diff --git a/samples/Mvc.Server/Controllers/UserinfoController.cs b/samples/Mvc.Server/Controllers/UserinfoController.cs index 1abb6635..7019c71a 100644 --- a/samples/Mvc.Server/Controllers/UserinfoController.cs +++ b/samples/Mvc.Server/Controllers/UserinfoController.cs @@ -31,7 +31,7 @@ namespace Mvc.Server.Controllers { return BadRequest(new OpenIdConnectResponse { - Error = OpenIdConnectConstants.Errors.InvalidGrant, + Error = OpenIddictConstants.Errors.InvalidGrant, ErrorDescription = "The user profile is no longer available." }); } @@ -39,21 +39,21 @@ namespace Mvc.Server.Controllers var claims = new JObject(); // Note: the "sub" claim is a mandatory claim and must be included in the JSON response. - claims[OpenIdConnectConstants.Claims.Subject] = await _userManager.GetUserIdAsync(user); + claims[OpenIddictConstants.Claims.Subject] = await _userManager.GetUserIdAsync(user); - if (User.HasClaim(OpenIdConnectConstants.Claims.Scope, OpenIdConnectConstants.Scopes.Email)) + if (User.HasClaim(OpenIddictConstants.Claims.Scope, OpenIddictConstants.Scopes.Email)) { - claims[OpenIdConnectConstants.Claims.Email] = await _userManager.GetEmailAsync(user); - claims[OpenIdConnectConstants.Claims.EmailVerified] = await _userManager.IsEmailConfirmedAsync(user); + claims[OpenIddictConstants.Claims.Email] = await _userManager.GetEmailAsync(user); + claims[OpenIddictConstants.Claims.EmailVerified] = await _userManager.IsEmailConfirmedAsync(user); } - if (User.HasClaim(OpenIdConnectConstants.Claims.Scope, OpenIdConnectConstants.Scopes.Phone)) + if (User.HasClaim(OpenIddictConstants.Claims.Scope, OpenIddictConstants.Scopes.Phone)) { - claims[OpenIdConnectConstants.Claims.PhoneNumber] = await _userManager.GetPhoneNumberAsync(user); - claims[OpenIdConnectConstants.Claims.PhoneNumberVerified] = await _userManager.IsPhoneNumberConfirmedAsync(user); + claims[OpenIddictConstants.Claims.PhoneNumber] = await _userManager.GetPhoneNumberAsync(user); + claims[OpenIddictConstants.Claims.PhoneNumberVerified] = await _userManager.IsPhoneNumberConfirmedAsync(user); } - if (User.HasClaim(OpenIdConnectConstants.Claims.Scope, OpenIddictConstants.Scopes.Roles)) + if (User.HasClaim(OpenIddictConstants.Claims.Scope, OpenIddictConstants.Scopes.Roles)) { claims[OpenIddictConstants.Claims.Roles] = JArray.FromObject(await _userManager.GetRolesAsync(user)); } diff --git a/samples/Mvc.Server/Startup.cs b/samples/Mvc.Server/Startup.cs index 8dff7db7..39ab158e 100644 --- a/samples/Mvc.Server/Startup.cs +++ b/samples/Mvc.Server/Startup.cs @@ -48,9 +48,9 @@ namespace Mvc.Server // which saves you from doing the mapping in your authorization controller. services.Configure(options => { - options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name; - options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject; - options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role; + options.ClaimsIdentity.UserNameClaimType = OpenIddictConstants.Claims.Name; + options.ClaimsIdentity.UserIdClaimType = OpenIddictConstants.Claims.Subject; + options.ClaimsIdentity.RoleClaimType = OpenIddictConstants.Claims.Role; }); services.AddOpenIddict() @@ -84,8 +84,8 @@ namespace Mvc.Server .AllowRefreshTokenFlow(); // Mark the "email", "profile" and "roles" scopes as supported scopes. - options.RegisterScopes(OpenIdConnectConstants.Scopes.Email, - OpenIdConnectConstants.Scopes.Profile, + options.RegisterScopes(OpenIddictConstants.Scopes.Email, + OpenIddictConstants.Scopes.Profile, OpenIddictConstants.Scopes.Roles); // When request caching is enabled, authorization and logout requests diff --git a/src/OpenIddict.Abstractions/OpenIddictConstants.cs b/src/OpenIddict.Abstractions/OpenIddictConstants.cs index a94babb0..3ca574d1 100644 --- a/src/OpenIddict.Abstractions/OpenIddictConstants.cs +++ b/src/OpenIddict.Abstractions/OpenIddictConstants.cs @@ -123,6 +123,61 @@ namespace OpenIddict.Abstractions public const string ConcurrencyError = "concurrency_error"; } + public static class GrantTypes + { + public const string AuthorizationCode = "authorization_code"; + public const string ClientCredentials = "client_credentials"; + public const string Implicit = "implicit"; + public const string Password = "password"; + public const string RefreshToken = "refresh_token"; + } + + public static class Metadata + { + public const string AcrValuesSupported = "acr_values_supported"; + public const string AuthorizationEndpoint = "authorization_endpoint"; + public const string ClaimsLocalesSupported = "claims_locales_supported"; + public const string ClaimsParameterSupported = "claims_parameter_supported"; + public const string ClaimsSupported = "claims_supported"; + public const string ClaimTypesSupported = "claim_types_supported"; + public const string CodeChallengeMethodsSupported = "code_challenge_methods_supported"; + public const string DisplayValuesSupported = "display_values_supported"; + public const string EndSessionEndpoint = "end_session_endpoint"; + public const string GrantTypesSupported = "grant_types_supported"; + public const string IdTokenEncryptionAlgValuesSupported = "id_token_encryption_alg_values_supported"; + public const string IdTokenEncryptionEncValuesSupported = "id_token_encryption_enc_values_supported"; + public const string IdTokenSigningAlgValuesSupported = "id_token_signing_alg_values_supported"; + public const string IntrospectionEndpoint = "introspection_endpoint"; + public const string IntrospectionEndpointAuthMethodsSupported = "introspection_endpoint_auth_methods_supported"; + public const string IntrospectionEndpointAuthSigningAlgValuesSupported = "introspection_endpoint_auth_signing_alg_values_supported"; + public const string Issuer = "issuer"; + public const string JwksUri = "jwks_uri"; + public const string OpPolicyUri = "op_policy_uri"; + public const string OpTosUri = "op_tos_uri"; + public const string RequestObjectEncryptionAlgValuesSupported = "request_object_encryption_alg_values_supported"; + public const string RequestObjectEncryptionEncValuesSupported = "request_object_encryption_enc_values_supported"; + public const string RequestObjectSigningAlgValuesSupported = "request_object_signing_alg_values_supported"; + public const string RequestParameterSupported = "request_parameter_supported"; + public const string RequestUriParameterSupported = "request_uri_parameter_supported"; + public const string RequireRequestUriRegistration = "require_request_uri_registration"; + public const string ResponseModesSupported = "response_modes_supported"; + public const string ResponseTypesSupported = "response_types_supported"; + public const string RevocationEndpoint = "revocation_endpoint"; + public const string RevocationEndpointAuthMethodsSupported = "revocation_endpoint_auth_methods_supported"; + public const string RevocationEndpointAuthSigningAlgValuesSupported = "revocation_endpoint_auth_signing_alg_values_supported"; + public const string ScopesSupported = "scopes_supported"; + public const string ServiceDocumentation = "service_documentation"; + public const string SubjectTypesSupported = "subject_types_supported"; + public const string TokenEndpoint = "token_endpoint"; + public const string TokenEndpointAuthMethodsSupported = "token_endpoint_auth_methods_supported"; + public const string TokenEndpointAuthSigningAlgValuesSupported = "token_endpoint_auth_signing_alg_values_supported"; + public const string UiLocalesSupported = "ui_locales_supported"; + public const string UserinfoEncryptionAlgValuesSupported = "userinfo_encryption_alg_values_supported"; + public const string UserinfoEncryptionEncValuesSupported = "userinfo_encryption_enc_values_supported"; + public const string UserinfoEndpoint = "userinfo_endpoint"; + public const string UserinfoSigningAlgValuesSupported = "userinfo_signing_alg_values_supported"; + } + public static class Parameters { public const string AccessToken = "access_token"; @@ -241,6 +296,21 @@ namespace OpenIddict.Abstractions public const string String = "#public_string"; } + public static class ResponseModes + { + public const string FormPost = "form_post"; + public const string Fragment = "fragment"; + public const string Query = "query"; + } + + public static class ResponseTypes + { + public const string Code = "code"; + public const string IdToken = "id_token"; + public const string None = "none"; + public const string Token = "token"; + } + public static class Separators { public const string Space = " "; diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs index fc5a52ea..da0e2af9 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs @@ -44,7 +44,7 @@ namespace OpenIddict.Server.Internal "an unsupported parameter: {Parameter}.", "request"); context.Reject( - error: OpenIdConnectConstants.Errors.RequestNotSupported, + error: OpenIddictConstants.Errors.RequestNotSupported, description: "The 'request' parameter is not supported."); return; @@ -57,7 +57,7 @@ namespace OpenIddict.Server.Internal "an unsupported parameter: {Parameter}.", "request_uri"); context.Reject( - error: OpenIdConnectConstants.Errors.RequestUriNotSupported, + error: OpenIddictConstants.Errors.RequestUriNotSupported, description: "The 'request_uri' parameter is not supported."); return; @@ -74,7 +74,7 @@ namespace OpenIddict.Server.Internal "request caching support was not enabled."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'request_id' parameter is not supported."); return; @@ -91,7 +91,7 @@ namespace OpenIddict.Server.Internal "or invalid request_id parameter was specified."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'request_id' parameter is invalid."); return; @@ -133,7 +133,7 @@ namespace OpenIddict.Server.Internal "response type is not supported.", context.Request.ResponseType); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedResponseType, + error: OpenIddictConstants.Errors.UnsupportedResponseType, description: "The specified 'response_type' parameter is not supported."); return; @@ -141,50 +141,50 @@ namespace OpenIddict.Server.Internal // Reject code flow authorization requests if the authorization code flow is not enabled. if (context.Request.IsAuthorizationCodeFlow() && - !options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode)) + !options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode)) { logger.LogError("The authorization request was rejected because " + "the authorization code flow was not enabled."); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedResponseType, + error: OpenIddictConstants.Errors.UnsupportedResponseType, description: "The specified 'response_type' parameter is not allowed."); return; } // Reject implicit flow authorization requests if the implicit flow is not enabled. - if (context.Request.IsImplicitFlow() && !options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit)) + if (context.Request.IsImplicitFlow() && !options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit)) { logger.LogError("The authorization request was rejected because the implicit flow was not enabled."); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedResponseType, + error: OpenIddictConstants.Errors.UnsupportedResponseType, description: "The specified 'response_type' parameter is not allowed."); return; } // Reject hybrid flow authorization requests if the authorization code or the implicit flows are not enabled. - if (context.Request.IsHybridFlow() && (!options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode) || - !options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit))) + if (context.Request.IsHybridFlow() && (!options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode) || + !options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit))) { logger.LogError("The authorization request was rejected because the " + "authorization code flow or the implicit flow was not enabled."); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedResponseType, + error: OpenIddictConstants.Errors.UnsupportedResponseType, description: "The specified 'response_type' parameter is not allowed."); return; } // Reject authorization requests that specify scope=offline_access if the refresh token flow is not enabled. - if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) && - !options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken)) + if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) && + !options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'offline_access' scope is not allowed."); return; @@ -211,7 +211,7 @@ namespace OpenIddict.Server.Internal logger.LogError("The authentication request was rejected because invalid scopes were specified: {Scopes}.", scopes); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidScope, + error: OpenIddictConstants.Errors.InvalidScope, description: "The specified 'scope' parameter is not valid."); return; @@ -229,7 +229,7 @@ namespace OpenIddict.Server.Internal "response mode is not supported.", context.Request.ResponseMode); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'response_mode' parameter is not supported."); return; @@ -242,7 +242,7 @@ namespace OpenIddict.Server.Internal if (string.IsNullOrEmpty(context.RedirectUri)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The mandatory 'redirect_uri' parameter is missing."); return; @@ -260,7 +260,7 @@ namespace OpenIddict.Server.Internal "required 'code_challenge_method' parameter was missing."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'code_challenge_method' parameter must be specified."); return; @@ -274,20 +274,20 @@ namespace OpenIddict.Server.Internal "'code_challenge_method' parameter was set to 'plain'."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'code_challenge_method' parameter is not allowed."); return; } // Reject authorization requests that contain response_type=token when a code_challenge is specified. - if (context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.Token)) + if (context.Request.HasResponseType(OpenIddictConstants.ResponseTypes.Token)) { logger.LogError("The authorization request was rejected because the " + "specified response type was not compatible with PKCE."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'response_type' parameter is not allowed when using PKCE."); return; @@ -302,7 +302,7 @@ namespace OpenIddict.Server.Internal "application was not found: '{ClientId}'.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'client_id' parameter is invalid."); return; @@ -317,10 +317,10 @@ namespace OpenIddict.Server.Internal // Note: when using the authorization code grant, ValidateTokenRequest is responsible of rejecting // the token request if the client_id corresponds to an unauthenticated confidential client. if (await applicationManager.IsConfidentialAsync(application) && - context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.Token)) + context.Request.HasResponseType(OpenIddictConstants.ResponseTypes.Token)) { context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "The specified 'response_type' parameter is not valid for this client application."); return; @@ -334,7 +334,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the authorization endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "This client application is not allowed to use the authorization endpoint."); return; @@ -350,7 +350,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the authorization code flow.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "The client application is not allowed to use the authorization code flow."); return; @@ -364,7 +364,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the implicit flow.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "The client application is not allowed to use the implicit flow."); return; @@ -379,7 +379,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the hybrid flow.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "The client application is not allowed to use the hybrid flow."); return; @@ -387,14 +387,14 @@ namespace OpenIddict.Server.Internal // Reject the request if the offline_access scope was request and if // the application is not allowed to use the refresh token grant type. - if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) && + if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) && !await applicationManager.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.RefreshToken)) { logger.LogError("The authorization request was rejected because the application '{ClientId}' " + "was not allowed to request the 'offline_access' scope.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The client application is not allowed to use the 'offline_access' scope."); return; @@ -409,7 +409,7 @@ namespace OpenIddict.Server.Internal "was invalid: '{RedirectUri}'.", context.RedirectUri); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'redirect_uri' parameter is not valid for this client application."); return; @@ -422,8 +422,8 @@ namespace OpenIddict.Server.Internal foreach (var scope in context.Request.GetScopes()) { // Avoid validating the "openid" and "offline_access" scopes as they represent protocol scopes. - if (string.Equals(scope, OpenIdConnectConstants.Scopes.OfflineAccess, StringComparison.Ordinal) || - string.Equals(scope, OpenIdConnectConstants.Scopes.OpenId, StringComparison.Ordinal)) + if (string.Equals(scope, OpenIddictConstants.Scopes.OfflineAccess, StringComparison.Ordinal) || + string.Equals(scope, OpenIddictConstants.Scopes.OpenId, StringComparison.Ordinal)) { continue; } @@ -435,7 +435,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the scope {Scope}.", context.ClientId, scope); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "This client application is not allowed to use the specified scope."); return; @@ -483,7 +483,7 @@ namespace OpenIddict.Server.Internal var address = QueryHelpers.AddQueryString( uri: context.HttpContext.Request.Scheme + "://" + context.HttpContext.Request.Host + context.HttpContext.Request.PathBase + context.HttpContext.Request.Path, - name: OpenIdConnectConstants.Parameters.RequestId, value: context.Request.RequestId); + name: OpenIddictConstants.Parameters.RequestId, value: context.Request.RequestId); context.HttpContext.Response.Redirect(address); diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs index 061fb05b..f236bfe5 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs @@ -45,18 +45,18 @@ namespace OpenIddict.Server.Internal "grant type is not supported.", context.Request.GrantType); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedGrantType, + error: OpenIddictConstants.Errors.UnsupportedGrantType, description: "The specified 'grant_type' parameter is not supported."); return; } // Reject token requests that specify scope=offline_access if the refresh token flow is not enabled. - if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) && - !options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken)) + if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) && + !options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'offline_access' scope is not allowed."); return; @@ -70,7 +70,7 @@ namespace OpenIddict.Server.Internal if (context.Request.IsAuthorizationCodeGrantType() && string.IsNullOrEmpty(context.Request.RedirectUri)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The mandatory 'redirect_uri' parameter is missing."); return; @@ -82,10 +82,10 @@ namespace OpenIddict.Server.Internal // that rejects grant_type=client_credentials requests containing the 'offline_access' scope. // See https://tools.ietf.org/html/rfc6749#section-4.4.3 for more information. if (context.Request.IsClientCredentialsGrantType() && - context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess)) + context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'offline_access' scope is not valid for the specified 'grant_type' parameter."); return; @@ -112,7 +112,7 @@ namespace OpenIddict.Server.Internal logger.LogError("The token request was rejected because invalid scopes were specified: {Scopes}.", scopes); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidScope, + error: OpenIddictConstants.Errors.InvalidScope, description: "The specified 'scope' parameter is not valid."); return; @@ -126,7 +126,7 @@ namespace OpenIddict.Server.Internal string.IsNullOrEmpty(context.Request.ClientSecret))) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'client_id' and 'client_secret' parameters are " + "required when using the client credentials grant."); @@ -147,7 +147,7 @@ namespace OpenIddict.Server.Internal "mandatory client_id parameter was missing or empty."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The mandatory 'client_id' parameter is missing."); return; @@ -169,7 +169,7 @@ namespace OpenIddict.Server.Internal "application was not found: '{ClientId}'.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified 'client_id' parameter is invalid."); return; @@ -187,7 +187,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the token endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "This client application is not allowed to use the token endpoint."); return; @@ -203,7 +203,7 @@ namespace OpenIddict.Server.Internal "use the specified grant type: {GrantType}.", context.ClientId, context.Request.GrantType); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "This client application is not allowed to use the specified grant type."); return; @@ -211,14 +211,14 @@ namespace OpenIddict.Server.Internal // Reject the request if the offline_access scope was request and if // the application is not allowed to use the refresh token grant type. - if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) && + if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) && !await applicationManager.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.RefreshToken)) { logger.LogError("The token request was rejected because the application '{ClientId}' " + "was not allowed to request the 'offline_access' scope.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The client application is not allowed to use the 'offline_access' scope."); return; @@ -234,7 +234,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the client credentials grant.", context.Request.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "The specified 'grant_type' parameter is not valid for this client application."); return; @@ -247,7 +247,7 @@ namespace OpenIddict.Server.Internal "was not allowed to send a client secret.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'client_secret' parameter is not valid for this client application."); return; @@ -271,7 +271,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' didn't specify a client secret.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The 'client_secret' parameter required for this client application is missing."); return; @@ -283,7 +283,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' didn't specify valid client credentials.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified client credentials are invalid."); return; @@ -296,8 +296,8 @@ namespace OpenIddict.Server.Internal foreach (var scope in context.Request.GetScopes()) { // Avoid validating the "openid" and "offline_access" scopes as they represent protocol scopes. - if (string.Equals(scope, OpenIdConnectConstants.Scopes.OfflineAccess, StringComparison.Ordinal) || - string.Equals(scope, OpenIdConnectConstants.Scopes.OpenId, StringComparison.Ordinal)) + if (string.Equals(scope, OpenIddictConstants.Scopes.OfflineAccess, StringComparison.Ordinal) || + string.Equals(scope, OpenIddictConstants.Scopes.OpenId, StringComparison.Ordinal)) { continue; } @@ -310,7 +310,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the scope {Scope}.", context.ClientId, scope); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "This client application is not allowed to use the specified scope."); return; @@ -385,7 +385,7 @@ namespace OpenIddict.Server.Internal "or refresh token '{Identifier}' has already been redeemed.", identifier); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidGrant, + error: OpenIddictConstants.Errors.InvalidGrant, description: context.Request.IsAuthorizationCodeGrantType() ? "The specified authorization code has already been redeemed." : "The specified refresh token has already been redeemed."); @@ -399,7 +399,7 @@ namespace OpenIddict.Server.Internal "or refresh token '{Identifier}' was no longer valid.", identifier); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidGrant, + error: OpenIddictConstants.Errors.InvalidGrant, description: context.Request.IsAuthorizationCodeGrantType() ? "The specified authorization code is no longer valid." : "The specified refresh token is no longer valid."); @@ -423,7 +423,7 @@ namespace OpenIddict.Server.Internal "the associated authorization was no longer valid."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidGrant, + error: OpenIddictConstants.Errors.InvalidGrant, description: context.Request.IsAuthorizationCodeGrantType() ? "The authorization associated with the authorization code is no longer valid." : "The authorization associated with the refresh token is no longer valid."); diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs index 2490132e..bcb8299c 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs @@ -44,7 +44,7 @@ namespace OpenIddict.Server.Internal { Principal = ticket.Principal, Status = OpenIddictConstants.Statuses.Valid, - Subject = ticket.Principal.GetClaim(OpenIdConnectConstants.Claims.Subject), + Subject = ticket.Principal.GetClaim(OpenIddictConstants.Claims.Subject), Type = OpenIddictConstants.AuthorizationTypes.AdHoc }; @@ -133,7 +133,7 @@ namespace OpenIddict.Server.Internal ExpirationDate = ticket.Properties.ExpiresUtc, Principal = ticket.Principal, Status = OpenIddictConstants.Statuses.Valid, - Subject = ticket.Principal.GetClaim(OpenIdConnectConstants.Claims.Subject), + Subject = ticket.Principal.GetClaim(OpenIddictConstants.Claims.Subject), Type = type }; diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs index a8c6f30a..b241262e 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs @@ -41,7 +41,7 @@ namespace OpenIddict.Server.Internal if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The mandatory 'client_id' and/or 'client_secret' parameters are missing."); return; @@ -55,7 +55,7 @@ namespace OpenIddict.Server.Internal "application was not found: '{ClientId}'.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified 'client_id' parameter is invalid."); return; @@ -73,7 +73,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the introspection endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "This client application is not allowed to use the introspection endpoint."); return; @@ -86,7 +86,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' was not allowed to use this endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "This client application is not allowed to use the introspection endpoint."); return; @@ -99,7 +99,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' didn't specify valid client credentials.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified client credentials are invalid."); return; diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs index 5a198957..8248ea20 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs @@ -43,7 +43,7 @@ namespace OpenIddict.Server.Internal if (string.Equals(context.Request.TokenTypeHint, OpenIdConnectConstants.TokenTypeHints.IdToken)) { context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedTokenType, + error: OpenIddictConstants.Errors.UnsupportedTokenType, description: "The specified 'token_type_hint' parameter is not supported."); return; @@ -53,7 +53,7 @@ namespace OpenIddict.Server.Internal string.Equals(context.Request.TokenTypeHint, OpenIdConnectConstants.TokenTypeHints.AccessToken)) { context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedTokenType, + error: OpenIddictConstants.Errors.UnsupportedTokenType, description: "The specified 'token_type_hint' parameter is not supported."); return; @@ -74,7 +74,7 @@ namespace OpenIddict.Server.Internal "mandatory client_id parameter was missing or empty."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The mandatory 'client_id' parameter is missing."); return; @@ -96,7 +96,7 @@ namespace OpenIddict.Server.Internal "application was not found: '{ClientId}'.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified 'client_id' parameter is invalid."); return; @@ -114,7 +114,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the revocation endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "This client application is not allowed to use the revocation endpoint."); return; @@ -129,7 +129,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' was not allowed to use this endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'client_secret' parameter is not valid for this client application."); return; @@ -153,7 +153,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' didn't specify a client secret.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The 'client_secret' parameter required for this client application is missing."); return; @@ -165,7 +165,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' didn't specify valid client credentials.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified client credentials are invalid."); return; @@ -193,7 +193,7 @@ namespace OpenIddict.Server.Internal logger.LogError("The revocation request was rejected because identity tokens are not revocable."); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedTokenType, + error: OpenIddictConstants.Errors.UnsupportedTokenType, description: "The specified token cannot be revoked."); return; @@ -205,7 +205,7 @@ namespace OpenIddict.Server.Internal logger.LogError("The revocation request was rejected because the access token was not revocable."); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedTokenType, + error: OpenIddictConstants.Errors.UnsupportedTokenType, description: "The specified token cannot be revoked."); return; diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs index 228bd287..c2f750de 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs @@ -45,7 +45,7 @@ namespace OpenIddict.Server.Internal "request caching support was not enabled."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'request_id' parameter is not supported."); return; @@ -62,7 +62,7 @@ namespace OpenIddict.Server.Internal "or invalid request_id parameter was specified."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'request_id' parameter is invalid."); return; @@ -104,7 +104,7 @@ namespace OpenIddict.Server.Internal "a valid absolute URL: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must be a valid absolute URL."); return; @@ -116,7 +116,7 @@ namespace OpenIddict.Server.Internal "a URL fragment: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must not include a fragment."); return; @@ -153,7 +153,7 @@ namespace OpenIddict.Server.Internal "was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'post_logout_redirect_uri' parameter is not valid."); return; @@ -200,7 +200,7 @@ namespace OpenIddict.Server.Internal var address = QueryHelpers.AddQueryString( uri: context.HttpContext.Request.Scheme + "://" + context.HttpContext.Request.Host + context.HttpContext.Request.PathBase + context.HttpContext.Request.Path, - name: OpenIdConnectConstants.Parameters.RequestId, value: context.Request.RequestId); + name: OpenIddictConstants.Parameters.RequestId, value: context.Request.RequestId); context.HttpContext.Response.Redirect(address); diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs index 6fd34027..95293133 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs @@ -100,15 +100,15 @@ namespace OpenIddict.Server.Internal // Always include the "openid" scope when the developer doesn't explicitly call SetScopes. // Note: the application is allowed to specify a different "scopes": in this case, // don't replace the "scopes" property stored in the authentication ticket. - if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OpenId) && !context.Ticket.HasScope()) + if (context.Request.HasScope(OpenIddictConstants.Scopes.OpenId) && !context.Ticket.HasScope()) { - context.Ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId); + context.Ticket.SetScopes(OpenIddictConstants.Scopes.OpenId); } - context.IncludeIdentityToken = context.Ticket.HasScope(OpenIdConnectConstants.Scopes.OpenId); + context.IncludeIdentityToken = context.Ticket.HasScope(OpenIddictConstants.Scopes.OpenId); } - context.IncludeRefreshToken = context.Ticket.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess); + context.IncludeRefreshToken = context.Ticket.HasScope(OpenIddictConstants.Scopes.OfflineAccess); // Always include a refresh token for grant_type=refresh_token requests if // rolling tokens are enabled and if the offline_access scope was specified. @@ -133,7 +133,7 @@ namespace OpenIddict.Server.Internal if (!await TryRedeemTokenAsync(token, context.HttpContext)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidGrant, + error: OpenIddictConstants.Errors.InvalidGrant, description: context.Request.IsAuthorizationCodeGrantType() ? "The specified authorization code is no longer valid." : "The specified refresh token is no longer valid."); diff --git a/src/OpenIddict.Server/OpenIddictServerBuilder.cs b/src/OpenIddict.Server/OpenIddictServerBuilder.cs index 855d8ab6..9e5e2d10 100644 --- a/src/OpenIddict.Server/OpenIddictServerBuilder.cs +++ b/src/OpenIddict.Server/OpenIddictServerBuilder.cs @@ -13,13 +13,13 @@ using System.Linq; using System.Reflection; using System.Security.Cryptography.X509Certificates; using System.Threading.Tasks; -using AspNet.Security.OpenIdConnect.Primitives; using JetBrains.Annotations; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Caching.Distributed; using Microsoft.IdentityModel.Tokens; +using OpenIddict.Abstractions; using OpenIddict.Extensions; using OpenIddict.Server; @@ -361,7 +361,7 @@ namespace Microsoft.Extensions.DependencyInjection /// /// The . public OpenIddictServerBuilder AllowAuthorizationCodeFlow() - => Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.AuthorizationCode)); + => Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.AuthorizationCode)); /// /// Enables client credentials flow support. For more information about this @@ -369,7 +369,7 @@ namespace Microsoft.Extensions.DependencyInjection /// /// The . public OpenIddictServerBuilder AllowClientCredentialsFlow() - => Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.ClientCredentials)); + => Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.ClientCredentials)); /// /// Enables custom grant type support. @@ -394,7 +394,7 @@ namespace Microsoft.Extensions.DependencyInjection /// /// The . public OpenIddictServerBuilder AllowImplicitFlow() - => Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.Implicit)); + => Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.Implicit)); /// /// Enables password flow support. For more information about this specific @@ -402,7 +402,7 @@ namespace Microsoft.Extensions.DependencyInjection /// /// The . public OpenIddictServerBuilder AllowPasswordFlow() - => Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.Password)); + => Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.Password)); /// /// Enables refresh token flow support. For more information about this @@ -410,7 +410,7 @@ namespace Microsoft.Extensions.DependencyInjection /// /// The . public OpenIddictServerBuilder AllowRefreshTokenFlow() - => Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.RefreshToken)); + => Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.RefreshToken)); /// /// Disables authorization storage so that ad-hoc authorizations are diff --git a/src/OpenIddict.Server/OpenIddictServerExtensions.cs b/src/OpenIddict.Server/OpenIddictServerExtensions.cs index 017579f6..4d83520e 100644 --- a/src/OpenIddict.Server/OpenIddictServerExtensions.cs +++ b/src/OpenIddict.Server/OpenIddictServerExtensions.cs @@ -7,7 +7,6 @@ using System; using System.Linq; using System.Text; -using AspNet.Security.OpenIdConnect.Primitives; using AspNet.Security.OpenIdConnect.Server; using JetBrains.Annotations; using Microsoft.AspNetCore.Authentication; @@ -17,6 +16,7 @@ using Microsoft.Extensions.Caching.Distributed; using Microsoft.Extensions.DependencyInjection.Extensions; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; +using OpenIddict.Abstractions; using OpenIddict.Server; using OpenIddict.Server.Internal; @@ -164,8 +164,8 @@ namespace Microsoft.Extensions.DependencyInjection // Ensure the authorization endpoint has been enabled when // the authorization code or implicit grants are supported. - if (!options.AuthorizationEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode) || - options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit))) + if (!options.AuthorizationEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode) || + options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit))) { throw new InvalidOperationException("The authorization endpoint must be enabled to use " + "the authorization code and implicit flows."); @@ -173,10 +173,10 @@ namespace Microsoft.Extensions.DependencyInjection // Ensure the token endpoint has been enabled when the authorization code, // client credentials, password or refresh token grants are supported. - if (!options.TokenEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode) || - options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.ClientCredentials) || - options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Password) || - options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken))) + if (!options.TokenEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode) || + options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.ClientCredentials) || + options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Password) || + options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken))) { throw new InvalidOperationException( "The token endpoint must be enabled to use the authorization code, client credentials, password and refresh token flows."); @@ -220,7 +220,7 @@ namespace Microsoft.Extensions.DependencyInjection // Ensure at least one asymmetric signing certificate/key was registered if the implicit flow was enabled. if (!options.SigningCredentials.Any(credentials => credentials.Key is AsymmetricSecurityKey) && - options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit)) + options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit)) { throw new InvalidOperationException(new StringBuilder() .AppendLine("At least one asymmetric signing key must be registered when enabling the implicit flow.") @@ -231,9 +231,9 @@ namespace Microsoft.Extensions.DependencyInjection } // Automatically add the offline_access scope if the refresh token grant has been enabled. - if (options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken)) + if (options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken)) { - options.Scopes.Add(OpenIdConnectConstants.Scopes.OfflineAccess); + options.Scopes.Add(OpenIddictConstants.Scopes.OfflineAccess); } return app.UseOpenIdConnectServer(options); diff --git a/src/OpenIddict.Server/OpenIddictServerOptions.cs b/src/OpenIddict.Server/OpenIddictServerOptions.cs index e94ad6ad..9c674919 100644 --- a/src/OpenIddict.Server/OpenIddictServerOptions.cs +++ b/src/OpenIddict.Server/OpenIddictServerOptions.cs @@ -7,9 +7,9 @@ using System; using System.Collections.Generic; using System.Security.Cryptography; -using AspNet.Security.OpenIdConnect.Primitives; using AspNet.Security.OpenIdConnect.Server; using Microsoft.Extensions.Caching.Distributed; +using OpenIddict.Abstractions; using OpenIddict.Server.Internal; namespace OpenIddict.Server @@ -45,12 +45,12 @@ namespace OpenIddict.Server /// public ISet Claims { get; } = new HashSet(StringComparer.Ordinal) { - OpenIdConnectConstants.Claims.Audience, - OpenIdConnectConstants.Claims.ExpiresAt, - OpenIdConnectConstants.Claims.IssuedAt, - OpenIdConnectConstants.Claims.Issuer, - OpenIdConnectConstants.Claims.JwtId, - OpenIdConnectConstants.Claims.Subject + OpenIddictConstants.Claims.Audience, + OpenIddictConstants.Claims.ExpiresAt, + OpenIddictConstants.Claims.IssuedAt, + OpenIddictConstants.Claims.Issuer, + OpenIddictConstants.Claims.JwtId, + OpenIddictConstants.Claims.Subject }; /// @@ -127,7 +127,7 @@ namespace OpenIddict.Server /// public ISet Scopes { get; } = new HashSet(StringComparer.Ordinal) { - OpenIdConnectConstants.Scopes.OpenId + OpenIddictConstants.Scopes.OpenId }; /// diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Authentication.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Authentication.cs index 83b5295d..0aa883a4 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Authentication.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Authentication.cs @@ -41,12 +41,12 @@ namespace OpenIddict.Server.Internal.Tests Request = "eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOi8vd3d3LmZhYnJpa2FtLmNvbSIsImF1ZCI6Imh0" + "dHA6Ly93d3cuY29udG9zby5jb20iLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNsaWVudF9pZCI6" + "IkZhYnJpa2FtIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovL3d3dy5mYWJyaWthbS5jb20vcGF0aCJ9.", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, - Scope = OpenIdConnectConstants.Scopes.OpenId + ResponseType = OpenIddictConstants.ResponseTypes.Code, + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.RequestNotSupported, response.Error); + Assert.Equal(OpenIddictConstants.Errors.RequestNotSupported, response.Error); Assert.Equal("The 'request' parameter is not supported.", response.ErrorDescription); } @@ -64,12 +64,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", RequestUri = "http://www.fabrikam.com/request/GkurKxf5T0Y-mnPFCHqWOMiZi4VS138cQO_V7PZHAdM", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, - Scope = OpenIdConnectConstants.Scopes.OpenId + ResponseType = OpenIddictConstants.ResponseTypes.Code, + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.RequestUriNotSupported, response.Error); + Assert.Equal(OpenIddictConstants.Errors.RequestUriNotSupported, response.Error); Assert.Equal("The 'request_uri' parameter is not supported.", response.ErrorDescription); } @@ -88,7 +88,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'request_id' parameter is not supported.", response.ErrorDescription); } @@ -112,7 +112,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'request_id' parameter is invalid.", response.ErrorDescription); } @@ -129,11 +129,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.None + ResponseType = OpenIddictConstants.ResponseTypes.None }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedResponseType, response.Error); Assert.Equal("The specified 'response_type' parameter is not supported.", response.ErrorDescription); } @@ -154,21 +154,21 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedResponseType, response.Error); Assert.Equal("The specified 'response_type' parameter is not supported.", response.ErrorDescription); } [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code")] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code id_token")] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code id_token token")] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "code id_token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "code id_token token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "code token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "id_token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "id_token token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "token")] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code")] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code id_token")] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code id_token token")] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "code id_token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "code id_token token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "code token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "id_token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "id_token token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "token")] public async Task ValidateAuthorizationRequest_RequestIsRejectedWhenCorrespondingFlowIsDisabled(string flow, string type) { // Arrange @@ -186,11 +186,11 @@ namespace OpenIddict.Server.Internal.Tests Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, - Scope = OpenIdConnectConstants.Scopes.OpenId + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedResponseType, response.Error); Assert.Equal("The specified 'response_type' parameter is not allowed.", response.ErrorDescription); } @@ -216,12 +216,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, Scope = "unregistered_scope" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidScope, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidScope, response.Error); Assert.Equal("The specified 'scope' parameter is not valid.", response.ErrorDescription); } @@ -256,7 +256,7 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Token, + ResponseType = OpenIddictConstants.ResponseTypes.Token, Scope = "registered_scope" }); @@ -313,7 +313,7 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Token, + ResponseType = OpenIddictConstants.ResponseTypes.Token, Scope = "scope_registered_in_database scope_registered_in_options" }); @@ -330,7 +330,7 @@ namespace OpenIddict.Server.Internal.Tests // Arrange var server = CreateAuthorizationServer(builder => { - builder.Configure(options => options.GrantTypes.Remove(OpenIdConnectConstants.GrantTypes.RefreshToken)); + builder.Configure(options => options.GrantTypes.Remove(OpenIddictConstants.GrantTypes.RefreshToken)); }); var client = new OpenIdConnectClient(server.CreateClient()); @@ -340,12 +340,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + ResponseType = OpenIddictConstants.ResponseTypes.Code, + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'offline_access' scope is not allowed.", response.ErrorDescription); } @@ -363,11 +363,11 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", ResponseMode = "unknown_response_mode", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'response_mode' parameter is not supported.", response.ErrorDescription); } @@ -384,11 +384,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = null, - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The mandatory 'redirect_uri' parameter is missing.", response.ErrorDescription); } @@ -407,11 +407,11 @@ namespace OpenIddict.Server.Internal.Tests CodeChallenge = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM", CodeChallengeMethod = null, RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'code_challenge_method' parameter must be specified.", response.ErrorDescription); } @@ -430,11 +430,11 @@ namespace OpenIddict.Server.Internal.Tests CodeChallenge = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM", CodeChallengeMethod = OpenIdConnectConstants.CodeChallengeMethods.Plain, RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'code_challenge_method' parameter is not allowed.", response.ErrorDescription); } @@ -457,11 +457,11 @@ namespace OpenIddict.Server.Internal.Tests Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, - Scope = OpenIdConnectConstants.Scopes.OpenId + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'response_type' parameter is not allowed when using PKCE.", response.ErrorDescription); } @@ -487,11 +487,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -530,11 +530,11 @@ namespace OpenIddict.Server.Internal.Tests Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, - Scope = OpenIdConnectConstants.Scopes.OpenId + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("The specified 'response_type' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -571,11 +571,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the authorization endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -646,11 +646,11 @@ namespace OpenIddict.Server.Internal.Tests Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, - Scope = OpenIdConnectConstants.Scopes.OpenId + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal(description, response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -691,12 +691,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + ResponseType = OpenIddictConstants.ResponseTypes.Code, + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The client application is not allowed to use the 'offline_access' scope.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, @@ -730,11 +730,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'redirect_uri' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -757,19 +757,19 @@ namespace OpenIddict.Server.Internal.Tests instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Profile, It.IsAny())) + OpenIddictConstants.Scopes.Profile, It.IsAny())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Email, It.IsAny())) + OpenIddictConstants.Scopes.Email, It.IsAny())) .ReturnsAsync(false); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); - builder.RegisterScopes(OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile); + builder.RegisterScopes(OpenIddictConstants.Scopes.Email, OpenIddictConstants.Scopes.Profile); builder.Configure(options => options.IgnoreScopePermissions = false); }); @@ -780,26 +780,26 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, Scope = "openid offline_access profile email" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("This client application is not allowed to use the specified scope.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.OpenId, It.IsAny()), Times.Never()); + OpenIddictConstants.Scopes.OpenId, It.IsAny()), Times.Never()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.OfflineAccess, It.IsAny()), Times.Never()); + OpenIddictConstants.Scopes.OfflineAccess, It.IsAny()), Times.Never()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Profile, It.IsAny()), Times.Once()); + OpenIddictConstants.Scopes.Profile, It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Email, It.IsAny()), Times.Once()); + OpenIddictConstants.Scopes.Email, It.IsAny()), Times.Once()); } [Fact] @@ -845,10 +845,10 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Token + ResponseType = OpenIddictConstants.ResponseTypes.Token }); - var identifier = (string) response[OpenIdConnectConstants.Parameters.RequestId]; + var identifier = (string) response[OpenIddictConstants.Parameters.RequestId]; // Assert Assert.Single(response.GetParameters()); @@ -915,7 +915,7 @@ namespace OpenIddict.Server.Internal.Tests Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, - Scope = OpenIdConnectConstants.Scopes.OpenId + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert @@ -932,7 +932,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Token + ResponseType = OpenIddictConstants.ResponseTypes.Token }; var stream = new MemoryStream(); @@ -1006,7 +1006,7 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.SendAsync(HttpMethod.Put, AuthorizationEndpoint, new OpenIdConnectRequest()); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified HTTP method is not valid.", response.ErrorDescription); } @@ -1030,7 +1030,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, (string) response["error_custom"]); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, (string) response["error_custom"]); } } } diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Discovery.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Discovery.cs index 16f972e1..14a712eb 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Discovery.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Discovery.cs @@ -9,6 +9,7 @@ using System.Threading.Tasks; using AspNet.Security.OpenIdConnect.Client; using AspNet.Security.OpenIdConnect.Primitives; using Newtonsoft.Json.Linq; +using OpenIddict.Abstractions; using Xunit; namespace OpenIddict.Server.Internal.Tests @@ -33,11 +34,11 @@ namespace OpenIddict.Server.Internal.Tests } [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)] - [InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit)] - [InlineData(OpenIdConnectConstants.GrantTypes.Password)] - [InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)] + [InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)] + [InlineData(OpenIddictConstants.GrantTypes.Implicit)] + [InlineData(OpenIddictConstants.GrantTypes.Password)] + [InlineData(OpenIddictConstants.GrantTypes.RefreshToken)] public async Task HandleConfigurationRequest_EnabledFlowsAreReturned(string flow) { // Arrange @@ -69,7 +70,7 @@ namespace OpenIddict.Server.Internal.Tests { builder.Configure(options => { - options.GrantTypes.Remove(OpenIdConnectConstants.GrantTypes.RefreshToken); + options.GrantTypes.Remove(OpenIddictConstants.GrantTypes.RefreshToken); options.Scopes.Clear(); }); }); @@ -84,7 +85,7 @@ namespace OpenIddict.Server.Internal.Tests } [Theory] - [InlineData(OpenIdConnectConstants.Scopes.OpenId)] + [InlineData(OpenIddictConstants.Scopes.OpenId)] public async Task HandleConfigurationRequest_DefaultScopesAreReturned(string scope) { // Arrange @@ -133,7 +134,7 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.GetAsync(ConfigurationEndpoint); // Assert - Assert.Contains(OpenIdConnectConstants.Scopes.OfflineAccess, + Assert.Contains(OpenIddictConstants.Scopes.OfflineAccess, ((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values()); } @@ -147,7 +148,7 @@ namespace OpenIddict.Server.Internal.Tests { // Note: at least one flow must be enabled. options.GrantTypes.Clear(); - options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.AuthorizationCode); + options.GrantTypes.Add(OpenIddictConstants.GrantTypes.AuthorizationCode); }); }); @@ -157,7 +158,7 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.GetAsync(ConfigurationEndpoint); // Assert - Assert.DoesNotContain(OpenIdConnectConstants.Scopes.OfflineAccess, + Assert.DoesNotContain(OpenIddictConstants.Scopes.OfflineAccess, ((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values()); } @@ -193,12 +194,12 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Equal(6, claims.Length); - Assert.Contains(OpenIdConnectConstants.Claims.Audience, claims); - Assert.Contains(OpenIdConnectConstants.Claims.ExpiresAt, claims); - Assert.Contains(OpenIdConnectConstants.Claims.IssuedAt, claims); - Assert.Contains(OpenIdConnectConstants.Claims.Issuer, claims); - Assert.Contains(OpenIdConnectConstants.Claims.JwtId, claims); - Assert.Contains(OpenIdConnectConstants.Claims.Subject, claims); + Assert.Contains(OpenIddictConstants.Claims.Audience, claims); + Assert.Contains(OpenIddictConstants.Claims.ExpiresAt, claims); + Assert.Contains(OpenIddictConstants.Claims.IssuedAt, claims); + Assert.Contains(OpenIddictConstants.Claims.Issuer, claims); + Assert.Contains(OpenIddictConstants.Claims.JwtId, claims); + Assert.Contains(OpenIddictConstants.Claims.Subject, claims); } [Fact] diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs index bf1936a2..eb3fbae4 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs @@ -25,10 +25,10 @@ namespace OpenIddict.Server.Internal.Tests public partial class OpenIddictServerProviderTests { [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)] - [InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)] - [InlineData(OpenIdConnectConstants.GrantTypes.Password)] - [InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)] + [InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)] + [InlineData(OpenIddictConstants.GrantTypes.Password)] + [InlineData(OpenIddictConstants.GrantTypes.RefreshToken)] public async Task ValidateTokenRequest_RequestIsRejectedWhenFlowIsNotEnabled(string flow) { // Arrange @@ -50,7 +50,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedGrantType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedGrantType, response.Error); Assert.Equal("The specified 'grant_type' parameter is not supported.", response.ErrorDescription); } @@ -60,7 +60,7 @@ namespace OpenIddict.Server.Internal.Tests // Arrange var server = CreateAuthorizationServer(builder => { - builder.Configure(options => options.GrantTypes.Remove(OpenIdConnectConstants.GrantTypes.RefreshToken)); + builder.Configure(options => options.GrantTypes.Remove(OpenIddictConstants.GrantTypes.RefreshToken)); }); var client = new OpenIdConnectClient(server.CreateClient()); @@ -68,14 +68,14 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'offline_access' scope is not allowed.", response.ErrorDescription); } @@ -92,12 +92,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = null }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The mandatory 'redirect_uri' parameter is missing.", response.ErrorDescription); } @@ -121,14 +121,14 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", Scope = "unregistered_scope" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidScope, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidScope, response.Error); Assert.Equal("The specified 'scope' parameter is not valid.", response.ErrorDescription); } @@ -146,7 +146,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", Scope = "registered_scope" @@ -188,7 +188,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", Scope = "scope_registered_in_database scope_registered_in_options" @@ -212,12 +212,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.ClientCredentials, - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + GrantType = OpenIddictConstants.GrantTypes.ClientCredentials, + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'offline_access' scope is not valid for the specified 'grant_type' parameter.", response.ErrorDescription); } @@ -236,11 +236,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = identifier, ClientSecret = secret, - GrantType = OpenIdConnectConstants.GrantTypes.ClientCredentials + GrantType = OpenIddictConstants.GrantTypes.ClientCredentials }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'client_id' and 'client_secret' parameters are " + "required when using the client credentials grant.", response.ErrorDescription); } @@ -260,13 +260,13 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = null, - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The mandatory 'client_id' parameter is missing.", response.ErrorDescription); } @@ -291,13 +291,13 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -332,13 +332,13 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the token endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -375,13 +375,13 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the specified grant type.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -422,14 +422,14 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The client application is not allowed to use the 'offline_access' scope.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, @@ -463,11 +463,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", - GrantType = OpenIdConnectConstants.GrantTypes.ClientCredentials + GrantType = OpenIddictConstants.GrantTypes.ClientCredentials }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("The specified 'grant_type' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -501,13 +501,13 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'client_secret' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -541,13 +541,13 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = null, - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -581,13 +581,13 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = null, - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -624,13 +624,13 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -657,12 +657,12 @@ namespace OpenIddict.Server.Internal.Tests instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Profile, It.IsAny())) + OpenIddictConstants.Scopes.Profile, It.IsAny())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Email, It.IsAny())) + OpenIddictConstants.Scopes.Email, It.IsAny())) .ReturnsAsync(false); instance.Setup(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny())) @@ -672,7 +672,7 @@ namespace OpenIddict.Server.Internal.Tests var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); - builder.RegisterScopes(OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile); + builder.RegisterScopes(OpenIddictConstants.Scopes.Email, OpenIddictConstants.Scopes.Profile); builder.Configure(options => options.IgnoreScopePermissions = false); }); @@ -683,28 +683,28 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", Scope = "openid offline_access profile email" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("This client application is not allowed to use the specified scope.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.OpenId, It.IsAny()), Times.Never()); + OpenIddictConstants.Scopes.OpenId, It.IsAny()), Times.Never()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.OfflineAccess, It.IsAny()), Times.Never()); + OpenIddictConstants.Scopes.OfflineAccess, It.IsAny()), Times.Never()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Profile, It.IsAny()), Times.Once()); + OpenIddictConstants.Scopes.Profile, It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Email, It.IsAny()), Times.Once()); + OpenIddictConstants.Scopes.Email, It.IsAny()), Times.Once()); } [Fact] @@ -752,7 +752,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -802,7 +802,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -859,12 +859,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -916,12 +916,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny()), Times.Once()); @@ -984,12 +984,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -1050,12 +1050,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny()), Times.Once()); @@ -1134,12 +1134,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -1215,12 +1215,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -1308,12 +1308,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -1401,12 +1401,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -1476,12 +1476,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -1546,12 +1546,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny()), Times.Once()); @@ -1629,7 +1629,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -1712,7 +1712,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -1791,12 +1791,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The authorization associated with the authorization code is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -1876,12 +1876,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The authorization associated with the authorization code is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -1955,12 +1955,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The authorization associated with the refresh token is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -2038,12 +2038,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The authorization associated with the refresh token is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -2051,16 +2051,16 @@ namespace OpenIddict.Server.Internal.Tests } [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)] - [InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)] - [InlineData(OpenIdConnectConstants.GrantTypes.Password)] - [InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)] + [InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)] + [InlineData(OpenIddictConstants.GrantTypes.Password)] + [InlineData(OpenIddictConstants.GrantTypes.RefreshToken)] [InlineData("urn:ietf:params:oauth:grant-type:custom_grant")] public async Task HandleTokenRequest_RequestsAreNotHandledLocally(string flow) { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -2071,12 +2071,12 @@ namespace OpenIddict.Server.Internal.Tests switch (flow) { - case OpenIdConnectConstants.GrantTypes.AuthorizationCode: + case OpenIddictConstants.GrantTypes.AuthorizationCode: ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); ticket.SetPresenters("Fabrikam"); break; - case OpenIdConnectConstants.GrantTypes.RefreshToken: + case OpenIddictConstants.GrantTypes.RefreshToken: ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); break; } diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs index 37d9d7e2..500f04bd 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs @@ -40,7 +40,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The mandatory 'client_id' and/or 'client_secret' parameters are missing.", response.ErrorDescription); } @@ -70,7 +70,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -110,7 +110,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the introspection endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -149,7 +149,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("This client application is not allowed to use the introspection endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -190,7 +190,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -206,7 +206,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -252,7 +252,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); } [Fact] @@ -260,7 +260,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -306,7 +306,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); } [Fact] @@ -314,7 +314,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -361,7 +361,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); } [Fact] @@ -369,7 +369,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var manager = CreateTokenManager(instance => { @@ -410,7 +410,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI", It.IsAny()), Times.Once()); @@ -421,7 +421,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -502,7 +502,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Never()); } @@ -512,7 +512,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -592,7 +592,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); } @@ -602,7 +602,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -687,7 +687,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.IsValidAsync(authorization, It.IsAny()), Times.Once()); @@ -698,7 +698,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -769,7 +769,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.IsValidAsync(token, It.IsAny()), Times.Once()); diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs index fe9c65df..d88530cb 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs @@ -43,7 +43,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedTokenType, response.Error); Assert.Equal("The specified 'token_type_hint' parameter is not supported.", response.ErrorDescription); } @@ -66,7 +66,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The mandatory 'client_id' parameter is missing.", response.ErrorDescription); } @@ -96,7 +96,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -137,7 +137,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the revocation endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -177,7 +177,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'client_secret' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -216,7 +216,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -255,7 +255,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -297,7 +297,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -336,7 +336,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedTokenType, response.Error); Assert.Equal("The specified token cannot be revoked.", response.ErrorDescription); format.Verify(mock => mock.Unprotect("SlAV32hkKG"), Times.Once()); @@ -351,7 +351,7 @@ namespace OpenIddict.Server.Internal.Tests mock.ValidTo == DateTime.UtcNow.AddDays(1)); var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.TokenUsage, OpenIdConnectConstants.TokenUsages.IdToken); + identity.AddClaim(OpenIddictConstants.Claims.TokenUsage, OpenIdConnectConstants.TokenUsages.IdToken); var handler = new Mock(); @@ -376,7 +376,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedTokenType, response.Error); Assert.Equal("The specified token cannot be revoked.", response.ErrorDescription); handler.As() diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs index 1500ae4c..2d540ae6 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs @@ -67,7 +67,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Never()); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Never()); @@ -78,7 +78,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -138,7 +138,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.True((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.True((bool) response[OpenIddictConstants.Claims.Active]); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Once()); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync(It.IsAny(), It.IsAny()), Times.Never()); @@ -193,7 +193,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny()), Times.AtLeastOnce()); @@ -251,7 +251,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny()), Times.AtLeastOnce()); @@ -316,7 +316,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny()), Times.AtLeastOnce()); @@ -328,7 +328,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -411,10 +411,10 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.True((bool) response[OpenIdConnectConstants.Claims.Active]); - Assert.Equal("070AAEDE-38BF-41BE-870C-4E5A73E54566", response[OpenIdConnectConstants.Claims.JwtId]); - Assert.Equal(1483228800, (long) response[OpenIdConnectConstants.Claims.IssuedAt]); - Assert.Equal(1484006400, (long) response[OpenIdConnectConstants.Claims.ExpiresAt]); + Assert.True((bool) response[OpenIddictConstants.Claims.Active]); + Assert.Equal("070AAEDE-38BF-41BE-870C-4E5A73E54566", response[OpenIddictConstants.Claims.JwtId]); + Assert.Equal(1483228800, (long) response[OpenIddictConstants.Claims.IssuedAt]); + Assert.Equal(1484006400, (long) response[OpenIddictConstants.Claims.ExpiresAt]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny()), Times.Once()); @@ -459,12 +459,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "2YotnFZFEjr1zCsicMWpAA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Never()); @@ -476,7 +476,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -534,7 +534,7 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "2YotnFZFEjr1zCsicMWpAA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -589,12 +589,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -648,12 +648,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -714,12 +714,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -732,7 +732,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -809,7 +809,7 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -826,7 +826,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -865,12 +865,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "2YotnFZFEjr1zCsicMWpAA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); } @@ -910,12 +910,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "2YotnFZFEjr1zCsicMWpAA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Once()); @@ -926,7 +926,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -996,7 +996,7 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "2YotnFZFEjr1zCsicMWpAA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -1042,12 +1042,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "2YotnFZFEjr1zCsicMWpAA" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Never()); @@ -1059,7 +1059,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -1099,7 +1099,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "2YotnFZFEjr1zCsicMWpAA" }); @@ -1137,12 +1137,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -1179,12 +1179,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -1228,12 +1228,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -1246,7 +1246,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -1304,7 +1304,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ" }); @@ -1321,7 +1321,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -1343,12 +1343,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "2YotnFZFEjr1zCsicMWpAA" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); } @@ -1371,12 +1371,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "2YotnFZFEjr1zCsicMWpAA" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Once()); @@ -1387,7 +1387,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -1439,7 +1439,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "2YotnFZFEjr1zCsicMWpAA" }); @@ -1466,10 +1466,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -1519,10 +1519,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -1584,10 +1584,10 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -1634,10 +1634,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess, + Scope = OpenIddictConstants.Scopes.OfflineAccess, ["attach-authorization"] = true }); @@ -1689,7 +1689,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert @@ -1751,7 +1751,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert @@ -1824,7 +1824,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert @@ -1888,7 +1888,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert @@ -1952,7 +1952,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, ["attach-authorization"] = true }); @@ -1978,7 +1978,7 @@ namespace OpenIddict.Server.Internal.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -2026,7 +2026,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -2059,10 +2059,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -2105,10 +2105,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -2162,10 +2162,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -2225,10 +2225,10 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -2273,10 +2273,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess, + Scope = OpenIddictConstants.Scopes.OfflineAccess, ["attach-authorization"] = true }); diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs index 7430d376..2b973ab7 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs @@ -37,7 +37,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'request_id' parameter is not supported.", response.ErrorDescription); } @@ -61,7 +61,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'request_id' parameter is invalid.", response.ErrorDescription); } @@ -84,7 +84,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal(message, response.ErrorDescription); } @@ -112,7 +112,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'post_logout_redirect_uri' parameter is not valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByPostLogoutRedirectUriAsync("http://www.fabrikam.com/path", It.IsAny()), Times.Once()); @@ -154,7 +154,7 @@ namespace OpenIddict.Server.Internal.Tests PostLogoutRedirectUri = "http://www.fabrikam.com/path" }); - var identifier = (string) response[OpenIdConnectConstants.Parameters.RequestId]; + var identifier = (string) response[OpenIddictConstants.Parameters.RequestId]; // Assert Assert.Single(response.GetParameters()); @@ -215,7 +215,7 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.SendAsync(HttpMethod.Put, LogoutEndpoint, new OpenIdConnectRequest()); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified HTTP method is not valid.", response.ErrorDescription); } @@ -243,7 +243,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, (string) response["error_custom"]); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, (string) response["error_custom"]); } } } diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Userinfo.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Userinfo.cs index 5dcde5df..26a1a9c6 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Userinfo.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Userinfo.cs @@ -7,6 +7,7 @@ using System.Threading.Tasks; using AspNet.Security.OpenIdConnect.Client; using AspNet.Security.OpenIdConnect.Primitives; +using OpenIddict.Abstractions; using Xunit; namespace OpenIddict.Server.Internal.Tests @@ -27,8 +28,8 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal("SlAV32hkKG", (string) response[OpenIdConnectConstants.Parameters.AccessToken]); - Assert.Equal("Bob le Bricoleur", (string) response[OpenIdConnectConstants.Claims.Subject]); + Assert.Equal("SlAV32hkKG", (string) response[OpenIddictConstants.Parameters.AccessToken]); + Assert.Equal("Bob le Bricoleur", (string) response[OpenIddictConstants.Claims.Subject]); } } } diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs index 1e84e238..2bf13125 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs @@ -74,7 +74,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, ["attach-public-parameters"] = true, ["deny-authorization"] = true }); @@ -98,10 +98,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess, + Scope = OpenIddictConstants.Scopes.OfflineAccess, ["attach-public-parameters"] = true, ["deny-authorization"] = true }); @@ -129,7 +129,7 @@ namespace OpenIddict.Server.Internal.Tests { return client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", ["use-null-authentication-type"] = true @@ -148,7 +148,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -157,7 +157,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); ticket.SetProperty("custom_property_in_original_ticket", "original_value"); var format = new Mock>(); @@ -199,7 +199,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8", ["do-not-flow-original-properties"] = true }); @@ -219,7 +219,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -229,7 +229,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetPresenters("Fabrikam"); ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -280,7 +280,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -293,7 +293,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -302,7 +302,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -343,7 +343,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -356,7 +356,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -365,7 +365,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -401,7 +401,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -414,7 +414,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -469,7 +469,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -483,7 +483,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -541,12 +541,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -558,7 +558,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -567,7 +567,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -608,7 +608,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -624,7 +624,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -633,7 +633,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -677,12 +677,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny()), Times.Once()); @@ -694,7 +694,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -703,7 +703,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -736,7 +736,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -752,7 +752,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -761,7 +761,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -828,7 +828,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -846,7 +846,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -855,7 +855,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); var format = new Mock>(); @@ -915,7 +915,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -940,7 +940,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -985,7 +985,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -1008,7 +1008,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -1052,7 +1052,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -1075,7 +1075,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -1123,7 +1123,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -1185,7 +1185,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, }); // Assert @@ -1251,7 +1251,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, }); // Assert @@ -1288,7 +1288,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, ["attach-public-parameters"] = true }); @@ -1311,10 +1311,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess, + Scope = OpenIddictConstants.Scopes.OfflineAccess, ["attach-public-parameters"] = true }); @@ -1345,10 +1345,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess, + Scope = OpenIddictConstants.Scopes.OfflineAccess, ["attach-public-parameters"] = true }); @@ -1474,7 +1474,7 @@ namespace OpenIddict.Server.Internal.Tests return context.HttpContext.Response.WriteAsync(JsonConvert.SerializeObject(new { - error_custom = OpenIdConnectConstants.Errors.InvalidRequest + error_custom = OpenIddictConstants.Errors.InvalidRequest })); }); @@ -1504,7 +1504,7 @@ namespace OpenIddict.Server.Internal.Tests new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme) : new ClaimsIdentity(); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Magnifique"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Magnifique"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), diff --git a/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs b/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs index a7c00772..b9d334b6 100644 --- a/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs +++ b/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs @@ -8,7 +8,6 @@ using System; using System.IdentityModel.Tokens.Jwt; using System.Reflection; using System.Threading.Tasks; -using AspNet.Security.OpenIdConnect.Primitives; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Caching.Distributed; @@ -16,6 +15,7 @@ using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; using Moq; +using OpenIddict.Abstractions; using Xunit; using static OpenIddict.Server.OpenIddictServerEvents; @@ -252,7 +252,7 @@ namespace OpenIddict.Server.Tests var options = GetOptions(services); // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode, options.GrantTypes); + Assert.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode, options.GrantTypes); } [Fact] @@ -270,7 +270,7 @@ namespace OpenIddict.Server.Tests var options = GetOptions(services); // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.ClientCredentials, options.GrantTypes); + Assert.Contains(OpenIddictConstants.GrantTypes.ClientCredentials, options.GrantTypes); } [Fact] @@ -306,7 +306,7 @@ namespace OpenIddict.Server.Tests var options = GetOptions(services); // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.Implicit, options.GrantTypes); + Assert.Contains(OpenIddictConstants.GrantTypes.Implicit, options.GrantTypes); } [Fact] @@ -324,7 +324,7 @@ namespace OpenIddict.Server.Tests var options = GetOptions(services); // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.Password, options.GrantTypes); + Assert.Contains(OpenIddictConstants.GrantTypes.Password, options.GrantTypes); } [Fact] @@ -342,7 +342,7 @@ namespace OpenIddict.Server.Tests var options = GetOptions(services); // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken, options.GrantTypes); + Assert.Contains(OpenIddictConstants.GrantTypes.RefreshToken, options.GrantTypes); } [Fact] diff --git a/test/OpenIddict.Server.Tests/OpenIddictServerExtensionsTests.cs b/test/OpenIddict.Server.Tests/OpenIddictServerExtensionsTests.cs index 79c492a4..eb9da1bd 100644 --- a/test/OpenIddict.Server.Tests/OpenIddictServerExtensionsTests.cs +++ b/test/OpenIddict.Server.Tests/OpenIddictServerExtensionsTests.cs @@ -7,7 +7,6 @@ using System; using System.Reflection; using System.Text; -using AspNet.Security.OpenIdConnect.Primitives; using AspNet.Security.OpenIdConnect.Server; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Builder.Internal; @@ -18,7 +17,7 @@ using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; using Moq; -using OpenIddict.Server.Internal; +using OpenIddict.Abstractions; using OpenIddict.Server.Internal.Tests; using Xunit; @@ -207,8 +206,8 @@ namespace OpenIddict.Server.Tests } [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit)] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)] + [InlineData(OpenIddictConstants.GrantTypes.Implicit)] public void UseOpenIddictServer_ThrowsAnExceptionWhenAuthorizationEndpointIsDisabled(string flow) { // Arrange @@ -237,10 +236,10 @@ namespace OpenIddict.Server.Tests } [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)] - [InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)] - [InlineData(OpenIdConnectConstants.GrantTypes.Password)] - [InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)] + [InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)] + [InlineData(OpenIddictConstants.GrantTypes.Password)] + [InlineData(OpenIddictConstants.GrantTypes.RefreshToken)] public void UseOpenIddictServer_ThrowsAnExceptionWhenTokenEndpointIsDisabled(string flow) { // Arrange