public async Task ValidateKeyExpirationAsync()
{
using (var harness = CreateTestHarness())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
PoPAuthenticationConfiguration popConfig = new PoPAuthenticationConfiguration(new Uri("https://www.contoso.com/path1/path2?queryParam1=a&queryParam2=b"));
popConfig.HttpMethod = HttpMethod.Get;
popConfig.PopCryptoProvider = new InMemoryCryptoProvider();
var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
.WithHttpManager(harness.HttpManager)
.WithExperimentalFeatures()
.WithClientSecret("some-secret")
.BuildConcrete();
harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(
TestConstants.AuthorityCommonTenant,
null,
null,
false,
MockHelpers.CreateSuccessResponseMessage(MockHelpers.GetPopTokenResponse()));
Guid correlationId = Guid.NewGuid();
TestClock testClock = new TestClock();
testClock.TestTime = DateTime.UtcNow;
var provider = PoPProviderFactory.GetOrCreateProvider(testClock);
await app.AcquireTokenForClient(TestConstants.s_scope)
.WithProofOfPossession(popConfig)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
var JWK = provider.CannonicalPublicKeyJwk;
//Advance time 7 hours. Should still be the same key
testClock.TestTime = testClock.TestTime + TimeSpan.FromSeconds(60 * 60 * 7);
harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(
TestConstants.AuthorityCommonTenant,
null,
null,
false,
MockHelpers.CreateSuccessResponseMessage(MockHelpers.GetPopTokenResponse()));
provider = PoPProviderFactory.GetOrCreateProvider(testClock);
await app.AcquireTokenForClient(TestConstants.s_scope)
.WithProofOfPossession(popConfig)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsTrue(JWK == provider.CannonicalPublicKeyJwk);
//Advance time 2 hours. Should be a different key
testClock.TestTime = testClock.TestTime + TimeSpan.FromSeconds(60 * 60 * 2);
harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(
TestConstants.AuthorityCommonTenant,
null,
null,
false,
MockHelpers.CreateSuccessResponseMessage(MockHelpers.GetPopTokenResponse()));
provider = PoPProviderFactory.GetOrCreateProvider(testClock);
await app.AcquireTokenForClient(TestConstants.s_scope)
.WithProofOfPossession(popConfig)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsTrue(JWK != provider.CannonicalPublicKeyJwk);
}
}
public async Task ValidateKeyExpirationAsync()
{
using (var harness = CreateTestHarness())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
HttpRequestMessage request1 = new HttpRequestMessage(HttpMethod.Get, new Uri("https://www.contoso.com/path1/path2?queryParam1=a&queryParam2=b"));
var app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithHttpManager(harness.HttpManager)
.WithExperimentalFeatures()
.BuildConcrete();
MsalMockHelpers.ConfigureMockWebUI(
app.ServiceBundle.PlatformProxy,
AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code"));
harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(
TestConstants.AuthorityCommonTenant,
null,
null,
false,
MockHelpers.CreateSuccessResponseMessage(MockHelpers.GetPopTokenResponse()));
Guid correlationId = Guid.NewGuid();
TestClock testClock = new TestClock();
testClock.TestTime = DateTime.UtcNow;
var provider = PoPProviderFactory.GetOrCreateProvider(testClock);
await app.AcquireTokenInteractive(TestConstants.s_scope)
.WithProofOfPosession(request1, provider)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
var JWK = provider.CannonicalPublicKeyJwk;
//Advance time 7 hours. Should still be the same key
testClock.TestTime = testClock.TestTime + TimeSpan.FromSeconds(60 * 60 * 7);
harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(
TestConstants.AuthorityCommonTenant,
null,
null,
false,
MockHelpers.CreateSuccessResponseMessage(MockHelpers.GetPopTokenResponse()));
provider = PoPProviderFactory.GetOrCreateProvider(testClock);
await app.AcquireTokenInteractive(TestConstants.s_scope)
.WithProofOfPosession(request1, provider)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsTrue(JWK == provider.CannonicalPublicKeyJwk);
//Advance time 2 hours. Should be a different key
testClock.TestTime = testClock.TestTime + TimeSpan.FromSeconds(60 * 60 * 2);
harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(
TestConstants.AuthorityCommonTenant,
null,
null,
false,
MockHelpers.CreateSuccessResponseMessage(MockHelpers.GetPopTokenResponse()));
provider = PoPProviderFactory.GetOrCreateProvider(testClock);
await app.AcquireTokenInteractive(TestConstants.s_scope)
.WithProofOfPosession(request1, provider)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsTrue(JWK != provider.CannonicalPublicKeyJwk);
}
}
