tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Backport the constants changes to OpenIddict 1.x

pull/670/head
Kévin Chalet 8 years ago
parent
df6882e684 978c398d7d
commit
0d460a768d
24 changed files with 553 additions and 482 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      samples/Mvc.Server/Controllers/UserinfoController.cs
  2. 10
      samples/Mvc.Server/Startup.cs
  3. 70
      src/OpenIddict.Abstractions/OpenIddictConstants.cs
  4. 72
      src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs
  5. 50
      src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs
  6. 4
      src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs
  7. 10
      src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs
  8. 20
      src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs
  9. 12
      src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs
  10. 10
      src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs
  11. 12
      src/OpenIddict.Server/OpenIddictServerBuilder.cs
  12. 20
      src/OpenIddict.Server/OpenIddictServerExtensions.cs
  13. 16
      src/OpenIddict.Server/OpenIddictServerOptions.cs
  14. 138
      test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Authentication.cs
  15. 33
      test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Discovery.cs
  16. 178
      test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs
  17. 42
      test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs
  18. 22
      test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs
  19. 148
      test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs
  20. 14
      test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs
  21. 5
      test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Userinfo.cs
  22. 104
      test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs
  23. 12
      test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs
  24. 15
      test/OpenIddict.Server.Tests/OpenIddictServerExtensionsTests.cs

18
samples/Mvc.Server/Controllers/UserinfoController.cs
View File

@ -31,7 +31,7 @@ namespace Mvc.Server.Controllers
{
return BadRequest(new OpenIdConnectResponse
{
Error = OpenIdConnectConstants.Errors.InvalidGrant,
Error = OpenIddictConstants.Errors.InvalidGrant,
ErrorDescription = "The user profile is no longer available."
});
}
@ -39,21 +39,21 @@ namespace Mvc.Server.Controllers
var claims = new JObject();
// Note: the "sub" claim is a mandatory claim and must be included in the JSON response.
claims[OpenIdConnectConstants.Claims.Subject] = await _userManager.GetUserIdAsync(user);
claims[OpenIddictConstants.Claims.Subject] = await _userManager.GetUserIdAsync(user);
if (User.HasClaim(OpenIdConnectConstants.Claims.Scope, OpenIdConnectConstants.Scopes.Email))
if (User.HasClaim(OpenIddictConstants.Claims.Scope, OpenIddictConstants.Scopes.Email))
{
claims[OpenIdConnectConstants.Claims.Email] = await _userManager.GetEmailAsync(user);
claims[OpenIdConnectConstants.Claims.EmailVerified] = await _userManager.IsEmailConfirmedAsync(user);
claims[OpenIddictConstants.Claims.Email] = await _userManager.GetEmailAsync(user);
claims[OpenIddictConstants.Claims.EmailVerified] = await _userManager.IsEmailConfirmedAsync(user);
}
if (User.HasClaim(OpenIdConnectConstants.Claims.Scope, OpenIdConnectConstants.Scopes.Phone))
if (User.HasClaim(OpenIddictConstants.Claims.Scope, OpenIddictConstants.Scopes.Phone))
{
claims[OpenIdConnectConstants.Claims.PhoneNumber] = await _userManager.GetPhoneNumberAsync(user);
claims[OpenIdConnectConstants.Claims.PhoneNumberVerified] = await _userManager.IsPhoneNumberConfirmedAsync(user);
claims[OpenIddictConstants.Claims.PhoneNumber] = await _userManager.GetPhoneNumberAsync(user);
claims[OpenIddictConstants.Claims.PhoneNumberVerified] = await _userManager.IsPhoneNumberConfirmedAsync(user);
}
if (User.HasClaim(OpenIdConnectConstants.Claims.Scope, OpenIddictConstants.Scopes.Roles))
if (User.HasClaim(OpenIddictConstants.Claims.Scope, OpenIddictConstants.Scopes.Roles))
{
claims[OpenIddictConstants.Claims.Roles] = JArray.FromObject(await _userManager.GetRolesAsync(user));
}

10
samples/Mvc.Server/Startup.cs
View File

@ -48,9 +48,9 @@ namespace Mvc.Server
// which saves you from doing the mapping in your authorization controller.
services.Configure<IdentityOptions>(options =>
{
options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role;
options.ClaimsIdentity.UserNameClaimType = OpenIddictConstants.Claims.Name;
options.ClaimsIdentity.UserIdClaimType = OpenIddictConstants.Claims.Subject;
options.ClaimsIdentity.RoleClaimType = OpenIddictConstants.Claims.Role;
});
services.AddOpenIddict()
@ -84,8 +84,8 @@ namespace Mvc.Server
.AllowRefreshTokenFlow();
// Mark the "email", "profile" and "roles" scopes as supported scopes.
options.RegisterScopes(OpenIdConnectConstants.Scopes.Email,
OpenIdConnectConstants.Scopes.Profile,
options.RegisterScopes(OpenIddictConstants.Scopes.Email,
OpenIddictConstants.Scopes.Profile,
OpenIddictConstants.Scopes.Roles);
// When request caching is enabled, authorization and logout requests

70
src/OpenIddict.Abstractions/OpenIddictConstants.cs
View File

@ -123,6 +123,61 @@ namespace OpenIddict.Abstractions
public const string ConcurrencyError = "concurrency_error";
}
public static class GrantTypes
{
public const string AuthorizationCode = "authorization_code";
public const string ClientCredentials = "client_credentials";
public const string Implicit = "implicit";
public const string Password = "password";
public const string RefreshToken = "refresh_token";
}
public static class Metadata
{
public const string AcrValuesSupported = "acr_values_supported";
public const string AuthorizationEndpoint = "authorization_endpoint";
public const string ClaimsLocalesSupported = "claims_locales_supported";
public const string ClaimsParameterSupported = "claims_parameter_supported";
public const string ClaimsSupported = "claims_supported";
public const string ClaimTypesSupported = "claim_types_supported";
public const string CodeChallengeMethodsSupported = "code_challenge_methods_supported";
public const string DisplayValuesSupported = "display_values_supported";
public const string EndSessionEndpoint = "end_session_endpoint";
public const string GrantTypesSupported = "grant_types_supported";
public const string IdTokenEncryptionAlgValuesSupported = "id_token_encryption_alg_values_supported";
public const string IdTokenEncryptionEncValuesSupported = "id_token_encryption_enc_values_supported";
public const string IdTokenSigningAlgValuesSupported = "id_token_signing_alg_values_supported";
public const string IntrospectionEndpoint = "introspection_endpoint";
public const string IntrospectionEndpointAuthMethodsSupported = "introspection_endpoint_auth_methods_supported";
public const string IntrospectionEndpointAuthSigningAlgValuesSupported = "introspection_endpoint_auth_signing_alg_values_supported";
public const string Issuer = "issuer";
public const string JwksUri = "jwks_uri";
public const string OpPolicyUri = "op_policy_uri";
public const string OpTosUri = "op_tos_uri";
public const string RequestObjectEncryptionAlgValuesSupported = "request_object_encryption_alg_values_supported";
public const string RequestObjectEncryptionEncValuesSupported = "request_object_encryption_enc_values_supported";
public const string RequestObjectSigningAlgValuesSupported = "request_object_signing_alg_values_supported";
public const string RequestParameterSupported = "request_parameter_supported";
public const string RequestUriParameterSupported = "request_uri_parameter_supported";
public const string RequireRequestUriRegistration = "require_request_uri_registration";
public const string ResponseModesSupported = "response_modes_supported";
public const string ResponseTypesSupported = "response_types_supported";
public const string RevocationEndpoint = "revocation_endpoint";
public const string RevocationEndpointAuthMethodsSupported = "revocation_endpoint_auth_methods_supported";
public const string RevocationEndpointAuthSigningAlgValuesSupported = "revocation_endpoint_auth_signing_alg_values_supported";
public const string ScopesSupported = "scopes_supported";
public const string ServiceDocumentation = "service_documentation";
public const string SubjectTypesSupported = "subject_types_supported";
public const string TokenEndpoint = "token_endpoint";
public const string TokenEndpointAuthMethodsSupported = "token_endpoint_auth_methods_supported";
public const string TokenEndpointAuthSigningAlgValuesSupported = "token_endpoint_auth_signing_alg_values_supported";
public const string UiLocalesSupported = "ui_locales_supported";
public const string UserinfoEncryptionAlgValuesSupported = "userinfo_encryption_alg_values_supported";
public const string UserinfoEncryptionEncValuesSupported = "userinfo_encryption_enc_values_supported";
public const string UserinfoEndpoint = "userinfo_endpoint";
public const string UserinfoSigningAlgValuesSupported = "userinfo_signing_alg_values_supported";
}
public static class Parameters
{
public const string AccessToken = "access_token";
@ -241,6 +296,21 @@ namespace OpenIddict.Abstractions
public const string String = "#public_string";
}
public static class ResponseModes
{
public const string FormPost = "form_post";
public const string Fragment = "fragment";
public const string Query = "query";
}
public static class ResponseTypes
{
public const string Code = "code";
public const string IdToken = "id_token";
public const string None = "none";
public const string Token = "token";
}
public static class Separators
{
public const string Space = " ";

72
src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs
View File

@ -44,7 +44,7 @@ namespace OpenIddict.Server.Internal
"an unsupported parameter: {Parameter}.", "request");
context.Reject(
error: OpenIdConnectConstants.Errors.RequestNotSupported,
error: OpenIddictConstants.Errors.RequestNotSupported,
description: "The 'request' parameter is not supported.");
return;
@ -57,7 +57,7 @@ namespace OpenIddict.Server.Internal
"an unsupported parameter: {Parameter}.", "request_uri");
context.Reject(
error: OpenIdConnectConstants.Errors.RequestUriNotSupported,
error: OpenIddictConstants.Errors.RequestUriNotSupported,
description: "The 'request_uri' parameter is not supported.");
return;
@ -74,7 +74,7 @@ namespace OpenIddict.Server.Internal
"request caching support was not enabled.");
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The 'request_id' parameter is not supported.");
return;
@ -91,7 +91,7 @@ namespace OpenIddict.Server.Internal
"or invalid request_id parameter was specified.");
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The specified 'request_id' parameter is invalid.");
return;
@ -133,7 +133,7 @@ namespace OpenIddict.Server.Internal
"response type is not supported.", context.Request.ResponseType);
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedResponseType,
error: OpenIddictConstants.Errors.UnsupportedResponseType,
description: "The specified 'response_type' parameter is not supported.");
return;
@ -141,50 +141,50 @@ namespace OpenIddict.Server.Internal
// Reject code flow authorization requests if the authorization code flow is not enabled.
if (context.Request.IsAuthorizationCodeFlow() &&
!options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode))
!options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode))
{
logger.LogError("The authorization request was rejected because " +
"the authorization code flow was not enabled.");
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedResponseType,
error: OpenIddictConstants.Errors.UnsupportedResponseType,
description: "The specified 'response_type' parameter is not allowed.");
return;
}
// Reject implicit flow authorization requests if the implicit flow is not enabled.
if (context.Request.IsImplicitFlow() && !options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit))
if (context.Request.IsImplicitFlow() && !options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit))
{
logger.LogError("The authorization request was rejected because the implicit flow was not enabled.");
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedResponseType,
error: OpenIddictConstants.Errors.UnsupportedResponseType,
description: "The specified 'response_type' parameter is not allowed.");
return;
}
// Reject hybrid flow authorization requests if the authorization code or the implicit flows are not enabled.
if (context.Request.IsHybridFlow() && (!options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode) ||
!options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit)))
if (context.Request.IsHybridFlow() && (!options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode) ||
!options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit)))
{
logger.LogError("The authorization request was rejected because the " +
"authorization code flow or the implicit flow was not enabled.");
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedResponseType,
error: OpenIddictConstants.Errors.UnsupportedResponseType,
description: "The specified 'response_type' parameter is not allowed.");
return;
}
// Reject authorization requests that specify scope=offline_access if the refresh token flow is not enabled.
if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) &&
!options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken))
if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) &&
!options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The 'offline_access' scope is not allowed.");
return;
@ -211,7 +211,7 @@ namespace OpenIddict.Server.Internal
logger.LogError("The authentication request was rejected because invalid scopes were specified: {Scopes}.", scopes);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidScope,
error: OpenIddictConstants.Errors.InvalidScope,
description: "The specified 'scope' parameter is not valid.");
return;
@ -229,7 +229,7 @@ namespace OpenIddict.Server.Internal
"response mode is not supported.", context.Request.ResponseMode);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The specified 'response_mode' parameter is not supported.");
return;
@ -242,7 +242,7 @@ namespace OpenIddict.Server.Internal
if (string.IsNullOrEmpty(context.RedirectUri))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The mandatory 'redirect_uri' parameter is missing.");
return;
@ -260,7 +260,7 @@ namespace OpenIddict.Server.Internal
"required 'code_challenge_method' parameter was missing.");
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The 'code_challenge_method' parameter must be specified.");
return;
@ -274,20 +274,20 @@ namespace OpenIddict.Server.Internal
"'code_challenge_method' parameter was set to 'plain'.");
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The specified 'code_challenge_method' parameter is not allowed.");
return;
}
// Reject authorization requests that contain response_type=token when a code_challenge is specified.
if (context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.Token))
if (context.Request.HasResponseType(OpenIddictConstants.ResponseTypes.Token))
{
logger.LogError("The authorization request was rejected because the " +
"specified response type was not compatible with PKCE.");
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The specified 'response_type' parameter is not allowed when using PKCE.");
return;
@ -302,7 +302,7 @@ namespace OpenIddict.Server.Internal
"application was not found: '{ClientId}'.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The specified 'client_id' parameter is invalid.");
return;
@ -317,10 +317,10 @@ namespace OpenIddict.Server.Internal
// Note: when using the authorization code grant, ValidateTokenRequest is responsible of rejecting
// the token request if the client_id corresponds to an unauthenticated confidential client.
if (await applicationManager.IsConfidentialAsync(application) &&
context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.Token))
context.Request.HasResponseType(OpenIddictConstants.ResponseTypes.Token))
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnauthorizedClient,
error: OpenIddictConstants.Errors.UnauthorizedClient,
description: "The specified 'response_type' parameter is not valid for this client application.");
return;
@ -334,7 +334,7 @@ namespace OpenIddict.Server.Internal
"was not allowed to use the authorization endpoint.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.UnauthorizedClient,
error: OpenIddictConstants.Errors.UnauthorizedClient,
description: "This client application is not allowed to use the authorization endpoint.");
return;
@ -350,7 +350,7 @@ namespace OpenIddict.Server.Internal
"was not allowed to use the authorization code flow.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.UnauthorizedClient,
error: OpenIddictConstants.Errors.UnauthorizedClient,
description: "The client application is not allowed to use the authorization code flow.");
return;
@ -364,7 +364,7 @@ namespace OpenIddict.Server.Internal
"was not allowed to use the implicit flow.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.UnauthorizedClient,
error: OpenIddictConstants.Errors.UnauthorizedClient,
description: "The client application is not allowed to use the implicit flow.");
return;
@ -379,7 +379,7 @@ namespace OpenIddict.Server.Internal
"was not allowed to use the hybrid flow.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.UnauthorizedClient,
error: OpenIddictConstants.Errors.UnauthorizedClient,
description: "The client application is not allowed to use the hybrid flow.");
return;
@ -387,14 +387,14 @@ namespace OpenIddict.Server.Internal
// Reject the request if the offline_access scope was request and if
// the application is not allowed to use the refresh token grant type.
if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) &&
if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) &&
!await applicationManager.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.RefreshToken))
{
logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to request the 'offline_access' scope.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The client application is not allowed to use the 'offline_access' scope.");
return;
@ -409,7 +409,7 @@ namespace OpenIddict.Server.Internal
"was invalid: '{RedirectUri}'.", context.RedirectUri);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The specified 'redirect_uri' parameter is not valid for this client application.");
return;
@ -422,8 +422,8 @@ namespace OpenIddict.Server.Internal
foreach (var scope in context.Request.GetScopes())
{
// Avoid validating the "openid" and "offline_access" scopes as they represent protocol scopes.
if (string.Equals(scope, OpenIdConnectConstants.Scopes.OfflineAccess, StringComparison.Ordinal) ||
string.Equals(scope, OpenIdConnectConstants.Scopes.OpenId, StringComparison.Ordinal))
if (string.Equals(scope, OpenIddictConstants.Scopes.OfflineAccess, StringComparison.Ordinal) ||
string.Equals(scope, OpenIddictConstants.Scopes.OpenId, StringComparison.Ordinal))
{
continue;
}
@ -435,7 +435,7 @@ namespace OpenIddict.Server.Internal
"was not allowed to use the scope {Scope}.", context.ClientId, scope);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "This client application is not allowed to use the specified scope.");
return;
@ -483,7 +483,7 @@ namespace OpenIddict.Server.Internal
var address = QueryHelpers.AddQueryString(
uri: context.HttpContext.Request.Scheme + "://" + context.HttpContext.Request.Host +
context.HttpContext.Request.PathBase + context.HttpContext.Request.Path,
name: OpenIdConnectConstants.Parameters.RequestId, value: context.Request.RequestId);
name: OpenIddictConstants.Parameters.RequestId, value: context.Request.RequestId);
context.HttpContext.Response.Redirect(address);

50
src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs
View File

@ -45,18 +45,18 @@ namespace OpenIddict.Server.Internal
"grant type is not supported.", context.Request.GrantType);
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
error: OpenIddictConstants.Errors.UnsupportedGrantType,
description: "The specified 'grant_type' parameter is not supported.");
return;
}
// Reject token requests that specify scope=offline_access if the refresh token flow is not enabled.
if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) &&
!options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken))
if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) &&
!options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The 'offline_access' scope is not allowed.");
return;
@ -70,7 +70,7 @@ namespace OpenIddict.Server.Internal
if (context.Request.IsAuthorizationCodeGrantType() && string.IsNullOrEmpty(context.Request.RedirectUri))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The mandatory 'redirect_uri' parameter is missing.");
return;
@ -82,10 +82,10 @@ namespace OpenIddict.Server.Internal
// that rejects grant_type=client_credentials requests containing the 'offline_access' scope.
// See https://tools.ietf.org/html/rfc6749#section-4.4.3 for more information.
if (context.Request.IsClientCredentialsGrantType() &&
context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess))
context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The 'offline_access' scope is not valid for the specified 'grant_type' parameter.");
return;
@ -112,7 +112,7 @@ namespace OpenIddict.Server.Internal
logger.LogError("The token request was rejected because invalid scopes were specified: {Scopes}.", scopes);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidScope,
error: OpenIddictConstants.Errors.InvalidScope,
description: "The specified 'scope' parameter is not valid.");
return;
@ -126,7 +126,7 @@ namespace OpenIddict.Server.Internal
string.IsNullOrEmpty(context.Request.ClientSecret)))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The 'client_id' and 'client_secret' parameters are " +
"required when using the client credentials grant.");
@ -147,7 +147,7 @@ namespace OpenIddict.Server.Internal
"mandatory client_id parameter was missing or empty.");
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The mandatory 'client_id' parameter is missing.");
return;
@ -169,7 +169,7 @@ namespace OpenIddict.Server.Internal
"application was not found: '{ClientId}'.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
error: OpenIddictConstants.Errors.InvalidClient,
description: "The specified 'client_id' parameter is invalid.");
return;
@ -187,7 +187,7 @@ namespace OpenIddict.Server.Internal
"was not allowed to use the token endpoint.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.UnauthorizedClient,
error: OpenIddictConstants.Errors.UnauthorizedClient,
description: "This client application is not allowed to use the token endpoint.");
return;
@ -203,7 +203,7 @@ namespace OpenIddict.Server.Internal
"use the specified grant type: {GrantType}.", context.ClientId, context.Request.GrantType);
context.Reject(
error: OpenIdConnectConstants.Errors.UnauthorizedClient,
error: OpenIddictConstants.Errors.UnauthorizedClient,
description: "This client application is not allowed to use the specified grant type.");
return;
@ -211,14 +211,14 @@ namespace OpenIddict.Server.Internal
// Reject the request if the offline_access scope was request and if
// the application is not allowed to use the refresh token grant type.
if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) &&
if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) &&
!await applicationManager.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.RefreshToken))
{
logger.LogError("The token request was rejected because the application '{ClientId}' " +
"was not allowed to request the 'offline_access' scope.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The client application is not allowed to use the 'offline_access' scope.");
return;
@ -234,7 +234,7 @@ namespace OpenIddict.Server.Internal
"was not allowed to use the client credentials grant.", context.Request.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.UnauthorizedClient,
error: OpenIddictConstants.Errors.UnauthorizedClient,
description: "The specified 'grant_type' parameter is not valid for this client application.");
return;
@ -247,7 +247,7 @@ namespace OpenIddict.Server.Internal
"was not allowed to send a client secret.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The 'client_secret' parameter is not valid for this client application.");
return;
@ -271,7 +271,7 @@ namespace OpenIddict.Server.Internal
"'{ClientId}' didn't specify a client secret.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
error: OpenIddictConstants.Errors.InvalidClient,
description: "The 'client_secret' parameter required for this client application is missing.");
return;
@ -283,7 +283,7 @@ namespace OpenIddict.Server.Internal
"'{ClientId}' didn't specify valid client credentials.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
error: OpenIddictConstants.Errors.InvalidClient,
description: "The specified client credentials are invalid.");
return;
@ -296,8 +296,8 @@ namespace OpenIddict.Server.Internal
foreach (var scope in context.Request.GetScopes())
{
// Avoid validating the "openid" and "offline_access" scopes as they represent protocol scopes.
if (string.Equals(scope, OpenIdConnectConstants.Scopes.OfflineAccess, StringComparison.Ordinal) ||
string.Equals(scope, OpenIdConnectConstants.Scopes.OpenId, StringComparison.Ordinal))
if (string.Equals(scope, OpenIddictConstants.Scopes.OfflineAccess, StringComparison.Ordinal) ||
string.Equals(scope, OpenIddictConstants.Scopes.OpenId, StringComparison.Ordinal))
{
continue;
}
@ -310,7 +310,7 @@ namespace OpenIddict.Server.Internal
"was not allowed to use the scope {Scope}.", context.ClientId, scope);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "This client application is not allowed to use the specified scope.");
return;
@ -385,7 +385,7 @@ namespace OpenIddict.Server.Internal
"or refresh token '{Identifier}' has already been redeemed.", identifier);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
error: OpenIddictConstants.Errors.InvalidGrant,
description: context.Request.IsAuthorizationCodeGrantType() ?
"The specified authorization code has already been redeemed." :
"The specified refresh token has already been redeemed.");
@ -399,7 +399,7 @@ namespace OpenIddict.Server.Internal
"or refresh token '{Identifier}' was no longer valid.", identifier);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
error: OpenIddictConstants.Errors.InvalidGrant,
description: context.Request.IsAuthorizationCodeGrantType() ?
"The specified authorization code is no longer valid." :
"The specified refresh token is no longer valid.");
@ -423,7 +423,7 @@ namespace OpenIddict.Server.Internal
"the associated authorization was no longer valid.");
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
error: OpenIddictConstants.Errors.InvalidGrant,
description: context.Request.IsAuthorizationCodeGrantType() ?
"The authorization associated with the authorization code is no longer valid." :
"The authorization associated with the refresh token is no longer valid.");

4
src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs
View File

@ -44,7 +44,7 @@ namespace OpenIddict.Server.Internal
{
Principal = ticket.Principal,
Status = OpenIddictConstants.Statuses.Valid,
Subject = ticket.Principal.GetClaim(OpenIdConnectConstants.Claims.Subject),
Subject = ticket.Principal.GetClaim(OpenIddictConstants.Claims.Subject),
Type = OpenIddictConstants.AuthorizationTypes.AdHoc
};
@ -133,7 +133,7 @@ namespace OpenIddict.Server.Internal
ExpirationDate = ticket.Properties.ExpiresUtc,
Principal = ticket.Principal,
Status = OpenIddictConstants.Statuses.Valid,
Subject = ticket.Principal.GetClaim(OpenIdConnectConstants.Claims.Subject),
Subject = ticket.Principal.GetClaim(OpenIddictConstants.Claims.Subject),
Type = type
};

10
src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs
View File

@ -41,7 +41,7 @@ namespace OpenIddict.Server.Internal
if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The mandatory 'client_id' and/or 'client_secret' parameters are missing.");
return;
@ -55,7 +55,7 @@ namespace OpenIddict.Server.Internal
"application was not found: '{ClientId}'.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
error: OpenIddictConstants.Errors.InvalidClient,
description: "The specified 'client_id' parameter is invalid.");
return;
@ -73,7 +73,7 @@ namespace OpenIddict.Server.Internal
"was not allowed to use the introspection endpoint.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.UnauthorizedClient,
error: OpenIddictConstants.Errors.UnauthorizedClient,
description: "This client application is not allowed to use the introspection endpoint.");
return;
@ -86,7 +86,7 @@ namespace OpenIddict.Server.Internal
"'{ClientId}' was not allowed to use this endpoint.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
error: OpenIddictConstants.Errors.InvalidClient,
description: "This client application is not allowed to use the introspection endpoint.");
return;
@ -99,7 +99,7 @@ namespace OpenIddict.Server.Internal
"'{ClientId}' didn't specify valid client credentials.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
error: OpenIddictConstants.Errors.InvalidClient,
description: "The specified client credentials are invalid.");
return;

20
src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs
View File

@ -43,7 +43,7 @@ namespace OpenIddict.Server.Internal
if (string.Equals(context.Request.TokenTypeHint, OpenIdConnectConstants.TokenTypeHints.IdToken))
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
error: OpenIddictConstants.Errors.UnsupportedTokenType,
description: "The specified 'token_type_hint' parameter is not supported.");
return;
@ -53,7 +53,7 @@ namespace OpenIddict.Server.Internal
string.Equals(context.Request.TokenTypeHint, OpenIdConnectConstants.TokenTypeHints.AccessToken))
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
error: OpenIddictConstants.Errors.UnsupportedTokenType,
description: "The specified 'token_type_hint' parameter is not supported.");
return;
@ -74,7 +74,7 @@ namespace OpenIddict.Server.Internal
"mandatory client_id parameter was missing or empty.");
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The mandatory 'client_id' parameter is missing.");
return;
@ -96,7 +96,7 @@ namespace OpenIddict.Server.Internal
"application was not found: '{ClientId}'.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
error: OpenIddictConstants.Errors.InvalidClient,
description: "The specified 'client_id' parameter is invalid.");
return;
@ -114,7 +114,7 @@ namespace OpenIddict.Server.Internal
"was not allowed to use the revocation endpoint.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.UnauthorizedClient,
error: OpenIddictConstants.Errors.UnauthorizedClient,
description: "This client application is not allowed to use the revocation endpoint.");
return;
@ -129,7 +129,7 @@ namespace OpenIddict.Server.Internal
"'{ClientId}' was not allowed to use this endpoint.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The 'client_secret' parameter is not valid for this client application.");
return;
@ -153,7 +153,7 @@ namespace OpenIddict.Server.Internal
"'{ClientId}' didn't specify a client secret.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
error: OpenIddictConstants.Errors.InvalidClient,
description: "The 'client_secret' parameter required for this client application is missing.");
return;
@ -165,7 +165,7 @@ namespace OpenIddict.Server.Internal
"'{ClientId}' didn't specify valid client credentials.", context.ClientId);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
error: OpenIddictConstants.Errors.InvalidClient,
description: "The specified client credentials are invalid.");
return;
@ -193,7 +193,7 @@ namespace OpenIddict.Server.Internal
logger.LogError("The revocation request was rejected because identity tokens are not revocable.");
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
error: OpenIddictConstants.Errors.UnsupportedTokenType,
description: "The specified token cannot be revoked.");
return;
@ -205,7 +205,7 @@ namespace OpenIddict.Server.Internal
logger.LogError("The revocation request was rejected because the access token was not revocable.");
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
error: OpenIddictConstants.Errors.UnsupportedTokenType,
description: "The specified token cannot be revoked.");
return;

12
src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs
View File

@ -45,7 +45,7 @@ namespace OpenIddict.Server.Internal
"request caching support was not enabled.");
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The 'request_id' parameter is not supported.");
return;
@ -62,7 +62,7 @@ namespace OpenIddict.Server.Internal
"or invalid request_id parameter was specified.");
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The specified 'request_id' parameter is invalid.");
return;
@ -104,7 +104,7 @@ namespace OpenIddict.Server.Internal
"a valid absolute URL: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The 'post_logout_redirect_uri' parameter must be a valid absolute URL.");
return;
@ -116,7 +116,7 @@ namespace OpenIddict.Server.Internal
"a URL fragment: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The 'post_logout_redirect_uri' parameter must not include a fragment.");
return;
@ -153,7 +153,7 @@ namespace OpenIddict.Server.Internal
"was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
error: OpenIddictConstants.Errors.InvalidRequest,
description: "The specified 'post_logout_redirect_uri' parameter is not valid.");
return;
@ -200,7 +200,7 @@ namespace OpenIddict.Server.Internal
var address = QueryHelpers.AddQueryString(
uri: context.HttpContext.Request.Scheme + "://" + context.HttpContext.Request.Host +
context.HttpContext.Request.PathBase + context.HttpContext.Request.Path,
name: OpenIdConnectConstants.Parameters.RequestId, value: context.Request.RequestId);
name: OpenIddictConstants.Parameters.RequestId, value: context.Request.RequestId);
context.HttpContext.Response.Redirect(address);

10
src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs
View File

@ -100,15 +100,15 @@ namespace OpenIddict.Server.Internal
// Always include the "openid" scope when the developer doesn't explicitly call SetScopes.
// Note: the application is allowed to specify a different "scopes": in this case,
// don't replace the "scopes" property stored in the authentication ticket.
if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OpenId) && !context.Ticket.HasScope())
if (context.Request.HasScope(OpenIddictConstants.Scopes.OpenId) && !context.Ticket.HasScope())
{
context.Ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId);
context.Ticket.SetScopes(OpenIddictConstants.Scopes.OpenId);
}
context.IncludeIdentityToken = context.Ticket.HasScope(OpenIdConnectConstants.Scopes.OpenId);
context.IncludeIdentityToken = context.Ticket.HasScope(OpenIddictConstants.Scopes.OpenId);
}
context.IncludeRefreshToken = context.Ticket.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess);
context.IncludeRefreshToken = context.Ticket.HasScope(OpenIddictConstants.Scopes.OfflineAccess);
// Always include a refresh token for grant_type=refresh_token requests if
// rolling tokens are enabled and if the offline_access scope was specified.
@ -133,7 +133,7 @@ namespace OpenIddict.Server.Internal
if (!await TryRedeemTokenAsync(token, context.HttpContext))
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
error: OpenIddictConstants.Errors.InvalidGrant,
description: context.Request.IsAuthorizationCodeGrantType() ?
"The specified authorization code is no longer valid." :
"The specified refresh token is no longer valid.");

12
src/OpenIddict.Server/OpenIddictServerBuilder.cs
View File

@ -13,13 +13,13 @@ using System.Linq;
using System.Reflection;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using AspNet.Security.OpenIdConnect.Primitives;
using JetBrains.Annotations;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Caching.Distributed;
using Microsoft.IdentityModel.Tokens;
using OpenIddict.Abstractions;
using OpenIddict.Extensions;
using OpenIddict.Server;
@ -361,7 +361,7 @@ namespace Microsoft.Extensions.DependencyInjection
/// </summary>
/// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
public OpenIddictServerBuilder AllowAuthorizationCodeFlow()
=> Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.AuthorizationCode));
=> Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.AuthorizationCode));
/// <summary>
/// Enables client credentials flow support. For more information about this
@ -369,7 +369,7 @@ namespace Microsoft.Extensions.DependencyInjection
/// </summary>
/// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
public OpenIddictServerBuilder AllowClientCredentialsFlow()
=> Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.ClientCredentials));
=> Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.ClientCredentials));
/// <summary>
/// Enables custom grant type support.
@ -394,7 +394,7 @@ namespace Microsoft.Extensions.DependencyInjection
/// </summary>
/// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
public OpenIddictServerBuilder AllowImplicitFlow()
=> Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.Implicit));
=> Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.Implicit));
/// <summary>
/// Enables password flow support. For more information about this specific
@ -402,7 +402,7 @@ namespace Microsoft.Extensions.DependencyInjection
/// </summary>
/// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
public OpenIddictServerBuilder AllowPasswordFlow()
=> Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.Password));
=> Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.Password));
/// <summary>
/// Enables refresh token flow support. For more information about this
@ -410,7 +410,7 @@ namespace Microsoft.Extensions.DependencyInjection
/// </summary>
/// <returns>The <see cref="OpenIddictServerBuilder"/>.</returns>
public OpenIddictServerBuilder AllowRefreshTokenFlow()
=> Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.RefreshToken));
=> Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.RefreshToken));
/// <summary>
/// Disables authorization storage so that ad-hoc authorizations are

20
src/OpenIddict.Server/OpenIddictServerExtensions.cs
View File

@ -7,7 +7,6 @@
using System;
using System.Linq;
using System.Text;
using AspNet.Security.OpenIdConnect.Primitives;
using AspNet.Security.OpenIdConnect.Server;
using JetBrains.Annotations;
using Microsoft.AspNetCore.Authentication;
@ -17,6 +16,7 @@ using Microsoft.Extensions.Caching.Distributed;
using Microsoft.Extensions.DependencyInjection.Extensions;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using OpenIddict.Abstractions;
using OpenIddict.Server;
using OpenIddict.Server.Internal;
@ -164,8 +164,8 @@ namespace Microsoft.Extensions.DependencyInjection
// Ensure the authorization endpoint has been enabled when
// the authorization code or implicit grants are supported.
if (!options.AuthorizationEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode) ||
options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit)))
if (!options.AuthorizationEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode) ||
options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit)))
{
throw new InvalidOperationException("The authorization endpoint must be enabled to use " +
"the authorization code and implicit flows.");
@ -173,10 +173,10 @@ namespace Microsoft.Extensions.DependencyInjection
// Ensure the token endpoint has been enabled when the authorization code,
// client credentials, password or refresh token grants are supported.
if (!options.TokenEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode) ||
options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.ClientCredentials) ||
options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Password) ||
options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken)))
if (!options.TokenEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode) ||
options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.ClientCredentials) ||
options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Password) ||
options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken)))
{
throw new InvalidOperationException(
"The token endpoint must be enabled to use the authorization code, client credentials, password and refresh token flows.");
@ -220,7 +220,7 @@ namespace Microsoft.Extensions.DependencyInjection
// Ensure at least one asymmetric signing certificate/key was registered if the implicit flow was enabled.
if (!options.SigningCredentials.Any(credentials => credentials.Key is AsymmetricSecurityKey) &&
options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit))
options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit))
{
throw new InvalidOperationException(new StringBuilder()
.AppendLine("At least one asymmetric signing key must be registered when enabling the implicit flow.")
@ -231,9 +231,9 @@ namespace Microsoft.Extensions.DependencyInjection
}
// Automatically add the offline_access scope if the refresh token grant has been enabled.
if (options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken))
if (options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken))
{
options.Scopes.Add(OpenIdConnectConstants.Scopes.OfflineAccess);
options.Scopes.Add(OpenIddictConstants.Scopes.OfflineAccess);
}
return app.UseOpenIdConnectServer(options);

16
src/OpenIddict.Server/OpenIddictServerOptions.cs
View File

@ -7,9 +7,9 @@
using System;
using System.Collections.Generic;
using System.Security.Cryptography;
using AspNet.Security.OpenIdConnect.Primitives;
using AspNet.Security.OpenIdConnect.Server;
using Microsoft.Extensions.Caching.Distributed;
using OpenIddict.Abstractions;
using OpenIddict.Server.Internal;
namespace OpenIddict.Server
@ -45,12 +45,12 @@ namespace OpenIddict.Server
/// </summary>
public ISet<string> Claims { get; } = new HashSet<string>(StringComparer.Ordinal)
{
OpenIdConnectConstants.Claims.Audience,
OpenIdConnectConstants.Claims.ExpiresAt,
OpenIdConnectConstants.Claims.IssuedAt,
OpenIdConnectConstants.Claims.Issuer,
OpenIdConnectConstants.Claims.JwtId,
OpenIdConnectConstants.Claims.Subject
OpenIddictConstants.Claims.Audience,
OpenIddictConstants.Claims.ExpiresAt,
OpenIddictConstants.Claims.IssuedAt,
OpenIddictConstants.Claims.Issuer,
OpenIddictConstants.Claims.JwtId,
OpenIddictConstants.Claims.Subject
};
/// <summary>
@ -127,7 +127,7 @@ namespace OpenIddict.Server
/// </summary>
public ISet<string> Scopes { get; } = new HashSet<string>(StringComparer.Ordinal)
{
OpenIdConnectConstants.Scopes.OpenId
OpenIddictConstants.Scopes.OpenId
};
/// <summary>

138
test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Authentication.cs
View File

@ -41,12 +41,12 @@ namespace OpenIddict.Server.Internal.Tests
Request = "eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOi8vd3d3LmZhYnJpa2FtLmNvbSIsImF1ZCI6Imh0" +
"dHA6Ly93d3cuY29udG9zby5jb20iLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNsaWVudF9pZCI6" +
"IkZhYnJpa2FtIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovL3d3dy5mYWJyaWthbS5jb20vcGF0aCJ9.",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code,
Scope = OpenIdConnectConstants.Scopes.OpenId
ResponseType = OpenIddictConstants.ResponseTypes.Code,
Scope = OpenIddictConstants.Scopes.OpenId
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.RequestNotSupported, response.Error);
Assert.Equal(OpenIddictConstants.Errors.RequestNotSupported, response.Error);
Assert.Equal("The 'request' parameter is not supported.", response.ErrorDescription);
}
@ -64,12 +64,12 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
RequestUri = "http://www.fabrikam.com/request/GkurKxf5T0Y-mnPFCHqWOMiZi4VS138cQO_V7PZHAdM",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code,
Scope = OpenIdConnectConstants.Scopes.OpenId
ResponseType = OpenIddictConstants.ResponseTypes.Code,
Scope = OpenIddictConstants.Scopes.OpenId
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.RequestUriNotSupported, response.Error);
Assert.Equal(OpenIddictConstants.Errors.RequestUriNotSupported, response.Error);
Assert.Equal("The 'request_uri' parameter is not supported.", response.ErrorDescription);
}
@ -88,7 +88,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The 'request_id' parameter is not supported.", response.ErrorDescription);
}
@ -112,7 +112,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified 'request_id' parameter is invalid.", response.ErrorDescription);
}
@ -129,11 +129,11 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.None
ResponseType = OpenIddictConstants.ResponseTypes.None
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnsupportedResponseType, response.Error);
Assert.Equal("The specified 'response_type' parameter is not supported.", response.ErrorDescription);
}
@ -154,21 +154,21 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnsupportedResponseType, response.Error);
Assert.Equal("The specified 'response_type' parameter is not supported.", response.ErrorDescription);
}
[Theory]
[InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code")]
[InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code id_token")]
[InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code id_token token")]
[InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code token")]
[InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "code id_token")]
[InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "code id_token token")]
[InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "code token")]
[InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "id_token")]
[InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "id_token token")]
[InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "token")]
[InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code")]
[InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code id_token")]
[InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code id_token token")]
[InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code token")]
[InlineData(OpenIddictConstants.GrantTypes.Implicit, "code id_token")]
[InlineData(OpenIddictConstants.GrantTypes.Implicit, "code id_token token")]
[InlineData(OpenIddictConstants.GrantTypes.Implicit, "code token")]
[InlineData(OpenIddictConstants.GrantTypes.Implicit, "id_token")]
[InlineData(OpenIddictConstants.GrantTypes.Implicit, "id_token token")]
[InlineData(OpenIddictConstants.GrantTypes.Implicit, "token")]
public async Task ValidateAuthorizationRequest_RequestIsRejectedWhenCorrespondingFlowIsDisabled(string flow, string type)
{
// Arrange
@ -186,11 +186,11 @@ namespace OpenIddict.Server.Internal.Tests
Nonce = "n-0S6_WzA2Mj",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = type,
Scope = OpenIdConnectConstants.Scopes.OpenId
Scope = OpenIddictConstants.Scopes.OpenId
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnsupportedResponseType, response.Error);
Assert.Equal("The specified 'response_type' parameter is not allowed.", response.ErrorDescription);
}
@ -216,12 +216,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code,
ResponseType = OpenIddictConstants.ResponseTypes.Code,
Scope = "unregistered_scope"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidScope, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidScope, response.Error);
Assert.Equal("The specified 'scope' parameter is not valid.", response.ErrorDescription);
}
@ -256,7 +256,7 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
Nonce = "n-0S6_WzA2Mj",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Token,
ResponseType = OpenIddictConstants.ResponseTypes.Token,
Scope = "registered_scope"
});
@ -313,7 +313,7 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
Nonce = "n-0S6_WzA2Mj",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Token,
ResponseType = OpenIddictConstants.ResponseTypes.Token,
Scope = "scope_registered_in_database scope_registered_in_options"
});
@ -330,7 +330,7 @@ namespace OpenIddict.Server.Internal.Tests
// Arrange
var server = CreateAuthorizationServer(builder =>
{
builder.Configure(options => options.GrantTypes.Remove(OpenIdConnectConstants.GrantTypes.RefreshToken));
builder.Configure(options => options.GrantTypes.Remove(OpenIddictConstants.GrantTypes.RefreshToken));
});
var client = new OpenIdConnectClient(server.CreateClient());
@ -340,12 +340,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code,
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
ResponseType = OpenIddictConstants.ResponseTypes.Code,
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The 'offline_access' scope is not allowed.", response.ErrorDescription);
}
@ -363,11 +363,11 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseMode = "unknown_response_mode",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code
ResponseType = OpenIddictConstants.ResponseTypes.Code
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified 'response_mode' parameter is not supported.", response.ErrorDescription);
}
@ -384,11 +384,11 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = null,
ResponseType = OpenIdConnectConstants.ResponseTypes.Code
ResponseType = OpenIddictConstants.ResponseTypes.Code
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The mandatory 'redirect_uri' parameter is missing.", response.ErrorDescription);
}
@ -407,11 +407,11 @@ namespace OpenIddict.Server.Internal.Tests
CodeChallenge = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM",
CodeChallengeMethod = null,
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code
ResponseType = OpenIddictConstants.ResponseTypes.Code
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The 'code_challenge_method' parameter must be specified.", response.ErrorDescription);
}
@ -430,11 +430,11 @@ namespace OpenIddict.Server.Internal.Tests
CodeChallenge = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM",
CodeChallengeMethod = OpenIdConnectConstants.CodeChallengeMethods.Plain,
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code
ResponseType = OpenIddictConstants.ResponseTypes.Code
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified 'code_challenge_method' parameter is not allowed.", response.ErrorDescription);
}
@ -457,11 +457,11 @@ namespace OpenIddict.Server.Internal.Tests
Nonce = "n-0S6_WzA2Mj",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = type,
Scope = OpenIdConnectConstants.Scopes.OpenId
Scope = OpenIddictConstants.Scopes.OpenId
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified 'response_type' parameter is not allowed when using PKCE.", response.ErrorDescription);
}
@ -487,11 +487,11 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code
ResponseType = OpenIddictConstants.ResponseTypes.Code
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -530,11 +530,11 @@ namespace OpenIddict.Server.Internal.Tests
Nonce = "n-0S6_WzA2Mj",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = type,
Scope = OpenIdConnectConstants.Scopes.OpenId
Scope = OpenIddictConstants.Scopes.OpenId
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal("The specified 'response_type' parameter is not valid for this client application.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -571,11 +571,11 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code
ResponseType = OpenIddictConstants.ResponseTypes.Code
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal("This client application is not allowed to use the authorization endpoint.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -646,11 +646,11 @@ namespace OpenIddict.Server.Internal.Tests
Nonce = "n-0S6_WzA2Mj",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = type,
Scope = OpenIdConnectConstants.Scopes.OpenId
Scope = OpenIddictConstants.Scopes.OpenId
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal(description, response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -691,12 +691,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code,
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
ResponseType = OpenIddictConstants.ResponseTypes.Code,
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The client application is not allowed to use the 'offline_access' scope.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application,
@ -730,11 +730,11 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code
ResponseType = OpenIddictConstants.ResponseTypes.Code
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified 'redirect_uri' parameter is not valid for this client application.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -757,19 +757,19 @@ namespace OpenIddict.Server.Internal.Tests
instance.Setup(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.Profile, It.IsAny<CancellationToken>()))
OpenIddictConstants.Scopes.Profile, It.IsAny<CancellationToken>()))
.ReturnsAsync(true);
instance.Setup(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.Email, It.IsAny<CancellationToken>()))
OpenIddictConstants.Scopes.Email, It.IsAny<CancellationToken>()))
.ReturnsAsync(false);
});
var server = CreateAuthorizationServer(builder =>
{
builder.Services.AddSingleton(manager);
builder.RegisterScopes(OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile);
builder.RegisterScopes(OpenIddictConstants.Scopes.Email, OpenIddictConstants.Scopes.Profile);
builder.Configure(options => options.IgnoreScopePermissions = false);
});
@ -780,26 +780,26 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code,
ResponseType = OpenIddictConstants.ResponseTypes.Code,
Scope = "openid offline_access profile email"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("This client application is not allowed to use the specified scope.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.OpenId, It.IsAny<CancellationToken>()), Times.Never());
OpenIddictConstants.Scopes.OpenId, It.IsAny<CancellationToken>()), Times.Never());
Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.OfflineAccess, It.IsAny<CancellationToken>()), Times.Never());
OpenIddictConstants.Scopes.OfflineAccess, It.IsAny<CancellationToken>()), Times.Never());
Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.Profile, It.IsAny<CancellationToken>()), Times.Once());
OpenIddictConstants.Scopes.Profile, It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.Email, It.IsAny<CancellationToken>()), Times.Once());
OpenIddictConstants.Scopes.Email, It.IsAny<CancellationToken>()), Times.Once());
}
[Fact]
@ -845,10 +845,10 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Token
ResponseType = OpenIddictConstants.ResponseTypes.Token
});
var identifier = (string) response[OpenIdConnectConstants.Parameters.RequestId];
var identifier = (string) response[OpenIddictConstants.Parameters.RequestId];
// Assert
Assert.Single(response.GetParameters());
@ -915,7 +915,7 @@ namespace OpenIddict.Server.Internal.Tests
Nonce = "n-0S6_WzA2Mj",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = type,
Scope = OpenIdConnectConstants.Scopes.OpenId
Scope = OpenIddictConstants.Scopes.OpenId
});
// Assert
@ -932,7 +932,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Token
ResponseType = OpenIddictConstants.ResponseTypes.Token
};
var stream = new MemoryStream();
@ -1006,7 +1006,7 @@ namespace OpenIddict.Server.Internal.Tests
var response = await client.SendAsync(HttpMethod.Put, AuthorizationEndpoint, new OpenIdConnectRequest());
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified HTTP method is not valid.", response.ErrorDescription);
}
@ -1030,7 +1030,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, (string) response["error_custom"]);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, (string) response["error_custom"]);
}
}
}

33
test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Discovery.cs
View File

@ -9,6 +9,7 @@ using System.Threading.Tasks;
using AspNet.Security.OpenIdConnect.Client;
using AspNet.Security.OpenIdConnect.Primitives;
using Newtonsoft.Json.Linq;
using OpenIddict.Abstractions;
using Xunit;
namespace OpenIddict.Server.Internal.Tests
@ -33,11 +34,11 @@ namespace OpenIddict.Server.Internal.Tests
}
[Theory]
[InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)]
[InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)]
[InlineData(OpenIdConnectConstants.GrantTypes.Implicit)]
[InlineData(OpenIdConnectConstants.GrantTypes.Password)]
[InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)]
[InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)]
[InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)]
[InlineData(OpenIddictConstants.GrantTypes.Implicit)]
[InlineData(OpenIddictConstants.GrantTypes.Password)]
[InlineData(OpenIddictConstants.GrantTypes.RefreshToken)]
public async Task HandleConfigurationRequest_EnabledFlowsAreReturned(string flow)
{
// Arrange
@ -69,7 +70,7 @@ namespace OpenIddict.Server.Internal.Tests
{
builder.Configure(options =>
{
options.GrantTypes.Remove(OpenIdConnectConstants.GrantTypes.RefreshToken);
options.GrantTypes.Remove(OpenIddictConstants.GrantTypes.RefreshToken);
options.Scopes.Clear();
});
});
@ -84,7 +85,7 @@ namespace OpenIddict.Server.Internal.Tests
}
[Theory]
[InlineData(OpenIdConnectConstants.Scopes.OpenId)]
[InlineData(OpenIddictConstants.Scopes.OpenId)]
public async Task HandleConfigurationRequest_DefaultScopesAreReturned(string scope)
{
// Arrange
@ -133,7 +134,7 @@ namespace OpenIddict.Server.Internal.Tests
var response = await client.GetAsync(ConfigurationEndpoint);
// Assert
Assert.Contains(OpenIdConnectConstants.Scopes.OfflineAccess,
Assert.Contains(OpenIddictConstants.Scopes.OfflineAccess,
((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values<string>());
}
@ -147,7 +148,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Note: at least one flow must be enabled.
options.GrantTypes.Clear();
options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.AuthorizationCode);
options.GrantTypes.Add(OpenIddictConstants.GrantTypes.AuthorizationCode);
});
});
@ -157,7 +158,7 @@ namespace OpenIddict.Server.Internal.Tests
var response = await client.GetAsync(ConfigurationEndpoint);
// Assert
Assert.DoesNotContain(OpenIdConnectConstants.Scopes.OfflineAccess,
Assert.DoesNotContain(OpenIddictConstants.Scopes.OfflineAccess,
((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values<string>());
}
@ -193,12 +194,12 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Equal(6, claims.Length);
Assert.Contains(OpenIdConnectConstants.Claims.Audience, claims);
Assert.Contains(OpenIdConnectConstants.Claims.ExpiresAt, claims);
Assert.Contains(OpenIdConnectConstants.Claims.IssuedAt, claims);
Assert.Contains(OpenIdConnectConstants.Claims.Issuer, claims);
Assert.Contains(OpenIdConnectConstants.Claims.JwtId, claims);
Assert.Contains(OpenIdConnectConstants.Claims.Subject, claims);
Assert.Contains(OpenIddictConstants.Claims.Audience, claims);
Assert.Contains(OpenIddictConstants.Claims.ExpiresAt, claims);
Assert.Contains(OpenIddictConstants.Claims.IssuedAt, claims);
Assert.Contains(OpenIddictConstants.Claims.Issuer, claims);
Assert.Contains(OpenIddictConstants.Claims.JwtId, claims);
Assert.Contains(OpenIddictConstants.Claims.Subject, claims);
}
[Fact]

178
test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs
View File

@ -25,10 +25,10 @@ namespace OpenIddict.Server.Internal.Tests
public partial class OpenIddictServerProviderTests
{
[Theory]
[InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)]
[InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)]
[InlineData(OpenIdConnectConstants.GrantTypes.Password)]
[InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)]
[InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)]
[InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)]
[InlineData(OpenIddictConstants.GrantTypes.Password)]
[InlineData(OpenIddictConstants.GrantTypes.RefreshToken)]
public async Task ValidateTokenRequest_RequestIsRejectedWhenFlowIsNotEnabled(string flow)
{
// Arrange
@ -50,7 +50,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedGrantType, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnsupportedGrantType, response.Error);
Assert.Equal("The specified 'grant_type' parameter is not supported.", response.ErrorDescription);
}
@ -60,7 +60,7 @@ namespace OpenIddict.Server.Internal.Tests
// Arrange
var server = CreateAuthorizationServer(builder =>
{
builder.Configure(options => options.GrantTypes.Remove(OpenIdConnectConstants.GrantTypes.RefreshToken));
builder.Configure(options => options.GrantTypes.Remove(OpenIddictConstants.GrantTypes.RefreshToken));
});
var client = new OpenIdConnectClient(server.CreateClient());
@ -68,14 +68,14 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The 'offline_access' scope is not allowed.", response.ErrorDescription);
}
@ -92,12 +92,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = null
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The mandatory 'redirect_uri' parameter is missing.", response.ErrorDescription);
}
@ -121,14 +121,14 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = "unregistered_scope"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidScope, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidScope, response.Error);
Assert.Equal("The specified 'scope' parameter is not valid.", response.ErrorDescription);
}
@ -146,7 +146,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = "registered_scope"
@ -188,7 +188,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = "scope_registered_in_database scope_registered_in_options"
@ -212,12 +212,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.ClientCredentials,
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
GrantType = OpenIddictConstants.GrantTypes.ClientCredentials,
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The 'offline_access' scope is not valid for the specified 'grant_type' parameter.", response.ErrorDescription);
}
@ -236,11 +236,11 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = identifier,
ClientSecret = secret,
GrantType = OpenIdConnectConstants.GrantTypes.ClientCredentials
GrantType = OpenIddictConstants.GrantTypes.ClientCredentials
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The 'client_id' and 'client_secret' parameters are " +
"required when using the client credentials grant.", response.ErrorDescription);
}
@ -260,13 +260,13 @@ namespace OpenIddict.Server.Internal.Tests
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
ClientId = null,
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The mandatory 'client_id' parameter is missing.", response.ErrorDescription);
}
@ -291,13 +291,13 @@ namespace OpenIddict.Server.Internal.Tests
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
ClientId = "Fabrikam",
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error);
Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -332,13 +332,13 @@ namespace OpenIddict.Server.Internal.Tests
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
ClientId = "Fabrikam",
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal("This client application is not allowed to use the token endpoint.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -375,13 +375,13 @@ namespace OpenIddict.Server.Internal.Tests
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
ClientId = "Fabrikam",
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal("This client application is not allowed to use the specified grant type.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -422,14 +422,14 @@ namespace OpenIddict.Server.Internal.Tests
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
ClientId = "Fabrikam",
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The client application is not allowed to use the 'offline_access' scope.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application,
@ -463,11 +463,11 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
GrantType = OpenIdConnectConstants.GrantTypes.ClientCredentials
GrantType = OpenIddictConstants.GrantTypes.ClientCredentials
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal("The specified 'grant_type' parameter is not valid for this client application.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -501,13 +501,13 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The 'client_secret' parameter is not valid for this client application.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -541,13 +541,13 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
ClientSecret = null,
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error);
Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -581,13 +581,13 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
ClientSecret = null,
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error);
Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -624,13 +624,13 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error);
Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -657,12 +657,12 @@ namespace OpenIddict.Server.Internal.Tests
instance.Setup(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.Profile, It.IsAny<CancellationToken>()))
OpenIddictConstants.Scopes.Profile, It.IsAny<CancellationToken>()))
.ReturnsAsync(true);
instance.Setup(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.Email, It.IsAny<CancellationToken>()))
OpenIddictConstants.Scopes.Email, It.IsAny<CancellationToken>()))
.ReturnsAsync(false);
instance.Setup(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny<CancellationToken>()))
@ -672,7 +672,7 @@ namespace OpenIddict.Server.Internal.Tests
var server = CreateAuthorizationServer(builder =>
{
builder.Services.AddSingleton(manager);
builder.RegisterScopes(OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile);
builder.RegisterScopes(OpenIddictConstants.Scopes.Email, OpenIddictConstants.Scopes.Profile);
builder.Configure(options => options.IgnoreScopePermissions = false);
});
@ -683,28 +683,28 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = "openid offline_access profile email"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("This client application is not allowed to use the specified scope.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.OpenId, It.IsAny<CancellationToken>()), Times.Never());
OpenIddictConstants.Scopes.OpenId, It.IsAny<CancellationToken>()), Times.Never());
Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.OfflineAccess, It.IsAny<CancellationToken>()), Times.Never());
OpenIddictConstants.Scopes.OfflineAccess, It.IsAny<CancellationToken>()), Times.Never());
Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.Profile, It.IsAny<CancellationToken>()), Times.Once());
OpenIddictConstants.Scopes.Profile, It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.Scope +
OpenIdConnectConstants.Scopes.Email, It.IsAny<CancellationToken>()), Times.Once());
OpenIddictConstants.Scopes.Email, It.IsAny<CancellationToken>()), Times.Once());
}
[Fact]
@ -752,7 +752,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
@ -802,7 +802,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
@ -859,12 +859,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny<CancellationToken>()), Times.Once());
@ -916,12 +916,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny<CancellationToken>()), Times.Once());
@ -984,12 +984,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code has already been redeemed.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny<CancellationToken>()), Times.Once());
@ -1050,12 +1050,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token has already been redeemed.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny<CancellationToken>()), Times.Once());
@ -1134,12 +1134,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code has already been redeemed.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny<CancellationToken>()), Times.Once());
@ -1215,12 +1215,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token has already been redeemed.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny<CancellationToken>()), Times.Once());
@ -1308,12 +1308,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code has already been redeemed.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny<CancellationToken>()), Times.Once());
@ -1401,12 +1401,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token has already been redeemed.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny<CancellationToken>()), Times.Once());
@ -1476,12 +1476,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code is no longer valid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny<CancellationToken>()), Times.Once());
@ -1546,12 +1546,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token is no longer valid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny<CancellationToken>()), Times.Once());
@ -1629,7 +1629,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
@ -1712,7 +1712,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
@ -1791,12 +1791,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The authorization associated with the authorization code is no longer valid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny<CancellationToken>()), Times.Once());
@ -1876,12 +1876,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The authorization associated with the authorization code is no longer valid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny<CancellationToken>()), Times.Once());
@ -1955,12 +1955,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The authorization associated with the refresh token is no longer valid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny<CancellationToken>()), Times.Once());
@ -2038,12 +2038,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The authorization associated with the refresh token is no longer valid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny<CancellationToken>()), Times.Once());
@ -2051,16 +2051,16 @@ namespace OpenIddict.Server.Internal.Tests
}
[Theory]
[InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)]
[InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)]
[InlineData(OpenIdConnectConstants.GrantTypes.Password)]
[InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)]
[InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)]
[InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)]
[InlineData(OpenIddictConstants.GrantTypes.Password)]
[InlineData(OpenIddictConstants.GrantTypes.RefreshToken)]
[InlineData("urn:ietf:params:oauth:grant-type:custom_grant")]
public async Task HandleTokenRequest_RequestsAreNotHandledLocally(string flow)
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -2071,12 +2071,12 @@ namespace OpenIddict.Server.Internal.Tests
switch (flow)
{
case OpenIdConnectConstants.GrantTypes.AuthorizationCode:
case OpenIddictConstants.GrantTypes.AuthorizationCode:
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
ticket.SetPresenters("Fabrikam");
break;
case OpenIdConnectConstants.GrantTypes.RefreshToken:
case OpenIddictConstants.GrantTypes.RefreshToken:
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
break;
}

42
test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs
View File

@ -40,7 +40,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The mandatory 'client_id' and/or 'client_secret' parameters are missing.", response.ErrorDescription);
}
@ -70,7 +70,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error);
Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -110,7 +110,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal("This client application is not allowed to use the introspection endpoint.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -149,7 +149,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error);
Assert.Equal("This client application is not allowed to use the introspection endpoint.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -190,7 +190,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error);
Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -206,7 +206,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -252,7 +252,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
}
[Fact]
@ -260,7 +260,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -306,7 +306,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
}
[Fact]
@ -314,7 +314,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -361,7 +361,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
}
[Fact]
@ -369,7 +369,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var manager = CreateTokenManager(instance =>
{
@ -410,7 +410,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI", It.IsAny<CancellationToken>()), Times.Once());
@ -421,7 +421,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -502,7 +502,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny<CancellationToken>()), Times.Never());
}
@ -512,7 +512,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -592,7 +592,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny<CancellationToken>()), Times.Once());
}
@ -602,7 +602,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -687,7 +687,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.IsValidAsync(authorization, It.IsAny<CancellationToken>()), Times.Once());
@ -698,7 +698,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -769,7 +769,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.IsValidAsync(token, It.IsAny<CancellationToken>()), Times.Once());

22
test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs
View File

@ -43,7 +43,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnsupportedTokenType, response.Error);
Assert.Equal("The specified 'token_type_hint' parameter is not supported.", response.ErrorDescription);
}
@ -66,7 +66,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The mandatory 'client_id' parameter is missing.", response.ErrorDescription);
}
@ -96,7 +96,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error);
Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -137,7 +137,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal("This client application is not allowed to use the revocation endpoint.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -177,7 +177,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The 'client_secret' parameter is not valid for this client application.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -216,7 +216,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error);
Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -255,7 +255,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error);
Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -297,7 +297,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error);
Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
@ -336,7 +336,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnsupportedTokenType, response.Error);
Assert.Equal("The specified token cannot be revoked.", response.ErrorDescription);
format.Verify(mock => mock.Unprotect("SlAV32hkKG"), Times.Once());
@ -351,7 +351,7 @@ namespace OpenIddict.Server.Internal.Tests
mock.ValidTo == DateTime.UtcNow.AddDays(1));
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.TokenUsage, OpenIdConnectConstants.TokenUsages.IdToken);
identity.AddClaim(OpenIddictConstants.Claims.TokenUsage, OpenIdConnectConstants.TokenUsages.IdToken);
var handler = new Mock<JwtSecurityTokenHandler>();
@ -376,7 +376,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error);
Assert.Equal(OpenIddictConstants.Errors.UnsupportedTokenType, response.Error);
Assert.Equal("The specified token cannot be revoked.", response.ErrorDescription);
handler.As<ISecurityTokenValidator>()

148
test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs
View File

@ -67,7 +67,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Never());
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny<CancellationToken>()), Times.Never());
@ -78,7 +78,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -138,7 +138,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.True((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.True((bool) response[OpenIddictConstants.Claims.Active]);
format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Once());
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync(It.IsAny<string>(), It.IsAny<CancellationToken>()), Times.Never());
@ -193,7 +193,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny<CancellationToken>()), Times.AtLeastOnce());
@ -251,7 +251,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny<CancellationToken>()), Times.AtLeastOnce());
@ -316,7 +316,7 @@ namespace OpenIddict.Server.Internal.Tests
// Assert
Assert.Single(response.GetParameters());
Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.False((bool) response[OpenIddictConstants.Claims.Active]);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny<CancellationToken>()), Times.AtLeastOnce());
@ -328,7 +328,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -411,10 +411,10 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.True((bool) response[OpenIdConnectConstants.Claims.Active]);
Assert.Equal("070AAEDE-38BF-41BE-870C-4E5A73E54566", response[OpenIdConnectConstants.Claims.JwtId]);
Assert.Equal(1483228800, (long) response[OpenIdConnectConstants.Claims.IssuedAt]);
Assert.Equal(1484006400, (long) response[OpenIdConnectConstants.Claims.ExpiresAt]);
Assert.True((bool) response[OpenIddictConstants.Claims.Active]);
Assert.Equal("070AAEDE-38BF-41BE-870C-4E5A73E54566", response[OpenIddictConstants.Claims.JwtId]);
Assert.Equal(1483228800, (long) response[OpenIddictConstants.Claims.IssuedAt]);
Assert.Equal(1484006400, (long) response[OpenIddictConstants.Claims.ExpiresAt]);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny<CancellationToken>()), Times.Once());
@ -459,12 +459,12 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
Code = "2YotnFZFEjr1zCsicMWpAA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription);
format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Never());
@ -476,7 +476,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -534,7 +534,7 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
Code = "2YotnFZFEjr1zCsicMWpAA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
@ -589,12 +589,12 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny<CancellationToken>()), Times.Once());
@ -648,12 +648,12 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny<CancellationToken>()), Times.Once());
@ -714,12 +714,12 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny<CancellationToken>()), Times.Once());
@ -732,7 +732,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -809,7 +809,7 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
@ -826,7 +826,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -865,12 +865,12 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
Code = "2YotnFZFEjr1zCsicMWpAA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription);
}
@ -910,12 +910,12 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
Code = "2YotnFZFEjr1zCsicMWpAA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription);
format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Once());
@ -926,7 +926,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -996,7 +996,7 @@ namespace OpenIddict.Server.Internal.Tests
ClientId = "Fabrikam",
ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
Code = "2YotnFZFEjr1zCsicMWpAA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
@ -1042,12 +1042,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "2YotnFZFEjr1zCsicMWpAA"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription);
format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Never());
@ -1059,7 +1059,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -1099,7 +1099,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "2YotnFZFEjr1zCsicMWpAA"
});
@ -1137,12 +1137,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny<CancellationToken>()), Times.Once());
@ -1179,12 +1179,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny<CancellationToken>()), Times.Once());
@ -1228,12 +1228,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny<CancellationToken>()), Times.Once());
@ -1246,7 +1246,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -1304,7 +1304,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ"
});
@ -1321,7 +1321,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -1343,12 +1343,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "2YotnFZFEjr1zCsicMWpAA"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription);
}
@ -1371,12 +1371,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "2YotnFZFEjr1zCsicMWpAA"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription);
format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Once());
@ -1387,7 +1387,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -1439,7 +1439,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "2YotnFZFEjr1zCsicMWpAA"
});
@ -1466,10 +1466,10 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
@ -1519,10 +1519,10 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
@ -1584,10 +1584,10 @@ namespace OpenIddict.Server.Internal.Tests
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
ClientId = "Fabrikam",
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
@ -1634,10 +1634,10 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess,
Scope = OpenIddictConstants.Scopes.OfflineAccess,
["attach-authorization"] = true
});
@ -1689,7 +1689,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code
ResponseType = OpenIddictConstants.ResponseTypes.Code
});
// Assert
@ -1751,7 +1751,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code
ResponseType = OpenIddictConstants.ResponseTypes.Code
});
// Assert
@ -1824,7 +1824,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code
ResponseType = OpenIddictConstants.ResponseTypes.Code
});
// Assert
@ -1888,7 +1888,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code
ResponseType = OpenIddictConstants.ResponseTypes.Code
});
// Assert
@ -1952,7 +1952,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code,
ResponseType = OpenIddictConstants.ResponseTypes.Code,
["attach-authorization"] = true
});
@ -1978,7 +1978,7 @@ namespace OpenIddict.Server.Internal.Tests
OpenIddictServerDefaults.AuthenticationScheme);
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -2026,7 +2026,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
@ -2059,10 +2059,10 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
@ -2105,10 +2105,10 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
@ -2162,10 +2162,10 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
@ -2225,10 +2225,10 @@ namespace OpenIddict.Server.Internal.Tests
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
ClientId = "Fabrikam",
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess
Scope = OpenIddictConstants.Scopes.OfflineAccess
});
// Assert
@ -2273,10 +2273,10 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess,
Scope = OpenIddictConstants.Scopes.OfflineAccess,
["attach-authorization"] = true
});

14
test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs
View File

@ -37,7 +37,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The 'request_id' parameter is not supported.", response.ErrorDescription);
}
@ -61,7 +61,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified 'request_id' parameter is invalid.", response.ErrorDescription);
}
@ -84,7 +84,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(message, response.ErrorDescription);
}
@ -112,7 +112,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified 'post_logout_redirect_uri' parameter is not valid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByPostLogoutRedirectUriAsync("http://www.fabrikam.com/path", It.IsAny<CancellationToken>()), Times.Once());
@ -154,7 +154,7 @@ namespace OpenIddict.Server.Internal.Tests
PostLogoutRedirectUri = "http://www.fabrikam.com/path"
});
var identifier = (string) response[OpenIdConnectConstants.Parameters.RequestId];
var identifier = (string) response[OpenIddictConstants.Parameters.RequestId];
// Assert
Assert.Single(response.GetParameters());
@ -215,7 +215,7 @@ namespace OpenIddict.Server.Internal.Tests
var response = await client.SendAsync(HttpMethod.Put, LogoutEndpoint, new OpenIdConnectRequest());
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified HTTP method is not valid.", response.ErrorDescription);
}
@ -243,7 +243,7 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, (string) response["error_custom"]);
Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, (string) response["error_custom"]);
}
}
}

5
test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Userinfo.cs
View File

@ -7,6 +7,7 @@
using System.Threading.Tasks;
using AspNet.Security.OpenIdConnect.Client;
using AspNet.Security.OpenIdConnect.Primitives;
using OpenIddict.Abstractions;
using Xunit;
namespace OpenIddict.Server.Internal.Tests
@ -27,8 +28,8 @@ namespace OpenIddict.Server.Internal.Tests
});
// Assert
Assert.Equal("SlAV32hkKG", (string) response[OpenIdConnectConstants.Parameters.AccessToken]);
Assert.Equal("Bob le Bricoleur", (string) response[OpenIdConnectConstants.Claims.Subject]);
Assert.Equal("SlAV32hkKG", (string) response[OpenIddictConstants.Parameters.AccessToken]);
Assert.Equal("Bob le Bricoleur", (string) response[OpenIddictConstants.Claims.Subject]);
}
}
}

104
test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs
View File

@ -74,7 +74,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code,
ResponseType = OpenIddictConstants.ResponseTypes.Code,
["attach-public-parameters"] = true,
["deny-authorization"] = true
});
@ -98,10 +98,10 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess,
Scope = OpenIddictConstants.Scopes.OfflineAccess,
["attach-public-parameters"] = true,
["deny-authorization"] = true
});
@ -129,7 +129,7 @@ namespace OpenIddict.Server.Internal.Tests
{
return client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
["use-null-authentication-type"] = true
@ -148,7 +148,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -157,7 +157,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
ticket.SetProperty("custom_property_in_original_ticket", "original_value");
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -199,7 +199,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8",
["do-not-flow-original-properties"] = true
});
@ -219,7 +219,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -229,7 +229,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetPresenters("Fabrikam");
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -280,7 +280,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
@ -293,7 +293,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -302,7 +302,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -343,7 +343,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
@ -356,7 +356,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -365,7 +365,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -401,7 +401,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
@ -414,7 +414,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -469,7 +469,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
@ -483,7 +483,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -541,12 +541,12 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
Code = "SplxlOBeZQQYbYS6WxSbIA",
GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode,
GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode,
RedirectUri = "http://www.fabrikam.com/path"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified authorization code is no longer valid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny<CancellationToken>()), Times.Once());
@ -558,7 +558,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -567,7 +567,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -608,7 +608,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
@ -624,7 +624,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -633,7 +633,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -677,12 +677,12 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error);
Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error);
Assert.Equal("The specified refresh token is no longer valid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny<CancellationToken>()), Times.Once());
@ -694,7 +694,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -703,7 +703,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -736,7 +736,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
@ -752,7 +752,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -761,7 +761,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -828,7 +828,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
@ -846,7 +846,7 @@ namespace OpenIddict.Server.Internal.Tests
{
// Arrange
var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme);
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
@ -855,7 +855,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0");
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -915,7 +915,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
@ -940,7 +940,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -985,7 +985,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
@ -1008,7 +1008,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -1052,7 +1052,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
@ -1075,7 +1075,7 @@ namespace OpenIddict.Server.Internal.Tests
ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103");
ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken);
ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess);
ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
@ -1123,7 +1123,7 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken,
GrantType = OpenIddictConstants.GrantTypes.RefreshToken,
RefreshToken = "8xLOxBtZp8"
});
@ -1185,7 +1185,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code,
ResponseType = OpenIddictConstants.ResponseTypes.Code,
});
// Assert
@ -1251,7 +1251,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code,
ResponseType = OpenIddictConstants.ResponseTypes.Code,
});
// Assert
@ -1288,7 +1288,7 @@ namespace OpenIddict.Server.Internal.Tests
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = OpenIdConnectConstants.ResponseTypes.Code,
ResponseType = OpenIddictConstants.ResponseTypes.Code,
["attach-public-parameters"] = true
});
@ -1311,10 +1311,10 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess,
Scope = OpenIddictConstants.Scopes.OfflineAccess,
["attach-public-parameters"] = true
});
@ -1345,10 +1345,10 @@ namespace OpenIddict.Server.Internal.Tests
// Act
var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest
{
GrantType = OpenIdConnectConstants.GrantTypes.Password,
GrantType = OpenIddictConstants.GrantTypes.Password,
Username = "johndoe",
Password = "A3ddj3w",
Scope = OpenIdConnectConstants.Scopes.OfflineAccess,
Scope = OpenIddictConstants.Scopes.OfflineAccess,
["attach-public-parameters"] = true
});
@ -1474,7 +1474,7 @@ namespace OpenIddict.Server.Internal.Tests
return context.HttpContext.Response.WriteAsync(JsonConvert.SerializeObject(new
{
error_custom = OpenIdConnectConstants.Errors.InvalidRequest
error_custom = OpenIddictConstants.Errors.InvalidRequest
}));
});
@ -1504,7 +1504,7 @@ namespace OpenIddict.Server.Internal.Tests
new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme) :
new ClaimsIdentity();
identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Magnifique");
identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Magnifique");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),

12
test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs
View File

@ -8,7 +8,6 @@ using System;
using System.IdentityModel.Tokens.Jwt;
using System.Reflection;
using System.Threading.Tasks;
using AspNet.Security.OpenIdConnect.Primitives;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Caching.Distributed;
@ -16,6 +15,7 @@ using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;
using Moq;
using OpenIddict.Abstractions;
using Xunit;
using static OpenIddict.Server.OpenIddictServerEvents;
@ -252,7 +252,7 @@ namespace OpenIddict.Server.Tests
var options = GetOptions(services);
// Assert
Assert.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode, options.GrantTypes);
Assert.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode, options.GrantTypes);
}
[Fact]
@ -270,7 +270,7 @@ namespace OpenIddict.Server.Tests
var options = GetOptions(services);
// Assert
Assert.Contains(OpenIdConnectConstants.GrantTypes.ClientCredentials, options.GrantTypes);
Assert.Contains(OpenIddictConstants.GrantTypes.ClientCredentials, options.GrantTypes);
}
[Fact]
@ -306,7 +306,7 @@ namespace OpenIddict.Server.Tests
var options = GetOptions(services);
// Assert
Assert.Contains(OpenIdConnectConstants.GrantTypes.Implicit, options.GrantTypes);
Assert.Contains(OpenIddictConstants.GrantTypes.Implicit, options.GrantTypes);
}
[Fact]
@ -324,7 +324,7 @@ namespace OpenIddict.Server.Tests
var options = GetOptions(services);
// Assert
Assert.Contains(OpenIdConnectConstants.GrantTypes.Password, options.GrantTypes);
Assert.Contains(OpenIddictConstants.GrantTypes.Password, options.GrantTypes);
}
[Fact]
@ -342,7 +342,7 @@ namespace OpenIddict.Server.Tests
var options = GetOptions(services);
// Assert
Assert.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken, options.GrantTypes);
Assert.Contains(OpenIddictConstants.GrantTypes.RefreshToken, options.GrantTypes);
}
[Fact]

15
test/OpenIddict.Server.Tests/OpenIddictServerExtensionsTests.cs
View File

@ -7,7 +7,6 @@
using System;
using System.Reflection;
using System.Text;
using AspNet.Security.OpenIdConnect.Primitives;
using AspNet.Security.OpenIdConnect.Server;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Builder.Internal;
@ -18,7 +17,7 @@ using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Moq;
using OpenIddict.Server.Internal;
using OpenIddict.Abstractions;
using OpenIddict.Server.Internal.Tests;
using Xunit;
@ -207,8 +206,8 @@ namespace OpenIddict.Server.Tests
}
[Theory]
[InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)]
[InlineData(OpenIdConnectConstants.GrantTypes.Implicit)]
[InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)]
[InlineData(OpenIddictConstants.GrantTypes.Implicit)]
public void UseOpenIddictServer_ThrowsAnExceptionWhenAuthorizationEndpointIsDisabled(string flow)
{
// Arrange
@ -237,10 +236,10 @@ namespace OpenIddict.Server.Tests
}
[Theory]
[InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)]
[InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)]
[InlineData(OpenIdConnectConstants.GrantTypes.Password)]
[InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)]
[InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)]
[InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)]
[InlineData(OpenIddictConstants.GrantTypes.Password)]
[InlineData(OpenIddictConstants.GrantTypes.RefreshToken)]
public void UseOpenIddictServer_ThrowsAnExceptionWhenTokenEndpointIsDisabled(string flow)
{
// Arrange

Write Preview
Loading…
Cancel
Save