tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Use the ExtractUserinfoRequest event to bypass the default token validation enforced by the OpenID Connect server middleware

pull/322/head
Kévin Chalet 9 years ago
parent
5635e211f9
commit
b84754f5a0
3 changed files with 14 additions and 31 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      src/OpenIddict/OpenIddictProvider.Userinfo.cs
  2. 32
      test/OpenIddict.Tests/OpenIddictProviderTests.Userinfo.cs
  3. 5
      test/OpenIddict.Tests/OpenIddictProviderTests.cs

8
src/OpenIddict/OpenIddictProvider.Userinfo.cs
View File

@ -11,7 +11,13 @@ using JetBrains.Annotations;
namespace OpenIddict { namespace OpenIddict {
public partial class OpenIddictProvider<TApplication, TAuthorization, TScope, TToken> : OpenIdConnectServerProvider public partial class OpenIddictProvider<TApplication, TAuthorization, TScope, TToken> : OpenIdConnectServerProvider
where TApplication : class where TAuthorization : class where TScope : class where TToken : class { where TApplication : class where TAuthorization : class where TScope : class where TToken : class {
public override Task HandleUserinfoRequest([NotNull] HandleUserinfoRequestContext context) { public override Task ExtractUserinfoRequest([NotNull] ExtractUserinfoRequestContext context) {
// Note: when enabling the userinfo endpoint, OpenIddict users are intended
// to handle the userinfo requests in their own code (e.g in a MVC controller).
// To avoid validating the access token twice, the default logic enforced by
// the OpenID Connect server is bypassed using the ExtractUserinfoRequest event,
// which is invoked before the access token is extracted from the userinfo request.
// Invoke the rest of the pipeline to allow // Invoke the rest of the pipeline to allow
// the user code to handle the userinfo request. // the user code to handle the userinfo request.
context.SkipToNextMiddleware(); context.SkipToNextMiddleware();

32
test/OpenIddict.Tests/OpenIddictProviderTests.Userinfo.cs
View File

@ -1,37 +1,14 @@
using System.Security.Claims; using System.Threading.Tasks;
using System.Threading.Tasks;
using AspNet.Security.OpenIdConnect.Client; using AspNet.Security.OpenIdConnect.Client;
using AspNet.Security.OpenIdConnect.Extensions;
using AspNet.Security.OpenIdConnect.Primitives; using AspNet.Security.OpenIdConnect.Primitives;
using AspNet.Security.OpenIdConnect.Server;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http.Authentication;
using Moq;
using Xunit; using Xunit;
namespace OpenIddict.Tests { namespace OpenIddict.Tests {
public partial class OpenIddictProviderTests { public partial class OpenIddictProviderTests {
[Fact] [Fact]
public async Task HandleUserinfoRequest_RequestIsHandledByUserCode() { public async Task ExtractUserinfoRequest_RequestIsHandledByUserCode() {
// Arrange // Arrange
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); var server = CreateAuthorizationServer();
identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Bricoleur");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
OpenIdConnectServerDefaults.AuthenticationScheme);
var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
format.Setup(mock => mock.Unprotect("SlAV32hkKG"))
.Returns(ticket);
var server = CreateAuthorizationServer(builder => {
builder.Configure(options => options.AccessTokenFormat = format.Object);
});
var client = new OpenIdConnectClient(server.CreateClient()); var client = new OpenIdConnectClient(server.CreateClient());
// Act // Act
@ -40,9 +17,8 @@ namespace OpenIddict.Tests {
}); });
// Assert // Assert
Assert.Equal("SlAV32hkKG", (string) response[OpenIdConnectConstants.Parameters.AccessToken]);
Assert.Equal("Bob le Bricoleur", (string) response[OpenIdConnectConstants.Claims.Subject]); Assert.Equal("Bob le Bricoleur", (string) response[OpenIdConnectConstants.Claims.Subject]);
format.Verify(mock => mock.Unprotect("SlAV32hkKG"), Times.Once());
} }
} }
} }

5
test/OpenIddict.Tests/OpenIddictProviderTests.cs
View File

@ -120,9 +120,9 @@ namespace OpenIddict.Tests {
app.UseOpenIddict(); app.UseOpenIddict();
app.Run(context => { app.Run(context => {
if (context.Request.Path == AuthorizationEndpoint || context.Request.Path == TokenEndpoint) { var request = context.GetOpenIdConnectRequest();
var request = context.GetOpenIdConnectRequest();
if (context.Request.Path == AuthorizationEndpoint || context.Request.Path == TokenEndpoint) {
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme); var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Magnifique"); identity.AddClaim(ClaimTypes.NameIdentifier, "Bob le Magnifique");
@ -144,6 +144,7 @@ namespace OpenIddict.Tests {
context.Response.Headers[HeaderNames.ContentType] = "application/json"; context.Response.Headers[HeaderNames.ContentType] = "application/json";
return context.Response.WriteAsync(JsonConvert.SerializeObject(new { return context.Response.WriteAsync(JsonConvert.SerializeObject(new {
access_token = request.AccessToken,
sub = "Bob le Bricoleur" sub = "Bob le Bricoleur"
})); }));
} }

Write Preview
Loading…
Cancel
Save