public async Task ValidateTokenRequest_ClientSecretCannotBeUsedByPublicClients() { // Arrange var application = new OpenIddictApplication(); var manager = CreateApplicationManager(instance => { instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Public); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", GrantType = OpenIdConnectConstants.GrantTypes.Password, Username = "******", Password = "******" }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); Assert.Equal("Public clients are not allowed to send a client_secret.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>()), Times.Once()); }
public async Task ValidateTokenRequest_ClientSecretIsRequiredForConfidentialClients() { // Arrange var application = new OpenIddictApplication(); var manager = CreateApplicationManager(instance => { instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Confidential); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", ClientSecret = null, GrantType = OpenIdConnectConstants.GrantTypes.Password, Username = "******", Password = "******" }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); Assert.Equal("Missing credentials: ensure that you specified a client_secret.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>()), Times.Once()); }
public async Task ApplyAuthorizationResponse_ErroredRequestIsNotHandledLocallyWhenStatusCodeMiddlewareIsEnabled() { // Arrange var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.HasRedirectUriAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Public); })); builder.EnableAuthorizationEndpoint("/authorize-status-code-middleware"); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync("/authorize-status-code-middleware", new OpenIdConnectRequest { ClientId = null, RedirectUri = null, ResponseType = null }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, (string)response["error_custom"]); }
public async Task ValidateAuthorizationRequest_ImplicitOrHybridRequestIsRejectedWhenClientIsConfidential(string type) { // Arrange var application = new OpenIddictApplication(); var manager = CreateApplicationManager(instance => { instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Confidential); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(AuthorizationEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, Scope = OpenIdConnectConstants.Scopes.OpenId }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error); Assert.Equal("The specified 'response_type' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>()), Times.Once()); }
public async Task ValidateIntrospectionRequest_RequestIsRejectedWhenEndpointPermissionIsNotGranted() { // Arrange var application = new OpenIddictApplication(); var manager = CreateApplicationManager(instance => { instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Introspection, It.IsAny <CancellationToken>())) .ReturnsAsync(false); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(IntrospectionEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Token = "2YotnFZFEjr1zCsicMWpAA" }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the introspection endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Introspection, It.IsAny <CancellationToken>()), Times.Once()); }
public async Task ValidateAuthorizationRequest_RequestIsRejectedWhenEndpointPermissionIsNotGranted() { // Arrange var application = new OpenIddictApplication(); var manager = CreateApplicationManager(instance => { instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Authorization, It.IsAny <CancellationToken>())) .ReturnsAsync(false); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(AuthorizationEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", ResponseType = OpenIdConnectConstants.ResponseTypes.Code }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the authorization endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Authorization, It.IsAny <CancellationToken>()), Times.Once()); }
private async Task InitializeAsync(IServiceProvider services, CancellationToken cancellationToken) { using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope()) { var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>(); await context.Database.EnsureCreatedAsync(); var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >(); if (await manager.FindByClientIdAsync("mvc3", cancellationToken) == null) { var application = new OpenIddictApplication { ClientId = "mvc3", DisplayName = "MVC client application", LogoutRedirectUri = "http://localhost:5000/", RedirectUri = "https://www.getpostman.com/oauth2/callback" }; await manager.CreateAsync(application, "901564A5-E7FE-42CB-B10D-61EF6A8F3654", cancellationToken); } } }
public async Task HandleLogoutRequest_RequestsAreNotHandledLocally() { // Arrange var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByLogoutRedirectUri("http://www.fabrikam.com/path", It.IsAny <CancellationToken>())) .ReturnsAsync(application); })); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(LogoutEndpoint, new OpenIdConnectRequest { PostLogoutRedirectUri = "http://www.fabrikam.com/path", State = "af0ifjsldkj" }); // Assert Assert.Equal("af0ifjsldkj", response.State); }
private async Task InitializeAsync(IServiceProvider services, CancellationToken cancellationToken) { using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope()) { var context = scope.ServiceProvider.GetRequiredService <CitySeeDbContext>(); await context.Database.EnsureCreatedAsync(); var applicationmanager = scope.ServiceProvider.GetRequiredService <OpenIddict.Core.OpenIddictApplicationManager <OpenIddictApplication> >(); var usermanager = scope.ServiceProvider.GetRequiredService <UserManager <IdentityUser> >(); if (await applicationmanager.FindByClientIdAsync("citysee", cancellationToken) == null) { var application = new OpenIddictApplication { ClientId = "citysee", Type = "confidential", DisplayName = "City_See", PostLogoutRedirectUris = "http://*****:*****@163.com" }; await usermanager.CreateAsync(user, "123456"); } bool StartIsOk = citySeeContext.Start().Result; } }
public async Task ExecuteAsync(ProjectExecutionContext context) { if (!string.Equals(context.Name, "OpenIdApplication", StringComparison.OrdinalIgnoreCase)) { return; } var model = context.Step.ToObject <OpenIdApplicationStepModel>(); var application = new OpenIddictApplication(); if (model.Id != 0) { application = await _applicationManager.FindByIdAsync(model.Id.ToString(), CancellationToken.None); } application.ClientId = model.ClientId; application.DisplayName = model.DisplayName; // application.AllowAuthorizationCodeFlow = model.AllowAuthorizationCodeFlow; // application.AllowClientCredentialsFlow = model.AllowClientCredentialsFlow; // application.AllowHybridFlow = model.AllowHybridFlow; // application.AllowImplicitFlow = model.AllowImplicitFlow; // application.AllowPasswordFlow = model.AllowPasswordFlow; // application.AllowRefreshTokenFlow = model.AllowRefreshTokenFlow; // application.LogoutRedirectUri = model.LogoutRedirectUri; // application.RedirectUri = model.RedirectUri; // application.SkipConsent = model.SkipConsent; // application.RoleNames = model.RoleNames; application.Type = model.Type.ToString(); if (model.Type == ClientType.Private) { await _applicationManager.CreateAsync(application, model.ClientSecret, CancellationToken.None); } else { await _applicationManager.CreateAsync(application, CancellationToken.None); } }
public async Task ValidateRevocationRequest_ClientSecretIsRequiredForHybridClients() { // Arrange var application = new OpenIddictApplication(); var manager = CreateApplicationManager(instance => { instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Hybrid); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(RevocationEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", ClientSecret = null, Token = "SlAV32hkKG", TokenTypeHint = OpenIdConnectConstants.TokenTypeHints.RefreshToken }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>()), Times.Once()); }
public static async Task InitializeAsync(IServiceProvider services, CancellationToken cancellationToken) { // Create a new service scope to ensure the database context is correctly disposed when this methods returns. using (var scope = services.GetRequiredService <IServiceScopeFactory>().CreateScope()) { var context = scope.ServiceProvider.GetRequiredService <ApplicationDbContext>(); await context.Database.EnsureCreatedAsync(cancellationToken); var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >(); if (await manager.FindByClientIdAsync("monkeylogonclient", cancellationToken) == null) { var application = new OpenIddictApplication { ClientId = "monkeylogonclient", DisplayName = "MonkeyLogon Client", Type = "public", RedirectUri = "com.example.mhuss.monkeylogon:/oauth2redirect" }; await manager.CreateAsync(application, cancellationToken); } if (await manager.FindByClientIdAsync("browser-test", cancellationToken) == null) { var application = new OpenIddictApplication { ClientId = "browser-test", DisplayName = "browser-test", Type = "public", RedirectUri = "http://localhost" }; await manager.CreateAsync(application, cancellationToken); } } }
public async Task ValidateIntrospectionRequest_RequestIsRejectedWhenClientCredentialsAreInvalid() { // Arrange var application = new OpenIddictApplication(); var manager = CreateApplicationManager(instance => { instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Confidential); instance.Setup(mock => mock.ValidateSecretAsync(application, "7Fjfp0ZBr1KtDRbnfVdmIw", It.IsAny <CancellationToken>())) .ReturnsAsync(false); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(IntrospectionEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Token = "2YotnFZFEjr1zCsicMWpAA" }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); Assert.Equal("Invalid credentials: ensure that you specified a correct client_secret.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.ValidateSecretAsync(application, "7Fjfp0ZBr1KtDRbnfVdmIw", It.IsAny <CancellationToken>()), Times.Once()); }
public async Task ValidateLogoutRequest_RequestIsRejectedWhenApplicationHasNoLogoutPermission() { // Arrange var application = new OpenIddictApplication(); var manager = CreateApplicationManager(instance => { instance.Setup(mock => mock.FindByPostLogoutRedirectUriAsync("http://www.fabrikam.com/path", It.IsAny <CancellationToken>())) .ReturnsAsync(ImmutableArray.Create(application)); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Logout, It.IsAny <CancellationToken>())) .ReturnsAsync(false); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); builder.Configure(options => options.IgnoreEndpointPermissions = false); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(LogoutEndpoint, new OpenIdConnectRequest { PostLogoutRedirectUri = "http://www.fabrikam.com/path" }); // Assert Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'post_logout_redirect_uri' parameter is not valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Logout, It.IsAny <CancellationToken>()), Times.Once()); }
public async Task HandleLogoutRequest_RequestIsPersistedInDistributedCache() { // Arrange var cache = new Mock <IDistributedCache>(); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByLogoutRedirectUri("http://www.fabrikam.com/path", It.IsAny <CancellationToken>())) .ReturnsAsync(application); })); builder.Services.AddSingleton(cache.Object); builder.EnableRequestCaching(); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(LogoutEndpoint, new OpenIdConnectRequest { PostLogoutRedirectUri = "http://www.fabrikam.com/path" }); var identifier = (string)response[OpenIdConnectConstants.Parameters.RequestId]; // Assert Assert.Equal(1, response.GetParameters().Count()); Assert.NotNull(identifier); cache.Verify(mock => mock.SetAsync( OpenIddictConstants.Environment.LogoutRequest + identifier, It.IsAny <byte[]>(), It.IsAny <DistributedCacheEntryOptions>()), Times.Once()); }
private async Task InitializeAsync(IApplicationBuilder app, CancellationToken cancellationToken) { // Create a new service scope to ensure the database context is correctly disposed when this methods returns. using (var scope = app.ApplicationServices.GetRequiredService <IServiceScopeFactory>().CreateScope()) { var context = scope.ServiceProvider.GetRequiredService <DbContext>(); await context.Database.EnsureCreatedAsync(); // Note: when using a custom entity or a custom key type, replace OpenIddictApplication by the appropriate type. var manager = scope.ServiceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >(); if (await manager.FindByClientIdAsync("onlineshop-web", cancellationToken) == null) { var application = new OpenIddictApplication { ClientId = "onlineshop-web", RedirectUri = "http://localhost:4200/", LogoutRedirectUri = "http://localhost:4200/" }; await manager.CreateAsync(application, cancellationToken); } } }
public async Task ValidateAuthorizationRequest_RequestIsRejectedWhenRedirectUriIsInvalid() { // Arrange var application = new OpenIddictApplication(); var manager = CreateApplicationManager(instance => { instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny <CancellationToken>())) .ReturnsAsync(false); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(AuthorizationEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", ResponseType = OpenIdConnectConstants.ResponseTypes.Code }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'redirect_uri' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny <CancellationToken>()), Times.Once()); }
public async Task ValidateTokenRequest_ClientCredentialsRequestFromPublicClientIsRejected() { // Arrange var application = new OpenIddictApplication(); var manager = CreateApplicationManager(instance => { instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Public); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", GrantType = OpenIdConnectConstants.GrantTypes.ClientCredentials }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("Public clients are not allowed to use the client credentials grant.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>()), Times.Once()); }
public async Task SerializeAuthorizationCode_AuthorizationIsAutomaticallyAttached() { // Arrange var token = new OpenIddictToken(); var manager = CreateTokenManager(instance => { instance.Setup(mock => mock.CreateAsync(OpenIdConnectConstants.TokenTypeHints.AuthorizationCode, "Bob le Magnifique", It.IsAny <CancellationToken>())) .ReturnsAsync(token); instance.Setup(mock => mock.GetIdAsync(token, It.IsAny <CancellationToken>())) .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); instance.Setup(mock => mock.SetClientAsync(token, "3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny <CancellationToken>())) .Returns(Task.FromResult(0)); instance.Setup(mock => mock.SetAuthorizationAsync(token, "1AF06AB2-A0FC-4E3D-86AF-E04DA8C7BE70", It.IsAny <CancellationToken>())) .Returns(Task.FromResult(0)); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.HasRedirectUriAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Public); instance.Setup(mock => mock.GetIdAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); })); builder.Services.AddSingleton(CreateAuthorizationManager(instance => { instance.Setup(mock => mock.FindByIdAsync("1AF06AB2-A0FC-4E3D-86AF-E04DA8C7BE70", It.IsAny <CancellationToken>())) .ReturnsAsync(new OpenIddictAuthorization()); })); builder.Services.AddSingleton(manager); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(AuthorizationEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", ResponseType = OpenIdConnectConstants.ResponseTypes.Code, }); // Assert Assert.NotNull(response.Code); Mock.Get(manager).Verify(mock => mock.SetAuthorizationAsync(token, "1AF06AB2-A0FC-4E3D-86AF-E04DA8C7BE70", It.IsAny <CancellationToken>()), Times.Once()); }
public async Task HandleTokenRequest_RequestsAreNotHandledLocally(string flow) { // Arrange var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), new AuthenticationProperties(), OpenIdConnectServerDefaults.AuthenticationScheme); ticket.SetTicketId("60FFF7EA-F98E-437B-937E-5073CC313103"); switch (flow) { case OpenIdConnectConstants.GrantTypes.AuthorizationCode: ticket.SetUsage(OpenIdConnectConstants.Usages.AuthorizationCode); ticket.SetPresenters("Fabrikam"); break; case OpenIdConnectConstants.GrantTypes.RefreshToken: ticket.SetUsage(OpenIdConnectConstants.Usages.RefreshToken); break; } var format = new Mock <ISecureDataFormat <AuthenticationTicket> >(); format.Setup(mock => mock.Unprotect("8xLOxBtZp8")) .Returns(ticket); var token = new OpenIddictToken(); var manager = CreateTokenManager(instance => { instance.Setup(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny <CancellationToken>())) .ReturnsAsync(token); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Confidential); instance.Setup(mock => mock.ValidateClientSecretAsync(application, "7Fjfp0ZBr1KtDRbnfVdmIw", It.IsAny <CancellationToken>())) .ReturnsAsync(true); })); builder.AllowCustomFlow("urn:ietf:params:oauth:grant-type:custom_grant"); builder.Services.AddSingleton(manager); builder.Configure(options => options.AuthorizationCodeFormat = format.Object); builder.Configure(options => options.RefreshTokenFormat = format.Object); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "8xLOxBtZp8", GrantType = flow, RefreshToken = "8xLOxBtZp8", Username = "******", Password = "******" }); // Assert Assert.NotNull(response.AccessToken); }
public async Task HandleTokenRequest_AuthorizationCodeIsAutomaticallyRevoked() { // Arrange var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), new AuthenticationProperties(), OpenIdConnectServerDefaults.AuthenticationScheme); ticket.SetPresenters("Fabrikam"); ticket.SetTicketId("3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetUsage(OpenIdConnectConstants.Usages.AuthorizationCode); var format = new Mock <ISecureDataFormat <AuthenticationTicket> >(); format.Setup(mock => mock.Unprotect("SplxlOBeZQQYbYS6WxSbIA")) .Returns(ticket); var token = new OpenIddictToken(); var manager = CreateTokenManager(instance => { instance.Setup(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny <CancellationToken>())) .ReturnsAsync(token); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Public); })); builder.Services.AddSingleton(manager); builder.Configure(options => options.AuthorizationCodeFormat = format.Object); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode }); // Assert Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.RevokeAsync(token, It.IsAny <CancellationToken>()), Times.Once()); }
public async Task HandleIntrospectionRequest_RequestIsRejectedWhenReferenceTokenIsInvalid() { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), new AuthenticationProperties(), OpenIddictServerDefaults.AuthenticationScheme); ticket.SetAudiences("Fabrikam"); ticket.SetInternalTokenId("3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken); var format = new Mock <ISecureDataFormat <AuthenticationTicket> >(); format.Setup(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA")) .Returns(ticket); var token = new OpenIddictToken(); var manager = CreateTokenManager(instance => { instance.Setup(mock => mock.FindByReferenceIdAsync("QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI", It.IsAny <CancellationToken>())) .ReturnsAsync(token); instance.Setup(mock => mock.GetTypeAsync(token, It.IsAny <CancellationToken>())) .Returns(new ValueTask <string>(OpenIdConnectConstants.TokenUsages.AccessToken)); instance.Setup(mock => mock.GetIdAsync(token, It.IsAny <CancellationToken>())) .Returns(new ValueTask <string>("3E228451-1555-46F7-A471-951EFBA23A56")); instance.Setup(mock => mock.GetPayloadAsync(token, It.IsAny <CancellationToken>())) .Returns(new ValueTask <string>("2YotnFZFEjr1zCsicMWpAA")); instance.Setup(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny <CancellationToken>())) .ReturnsAsync(token); instance.Setup(mock => mock.IsValidAsync(token, It.IsAny <CancellationToken>())) .ReturnsAsync(false); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .Returns(new ValueTask <string>(OpenIddictConstants.ClientTypes.Confidential)); instance.Setup(mock => mock.ValidateClientSecretAsync(application, "7Fjfp0ZBr1KtDRbnfVdmIw", It.IsAny <CancellationToken>())) .ReturnsAsync(true); })); builder.Services.AddSingleton(manager); builder.Configure(options => options.AccessTokenFormat = format.Object); builder.UseReferenceTokens(); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(IntrospectionEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Token = "QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI" }); // Assert Assert.Single(response.GetParameters()); Assert.False((bool)response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI", It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.IsValidAsync(token, It.IsAny <CancellationToken>()), Times.Once()); }
public async Task HandleIntrospectionRequest_RequestIsRejectedWhenRefreshTokenIsRevoked() { // Arrange var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), new AuthenticationProperties(), OpenIdConnectServerDefaults.AuthenticationScheme); ticket.SetTicketId("3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetUsage(OpenIdConnectConstants.Usages.RefreshToken); var format = new Mock <ISecureDataFormat <AuthenticationTicket> >(); format.Setup(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA")) .Returns(ticket); var manager = CreateTokenManager(instance => { instance.Setup(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny <CancellationToken>())) .ReturnsAsync(null); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Confidential); instance.Setup(mock => mock.ValidateClientSecretAsync(application, "7Fjfp0ZBr1KtDRbnfVdmIw", It.IsAny <CancellationToken>())) .ReturnsAsync(true); })); builder.Services.AddSingleton(manager); builder.Configure(options => options.RefreshTokenFormat = format.Object); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(IntrospectionEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Token = "2YotnFZFEjr1zCsicMWpAA" }); // Assert Assert.Equal(1, response.GetParameters().Count()); Assert.False((bool)response[OpenIdConnectConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny <CancellationToken>()), Times.Once()); }
public static void Initialize(IServiceProvider serviceProvider, ILoggerFactory loggerFactory) { var context = serviceProvider.GetRequiredService <ApplicationDbContext>(); ILogger logger = loggerFactory.CreateLogger("InitializeData"); context.Database.Migrate(); if (!context.Roles.Any()) { var roleManager = serviceProvider.GetRequiredService <RoleManager <Role> >(); var createTask = roleManager.CreateAsync(new Role { Name = "Administrator" }); createTask.Wait(); var identityResult = createTask.Result; if (!identityResult.Succeeded) { foreach (var error in identityResult.Errors) { logger.LogError($"{error.Code}: {error.Description}"); } } } if (!context.Users.Any()) { var userManager = serviceProvider.GetService <UserManager <User> >(); var user = new User { UserName = "******", Email = "*****@*****.**", FirstName = "Admin", LastName = "User" }; var createTask = userManager.CreateAsync(user, "P@ssword"); createTask.Wait(); var identityResult = createTask.Result; if (!identityResult.Succeeded) { foreach (var error in identityResult.Errors) { logger.LogError($"{error.Code}: {error.Description}"); } } else { var adminTask = userManager.AddToRoleAsync(user, "Administrator"); adminTask.Wait(); identityResult = adminTask.Result; if (!identityResult.Succeeded) { foreach (var error in identityResult.Errors) { logger.LogError($"{error.Code}: {error.Description}"); } } } } if (!context.Clients.Any()) { context.Clients.Add(new Client { Name = "Contoso, Inc" }); context.Clients.Add(new Client { Name = "Adventureworks" }); context.SaveChanges(); } if (!context.Projects.Any()) { context.Projects.Add(new Project { Title = "Angular Training", ClientId = context.Clients.SingleOrDefault(client => client.Name == "Contoso, Inc").Id }); context.Projects.Add(new Project { Title = "Biztalk", ClientId = context.Clients.SingleOrDefault(client => client.Name == "Adventureworks").Id }); context.SaveChanges(); } var openIddictApplicationManager = serviceProvider.GetRequiredService <OpenIddictApplicationManager <OpenIddictApplication> >(); var findByClientIdTask = openIddictApplicationManager.FindByClientIdAsync("angular", CancellationToken.None); findByClientIdTask.Wait(); if (findByClientIdTask.Result == null) { var application = new OpenIddictApplication { ClientId = "angular", DisplayName = "Angular client application", LogoutRedirectUri = "http://localhost:5000", RedirectUri = "http://localhost:5000" }; var createTask = openIddictApplicationManager.CreateAsync(application, CancellationToken.None); createTask.Wait(); } }
public async Task ValidateAuthorizationRequest_RequestIsValidatedWhenRegisteredScopeIsSpecified() { // Arrange var manager = CreateScopeManager(instance => { instance.Setup(mock => mock.ValidateScopesAsync( It.Is <ImmutableArray <string> >(scopes => scopes[0] == "registered_scope"), It.IsAny <CancellationToken>())) .ReturnsAsync(true); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Public); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Authorization, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.Implicit, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + "registered_scope", It.IsAny <CancellationToken>())) .ReturnsAsync(true); })); builder.Services.AddSingleton(manager); builder.ValidateScopes(); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(AuthorizationEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = OpenIdConnectConstants.ResponseTypes.Token, Scope = "registered_scope" }); // Assert Assert.Null(response.Error); Assert.Null(response.ErrorDescription); Assert.Null(response.ErrorUri); Assert.NotNull(response.AccessToken); }
public async Task HandleAuthorizationRequest_RequestsAreNotHandledLocally(string type) { // Arrange var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Authorization, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.Implicit, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Public); instance.Setup(mock => mock.GetIdAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); })); builder.Services.AddSingleton(CreateTokenManager(instance => { var token = new OpenIddictToken(); instance.Setup(mock => mock.CreateAsync(It.IsAny <OpenIddictTokenDescriptor>(), It.IsAny <CancellationToken>())) .ReturnsAsync(token); instance.Setup(mock => mock.GetIdAsync(token, It.IsAny <CancellationToken>())) .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56"); })); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(AuthorizationEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, Scope = OpenIdConnectConstants.Scopes.OpenId }); // Assert Assert.True(!string.IsNullOrEmpty(response.AccessToken) || !string.IsNullOrEmpty(response.Code) || !string.IsNullOrEmpty(response.IdToken)); }
public async Task HandleAuthorizationRequest_RequestIsPersistedInDistributedCache() { // Arrange var cache = new Mock <IDistributedCache>(); var generator = new Mock <RandomNumberGenerator>(); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Authorization, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.Implicit, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Public); })); builder.Services.AddSingleton(cache.Object); builder.EnableRequestCaching(); builder.Configure(options => options.RandomNumberGenerator = generator.Object); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(AuthorizationEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", ResponseType = OpenIdConnectConstants.ResponseTypes.Token }); var identifier = (string)response[OpenIdConnectConstants.Parameters.RequestId]; // Assert Assert.Single(response.GetParameters()); Assert.NotNull(identifier); cache.Verify(mock => mock.SetAsync( OpenIddictConstants.Environment.AuthorizationRequest + identifier, It.IsAny <byte[]>(), It.IsAny <DistributedCacheEntryOptions>(), It.IsAny <CancellationToken>()), Times.Once()); generator.Verify(mock => mock.GetBytes(It.Is <byte[]>(bytes => bytes.Length == 256 / 8)), Times.Once()); }
public async Task ValidateAuthorizationRequest_RequestIsRejectedWhenScopePermissionIsNotGranted() { // Arrange var application = new OpenIddictApplication(); var manager = CreateApplicationManager(instance => { instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Authorization, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.RefreshToken, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + OpenIdConnectConstants.Scopes.Profile, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + OpenIdConnectConstants.Scopes.Email, It.IsAny <CancellationToken>())) .ReturnsAsync(false); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); builder.RegisterScopes(OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(AuthorizationEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", ResponseType = OpenIdConnectConstants.ResponseTypes.Code, Scope = "openid offline_access profile email" }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); Assert.Equal("This client application is not allowed to use the specified scope.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + OpenIdConnectConstants.Scopes.OpenId, It.IsAny <CancellationToken>()), Times.Never()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + OpenIdConnectConstants.Scopes.OfflineAccess, It.IsAny <CancellationToken>()), Times.Never()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + OpenIdConnectConstants.Scopes.Profile, It.IsAny <CancellationToken>()), Times.Once()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + OpenIdConnectConstants.Scopes.Email, It.IsAny <CancellationToken>()), Times.Once()); }
public async Task ApplyAuthorizationResponse_RequestIsRemovedFromDistributedCache() { // Arrange var request = new OpenIdConnectRequest { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", ResponseType = OpenIdConnectConstants.ResponseTypes.Token }; var stream = new MemoryStream(); using (var writer = new BsonDataWriter(stream)) { writer.CloseOutput = false; var serializer = JsonSerializer.CreateDefault(); serializer.Serialize(writer, request); } var cache = new Mock <IDistributedCache>(); cache.Setup(mock => mock.GetAsync( OpenIddictConstants.Environment.AuthorizationRequest + "b2ee7815-5579-4ff7-86b0-ba671b939d96", It.IsAny <CancellationToken>())) .ReturnsAsync(stream.ToArray()); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(CreateApplicationManager(instance => { var application = new OpenIddictApplication(); instance.Setup(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny <CancellationToken>())) .ReturnsAsync(application); instance.Setup(mock => mock.HasRedirectUriAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny <CancellationToken>())) .ReturnsAsync(true); instance.Setup(mock => mock.GetClientTypeAsync(application, It.IsAny <CancellationToken>())) .ReturnsAsync(OpenIddictConstants.ClientTypes.Public); })); builder.Services.AddSingleton(cache.Object); builder.EnableRequestCaching(); }); var client = new OpenIdConnectClient(server.CreateClient()); // Act var response = await client.PostAsync(AuthorizationEndpoint, new OpenIdConnectRequest { RequestId = "b2ee7815-5579-4ff7-86b0-ba671b939d96" }); // Assert Assert.NotNull(response.AccessToken); cache.Verify(mock => mock.RemoveAsync( OpenIddictConstants.Environment.AuthorizationRequest + "b2ee7815-5579-4ff7-86b0-ba671b939d96", It.IsAny <CancellationToken>()), Times.Once()); }
private AuthenticationTicket CreateResourceServerTicketAsync(OpenIdConnectRequest request, OpenIddictApplication application) { // Create a new ClaimsIdentity containing the claims that // will be used to create an id_token, a token or a code. var identity = new ClaimsIdentity( OpenIdConnectServerDefaults.AuthenticationScheme, OpenIdConnectConstants.Claims.Name, OpenIdConnectConstants.Claims.Role); // Use the client_id as the subject identifier. identity.AddClaim(OpenIdConnectConstants.Claims.Subject, application.ClientId, OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken); identity.AddClaim(OpenIdConnectConstants.Claims.Name, application.DisplayName ?? application.ClientId, OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken); identity.AddClaim(OpenIdConnectConstants.Claims.Role, AppConstants.Roles.Application, OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken); if (application.ClientId == "resource_server") { identity.AddClaim(OpenIdConnectConstants.Claims.Role, AppConstants.Roles.Administrator, OpenIdConnectConstants.Destinations.AccessToken, OpenIdConnectConstants.Destinations.IdentityToken); } // Create a new authentication ticket holding the user identity. var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), new AuthenticationProperties(), OpenIdConnectServerDefaults.AuthenticationScheme); ticket.SetResources("resource_server"); return(ticket); }