public async Task Expired_RefreshToken()
{
var refreshToken = new RefreshToken
{
AccessToken = new Token("access_token") { Client = new Client() { ClientId = "roclient" } },
LifeTime = 10,
CreationTime = DateTimeOffset.UtcNow.AddSeconds(-15)
};
var handle = Guid.NewGuid().ToString();
var store = new InMemoryRefreshTokenStore();
await store.StoreAsync(handle, refreshToken);
var client = await _clients.FindClientByIdAsync("roclient");
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token");
parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant);
}
public async Task Non_existing_RefreshToken()
{
var store = new InMemoryRefreshTokenStore();
var client = await _clients.FindClientByIdAsync("roclient");
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token");
parameters.Add(OidcConstants.TokenRequest.RefreshToken, "nonexistent");
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant);
}
public async Task RefreshTokenTooLong()
{
var store = new InMemoryRefreshTokenStore();
var client = await _clients.FindClientByIdAsync("roclient");
var options = new IdentityServerOptions();
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store);
var longRefreshToken = "x".Repeat(options.InputLengthRestrictions.RefreshToken + 1);
var parameters = new NameValueCollection();
parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token");
parameters.Add(OidcConstants.TokenRequest.RefreshToken, longRefreshToken);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant);
}
public static TokenRequestValidator CreateTokenRequestValidator(
IdentityServerOptions options = null,
IScopeStore scopes = null,
IAuthorizationCodeStore authorizationCodeStore = null,
IRefreshTokenStore refreshTokens = null,
IResourceOwnerPasswordValidator resourceOwnerValidator = null,
IProfileService profile = null,
IEnumerable<ICustomGrantValidator> customGrantValidators = null,
ICustomRequestValidator customRequestValidator = null,
ScopeValidator scopeValidator = null)
{
if (options == null)
{
options = TestIdentityServerOptions.Create();
}
if (scopes == null)
{
scopes = new InMemoryScopeStore(TestScopes.Get());
}
if (resourceOwnerValidator == null)
{
resourceOwnerValidator = new TestResourceOwnerPasswordValidator();
}
if (profile == null)
{
profile = new TestProfileService();
}
if (customRequestValidator == null)
{
customRequestValidator = new DefaultCustomRequestValidator();
}
CustomGrantValidator aggregateCustomValidator;
if (customGrantValidators == null)
{
aggregateCustomValidator = new CustomGrantValidator(new [] { new TestGrantValidator() }, new Logger<CustomGrantValidator>(new LoggerFactory()));
}
else
{
aggregateCustomValidator = new CustomGrantValidator(customGrantValidators, new Logger<CustomGrantValidator>(new LoggerFactory()));
}
if (refreshTokens == null)
{
refreshTokens = new InMemoryRefreshTokenStore();
}
if (scopeValidator == null)
{
scopeValidator = new ScopeValidator(scopes, new LoggerFactory());
}
return new TokenRequestValidator(
options,
authorizationCodeStore,
refreshTokens,
resourceOwnerValidator,
profile,
aggregateCustomValidator,
customRequestValidator,
scopeValidator,
new DefaultEventService(new LoggerFactory()),
new LoggerFactory());
}
public async Task Client_has_no_OfflineAccess_Scope_anymore_at_RefreshToken_Request()
{
var refreshToken = new RefreshToken
{
AccessToken = new Token("access_token")
{
Client = new Client
{
ClientId = "roclient_restricted"
},
},
LifeTime = 600,
CreationTime = DateTimeOffset.UtcNow
};
var handle = Guid.NewGuid().ToString();
var store = new InMemoryRefreshTokenStore();
await store.StoreAsync(handle, refreshToken);
var client = await _clients.FindClientByIdAsync("roclient_restricted");
var validator = Factory.CreateTokenRequestValidator(
refreshTokens: store);
var parameters = new NameValueCollection();
parameters.Add(Constants.TokenRequest.GrantType, "refresh_token");
parameters.Add(Constants.TokenRequest.RefreshToken, handle);
var result = await validator.ValidateRequestAsync(parameters, client);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.TokenErrors.InvalidGrant);
}