Exemplo n.º 1
0
        public async Task IssuingTokenGeneratesTokenAndIdentityWithScopes(AuthMethod authMethod, params string[] scopes)
        {
            CommunicationIdentityClient client = authMethod switch
            {
                AuthMethod.ConnectionString => CreateClientWithConnectionString(),
                AuthMethod.KeyCredential => CreateClientWithAzureKeyCredential(),
                AuthMethod.TokenCredential => CreateClientWithTokenCredential(),
                _ => throw new ArgumentOutOfRangeException(nameof(authMethod)),
            };

            Response <CommunicationUserIdentifier> userResponse = await client.CreateUserAsync();

            Response <CommunicationUserToken> tokenResponse = await client.IssueTokenAsync(userResponse.Value, scopes : scopes.Select(x => new CommunicationTokenScope(x)));

            Assert.IsNotNull(tokenResponse.Value);
            Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.Token));
            ValidateScopesIfNotSanitized();

            void ValidateScopesIfNotSanitized()
            {
                if (Mode != RecordedTestMode.Playback)
                {
                    JwtTokenParser.JwtPayload payload = JwtTokenParser.DecodeJwtPayload(tokenResponse.Value.Token);
                    CollectionAssert.AreEquivalent(scopes, payload.Scopes);
                }
            }
        }
        public async Task IssuingTokenGeneratesTokenAndIdentityWithScopes(params string[] scopes)
        {
            CommunicationIdentityClient            client       = CreateInstrumentedCommunicationIdentityClient();
            Response <CommunicationUserIdentifier> userResponse = await client.CreateUserAsync();

            Response <CommunicationUserToken> tokenResponse = await client.IssueTokenAsync(userResponse.Value, scopes : scopes.Select(x => new CommunicationTokenScope(x)));

            Assert.IsNotNull(tokenResponse.Value);
            Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.Token));
            Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.User.Id));
            ValidateScopesIfNotSanitized();

            void ValidateScopesIfNotSanitized()
            {
                if (Mode != RecordedTestMode.Playback)
                {
                    JwtTokenParser.JwtPayload payload = JwtTokenParser.DecodeJwtPayload(tokenResponse.Value.Token);
                    CollectionAssert.AreEquivalent(scopes, payload.Scopes);
                }
            }
        }
Exemplo n.º 3
0
        public async Task <AccessTokenValidationResult> Validate(string accessToken,
                                                                 OAuth2EndpointInfo oAuth2EndpointInfo)
        {
            //TODO: Implement caching functionality to improve performance.

            if (string.IsNullOrEmpty(accessToken))
            {
                throw new ArgumentException($"The value of {nameof(accessToken)} can't be null or empty.");
            }

            var accessTokenType = AccessTokenType.Reference;
            var jwtTokenParser  = new JwtTokenParser();

            if (jwtTokenParser.IsAccessTokenJwt(accessToken))
            {
                accessTokenType = AccessTokenType.Jwt;
            }

            var handler = new HttpClientHandler();

#if STAGE || DEBUG
            #region Certificate validation for a self-signed certificate

#if !STAGE && !DEBUG
#error Disable certificate validation in production deployment !
#endif
            handler.ServerCertificateCustomValidationCallback +=
                (sender, certificate, chain, sslPolicyErrors) =>
            {
                if (sslPolicyErrors != System.Net.Security.SslPolicyErrors.None)
                {
                    _logger.LogWarning("Remote certificate validation failed, it is explicitly disabled in code.");
                }

                return(true);
            };

            #endregion
#endif
            var httpClient = new HttpClient(handler);

            var response = await httpClient.IntrospectTokenAsync(new TokenIntrospectionRequest
            {
                Address      = $"{oAuth2EndpointInfo.AuthorityUrl}/connect/introspect",
                ClientId     = oAuth2EndpointInfo.ClientScopeName,
                Token        = accessToken,
                ClientSecret = oAuth2EndpointInfo.ClientSecret,
            });

            // ReSharper disable once InvertIf
            if (!response.IsError)
            {
                return(AccessTokenValidationResult.CreateSuccess(accessTokenType, response.Claims));
            }

            var nameOfTokenType = accessTokenType == AccessTokenType.Jwt ? "JWT" : "Reference";

            _logger.LogTrace(LoggingEvents.AccessTokenValidationFailed,
                             $"{LoggingEvents.AccessTokenValidationFailed.Name} Token type: {nameOfTokenType} " +
                             $"Reason: {response.Error} " +
                             $"Token value: {accessToken}");

            return(AccessTokenValidationResult.CreateFailed(response.Error));
        }