public static IIdentityServerBuilder AddIdentityServer(this IServiceCollection services, Action<IdentityServerOptions> setupAction = null)
{
services.AddAuthentication();
var options = new IdentityServerOptions();
if (setupAction != null)
{
setupAction(options);
}
services.AddInstance(options);
services.AddTransient<IdentityServerContext>();
services.AddEndpoints(options.Endpoints);
services.AddCoreValidators();
services.AddPluggableValidators();
services.AddResponseGenerators();
services.AddSecretParsers();
services.AddSecretValidators();
services.AddInMemoryTransientStores();
services.AddCoreServices();
services.AddHostServices();
return new IdentityServerBuilder(services);
}
public UserInfoEndpoint(IdentityServerOptions options, ITokenValidator tokenValidator, IUserInfoResponseGenerator generator, BearerTokenUsageValidator tokenUsageValidator, IEventService events, ILogger<UserInfoEndpoint> logger)
{
_options = options;
_tokenValidator = tokenValidator;
_tokenUsageValidator = tokenUsageValidator;
_generator = generator;
_events = events;
_logger = logger;
}
public DiscoveryEndpoint(IdentityServerOptions options, IdentityServerContext context, IScopeStore scopes, ILogger<DiscoveryEndpoint> logger, ISigningKeyService keyService, CustomGrantValidator customGrants, SecretParser parsers)
{
_options = options;
_scopes = scopes;
_logger = logger;
_keyService = keyService;
_context = context;
_customGrants = customGrants;
_parsers = parsers;
}
public static IIdentityServerBuilder AddIdentityServer(this IServiceCollection services, Action<IdentityServerOptions> setupAction = null)
{
var options = new IdentityServerOptions();
if (setupAction != null)
{
setupAction(options);
}
return services.AddIdentityServer(options);
}
public TokenValidator(IdentityServerOptions options, IdentityServerContext context, IClientStore clients, ITokenHandleStore tokenHandles, ICustomTokenValidator customValidator, ISigningKeyService keyService, ILogger<TokenValidator> logger)
{
_options = options;
_context = context;
_clients = clients;
_tokenHandles = tokenHandles;
_customValidator = customValidator;
_keyService = keyService;
_logger = logger;
_log = new TokenValidationLog();
}
public static AuthorizeRequestValidator CreateAuthorizeRequestValidator(
IdentityServerOptions options = null,
IScopeStore scopes = null,
IClientStore clients = null,
IProfileService profile = null,
ICustomRequestValidator customValidator = null,
IRedirectUriValidator uriValidator = null,
ScopeValidator scopeValidator = null,
IDictionary<string, object> environment = null)
{
if (options == null)
{
options = TestIdentityServerOptions.Create();
}
if (scopes == null)
{
scopes = new InMemoryScopeStore(TestScopes.Get());
}
if (clients == null)
{
clients = new InMemoryClientStore(TestClients.Get());
}
if (customValidator == null)
{
customValidator = new DefaultCustomRequestValidator();
}
if (uriValidator == null)
{
uriValidator = new StrictRedirectUriValidator();
}
if (scopeValidator == null)
{
scopeValidator = new ScopeValidator(scopes, new LoggerFactory());
}
var sessionCookie = new SessionCookie(IdentityServerContextHelper.Create(null, options));
return new AuthorizeRequestValidator(
options,
clients,
customValidator,
uriValidator,
scopeValidator,
sessionCookie,
new Logger<AuthorizeRequestValidator>(new LoggerFactory())
);
}
public TokenRequestValidator(IdentityServerOptions options, IAuthorizationCodeStore authorizationCodes, IRefreshTokenStore refreshTokens, IUserService users, CustomGrantValidator customGrantValidator, ICustomRequestValidator customRequestValidator, ScopeValidator scopeValidator, IEventService events, ILoggerFactory loggerFactory)
{
_logger = loggerFactory.CreateLogger<TokenRequestValidator>();
_options = options;
_authorizationCodes = authorizationCodes;
_refreshTokens = refreshTokens;
_users = users;
_customGrantValidator = customGrantValidator;
_customRequestValidator = customRequestValidator;
_scopeValidator = scopeValidator;
_events = events;
}
public AuthorizeInteractionResponseGenerator(
ILogger<AuthorizeInteractionResponseGenerator> logger,
IdentityServerOptions options,
IConsentService consent,
IUserService users,
ILocalizationService localizationService)
{
_logger = logger;
_options = options;
_consent = consent;
_users = users;
_localizationService = localizationService;
}
public AuthorizeInteractionResponseGenerator(
ILogger<AuthorizeInteractionResponseGenerator> logger,
IdentityServerOptions options,
IConsentService consent,
IProfileService profile,
ILocalizationService localizationService)
{
_logger = logger;
_options = options;
_consent = consent;
_profile = profile;
_localizationService = localizationService;
}
public TokenRequestValidator(IdentityServerOptions options, IAuthorizationCodeStore authorizationCodes, IRefreshTokenStore refreshTokens, IResourceOwnerPasswordValidator resourceOwnerValidator, IProfileService profile, CustomGrantValidator customGrantValidator, ICustomRequestValidator customRequestValidator, ScopeValidator scopeValidator, IEventService events, ILoggerFactory loggerFactory)
{
_logger = loggerFactory.CreateLogger<TokenRequestValidator>();
_options = options;
_authorizationCodes = authorizationCodes;
_refreshTokens = refreshTokens;
_resourceOwnerValidator = resourceOwnerValidator;
_profile = profile;
_customGrantValidator = customGrantValidator;
_customRequestValidator = customRequestValidator;
_scopeValidator = scopeValidator;
_events = events;
}
public static IdentityServerOptions Create()
{
var options = new IdentityServerOptions
{
IssuerUri = "https://idsrv3.com",
SiteName = "IdentityServer3 - test",
//todo
//DataProtector = new NoDataProtector(),
};
options.SigningCertificate = TestCert.Load();
return options;
}
public AuthorizeRequestValidator(
IdentityServerOptions options,
IClientStore clients,
ICustomRequestValidator customValidator,
IRedirectUriValidator uriValidator,
ScopeValidator scopeValidator,
SessionCookie sessionCookie,
ILogger<AuthorizeRequestValidator> logger)
{
_options = options;
_clients = clients;
_customValidator = customValidator;
_uriValidator = uriValidator;
_scopeValidator = scopeValidator;
_sessionCookie = sessionCookie;
_logger = logger;
}
public async Task RefreshTokenTooLong()
{
var store = new InMemoryRefreshTokenStore();
var client = await _clients.FindClientByIdAsync("roclient");
var options = new IdentityServerOptions();
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store);
var longRefreshToken = "x".Repeat(options.InputLengthRestrictions.RefreshToken + 1);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token");
parameters.Add(OidcConstants.TokenRequest.RefreshToken, longRefreshToken);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant);
}
public async Task AuthorizationCodeTooLong()
{
var client = await _clients.FindClientByIdAsync("codeclient");
var store = new InMemoryAuthorizationCodeStore();
var options = new IdentityServerOptions();
var code = new AuthorizationCode
{
Client = client,
IsOpenId = true,
RedirectUri = "https://server/cb",
};
await store.StoreAsync("valid", code);
var validator = Factory.CreateTokenRequestValidator(
authorizationCodeStore: store);
var longCode = "x".Repeat(options.InputLengthRestrictions.AuthorizationCode + 1);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode);
parameters.Add(OidcConstants.TokenRequest.Code, longCode);
parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant);
}
public static TokenRequestValidator CreateTokenRequestValidator(
IdentityServerOptions options = null,
IScopeStore scopes = null,
IAuthorizationCodeStore authorizationCodeStore = null,
IRefreshTokenStore refreshTokens = null,
IResourceOwnerPasswordValidator resourceOwnerValidator = null,
IProfileService profile = null,
IEnumerable<ICustomGrantValidator> customGrantValidators = null,
ICustomRequestValidator customRequestValidator = null,
ScopeValidator scopeValidator = null)
{
if (options == null)
{
options = TestIdentityServerOptions.Create();
}
if (scopes == null)
{
scopes = new InMemoryScopeStore(TestScopes.Get());
}
if (resourceOwnerValidator == null)
{
resourceOwnerValidator = new TestResourceOwnerPasswordValidator();
}
if (profile == null)
{
profile = new TestProfileService();
}
if (customRequestValidator == null)
{
customRequestValidator = new DefaultCustomRequestValidator();
}
CustomGrantValidator aggregateCustomValidator;
if (customGrantValidators == null)
{
aggregateCustomValidator = new CustomGrantValidator(new [] { new TestGrantValidator() }, new Logger<CustomGrantValidator>(new LoggerFactory()));
}
else
{
aggregateCustomValidator = new CustomGrantValidator(customGrantValidators, new Logger<CustomGrantValidator>(new LoggerFactory()));
}
if (refreshTokens == null)
{
refreshTokens = new InMemoryRefreshTokenStore();
}
if (scopeValidator == null)
{
scopeValidator = new ScopeValidator(scopes, new LoggerFactory());
}
return new TokenRequestValidator(
options,
authorizationCodeStore,
refreshTokens,
resourceOwnerValidator,
profile,
aggregateCustomValidator,
customRequestValidator,
scopeValidator,
new DefaultEventService(new LoggerFactory()),
new LoggerFactory());
}
public IdentityServerContext(IHttpContextAccessor contextAccessor, IdentityServerOptions options)
{
HttpContext = contextAccessor.HttpContext;
Options = options;
}
public static IdentityServerContext Create(HttpContext context = null, IdentityServerOptions options = null)
{
var accessor = new HttpContextAccessor();
accessor.HttpContext = context ?? new DefaultHttpContext();
return new IdentityServerContext(accessor, options ?? new IdentityServerOptions());
}
/// <summary>
/// Creates the parser with options
/// </summary>
/// <param name="options">IdentityServer options</param>
public PostBodySecretParser(IdentityServerOptions options, ILoggerFactory loggerFactory)
{
_logger = loggerFactory.CreateLogger<PostBodySecretParser>();
_options = options;
}
/// <summary>
/// Creates the parser with a reference to identity server options
/// </summary>
/// <param name="options">IdentityServer options</param>
public BasicAuthenticationSecretParser(IdentityServerOptions options, ILoggerFactory loggerFactory)
{
_options = options;
_logger = loggerFactory.CreateLogger<BasicAuthenticationSecretParser>();
}
public static IIdentityServerBuilder AddIdentityServer(this IServiceCollection services, IdentityServerOptions options)
{
services.AddSingleton(options);
services.AddAuthentication();
services.AddTransient<IdentityServerContext>();
services.AddEndpoints(options.Endpoints);
services.AddCoreValidators();
services.AddPluggableValidators();
services.AddResponseGenerators();
services.AddSecretParsers();
services.AddSecretValidators();
services.AddInMemoryTransientStores();
services.AddCoreServices();
services.AddHostServices();
return new IdentityServerBuilder(services);
}
public BasicAuthenticationSecretParsing()
{
_options = new IdentityServerOptions();
_parser = new BasicAuthenticationSecretParser(_options, new LoggerFactory());
}
/// <summary>
/// Initializes the services with identity server options
/// </summary>
/// <param name="options"></param>
public DefaultSigningKeyService(IdentityServerOptions options)
{
_options = options;
}
public async Task Reference_Token_Too_Long()
{
var store = new InMemoryTokenHandleStore();
var validator = Factory.CreateTokenValidator(store);
var options = new IdentityServerOptions();
var longToken = "x".Repeat(options.InputLengthRestrictions.TokenHandle + 1);
var result = await validator.ValidateAccessTokenAsync(longToken);
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.ProtectedResourceErrors.InvalidToken);
}
public FormPostCredentialExtraction()
{
_options = new IdentityServerOptions();
_parser = new PostBodySecretParser(_options, new LoggerFactory());
}