tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Reword the error messages returned by the OpenIddict endpoints

pull/480/head
Kévin Chalet 8 years ago
parent
013c480fec
commit
38e69a7034
10 changed files with 91 additions and 114 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 30
      src/OpenIddict/OpenIddictProvider.Authentication.cs
  2. 23
      src/OpenIddict/OpenIddictProvider.Exchange.cs
  3. 10
      src/OpenIddict/OpenIddictProvider.Introspection.cs
  4. 21
      src/OpenIddict/OpenIddictProvider.Revocation.cs
  5. 6
      src/OpenIddict/OpenIddictProvider.Session.cs
  6. 26
      test/OpenIddict.Tests/OpenIddictProviderTests.Authentication.cs
  7. 23
      test/OpenIddict.Tests/OpenIddictProviderTests.Exchange.cs
  8. 10
      test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs
  9. 50
      test/OpenIddict.Tests/OpenIddictProviderTests.Revocation.cs
  10. 6
      test/OpenIddict.Tests/OpenIddictProviderTests.Session.cs

30
src/OpenIddict/OpenIddictProvider.Authentication.cs
View File

@ -37,7 +37,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.RequestNotSupported,
description: "The request parameter is not supported.");
description: "The 'request' parameter is not supported.");
return;
}
@ -50,7 +50,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.RequestUriNotSupported,
description: "The request_uri parameter is not supported.");
description: "The 'request_uri' parameter is not supported.");
return;
}
@ -67,7 +67,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The request_id parameter is not supported.");
description: "The 'request_id' parameter is not supported.");
return;
}
@ -84,7 +84,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Invalid request: timeout expired.");
description: "The specified 'request_id' parameter is invalid.");
return;
}
@ -120,7 +120,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedResponseType,
description: "The specified response_type parameter is not supported.");
description: "The specified 'response_type' parameter is not supported.");
return;
}
@ -134,7 +134,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedResponseType,
description: "The specified response_type parameter is not allowed.");
description: "The specified 'response_type' parameter is not allowed.");
return;
}
@ -146,7 +146,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedResponseType,
description: "The specified response_type parameter is not allowed.");
description: "The specified 'response_type' parameter is not allowed.");
return;
}
@ -160,7 +160,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedResponseType,
description: "The specified response_type parameter is not allowed.");
description: "The specified 'response_type' parameter is not allowed.");
return;
}
@ -188,7 +188,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The specified response_mode parameter is not supported.");
description: "The specified 'response_mode' parameter is not supported.");
return;
}
@ -201,7 +201,7 @@ namespace OpenIddict
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The required redirect_uri parameter was missing.");
description: "The mandatory 'redirect_uri' parameter is missing.");
return;
}
@ -233,7 +233,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The specified code_challenge_method parameter is not allowed.");
description: "The specified 'code_challenge_method' parameter is not allowed.");
return;
}
@ -246,7 +246,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The specified response_type parameter is not allowed when using PKCE.");
description: "The specified 'response_type' parameter is not allowed when using PKCE.");
return;
}
@ -261,7 +261,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Application not found in the database: ensure that your client_id is correct.");
description: "The specified 'client_id' parameter is invalid.");
return;
}
@ -274,7 +274,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Invalid redirect_uri.");
description: "The specified 'redirect_uri' parameter is not valid for this client application.");
return;
}
@ -289,7 +289,7 @@ namespace OpenIddict
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Confidential clients are not allowed to retrieve a token from the authorization endpoint.");
description: "The specified 'response_type' parameter is not valid for this client application.");
return;
}

23
src/OpenIddict/OpenIddictProvider.Exchange.cs
View File

@ -30,7 +30,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "The specified grant_type is not supported by this authorization server.");
description: "The specified 'grant_type' parameter is not supported.");
return;
}
@ -55,7 +55,7 @@ namespace OpenIddict
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The mandatory 'redirect_uri' parameter was missing.");
description: "The mandatory 'redirect_uri' parameter is missing.");
return;
}
@ -70,7 +70,7 @@ namespace OpenIddict
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The 'offline_access' scope is not allowed when using grant_type=client_credentials.");
description: "The 'offline_access' scope is not valid for the specified 'grant_type' parameter.");
return;
}
@ -83,7 +83,8 @@ namespace OpenIddict
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Client applications must be authenticated to use the client credentials grant.");
description: "The 'client_id' and 'client_secret' parameters are " +
"required when using the client credentials grant.");
return;
}
@ -103,7 +104,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The mandatory 'client_id' parameter was missing.");
description: "The mandatory 'client_id' parameter is missing.");
return;
}
@ -125,7 +126,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Application not found in the database: ensure that your client_id is correct.");
description: "The specified 'client_id' parameter is invalid.");
return;
}
@ -140,12 +141,12 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.UnauthorizedClient,
description: "Public clients are not allowed to use the client credentials grant.");
description: "The specified 'grant_type' parameter is not valid for this client application.");
return;
}
// Reject tokens requests containing a client_secret when the client is a public application.
// Reject token requests containing a client_secret when the client is a public application.
if (!string.IsNullOrEmpty(context.ClientSecret))
{
Logger.LogError("The token request was rejected because the public application '{ClientId}' " +
@ -153,7 +154,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Public clients are not allowed to send a client_secret.");
description: "The 'client_secret' parameter is not valid for this client application.");
return;
}
@ -177,7 +178,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Missing credentials: ensure that you specified a client_secret.");
description: "The 'client_secret' parameter required for this client application is missing.");
return;
}
@ -189,7 +190,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Invalid credentials: ensure that you specified a correct client_secret.");
description: "The specified client credentials are invalid.");
return;
}

10
src/OpenIddict/OpenIddictProvider.Introspection.cs
View File

@ -26,7 +26,7 @@ namespace OpenIddict
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Introspection requests must use HTTP POST.");
description: "The specified HTTP method is not valid.");
return Task.FromResult(0);
}
@ -44,7 +44,7 @@ namespace OpenIddict
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Clients must be authenticated to use the introspection endpoint.");
description: "The mandatory 'client_id' and/or 'client_secret' parameters are missing.");
return;
}
@ -58,7 +58,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Application not found in the database: ensure that your client_id is correct.");
description: "The specified 'client_id' parameter is invalid.");
return;
}
@ -71,7 +71,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Public applications are not allowed to use the introspection endpoint.");
description: "This client application is not allowed to use the introspection endpoint.");
return;
}
@ -84,7 +84,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Invalid credentials: ensure that you specified a correct client_secret.");
description: "The specified client credentials are invalid.");
return;
}

21
src/OpenIddict/OpenIddictProvider.Revocation.cs
View File

@ -30,8 +30,7 @@ namespace OpenIddict
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
description: "Identity tokens cannot be revoked. When specifying a token_type_hint parameter, " +
"its value must be equal to 'access_token', 'authorization_code' or 'refresh_token'.");
description: "The specified 'token_type_hint' parameter is not supported.");
return;
}
@ -41,8 +40,7 @@ namespace OpenIddict
{
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
description: "Access tokens cannot be revoked. When specifying a token_type_hint parameter, " +
"its value must be equal to 'authorization_code' or 'refresh_token'.");
description: "The specified 'token_type_hint' parameter is not supported.");
return;
}
@ -63,7 +61,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The mandatory 'client_id' parameter was missing.");
description: "The mandatory 'client_id' parameter is missing.");
return;
}
@ -85,7 +83,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Application not found in the database: ensure that your client_id is correct.");
description: "The specified 'client_id' parameter is invalid.");
return;
}
@ -93,7 +91,6 @@ namespace OpenIddict
// Reject revocation requests containing a client_secret if the application is a public client.
if (await Applications.IsPublicAsync(application, context.HttpContext.RequestAborted))
{
// Reject tokens requests containing a client_secret when the client is a public application.
if (!string.IsNullOrEmpty(context.ClientSecret))
{
Logger.LogError("The revocation request was rejected because the public application " +
@ -101,7 +98,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Public clients are not allowed to send a client_secret.");
description: "The 'client_secret' parameter is not valid for this client application.");
return;
}
@ -125,7 +122,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Missing credentials: ensure that you specified a client_secret.");
description: "The 'client_secret' parameter required for this client application is missing.");
return;
}
@ -137,7 +134,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Invalid credentials: ensure that you specified a correct client_secret.");
description: "The specified client credentials are invalid.");
return;
}
@ -159,7 +156,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
description: "Identity tokens cannot be revoked.");
description: "The specified token cannot be revoked.");
return;
}
@ -171,7 +168,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedTokenType,
description: "The specified access token cannot be revoked.");
description: "The specified token cannot be revoked.");
return;
}

6
src/OpenIddict/OpenIddictProvider.Session.cs
View File

@ -40,7 +40,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "The request_id parameter is not supported.");
description: "The 'request_id' parameter is not supported.");
return;
}
@ -57,7 +57,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Invalid request: timeout expired.");
description: "The specified 'request_id' parameter is invalid.");
return;
}
@ -115,7 +115,7 @@ namespace OpenIddict
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidRequest,
description: "Invalid post_logout_redirect_uri.");
description: "The specified 'post_logout_redirect_uri' parameter is not valid.");
return;
}

26
test/OpenIddict.Tests/OpenIddictProviderTests.Authentication.cs
View File

@ -44,7 +44,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.RequestNotSupported, response.Error);
Assert.Equal("The request parameter is not supported.", response.ErrorDescription);
Assert.Equal("The 'request' parameter is not supported.", response.ErrorDescription);
}
[Fact]
@ -67,7 +67,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.RequestUriNotSupported, response.Error);
Assert.Equal("The request_uri parameter is not supported.", response.ErrorDescription);
Assert.Equal("The 'request_uri' parameter is not supported.", response.ErrorDescription);
}
[Fact]
@ -86,7 +86,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The request_id parameter is not supported.", response.ErrorDescription);
Assert.Equal("The 'request_id' parameter is not supported.", response.ErrorDescription);
}
[Fact]
@ -110,7 +110,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("Invalid request: timeout expired.", response.ErrorDescription);
Assert.Equal("The specified 'request_id' parameter is invalid.", response.ErrorDescription);
}
[Fact]
@ -131,7 +131,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error);
Assert.Equal("The specified response_type parameter is not supported.", response.ErrorDescription);
Assert.Equal("The specified 'response_type' parameter is not supported.", response.ErrorDescription);
}
[Theory]
@ -167,7 +167,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error);
Assert.Equal("The specified response_type parameter is not allowed.", response.ErrorDescription);
Assert.Equal("The specified 'response_type' parameter is not allowed.", response.ErrorDescription);
}
[Fact]
@ -214,7 +214,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified response_mode parameter is not supported.", response.ErrorDescription);
Assert.Equal("The specified 'response_mode' parameter is not supported.", response.ErrorDescription);
}
[Fact]
@ -235,7 +235,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The required redirect_uri parameter was missing.", response.ErrorDescription);
Assert.Equal("The mandatory 'redirect_uri' parameter is missing.", response.ErrorDescription);
}
[Fact]
@ -281,7 +281,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified code_challenge_method parameter is not allowed.", response.ErrorDescription);
Assert.Equal("The specified 'code_challenge_method' parameter is not allowed.", response.ErrorDescription);
}
[Theory]
@ -308,7 +308,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The specified response_type parameter is not allowed when using PKCE.", response.ErrorDescription);
Assert.Equal("The specified 'response_type' parameter is not allowed when using PKCE.", response.ErrorDescription);
}
[Fact]
@ -338,7 +338,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("Application not found in the database: ensure that your client_id is correct.", response.ErrorDescription);
Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
}
@ -375,7 +375,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("Invalid redirect_uri.", response.ErrorDescription);
Assert.Equal("The specified 'redirect_uri' parameter is not valid for this client application.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny<CancellationToken>()), Times.Once());
@ -423,7 +423,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("Confidential clients are not allowed to retrieve a token from the authorization endpoint.", response.ErrorDescription);
Assert.Equal("The specified 'response_type' parameter is not valid for this client application.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny<CancellationToken>()), Times.Once());

23
test/OpenIddict.Tests/OpenIddictProviderTests.Exchange.cs
View File

@ -50,7 +50,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedGrantType, response.Error);
Assert.Equal("The specified grant_type is not supported by this authorization server.", response.ErrorDescription);
Assert.Equal("The specified 'grant_type' parameter is not supported.", response.ErrorDescription);
}
[Fact]
@ -97,7 +97,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The mandatory 'redirect_uri' parameter was missing.", response.ErrorDescription);
Assert.Equal("The mandatory 'redirect_uri' parameter is missing.", response.ErrorDescription);
}
[Fact]
@ -117,7 +117,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The 'offline_access' scope is not allowed when using grant_type=client_credentials.", response.ErrorDescription);
Assert.Equal("The 'offline_access' scope is not valid for the specified 'grant_type' parameter.", response.ErrorDescription);
}
[Theory]
@ -140,7 +140,8 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("Client applications must be authenticated to use the client credentials grant.", response.ErrorDescription);
Assert.Equal("The 'client_id' and 'client_secret' parameters are " +
"required when using the client credentials grant.", response.ErrorDescription);
}
[Fact]
@ -162,7 +163,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The mandatory 'client_id' parameter was missing.", response.ErrorDescription);
Assert.Equal("The mandatory 'client_id' parameter is missing.", response.ErrorDescription);
}
[Fact]
@ -193,7 +194,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal("Application not found in the database: ensure that your client_id is correct.", response.ErrorDescription);
Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
}
@ -230,7 +231,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error);
Assert.Equal("Public clients are not allowed to use the client credentials grant.", response.ErrorDescription);
Assert.Equal("The specified 'grant_type' parameter is not valid for this client application.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny<CancellationToken>()), Times.Once());
@ -270,7 +271,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("Public clients are not allowed to send a client_secret.", response.ErrorDescription);
Assert.Equal("The 'client_secret' parameter is not valid for this client application.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny<CancellationToken>()), Times.Once());
@ -310,7 +311,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal("Missing credentials: ensure that you specified a client_secret.", response.ErrorDescription);
Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny<CancellationToken>()), Times.Once());
@ -350,7 +351,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal("Missing credentials: ensure that you specified a client_secret.", response.ErrorDescription);
Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny<CancellationToken>()), Times.Once());
@ -393,7 +394,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal("Invalid credentials: ensure that you specified a correct client_secret.", response.ErrorDescription);
Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny<CancellationToken>()), Times.Once());

10
test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs
View File

@ -39,7 +39,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("Introspection requests must use HTTP POST.", response.ErrorDescription);
Assert.Equal("The specified HTTP method is not valid.", response.ErrorDescription);
}
[Theory]
@ -62,7 +62,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("Clients must be authenticated to use the introspection endpoint.", response.ErrorDescription);
Assert.Equal("The mandatory 'client_id' and/or 'client_secret' parameters are missing.", response.ErrorDescription);
}
[Fact]
@ -92,7 +92,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal("Application not found in the database: ensure that your client_id is correct.", response.ErrorDescription);
Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
}
@ -129,7 +129,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal("Public applications are not allowed to use the introspection endpoint.", response.ErrorDescription);
Assert.Equal("This client application is not allowed to use the introspection endpoint.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny<CancellationToken>()), Times.Once());
@ -170,7 +170,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal("Invalid credentials: ensure that you specified a correct client_secret.", response.ErrorDescription);
Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny<CancellationToken>()), Times.Once());

50
test/OpenIddict.Tests/OpenIddictProviderTests.Revocation.cs
View File

@ -25,30 +25,10 @@ namespace OpenIddict.Tests
{
public partial class OpenIddictProviderTests
{
[Fact]
public async Task ValidateRevocationRequest_IdTokenTokenTokenHintIsRejected()
{
// Arrange
var server = CreateAuthorizationServer();
var client = new OpenIdConnectClient(server.CreateClient());
// Act
var response = await client.PostAsync(RevocationEndpoint, new OpenIdConnectRequest
{
Token = "SlAV32hkKG",
TokenTypeHint = OpenIdConnectConstants.TokenTypeHints.IdToken
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error);
Assert.Equal(
"Identity tokens cannot be revoked. When specifying a token_type_hint parameter, " +
"its value must be equal to 'access_token', 'authorization_code' or 'refresh_token'.", response.ErrorDescription);
}
[Fact]
public async Task ValidateRevocationRequest_AccessTokenTokenTokenHintIsRejectedWhenReferenceTokensAreDisabled()
[Theory]
[InlineData(OpenIdConnectConstants.TokenTypeHints.AccessToken)]
[InlineData(OpenIdConnectConstants.TokenTypeHints.IdToken)]
public async Task ValidateRevocationRequest_UnsupportedTokenTypeHintIsRejected(string type)
{
// Arrange
var server = CreateAuthorizationServer();
@ -59,14 +39,12 @@ namespace OpenIddict.Tests
var response = await client.PostAsync(RevocationEndpoint, new OpenIdConnectRequest
{
Token = "SlAV32hkKG",
TokenTypeHint = OpenIdConnectConstants.TokenTypeHints.AccessToken
TokenTypeHint = type
});
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error);
Assert.Equal(
"Access tokens cannot be revoked. When specifying a token_type_hint parameter, " +
"its value must be equal to 'authorization_code' or 'refresh_token'.", response.ErrorDescription);
Assert.Equal("The specified 'token_type_hint' parameter is not supported.", response.ErrorDescription);
}
[Fact]
@ -86,7 +64,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The mandatory 'client_id' parameter was missing.", response.ErrorDescription);
Assert.Equal("The mandatory 'client_id' parameter is missing.", response.ErrorDescription);
}
[Fact]
@ -116,7 +94,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal("Application not found in the database: ensure that your client_id is correct.", response.ErrorDescription);
Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
}
@ -154,7 +132,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("Public clients are not allowed to send a client_secret.", response.ErrorDescription);
Assert.Equal("The 'client_secret' parameter is not valid for this client application.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny<CancellationToken>()), Times.Once());
@ -193,7 +171,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal("Missing credentials: ensure that you specified a client_secret.", response.ErrorDescription);
Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny<CancellationToken>()), Times.Once());
@ -232,7 +210,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal("Missing credentials: ensure that you specified a client_secret.", response.ErrorDescription);
Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny<CancellationToken>()), Times.Once());
@ -274,7 +252,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error);
Assert.Equal("Invalid credentials: ensure that you specified a correct client_secret.", response.ErrorDescription);
Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.Once());
Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny<CancellationToken>()), Times.Once());
@ -313,7 +291,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error);
Assert.Equal("The specified access token cannot be revoked.", response.ErrorDescription);
Assert.Equal("The specified token cannot be revoked.", response.ErrorDescription);
format.Verify(mock => mock.Unprotect("SlAV32hkKG"), Times.Once());
}
@ -353,7 +331,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error);
Assert.Equal("Identity tokens cannot be revoked.", response.ErrorDescription);
Assert.Equal("The specified token cannot be revoked.", response.ErrorDescription);
handler.As<ISecurityTokenValidator>()
.Verify(mock => mock.CanReadToken("SlAV32hkKG"), Times.Once());

6
test/OpenIddict.Tests/OpenIddictProviderTests.Session.cs
View File

@ -34,7 +34,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("The request_id parameter is not supported.", response.ErrorDescription);
Assert.Equal("The 'request_id' parameter is not supported.", response.ErrorDescription);
}
[Fact]
@ -58,7 +58,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("Invalid request: timeout expired.", response.ErrorDescription);
Assert.Equal("The specified 'request_id' parameter is invalid.", response.ErrorDescription);
}
[Theory]
@ -109,7 +109,7 @@ namespace OpenIddict.Tests
// Assert
Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error);
Assert.Equal("Invalid post_logout_redirect_uri.", response.ErrorDescription);
Assert.Equal("The specified 'post_logout_redirect_uri' parameter is not valid.", response.ErrorDescription);
Mock.Get(manager).Verify(mock => mock.ValidatePostLogoutRedirectUriAsync("http://www.fabrikam.com/path", It.IsAny<CancellationToken>()), Times.Once());
}

Write Preview
Loading…
Cancel
Save