public async Task JwtAccessTokenIssuer_IncludesAllRequiredData()
{
// Arrange
var options = GetOptions();
var expectedDateTime = new DateTimeOffset(2000, 01, 01, 0, 0, 0, TimeSpan.FromHours(1));
var timeManager = GetTimeManager(expectedDateTime, expectedDateTime.AddHours(1), expectedDateTime);
var issuer = new JwtAccessTokenIssuer(
GetClaimsManager(timeManager),
GetSigningPolicy(options, timeManager),
new JwtSecurityTokenHandler(), options);
var context = GetTokenGenerationContext(
new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, "user") })),
new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(IdentityServiceClaimTypes.ClientId, "clientId") })));
context.InitializeForToken(TokenTypes.AccessToken);
// Act
await issuer.IssueAccessTokenAsync(context);
// Assert
Assert.NotNull(context.AccessToken);
var accessToken = Assert.IsType <AccessToken>(context.AccessToken.Token);
Assert.NotNull(accessToken);
Assert.NotNull(accessToken.Id);
Assert.Equal("user", accessToken.Subject);
Assert.Equal("resourceId", accessToken.Audience);
Assert.Equal("clientId", accessToken.AuthorizedParty);
Assert.Equal(new[] { "all" }, accessToken.Scopes);
Assert.Equal(expectedDateTime, accessToken.IssuedAt);
Assert.Equal(expectedDateTime.AddHours(1), accessToken.Expires);
Assert.Equal(expectedDateTime, accessToken.NotBefore);
}
public async Task JwtAccessTokenIssuer_Fails_IfUserIsMissingUserId()
{
// Arrange
var options = GetOptions();
var issuer = new JwtAccessTokenIssuer(
GetClaimsManager(),
GetSigningPolicy(options, new TimeStampManager()), new JwtSecurityTokenHandler(), options);
var context = GetTokenGenerationContext();
context.InitializeForToken(TokenTypes.AccessToken);
// Act
var exception = await Assert.ThrowsAsync <InvalidOperationException>(
() => issuer.IssueAccessTokenAsync(context));
// Assert
Assert.Equal($"Missing '{ClaimTypes.NameIdentifier}' claim from the user.", exception.Message);
}
public async Task JwtAccessTokenIssuer_SignsAccessToken()
{
// Arrange
var expectedDateTime = new DateTimeOffset(2000, 01, 01, 0, 0, 0, TimeSpan.FromHours(1));
var now = DateTimeOffset.UtcNow;
var expires = new DateTimeOffset(now.Year, now.Month, now.Day, now.Hour, now.Minute, now.Second, TimeSpan.Zero);
var timeManager = GetTimeManager(expectedDateTime, expires, expectedDateTime);
var options = GetOptions();
var handler = new JwtSecurityTokenHandler();
var tokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = options.Value.SigningKeys[0].Key,
ValidAudiences = new[] { "resourceId" },
ValidIssuers = new[] { options.Value.Issuer }
};
var issuer = new JwtAccessTokenIssuer(
GetClaimsManager(timeManager),
GetSigningPolicy(options, timeManager),
new JwtSecurityTokenHandler(), options);
var context = GetTokenGenerationContext(
new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, "user") })),
new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(IdentityServiceClaimTypes.ClientId, "clientId") })));
context.InitializeForToken(TokenTypes.AccessToken);
// Act
await issuer.IssueAccessTokenAsync(context);
// Assert
Assert.NotNull(context.AccessToken);
Assert.NotNull(context.AccessToken.SerializedValue);
SecurityToken validatedToken;
Assert.NotNull(handler.ValidateToken(context.AccessToken.SerializedValue, tokenValidationParameters, out validatedToken));
Assert.NotNull(validatedToken);
var jwtToken = Assert.IsType <JwtSecurityToken>(validatedToken);
var accessToken = Assert.IsType <AccessToken>(context.AccessToken.Token);
Assert.Equal("http://www.example.com/issuer", jwtToken.Issuer);
var tokenAudience = Assert.Single(jwtToken.Audiences);
Assert.Equal("resourceId", tokenAudience);
var tokenAuthorizedParty = Assert.Single(jwtToken.Claims, c => c.Type.Equals("azp")).Value;
Assert.Equal("clientId", tokenAuthorizedParty);
Assert.Equal("user", jwtToken.Subject);
Assert.Equal(expires, jwtToken.ValidTo);
Assert.Equal(expectedDateTime.UtcDateTime, jwtToken.ValidFrom);
var tokenScopes = jwtToken.Claims
.Where(c => c.Type == IdentityServiceClaimTypes.Scope)
.Select(c => c.Value).OrderBy(c => c)
.ToArray();
Assert.Equal(new[] { "all" }, tokenScopes);
}
