public void ExpiredRefreshToken()
{
TestTokenHandleManager handleManager =
new TestTokenHandleManager("abc", "codeclient", "https://validredirect", expired: true);
var validator = new TokenRequestValidator(handleManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.RefreshToken,
Refresh_Token = "abc"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidGrant, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public TokenEndpointController(IdentityServerOptions options, TokenRequestValidator requestValidator, ClientValidator clientValidator, TokenResponseGenerator generator)
{
_requestValidator = requestValidator;
_clientValidator = clientValidator;
_generator = generator;
_options = options;
}
public void InvalidCodeToClientBinding()
{
var handleManager =
new TestTokenHandleManager("abc", "someotherclient", "https://validredirect");
var validator = new TokenRequestValidator(handleManager, _clientManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
Code = "abc",
Redirect_Uri = "https://validredirect"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidGrant, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public HttpResponseMessage Post(TokenRequest request)
{
Tracing.Start("OIDC Token Endpoint");
ValidatedRequest validatedRequest;
try
{
var validator = new TokenRequestValidator(Clients, Grants);
validatedRequest = validator.Validate(request, ClaimsPrincipal.Current);
}
catch (TokenRequestValidationException ex)
{
Tracing.Error("Aborting OIDC token request");
return Request.CreateOAuthErrorResponse(ex.OAuthError);
}
// switch over the grant type
if (validatedRequest.GrantType.Equals(OAuth2Constants.GrantTypes.AuthorizationCode))
{
return ProcessAuthorizationCodeRequest(validatedRequest);
}
if (string.Equals(validatedRequest.GrantType, OAuth2Constants.GrantTypes.RefreshToken))
{
return ProcessRefreshTokenRequest(validatedRequest);
}
Tracing.Error("unsupported grant type: " + request.Grant_Type);
return Request.CreateOAuthErrorResponse(OAuth2Constants.Errors.UnsupportedGrantType);
}
public void MissingClientId()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.Password,
UserName = "******",
Password = "******",
Scope = "read"
};
try
{
var client = Principal.Create("Test",
new Claim("password", "secret"));
var result = validator.Validate(app, request, client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidClient, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void DisabledClient()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.ClientCredentials
};
try
{
var client = Principal.Create("Test",
new Claim("client_id", "disabledclient"),
new Claim("secret", "secret"));
var result = validator.Validate(app, request, client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidClient, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
/// <summary>
/// Initializes a new instance of the <see cref="TokenEndpointController" /> class.
/// </summary>
/// <param name="options">The options.</param>
/// <param name="requestValidator">The request validator.</param>
/// <param name="clientValidator">The client validator.</param>
/// <param name="generator">The generator.</param>
/// <param name="events">The events service.</param>
/// <param name="comoRequestValidator"></param>
public TokenEndpointController(IdentityServerOptions options, TokenRequestValidator requestValidator,
ClientValidator clientValidator, TokenResponseGenerator generator, IEventService events, IComoRequestValidator comoRequestValidator)
{
_requestValidator = requestValidator;
_clientValidator = clientValidator;
_generator = generator;
_options = options;
_events = events;
_comoRequestValidator = comoRequestValidator;
}
public void ValidRequest()
{
var validator = new TokenRequestValidator(_handleManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.RefreshToken,
Refresh_Token = "abc"
};
var result = validator.Validate(app, request, _client);
}
public void ValidSingleScope()
{
var validator = new TokenRequestValidator(_clientManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.ClientCredentials,
Scope = "read"
};
var result = validator.Validate(app, request, _client);
}
public void ValidSingleScope()
{
var validator = new TokenRequestValidator(_handleManager, _clientManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
Code = "abc",
Redirect_Uri = "https://validredirect"
};
var result = validator.Validate(app, request, _client);
}
public void ValidSingleScope()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = "assertion",
Assertion = "assertion",
Scope = "read"
};
var result = validator.Validate(app, request, _client);
}
public void ValidSingleScope()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.Password,
UserName = "******",
Password = "******",
Scope = "read"
};
var result = validator.Validate(app, request, _client);
}
public void EmptyParameters()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
try
{
var result = validator.Validate(app, new TokenRequest(), null);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.UnsupportedGrantType, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingScope()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.ClientCredentials,
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingCode()
{
var validator = new TokenRequestValidator(_handleManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.RefreshToken,
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidGrant, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedClientCredentialGrant()
{
var validator = new TokenRequestValidator(_handleManager, _clientManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.ClientCredentials,
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.UnauthorizedClient, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingAssertionValue()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = "assertion",
Scope = "read"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.UnsupportedGrantType, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingResourceOwnerUserName()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.Password,
Scope = "read"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidGrant, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void MissingScope()
{
var validator = new TokenRequestValidator(_clientManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.Password,
UserName = "******",
Password = "******",
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void NonMatchingRedirectUri()
{
var validator = new TokenRequestValidator(_handleManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
Code = "abc",
Redirect_Uri = "https://invalidredirect"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidRequest, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedScopeSingle()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = "assertion",
Assertion = "assertion",
Scope = "delete"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void AnonymousCodeGrant()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
Code = "abc",
Redirect_Uri = "https://validredirect"
};
try
{
var result = validator.Validate(app, request, Principal.Anonymous);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidClient, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnknownScope()
{
var validator = new TokenRequestValidator();
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.Password,
UserName = "******",
Password = "******",
Scope = "unknown"
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}
public void UnauthorizedCodeGrant()
{
TestTokenHandleManager handleManager =
new TestTokenHandleManager("abc", "codeclient", "https://validredirect");
var validator = new TokenRequestValidator(handleManager);
var app = _testConfig.FindApplication("test");
var request = new TokenRequest
{
Grant_Type = OAuthConstants.GrantTypes.AuthorizationCode,
};
try
{
var result = validator.Validate(app, request, _client);
}
catch (TokenRequestValidationException ex)
{
Assert.AreEqual(OAuthConstants.Errors.UnauthorizedClient, ex.OAuthError);
return;
}
Assert.Fail("No exception thrown.");
}