public void GenerateECSignedJWT()
        {
            var mockPrivateKeyConfiguration = TestCryptoKeys.GetMockECPrivateKeyConfiguration();

            var configuration = new OktaClientConfiguration();

            configuration.OktaDomain        = "https://myOktaDomain.oktapreview.com";
            configuration.AuthorizationMode = AuthorizationMode.PrivateKey;
            configuration.ClientId          = "foo";
            configuration.PrivateKey        = mockPrivateKeyConfiguration;
            configuration.Scopes            = new List <string> {
                "foo"
            };

            var signedJwt = new DefaultJwtGenerator(configuration).GenerateSignedJWT();

            // Verify signature with public key
            var claimsPrincipal = new JwtSecurityTokenHandler().ValidateToken(
                signedJwt,
                new TokenValidationParameters
            {
                ValidAudience    = $"{configuration.OktaDomain}oauth2/v1/token",
                ValidIssuer      = configuration.ClientId,
                IssuerSigningKey = TestCryptoKeys.GetMockECPublicKey(),
            }, out _);

            claimsPrincipal.Should().NotBeNull();
        }
        public async Task CanLoginAsAdminUsingFakeCredentials()
        {
            var response = await DoLoginUsingAdminCredentials();

            response.EnsureSuccessStatusCode();

            var accessToken = new JwtSecurityTokenHandler().ReadJwtToken(await GetAccessToken(response));

            accessToken.Should().NotBeNull();
            accessToken.Claims.Should().ContainSingle(c => c.Type == ClaimTypes.Role && c.Value == "Admin");
        }
        public async Task CanLoginRegularUserUsingFakeCredentials()
        {
            var rawResponse = await DoLoginUsingUserCredentials();

            rawResponse.EnsureSuccessStatusCode();

            var accessToken = new JwtSecurityTokenHandler().ReadJwtToken(await GetAccessToken(rawResponse));

            accessToken.Should().NotBeNull();
            accessToken.Claims.Should().NotContain(c => c.Type == ClaimTypes.Role && c.Value.Contains("Admin"));
            accessToken.ValidTo.Should().BeAfter(DateTime.UtcNow);
        }
        public async Task DoesReturnJwt_GivenUserLogsInWithCorrectPassword()
        {
            var result = await Client.SendAuthenticationPostRequestAsync(SeedData.JohnSmithEmail, SeedData.EveryonesPassword);

            result.StatusCode.Should().Be(StatusCodes.Status200OK);

            var authenticateResult = await result.Content.ReadAsAsync <AuthenticateResult>();

            authenticateResult.Jwt.Should().NotBeNull();

            var jwt = new JwtSecurityTokenHandler().ReadJwtToken(authenticateResult.Jwt);

            jwt.Should().NotBeNull();
        }