From c81af29f311bbc5c31e2f41806c425f6e898b4cf Mon Sep 17 00:00:00 2001
From: Joe DeCock <josephdecock@gmail.com>
Date: Mon, 3 Jun 2024 15:32:00 -0500
Subject: [PATCH] Add test of prompt=login and max_age=0 with PAR

---
 .../Authorize/PushedAuthorizationTests.cs     | 51 +++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/test/IdentityServer.IntegrationTests/Endpoints/Authorize/PushedAuthorizationTests.cs b/test/IdentityServer.IntegrationTests/Endpoints/Authorize/PushedAuthorizationTests.cs
index b60c10f43..24a4ba0a1 100644
--- a/test/IdentityServer.IntegrationTests/Endpoints/Authorize/PushedAuthorizationTests.cs
+++ b/test/IdentityServer.IntegrationTests/Endpoints/Authorize/PushedAuthorizationTests.cs
@@ -7,6 +7,7 @@
 using FluentAssertions;
 using IdentityModel;
 using IntegrationTests.Common;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net;
@@ -190,6 +191,56 @@ public async Task pushed_authorization_with_a_request_uri_fails(string requestUr
             .Should().Be(OidcConstants.AuthorizeErrors.InvalidRequest);
     }
 
+
+    [Theory]
+    [InlineData("prompt", "login")]
+    [InlineData("max_age", "0")]
+    public async Task prompt_login_can_be_used_with_pushed_authorization(string parameterName, string parameterValue)
+    {
+        // Login before we start (we expect to still be prompted to login because of the prompt param)
+        await _mockPipeline.LoginAsync("bob");
+        _mockPipeline.BrowserClient.AllowAutoRedirect = false;
+
+        // Push Authorization
+        var expectedCallback = _client.RedirectUris.First();
+        var expectedState = "123_state";
+        var (parJson, statusCode) = await _mockPipeline.PushAuthorizationRequestAsync(
+            redirectUri: expectedCallback,
+            state: expectedState,
+            extra: new Dictionary<string, string>
+            {
+                { parameterName, parameterValue }
+            }
+        );
+        statusCode.Should().Be(HttpStatusCode.Created);
+
+        // Authorize using pushed request
+        var authorizeUrl = _mockPipeline.CreateAuthorizeUrl(
+            clientId: "client1",
+            extra: new
+            {
+                request_uri = parJson.RootElement.GetProperty("request_uri").GetString()
+            });
+        var authorizeResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeUrl);
+
+        // Verify that authorize redirects to login
+        authorizeResponse.Should().Be302Found();
+        authorizeResponse.Headers.Location.ToString().ToLower().Should().Match($"{IdentityServerPipeline.LoginPage.ToLower()}*");
+
+        // Verify that the UI prompts the user at this point
+        var loginResponse = await _mockPipeline.BrowserClient.GetAsync(authorizeResponse.Headers.Location);
+        loginResponse.Should().Be200Ok();
+
+        // Now login and return to the return url we were given
+        var returnUrl = new Uri(new Uri(IdentityServerPipeline.BaseUrl), _mockPipeline.LoginReturnUrl);
+        await _mockPipeline.LoginAsync("bob");
+        var authorizeCallbackResponse = await _mockPipeline.BrowserClient.GetAsync(returnUrl);
+        
+        // The authorize callback should continue back to the application (the prompt parameter is processed so we don't go back to login)
+        authorizeCallbackResponse.Should().Be302Found();
+        authorizeCallbackResponse.Headers.Location.Should().Be(expectedCallback);
+    }
+
     private void ConfigureScopesAndResources()
     {
         _mockPipeline.IdentityScopes.AddRange(new IdentityResource[] {