public async Task When_Passing_Null_Parameter_To_CheckAccessToken_Then_Exception_Is_Thrown()
        {
            // ARRANGE
            InitializeFakeObjects();

            // ACT & ASSERT
            await Assert.ThrowsAsync <ArgumentNullException>(() => _grantedTokenValidator.CheckAccessTokenAsync(null));
        }
Example #2
0
        private async Task <GetSubjectResult> GetSubject()
        {
            var accessToken = GetAccessTokenFromAuthorizationHeader();

            if (string.IsNullOrWhiteSpace(accessToken))
            {
                return(new GetSubjectResult(this.BuildError(ErrorCodes.InvalidToken, string.Empty)));
            }

            GrantedTokenValidationResult valResult;

            if (!((valResult = await _grantedTokenValidator.CheckAccessTokenAsync(accessToken)).IsValid))
            {
                return(new GetSubjectResult(this.BuildError(valResult.MessageErrorCode, valResult.MessageErrorDescription)));
            }

            var grantedToken = await _grantedTokenRepository.GetTokenAsync(accessToken);

            if (grantedToken == null || grantedToken.IdTokenPayLoad == null)
            {
                return(new GetSubjectResult(this.BuildError(ErrorCodes.UnhandledExceptionCode, Constants.ErrorMessages.SubjectDoesntExist)));
            }

            return(new GetSubjectResult(grantedToken.IdTokenPayLoad.GetClaimValue(SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject)));
        }
Example #3
0
        public async Task <UserInfoResult> Execute(string accessToken)
        {
            if (string.IsNullOrWhiteSpace(accessToken))
            {
                throw new ArgumentNullException(nameof(accessToken));
            }

            // Check if the access token is still valid otherwise raise an authorization exception.
            GrantedTokenValidationResult valResult;

            if (!((valResult = await _grantedTokenValidator.CheckAccessTokenAsync(accessToken)).IsValid))
            {
                throw new AuthorizationException(valResult.MessageErrorCode, valResult.MessageErrorDescription);
            }

            var grantedToken = await _tokenStore.GetAccessToken(accessToken);

            var client = await _clientRepository.GetClientByIdAsync(grantedToken.ClientId);

            if (client == null)
            {
                throw new IdentityServerException(ErrorCodes.InvalidToken, string.Format(ErrorDescriptions.TheClientIdDoesntExist, grantedToken.ClientId));
            }

            var signedResponseAlg      = client.GetUserInfoSignedResponseAlg();
            var userInformationPayload = grantedToken.UserInfoPayLoad;

            if (userInformationPayload == null)
            {
                throw new IdentityServerException(ErrorCodes.InvalidToken, ErrorDescriptions.TheTokenIsNotAValidResourceOwnerToken);
            }

            if (signedResponseAlg == null ||
                signedResponseAlg.Value == JwsAlg.none)
            {
                var objectResult = new ObjectResult(grantedToken.UserInfoPayLoad)
                {
                    StatusCode = (int)HttpStatusCode.OK
                };
                objectResult.ContentTypes.Add(new MediaTypeHeaderValue("application/json"));
                objectResult.Formatters.Add(new JsonOutputFormatter(new JsonSerializerSettings(), ArrayPool <char> .Shared));
                return(new UserInfoResult
                {
                    Content = objectResult
                });
            }

            var jwt = await _jwtGenerator.SignAsync(userInformationPayload,
                                                    signedResponseAlg.Value);

            var encryptedResponseAlg = client.GetUserInfoEncryptedResponseAlg();
            var encryptedResponseEnc = client.GetUserInfoEncryptedResponseEnc();

            if (encryptedResponseAlg != null)
            {
                if (encryptedResponseEnc == null)
                {
                    encryptedResponseEnc = JweEnc.A128CBC_HS256;
                }

                jwt = await _jwtGenerator.EncryptAsync(jwt,
                                                       encryptedResponseAlg.Value,
                                                       encryptedResponseEnc.Value);
            }

            return(new UserInfoResult
            {
                Content = new ContentResult
                {
                    Content = jwt,
                    StatusCode = (int)HttpStatusCode.OK,
                    ContentType = "application/jwt",
                }
            });
        }