diff --git a/samples/Mvc.Server/Controllers/UserinfoController.cs b/samples/Mvc.Server/Controllers/UserinfoController.cs index 9cc5d84c..576d0d63 100644 --- a/samples/Mvc.Server/Controllers/UserinfoController.cs +++ b/samples/Mvc.Server/Controllers/UserinfoController.cs @@ -31,7 +31,7 @@ namespace Mvc.Server.Controllers { return BadRequest(new OpenIdConnectResponse { - Error = OpenIdConnectConstants.Errors.InvalidGrant, + Error = OpenIddictConstants.Errors.InvalidGrant, ErrorDescription = "The user profile is no longer available." }); } @@ -39,21 +39,21 @@ namespace Mvc.Server.Controllers var claims = new JObject(); // Note: the "sub" claim is a mandatory claim and must be included in the JSON response. - claims[OpenIdConnectConstants.Claims.Subject] = await _userManager.GetUserIdAsync(user); + claims[OpenIddictConstants.Claims.Subject] = await _userManager.GetUserIdAsync(user); - if (User.HasClaim(OpenIdConnectConstants.Claims.Scope, OpenIdConnectConstants.Scopes.Email)) + if (User.HasClaim(OpenIddictConstants.Claims.Scope, OpenIddictConstants.Scopes.Email)) { - claims[OpenIdConnectConstants.Claims.Email] = await _userManager.GetEmailAsync(user); - claims[OpenIdConnectConstants.Claims.EmailVerified] = await _userManager.IsEmailConfirmedAsync(user); + claims[OpenIddictConstants.Claims.Email] = await _userManager.GetEmailAsync(user); + claims[OpenIddictConstants.Claims.EmailVerified] = await _userManager.IsEmailConfirmedAsync(user); } - if (User.HasClaim(OpenIdConnectConstants.Claims.Scope, OpenIdConnectConstants.Scopes.Phone)) + if (User.HasClaim(OpenIddictConstants.Claims.Scope, OpenIddictConstants.Scopes.Phone)) { - claims[OpenIdConnectConstants.Claims.PhoneNumber] = await _userManager.GetPhoneNumberAsync(user); - claims[OpenIdConnectConstants.Claims.PhoneNumberVerified] = await _userManager.IsPhoneNumberConfirmedAsync(user); + claims[OpenIddictConstants.Claims.PhoneNumber] = await _userManager.GetPhoneNumberAsync(user); + claims[OpenIddictConstants.Claims.PhoneNumberVerified] = await _userManager.IsPhoneNumberConfirmedAsync(user); } - if (User.HasClaim(OpenIdConnectConstants.Claims.Scope, OpenIddictConstants.Scopes.Roles)) + if (User.HasClaim(OpenIddictConstants.Claims.Scope, OpenIddictConstants.Scopes.Roles)) { claims[OpenIddictConstants.Claims.Roles] = JArray.FromObject(await _userManager.GetRolesAsync(user)); } diff --git a/samples/Mvc.Server/Startup.cs b/samples/Mvc.Server/Startup.cs index b6015c12..09ff3811 100644 --- a/samples/Mvc.Server/Startup.cs +++ b/samples/Mvc.Server/Startup.cs @@ -48,9 +48,9 @@ namespace Mvc.Server // which saves you from doing the mapping in your authorization controller. services.Configure(options => { - options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name; - options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject; - options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role; + options.ClaimsIdentity.UserNameClaimType = OpenIddictConstants.Claims.Name; + options.ClaimsIdentity.UserIdClaimType = OpenIddictConstants.Claims.Subject; + options.ClaimsIdentity.RoleClaimType = OpenIddictConstants.Claims.Role; }); services.AddAuthentication() @@ -97,8 +97,8 @@ namespace Mvc.Server .AllowRefreshTokenFlow(); // Mark the "email", "profile" and "roles" scopes as supported scopes. - options.RegisterScopes(OpenIdConnectConstants.Scopes.Email, - OpenIdConnectConstants.Scopes.Profile, + options.RegisterScopes(OpenIddictConstants.Scopes.Email, + OpenIddictConstants.Scopes.Profile, OpenIddictConstants.Scopes.Roles); // When request caching is enabled, authorization and logout requests diff --git a/src/OpenIddict.Abstractions/OpenIddictConstants.cs b/src/OpenIddict.Abstractions/OpenIddictConstants.cs index a94babb0..3ca574d1 100644 --- a/src/OpenIddict.Abstractions/OpenIddictConstants.cs +++ b/src/OpenIddict.Abstractions/OpenIddictConstants.cs @@ -123,6 +123,61 @@ namespace OpenIddict.Abstractions public const string ConcurrencyError = "concurrency_error"; } + public static class GrantTypes + { + public const string AuthorizationCode = "authorization_code"; + public const string ClientCredentials = "client_credentials"; + public const string Implicit = "implicit"; + public const string Password = "password"; + public const string RefreshToken = "refresh_token"; + } + + public static class Metadata + { + public const string AcrValuesSupported = "acr_values_supported"; + public const string AuthorizationEndpoint = "authorization_endpoint"; + public const string ClaimsLocalesSupported = "claims_locales_supported"; + public const string ClaimsParameterSupported = "claims_parameter_supported"; + public const string ClaimsSupported = "claims_supported"; + public const string ClaimTypesSupported = "claim_types_supported"; + public const string CodeChallengeMethodsSupported = "code_challenge_methods_supported"; + public const string DisplayValuesSupported = "display_values_supported"; + public const string EndSessionEndpoint = "end_session_endpoint"; + public const string GrantTypesSupported = "grant_types_supported"; + public const string IdTokenEncryptionAlgValuesSupported = "id_token_encryption_alg_values_supported"; + public const string IdTokenEncryptionEncValuesSupported = "id_token_encryption_enc_values_supported"; + public const string IdTokenSigningAlgValuesSupported = "id_token_signing_alg_values_supported"; + public const string IntrospectionEndpoint = "introspection_endpoint"; + public const string IntrospectionEndpointAuthMethodsSupported = "introspection_endpoint_auth_methods_supported"; + public const string IntrospectionEndpointAuthSigningAlgValuesSupported = "introspection_endpoint_auth_signing_alg_values_supported"; + public const string Issuer = "issuer"; + public const string JwksUri = "jwks_uri"; + public const string OpPolicyUri = "op_policy_uri"; + public const string OpTosUri = "op_tos_uri"; + public const string RequestObjectEncryptionAlgValuesSupported = "request_object_encryption_alg_values_supported"; + public const string RequestObjectEncryptionEncValuesSupported = "request_object_encryption_enc_values_supported"; + public const string RequestObjectSigningAlgValuesSupported = "request_object_signing_alg_values_supported"; + public const string RequestParameterSupported = "request_parameter_supported"; + public const string RequestUriParameterSupported = "request_uri_parameter_supported"; + public const string RequireRequestUriRegistration = "require_request_uri_registration"; + public const string ResponseModesSupported = "response_modes_supported"; + public const string ResponseTypesSupported = "response_types_supported"; + public const string RevocationEndpoint = "revocation_endpoint"; + public const string RevocationEndpointAuthMethodsSupported = "revocation_endpoint_auth_methods_supported"; + public const string RevocationEndpointAuthSigningAlgValuesSupported = "revocation_endpoint_auth_signing_alg_values_supported"; + public const string ScopesSupported = "scopes_supported"; + public const string ServiceDocumentation = "service_documentation"; + public const string SubjectTypesSupported = "subject_types_supported"; + public const string TokenEndpoint = "token_endpoint"; + public const string TokenEndpointAuthMethodsSupported = "token_endpoint_auth_methods_supported"; + public const string TokenEndpointAuthSigningAlgValuesSupported = "token_endpoint_auth_signing_alg_values_supported"; + public const string UiLocalesSupported = "ui_locales_supported"; + public const string UserinfoEncryptionAlgValuesSupported = "userinfo_encryption_alg_values_supported"; + public const string UserinfoEncryptionEncValuesSupported = "userinfo_encryption_enc_values_supported"; + public const string UserinfoEndpoint = "userinfo_endpoint"; + public const string UserinfoSigningAlgValuesSupported = "userinfo_signing_alg_values_supported"; + } + public static class Parameters { public const string AccessToken = "access_token"; @@ -241,6 +296,21 @@ namespace OpenIddict.Abstractions public const string String = "#public_string"; } + public static class ResponseModes + { + public const string FormPost = "form_post"; + public const string Fragment = "fragment"; + public const string Query = "query"; + } + + public static class ResponseTypes + { + public const string Code = "code"; + public const string IdToken = "id_token"; + public const string None = "none"; + public const string Token = "token"; + } + public static class Separators { public const string Space = " "; diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerInitializer.cs b/src/OpenIddict.Server/Internal/OpenIddictServerInitializer.cs index 0cad4746..1507cc0b 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerInitializer.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerInitializer.cs @@ -7,7 +7,6 @@ using System; using System.Linq; using System.Text; -using AspNet.Security.OpenIdConnect.Primitives; using AspNet.Security.OpenIdConnect.Server; using JetBrains.Annotations; using Microsoft.AspNetCore.Authentication; @@ -15,6 +14,7 @@ using Microsoft.AspNetCore.DataProtection; using Microsoft.Extensions.Caching.Distributed; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; +using OpenIddict.Abstractions; namespace OpenIddict.Server.Internal { @@ -135,18 +135,18 @@ namespace OpenIddict.Server.Internal // Ensure the authorization endpoint has been enabled when // the authorization code or implicit grants are supported. - if (!options.AuthorizationEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode) || - options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit))) + if (!options.AuthorizationEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode) || + options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit))) { throw new InvalidOperationException("The authorization endpoint must be enabled to use the authorization code and implicit flows."); } // Ensure the token endpoint has been enabled when the authorization code, // client credentials, password or refresh token grants are supported. - if (!options.TokenEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode) || - options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.ClientCredentials) || - options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Password) || - options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken))) + if (!options.TokenEndpointPath.HasValue && (options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode) || + options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.ClientCredentials) || + options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Password) || + options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken))) { throw new InvalidOperationException( "The token endpoint must be enabled to use the authorization code, client credentials, password and refresh token flows."); @@ -190,7 +190,7 @@ namespace OpenIddict.Server.Internal // Ensure at least one asymmetric signing certificate/key was registered if the implicit flow was enabled. if (!options.SigningCredentials.Any(credentials => credentials.Key is AsymmetricSecurityKey) && - options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit)) + options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit)) { throw new InvalidOperationException(new StringBuilder() .AppendLine("At least one asymmetric signing key must be registered when enabling the implicit flow.") @@ -201,9 +201,9 @@ namespace OpenIddict.Server.Internal } // Automatically add the offline_access scope if the refresh token grant has been enabled. - if (options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken)) + if (options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken)) { - options.Scopes.Add(OpenIdConnectConstants.Scopes.OfflineAccess); + options.Scopes.Add(OpenIddictConstants.Scopes.OfflineAccess); } } } diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs index 39a0ee06..9d1dd9b9 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs @@ -42,7 +42,7 @@ namespace OpenIddict.Server.Internal "an unsupported parameter: {Parameter}.", "request"); context.Reject( - error: OpenIdConnectConstants.Errors.RequestNotSupported, + error: OpenIddictConstants.Errors.RequestNotSupported, description: "The 'request' parameter is not supported."); return; @@ -55,7 +55,7 @@ namespace OpenIddict.Server.Internal "an unsupported parameter: {Parameter}.", "request_uri"); context.Reject( - error: OpenIdConnectConstants.Errors.RequestUriNotSupported, + error: OpenIddictConstants.Errors.RequestUriNotSupported, description: "The 'request_uri' parameter is not supported."); return; @@ -72,7 +72,7 @@ namespace OpenIddict.Server.Internal "request caching support was not enabled."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'request_id' parameter is not supported."); return; @@ -89,7 +89,7 @@ namespace OpenIddict.Server.Internal "or invalid request_id parameter was specified."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'request_id' parameter is invalid."); return; @@ -126,7 +126,7 @@ namespace OpenIddict.Server.Internal "response type is not supported.", context.Request.ResponseType); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedResponseType, + error: OpenIddictConstants.Errors.UnsupportedResponseType, description: "The specified 'response_type' parameter is not supported."); return; @@ -134,50 +134,50 @@ namespace OpenIddict.Server.Internal // Reject code flow authorization requests if the authorization code flow is not enabled. if (context.Request.IsAuthorizationCodeFlow() && - !options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode)) + !options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode)) { _logger.LogError("The authorization request was rejected because " + "the authorization code flow was not enabled."); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedResponseType, + error: OpenIddictConstants.Errors.UnsupportedResponseType, description: "The specified 'response_type' parameter is not allowed."); return; } // Reject implicit flow authorization requests if the implicit flow is not enabled. - if (context.Request.IsImplicitFlow() && !options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit)) + if (context.Request.IsImplicitFlow() && !options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit)) { _logger.LogError("The authorization request was rejected because the implicit flow was not enabled."); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedResponseType, + error: OpenIddictConstants.Errors.UnsupportedResponseType, description: "The specified 'response_type' parameter is not allowed."); return; } // Reject hybrid flow authorization requests if the authorization code or the implicit flows are not enabled. - if (context.Request.IsHybridFlow() && (!options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode) || - !options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.Implicit))) + if (context.Request.IsHybridFlow() && (!options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode) || + !options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.Implicit))) { _logger.LogError("The authorization request was rejected because the " + "authorization code flow or the implicit flow was not enabled."); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedResponseType, + error: OpenIddictConstants.Errors.UnsupportedResponseType, description: "The specified 'response_type' parameter is not allowed."); return; } // Reject authorization requests that specify scope=offline_access if the refresh token flow is not enabled. - if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) && - !options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken)) + if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) && + !options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'offline_access' scope is not allowed."); return; @@ -204,7 +204,7 @@ namespace OpenIddict.Server.Internal _logger.LogError("The authentication request was rejected because invalid scopes were specified: {Scopes}.", scopes); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidScope, + error: OpenIddictConstants.Errors.InvalidScope, description: "The specified 'scope' parameter is not valid."); return; @@ -222,7 +222,7 @@ namespace OpenIddict.Server.Internal "response mode is not supported.", context.Request.ResponseMode); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'response_mode' parameter is not supported."); return; @@ -235,7 +235,7 @@ namespace OpenIddict.Server.Internal if (string.IsNullOrEmpty(context.RedirectUri)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The mandatory 'redirect_uri' parameter is missing."); return; @@ -253,7 +253,7 @@ namespace OpenIddict.Server.Internal "required 'code_challenge_method' parameter was missing."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'code_challenge_method' parameter must be specified."); return; @@ -267,20 +267,20 @@ namespace OpenIddict.Server.Internal "'code_challenge_method' parameter was set to 'plain'."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'code_challenge_method' parameter is not allowed."); return; } // Reject authorization requests that contain response_type=token when a code_challenge is specified. - if (context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.Token)) + if (context.Request.HasResponseType(OpenIddictConstants.ResponseTypes.Token)) { _logger.LogError("The authorization request was rejected because the " + "specified response type was not compatible with PKCE."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'response_type' parameter is not allowed when using PKCE."); return; @@ -295,7 +295,7 @@ namespace OpenIddict.Server.Internal "application was not found: '{ClientId}'.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'client_id' parameter is invalid."); return; @@ -310,10 +310,10 @@ namespace OpenIddict.Server.Internal // Note: when using the authorization code grant, ValidateTokenRequest is responsible of rejecting // the token request if the client_id corresponds to an unauthenticated confidential client. if (await _applicationManager.IsConfidentialAsync(application) && - context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.Token)) + context.Request.HasResponseType(OpenIddictConstants.ResponseTypes.Token)) { context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "The specified 'response_type' parameter is not valid for this client application."); return; @@ -327,7 +327,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the authorization endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "This client application is not allowed to use the authorization endpoint."); return; @@ -343,7 +343,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the authorization code flow.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "The client application is not allowed to use the authorization code flow."); return; @@ -357,7 +357,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the implicit flow.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "The client application is not allowed to use the implicit flow."); return; @@ -372,7 +372,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the hybrid flow.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "The client application is not allowed to use the hybrid flow."); return; @@ -380,14 +380,14 @@ namespace OpenIddict.Server.Internal // Reject the request if the offline_access scope was request and if // the application is not allowed to use the refresh token grant type. - if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) && + if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) && !await _applicationManager.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.RefreshToken)) { _logger.LogError("The authorization request was rejected because the application '{ClientId}' " + "was not allowed to request the 'offline_access' scope.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The client application is not allowed to use the 'offline_access' scope."); return; @@ -401,7 +401,7 @@ namespace OpenIddict.Server.Internal "was invalid: '{RedirectUri}'.", context.RedirectUri); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'redirect_uri' parameter is not valid for this client application."); return; @@ -414,8 +414,8 @@ namespace OpenIddict.Server.Internal foreach (var scope in context.Request.GetScopes()) { // Avoid validating the "openid" and "offline_access" scopes as they represent protocol scopes. - if (string.Equals(scope, OpenIdConnectConstants.Scopes.OfflineAccess, StringComparison.Ordinal) || - string.Equals(scope, OpenIdConnectConstants.Scopes.OpenId, StringComparison.Ordinal)) + if (string.Equals(scope, OpenIddictConstants.Scopes.OfflineAccess, StringComparison.Ordinal) || + string.Equals(scope, OpenIddictConstants.Scopes.OpenId, StringComparison.Ordinal)) { continue; } @@ -427,7 +427,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the scope {Scope}.", context.ClientId, scope); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "This client application is not allowed to use the specified scope."); return; @@ -474,7 +474,7 @@ namespace OpenIddict.Server.Internal var address = QueryHelpers.AddQueryString( uri: context.HttpContext.Request.Scheme + "://" + context.HttpContext.Request.Host + context.HttpContext.Request.PathBase + context.HttpContext.Request.Path, - name: OpenIdConnectConstants.Parameters.RequestId, value: context.Request.RequestId); + name: OpenIddictConstants.Parameters.RequestId, value: context.Request.RequestId); context.HttpContext.Response.Redirect(address); diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs index fe5f5375..dde4b5f8 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs @@ -39,18 +39,18 @@ namespace OpenIddict.Server.Internal "grant type is not supported.", context.Request.GrantType); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedGrantType, + error: OpenIddictConstants.Errors.UnsupportedGrantType, description: "The specified 'grant_type' parameter is not supported."); return; } // Reject token requests that specify scope=offline_access if the refresh token flow is not enabled. - if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) && - !options.GrantTypes.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken)) + if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) && + !options.GrantTypes.Contains(OpenIddictConstants.GrantTypes.RefreshToken)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'offline_access' scope is not allowed."); return; @@ -64,7 +64,7 @@ namespace OpenIddict.Server.Internal if (context.Request.IsAuthorizationCodeGrantType() && string.IsNullOrEmpty(context.Request.RedirectUri)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The mandatory 'redirect_uri' parameter is missing."); return; @@ -76,10 +76,10 @@ namespace OpenIddict.Server.Internal // that rejects grant_type=client_credentials requests containing the 'offline_access' scope. // See https://tools.ietf.org/html/rfc6749#section-4.4.3 for more information. if (context.Request.IsClientCredentialsGrantType() && - context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess)) + context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'offline_access' scope is not valid for the specified 'grant_type' parameter."); return; @@ -106,7 +106,7 @@ namespace OpenIddict.Server.Internal _logger.LogError("The token request was rejected because invalid scopes were specified: {Scopes}.", scopes); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidScope, + error: OpenIddictConstants.Errors.InvalidScope, description: "The specified 'scope' parameter is not valid."); return; @@ -120,7 +120,7 @@ namespace OpenIddict.Server.Internal string.IsNullOrEmpty(context.Request.ClientSecret))) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'client_id' and 'client_secret' parameters are " + "required when using the client credentials grant."); @@ -141,7 +141,7 @@ namespace OpenIddict.Server.Internal "mandatory client_id parameter was missing or empty."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The mandatory 'client_id' parameter is missing."); return; @@ -163,7 +163,7 @@ namespace OpenIddict.Server.Internal "application was not found: '{ClientId}'.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified 'client_id' parameter is invalid."); return; @@ -181,7 +181,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the token endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "This client application is not allowed to use the token endpoint."); return; @@ -197,7 +197,7 @@ namespace OpenIddict.Server.Internal "use the specified grant type: {GrantType}.", context.ClientId, context.Request.GrantType); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "This client application is not allowed to use the specified grant type."); return; @@ -205,14 +205,14 @@ namespace OpenIddict.Server.Internal // Reject the request if the offline_access scope was request and if // the application is not allowed to use the refresh token grant type. - if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) && + if (context.Request.HasScope(OpenIddictConstants.Scopes.OfflineAccess) && !await _applicationManager.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.RefreshToken)) { _logger.LogError("The token request was rejected because the application '{ClientId}' " + "was not allowed to request the 'offline_access' scope.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The client application is not allowed to use the 'offline_access' scope."); return; @@ -228,7 +228,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the client credentials grant.", context.Request.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "The specified 'grant_type' parameter is not valid for this client application."); return; @@ -241,7 +241,7 @@ namespace OpenIddict.Server.Internal "was not allowed to send a client secret.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'client_secret' parameter is not valid for this client application."); return; @@ -265,7 +265,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' didn't specify a client secret.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The 'client_secret' parameter required for this client application is missing."); return; @@ -277,7 +277,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' didn't specify valid client credentials.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified client credentials are invalid."); return; @@ -290,8 +290,8 @@ namespace OpenIddict.Server.Internal foreach (var scope in context.Request.GetScopes()) { // Avoid validating the "openid" and "offline_access" scopes as they represent protocol scopes. - if (string.Equals(scope, OpenIdConnectConstants.Scopes.OfflineAccess, StringComparison.Ordinal) || - string.Equals(scope, OpenIdConnectConstants.Scopes.OpenId, StringComparison.Ordinal)) + if (string.Equals(scope, OpenIddictConstants.Scopes.OfflineAccess, StringComparison.Ordinal) || + string.Equals(scope, OpenIddictConstants.Scopes.OpenId, StringComparison.Ordinal)) { continue; } @@ -304,7 +304,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the scope {Scope}.", context.ClientId, scope); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "This client application is not allowed to use the specified scope."); return; @@ -373,7 +373,7 @@ namespace OpenIddict.Server.Internal "or refresh token '{Identifier}' has already been redeemed.", identifier); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidGrant, + error: OpenIddictConstants.Errors.InvalidGrant, description: context.Request.IsAuthorizationCodeGrantType() ? "The specified authorization code has already been redeemed." : "The specified refresh token has already been redeemed."); @@ -387,7 +387,7 @@ namespace OpenIddict.Server.Internal "or refresh token '{Identifier}' was no longer valid.", identifier); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidGrant, + error: OpenIddictConstants.Errors.InvalidGrant, description: context.Request.IsAuthorizationCodeGrantType() ? "The specified authorization code is no longer valid." : "The specified refresh token is no longer valid."); @@ -411,7 +411,7 @@ namespace OpenIddict.Server.Internal "the associated authorization was no longer valid."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidGrant, + error: OpenIddictConstants.Errors.InvalidGrant, description: context.Request.IsAuthorizationCodeGrantType() ? "The authorization associated with the authorization code is no longer valid." : "The authorization associated with the refresh token is no longer valid."); diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs index 57113b8e..d9272489 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Helpers.cs @@ -35,7 +35,7 @@ namespace OpenIddict.Server.Internal { Principal = ticket.Principal, Status = OpenIddictConstants.Statuses.Valid, - Subject = ticket.Principal.GetClaim(OpenIdConnectConstants.Claims.Subject), + Subject = ticket.Principal.GetClaim(OpenIddictConstants.Claims.Subject), Type = OpenIddictConstants.AuthorizationTypes.AdHoc }; @@ -120,7 +120,7 @@ namespace OpenIddict.Server.Internal ExpirationDate = ticket.Properties.ExpiresUtc, Principal = ticket.Principal, Status = OpenIddictConstants.Statuses.Valid, - Subject = ticket.Principal.GetClaim(OpenIdConnectConstants.Claims.Subject), + Subject = ticket.Principal.GetClaim(OpenIddictConstants.Claims.Subject), Type = type }; diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs index a254bcdd..1eee8d8a 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs @@ -36,7 +36,7 @@ namespace OpenIddict.Server.Internal if (string.IsNullOrEmpty(context.ClientId) || string.IsNullOrEmpty(context.ClientSecret)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The mandatory 'client_id' and/or 'client_secret' parameters are missing."); return; @@ -50,7 +50,7 @@ namespace OpenIddict.Server.Internal "application was not found: '{ClientId}'.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified 'client_id' parameter is invalid."); return; @@ -68,7 +68,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the introspection endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "This client application is not allowed to use the introspection endpoint."); return; @@ -81,7 +81,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' was not allowed to use this endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "This client application is not allowed to use the introspection endpoint."); return; @@ -94,7 +94,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' didn't specify valid client credentials.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified client credentials are invalid."); return; diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs index 9870f460..1f56b26d 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs @@ -38,7 +38,7 @@ namespace OpenIddict.Server.Internal if (string.Equals(context.Request.TokenTypeHint, OpenIdConnectConstants.TokenTypeHints.IdToken)) { context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedTokenType, + error: OpenIddictConstants.Errors.UnsupportedTokenType, description: "The specified 'token_type_hint' parameter is not supported."); return; @@ -48,7 +48,7 @@ namespace OpenIddict.Server.Internal string.Equals(context.Request.TokenTypeHint, OpenIdConnectConstants.TokenTypeHints.AccessToken)) { context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedTokenType, + error: OpenIddictConstants.Errors.UnsupportedTokenType, description: "The specified 'token_type_hint' parameter is not supported."); return; @@ -69,7 +69,7 @@ namespace OpenIddict.Server.Internal "mandatory client_id parameter was missing or empty."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The mandatory 'client_id' parameter is missing."); return; @@ -91,7 +91,7 @@ namespace OpenIddict.Server.Internal "application was not found: '{ClientId}'.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified 'client_id' parameter is invalid."); return; @@ -109,7 +109,7 @@ namespace OpenIddict.Server.Internal "was not allowed to use the revocation endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.UnauthorizedClient, + error: OpenIddictConstants.Errors.UnauthorizedClient, description: "This client application is not allowed to use the revocation endpoint."); return; @@ -124,7 +124,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' was not allowed to use this endpoint.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'client_secret' parameter is not valid for this client application."); return; @@ -148,7 +148,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' didn't specify a client secret.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The 'client_secret' parameter required for this client application is missing."); return; @@ -160,7 +160,7 @@ namespace OpenIddict.Server.Internal "'{ClientId}' didn't specify valid client credentials.", context.ClientId); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidClient, + error: OpenIddictConstants.Errors.InvalidClient, description: "The specified client credentials are invalid."); return; @@ -184,7 +184,7 @@ namespace OpenIddict.Server.Internal _logger.LogError("The revocation request was rejected because identity tokens are not revocable."); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedTokenType, + error: OpenIddictConstants.Errors.UnsupportedTokenType, description: "The specified token cannot be revoked."); return; @@ -196,7 +196,7 @@ namespace OpenIddict.Server.Internal _logger.LogError("The revocation request was rejected because the access token was not revocable."); context.Reject( - error: OpenIdConnectConstants.Errors.UnsupportedTokenType, + error: OpenIddictConstants.Errors.UnsupportedTokenType, description: "The specified token cannot be revoked."); return; diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs index 10cad9a8..ff35ffb1 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs @@ -42,7 +42,7 @@ namespace OpenIddict.Server.Internal _logger.LogError("The logout request was rejected because request caching support was not enabled."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'request_id' parameter is not supported."); return; @@ -59,7 +59,7 @@ namespace OpenIddict.Server.Internal "or invalid request_id parameter was specified."); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'request_id' parameter is invalid."); return; @@ -97,7 +97,7 @@ namespace OpenIddict.Server.Internal "a valid absolute URL: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must be a valid absolute URL."); return; @@ -109,7 +109,7 @@ namespace OpenIddict.Server.Internal "a URL fragment: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must not include a fragment."); return; @@ -146,7 +146,7 @@ namespace OpenIddict.Server.Internal "was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( - error: OpenIdConnectConstants.Errors.InvalidRequest, + error: OpenIddictConstants.Errors.InvalidRequest, description: "The specified 'post_logout_redirect_uri' parameter is not valid."); return; @@ -192,7 +192,7 @@ namespace OpenIddict.Server.Internal var address = QueryHelpers.AddQueryString( uri: context.HttpContext.Request.Scheme + "://" + context.HttpContext.Request.Host + context.HttpContext.Request.PathBase + context.HttpContext.Request.Path, - name: OpenIdConnectConstants.Parameters.RequestId, value: context.Request.RequestId); + name: OpenIddictConstants.Parameters.RequestId, value: context.Request.RequestId); context.HttpContext.Response.Redirect(address); diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs index bbc32d32..ed601d49 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs @@ -127,15 +127,15 @@ namespace OpenIddict.Server.Internal // Always include the "openid" scope when the developer doesn't explicitly call SetScopes. // Note: the application is allowed to specify a different "scopes": in this case, // don't replace the "scopes" property stored in the authentication ticket. - if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OpenId) && !context.Ticket.HasScope()) + if (context.Request.HasScope(OpenIddictConstants.Scopes.OpenId) && !context.Ticket.HasScope()) { - context.Ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId); + context.Ticket.SetScopes(OpenIddictConstants.Scopes.OpenId); } - context.IncludeIdentityToken = context.Ticket.HasScope(OpenIdConnectConstants.Scopes.OpenId); + context.IncludeIdentityToken = context.Ticket.HasScope(OpenIddictConstants.Scopes.OpenId); } - context.IncludeRefreshToken = context.Ticket.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess); + context.IncludeRefreshToken = context.Ticket.HasScope(OpenIddictConstants.Scopes.OfflineAccess); // Always include a refresh token for grant_type=refresh_token requests if // rolling tokens are enabled and if the offline_access scope was specified. @@ -160,7 +160,7 @@ namespace OpenIddict.Server.Internal if (!await TryRedeemTokenAsync(token)) { context.Reject( - error: OpenIdConnectConstants.Errors.InvalidGrant, + error: OpenIddictConstants.Errors.InvalidGrant, description: context.Request.IsAuthorizationCodeGrantType() ? "The specified authorization code is no longer valid." : "The specified refresh token is no longer valid."); diff --git a/src/OpenIddict.Server/OpenIddictServerBuilder.cs b/src/OpenIddict.Server/OpenIddictServerBuilder.cs index e49a735a..7be6b8f3 100644 --- a/src/OpenIddict.Server/OpenIddictServerBuilder.cs +++ b/src/OpenIddict.Server/OpenIddictServerBuilder.cs @@ -13,12 +13,12 @@ using System.Linq; using System.Reflection; using System.Security.Cryptography.X509Certificates; using System.Threading.Tasks; -using AspNet.Security.OpenIdConnect.Primitives; using JetBrains.Annotations; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Caching.Distributed; using Microsoft.IdentityModel.Tokens; +using OpenIddict.Abstractions; using OpenIddict.Extensions; using OpenIddict.Server; @@ -399,7 +399,7 @@ namespace Microsoft.Extensions.DependencyInjection /// /// The . public OpenIddictServerBuilder AllowAuthorizationCodeFlow() - => Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.AuthorizationCode)); + => Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.AuthorizationCode)); /// /// Enables client credentials flow support. For more information about this @@ -407,7 +407,7 @@ namespace Microsoft.Extensions.DependencyInjection /// /// The . public OpenIddictServerBuilder AllowClientCredentialsFlow() - => Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.ClientCredentials)); + => Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.ClientCredentials)); /// /// Enables custom grant type support. @@ -432,7 +432,7 @@ namespace Microsoft.Extensions.DependencyInjection /// /// The . public OpenIddictServerBuilder AllowImplicitFlow() - => Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.Implicit)); + => Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.Implicit)); /// /// Enables password flow support. For more information about this specific @@ -440,7 +440,7 @@ namespace Microsoft.Extensions.DependencyInjection /// /// The . public OpenIddictServerBuilder AllowPasswordFlow() - => Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.Password)); + => Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.Password)); /// /// Enables refresh token flow support. For more information about this @@ -448,7 +448,7 @@ namespace Microsoft.Extensions.DependencyInjection /// /// The . public OpenIddictServerBuilder AllowRefreshTokenFlow() - => Configure(options => options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.RefreshToken)); + => Configure(options => options.GrantTypes.Add(OpenIddictConstants.GrantTypes.RefreshToken)); /// /// Disables authorization storage so that ad-hoc authorizations are diff --git a/src/OpenIddict.Server/OpenIddictServerOptions.cs b/src/OpenIddict.Server/OpenIddictServerOptions.cs index 50b61cbd..5e2fcf0b 100644 --- a/src/OpenIddict.Server/OpenIddictServerOptions.cs +++ b/src/OpenIddict.Server/OpenIddictServerOptions.cs @@ -7,9 +7,9 @@ using System; using System.Collections.Generic; using System.Security.Cryptography; -using AspNet.Security.OpenIdConnect.Primitives; using AspNet.Security.OpenIdConnect.Server; using Microsoft.Extensions.Caching.Distributed; +using OpenIddict.Abstractions; using OpenIddict.Server.Internal; namespace OpenIddict.Server @@ -46,12 +46,12 @@ namespace OpenIddict.Server /// public ISet Claims { get; } = new HashSet(StringComparer.Ordinal) { - OpenIdConnectConstants.Claims.Audience, - OpenIdConnectConstants.Claims.ExpiresAt, - OpenIdConnectConstants.Claims.IssuedAt, - OpenIdConnectConstants.Claims.Issuer, - OpenIdConnectConstants.Claims.JwtId, - OpenIdConnectConstants.Claims.Subject + OpenIddictConstants.Claims.Audience, + OpenIddictConstants.Claims.ExpiresAt, + OpenIddictConstants.Claims.IssuedAt, + OpenIddictConstants.Claims.Issuer, + OpenIddictConstants.Claims.JwtId, + OpenIddictConstants.Claims.Subject }; /// @@ -128,7 +128,7 @@ namespace OpenIddict.Server /// public ISet Scopes { get; } = new HashSet(StringComparer.Ordinal) { - OpenIdConnectConstants.Scopes.OpenId + OpenIddictConstants.Scopes.OpenId }; /// diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerInitializerTests.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerInitializerTests.cs index fe9b50bd..aceae60e 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerInitializerTests.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerInitializerTests.cs @@ -8,7 +8,6 @@ using System; using System.Text; using System.Threading.Tasks; using AspNet.Security.OpenIdConnect.Client; -using AspNet.Security.OpenIdConnect.Primitives; using AspNet.Security.OpenIdConnect.Server; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Builder; @@ -17,6 +16,7 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.TestHost; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Logging; +using OpenIddict.Abstractions; using Xunit; namespace OpenIddict.Server.Internal.Tests @@ -115,8 +115,8 @@ namespace OpenIddict.Server.Internal.Tests } [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit)] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)] + [InlineData(OpenIddictConstants.GrantTypes.Implicit)] public async Task PostConfigure_ThrowsAnExceptionWhenAuthorizationEndpointIsDisabled(string flow) { // Arrange @@ -138,10 +138,10 @@ namespace OpenIddict.Server.Internal.Tests } [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)] - [InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)] - [InlineData(OpenIdConnectConstants.GrantTypes.Password)] - [InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)] + [InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)] + [InlineData(OpenIddictConstants.GrantTypes.Password)] + [InlineData(OpenIddictConstants.GrantTypes.RefreshToken)] public async Task PostConfigure_ThrowsAnExceptionWhenTokenEndpointIsDisabled(string flow) { // Arrange diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Authentication.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Authentication.cs index c25ec6e5..27e48457 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Authentication.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Authentication.cs @@ -41,12 +41,12 @@ namespace OpenIddict.Server.Internal.Tests Request = "eyJhbGciOiJub25lIn0.eyJpc3MiOiJodHRwOi8vd3d3LmZhYnJpa2FtLmNvbSIsImF1ZCI6Imh0" + "dHA6Ly93d3cuY29udG9zby5jb20iLCJyZXNwb25zZV90eXBlIjoiY29kZSIsImNsaWVudF9pZCI6" + "IkZhYnJpa2FtIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovL3d3dy5mYWJyaWthbS5jb20vcGF0aCJ9.", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, - Scope = OpenIdConnectConstants.Scopes.OpenId + ResponseType = OpenIddictConstants.ResponseTypes.Code, + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.RequestNotSupported, response.Error); + Assert.Equal(OpenIddictConstants.Errors.RequestNotSupported, response.Error); Assert.Equal("The 'request' parameter is not supported.", response.ErrorDescription); } @@ -64,12 +64,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", RequestUri = "http://www.fabrikam.com/request/GkurKxf5T0Y-mnPFCHqWOMiZi4VS138cQO_V7PZHAdM", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, - Scope = OpenIdConnectConstants.Scopes.OpenId + ResponseType = OpenIddictConstants.ResponseTypes.Code, + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.RequestUriNotSupported, response.Error); + Assert.Equal(OpenIddictConstants.Errors.RequestUriNotSupported, response.Error); Assert.Equal("The 'request_uri' parameter is not supported.", response.ErrorDescription); } @@ -88,7 +88,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'request_id' parameter is not supported.", response.ErrorDescription); } @@ -112,7 +112,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'request_id' parameter is invalid.", response.ErrorDescription); } @@ -129,11 +129,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.None + ResponseType = OpenIddictConstants.ResponseTypes.None }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedResponseType, response.Error); Assert.Equal("The specified 'response_type' parameter is not supported.", response.ErrorDescription); } @@ -154,21 +154,21 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedResponseType, response.Error); Assert.Equal("The specified 'response_type' parameter is not supported.", response.ErrorDescription); } [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code")] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code id_token")] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code id_token token")] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode, "code token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "code id_token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "code id_token token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "code token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "id_token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "id_token token")] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit, "token")] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code")] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code id_token")] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code id_token token")] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode, "code token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "code id_token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "code id_token token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "code token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "id_token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "id_token token")] + [InlineData(OpenIddictConstants.GrantTypes.Implicit, "token")] public async Task ValidateAuthorizationRequest_RequestIsRejectedWhenCorrespondingFlowIsDisabled(string flow, string type) { // Arrange @@ -186,11 +186,11 @@ namespace OpenIddict.Server.Internal.Tests Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, - Scope = OpenIdConnectConstants.Scopes.OpenId + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedResponseType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedResponseType, response.Error); Assert.Equal("The specified 'response_type' parameter is not allowed.", response.ErrorDescription); } @@ -216,12 +216,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, Scope = "unregistered_scope" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidScope, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidScope, response.Error); Assert.Equal("The specified 'scope' parameter is not valid.", response.ErrorDescription); } @@ -256,7 +256,7 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Token, + ResponseType = OpenIddictConstants.ResponseTypes.Token, Scope = "registered_scope" }); @@ -313,7 +313,7 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Token, + ResponseType = OpenIddictConstants.ResponseTypes.Token, Scope = "scope_registered_in_database scope_registered_in_options" }); @@ -330,7 +330,7 @@ namespace OpenIddict.Server.Internal.Tests // Arrange var server = CreateAuthorizationServer(builder => { - builder.Configure(options => options.GrantTypes.Remove(OpenIdConnectConstants.GrantTypes.RefreshToken)); + builder.Configure(options => options.GrantTypes.Remove(OpenIddictConstants.GrantTypes.RefreshToken)); }); var client = new OpenIdConnectClient(server.CreateClient()); @@ -340,12 +340,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + ResponseType = OpenIddictConstants.ResponseTypes.Code, + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'offline_access' scope is not allowed.", response.ErrorDescription); } @@ -363,11 +363,11 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", ResponseMode = "unknown_response_mode", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'response_mode' parameter is not supported.", response.ErrorDescription); } @@ -384,11 +384,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = null, - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The mandatory 'redirect_uri' parameter is missing.", response.ErrorDescription); } @@ -407,11 +407,11 @@ namespace OpenIddict.Server.Internal.Tests CodeChallenge = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM", CodeChallengeMethod = null, RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'code_challenge_method' parameter must be specified.", response.ErrorDescription); } @@ -430,11 +430,11 @@ namespace OpenIddict.Server.Internal.Tests CodeChallenge = "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM", CodeChallengeMethod = OpenIdConnectConstants.CodeChallengeMethods.Plain, RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'code_challenge_method' parameter is not allowed.", response.ErrorDescription); } @@ -457,11 +457,11 @@ namespace OpenIddict.Server.Internal.Tests Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, - Scope = OpenIdConnectConstants.Scopes.OpenId + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'response_type' parameter is not allowed when using PKCE.", response.ErrorDescription); } @@ -487,11 +487,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -530,11 +530,11 @@ namespace OpenIddict.Server.Internal.Tests Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, - Scope = OpenIdConnectConstants.Scopes.OpenId + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("The specified 'response_type' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -571,11 +571,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the authorization endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -646,11 +646,11 @@ namespace OpenIddict.Server.Internal.Tests Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, - Scope = OpenIdConnectConstants.Scopes.OpenId + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal(description, response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -691,12 +691,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + ResponseType = OpenIddictConstants.ResponseTypes.Code, + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The client application is not allowed to use the 'offline_access' scope.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, @@ -730,11 +730,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'redirect_uri' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -757,19 +757,19 @@ namespace OpenIddict.Server.Internal.Tests instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Profile, It.IsAny())) + OpenIddictConstants.Scopes.Profile, It.IsAny())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Email, It.IsAny())) + OpenIddictConstants.Scopes.Email, It.IsAny())) .ReturnsAsync(false); }); var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); - builder.RegisterScopes(OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile); + builder.RegisterScopes(OpenIddictConstants.Scopes.Email, OpenIddictConstants.Scopes.Profile); builder.Configure(options => options.IgnoreScopePermissions = false); }); @@ -780,26 +780,26 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, Scope = "openid offline_access profile email" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("This client application is not allowed to use the specified scope.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.OpenId, It.IsAny()), Times.Never()); + OpenIddictConstants.Scopes.OpenId, It.IsAny()), Times.Never()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.OfflineAccess, It.IsAny()), Times.Never()); + OpenIddictConstants.Scopes.OfflineAccess, It.IsAny()), Times.Never()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Profile, It.IsAny()), Times.Once()); + OpenIddictConstants.Scopes.Profile, It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Email, It.IsAny()), Times.Once()); + OpenIddictConstants.Scopes.Email, It.IsAny()), Times.Once()); } [Fact] @@ -845,10 +845,10 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Token + ResponseType = OpenIddictConstants.ResponseTypes.Token }); - var identifier = (string) response[OpenIdConnectConstants.Parameters.RequestId]; + var identifier = (string) response[OpenIddictConstants.Parameters.RequestId]; // Assert Assert.Single(response.GetParameters()); @@ -916,7 +916,7 @@ namespace OpenIddict.Server.Internal.Tests Nonce = "n-0S6_WzA2Mj", RedirectUri = "http://www.fabrikam.com/path", ResponseType = type, - Scope = OpenIdConnectConstants.Scopes.OpenId + Scope = OpenIddictConstants.Scopes.OpenId }); // Assert @@ -933,7 +933,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Token + ResponseType = OpenIddictConstants.ResponseTypes.Token }; var stream = new MemoryStream(); @@ -1008,7 +1008,7 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.SendAsync(HttpMethods.Put, AuthorizationEndpoint, new OpenIdConnectRequest()); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified HTTP method is not valid.", response.ErrorDescription); } @@ -1032,7 +1032,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, (string) response["error_custom"]); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, (string) response["error_custom"]); } } } diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Discovery.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Discovery.cs index 16f972e1..14a712eb 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Discovery.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Discovery.cs @@ -9,6 +9,7 @@ using System.Threading.Tasks; using AspNet.Security.OpenIdConnect.Client; using AspNet.Security.OpenIdConnect.Primitives; using Newtonsoft.Json.Linq; +using OpenIddict.Abstractions; using Xunit; namespace OpenIddict.Server.Internal.Tests @@ -33,11 +34,11 @@ namespace OpenIddict.Server.Internal.Tests } [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)] - [InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)] - [InlineData(OpenIdConnectConstants.GrantTypes.Implicit)] - [InlineData(OpenIdConnectConstants.GrantTypes.Password)] - [InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)] + [InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)] + [InlineData(OpenIddictConstants.GrantTypes.Implicit)] + [InlineData(OpenIddictConstants.GrantTypes.Password)] + [InlineData(OpenIddictConstants.GrantTypes.RefreshToken)] public async Task HandleConfigurationRequest_EnabledFlowsAreReturned(string flow) { // Arrange @@ -69,7 +70,7 @@ namespace OpenIddict.Server.Internal.Tests { builder.Configure(options => { - options.GrantTypes.Remove(OpenIdConnectConstants.GrantTypes.RefreshToken); + options.GrantTypes.Remove(OpenIddictConstants.GrantTypes.RefreshToken); options.Scopes.Clear(); }); }); @@ -84,7 +85,7 @@ namespace OpenIddict.Server.Internal.Tests } [Theory] - [InlineData(OpenIdConnectConstants.Scopes.OpenId)] + [InlineData(OpenIddictConstants.Scopes.OpenId)] public async Task HandleConfigurationRequest_DefaultScopesAreReturned(string scope) { // Arrange @@ -133,7 +134,7 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.GetAsync(ConfigurationEndpoint); // Assert - Assert.Contains(OpenIdConnectConstants.Scopes.OfflineAccess, + Assert.Contains(OpenIddictConstants.Scopes.OfflineAccess, ((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values()); } @@ -147,7 +148,7 @@ namespace OpenIddict.Server.Internal.Tests { // Note: at least one flow must be enabled. options.GrantTypes.Clear(); - options.GrantTypes.Add(OpenIdConnectConstants.GrantTypes.AuthorizationCode); + options.GrantTypes.Add(OpenIddictConstants.GrantTypes.AuthorizationCode); }); }); @@ -157,7 +158,7 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.GetAsync(ConfigurationEndpoint); // Assert - Assert.DoesNotContain(OpenIdConnectConstants.Scopes.OfflineAccess, + Assert.DoesNotContain(OpenIddictConstants.Scopes.OfflineAccess, ((JArray) response[OpenIdConnectConstants.Metadata.ScopesSupported]).Values()); } @@ -193,12 +194,12 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Equal(6, claims.Length); - Assert.Contains(OpenIdConnectConstants.Claims.Audience, claims); - Assert.Contains(OpenIdConnectConstants.Claims.ExpiresAt, claims); - Assert.Contains(OpenIdConnectConstants.Claims.IssuedAt, claims); - Assert.Contains(OpenIdConnectConstants.Claims.Issuer, claims); - Assert.Contains(OpenIdConnectConstants.Claims.JwtId, claims); - Assert.Contains(OpenIdConnectConstants.Claims.Subject, claims); + Assert.Contains(OpenIddictConstants.Claims.Audience, claims); + Assert.Contains(OpenIddictConstants.Claims.ExpiresAt, claims); + Assert.Contains(OpenIddictConstants.Claims.IssuedAt, claims); + Assert.Contains(OpenIddictConstants.Claims.Issuer, claims); + Assert.Contains(OpenIddictConstants.Claims.JwtId, claims); + Assert.Contains(OpenIddictConstants.Claims.Subject, claims); } [Fact] diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs index a5236a18..0a11ec0c 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Exchange.cs @@ -23,10 +23,10 @@ namespace OpenIddict.Server.Internal.Tests public partial class OpenIddictServerProviderTests { [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)] - [InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)] - [InlineData(OpenIdConnectConstants.GrantTypes.Password)] - [InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)] + [InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)] + [InlineData(OpenIddictConstants.GrantTypes.Password)] + [InlineData(OpenIddictConstants.GrantTypes.RefreshToken)] public async Task ValidateTokenRequest_RequestIsRejectedWhenFlowIsNotEnabled(string flow) { // Arrange @@ -48,7 +48,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedGrantType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedGrantType, response.Error); Assert.Equal("The specified 'grant_type' parameter is not supported.", response.ErrorDescription); } @@ -58,7 +58,7 @@ namespace OpenIddict.Server.Internal.Tests // Arrange var server = CreateAuthorizationServer(builder => { - builder.Configure(options => options.GrantTypes.Remove(OpenIdConnectConstants.GrantTypes.RefreshToken)); + builder.Configure(options => options.GrantTypes.Remove(OpenIddictConstants.GrantTypes.RefreshToken)); }); var client = new OpenIdConnectClient(server.CreateClient()); @@ -66,14 +66,14 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'offline_access' scope is not allowed.", response.ErrorDescription); } @@ -90,12 +90,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = null }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The mandatory 'redirect_uri' parameter is missing.", response.ErrorDescription); } @@ -119,14 +119,14 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", Scope = "unregistered_scope" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidScope, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidScope, response.Error); Assert.Equal("The specified 'scope' parameter is not valid.", response.ErrorDescription); } @@ -144,7 +144,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", Scope = "registered_scope" @@ -186,7 +186,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", Scope = "scope_registered_in_database scope_registered_in_options" @@ -210,12 +210,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.ClientCredentials, - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + GrantType = OpenIddictConstants.GrantTypes.ClientCredentials, + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'offline_access' scope is not valid for the specified 'grant_type' parameter.", response.ErrorDescription); } @@ -234,11 +234,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = identifier, ClientSecret = secret, - GrantType = OpenIdConnectConstants.GrantTypes.ClientCredentials + GrantType = OpenIddictConstants.GrantTypes.ClientCredentials }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'client_id' and 'client_secret' parameters are " + "required when using the client credentials grant.", response.ErrorDescription); } @@ -258,13 +258,13 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = null, - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The mandatory 'client_id' parameter is missing.", response.ErrorDescription); } @@ -289,13 +289,13 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -330,13 +330,13 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the token endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -373,13 +373,13 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the specified grant type.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -420,14 +420,14 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The client application is not allowed to use the 'offline_access' scope.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, @@ -461,11 +461,11 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", - GrantType = OpenIdConnectConstants.GrantTypes.ClientCredentials + GrantType = OpenIddictConstants.GrantTypes.ClientCredentials }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("The specified 'grant_type' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -499,13 +499,13 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'client_secret' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -539,13 +539,13 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = null, - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -579,13 +579,13 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = null, - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -622,13 +622,13 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -655,12 +655,12 @@ namespace OpenIddict.Server.Internal.Tests instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Profile, It.IsAny())) + OpenIddictConstants.Scopes.Profile, It.IsAny())) .ReturnsAsync(true); instance.Setup(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Email, It.IsAny())) + OpenIddictConstants.Scopes.Email, It.IsAny())) .ReturnsAsync(false); instance.Setup(mock => mock.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny())) @@ -670,7 +670,7 @@ namespace OpenIddict.Server.Internal.Tests var server = CreateAuthorizationServer(builder => { builder.Services.AddSingleton(manager); - builder.RegisterScopes(OpenIdConnectConstants.Scopes.Email, OpenIdConnectConstants.Scopes.Profile); + builder.RegisterScopes(OpenIddictConstants.Scopes.Email, OpenIddictConstants.Scopes.Profile); builder.Configure(options => options.IgnoreScopePermissions = false); }); @@ -681,28 +681,28 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", Scope = "openid offline_access profile email" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("This client application is not allowed to use the specified scope.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.OpenId, It.IsAny()), Times.Never()); + OpenIddictConstants.Scopes.OpenId, It.IsAny()), Times.Never()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.OfflineAccess, It.IsAny()), Times.Never()); + OpenIddictConstants.Scopes.OfflineAccess, It.IsAny()), Times.Never()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Profile, It.IsAny()), Times.Once()); + OpenIddictConstants.Scopes.Profile, It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, OpenIddictConstants.Permissions.Prefixes.Scope + - OpenIdConnectConstants.Scopes.Email, It.IsAny()), Times.Once()); + OpenIddictConstants.Scopes.Email, It.IsAny()), Times.Once()); } [Fact] @@ -750,7 +750,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -800,7 +800,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -857,12 +857,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -914,12 +914,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny()), Times.Once()); @@ -982,12 +982,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -1048,12 +1048,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny()), Times.Once()); @@ -1132,12 +1132,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -1213,12 +1213,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -1306,12 +1306,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -1399,12 +1399,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token has already been redeemed.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -1474,12 +1474,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -1544,12 +1544,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny()), Times.Once()); @@ -1627,7 +1627,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -1710,7 +1710,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -1789,12 +1789,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The authorization associated with the authorization code is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -1874,12 +1874,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The authorization associated with the authorization code is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -1953,12 +1953,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The authorization associated with the refresh token is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -2036,12 +2036,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The authorization associated with the refresh token is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); @@ -2049,16 +2049,16 @@ namespace OpenIddict.Server.Internal.Tests } [Theory] - [InlineData(OpenIdConnectConstants.GrantTypes.AuthorizationCode)] - [InlineData(OpenIdConnectConstants.GrantTypes.ClientCredentials)] - [InlineData(OpenIdConnectConstants.GrantTypes.Password)] - [InlineData(OpenIdConnectConstants.GrantTypes.RefreshToken)] + [InlineData(OpenIddictConstants.GrantTypes.AuthorizationCode)] + [InlineData(OpenIddictConstants.GrantTypes.ClientCredentials)] + [InlineData(OpenIddictConstants.GrantTypes.Password)] + [InlineData(OpenIddictConstants.GrantTypes.RefreshToken)] [InlineData("urn:ietf:params:oauth:grant-type:custom_grant")] public async Task HandleTokenRequest_RequestsAreNotHandledLocally(string flow) { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -2069,12 +2069,12 @@ namespace OpenIddict.Server.Internal.Tests switch (flow) { - case OpenIdConnectConstants.GrantTypes.AuthorizationCode: + case OpenIddictConstants.GrantTypes.AuthorizationCode: ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); ticket.SetPresenters("Fabrikam"); break; - case OpenIdConnectConstants.GrantTypes.RefreshToken: + case OpenIddictConstants.GrantTypes.RefreshToken: ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); break; } diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs index d8c94506..ea88bb57 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Introspection.cs @@ -39,7 +39,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The mandatory 'client_id' and/or 'client_secret' parameters are missing.", response.ErrorDescription); } @@ -69,7 +69,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -109,7 +109,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the introspection endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -148,7 +148,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("This client application is not allowed to use the introspection endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -189,7 +189,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -205,7 +205,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -251,7 +251,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); } [Fact] @@ -259,7 +259,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -305,7 +305,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); } [Fact] @@ -313,7 +313,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -360,7 +360,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); } [Fact] @@ -368,7 +368,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var manager = CreateTokenManager(instance => { @@ -409,7 +409,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI", It.IsAny()), Times.Once()); @@ -420,7 +420,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -501,7 +501,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Never()); } @@ -511,7 +511,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -591,7 +591,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); } @@ -601,7 +601,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -686,7 +686,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("18D15F73-BE2B-6867-DC01-B3C1E8AFDED0", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.IsValidAsync(authorization, It.IsAny()), Times.Once()); @@ -697,7 +697,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -768,7 +768,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.IsValidAsync(token, It.IsAny()), Times.Once()); diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs index c39ebda3..cf176e2b 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Revocation.cs @@ -41,7 +41,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedTokenType, response.Error); Assert.Equal("The specified 'token_type_hint' parameter is not supported.", response.ErrorDescription); } @@ -64,7 +64,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The mandatory 'client_id' parameter is missing.", response.ErrorDescription); } @@ -94,7 +94,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified 'client_id' parameter is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -135,7 +135,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnauthorizedClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnauthorizedClient, response.Error); Assert.Equal("This client application is not allowed to use the revocation endpoint.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -175,7 +175,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'client_secret' parameter is not valid for this client application.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -214,7 +214,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -253,7 +253,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The 'client_secret' parameter required for this client application is missing.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -295,7 +295,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidClient, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidClient, response.Error); Assert.Equal("The specified client credentials are invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByClientIdAsync("Fabrikam", It.IsAny()), Times.Once()); @@ -334,7 +334,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedTokenType, response.Error); Assert.Equal("The specified token cannot be revoked.", response.ErrorDescription); format.Verify(mock => mock.Unprotect("SlAV32hkKG"), Times.Once()); @@ -349,7 +349,7 @@ namespace OpenIddict.Server.Internal.Tests mock.ValidTo == DateTime.UtcNow.AddDays(1)); var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.TokenUsage, OpenIdConnectConstants.TokenUsages.IdToken); + identity.AddClaim(OpenIddictConstants.Claims.TokenUsage, OpenIdConnectConstants.TokenUsages.IdToken); var handler = new Mock(); @@ -374,7 +374,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.UnsupportedTokenType, response.Error); + Assert.Equal(OpenIddictConstants.Errors.UnsupportedTokenType, response.Error); Assert.Equal("The specified token cannot be revoked.", response.ErrorDescription); handler.As() diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs index b76fcd6e..7948964a 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Serialization.cs @@ -65,7 +65,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Never()); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Never()); @@ -76,7 +76,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -136,7 +136,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.True((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.True((bool) response[OpenIddictConstants.Claims.Active]); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Once()); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync(It.IsAny(), It.IsAny()), Times.Never()); @@ -191,7 +191,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny()), Times.AtLeastOnce()); @@ -249,7 +249,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny()), Times.AtLeastOnce()); @@ -314,7 +314,7 @@ namespace OpenIddict.Server.Internal.Tests // Assert Assert.Single(response.GetParameters()); - Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]); + Assert.False((bool) response[OpenIddictConstants.Claims.Active]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny()), Times.AtLeastOnce()); @@ -326,7 +326,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -409,10 +409,10 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.True((bool) response[OpenIdConnectConstants.Claims.Active]); - Assert.Equal("070AAEDE-38BF-41BE-870C-4E5A73E54566", response[OpenIdConnectConstants.Claims.JwtId]); - Assert.Equal(1483228800, (long) response[OpenIdConnectConstants.Claims.IssuedAt]); - Assert.Equal(1484006400, (long) response[OpenIdConnectConstants.Claims.ExpiresAt]); + Assert.True((bool) response[OpenIddictConstants.Claims.Active]); + Assert.Equal("070AAEDE-38BF-41BE-870C-4E5A73E54566", response[OpenIddictConstants.Claims.JwtId]); + Assert.Equal(1483228800, (long) response[OpenIddictConstants.Claims.IssuedAt]); + Assert.Equal(1484006400, (long) response[OpenIddictConstants.Claims.ExpiresAt]); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); Mock.Get(manager).Verify(mock => mock.GetIdAsync(token, It.IsAny()), Times.Once()); @@ -457,12 +457,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "2YotnFZFEjr1zCsicMWpAA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Never()); @@ -474,7 +474,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -532,7 +532,7 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "2YotnFZFEjr1zCsicMWpAA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -587,12 +587,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -646,12 +646,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -712,12 +712,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -730,7 +730,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -807,7 +807,7 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -824,7 +824,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -863,12 +863,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "2YotnFZFEjr1zCsicMWpAA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); } @@ -908,12 +908,12 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "2YotnFZFEjr1zCsicMWpAA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is invalid.", response.ErrorDescription); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Once()); @@ -924,7 +924,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -994,7 +994,7 @@ namespace OpenIddict.Server.Internal.Tests ClientId = "Fabrikam", ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw", Code = "2YotnFZFEjr1zCsicMWpAA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -1040,12 +1040,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "2YotnFZFEjr1zCsicMWpAA" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Never()); @@ -1057,7 +1057,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -1097,7 +1097,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "2YotnFZFEjr1zCsicMWpAA" }); @@ -1135,12 +1135,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -1177,12 +1177,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -1226,12 +1226,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByReferenceIdAsync("HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ", It.IsAny()), Times.Once()); @@ -1244,7 +1244,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -1302,7 +1302,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "HQnldPTjH_9m85GcS-5PPYaCxmJTt1umxOa2y9ggVUQ" }); @@ -1319,7 +1319,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -1341,12 +1341,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "2YotnFZFEjr1zCsicMWpAA" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); } @@ -1369,12 +1369,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "2YotnFZFEjr1zCsicMWpAA" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is invalid.", response.ErrorDescription); format.Verify(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"), Times.Once()); @@ -1385,7 +1385,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -1437,7 +1437,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "2YotnFZFEjr1zCsicMWpAA" }); @@ -1464,10 +1464,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -1517,10 +1517,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -1582,10 +1582,10 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -1632,10 +1632,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess, + Scope = OpenIddictConstants.Scopes.OfflineAccess, ["attach-authorization"] = true }); @@ -1687,7 +1687,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert @@ -1749,7 +1749,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert @@ -1822,7 +1822,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert @@ -1886,7 +1886,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code + ResponseType = OpenIddictConstants.ResponseTypes.Code }); // Assert @@ -1950,7 +1950,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, ["attach-authorization"] = true }); @@ -1976,7 +1976,7 @@ namespace OpenIddict.Server.Internal.Tests OpenIddictServerDefaults.AuthenticationScheme); ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -2024,7 +2024,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -2057,10 +2057,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -2103,10 +2103,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -2160,10 +2160,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -2223,10 +2223,10 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { ClientId = "Fabrikam", - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess + Scope = OpenIddictConstants.Scopes.OfflineAccess }); // Assert @@ -2271,10 +2271,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess, + Scope = OpenIddictConstants.Scopes.OfflineAccess, ["attach-authorization"] = true }); diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs index 4058b050..0ed3e8cc 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs @@ -37,7 +37,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The 'request_id' parameter is not supported.", response.ErrorDescription); } @@ -61,7 +61,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'request_id' parameter is invalid.", response.ErrorDescription); } @@ -84,7 +84,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal(message, response.ErrorDescription); } @@ -112,7 +112,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified 'post_logout_redirect_uri' parameter is not valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByPostLogoutRedirectUriAsync("http://www.fabrikam.com/path", It.IsAny()), Times.Once()); @@ -154,7 +154,7 @@ namespace OpenIddict.Server.Internal.Tests PostLogoutRedirectUri = "http://www.fabrikam.com/path" }); - var identifier = (string) response[OpenIdConnectConstants.Parameters.RequestId]; + var identifier = (string) response[OpenIddictConstants.Parameters.RequestId]; // Assert Assert.Single(response.GetParameters()); @@ -216,7 +216,7 @@ namespace OpenIddict.Server.Internal.Tests var response = await client.SendAsync(HttpMethods.Put, LogoutEndpoint, new OpenIdConnectRequest()); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); Assert.Equal("The specified HTTP method is not valid.", response.ErrorDescription); } @@ -244,7 +244,7 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidRequest, (string) response["error_custom"]); + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, (string) response["error_custom"]); } } } diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Userinfo.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Userinfo.cs index 5dcde5df..26a1a9c6 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Userinfo.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Userinfo.cs @@ -7,6 +7,7 @@ using System.Threading.Tasks; using AspNet.Security.OpenIdConnect.Client; using AspNet.Security.OpenIdConnect.Primitives; +using OpenIddict.Abstractions; using Xunit; namespace OpenIddict.Server.Internal.Tests @@ -27,8 +28,8 @@ namespace OpenIddict.Server.Internal.Tests }); // Assert - Assert.Equal("SlAV32hkKG", (string) response[OpenIdConnectConstants.Parameters.AccessToken]); - Assert.Equal("Bob le Bricoleur", (string) response[OpenIdConnectConstants.Claims.Subject]); + Assert.Equal("SlAV32hkKG", (string) response[OpenIddictConstants.Parameters.AccessToken]); + Assert.Equal("Bob le Bricoleur", (string) response[OpenIddictConstants.Claims.Subject]); } } } diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs index c0de1138..559acbc1 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.cs @@ -73,7 +73,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, ["attach-public-parameters"] = true, ["deny-authorization"] = true }); @@ -97,10 +97,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess, + Scope = OpenIddictConstants.Scopes.OfflineAccess, ["attach-public-parameters"] = true, ["deny-authorization"] = true }); @@ -128,7 +128,7 @@ namespace OpenIddict.Server.Internal.Tests { return client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", ["use-null-authentication-type"] = true @@ -147,7 +147,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -156,7 +156,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); ticket.SetProperty("custom_property_in_original_ticket", "original_value"); var format = new Mock>(); @@ -198,7 +198,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8", ["do-not-flow-original-properties"] = true }); @@ -218,7 +218,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -228,7 +228,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetPresenters("Fabrikam"); ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AuthorizationCode); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -279,7 +279,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -292,7 +292,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -301,7 +301,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -342,7 +342,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -355,7 +355,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -364,7 +364,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "3E228451-1555-46F7-A471-951EFBA23A56"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -400,7 +400,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -413,7 +413,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -468,7 +468,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); @@ -482,7 +482,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -540,12 +540,12 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", Code = "SplxlOBeZQQYbYS6WxSbIA", - GrantType = OpenIdConnectConstants.GrantTypes.AuthorizationCode, + GrantType = OpenIddictConstants.GrantTypes.AuthorizationCode, RedirectUri = "http://www.fabrikam.com/path" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified authorization code is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny()), Times.Once()); @@ -557,7 +557,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -566,7 +566,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -607,7 +607,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -623,7 +623,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -632,7 +632,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -676,12 +676,12 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); // Assert - Assert.Equal(OpenIdConnectConstants.Errors.InvalidGrant, response.Error); + Assert.Equal(OpenIddictConstants.Errors.InvalidGrant, response.Error); Assert.Equal("The specified refresh token is no longer valid.", response.ErrorDescription); Mock.Get(manager).Verify(mock => mock.FindByIdAsync("60FFF7EA-F98E-437B-937E-5073CC313103", It.IsAny()), Times.Once()); @@ -693,7 +693,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -702,7 +702,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -735,7 +735,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -751,7 +751,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -760,7 +760,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -827,7 +827,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -845,7 +845,7 @@ namespace OpenIddict.Server.Internal.Tests { // Arrange var identity = new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Bricoleur"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), @@ -854,7 +854,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); ticket.SetProperty(OpenIddictConstants.Properties.InternalAuthorizationId, "18D15F73-BE2B-6867-DC01-B3C1E8AFDED0"); var format = new Mock>(); @@ -914,7 +914,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -939,7 +939,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -984,7 +984,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -1007,7 +1007,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -1051,7 +1051,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -1074,7 +1074,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -1119,7 +1119,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -1140,7 +1140,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -1185,7 +1185,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -1206,7 +1206,7 @@ namespace OpenIddict.Server.Internal.Tests ticket.SetProperty(OpenIddictConstants.Properties.InternalTokenId, "60FFF7EA-F98E-437B-937E-5073CC313103"); ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.RefreshToken); - ticket.SetScopes(OpenIdConnectConstants.Scopes.OpenId, OpenIdConnectConstants.Scopes.OfflineAccess); + ticket.SetScopes(OpenIddictConstants.Scopes.OpenId, OpenIddictConstants.Scopes.OfflineAccess); var format = new Mock>(); @@ -1254,7 +1254,7 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.RefreshToken, + GrantType = OpenIddictConstants.GrantTypes.RefreshToken, RefreshToken = "8xLOxBtZp8" }); @@ -1316,7 +1316,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, }); // Assert @@ -1382,7 +1382,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, }); // Assert @@ -1419,7 +1419,7 @@ namespace OpenIddict.Server.Internal.Tests { ClientId = "Fabrikam", RedirectUri = "http://www.fabrikam.com/path", - ResponseType = OpenIdConnectConstants.ResponseTypes.Code, + ResponseType = OpenIddictConstants.ResponseTypes.Code, ["attach-public-parameters"] = true }); @@ -1442,10 +1442,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess, + Scope = OpenIddictConstants.Scopes.OfflineAccess, ["attach-public-parameters"] = true }); @@ -1476,10 +1476,10 @@ namespace OpenIddict.Server.Internal.Tests // Act var response = await client.PostAsync(TokenEndpoint, new OpenIdConnectRequest { - GrantType = OpenIdConnectConstants.GrantTypes.Password, + GrantType = OpenIddictConstants.GrantTypes.Password, Username = "johndoe", Password = "A3ddj3w", - Scope = OpenIdConnectConstants.Scopes.OfflineAccess, + Scope = OpenIddictConstants.Scopes.OfflineAccess, ["attach-public-parameters"] = true }); @@ -1605,7 +1605,7 @@ namespace OpenIddict.Server.Internal.Tests return context.HttpContext.Response.WriteAsync(JsonConvert.SerializeObject(new { - error_custom = OpenIdConnectConstants.Errors.InvalidRequest + error_custom = OpenIddictConstants.Errors.InvalidRequest })); }); @@ -1635,7 +1635,7 @@ namespace OpenIddict.Server.Internal.Tests new ClaimsIdentity(OpenIddictServerDefaults.AuthenticationScheme) : new ClaimsIdentity(); - identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Magnifique"); + identity.AddClaim(OpenIddictConstants.Claims.Subject, "Bob le Magnifique"); var ticket = new AuthenticationTicket( new ClaimsPrincipal(identity), diff --git a/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs b/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs index 02bcb1b8..8fa273ec 100644 --- a/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs +++ b/test/OpenIddict.Server.Tests/OpenIddictServerBuilderTests.cs @@ -7,9 +7,7 @@ using System; using System.IdentityModel.Tokens.Jwt; using System.Reflection; -using System.Threading; using System.Threading.Tasks; -using AspNet.Security.OpenIdConnect.Primitives; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Caching.Distributed; @@ -17,6 +15,7 @@ using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Tokens; using Moq; +using OpenIddict.Abstractions; using Xunit; using static OpenIddict.Server.OpenIddictServerEvents; @@ -316,7 +315,7 @@ namespace OpenIddict.Server.Tests var options = GetOptions(services); // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.AuthorizationCode, options.GrantTypes); + Assert.Contains(OpenIddictConstants.GrantTypes.AuthorizationCode, options.GrantTypes); } [Fact] @@ -332,7 +331,7 @@ namespace OpenIddict.Server.Tests var options = GetOptions(services); // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.ClientCredentials, options.GrantTypes); + Assert.Contains(OpenIddictConstants.GrantTypes.ClientCredentials, options.GrantTypes); } [Fact] @@ -364,7 +363,7 @@ namespace OpenIddict.Server.Tests var options = GetOptions(services); // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.Implicit, options.GrantTypes); + Assert.Contains(OpenIddictConstants.GrantTypes.Implicit, options.GrantTypes); } [Fact] @@ -380,7 +379,7 @@ namespace OpenIddict.Server.Tests var options = GetOptions(services); // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.Password, options.GrantTypes); + Assert.Contains(OpenIddictConstants.GrantTypes.Password, options.GrantTypes); } [Fact] @@ -396,7 +395,7 @@ namespace OpenIddict.Server.Tests var options = GetOptions(services); // Assert - Assert.Contains(OpenIdConnectConstants.GrantTypes.RefreshToken, options.GrantTypes); + Assert.Contains(OpenIddictConstants.GrantTypes.RefreshToken, options.GrantTypes); } [Fact]