diff --git a/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs index 78f2796ec..2f587f26d 100644 --- a/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs @@ -43,9 +43,7 @@ internal class TokenRequestValidator : ITokenRequestValidator private readonly ResourceLoadedTracker _resourceLoadedTracker; private readonly IMtlsEndpointGenerator _mtlsEndpointGenerator; private readonly ILogger _logger; - private ValidatedTokenRequest _validatedRequest; - private Ct _ct; public TokenRequestValidator( IdentityServerOptions options, @@ -95,11 +93,12 @@ internal class TokenRequestValidator : ITokenRequestValidator // only here for legacy unit tests // maybe at some point we clean up the unit tests? - internal Task ValidateRequestAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult) => ValidateRequestAsync(new TokenRequestValidationContext - { - RequestParameters = parameters, - ClientValidationResult = clientValidationResult - }, CancellationToken.None); + internal Task ValidateRequestAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult, Ct ct) => + ValidateRequestAsync(new TokenRequestValidationContext + { + RequestParameters = parameters, + ClientValidationResult = clientValidationResult + }, ct); /// public async Task ValidateRequestAsync(TokenRequestValidationContext context, Ct ct) @@ -110,13 +109,12 @@ internal class TokenRequestValidator : ITokenRequestValidator ArgumentNullException.ThrowIfNull(context); - _ct = ct; var parameters = context.RequestParameters; var clientValidationResult = context.ClientValidationResult; _validatedRequest = new ValidatedTokenRequest { - IssuerName = await _issuerNameService.GetCurrentAsync(_ct), + IssuerName = await _issuerNameService.GetCurrentAsync(ct), Raw = parameters ?? throw new ArgumentNullException(nameof(context.RequestParameters)), Options = _options }; @@ -194,7 +192,7 @@ internal class TokenRequestValidator : ITokenRequestValidator ////////////////////////////////////////////////////////// // proof token validation ////////////////////////////////////////////////////////// - var proofResult = await ValidateProofToken(context); + var proofResult = await ValidateProofToken(context, ct); if (proofResult.IsError) { return proofResult; @@ -207,20 +205,20 @@ internal class TokenRequestValidator : ITokenRequestValidator return grantType switch { OidcConstants.GrantTypes.AuthorizationCode => await RunValidationAsync( - ValidateAuthorizationCodeRequestAsync, parameters), + ValidateAuthorizationCodeRequestAsync, parameters, ct), OidcConstants.GrantTypes.ClientCredentials => await RunValidationAsync( - ValidateClientCredentialsRequestAsync, parameters), + ValidateClientCredentialsRequestAsync, parameters, ct), OidcConstants.GrantTypes.Password => await RunValidationAsync(ValidateResourceOwnerCredentialRequestAsync, - parameters), + parameters, ct), OidcConstants.GrantTypes.RefreshToken => await RunValidationAsync(ValidateRefreshTokenRequestAsync, - parameters), - OidcConstants.GrantTypes.DeviceCode => await RunValidationAsync(ValidateDeviceCodeRequestAsync, parameters), - OidcConstants.GrantTypes.Ciba => await RunValidationAsync(ValidateCibaRequestRequestAsync, parameters), - _ => await RunValidationAsync(ValidateExtensionGrantRequestAsync, parameters) + parameters, ct), + OidcConstants.GrantTypes.DeviceCode => await RunValidationAsync(ValidateDeviceCodeRequestAsync, parameters, ct), + OidcConstants.GrantTypes.Ciba => await RunValidationAsync(ValidateCibaRequestRequestAsync, parameters, ct), + _ => await RunValidationAsync(ValidateExtensionGrantRequestAsync, parameters, ct) }; } - private async Task ValidateProofToken(TokenRequestValidationContext context) + private async Task ValidateProofToken(TokenRequestValidationContext context, Ct ct) { // mTLS client cert processing @@ -263,7 +261,7 @@ internal class TokenRequestValidator : ITokenRequestValidator Url = tokenUrl, Method = "POST", }; - var dpopResult = await _dPoPProofValidator.ValidateAsync(dpopContext, _ct); + var dpopResult = await _dPoPProofValidator.ValidateAsync(dpopContext, ct); if (dpopResult.IsError) { LogError(dpopResult.ErrorDescription ?? dpopResult.Error); @@ -285,10 +283,10 @@ internal class TokenRequestValidator : ITokenRequestValidator return Valid(); } - private async Task RunValidationAsync(Func> validationFunc, NameValueCollection parameters) + private async Task RunValidationAsync(Func> validationFunc, NameValueCollection parameters, Ct ct) { // run standard validation - var result = await validationFunc(parameters); + var result = await validationFunc(parameters, ct); if (result.IsError) { return result; @@ -298,7 +296,7 @@ internal class TokenRequestValidator : ITokenRequestValidator _logger.LogTrace("Calling into custom request validator: {type}", _customRequestValidator.GetType().FullName); var customValidationContext = new CustomTokenRequestValidationContext { Result = result }; - await _customRequestValidator.ValidateAsync(customValidationContext, _ct); + await _customRequestValidator.ValidateAsync(customValidationContext, ct); if (customValidationContext.Result.IsError) { @@ -325,7 +323,7 @@ internal class TokenRequestValidator : ITokenRequestValidator return customValidationContext.Result; } - private async Task ValidateAuthorizationCodeRequestAsync(NameValueCollection parameters) + private async Task ValidateAuthorizationCodeRequestAsync(NameValueCollection parameters, Ct ct) { _logger.LogDebug("Start validation of authorization code token request"); @@ -357,7 +355,7 @@ internal class TokenRequestValidator : ITokenRequestValidator _validatedRequest.AuthorizationCodeHandle = code; - var authZcode = await _authorizationCodeStore.GetAuthorizationCodeAsync(code, _ct); + var authZcode = await _authorizationCodeStore.GetAuthorizationCodeAsync(code, ct); if (authZcode == null) { LogError("Invalid authorization code", new { code }); @@ -393,7 +391,7 @@ internal class TokenRequestValidator : ITokenRequestValidator // remove code from store // todo: set to consumed in the future? - await _authorizationCodeStore.RemoveAuthorizationCodeAsync(code, _ct); + await _authorizationCodeStore.RemoveAuthorizationCodeAsync(code, ct); if (authZcode.CreationTime.HasExceeded(authZcode.Lifetime, _timeProvider.GetUtcNow().UtcDateTime)) { @@ -465,7 +463,7 @@ internal class TokenRequestValidator : ITokenRequestValidator Client = _validatedRequest.Client, Scopes = _validatedRequest.AuthorizationCode.RequestedScopes, ResourceIndicators = _validatedRequest.AuthorizationCode.RequestedResourceIndicators, - }, _ct); + }, ct); if (!validatedResources.Succeeded) { @@ -513,7 +511,7 @@ internal class TokenRequestValidator : ITokenRequestValidator // make sure user is enabled ///////////////////////////////////////////// var isActiveCtx = new IsActiveContext(_validatedRequest.AuthorizationCode.Subject, _validatedRequest.Client, IdentityServerConstants.ProfileIsActiveCallers.AuthorizationCodeValidation); - await _profile.IsActiveAsync(isActiveCtx, _ct); + await _profile.IsActiveAsync(isActiveCtx, ct); if (isActiveCtx.IsActive == false) { @@ -526,7 +524,7 @@ internal class TokenRequestValidator : ITokenRequestValidator return Valid(); } - private async Task ValidateClientCredentialsRequestAsync(NameValueCollection parameters) + private async Task ValidateClientCredentialsRequestAsync(NameValueCollection parameters, Ct ct) { _logger.LogDebug("Start client credentials token request validation"); @@ -542,7 +540,7 @@ internal class TokenRequestValidator : ITokenRequestValidator ///////////////////////////////////////////// // check if client is allowed to request scopes ///////////////////////////////////////////// - var scopeError = await ValidateRequestedScopesAndResourcesAsync(parameters, ignoreImplicitIdentityScopes: true, ignoreImplicitOfflineAccess: true); + var scopeError = await ValidateRequestedScopesAndResourcesAsync(parameters, ct, ignoreImplicitIdentityScopes: true, ignoreImplicitOfflineAccess: true); if (scopeError != null) { return Invalid(scopeError); @@ -564,7 +562,7 @@ internal class TokenRequestValidator : ITokenRequestValidator return Valid(); } - private async Task ValidateResourceOwnerCredentialRequestAsync(NameValueCollection parameters) + private async Task ValidateResourceOwnerCredentialRequestAsync(NameValueCollection parameters, Ct ct) { _logger.LogDebug("Start resource owner password token request validation"); @@ -580,7 +578,7 @@ internal class TokenRequestValidator : ITokenRequestValidator ///////////////////////////////////////////// // check if client is allowed to request scopes ///////////////////////////////////////////// - var scopeError = await ValidateRequestedScopesAndResourcesAsync(parameters); + var scopeError = await ValidateRequestedScopesAndResourcesAsync(parameters, ct); if (scopeError != null) { return Invalid(scopeError); @@ -622,7 +620,7 @@ internal class TokenRequestValidator : ITokenRequestValidator Password = password, Request = _validatedRequest }; - await _resourceOwnerValidator.ValidateAsync(resourceOwnerContext, _ct); + await _resourceOwnerValidator.ValidateAsync(resourceOwnerContext, ct); if (resourceOwnerContext.Result.IsError) { @@ -632,7 +630,7 @@ internal class TokenRequestValidator : ITokenRequestValidator if (resourceOwnerContext.Result.Error == OidcConstants.TokenErrors.UnsupportedGrantType) { LogError("Resource owner password credential grant type not supported"); - await RaiseFailedResourceOwnerAuthenticationEventAsync(userName, "password grant type not supported", resourceOwnerContext.Request.Client.ClientId); + await RaiseFailedResourceOwnerAuthenticationEventAsync(userName, "password grant type not supported", resourceOwnerContext.Request.Client.ClientId, ct); return Invalid(OidcConstants.TokenErrors.UnsupportedGrantType, customResponse: resourceOwnerContext.Result.CustomResponse); } @@ -645,7 +643,7 @@ internal class TokenRequestValidator : ITokenRequestValidator } LogInformation("User authentication failed: ", errorDescription ?? resourceOwnerContext.Result.Error); - await RaiseFailedResourceOwnerAuthenticationEventAsync(userName, errorDescription, resourceOwnerContext.Request.Client.ClientId); + await RaiseFailedResourceOwnerAuthenticationEventAsync(userName, errorDescription, resourceOwnerContext.Request.Client.ClientId, ct); return Invalid(resourceOwnerContext.Result.Error, errorDescription, resourceOwnerContext.Result.CustomResponse); } @@ -654,7 +652,7 @@ internal class TokenRequestValidator : ITokenRequestValidator { var error = "User authentication failed: no principal returned"; LogError(error); - await RaiseFailedResourceOwnerAuthenticationEventAsync(userName, error, resourceOwnerContext.Request.Client.ClientId); + await RaiseFailedResourceOwnerAuthenticationEventAsync(userName, error, resourceOwnerContext.Request.Client.ClientId, ct); return Invalid(OidcConstants.TokenErrors.InvalidGrant); } @@ -663,12 +661,12 @@ internal class TokenRequestValidator : ITokenRequestValidator // make sure user is enabled ///////////////////////////////////////////// var isActiveCtx = new IsActiveContext(resourceOwnerContext.Result.Subject, _validatedRequest.Client, IdentityServerConstants.ProfileIsActiveCallers.ResourceOwnerValidation); - await _profile.IsActiveAsync(isActiveCtx, _ct); + await _profile.IsActiveAsync(isActiveCtx, ct); if (isActiveCtx.IsActive == false) { LogError("User has been disabled", new { subjectId = resourceOwnerContext.Result.Subject.GetSubjectId() }); - await RaiseFailedResourceOwnerAuthenticationEventAsync(userName, "user is inactive", resourceOwnerContext.Request.Client.ClientId); + await RaiseFailedResourceOwnerAuthenticationEventAsync(userName, "user is inactive", resourceOwnerContext.Request.Client.ClientId, ct); return Invalid(OidcConstants.TokenErrors.InvalidGrant); } @@ -676,12 +674,12 @@ internal class TokenRequestValidator : ITokenRequestValidator _validatedRequest.UserName = userName; _validatedRequest.Subject = resourceOwnerContext.Result.Subject; - await RaiseSuccessfulResourceOwnerAuthenticationEventAsync(userName, resourceOwnerContext.Result.Subject.GetSubjectId(), resourceOwnerContext.Request.Client.ClientId); + await RaiseSuccessfulResourceOwnerAuthenticationEventAsync(userName, resourceOwnerContext.Result.Subject.GetSubjectId(), resourceOwnerContext.Request.Client.ClientId, ct); _logger.LogDebug("Resource owner password token request validation success."); return Valid(resourceOwnerContext.Result.CustomResponse); } - private async Task ValidateRefreshTokenRequestAsync(NameValueCollection parameters) + private async Task ValidateRefreshTokenRequestAsync(NameValueCollection parameters, Ct ct) { _logger.LogDebug("Start validation of refresh token request"); @@ -698,7 +696,7 @@ internal class TokenRequestValidator : ITokenRequestValidator return Invalid(OidcConstants.TokenErrors.InvalidGrant); } - var result = await _refreshTokenService.ValidateRefreshTokenAsync(refreshTokenHandle, _validatedRequest.Client, _ct); + var result = await _refreshTokenService.ValidateRefreshTokenAsync(refreshTokenHandle, _validatedRequest.Client, ct); if (result.IsError) { @@ -813,7 +811,7 @@ internal class TokenRequestValidator : ITokenRequestValidator Client = _validatedRequest.Client, Scopes = _validatedRequest.RefreshToken.AuthorizedScopes, ResourceIndicators = resourceIndicators, - }, _ct); + }, ct); if (!validatedResources.Succeeded) { @@ -838,7 +836,7 @@ internal class TokenRequestValidator : ITokenRequestValidator return Valid(); } - private async Task ValidateDeviceCodeRequestAsync(NameValueCollection parameters) + private async Task ValidateDeviceCodeRequestAsync(NameValueCollection parameters, Ct ct) { _logger.LogDebug("Start validation of device code request"); @@ -880,7 +878,7 @@ internal class TokenRequestValidator : ITokenRequestValidator // validate device code ///////////////////////////////////////////// var deviceCodeContext = new DeviceCodeValidationContext { DeviceCode = deviceCode, Request = _validatedRequest }; - await _deviceCodeValidator.ValidateAsync(deviceCodeContext, _ct); + await _deviceCodeValidator.ValidateAsync(deviceCodeContext, ct); if (deviceCodeContext.Result.IsError) { @@ -895,7 +893,7 @@ internal class TokenRequestValidator : ITokenRequestValidator Client = _validatedRequest.Client, Scopes = _validatedRequest.DeviceCode.AuthorizedScopes, ResourceIndicators = null // not supported for device grant - }, _ct); + }, ct); if (!validatedResources.Succeeded) { @@ -919,7 +917,7 @@ internal class TokenRequestValidator : ITokenRequestValidator return Valid(); } - private async Task ValidateCibaRequestRequestAsync(NameValueCollection parameters) + private async Task ValidateCibaRequestRequestAsync(NameValueCollection parameters, Ct ct) { _logger.LogDebug("Start validation of CIBA request"); @@ -959,7 +957,7 @@ internal class TokenRequestValidator : ITokenRequestValidator AuthenticationRequestId = authRequestId, Request = _validatedRequest }; - await _backchannelAuthenticationRequestIdValidator.ValidateAsync(validationContext, _ct); + await _backchannelAuthenticationRequestIdValidator.ValidateAsync(validationContext, ct); if (validationContext.Result.IsError) { @@ -984,7 +982,7 @@ internal class TokenRequestValidator : ITokenRequestValidator Client = _validatedRequest.Client, Scopes = _validatedRequest.BackChannelAuthenticationRequest.AuthorizedScopes, ResourceIndicators = _validatedRequest.BackChannelAuthenticationRequest.RequestedResourceIndicators, - }, _ct); + }, ct); if (!validatedResources.Succeeded) { @@ -1008,7 +1006,7 @@ internal class TokenRequestValidator : ITokenRequestValidator return Valid(); } - private async Task ValidateExtensionGrantRequestAsync(NameValueCollection parameters) + private async Task ValidateExtensionGrantRequestAsync(NameValueCollection parameters, Ct ct) { _logger.LogDebug("Start validation of custom grant token request"); @@ -1033,7 +1031,7 @@ internal class TokenRequestValidator : ITokenRequestValidator ///////////////////////////////////////////// // check if client is allowed to request scopes ///////////////////////////////////////////// - var scopeError = await ValidateRequestedScopesAndResourcesAsync(parameters); + var scopeError = await ValidateRequestedScopesAndResourcesAsync(parameters, ct); if (scopeError != null) { return Invalid(scopeError); @@ -1042,7 +1040,7 @@ internal class TokenRequestValidator : ITokenRequestValidator ///////////////////////////////////////////// // validate custom grant type ///////////////////////////////////////////// - var result = await _extensionGrantValidator.ValidateAsync(_validatedRequest, _ct); + var result = await _extensionGrantValidator.ValidateAsync(_validatedRequest, ct); if (result == null) { @@ -1074,7 +1072,7 @@ internal class TokenRequestValidator : ITokenRequestValidator _validatedRequest.Client, IdentityServerConstants.ProfileIsActiveCallers.ExtensionGrantValidation); - await _profile.IsActiveAsync(isActiveCtx, _ct); + await _profile.IsActiveAsync(isActiveCtx, ct); if (isActiveCtx.IsActive == false) { @@ -1093,7 +1091,7 @@ internal class TokenRequestValidator : ITokenRequestValidator // todo: do we want to rework the semantics of these ignore params? // also seems like other workflows other than CC clients can omit scopes? - private async Task ValidateRequestedScopesAndResourcesAsync(NameValueCollection parameters, bool ignoreImplicitIdentityScopes = false, bool ignoreImplicitOfflineAccess = false) + private async Task ValidateRequestedScopesAndResourcesAsync(NameValueCollection parameters, Ct ct, bool ignoreImplicitIdentityScopes = false, bool ignoreImplicitOfflineAccess = false) { var scopes = parameters.Get(OidcConstants.TokenRequest.Scope); if (scopes.IsMissing()) @@ -1106,12 +1104,12 @@ internal class TokenRequestValidator : ITokenRequestValidator var clientAllowedScopes = new List(); if (!ignoreImplicitIdentityScopes) { - var resources = await _resourceStore.FindResourcesByScopeAsync(_validatedRequest.Client.AllowedScopes, _ct); + var resources = await _resourceStore.FindResourcesByScopeAsync(_validatedRequest.Client.AllowedScopes, ct); clientAllowedScopes.AddRange(resources.ToScopeNames().Where(x => _validatedRequest.Client.AllowedScopes.Contains(x))); } else { - var apiScopes = await _resourceStore.FindApiScopesByNameAsync(_validatedRequest.Client.AllowedScopes, _ct); + var apiScopes = await _resourceStore.FindApiScopesByNameAsync(_validatedRequest.Client.AllowedScopes, ct); clientAllowedScopes.AddRange(apiScopes.Select(x => x.Name)); } @@ -1157,7 +1155,7 @@ internal class TokenRequestValidator : ITokenRequestValidator Client = _validatedRequest.Client, Scopes = requestedScopes, ResourceIndicators = resourceIndicators, - }, _ct); + }, ct); if (!resourceValidationResult.Succeeded) { @@ -1280,15 +1278,15 @@ internal class TokenRequestValidator : ITokenRequestValidator private void LogSuccess() => LogWithRequestDetails(LogLevel.Information, "Token request validation success"); - private Task RaiseSuccessfulResourceOwnerAuthenticationEventAsync(string userName, string subjectId, string clientId) + private Task RaiseSuccessfulResourceOwnerAuthenticationEventAsync(string userName, string subjectId, string clientId, Ct ct) { Telemetry.Metrics.ResourceOwnerAuthentication(clientId); - return _events.RaiseAsync(new UserLoginSuccessEvent(userName, subjectId, null, interactive: false, clientId), _ct); + return _events.RaiseAsync(new UserLoginSuccessEvent(userName, subjectId, null, interactive: false, clientId), ct); } - private Task RaiseFailedResourceOwnerAuthenticationEventAsync(string userName, string error, string clientId) + private Task RaiseFailedResourceOwnerAuthenticationEventAsync(string userName, string error, string clientId, Ct ct) { Telemetry.Metrics.ResourceOwnerAuthenticationFailure(clientId, error); - return _events.RaiseAsync(new UserLoginFailureEvent(userName, error, interactive: false, clientId: clientId), _ct); + return _events.RaiseAsync(new UserLoginFailureEvent(userName, error, interactive: false, clientId: clientId), ct); } } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ClientCredentials_Invalid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ClientCredentials_Invalid.cs index 88de8f2fd..37d9e54cf 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ClientCredentials_Invalid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ClientCredentials_Invalid.cs @@ -27,7 +27,7 @@ public class TokenRequestValidation_ClientCredentials_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.ClientCredentials); parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.UnauthorizedClient); @@ -45,7 +45,7 @@ public class TokenRequestValidation_ClientCredentials_Invalid { OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.ClientCredentials } }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); result.ValidatedRequest.ValidatedResources.Resources.ApiResources.Select(x => x.Name).ShouldBe(["api", "urn:api1", "urn:api2", "urn:api3"]); @@ -63,7 +63,7 @@ public class TokenRequestValidation_ClientCredentials_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.ClientCredentials); parameters.Add(OidcConstants.TokenRequest.Scope, "unknown"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidScope); @@ -80,7 +80,7 @@ public class TokenRequestValidation_ClientCredentials_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.ClientCredentials); parameters.Add(OidcConstants.TokenRequest.Scope, "resource unknown"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidScope); @@ -97,7 +97,7 @@ public class TokenRequestValidation_ClientCredentials_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.ClientCredentials); parameters.Add(OidcConstants.TokenRequest.Scope, "resource2"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidScope); @@ -114,7 +114,7 @@ public class TokenRequestValidation_ClientCredentials_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.ClientCredentials); parameters.Add(OidcConstants.TokenRequest.Scope, "resource resource2"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidScope); @@ -133,7 +133,7 @@ public class TokenRequestValidation_ClientCredentials_Invalid { OidcConstants.TokenRequest.Scope, "openid" } }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidScope); @@ -150,7 +150,7 @@ public class TokenRequestValidation_ClientCredentials_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.ClientCredentials); parameters.Add(OidcConstants.TokenRequest.Scope, "resource offline_access"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidScope); @@ -170,7 +170,7 @@ public class TokenRequestValidation_ClientCredentials_Invalid { parameters[OidcConstants.TokenRequest.Resource] = "urn:api1" + new string('x', 512); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidTarget); @@ -178,7 +178,7 @@ public class TokenRequestValidation_ClientCredentials_Invalid { parameters[OidcConstants.TokenRequest.Resource] = "api"; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); } @@ -186,7 +186,7 @@ public class TokenRequestValidation_ClientCredentials_Invalid parameters[OidcConstants.TokenRequest.Resource] = "urn:api1"; parameters.Add(OidcConstants.TokenRequest.Resource, "urn:api2"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Code_Invalid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Code_Invalid.cs index a61214cf3..ec53b13cc 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Code_Invalid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Code_Invalid.cs @@ -49,7 +49,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -82,7 +82,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.Code, "invalid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -117,7 +117,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.Code, longCode); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -150,7 +150,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); OidcConstants.TokenErrors.InvalidRequest.ShouldBe(result.Error); @@ -183,7 +183,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.UnauthorizedClient); @@ -217,7 +217,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client2.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client2.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -249,7 +249,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, handle); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.UnauthorizedClient); @@ -282,7 +282,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server2/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -315,7 +315,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -353,7 +353,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); // request first time - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); @@ -361,7 +361,7 @@ public class TokenRequestValidation_Code_Invalid validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store); - result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -398,7 +398,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -437,7 +437,7 @@ public class TokenRequestValidation_Code_Invalid parameters.Add(OidcConstants.TokenRequest.Resource, "urn:api1" + new string('x', 512)); { - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); @@ -445,14 +445,14 @@ public class TokenRequestValidation_Code_Invalid { parameters[OidcConstants.TokenRequest.Resource] = "api"; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); } { parameters[OidcConstants.TokenRequest.Resource] = "urn:api3"; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); } @@ -460,7 +460,7 @@ public class TokenRequestValidation_Code_Invalid parameters[OidcConstants.TokenRequest.Resource] = "urn:api1"; parameters.Add(OidcConstants.TokenRequest.Resource, "urn:api2"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); } @@ -502,7 +502,7 @@ public class TokenRequestValidation_Code_Invalid { InvalidScopes = { "foo" } }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_scope"); @@ -536,7 +536,7 @@ public class TokenRequestValidation_Code_Invalid { InvalidResourceIndicators = { "foo" } }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_DeviceCode_Invalid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_DeviceCode_Invalid.cs index 023e3f898..ba491748c 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_DeviceCode_Invalid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_DeviceCode_Invalid.cs @@ -44,7 +44,7 @@ public class TokenRequestValidation_DeviceCode_Invalid {OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.DeviceCode} }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidRequest); } @@ -65,7 +65,7 @@ public class TokenRequestValidation_DeviceCode_Invalid {"device_code", longCode} }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); } @@ -84,7 +84,7 @@ public class TokenRequestValidation_DeviceCode_Invalid {"device_code", Guid.NewGuid().ToString()} }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.UnauthorizedClient); } @@ -103,7 +103,7 @@ public class TokenRequestValidation_DeviceCode_Invalid {"device_code", Guid.NewGuid().ToString()} }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldNotBeNull(); } @@ -123,7 +123,7 @@ public class TokenRequestValidation_DeviceCode_Invalid { OidcConstants.TokenRequest.Resource, "api" } }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); } @@ -143,7 +143,7 @@ public class TokenRequestValidation_DeviceCode_Invalid { OidcConstants.TokenRequest.Resource, "urn:api1" } }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ExtensionGrants_Invalid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ExtensionGrants_Invalid.cs index 3036c215c..f9796b184 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ExtensionGrants_Invalid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ExtensionGrants_Invalid.cs @@ -29,7 +29,7 @@ public class TokenRequestValidation_ExtensionGrants_Invalid { OidcConstants.TokenRequest.Scope, "resource" } }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.UnsupportedGrantType); @@ -49,7 +49,7 @@ public class TokenRequestValidation_ExtensionGrants_Invalid { OidcConstants.TokenRequest.Scope, "resource" } }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.UnsupportedGrantType); @@ -69,7 +69,7 @@ public class TokenRequestValidation_ExtensionGrants_Invalid { OidcConstants.TokenRequest.Scope, "resource" } }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -93,7 +93,7 @@ public class TokenRequestValidation_ExtensionGrants_Invalid var result = await validator.ValidateRequestAsync( parameters, - client.ToValidationResult()); + client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_General_Invalid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_General_Invalid.cs index baba8ad17..1a47d8371 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_General_Invalid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_General_Invalid.cs @@ -26,7 +26,7 @@ public class TokenRequestValidation_General_Invalid { var validator = Factory.CreateTokenRequestValidator(); - Func act = () => validator.ValidateRequestAsync(null, null); + Func act = () => validator.ValidateRequestAsync(null, null, _ct); await act.ShouldThrowAsync(); } @@ -42,7 +42,7 @@ public class TokenRequestValidation_General_Invalid parameters.Add(OidcConstants.TokenRequest.Code, "valid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - Func act = () => validator.ValidateRequestAsync(parameters, null); + Func act = () => validator.ValidateRequestAsync(parameters, null, _ct); await act.ShouldThrowAsync(); } @@ -74,7 +74,7 @@ public class TokenRequestValidation_General_Invalid parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.UnsupportedGrantType); @@ -93,7 +93,7 @@ public class TokenRequestValidation_General_Invalid var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, "client_credentials"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidClient); @@ -125,7 +125,7 @@ public class TokenRequestValidation_General_Invalid parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.UnsupportedGrantType); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Invalid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Invalid.cs index 48d6feb2e..3369b9e5f 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Invalid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Invalid.cs @@ -52,7 +52,7 @@ public class TokenRequestValidation_Invalid { OidcConstants.TokenRequest.RefreshToken, handle } }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_PKCE.cs b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_PKCE.cs index 5c64cfb8e..abb28b81c 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_PKCE.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_PKCE.cs @@ -60,7 +60,7 @@ public class TokenRequestValidation_PKCE parameters.Add(OidcConstants.TokenRequest.CodeVerifier, verifier); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -100,7 +100,7 @@ public class TokenRequestValidation_PKCE parameters.Add(OidcConstants.TokenRequest.CodeVerifier, verifier); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -144,7 +144,7 @@ public class TokenRequestValidation_PKCE parameters.Add(OidcConstants.TokenRequest.CodeVerifier, verifier); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -180,7 +180,7 @@ public class TokenRequestValidation_PKCE parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -220,7 +220,7 @@ public class TokenRequestValidation_PKCE parameters.Add(OidcConstants.TokenRequest.CodeVerifier, "x".Repeat(lengths.CodeVerifierMinLength)); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -263,7 +263,7 @@ public class TokenRequestValidation_PKCE parameters.Add(OidcConstants.TokenRequest.CodeVerifier, verifier + "invalid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -308,7 +308,7 @@ public class TokenRequestValidation_PKCE parameters.Add(OidcConstants.TokenRequest.CodeVerifier, verifier + "invalid"); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_RefreshToken_Invalid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_RefreshToken_Invalid.cs index d428c1b6f..0e9b87caf 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_RefreshToken_Invalid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_RefreshToken_Invalid.cs @@ -34,7 +34,7 @@ public class TokenRequestValidation_RefreshToken_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token"); parameters.Add(OidcConstants.TokenRequest.RefreshToken, "nonexistent"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -54,7 +54,7 @@ public class TokenRequestValidation_RefreshToken_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token"); parameters.Add(OidcConstants.TokenRequest.RefreshToken, longRefreshToken); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -82,7 +82,7 @@ public class TokenRequestValidation_RefreshToken_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token"); parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -109,7 +109,7 @@ public class TokenRequestValidation_RefreshToken_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token"); parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -138,7 +138,7 @@ public class TokenRequestValidation_RefreshToken_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token"); parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -171,7 +171,7 @@ public class TokenRequestValidation_RefreshToken_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token"); parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -203,7 +203,7 @@ public class TokenRequestValidation_RefreshToken_Invalid { parameters[OidcConstants.TokenRequest.Resource] = "urn:api1" + new string('x', 512); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidTarget); @@ -211,7 +211,7 @@ public class TokenRequestValidation_RefreshToken_Invalid { parameters[OidcConstants.TokenRequest.Resource] = "api"; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); } @@ -219,7 +219,7 @@ public class TokenRequestValidation_RefreshToken_Invalid parameters[OidcConstants.TokenRequest.Resource] = "urn:api1"; parameters.Add(OidcConstants.TokenRequest.Resource, "urn:api2"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); } @@ -255,7 +255,7 @@ public class TokenRequestValidation_RefreshToken_Invalid { InvalidScopes = { "foo" } }; - var result = await validator.ValidateRequestAsync(parameters, client); + var result = await validator.ValidateRequestAsync(parameters, client, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_scope"); @@ -281,7 +281,7 @@ public class TokenRequestValidation_RefreshToken_Invalid { InvalidResourceIndicators = { "foo" } }; - var result = await validator.ValidateRequestAsync(parameters, client); + var result = await validator.ValidateRequestAsync(parameters, client, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); @@ -313,7 +313,7 @@ public class TokenRequestValidation_RefreshToken_Invalid parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle); parameters.Add("resource", "urn:api3"); - var result = await validator.ValidateRequestAsync(parameters, client); + var result = await validator.ValidateRequestAsync(parameters, client, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ResourceOwner_Invalid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ResourceOwner_Invalid.cs index 918fb9741..ef52d8d14 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ResourceOwner_Invalid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_ResourceOwner_Invalid.cs @@ -30,7 +30,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.Password); parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.UnauthorizedClient); @@ -49,7 +49,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.UserName, "bob"); parameters.Add(OidcConstants.TokenRequest.Password, "bob"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidScope); @@ -68,7 +68,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.UserName, "bob"); parameters.Add(OidcConstants.TokenRequest.Password, "bob"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidScope); @@ -87,7 +87,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.UserName, "bob"); parameters.Add(OidcConstants.TokenRequest.Password, "bob"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidScope); @@ -106,7 +106,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.UserName, "bob"); parameters.Add(OidcConstants.TokenRequest.Password, "bob"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidScope); @@ -123,7 +123,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.Password); parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -141,7 +141,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); parameters.Add(OidcConstants.TokenRequest.Password, "bob"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -160,7 +160,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.UserName, "bob"); parameters.Add(OidcConstants.TokenRequest.Password, "notbob"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -179,7 +179,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); parameters.Add(OidcConstants.TokenRequest.UserName, "bob_with_password"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); } @@ -197,7 +197,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.UserName, "bob"); parameters.Add(OidcConstants.TokenRequest.Password, "bob"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.UnsupportedGrantType); @@ -217,7 +217,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.UserName, "bob"); parameters.Add(OidcConstants.TokenRequest.Password, "bob"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -236,7 +236,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid parameters.Add(OidcConstants.TokenRequest.UserName, "bob"); parameters.Add(OidcConstants.TokenRequest.Password, "notbob"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidGrant); @@ -263,7 +263,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid { InvalidScopes = { "foo" } }; - var result = await validator.ValidateRequestAsync(parameters, client); + var result = await validator.ValidateRequestAsync(parameters, client, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_scope"); @@ -274,7 +274,7 @@ public class TokenRequestValidation_ResourceOwner_Invalid { InvalidResourceIndicators = { "foo" } }; - var result = await validator.ValidateRequestAsync(parameters, client); + var result = await validator.ValidateRequestAsync(parameters, client, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Valid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Valid.cs index 5fce427bb..dcbd481e3 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Valid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/TokenRequest Validation/TokenRequestValidation_Valid.cs @@ -32,7 +32,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); parameters.Add(OidcConstants.TokenRequest.UserName, "bob_no_password"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); result.ValidatedRequest.UserName.ShouldBe("bob_no_password"); @@ -68,7 +68,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -104,7 +104,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -121,7 +121,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.ClientCredentials); parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -138,7 +138,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.ClientCredentials); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -155,7 +155,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.ClientCredentials); parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -172,7 +172,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.ClientCredentials); parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -191,7 +191,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.Password, "bob"); parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -210,7 +210,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.Password, "bob"); parameters.Add(OidcConstants.TokenRequest.Scope, "resource offline_access"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -229,7 +229,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.Password, "bob"); parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -246,7 +246,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.GrantType, "custom_grant"); parameters.Add(OidcConstants.TokenRequest.Scope, "resource"); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -283,7 +283,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token"); parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -315,7 +315,7 @@ public class TokenRequestValidation_Valid parameters.Add(OidcConstants.TokenRequest.GrantType, "refresh_token"); parameters.Add(OidcConstants.TokenRequest.RefreshToken, handle); - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } @@ -346,7 +346,7 @@ public class TokenRequestValidation_Valid {"device_code", Guid.NewGuid().ToString()} }; - var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); + var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult(), _ct); result.IsError.ShouldBeFalse(); } }