private async Task <IHttpActionResult> RefreshGrantRequest(string refresh_token, IApplication application, CancellationToken cancellationToken) { // Build and send a request to the Stormpath API var refreshGrantRequest = OauthRequests.NewRefreshGrantRequest() .SetRefreshToken(refresh_token) .Build(); try { var result = await application.NewRefreshGrantAuthenticator() .AuthenticateAsync(refreshGrantRequest, cancellationToken); return(Ok(new TokenResult() { AccessToken = result.AccessTokenString, RefreshToken = result.RefreshTokenString, TokenType = result.TokenType, ExpiresIn = result.ExpiresIn })); } catch (ResourceException rex) { return(BadRequest(rex.Message)); } }
public async Task Failed_password_grant_throws_ResourceException(TestClientProvider clientBuilder) { var client = clientBuilder.GetClient(); var tenant = await client.GetCurrentTenantAsync(); // Create a dummy application var createdApplication = await tenant.CreateApplicationAsync( $".NET IT {this.fixture.TestRunIdentifier}-{clientBuilder.Name} Failed Password Grant Throws", createDirectory : false); createdApplication.Href.ShouldNotBeNullOrEmpty(); this.fixture.CreatedApplicationHrefs.Add(createdApplication.Href); // Add the test accounts await createdApplication.AddAccountStoreAsync(this.fixture.PrimaryDirectoryHref); var badPasswordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin("*****@*****.**") .SetPassword("notLukesPassword") .Build(); await Should.ThrowAsync <ResourceException>(async() => await createdApplication.NewPasswordGrantAuthenticator().AuthenticateAsync(badPasswordGrantRequest)); (await createdApplication.DeleteAsync()).ShouldBeTrue(); this.fixture.CreatedApplicationHrefs.Remove(createdApplication.Href); }
private async Task <bool> ExecutePasswordFlow(IOwinEnvironment context, IClient client, string username, string password, CancellationToken cancellationToken) { var preLoginContext = new PreLoginContext(context) { Login = username }; await _handlers.PreLoginHandler(preLoginContext, cancellationToken); var passwordGrantRequestBuilder = OauthRequests.NewPasswordGrantRequest() .SetLogin(preLoginContext.Login) .SetPassword(password); if (preLoginContext.AccountStore != null) { passwordGrantRequestBuilder.SetAccountStore(preLoginContext.AccountStore); } var passwordGrantRequest = passwordGrantRequestBuilder.Build(); var application = await client.GetApplicationAsync(_configuration.Application.Href, cancellationToken); var tokenResult = await application.NewPasswordGrantAuthenticator() .AuthenticateAsync(passwordGrantRequest, cancellationToken); var accessToken = await tokenResult.GetAccessTokenAsync(cancellationToken); var account = await accessToken.GetAccountAsync(cancellationToken); var postLoginContext = new PostLoginContext(context, account); await _handlers.PostLoginHandler(postLoginContext, cancellationToken); var sanitizer = new GrantResultResponseSanitizer(); return(await JsonResponse.Ok(context, sanitizer.SanitizeResponseWithRefreshToken(tokenResult)).ConfigureAwait(false)); }
public Task <IOauthGrantAuthenticationResult> ExchangeAsync(IAccount account, CancellationToken cancellationToken) { var oauthExchangeJwt = _client.NewJwtBuilder() .SetSubject(account.Href) .SetIssuedAt(DateTimeOffset.UtcNow.AddSeconds(-5)) .SetExpiration(DateTimeOffset.UtcNow.AddMinutes(1)) // very short .SetIssuer(_application.Href) .SetClaim("status", "AUTHENTICATED") .SetAudience(_configuration.Client.ApiKey.Id) .SignWith(_configuration.Client.ApiKey.Secret, Encoding.UTF8) .Build(); var exchangeRequest = OauthRequests.NewIdSiteTokenAuthenticationRequest() .SetJwt(oauthExchangeJwt.ToString()) .Build(); try { return(_application .NewIdSiteTokenAuthenticator() .AuthenticateAsync(exchangeRequest, cancellationToken)); } catch (ResourceException rex) { _logger.Warn(rex, source: nameof(StormpathTokenExchanger)); return(Task.FromResult <IOauthGrantAuthenticationResult>(null)); } }
public override ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken) { var jwtAuthenticationRequest = OauthRequests.NewJwtAuthenticationRequest() .SetJwt(securityToken) .Build(); IAccessToken validAccessToken = _stormPathApplication.NewJwtAuthenticator() .WithLocalValidation() .AuthenticateAsync(jwtAuthenticationRequest).Result; if (validAccessToken == null) { throw new SecurityTokenException("Invalid token"); } var account = validAccessToken.GetAccountAsync().Result; ClaimsIdentity objClaim = new ClaimsIdentity("jwt"); objClaim.AddClaim(new Claim(ClaimTypes.NameIdentifier, account.Username)); //Use Email for Name instead FullName objClaim.AddClaim(new Claim(ClaimTypes.Name, account.Email)); objClaim.AddClaim(new Claim(ClaimTypes.Email, account.Email)); objClaim.AddClaim(new Claim(ClaimTypes.Role, "user")); validatedToken = ReadToken(validAccessToken.Jwt); var principal = new ClaimsPrincipal(objClaim); return(principal); }
public async Task <IOauthGrantAuthenticationResult> PasswordGrantAsync( IOwinEnvironment environment, IApplication application, string login, string password, CancellationToken cancellationToken) { var preLoginHandlerContext = new PreLoginContext(environment) { Login = login }; await _handlers.PreLoginHandler(preLoginHandlerContext, cancellationToken); var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin(preLoginHandlerContext.Login) .SetPassword(password); if (preLoginHandlerContext.AccountStore != null) { passwordGrantRequest.SetAccountStore(preLoginHandlerContext.AccountStore); } var passwordGrantAuthenticator = application.NewPasswordGrantAuthenticator(); var grantResult = await passwordGrantAuthenticator .AuthenticateAsync(passwordGrantRequest.Build(), cancellationToken); return(grantResult); }
public void Failed_password_grant_throws_ResourceException(TestClientProvider clientBuilder) { var client = clientBuilder.GetClient(); var tenant = client.GetCurrentTenant(); // Create a dummy application var createdApplication = tenant.CreateApplication( $".NET IT {this.fixture.TestRunIdentifier}-{clientBuilder.Name} Failed Password Grant Throws - Sync", createDirectory: false); createdApplication.Href.ShouldNotBeNullOrEmpty(); this.fixture.CreatedApplicationHrefs.Add(createdApplication.Href); // Add the test accounts createdApplication.AddAccountStore(this.fixture.PrimaryDirectoryHref); var badPasswordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin("*****@*****.**") .SetPassword("notLukesPassword") .Build(); // TODO Mono Shouldly support - should be ResourceException Should.Throw <Exception>(() => createdApplication.NewPasswordGrantAuthenticator().Authenticate(badPasswordGrantRequest)); createdApplication.Delete().ShouldBeTrue(); this.fixture.CreatedApplicationHrefs.Remove(createdApplication.Href); }
private async Task <IAccount> RefreshAccessTokenAsync(IOwinEnvironment context, IClient client, string refreshTokenJwt) { // Attempt refresh grant against Stormpath var request = OauthRequests.NewRefreshGrantRequest() .SetRefreshToken(refreshTokenJwt) .Build(); var application = await client.GetApplicationAsync(this.Configuration.Application.Href, context.CancellationToken); var authenticator = application.NewRefreshGrantAuthenticator(); IOauthGrantAuthenticationResult grantResult = null; try { grantResult = await authenticator.AuthenticateAsync(request, context.CancellationToken); } catch (InvalidJwtException jwex) { logger.Info($"Failed to authenticate the request due to a malformed or expired refresh token. Message: '{jwex.Message}'", nameof(RefreshAccessTokenAsync)); return(null); } catch (ResourceException rex) { logger.Warn(rex, "Failed to refresh an access_token given a refresh_token."); return(null); } // Get a new access token IAccessToken newAccessToken = null; try { newAccessToken = await grantResult.GetAccessTokenAsync(context.CancellationToken); } catch (ResourceException rex) { logger.Error(rex, "Failed to get a new access token after receiving grant response.", nameof(RefreshAccessTokenAsync)); } // Get the account details IAccount account = null; try { account = await GetExpandedAccountAsync(client, newAccessToken, context.CancellationToken); } catch (ResourceException rex) { logger.Error(rex, $"Failed to get account {newAccessToken.AccountHref}", nameof(RefreshAccessTokenAsync)); return(null); } logger.Trace("Access token refreshed using Refresh token. Adding cookies to response", nameof(RefreshAccessTokenAsync)); Cookies.AddTokenCookiesToResponse(context, client, grantResult, this.Configuration, logger); return(account); }
public Task <IOauthGrantAuthenticationResult> GetGrantResult(IAccount account, string password) { var grantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin(account.Email) .SetPassword(password) .Build(); return(TestApplication.NewPasswordGrantAuthenticator() .AuthenticateAsync(grantRequest)); }
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { HttpRequestMessage request = context.Request; AuthenticationHeaderValue authorization = request.Headers.Authorization; var token = authorization.Parameter; if (string.IsNullOrEmpty(token)) { return; } // Get the Stormpath application var application = await StormpathConfig.Client.GetApplicationAsync(StormpathConfig.ApplicationHref); // Build and send a request to the Stormpath API var jwtValidationRequest = OauthRequests.NewJwtAuthenticationRequest() .SetJwt(token) .Build(); try { var validationResult = await application.NewJwtAuthenticator() .AuthenticateAsync(jwtValidationRequest, cancellationToken); var accountDetails = await validationResult.GetAccountAsync(); // get account -> groups var accountGroups = await accountDetails .GetGroups() .Expand(g => g.GetCustomData()) .ToListAsync(); var role = accountGroups.First().Name; // Build an IPrincipal and return it var claims = new List <Claim>(); var id = accountDetails.Href.Split(new char[] { '/' }).Last(); claims.Add(new Claim(ClaimTypes.PrimarySid, id)); claims.Add(new Claim(ClaimTypes.Role, role)); claims.Add(new Claim(ClaimTypes.Email, accountDetails.Email)); claims.Add(new Claim(ClaimTypes.GivenName, accountDetails.GivenName)); claims.Add(new Claim(ClaimTypes.Surname, accountDetails.Surname)); claims.Add(new Claim(ClaimTypes.NameIdentifier, accountDetails.Username)); var identity = new ClaimsIdentity(claims, AuthenticationTypes.Signature); context.Principal = new ClaimsPrincipal(identity); } catch (ResourceException rex) { //// use this code to return the specific error code from StormPath API context.ErrorResult = new AuthenticationFailureResult(rex.Message, request); return; } }
public async Task Refreshing_access_token_with_instance(TestClientProvider clientBuilder) { var client = clientBuilder.GetClient(); var tenant = await client.GetCurrentTenantAsync(); // Create a dummy application var createdApplication = await tenant.CreateApplicationAsync( $".NET IT {this.fixture.TestRunIdentifier}-{clientBuilder.Name} Getting Refresh Token for Application", createDirectory : false); createdApplication.Href.ShouldNotBeNullOrEmpty(); this.fixture.CreatedApplicationHrefs.Add(createdApplication.Href); // Add the test accounts await createdApplication.AddAccountStoreAsync(this.fixture.PrimaryDirectoryHref); var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin("*****@*****.**") .SetPassword("whataPieceofjunk$1138") .SetAccountStore(this.fixture.PrimaryDirectoryHref) .Build(); var originalGrantResult = await createdApplication.NewPasswordGrantAuthenticator() .AuthenticateAsync(passwordGrantRequest); var account = await tenant.GetAccountAsync(this.fixture.PrimaryAccountHref); var refreshToken = await account .GetRefreshTokens() .Where(x => x.ApplicationHref == createdApplication.Href) .SingleOrDefaultAsync(); refreshToken.ShouldNotBeNull(); var refreshGrantRequest = OauthRequests.NewRefreshGrantRequest() .SetRefreshToken(refreshToken) .Build(); var refreshGrantResult = await createdApplication.NewRefreshGrantAuthenticator() .AuthenticateAsync(refreshGrantRequest); refreshGrantResult.AccessTokenHref.ShouldNotBe(originalGrantResult.AccessTokenHref); refreshGrantResult.AccessTokenString.ShouldNotBe(originalGrantResult.AccessTokenString); refreshGrantResult.RefreshTokenString.ShouldBe(originalGrantResult.RefreshTokenString); // Clean up (await refreshToken.DeleteAsync()).ShouldBeTrue(); (await createdApplication.DeleteAsync()).ShouldBeTrue(); this.fixture.CreatedApplicationHrefs.Remove(createdApplication.Href); }
public async Task <string> Login(LoginModel loginValues) { var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin(loginValues.UserName) .SetPassword(loginValues.Password) .Build(); var grantResult = await _stormpathApplication.NewPasswordGrantAuthenticator() .AuthenticateAsync(passwordGrantRequest); var accessToken = await grantResult.GetAccessTokenAsync(); return(accessToken.Jwt); }
private async Task <bool> ExecuteRefreshFlow(IOwinEnvironment context, IClient client, string refreshToken, CancellationToken cancellationToken) { var application = await client.GetApplicationAsync(_configuration.Application.Href, cancellationToken); var refreshGrantRequest = OauthRequests.NewRefreshGrantRequest() .SetRefreshToken(refreshToken) .Build(); var tokenResult = await application.NewRefreshGrantAuthenticator() .AuthenticateAsync(refreshGrantRequest, cancellationToken); var sanitizer = new GrantResultResponseSanitizer(); return(await JsonResponse.Ok(context, sanitizer.SanitizeResponseWithRefreshToken(tokenResult)).ConfigureAwait(false)); }
public async Task Validating_ID_site_token_fails() { var fakeDataStore = GetFakeDataStore(); var fakeApplication = await fakeDataStore.GetResourceAsync <IApplication>("https://api.stormpath.com/v1/applications/foobarApplication"); var request = OauthRequests.NewJwtAuthenticationRequest() .SetJwt(IDSiteAccessToken) .Build(); IJwtAuthenticator authenticator = new DefaultJwtAuthenticator(fakeApplication, fakeDataStore); authenticator.WithLocalValidation(); await Should.ThrowAsync <MismatchedClaimException>(authenticator.AuthenticateAsync(request)); }
public async Task <IOauthGrantAuthenticationResult> PasswordGrantAsync( IOwinEnvironment environment, IApplication application, Func <string, CancellationToken, Task> errorHandler, string login, string password, CancellationToken cancellationToken) { var preLoginHandlerContext = new PreLoginContext(environment) { Login = login }; await _handlers.PreLoginHandler(preLoginHandlerContext, cancellationToken); if (preLoginHandlerContext.Result != null) { if (!preLoginHandlerContext.Result.Success) { var message = string.IsNullOrEmpty(preLoginHandlerContext.Result.ErrorMessage) ? "An error has occurred. Please try again." : preLoginHandlerContext.Result.ErrorMessage; await errorHandler(message, cancellationToken); return(null); } } var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin(preLoginHandlerContext.Login) .SetPassword(password); if (preLoginHandlerContext.AccountStore != null) { passwordGrantRequest.SetAccountStore(preLoginHandlerContext.AccountStore); } if (!string.IsNullOrEmpty(preLoginHandlerContext.OrganizationNameKey)) { passwordGrantRequest.SetOrganizationNameKey(preLoginHandlerContext.OrganizationNameKey); } var passwordGrantAuthenticator = application.NewPasswordGrantAuthenticator(); var grantResult = await passwordGrantAuthenticator .AuthenticateAsync(passwordGrantRequest.Build(), cancellationToken); return(grantResult); }
public void Getting_refresh_token_for_application(TestClientProvider clientBuilder) { var client = clientBuilder.GetClient(); var tenant = client.GetCurrentTenant(); // Create a dummy application var createdApplication = tenant.CreateApplication( $".NET IT {this.fixture.TestRunIdentifier}-{clientBuilder.Name} Getting Refresh Token for Application - Sync", createDirectory: false); createdApplication.Href.ShouldNotBeNullOrEmpty(); this.fixture.CreatedApplicationHrefs.Add(createdApplication.Href); // Add the test accounts createdApplication.AddAccountStore(this.fixture.PrimaryDirectoryHref); var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin("*****@*****.**") .SetPassword("whataPieceofjunk$1138") .SetAccountStore(this.fixture.PrimaryDirectoryHref) .Build(); var authenticateResult = createdApplication.NewPasswordGrantAuthenticator() .Authenticate(passwordGrantRequest); var account = tenant.GetAccount(this.fixture.PrimaryAccountHref); var refreshTokenForApplication = account .GetRefreshTokens() .Where(x => x.ApplicationHref == createdApplication.Href) .Synchronously() .SingleOrDefault(); refreshTokenForApplication.ShouldNotBeNull(); refreshTokenForApplication.GetAccount().Href.ShouldBe(this.fixture.PrimaryAccountHref); refreshTokenForApplication.GetApplication().Href.ShouldBe(createdApplication.Href); refreshTokenForApplication.GetTenant().Href.ShouldBe(this.fixture.TenantHref); var retrievedDirectly = client.GetRefreshToken(refreshTokenForApplication.Href); retrievedDirectly.Href.ShouldBe(refreshTokenForApplication.Href); // Clean up refreshTokenForApplication.Delete().ShouldBeTrue(); createdApplication.Delete().ShouldBeTrue(); this.fixture.CreatedApplicationHrefs.Remove(createdApplication.Href); }
public static async Task <bool> ValidateAccessToken() { try { var app = StormpathConfig.Application; string access_token = AccessToken; var validationRequest = OauthRequests.NewJwtAuthenticationRequest() .SetJwt(access_token) .Build(); var accessToken = await app.NewJwtAuthenticator() .AuthenticateAsync(validationRequest); return(true); } catch { return(false); } }
public async Task Creating_token_with_password_grant(TestClientProvider clientBuilder) { var client = clientBuilder.GetClient(); var tenant = await client.GetCurrentTenantAsync(); // Create a dummy application var createdApplication = await tenant.CreateApplicationAsync( $".NET IT {this.fixture.TestRunIdentifier}-{clientBuilder.Name} Creating Token With Password Grant Flow", createDirectory : false); createdApplication.Href.ShouldNotBeNullOrEmpty(); this.fixture.CreatedApplicationHrefs.Add(createdApplication.Href); // Add the test accounts await createdApplication.AddAccountStoreAsync(this.fixture.PrimaryDirectoryHref); var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin("*****@*****.**") .SetPassword("whataPieceofjunk$1138") .SetAccountStore(this.fixture.PrimaryDirectoryHref) .Build(); var authenticateResult = await createdApplication.NewPasswordGrantAuthenticator() .AuthenticateAsync(passwordGrantRequest); // Verify authentication response authenticateResult.AccessTokenHref.ShouldContain("/accessTokens/"); authenticateResult.AccessTokenString.ShouldNotBeNullOrEmpty(); authenticateResult.ExpiresIn.ShouldBeGreaterThanOrEqualTo(3600); authenticateResult.TokenType.ShouldBe("Bearer"); authenticateResult.RefreshTokenString.ShouldNotBeNullOrEmpty(); // Verify generated access token var accessToken = await authenticateResult.GetAccessTokenAsync(); accessToken.CreatedAt.ShouldNotBe(default(DateTimeOffset)); accessToken.Href.ShouldBe(authenticateResult.AccessTokenHref); accessToken.Jwt.ShouldBe(authenticateResult.AccessTokenString); accessToken.ApplicationHref.ShouldBe(createdApplication.Href); // Clean up (await accessToken.DeleteAsync()).ShouldBeTrue(); (await createdApplication.DeleteAsync()).ShouldBeTrue(); this.fixture.CreatedApplicationHrefs.Remove(createdApplication.Href); }
public async Task Validating_jwt_locally(TestClientProvider clientBuilder) { var client = clientBuilder.GetClient(); var tenant = await client.GetCurrentTenantAsync(); // Create a dummy application var createdApplication = await tenant.CreateApplicationAsync( $".NET IT {this.fixture.TestRunIdentifier}-{clientBuilder.Name} Validating JWT Locally", createDirectory : false); createdApplication.Href.ShouldNotBeNullOrEmpty(); this.fixture.CreatedApplicationHrefs.Add(createdApplication.Href); // Add the test accounts await createdApplication.AddAccountStoreAsync(this.fixture.PrimaryDirectoryHref); var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin("*****@*****.**") .SetPassword("whataPieceofjunk$1138") .SetAccountStore(this.fixture.PrimaryDirectoryHref) .Build(); var authenticateResult = await createdApplication.NewPasswordGrantAuthenticator() .AuthenticateAsync(passwordGrantRequest); var accessTokenJwt = authenticateResult.AccessTokenString; var jwtAuthenticationRequest = OauthRequests.NewJwtAuthenticationRequest() .SetJwt(accessTokenJwt) .Build(); var validAccessToken = await createdApplication.NewJwtAuthenticator() .WithLocalValidation() .AuthenticateAsync(jwtAuthenticationRequest); validAccessToken.ShouldNotBeNull(); validAccessToken.ApplicationHref.ShouldBe(createdApplication.Href); validAccessToken.CreatedAt.ShouldBe(DateTimeOffset.Now, Delay.ReasonableTestRunWindow); validAccessToken.Href.ShouldBe(authenticateResult.AccessTokenHref); validAccessToken.Jwt.ShouldBe(accessTokenJwt); // Clean up (await validAccessToken.DeleteAsync()).ShouldBeTrue(); (await createdApplication.DeleteAsync()).ShouldBeTrue(); this.fixture.CreatedApplicationHrefs.Remove(createdApplication.Href); }
private async Task <IAccount> ValidateAccessTokenAsync(IOwinEnvironment context, IClient client, string accessTokenJwt) { var request = OauthRequests.NewJwtAuthenticationRequest() .SetJwt(accessTokenJwt) .Build(); var application = await client.GetApplicationAsync(this.Configuration.Application.Href, context.CancellationToken); var authenticator = application.NewJwtAuthenticator(); if (this.Configuration.Web.Oauth2.Password.ValidationStrategy == WebOauth2TokenValidationStrategy.Local) { authenticator.WithLocalValidation(); } IAccessToken result = null; try { result = await authenticator.AuthenticateAsync(request, context.CancellationToken); } catch (InvalidJwtException jwex) { logger.Info($"Failed to authenticate the request due to a malformed or expired access token. Message: '{jwex.Message}'", nameof(ValidateAccessTokenAsync)); return(null); } catch (ResourceException rex) { logger.Warn(rex, "Failed to authenticate the request. Invalid access_token found.", nameof(ValidateAccessTokenAsync)); return(null); } IAccount account = null; try { account = await GetExpandedAccountAsync(client, result, context.CancellationToken); } catch (ResourceException ex) { logger.Error(ex, $"Failed to get account {result.AccountHref}", nameof(ValidateAccessTokenAsync)); } return(account); }
private async Task <IOauthGrantAuthenticationResult> ExchangeTokenAsync(IApplication application, IJwt jwt, CancellationToken cancellationToken) { try { var tokenExchangeAttempt = OauthRequests.NewIdSiteTokenAuthenticationRequest() .SetJwt(jwt.ToString()) .Build(); var grantResult = await application.NewIdSiteTokenAuthenticator() .AuthenticateAsync(tokenExchangeAttempt, cancellationToken); return(grantResult); } catch (ResourceException rex) { _logger.Warn(rex, source: nameof(ExchangeTokenAsync)); throw; // json response } }
public async Task Validating_token_with_specified_issuer() { var fakeDataStore = GetFakeDataStore(); var fakeApplication = await fakeDataStore.GetResourceAsync <IApplication>("https://api.stormpath.com/v1/applications/foobarApplication"); var request = OauthRequests.NewJwtAuthenticationRequest() .SetJwt(IDSiteAccessToken) .Build(); IJwtAuthenticator authenticator = new DefaultJwtAuthenticator(fakeApplication, fakeDataStore); authenticator.WithLocalValidation(new JwtLocalValidationOptions() { Issuer = "https://awesome-tenant.id.stormpath.io" }); // Should not throw var result = await authenticator.AuthenticateAsync(request); result.Jwt.ShouldBe(IDSiteAccessToken); }
public void Refreshing_access_token_with_jwt(TestClientProvider clientBuilder) { var client = clientBuilder.GetClient(); var tenant = client.GetCurrentTenant(); // Create a dummy application var createdApplication = tenant.CreateApplication( $".NET IT {this.fixture.TestRunIdentifier}-{clientBuilder.Name} Refreshing Access Token - Sync", createDirectory: false); createdApplication.Href.ShouldNotBeNullOrEmpty(); this.fixture.CreatedApplicationHrefs.Add(createdApplication.Href); // Add the test accounts createdApplication.AddAccountStore(this.fixture.PrimaryDirectoryHref); var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin("*****@*****.**") .SetPassword("whataPieceofjunk$1138") .SetAccountStore(this.fixture.PrimaryDirectoryHref) .Build(); var originalGrantResult = createdApplication.NewPasswordGrantAuthenticator() .Authenticate(passwordGrantRequest); var refreshGrantRequest = OauthRequests.NewRefreshGrantRequest() .SetRefreshToken(originalGrantResult.RefreshTokenString) .Build(); var refreshGrantResult = createdApplication.NewRefreshGrantAuthenticator() .Authenticate(refreshGrantRequest); refreshGrantResult.AccessTokenHref.ShouldNotBe(originalGrantResult.AccessTokenHref); refreshGrantResult.AccessTokenString.ShouldNotBe(originalGrantResult.AccessTokenString); refreshGrantResult.RefreshTokenString.ShouldBe(originalGrantResult.RefreshTokenString); // Clean up createdApplication.Delete().ShouldBeTrue(); this.fixture.CreatedApplicationHrefs.Remove(createdApplication.Href); }
public async Task Validating_token_after_revocation(TestClientProvider clientBuilder) { var client = clientBuilder.GetClient(); var tenant = await client.GetCurrentTenantAsync(); // Create a dummy application var createdApplication = await tenant.CreateApplicationAsync( $".NET IT {this.fixture.TestRunIdentifier}-{clientBuilder.Name} Validating Token After Revocation", createDirectory : false); createdApplication.Href.ShouldNotBeNullOrEmpty(); this.fixture.CreatedApplicationHrefs.Add(createdApplication.Href); // Add the test accounts await createdApplication.AddAccountStoreAsync(this.fixture.PrimaryDirectoryHref); var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin("*****@*****.**") .SetPassword("whataPieceofjunk$1138") .SetAccountStore(this.fixture.PrimaryDirectoryHref) .Build(); var authenticateResult = await createdApplication.NewPasswordGrantAuthenticator() .AuthenticateAsync(passwordGrantRequest); var accessToken = await authenticateResult.GetAccessTokenAsync(); (await accessToken.DeleteAsync()).ShouldBeTrue(); // Revoke access token var jwtAuthenticationRequest = OauthRequests.NewJwtAuthenticationRequest() .SetJwt(accessToken.Jwt) .Build(); await Should.ThrowAsync <ResourceException>(async() => await createdApplication.NewJwtAuthenticator().AuthenticateAsync(jwtAuthenticationRequest)); // Clean up (await createdApplication.DeleteAsync()).ShouldBeTrue(); this.fixture.CreatedApplicationHrefs.Remove(createdApplication.Href); }
public async Task Validating_jwt_locally_throws_for_bad_jwt(TestClientProvider clientBuilder) { var client = clientBuilder.GetClient(); var tenant = await client.GetCurrentTenantAsync(); // Create a dummy application var createdApplication = await tenant.CreateApplicationAsync( $".NET IT {this.fixture.TestRunIdentifier}-{clientBuilder.Name} Validating JWT Locally", createDirectory : false); createdApplication.Href.ShouldNotBeNullOrEmpty(); this.fixture.CreatedApplicationHrefs.Add(createdApplication.Href); // Add the test accounts await createdApplication.AddAccountStoreAsync(this.fixture.PrimaryDirectoryHref); var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest() .SetLogin("*****@*****.**") .SetPassword("whataPieceofjunk$1138") .SetAccountStore(this.fixture.PrimaryDirectoryHref) .Build(); var authenticateResult = await createdApplication.NewPasswordGrantAuthenticator() .AuthenticateAsync(passwordGrantRequest); var badJwt = authenticateResult.AccessTokenString .Substring(0, authenticateResult.AccessTokenString.Length - 3) + "foo"; var jwtAuthenticationRequest = OauthRequests.NewJwtAuthenticationRequest() .SetJwt(badJwt) .Build(); await Should.ThrowAsync <JwtSignatureException>(async() => await createdApplication.NewJwtAuthenticator().WithLocalValidation().AuthenticateAsync(jwtAuthenticationRequest)); // Clean up (await createdApplication.DeleteAsync()).ShouldBeTrue(); this.fixture.CreatedApplicationHrefs.Remove(createdApplication.Href); }
protected override async Task <IPrincipal> AuthenticateAsync(string token, CancellationToken cancellationToken) { if (string.IsNullOrEmpty(token)) { return(null); } // Get the Stormpath application var application = await StormpathConfig.Client.GetApplicationAsync(StormpathConfig.ApplicationHref); // Build and send a request to the Stormpath API var jwtValidationRequest = OauthRequests.NewJwtAuthenticationRequest() .SetJwt(token) .Build(); try { var validationResult = await application.NewJwtAuthenticator() .AuthenticateAsync(jwtValidationRequest, cancellationToken); var accountDetails = await validationResult.GetAccountAsync(); // Build an IPrincipal and return it var claims = new List <Claim>(); claims.Add(new Claim(ClaimTypes.Email, accountDetails.Email)); claims.Add(new Claim(ClaimTypes.GivenName, accountDetails.GivenName)); claims.Add(new Claim(ClaimTypes.Surname, accountDetails.Surname)); claims.Add(new Claim(ClaimTypes.NameIdentifier, accountDetails.Username)); var identity = new ClaimsIdentity(claims, AuthenticationTypes.Signature); return(new ClaimsPrincipal(identity)); } catch (ResourceException rex) { return(null); } }