Fix/refresh with scope (#374)

aguacongas · web-flow · commit acf47d22e4a8 · 2022-11-30T20:36:10.000+01:00
* fix: cannot set scope on refresn token #373 * test: set requested scope in response * style: change parameter order
diff --git a/src/OidcClient/OidcClient.cs b/src/OidcClient/OidcClient.cs
@@ -312,13 +312,15 @@ public virtual async Task<UserInfoResult> GetUserInfoAsync(string accessToken, C
         /// </summary>
         /// <param name="refreshToken">The refresh token.</param>
         /// <param name="backChannelParameters">Back-channel parameters</param>
+        /// <param name="scope">Space separated list of the requested scopes.</param>
         /// <param name="cancellationToken">The cancellation token.</param>
         /// <returns>
         /// A token response.
         /// </returns>
         public virtual async Task<RefreshTokenResult> RefreshTokenAsync(
             string refreshToken, 
-            Parameters backChannelParameters = null, 
+            Parameters backChannelParameters = null,
+            string scope = null,
             CancellationToken cancellationToken = default)
         {
             _logger.LogTrace("RefreshTokenAsync");
@@ -336,7 +338,8 @@ public virtual async Task<RefreshTokenResult> RefreshTokenAsync(
                 ClientAssertion = Options.ClientAssertion,
                 ClientCredentialStyle = Options.TokenClientCredentialStyle,
                 RefreshToken = refreshToken,
-                Parameters = backChannelParameters
+                Parameters = backChannelParameters,
+                Scope = scope
             }, cancellationToken).ConfigureAwait(false);
 
             if (response.IsError)
diff --git a/test/OidcClient.Tests/OidcClientTests.cs b/test/OidcClient.Tests/OidcClientTests.cs
@@ -0,0 +1,69 @@
+﻿using System;
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
+using Xunit;
+
+namespace IdentityModel.OidcClient.Tests
+{
+    public class OidcClientTests
+    {
+        [Fact]
+        public async Task RefreshTokenAsync_with_scope_should_set_http_request_scope_parameter()
+        {
+            var scope = Guid.NewGuid().ToString();
+            var sut = new OidcClient(new OidcClientOptions
+            {
+                Authority = "https://exemple.com",
+                ProviderInformation = new ProviderInformation
+                {
+                    IssuerName = "https://exemple.com",
+                    AuthorizeEndpoint = "https://exemple.com/connect/authorize",
+                    TokenEndpoint = "https://exemple.com/connect/token"
+                },
+                Policy = new Policy
+                {
+                    Discovery = new Client.DiscoveryPolicy
+                    {
+                        RequireKeySet = false,
+                    }
+                },
+                ClientId = "test",
+                Scope = "openid profile offline_access",
+                RedirectUri = "test://authentication/login-callback",               
+                HttpClientFactory = o =>
+                {
+                    return new HttpClient(new FakeHttpMessageHandler
+                    {
+                        Func = async r =>
+                        {
+                            var content = await r.Content.ReadAsStringAsync();
+                            Assert.Contains($"scope={scope}", content);
+                            return new HttpResponseMessage
+                                {
+                                    Content = new StringContent($@"{{
+  ""access_token"": ""23af3183-a712-40c7-86f8-d784705c8a78"",
+  ""refresh_token"": ""23af3183-a712-40c7-86f8-d784705c8a79"",
+  ""expires_in"": 3600,
+  ""token_type"": ""Bearer"",
+  ""scope"": ""{scope}""
+}}")
+                                };
+                        }
+                    });
+                }
+            });
+
+            var result = await sut.RefreshTokenAsync("test", scope: scope);
+
+            Assert.NotNull(result);
+        }
+
+        class FakeHttpMessageHandler : HttpMessageHandler
+        {
+            public Func<HttpRequestMessage, Task<HttpResponseMessage>> Func { get; set; }
+            protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
+            => Func(request);
+        }
+    }
+}
diff --git a/test/OidcClient.Tests/RefreshTokenDelegatingHandlerTests.cs b/test/OidcClient.Tests/RefreshTokenDelegatingHandlerTests.cs
@@ -244,6 +244,7 @@ public TestableOidcTokenRefreshClient(TestTokens tokens, TimeSpan delayForRefres
 
             public override async Task<RefreshTokenResult> RefreshTokenAsync(string refreshToken,
                 Parameters backChannelParameters = null,
+                string scope = null,
                 CancellationToken cancellationToken = default)
             {
                 var newTokens = _tokens.RefreshUsing(refreshToken);

Original file line number	Diff line number	Diff line change
`@@ -244,6 +244,7 @@ public TestableOidcTokenRefreshClient(TestTokens tokens, TimeSpan delayForRefres`
`244`	`244`
`245`	`245`	`public override async Task<RefreshTokenResult> RefreshTokenAsync(string refreshToken,`
`246`	`246`	`Parameters backChannelParameters = null,`
	`247`	`+ string scope = null,`
`247`	`248`	`CancellationToken cancellationToken = default)`
`248`	`249`	`{`
`249`	`250`	`var newTokens = _tokens.RefreshUsing(refreshToken);`