diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs index 10ae285e9..55ab6f1ab 100644 --- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs +++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationMiddleware.cs @@ -63,6 +63,11 @@ public OAuthAuthenticationMiddleware( throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.Exception_OptionMustBeProvided, nameof(Options.TokenEndpoint))); } + if (Options.Notifications == null) + { + Options.Notifications = new OAuthAuthenticationNotifications(); + } + if (Options.StateDataFormat == null) { var dataProtector = dataProtectionProvider.CreateProtector( diff --git a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs index 2796acfd1..96cf1e9cf 100644 --- a/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs +++ b/src/Microsoft.AspNet.Authentication.OAuth/OAuthAuthenticationOptions.cs @@ -7,7 +7,6 @@ using System.Security.Claims; using Microsoft.AspNet.Http; using Microsoft.AspNet.Http.Authentication; -using Microsoft.Framework.Internal; namespace Microsoft.AspNet.Authentication.OAuth { @@ -83,7 +82,7 @@ public string Caption /// /// Gets or sets the used to handle authentication events. /// - public IOAuthAuthenticationNotifications Notifications { get; [param: NotNull] set; } = new OAuthAuthenticationNotifications(); + public IOAuthAuthenticationNotifications Notifications { get; set; } = new OAuthAuthenticationNotifications(); /// /// A list of permissions to request. diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs index 9fcd66c5d..2fa9ddd2b 100644 --- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs +++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationMiddleware.cs @@ -2,12 +2,8 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; -using System.Collections.Generic; using System.Diagnostics.CodeAnalysis; -using System.IdentityModel.Tokens; -using System.IdentityModel.Tokens.Jwt; using System.Net.Http; -using Microsoft.AspNet.Authentication; using Microsoft.AspNet.Builder; using Microsoft.Framework.Internal; using Microsoft.Framework.Logging; @@ -43,11 +39,6 @@ public OAuthBearerAuthenticationMiddleware( Options.Notifications = new OAuthBearerAuthenticationNotifications(); } - if (Options.SecurityTokenValidators == null) - { - Options.SecurityTokenValidators = new List { new JwtSecurityTokenHandler() }; - } - if (string.IsNullOrEmpty(Options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(Options.Audience)) { Options.TokenValidationParameters.ValidAudience = Options.Audience; diff --git a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs index c8b63c9b5..456236f4a 100644 --- a/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs +++ b/src/Microsoft.AspNet.Authentication.OAuthBearer/OAuthBearerAuthenticationOptions.cs @@ -4,8 +4,8 @@ using System; using System.Collections.Generic; using System.IdentityModel.Tokens; +using System.IdentityModel.Tokens.Jwt; using System.Net.Http; -using Microsoft.Framework.Internal; using Microsoft.IdentityModel.Protocols; using Microsoft.IdentityModel.Protocols.OpenIdConnect; @@ -16,21 +16,12 @@ namespace Microsoft.AspNet.Authentication.OAuthBearer /// public class OAuthBearerAuthenticationOptions : AuthenticationOptions { - private ICollection _securityTokenValidators; - private TokenValidationParameters _tokenValidationParameters; - /// /// Creates an instance of bearer authentication options with default values. /// public OAuthBearerAuthenticationOptions() : base() { AuthenticationScheme = OAuthBearerAuthenticationDefaults.AuthenticationScheme; - BackchannelTimeout = TimeSpan.FromMinutes(1); - Challenge = OAuthBearerAuthenticationDefaults.AuthenticationScheme; - Notifications = new OAuthBearerAuthenticationNotifications(); - RefreshOnIssuerKeyNotFound = true; - SystemClock = new SystemClock(); - TokenValidationParameters = new TokenValidationParameters(); } /// @@ -54,15 +45,14 @@ public OAuthBearerAuthenticationOptions() : base() /// /// Gets or sets the challenge to put in the "WWW-Authenticate" header. /// - /// TODO - brentschmaltz, should not be null. - public string Challenge { get; set; } + public string Challenge { get; set; } = OAuthBearerAuthenticationDefaults.AuthenticationScheme; /// /// The object provided by the application to process events raised by the bearer authentication middleware. /// The application may implement the interface fully, or it may create an instance of OAuthBearerAuthenticationProvider /// and assign delegates only to the events it wants to process. /// - public OAuthBearerAuthenticationNotifications Notifications { get; set; } + public OAuthBearerAuthenticationNotifications Notifications { get; set; } = new OAuthBearerAuthenticationNotifications(); /// /// The HttpMessageHandler used to retrieve metadata. @@ -74,7 +64,7 @@ public OAuthBearerAuthenticationOptions() : base() /// /// Gets or sets the timeout when using the backchannel to make an http call. /// - public TimeSpan BackchannelTimeout { get; set; } + public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromMinutes(1); #if DNX451 /// @@ -104,48 +94,24 @@ public OAuthBearerAuthenticationOptions() : base() /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic /// recovery in the event of a signature key rollover. This is enabled by default. /// - public bool RefreshOnIssuerKeyNotFound { get; set; } + public bool RefreshOnIssuerKeyNotFound { get; set; } = true; /// /// Used to know what the current clock time is when calculating or validating token expiration. When not assigned default is based on /// DateTimeOffset.UtcNow. This is typically needed only for unit testing. /// - public ISystemClock SystemClock { get; set; } + public ISystemClock SystemClock { get; set; } = new SystemClock(); /// - /// Gets or sets the for validating tokens. + /// Gets the ordered list of used to validate access tokens. /// - /// if 'value' is null. - public ICollection SecurityTokenValidators - { - get - { - return _securityTokenValidators; - } - - [param: NotNull] - set - { - _securityTokenValidators = value; - } - } + public IList SecurityTokenValidators { get; } = new List { new JwtSecurityTokenHandler() }; /// - /// Gets or sets the TokenValidationParameters + /// Gets or sets the parameters used to validate identity tokens. /// /// Contains the types and definitions required for validating a token. /// if 'value' is null. - public TokenValidationParameters TokenValidationParameters - { - get - { - return _tokenValidationParameters; - } - [param: NotNull] - set - { - _tokenValidationParameters = value; - } - } + public TokenValidationParameters TokenValidationParameters { get; set; } = new TokenValidationParameters(); } } diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs index df1be7876..6b457df15 100644 --- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs +++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs @@ -141,7 +141,7 @@ protected override async Task HandleUnauthorizedAsync([NotNull] ChallengeC RequestType = OpenIdConnectRequestType.AuthenticationRequest, Resource = Options.Resource, ResponseType = Options.ResponseType, - Scope = Options.Scope + Scope = string.Join(" ", Options.Scope) }; // Omitting the response_mode parameter when it already corresponds to the default @@ -827,17 +827,14 @@ private AuthenticationTicket ValidateToken(string idToken, OpenIdConnectMessage SecurityToken validatedToken = null; ClaimsPrincipal principal = null; - foreach (var validator in Options.SecurityTokenValidators) + if (Options.SecurityTokenValidator.CanReadToken(idToken)) { - if (validator.CanReadToken(idToken)) + principal = Options.SecurityTokenValidator.ValidateToken(idToken, validationParameters, out validatedToken); + jwt = validatedToken as JwtSecurityToken; + if (jwt == null) { - principal = validator.ValidateToken(idToken, validationParameters, out validatedToken); - jwt = validatedToken as JwtSecurityToken; - if (jwt == null) - { - Logger.LogError(Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType()); - throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType())); - } + Logger.LogError(Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType()); + throw new SecurityTokenException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0010_ValidatedSecurityTokenNotJwt, validatedToken?.GetType())); } } diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs index f08577d0e..e4bef30db 100644 --- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs +++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs @@ -2,10 +2,7 @@ // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. using System; -using System.Collections.ObjectModel; using System.Diagnostics.CodeAnalysis; -using System.IdentityModel.Tokens; -using System.IdentityModel.Tokens.Jwt; using System.Net.Http; using System.Text; using Microsoft.AspNet.Builder; @@ -60,10 +57,10 @@ public OpenIdConnectAuthenticationMiddleware( if (Options.StateDataFormat == null) { var dataProtector = dataProtectionProvider.CreateProtector( - typeof(OpenIdConnectAuthenticationMiddleware).FullName, - typeof(string).FullName, + typeof(OpenIdConnectAuthenticationMiddleware).FullName, + typeof(string).FullName, Options.AuthenticationScheme, - "v1"); + "v1"); Options.StateDataFormat = new PropertiesDataFormat(dataProtector); } @@ -78,11 +75,6 @@ public OpenIdConnectAuthenticationMiddleware( Options.StringDataFormat = new SecureDataFormat(new StringSerializer(), dataProtector, TextEncodings.Base64Url); } - - if (Options.SecurityTokenValidators == null) - { - Options.SecurityTokenValidators = new Collection { new JwtSecurityTokenHandler() }; - } // if the user has not set the AuthorizeCallback, set it from the redirect_uri if (!Options.CallbackPath.HasValue) diff --git a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs index 85ff60903..70809636c 100644 --- a/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs +++ b/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs @@ -5,11 +5,12 @@ using System.Collections.Generic; using System.Diagnostics.CodeAnalysis; using System.IdentityModel.Tokens; +using System.IdentityModel.Tokens.Jwt; using System.Net.Http; +using System.Security.Claims; using Microsoft.AspNet.Http; using Microsoft.AspNet.Http.Authentication; using Microsoft.Framework.Caching.Distributed; -using Microsoft.Framework.Internal; using Microsoft.IdentityModel.Protocols; using Microsoft.IdentityModel.Protocols.OpenIdConnect; @@ -20,13 +21,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect /// public class OpenIdConnectAuthenticationOptions : AuthenticationOptions { - private TimeSpan _backchannelTimeout; - private OpenIdConnectProtocolValidator _protocolValidator; - private ICollection _securityTokenValidators; - private ISecureDataFormat _stateDataFormat; - private ISecureDataFormat _stringDataFormat; - private TokenValidationParameters _tokenValidationParameters; - /// /// Initializes a new /// @@ -55,16 +49,7 @@ public OpenIdConnectAuthenticationOptions() public OpenIdConnectAuthenticationOptions(string authenticationScheme) { AuthenticationScheme = authenticationScheme; - BackchannelTimeout = TimeSpan.FromMinutes(1); Caption = OpenIdConnectAuthenticationDefaults.Caption; - GetClaimsFromUserInfoEndpoint = false; - ProtocolValidator = new OpenIdConnectProtocolValidator() { RequireState = false }; - RefreshOnIssuerKeyNotFound = true; - ResponseMode = OpenIdConnectResponseModes.FormPost; - ResponseType = OpenIdConnectResponseTypes.CodeIdToken; - Scope = OpenIdConnectScopes.OpenIdProfile; - TokenValidationParameters = new TokenValidationParameters(); - UseTokenLifetime = true; } /// @@ -103,23 +88,7 @@ public OpenIdConnectAuthenticationOptions(string authenticationScheme) /// Gets or sets the timeout when using the backchannel to make an http call. /// [SuppressMessage("Microsoft.Usage", "CA2208:InstantiateArgumentExceptionsCorrectly", Justification = "By design we use the property name in the exception")] - public TimeSpan BackchannelTimeout - { - get - { - return _backchannelTimeout; - } - - set - { - if (value <= TimeSpan.Zero) - { - throw new ArgumentOutOfRangeException(nameof(BackchannelTimeout), value, Resources.OIDCH_0101_BackChallnelLessThanZero); - } - - _backchannelTimeout = value; - } - } + public TimeSpan BackchannelTimeout { get; set; } = TimeSpan.FromSeconds(60); /// /// Get or sets the text that the user can display on a sign in user interface. @@ -192,25 +161,14 @@ public string Caption /// /// Gets or sets the to notify when processing OpenIdConnect messages. /// - public OpenIdConnectAuthenticationNotifications Notifications { get; set; } + public OpenIdConnectAuthenticationNotifications Notifications { get; set; } = new OpenIdConnectAuthenticationNotifications(); /// /// Gets or sets the that is used to ensure that the 'id_token' received /// is valid per: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation /// /// if 'value' is null. - public OpenIdConnectProtocolValidator ProtocolValidator - { - get - { - return _protocolValidator; - } - [param: NotNull] - set - { - _protocolValidator = value; - } - } + public OpenIdConnectProtocolValidator ProtocolValidator { get; set; } = new OpenIdConnectProtocolValidator { RequireState = false }; /// /// Gets or sets the 'post_logout_redirect_uri' @@ -230,7 +188,7 @@ public OpenIdConnectProtocolValidator ProtocolValidator /// Gets or sets if a metadata refresh should be attempted after a SecurityTokenSignatureKeyNotFoundException. This allows for automatic /// recovery in the event of a signature key rollover. This is enabled by default. /// - public bool RefreshOnIssuerKeyNotFound { get; set; } + public bool RefreshOnIssuerKeyNotFound { get; set; } = true; /// /// Gets or sets the 'resource'. @@ -240,103 +198,49 @@ public OpenIdConnectProtocolValidator ProtocolValidator /// /// Gets or sets the 'response_mode'. /// - public string ResponseMode { get; set; } + public string ResponseMode { get; set; } = OpenIdConnectResponseModes.FormPost; /// /// Gets or sets the 'response_type'. /// - public string ResponseType { get; set; } + public string ResponseType { get; set; } = OpenIdConnectResponseTypes.CodeIdToken; /// - /// Gets or sets the 'scope'. + /// Gets the list of permissions to request. /// - public string Scope { get; set; } + public IList Scope { get; } = new List { "openid", "profile" }; /// - /// Gets or sets the SignInScheme which will be used to set the . + /// Gets or sets the SignInScheme which will be used to set the . /// public string SignInScheme { get; set; } /// /// Gets or sets the type used to secure data handled by the middleware. /// - public ISecureDataFormat StateDataFormat - { - get - { - return _stateDataFormat; - } - [param: NotNull] - set - { - _stateDataFormat = value; - } - } + public ISecureDataFormat StateDataFormat { get; set; } /// /// Gets or sets the type used to secure strings used by the middleware. /// - public ISecureDataFormat StringDataFormat - { - get - { - return _stringDataFormat; - } - [param: NotNull] - set - { - _stringDataFormat = value; - } - } + public ISecureDataFormat StringDataFormat { get; set; } /// - /// Gets or sets the for validating tokens. + /// Gets or sets the used to validate identity tokens. /// - /// if 'value' is null. - public ICollection SecurityTokenValidators - { - get - { - return _securityTokenValidators; - } - - set - { - if (value == null) - { - throw new ArgumentNullException("SecurityTokenValidators"); - } - - _securityTokenValidators = value; - } - } + public ISecurityTokenValidator SecurityTokenValidator { get; set; } = new JwtSecurityTokenHandler(); /// - /// Gets or sets the TokenValidationParameters + /// Gets or sets the parameters used to validate identity tokens. /// /// Contains the types and definitions required for validating a token. - public TokenValidationParameters TokenValidationParameters - { - get - { - return _tokenValidationParameters; - } - [param: NotNull] - set - { - _tokenValidationParameters = value; - } - } + public TokenValidationParameters TokenValidationParameters { get; set; } = new TokenValidationParameters(); /// /// Indicates that the authentication session lifetime (e.g. cookies) should match that of the authentication token. /// If the token does not provide lifetime information then normal session lifetimes will be used. /// This is enabled by default. /// - public bool UseTokenLifetime - { - get; - set; - } + public bool UseTokenLifetime { get; set; } = true; } } diff --git a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs index ce481bf6a..2331c9816 100644 --- a/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs +++ b/test/Microsoft.AspNet.Authentication.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs @@ -29,10 +29,7 @@ public async Task BearerTokenValidation() options.Authority = "https://login.windows.net/tushartest.onmicrosoft.com"; options.Audience = "https://TusharTest.onmicrosoft.com/TodoListService-ManualJwt"; - options.TokenValidationParameters = new TokenValidationParameters - { - ValidateLifetime = false - }; + options.TokenValidationParameters.ValidateLifetime = false; }); var newBearerToken = "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImtyaU1QZG1Cdng2OHNrVDgtbVBBQjNCc2VlQSJ9.eyJhdWQiOiJodHRwczovL1R1c2hhclRlc3Qub25taWNyb3NvZnQuY29tL1RvZG9MaXN0U2VydmljZS1NYW51YWxKd3QiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9hZmJlY2UwMy1hZWFhLTRmM2YtODVlNy1jZTA4ZGQyMGNlNTAvIiwiaWF0IjoxNDE4MzMwNjE0LCJuYmYiOjE0MTgzMzA2MTQsImV4cCI6MTQxODMzNDUxNCwidmVyIjoiMS4wIiwidGlkIjoiYWZiZWNlMDMtYWVhYS00ZjNmLTg1ZTctY2UwOGRkMjBjZTUwIiwiYW1yIjpbInB3ZCJdLCJvaWQiOiI1Mzk3OTdjMi00MDE5LTQ2NTktOWRiNS03MmM0Yzc3NzhhMzMiLCJ1cG4iOiJWaWN0b3JAVHVzaGFyVGVzdC5vbm1pY3Jvc29mdC5jb20iLCJ1bmlxdWVfbmFtZSI6IlZpY3RvckBUdXNoYXJUZXN0Lm9ubWljcm9zb2Z0LmNvbSIsInN1YiI6IkQyMm9aMW9VTzEzTUFiQXZrdnFyd2REVE80WXZJdjlzMV9GNWlVOVUwYnciLCJmYW1pbHlfbmFtZSI6Ikd1cHRhIiwiZ2l2ZW5fbmFtZSI6IlZpY3RvciIsImFwcGlkIjoiNjEzYjVhZjgtZjJjMy00MWI2LWExZGMtNDE2Yzk3ODAzMGI3IiwiYXBwaWRhY3IiOiIwIiwic2NwIjoidXNlcl9pbXBlcnNvbmF0aW9uIiwiYWNyIjoiMSJ9.N_Kw1EhoVGrHbE6hOcm7ERdZ7paBQiNdObvp2c6T6n5CE8p0fZqmUd-ya_EqwElcD6SiKSiP7gj0gpNUnOJcBl_H2X8GseaeeMxBrZdsnDL8qecc6_ygHruwlPltnLTdka67s1Ow4fDSHaqhVTEk6lzGmNEcbNAyb0CxQxU6o7Fh0yHRiWoLsT8yqYk8nKzsHXfZBNby4aRo3_hXaa4i0SZLYfDGGYPdttG4vT_u54QGGd4Wzbonv2gjDlllOVGOwoJS6kfl1h8mk0qxdiIaT_ChbDWgkWvTB7bTvBE-EgHgV0XmAo0WtJeSxgjsG3KhhEPsONmqrSjhIUV4IVnF2w"; @@ -167,7 +164,7 @@ public async Task CustomTokenValidated() return Task.FromResult(null); }; - options.SecurityTokenValidators = new[] { new BlobTokenValidator(options.AuthenticationScheme) }; + options.SecurityTokenValidators.Add(new BlobTokenValidator(options.AuthenticationScheme)); }); var response = await SendAsync(server, "http://example.com/oauth", "Bearer someblob"); diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs index 5dc58c673..cef7567f1 100644 --- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs +++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs @@ -3,7 +3,6 @@ using System; using System.Collections.Generic; -using System.Collections.ObjectModel; using System.Diagnostics; using System.IdentityModel.Tokens; using System.IdentityModel.Tokens.Jwt; @@ -273,7 +272,7 @@ private static void DefaultOptions(OpenIdConnectAuthenticationOptions options) private static void AuthorizationCodeReceivedHandledOptions(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); - options.SecurityTokenValidators = new Collection { MockSecurityTokenValidator() }; + options.SecurityTokenValidator = MockSecurityTokenValidator(); options.ProtocolValidator = MockProtocolValidator(); options.Notifications = new OpenIdConnectAuthenticationNotifications @@ -289,7 +288,7 @@ private static void AuthorizationCodeReceivedHandledOptions(OpenIdConnectAuthent private static void AuthorizationCodeReceivedSkippedOptions(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); - options.SecurityTokenValidators = new Collection { MockSecurityTokenValidator() }; + options.SecurityTokenValidator = MockSecurityTokenValidator(); options.ProtocolValidator = MockProtocolValidator(); options.Notifications = new OpenIdConnectAuthenticationNotifications @@ -305,7 +304,7 @@ private static void AuthorizationCodeReceivedSkippedOptions(OpenIdConnectAuthent private static void AuthenticationErrorHandledOptions(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); - options.SecurityTokenValidators = new Collection { MockSecurityTokenValidator() }; + options.SecurityTokenValidator = MockSecurityTokenValidator(); options.ProtocolValidator = MockProtocolValidator(); options.Notifications = new OpenIdConnectAuthenticationNotifications @@ -321,7 +320,7 @@ private static void AuthenticationErrorHandledOptions(OpenIdConnectAuthenticatio private static void AuthenticationErrorSkippedOptions(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); - options.SecurityTokenValidators = new Collection { MockSecurityTokenValidator() }; + options.SecurityTokenValidator = MockSecurityTokenValidator(); options.ProtocolValidator = MockProtocolValidator(); options.Notifications = new OpenIdConnectAuthenticationNotifications @@ -387,7 +386,7 @@ private static void GetUserInfoFromUIEndpoint(OpenIdConnectAuthenticationOptions options.ProtocolValidator.RequireNonce = false; options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue(); options.GetClaimsFromUserInfoEndpoint = true; - options.SecurityTokenValidators = new Collection { MockSecurityTokenValidator() }; + options.SecurityTokenValidator = MockSecurityTokenValidator(); options.Notifications = new OpenIdConnectAuthenticationNotifications { @@ -469,7 +468,7 @@ private static void SecurityTokenValidatorCannotReadToken(OpenIdConnectAuthentic SecurityToken jwt = null; mockValidator.Setup(v => v.ValidateToken(It.IsAny(), It.IsAny(), out jwt)).Returns(new ClaimsPrincipal()); mockValidator.Setup(v => v.CanReadToken(It.IsAny())).Returns(false); - options.SecurityTokenValidators = new Collection { mockValidator.Object }; + options.SecurityTokenValidator = mockValidator.Object; } private static void SecurityTokenValidatorThrows(OpenIdConnectAuthenticationOptions options) @@ -479,13 +478,13 @@ private static void SecurityTokenValidatorThrows(OpenIdConnectAuthenticationOpti SecurityToken jwt = null; mockValidator.Setup(v => v.ValidateToken(It.IsAny(), It.IsAny(), out jwt)).Throws(); mockValidator.Setup(v => v.CanReadToken(It.IsAny())).Returns(true); - options.SecurityTokenValidators = new Collection { mockValidator.Object }; + options.SecurityTokenValidator = mockValidator.Object; } private static void SecurityTokenValidatorValidatesAllTokens(OpenIdConnectAuthenticationOptions options) { DefaultOptions(options); - options.SecurityTokenValidators = new Collection { MockSecurityTokenValidator() }; + options.SecurityTokenValidator = MockSecurityTokenValidator(); options.ProtocolValidator.RequireTimeStampInNonce = false; options.ProtocolValidator.RequireNonce = false; } diff --git a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs index 581f494c0..912a61047 100644 --- a/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs +++ b/test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs @@ -226,8 +226,13 @@ private void SetOptions(OpenIdConnectAuthenticationOptions options, List options.RedirectUri = queryValues.RedirectUri; else if (param.Equals(OpenIdConnectParameterNames.Resource)) options.Resource = queryValues.Resource; - else if (param.Equals(OpenIdConnectParameterNames.Scope)) - options.Scope = queryValues.Scope; + else if (param.Equals(OpenIdConnectParameterNames.Scope)) { + options.Scope.Clear(); + + foreach (var scope in queryValues.Scope.Split(' ')) { + options.Scope.Add(scope); + } + } } options.Authority = queryValues.Authority;