public async Task Expired_RefreshToken() { var refreshToken = new RefreshToken { AccessToken = new Token("access_token") { Client = new Client() { ClientId = "roclient" } }, LifeTime = 10, CreationTime = DateTimeOffset.UtcNow.AddSeconds(-15) }; var handle = Guid.NewGuid().ToString(); var store = new InMemoryRefreshTokenStore(); await store.StoreAsync(handle, refreshToken); var client = await _clients.FindClientByIdAsync("roclient"); var validator = Factory.CreateTokenRequestValidator( refreshTokens: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "refresh_token"); parameters.Add(Constants.TokenRequest.RefreshToken, handle); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.InvalidGrant); }
public async Task Non_existing_RefreshToken() { var store = new InMemoryRefreshTokenStore(); var client = await _clients.FindClientByIdAsync("roclient"); var validator = Factory.CreateTokenRequestValidator( refreshTokens: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "refresh_token"); parameters.Add(Constants.TokenRequest.RefreshToken, "nonexistent"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.InvalidGrant); }
public async Task RefreshTokenTooLong() { var store = new InMemoryRefreshTokenStore(); var client = await _clients.FindClientByIdAsync("roclient"); var options = new IdentityServerOptions(); var validator = Factory.CreateTokenRequestValidator( refreshTokens: store); var longRefreshToken = "x".Repeat(options.InputLengthRestrictions.RefreshToken + 1); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "refresh_token"); parameters.Add(Constants.TokenRequest.RefreshToken, longRefreshToken); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.InvalidGrant); }
//public static ClientValidator CreateClientValidator( // IClientStore clients = null, // IClientSecretValidator secretValidator = null) //{ // if (clients == null) // { // clients = new InMemoryClientStore(ClientValidationTestClients.Get()); // } // if (secretValidator == null) // { // secretValidator = new HashedClientSecretValidator(); // } // var owin = new OwinEnvironmentService(new OwinContext()); // return new ClientValidator(clients, secretValidator, owin); //} public static TokenRequestValidator CreateTokenRequestValidator( IdentityServerOptions options = null, IScopeStore scopes = null, IAuthorizationCodeStore authorizationCodeStore = null, IRefreshTokenStore refreshTokens = null, IUserService userService = null, IEnumerable<ICustomGrantValidator> customGrantValidators = null, ICustomRequestValidator customRequestValidator = null, ScopeValidator scopeValidator = null) { if (options == null) { options = TestIdentityServerOptions.Create(); } if (scopes == null) { scopes = new InMemoryScopeStore(TestScopes.Get()); } if (userService == null) { userService = new TestUserService(); } if (customRequestValidator == null) { customRequestValidator = new DefaultCustomRequestValidator(); } CustomGrantValidator aggregateCustomValidator; if (customGrantValidators == null) { aggregateCustomValidator = new CustomGrantValidator(new [] { new TestGrantValidator() }); } else { aggregateCustomValidator = new CustomGrantValidator(customGrantValidators); } if (refreshTokens == null) { refreshTokens = new InMemoryRefreshTokenStore(); } if (scopeValidator == null) { scopeValidator = new ScopeValidator(scopes); } return new TokenRequestValidator( options, authorizationCodeStore, refreshTokens, userService, aggregateCustomValidator, customRequestValidator, scopeValidator, new DefaultEventService()); }
public async Task Valid_RefreshToken_Request_using_Restricted_Client() { var mock = new Mock<IUserService>(); var subjectClaim = new Claim(Constants.ClaimTypes.Subject, "foo"); var refreshToken = new RefreshToken { AccessToken = new Token("access_token") { Claims = new List<Claim> { subjectClaim }, Client = new Client { ClientId = "roclient_restricted_refresh"} }, LifeTime = 600, CreationTime = DateTimeOffset.UtcNow }; var handle = Guid.NewGuid().ToString(); var store = new InMemoryRefreshTokenStore(); await store.StoreAsync(handle, refreshToken); var client = await _clients.FindClientByIdAsync("roclient_restricted_refresh"); var validator = Factory.CreateTokenRequestValidator( refreshTokens: store, userService: mock.Object); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "refresh_token"); parameters.Add(Constants.TokenRequest.RefreshToken, handle); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeFalse(); }
public async Task RefreshToken_Request_with_disabled_User() { var mock = new Mock<IUserService>(); mock.Setup(u => u.IsActiveAsync(It.IsAny<IsActiveContext>())).Callback<IsActiveContext>(ctx => { ctx.IsActive = false; }).Returns(Task.FromResult(0)); var subjectClaim = new Claim(Constants.ClaimTypes.Subject, "foo"); var refreshToken = new RefreshToken { AccessToken = new Token("access_token") { Claims = new List<Claim> { subjectClaim }, Client = new Client() { ClientId = "roclient" } }, LifeTime = 600, CreationTime = DateTimeOffset.UtcNow }; var handle = Guid.NewGuid().ToString(); var store = new InMemoryRefreshTokenStore(); await store.StoreAsync(handle, refreshToken); var client = await _clients.FindClientByIdAsync("roclient"); var validator = Factory.CreateTokenRequestValidator( refreshTokens: store, userService: mock.Object); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "refresh_token"); parameters.Add(Constants.TokenRequest.RefreshToken, handle); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); }
public async Task Client_has_no_Resource_Scope_anymore_at_RefreshToken_Request() { var subjectClaim = new Claim(Constants.ClaimTypes.Subject, "foo"); var resourceScope = new Claim("scope", "resource"); var offlineAccessScope = new Claim("scope", "offline_access"); var refreshToken = new RefreshToken { AccessToken = new Token("access_token") { Claims = new List<Claim> { subjectClaim, resourceScope, offlineAccessScope }, Client = new Client { ClientId = "roclient_offline_only", }, }, LifeTime = 600, CreationTime = DateTimeOffset.UtcNow }; var handle = Guid.NewGuid().ToString(); var store = new InMemoryRefreshTokenStore(); await store.StoreAsync(handle, refreshToken); var client = await _clients.FindClientByIdAsync("roclient_offline_only"); var validator = Factory.CreateTokenRequestValidator( refreshTokens: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "refresh_token"); parameters.Add(Constants.TokenRequest.RefreshToken, handle); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.InvalidGrant); }