public async Task IssuingTokenGeneratesTokenAndIdentityWithScopes(AuthMethod authMethod, params string[] scopes)
{
CommunicationIdentityClient client = authMethod switch
{
AuthMethod.ConnectionString => CreateClientWithConnectionString(),
AuthMethod.KeyCredential => CreateClientWithAzureKeyCredential(),
AuthMethod.TokenCredential => CreateClientWithTokenCredential(),
_ => throw new ArgumentOutOfRangeException(nameof(authMethod)),
};
Response <CommunicationUserIdentifier> userResponse = await client.CreateUserAsync();
Response <CommunicationUserToken> tokenResponse = await client.IssueTokenAsync(userResponse.Value, scopes : scopes.Select(x => new CommunicationTokenScope(x)));
Assert.IsNotNull(tokenResponse.Value);
Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.Token));
ValidateScopesIfNotSanitized();
void ValidateScopesIfNotSanitized()
{
if (Mode != RecordedTestMode.Playback)
{
JwtTokenParser.JwtPayload payload = JwtTokenParser.DecodeJwtPayload(tokenResponse.Value.Token);
CollectionAssert.AreEquivalent(scopes, payload.Scopes);
}
}
}
public async Task IssuingTokenGeneratesTokenAndIdentityWithScopes(params string[] scopes)
{
CommunicationIdentityClient client = CreateInstrumentedCommunicationIdentityClient();
Response <CommunicationUserIdentifier> userResponse = await client.CreateUserAsync();
Response <CommunicationUserToken> tokenResponse = await client.IssueTokenAsync(userResponse.Value, scopes : scopes.Select(x => new CommunicationTokenScope(x)));
Assert.IsNotNull(tokenResponse.Value);
Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.Token));
Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.User.Id));
ValidateScopesIfNotSanitized();
void ValidateScopesIfNotSanitized()
{
if (Mode != RecordedTestMode.Playback)
{
JwtTokenParser.JwtPayload payload = JwtTokenParser.DecodeJwtPayload(tokenResponse.Value.Token);
CollectionAssert.AreEquivalent(scopes, payload.Scopes);
}
}
}
public async Task <AccessTokenValidationResult> Validate(string accessToken,
OAuth2EndpointInfo oAuth2EndpointInfo)
{
//TODO: Implement caching functionality to improve performance.
if (string.IsNullOrEmpty(accessToken))
{
throw new ArgumentException($"The value of {nameof(accessToken)} can't be null or empty.");
}
var accessTokenType = AccessTokenType.Reference;
var jwtTokenParser = new JwtTokenParser();
if (jwtTokenParser.IsAccessTokenJwt(accessToken))
{
accessTokenType = AccessTokenType.Jwt;
}
var handler = new HttpClientHandler();
#if STAGE || DEBUG
#region Certificate validation for a self-signed certificate
#if !STAGE && !DEBUG
#error Disable certificate validation in production deployment !
#endif
handler.ServerCertificateCustomValidationCallback +=
(sender, certificate, chain, sslPolicyErrors) =>
{
if (sslPolicyErrors != System.Net.Security.SslPolicyErrors.None)
{
_logger.LogWarning("Remote certificate validation failed, it is explicitly disabled in code.");
}
return(true);
};
#endregion
#endif
var httpClient = new HttpClient(handler);
var response = await httpClient.IntrospectTokenAsync(new TokenIntrospectionRequest
{
Address = $"{oAuth2EndpointInfo.AuthorityUrl}/connect/introspect",
ClientId = oAuth2EndpointInfo.ClientScopeName,
Token = accessToken,
ClientSecret = oAuth2EndpointInfo.ClientSecret,
});
// ReSharper disable once InvertIf
if (!response.IsError)
{
return(AccessTokenValidationResult.CreateSuccess(accessTokenType, response.Claims));
}
var nameOfTokenType = accessTokenType == AccessTokenType.Jwt ? "JWT" : "Reference";
_logger.LogTrace(LoggingEvents.AccessTokenValidationFailed,
$"{LoggingEvents.AccessTokenValidationFailed.Name} Token type: {nameOfTokenType} " +
$"Reason: {response.Error} " +
$"Token value: {accessToken}");
return(AccessTokenValidationResult.CreateFailed(response.Error));
}
