public async Task GetTokenAsyncRespectsExpirationBufferForJwtTokens() { var tokenValue = "ValuE_oF_tHE_tokEn"; var buffer = TimeSpan.FromMinutes(5); var expires = DateTimeOffset.UtcNow.Subtract(buffer).AddSeconds(-10); var mockCredential = new Mock <TokenCredential>(); var credential = new EventHubTokenCredential(mockCredential.Object); using var provider = new CbsTokenProvider(credential, TimeSpan.Zero, default); mockCredential .Setup(credential => credential.GetTokenAsync(It.IsAny <TokenRequestContext>(), It.IsAny <CancellationToken>())) .Returns(new ValueTask <AccessToken>(new AccessToken(tokenValue, expires))); var firstCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); var nextCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); Assert.That(firstCallToken, Is.Not.Null, "The first call token should have been produced."); Assert.That(nextCallToken, Is.Not.Null, "The next call token should have been produced."); Assert.That(firstCallToken, Is.Not.SameAs(nextCallToken), "The token should have been expired and returned two unique instances."); mockCredential .Verify(credential => credential.GetTokenAsync( It.IsAny <TokenRequestContext>(), It.IsAny <CancellationToken>()), Times.Exactly(2)); }
public async Task GetTokenAsyncRespectsCacheForJwtTokens() { var tokenValue = "ValuE_oF_tHE_tokEn"; var expires = DateTimeOffset.UtcNow.AddDays(1); var mockCredential = new Mock <TokenCredential>(); var credential = new EventHubTokenCredential(mockCredential.Object); using var provider = new CbsTokenProvider(credential, TimeSpan.Zero, default); mockCredential .Setup(credential => credential.GetTokenAsync(It.IsAny <TokenRequestContext>(), It.IsAny <CancellationToken>())) .Returns(new ValueTask <AccessToken>(new AccessToken(tokenValue, expires))); var firstCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); var nextCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); Assert.That(firstCallToken, Is.Not.Null, "The first call token should have been produced."); Assert.That(nextCallToken, Is.Not.Null, "The next call token should have been produced."); Assert.That(firstCallToken, Is.SameAs(nextCallToken), "The same token instance should have been returned for both calls."); mockCredential .Verify(credential => credential.GetTokenAsync( It.IsAny <TokenRequestContext>(), It.IsAny <CancellationToken>()), Times.Once); }
public async Task GetTokenAsyncDoesNotCacheSharedAccessCredential() { var value = "TOkEn!"; var signature = new SharedAccessSignature("hub-name", "keyName", "key", value, DateTimeOffset.UtcNow.AddHours(4)); var mockCredential = new Mock <SharedAccessCredential>(signature) { CallBase = true }; var credential = new EventHubTokenCredential(mockCredential.Object); using var provider = new CbsTokenProvider(credential, TimeSpan.Zero, default); var firstCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); var nextCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); Assert.That(firstCallToken, Is.Not.Null, "The first call token should have been produced."); Assert.That(nextCallToken, Is.Not.Null, "The next call token should have been produced."); Assert.That(firstCallToken, Is.Not.SameAs(nextCallToken), "The token should have been expired and returned two unique instances."); mockCredential .Verify(credential => credential.GetTokenAsync( It.IsAny <TokenRequestContext>(), It.IsAny <CancellationToken>()), Times.Exactly(2)); }
/// <summary> /// Asynchronously requests a CBS token to be used for authorization within an AMQP /// scope. /// </summary> /// /// <param name="namespaceAddress">The address of the namespace to be authorized.</param> /// <param name="appliesTo">The resource to which the token should apply.</param> /// <param name="requiredClaims">The set of claims that are required for authorization.</param> /// /// <returns>The token to use for authorization.</returns> /// public async Task <CbsToken> GetTokenAsync(Uri namespaceAddress, string appliesTo, string[] requiredClaims) { var token = await Credential.GetTokenAsync(requiredClaims, CancellationToken); return(new CbsToken(token.Token, TokenType, token.ExpiresOn.UtcDateTime)); }
/// <summary> /// Asynchronously requests a CBS token to be used for authorization within an AMQP /// scope. /// </summary> /// /// <param name="namespaceAddress">The address of the namespace to be authorized.</param> /// <param name="appliesTo">The resource to which the token should apply.</param> /// <param name="requiredClaims">The set of claims that are required for authorization.</param> /// <returns>The token to use for authorization.</returns> /// public async Task <CbsToken> GetTokenAsync(Uri namespaceAddress, string appliesTo, string[] requiredClaims) { AccessToken token = await _credential.GetTokenAsync(new TokenRequest(requiredClaims), _cancellationToken); return(new CbsToken(token.Token, _tokenType, token.ExpiresOn.UtcDateTime)); }
/// <summary> /// Asynchronously requests a CBS token to be used for authorization within an AMQP /// scope. /// </summary> /// /// <param name="namespaceAddress">The address of the namespace to be authorized.</param> /// <param name="appliesTo">The resource to which the token should apply.</param> /// <param name="requiredClaims">The set of claims that are required for authorization.</param> /// <returns>The token to use for authorization.</returns> /// public async Task <CbsToken> GetTokenAsync(Uri namespaceAddress, string appliesTo, string[] requiredClaims) { AccessToken token = await Credential.GetTokenAsync(new TokenRequestContext(requiredClaims), CancellationToken).ConfigureAwait(false); return(new CbsToken(token.Token, TokenType, token.ExpiresOn.UtcDateTime)); }
public async Task GetTokenAsyncSynchonizesMultipleRefreshAttemptsForJwtTokens() { var tokenValue = "ValuE_oF_tHE_tokEn"; var buffer = TimeSpan.FromMinutes(5); var expires = DateTimeOffset.UtcNow.Subtract(buffer).AddSeconds(-10); var mockCredential = new Mock <TokenCredential>(); var credential = new EventHubTokenCredential(mockCredential.Object); using var provider = new CbsTokenProvider(credential, TimeSpan.Zero, default); mockCredential .SetupSequence(credential => credential.GetTokenAsync(It.IsAny <TokenRequestContext>(), It.IsAny <CancellationToken>())) .Returns(new ValueTask <AccessToken>(new AccessToken(tokenValue, expires))) .Returns(new ValueTask <AccessToken>(new AccessToken(tokenValue, DateTimeOffset.UtcNow.AddDays(1)))); var firstCallToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); Assert.That(firstCallToken, Is.Not.Null, "The first call token should have been produced."); var otherTokens = await Task.WhenAll( Enumerable.Range(0, 25) .Select(index => provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]))); for (var index = 0; index < otherTokens.Length; ++index) { Assert.That(otherTokens[index], Is.Not.Null, $"The token at index `{ index }` should have been produced."); Assert.That(firstCallToken, Is.Not.SameAs(otherTokens[index]), $"The token at index `{ index } ` should not have matched the first call instance."); if (index > 0) { Assert.That(otherTokens[0], Is.SameAs(otherTokens[index]), $"The other tokens should all be the same instance. The token at index `{ index } ` did not match index `0`."); } } mockCredential .Verify(credential => credential.GetTokenAsync( It.IsAny <TokenRequestContext>(), It.IsAny <CancellationToken>()), Times.Exactly(2)); }
public async Task GetTokenAsyncPassesAlongTheClaims() { var requiredClaims = new[] { "one", "two" }; var mockCredential = new Mock <TokenCredential>(); var credential = new EventHubTokenCredential(mockCredential.Object, "test"); var provider = new CbsTokenProvider(credential, default); mockCredential .Setup(credential => credential.GetTokenAsync(It.Is <TokenRequest>(value => value.Scopes == requiredClaims), It.IsAny <CancellationToken>())) .Returns(Task.FromResult(new AccessToken("blah", DateTimeOffset.Parse("2015-10-27T00:00:00Z")))) .Verifiable(); await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", requiredClaims); mockCredential.Verify(); }
public async Task GetTokenAsyncDelegatesToTheSourceCredential() { var mockCredential = new Mock <TokenCredential>(); var accessToken = new AccessToken("token", new DateTimeOffset(2015, 10, 27, 12, 0, 0, TimeSpan.Zero)); var resource = "the resource value"; var credential = new EventHubTokenCredential(mockCredential.Object, resource); mockCredential .Setup(cred => cred.GetTokenAsync(It.Is <string[]>(value => value.FirstOrDefault() == resource), It.IsAny <CancellationToken>())) .ReturnsAsync(accessToken) .Verifiable("The source credential GetToken method should have been called."); var tokenResult = await credential.GetTokenAsync(new[] { resource }, CancellationToken.None); Assert.That(tokenResult, Is.EqualTo(accessToken), "The access token should match the return of the delgated call."); mockCredential.VerifyAll(); }
public async Task GetTokenAsyncSetsTheCorrectTypeForOtherTokens() { var tokenValue = "ValuE_oF_tHE_tokEn"; var expires = DateTimeOffset.Parse("2015-10-27T00:00:00Z"); var mockCredential = new Mock <TokenCredential>(); var credential = new EventHubTokenCredential(mockCredential.Object, "test"); var provider = new CbsTokenProvider(credential, default); mockCredential .Setup(credential => credential.GetTokenAsync(It.IsAny <TokenRequest>(), It.IsAny <CancellationToken>())) .Returns(Task.FromResult(new AccessToken(tokenValue, expires))); CbsToken cbsToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); Assert.That(cbsToken, Is.Not.Null, "The token should have been produced"); Assert.That(cbsToken.TokenType, Is.EqualTo(GetGenericTokenType()), "The token type should match"); }
public async Task GetTokenAsyncPopulatesUsingTheCredentialAccessToken() { var tokenValue = "ValuE_oF_tHE_tokEn"; var expires = DateTimeOffset.Parse("2015-10-27T00:00:00Z"); var mockCredential = new Mock<TokenCredential>(); var credential = new EventHubTokenCredential(mockCredential.Object); var provider = new CbsTokenProvider(credential, default); mockCredential .Setup(credential => credential.GetTokenAsync(It.IsAny<TokenRequestContext>(), It.IsAny<CancellationToken>())) .Returns(new ValueTask<AccessToken>(new AccessToken(tokenValue, expires))); CbsToken cbsToken = await provider.GetTokenAsync(new Uri("http://www.here.com"), "nobody", new string[0]); Assert.That(cbsToken, Is.Not.Null, "The token should have been produced"); Assert.That(cbsToken.TokenValue, Is.EqualTo(tokenValue), "The token value should match"); Assert.That(cbsToken.ExpiresAtUtc, Is.EqualTo(expires.DateTime), "The token expiration should match"); }