public async Task Valid_IdentityToken_no_ClientId_supplied()
{
var creator = Factory.CreateDefaultTokenCreator();
var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"));
var validator = Factory.CreateTokenValidator();
var result = await validator.ValidateIdentityTokenAsync(jwt);
result.IsError.Should().BeFalse();
}
public async Task Valid_IdentityToken_DefaultKeyType()
{
var creator = Factory.CreateDefaultTokenCreator();
var token = TokenFactory.CreateIdentityToken("roclient", "valid");
var jwt = await creator.CreateTokenAsync(token);
var validator = Factory.CreateTokenValidator();
var result = await validator.ValidateIdentityTokenAsync(jwt, "roclient");
result.IsError.Should().BeFalse();
}
public async Task Valid_IdentityToken_DefaultKeyType_no_ClientId_supplied()
{
var signer = Factory.CreateDefaultTokenSigningService();
var jwt = await signer.SignTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"));
var validator = Factory.CreateTokenValidator();
var result = await validator.ValidateIdentityTokenAsync(jwt, "roclient");
result.IsError.Should().BeFalse();
}
public async Task Valid_IdentityToken_SymmetricKeyType()
{
var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create());
var jwt = await signer.SignTokenAsync(TokenFactory.CreateIdentityToken("roclient_symmetric", "valid"));
var validator = Factory.CreateTokenValidator();
var result = await validator.ValidateIdentityTokenAsync(jwt, "roclient_symmetric");
Assert.IsFalse(result.IsError);
}
public async Task IdentityToken_InvalidClientId()
{
var creator = Factory.CreateDefaultTokenCreator();
var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"));
var validator = Factory.CreateTokenValidator();
var result = await validator.ValidateIdentityTokenAsync(jwt, "invalid");
result.IsError.Should().BeTrue();
result.Error.Should().Be(OidcConstants.ProtectedResourceErrors.InvalidToken);
}
public async Task IdentityToken_InvalidClientId()
{
var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create());
var jwt = await signer.SignTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"));
var validator = Factory.CreateTokenValidator();
var result = await validator.ValidateIdentityTokenAsync(jwt, "invalid");
Assert.IsTrue(result.IsError);
Assert.AreEqual(Constants.ProtectedResourceErrors.InvalidToken, result.Error);
}
public async Task claims_that_collide_with_token_validation_should_be_ignored()
{
var creator = Factory.CreateDefaultTokenCreator();
var id_token = TokenFactory.CreateIdentityToken("roclient", "sub");
id_token.Claims.Add(new System.Security.Claims.Claim("aud", "some_aud"));
// this should not throw
var jwt = await creator.CreateTokenAsync(id_token);
// check that the custom aud was ignored
var payload = jwt.Split('.')[1];
var json = Encoding.UTF8.GetString(Base64Url.Decode(payload));
var values = JsonSerializer.Deserialize <Dictionary <string, JsonElement> >(json);
values["aud"].GetString().Should().Be("roclient");
}
