public async Task WhenTokenIsForDifferentAudienceThenTokenIsNotValid()
{
var handler = new JwtSecurityTokenHandler();
using var rsa = new RSACryptoServiceProvider(2048);
var jwk = rsa.CreateSignatureJwk("1", true);
var keyset = new JsonWebKeySet().AddKey(rsa.CreateSignatureJwk("1", false));
var jwksStoreMock = new Mock <IJwksStore>();
jwksStoreMock.Setup(x => x.GetSigningKey(jwk.Alg, It.IsAny <CancellationToken>()))
.ReturnsAsync(new SigningCredentials(jwk, jwk.Alg));
jwksStoreMock.Setup(x => x.GetPublicKeys(It.IsAny <CancellationToken>())).ReturnsAsync(keyset);
var token = handler.CreateEncodedJwt(
"http://localhost",
"test",
new ClaimsIdentity(new[] { new Claim("sub", "tester"), }),
DateTime.UtcNow,
DateTime.UtcNow.AddYears(1),
DateTime.UtcNow,
new SigningCredentials(jwk, jwk.Alg));
var grantedToken = new GrantedToken
{
ClientId = "fake",
AccessToken = token,
ExpiresIn = 10000,
CreateDateTime = DateTimeOffset.UtcNow
};
var result = await grantedToken.CheckGrantedToken(jwksStoreMock.Object).ConfigureAwait(false);
Assert.False(result.IsValid);
}
private SharedContext()
{
using var rsa = new RSACryptoServiceProvider(2048);
SignatureKey = rsa.CreateSignatureJwk("1", true);
ModelSignatureKey = rsa.CreateSignatureJwk("2", true);
EncryptionKey = rsa.CreateEncryptionJwk("3", true);
ModelEncryptionKey = rsa.CreateEncryptionJwk("4", true);
}
