Exemple #1
0
        public async Task JwtAccessTokenIssuer_IncludesAllRequiredData()
        {
            // Arrange
            var options = GetOptions();

            var expectedDateTime = new DateTimeOffset(2000, 01, 01, 0, 0, 0, TimeSpan.FromHours(1));
            var timeManager      = GetTimeManager(expectedDateTime, expectedDateTime.AddHours(1), expectedDateTime);
            var issuer           = new JwtAccessTokenIssuer(
                GetClaimsManager(timeManager),
                GetSigningPolicy(options, timeManager),
                new JwtSecurityTokenHandler(), options);
            var context = GetTokenGenerationContext(
                new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, "user") })),
                new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(IdentityServiceClaimTypes.ClientId, "clientId") })));

            context.InitializeForToken(TokenTypes.AccessToken);

            // Act
            await issuer.IssueAccessTokenAsync(context);

            // Assert
            Assert.NotNull(context.AccessToken);
            var accessToken = Assert.IsType <AccessToken>(context.AccessToken.Token);

            Assert.NotNull(accessToken);
            Assert.NotNull(accessToken.Id);
            Assert.Equal("user", accessToken.Subject);
            Assert.Equal("resourceId", accessToken.Audience);
            Assert.Equal("clientId", accessToken.AuthorizedParty);
            Assert.Equal(new[] { "all" }, accessToken.Scopes);
            Assert.Equal(expectedDateTime, accessToken.IssuedAt);
            Assert.Equal(expectedDateTime.AddHours(1), accessToken.Expires);
            Assert.Equal(expectedDateTime, accessToken.NotBefore);
        }
Exemple #2
0
        public async Task JwtAccessTokenIssuer_Fails_IfUserIsMissingUserId()
        {
            // Arrange
            var options = GetOptions();
            var issuer  = new JwtAccessTokenIssuer(
                GetClaimsManager(),
                GetSigningPolicy(options, new TimeStampManager()), new JwtSecurityTokenHandler(), options);
            var context = GetTokenGenerationContext();

            context.InitializeForToken(TokenTypes.AccessToken);

            // Act
            var exception = await Assert.ThrowsAsync <InvalidOperationException>(
                () => issuer.IssueAccessTokenAsync(context));

            // Assert
            Assert.Equal($"Missing '{ClaimTypes.NameIdentifier}' claim from the user.", exception.Message);
        }
Exemple #3
0
        public async Task JwtAccessTokenIssuer_SignsAccessToken()
        {
            // Arrange
            var expectedDateTime = new DateTimeOffset(2000, 01, 01, 0, 0, 0, TimeSpan.FromHours(1));
            var now         = DateTimeOffset.UtcNow;
            var expires     = new DateTimeOffset(now.Year, now.Month, now.Day, now.Hour, now.Minute, now.Second, TimeSpan.Zero);
            var timeManager = GetTimeManager(expectedDateTime, expires, expectedDateTime);

            var options = GetOptions();

            var handler = new JwtSecurityTokenHandler();

            var tokenValidationParameters = new TokenValidationParameters
            {
                IssuerSigningKey = options.Value.SigningKeys[0].Key,
                ValidAudiences   = new[] { "resourceId" },
                ValidIssuers     = new[] { options.Value.Issuer }
            };

            var issuer = new JwtAccessTokenIssuer(
                GetClaimsManager(timeManager),
                GetSigningPolicy(options, timeManager),
                new JwtSecurityTokenHandler(), options);
            var context = GetTokenGenerationContext(
                new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, "user") })),
                new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(IdentityServiceClaimTypes.ClientId, "clientId") })));

            context.InitializeForToken(TokenTypes.AccessToken);

            // Act
            await issuer.IssueAccessTokenAsync(context);

            // Assert
            Assert.NotNull(context.AccessToken);
            Assert.NotNull(context.AccessToken.SerializedValue);

            SecurityToken validatedToken;

            Assert.NotNull(handler.ValidateToken(context.AccessToken.SerializedValue, tokenValidationParameters, out validatedToken));
            Assert.NotNull(validatedToken);

            var jwtToken    = Assert.IsType <JwtSecurityToken>(validatedToken);
            var accessToken = Assert.IsType <AccessToken>(context.AccessToken.Token);

            Assert.Equal("http://www.example.com/issuer", jwtToken.Issuer);
            var tokenAudience = Assert.Single(jwtToken.Audiences);

            Assert.Equal("resourceId", tokenAudience);
            var tokenAuthorizedParty = Assert.Single(jwtToken.Claims, c => c.Type.Equals("azp")).Value;

            Assert.Equal("clientId", tokenAuthorizedParty);
            Assert.Equal("user", jwtToken.Subject);

            Assert.Equal(expires, jwtToken.ValidTo);
            Assert.Equal(expectedDateTime.UtcDateTime, jwtToken.ValidFrom);

            var tokenScopes = jwtToken.Claims
                              .Where(c => c.Type == IdentityServiceClaimTypes.Scope)
                              .Select(c => c.Value).OrderBy(c => c)
                              .ToArray();

            Assert.Equal(new[] { "all" }, tokenScopes);
        }