public async Task RefreshesOidcToken()
{
// A little bit after the tokens returned from OidcTokenFakes were issued.
var clock = new MockClock(new DateTime(2020, 5, 21, 9, 20, 0, 0, DateTimeKind.Utc));
var messageHandler = new OidcComputeSuccessMessageHandler();
var initializer = new ComputeCredential.Initializer("http://will.be.ignored", "http://will.be.ignored")
{
Clock = clock,
HttpClientFactory = new MockHttpClientFactory(messageHandler)
};
var credential = new ComputeCredential(initializer);
// The fake Oidc server returns valid tokens (expired in the real world for safty)
// but with a set audience that lets us know if the token was refreshed or not.
var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("will.be.ignored"));
var signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync());
Assert.Equal("https://first_call.test", signedToken.Payload.Audience);
// Move the clock so that the token expires.
clock.UtcNow = clock.UtcNow.AddHours(2);
signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync());
Assert.Equal("https://subsequent_calls.test", signedToken.Payload.Audience);
// Two calls, because the second time we tried to get the token, the first one had expired.
Assert.Equal(2, messageHandler.Calls);
}
public async Task FetchesOidcToken_WithDefaultOptions()
{
// A little bit after the tokens returned from OidcTokenFakes were issued.
var clock = new MockClock(new DateTime(2020, 5, 21, 9, 20, 0, 0, DateTimeKind.Utc));
var messageHandler = new OidcComputeSuccessMessageHandler();
var initializer = new ComputeCredential.Initializer("http://will.be.ignored", "http://will.be.ignored")
{
Clock = clock,
HttpClientFactory = new MockHttpClientFactory(messageHandler)
};
var credential = new ComputeCredential(initializer);
var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("any_audience"));
await oidcToken.GetAccessTokenAsync();
Assert.Equal("?audience=any_audience&format=full", messageHandler.LatestRequest.RequestUri.Query);
}
public async Task FromComputeCredential_FetchesOidcToken()
{
// A little bit after the tokens returned from OidcTokenFakes were issued.
var clock = new MockClock(new DateTime(2020, 5, 21, 9, 20, 0, 0, DateTimeKind.Utc));
var messageHandler = new OidcComputeSuccessMessageHandler();
var initializer = new ComputeCredential.Initializer("http://will.be.ignored", "http://will.be.ignored")
{
Clock = clock,
HttpClientFactory = new MockHttpClientFactory(messageHandler)
};
var computeCredential = new ComputeCredential(initializer);
var googleCredential = GoogleCredential.FromComputeCredential(computeCredential);
// The fake Oidc server returns valid tokens (expired in the real world for safty)
// but with a set audience that lets us know if the token was refreshed or not.
var oidcToken = await googleCredential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("will.be.ignored"));
var signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync());
Assert.Equal("https://first_call.test", signedToken.Payload.Audience);
}