Exemplo n.º 1
0
        public async Task JwtAccessTokenIssuer_IncludesAllRequiredData()
        {
            // Arrange
            var options = GetOptions();

            var expectedDateTime = new DateTimeOffset(2000, 01, 01, 0, 0, 0, TimeSpan.FromHours(1));
            var timeManager      = GetTimeManager(expectedDateTime, expectedDateTime.AddHours(1), expectedDateTime);
            var issuer           = new JwtAccessTokenIssuer(
                GetClaimsManager(timeManager),
                GetSigningPolicy(options, timeManager),
                new JwtSecurityTokenHandler(), options);
            var context = GetTokenGenerationContext(
                new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, "user") })),
                new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(IdentityServiceClaimTypes.ClientId, "clientId") })));

            context.InitializeForToken(TokenTypes.AccessToken);

            // Act
            await issuer.IssueAccessTokenAsync(context);

            // Assert
            Assert.NotNull(context.AccessToken);
            var accessToken = Assert.IsType <AccessToken>(context.AccessToken.Token);

            Assert.NotNull(accessToken);
            Assert.NotNull(accessToken.Id);
            Assert.Equal("user", accessToken.Subject);
            Assert.Equal("resourceId", accessToken.Audience);
            Assert.Equal("clientId", accessToken.AuthorizedParty);
            Assert.Equal(new[] { "all" }, accessToken.Scopes);
            Assert.Equal(expectedDateTime, accessToken.IssuedAt);
            Assert.Equal(expectedDateTime.AddHours(1), accessToken.Expires);
            Assert.Equal(expectedDateTime, accessToken.NotBefore);
        }
        private static TokenManager GetTokenManager()
        {
            var options       = CreateOptions();
            var claimsManager = CreateClaimsManager(options);

            var factory                = new LoggerFactory();
            var protector              = new EphemeralDataProtectionProvider(factory).CreateProtector("test");
            var codeSerializer         = new TokenDataSerializer <AuthorizationCode>(options, ArrayPool <char> .Shared);
            var codeDataFormat         = new SecureDataFormat <AuthorizationCode>(codeSerializer, protector);
            var refreshTokenSerializer = new TokenDataSerializer <RefreshToken>(options, ArrayPool <char> .Shared);
            var refreshTokenDataFormat = new SecureDataFormat <RefreshToken>(refreshTokenSerializer, protector);

            var timeStampManager   = new TimeStampManager();
            var credentialsPolicy  = GetCredentialsPolicy(options, timeStampManager);
            var codeIssuer         = new AuthorizationCodeIssuer(claimsManager, codeDataFormat, new ProtocolErrorProvider());
            var accessTokenIssuer  = new JwtAccessTokenIssuer(claimsManager, credentialsPolicy, new JwtSecurityTokenHandler(), options);
            var idTokenIssuer      = new JwtIdTokenIssuer(claimsManager, credentialsPolicy, new JwtSecurityTokenHandler(), options);
            var refreshTokenIssuer = new RefreshTokenIssuer(claimsManager, refreshTokenDataFormat);

            return(new TokenManager(
                       codeIssuer,
                       accessTokenIssuer,
                       idTokenIssuer,
                       refreshTokenIssuer,
                       new ProtocolErrorProvider()));
        }
Exemplo n.º 3
0
        public async Task JwtAccessTokenIssuer_Fails_IfUserIsMissingUserId()
        {
            // Arrange
            var options = GetOptions();
            var issuer  = new JwtAccessTokenIssuer(
                GetClaimsManager(),
                GetSigningPolicy(options, new TimeStampManager()), new JwtSecurityTokenHandler(), options);
            var context = GetTokenGenerationContext();

            context.InitializeForToken(TokenTypes.AccessToken);

            // Act
            var exception = await Assert.ThrowsAsync <InvalidOperationException>(
                () => issuer.IssueAccessTokenAsync(context));

            // Assert
            Assert.Equal($"Missing '{ClaimTypes.NameIdentifier}' claim from the user.", exception.Message);
        }
Exemplo n.º 4
0
        public async Task JwtAccessTokenIssuer_SignsAccessToken()
        {
            // Arrange
            var expectedDateTime = new DateTimeOffset(2000, 01, 01, 0, 0, 0, TimeSpan.FromHours(1));
            var now         = DateTimeOffset.UtcNow;
            var expires     = new DateTimeOffset(now.Year, now.Month, now.Day, now.Hour, now.Minute, now.Second, TimeSpan.Zero);
            var timeManager = GetTimeManager(expectedDateTime, expires, expectedDateTime);

            var options = GetOptions();

            var handler = new JwtSecurityTokenHandler();

            var tokenValidationParameters = new TokenValidationParameters
            {
                IssuerSigningKey = options.Value.SigningKeys[0].Key,
                ValidAudiences   = new[] { "resourceId" },
                ValidIssuers     = new[] { options.Value.Issuer }
            };

            var issuer = new JwtAccessTokenIssuer(
                GetClaimsManager(timeManager),
                GetSigningPolicy(options, timeManager),
                new JwtSecurityTokenHandler(), options);
            var context = GetTokenGenerationContext(
                new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, "user") })),
                new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(IdentityServiceClaimTypes.ClientId, "clientId") })));

            context.InitializeForToken(TokenTypes.AccessToken);

            // Act
            await issuer.IssueAccessTokenAsync(context);

            // Assert
            Assert.NotNull(context.AccessToken);
            Assert.NotNull(context.AccessToken.SerializedValue);

            SecurityToken validatedToken;

            Assert.NotNull(handler.ValidateToken(context.AccessToken.SerializedValue, tokenValidationParameters, out validatedToken));
            Assert.NotNull(validatedToken);

            var jwtToken    = Assert.IsType <JwtSecurityToken>(validatedToken);
            var accessToken = Assert.IsType <AccessToken>(context.AccessToken.Token);

            Assert.Equal("http://www.example.com/issuer", jwtToken.Issuer);
            var tokenAudience = Assert.Single(jwtToken.Audiences);

            Assert.Equal("resourceId", tokenAudience);
            var tokenAuthorizedParty = Assert.Single(jwtToken.Claims, c => c.Type.Equals("azp")).Value;

            Assert.Equal("clientId", tokenAuthorizedParty);
            Assert.Equal("user", jwtToken.Subject);

            Assert.Equal(expires, jwtToken.ValidTo);
            Assert.Equal(expectedDateTime.UtcDateTime, jwtToken.ValidFrom);

            var tokenScopes = jwtToken.Claims
                              .Where(c => c.Type == IdentityServiceClaimTypes.Scope)
                              .Select(c => c.Value).OrderBy(c => c)
                              .ToArray();

            Assert.Equal(new[] { "all" }, tokenScopes);
        }