public async Task IssuingTokenGeneratesTokenAndIdentityWithScopes(AuthMethod authMethod, params string[] scopes) { CommunicationIdentityClient client = authMethod switch { AuthMethod.ConnectionString => CreateClientWithConnectionString(), AuthMethod.KeyCredential => CreateClientWithAzureKeyCredential(), AuthMethod.TokenCredential => CreateClientWithTokenCredential(), _ => throw new ArgumentOutOfRangeException(nameof(authMethod)), }; Response <CommunicationUserIdentifier> userResponse = await client.CreateUserAsync(); Response <CommunicationUserToken> tokenResponse = await client.IssueTokenAsync(userResponse.Value, scopes : scopes.Select(x => new CommunicationTokenScope(x))); Assert.IsNotNull(tokenResponse.Value); Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.Token)); ValidateScopesIfNotSanitized(); void ValidateScopesIfNotSanitized() { if (Mode != RecordedTestMode.Playback) { JwtTokenParser.JwtPayload payload = JwtTokenParser.DecodeJwtPayload(tokenResponse.Value.Token); CollectionAssert.AreEquivalent(scopes, payload.Scopes); } } }
public async Task IssuingTokenGeneratesTokenAndIdentityWithScopes(params string[] scopes) { CommunicationIdentityClient client = CreateInstrumentedCommunicationIdentityClient(); Response <CommunicationUserIdentifier> userResponse = await client.CreateUserAsync(); Response <CommunicationUserToken> tokenResponse = await client.IssueTokenAsync(userResponse.Value, scopes : scopes.Select(x => new CommunicationTokenScope(x))); Assert.IsNotNull(tokenResponse.Value); Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.Token)); Assert.IsFalse(string.IsNullOrWhiteSpace(tokenResponse.Value.User.Id)); ValidateScopesIfNotSanitized(); void ValidateScopesIfNotSanitized() { if (Mode != RecordedTestMode.Playback) { JwtTokenParser.JwtPayload payload = JwtTokenParser.DecodeJwtPayload(tokenResponse.Value.Token); CollectionAssert.AreEquivalent(scopes, payload.Scopes); } } }
public async Task <AccessTokenValidationResult> Validate(string accessToken, OAuth2EndpointInfo oAuth2EndpointInfo) { //TODO: Implement caching functionality to improve performance. if (string.IsNullOrEmpty(accessToken)) { throw new ArgumentException($"The value of {nameof(accessToken)} can't be null or empty."); } var accessTokenType = AccessTokenType.Reference; var jwtTokenParser = new JwtTokenParser(); if (jwtTokenParser.IsAccessTokenJwt(accessToken)) { accessTokenType = AccessTokenType.Jwt; } var handler = new HttpClientHandler(); #if STAGE || DEBUG #region Certificate validation for a self-signed certificate #if !STAGE && !DEBUG #error Disable certificate validation in production deployment ! #endif handler.ServerCertificateCustomValidationCallback += (sender, certificate, chain, sslPolicyErrors) => { if (sslPolicyErrors != System.Net.Security.SslPolicyErrors.None) { _logger.LogWarning("Remote certificate validation failed, it is explicitly disabled in code."); } return(true); }; #endregion #endif var httpClient = new HttpClient(handler); var response = await httpClient.IntrospectTokenAsync(new TokenIntrospectionRequest { Address = $"{oAuth2EndpointInfo.AuthorityUrl}/connect/introspect", ClientId = oAuth2EndpointInfo.ClientScopeName, Token = accessToken, ClientSecret = oAuth2EndpointInfo.ClientSecret, }); // ReSharper disable once InvertIf if (!response.IsError) { return(AccessTokenValidationResult.CreateSuccess(accessTokenType, response.Claims)); } var nameOfTokenType = accessTokenType == AccessTokenType.Jwt ? "JWT" : "Reference"; _logger.LogTrace(LoggingEvents.AccessTokenValidationFailed, $"{LoggingEvents.AccessTokenValidationFailed.Name} Token type: {nameOfTokenType} " + $"Reason: {response.Error} " + $"Token value: {accessToken}"); return(AccessTokenValidationResult.CreateFailed(response.Error)); }