public void Validate_IssuerMatchedInValidV1Issuer_ReturnsIssuer(string tidClaimType, string tenantId, string issuer)
{
var context = new CompareContext();
var validator = new AadIssuerValidator(_httpClient, issuer);
var tidClaim = new Claim(tidClaimType, tenantId);
var issClaim = new Claim(ValidatorConstants.ClaimNameIss, issuer);
var jwtSecurityToken = new JwtSecurityToken(issuer: issuer, claims: new[] { issClaim, tidClaim });
validator.AadIssuerV1 = issuer;
var actualIssuer = validator.Validate(issuer, jwtSecurityToken, new TokenValidationParameters()
{
ValidIssuer = issuer
});
IdentityComparer.AreEqual(issuer, actualIssuer, context);
var actualIssuers = validator.Validate(issuer, jwtSecurityToken, new TokenValidationParameters()
{
ValidIssuers = new[] { issuer }
});
IdentityComparer.AreEqual(issuer, actualIssuers, context);
TestUtilities.AssertFailIfErrors(context);
}
public void NullArg()
{
// Arrange
AadIssuerValidator validator = new AadIssuerValidator(s_aliases);
var jwtSecurityToken = new JwtSecurityToken();
var validationParams = new TokenValidationParameters();
// Act and Assert
Assert.Throws <ArgumentNullException>(() => validator.Validate(null, jwtSecurityToken, validationParams));
Assert.Throws <ArgumentNullException>(() => validator.Validate("", jwtSecurityToken, validationParams));
Assert.Throws <ArgumentNullException>(() => validator.Validate(Iss, null, validationParams));
Assert.Throws <ArgumentNullException>(() => validator.Validate(Iss, jwtSecurityToken, null));
}
public void Validate_NullOrEmptyParameters_ThrowsException()
{
var validator = new AadIssuerValidator(TestConstants.s_aliases);
var jwtSecurityToken = new JwtSecurityToken();
var validationParams = new TokenValidationParameters();
var exception = Assert.Throws <ArgumentNullException>("actualIssuer", () => validator.Validate(null, jwtSecurityToken, validationParams));
exception = Assert.Throws <ArgumentNullException>("actualIssuer", () => validator.Validate(string.Empty, jwtSecurityToken, validationParams));
exception = Assert.Throws <ArgumentNullException>("securityToken", () => validator.Validate(TestConstants.AadIssuer, null, validationParams));
exception = Assert.Throws <ArgumentNullException>("validationParameters", () => validator.Validate(TestConstants.AadIssuer, jwtSecurityToken, null));
}
public void ValidateJsonWebToken_ReturnsIssuer(string tidClaimType, string issuer)
{
var context = new CompareContext();
var validator = new AadIssuerValidator(_httpClient, issuer);
var tidClaim = new Claim(tidClaimType, ValidatorConstants.TenantIdAsGuid);
var issClaim = new Claim(ValidatorConstants.ClaimNameIss, issuer);
List <Claim> claims = new List <Claim>();
claims.Add(tidClaim);
claims.Add(issClaim);
var jsonWebToken = new JsonWebToken(Default.Jwt(Default.SecurityTokenDescriptor(Default.SymmetricSigningCredentials, claims)));
var tokenValidationParams = new TokenValidationParameters()
{
ConfigurationManager = new MockConfigurationManager <OpenIdConnectConfiguration>(new OpenIdConnectConfiguration()
{
Issuer = issuer
})
};
var actualIssuer = validator.Validate(issuer, jsonWebToken, tokenValidationParams);
IdentityComparer.AreEqual(issuer, actualIssuer, context);
TestUtilities.AssertFailIfErrors(context);
}
public void Validate_NotMatchedToMultipleIssuers_ThrowsException()
{
var validator = new AadIssuerValidator(TestConstants.s_aliases);
var issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.AadIssuer);
var tidClaim = new Claim(TestConstants.ClaimNameTid, TestConstants.TenantIdAsGuid);
var jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.AadIssuer, claims: new[] { issClaim, tidClaim });
var expectedErrorMessage = string.Format(
CultureInfo.InvariantCulture,
IDWebErrorMessage.IssuerDoesNotMatchValidIssuers,
TestConstants.AadIssuer);
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
validator.Validate(
TestConstants.AadIssuer,
jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[]
{
"https://host1/{tenantid}/v2.0",
"https://host2/{tenantid}/v2.0",
},
}));
Assert.Equal(expectedErrorMessage, exception.Message);
}
public void Validate_NullOrEmptyTenantId_ThrowsException()
{
var validator = new AadIssuerValidator(TestConstants.s_aliases);
var jwtSecurityToken = new JwtSecurityToken();
var jsonWebToken = new JsonWebToken($"{{}}", $"{{}}");
var securityToken = Substitute.For <SecurityToken>();
var validationParameters = new TokenValidationParameters();
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(TestConstants.AadIssuer, jwtSecurityToken, validationParameters));
Assert.Equal(IDWebErrorMessage.TenantIdClaimNotPresentInToken, exception.Message);
exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(TestConstants.AadIssuer, jsonWebToken, validationParameters));
Assert.Equal(IDWebErrorMessage.TenantIdClaimNotPresentInToken, exception.Message);
exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(TestConstants.AadIssuer, securityToken, validationParameters));
Assert.Equal(IDWebErrorMessage.TenantIdClaimNotPresentInToken, exception.Message);
}
public void Validate_NullOrEmptyTenantId_ThrowsException()
{
var validator = new AadIssuerValidator(TestConstants.s_aliases);
var jwtSecurityToken = new JwtSecurityToken();
var jsonWebToken = new JsonWebToken($"{{}}", $"{{}}");
var securityToken = Substitute.For <SecurityToken>();
var validationParameters = new TokenValidationParameters();
var expectedErrorMessage = "Neither `tid` nor `tenantId` claim is present in the token obtained from Microsoft identity platform.";
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(TestConstants.AadIssuer, jwtSecurityToken, validationParameters));
Assert.Equal(expectedErrorMessage, exception.Message);
exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(TestConstants.AadIssuer, jsonWebToken, validationParameters));
Assert.Equal(expectedErrorMessage, exception.Message);
exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(TestConstants.AadIssuer, securityToken, validationParameters));
Assert.Equal(expectedErrorMessage, exception.Message);
}
public void Validate_NullOrEmptyTenantId_ThrowsException()
{
var context = new CompareContext();
var validator = new AadIssuerValidator(_httpClient, ValidatorConstants.AadIssuer);
var jwtSecurityToken = new JwtSecurityToken();
var jsonWebToken = new JsonWebToken($"{{}}", $"{{}}");
var securityToken = Substitute.For <SecurityToken>();
var validationParameters = new TokenValidationParameters();
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(ValidatorConstants.AadIssuer, jwtSecurityToken, validationParameters));
IdentityComparer.AreEqual(LogMessages.IDX40003, exception.Message, context);
exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(ValidatorConstants.AadIssuer, jsonWebToken, validationParameters));
IdentityComparer.AreEqual(LogMessages.IDX40003, exception.Message, context);
exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(ValidatorConstants.AadIssuer, securityToken, validationParameters));
IdentityComparer.AreEqual(LogMessages.IDX40003, exception.Message, context);
TestUtilities.AssertFailIfErrors(context);
}
public void Validate_TidClaimInToken_ReturnsIssuer()
{
var validator = new AadIssuerValidator(TestConstants.s_aliases);
var tidClaim = new Claim(TestConstants.ClaimNameTid, TestConstants.TenantIdAsGuid);
var issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.AadIssuer);
var jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.AadIssuer, claims: new[] { issClaim, tidClaim });
var jsonWebToken = new JsonWebToken($"{{}}", $"{{\"{TestConstants.ClaimNameIss}\":\"{TestConstants.AadIssuer}\",\"{TestConstants.ClaimNameTid}\":\"{TestConstants.TenantIdAsGuid}\"}}");
var actualIssuer = validator.Validate(TestConstants.AadIssuer, jwtSecurityToken, new TokenValidationParameters()
{
ValidIssuer = TestConstants.AadIssuer
});
Assert.Equal(TestConstants.AadIssuer, actualIssuer);
actualIssuer = validator.Validate(TestConstants.AadIssuer, jsonWebToken, new TokenValidationParameters()
{
ValidIssuer = TestConstants.AadIssuer
});
Assert.Equal(TestConstants.AadIssuer, actualIssuer);
}
public void Validate_TenantIdInIssuerNotInToken_ReturnsIssuer()
{
var validator = new AadIssuerValidator(TestConstants.s_aliases);
var issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.AadIssuer);
var jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.AadIssuer, claims: new[] { issClaim });
var actualIssuer = validator.Validate(TestConstants.AadIssuer, jwtSecurityToken, new TokenValidationParameters()
{
ValidIssuer = TestConstants.AadIssuer
});
Assert.Equal(TestConstants.AadIssuer, actualIssuer);
}
public void Validate_IssuerMatchedInValidIssuers_ReturnsIssuer()
{
var validator = new AadIssuerValidator(TestConstants.s_aliases);
var tidClaim = new Claim(TestConstants.ClaimNameTid, TestConstants.TenantIdAsGuid);
var issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.AadIssuer);
var jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.AadIssuer, claims: new[] { issClaim, tidClaim });
var actualIssuer = validator.Validate(TestConstants.AadIssuer, jwtSecurityToken, new TokenValidationParameters()
{
ValidIssuers = new[] { TestConstants.AadIssuer }
});
Assert.Equal(TestConstants.AadIssuer, actualIssuer);
}
public void Validate_TidClaimInToken_ReturnsIssuer()
{
var context = new CompareContext();
var validator = new AadIssuerValidator(_httpClient, ValidatorConstants.AadIssuer);
var tidClaim = new Claim(ValidatorConstants.ClaimNameTid, ValidatorConstants.TenantIdAsGuid);
var issClaim = new Claim(ValidatorConstants.ClaimNameIss, ValidatorConstants.AadIssuer);
var jwtSecurityToken = new JwtSecurityToken(issuer: ValidatorConstants.AadIssuer, claims: new[] { issClaim, tidClaim });
var jsonWebToken = new JsonWebToken($"{{}}", $"{{\"{ValidatorConstants.ClaimNameIss}\":\"{ValidatorConstants.AadIssuer}\",\"{ValidatorConstants.ClaimNameTid}\":\"{ValidatorConstants.TenantIdAsGuid}\"}}");
var actualIssuer = validator.Validate(ValidatorConstants.AadIssuer, jwtSecurityToken, new TokenValidationParameters()
{
ValidIssuer = ValidatorConstants.AadIssuer
});
IdentityComparer.AreEqual(ValidatorConstants.AadIssuer, actualIssuer, context);
actualIssuer = validator.Validate(ValidatorConstants.AadIssuer, jsonWebToken, new TokenValidationParameters()
{
ValidIssuer = ValidatorConstants.AadIssuer
});
IdentityComparer.AreEqual(ValidatorConstants.AadIssuer, actualIssuer, context);
TestUtilities.AssertFailIfErrors(context);
}
public void Validate_TenantIdInIssuerNotInToken_ReturnsIssuer()
{
var context = new CompareContext();
var validator = new AadIssuerValidator(_httpClient, ValidatorConstants.AadIssuer);
var issClaim = new Claim(ValidatorConstants.ClaimNameIss, ValidatorConstants.AadIssuer);
var jwtSecurityToken = new JwtSecurityToken(issuer: ValidatorConstants.AadIssuer, claims: new[] { issClaim });
var actualIssuer = validator.Validate(ValidatorConstants.AadIssuer, jwtSecurityToken, new TokenValidationParameters()
{
ValidIssuer = ValidatorConstants.AadIssuer
});
IdentityComparer.AreEqual(ValidatorConstants.AadIssuer, actualIssuer, context);
TestUtilities.AssertFailIfErrors(context);
}
public void TokenValidationParameters_ValidIssuer()
{
// Arrange
AadIssuerValidator validator = new AadIssuerValidator(s_aliases);
Claim issClaim = new Claim("tid", Tid);
Claim tidClaim = new Claim("iss", Iss);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: Iss, claims: new[] { issClaim, tidClaim });
// Act & Assert
validator.Validate(Iss, jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuer = "https://login.microsoftonline.com/{tenantid}/v2.0"
});
}
public void PassingValidationWithAlias()
{
// Arrange
AadIssuerValidator validator = new AadIssuerValidator(s_aliases);
Claim issClaim = new Claim("tid", Tid);
Claim tidClaim = new Claim("iss", Iss2);// sts.windows.net
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: Iss2, claims: new[] { issClaim, tidClaim });
// Act & Assert
validator.Validate(Iss2, jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[] { "https://login.microsoftonline.com/{tenantid}/v2.0" }
});
}
public void Validate_FromCustomB2CAuthority_ValidateSuccessfully()
{
Claim issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.B2CCustomDomainIssuer);
Claim tfpClaim = new Claim(TestConstants.ClaimNameTfp, TestConstants.B2CSignUpSignInUserFlow);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.B2CCustomDomainIssuer, claims: new[] { issClaim, tfpClaim });
AadIssuerValidator validator = AadIssuerValidator.GetIssuerValidator(TestConstants.B2CCustomDomainAuthorityWithV2);
validator.Validate(
TestConstants.B2CCustomDomainIssuer,
jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[] { TestConstants.B2CCustomDomainIssuer },
});
}
public void Validate_NotMatchedTenantIds_ThrowsException()
{
var validator = new AadIssuerValidator(TestConstants.s_aliases);
var issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.AadIssuer);
var tidClaim = new Claim(TestConstants.ClaimNameTid, TestConstants.B2CTenantAsGuid);
var jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.AadIssuer, claims: new[] { issClaim, tidClaim });
var expectedErrorMessage = $"Issuer: '{TestConstants.AadIssuer}', does not match any of the valid issuers provided for this application.";
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
validator.Validate(TestConstants.AadIssuer, jwtSecurityToken, new TokenValidationParameters()
{
ValidIssuer = TestConstants.AadIssuer
}));
Assert.Equal(expectedErrorMessage, exception.Message);
}
public void Validate_FromB2CAuthority_WithTidClaim_ValidateSuccessfully()
{
Claim issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.B2CIssuer);
Claim tfpClaim = new Claim(TestConstants.ClaimNameTfp, TestConstants.B2CSuSiUserFlow);
Claim tidClaim = new Claim(TestConstants.ClaimNameTid, TestConstants.B2CTenantAsGuid);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.B2CIssuer, claims: new[] { issClaim, tfpClaim, tidClaim });
AadIssuerValidator validator = AadIssuerValidator.GetIssuerValidator(TestConstants.B2CAuthorityWithV2);
validator.Validate(
TestConstants.B2CIssuer,
jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[] { TestConstants.B2CIssuer }
});
}
public void ValidationSucceeds_NoTidClaimInJwt_TidCreatedFromIssuerInstead()
{
// Arrange
AadIssuerValidator validator = new AadIssuerValidator(s_aliases);
Claim issClaim = new Claim("iss", Iss);
JwtSecurityToken noTidJwt = new JwtSecurityToken(issuer: Iss, claims: new[] { issClaim });
// Act & Assert
validator.Validate(
Iss,
noTidJwt,
new TokenValidationParameters()
{
ValidIssuers = new[] { "https://login.microsoftonline.com/{tenantid}/v2.0" }
});
}
public void Validate_FromB2CAuthority_InvalidIssuer_Fails()
{
Claim issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.B2CIssuer2);
Claim tfpClaim = new Claim(TestConstants.ClaimNameTfp, TestConstants.B2CSignUpSignInUserFlow);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.B2CIssuer2, claims: new[] { issClaim, tfpClaim });
AadIssuerValidator validator = AadIssuerValidator.GetIssuerValidator(TestConstants.B2CAuthorityWithV2);
Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
validator.Validate(
TestConstants.B2CIssuer2,
jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[] { TestConstants.B2CIssuer },
}));
}
public void Validate_InvalidIssuerToValidate_ThrowsException()
{
string invalidIssuerToValidate = $"https://badissuer/{TestConstants.TenantIdAsGuid}/v2.0";
AadIssuerValidator validator = new AadIssuerValidator(TestConstants.s_aliases);
Claim issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.AadIssuer);
Claim tidClaim = new Claim(TestConstants.ClaimNameTid, TestConstants.TenantIdAsGuid);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.AadIssuer, claims: new[] { issClaim, tidClaim });
var expectedErrorMessage = $"Issuer: '{invalidIssuerToValidate}', does not match any of the valid issuers provided for this application.";
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
validator.Validate(invalidIssuerToValidate, jwtSecurityToken, new TokenValidationParameters()
{
ValidIssuers = new[] { TestConstants.AadIssuer }
}));
Assert.Equal(expectedErrorMessage, exception.Message);
}
public void Validate_FromB2CAuthority_WithTfpIssuer_ThrowsException()
{
Claim issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.B2CIssuerTfp);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.B2CIssuerTfp, claims: new[] { issClaim });
AadIssuerValidator validator = _issuerValidatorFactory.GetAadIssuerValidator(TestConstants.B2CAuthorityWithV2);
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
validator.Validate(
TestConstants.B2CIssuerTfp,
jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[] { TestConstants.B2CIssuerTfp },
}));
Assert.Equal(IDWebErrorMessage.B2CTfpIssuerNotSupported, exception.Message);
}
public void ValidationFails_NoTidClaimInJwt()
{
// Arrange
AadIssuerValidator validator = new AadIssuerValidator(s_aliases);
Claim issClaim = new Claim("iss", Iss);
JwtSecurityToken noTidJwt = new JwtSecurityToken(issuer: Iss, claims: new[] { issClaim });
// Act & Assert
Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
validator.Validate(
Iss,
noTidJwt,
new TokenValidationParameters()
{
ValidIssuers = new[] { "https://login.microsoftonline.com/{tenantid}/v2.0" }
}));
}
public void Validate_NullOrEmptyParameters_ThrowsException()
{
var context = new CompareContext();
var validator = new AadIssuerValidator(_httpClient, ValidatorConstants.AadIssuer);
var jwtSecurityToken = new JwtSecurityToken();
var validationParams = new TokenValidationParameters();
Assert.Throws <ArgumentNullException>(ValidatorConstants.Issuer, () => validator.Validate(null, jwtSecurityToken, validationParams));
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() => validator.Validate(string.Empty, jwtSecurityToken, validationParams));
IdentityComparer.AreEqual(LogMessages.IDX40003, exception.Message);
Assert.Throws <ArgumentNullException>(ValidatorConstants.SecurityToken, () => validator.Validate(ValidatorConstants.AadIssuer, null, validationParams));
Assert.Throws <ArgumentNullException>(ValidatorConstants.ValidationParameters, () => validator.Validate(ValidatorConstants.AadIssuer, jwtSecurityToken, null));
TestUtilities.AssertFailIfErrors(context);
}
public void Validate_FromB2CAuthority_InvalidIssuerTid_Fails()
{
string issuerWithInvalidTid = TestConstants.B2CInstance + "/" + TestConstants.TenantIdAsGuid + "/v2.0";
Claim issClaim = new Claim(TestConstants.ClaimNameIss, issuerWithInvalidTid);
Claim tfpClaim = new Claim(TestConstants.ClaimNameTfp, TestConstants.B2CSignUpSignInUserFlow);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: issuerWithInvalidTid, claims: new[] { issClaim, tfpClaim });
AadIssuerValidator validator = AadIssuerValidator.GetIssuerValidator(TestConstants.B2CAuthorityWithV2);
Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
validator.Validate(
issuerWithInvalidTid,
jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[] { TestConstants.B2CIssuer },
}));
}
public void Validate_FromB2CAuthority_WithTfpIssuer_ThrowsException()
{
var context = new CompareContext();
Claim issClaim = new Claim(ValidatorConstants.ClaimNameIss, ValidatorConstants.B2CIssuerTfp);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: ValidatorConstants.B2CIssuerTfp, claims: new[] { issClaim });
AadIssuerValidator validator = CreateIssuerValidator(ValidatorConstants.B2CAuthorityWithV2);
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
validator.Validate(
ValidatorConstants.B2CIssuerTfp,
jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[] { ValidatorConstants.B2CIssuerTfp },
}));
IdentityComparer.AreEqual(LogMessages.IDX40002, exception.Message, context);
TestUtilities.AssertFailIfErrors(context);
}
public void Validate_InvalidIssuerToValidate_ThrowsException()
{
string invalidIssuerToValidate = $"https://badissuer/{TestConstants.TenantIdAsGuid}/v2.0";
AadIssuerValidator validator = new AadIssuerValidator(TestConstants.s_aliases);
Claim issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.AadIssuer);
Claim tidClaim = new Claim(TestConstants.ClaimNameTid, TestConstants.TenantIdAsGuid);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.AadIssuer, claims: new[] { issClaim, tidClaim });
var expectedErrorMessage = string.Format(
CultureInfo.InvariantCulture,
IDWebErrorMessage.IssuerDoesNotMatchValidIssuers,
invalidIssuerToValidate);
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
validator.Validate(invalidIssuerToValidate, jwtSecurityToken, new TokenValidationParameters()
{
ValidIssuers = new[] { TestConstants.AadIssuer }
}));
Assert.Equal(expectedErrorMessage, exception.Message);
}
public void Validate_NoHttpclientFactory_ReturnsIssuer(string tidClaimType, string tenantId, string issuer)
{
var context = new CompareContext();
var validator = new AadIssuerValidator(null, issuer);
var tidClaim = new Claim(tidClaimType, tenantId);
var issClaim = new Claim(ValidatorConstants.ClaimNameIss, issuer);
var jwtSecurityToken = new JwtSecurityToken(issuer: issuer, claims: new[] { issClaim, tidClaim });
var tokenValidationParams = new TokenValidationParameters()
{
ConfigurationManager = new MockConfigurationManager <OpenIdConnectConfiguration>(new OpenIdConnectConfiguration()
{
Issuer = issuer
})
};
IdentityComparer.AreEqual(issuer, validator.Validate(issuer, jwtSecurityToken, tokenValidationParams), context);
TestUtilities.AssertFailIfErrors(context);
}
public void Validate_FromCustomB2CAuthority_ValidateSuccessfully()
{
//Arrange
string b2cAuthority = "https://myCustomDomain.com/fabrikamb2c.onmicrosoft.com/b2c_1_susi/v2.0";
string issuer = "https://myCustomDomain.com/775527ff-9a37-4307-8b3d-cc311f58d925/v2.0/";
Claim issClaim = new Claim("iss", issuer);
Claim tfpClaim = new Claim("tfp", "b2c_1_susi");
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: issuer, claims: new[] { issClaim, tfpClaim });
//Act
AadIssuerValidator validator = AadIssuerValidator.GetIssuerValidator(b2cAuthority);
//Assert
validator.Validate(
issuer,
jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[] { "https://myCustomDomain.com/775527ff-9a37-4307-8b3d-cc311f58d925/v2.0/" }
});
}
public void Validate_FromB2CAuthority_InvalidIssuer_Fails()
{
var context = new CompareContext();
Claim issClaim = new Claim(ValidatorConstants.ClaimNameIss, ValidatorConstants.B2CIssuer2);
Claim tfpClaim = new Claim(ValidatorConstants.ClaimNameTfp, ValidatorConstants.B2CSignUpSignInUserFlow);
JwtSecurityToken jwtSecurityToken = new JwtSecurityToken(issuer: ValidatorConstants.B2CIssuer2, claims: new[] { issClaim, tfpClaim });
AadIssuerValidator validator = CreateIssuerValidator(ValidatorConstants.B2CAuthorityWithV2);
var exception = Assert.Throws <SecurityTokenInvalidIssuerException>(() =>
validator.Validate(
ValidatorConstants.B2CIssuer2,
jwtSecurityToken,
new TokenValidationParameters()
{
ValidIssuers = new[] { ValidatorConstants.B2CIssuer },
}));
IdentityComparer.AreEqual(string.Format(LogMessages.IDX40001, ValidatorConstants.B2CIssuer2), exception.Message, context);
TestUtilities.AssertFailIfErrors(context);
}