public void ExpiresConversion()
{
DateTimeOffset expires = new DateTimeOffset(2012, 9, 19, 21, 23, 0, TimeSpan.FromSeconds(0));
string expiresString = LiveAuthWebUtility.GetExpiresString(expires);
Assert.AreEqual("1348089780", expiresString);
Assert.AreEqual(expires, LiveAuthWebUtility.ParseExpiresValue(expiresString));
}
/// <summary>
/// TODO: single sign-on is not supported currently.
/// Implements the logic for verifying and decoding authentication token issued by MSA.
/// Note that authentication tokens are used for single sign-on only.
/// </summary>
/// <param name="userAuthenticationToken">Microsoft authentication token</param>
/// <param name="appClientID">ClientID issued by Microsoft to the app that requested the token</param>
/// <param name="appClientSecret">Client secret issued by Microsoft to the app that requested the token</param>
/// <returns>Tuple:
/// boolean: true if the authentication token was valid, false otherwise
/// string: the user id in the authentication token. (TODO: return the JWT token instead).
/// <c>OAuthException</c>: exception specific to <c>OAuth</c> encountered during token validation and decoding
/// </returns>
private Tuple <bool, string, OAuthException> VerifyAndDecodeMicrosoftAuthenticationToken(string userAuthenticationToken, string appClientID, string appClientSecret)
{
// Flag representing whether token has been verified
bool tokenVerified = false;
// Identity extracted from the token
string tokenIdentity = null;
// Exception raised upon verifying and decoding the token
OAuthException tokenEx = null;
// MSA authentication token simply gets decoded to a JWT
JsonWebToken jwtToken = null;
// Exception raised by LiveID decoding
LiveAuthException liveEx = null;
// Decode token. If cannot decode, create appropriate OAuthException.
// DecodeAuthenticationToken does not appear to throw any errors. Instead, its errors are caught, and it returns false instead.
if (LiveAuthWebUtility.DecodeAuthenticationToken(userAuthenticationToken, appClientSecret, out jwtToken, out liveEx) == false)
{
tokenEx = new OAuthException(OAuthErrors.ServiceUnavailable_503_Microsoft, liveEx /* pass out the LiveException also */);
}
else
{
//// TOKEN Validation checks
if (jwtToken.IsExpired == true)
{
// Token expired. Handle this appropriately.
tokenEx = new OAuthException(OAuthErrors.Unauthorized_401_1);
}
else if (appClientID != jwtToken.Claims.AppId)
{
// Token stolen by different app. Handle this appropriately.
tokenEx = new OAuthException(OAuthErrors.Unauthorized_401_3);
}
else if (string.IsNullOrEmpty(jwtToken.Claims.UserId))
{
// Token's id doesn't exist. Handle this appropriately.
tokenEx = new OAuthException(OAuthErrors.Unauthorized_401_4);
}
else
{
// Extract the token's identity
tokenIdentity = jwtToken.Claims.UserId;
tokenVerified = true;
}
}
// MSA's authentication token contains no information about a user other than it's account id.
// Note that the account id found in an MSA authentication token is different than the actual account id.
// Although couldn't find specs, it's likely this is due to privacy reasons. MSA issues a different account
// id to different application publishers. In this ways, two publishers cannot track a single user accross
// since the ids found in their auth tokens are different. However, this id is the same across two different
// apps owned by the same publisher.
return(new Tuple <bool, string, OAuthException>(tokenVerified, tokenIdentity, tokenEx));
}
public void LiveAuthUtility_ReadToken()
{
string authToken = "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAiLCJ0eXAiOiJKV1QifQ.eyJ2ZXIiOjEsImlzcyI6InVybjp3aW5kb3dzOmxpdmVpZCIsImV4cCI6MTM0NzczNzI0NSwidWlkIjoiYjY5ZTllOTlkYzE4MzE1YmZkOWJmOWJjY2Y4ZGY2NjkiLCJhdWQiOiJ3d3cubGl2ZXNka2phdmFzY3JpcHRzYW1wbGVzLmNvbSIsInVybjptaWNyb3NvZnQ6YXBwdXJpIjoibXMtYXBwOi8vUy0xLTE1LTItMTI4MjA3MDczMC0yMzQyMTY3OTUyLTI3NjQyOTkxMTgtMjcwOTk1MTQxNi0yMDQ2NDEyNTctMzM0NTQ3NjMxOS0xMDE1MzA5MDI0IiwidXJuOm1pY3Jvc29mdDphcHBpZCI6IjAwMDAwMDAwNDAwODYyMUUifQ.c6ypLLB3MXD5gRj3M09lJSCKJNfGA8hw7ykEE5aF0OU";
string secret = "Gzy5MgBnMol73vTWZ3lqB34Pltt1XQiQ";
JsonWebToken token;
LiveAuthException error;
bool succeeded = LiveAuthWebUtility.DecodeAuthenticationToken(authToken, secret, out token, out error);
Assert.IsTrue(succeeded);
Assert.AreEqual("b69e9e99dc18315bfd9bf9bccf8df669", token.Claims.UserId);
Assert.IsTrue(token.IsExpired);
Assert.IsNull(error);
}
public void GetExpiresInString()
{
Assert.AreEqual("0", LiveAuthWebUtility.GetExpiresInString(DateTimeOffset.UtcNow));
}
