public void ResourceOwnerScopeOverride() {
var clientRequestedScopes = new[] { "scope1", "scope2" };
var serverOverriddenScopes = new[] { "scope1", "differentScope" };
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>()))
.Returns<string, string, IAccessTokenRequest>((un, pw, req) => {
var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername);
response.ApprovedScope.Clear();
response.ApprovedScope.UnionWith(serverOverriddenScopes);
return response;
});
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authServerMock.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = new AuthorizationState(TestScopes) {
Callback = ClientCallback,
};
var result = client.ExchangeUserCredentialForToken(ResourceOwnerUsername, ResourceOwnerPassword, clientRequestedScopes);
Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes));
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public async Task ResourceOwnerScopeOverride() {
var clientRequestedScopes = new[] { "scope1", "scope2" };
var serverOverriddenScopes = new[] { "scope1", "differentScope" };
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>()))
.Returns<string, string, IAccessTokenRequest>((un, pw, req) => {
var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername);
response.ApprovedScope.Clear();
response.ApprovedScope.UnionWith(serverOverriddenScopes);
return response;
});
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(authServerMock.Object);
return await server.HandleTokenRequestAsync(req, ct);
});
var client = new WebServerClient(AuthorizationServerDescription, hostFactories: this.HostFactories);
var result = await client.ExchangeUserCredentialForTokenAsync(ResourceOwnerUsername, ResourceOwnerPassword, clientRequestedScopes);
Assert.That(result.Scope, Is.EquivalentTo(serverOverriddenScopes));
}
public async Task CreateAccessTokenSeesAuthorizingUserResourceOwnerGrant() {
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>()))
.Returns<string, string, IAccessTokenRequest>((un, pw, req) => {
var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername);
Assert.That(req.UserName, Is.EqualTo(ResourceOwnerUsername));
return response;
});
Handle(AuthorizationServerDescription.TokenEndpoint).By(
async (req, ct) => {
var server = new AuthorizationServer(authServerMock.Object);
return await server.HandleTokenRequestAsync(req, ct);
});
var client = new WebServerClient(AuthorizationServerDescription, hostFactories: this.HostFactories);
var result = await client.ExchangeUserCredentialForTokenAsync(ResourceOwnerUsername, ResourceOwnerPassword, TestScopes);
Assert.That(result.AccessToken, Is.Not.Null);
}
public void CreateAccessTokenSeesAuthorizingUserResourceOwnerGrant() {
var authServerMock = CreateAuthorizationServerMock();
authServerMock
.Setup(a => a.CheckAuthorizeResourceOwnerCredentialGrant(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>()))
.Returns<string, string, IAccessTokenRequest>((un, pw, req) => {
var response = new AutomatedUserAuthorizationCheckResponse(req, true, ResourceOwnerUsername);
Assert.That(req.UserName, Is.EqualTo(ResourceOwnerUsername));
return response;
});
var coordinator = new OAuth2Coordinator<WebServerClient>(
AuthorizationServerDescription,
authServerMock.Object,
new WebServerClient(AuthorizationServerDescription),
client => {
var authState = new AuthorizationState(TestScopes) {
Callback = ClientCallback,
};
var result = client.ExchangeUserCredentialForToken(ResourceOwnerUsername, ResourceOwnerPassword, TestScopes);
Assert.That(result.AccessToken, Is.Not.Null);
},
server => {
server.HandleTokenRequest().Respond();
});
coordinator.Run();
}
public AutomatedAuthorizationCheckResponse CheckAuthorizeClientCredentialsGrant(IAccessTokenRequest accessRequest)
{
AutomatedUserAuthorizationCheckResponse response = new AutomatedUserAuthorizationCheckResponse(accessRequest, true, "test");
return response;
}