public void GetAccessToken_ValidInputs_ReturnsValidToken(Guid userID, string userName, IEnumerable <string> roles, string issuer, string audience, string secretKey, DateTime expirationDate) { // Arrange // Act var jwt = _jwtTokenServiceSUT.GetAccessToken(userID, userName, roles, issuer, audience, secretKey, expirationDate); // Assert Assert.True(!string.IsNullOrEmpty(jwt)); var jwtSecurityToken = new JwtSecurityTokenHandler().ReadToken(jwt) as JwtSecurityToken; Assert.NotNull(jwtSecurityToken.Claims .SingleOrDefault(c => c.Type == ClaimTypes.NameIdentifier && c.Value == userID.ToString())); Assert.NotNull(jwtSecurityToken.Claims .SingleOrDefault(c => c.Type == ClaimTypes.Name && c.Value == userName)); Assert.True(roles.All(r => jwtSecurityToken.Claims .Where(c => c.Type == ClaimTypes.Role) .Select(c => c.Value) .Contains(r))); Assert.Equal(SecurityAlgorithms.HmacSha256, jwtSecurityToken.SignatureAlgorithm); var expiryClaim = jwtSecurityToken.Claims.SingleOrDefault(c => c.Type == JwtRegisteredClaimNames.Exp); Assert.NotNull(expiryClaim); var tokenExpirationDate = DateTimeOffset.FromUnixTimeSeconds(Convert.ToInt64(expiryClaim.Value)); Assert.Equal(expirationDate, tokenExpirationDate.LocalDateTime); var issuerClaim = jwtSecurityToken.Claims.SingleOrDefault(c => c.Type == JwtRegisteredClaimNames.Iss); if (string.IsNullOrEmpty(issuer)) { Assert.Null(issuerClaim); } else { Assert.NotNull(issuerClaim); Assert.Equal(issuer, issuerClaim.Value); } var audienceClaim = jwtSecurityToken.Claims.SingleOrDefault(c => c.Type == JwtRegisteredClaimNames.Aud); if (string.IsNullOrEmpty(audience)) { Assert.Null(audienceClaim); } else { Assert.NotNull(audienceClaim); Assert.Equal(audience, audienceClaim.Value); } }