public void ManualWriteHmacSha256ValidSigningCredentials()
        {
            var jwt = new JsonWebToken
            {
                Header = new JwtHeader
                {
                    SignatureAlgorithm = JwtConstants.SignatureAlgorithms.HMACSHA256,
                    SigningCredentials = new HmacSigningCredentials(SymmetricKeyGenerator.Create(32))
                },

                Audience       = new Uri("http://foo.com"),
                Issuer         = "dominick",
                ExpirationTime = 500000,

                Claims = new Dictionary <string, string>
                {
                    { ClaimTypes.Name, "dominick" },
                    { ClaimTypes.Email, "*****@*****.**" }
                }
            };

            var handler = new JsonWebTokenHandler();
            var token   = handler.WriteToken(jwt);

            Trace.WriteLine(token);

            // token should not be empty
            Assert.IsTrue(!string.IsNullOrWhiteSpace(token));

            // token with signature needs to be 3 parts
            var parts = token.Split('.');

            Assert.IsTrue(parts.Length == 3, "JWT should have excactly 3 parts");

            // signature must be 256 bits
            var sig = Base64Url.Decode(parts[2]);

            Assert.IsTrue(sig.Length == 32, "Signature is not 32 bits");
        }
        public void ManualWriteUnsupportedSignatureAlgorithm()
        {
            var jwt = new JsonWebToken
            {
                Header = new JwtHeader
                {
                    SignatureAlgorithm = "unsupported",
                    SigningCredentials = new HmacSigningCredentials(SymmetricKeyGenerator.Create(48))
                },

                Audience       = new Uri("http://foo.com"),
                Issuer         = "dominick",
                ExpirationTime = 500000,

                Claims = new Dictionary <string, string>
                {
                    { ClaimTypes.Name, "dominick" },
                    { ClaimTypes.Email, "*****@*****.**" }
                }
            };

            var handler = new JsonWebTokenHandler();
            var token   = handler.WriteToken(jwt);
        }
        public void ManualWriteRoundtripDuplicateClaimTypes()
        {
            var signinKey = SymmetricKeyGenerator.Create(32);

            var jwt = new JsonWebToken
            {
                Header = new JwtHeader
                {
                    SignatureAlgorithm = JwtConstants.SignatureAlgorithms.HMACSHA256,
                    SigningCredentials = new HmacSigningCredentials(signinKey)
                },

                Audience       = new Uri("http://foo.com"),
                Issuer         = "dominick",
                ExpirationTime = 50000000000,
            };

            jwt.AddClaim(ClaimTypes.Name, "dominick");
            jwt.AddClaim(ClaimTypes.Email, "*****@*****.**");
            jwt.AddClaim(ClaimTypes.Role, "bar");
            jwt.AddClaim(ClaimTypes.Role, "foo");


            var handler = new JsonWebTokenHandler();
            var token   = handler.WriteToken(jwt);

            Trace.WriteLine(token);

            // token should not be empty
            Assert.IsTrue(!string.IsNullOrWhiteSpace(token));

            // token with signature needs to be 3 parts
            var parts = token.Split('.');

            Assert.IsTrue(parts.Length == 3, "JWT should have excactly 3 parts");

            // signature must be 256 bits
            var sig = Base64Url.Decode(parts[2]);

            Assert.IsTrue(sig.Length == 32, "Signature is not 32 bits");

            var jwtToken = handler.ReadToken(token);


            var config   = new SecurityTokenHandlerConfiguration();
            var registry = new WebTokenIssuerNameRegistry();

            registry.AddTrustedIssuer("dominick", "dominick");
            config.IssuerNameRegistry = registry;

            var issuerResolver = new WebTokenIssuerTokenResolver();

            issuerResolver.AddSigningKey("dominick", Convert.ToBase64String(signinKey));
            config.IssuerTokenResolver = issuerResolver;

            config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://foo.com"));

            handler.Configuration = config;
            var identity = handler.ValidateToken(jwtToken).First();

            Assert.IsTrue(identity.Claims.Count() == 4);
            Assert.IsTrue(identity.Claims.First().Issuer == "dominick");
        }
        public void HandlerCreateRoundtripDuplicateClaimTypes()
        {
            var signinKey = SymmetricKeyGenerator.Create(32);

            var identity = new ClaimsIdentity(new List <Claim>
            {
                new Claim(ClaimTypes.Name, "dominick"),
                new Claim(ClaimTypes.Name, "dominick2"),
                new Claim(ClaimTypes.Email, "*****@*****.**"),
                new Claim(ClaimTypes.Role, "bar"),
                new Claim(ClaimTypes.Role, "foo")
            }, "Custom");

            var descriptor = new SecurityTokenDescriptor
            {
                Subject            = identity,
                SigningCredentials = new HmacSigningCredentials(signinKey),
                TokenIssuerName    = "dominick",
                Lifetime           = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddHours(8)),
                AppliesToAddress   = "http://foo.com"
            };

            var handler = new JsonWebTokenHandler();
            var token   = handler.CreateToken(descriptor);


            var tokenString = handler.WriteToken(token);

            Trace.WriteLine(tokenString);

            // token should not be empty
            Assert.IsTrue(!string.IsNullOrWhiteSpace(tokenString));

            // token with signature needs to be 3 parts
            var parts = tokenString.Split('.');

            Assert.IsTrue(parts.Length == 3, "JWT should have excactly 3 parts");

            // signature must be 256 bits
            var sig = Base64Url.Decode(parts[2]);

            Assert.IsTrue(sig.Length == 32, "Signature is not 32 bits");

            var jwtToken = handler.ReadToken(tokenString);


            var config   = new SecurityTokenHandlerConfiguration();
            var registry = new WebTokenIssuerNameRegistry();

            registry.AddTrustedIssuer("dominick", "dominick");
            config.IssuerNameRegistry = registry;

            var issuerResolver = new WebTokenIssuerTokenResolver();

            issuerResolver.AddSigningKey("dominick", Convert.ToBase64String(signinKey));
            config.IssuerTokenResolver = issuerResolver;

            config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://foo.com"));

            handler.Configuration = config;
            var identity2 = handler.ValidateToken(jwtToken).First();

            Assert.IsTrue(identity.Claims.Count() == 5);
            //Assert.IsTrue(identity.Claims.First().Issuer == "dominick");
        }