private async Task <bool> AddCookie(string idToken, string nonce = null)
{
var jwsParserFactory = new JwsParserFactory();
var jwsParser = jwsParserFactory.BuildJwsParser();
var claims = new List <Claim>();
var payload = jwsParser.GetPayload(idToken);
if (!string.IsNullOrWhiteSpace(nonce))
{
if (!payload.ContainsKey("nonce"))
{
return(false);
}
if (payload["nonce"].ToString() != nonce)
{
return(false);
}
}
foreach (var kvp in payload)
{
claims.AddRange(Convert(kvp));
}
var claimsIdentity = new ClaimsIdentity(claims, Host.Constants.CookieNames.CookieName);
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
await _authenticationService.SignInAsync(HttpContext, Host.Constants.CookieNames.CookieName, claimsPrincipal, new AuthenticationProperties()).ConfigureAwait(false);
return(true);
}
public async Task When_Get_Access_Token_And_Rotate_JsonWebKeySet_Then_Signature_Is_Not_Correct()
{
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
var jwsParser = new JwsParserFactory().BuildJwsParser();
// ACT
var result = await _clientAuthSelector.UseClientSecretPostAuth("client", "client")
.UsePassword("administrator", "password", "scim")
.ResolveAsync(baseUrl + "/.well-known/openid-configuration").ConfigureAwait(false);
var httpRequestMessage = new HttpRequestMessage
{
RequestUri = new Uri(baseUrl + "/jwks"),
Method = HttpMethod.Put
};
await _server.Client.SendAsync(httpRequestMessage).ConfigureAwait(false);
var jwks = await _jwksClient.ResolveAsync(baseUrl + "/.well-known/openid-configuration").ConfigureAwait(false);
// ASSERTS
Assert.NotNull(result);
Assert.False(result.ContainsError);
Assert.NotEmpty(result.Content.AccessToken);
var accessToken = result.Content.AccessToken;
var payload = jwsParser.ValidateSignature(accessToken, jwks);
Assert.Null(payload);
}
public async Task When_Using_Password_Grant_Type_Then_Multiple_Roles_Are_Returned()
{
// ARRANGE
InitializeFakeObjects();
_httpClientFactoryStub.Setup(h => h.GetHttpClient()).Returns(_server.Client);
// ACT
var result = await _clientAuthSelector.UseClientSecretPostAuth("client", "client")
.UsePassword("superuser", "password", "role")
.ResolveAsync(baseUrl + "/.well-known/openid-configuration");
// var claims = await _userInfoClient.Resolve(baseUrl + "/.well-known/openid-configuration", result.AccessToken);
// ASSERTS
var jwsParserFactory = new JwsParserFactory();
var jwsParser = jwsParserFactory.BuildJwsParser();
Assert.NotNull(result);
Assert.False(result.ContainsError);
Assert.NotEmpty(result.Content.IdToken);
var payload = jwsParser.GetPayload(result.Content.IdToken);
Assert.True(payload.ContainsKey("role"));
var roles = payload["role"] as JArray;
Assert.True(roles.Count == 2 && roles[0].ToString() == "administrator");
}
public AuthenticateController(UmaAuthenticationWebsiteOptions options, IAuthenticationService authenticationService) : base(authenticationService)
{
_options = options;
_identityServerClientFactory = new IdentityServerClientFactory();
_jwsParserFactory = new JwsParserFactory();
}
