public async Task Authenticate_HasClaims()
{
var testServerHandler = IntegrationTestEnvironment.TestIdentityServer.CreateHandler();
var discoveryClient = new DiscoveryClient(TestServerFixture.Authority, testServerHandler);
discoveryClient.Policy.ValidateIssuerName = false;
var disco = await discoveryClient.GetAsync();
disco.Error.ShouldBeNull();
var userTestData = IntegrationTestEnvironment.TestData <XUserTestData>();
var admin = userTestData.Administrator;
var tokenClient = new TokenClient(disco.TokenEndpoint, "webclient.ro", "EA59A39A-B03D-4985-A4FA-9297663A1858", testServerHandler);
var tokenResponse = await tokenClient.RequestResourceOwnerPasswordAsync(admin.LogonName, XUserTestData.AdminPassword, "api");
tokenResponse.Error.ShouldBeNull();
var token = new JwtSecurityTokenHandler().ReadToken(tokenResponse.AccessToken) as JwtSecurityToken;
token.ShouldNotBeNull();
token.Claims.ShouldContain(clm => clm.Type == Kiss4WebClaims.LogonName);
token.Claims.ShouldContain(clm => clm.Type == Kiss4WebClaims.ShortName);
token.Claims.First(clm => clm.Type == Kiss4WebClaims.LogonName).Value.ShouldBe(admin.LogonName);
token.Claims.First(clm => clm.Type == Kiss4WebClaims.ShortName).Value.ShouldBe(admin.ShortName);
}
public async Task Mint_arbitrary_resource_owner_remint_with_access_token()
{
var client = new TokenClient(
_server.BaseAddress + "connect/token",
ClientId,
_server.CreateHandler());
Dictionary <string, string> paramaters = new Dictionary <string, string>()
{
{ OidcConstants.TokenRequest.ClientId, ClientId },
{ OidcConstants.TokenRequest.ClientSecret, ClientSecret },
{ OidcConstants.TokenRequest.GrantType, ArbitraryResourceOwnerExtensionGrant.Constants.ArbitraryResourceOwner },
{
OidcConstants.TokenRequest.Scope,
$"{IdentityServerConstants.StandardScopes.OfflineAccess} nitro metal"
},
{
ArbitraryNoSubjectExtensionGrant.Constants.ArbitraryClaims,
"{'role': ['application', 'limited'],'query': ['dashboard', 'licensing'],'seatId': ['8c59ec41-54f3-460b-a04e-520fc5b9973d'],'piid': ['2368d213-d06c-4c2a-a099-11c34adc3579']}"
},
{
ArbitraryResourceOwnerExtensionGrant.Constants.Subject,
"Ratt"
},
{ ArbitraryNoSubjectExtensionGrant.Constants.AccessTokenLifetime, "3600" }
};
var result = await client.RequestAsync(paramaters);
result.AccessToken.ShouldNotBeNullOrEmpty();
result.RefreshToken.ShouldNotBeNullOrEmpty();
result.ExpiresIn.ShouldNotBeNull();
var jwtSecurityToken = new JwtSecurityTokenHandler()
.ReadToken(result.AccessToken) as JwtSecurityToken;
jwtSecurityToken.ShouldNotBeNull();
var authTimeQueryClaim = (from item in jwtSecurityToken.Claims
where item.Type == JwtClaimTypes.AuthenticationTime
select item).FirstOrDefault();
authTimeQueryClaim.ShouldNotBeNull();
// remint, but pass in the access_token from above
paramaters = new Dictionary <string, string>()
{
{ OidcConstants.TokenRequest.ClientId, ClientId },
{ OidcConstants.TokenRequest.ClientSecret, ClientSecret },
{ OidcConstants.TokenRequest.GrantType, ArbitraryResourceOwnerExtensionGrant.Constants.ArbitraryResourceOwner },
{
OidcConstants.TokenRequest.Scope,
$"{IdentityServerConstants.StandardScopes.OfflineAccess} nitro metal"
},
{
ArbitraryNoSubjectExtensionGrant.Constants.ArbitraryClaims,
"{'role': ['application', 'limited'],'query': ['dashboard', 'licensing'],'seatId': ['8c59ec41-54f3-460b-a04e-520fc5b9973d'],'piid': ['2368d213-d06c-4c2a-a099-11c34adc3579']}"
},
{
OidcConstants.TokenTypes.AccessToken,
result.AccessToken
},
{ ArbitraryNoSubjectExtensionGrant.Constants.AccessTokenLifetime, "3600" }
};
result = await client.RequestAsync(paramaters);
result.AccessToken.ShouldNotBeNullOrEmpty();
result.RefreshToken.ShouldNotBeNullOrEmpty();
result.ExpiresIn.ShouldNotBeNull();
jwtSecurityToken = new JwtSecurityTokenHandler()
.ReadToken(result.AccessToken) as JwtSecurityToken;
jwtSecurityToken.ShouldNotBeNull();
var originAuthTimeClaim = (from item in jwtSecurityToken.Claims
where item.Type == $"origin_{JwtClaimTypes.AuthenticationTime}"
select item).FirstOrDefault();
originAuthTimeClaim.ShouldNotBeNull();
originAuthTimeClaim.Value.ShouldBe(authTimeQueryClaim.Value);
}