private AccessGrant AuthenticateClient(bool expectParamBasedClientAuthentication, string responseFile) { OAuth2Template testedOAuth2Template = expectParamBasedClientAuthentication ? oAuth2TemplateParamBasedClientAuthentication : oAuth2Template; HttpHeaders responseHeaders = new HttpHeaders(); responseHeaders.ContentType = MediaType.APPLICATION_JSON; MockRestServiceServer mockServer = MockRestServiceServer.CreateServer(testedOAuth2Template.RestTemplate); IRequestActions requestActions = mockServer.ExpectNewRequest() .AndExpectUri(ACCESS_TOKEN_URL) .AndExpectMethod(HttpMethod.POST) .AndExpectBody((expectParamBasedClientAuthentication ? "client_id=client_id&client_secret=client_secret&" : "") + "grant_type=client_credentials&scope=read%2Cwrite"); if (!expectParamBasedClientAuthentication) { requestActions.AndExpectHeader("Authorization", "Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ="); } requestActions.AndRespondWith(new AssemblyResource(responseFile, typeof(OAuth2TemplateTests)), responseHeaders); OAuth2Parameters parameters = new OAuth2Parameters(); parameters.Scope = "read,write"; #if NET_4_0 || SILVERLIGHT_5 AccessGrant accessGrant = testedOAuth2Template.AuthenticateClientAsync("read,write").Result; #else AccessGrant accessGrant = testedOAuth2Template.AuthenticateClient("read,write"); #endif return(accessGrant); }
// private helpers private AccessGrant ExchangeForAccess(bool expectParamBasedClientAuthentication, string responseFile) { OAuth2Template testedOAuth2Template = expectParamBasedClientAuthentication ? oAuth2TemplateParamBasedClientAuthentication : oAuth2Template; HttpHeaders responseHeaders = new HttpHeaders(); responseHeaders.ContentType = MediaType.APPLICATION_JSON; MockRestServiceServer mockServer = MockRestServiceServer.CreateServer(testedOAuth2Template.RestTemplate); IRequestActions requestActions = mockServer.ExpectNewRequest() .AndExpectUri(ACCESS_TOKEN_URL) .AndExpectMethod(HttpMethod.POST) .AndExpectBody((expectParamBasedClientAuthentication ? "client_id=client_id&client_secret=client_secret&" : "") + "code=code&redirect_uri=http%3A%2F%2Fwww.someclient.com%2Fcallback&grant_type=authorization_code"); if (!expectParamBasedClientAuthentication) { requestActions.AndExpectHeader("Authorization", "Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ="); } requestActions.AndRespondWith(new AssemblyResource(responseFile, typeof(OAuth2TemplateTests)), responseHeaders); #if NET_4_0 || SILVERLIGHT_5 AccessGrant accessGrant = testedOAuth2Template.ExchangeForAccessAsync("code", "http://www.someclient.com/callback", null).Result; #else AccessGrant accessGrant = testedOAuth2Template.ExchangeForAccess("code", "http://www.someclient.com/callback", null); #endif return(accessGrant); }
public void RefreshAccessToken_JsonResponse_NoExpiresIn() { AccessGrant accessGrant = this.RefreshAcces(false, "RefreshToken_NoExpiresIn.json"); Assert.AreEqual("8d0a88a5c4f1ae4937ad864cafa8e857", accessGrant.AccessToken); Assert.AreEqual("6b0411401bf8751e34f57feb29fb8e32", accessGrant.RefreshToken); Assert.IsNull(accessGrant.ExpireTime); Assert.IsNull(accessGrant.Scope); }
public void ExchangeForAccess_JsonResponse_ExpiresInAsNonNumericString() { AccessGrant accessGrant = this.ExchangeForAccess(false, "AccessToken_ExpiresInAsNonNumericString.json"); Assert.AreEqual("8d0a88a5c4f1ae4937ad864cafa8e857", accessGrant.AccessToken); Assert.AreEqual("6b0411401bf8751e34f57feb29fb8e32", accessGrant.RefreshToken); Assert.IsNull(accessGrant.ExpireTime); Assert.AreEqual("read", accessGrant.Scope); }
public void AuthenticateClient_ParamBasedClientAuthentication_JsonResponse() { AccessGrant accessGrant = this.AuthenticateClient(true, "AccessToken_NoUser.json"); Assert.AreEqual("8d0a88a5c4f1ae4937ad864cafa8e857", accessGrant.AccessToken); DateTime approximateExpirationTime = DateTime.UtcNow.AddMilliseconds(40735000); DateTime actualExpirationTime = accessGrant.ExpireTime.Value; //allow for 1 second of wiggle room on expiration time. Assert.IsTrue((approximateExpirationTime - actualExpirationTime).Milliseconds < 1000); Assert.AreEqual("read,write", accessGrant.Scope); }
public void RefreshAccessToken_ParamBasedClientAuthentication_JsonResponse() { AccessGrant accessGrant = this.RefreshAcces(true, "RefreshToken.json"); Assert.AreEqual("8d0a88a5c4f1ae4937ad864cafa8e857", accessGrant.AccessToken); Assert.AreEqual("6b0411401bf8751e34f57feb29fb8e32", accessGrant.RefreshToken); DateTime approximateExpirationTime = DateTime.UtcNow.AddMilliseconds(40735000); DateTime actualExpirationTime = accessGrant.ExpireTime.Value; //allow for 1 second of wiggle room on expiration time. Assert.IsTrue((approximateExpirationTime - actualExpirationTime).Milliseconds < 1000); Assert.IsNull(accessGrant.Scope); }
public void ExchangeCredentialsForAccess_JsonResponse() { AccessGrant accessGrant = this.ExchangeCredentialsForAccess(false, "AccessToken.json"); Assert.AreEqual("8d0a88a5c4f1ae4937ad864cafa8e857", accessGrant.AccessToken); Assert.AreEqual("6b0411401bf8751e34f57feb29fb8e32", accessGrant.RefreshToken); DateTime approximateExpirationTime = DateTime.UtcNow.AddMilliseconds(40735000); DateTime actualExpirationTime = accessGrant.ExpireTime.Value; //allow for 1 second of wiggle room on expiration time. Assert.IsTrue((approximateExpirationTime - actualExpirationTime).Milliseconds < 1000); Assert.AreEqual("read", accessGrant.Scope); }
/// <summary> /// Asynchronously posts the request for an access grant to the provider. /// </summary> /// <remarks> /// The default implementation uses RestTemplate to request the access token and expects a JSON response to be bound to a dictionary. /// The information in the dictionary will be used to create an <see cref="AccessGrant"/>. /// Since the OAuth 2 specification indicates that an access token response should be in JSON format, there's often no need to override this method. /// If all you need to do is capture provider-specific data in the response, you should override CreateAccessGrant() instead. /// However, in the event of a provider whose access token response is non-JSON, /// you may need to override this method to request that the response be bound to something other than a dictionary. /// For example, if the access token response is given as form-encoded, this method should be overridden to call RestTemplate.PostForObject() /// asking for the response to be bound to a NameValueCollection (whose contents can then be used to create an <see cref="AccessGrant"/>). /// </remarks> /// <param name="accessTokenUrl">The URL of the provider's access token endpoint.</param> /// <param name="request">The request data to post to the access token endpoint.</param> /// <param name="operationCompleted"> /// The <code>Action<T></code> to perform when the asynchronous request completes. /// Provides the OAuth2 access token. /// </param> /// <returns> /// A <see cref="RestOperationCanceler"/> instance that allows to cancel the asynchronous operation. /// </returns> protected virtual RestOperationCanceler PostForAccessGrantAsync(string accessTokenUrl, NameValueCollection request, Action <RestOperationCompletedEventArgs <AccessGrant> > operationCompleted) { return(this.restTemplate.PostForObjectAsync <JsonValue>(accessTokenUrl, request, r => { if (r.Error == null) { AccessGrant token = this.ExtractAccessGrant(r.Response); operationCompleted(new RestOperationCompletedEventArgs <AccessGrant>(token, null, false, r.UserState)); } else { operationCompleted(new RestOperationCompletedEventArgs <AccessGrant>(null, r.Error, r.Cancelled, r.UserState)); } })); }
protected override RestOperationCanceler PostForAccessGrantAsync(string accessTokenUrl, NameValueCollection request, Action<RestOperationCompletedEventArgs<AccessGrant>> operationCompleted) { return this.RestTemplate.PostForObjectAsync<NameValueCollection>(accessTokenUrl, request, r => { if (r.Error == null) { string expires = r.Response["expires"]; AccessGrant token = new AccessGrant(r.Response["access_token"], null, null, expires != null ? new Nullable<int>(Int32.Parse(expires)) : null); operationCompleted(new RestOperationCompletedEventArgs<AccessGrant>(token, null, false, r.UserState)); } else { operationCompleted(new RestOperationCompletedEventArgs<AccessGrant>(null, r.Error, r.Cancelled, r.UserState)); } }); }