public async Task RevokeRefreshTokens()
{
var customToken = await this.Auth.CreateCustomTokenAsync("testuser");
var idToken = await AuthIntegrationUtils.SignInWithCustomTokenAsync(
customToken, this.fixture.TenantId);
await this.AssertValidIdTokenAsync(idToken, true);
await Task.Delay(1000);
await this.Auth.RevokeRefreshTokensAsync("testuser");
await this.AssertValidIdTokenAsync(idToken);
var exception = await Assert.ThrowsAsync <FirebaseAuthException>(
() => this.Auth.VerifyIdTokenAsync(idToken, true));
Assert.Equal(ErrorCode.InvalidArgument, exception.ErrorCode);
Assert.Equal(AuthErrorCode.RevokedIdToken, exception.AuthErrorCode);
idToken = await AuthIntegrationUtils.SignInWithCustomTokenAsync(
customToken, this.fixture.TenantId);
await this.AssertValidIdTokenAsync(idToken, true);
}
public async Task CreateCustomTokenWithoutServiceAccount()
{
var googleCred = FirebaseApp.DefaultInstance.Options.Credential;
var serviceAcct = (ServiceAccountCredential)googleCred.UnderlyingCredential;
var token = await((ITokenAccess)googleCred).GetAccessTokenForRequestAsync();
var app = FirebaseApp.Create(
new AppOptions()
{
Credential = GoogleCredential.FromAccessToken(token),
ServiceAccountId = serviceAcct.Id,
ProjectId = serviceAcct.ProjectId,
}, "IAMSignApp");
try
{
var auth = this.fixture.AuthFromApp(app);
var customToken = await this.Auth.CreateCustomTokenAsync("testuser");
var idToken = await AuthIntegrationUtils.SignInWithCustomTokenAsync(
customToken, this.fixture.TenantId);
await this.AssertValidIdTokenAsync(idToken);
}
finally
{
app.Delete();
}
}
public async Task PasswordResetLink()
{
var user = await this.userBuilder.CreateRandomUserAsync();
var link = await this.Auth.GeneratePasswordResetLinkAsync(
user.Email, EmailLinkSettings);
var uri = new Uri(link);
var query = HttpUtility.ParseQueryString(uri.Query);
Assert.Equal(ContinueUrl, query["continueUrl"]);
var request = new ResetPasswordRequest()
{
Email = user.Email,
OldPassword = "******",
NewPassword = "******",
OobCode = query["oobCode"],
TenantId = this.fixture.TenantId,
};
var resetEmail = await AuthIntegrationUtils.ResetPasswordAsync(request);
Assert.Equal(user.Email, resetEmail);
// Password reset also verifies the user's email
user = await this.Auth.GetUserAsync(user.Uid);
Assert.True(user.EmailVerified);
}
public async Task VerifyIdTokenWithTenant()
{
var customToken = await this.Auth.CreateCustomTokenAsync("testuser");
var idToken = await AuthIntegrationUtils.SignInWithCustomTokenAsync(
customToken, this.Auth.TenantId);
// Verifies in FirebaseAuth
var decoded = await FirebaseAuth.DefaultInstance.VerifyIdTokenAsync(idToken);
Assert.Equal(this.Auth.TenantId, decoded.TenantId);
// Verifies in TenantAwareFirebaseAuth(matching-tenant)
decoded = await this.Auth.VerifyIdTokenAsync(idToken);
Assert.Equal(this.Auth.TenantId, decoded.TenantId);
// Does not verify in TenantAwareFirebaseAuth(other-tenant)
var otherTenantAuth = FirebaseAuth.DefaultInstance.TenantManager
.AuthForTenant("other-tenant");
var exception = await Assert.ThrowsAsync <FirebaseAuthException>(
() => otherTenantAuth.VerifyIdTokenAsync(idToken));
Assert.Equal(AuthErrorCode.TenantIdMismatch, exception.AuthErrorCode);
}
public async Task CreateCustomToken()
{
var customToken = await this.Auth.CreateCustomTokenAsync("testuser");
var idToken = await AuthIntegrationUtils.SignInWithCustomTokenAsync(
customToken, this.fixture.TenantId);
await this.AssertValidIdTokenAsync(idToken);
}
public OidcProviderConfigFixture()
{
var providerId = $"oidc.{AuthIntegrationUtils.GetRandomIdentifier()}";
var args = new OidcProviderConfigArgs
{
ProviderId = providerId,
DisplayName = "OIDC_DISPLAY_NAME",
Enabled = true,
ClientId = "OIDC_CLIENT_ID",
Issuer = "https://oidc.com/issuer",
};
this.ProviderConfig = this.Auth.CreateProviderConfigAsync(args).Result;
}
public SamlProviderConfigFixture()
{
var providerId = $"saml.{AuthIntegrationUtils.GetRandomIdentifier()}";
var args = new SamlProviderConfigArgs
{
ProviderId = providerId,
DisplayName = "SAML_DISPLAY_NAME",
Enabled = true,
IdpEntityId = "IDP_ENTITY_ID",
SsoUrl = "https://example.com/login",
X509Certificates = new List <string> {
X509Certificates[0]
},
RpEntityId = "RP_ENTITY_ID",
CallbackUrl = "https://projectId.firebaseapp.com/__/auth/handler",
};
this.ProviderConfig = this.Auth.CreateProviderConfigAsync(args).Result;
}
public async Task LastRefreshTime()
{
var newUserRecord = await this.userBuilder.CreateRandomUserAsync();
// New users should not have a LastRefreshTimestamp set.
Assert.Null(newUserRecord.UserMetaData.LastRefreshTimestamp);
// Login to cause the LastRefreshTimestamp to be set.
await AuthIntegrationUtils.SignInWithPasswordAsync(
newUserRecord.Email, "password", this.fixture.TenantId);
// Attempt to retrieve the user 3 times (with a small delay between each attempt).
// Occassionally, this call retrieves the user data without the
// lastLoginTime/lastRefreshTime set; possibly because it's hitting a different
// server than the login request uses.
UserRecord userRecord = null;
for (int i = 0; i < 3; i++)
{
userRecord = await this.Auth.GetUserAsync(newUserRecord.Uid);
if (userRecord.UserMetaData.LastRefreshTimestamp != null)
{
break;
}
await Task.Delay(1000 *(int)Math.Pow(2, i));
}
// Ensure the LastRefreshTimstamp is approximately "now" (with a tollerance of 10 minutes).
var now = DateTime.UtcNow;
int tolleranceMinutes = 10;
var minTime = now.AddMinutes(-tolleranceMinutes);
var maxTime = now.AddMinutes(tolleranceMinutes);
Assert.NotNull(userRecord.UserMetaData.LastRefreshTimestamp);
Assert.InRange(
userRecord.UserMetaData.LastRefreshTimestamp.Value,
minTime,
maxTime);
}
public async Task SessionCookie()
{
var customToken = await this.Auth.CreateCustomTokenAsync("testuser");
var idToken = await AuthIntegrationUtils.SignInWithCustomTokenAsync(customToken);
var options = new SessionCookieOptions()
{
ExpiresIn = TimeSpan.FromHours(1),
};
var sessionCookie = await this.Auth.CreateSessionCookieAsync(idToken, options);
var decoded = await this.Auth.VerifySessionCookieAsync(sessionCookie);
Assert.Equal("testuser", decoded.Uid);
await Task.Delay(1000);
await this.Auth.RevokeRefreshTokensAsync("testuser");
decoded = await this.Auth.VerifySessionCookieAsync(sessionCookie);
Assert.Equal("testuser", decoded.Uid);
var exception = await Assert.ThrowsAsync <FirebaseAuthException>(
async() => await this.Auth.VerifySessionCookieAsync(
sessionCookie, true));
Assert.Equal(ErrorCode.InvalidArgument, exception.ErrorCode);
Assert.Equal(AuthErrorCode.RevokedSessionCookie, exception.AuthErrorCode);
idToken = await AuthIntegrationUtils.SignInWithCustomTokenAsync(customToken);
sessionCookie = await this.Auth.CreateSessionCookieAsync(idToken, options);
decoded = await this.Auth.VerifySessionCookieAsync(sessionCookie, true);
Assert.Equal("testuser", decoded.Uid);
}
public async Task SignInWithEmailLink()
{
var user = await this.userBuilder.CreateRandomUserAsync();
var link = await this.Auth.GenerateSignInWithEmailLinkAsync(
user.Email, EmailLinkSettings);
var uri = new Uri(link);
var query = HttpUtility.ParseQueryString(uri.Query);
Assert.Equal(ContinueUrl, query["continueUrl"]);
var idToken = await AuthIntegrationUtils.SignInWithEmailLinkAsync(
user.Email, query["oobCode"], this.fixture.TenantId);
Assert.NotEmpty(idToken);
// Sign in with link also verifies the user's email
user = await this.Auth.GetUserAsync(user.Uid);
Assert.True(user.EmailVerified);
}
public async Task CreateCustomTokenWithClaims()
{
var developerClaims = new Dictionary <string, object>()
{
{ "admin", true },
{ "package", "gold" },
{ "magicNumber", 42L },
};
var customToken = await this.Auth.CreateCustomTokenAsync("testuser", developerClaims);
var idToken = await AuthIntegrationUtils.SignInWithCustomTokenAsync(
customToken, this.fixture.TenantId);
var decoded = await this.AssertValidIdTokenAsync(idToken);
foreach (var entry in developerClaims)
{
object value;
Assert.True(decoded.Claims.TryGetValue(entry.Key, out value));
Assert.Equal(entry.Value, value);
}
}
public async Task ImportUsersWithPassword()
{
var randomUser = TemporaryUserBuilder.RandomUserRecordArgs();
var args = new ImportUserRecordArgs()
{
Uid = randomUser.Uid,
Email = randomUser.Email,
DisplayName = "Random User",
PhotoUrl = "https://example.com/photo.png",
EmailVerified = true,
PasswordSalt = Encoding.ASCII.GetBytes("NaCl"),
PasswordHash = Convert.FromBase64String("V358E8LdWJXAO7muq0CufVpEOXaj8aFiC7"
+ "T/rcaGieN04q/ZPJ08WhJEHGjj9lz/2TT+/86N5VjVoc5DdBhBiw=="),
CustomClaims = new Dictionary <string, object>()
{
{ "admin", true },
},
UserProviders = new List <UserProvider>
{
new UserProvider()
{
Uid = randomUser.Uid,
Email = randomUser.Email,
DisplayName = "John Doe",
PhotoUrl = "http://example.com/123/photo.png",
ProviderId = "google.com",
},
new UserProvider()
{
Uid = "fb.uid",
Email = "*****@*****.**",
DisplayName = "John Doe",
PhotoUrl = "http://example.com/123/photo.png",
ProviderId = "facebook.com",
},
},
};
var options = new UserImportOptions()
{
Hash = new Scrypt()
{
Key = Convert.FromBase64String("jxspr8Ki0RYycVU8zykbdLGjFQ3McFUH0uiiTvC"
+ "8pVMXAn210wjLNmdZJzxUECKbm0QsEmYUSDzZvpjeJ9WmXA=="),
SaltSeparator = Convert.FromBase64String("Bw=="),
Rounds = 8,
MemoryCost = 14,
},
};
var usersLst = new List <ImportUserRecordArgs>()
{
args
};
var resp = await this.Auth.ImportUsersAsync(usersLst, options);
this.userBuilder.AddUid(randomUser.Uid);
Assert.Equal(1, resp.SuccessCount);
Assert.Equal(0, resp.FailureCount);
var user = await this.Auth.GetUserAsync(randomUser.Uid);
Assert.Equal(randomUser.Email, user.Email);
var idToken = await AuthIntegrationUtils.SignInWithPasswordAsync(
randomUser.Email, "password", this.fixture.TenantId);
Assert.False(string.IsNullOrEmpty(idToken));
}
