public void CreateAndValidateTokens_RoleClaims()
{
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
TokenValidationParameters validationParameters = new TokenValidationParameters
{
IssuerSigningToken = KeyingMaterial.DefaultX509Token_2048,
ValidateAudience = false,
ValidateIssuer = false,
};
string issuer = "https://gotjwt.com";
DateTime utcNow = DateTime.UtcNow;
DateTime expire = utcNow + TimeSpan.FromHours(1);
ClaimsIdentity subject = new ClaimsIdentity(claims: ClaimSets.RoleClaimsShortType(issuer, issuer));
JwtSecurityToken jwtToken = handler.CreateToken(issuer: issuer, signingCredentials: KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2, subject: subject) as JwtSecurityToken;
SecurityToken securityToken;
ClaimsPrincipal principal = handler.ValidateToken(jwtToken.RawData, validationParameters, out securityToken);
CheckForRoles(new string[] { "role1", "roles1" }, new string[] { "notrole1", "notrole2" }, principal);
ClaimsIdentity expectedIdentity =
new ClaimsIdentity(
authenticationType: "Federation",
claims: ClaimSets.RoleClaimsLongType(issuer, issuer)
);
Claim claim = new Claim(type: JwtRegisteredClaimNames.Iss, value: issuer, valueType: ClaimValueTypes.String, issuer: issuer);
expectedIdentity.AddClaim(claim);
claim = new Claim(JwtRegisteredClaimNames.Exp, EpochTime.GetIntDate(expire).ToString(), valueType: "JSON", issuer: issuer);
claim.Properties.Add(JwtSecurityTokenHandler.JsonClaimTypeProperty, "System.Int32");
expectedIdentity.AddClaim(claim);
claim = new Claim(JwtRegisteredClaimNames.Nbf, EpochTime.GetIntDate(utcNow).ToString(), valueType: "JSON", issuer: issuer);
claim.Properties.Add(JwtSecurityTokenHandler.JsonClaimTypeProperty, "System.Int32");
expectedIdentity.AddClaim(claim);
CompareContext context = new CompareContext();
IdentityComparer.AreEqual <IEnumerable <Claim> >(principal.Claims, expectedIdentity.Claims, context);
Assert.IsTrue(context.Errors.Count == 0);
}
