public void Create_JWT()
{
using (new BasicAppHost().Init())
{
var jwtProvider = new JwtAuthProvider
{
AuthKeyBase64 = Config.JwtAuthKeyBase64,
ExpireTokensInDays = 3650
};
var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm);
var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession
{
UserAuthId = "1",
DisplayName = "test",
UserName = "******",
IsAuthenticated = true,
},
issuer: jwtProvider.Issuer,
expireIn: jwtProvider.ExpireTokensIn,
audience: jwtProvider.Audience,
roles: new[] { "TheRole" },
permissions: new[] { "ThePermission" });
var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm());
jwtToken.Print();
}
}
public void Does_validate_multiple_audiences()
{
var jwtProvider = (JwtAuthProvider)AuthenticateService.GetAuthProvider(JwtAuthProviderReader.Name);
string CreateJwtWithAudiences(params string[] audiences)
{
var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm);
var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession
{
UserAuthId = "1",
DisplayName = "Test",
Email = "*****@*****.**",
IsAuthenticated = true,
},
issuer: jwtProvider.Issuer,
expireIn: jwtProvider.ExpireTokensIn,
audiences: audiences);
var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm());
return(jwtToken);
}
jwtProvider.Audiences = new List <string> {
"foo", "bar"
};
var jwtNoAudience = CreateJwtWithAudiences();
Assert.That(jwtProvider.IsJwtValid(jwtNoAudience));
var jwtWrongAudience = CreateJwtWithAudiences("qux");
Assert.That(!jwtProvider.IsJwtValid(jwtWrongAudience));
var jwtPartialAudienceMatch = CreateJwtWithAudiences("bar", "qux");
Assert.That(jwtProvider.IsJwtValid(jwtPartialAudienceMatch));
jwtProvider.Audience = "foo";
Assert.That(!jwtProvider.IsJwtValid(jwtPartialAudienceMatch));
jwtProvider.Audience = null;
Assert.That(jwtProvider.IsJwtValid(jwtPartialAudienceMatch));
}
protected string CreateJwt(RSAParameters privateKey, string algorithm, string audience = null)
{
var header = JwtAuthProvider.CreateJwtHeader(algorithm);
var payload = JwtAuthProvider.CreateJwtPayload(new AuthUserSession {
UserAuthId = "1",
DisplayName = "Test",
Email = "*****@*****.**",
// JwtAuthProvider.CreateJwt would fail without ProfileUrl when
// there is no initialized AppHost
ProfileUrl = "http://myprofile"
}, "https://server.example.com",
audiences: new [] { audience },
expireIn: TimeSpan.FromDays(7));
var rsaSignFunc = JwtAuthProviderReader.RsaSignAlgorithms[algorithm];
return(JwtAuthProvider.CreateJwt(header, payload,
data => rsaSignFunc(privateKey, data)));
}
public void Can_manually_create_an_authenticated_UserSession_in_Token()
{
var jwtProvider = CreateJwtAuthProvider();
var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm);
var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession
{
UserAuthId = "1",
DisplayName = "Test",
Email = "*****@*****.**",
IsAuthenticated = true,
},
issuer: jwtProvider.Issuer,
expireIn: jwtProvider.ExpireTokensIn,
audiences: jwtProvider.Audiences,
roles: new[] { "TheRole" },
permissions: new[] { "ThePermission" });
var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm());
var client = GetClient();
try
{
client.Send(new HelloJwt {
Name = "no jwt"
});
Assert.Fail("should throw");
}
catch (WebServiceException ex)
{
Assert.That(ex.StatusCode, Is.EqualTo((int)HttpStatusCode.Unauthorized));
}
client.SetTokenCookie(jwtToken);
var response = client.Send(new HelloJwt {
Name = "from Custom JWT"
});
Assert.That(response.Result, Is.EqualTo("Hello, from Custom JWT"));
}
private string CreateJwtToken()
{
var jwtProvider = CreateJwtAuthProvider();
var header = JwtAuthProvider.CreateJwtHeader(jwtProvider.HashAlgorithm);
var body = JwtAuthProvider.CreateJwtPayload(new AuthUserSession {
UserAuthId = "1",
DisplayName = "Test",
Email = "*****@*****.**",
IsAuthenticated = true,
},
issuer: jwtProvider.Issuer,
expireIn: jwtProvider.ExpireTokensIn,
audiences: jwtProvider.Audiences,
roles: new[] { "TheRole" },
permissions: new[] { "ThePermission" });
var jwtToken = JwtAuthProvider.CreateJwt(header, body, jwtProvider.GetHashAlgorithm());
return(jwtToken);
}