public async Task GetTokenAsyncRespectsExpirationBufferForJwtTokens()
{
var tokenValue = "ValuE_oF_tHE_tokEn";
var buffer = TimeSpan.FromMinutes(5);
var expires = DateTimeOffset.UtcNow.Subtract(buffer).AddSeconds(-10);
var mockCredential = new Mock <TokenCredential>();
var credential = new EventHubTokenCredential(mockCredential.Object);
using var provider = new CbsTokenProvider(credential, TimeSpan.Zero, default);
mockCredential
.Setup(credential => credential.GetTokenAsync(It.IsAny <TokenRequestContext>(), It.IsAny <CancellationToken>()))
.Returns(new ValueTask <AccessToken>(new AccessToken(tokenValue, expires)));
var firstCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
var nextCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
Assert.That(firstCallToken, Is.Not.Null, "The first call token should have been produced.");
Assert.That(nextCallToken, Is.Not.Null, "The next call token should have been produced.");
Assert.That(firstCallToken, Is.Not.SameAs(nextCallToken), "The token should have been expired and returned two unique instances.");
mockCredential
.Verify(credential => credential.GetTokenAsync(
It.IsAny <TokenRequestContext>(),
It.IsAny <CancellationToken>()),
Times.Exactly(2));
}
public async Task GetTokenAsyncRespectsCacheForJwtTokens()
{
var tokenValue = "ValuE_oF_tHE_tokEn";
var expires = DateTimeOffset.UtcNow.AddDays(1);
var mockCredential = new Mock <TokenCredential>();
var credential = new EventHubTokenCredential(mockCredential.Object);
using var provider = new CbsTokenProvider(credential, TimeSpan.Zero, default);
mockCredential
.Setup(credential => credential.GetTokenAsync(It.IsAny <TokenRequestContext>(), It.IsAny <CancellationToken>()))
.Returns(new ValueTask <AccessToken>(new AccessToken(tokenValue, expires)));
var firstCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
var nextCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
Assert.That(firstCallToken, Is.Not.Null, "The first call token should have been produced.");
Assert.That(nextCallToken, Is.Not.Null, "The next call token should have been produced.");
Assert.That(firstCallToken, Is.SameAs(nextCallToken), "The same token instance should have been returned for both calls.");
mockCredential
.Verify(credential => credential.GetTokenAsync(
It.IsAny <TokenRequestContext>(),
It.IsAny <CancellationToken>()),
Times.Once);
}
public async Task GetTokenAsyncDoesNotCacheSharedAccessCredential()
{
var value = "TOkEn!";
var signature = new SharedAccessSignature("hub-name", "keyName", "key", value, DateTimeOffset.UtcNow.AddHours(4));
var mockCredential = new Mock <SharedAccessCredential>(signature)
{
CallBase = true
};
var credential = new EventHubTokenCredential(mockCredential.Object);
using var provider = new CbsTokenProvider(credential, TimeSpan.Zero, default);
var firstCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
var nextCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
Assert.That(firstCallToken, Is.Not.Null, "The first call token should have been produced.");
Assert.That(nextCallToken, Is.Not.Null, "The next call token should have been produced.");
Assert.That(firstCallToken, Is.Not.SameAs(nextCallToken), "The token should have been expired and returned two unique instances.");
mockCredential
.Verify(credential => credential.GetTokenAsync(
It.IsAny <TokenRequestContext>(),
It.IsAny <CancellationToken>()),
Times.Exactly(2));
}
/// <summary>
/// Asynchronously requests a CBS token to be used for authorization within an AMQP
/// scope.
/// </summary>
///
/// <param name="namespaceAddress">The address of the namespace to be authorized.</param>
/// <param name="appliesTo">The resource to which the token should apply.</param>
/// <param name="requiredClaims">The set of claims that are required for authorization.</param>
///
/// <returns>The token to use for authorization.</returns>
///
public async Task <CbsToken> GetTokenAsync(Uri namespaceAddress,
string appliesTo,
string[] requiredClaims)
{
var token = await Credential.GetTokenAsync(requiredClaims, CancellationToken);
return(new CbsToken(token.Token, TokenType, token.ExpiresOn.UtcDateTime));
}
/// <summary>
/// Asynchronously requests a CBS token to be used for authorization within an AMQP
/// scope.
/// </summary>
///
/// <param name="namespaceAddress">The address of the namespace to be authorized.</param>
/// <param name="appliesTo">The resource to which the token should apply.</param>
/// <param name="requiredClaims">The set of claims that are required for authorization.</param>
/// <returns>The token to use for authorization.</returns>
///
public async Task <CbsToken> GetTokenAsync(Uri namespaceAddress,
string appliesTo,
string[] requiredClaims)
{
AccessToken token = await _credential.GetTokenAsync(new TokenRequest(requiredClaims), _cancellationToken);
return(new CbsToken(token.Token, _tokenType, token.ExpiresOn.UtcDateTime));
}
/// <summary>
/// Asynchronously requests a CBS token to be used for authorization within an AMQP
/// scope.
/// </summary>
///
/// <param name="namespaceAddress">The address of the namespace to be authorized.</param>
/// <param name="appliesTo">The resource to which the token should apply.</param>
/// <param name="requiredClaims">The set of claims that are required for authorization.</param>
/// <returns>The token to use for authorization.</returns>
///
public async Task <CbsToken> GetTokenAsync(Uri namespaceAddress,
string appliesTo,
string[] requiredClaims)
{
AccessToken token = await Credential.GetTokenAsync(new TokenRequestContext(requiredClaims), CancellationToken).ConfigureAwait(false);
return(new CbsToken(token.Token, TokenType, token.ExpiresOn.UtcDateTime));
}
public async Task GetTokenAsyncSynchonizesMultipleRefreshAttemptsForJwtTokens()
{
var tokenValue = "ValuE_oF_tHE_tokEn";
var buffer = TimeSpan.FromMinutes(5);
var expires = DateTimeOffset.UtcNow.Subtract(buffer).AddSeconds(-10);
var mockCredential = new Mock <TokenCredential>();
var credential = new EventHubTokenCredential(mockCredential.Object);
using var provider = new CbsTokenProvider(credential, TimeSpan.Zero, default);
mockCredential
.SetupSequence(credential => credential.GetTokenAsync(It.IsAny <TokenRequestContext>(), It.IsAny <CancellationToken>()))
.Returns(new ValueTask <AccessToken>(new AccessToken(tokenValue, expires)))
.Returns(new ValueTask <AccessToken>(new AccessToken(tokenValue, DateTimeOffset.UtcNow.AddDays(1))));
var firstCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
Assert.That(firstCallToken, Is.Not.Null, "The first call token should have been produced.");
var otherTokens = await Task.WhenAll(
Enumerable.Range(0, 25)
.Select(index => provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0])));
for (var index = 0; index < otherTokens.Length; ++index)
{
Assert.That(otherTokens[index], Is.Not.Null, $"The token at index `{ index }` should have been produced.");
Assert.That(firstCallToken, Is.Not.SameAs(otherTokens[index]), $"The token at index `{ index } ` should not have matched the first call instance.");
if (index > 0)
{
Assert.That(otherTokens[0], Is.SameAs(otherTokens[index]), $"The other tokens should all be the same instance. The token at index `{ index } ` did not match index `0`.");
}
}
mockCredential
.Verify(credential => credential.GetTokenAsync(
It.IsAny <TokenRequestContext>(),
It.IsAny <CancellationToken>()),
Times.Exactly(2));
}
public async Task GetTokenAsyncPassesAlongTheClaims()
{
var requiredClaims = new[] { "one", "two" };
var mockCredential = new Mock <TokenCredential>();
var credential = new EventHubTokenCredential(mockCredential.Object, "test");
var provider = new CbsTokenProvider(credential, default);
mockCredential
.Setup(credential => credential.GetTokenAsync(It.Is <TokenRequest>(value => value.Scopes == requiredClaims), It.IsAny <CancellationToken>()))
.Returns(Task.FromResult(new AccessToken("blah", DateTimeOffset.Parse("2015-10-27T00:00:00Z"))))
.Verifiable();
await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", requiredClaims);
mockCredential.Verify();
}
public async Task GetTokenAsyncDelegatesToTheSourceCredential()
{
var mockCredential = new Mock <TokenCredential>();
var accessToken = new AccessToken("token", new DateTimeOffset(2015, 10, 27, 12, 0, 0, TimeSpan.Zero));
var resource = "the resource value";
var credential = new EventHubTokenCredential(mockCredential.Object, resource);
mockCredential
.Setup(cred => cred.GetTokenAsync(It.Is <string[]>(value => value.FirstOrDefault() == resource), It.IsAny <CancellationToken>()))
.ReturnsAsync(accessToken)
.Verifiable("The source credential GetToken method should have been called.");
var tokenResult = await credential.GetTokenAsync(new[] { resource }, CancellationToken.None);
Assert.That(tokenResult, Is.EqualTo(accessToken), "The access token should match the return of the delgated call.");
mockCredential.VerifyAll();
}
public async Task GetTokenAsyncSetsTheCorrectTypeForOtherTokens()
{
var tokenValue = "ValuE_oF_tHE_tokEn";
var expires = DateTimeOffset.Parse("2015-10-27T00:00:00Z");
var mockCredential = new Mock <TokenCredential>();
var credential = new EventHubTokenCredential(mockCredential.Object, "test");
var provider = new CbsTokenProvider(credential, default);
mockCredential
.Setup(credential => credential.GetTokenAsync(It.IsAny <TokenRequest>(), It.IsAny <CancellationToken>()))
.Returns(Task.FromResult(new AccessToken(tokenValue, expires)));
CbsToken cbsToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
Assert.That(cbsToken, Is.Not.Null, "The token should have been produced");
Assert.That(cbsToken.TokenType, Is.EqualTo(GetGenericTokenType()), "The token type should match");
}
public async Task GetTokenAsyncPopulatesUsingTheCredentialAccessToken()
{
var tokenValue = "ValuE_oF_tHE_tokEn";
var expires = DateTimeOffset.Parse("2015-10-27T00:00:00Z");
var mockCredential = new Mock<TokenCredential>();
var credential = new EventHubTokenCredential(mockCredential.Object);
var provider = new CbsTokenProvider(credential, default);
mockCredential
.Setup(credential => credential.GetTokenAsync(It.IsAny<TokenRequestContext>(), It.IsAny<CancellationToken>()))
.Returns(new ValueTask<AccessToken>(new AccessToken(tokenValue, expires)));
CbsToken cbsToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]);
Assert.That(cbsToken, Is.Not.Null, "The token should have been produced");
Assert.That(cbsToken.TokenValue, Is.EqualTo(tokenValue), "The token value should match");
Assert.That(cbsToken.ExpiresAtUtc, Is.EqualTo(expires.DateTime), "The token expiration should match");
}
