public async Task ValidateAsync_should_validate_token_using_validator()
{
var validatorMock = new Mock <ITokenValidator>();
validatorMock.Setup(m => m.ValidateAccessTokenAsync(It.IsAny <string>(), It.IsAny <string>())).ReturnsAsync(new TokenValidationResult
{
IsError = true
});
var context = new ExtensionGrantValidationContext
{
Request = new ValidatedTokenRequest
{
Raw = new NameValueCollection
{
[OidcConstants.TokenRequest.SubjectToken] = "test",
[OidcConstants.TokenRequest.SubjectTokenType] = OidcConstants.TokenTypeIdentifiers.AccessToken,
}
}
};
var sut = new TokenExchangeGrantValidator(validatorMock.Object);
await sut.ValidateAsync(context).ConfigureAwait(false);
Assert.Equal("invalid_request", context.Result.Error);
}
public async Task ValidateAsync_should_create_impersonation_result()
{
var validatorMock = new Mock <ITokenValidator>();
validatorMock.Setup(m => m.ValidateAccessTokenAsync(It.IsAny <string>(), It.IsAny <string>())).ReturnsAsync(new TokenValidationResult
{
IsError = false,
Claims = new Claim[]
{
new Claim(JwtClaimTypes.Subject, "test"),
new Claim(JwtClaimTypes.ClientId, "test")
}
});
var context = new ExtensionGrantValidationContext
{
Request = new ValidatedTokenRequest
{
Raw = new NameValueCollection
{
[OidcConstants.TokenRequest.SubjectToken] = "test",
[OidcConstants.TokenRequest.SubjectTokenType] = OidcConstants.TokenTypeIdentifiers.AccessToken,
["exchange_style"] = "impersonation"
}
}
};
var sut = new TokenExchangeGrantValidator(validatorMock.Object);
await sut.ValidateAsync(context).ConfigureAwait(false);
Assert.False(context.Result.IsError);
Assert.Equal("test", context.Request.ClientId);
Assert.Contains(context.Result.Subject.Claims, c => c.Type == JwtClaimTypes.Subject && c.Value == "test");
Assert.Contains(context.Result.Subject.Claims, c => c.Type == JwtClaimTypes.AuthenticationMethod && c.Value == OidcConstants.GrantTypes.TokenExchange);
}
public async Task ValidateAsync_should_verify_subject_token()
{
var sut = new TokenExchangeGrantValidator(new Mock <ITokenValidator>().Object);
var context = new ExtensionGrantValidationContext
{
Request = new ValidatedTokenRequest
{
Raw = new NameValueCollection()
}
};
await sut.ValidateAsync(context).ConfigureAwait(false);
Assert.Equal("invalid_request", context.Result.Error);
context.Request.Raw.Add(OidcConstants.TokenRequest.SubjectToken, "test");
await sut.ValidateAsync(context).ConfigureAwait(false);
Assert.Equal("invalid_request", context.Result.Error);
}
