private void GetSigningTokens(string webKeySetString, List<SecurityToken> expectedTokens, ExpectedException expectedException)
{
JsonWebKeySet webKeySet = new JsonWebKeySet(webKeySetString);
try
{
IList<SecurityToken> tokens = webKeySet.GetSigningTokens();
expectedException.ProcessNoException();
if (expectedTokens != null)
{
Assert.IsTrue(IdentityComparer.AreEqual<IEnumerable<SecurityToken>>(tokens, expectedTokens));
}
}
catch (Exception ex)
{
expectedException.ProcessException(ex);
}
}
private void ValidateTokenAndSignin(JObject payload)
{
//Get the key set from http://localhost:62733/.well-known/jwks
var jsonString =
"{\"keys\":[{\"kty\":\"RSA\",\"alg\":\"RS256\"," +
"\"use\":\"sig\",\"x5t\":\"BSxeQhXNDB4VBeCOavOtvvv9eCI\"," +
"\"x5c\":[\"MIIDPjCCAiqgAwIBAgIQlLEp+P+WKYtEAemhSKSUTTAJBgUrDgMCHQUAMC0xKzApBgNVBAMTIk93aW4uU2VjdXJpdHkuT3BlbklkQ29ubmVjdC5TZXJ2ZXIwHhcNOTkxMjMxMjIwMDAwWhcNNDkxMjMxMjIwMDAwWjAtMSswKQYDVQQDEyJPd2luLlNlY3VyaXR5Lk9wZW5JZENvbm5lY3QuU2VydmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwD/4uMNSIu+JlPRrtFR8Tm2LAwSOmglvJai6edFrdvDvk6xWzxYkMoIt4v13lFiIAUfI1vyZ1M0hWQfrifyweuzZu06DyWTUZkp9ervhTxK27HFN7XTuaRxHaXLR4KnhA+Nk8bBXN895OZh9g9Hf5+zsHpe17zgikwcyZtF+9OEG16oz7lKRgXGCIeeVZuSZ5Qf4yePwKMZqsx+lTOiZJ3JMs+gytvIpdZ1NWzcMX0XTcVTgvnBeU0O3NR6DQ41+SrGsojk11bd6kP6mVmDkA0K9kc2eh7q1wyJOeTNuCKRqLthwJ5m46/KRsxgY7ND6qHc1L60SqsFlYCJNEy7EdwIDAQABo2IwYDBeBgNVHQEEVzBVgBDQX+HKPiztLNvT3jQeBXqToS8wLTErMCkGA1UEAxMiT3dpbi5TZWN1cml0eS5PcGVuSWRDb25uZWN0LlNlcnZlcoIQlLEp+P+WKYtEAemhSKSUTTAJBgUrDgMCHQUAA4IBAQCxbCF5thB+ypGpudLAjv+l3M2VhNITJeR9j7jMlCSMVHvW7iMOL5W++zKvHMMAWuITLgPXTZ4ktsjeVQxWdnS2IcU7SwB9SeLbOMk4lLizoUevkiNaf6v+Hskm5LiH6+k8Zsl0INHyIjF9XlALTh91EqQ820cotDXaQIhHabQy892+dBmGWhSE1kP56IvOPzlLdSTkrcfcOu9gzwPVfuTDWH8Hrmo3FXz/fADmE7ea+yE1ZBeKhaN8kaFTs5zrprJ1BnmegnrjDY3RFgqcTTetahv0VBS0/jHSTIsAXflEPGW7LbHimzcgMytFU4fFtPVbek5eunakhu/JdENbbVmT\"]}]}";
var jsonWebKeySet = new JsonWebKeySet(jsonString);
var parameters = new TokenValidationParameters
{
ValidAudience = Clients.Client3.Id,
ValidIssuer = "http://localhost:62733",
IssuerSigningToken = jsonWebKeySet.GetSigningTokens().First()
};
/**
* This is example of loading signing public key explicityl
* //SigningToken = new X509SecurityToken(
// X509
// .LocalMachine
// .TrustedPeople
// .SubjectDistinguishedName
// .Find("CN=idsrv3test", false)
// .First())
* **/
var idToken = payload.SelectToken("id_token").ToString();
var accessToken = payload.SelectToken("access_token").ToString();
var refreshToken = payload.SelectToken("refresh_token").ToString();
long expiresIn = 0; //seconds
long.TryParse(payload.SelectToken("expires_in").ToString(), out expiresIn);
SecurityToken jwt;
var id = new JwtSecurityTokenHandler().ValidateToken(idToken, parameters, out jwt);
var claims = new List<Claim>(from c in id.Claims
where c.Type != "iss" &&
c.Type != "aud" &&
c.Type != "nbf" &&
c.Type != "exp" &&
c.Type != "iat" &&
c.Type != "amr" &&
c.Type != "idp" &&
c.Type != "nonce"
select c);
if (!string.IsNullOrWhiteSpace(accessToken))
{
claims.Add(new Claim("access_token", accessToken));
// claims.Add(new Claim("expires_at", (DateTime.UtcNow + expiresIn).ToDateTimeFromEpoch().ToString()));
}
if (!string.IsNullOrWhiteSpace(refreshToken))
{
claims.Add(new Claim("refresh_token", refreshToken));
}
if (!string.IsNullOrWhiteSpace(idToken))
{
claims.Add(new Claim("id_token",idToken));
}
var newid = new ClaimsIdentity(claims, "CodeClientCookie");
Request.GetOwinContext().Authentication.SignIn(newid);
}
