public async Task ValidateAsync_GoodSignature_Succeeds()
{
const string SUBJECT = "123";
string token = await m_authService
.SignTokenBackdoor(new UnsignedToken(
"fake issuer",
"fake audience",
new List <Claim> {
new Claim("sub", SUBJECT)
},
DateTime.UtcNow - TimeSpan.FromSeconds(1),
DateTime.UtcNow + TimeSpan.FromHours(1)))
.SafeAsync();
IAccessToken accessToken = await m_accessTokenValidator
.ValidateAsync(token)
.SafeAsync();
Assert.IsNotNull(accessToken);
string subject;
string fakeclaim;
accessToken.Claims.TryGetClaim("sub", out subject);
accessToken.Claims.TryGetClaim("fakeclaim", out fakeclaim);
Assert.AreEqual(SUBJECT, subject);
Assert.IsNull(fakeclaim);
}
public async Task TestGetToken_WithTenantID_IsValid()
{
string token = await TestAccessToken.GetToken(DEV_AUTH_URL, Guid.NewGuid().ToString()).ConfigureAwait(false);
using (var httpClient = new HttpClient()) {
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(httpClient, new Uri(DEV_AUTH_URL), new Uri(DEV_AUTH_JWK_URL));
Assert.DoesNotThrowAsync(async() => await validator.ValidateAsync(token).ConfigureAwait(false));
}
}
public async Task TestGetToken_WithTenantAndUserIdAndXsrf_IsValid()
{
string token = await TestAccessToken.GetToken(DEV_AUTH_URL, Guid.NewGuid().ToString(), "user", "xsrf").SafeAsync();
using (var httpClient = new HttpClient()) {
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(httpClient, new Uri(DEV_AUTH_URL));
Assert.DoesNotThrowAsync(async() => await validator.ValidateAsync(token).SafeAsync());
}
}
public async void TestAccessTokenProvider_SuppliedRSAParameters_TokenIsValid()
{
using (var httpClient = new HttpClient()) {
IAccessTokenProvider provider = TestAccessTokenProviderFactory.Create(httpClient, DEV_AUTH_URL, TestStaticKeyProvider.TestKeyId, TestStaticKeyProvider.TestRSAParameters);
IAccessToken token = await provider.ProvisionAccessTokenAsync(testClaimSet, testScopes).SafeAsync();
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(httpClient, new Uri(DEV_AUTH_URL));
Assert.DoesNotThrow(async() => await validator.ValidateAsync(token.Token).SafeAsync());
}
}
public async Task TestAccessTokenProvider_TokenIsValid()
{
using (var httpClient = new HttpClient()) {
IAccessTokenProvider provider = TestAccessTokenProviderFactory.Create(httpClient, DEV_AUTH_URL);
IAccessToken token = await provider.ProvisionAccessTokenAsync(testClaimSet, testScopes).ConfigureAwait(false);
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(httpClient, new Uri(DEV_AUTH_JWKS_URL), new Uri(DEV_AUTH_JWK_URL));
Assert.DoesNotThrowAsync(async() => await validator.ValidateAsync(token.Token).ConfigureAwait(false));
}
}
public async Task TestGetToken_WithClaimAndScope_IsValid()
{
Claim[] claims = { new Claim(Constants.Claims.TENANT_ID, Guid.NewGuid().ToString()) };
Scope[] scopes = { new Scope("group", "resource", "permission") };
string token = await TestAccessToken.GetToken(DEV_AUTH_URL, claims, scopes).SafeAsync();
using (var httpClient = new HttpClient()) {
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(httpClient, new Uri(DEV_AUTH_URL));
Assert.DoesNotThrowAsync(async() => await validator.ValidateAsync(token).SafeAsync());
}
}
public async Task ValidateAsync_GoodSignature_Succeeds()
{
const string SUBJECT = "123";
string token = await m_authService
.SignTokenBackdoor(new UnsignedToken(
"fake issuer",
"fake audience",
new Dictionary <string, object> {
{ "sub", SUBJECT }
},
DateTime.UtcNow - TimeSpan.FromSeconds(1),
DateTime.UtcNow + TimeSpan.FromHours(1)))
.ConfigureAwait(false);
IAccessToken accessToken = await m_accessTokenValidator
.ValidateAsync(token)
.ConfigureAwait(false);
Assert.IsNotNull(accessToken);
Assert.AreEqual(SUBJECT, accessToken.Claims.Single(c => c.Type == "sub").Value);
Assert.IsFalse(accessToken.Claims.Any(c => c.Type == "fakeclaim"));
}
Action IBenchmark.GetRunner()
{
SetUp(out Uri host, out string token, out string id);
IAccessTokenValidator validator = AccessTokenValidatorFactory.CreateRemoteValidator(
new HttpClient(),
host,
null
);
return(delegate {
validator.ValidateAsync(token).SafeAsync().GetAwaiter().GetResult();
});
}
public async Task <ID2LPrincipal> AuthenticateAsync(
string bearerToken
)
{
if (string.IsNullOrEmpty(bearerToken))
{
return(ANONYMOUS_PRINCIPAL);
}
IAccessToken accessToken = await m_accessTokenValidator
.ValidateAsync(bearerToken)
.ConfigureAwait(false);
ID2LPrincipal principal = new D2LPrincipal(accessToken);
return(principal);
}
private async Task <ID2LPrincipal> AuthenticateHelper(
string bearerToken
)
{
if (string.IsNullOrEmpty(bearerToken))
{
return(ANONYMOUS_PRINCIPAL);
}
IAccessToken accessToken = await m_accessTokenValidator
.ValidateAsync(bearerToken)
.SafeAsync();
ID2LPrincipal principal = new D2LPrincipal(accessToken);
return(principal);
}
