public async Task ChallengeCanSetUserStateThroughProperties(string userState) { var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest")); var settings = new TestSettings(o => { o.ClientId = "Test Id"; o.Authority = TestServerBuilder.DefaultAuthority; o.StateDataFormat = stateFormat; }); var properties = new AuthenticationProperties(); properties.Items.Add(OpenIdConnectDefaults.UserstatePropertiesKey, userState); var server = settings.CreateTestServer(properties); var transaction = await server.SendAsync(TestServerBuilder.TestHost + TestServerBuilder.ChallengeWithProperties); var res = transaction.Response; Assert.Equal(HttpStatusCode.Redirect, res.StatusCode); Assert.NotNull(res.Headers.Location); var values = settings.ValidateChallengeRedirect(res.Headers.Location); var actualState = values[OpenIdConnectParameterNames.State]; var actualProperties = stateFormat.Unprotect(actualState); Assert.Equal(userState ?? string.Empty, actualProperties.Items[OpenIdConnectDefaults.UserstatePropertiesKey]); }
public async Task ChallengeWillUseAuthenticationPropertiesParametersAsQueryArguments() { var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("MicrosoftTest")); using var host = await CreateHost(o => { o.ClientId = "Test Id"; o.ClientSecret = "Test Secret"; o.StateDataFormat = stateFormat; }); using var server = host.GetTestServer(); var transaction = await server.SendAsync("https://example.com/challenge"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); // verify query arguments var query = QueryHelpers.ParseQuery(transaction.Response.Headers.Location.Query); Assert.Equal("https://graph.microsoft.com/user.read", query["scope"]); Assert.Equal("consumers", query["domain_hint"]); Assert.Equal("username", query["login_hint"]); Assert.Equal("select_account", query["prompt"]); Assert.Equal("query", query["response_mode"]); // verify that the passed items were not serialized var stateProperties = stateFormat.Unprotect(query["state"]); Assert.DoesNotContain("scope", stateProperties.Items.Keys); Assert.DoesNotContain("domain_hint", stateProperties.Items.Keys); Assert.DoesNotContain("login_hint", stateProperties.Items.Keys); Assert.DoesNotContain("prompt", stateProperties.Items.Keys); Assert.DoesNotContain("response_mode", stateProperties.Items.Keys); }
public async Task SignOutWith_Specific_RedirectUri_From_Authentication_Properites() { var configuration = TestServerBuilder.CreateDefaultOpenIdConnectConfiguration(); var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest")); var server = TestServerBuilder.CreateServer(o => { o.Authority = TestServerBuilder.DefaultAuthority; o.StateDataFormat = stateFormat; o.ClientId = "Test Id"; o.Configuration = configuration; o.SignedOutRedirectUri = "https://example.com/postlogout"; }); var transaction = await server.SendAsync("https://example.com/signout_with_specific_redirect_uri"); Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode); var query = transaction.Response.Headers.Location.Query.Substring(1).Split('&') .Select(each => each.Split('=')) .ToDictionary(pair => pair[0], pair => pair[1]); string redirectUri; Assert.True(query.TryGetValue("post_logout_redirect_uri", out redirectUri)); Assert.Equal(UrlEncoder.Default.Encode("https://example.com/signout-callback-oidc"), redirectUri, true); string state; Assert.True(query.TryGetValue("state", out state)); var properties = stateFormat.Unprotect(state); Assert.Equal("http://www.example.com/specific_redirect_uri", properties.RedirectUri, true); }
public static AuthenticationProperties GetByCorrelationId(PropertiesDataFormat stateFormat, IList <string> cookies, string correlationId, string schemeName, string correlationCookieName = ".AspNetCore.Correlation") { var state = correlationId; var fullCookieValue = cookies.FirstOrDefault(x => x.StartsWith($"{correlationCookieName}.{schemeName}.{CorrelationMarker}.{state}")); var cookieValue = GetCookieValue(fullCookieValue, state); var stateProperties = stateFormat.Unprotect(cookieValue); return(stateProperties); }
public async Task OnRedirectToIdentityProviderEventCanSetState(string userState) { var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider(NullLoggerFactory.Instance).CreateProtector("OIDCTest")); var settings = new TestSettings(opt => { opt.StateDataFormat = stateFormat; opt.ClientId = "Test Id"; opt.Authority = TestServerBuilder.DefaultAuthority; opt.Events = new OpenIdConnectEvents() { OnRedirectToIdentityProvider = context => { context.ProtocolMessage.State = userState; return(Task.FromResult(0)); } }; }); var server = settings.CreateTestServer(); var transaction = await server.SendAsync(ChallengeEndpoint); var res = transaction.Response; Assert.Equal(HttpStatusCode.Redirect, res.StatusCode); Assert.NotNull(res.Headers.Location); var values = settings.ValidateChallengeRedirect(res.Headers.Location); var actualState = values[OpenIdConnectParameterNames.State]; var actualProperties = stateFormat.Unprotect(actualState); if (userState != null) { Assert.Equal(userState, actualProperties.Items[OpenIdConnectDefaults.UserstatePropertiesKey]); } else { Assert.False(actualProperties.Items.ContainsKey(OpenIdConnectDefaults.UserstatePropertiesKey)); } }