public async Task IssueAndRefreshAccessTokenWithLongTerm() { string longTermExpiry = "XRefreshExpiry"; var jwtService = JwtServiceFactory.Create( TimeSpan.FromSeconds(1), TimeSpan.FromSeconds(2), TimeSpan.FromSeconds(5), longTermExpiry, TimeSpan.FromSeconds(1)); var user = GetUser(); var access = jwtService .IssueAccessToken(user.id, user.name, user.roles, true); await Task.Delay(4000); var refreshedAccess = jwtService .RefreshAccessToken( access.Tokens.AccessToken.Value, access.Tokens.RefreshToken.Value); Assert.True(refreshedAccess.Result == JwtTokenResult.TokenResult.Ok); var refreshDetails = new JwtTokenDetails() .Get(refreshedAccess.Tokens.RefreshToken.Value); Assert.True(refreshDetails.Expiration > DateTime.UtcNow.AddSeconds(2) && refreshDetails.Expiration < DateTime.UtcNow.AddSeconds(5)); Assert.Contains(refreshDetails.Claims, x => x.Type.Equals(longTermExpiry) && x.Value.Equals(Boolean.TrueString)); }
public void IssueAccessTokenWithLongTermRefresh() { string longTermExpiry = "XRefreshExpiry"; var jwtService = JwtServiceFactory.Create( TimeSpan.FromSeconds(10), TimeSpan.FromMinutes(5), TimeSpan.FromHours(1), longTermExpiry, TimeSpan.FromSeconds(10)); var user = GetUser(); var access = jwtService .IssueAccessToken(user.id, user.name, user.roles, true); Assert.True(access.Result == JwtTokenResult.TokenResult.Ok); Assert.NotNull(access.Tokens); Assert.NotNull(access.Tokens.AccessToken); Assert.NotNull(access.Tokens.RefreshToken); var refreshDetails = new JwtTokenDetails() .Get(access.Tokens.RefreshToken.Value); Assert.True(refreshDetails.Expiration > DateTime.UtcNow.AddMinutes(5) && refreshDetails.Expiration < DateTime.UtcNow.AddMinutes(60)); Assert.Contains(refreshDetails.Claims, x => x.Type.Equals(longTermExpiry) && x.Value.Equals(Boolean.TrueString)); }
/// <summary> /// Validate current JWT server authorization token and renew if expired /// </summary> /// <param name="context">context</param> /// <returns>true if authorization server's authorization token is valid, false if not</returns> private async Task <bool> Validate(IWorkContext context, bool renewIfRequired = true) { Verify.IsNotNull(nameof(context), context); if (_jwtTokenDetails != null && !_jwtTokenDetails.IsExpired) { return(true); } string requestToken = await _clientTokenManager.CreateRequestToken(context); if (requestToken == null || !renewIfRequired) { return(false); } RestResponse <string> response = await _clientTokenManager.RequestServerAuthorizationToken(context, requestToken); response.AssertSuccessStatusCode(context); Verify.IsNotNull(nameof(response.Value), response.Value); JwtTokenDetails jwtToken = await _clientTokenManager.ParseAuthorizationToken(context, response.Value); _jwtTokenDetails = jwtToken; return(true); }
public void IssueTokenAndAssertDetails() { var jwtService = JwtServiceFactory.Create( TimeSpan.FromSeconds(10), TimeSpan.FromMinutes(5), TimeSpan.FromSeconds(10)); var user = GetUserWithCustomClaime(); var tokenModel = jwtService .IssueAccessToken(user.id, user.name, user.roles, user.claims); var tokenDetails = new JwtTokenDetails() .Get(tokenModel.Tokens.AccessToken.Value); Assert.Equal(tokenModel.Tokens.AccessToken.Expiration.ToShortTimeString(), tokenDetails.Expiration.ToShortTimeString()); Assert.Equal(tokenModel.Tokens.AccessToken.Jti, tokenDetails.Jti); Assert.Equal(user.id, tokenDetails.Subject); Assert.All(tokenDetails.Roles, role => user.roles.Contains(role)); }
/// <summary> /// Create JWT token for access to server /// </summary> /// <param name="context">context</param> /// <param name="requestToken"></param> /// <returns></returns> public async Task <string> CreateAutorizationToken(IWorkContext context, string requestToken) { Verify.IsNotNull(nameof(context), context); Verify.IsNotEmpty(nameof(requestToken), requestToken); context = context.WithTag(_tag); var certificateList = new List <X509Certificate2>(); foreach (var item in _configuration.TokenAuthorizationRequestCertificateKeys) { certificateList.Add(await _certificateRepository.GetCertificate(context, item, true)); } JwtTokenParser requestTokenParser = new JwtTokenParserBuilder() .AddCertificates(certificateList) .AddValidIssuers(_configuration.ValidIssuers) .Build(); JwtTokenDetails details = requestTokenParser.Parse(context, requestToken); if (details == null || details.JwtSecurityToken.Payload.Sub.IsEmpty()) { NetEventSource.Log.Verbose(context, "Payload.Sub is empty"); return(null); } IdentityPrincipal identity = await _identityRepository.GetAsync(context, new PrincipalId(details.JwtSecurityToken.Payload.Sub)); // If JWT subject is a valid issuer, then this should be a service principal if (_configuration.ValidIssuers.Any(x => x == details.JwtSecurityToken.Payload.Sub)) { if (identity == null) { identity = new IdentityPrincipal(new PrincipalId(details.JwtSecurityToken.Payload.Sub), IdentityPrincipalType.Service); } else { if (identity.PrincipalType != IdentityPrincipalType.Service) { NetEventSource.Log.Verbose(context, $"Identity {details.JwtSecurityToken.Payload.Sub} is not a service principal"); return(null); } } } else { // Identity principal does not exist if (identity == null) { NetEventSource.Log.Verbose(context, $"Identity {details.JwtSecurityToken.Payload.Sub} does not exist"); return(null); } } DateTime expires = DateTime.UtcNow + _configuration.TokenAuthorization.GoodFor; identity = identity.With(ApiKey.CreateApiKey(expires)); await _identityRepository.SetAsync(context, identity); X509Certificate2 certificate = await _certificateRepository.GetCertificate( context, _configuration.TokenAuthorization.AuthorizationSigningCertificateKey, throwOnNotFound : true); string token = new JwtTokenBuilder() .AddSubject(identity.PrincipalId) .SetAudience(_configuration.TokenAuthorization.Audience) .SetIssuer(_configuration.TokenAuthorization.Issuer) .SetExpires(expires) .SetIssuedAt(DateTime.Now) .SetWebKey(identity.ApiKey.Value) .SetCertificate(certificate) .Build(); return(token); }