public void GetKeys_CachedButExpired_ReturnsRefreshedKeys()
{
var provider = new JwksHttpKeyProvider("https://example.com", "https://example.com/jwks", new TestHttpMessageHandler
{
Responses = new[]
{
new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"keys\":[]}",
Encoding.UTF8,
"application/json")
},
new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"keys\":[{\"kty\":\"RSA\",\"kid\":\"1234\",\"e\":\"AQAB\",\"n\":\"n6fNIStd3luK2mvco0ZnkDGE4JxB2FLmYtVJNyTmMfOj7CR5oM7vHSuOQYe17c8CUXBSCed5i6CmUyI59Vj4D2D2zdzqMiIyA5Y0djw5Js04QSvbXZId25YgMoHU0dichI1MmUYMPk5iQ_SwmSXsJKxwk1ytd1DciMxpCWkkAwJCAMoYR0_wcrtLX0M3i1sJthpCKle0-bj5YnhVE85vGeVrkvs9b8CKUCwqGruNptHtebpMKR1rBx1QXBTHHhXJjk5XQLu_S9_URuD0M6j__liGcjYzFEiz6b9NAjHHrraPfDfuKIgnHwpLFA-J8zjZeoXBstr9Mut_Gsgqmxg_cQ\",\"alg\":\"RS256\"}]}",
Encoding.UTF8,
"application/json")
}
}
}, automaticRefreshInterval: 0);
JwtHeaderDocument.TryParseHeader(Encoding.UTF8.GetBytes("{\"kid\":\"1234\"}"), null, TokenValidationPolicy.NoValidation, out var header, out _);
var keys = provider.GetKeys(header);
Assert.Empty(keys);
keys = provider.GetKeys(header);
Assert.Single(keys);
Assert.Equal("1234", keys[0].Kid.ToString());
}
private static void ReadKeysFromJwksEndpoint()
{
// The JwksKeyProvider retrieve the JWKs from an HTTP endpoint. The JkuKeyProvider & X5uKeyProvider do the same for differents formats. var jwksProvider = new JwksHttpKeyProvider("https://login.microsoftonline.com/common/.well-known/openid-configuration", validateIssuer: false); // you may provide an HttpClientHandler with if you are behind a proxy.
var jwksProvider = new JwksHttpKeyProvider("https://login.microsoftonline.com", "https://login.microsoftonline.com/common/discovery/v2.0/keys"); // you may provide an HttpClientHandler with if you are behind a proxy.
var keys = jwksProvider.GetKeys();
Console.WriteLine("JWK from internet faced JWKS:");
foreach (var key in keys)
{
Console.WriteLine(key);
Console.WriteLine();
}
}
