public async Task OnGeneratingClaims_AddsRedirectUriIfPresentOnTheRequest()
{
// Arrange
var expectedRedirectUri = "http://wwww.example.com/callback";
var context = new TokenGeneratingContext(
new ClaimsPrincipal(),
new ClaimsPrincipal(),
new OpenIdConnectMessage()
{
RedirectUri = expectedRedirectUri
},
new RequestGrants());
var options = new IdentityServiceOptions()
{
Issuer = "http://www.example.com/Identity"
};
var claimsProvider = new DefaultTokenClaimsProvider(Options.Create(options));
context.InitializeForToken(TokenTypes.AuthorizationCode);
// Act
await claimsProvider.OnGeneratingClaims(context);
// Assert
Assert.Single(
context.CurrentClaims,
c => c.Type.Equals(IdentityServiceClaimTypes.RedirectUri, StringComparison.Ordinal) &&
c.Value.Equals(expectedRedirectUri));
}
public async Task OnGeneratingClaims_AddsIssuerForAccessTokenAndIdToken(string tokenType)
{
// Arrange
var context = new TokenGeneratingContext(
new ClaimsPrincipal(),
new ClaimsPrincipal(),
new OpenIdConnectMessage(),
new RequestGrants());
var options = new IdentityServiceOptions()
{
Issuer = "http://www.example.com/Identity"
};
var claimsProvider = new DefaultTokenClaimsProvider(Options.Create(options));
context.InitializeForToken(tokenType);
// Act
await claimsProvider.OnGeneratingClaims(context);
// Assert
Assert.Single(
context.CurrentClaims,
c => c.Type.Equals(IdentityServiceClaimTypes.Issuer, StringComparison.Ordinal));
}
public TokenDataSerializer(
IOptions <IdentityServiceOptions> options,
ArrayPool <char> arrayPool)
{
_options = options.Value;
_serializer = JsonSerializer.Create(_options.SerializationSettings);
_pool = new JsonArrayPool(arrayPool);
}
private IEnumerable <SigningCredentialsDescriptor> GetDescriptors(IdentityServiceOptions options)
{
return(options.SigningKeys.Select(sk =>
{
var validity = GetValidity(sk);
return new SigningCredentialsDescriptor(
sk,
CryptographyHelpers.GetAlgorithm(sk),
validity.NotBefore,
validity.Expires,
GetMetadata(sk));
}));
}
public async Task OnGeneratingClaims_AddsIssuedAtNotBeforeAndExpires_ForAllTokenTypes(
string tokenType,
string issuedAt,
string notBefore,
string expires)
{
// Arrange
var context = new TokenGeneratingContext(
new ClaimsPrincipal(),
new ClaimsPrincipal(),
new OpenIdConnectMessage {
},
new RequestGrants {
});
// Reference time
var reference = new DateTimeOffset(2000, 01, 01, 0, 0, 0, TimeSpan.Zero);
var timestampManager = new TestTimeStampManager(reference);
var options = new IdentityServiceOptions();
SetTimeStampOptions(options.AuthorizationCodeOptions, 1);
SetTimeStampOptions(options.AccessTokenOptions, 2);
SetTimeStampOptions(options.IdTokenOptions, 3);
SetTimeStampOptions(options.RefreshTokenOptions, 4);
var claimsProvider = new TimestampsTokenClaimsProvider(timestampManager, Options.Create(options));
context.InitializeForToken(tokenType);
// Act
await claimsProvider.OnGeneratingClaims(context);
var claims = context.CurrentClaims;
// Assert
Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.IssuedAt) && c.Value.Equals(issuedAt));
Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.NotBefore) && c.Value.Equals(notBefore));
Assert.Single(claims, c => c.Type.Equals(IdentityServiceClaimTypes.Expires) && c.Value.Equals(expires));
}
public async Task OnGeneratingClaims_MapsClaimsFromUsersApplicationsAndAmbient(string tokenType)
{
// Arrange
var expectedClaims = new List <Claim>
{
new Claim("user-single", "us"),
new Claim("user-single-claim", "usa"),
new Claim("user-multiple", "um1"),
new Claim("user-multiple", "um2"),
new Claim("user-multiple-claim", "uma1"),
new Claim("user-multiple-claim", "uma2"),
new Claim("application-single", "as"),
new Claim("application-single-claim", "asa"),
new Claim("application-multiple", "am1"),
new Claim("application-multiple", "am2"),
new Claim("application-multiple-claim", "ama1"),
new Claim("application-multiple-claim", "ama2"),
new Claim("context-single", "cs"),
new Claim("context-single-claim", "csa"),
new Claim("context-multiple", "cm1"),
new Claim("context-multiple", "cm2"),
new Claim("context-multiple-claim", "cma1"),
new Claim("context-multiple-claim", "cma2"),
};
var user = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim>
{
new Claim("user-single", "us"),
new Claim("user-single-aliased", "usa"),
new Claim("user-multiple", "um1"),
new Claim("user-multiple", "um2"),
new Claim("user-multiple-aliased", "uma1"),
new Claim("user-multiple-aliased", "uma2"),
}));
var application = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim>
{
new Claim("application-single", "as"),
new Claim("application-single-aliased", "asa"),
new Claim("application-multiple", "am1"),
new Claim("application-multiple", "am2"),
new Claim("application-multiple-aliased", "ama1"),
new Claim("application-multiple-aliased", "ama2"),
}));
var context = new TokenGeneratingContext(
user,
application,
new OpenIdConnectMessage(),
new RequestGrants());
context.AmbientClaims.Add(new Claim("context-single", "cs"));
context.AmbientClaims.Add(new Claim("context-single-aliased", "csa"));
context.AmbientClaims.Add(new Claim("context-multiple", "cm1"));
context.AmbientClaims.Add(new Claim("context-multiple", "cm2"));
context.AmbientClaims.Add(new Claim("context-multiple-aliased", "cma1"));
context.AmbientClaims.Add(new Claim("context-multiple-aliased", "cma2"));
var options = new IdentityServiceOptions()
{
Issuer = "http://www.example.com/Identity"
};
CreateTestMapping(options.AuthorizationCodeOptions);
CreateTestMapping(options.AccessTokenOptions);
CreateTestMapping(options.IdTokenOptions);
CreateTestMapping(options.RefreshTokenOptions);
var claimsProvider = new DefaultTokenClaimsProvider(Options.Create(options));
context.InitializeForToken(tokenType);
// Act
await claimsProvider.OnGeneratingClaims(context);
var claims = context.CurrentClaims.Where(c =>
c.Type != IdentityServiceClaimTypes.Issuer &&
c.Type != IdentityServiceClaimTypes.TokenUniqueId).ToList();
// Assert
Assert.Equal(expectedClaims.Count, claims.Count);
foreach (var claim in expectedClaims)
{
Assert.Contains(claims, c => c.Type.Equals(claim.Type) && c.Value.Equals(claim.Value));
}
}
