/// <summary>
        /// Validates the token with custom logic.
        /// </summary>
        public static void Manual(IntrospectionTokenModel itm)
        {
            var            jwt    = new JwtSecurityToken(itm.AccessToken);
            IList <string> errors = new List <string>();

            if (!VerifyIssuer(jwt.Issuer, itm.ServerAuthorityAddress))
            {
                errors.Add($"Mismatch of issuer. Expected: {itm.ServerAuthorityAddress} but found : {jwt.Issuer}");
            }

            var authTime = int.Parse(jwt.Claims.First(x => x.Type == "auth_time").Value).ToDateTimeFromEpoch();

            if (jwt.ValidTo < DateTime.Now)
            {
                errors.Add($"The token is expired.  exp : {jwt.ValidTo}");
            }

            if (jwt.ValidTo.Subtract(authTime) != jwt.ValidTo.Subtract(jwt.ValidFrom))
            {
                errors.Add($"The auth time of the token ({authTime} is not the same as nbf value : {jwt.ValidFrom}");
            }

            if (jwt.ValidTo > DateTime.Now && jwt.ValidTo - jwt.ValidFrom != new TimeSpan(0, 0, itm.ExpireIn))
            {
                errors.Add(
                    $"The token should expire in : {itm.ExpireIn} seconds but it expires in {(jwt.ValidTo - jwt.ValidFrom).Seconds}");
            }

            if (!jwt.Claims.First(x => x.Type == "sub").Value.Equals(itm.UserId))
            {
                errors.Add(
                    $"Expected value of the sub : {itm.UserId} but the token contained : {jwt.Claims.First(x => x.Type == "sub").Value}");
            }

            if (jwt.Claims.Where(x => x.Type == "scope").All(y => y.Value != itm.ScopeName))
            {
                errors.Add($"The token does not contain the expected scope: {itm.ScopeName}");
            }

            if (!jwt.Claims.First(x => x.Type == "client_id").Value.Equals(itm.ClientId))
            {
                errors.Add($"The token does not contain the expected client_id: {itm.ClientId}");
            }

            if (errors.Count > 0)
            {
                Console.WriteLine();
                Console.WriteLine("//////////////////////////////////////");
                foreach (var error in errors)
                {
                    Console.WriteLine(error);
                }
                Console.WriteLine("//////////////////////////////////////");
            }
            else
            {
                Console.WriteLine("The token for the given scope is valid.");
            }
        }
Ejemplo n.º 2
0
        /// <summary>
        ///     Introspection of access token using Identity Server 4's Introspect Client to connect to the introspection endpoint.
        /// </summary>
        public static async Task <IntrospectionResponse> OfAccessToken(IntrospectionTokenModel itm)
        {
            var introspectionClient = new IntrospectionClient(
                itm.IntrospectionPath,
                itm.ScopeName,
                itm.ScopePassword
                );


            return(await introspectionClient.SendAsync(new IntrospectionRequest
            {
                Token = itm.AccessToken
            }));
        }
        /// <summary>
        ///     Introspection of accesstoken using httpClient to connect to the introspection endpoint.
        /// </summary>
        public static async Task <IntrospectionResponse> OfAccessToken(IntrospectionTokenModel itm)
        {
            using (var httpClient = new HttpClient())
            {
                httpClient.SetToken("Basic", GetAuthenticationString(itm.ScopeName, itm.ScopePassword));

                var form = new FormUrlEncodedContent(new[]
                {
                    new KeyValuePair <string, string>("token", itm.AccessToken)
                });


                var response = await httpClient.PostAsync(itm.IntrospectionPath, form);

                var result = await response.Content.ReadAsStringAsync();

                return(new IntrospectionResponse(result));
            }
        }
Ejemplo n.º 4
0
        /// <summary>
        ///     Parses the arguments.
        /// </summary>
        /// <param name="args"></param>
        private static IntrospectionTokenModel ParseArgs(string[] args)
        {
            //&& !IsHttpsAddress(args[0])
            var itm = new IntrospectionTokenModel();

            if (ValidateIntrospectionPath(args[0]))
            {
                itm.ServerAuthorityAddress = args[0];
                itm.IntrospectionPath      = args[0] + "/connect/introspect";
            }
            else
            {
                Console.WriteLine("Make sure that the serverAuthorityAddress is valid");
                Environment.Exit(1);
            }

            itm.ScopeName     = args[1];
            itm.ScopePassword = args[2];
            itm.AccessToken   = args[3];

            return(itm);
        }