public async Task OnGeneratingClaims_AddsRedirectUriIfPresentOnTheRequest() { // Arrange var expectedRedirectUri = "http://wwww.example.com/callback"; var context = new TokenGeneratingContext( new ClaimsPrincipal(), new ClaimsPrincipal(), new OpenIdConnectMessage() { RedirectUri = expectedRedirectUri }, new RequestGrants()); var options = new IdentityServiceOptions() { Issuer = "http://www.example.com/Identity" }; var claimsProvider = new DefaultTokenClaimsProvider(Options.Create(options)); context.InitializeForToken(TokenTypes.AuthorizationCode); // Act await claimsProvider.OnGeneratingClaims(context); // Assert Assert.Single( context.CurrentClaims, c => c.Type.Equals(IdentityServiceClaimTypes.RedirectUri, StringComparison.Ordinal) && c.Value.Equals(expectedRedirectUri)); }
public async Task OnGeneratingClaims_AddsIssuerForAccessTokenAndIdToken(string tokenType) { // Arrange var context = new TokenGeneratingContext( new ClaimsPrincipal(), new ClaimsPrincipal(), new OpenIdConnectMessage(), new RequestGrants()); var options = new IdentityServiceOptions() { Issuer = "http://www.example.com/Identity" }; var claimsProvider = new DefaultTokenClaimsProvider(Options.Create(options)); context.InitializeForToken(tokenType); // Act await claimsProvider.OnGeneratingClaims(context); // Assert Assert.Single( context.CurrentClaims, c => c.Type.Equals(IdentityServiceClaimTypes.Issuer, StringComparison.Ordinal)); }
public TokenDataSerializer( IOptions <IdentityServiceOptions> options, ArrayPool <char> arrayPool) { _options = options.Value; _serializer = JsonSerializer.Create(_options.SerializationSettings); _pool = new JsonArrayPool(arrayPool); }
private IEnumerable <SigningCredentialsDescriptor> GetDescriptors(IdentityServiceOptions options) { return(options.SigningKeys.Select(sk => { var validity = GetValidity(sk); return new SigningCredentialsDescriptor( sk, CryptographyHelpers.GetAlgorithm(sk), validity.NotBefore, validity.Expires, GetMetadata(sk)); })); }
public async Task OnGeneratingClaims_AddsIssuedAtNotBeforeAndExpires_ForAllTokenTypes( string tokenType, string issuedAt, string notBefore, string expires) { // Arrange var context = new TokenGeneratingContext( new ClaimsPrincipal(), new ClaimsPrincipal(), new OpenIdConnectMessage { }, new RequestGrants { }); // Reference time var reference = new DateTimeOffset(2000, 01, 01, 0, 0, 0, TimeSpan.Zero); var timestampManager = new TestTimeStampManager(reference); var options = new IdentityServiceOptions(); SetTimeStampOptions(options.AuthorizationCodeOptions, 1); SetTimeStampOptions(options.AccessTokenOptions, 2); SetTimeStampOptions(options.IdTokenOptions, 3); SetTimeStampOptions(options.RefreshTokenOptions, 4); var claimsProvider = new TimestampsTokenClaimsProvider(timestampManager, Options.Create(options)); context.InitializeForToken(tokenType); // Act await claimsProvider.OnGeneratingClaims(context); var claims = context.CurrentClaims; // Assert Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.IssuedAt) && c.Value.Equals(issuedAt)); Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.NotBefore) && c.Value.Equals(notBefore)); Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Expires) && c.Value.Equals(expires)); }
public async Task OnGeneratingClaims_MapsClaimsFromUsersApplicationsAndAmbient(string tokenType) { // Arrange var expectedClaims = new List <Claim> { new Claim("user-single", "us"), new Claim("user-single-claim", "usa"), new Claim("user-multiple", "um1"), new Claim("user-multiple", "um2"), new Claim("user-multiple-claim", "uma1"), new Claim("user-multiple-claim", "uma2"), new Claim("application-single", "as"), new Claim("application-single-claim", "asa"), new Claim("application-multiple", "am1"), new Claim("application-multiple", "am2"), new Claim("application-multiple-claim", "ama1"), new Claim("application-multiple-claim", "ama2"), new Claim("context-single", "cs"), new Claim("context-single-claim", "csa"), new Claim("context-multiple", "cm1"), new Claim("context-multiple", "cm2"), new Claim("context-multiple-claim", "cma1"), new Claim("context-multiple-claim", "cma2"), }; var user = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim> { new Claim("user-single", "us"), new Claim("user-single-aliased", "usa"), new Claim("user-multiple", "um1"), new Claim("user-multiple", "um2"), new Claim("user-multiple-aliased", "uma1"), new Claim("user-multiple-aliased", "uma2"), })); var application = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim> { new Claim("application-single", "as"), new Claim("application-single-aliased", "asa"), new Claim("application-multiple", "am1"), new Claim("application-multiple", "am2"), new Claim("application-multiple-aliased", "ama1"), new Claim("application-multiple-aliased", "ama2"), })); var context = new TokenGeneratingContext( user, application, new OpenIdConnectMessage(), new RequestGrants()); context.AmbientClaims.Add(new Claim("context-single", "cs")); context.AmbientClaims.Add(new Claim("context-single-aliased", "csa")); context.AmbientClaims.Add(new Claim("context-multiple", "cm1")); context.AmbientClaims.Add(new Claim("context-multiple", "cm2")); context.AmbientClaims.Add(new Claim("context-multiple-aliased", "cma1")); context.AmbientClaims.Add(new Claim("context-multiple-aliased", "cma2")); var options = new IdentityServiceOptions() { Issuer = "http://www.example.com/Identity" }; CreateTestMapping(options.AuthorizationCodeOptions); CreateTestMapping(options.AccessTokenOptions); CreateTestMapping(options.IdTokenOptions); CreateTestMapping(options.RefreshTokenOptions); var claimsProvider = new DefaultTokenClaimsProvider(Options.Create(options)); context.InitializeForToken(tokenType); // Act await claimsProvider.OnGeneratingClaims(context); var claims = context.CurrentClaims.Where(c => c.Type != IdentityServiceClaimTypes.Issuer && c.Type != IdentityServiceClaimTypes.TokenUniqueId).ToList(); // Assert Assert.Equal(expectedClaims.Count, claims.Count); foreach (var claim in expectedClaims) { Assert.Contains(claims, c => c.Type.Equals(claim.Type) && c.Value.Equals(claim.Value)); } }