public async Task When_Add_Resource_And_No_Name_Is_Specified_Then_Error_Is_Returned()
{
var resource = await _umaClient.AddResource(new ResourceSet { Name = string.Empty }, "header")
.ConfigureAwait(false) as Option <AddResourceSetResponse> .Error;
Assert.NotNull(resource);
Assert.Equal(ErrorCodes.InvalidRequest, resource.Details.Title);
Assert.Equal(string.Format(Strings.MissingParameter, "name"), resource.Details.Detail);
}
public async Task When_Scopes_Does_Not_Exist_Then_Error_Is_Returned()
{
var resource = await _umaClient.AddResource(
new ResourceSet { Name = "picture", Scopes = new[] { "read" } },
"header")
.ConfigureAwait(false) as Option <AddResourceSetResponse> .Result;
var ticket = await _umaClient.RequestPermission(
"header",
requests : new PermissionRequest
{
ResourceSetId = resource.Item.Id, Scopes = new[] { "scopescopescope" }
})
.ConfigureAwait(false) as Option <TicketResponse> .Error;
Assert.Equal(ErrorCodes.InvalidScope, ticket.Details !.Title);
Assert.Equal("one or more scopes are not valid", ticket.Details.Detail);
}
public async Task When_Using_TicketId_Grant_Type_Then_AccessToken_Is_Returned()
{
var handler = new JwtSecurityTokenHandler();
var set = new JsonWebKeySet();
set.Keys.Add(_server.SharedUmaCtx.SignatureKey);
var securityToken = new JwtSecurityToken(
"http://server.example.com",
"s6BhdRkqt3",
new[] { new Claim("sub", "248289761001") },
null,
DateTime.UtcNow.AddYears(1),
new SigningCredentials(set.GetSignKeys().First(), SecurityAlgorithms.HmacSha256));
var jwt = handler.WriteToken(securityToken);
var tc = new TokenClient(
TokenCredentials.FromClientCredentials("resource_server", "resource_server"),
_server.Client,
new Uri(BaseUrl + WellKnownUma2Configuration));
// Get PAT.
var result = await tc.GetToken(TokenRequest.FromScopes("uma_protection", "uma_authorization"))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
var resourceSet = new ResourceSet
{
Name = "name",
Scopes = new[] { "read", "write", "execute" },
AuthorizationPolicies = new[]
{
new PolicyRule
{
ClientIdsAllowed = new[] { "resource_server" },
Scopes = new[] { "read", "write", "execute" }
}
}
};
var resource =
await _umaClient.AddResource(resourceSet, result.Item.AccessToken).ConfigureAwait(false) as
Option <AddResourceSetResponse> .Result;
resourceSet = resourceSet with {
Id = resource.Item.Id
};
await _umaClient.UpdateResource(resourceSet, result.Item.AccessToken).ConfigureAwait(false);
var ticket = await _umaClient.RequestPermission(
"header",
requests : new PermissionRequest // Add permission & retrieve a ticket id.
{
ResourceSetId = resource.Item.Id, Scopes = new[] { "read" }
})
.ConfigureAwait(false) as Option <TicketResponse> .Result;
Assert.NotNull(ticket.Item);
var tokenClient = new TokenClient(
TokenCredentials.FromClientCredentials("resource_server", "resource_server"),
_server.Client,
new Uri(BaseUrl + WellKnownUma2Configuration));
var token = await tokenClient.GetToken(TokenRequest.FromTicketId(ticket.Item.TicketId, jwt))
.ConfigureAwait(false) as Option <GrantedTokenResponse> .Result;
var jwtToken = handler.ReadJwtToken(token.Item.AccessToken);
Assert.NotNull(jwtToken.Claims);
}