public async Task EncryptionResourceTokenAuth()
{
User user = EncryptionTests.databaseCore.GetUser(Guid.NewGuid().ToString());
await EncryptionTests.databaseCore.CreateUserAsync(user.Id);
PermissionProperties permission = await user.CreatePermissionAsync(
new PermissionProperties(Guid.NewGuid().ToString(), PermissionMode.All, EncryptionTests.container));
TestDoc testDoc = await EncryptionTests.CreateItemAsync(EncryptionTests.containerCore, EncryptionTests.dekId, TestDoc.PathsToEncrypt);
(string endpoint, string _) = TestCommon.GetAccountInfo();
CosmosClient resourceTokenBasedClient = new CosmosClientBuilder(endpoint, permission.Token)
.WithEncryptionKeyWrapProvider(new TestKeyWrapProvider())
.Build();
DatabaseCore databaseForTokenClient = (DatabaseInlineCore)resourceTokenBasedClient.GetDatabase(EncryptionTests.databaseCore.Id);
Container containerForTokenClient = databaseForTokenClient.GetContainer(EncryptionTests.container.Id);
await EncryptionTests.PerformForbiddenOperationAsync(() =>
databaseForTokenClient.GetDataEncryptionKey(EncryptionTests.dekId).ReadAsync(), "DEK.ReadAsync");
await EncryptionTests.PerformForbiddenOperationAsync(() =>
containerForTokenClient.ReadItemAsync <TestDoc>(testDoc.Id, new PartitionKey(testDoc.PK)), "ReadItemAsync");
await EncryptionTests.PerformForbiddenOperationAsync(() =>
containerForTokenClient.ReadItemStreamAsync(testDoc.Id, new PartitionKey(testDoc.PK)), "ReadItemStreamAsync");
}