public async Task TestGetToken_WithTenantID_IsValid()
{
string token = await TestAccessToken.GetToken(DEV_AUTH_URL, Guid.NewGuid().ToString()).ConfigureAwait(false);
using (var httpClient = new HttpClient()) {
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(httpClient, new Uri(DEV_AUTH_URL), new Uri(DEV_AUTH_JWK_URL));
Assert.DoesNotThrowAsync(async() => await validator.ValidateAsync(token).ConfigureAwait(false));
}
}
public async Task TestGetToken_WithTenantAndUserIdAndXsrf_IsValid()
{
string token = await TestAccessToken.GetToken(DEV_AUTH_URL, Guid.NewGuid().ToString(), "user", "xsrf").SafeAsync();
using (var httpClient = new HttpClient()) {
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(httpClient, new Uri(DEV_AUTH_URL));
Assert.DoesNotThrowAsync(async() => await validator.ValidateAsync(token).SafeAsync());
}
}
public async void TestAccessTokenProvider_SuppliedRSAParameters_TokenIsValid()
{
using (var httpClient = new HttpClient()) {
IAccessTokenProvider provider = TestAccessTokenProviderFactory.Create(httpClient, DEV_AUTH_URL, TestStaticKeyProvider.TestKeyId, TestStaticKeyProvider.TestRSAParameters);
IAccessToken token = await provider.ProvisionAccessTokenAsync(testClaimSet, testScopes).SafeAsync();
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(httpClient, new Uri(DEV_AUTH_URL));
Assert.DoesNotThrow(async() => await validator.ValidateAsync(token.Token).SafeAsync());
}
}
public async Task TestAccessTokenProvider_TokenIsValid()
{
using (var httpClient = new HttpClient()) {
IAccessTokenProvider provider = TestAccessTokenProviderFactory.Create(httpClient, DEV_AUTH_URL);
IAccessToken token = await provider.ProvisionAccessTokenAsync(testClaimSet, testScopes).ConfigureAwait(false);
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(httpClient, new Uri(DEV_AUTH_JWKS_URL), new Uri(DEV_AUTH_JWK_URL));
Assert.DoesNotThrowAsync(async() => await validator.ValidateAsync(token.Token).ConfigureAwait(false));
}
}
public async Task TestGetToken_WithClaimAndScope_IsValid()
{
Claim[] claims = { new Claim(Constants.Claims.TENANT_ID, Guid.NewGuid().ToString()) };
Scope[] scopes = { new Scope("group", "resource", "permission") };
string token = await TestAccessToken.GetToken(DEV_AUTH_URL, claims, scopes).SafeAsync();
using (var httpClient = new HttpClient()) {
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(httpClient, new Uri(DEV_AUTH_URL));
Assert.DoesNotThrowAsync(async() => await validator.ValidateAsync(token).SafeAsync());
}
}
private void ValidateAccessToken(string encryptedUserCred)
{
string option = AccessTokenValidatorFactory.ACCESS_TOKEN_WCF;
IAccessTokenValidator tokenValidator = AccessTokenValidatorFactory.GetAccessTokenValidator(option);
TokenValidationResult result = tokenValidator.IsUserCredentialValid(encryptedUserCred);
if (!result.IsValidationSuccess)
{
throw new TokenValidationException(result.Message, result.Status);
}
}
Action IBenchmark.GetRunner()
{
SetUp(out Uri host, out string token, out string id);
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(
new HttpClient(),
host,
null
);
return(delegate {
validator.ValidateAsync(token).SafeAsync().GetAwaiter().GetResult();
});
}
static TestUtilities()
{
#pragma warning disable 618
IPublicKeyDataProvider publicKeyDataProvider = new InMemoryPublicKeyDataProvider();
#pragma warning restore 618
m_signer = EcDsaTokenSignerFactory
.Create(publicKeyDataProvider, EcDsaTokenSignerFactory.Curve.P256);
IAccessTokenValidator accessTokenValidator = AccessTokenValidatorFactory
.CreateLocalValidator(publicKeyDataProvider);
RequestAuthenticator = RequestAuthenticatorFactory.Create(accessTokenValidator);
}
IRequestAuthenticator IFactory <IRequestAuthenticator> .Create()
{
// TODO:
// - This blocking sucks but will disappear once IConfigViewer is taken rather than the actual endpoint
// - We need these classes from the auth library to behave like singletons but get the auth endpoint dynamically from IConfigViewer
// - This config should usually be fetched as a tenant config... when we support non-tenant access tokens we can switch config type inside the auth library
ConfigValue <Uri> authEndpoint = m_configViewer
.GetGlobalAsync <Uri>(Constants.Configs.AUTH_ENDPOINT)
.SafeWait();
var accessTokenValidator = AccessTokenValidatorFactory.CreateRemoteValidator(
new HttpClient(), // TODO: get rid of AccessTokenValidatorFactory (maybe), make AccessTokenValidatorFactory take an IHttpClientFactory
authEndpoint.Value // TODO: AccessTokenValidator should take an IConfigViewer
);
var requestAuthenticator = RequestAuthenticatorFactory.Create(
accessTokenValidator: accessTokenValidator
);
return(requestAuthenticator);
}
