvcOptions = new OktaMvcOptions() { PostLogoutRedirectUri = "http://postlogout.com", OktaDomain = "http://myoktadomain.com", ClientId = "foo", ClientSecret = "bar", RedirectUri = "/redirectUri", Scope = new List <string> { "openid", "profile", "email" }, LoginMode = LoginMode.SelfHosted, }; var notifications = new OpenIdConnectAuthenticationNotifications { RedirectToIdentityProvider = null, }; var oidcOptions = OpenIdConnectAuthenticationOptionsBuilder.BuildOpenIdConnectAuthenticationOptions( oktaMvcOptions, notifications); oidcOptions.AuthenticationMode.Should().Be(AuthenticationMode.Passive); }
public void CallUserInformationProviderWhenGetClaimsFromUserInfoEndpointIsTrue() { var oktaMvcOptions = new OktaMvcOptions() { PostLogoutRedirectUri = "http://postlogout.com", OktaDomain = "http://myoktadomain.com", ClientId = "foo", ClientSecret = "bar", RedirectUri = "/redirectUri", Scope = new List <string> { "openid", "profile", "email" }, GetClaimsFromUserInfoEndpoint = true, }; List <Claim> claims = new List <Claim>(); claims.Add(new Claim("testClaimType", "testClaimValue")); var oidcOptions = new OpenIdConnectAuthenticationOptionsBuilder(oktaMvcOptions, new MockUserInformationProvider(claims)).BuildOpenIdConnectAuthenticationOptions(); oidcOptions.ClientId.Should().Be(oktaMvcOptions.ClientId); oidcOptions.ClientSecret.Should().Be(oktaMvcOptions.ClientSecret); oidcOptions.PostLogoutRedirectUri.Should().Be(oktaMvcOptions.PostLogoutRedirectUri); oidcOptions.AuthenticationMode.Should().Be(AuthenticationMode.Active); var issuer = UrlHelper.CreateIssuerUrl(oktaMvcOptions.OktaDomain, oktaMvcOptions.AuthorizationServerId); oidcOptions.Authority.Should().Be(issuer); oidcOptions.RedirectUri.Should().Be(oktaMvcOptions.RedirectUri); oidcOptions.Scope.Should().Be(string.Join(" ", oktaMvcOptions.Scope)); SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context = new SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(null, null); context.AuthenticationTicket = new AuthenticationTicket(new ClaimsIdentity(), null); context.ProtocolMessage = new OpenIdConnectMessage() { AccessToken = "foo", IdToken = "bar" }; // This event should call UserInformationProvider.EnrichIdentityViaUserInfoAsync oidcOptions.Notifications.SecurityTokenValidated(context); context.AuthenticationTicket.Identity.Claims.Where(x => x.Type == "testClaimType").Count().Should().Be(1); }
public void BuildOpenIdConnectAuthenticationOptionsCorrectly() { var mockTokenEvent = Substitute.For <Func <SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> >(); var oktaMvcOptions = new OktaMvcOptions() { PostLogoutRedirectUri = "http://postlogout.com", OktaDomain = "http://myoktadomain.com", ClientId = "foo", ClientSecret = "bar", RedirectUri = "/redirectUri", Scope = new List <string> { "openid", "profile", "email" }, SecurityTokenValidated = mockTokenEvent, GetClaimsFromUserInfoEndpoint = false, }; var oidcOptions = new OpenIdConnectAuthenticationOptionsBuilder(oktaMvcOptions).BuildOpenIdConnectAuthenticationOptions(); oidcOptions.ClientId.Should().Be(oktaMvcOptions.ClientId); oidcOptions.ClientSecret.Should().Be(oktaMvcOptions.ClientSecret); oidcOptions.PostLogoutRedirectUri.Should().Be(oktaMvcOptions.PostLogoutRedirectUri); oidcOptions.AuthenticationMode.Should().Be(AuthenticationMode.Active); var issuer = UrlHelper.CreateIssuerUrl(oktaMvcOptions.OktaDomain, oktaMvcOptions.AuthorizationServerId); oidcOptions.Authority.Should().Be(issuer); oidcOptions.RedirectUri.Should().Be(oktaMvcOptions.RedirectUri); oidcOptions.Scope.Should().Be(string.Join(" ", oktaMvcOptions.Scope)); SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> context = new SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>(null, null); context.AuthenticationTicket = new AuthenticationTicket(new ClaimsIdentity(), null); context.ProtocolMessage = new OpenIdConnectMessage() { AccessToken = "foo", IdToken = "bar" }; // Check the event was call once with the corresponding context oidcOptions.Notifications.SecurityTokenValidated(context); mockTokenEvent.Received(1).Invoke(context); }
public void BuildOpenIdConnectAuthenticationOptionsCorrectly() { var mockTokenEvent = Substitute.For <Func <SecurityTokenValidatedNotification <OpenIdConnectMessage, OpenIdConnectAuthenticationOptions>, Task> >(); var oktaMvcOptions = new OktaMvcOptions() { PostLogoutRedirectUri = "http://postlogout.com", OktaDomain = "http://myoktadomain.com", ClientId = "foo", ClientSecret = "bar", RedirectUri = "/redirectUri", Scope = new List <string> { "openid", "profile", "email" }, SecurityTokenValidated = mockTokenEvent, }; var notifications = new OpenIdConnectAuthenticationNotifications { RedirectToIdentityProvider = null, }; var oidcOptions = OpenIdConnectAuthenticationOptionsBuilder.BuildOpenIdConnectAuthenticationOptions( oktaMvcOptions, notifications); oidcOptions.ClientId.Should().Be(oktaMvcOptions.ClientId); oidcOptions.ClientSecret.Should().Be(oktaMvcOptions.ClientSecret); oidcOptions.PostLogoutRedirectUri.Should().Be(oktaMvcOptions.PostLogoutRedirectUri); oidcOptions.AuthenticationMode.Should().Be(AuthenticationMode.Active); var issuer = UrlHelper.CreateIssuerUrl(oktaMvcOptions.OktaDomain, oktaMvcOptions.AuthorizationServerId); oidcOptions.Authority.Should().Be(issuer); oidcOptions.RedirectUri.Should().Be(oktaMvcOptions.RedirectUri); oidcOptions.Scope.Should().Be(string.Join(" ", oktaMvcOptions.Scope)); // Check the event was call once with a null parameter oidcOptions.Notifications.SecurityTokenValidated(null); mockTokenEvent.Received(1).Invoke(null); }