private async Task <bool> AddCookie(string idToken, string nonce = null) { var jwsParserFactory = new JwsParserFactory(); var jwsParser = jwsParserFactory.BuildJwsParser(); var claims = new List <Claim>(); var payload = jwsParser.GetPayload(idToken); if (!string.IsNullOrWhiteSpace(nonce)) { if (!payload.ContainsKey("nonce")) { return(false); } if (payload["nonce"].ToString() != nonce) { return(false); } } foreach (var kvp in payload) { claims.AddRange(Convert(kvp)); } var claimsIdentity = new ClaimsIdentity(claims, Host.Constants.CookieNames.CookieName); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); await _authenticationService.SignInAsync(HttpContext, Host.Constants.CookieNames.CookieName, claimsPrincipal, new AuthenticationProperties()).ConfigureAwait(false); return(true); }
public async Task When_Get_Access_Token_And_Rotate_JsonWebKeySet_Then_Signature_Is_Not_Correct() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); var jwsParser = new JwsParserFactory().BuildJwsParser(); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("client", "client") .UsePassword("administrator", "password", "scim") .ResolveAsync(baseUrl + "/.well-known/openid-configuration").ConfigureAwait(false); var httpRequestMessage = new HttpRequestMessage { RequestUri = new Uri(baseUrl + "/jwks"), Method = HttpMethod.Put }; await _server.Client.SendAsync(httpRequestMessage).ConfigureAwait(false); var jwks = await _jwksClient.ResolveAsync(baseUrl + "/.well-known/openid-configuration").ConfigureAwait(false); // ASSERTS Assert.NotNull(result); Assert.False(result.ContainsError); Assert.NotEmpty(result.Content.AccessToken); var accessToken = result.Content.AccessToken; var payload = jwsParser.ValidateSignature(accessToken, jwks); Assert.Null(payload); }
public async Task When_Using_Password_Grant_Type_Then_Multiple_Roles_Are_Returned() { // ARRANGE InitializeFakeObjects(); _httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client); // ACT var result = await _clientAuthSelector.UseClientSecretPostAuth("client", "client") .UsePassword("superuser", "password", "role") .ResolveAsync(baseUrl + "/.well-known/openid-configuration"); // var claims = await _userInfoClient.Resolve(baseUrl + "/.well-known/openid-configuration", result.AccessToken); // ASSERTS var jwsParserFactory = new JwsParserFactory(); var jwsParser = jwsParserFactory.BuildJwsParser(); Assert.NotNull(result); Assert.False(result.ContainsError); Assert.NotEmpty(result.Content.IdToken); var payload = jwsParser.GetPayload(result.Content.IdToken); Assert.True(payload.ContainsKey("role")); var roles = payload["role"] as JArray; Assert.True(roles.Count == 2 && roles[0].ToString() == "administrator"); }
public AuthenticateController(UmaAuthenticationWebsiteOptions options, IAuthenticationService authenticationService) : base(authenticationService) { _options = options; _identityServerClientFactory = new IdentityServerClientFactory(); _jwsParserFactory = new JwsParserFactory(); }