public JwtTokenExtractor(TokenValidationParameters tokenValidationParameters, string metadataUrl)
{
// Make our own copy so we can edit it
_tokenValidationParameters = tokenValidationParameters.Clone();
if (!_openIdMetadataCache.ContainsKey(metadataUrl))
_openIdMetadataCache[metadataUrl] = new ConfigurationManager<OpenIdConnectConfiguration>(metadataUrl);
_openIdMetadata = _openIdMetadataCache[metadataUrl];
_tokenValidationParameters.ValidateAudience = true;
_tokenValidationParameters.RequireSignedTokens = true;
}
public static void ValidateTokenReplay(string securityToken, ISecurityTokenValidator tokenValidator, TokenValidationParameters validationParameters)
{
TokenValidationParameters tvp = validationParameters.Clone() as TokenValidationParameters;
Microsoft.IdentityModel.Test.TokenReplayCache replayCache =
new Microsoft.IdentityModel.Test.TokenReplayCache()
{
OnAddReturnValue = true,
OnFindReturnValue = false,
};
tvp.TokenReplayCache = replayCache;
TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.NoExceptionExpected);
replayCache.OnFindReturnValue = true;
TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.SecurityTokenReplayDetected());
replayCache.OnFindReturnValue = false;
replayCache.OnAddReturnValue = false;
TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.SecurityTokenReplayAddFailed());
}
public void TokenValidationParameters_Publics()
{
TokenValidationParameters validationParameters = new TokenValidationParameters();
Type type = typeof(TokenValidationParameters);
PropertyInfo[] properties = type.GetProperties();
if (properties.Length != 30)
Assert.Fail("Number of properties has changed from 30 to: " + properties.Length + ", adjust tests");
SecurityKey issuerSigningKey = KeyingMaterial.DefaultSymmetricSecurityKey_256;
SecurityKey issuerSigningKey2 = KeyingMaterial.SymmetricSecurityKey2_256;
List<SecurityKey> issuerSigningKeys =
new List<SecurityKey>
{
KeyingMaterial.DefaultSymmetricSecurityKey_256,
KeyingMaterial.SymmetricSecurityKey2_256
};
List<SecurityKey> issuerSigningKeysDup =
new List<SecurityKey>
{
new InMemorySymmetricSecurityKey(KeyingMaterial.SymmetricKeyBytes2_256),
new InMemorySymmetricSecurityKey(KeyingMaterial.DefaultSymmetricKeyBytes_256)
};
string validAudience = "ValidAudience";
List<string> validAudiences = new List<string>{ validAudience };
string validIssuer = "ValidIssuer";
List<string> validIssuers = new List<string>{ validIssuer };
TokenValidationParameters validationParametersInline = new TokenValidationParameters()
{
AudienceValidator = IdentityUtilities.AudienceValidatorDoesNotThrow,
IssuerSigningKey = issuerSigningKey,
IssuerSigningKeyResolver = (token, securityToken, keyIdentifier, tvp) => { return issuerSigningKey; },
IssuerSigningKeys = issuerSigningKeys,
IssuerValidator = IdentityUtilities.IssuerValidatorEcho,
LifetimeValidator = IdentityUtilities.LifetimeValidatorDoesNotThrow,
SaveSigninToken = true,
ValidateAudience = false,
ValidateIssuer = false,
ValidAudience = validAudience,
ValidAudiences = validAudiences,
ValidIssuer = validIssuer,
ValidIssuers = validIssuers,
};
Assert.IsTrue(object.ReferenceEquals(validationParametersInline.IssuerSigningKey, issuerSigningKey));
Assert.IsTrue(validationParametersInline.SaveSigninToken);
Assert.IsFalse(validationParametersInline.ValidateAudience);
Assert.IsFalse(validationParametersInline.ValidateIssuer);
Assert.IsTrue(object.ReferenceEquals(validationParametersInline.ValidAudience, validAudience));
Assert.IsTrue(object.ReferenceEquals(validationParametersInline.ValidAudiences, validAudiences));
Assert.IsTrue(object.ReferenceEquals(validationParametersInline.ValidIssuer, validIssuer));
TokenValidationParameters validationParametersSets = new TokenValidationParameters();
validationParametersSets.AudienceValidator = IdentityUtilities.AudienceValidatorDoesNotThrow;
validationParametersSets.IssuerSigningKey = new InMemorySymmetricSecurityKey(KeyingMaterial.DefaultSymmetricKeyBytes_256);
validationParametersSets.IssuerSigningKeyResolver = (token, securityToken, keyIdentifier, tvp) => { return issuerSigningKey2; };
validationParametersSets.IssuerSigningKeys = issuerSigningKeysDup;
validationParametersSets.IssuerValidator = IdentityUtilities.IssuerValidatorEcho;
validationParametersSets.LifetimeValidator = IdentityUtilities.LifetimeValidatorDoesNotThrow;
validationParametersSets.SaveSigninToken = true;
validationParametersSets.ValidateAudience = false;
validationParametersSets.ValidateIssuer = false;
validationParametersSets.ValidAudience = validAudience;
validationParametersSets.ValidAudiences = validAudiences;
validationParametersSets.ValidIssuer = validIssuer;
validationParametersSets.ValidIssuers = validIssuers;
Assert.IsTrue(IdentityComparer.AreEqual<TokenValidationParameters>(validationParametersInline, validationParametersSets));
var tokenValidationParametersCloned = validationParametersInline.Clone();
Assert.IsTrue(IdentityComparer.AreEqual<TokenValidationParameters>(tokenValidationParametersCloned, validationParametersInline));
//tokenValidationParametersCloned.AudienceValidator(new string[]{"bob"}, JwtTestTokens.Simple();
string id = Guid.NewGuid().ToString();
DerivedTokenValidationParameters derivedValidationParameters = new DerivedTokenValidationParameters(id, validationParametersInline);
DerivedTokenValidationParameters derivedValidationParametersCloned = derivedValidationParameters.Clone() as DerivedTokenValidationParameters;
Assert.IsTrue(IdentityComparer.AreEqual<TokenValidationParameters>(derivedValidationParameters, derivedValidationParametersCloned));
Assert.AreEqual(derivedValidationParameters.InternalString, derivedValidationParametersCloned.InternalString);
}
