public void GetAccessTokenWithTotallyFakeToken()
{
var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));
var requestHeaders = new NameValueCollection {
{ "Authorization", "Bearer foobar" },
};
var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
Assert.That(() => resourceServer.GetAccessTokenAsync(request).GetAwaiter().GetResult(), Throws.InstanceOf <ProtocolException>());
}
public async Task GetAccessTokenWithCorruptedToken()
{
var accessToken = await this.ObtainValidAccessTokenAsync();
var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));
var requestHeaders = new NameValueCollection {
{ "Authorization", "Bearer " + accessToken.Substring(0, accessToken.Length - 1) + "zzz" },
};
var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
Assert.That(() => resourceServer.GetAccessTokenAsync(request).GetAwaiter().GetResult(), Throws.InstanceOf <ProtocolException>());
}
public async Task GetAccessTokenWithValidToken()
{
var accessToken = await this.ObtainValidAccessTokenAsync();
var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(AsymmetricKey, null));
var requestHeaders = new NameValueCollection {
{ "Authorization", "Bearer " + accessToken },
};
var request = new HttpRequestInfo("GET", new Uri("http://localhost/resource"), headers: requestHeaders);
var resourceServerDecodedToken = await resourceServer.GetAccessTokenAsync(request);
Assert.That(resourceServerDecodedToken, Is.Not.Null);
}
public async Task <ActionResult> Info(string accessToken)
{
try
{
var at = await _authorizationServer.GetAccessTokenAsync(Request);
return(Json(new
{
Id = at.User,
Claims = _userStore.Users.ContainsKey(at.User) ? _userStore.Users[at.User] : new List <Tuple <string, string> >()
}, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
throw;
}
}
