public JsonResult Index(TokenRequest request)
{
bool isRequestValid = false;
Tuple <string, string, string> grantData = null;
// All required inputs are present
if (ModelState.IsValid)
{
// client Id is in the registry
if (applicationRegistry.ContainsKey(request.client_id))
{
var registryInfo = applicationRegistry[request.client_id];
// client secret is the registy against the client id
if (request.client_secret.Equals(registryInfo.Item1))
{
// grant type is correct
if (request.grant_type.Equals("authorization_code"))
{
Guid code = Guid.Parse(request.code);
// we have issued the code, since it is present in our list of codes issued
if (codesIssued.TryGetValue(code, out grantData))
{
// Token request is for the same redirect URI for which we previously issued the code
if (grantData != null && request.redirect_uri.Equals(grantData.Item2))
{
// all is well - remove the authz code from our list
isRequestValid = true;
codesIssued.TryRemove(code, out grantData);
}
}
}
}
}
}
if (isRequestValid)
{
JsonWebToken token = new JsonWebToken()
{
SymmetricKey = EncryptionHelper.Key,
//Issuer = "http://www.my-contacts.com/contacts/OAuth20",
Issuer = "http://localhost/Contacts/contacts/OAuth20",
//Audience = "http://www.my-promo.com/promo/Home"
Audience = "http://localhost/Promo/promo/Home"
};
token.AddClaim(ClaimTypes.Name, grantData.Item1);
//token.AddClaim("http://www.my-contacts.com/contacts/OAuth20/claims/scope", grantData.Item3);
token.AddClaim("http://localhost/Contacts/contacts/OAuth20/claims/scope", grantData.Item3);
return(Json(new { access_token = token.ToString() }));
}
// OAuth 2.0 spec requires the right code to be returned
// For example, if authorization code is invalid, invalid_grant must be returned
// I'm just returning 'invalid_request' as a catch all thing, just for brevity
return(Json(new { error = "invalid_request" }));
}
public void Verify_None_Algorithm_Serialization()
{
var token = new JsonWebToken { Issuer = "joe", ExpirationTime = 1300819380 };
token.AddClaim("http://example.com/is_root", true);
var serializer = new JWSCompactSerializer();
var strToken = serializer.Serialize(token.ToJson());
var deserializedToken = serializer.Deserialize(strToken);
Assert.AreEqual(token.ToJson(), deserializedToken.ToJson());
}
public void Should_Token_Not_Yet_Valid()
{
var token = new JsonWebToken { Issuer = "joe", NotBefore = DateTimeOffset.UtcNow.AddMinutes(5).ToUnixTimeSeconds() };
token.AddClaim("http://example.com/is_root", true);
Assert.IsFalse(token.IsValid);
var serializer = new JWSCompactSerializer(new HS256Algorithm("1To680X8yGFe8wEFu5Ye8bW735CF9j6D"));
var deserializedToken = serializer.Deserialize(serializer.Serialize(token.ToJson()));
Assert.IsFalse(deserializedToken.IsValid);
}
public void Verify_None_Algorithm_Serialization()
{
var token = new JsonWebToken {
Issuer = "joe", ExpirationTime = 1300819380
};
token.AddClaim("http://example.com/is_root", true);
var serializer = new JWSCompactSerializer();
var strToken = serializer.Serialize(token.ToJson());
var deserializedToken = serializer.Deserialize(strToken);
Assert.AreEqual(token.ToJson(), deserializedToken.ToJson());
}
public async Task Verify_HS256_Algorithm_Serialization()
{
var keySet = await JWKSet.GetAsync(this.keySetUri);
var key = keySet["hs-256"];
var token = new JsonWebToken { Issuer = "joe", ExpirationTime = 1300819380 };
token.AddClaim("http://example.com/is_root", true);
var serializer = new JWSCompactSerializer(new HS256Algorithm(key));
var strToken = serializer.Serialize(token.ToJson());
var deserializedToken = serializer.Deserialize(strToken);
Assert.AreEqual(token.ToJson(), deserializedToken.ToJson());
}
public void Should_Token_Not_Yet_Valid()
{
var token = new JsonWebToken {
Issuer = "joe", NotBefore = DateTimeOffset.UtcNow.AddMinutes(5).ToUnixTimeSeconds()
};
token.AddClaim("http://example.com/is_root", true);
Assert.IsFalse(token.IsValid);
var serializer = new JWSCompactSerializer(new HS256Algorithm("1To680X8yGFe8wEFu5Ye8bW735CF9j6D"));
var deserializedToken = serializer.Deserialize(serializer.Serialize(token.ToJson()));
Assert.IsFalse(deserializedToken.IsValid);
}
public async Task Verify_HS256_Algorithm_Serialization()
{
var keySet = await JWKSet.GetAsync(this.keySetUri);
var key = keySet["hs-256"];
var token = new JsonWebToken {
Issuer = "joe", ExpirationTime = 1300819380
};
token.AddClaim("http://example.com/is_root", true);
var serializer = new JWSCompactSerializer(new HS256Algorithm(key));
var strToken = serializer.Serialize(token.ToJson());
var deserializedToken = serializer.Deserialize(strToken);
Assert.AreEqual(token.ToJson(), deserializedToken.ToJson());
}
public async Task Verify_RS512_Algorithm_Serialization()
{
var keySet = await JWKSet.GetAsync(this.keySetUri);
var key = keySet["rsa-512"];
var token = new JsonWebToken {
Issuer = "joe", ExpirationTime = 1300819380
};
token.AddClaim("http://example.com/is_root", true);
var header = new JoseHeader()
{
JwkSetUrl = this.keySetUri, KeyId = "rsa-512"
};
var serializer = new JWSCompactSerializer(new RS512Algorithm(privateKey: key));
var strToken = serializer.Serialize(token.ToJson(), header);
var deserializedToken = await serializer.DeserializeAsync(strToken);
Assert.AreEqual(token.ToJson(), deserializedToken.ToJson());
}
public void ManualWriteRoundtripDuplicateClaimTypes()
{
var signinKey = SymmetricKeyGenerator.Create(32);
var jwt = new JsonWebToken
{
Header = new JwtHeader
{
SignatureAlgorithm = JwtConstants.SignatureAlgorithms.HMACSHA256,
SigningCredentials = new HmacSigningCredentials(signinKey)
},
Audience = new Uri("http://foo.com"),
Issuer = "dominick",
ExpirationTime = 50000000000,
};
jwt.AddClaim(ClaimTypes.Name, "dominick");
jwt.AddClaim(ClaimTypes.Email, "*****@*****.**");
jwt.AddClaim(ClaimTypes.Role, "bar");
jwt.AddClaim(ClaimTypes.Role, "foo");
var handler = new JsonWebTokenHandler();
var token = handler.WriteToken(jwt);
Trace.WriteLine(token);
// token should not be empty
Assert.IsTrue(!string.IsNullOrWhiteSpace(token));
// token with signature needs to be 3 parts
var parts = token.Split('.');
Assert.IsTrue(parts.Length == 3, "JWT should have excactly 3 parts");
// signature must be 256 bits
var sig = Base64Url.Decode(parts[2]);
Assert.IsTrue(sig.Length == 32, "Signature is not 32 bits");
var jwtToken = handler.ReadToken(token);
var config = new SecurityTokenHandlerConfiguration();
var registry = new WebTokenIssuerNameRegistry();
registry.AddTrustedIssuer("dominick", "dominick");
config.IssuerNameRegistry = registry;
var issuerResolver = new WebTokenIssuerTokenResolver();
issuerResolver.AddSigningKey("dominick", Convert.ToBase64String(signinKey));
config.IssuerTokenResolver = issuerResolver;
config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://foo.com"));
handler.Configuration = config;
var identity = handler.ValidateToken(jwtToken).First();
Assert.IsTrue(identity.Claims.Count() == 4);
Assert.IsTrue(identity.Claims.First().Issuer == "dominick");
}
public async Task Verify_RS512_Algorithm_Serialization()
{
var keySet = await JWKSet.GetAsync(this.keySetUri);
var key = keySet["rsa-512"];
var token = new JsonWebToken { Issuer = "joe", ExpirationTime = 1300819380 };
token.AddClaim("http://example.com/is_root", true);
var header = new JoseHeader() { JwkSetUrl = this.keySetUri, KeyId = "rsa-512" };
var serializer = new JWSCompactSerializer(new RS512Algorithm(privateKey: key));
var strToken = serializer.Serialize(token.ToJson(), header);
var deserializedToken = await serializer.DeserializeAsync(strToken);
Assert.AreEqual(token.ToJson(), deserializedToken.ToJson());
}
