public void JwtSecurityTokenHandler_Extensibility()
{
DerivedJwtSecurityTokenHandler handler = new DerivedJwtSecurityTokenHandler()
{
DerivedTokenType = typeof(DerivedJwtSecurityToken)
};
JwtSecurityToken jwt =
new JwtSecurityToken
(
issuer: Issuers.GotJwt,
audience: Audiences.AuthFactors,
claims: ClaimSets.Simple(Issuers.GotJwt, Issuers.GotJwt),
signingCredentials: KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2,
expires: DateTime.UtcNow + TimeSpan.FromHours(10),
notBefore: DateTime.UtcNow
);
string encodedJwt = handler.WriteToken(jwt);
TokenValidationParameters tvp = new TokenValidationParameters()
{
IssuerSigningKey = KeyingMaterial.DefaultSymmetricSecurityKey_256,
ValidateAudience = false,
ValidIssuer = Issuers.GotJwt,
};
ValidateDerived(encodedJwt, handler, tvp, ExpectedException.NoExceptionExpected);
}
public void CreateAndValidateTokens_RoundTripTokens()
{
JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();
CreateAndValidateParams createAndValidateParams;
string issuer = "issuer";
string originalIssuer = "originalIssuer";
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.DuplicateTypes",
Claims = ClaimSets.DuplicateTypes(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.DuplicateTypes(issuer, originalIssuer), null),
ExceptionType = null,
TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = false,
ValidateAudience = false,
ValidateLifetime = false,
ValidateIssuer = false,
}
};
RunRoundTrip(createAndValidateParams, handler);
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.Simple_simpleSigned_Asymmetric",
Claims = ClaimSets.Simple(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.Simple(issuer, originalIssuer), KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2),
ExceptionType = null,
SigningCredentials = KeyingMaterial.DefaultX509SigningCreds_2048_RsaSha2_Sha2,
SigningToken = KeyingMaterial.DefaultX509Token_2048,
TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
IssuerSigningKey = new X509SecurityKey(KeyingMaterial.DefaultCert_2048),
ValidIssuer = issuer,
}
};
RunRoundTrip(createAndValidateParams, handler);
createAndValidateParams = new CreateAndValidateParams
{
Case = "ClaimSets.Simple_simpleSigned_Symmetric",
Claims = ClaimSets.Simple(issuer, originalIssuer),
CompareTo = IdentityUtilities.CreateJwtSecurityToken(issuer, originalIssuer, ClaimSets.Simple(issuer, originalIssuer), KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2),
ExceptionType = null,
SigningCredentials = KeyingMaterial.DefaultSymmetricSigningCreds_256_Sha2,
SigningToken = KeyingMaterial.DefaultSymmetricSecurityToken_256,
TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
IssuerSigningKey = KeyingMaterial.DefaultSymmetricSecurityKey_256,
ValidIssuer = issuer,
}
};
RunRoundTrip(createAndValidateParams, handler);
}
public static JwtSecurityToken Create(string issuer, string originalIssuer, SigningCredentials signingCredentials)
{
JwtPayload payload = new JwtPayload(issuer, "urn:uri", ClaimSets.Simple(issuer, originalIssuer), new Lifetime(DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(10)));
JwtHeader header = new JwtHeader(signingCredentials);
return(new JwtSecurityToken(header, payload, header.Encode() + "." + payload.Encode() + "."));
}
public void JwtSecurityTokenHandler_Extensibility()
{
DerivedJwtSecurityTokenHandler handler = new DerivedJwtSecurityTokenHandler()
{
DerivedTokenType = typeof(DerivedJwtSecurityToken)
};
JwtSecurityToken jwt =
new JwtSecurityToken
(
issuer: Issuers.GotJwt,
audience: Audiences.AuthFactors,
claims: ClaimSets.Simple(Issuers.GotJwt, Issuers.GotJwt),
signingCredentials: KeyingMaterial.SymmetricSigningCreds_256_Sha2,
lifetime: new Lifetime(DateTime.UtcNow, DateTime.UtcNow + TimeSpan.FromHours(10))
);
string encodedJwt = handler.WriteToken(jwt);
JwtSecurityToken jwtReadAsDerived = handler.ReadToken(DerivedJwtSecurityToken.Prefix + encodedJwt) as JwtSecurityToken;
DerivedJwtSecurityToken jwtDerivedNotValidated = jwtReadAsDerived as DerivedJwtSecurityToken;
TokenValidationParameters tvp = new TokenValidationParameters()
{
SigningToken = KeyingMaterial.BinarySecretToken_256,
AudienceUriMode = Selectors.AudienceUriMode.Never,
ValidIssuer = Issuers.GotJwt,
};
ValidateDerived(jwtReadAsDerived, null, handler, tvp, ExpectedException.Null);
ValidateDerived(null, DerivedJwtSecurityToken.Prefix + encodedJwt, handler, tvp, ExpectedException.Null);
handler.Configuration = new SecurityTokenHandlerConfiguration()
{
IssuerTokenResolver = new SetReturnSecurityTokenResolver(KeyingMaterial.BinarySecretToken_256, KeyingMaterial.SymmetricSecurityKey_256),
SaveBootstrapContext = true,
CertificateValidator = AlwaysSucceedCertificateValidator.New,
IssuerNameRegistry = new SetNameIssuerNameRegistry(Audiences.AuthFactors),
AudienceRestriction = new AudienceRestriction(AudienceUriMode.Always),
};
handler.Configuration.AudienceRestriction.AllowedAudienceUris.Add(new Uri(Audiences.AuthFactors));
ValidateDerived(null, DerivedJwtSecurityToken.Prefix + encodedJwt, handler, null, ExpectedException.Null);
ValidateDerived(handler.ReadToken(DerivedJwtSecurityToken.Prefix + encodedJwt) as JwtSecurityToken, null, handler, null, ExpectedException.Null);
handler.DerivedTokenType = typeof(JwtSecurityToken);
JwtSecurityToken jwtRead = handler.ReadToken(encodedJwt) as JwtSecurityToken;
ValidateDerived(jwtRead, null, handler, tvp, ExpectedException.Null);
ValidateDerived(null, encodedJwt, handler, tvp, ExpectedException.Null);
ValidateDerived(null, encodedJwt, handler, null, ExpectedException.Null);
ValidateDerived(jwtRead as JwtSecurityToken, null, handler, null, ExpectedException.Null);
}
private List <JwtSecurityTokenTestVariation> GetJWTTypedConstructorsCases()
{
string issuer = "GetJWTTypedConstructorsCases";
List <JwtSecurityTokenTestVariation> constructionParams = new List <JwtSecurityTokenTestVariation>()
{
// ensure format is not format is not checked
new JwtSecurityTokenTestVariation
{
Name = "SimpleJwt",
Claims = ClaimSets.Simple(issuer, issuer),
ExpectedJwtSecurityToken = JwtTestTokens.Simple(issuer, issuer),
},
};
return(constructionParams);
}
public static ClaimsIdentity Simple(string issuer, string originalIssuer)
{
return(new ClaimsIdentity(ClaimSets.Simple(issuer, originalIssuer)));
}
public static JwtSecurityToken Simple(string issuer, string originalIssuer)
{
return(new JwtSecurityToken(issuer, "http://www.contoso.com", ClaimSets.Simple(issuer, originalIssuer)));
}