public void ExpiresConversion() { DateTimeOffset expires = new DateTimeOffset(2012, 9, 19, 21, 23, 0, TimeSpan.FromSeconds(0)); string expiresString = LiveAuthWebUtility.GetExpiresString(expires); Assert.AreEqual("1348089780", expiresString); Assert.AreEqual(expires, LiveAuthWebUtility.ParseExpiresValue(expiresString)); }
/// <summary> /// TODO: single sign-on is not supported currently. /// Implements the logic for verifying and decoding authentication token issued by MSA. /// Note that authentication tokens are used for single sign-on only. /// </summary> /// <param name="userAuthenticationToken">Microsoft authentication token</param> /// <param name="appClientID">ClientID issued by Microsoft to the app that requested the token</param> /// <param name="appClientSecret">Client secret issued by Microsoft to the app that requested the token</param> /// <returns>Tuple: /// boolean: true if the authentication token was valid, false otherwise /// string: the user id in the authentication token. (TODO: return the JWT token instead). /// <c>OAuthException</c>: exception specific to <c>OAuth</c> encountered during token validation and decoding /// </returns> private Tuple <bool, string, OAuthException> VerifyAndDecodeMicrosoftAuthenticationToken(string userAuthenticationToken, string appClientID, string appClientSecret) { // Flag representing whether token has been verified bool tokenVerified = false; // Identity extracted from the token string tokenIdentity = null; // Exception raised upon verifying and decoding the token OAuthException tokenEx = null; // MSA authentication token simply gets decoded to a JWT JsonWebToken jwtToken = null; // Exception raised by LiveID decoding LiveAuthException liveEx = null; // Decode token. If cannot decode, create appropriate OAuthException. // DecodeAuthenticationToken does not appear to throw any errors. Instead, its errors are caught, and it returns false instead. if (LiveAuthWebUtility.DecodeAuthenticationToken(userAuthenticationToken, appClientSecret, out jwtToken, out liveEx) == false) { tokenEx = new OAuthException(OAuthErrors.ServiceUnavailable_503_Microsoft, liveEx /* pass out the LiveException also */); } else { //// TOKEN Validation checks if (jwtToken.IsExpired == true) { // Token expired. Handle this appropriately. tokenEx = new OAuthException(OAuthErrors.Unauthorized_401_1); } else if (appClientID != jwtToken.Claims.AppId) { // Token stolen by different app. Handle this appropriately. tokenEx = new OAuthException(OAuthErrors.Unauthorized_401_3); } else if (string.IsNullOrEmpty(jwtToken.Claims.UserId)) { // Token's id doesn't exist. Handle this appropriately. tokenEx = new OAuthException(OAuthErrors.Unauthorized_401_4); } else { // Extract the token's identity tokenIdentity = jwtToken.Claims.UserId; tokenVerified = true; } } // MSA's authentication token contains no information about a user other than it's account id. // Note that the account id found in an MSA authentication token is different than the actual account id. // Although couldn't find specs, it's likely this is due to privacy reasons. MSA issues a different account // id to different application publishers. In this ways, two publishers cannot track a single user accross // since the ids found in their auth tokens are different. However, this id is the same across two different // apps owned by the same publisher. return(new Tuple <bool, string, OAuthException>(tokenVerified, tokenIdentity, tokenEx)); }
public void LiveAuthUtility_ReadToken() { string authToken = "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAiLCJ0eXAiOiJKV1QifQ.eyJ2ZXIiOjEsImlzcyI6InVybjp3aW5kb3dzOmxpdmVpZCIsImV4cCI6MTM0NzczNzI0NSwidWlkIjoiYjY5ZTllOTlkYzE4MzE1YmZkOWJmOWJjY2Y4ZGY2NjkiLCJhdWQiOiJ3d3cubGl2ZXNka2phdmFzY3JpcHRzYW1wbGVzLmNvbSIsInVybjptaWNyb3NvZnQ6YXBwdXJpIjoibXMtYXBwOi8vUy0xLTE1LTItMTI4MjA3MDczMC0yMzQyMTY3OTUyLTI3NjQyOTkxMTgtMjcwOTk1MTQxNi0yMDQ2NDEyNTctMzM0NTQ3NjMxOS0xMDE1MzA5MDI0IiwidXJuOm1pY3Jvc29mdDphcHBpZCI6IjAwMDAwMDAwNDAwODYyMUUifQ.c6ypLLB3MXD5gRj3M09lJSCKJNfGA8hw7ykEE5aF0OU"; string secret = "Gzy5MgBnMol73vTWZ3lqB34Pltt1XQiQ"; JsonWebToken token; LiveAuthException error; bool succeeded = LiveAuthWebUtility.DecodeAuthenticationToken(authToken, secret, out token, out error); Assert.IsTrue(succeeded); Assert.AreEqual("b69e9e99dc18315bfd9bf9bccf8df669", token.Claims.UserId); Assert.IsTrue(token.IsExpired); Assert.IsNull(error); }
public void GetExpiresInString() { Assert.AreEqual("0", LiveAuthWebUtility.GetExpiresInString(DateTimeOffset.UtcNow)); }