public void Build_ValidRequest_SuccessResult() { // Arrange var expectedIdp = "subjectIdp"; var expectedAuthenticationMethod = TokenExchangeConstants.GrantTypes.TokenExchange; var target = new TokenExchangeResultBuilder(this.loggerMock.Object, new TokenExchangeOptions()); var expectedSuccessMessage = "Successful Token Exchange Request."; var actorTokenValidationResult = SuccessActorTokenValidationResult(); var subjectTokenValidationResult = SuccessSubjectTokenValidationResult(); var subClaims = subjectTokenValidationResult.Claims.ToList(); subClaims.Add(new Claim("idp", expectedIdp)); subjectTokenValidationResult.Claims = subClaims; // Act var result = target .WithActor(actorTokenValidationResult) .WithSubject(subjectTokenValidationResult) .Build(); // Assert Assert.IsFalse(result.IsError); Assert.AreEqual(TokenExchangeConstants.TokenTypes.AccessToken, result.CustomResponse[TokenExchangeConstants.ResponseParameters.IssuedTokenType]); Assert.AreEqual(expectedIdp, result.Subject.GetIdentityProvider()); Assert.AreEqual(expectedAuthenticationMethod, result.Subject.Claims.AuthenticationMethod()); this.loggerMock.VerifyLogInfo(expectedSuccessMessage); }
public void Build_ValidSubject_SuccessResultMapsExistingActClaim() { // Arrange var target = new TokenExchangeResultBuilder(this.loggerMock.Object, new TokenExchangeOptions()); var expectedActClaim = "{\"client_id\":\"client_id_from_actor\",\"sub\":\"subActor\",\"tenantId\":\"1\",\"act\":{\"client_id\":\"api1\"}}"; var actorTokenValidationResult = SuccessActorTokenValidationResult(); var subjectTokenValidationResult = SuccessSubjectTokenValidationResult(); var subjectClaims = new List <Claim> { new Claim(JwtClaimTypes.Subject, "testSubject"), new Claim(TokenExchangeConstants.ClaimTypes.Act, "{\"client_id\":\"api1\"}") }; subjectTokenValidationResult.Claims = subjectClaims; // Act var result = target .WithActor(actorTokenValidationResult) .WithSubject(subjectTokenValidationResult) .Build(); // Assert Assert.IsFalse(result.IsError); var actClaim = result.Subject.Claims.SingleOrDefault(c => c.Type.Equals(TokenExchangeConstants.ClaimTypes.Act)); Assert.IsNotNull(actClaim); Assert.AreEqual(expectedActClaim, actClaim.Value); }
public void Build_ValidRequest_SuccessResultMapsSubjectClaims() { // Arrange var options = new TokenExchangeOptions { ActorClaimsToInclude = new List <string> { JwtClaimTypes.Subject, TokenExchangeConstants.ClaimTypes.TenantId }, SubjectClaimsToExclude = new List <string> { "customClaimTypeToExclude" } }; var target = new TokenExchangeResultBuilder(this.loggerMock.Object, options); var expectedClaims = new List <Claim> { new Claim(JwtClaimTypes.Subject, "testSubject"), new Claim(JwtClaimTypes.IdentityProvider, "subjectIdp"), new Claim("customClaim1", "value1"), new Claim("customClaim2", "value2"), }; var actorTokenValidationResult = SuccessActorTokenValidationResult(); var subjectTokenValidationResult = SuccessSubjectTokenValidationResult(); var subjectTokenClaims = new List <Claim> { new Claim("customClaimTypeToExclude", "customClaimToExclude") }; subjectTokenClaims.AddRange(expectedClaims); subjectTokenValidationResult.Claims = subjectTokenClaims; // Act var result = target .WithActor(actorTokenValidationResult) .WithSubject(subjectTokenValidationResult) .Build(); // Assert Assert.IsFalse(result.IsError); foreach (var expectedClaim in expectedClaims) { var resultClaim = result.Subject.Claims.SingleOrDefault(c => c.Type.Equals(expectedClaim.Type)); Assert.IsNotNull(resultClaim); Assert.AreEqual(expectedClaim.Value, resultClaim.Value); } Assert.IsFalse(result.Subject.Claims.Any(c => c.Type.Equals("customClaimTypeToExclude"))); }
public void Build_ErrorDescription_ErrorResult() { // Arrange var target = new TokenExchangeResultBuilder(this.loggerMock.Object, new TokenExchangeOptions()); var expectedErrorDescription = "Invalid test request no subject"; // Act var result = target .WithError(TokenRequestErrors.InvalidRequest, expectedErrorDescription) .Build(); // Assert Assert.IsTrue(result.IsError); Assert.AreEqual(InvalidRequestError, result.Error); Assert.AreEqual(expectedErrorDescription, result.ErrorDescription); this.loggerMock.VerifyLogError(expectedErrorDescription); }
public void Build_InvalidSubject_ThrowsException() { // Arrange var target = new TokenExchangeResultBuilder(this.loggerMock.Object, new TokenExchangeOptions()); var subjectTokenValidationResult = new TokenValidationResult { }; // Act var result = Assert.ThrowsException <InvalidOperationException>(() => target .WithSubject(subjectTokenValidationResult) .Build()); // Assert Assert.AreEqual("Subject proprieties are missing", result.Message); }
public void Build_NoSubject_SuccessResultMapsExistingActClaimToClient() { // Arrange var target = new TokenExchangeResultBuilder(this.loggerMock.Object, new TokenExchangeOptions()); var expectedActClaim = "{\"client_id\":\"client_id_from_actor\",\"tenantId\":\"1\",\"client_act\":{\"client_id\":\"api2\",\"client_act\":{\"client_id\":\"api1\"}}}"; var actorTokenValidationResult = new TokenValidationResult { Client = new Client { ClientId = "client_id_from_actor", }, Claims = new List <Claim> { new Claim("tenantId", "1") }, }; var subjectTokenValidationResult = new TokenValidationResult { Client = new Client { ClientId = "client_id_from_subject" }, Claims = new List <Claim> { new Claim("tenantId", "2"), new Claim(TokenExchangeConstants.ClaimTypes.ClientAct, "{\"client_id\":\"api2\",\"client_act\":{\"client_id\":\"api1\"}}"), } }; // Act var result = target .WithActor(actorTokenValidationResult) .WithSubject(subjectTokenValidationResult) .Build(); // Assert Assert.IsFalse(result.IsError); Assert.IsNull(result.Subject); Assert.AreEqual(subjectTokenValidationResult.Client.ClientId, result.Client.ClientId); var actClaim = result.Client.Claims.SingleOrDefault(c => c.Type.Equals(TokenExchangeConstants.ClaimTypes.Act)); Assert.IsNotNull(actClaim); Assert.AreEqual(expectedActClaim, actClaim.Value); }
public void Build_ValidSubject_SuccessResultMapsNewActClaim() { // Arrange var expectedActClaim = "{\"client_id\":\"client_id_from_actor\",\"sub\":\"aClientSub\",\"tenantId\":\"2\",\"aCustomClaimToMap\":\"aCustomClaimValueToMap\"}"; var options = new TokenExchangeOptions { ActorClaimsToInclude = new List <string> { JwtClaimTypes.Subject, TokenExchangeConstants.ClaimTypes.TenantId, "aCustomClaimToMap" }, SubjectClaimsToExclude = new List <string>() }; var target = new TokenExchangeResultBuilder(this.loggerMock.Object, options); var actorTokenValidationResult = SuccessActorTokenValidationResult(); var actorTokenClaims = new List <Claim> { new Claim(JwtClaimTypes.Subject, "aClientSub"), new Claim(TokenExchangeConstants.ClaimTypes.TenantId, "2"), new Claim("aCustomClaimToMap", "aCustomClaimValueToMap"), new Claim("aCustomClaimToExclude", "aCustomClaimValueToExclude"), }; actorTokenValidationResult.Claims = actorTokenClaims; var subjectTokenValidationResult = SuccessSubjectTokenValidationResult(); // Act var result = target .WithActor(actorTokenValidationResult) .WithSubject(subjectTokenValidationResult) .Build(); // Assert Assert.IsFalse(result.IsError); var actClaim = result.Subject.Claims.SingleOrDefault(c => c.Type.Equals(TokenExchangeConstants.ClaimTypes.Act)); Assert.IsNotNull(actClaim); Assert.AreEqual(expectedActClaim, actClaim.Value); }
public void Build_ValidRequest_SuccessResultMapsClientFromSubject() { // Arrange var target = new TokenExchangeResultBuilder(this.loggerMock.Object, new TokenExchangeOptions()); var actorTokenValidationResult = SuccessActorTokenValidationResult(); var subjectTokenValidationResult = SuccessSubjectTokenValidationResult(); // Act var result = target .WithActor(actorTokenValidationResult) .WithSubject(subjectTokenValidationResult) .Build(); // Assert Assert.IsFalse(result.IsError); Assert.AreEqual(subjectTokenValidationResult.Client.ClientId, result.Client.ClientId); foreach (var expectedClaim in subjectTokenValidationResult.Client.Claims) { var resultClaim = result.Client.Claims.SingleOrDefault(c => c.Type.Equals(expectedClaim.Type)); Assert.IsNotNull(resultClaim); Assert.AreEqual(expectedClaim.Value, resultClaim.Value); } }