public async Task Valid_Reference_Token()
{
var store = new InMemoryTokenHandleStore();
var validator = Factory.CreateTokenValidator(store);
var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write");
var handle = "123";
await store.StoreAsync(handle, token);
var result = await validator.ValidateAccessTokenAsync("123");
result.IsError.Should().BeFalse();
result.Claims.Count().Should().Be(8);
result.Claims.First(c => c.Type == Constants.ClaimTypes.ClientId).Value.Should().Be("roclient");
}
public async Task Valid_Reference_Token_with_required_Scope()
{
var store = new InMemoryTokenHandleStore();
var validator = Factory.CreateTokenValidator(store);
var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write");
var handle = "123";
await store.StoreAsync(handle, token);
var result = await validator.ValidateAccessTokenAsync("123", "read");
result.IsError.Should().BeFalse();
}
public async Task Valid_AccessToken_but_Client_not_active()
{
var store = new InMemoryTokenHandleStore();
var validator = Factory.CreateTokenValidator(store);
var token = TokenFactory.CreateAccessToken(new Client { ClientId = "unknown" }, "valid", 600, "read", "write");
var handle = "123";
await store.StoreAsync(handle, token);
var result = await validator.ValidateAccessTokenAsync("123");
result.IsError.Should().BeTrue();
}
public async Task Valid_AccessToken_but_User_not_active()
{
var mock = new Mock<IUserService>();
mock.Setup(u => u.IsActiveAsync(It.IsAny<IsActiveContext>())).Callback<IsActiveContext>(ctx=>{
ctx.IsActive = false;
}).Returns(Task.FromResult(0));
var store = new InMemoryTokenHandleStore();
var validator = Factory.CreateTokenValidator(tokenStore: store, users: mock.Object);
var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "invalid", 600, "read", "write");
var handle = "123";
await store.StoreAsync(handle, token);
var result = await validator.ValidateAccessTokenAsync("123");
result.IsError.Should().BeTrue();
}
public async Task Malformed_JWT_Token()
{
var store = new InMemoryTokenHandleStore();
var validator = Factory.CreateTokenValidator(store);
var result = await validator.ValidateAccessTokenAsync("unk.nown");
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.ProtectedResourceErrors.InvalidToken);
}
public async Task Expired_Reference_Token()
{
now = DateTimeOffset.UtcNow;
var store = new InMemoryTokenHandleStore();
var validator = Factory.CreateTokenValidator(store);
var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 2, "read", "write");
var handle = "123";
await store.StoreAsync(handle, token);
now = now.AddMilliseconds(2000);
var result = await validator.ValidateAccessTokenAsync("123");
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.ProtectedResourceErrors.ExpiredToken);
}
public async Task Reference_Token_Too_Long()
{
var store = new InMemoryTokenHandleStore();
var validator = Factory.CreateTokenValidator(store);
var options = new IdentityServerOptions();
var longToken = "x".Repeat(options.InputLengthRestrictions.TokenHandle + 1);
var result = await validator.ValidateAccessTokenAsync(longToken);
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.ProtectedResourceErrors.InvalidToken);
}
public async Task Valid_Reference_Token_with_missing_Scope()
{
var store = new InMemoryTokenHandleStore();
var validator = Factory.CreateTokenValidator(store);
var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write");
var handle = "123";
await store.StoreAsync(handle, token);
var result = await validator.ValidateAccessTokenAsync("123", "missing");
result.IsError.Should().BeTrue();
result.Error.Should().Be(Constants.ProtectedResourceErrors.InsufficientScope);
}