public JsonResult Index(TokenRequest request) { bool isRequestValid = false; Tuple <string, string, string> grantData = null; // All required inputs are present if (ModelState.IsValid) { // client Id is in the registry if (applicationRegistry.ContainsKey(request.client_id)) { var registryInfo = applicationRegistry[request.client_id]; // client secret is the registy against the client id if (request.client_secret.Equals(registryInfo.Item1)) { // grant type is correct if (request.grant_type.Equals("authorization_code")) { Guid code = Guid.Parse(request.code); // we have issued the code, since it is present in our list of codes issued if (codesIssued.TryGetValue(code, out grantData)) { // Token request is for the same redirect URI for which we previously issued the code if (grantData != null && request.redirect_uri.Equals(grantData.Item2)) { // all is well - remove the authz code from our list isRequestValid = true; codesIssued.TryRemove(code, out grantData); } } } } } } if (isRequestValid) { JsonWebToken token = new JsonWebToken() { SymmetricKey = EncryptionHelper.Key, //Issuer = "http://www.my-contacts.com/contacts/OAuth20", Issuer = "http://localhost/Contacts/contacts/OAuth20", //Audience = "http://www.my-promo.com/promo/Home" Audience = "http://localhost/Promo/promo/Home" }; token.AddClaim(ClaimTypes.Name, grantData.Item1); //token.AddClaim("http://www.my-contacts.com/contacts/OAuth20/claims/scope", grantData.Item3); token.AddClaim("http://localhost/Contacts/contacts/OAuth20/claims/scope", grantData.Item3); return(Json(new { access_token = token.ToString() })); } // OAuth 2.0 spec requires the right code to be returned // For example, if authorization code is invalid, invalid_grant must be returned // I'm just returning 'invalid_request' as a catch all thing, just for brevity return(Json(new { error = "invalid_request" })); }
public void Verify_None_Algorithm_Serialization() { var token = new JsonWebToken { Issuer = "joe", ExpirationTime = 1300819380 }; token.AddClaim("http://example.com/is_root", true); var serializer = new JWSCompactSerializer(); var strToken = serializer.Serialize(token.ToJson()); var deserializedToken = serializer.Deserialize(strToken); Assert.AreEqual(token.ToJson(), deserializedToken.ToJson()); }
public void Should_Token_Not_Yet_Valid() { var token = new JsonWebToken { Issuer = "joe", NotBefore = DateTimeOffset.UtcNow.AddMinutes(5).ToUnixTimeSeconds() }; token.AddClaim("http://example.com/is_root", true); Assert.IsFalse(token.IsValid); var serializer = new JWSCompactSerializer(new HS256Algorithm("1To680X8yGFe8wEFu5Ye8bW735CF9j6D")); var deserializedToken = serializer.Deserialize(serializer.Serialize(token.ToJson())); Assert.IsFalse(deserializedToken.IsValid); }
public void Verify_None_Algorithm_Serialization() { var token = new JsonWebToken { Issuer = "joe", ExpirationTime = 1300819380 }; token.AddClaim("http://example.com/is_root", true); var serializer = new JWSCompactSerializer(); var strToken = serializer.Serialize(token.ToJson()); var deserializedToken = serializer.Deserialize(strToken); Assert.AreEqual(token.ToJson(), deserializedToken.ToJson()); }
public async Task Verify_HS256_Algorithm_Serialization() { var keySet = await JWKSet.GetAsync(this.keySetUri); var key = keySet["hs-256"]; var token = new JsonWebToken { Issuer = "joe", ExpirationTime = 1300819380 }; token.AddClaim("http://example.com/is_root", true); var serializer = new JWSCompactSerializer(new HS256Algorithm(key)); var strToken = serializer.Serialize(token.ToJson()); var deserializedToken = serializer.Deserialize(strToken); Assert.AreEqual(token.ToJson(), deserializedToken.ToJson()); }
public void Should_Token_Not_Yet_Valid() { var token = new JsonWebToken { Issuer = "joe", NotBefore = DateTimeOffset.UtcNow.AddMinutes(5).ToUnixTimeSeconds() }; token.AddClaim("http://example.com/is_root", true); Assert.IsFalse(token.IsValid); var serializer = new JWSCompactSerializer(new HS256Algorithm("1To680X8yGFe8wEFu5Ye8bW735CF9j6D")); var deserializedToken = serializer.Deserialize(serializer.Serialize(token.ToJson())); Assert.IsFalse(deserializedToken.IsValid); }
public async Task Verify_HS256_Algorithm_Serialization() { var keySet = await JWKSet.GetAsync(this.keySetUri); var key = keySet["hs-256"]; var token = new JsonWebToken { Issuer = "joe", ExpirationTime = 1300819380 }; token.AddClaim("http://example.com/is_root", true); var serializer = new JWSCompactSerializer(new HS256Algorithm(key)); var strToken = serializer.Serialize(token.ToJson()); var deserializedToken = serializer.Deserialize(strToken); Assert.AreEqual(token.ToJson(), deserializedToken.ToJson()); }
public async Task Verify_RS512_Algorithm_Serialization() { var keySet = await JWKSet.GetAsync(this.keySetUri); var key = keySet["rsa-512"]; var token = new JsonWebToken { Issuer = "joe", ExpirationTime = 1300819380 }; token.AddClaim("http://example.com/is_root", true); var header = new JoseHeader() { JwkSetUrl = this.keySetUri, KeyId = "rsa-512" }; var serializer = new JWSCompactSerializer(new RS512Algorithm(privateKey: key)); var strToken = serializer.Serialize(token.ToJson(), header); var deserializedToken = await serializer.DeserializeAsync(strToken); Assert.AreEqual(token.ToJson(), deserializedToken.ToJson()); }
public void ManualWriteRoundtripDuplicateClaimTypes() { var signinKey = SymmetricKeyGenerator.Create(32); var jwt = new JsonWebToken { Header = new JwtHeader { SignatureAlgorithm = JwtConstants.SignatureAlgorithms.HMACSHA256, SigningCredentials = new HmacSigningCredentials(signinKey) }, Audience = new Uri("http://foo.com"), Issuer = "dominick", ExpirationTime = 50000000000, }; jwt.AddClaim(ClaimTypes.Name, "dominick"); jwt.AddClaim(ClaimTypes.Email, "*****@*****.**"); jwt.AddClaim(ClaimTypes.Role, "bar"); jwt.AddClaim(ClaimTypes.Role, "foo"); var handler = new JsonWebTokenHandler(); var token = handler.WriteToken(jwt); Trace.WriteLine(token); // token should not be empty Assert.IsTrue(!string.IsNullOrWhiteSpace(token)); // token with signature needs to be 3 parts var parts = token.Split('.'); Assert.IsTrue(parts.Length == 3, "JWT should have excactly 3 parts"); // signature must be 256 bits var sig = Base64Url.Decode(parts[2]); Assert.IsTrue(sig.Length == 32, "Signature is not 32 bits"); var jwtToken = handler.ReadToken(token); var config = new SecurityTokenHandlerConfiguration(); var registry = new WebTokenIssuerNameRegistry(); registry.AddTrustedIssuer("dominick", "dominick"); config.IssuerNameRegistry = registry; var issuerResolver = new WebTokenIssuerTokenResolver(); issuerResolver.AddSigningKey("dominick", Convert.ToBase64String(signinKey)); config.IssuerTokenResolver = issuerResolver; config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://foo.com")); handler.Configuration = config; var identity = handler.ValidateToken(jwtToken).First(); Assert.IsTrue(identity.Claims.Count() == 4); Assert.IsTrue(identity.Claims.First().Issuer == "dominick"); }
public async Task Verify_RS512_Algorithm_Serialization() { var keySet = await JWKSet.GetAsync(this.keySetUri); var key = keySet["rsa-512"]; var token = new JsonWebToken { Issuer = "joe", ExpirationTime = 1300819380 }; token.AddClaim("http://example.com/is_root", true); var header = new JoseHeader() { JwkSetUrl = this.keySetUri, KeyId = "rsa-512" }; var serializer = new JWSCompactSerializer(new RS512Algorithm(privateKey: key)); var strToken = serializer.Serialize(token.ToJson(), header); var deserializedToken = await serializer.DeserializeAsync(strToken); Assert.AreEqual(token.ToJson(), deserializedToken.ToJson()); }