public void CreateAndValidateToken_WithSecurityTokenDescriptor_ExpectCorrectBrancaTimestampAndNoIatClaim()
{
const string issuer = "me";
const string audience = "you";
const string subject = "123";
var expires = DateTime.UtcNow.AddDays(1);
var notBefore = DateTime.UtcNow;
var handler = new BrancaTokenHandler();
var token = handler.CreateToken(new SecurityTokenDescriptor
{
Issuer = issuer,
Audience = audience,
Expires = expires,
NotBefore = notBefore,
Claims = new Dictionary <string, object> {
{ "sub", subject }
},
EncryptingCredentials = new EncryptingCredentials(new SymmetricSecurityKey(validKey), ExtendedSecurityAlgorithms.XChaCha20Poly1305)
});
var validatedToken = handler.ValidateToken(token, new TokenValidationParameters
{
ValidIssuer = issuer,
ValidAudience = audience,
TokenDecryptionKey = new SymmetricSecurityKey(validKey)
});
validatedToken.IsValid.Should().BeTrue();
validatedToken.ClaimsIdentity.Claims.Should().Contain(
x => x.Type == "sub" && x.Value == subject);
var brancaToken = (BrancaSecurityToken)validatedToken.SecurityToken;
brancaToken.Issuer.Should().Be(issuer);
brancaToken.Audiences.Should().Contain(audience);
brancaToken.Subject.Should().Be(subject);
brancaToken.IssuedAt.Should().BeWithin(1.Minutes()).After(notBefore);
brancaToken.ValidFrom.Should().BeWithin(0.Seconds()).After(notBefore);
brancaToken.ValidTo.Should().BeWithin(0.Seconds()).After(expires);
}