diff --git a/src/OpenIddict/OpenIddictProvider.Authentication.cs b/src/OpenIddict/OpenIddictProvider.Authentication.cs index 1b4f6da9..cdedc5a1 100644 --- a/src/OpenIddict/OpenIddictProvider.Authentication.cs +++ b/src/OpenIddict/OpenIddictProvider.Authentication.cs @@ -37,7 +37,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.RequestNotSupported, - description: "The request parameter is not supported."); + description: "The 'request' parameter is not supported."); return; } @@ -50,7 +50,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.RequestUriNotSupported, - description: "The request_uri parameter is not supported."); + description: "The 'request_uri' parameter is not supported."); return; } @@ -67,7 +67,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "The request_id parameter is not supported."); + description: "The 'request_id' parameter is not supported."); return; } @@ -84,7 +84,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "Invalid request: timeout expired."); + description: "The specified 'request_id' parameter is invalid."); return; } @@ -120,7 +120,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedResponseType, - description: "The specified response_type parameter is not supported."); + description: "The specified 'response_type' parameter is not supported."); return; } @@ -134,7 +134,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedResponseType, - description: "The specified response_type parameter is not allowed."); + description: "The specified 'response_type' parameter is not allowed."); return; } @@ -146,7 +146,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedResponseType, - description: "The specified response_type parameter is not allowed."); + description: "The specified 'response_type' parameter is not allowed."); return; } @@ -160,7 +160,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedResponseType, - description: "The specified response_type parameter is not allowed."); + description: "The specified 'response_type' parameter is not allowed."); return; } @@ -188,7 +188,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "The specified response_mode parameter is not supported."); + description: "The specified 'response_mode' parameter is not supported."); return; } @@ -201,7 +201,7 @@ namespace OpenIddict { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "The required redirect_uri parameter was missing."); + description: "The mandatory 'redirect_uri' parameter is missing."); return; } @@ -233,7 +233,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "The specified code_challenge_method parameter is not allowed."); + description: "The specified 'code_challenge_method' parameter is not allowed."); return; } @@ -246,7 +246,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "The specified response_type parameter is not allowed when using PKCE."); + description: "The specified 'response_type' parameter is not allowed when using PKCE."); return; } @@ -261,7 +261,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "Application not found in the database: ensure that your client_id is correct."); + description: "The specified 'client_id' parameter is invalid."); return; } @@ -274,7 +274,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "Invalid redirect_uri."); + description: "The specified 'redirect_uri' parameter is not valid for this client application."); return; } @@ -289,7 +289,7 @@ namespace OpenIddict { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "Confidential clients are not allowed to retrieve a token from the authorization endpoint."); + description: "The specified 'response_type' parameter is not valid for this client application."); return; } diff --git a/src/OpenIddict/OpenIddictProvider.Exchange.cs b/src/OpenIddict/OpenIddictProvider.Exchange.cs index 0b113dd4..8df9b3cf 100644 --- a/src/OpenIddict/OpenIddictProvider.Exchange.cs +++ b/src/OpenIddict/OpenIddictProvider.Exchange.cs @@ -30,7 +30,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedGrantType, - description: "The specified grant_type is not supported by this authorization server."); + description: "The specified 'grant_type' parameter is not supported."); return; } @@ -55,7 +55,7 @@ namespace OpenIddict { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "The mandatory 'redirect_uri' parameter was missing."); + description: "The mandatory 'redirect_uri' parameter is missing."); return; } @@ -70,7 +70,7 @@ namespace OpenIddict { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "The 'offline_access' scope is not allowed when using grant_type=client_credentials."); + description: "The 'offline_access' scope is not valid for the specified 'grant_type' parameter."); return; } @@ -83,7 +83,8 @@ namespace OpenIddict { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "Client applications must be authenticated to use the client credentials grant."); + description: "The 'client_id' and 'client_secret' parameters are " + + "required when using the client credentials grant."); return; } @@ -103,7 +104,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "The mandatory 'client_id' parameter was missing."); + description: "The mandatory 'client_id' parameter is missing."); return; } @@ -125,7 +126,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, - description: "Application not found in the database: ensure that your client_id is correct."); + description: "The specified 'client_id' parameter is invalid."); return; } @@ -140,12 +141,12 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.UnauthorizedClient, - description: "Public clients are not allowed to use the client credentials grant."); + description: "The specified 'grant_type' parameter is not valid for this client application."); return; } - // Reject tokens requests containing a client_secret when the client is a public application. + // Reject token requests containing a client_secret when the client is a public application. if (!string.IsNullOrEmpty(context.ClientSecret)) { Logger.LogError("The token request was rejected because the public application '{ClientId}' " + @@ -153,7 +154,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "Public clients are not allowed to send a client_secret."); + description: "The 'client_secret' parameter is not valid for this client application."); return; } @@ -177,7 +178,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, - description: "Missing credentials: ensure that you specified a client_secret."); + description: "The 'client_secret' parameter required for this client application is missing."); return; } @@ -189,7 +190,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, - description: "Invalid credentials: ensure that you specified a correct client_secret."); + description: "The specified client credentials are invalid."); return; } diff --git a/src/OpenIddict/OpenIddictProvider.Introspection.cs b/src/OpenIddict/OpenIddictProvider.Introspection.cs index 8bc6d3b8..12dc041a 100644 --- a/src/OpenIddict/OpenIddictProvider.Introspection.cs +++ b/src/OpenIddict/OpenIddictProvider.Introspection.cs @@ -26,7 +26,7 @@ namespace OpenIddict { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "Introspection requests must use HTTP POST."); + description: "The specified HTTP method is not valid."); return Task.FromResult(0); } @@ -44,7 +44,7 @@ namespace OpenIddict { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "Clients must be authenticated to use the introspection endpoint."); + description: "The mandatory 'client_id' and/or 'client_secret' parameters are missing."); return; } @@ -58,7 +58,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, - description: "Application not found in the database: ensure that your client_id is correct."); + description: "The specified 'client_id' parameter is invalid."); return; } @@ -71,7 +71,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, - description: "Public applications are not allowed to use the introspection endpoint."); + description: "This client application is not allowed to use the introspection endpoint."); return; } @@ -84,7 +84,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, - description: "Invalid credentials: ensure that you specified a correct client_secret."); + description: "The specified client credentials are invalid."); return; } diff --git a/src/OpenIddict/OpenIddictProvider.Revocation.cs b/src/OpenIddict/OpenIddictProvider.Revocation.cs index bfd00957..fbb8a0df 100644 --- a/src/OpenIddict/OpenIddictProvider.Revocation.cs +++ b/src/OpenIddict/OpenIddictProvider.Revocation.cs @@ -30,8 +30,7 @@ namespace OpenIddict { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedTokenType, - description: "Identity tokens cannot be revoked. When specifying a token_type_hint parameter, " + - "its value must be equal to 'access_token', 'authorization_code' or 'refresh_token'."); + description: "The specified 'token_type_hint' parameter is not supported."); return; } @@ -41,8 +40,7 @@ namespace OpenIddict { context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedTokenType, - description: "Access tokens cannot be revoked. When specifying a token_type_hint parameter, " + - "its value must be equal to 'authorization_code' or 'refresh_token'."); + description: "The specified 'token_type_hint' parameter is not supported."); return; } @@ -63,7 +61,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "The mandatory 'client_id' parameter was missing."); + description: "The mandatory 'client_id' parameter is missing."); return; } @@ -85,7 +83,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, - description: "Application not found in the database: ensure that your client_id is correct."); + description: "The specified 'client_id' parameter is invalid."); return; } @@ -93,7 +91,6 @@ namespace OpenIddict // Reject revocation requests containing a client_secret if the application is a public client. if (await Applications.IsPublicAsync(application, context.HttpContext.RequestAborted)) { - // Reject tokens requests containing a client_secret when the client is a public application. if (!string.IsNullOrEmpty(context.ClientSecret)) { Logger.LogError("The revocation request was rejected because the public application " + @@ -101,7 +98,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "Public clients are not allowed to send a client_secret."); + description: "The 'client_secret' parameter is not valid for this client application."); return; } @@ -125,7 +122,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, - description: "Missing credentials: ensure that you specified a client_secret."); + description: "The 'client_secret' parameter required for this client application is missing."); return; } @@ -137,7 +134,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, - description: "Invalid credentials: ensure that you specified a correct client_secret."); + description: "The specified client credentials are invalid."); return; } @@ -159,7 +156,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedTokenType, - description: "Identity tokens cannot be revoked."); + description: "The specified token cannot be revoked."); return; } @@ -171,7 +168,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.UnsupportedTokenType, - description: "The specified access token cannot be revoked."); + description: "The specified token cannot be revoked."); return; } diff --git a/src/OpenIddict/OpenIddictProvider.Session.cs b/src/OpenIddict/OpenIddictProvider.Session.cs index b920828d..a8a0ab3b 100644 --- a/src/OpenIddict/OpenIddictProvider.Session.cs +++ b/src/OpenIddict/OpenIddictProvider.Session.cs @@ -40,7 +40,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "The request_id parameter is not supported."); + description: "The 'request_id' parameter is not supported."); return; } @@ -57,7 +57,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "Invalid request: timeout expired."); + description: "The specified 'request_id' parameter is invalid."); return; } @@ -115,7 +115,7 @@ namespace OpenIddict context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, - description: "Invalid post_logout_redirect_uri."); + description: "The specified 'post_logout_redirect_uri' parameter is not valid."); return; } diff --git a/test/OpenIddict.Tests/OpenIddictProviderTests.Authentication.cs b/test/OpenIddict.Tests/OpenIddictProviderTests.Authentication.cs index 21d2b4b0..22098396 100644 --- a/test/OpenIddict.Tests/OpenIddictProviderTests.Authentication.cs +++ b/test/OpenIddict.Tests/OpenIddictProviderTests.Authentication.cs @@ -44,7 +44,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.RequestNotSupported, response.Error); - Assert.Equal("The request parameter is not supported.", response.ErrorDescription); + Assert.Equal("The 'request' parameter is not supported.", response.ErrorDescription); } [Fact] @@ -67,7 +67,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.RequestUriNotSupported, response.Error); - Assert.Equal("The request_uri parameter is not supported.", response.ErrorDescription); + Assert.Equal("The 'request_uri' parameter is not supported.", response.ErrorDescription); } [Fact] @@ -86,7 +86,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("The request_id parameter is not supported.", response.ErrorDescription); + Assert.Equal("The 'request_id' parameter is not supported.", response.ErrorDescription); } [Fact] @@ -110,7 +110,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("Invalid request: timeout expired.", response.ErrorDescription); + Assert.Equal("The specified 'request_id' parameter is invalid.", response.ErrorDescription); } [Fact] @@ -131,7 +131,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error); - Assert.Equal("The specified response_type parameter is not supported.", response.ErrorDescription); + Assert.Equal("The specified 'response_type' parameter is not supported.", response.ErrorDescription); } [Theory] @@ -167,7 +167,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error); - Assert.Equal("The specified response_type parameter is not allowed.", response.ErrorDescription); + Assert.Equal("The specified 'response_type' parameter is not allowed.", response.ErrorDescription); } [Fact] @@ -214,7 +214,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("The specified response_mode parameter is not supported.", response.ErrorDescription); + Assert.Equal("The specified 'response_mode' parameter is not supported.", response.ErrorDescription); } [Fact] @@ -235,7 +235,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("The required redirect_uri parameter was missing.", response.ErrorDescription); + Assert.Equal("The mandatory 'redirect_uri' parameter is missing.", response.ErrorDescription); } [Fact] @@ -281,7 +281,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("The specified code_challenge_method parameter is not allowed.", response.ErrorDescription); + Assert.Equal("The specified 'code_challenge_method' parameter is not allowed.", response.ErrorDescription); } [Theory] @@ -308,7 +308,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("The specified response_type parameter is not allowed when using PKCE.", response.ErrorDescription); + Assert.Equal("The specified 'response_type' parameter is not allowed when using PKCE.", response.ErrorDescription); } [Fact] @@ -338,7 +338,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("Application not found in the database: ensure that your client_id is correct.", response.ErrorDescription); + Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); } @@ -375,7 +375,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("Invalid redirect_uri.", response.ErrorDescription); + Assert.Equal("The specified 'redirect_uri' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny()), Times.Once()); @@ -423,7 +423,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("Confidential clients are not allowed to retrieve a token from the authorization endpoint.", response.ErrorDescription); + Assert.Equal("The specified 'response_type' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny()), Times.Once()); diff --git a/test/OpenIddict.Tests/OpenIddictProviderTests.Exchange.cs b/test/OpenIddict.Tests/OpenIddictProviderTests.Exchange.cs index be2ca0ec..c327f00d 100644 --- a/test/OpenIddict.Tests/OpenIddictProviderTests.Exchange.cs +++ b/test/OpenIddict.Tests/OpenIddictProviderTests.Exchange.cs @@ -50,7 +50,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedGrantType, response.Error); - Assert.Equal("The specified grant_type is not supported by this authorization server.", response.ErrorDescription); + Assert.Equal("The specified 'grant_type' parameter is not supported.", response.ErrorDescription); } [Fact] @@ -97,7 +97,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("The mandatory 'redirect_uri' parameter was missing.", response.ErrorDescription); + Assert.Equal("The mandatory 'redirect_uri' parameter is missing.", response.ErrorDescription); } [Fact] @@ -117,7 +117,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("The 'offline_access' scope is not allowed when using grant_type=client_credentials.", response.ErrorDescription); + Assert.Equal("The 'offline_access' scope is not valid for the specified 'grant_type' parameter.", response.ErrorDescription); } [Theory] @@ -140,7 +140,8 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("Client applications must be authenticated to use the client credentials grant.", response.ErrorDescription); + Assert.Equal("The 'client_id' and 'client_secret' parameters are " + + "required when using the client credentials grant.", response.ErrorDescription); } [Fact] @@ -162,7 +163,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("The mandatory 'client_id' parameter was missing.", response.ErrorDescription); + Assert.Equal("The mandatory 'client_id' parameter is missing.", response.ErrorDescription); } [Fact] @@ -193,7 +194,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); - Assert.Equal("Application not found in the database: ensure that your client_id is correct.", response.ErrorDescription); + Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); } @@ -230,7 +231,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); - Assert.Equal("Public clients are not allowed to use the client credentials grant.", response.ErrorDescription); + Assert.Equal("The specified 'grant_type' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny()), Times.Once()); @@ -270,7 +271,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("Public clients are not allowed to send a client_secret.", response.ErrorDescription); + Assert.Equal("The 'client_secret' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny()), Times.Once()); @@ -310,7 +311,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); - Assert.Equal("Missing credentials: ensure that you specified a client_secret.", response.ErrorDescription); + Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny()), Times.Once()); @@ -350,7 +351,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); - Assert.Equal("Missing credentials: ensure that you specified a client_secret.", response.ErrorDescription); + Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny()), Times.Once()); @@ -393,7 +394,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); - Assert.Equal("Invalid credentials: ensure that you specified a correct client_secret.", response.ErrorDescription); + Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny()), Times.Once()); diff --git a/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs b/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs index 192eba21..29a366a6 100644 --- a/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs +++ b/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs @@ -39,7 +39,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("Introspection requests must use HTTP POST.", response.ErrorDescription); + Assert.Equal("The specified HTTP method is not valid.", response.ErrorDescription); } [Theory] @@ -62,7 +62,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("Clients must be authenticated to use the introspection endpoint.", response.ErrorDescription); + Assert.Equal("The mandatory 'client_id' and/or 'client_secret' parameters are missing.", response.ErrorDescription); } [Fact] @@ -92,7 +92,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); - Assert.Equal("Application not found in the database: ensure that your client_id is correct.", response.ErrorDescription); + Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); } @@ -129,7 +129,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); - Assert.Equal("Public applications are not allowed to use the introspection endpoint.", response.ErrorDescription); + Assert.Equal("This client application is not allowed to use the introspection endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny()), Times.Once()); @@ -170,7 +170,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); - Assert.Equal("Invalid credentials: ensure that you specified a correct client_secret.", response.ErrorDescription); + Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny()), Times.Once()); diff --git a/test/OpenIddict.Tests/OpenIddictProviderTests.Revocation.cs b/test/OpenIddict.Tests/OpenIddictProviderTests.Revocation.cs index e5bbec28..2adb784a 100644 --- a/test/OpenIddict.Tests/OpenIddictProviderTests.Revocation.cs +++ b/test/OpenIddict.Tests/OpenIddictProviderTests.Revocation.cs @@ -25,30 +25,10 @@ namespace OpenIddict.Tests { public partial class OpenIddictProviderTests { - [Fact] - public async Task ValidateRevocationRequest_IdTokenTokenTokenHintIsRejected() - { - // Arrange - var server = CreateAuthorizationServer(); - - var client = new OpenIdConnectClient(server.CreateClient()); - - // Act - var response = await client.PostAsync(RevocationEndpoint, new OpenIdConnectRequest - { - Token = "SlAV32hkKG", - TokenTypeHint = OpenIdConnectConstants.TokenTypeHints.IdToken - }); - - // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error); - Assert.Equal( - "Identity tokens cannot be revoked. When specifying a token_type_hint parameter, " + - "its value must be equal to 'access_token', 'authorization_code' or 'refresh_token'.", response.ErrorDescription); - } - - [Fact] - public async Task ValidateRevocationRequest_AccessTokenTokenTokenHintIsRejectedWhenReferenceTokensAreDisabled() + [Theory] + [InlineData(OpenIdConnectConstants.TokenTypeHints.AccessToken)] + [InlineData(OpenIdConnectConstants.TokenTypeHints.IdToken)] + public async Task ValidateRevocationRequest_UnsupportedTokenTypeHintIsRejected(string type) { // Arrange var server = CreateAuthorizationServer(); @@ -59,14 +39,12 @@ namespace OpenIddict.Tests var response = await client.PostAsync(RevocationEndpoint, new OpenIdConnectRequest { Token = "SlAV32hkKG", - TokenTypeHint = OpenIdConnectConstants.TokenTypeHints.AccessToken + TokenTypeHint = type }); // Assert Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error); - Assert.Equal( - "Access tokens cannot be revoked. When specifying a token_type_hint parameter, " + - "its value must be equal to 'authorization_code' or 'refresh_token'.", response.ErrorDescription); + Assert.Equal("The specified 'token_type_hint' parameter is not supported.", response.ErrorDescription); } [Fact] @@ -86,7 +64,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("The mandatory 'client_id' parameter was missing.", response.ErrorDescription); + Assert.Equal("The mandatory 'client_id' parameter is missing.", response.ErrorDescription); } [Fact] @@ -116,7 +94,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); - Assert.Equal("Application not found in the database: ensure that your client_id is correct.", response.ErrorDescription); + Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); } @@ -154,7 +132,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("Public clients are not allowed to send a client_secret.", response.ErrorDescription); + Assert.Equal("The 'client_secret' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny()), Times.Once()); @@ -193,7 +171,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); - Assert.Equal("Missing credentials: ensure that you specified a client_secret.", response.ErrorDescription); + Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny()), Times.Once()); @@ -232,7 +210,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); - Assert.Equal("Missing credentials: ensure that you specified a client_secret.", response.ErrorDescription); + Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny()), Times.Once()); @@ -274,7 +252,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); - Assert.Equal("Invalid credentials: ensure that you specified a correct client_secret.", response.ErrorDescription); + Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetClientTypeAsync(application, It.IsAny()), Times.Once()); @@ -313,7 +291,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error); - Assert.Equal("The specified access token cannot be revoked.", response.ErrorDescription); + Assert.Equal("The specified token cannot be revoked.", response.ErrorDescription); format.Verify(mock => mock.Unprotect("SlAV32hkKG"), Times.Once()); } @@ -353,7 +331,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error); - Assert.Equal("Identity tokens cannot be revoked.", response.ErrorDescription); + Assert.Equal("The specified token cannot be revoked.", response.ErrorDescription); handler.As() .Verify(mock => mock.CanReadToken("SlAV32hkKG"), Times.Once()); diff --git a/test/OpenIddict.Tests/OpenIddictProviderTests.Session.cs b/test/OpenIddict.Tests/OpenIddictProviderTests.Session.cs index 11995df2..2b62007a 100644 --- a/test/OpenIddict.Tests/OpenIddictProviderTests.Session.cs +++ b/test/OpenIddict.Tests/OpenIddictProviderTests.Session.cs @@ -34,7 +34,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("The request_id parameter is not supported.", response.ErrorDescription); + Assert.Equal("The 'request_id' parameter is not supported.", response.ErrorDescription); } [Fact] @@ -58,7 +58,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("Invalid request: timeout expired.", response.ErrorDescription); + Assert.Equal("The specified 'request_id' parameter is invalid.", response.ErrorDescription); } [Theory] @@ -109,7 +109,7 @@ namespace OpenIddict.Tests // Assert Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); - Assert.Equal("Invalid post_logout_redirect_uri.", response.ErrorDescription); + Assert.Equal("The specified 'post_logout_redirect_uri' parameter is not valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.ValidatePostLogoutRedirectUriAsync("http://www.fabrikam.com/path", It.IsAny()), Times.Once()); }