public async Task AddParameters_AddsAccessTokenToResponse_WhenAccessTokenIsEmitted()
{
// Arrange
var provider = new DefaultTokenResponseParameterProvider(new TimeStampManager());
var response = new OpenIdConnectMessage();
var context = new TokenGeneratingContext(
new ClaimsPrincipal(),
new ClaimsPrincipal(),
new OpenIdConnectMessage(),
new RequestGrants()
{
Scopes = new[] { ApplicationScope.OpenId, new ApplicationScope("resourceId", "read") }
});
context.InitializeForToken(TokenTypes.AccessToken);
context.AddToken(new TokenResult(new TestToken(TokenTypes.AccessToken), "serialized_access_token"));
// Act
await provider.AddParameters(context, response);
// Assert
Assert.Equal("serialized_access_token", response.AccessToken);
Assert.Equal("3600", response.ExpiresIn);
Assert.True(response.Parameters.ContainsKey("expires_on"));
Assert.Equal("946688400", response.Parameters["expires_on"]);
Assert.True(response.Parameters.ContainsKey("not_before"));
Assert.Equal("946684800", response.Parameters["not_before"]);
Assert.Equal("resourceId", response.Resource);
Assert.Equal("Bearer", response.TokenType);
}
public async Task AddParameters_AddsIdTokenToResponse_WhenIdTokenIsEmitted()
{
// Arrange
var provider = new DefaultAuthorizationResponseParameterProvider(new TimeStampManager());
var response = new AuthorizationResponse()
{
Message = new OpenIdConnectMessage(),
RedirectUri = "http://www.example.com/callback",
ResponseMode = "query"
};
var context = new TokenGeneratingContext(
new ClaimsPrincipal(),
new ClaimsPrincipal(),
new OpenIdConnectMessage()
{
State = "state"
},
new RequestGrants());
context.InitializeForToken(TokenTypes.IdToken);
context.AddToken(new TokenResult(new TestToken(TokenTypes.IdToken), "serialized_id_token"));
// Act
await provider.AddParameters(context, response);
// Assert
Assert.Equal("state", response.Message.State);
Assert.Equal("serialized_id_token", response.Message.IdToken);
}
public async Task IssueAccessTokenAsync(TokenGeneratingContext context)
{
var accessToken = await CreateAccessTokenAsync(context);
var subjectIdentity = CreateSubject(accessToken);
var descriptor = new SecurityTokenDescriptor();
descriptor.Issuer = accessToken.Issuer;
descriptor.Audience = accessToken.Audience;
descriptor.Subject = subjectIdentity;
descriptor.Expires = accessToken.Expires.UtcDateTime;
descriptor.NotBefore = accessToken.NotBefore.UtcDateTime;
var credentialsDescriptor = await _credentialsProvider.GetSigningCredentialsAsync();
descriptor.SigningCredentials = credentialsDescriptor.Credentials;
var token = _handler.CreateJwtSecurityToken(descriptor);
token.Payload.Remove(IdentityServiceClaimTypes.JwtId);
token.Payload.Remove(IdentityServiceClaimTypes.IssuedAt);
//token.Payload.Add(IdentityServiceClaimTypes.JwtId, accessToken.Id);
context.AddToken(new TokenResult(accessToken, _handler.WriteToken(token), TokenKinds.Bearer));
}
public async Task IssueRefreshTokenAsync(TokenGeneratingContext context)
{
var refreshToken = await CreateRefreshTokenAsync(context);
var token = _dataFormat.Protect(refreshToken);
context.AddToken(new TokenResult(refreshToken, token));
}
public async Task CreateAuthorizationCodeAsync(TokenGeneratingContext context)
{
await _claimsManager.CreateClaimsAsync(context);
var claims = context.CurrentClaims;
var code = new AuthorizationCode(claims);
var tokenResult = new TokenResult(code, _dataFormat.Protect(code));
context.AddToken(tokenResult);
}
public async Task IssueIdTokenAsync(TokenGeneratingContext context)
{
var idToken = await CreateIdTokenAsync(context);
var subjectIdentity = CreateSubject(idToken);
var descriptor = new SecurityTokenDescriptor();
descriptor.Issuer = idToken.Issuer;
descriptor.Audience = idToken.Audience;
descriptor.Subject = subjectIdentity;
descriptor.IssuedAt = idToken.IssuedAt.UtcDateTime;
descriptor.Expires = idToken.Expires.UtcDateTime;
descriptor.NotBefore = idToken.NotBefore.UtcDateTime;
var credentialsDescriptor = await _credentialsProvider.GetSigningCredentialsAsync();
descriptor.SigningCredentials = credentialsDescriptor.Credentials;
var token = _handler.CreateJwtSecurityToken(descriptor);
token.Payload.Remove(IdentityServiceClaimTypes.JwtId);
//token.Payload.Add(IdentityServiceClaimTypes.JwtId, idToken.Id);
if (idToken.Nonce != null)
{
token.Payload.AddClaim(new Claim(IdentityServiceClaimTypes.Nonce, idToken.Nonce));
}
if (idToken.CodeHash != null)
{
token.Payload.AddClaim(new Claim(IdentityServiceClaimTypes.CodeHash, idToken.CodeHash));
}
if (idToken.AccessTokenHash != null)
{
token.Payload.AddClaim(new Claim(IdentityServiceClaimTypes.AccessTokenHash, idToken.AccessTokenHash));
}
context.AddToken(new TokenResult(idToken, _handler.WriteToken(token)));
}
public async Task AddParameters_AddsRefreshTokenToResponse_WhenRefreshTokenIsEmitted()
{
// Arrange
var provider = new DefaultTokenResponseParameterProvider(new TimeStampManager());
var response = new OpenIdConnectMessage();
var context = new TokenGeneratingContext(
new ClaimsPrincipal(),
new ClaimsPrincipal(),
new OpenIdConnectMessage(),
new RequestGrants());
context.InitializeForToken(TokenTypes.RefreshToken);
context.AddToken(new TokenResult(new TestToken(TokenTypes.RefreshToken), "serialized_refresh_token"));
// Act
await provider.AddParameters(context, response);
// Assert
Assert.Equal("serialized_refresh_token", response.RefreshToken);
Assert.True(response.Parameters.ContainsKey("refresh_token_expires_in"));
Assert.Equal("3600", response.Parameters["refresh_token_expires_in"]);
Assert.Equal("Bearer", response.TokenType);
}
public async Task AddParameters_AddsAccessTokenToResponse_WhenAccessTokenIsEmitted()
{
// Arrange
var provider = new DefaultAuthorizationResponseParameterProvider(new TimeStampManager());
var response = new AuthorizationResponse()
{
Message = new OpenIdConnectMessage(),
RedirectUri = "http://www.example.com/callback",
ResponseMode = "query"
};
var context = new TokenGeneratingContext(
new ClaimsPrincipal(),
new ClaimsPrincipal(),
new OpenIdConnectMessage()
{
State = "state"
},
new RequestGrants()
{
Scopes = { ApplicationScope.OpenId, new ApplicationScope("resourceId", "read") }
});
context.InitializeForToken(TokenTypes.AccessToken);
context.AddToken(new TokenResult(new TestToken(TokenTypes.AccessToken), "serialized_access_token"));
// Act
await provider.AddParameters(context, response);
// Assert
Assert.Equal("state", response.Message.State);
Assert.Equal("serialized_access_token", response.Message.AccessToken);
Assert.Equal("3600", response.Message.ExpiresIn);
Assert.Equal("openid read", response.Message.Scope);
Assert.Equal("Bearer", response.Message.TokenType);
}