diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs index 80f2ca2ba3..b08f8e944c 100644 --- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs +++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectMiddleware.cs @@ -82,6 +82,11 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect throw new ArgumentNullException(nameof(htmlEncoder)); } + if (string.IsNullOrEmpty(Options.ClientId)) + { + throw new ArgumentException("Options.ClientId must be provided", nameof(Options.ClientId)); + } + if (!Options.CallbackPath.HasValue) { throw new ArgumentException("Options.CallbackPath must be provided."); @@ -120,7 +125,6 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect Options.StringDataFormat = new SecureDataFormat(new StringSerializer(), dataProtector); } - if (Options.Events == null) { Options.Events = new OpenIdConnectEvents(); @@ -164,6 +168,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect new HttpDocumentRetriever(Backchannel) { RequireHttps = Options.RequireHttpsMetadata }); } } + + if (Options.ConfigurationManager == null) + { + throw new InvalidOperationException($"Provide {nameof(Options.Authority)}, {nameof(Options.MetadataAddress)}, " + + $"{nameof(Options.Configuration)}, or {nameof(Options.ConfigurationManager)} to {nameof(OpenIdConnectOptions)}"); + } } protected HttpClient Backchannel { get; private set; } diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs index ebc59b9ee8..20de135712 100644 --- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs +++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs @@ -161,6 +161,8 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect return Task.FromResult(0); } }; + options.ClientId = "Test Id"; + options.Configuration = TestUtilities.DefaultOpenIdConnectConfiguration; return options; } @@ -550,5 +552,66 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect return nonceTime; } + + [Fact] + public void ThrowsWithNoClientId() + { + var builder = new WebHostBuilder() + .Configure(app => + { + app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions + { + SignInScheme = "TestScheme", + Authority = DefaultAuthority, + Configuration = TestUtilities.DefaultOpenIdConnectConfiguration, + AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost + }); + }).ConfigureServices(services => + { + services.AddAuthentication(); + }); + + try + { + var server = new TestServer(builder); + } + catch (ArgumentException e) + { + Assert.Equal("ClientId", e.ParamName); + return; + } + + Assert.True(false); + } + + [Fact] + public void ThrowsWithNoConfigurationValues() + { + var builder = new WebHostBuilder() + .Configure(app => + { + app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions + { + SignInScheme = "TestScheme", + ClientId = "Test Id", + AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost + }); + }).ConfigureServices(services => + { + services.AddAuthentication(); + }); + + try + { + var server = new TestServer(builder); + } + catch (InvalidOperationException e) + { + Assert.Equal("Provide Authority, MetadataAddress, Configuration, or ConfigurationManager to OpenIdConnectOptions", e.Message); + return; + } + + Assert.True(false); + } } } \ No newline at end of file