private static bool HasTokenExpired(string token)
{
var jsonWebToken = JwtHandler.ReadToken(token) as JsonWebToken;
if (jsonWebToken == null)
{
return(true);
}
var expirationClaim = jsonWebToken.Claims.FirstOrDefault(x => x.Type == "exp");
if (expirationClaim == null)
{
return(false);
}
var expiration = Convert.ToDouble(expirationClaim.Value);
var now = GetSecondsSinceUnixEpoch(DateTime.Now);
return(now - expiration > ExpirationCutoffSeconds);
}
public void ValidUserNameCredentialWithTokenValidation()
{
var client = new OAuth2Client(
new Uri(baseAddress),
Constants.Credentials.ValidClientId,
Constants.Credentials.ValidClientSecret);
var response = client.RequestAccessTokenUserName(
Constants.Credentials.ValidUserName,
Constants.Credentials.ValidPassword,
scope);
Assert.IsTrue(response != null, "response is null");
Assert.IsTrue(!string.IsNullOrWhiteSpace(response.AccessToken), "access token is null");
Assert.IsTrue(!string.IsNullOrWhiteSpace(response.TokenType), "token type is null");
Assert.IsTrue(response.ExpiresIn > 0, "expiresIn is 0");
Trace.WriteLine(response.AccessToken);
var config = new SecurityTokenHandlerConfiguration();
var registry = new WebTokenIssuerNameRegistry();
registry.AddTrustedIssuer("http://identityserver.v2.thinktecture.com/trust/changethis", "http://identityserver45.thinktecture.com/trust/initial");
config.IssuerNameRegistry = registry;
var issuerResolver = new WebTokenIssuerTokenResolver();
issuerResolver.AddSigningKey("http://identityserver.v2.thinktecture.com/trust/changethis", "3ihK5qGVhp8ptIk9+TDucXQW4Aaengg3d5m6gU8nzc8=");
config.IssuerTokenResolver = issuerResolver;
config.AudienceRestriction.AllowedAudienceUris.Add(new Uri(scope));
var handler = new JsonWebTokenHandler();
handler.Configuration = config;
var jwt = handler.ReadToken(response.AccessToken);
var id = handler.ValidateToken(jwt);
}
public void ManualWriteRoundtripDuplicateClaimTypes()
{
var signinKey = SymmetricKeyGenerator.Create(32);
var jwt = new JsonWebToken
{
Header = new JwtHeader
{
SignatureAlgorithm = JwtConstants.SignatureAlgorithms.HMACSHA256,
SigningCredentials = new HmacSigningCredentials(signinKey)
},
Audience = new Uri("http://foo.com"),
Issuer = "dominick",
ExpirationTime = 50000000000,
};
jwt.AddClaim(ClaimTypes.Name, "dominick");
jwt.AddClaim(ClaimTypes.Email, "*****@*****.**");
jwt.AddClaim(ClaimTypes.Role, "bar");
jwt.AddClaim(ClaimTypes.Role, "foo");
var handler = new JsonWebTokenHandler();
var token = handler.WriteToken(jwt);
Trace.WriteLine(token);
// token should not be empty
Assert.IsTrue(!string.IsNullOrWhiteSpace(token));
// token with signature needs to be 3 parts
var parts = token.Split('.');
Assert.IsTrue(parts.Length == 3, "JWT should have excactly 3 parts");
// signature must be 256 bits
var sig = Base64Url.Decode(parts[2]);
Assert.IsTrue(sig.Length == 32, "Signature is not 32 bits");
var jwtToken = handler.ReadToken(token);
var config = new SecurityTokenHandlerConfiguration();
var registry = new WebTokenIssuerNameRegistry();
registry.AddTrustedIssuer("dominick", "dominick");
config.IssuerNameRegistry = registry;
var issuerResolver = new WebTokenIssuerTokenResolver();
issuerResolver.AddSigningKey("dominick", Convert.ToBase64String(signinKey));
config.IssuerTokenResolver = issuerResolver;
config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://foo.com"));
handler.Configuration = config;
var identity = handler.ValidateToken(jwtToken).First();
Assert.IsTrue(identity.Claims.Count() == 4);
Assert.IsTrue(identity.Claims.First().Issuer == "dominick");
}
public void HandlerCreateRoundtripDuplicateClaimTypes()
{
var signinKey = SymmetricKeyGenerator.Create(32);
var identity = new ClaimsIdentity(new List <Claim>
{
new Claim(ClaimTypes.Name, "dominick"),
new Claim(ClaimTypes.Name, "dominick2"),
new Claim(ClaimTypes.Email, "*****@*****.**"),
new Claim(ClaimTypes.Role, "bar"),
new Claim(ClaimTypes.Role, "foo")
}, "Custom");
var descriptor = new SecurityTokenDescriptor
{
Subject = identity,
SigningCredentials = new HmacSigningCredentials(signinKey),
TokenIssuerName = "dominick",
Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddHours(8)),
AppliesToAddress = "http://foo.com"
};
var handler = new JsonWebTokenHandler();
var token = handler.CreateToken(descriptor);
var tokenString = handler.WriteToken(token);
Trace.WriteLine(tokenString);
// token should not be empty
Assert.IsTrue(!string.IsNullOrWhiteSpace(tokenString));
// token with signature needs to be 3 parts
var parts = tokenString.Split('.');
Assert.IsTrue(parts.Length == 3, "JWT should have excactly 3 parts");
// signature must be 256 bits
var sig = Base64Url.Decode(parts[2]);
Assert.IsTrue(sig.Length == 32, "Signature is not 32 bits");
var jwtToken = handler.ReadToken(tokenString);
var config = new SecurityTokenHandlerConfiguration();
var registry = new WebTokenIssuerNameRegistry();
registry.AddTrustedIssuer("dominick", "dominick");
config.IssuerNameRegistry = registry;
var issuerResolver = new WebTokenIssuerTokenResolver();
issuerResolver.AddSigningKey("dominick", Convert.ToBase64String(signinKey));
config.IssuerTokenResolver = issuerResolver;
config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://foo.com"));
handler.Configuration = config;
var identity2 = handler.ValidateToken(jwtToken).First();
Assert.IsTrue(identity.Claims.Count() == 5);
//Assert.IsTrue(identity.Claims.First().Issuer == "dominick");
}