public void when_using_wrong_key_should_not_be_able_to_verify()
{
var encoding = new EncodingParameters("foo");
var token = new RS256Signature(_asymmetricKey).Sign(encoding);
var subject = new HS256Signature(_symmetricKey);
var decoded = subject.Verify(token);
decoded.Should().BeNull();
}
public void asymmetric_signed_result_should_be_able_to_verifed()
{
var subject = new RS256Signature(_asymmetricKey);
var encoding = new EncodingParameters("foo");
var token = subject.Sign(encoding);
var decoded = subject.Verify(token);
decoded.AccessToken.Should().Be("foo");
}
public void alg_mismatch_should_fail_validation()
{
var hs256 = new HS256Signature(_symmetricKey);
var hs384 = new HS384Signature(_symmetricKey);
var hs512 = new HS512Signature(_symmetricKey);
var rs256 = new RS256Signature(_asymmetricKey);
var rs384 = new RS384Signature(_asymmetricKey);
var rs512 = new RS512Signature(_asymmetricKey);
var encoding = new EncodingParameters("foo");
hs256.Verify(hs384.Sign(encoding)).Should().BeNull();
hs384.Verify(hs512.Sign(encoding)).Should().BeNull();
hs512.Verify(hs256.Sign(encoding)).Should().BeNull();
rs256.Verify(rs512.Sign(encoding)).Should().BeNull();
rs384.Verify(rs256.Sign(encoding)).Should().BeNull();
rs512.Verify(rs384.Sign(encoding)).Should().BeNull();
rs512.Verify(hs512.Sign(encoding)).Should().BeNull();
hs512.Verify(rs512.Sign(encoding)).Should().BeNull();
}
private async void api_Click(object sender, RoutedEventArgs e)
{
var baseAddress = Sample.Constants.AspNetWebApiSampleApiUsingPoP;
var signature = new RS256Signature(_provider);
var signingHandler = new HttpSigningMessageHandler(signature);
var client = new HttpClient(signingHandler)
{
BaseAddress = new Uri(baseAddress)
};
client.SetToken("PoP", _result?.AccessToken);
var response = await client.GetAsync("identity");
var sb = new StringBuilder(128);
sb.AppendLine($"{(int)response.StatusCode}, {response.StatusCode}");
var json = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode)
{
var values = JArray.Parse(json);
foreach (JObject item in values)
{
sb.AppendLine($"{item["type"].ToString()}, {item["value"].ToString()}");
}
}
else
{
sb.AppendLine(json);
}
IdentityTextBox.Text = sb.ToString();
}
private async void api_Click(object sender, RoutedEventArgs e)
{
var baseAddress = Sample.Constants.AspNetWebApiSampleApiUsingPoP;
var signature = new RS256Signature(_provider);
var signingHandler = new HttpSigningMessageHandler(signature);
var client = new HttpClient(signingHandler)
{
BaseAddress = new Uri(baseAddress)
};
client.SetToken("PoP", _result?.AccessToken);
var response = await client.GetAsync("identity");
var sb = new StringBuilder(128);
sb.AppendLine($"{(int)response.StatusCode}, {response.StatusCode}");
var json = await response.Content.ReadAsStringAsync();
if (response.IsSuccessStatusCode)
{
var values = JArray.Parse(json);
foreach (JObject item in values)
{
sb.AppendLine($"{item["type"].ToString()}, {item["value"].ToString()}");
}
}
else
{
sb.AppendLine(json);
}
IdentityTextBox.Text = sb.ToString();
}
