예제 #1
0
        public void IssueAccessTokenWithCustomClaim_userIdNull()
        {
            var jwtService = JwtServiceFactory.Create(
                TimeSpan.FromSeconds(10),
                TimeSpan.FromMinutes(5),
                TimeSpan.FromSeconds(10));
            var user = GetUserWithCustomClaime();

            var access = jwtService
                         .IssueAccessToken(null, "", user.roles, user.claims);

            var customClaimsType = user.claims.Select(x => x.Key).ToArray();

            Assert.True(access.Result == JwtTokenResult.TokenResult.Ok);
            Assert.NotNull(access.Tokens);
            Assert.NotNull(access.Tokens.AccessToken);
            Assert.NotNull(access.Tokens.RefreshToken);
            var testclaims = access.AccessClaims
                             .Where(x => customClaimsType.Contains(x.Type))
                             .Select(x => new KeyValuePair <string, string>(x.Type, x.Value))
                             .ToArray();

            foreach (var claimPair in testclaims)
            {
                Assert.Contains(claimPair, user.claims);
            }
            var identityOptions = new IdentityOptions();
            var accessClaims    = new JwtSecurityTokenHandler()
                                  .ReadJwtToken(access.Tokens.AccessToken.Value)
                                  .Claims.ToArray();
            var accessId = accessClaims
                           .FirstOrDefault(x => x.Type
                                           .Equals(JwtRegisteredClaimNames.Sub))
                           .Value;
            var accessName = accessClaims
                             .FirstOrDefault(x => x.Type
                                             .Equals(identityOptions.ClaimsIdentity.UserNameClaimType))
                             .Value;
            var roles = accessClaims
                        .Where(x => x.Type
                               .Equals(ClaimTypes.Role));
            var customClaims = accessClaims
                               .Where(x => customClaimsType.Contains(x.Type))
                               .Select(x => new KeyValuePair <string, string>(x.Type, x.Value))
                               .ToArray();

            Assert.True(string.IsNullOrEmpty(accessId));
            Assert.True(string.IsNullOrEmpty(accessName));
            foreach (var role in roles)
            {
                Assert.Contains(role.Value, user.roles);
            }

            foreach (var claim in customClaims)
            {
                Assert.Contains(claim, user.claims);
            }
        }
예제 #2
0
        public async Task IssueAndRefreshAccessToken()
        {
            var jwtService = JwtServiceFactory.Create(
                TimeSpan.FromSeconds(10),
                TimeSpan.FromMinutes(5),
                TimeSpan.FromSeconds(10));
            var user   = GetUser();
            var access = jwtService
                         .IssueAccessToken(user.id, user.name, user.roles);

            await Task.Delay(11000);

            var refreshedAccess = jwtService
                                  .RefreshAccessToken(
                access.Tokens.AccessToken.Value,
                access.Tokens.RefreshToken.Value);

            Assert.True(refreshedAccess.Result == JwtTokenResult.TokenResult.Ok);
            Assert.NotNull(refreshedAccess.Tokens);
            Assert.NotNull(refreshedAccess.Tokens.AccessToken);
            Assert.NotNull(refreshedAccess.Tokens.RefreshToken.Value);
            Assert.Equal(user.id, refreshedAccess.UserId);

            var identityOptions = new IdentityOptions();
            var accessClaims    = new JwtSecurityTokenHandler()
                                  .ReadJwtToken(access.Tokens.AccessToken.Value)
                                  .Claims.ToArray();
            var accessId = accessClaims
                           .FirstOrDefault(x => x.Type
                                           .Equals(JwtRegisteredClaimNames.Sub))
                           .Value;
            var accessName = accessClaims
                             .FirstOrDefault(x => x.Type
                                             .Equals(identityOptions.ClaimsIdentity.UserNameClaimType))
                             .Value;
            var roles = accessClaims
                        .Where(x => x.Type
                               .Equals(ClaimTypes.Role));

            Assert.Equal(user.id, accessId);
            Assert.Equal(user.name, accessName);
            foreach (var role in roles)
            {
                Assert.Contains(role.Value, user.roles);
            }
            Assert.False(access.Tokens.AccessToken
                         .Equals(refreshedAccess.Tokens.AccessToken));
        }
예제 #3
0
        // Read accessToken Claims and convert it to its Type [VUser]
        public static _VUser ToVUser(string accessToken)
        {
            // get claims from the access token string
            IEnumerable <Claim> claims = new JwtSecurityTokenHandler().ReadJwtToken(accessToken).Claims;
            _VUser vUser = new _VUser();
            // get all vUser Propperties
            var props = vUser.GetProperties();

            // loop through vUser props and set each prop value with the corresponding claim value
            foreach (var prop in props)
            {
                vUser.SetValue(prop.Name, claims.FirstOrDefault(c => c.Type == prop.Name).Value);
            }
            // finally return the fulfilled vUser object
            return(vUser);
        }
예제 #4
0
        public JwtTokenResult RefreshAccessToken(
            string accessToken,
            string refreshToken,
            IEnumerable <string> customClaimsType)
        {
            var result = ValidateRefreshToken(refreshToken);

            if (result.result != JwtTokenResult.TokenResult.Ok)
            {
                return(new JwtTokenResult(result.result));
            }

            Claim[] accessClaims = null;
            try
            {
                accessClaims = new JwtSecurityTokenHandler()
                               .ReadJwtToken(accessToken)
                               .Claims.ToArray();
            }
            catch
            {
                return(JwtTokenResult.AccessInvalid());
            }

            var identityOptions = new IdentityOptions();
            var refreshId       = result.claims
                                  .FirstOrDefault(x => x.Type
                                                  .Equals(JwtRegisteredClaimNames.Sub))
                                  .Value;

            var accessId = accessClaims
                           .FirstOrDefault(x => x.Type
                                           .Equals(JwtRegisteredClaimNames.Sub))
                           .Value;

            if (!refreshId.Equals(accessId))
            {
                return(JwtTokenResult.Mismatch());
            }

            //var refreshJti = result.claims
            //    .FirstOrDefault(x => x.Type
            //    .Equals(JwtRegisteredClaimNames.Jti))
            //    .Value;
            var accessName = accessClaims
                             .FirstOrDefault(x => x.Type
                                             .Equals(identityOptions.ClaimsIdentity.UserNameClaimType))
                             .Value;
            var roles = accessClaims
                        .Where(x => x.Type
                               .Equals(ClaimTypes.Role));

            List <Claim> claims = null;

            if (customClaimsType != null)
            {
                var customClaims = accessClaims
                                   .Where(claim => customClaimsType.Contains(claim.Type))
                                   .ToArray();
                if (customClaims != null && customClaims.Length > 0)
                {
                    claims = GetAccessClaims(accessId, accessName, roles, customClaims);
                }
                else
                {
                    claims = GetAccessClaims(accessId, accessName, roles);
                }
            }
            else
            {
                claims = GetAccessClaims(accessId, accessName, roles);
            }

            var newAccessToken = CreateAccessToken(claims);

            if (result.update)
            {
                bool longTermRefresh = result.claims
                                       .Any(x => x.Type.Equals(_options.LongTermRefreshTokenClaim) &&
                                            x.Value.Equals(Boolean.TrueString));

                var newRefreshToken = GetRefreshToken(accessId, accessName, longTermRefresh);

                return(JwtTokenResult.Ok(new TokenModel
                                         (
                                             newAccessToken,
                                             newRefreshToken
                                         ),
                                         accessId,
                                         accessClaims));
            }
            var incomingRefreshDetails = new JwtTokenDetails()
                                         .Get(refreshToken);

            return(JwtTokenResult.Ok(
                       new TokenModel(
                           newAccessToken,
                           (refreshToken, incomingRefreshDetails.Expiration, incomingRefreshDetails.Jti)),
                       accessId,
                       accessClaims));
        }