Add test of prompt=login and max_age=0 with PAR

DuendeSoftware · Jun 3, 2024 · c81af29 · c81af29
1 parent fa3c9cc
commit c81af29
Showing 1 changed file with 51 additions and 0 deletions.
diff --git a/test/IdentityServer.IntegrationTests/Endpoints/Authorize/PushedAuthorizationTests.cs b/test/IdentityServer.IntegrationTests/Endpoints/Authorize/PushedAuthorizationTests.cs
@@ -7,6 +7,7 @@
 using FluentAssertions;
 using IdentityModel;
 using IntegrationTests.Common;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net;
@@ -190,6 +191,56 @@ public async Task pushed_authorization_with_a_request_uri_fails(string requestUr
             .Should().Be(OidcConstants.AuthorizeErrors.InvalidRequest);
     }
 
+
+    [Theory]
+    [InlineData("prompt", "login")]
+    [InlineData("max_age", "0")]
+    public async Task prompt_login_can_be_used_with_pushed_authorization(string parameterName, string parameterValue)
+    {
+        // Login before we start (we expect to still be prompted to login because of the prompt param)
+        await _mockPipeline.LoginAsync("bob");
+        _mockPipeline.BrowserClient.AllowAutoRedirect = false;
+
+        // Push Authorization
+        var expectedCallback = _client.RedirectUris.First();
+        var expectedState = "123_state";
+        var (parJson, statusCode) = await _mockPipeline.PushAuthorizationRequestAsync(
+            redirectUri: expectedCallback,
+            state: expectedState,
+            extra: new Dictionary<string, string>
+            {
+                { parameterName, parameterValue }
+            }
+        );
+        statusCode.Should().Be(HttpStatusCode.Created);
+
+        // Authorize using pushed request
+        var authorizeUrl = _mockPipeline.CreateAuthorizeUrl(
+            clientId: "client1",
+            extra: new
+            {
+                request_uri = parJson.RootElement.GetProperty("request_uri").GetString()
+            });
+        var authorizeResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl);
+
+        // Verify that authorize redirects to login
+        authorizeResponse.Should().Be302Found();
+        authorizeResponse.Headers.Location.ToString().ToLower().Should().Match($"{IdentityServerPipeline.LoginPage.ToLower()}*");
+
+        // Verify that the UI prompts the user at this point
+        var loginResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeResponse.Headers.Location);
+        loginResponse.Should().Be200Ok();
+
+        // Now login and return to the return url we were given
+        var returnUrl = new Uri(new Uri(IdentityServerPipeline.BaseUrl), _mockPipeline.LoginReturnUrl);
+        await _mockPipeline.LoginAsync("bob");
+        var authorizeCallbackResponse = await _mockPipeline.BrowserClient.GetAsync(returnUrl);
+
+        // The authorize callback should continue back to the application (the prompt parameter is processed so we don't go back to login)
+        authorizeCallbackResponse.Should().Be302Found();
+        authorizeCallbackResponse.Headers.Location.Should().Be(expectedCallback);
+    }
+
     private void ConfigureScopesAndResources()
     {
         _mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {