public void Configure_IgnoresOptionsForDifferentSchemes() { // Arrange var localApiDescriptor = new Mock <IIdentityServerJwtDescriptor>(); localApiDescriptor.Setup(lad => lad.GetResourceDefinitions()) .Returns(new Dictionary <string, ResourceDefinition> { ["TestAPI"] = new ResourceDefinition { Profile = ApplicationProfiles.IdentityServerJwt } }); var bearerConfiguration = new IdentityServerJwtBearerOptionsConfiguration( "authScheme", "TestAPI", localApiDescriptor.Object); var options = new JwtBearerOptions(); // Act bearerConfiguration.Configure("otherScheme", options); // Assert Assert.NotEqual("name", options.TokenValidationParameters.NameClaimType); Assert.NotEqual("role", options.TokenValidationParameters.RoleClaimType); Assert.NotEqual("TestAPI", options.Audience); Assert.NotEqual("https://localhost", options.Authority); }
public void Configure_IgnoresOptionsForNonExistingAPIs() { // Arrange var contextAccessor = new Mock <IHttpContextAccessor>(); var context = new DefaultHttpContext(); context.Request.Scheme = "https"; context.Request.Host = new HostString("localhost"); context.RequestServices = new ServiceCollection() .AddSingleton(new IdentityServerOptions()) .BuildServiceProvider(); contextAccessor.SetupGet(ca => ca.HttpContext).Returns( context); var localApiDescriptor = new Mock <IIdentityServerJwtDescriptor>(); localApiDescriptor.Setup(lad => lad.GetResourceDefinitions()) .Returns(new Dictionary <string, ResourceDefinition> { ["TestAPI"] = new ResourceDefinition { Profile = ApplicationProfiles.IdentityServerJwt } }); var credentialsStore = new Mock <ISigningCredentialStore>(); var key = new RsaSecurityKey(RSA.Create()); credentialsStore.Setup(cs => cs.GetSigningCredentialsAsync()) .ReturnsAsync(new SigningCredentials(key, "RS256")); var bearerConfiguration = new IdentityServerJwtBearerOptionsConfiguration( "authScheme", "NonExistingApi", localApiDescriptor.Object); var options = new JwtBearerOptions(); // Act bearerConfiguration.Configure("authScheme", options); // Assert Assert.NotEqual("name", options.TokenValidationParameters.NameClaimType); Assert.NotEqual("role", options.TokenValidationParameters.RoleClaimType); Assert.NotEqual(key, options.TokenValidationParameters.IssuerSigningKey); Assert.NotEqual("TestAPI", options.Audience); Assert.NotEqual("https://localhost", options.Authority); }
public async Task ResolveAuthorityAndKeysAsync_SetsUpAuthorityAndKeysOnTheTokenValidationParametersAsync() { // Arrange var localApiDescriptor = new Mock <IIdentityServerJwtDescriptor>(); localApiDescriptor.Setup(lad => lad.GetResourceDefinitions()) .Returns(new Dictionary <string, ResourceDefinition> { ["TestAPI"] = new ResourceDefinition { Profile = ApplicationProfiles.IdentityServerJwt } }); var credentialsStore = new Mock <ISigningCredentialStore>(); var key = new RsaSecurityKey(RSA.Create()); credentialsStore.Setup(cs => cs.GetSigningCredentialsAsync()) .ReturnsAsync(new SigningCredentials(key, "RS256")); var issuerName = new Mock <IIssuerNameService>(); issuerName.Setup(i => i.GetCurrentAsync()).ReturnsAsync("https://localhost"); var context = new DefaultHttpContext(); context.Request.Scheme = "https"; context.Request.Host = new HostString("localhost"); context.RequestServices = new ServiceCollection() .AddSingleton(new IdentityServerOptions()) .AddSingleton(credentialsStore.Object) .AddSingleton(issuerName.Object) .BuildServiceProvider(); var options = new JwtBearerOptions(); var args = new MessageReceivedContext(context, new AuthenticationScheme("TestAPI", null, Mock.Of <IAuthenticationHandler>().GetType()), options); // Act await IdentityServerJwtBearerOptionsConfiguration.ResolveAuthorityAndKeysAsync(args); // Assert Assert.Equal("https://localhost", options.TokenValidationParameters.ValidIssuer); Assert.Equal(key, options.TokenValidationParameters.IssuerSigningKey); }