public async Task Sliding_Expiration_within_absolute_Expiration() { var store = new InMemoryRefreshTokenStore(); var service = new DefaultRefreshTokenService(store); var client = await _clients.FindClientByIdAsync("roclient_sliding_refresh_expiration_one_time_only"); var token = TokenFactory.CreateAccessToken(client.ClientId, "valid", 60, "read", "write"); var handle = await service.CreateRefreshTokenAsync(token, client); var refreshToken = await store.GetAsync(handle); var lifetime = refreshToken.LifeTime; await Task.Delay(1000); var newHandle = await service.UpdateRefreshTokenAsync(refreshToken, client); var newRefreshToken = await store.GetAsync(newHandle); var newLifetime = newRefreshToken.LifeTime; Assert.AreEqual(newLifetime, client.SlidingRefreshTokenLifetime + 1); }
public async Task Sliding_Expiration_does_not_exceed_absolute_Expiration() { var store = new InMemoryRefreshTokenStore(); var service = new DefaultRefreshTokenService(store); var client = await _clients.FindClientByIdAsync("roclient_sliding_refresh_expiration_one_time_only"); var token = TokenFactory.CreateAccessToken(client.ClientId, "valid", 60, "read", "write"); var handle = await service.CreateRefreshTokenAsync(token, client); var refreshToken = await store.GetAsync(handle); var lifetime = refreshToken.LifeTime; await Task.Delay(8000); var newHandle = await service.UpdateRefreshTokenAsync(handle, refreshToken, client); var newRefreshToken = await store.GetAsync(newHandle); var newLifetime = newRefreshToken.LifeTime; newLifetime.Should().Be(client.AbsoluteRefreshTokenLifetime); }
public async Task JWT_Token_with_scopes_have_expected_claims(bool flag) { var options = TestIdentityServerOptions.Create(); options.EmitScopesAsSpaceDelimitedStringInJwt = flag; var signer = Factory.CreateDefaultTokenCreator(options); var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write")); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt); result.IsError.Should().BeFalse(); result.Jwt.Should().NotBeNullOrEmpty(); result.Client.ClientId.Should().Be("roclient"); result.Claims.Count().Should().Be(9); var scopes = result.Claims.Where(c => c.Type == "scope").Select(c => c.Value).ToArray(); scopes.Count().Should().Be(2); scopes[0].Should().Be("read"); scopes[1].Should().Be("write"); }
public async Task Valid_Reference_Token() { var store = Factory.CreateReferenceTokenStore(); var validator = Factory.CreateTokenValidator(store); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"); var handle = await store.StoreReferenceTokenAsync(token); var result = await validator.ValidateAccessTokenAsync(handle); result.IsError.Should().BeFalse(); result.Claims.Count().Should().Be(9); result.Claims.First(c => c.Type == JwtClaimTypes.ClientId).Value.Should().Be("roclient"); var claimTypes = result.Claims.Select(c => c.Type).ToList(); claimTypes.Should().Contain("iss"); claimTypes.Should().Contain("aud"); claimTypes.Should().Contain("iat"); claimTypes.Should().Contain("nbf"); claimTypes.Should().Contain("exp"); claimTypes.Should().Contain("client_id"); claimTypes.Should().Contain("sub"); claimTypes.Should().Contain("scope"); }
public async Task Valid_JWT_Token() { var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create()); var jwt = await signer.SignTokenAsync(TokenFactory.CreateAccessToken("roclient", "valid", 600, "read", "write")); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt); Assert.IsFalse(result.IsError); }
public async Task Valid_JWT_Token() { var signer = Factory.CreateDefaultTokenCreator(); var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write")); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt); result.IsError.Should().BeFalse(); }
public async Task JWT_Token_invalid_Audience() { var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create()); var token = TokenFactory.CreateAccessToken("roclient", "valid", 600, "read", "write"); token.Audience = "invalid"; var jwt = await signer.SignTokenAsync(token); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.ProtectedResourceErrors.InvalidToken, result.Error); }
public async Task Valid_AccessToken_but_Client_not_active() { var store = new InMemoryTokenHandleStore(); var validator = Factory.CreateTokenValidator(store); var token = TokenFactory.CreateAccessToken("unknown", "valid", 600, "read", "write"); var handle = "123"; await store.StoreAsync(handle, token); var result = await validator.ValidateAccessTokenAsync("123"); Assert.IsTrue(result.IsError); }
public async Task Valid_Reference_Token_with_required_Scope() { var store = new InMemoryTokenHandleStore(); var validator = Factory.CreateTokenValidator(store); var token = TokenFactory.CreateAccessToken("roclient", "valid", 600, "read", "write"); var handle = "123"; await store.StoreAsync(handle, token); var result = await validator.ValidateAccessTokenAsync("123", "read"); Assert.IsFalse(result.IsError); }
public async Task Valid_Reference_Token_with_required_Scope() { var store = Factory.CreateReferenceTokenStore(); var validator = Factory.CreateTokenValidator(store); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"); var handle = await store.StoreReferenceTokenAsync(token); var result = await validator.ValidateAccessTokenAsync(handle, "read"); result.IsError.Should().BeFalse(); }
public async Task Valid_AccessToken_but_Client_not_active() { var store = Factory.CreateReferenceTokenStore(); var validator = Factory.CreateTokenValidator(store); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "unknown" }, "valid", 600, "read", "write"); var handle = await store.StoreReferenceTokenAsync(token); var result = await validator.ValidateAccessTokenAsync(handle); result.IsError.Should().BeTrue(); }
public async Task Valid_Reference_Token_with_missing_Scope() { var store = new InMemoryTokenHandleStore(); var validator = Factory.CreateTokenValidator(store); var token = TokenFactory.CreateAccessToken("roclient", "valid", 600, "read", "write"); var handle = "123"; await store.StoreAsync(handle, token); var result = await validator.ValidateAccessTokenAsync("123", "missing"); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.ProtectedResourceErrors.InsufficientScope, result.Error); }
public async Task ReUse_Handle_reuses_Handle() { var store = new InMemoryRefreshTokenStore(); var service = new DefaultRefreshTokenService(store); var client = await _clients.FindClientByIdAsync("roclient_absolute_refresh_expiration_reuse"); var token = TokenFactory.CreateAccessToken(client.ClientId, "valid", 60, "read", "write"); var handle = await service.CreateRefreshTokenAsync(token, client); var newHandle = await service.UpdateRefreshTokenAsync(await store.GetAsync(handle), client); Assert.AreEqual(handle, newHandle); }
public async Task OneTime_Handle_creates_new_Handle() { var store = new InMemoryRefreshTokenStore(); var service = new DefaultRefreshTokenService(store); var client = await _clients.FindClientByIdAsync("roclient_absolute_refresh_expiration_one_time_only"); var token = TokenFactory.CreateAccessToken(client.ClientId, "valid", 60, "read", "write"); var handle = await service.CreateRefreshTokenAsync(token, client); var newHandle = await service.UpdateRefreshTokenAsync(handle, await store.GetAsync(handle), client); newHandle.Should().NotBe(handle); }
public async Task Valid_Reference_Token_with_missing_Scope() { var store = Factory.CreateReferenceTokenStore(); var validator = Factory.CreateTokenValidator(store); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"); var handle = await store.StoreReferenceTokenAsync(token); var result = await validator.ValidateAccessTokenAsync(handle, "missing"); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.ProtectedResourceErrors.InsufficientScope); }
public async Task JWT_Token_invalid_Audience() { var signer = Factory.CreateDefaultTokenCreator(); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"); token.Audience = "invalid"; var jwt = await signer.CreateTokenAsync(token); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.ProtectedResourceErrors.InvalidToken); }
public async Task Valid_Reference_Token() { var store = new InMemoryTokenHandleStore(); var validator = Factory.CreateTokenValidator(store); var token = TokenFactory.CreateAccessToken("roclient", "valid", 600, "read", "write"); var handle = "123"; await store.StoreAsync(handle, token); var result = await validator.ValidateAccessTokenAsync("123"); Assert.IsFalse(result.IsError); Assert.AreEqual(8, result.Claims.Count()); Assert.AreEqual("roclient", result.Claims.First(c => c.Type == Constants.ClaimTypes.ClientId).Value); }
public async Task JWT_Token_invalid_Issuer() { var signer = new DefaultTokenSigningService(TestIdentityServerOptions.Create()); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"); token.Issuer = "invalid"; var jwt = await signer.SignTokenAsync(token); var validator = Factory.CreateTokenValidator(null); var result = await validator.ValidateAccessTokenAsync(jwt); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.ProtectedResourceErrors.InvalidToken); }
public async Task Valid_Reference_Token() { var store = Factory.CreateReferenceTokenStore(); var validator = Factory.CreateTokenValidator(store); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"); var handle = await store.StoreReferenceTokenAsync(token); var result = await validator.ValidateAccessTokenAsync(handle); result.IsError.Should().BeFalse(); result.Claims.Count().Should().Be(8); result.Claims.First(c => c.Type == JwtClaimTypes.ClientId).Value.Should().Be("roclient"); }
public async Task Expired_Reference_Token() { var store = new InMemoryTokenHandleStore(); var validator = Factory.CreateTokenValidator(store); var token = TokenFactory.CreateAccessToken("roclient", "valid", 2, "read", "write"); var handle = "123"; await store.StoreAsync(handle, token); await Task.Delay(2000); var result = await validator.ValidateAccessTokenAsync("123"); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.ProtectedResourceErrors.ExpiredToken, result.Error); }
public async Task Valid_AccessToken_but_User_not_active() { var mock = new Mock <IUserService>(); mock.Setup(u => u.IsActiveAsync(It.IsAny <ClaimsPrincipal>())).Returns(Task.FromResult(false)); var store = new InMemoryTokenHandleStore(); var validator = Factory.CreateTokenValidator(tokenStore: store, users: mock.Object); var token = TokenFactory.CreateAccessToken("roclient", "invalid", 600, "read", "write"); var handle = "123"; await store.StoreAsync(handle, token); var result = await validator.ValidateAccessTokenAsync("123"); result.IsError.Should().BeTrue(); }
public async Task Expired_Reference_Token() { now = DateTimeOffset.UtcNow; var store = new InMemoryTokenHandleStore(); var validator = Factory.CreateTokenValidator(store); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 2, "read", "write"); var handle = "123"; await store.StoreAsync(handle, token); now = now.AddMilliseconds(2000); var result = await validator.ValidateAccessTokenAsync("123"); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.ProtectedResourceErrors.ExpiredToken); }
public async Task Expired_Reference_Token() { now = DateTime.UtcNow; var store = Factory.CreateReferenceTokenStore(); var validator = Factory.CreateTokenValidator(store, clock: _clock); var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 2, "read", "write"); token.CreationTime = now; var handle = await store.StoreReferenceTokenAsync(token); now = now.AddSeconds(3); var result = await validator.ValidateAccessTokenAsync(handle); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.ProtectedResourceErrors.ExpiredToken); }
public async Task Create_Refresh_Token_Absolute_Lifetime() { var store = new InMemoryRefreshTokenStore(); var service = new DefaultRefreshTokenService(store); var client = await _clients.FindClientByIdAsync("roclient_absolute_refresh_expiration_one_time_only"); var token = TokenFactory.CreateAccessToken(client.ClientId, "valid", 60, "read", "write"); var handle = await service.CreateRefreshTokenAsync(token, client); // make sure a handle is returned Assert.IsFalse(string.IsNullOrWhiteSpace(handle)); // make sure refresh token is in store var refreshToken = await store.GetAsync(handle); Assert.IsNotNull(refreshToken); // check refresh token values Assert.AreEqual(refreshToken.ClientId, client.ClientId); Assert.AreEqual(refreshToken.LifeTime, client.AbsoluteRefreshTokenLifetime); }
public async Task Create_Refresh_Token_Sliding_Lifetime() { var store = new InMemoryRefreshTokenStore(); var service = new DefaultRefreshTokenService(store); var client = await _clients.FindClientByIdAsync("roclient_sliding_refresh_expiration_one_time_only"); var token = TokenFactory.CreateAccessToken(client.ClientId, "valid", 60, "read", "write"); var handle = await service.CreateRefreshTokenAsync(token, client); // make sure a handle is returned string.IsNullOrWhiteSpace(handle).Should().BeFalse(); // make sure refresh token is in store var refreshToken = await store.GetAsync(handle); refreshToken.Should().NotBeNull(); // check refresh token values client.ClientId.Should().Be(refreshToken.ClientId); client.SlidingRefreshTokenLifetime.Should().Be(refreshToken.LifeTime); }
public virtual async Task <string> GenerateAccessToken(T entity) { var entityType = entity.GetType(); (byte[], string)? tokenData = null; if (entityType.IsAssignableTo(typeof(Doctor))) { tokenData = TokenFactory.CreateAccessToken(Roles.Doctor, entity.Id); } else if (entityType.IsAssignableTo(typeof(Assistant))) { tokenData = TokenFactory.CreateAccessToken(Roles.Assistant, entity.Id); } else { throw new InvalidEnumArgumentException(); } _accessTokens.Add(entity.Id, tokenData.Value.Item1); return(await Task.FromResult(tokenData.Value.Item2)); }