khalidabuhakmeh · March 17, 2025 18:40
diff --git a/DiscoveryDocumentTests.cs b/DiscoveryDocumentTests.cs
 // package: Microsoft.AspNetCore.Authentication.OpenIdConnect version 9.0.3
 // platform net9.0
 // full name: Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=8.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 // /packages/microsoft.identitymodel.protocols.openidconnect/8.0.1/lib/net9.0/Microsoft.IdentityModel.Protocols.OpenIdConnect.dll
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Xunit.Abstractions;

 namespace DiscoveryDocument;

 public class DiscoverDocumentTests(ITestOutputHelper output)
 {
    [Fact]
    public void Process_Discovery_Document()
    {
        var result = OpenIdConnectConfiguration.Create(DiscoveryDocument);
        Assert.NotNull(result);
    }

    [Fact]
    public void Fail_To_Process_Discovery_Document_With_Acr_Supported_Values()
    {
        var ae = Assert.Throws<ArgumentException>(() =>
        {
            OpenIdConnectConfiguration.Create(DiscoveryDocumentWithAcrSupportedValues);
        });
        
        output.WriteLine(ae.ToString());
    }

    #region discovery document

    public const string DiscoveryDocumentWithAcrSupportedValues =
        // lang=json
        """
        {
          "issuer": "https://localhost:7246",
          "jwks_uri": "https://localhost:7246/.well-known/openid-configuration/jwks",
          "authorization_endpoint": "https://localhost:7246/connect/authorize",
          "token_endpoint": "https://localhost:7246/connect/token",
          "userinfo_endpoint": "https://localhost:7246/connect/userinfo",
          "end_session_endpoint": "https://localhost:7246/connect/endsession",
          "check_session_iframe": "https://localhost:7246/connect/checksession",
          "revocation_endpoint": "https://localhost:7246/connect/revocation",
          "introspection_endpoint": "https://localhost:7246/connect/introspect",
          "device_authorization_endpoint": "https://localhost:7246/connect/deviceauthorization",
          "backchannel_authentication_endpoint": "https://localhost:7246/connect/ciba",
          "pushed_authorization_request_endpoint": "https://localhost:7246/connect/par",
          "require_pushed_authorization_requests": false,
          "frontchannel_logout_supported": true,
          "frontchannel_logout_session_supported": true,
          "backchannel_logout_supported": true,
          "backchannel_logout_session_supported": true,
          "scopes_supported": [
            "openid",
            "profile",
            "scope1",
            "scope2",
            "offline_access"
          ],
          "claims_supported": [
            "sub",
            "acr",
            "name",
            "family_name",
            "given_name",
            "middle_name",
            "nickname",
            "preferred_username",
            "profile",
            "picture",
            "website",
            "gender",
            "birthdate",
            "zoneinfo",
            "locale",
            "updated_at"
          ],
          "grant_types_supported": [
            "authorization_code",
            "client_credentials",
            "refresh_token",
            "implicit",
            "password",
            "urn:ietf:params:oauth:grant-type:device_code",
            "urn:openid:params:grant-type:ciba"
          ],
          "response_types_supported": [
            "code",
            "token",
            "id_token",
            "id_token token",
            "code id_token",
            "code token",
            "code id_token token"
          ],
          "response_modes_supported": [
            "form_post",
            "query",
            "fragment"
          ],
          "token_endpoint_auth_methods_supported": [
            "client_secret_basic",
            "client_secret_post"
          ],
          "id_token_signing_alg_values_supported": [
            "RS256"
          ],
          "subject_types_supported": [
            "public"
          ],
          "code_challenge_methods_supported": [
            "plain",
            "S256"
          ],
          "request_parameter_supported": true,
          "request_object_signing_alg_values_supported": [
            "RS256",
            "RS384",
            "RS512",
            "PS256",
            "PS384",
            "PS512",
            "ES256",
            "ES384",
            "ES512",
            "HS256",
            "HS384",
            "HS512"
          ],
          "prompt_values_supported": [
            "none",
            "login",
            "consent",
            "select_account"
          ],
          "authorization_response_iss_parameter_supported": true,
          "backchannel_token_delivery_modes_supported": [
            "poll"
          ],
          "backchannel_user_code_parameter_supported": true,
          "dpop_signing_alg_values_supported": [
            "RS256",
            "RS384",
            "RS512",
            "PS256",
            "PS384",
            "PS512",
            "ES256",
            "ES384",
            "ES512"
          ],
          "acr_values_supported": [
            "1",
            "nope"
          ]
        }
        """;

    public const string DiscoveryDocument =
        // lang=json
        """
        {
          "issuer": "https://localhost:7246",
          "jwks_uri": "https://localhost:7246/.well-known/openid-configuration/jwks",
          "authorization_endpoint": "https://localhost:7246/connect/authorize",
          "token_endpoint": "https://localhost:7246/connect/token",
          "userinfo_endpoint": "https://localhost:7246/connect/userinfo",
          "end_session_endpoint": "https://localhost:7246/connect/endsession",
          "check_session_iframe": "https://localhost:7246/connect/checksession",
          "revocation_endpoint": "https://localhost:7246/connect/revocation",
          "introspection_endpoint": "https://localhost:7246/connect/introspect",
          "device_authorization_endpoint": "https://localhost:7246/connect/deviceauthorization",
          "backchannel_authentication_endpoint": "https://localhost:7246/connect/ciba",
          "pushed_authorization_request_endpoint": "https://localhost:7246/connect/par",
          "require_pushed_authorization_requests": false,
          "frontchannel_logout_supported": true,
          "frontchannel_logout_session_supported": true,
          "backchannel_logout_supported": true,
          "backchannel_logout_session_supported": true,
          "scopes_supported": [
            "openid",
            "profile",
            "scope1",
            "scope2",
            "offline_access"
          ],
          "claims_supported": [
            "sub",
            "acr",
            "name",
            "family_name",
            "given_name",
            "middle_name",
            "nickname",
            "preferred_username",
            "profile",
            "picture",
            "website",
            "gender",
            "birthdate",
            "zoneinfo",
            "locale",
            "updated_at"
          ],
          "grant_types_supported": [
            "authorization_code",
            "client_credentials",
            "refresh_token",
            "implicit",
            "password",
            "urn:ietf:params:oauth:grant-type:device_code",
            "urn:openid:params:grant-type:ciba"
          ],
          "response_types_supported": [
            "code",
            "token",
            "id_token",
            "id_token token",
            "code id_token",
            "code token",
            "code id_token token"
          ],
          "response_modes_supported": [
            "form_post",
            "query",
            "fragment"
          ],
          "token_endpoint_auth_methods_supported": [
            "client_secret_basic",
            "client_secret_post"
          ],
          "id_token_signing_alg_values_supported": [
            "RS256"
          ],
          "subject_types_supported": [
            "public"
          ],
          "code_challenge_methods_supported": [
            "plain",
            "S256"
          ],
          "request_parameter_supported": true,
          "request_object_signing_alg_values_supported": [
            "RS256",
            "RS384",
            "RS512",
            "PS256",
            "PS384",
            "PS512",
            "ES256",
            "ES384",
            "ES512",
            "HS256",
            "HS384",
            "HS512"
          ],
          "prompt_values_supported": [
            "none",
            "login",
            "consent",
            "select_account"
          ],
          "authorization_response_iss_parameter_supported": true,
          "backchannel_token_delivery_modes_supported": [
            "poll"
          ],
          "backchannel_user_code_parameter_supported": true,
          "dpop_signing_alg_values_supported": [
            "RS256",
            "RS384",
            "RS512",
            "PS256",
            "PS384",
            "PS512",
            "ES256",
            "ES384",
            "ES512"
          ]
        }
        """;

    #endregion
 }
	// package: Microsoft.AspNetCore.Authentication.OpenIdConnect version 9.0.3
	// platform net9.0
	// full name: Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=8.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
	// /packages/microsoft.identitymodel.protocols.openidconnect/8.0.1/lib/net9.0/Microsoft.IdentityModel.Protocols.OpenIdConnect.dll
	using Microsoft.IdentityModel.Protocols.OpenIdConnect;
	using Xunit.Abstractions;

	namespace DiscoveryDocument;

	public class DiscoverDocumentTests(ITestOutputHelper output)
	{
	[Fact]
	public void Process_Discovery_Document()
	{
	var result = OpenIdConnectConfiguration.Create(DiscoveryDocument);
	Assert.NotNull(result);
	}

	[Fact]
	public void Fail_To_Process_Discovery_Document_With_Acr_Supported_Values()
	{
	var ae = Assert.Throws<ArgumentException>(() =>
	{
	OpenIdConnectConfiguration.Create(DiscoveryDocumentWithAcrSupportedValues);
	});

	output.WriteLine(ae.ToString());
	}

	#region discovery document

	public const string DiscoveryDocumentWithAcrSupportedValues =
	// lang=json
	"""
	{
	"issuer": "https://localhost:7246",
	"jwks_uri": "https://localhost:7246/.well-known/openid-configuration/jwks",
	"authorization_endpoint": "https://localhost:7246/connect/authorize",
	"token_endpoint": "https://localhost:7246/connect/token",
	"userinfo_endpoint": "https://localhost:7246/connect/userinfo",
	"end_session_endpoint": "https://localhost:7246/connect/endsession",
	"check_session_iframe": "https://localhost:7246/connect/checksession",
	"revocation_endpoint": "https://localhost:7246/connect/revocation",
	"introspection_endpoint": "https://localhost:7246/connect/introspect",
	"device_authorization_endpoint": "https://localhost:7246/connect/deviceauthorization",
	"backchannel_authentication_endpoint": "https://localhost:7246/connect/ciba",
	"pushed_authorization_request_endpoint": "https://localhost:7246/connect/par",
	"require_pushed_authorization_requests": false,
	"frontchannel_logout_supported": true,
	"frontchannel_logout_session_supported": true,
	"backchannel_logout_supported": true,
	"backchannel_logout_session_supported": true,
	"scopes_supported": [
	"openid",
	"profile",
	"scope1",
	"scope2",
	"offline_access"
	],
	"claims_supported": [
	"sub",
	"acr",
	"name",
	"family_name",
	"given_name",
	"middle_name",
	"nickname",
	"preferred_username",
	"profile",
	"picture",
	"website",
	"gender",
	"birthdate",
	"zoneinfo",
	"locale",
	"updated_at"
	],
	"grant_types_supported": [
	"authorization_code",
	"client_credentials",
	"refresh_token",
	"implicit",
	"password",
	"urn:ietf:params:oauth:grant-type:device_code",
	"urn:openid:params:grant-type:ciba"
	],
	"response_types_supported": [
	"code",
	"token",
	"id_token",
	"id_token token",
	"code id_token",
	"code token",
	"code id_token token"
	],
	"response_modes_supported": [
	"form_post",
	"query",
	"fragment"
	],
	"token_endpoint_auth_methods_supported": [
	"client_secret_basic",
	"client_secret_post"
	],
	"id_token_signing_alg_values_supported": [
	"RS256"
	],
	"subject_types_supported": [
	"public"
	],
	"code_challenge_methods_supported": [
	"plain",
	"S256"
	],
	"request_parameter_supported": true,
	"request_object_signing_alg_values_supported": [
	"RS256",
	"RS384",
	"RS512",
	"PS256",
	"PS384",
	"PS512",
	"ES256",
	"ES384",
	"ES512",
	"HS256",
	"HS384",
	"HS512"
	],
	"prompt_values_supported": [
	"none",
	"login",
	"consent",
	"select_account"
	],
	"authorization_response_iss_parameter_supported": true,
	"backchannel_token_delivery_modes_supported": [
	"poll"
	],
	"backchannel_user_code_parameter_supported": true,
	"dpop_signing_alg_values_supported": [
	"RS256",
	"RS384",
	"RS512",
	"PS256",
	"PS384",
	"PS512",
	"ES256",
	"ES384",
	"ES512"
	],
	"acr_values_supported": [
	"1",
	"nope"
	]
	}
	""";

	public const string DiscoveryDocument =
	// lang=json
	"""
	{
	"issuer": "https://localhost:7246",
	"jwks_uri": "https://localhost:7246/.well-known/openid-configuration/jwks",
	"authorization_endpoint": "https://localhost:7246/connect/authorize",
	"token_endpoint": "https://localhost:7246/connect/token",
	"userinfo_endpoint": "https://localhost:7246/connect/userinfo",
	"end_session_endpoint": "https://localhost:7246/connect/endsession",
	"check_session_iframe": "https://localhost:7246/connect/checksession",
	"revocation_endpoint": "https://localhost:7246/connect/revocation",
	"introspection_endpoint": "https://localhost:7246/connect/introspect",
	"device_authorization_endpoint": "https://localhost:7246/connect/deviceauthorization",
	"backchannel_authentication_endpoint": "https://localhost:7246/connect/ciba",
	"pushed_authorization_request_endpoint": "https://localhost:7246/connect/par",
	"require_pushed_authorization_requests": false,
	"frontchannel_logout_supported": true,
	"frontchannel_logout_session_supported": true,
	"backchannel_logout_supported": true,
	"backchannel_logout_session_supported": true,
	"scopes_supported": [
	"openid",
	"profile",
	"scope1",
	"scope2",
	"offline_access"
	],
	"claims_supported": [
	"sub",
	"acr",
	"name",
	"family_name",
	"given_name",
	"middle_name",
	"nickname",
	"preferred_username",
	"profile",
	"picture",
	"website",
	"gender",
	"birthdate",
	"zoneinfo",
	"locale",
	"updated_at"
	],
	"grant_types_supported": [
	"authorization_code",
	"client_credentials",
	"refresh_token",
	"implicit",
	"password",
	"urn:ietf:params:oauth:grant-type:device_code",
	"urn:openid:params:grant-type:ciba"
	],
	"response_types_supported": [
	"code",
	"token",
	"id_token",
	"id_token token",
	"code id_token",
	"code token",
	"code id_token token"
	],
	"response_modes_supported": [
	"form_post",
	"query",
	"fragment"
	],
	"token_endpoint_auth_methods_supported": [
	"client_secret_basic",
	"client_secret_post"
	],
	"id_token_signing_alg_values_supported": [
	"RS256"
	],
	"subject_types_supported": [
	"public"
	],
	"code_challenge_methods_supported": [
	"plain",
	"S256"
	],
	"request_parameter_supported": true,
	"request_object_signing_alg_values_supported": [
	"RS256",
	"RS384",
	"RS512",
	"PS256",
	"PS384",
	"PS512",
	"ES256",
	"ES384",
	"ES512",
	"HS256",
	"HS384",
	"HS512"
	],
	"prompt_values_supported": [
	"none",
	"login",
	"consent",
	"select_account"
	],
	"authorization_response_iss_parameter_supported": true,
	"backchannel_token_delivery_modes_supported": [
	"poll"
	],
	"backchannel_user_code_parameter_supported": true,
	"dpop_signing_alg_values_supported": [
	"RS256",
	"RS384",
	"RS512",
	"PS256",
	"PS384",
	"PS512",
	"ES256",
	"ES384",
	"ES512"
	]
	}
	""";

	#endregion
	}