public void Success()
{
var jwtCodec = new JwtCodec(Config);
var token = jwtCodec.Encode(new { UserId = 1, Username = "******" }, IssuedAt: DateTime.UtcNow);
var success = jwtCodec.Decode(token, new List<IClaimsChecker> { new IssuedAtChecker() }, null);
Assert.True(success);
}
public void NoClaim()
{
var jwtCodec = new JwtCodec(Config);
var token = jwtCodec.Encode(new { UserId = 1, Username = "******" });
var success = jwtCodec.Decode(token, new List<IClaimsChecker> { new JwtIdChecker(Validator) }, null);
Assert.False(success);
}
public void Fail()
{
var jwtCodec = new JwtCodec(Config);
var token = jwtCodec.Encode(new { UserId = 1, Username = "******" });
var success = jwtCodec.Decode(token, new List<IClaimsChecker> { new IssuedAtChecker() }, null);
Assert.False(success);
}
public void Success()
{
var jwtCodec = new JwtCodec(Config);
var token = jwtCodec.Encode(new { UserId = 1, Username = "******" }, JwtId: "B311F1EA-588B-40D3-BD89-27DCDF9DB5EB");
var success = jwtCodec.Decode(token, new List<IClaimsChecker> { new JwtIdChecker(Validator) }, null);
Assert.True(success);
}
public void Fail()
{
var jwtCodec = new JwtCodec(Config);
var token = jwtCodec.Encode(new { UserId = 1, Username = "******" }, JwtId: "E0483DF9-7AA1-4426-92A9-3A5878DBDF8D");
var success = jwtCodec.Decode(token, new List<IClaimsChecker> { new JwtIdChecker(Validator) }, null);
Assert.False(success);
}
public void Fail2()
{
var jwtCodec = new JwtCodec(Config);
var token = jwtCodec.Encode(new { UserId = 1, Username = "******" }, Subject: "administration");
var success = jwtCodec.Decode(token, new List<IClaimsChecker> { new SubjectChecker() }, new ClaimsCheckerVariables
{
Issuer = null
});
Assert.False(success);
}
public void Fail1()
{
var jwtCodec = new JwtCodec(Config);
var token = jwtCodec.Encode(new { UserId = 1, Username = "******" }, Issuer: "accelist.com");
var success = jwtCodec.Decode(token, new List<IClaimsChecker> { new IssuerChecker() }, new ClaimsCheckerVariables
{
Issuer = "accelist.co.id"
});
Assert.False(success);
}
public void Success()
{
var jwtCodec = new JwtCodec(new JwtConfig
{
KeyConfig = new KeyConfig
{
Value = new byte[] { 237, 77, 131, 121, 90, 110, 35, 231, 70, 26, 39, 55, 158, 159, 179, 231 }
},
Signer = new HS256Signer()
});
var token = jwtCodec.Encode(new { UserId = 1, Username = "******" }, NotBefore: DateTime.UtcNow.AddDays(-1));
var success = jwtCodec.Decode(token, new List<IClaimsChecker> { new NotBeforeChecker() }, null);
Assert.True(success);
}
public void NoClaim()
{
var jwtCodec = new JwtCodec(new JwtConfig
{
KeyConfig = new KeyConfig
{
Value = new byte[] { 237, 77, 131, 121, 90, 110, 35, 231, 70, 26, 39, 55, 158, 159, 179, 231 }
},
Signer = new HS256Signer()
});
var token = jwtCodec.Encode(new { UserId = 1, Username = "******" });
var success = jwtCodec.Decode(token, new List<IClaimsChecker> { new ExpirationTimeChecker() }, null);
Assert.False(success);
}
public void Success()
{
var jwtCodec = new JwtCodec(new JwtConfig
{
KeyConfig = new KeyConfig
{
Value = new byte[] { 237, 77, 131, 121, 90, 110, 35, 231, 70, 26, 39, 55, 158, 159, 179, 231 }
},
Signer = new HS256Signer()
});
var token = jwtCodec.Encode(new { UserId = 1, Username = "******", Role = "Admin" });
var variables = new ClaimsCheckerVariables();
variables.Roles = "Admin, Customer";
var success = jwtCodec.Decode(token, new List<IClaimsChecker> { new RoleChecker() }, variables);
Assert.True(success);
}
public void Fail2()
{
var jwtCodec = new JwtCodec(new JwtConfig
{
KeyConfig = new KeyConfig
{
Value = new byte[] { 237, 77, 131, 121, 90, 110, 35, 231, 70, 26, 39, 55, 158, 159, 179, 231 }
},
Signer = new HS256Signer()
});
var token = jwtCodec.Encode(new { UserId = 1, Username = "******" },
Audience: new List<string> { "UserPanel", "ShoppingCart", "CustomerService" });
var variables = new ClaimsCheckerVariables();
variables.Audience = null;
var success = jwtCodec.Decode(token, new List<IClaimsChecker> { new AudienceChecker() }, variables);
Assert.False(success);
}
/// <summary>
/// Validation logic for JwtAuthorizeAttribute
/// </summary>
/// <param name="actionContext"></param>
/// <returns></returns>
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var authHeader = actionContext.Request.Headers.Authorization;
if (authHeader == null) return false;
var token = authHeader.Parameter;
var jwtCodec = new JwtCodec(Configuration);
return jwtCodec.Decode(token, ClaimsCheckers,
new ClaimsCheckerVariables
{
Audience = this.Audience,
Roles = this.Roles,
Users = this.Users,
Subject = this.Subject,
Issuer = this.Issuer
}
);
}
/// <summary>
/// Validation logic for JwtCookieValidateAttribute
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (!httpContext.Request.Cookies.AllKeys.Contains(CookieName)) return false;
var jwtCodec = new JwtCodec(Configuration);
var isValid = jwtCodec.Decode(httpContext.Request.Cookies[CookieName].Value, ClaimsCheckers,
new ClaimsCheckerVariables
{
Audience = this.Audience,
Roles = this.Roles,
Users = this.Users,
Subject = this.Subject,
Issuer = this.Issuer
});
if (!isValid)
{
//invalidate
var c = new HttpCookie(CookieName);
c.Expires = DateTime.Now.AddDays(-1);
httpContext.Response.Cookies.Add(c);
}
return isValid;
}
public void Sample()
{
var jwtConfig = new JwtConfig
{
KeyConfig = new KeyConfig
{
Value = new byte[] { 237, 77, 131, 121, 90, 110, 35, 231, 70, 26, 39, 55, 158, 159, 179, 231 }
},
Signer = new HS256Signer()
};
var jwtCodec = new JwtCodec(jwtConfig);
var claims = new
{
UserId = 1,
Username = "******",
Role = "Admin"
};
string token1 = jwtCodec.Encode(claims);
//eyJVc2VySWQiOjEsIlVzZXJuYW1lIjoiamFja2FudG9ubyIsIlJvbGUiOiJBZG1pbiJ9.yCY897l0Qt4pNWAMkLebcwjygiqbkQcFMfNW+BZjCUo=
output.WriteLine(token1);
bool isValid = jwtCodec.Decode(token1);
//True
output.WriteLine(isValid.ToString());
var now = new DateTime(2015, 11, 23, 14, 0, 0, DateTimeKind.Utc);
var token2 = jwtCodec.Encode(claims,
Issuer: "accelist.com",
Subject: "Authentication",
Audience: new List<string> { "EmployeePortal", "SecurityCenter" },
ExpirationTime: now.AddHours(12),
NotBefore: now,
IssuedAt: now,
JwtId: Guid.Parse("2628850a-e1a9-4897-bf78-355fa5367ca1").ToString()
);
//eyJVc2VySWQiOjEsIlVzZXJuYW1lIjoiamFja2FudG9ubyIsIlJvbGUiOiJBZG1pbiIsImlzcyI6ImFjY2VsaXN0LmNvbSIsInN1YiI6IkF1dGhlbnRpY2F0aW9uIiwiYXVkIjpbIkVtcGxveWVlUG9ydGFsIiwiU2VjdXJpdHlDZW50ZXIiXSwiZXhwIjoxNDQ4MzMwNDAwLCJuYmYiOjE0NDgyODcyMDAsImlhdCI6MTQ0ODI4NzIwMCwianRpIjoiMjYyODg1MGEtZTFhOS00ODk3LWJmNzgtMzU1ZmE1MzY3Y2ExIn0=.d/ON3EdLGOC0VPcKwiLE15WZKoM9Mwx+3P2QQIhSP8U=
output.WriteLine(token2);
/// Validation logic for registered claim: Issuer.
/// Successful if the Issuer property value equals the claim or claim is not provided.
var issChecker = new IssuerChecker();
/// Validation logic for registered claim: Subject.
/// Successful if the Subject property value equals the claim or claim is not provided.
var subChecker = new SubjectChecker();
/// Validation logic for registered claim: Audience.
/// Successful if the claim is not present or the Audience property value is in the said claim.
var audChecker = new AudienceChecker();
var leeway = new TimeSpan(0, 5, 0);
/// Validation logic for registered claim: Expiration Time.
/// Successful if claim exists and current time is at or before the said claim, using leeway period if provided.
var expChecker = new ExpirationTimeChecker(leeway);
/// Authorization logic for registered claim: Not Before.
/// Successful if claim exists and current time is at or after the said claim, using leeway period if provided.
var nbfChecker = new NotBeforeChecker(leeway);
/// Authorization logic for registered claim: Issued At.
/// Successful if claim exists.
var iatChecker = new IssuedAtChecker();
/// Validation logic for registered claim: JWT ID.
/// Successful if claims exist and resolves to true when passed through the validator.
Func<string, bool> jtiValidator = (jti) =>
{
return true;
};
var jtiChecker = new JwtIdChecker(jtiValidator);
/// Validation logic for AuthorizeAttribute 'Role' claim.
/// Successful if the Roles property is not set or the claim is in the Roles property value.
var roleChecker = new RoleChecker("Role");
/// Validation logic for AuthorizeAttribute 'User' claim.
/// Successful if the User property is not set or the claim is in the Users property value.
var userChecker = new UserChecker("Username");
var claimsCheckers = new List<IClaimsChecker> { issChecker, subChecker, audChecker, expChecker, nbfChecker, iatChecker, jtiChecker, roleChecker, userChecker };
var variables = new ClaimsCheckerVariables
{
Issuer = "accelist.com",
Subject = "Administration",
Roles = "Admin",
Audience = "EmployeePortal",
Users = "jackantono, ryanelian",
};
jwtCodec.Decode(token2, claimsCheckers, variables);
var jwtObj = JwtObject.Parse(token2);
var extractClaims = jwtObj.ClaimsAsObject<ClaimsTest>();
output.WriteLine(Newtonsoft.Json.JsonConvert.SerializeObject(extractClaims, Newtonsoft.Json.Formatting.Indented));
}
