public async Task FailsToCreateAuthorizationRequest_CodeChallengeMethod_IsNotSHA256() { // Arrange var parameters = new Dictionary <string, string[]> { [OpenIdConnectParameterNames.ClientId] = new[] { "a" }, [OpenIdConnectParameterNames.RedirectUri] = new[] { "http://www.example.com/callback" }, [OpenIdConnectParameterNames.ResponseType] = new[] { "code" }, [OpenIdConnectParameterNames.ResponseMode] = new[] { "form_post" }, [OpenIdConnectParameterNames.Nonce] = new[] { "asdf" }, [OpenIdConnectParameterNames.Scope] = new[] { " openid profile " }, [OpenIdConnectParameterNames.State] = new[] { "state" }, [ProofOfKeyForCodeExchangeParameterNames.CodeChallenge] = new[] { "0123456789012345678901234567890123456789012" }, [ProofOfKeyForCodeExchangeParameterNames.CodeChallengeMethod] = new[] { "plain" } }; var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.InvalidCodeChallengeMethod("plain"), null, null); expectedError.Message.State = "state"; var factory = CreateAuthorizationRequestFactory(); // Act var result = await factory.CreateAuthorizationRequestAsync(parameters); // Assert Assert.False(result.IsValid); Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance); Assert.Equal("http://www.example.com/callback", result.Error.RedirectUri); Assert.Equal(OpenIdConnectResponseMode.FormPost, result.Error.ResponseMode); }
public async Task FailsToCreateAuthorizationRequest_Prompt_IncludesUnknownValue() { // Arrange var parameters = new Dictionary <string, string[]> { [OpenIdConnectParameterNames.ClientId] = new[] { "a" }, [OpenIdConnectParameterNames.RedirectUri] = new[] { "http://www.example.com/callback" }, [OpenIdConnectParameterNames.ResponseType] = new[] { "code" }, [OpenIdConnectParameterNames.ResponseMode] = new[] { "form_post" }, [OpenIdConnectParameterNames.Nonce] = new[] { "asdf" }, [OpenIdConnectParameterNames.Scope] = new[] { " openid profile " }, [OpenIdConnectParameterNames.State] = new[] { "state" }, [OpenIdConnectParameterNames.Prompt] = new[] { "login consent select_account unknown" } }; var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.InvalidPromptValue("unknown"), null, null); expectedError.Message.State = "state"; var factory = CreateAuthorizationRequestFactory(); // Act var result = await factory.CreateAuthorizationRequestAsync(parameters); // Assert Assert.False(result.IsValid); Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance); Assert.Equal("http://www.example.com/callback", result.Error.RedirectUri); Assert.Equal(OpenIdConnectResponseMode.FormPost, result.Error.ResponseMode); }
public async Task SuccessfullyCreatesARequest_WithAnyValidCombinationOfPromptValues(string promptValues) { // Arrange var parameters = new Dictionary <string, string[]> { [OpenIdConnectParameterNames.ClientId] = new[] { "a" }, [OpenIdConnectParameterNames.RedirectUri] = new[] { "http://www.example.com/callback" }, [OpenIdConnectParameterNames.ResponseType] = new[] { "code" }, [OpenIdConnectParameterNames.ResponseMode] = new[] { "form_post" }, [OpenIdConnectParameterNames.Nonce] = new[] { "asdf" }, [OpenIdConnectParameterNames.Scope] = new[] { " openid profile " }, [OpenIdConnectParameterNames.State] = new[] { "state" }, [OpenIdConnectParameterNames.Prompt] = new[] { promptValues } }; var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.InvalidPromptValue("unknown"), null, null); var factory = CreateAuthorizationRequestFactory(); // Act var result = await factory.CreateAuthorizationRequestAsync(parameters); // Assert Assert.True(result.IsValid); }
public async Task FailsToCreateAuthorizationRequest_IfRequestAsksForIdToken_ButOpenIdScopeIsMissing(string responseType) { // Arrange var parameters = new Dictionary <string, string[]> { [OpenIdConnectParameterNames.State] = new[] { "state" }, [OpenIdConnectParameterNames.ClientId] = new[] { "a" }, [OpenIdConnectParameterNames.RedirectUri] = new[] { "http://www.example.com/callback" }, [OpenIdConnectParameterNames.ResponseType] = new[] { responseType }, [OpenIdConnectParameterNames.ResponseMode] = new[] { "form_post" }, [OpenIdConnectParameterNames.Scope] = new[] { "offline_access" }, [OpenIdConnectParameterNames.Nonce] = new[] { "nonce" } }; var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.MissingOpenIdScope(), null, null); expectedError.Message.State = "state"; var factory = CreateAuthorizationRequestFactory(); // Act var result = await factory.CreateAuthorizationRequestAsync(parameters); // Assert Assert.False(result.IsValid); Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance); Assert.Equal("http://www.example.com/callback", result.Error.RedirectUri); Assert.Equal(OpenIdConnectResponseMode.FormPost, result.Error.ResponseMode); }
public async Task FailsToCreateAuthorizationRequest_IfScopesResolver_DeterminesThereAreInvalidScopes() { // Arrange var parameters = new Dictionary <string, string[]> { [OpenIdConnectParameterNames.State] = new[] { "state" }, [OpenIdConnectParameterNames.ClientId] = new[] { "a" }, [OpenIdConnectParameterNames.RedirectUri] = new[] { "http://www.example.com/callback" }, [OpenIdConnectParameterNames.ResponseType] = new[] { "code" }, [OpenIdConnectParameterNames.ResponseMode] = new[] { "form_post" }, [OpenIdConnectParameterNames.Scope] = new[] { "openid invalid" }, }; var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.InvalidScope("openid"), null, null); expectedError.Message.State = "state"; var factory = CreateAuthorizationRequestFactory(validClientId: true, validRedirectUri: true, validScopes: false); // Act var result = await factory.CreateAuthorizationRequestAsync(parameters); // Assert Assert.False(result.IsValid); Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance); Assert.Equal("http://www.example.com/callback", result.Error.RedirectUri); Assert.Equal(OpenIdConnectResponseMode.FormPost, result.Error.ResponseMode); }
public async Task FailsToCreateAuthorizationRequest_ResponseModeAndResponseType_AreIncompatible(string responseType, string responseMode) { // Arrange var parameters = new Dictionary <string, string[]> { [OpenIdConnectParameterNames.State] = new[] { "state" }, [OpenIdConnectParameterNames.ClientId] = new[] { "a" }, [OpenIdConnectParameterNames.RedirectUri] = new[] { "http://www.example.com/callback" }, [OpenIdConnectParameterNames.ResponseType] = new[] { responseType }, [OpenIdConnectParameterNames.ResponseMode] = new[] { responseMode } }; var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.InvalidResponseTypeModeCombination(responseType, responseMode), null, null); expectedError.Message.State = "state"; var factory = CreateAuthorizationRequestFactory(); // Act var result = await factory.CreateAuthorizationRequestAsync(parameters); // Assert Assert.False(result.IsValid); Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance); Assert.Equal("http://www.example.com/callback", result.Error.RedirectUri); Assert.Equal(OpenIdConnectResponseMode.Query, result.Error.ResponseMode); }
public async Task FailsToCreateAuthorizationRequest_IfScope_IsMissingOrEmpty(string scope) { // Arrange var parameters = new Dictionary <string, string[]> { [OpenIdConnectParameterNames.State] = new[] { "state" }, [OpenIdConnectParameterNames.ClientId] = new[] { "a" }, [OpenIdConnectParameterNames.RedirectUri] = new[] { "http://www.example.com/callback" }, [OpenIdConnectParameterNames.ResponseType] = new[] { "code" }, [OpenIdConnectParameterNames.ResponseMode] = new[] { "form_post" }, }; if (scope != null) { parameters[OpenIdConnectParameterNames.Scope] = new[] { scope }; } var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.MissingRequiredParameter(OpenIdConnectParameterNames.Scope), null, null); expectedError.Message.State = "state"; var factory = CreateAuthorizationRequestFactory(); // Act var result = await factory.CreateAuthorizationRequestAsync(parameters); // Assert Assert.False(result.IsValid); Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance); Assert.Equal("http://www.example.com/callback", result.Error.RedirectUri); Assert.Equal(OpenIdConnectResponseMode.FormPost, result.Error.ResponseMode); }
public async Task FailsToCreateAuthorizationRequest_RedirectUris_ContainsFragment() { // Arrange var parameters = new Dictionary <string, string[]> { [OpenIdConnectParameterNames.State] = new[] { "state" }, [OpenIdConnectParameterNames.ClientId] = new[] { "a" }, [OpenIdConnectParameterNames.RedirectUri] = new[] { "http://www.example.com/callback#fragment" } }; var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.InvalidUriFormat("http://www.example.com/callback#fragment"), null, null); expectedError.Message.State = "state"; var factory = CreateAuthorizationRequestFactory(validRedirectUri: false); // Act var result = await factory.CreateAuthorizationRequestAsync(parameters); // Assert Assert.False(result.IsValid); Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance); Assert.Null(result.Error.RedirectUri); Assert.Null(result.Error.ResponseMode); }
public async Task FailsToCreateAuthorizationRequest_ResponseType_ContainsOtherValuesAlongWithNone() { // Arrange var parameters = new Dictionary <string, string[]> { [OpenIdConnectParameterNames.State] = new[] { "state" }, [OpenIdConnectParameterNames.ClientId] = new[] { "a" }, [OpenIdConnectParameterNames.RedirectUri] = new[] { "http://www.example.com/callback" }, [OpenIdConnectParameterNames.ResponseType] = new[] { "code none" } }; var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.ResponseTypeNoneNotAllowed(), null, null); expectedError.Message.State = "state"; var factory = CreateAuthorizationRequestFactory(); // Act var result = await factory.CreateAuthorizationRequestAsync(parameters); // Assert Assert.False(result.IsValid); Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance); Assert.Equal("http://www.example.com/callback", result.Error.RedirectUri); Assert.Equal(OpenIdConnectResponseMode.Fragment, result.Error.ResponseMode); }
public async Task FailsToCreateAuthorizationRequest_IfMultipleRedirectUris_ArePresent() { // Arrange var parameters = new Dictionary <string, string[]> { [OpenIdConnectParameterNames.State] = new[] { "state" }, [OpenIdConnectParameterNames.ClientId] = new[] { "a" }, [OpenIdConnectParameterNames.RedirectUri] = new[] { "a", "b" } }; var expectedError = new AuthorizationRequestError(ProtocolErrorProvider.TooManyParameters(OpenIdConnectParameterNames.RedirectUri), null, null); expectedError.Message.State = "state"; var factory = CreateAuthorizationRequestFactory(); // Act var result = await factory.CreateAuthorizationRequestAsync(parameters); // Assert Assert.False(result.IsValid); Assert.Equal(expectedError, result.Error, IdentityServiceErrorComparer.Instance); Assert.Null(result.Error.RedirectUri); Assert.Null(result.Error.ResponseMode); }
public static AuthorizeResult Forbidden(AuthorizationRequestError error) { return(new AuthorizeResult(error)); }
private AuthorizeResult(AuthorizationRequestError error) { Error = error; Status = AuthorizationStatus.Forbidden; }
public static AuthorizationRequest Invalid(AuthorizationRequestError authorizationRequestError) { return(new AuthorizationRequest(authorizationRequestError)); }
private AuthorizationRequest(AuthorizationRequestError error) { IsValid = false; Error = error; }