private void RunAudienceVariation(List <Claim> audienceClaims, List <string> expectedAudiences, CompareContext context) { var handler = new JwtSecurityTokenHandler(); var tokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(audienceClaims); tokenDescriptor.Audience = null; var jwt = handler.CreateEncodedJwt(tokenDescriptor); SecurityToken token = null; var claimsPrincipal = handler.ValidateToken(jwt, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, out token); var jwtToken = token as JwtSecurityToken; var audiences = jwtToken.Audiences; IdentityComparer.AreEqual(audiences, expectedAudiences as IEnumerable <string>, context); ClaimsIdentity identity = claimsPrincipal.Identity as ClaimsIdentity; IdentityComparer.AreEqual(identity.FindAll(JwtRegisteredClaimNames.Aud), audienceClaims, context); }
public void InboundFilterTest() { var handler = new JwtSecurityTokenHandler(); handler.OutboundClaimTypeMap.Clear(); var claims = ClaimSets.DefaultClaims; string encodedJwt = handler.CreateEncodedJwt(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(claims)); handler.InboundClaimTypeMap.Clear(); handler.InboundClaimFilter.Add("aud"); handler.InboundClaimFilter.Add("exp"); handler.InboundClaimFilter.Add("iat"); handler.InboundClaimFilter.Add("iss"); handler.InboundClaimFilter.Add("nbf"); SecurityToken validatedToken; ClaimsPrincipal claimsPrincipal = handler.ValidateToken(encodedJwt, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, out validatedToken); var context = new CompareContext(); IdentityComparer.AreEqual(claimsPrincipal.Claims, claims, context); TestUtilities.AssertFailIfErrors(context.Diffs); }
public static TheoryData <CreateAndValidateParams> CreationParams() { var createParams = new TheoryData <CreateAndValidateParams>(); var expires = DateTime.UtcNow + TimeSpan.FromDays(1); var handler = new JwtSecurityTokenHandler(); var nbf = DateTime.UtcNow; var signingCredentials = new SigningCredentials(KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256, SecurityAlgorithms.RsaSha256Signature); var verifyingKey = KeyingMaterial.X509SecurityKeySelfSigned2048_SHA256_Public; createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.NoClaims", SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(null), TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters, }); createParams.Add(new CreateAndValidateParams { Case = "EmptyToken", SecurityTokenDescriptor = new SecurityTokenDescriptor(), TokenValidationParameters = new TokenValidationParameters { RequireSignedTokens = false, ValidateAudience = false, ValidateLifetime = false, ValidateIssuer = false, } }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.DuplicateTypes", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(ClaimSets.DuplicateTypes()), TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters, }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.Simple_Asymmetric", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor(ClaimSets.DefaultClaims), TokenValidationParameters = IdentityUtilities.DefaultAsymmetricTokenValidationParameters }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.Simple_Symmetric", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultSymmetricSecurityTokenDescriptor(ClaimSets.DefaultClaims), TokenValidationParameters = IdentityUtilities.DefaultSymmetricTokenValidationParameters }); createParams.Add(new CreateAndValidateParams { Case = "ClaimSets.RoleClaims", ExceptionType = null, SecurityTokenDescriptor = IdentityUtilities.DefaultSymmetricSecurityTokenDescriptor(ClaimSets.GetDefaultRoleClaims(handler)), TokenValidationParameters = IdentityUtilities.DefaultSymmetricTokenValidationParameters }); return(createParams); }