public JwtTokenExtractor(TokenValidationParameters tokenValidationParameters, string metadataUrl) { // Make our own copy so we can edit it _tokenValidationParameters = tokenValidationParameters.Clone(); if (!_openIdMetadataCache.ContainsKey(metadataUrl)) _openIdMetadataCache[metadataUrl] = new ConfigurationManager<OpenIdConnectConfiguration>(metadataUrl); _openIdMetadata = _openIdMetadataCache[metadataUrl]; _tokenValidationParameters.ValidateAudience = true; _tokenValidationParameters.RequireSignedTokens = true; }
public static void ValidateTokenReplay(string securityToken, ISecurityTokenValidator tokenValidator, TokenValidationParameters validationParameters) { TokenValidationParameters tvp = validationParameters.Clone() as TokenValidationParameters; Microsoft.IdentityModel.Test.TokenReplayCache replayCache = new Microsoft.IdentityModel.Test.TokenReplayCache() { OnAddReturnValue = true, OnFindReturnValue = false, }; tvp.TokenReplayCache = replayCache; TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.NoExceptionExpected); replayCache.OnFindReturnValue = true; TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.SecurityTokenReplayDetected()); replayCache.OnFindReturnValue = false; replayCache.OnAddReturnValue = false; TestUtilities.ValidateToken(securityToken, tvp, tokenValidator, ExpectedException.SecurityTokenReplayAddFailed()); }
public void TokenValidationParameters_Publics() { TokenValidationParameters validationParameters = new TokenValidationParameters(); Type type = typeof(TokenValidationParameters); PropertyInfo[] properties = type.GetProperties(); if (properties.Length != 30) Assert.Fail("Number of properties has changed from 30 to: " + properties.Length + ", adjust tests"); SecurityKey issuerSigningKey = KeyingMaterial.DefaultSymmetricSecurityKey_256; SecurityKey issuerSigningKey2 = KeyingMaterial.SymmetricSecurityKey2_256; List<SecurityKey> issuerSigningKeys = new List<SecurityKey> { KeyingMaterial.DefaultSymmetricSecurityKey_256, KeyingMaterial.SymmetricSecurityKey2_256 }; List<SecurityKey> issuerSigningKeysDup = new List<SecurityKey> { new InMemorySymmetricSecurityKey(KeyingMaterial.SymmetricKeyBytes2_256), new InMemorySymmetricSecurityKey(KeyingMaterial.DefaultSymmetricKeyBytes_256) }; string validAudience = "ValidAudience"; List<string> validAudiences = new List<string>{ validAudience }; string validIssuer = "ValidIssuer"; List<string> validIssuers = new List<string>{ validIssuer }; TokenValidationParameters validationParametersInline = new TokenValidationParameters() { AudienceValidator = IdentityUtilities.AudienceValidatorDoesNotThrow, IssuerSigningKey = issuerSigningKey, IssuerSigningKeyResolver = (token, securityToken, keyIdentifier, tvp) => { return issuerSigningKey; }, IssuerSigningKeys = issuerSigningKeys, IssuerValidator = IdentityUtilities.IssuerValidatorEcho, LifetimeValidator = IdentityUtilities.LifetimeValidatorDoesNotThrow, SaveSigninToken = true, ValidateAudience = false, ValidateIssuer = false, ValidAudience = validAudience, ValidAudiences = validAudiences, ValidIssuer = validIssuer, ValidIssuers = validIssuers, }; Assert.IsTrue(object.ReferenceEquals(validationParametersInline.IssuerSigningKey, issuerSigningKey)); Assert.IsTrue(validationParametersInline.SaveSigninToken); Assert.IsFalse(validationParametersInline.ValidateAudience); Assert.IsFalse(validationParametersInline.ValidateIssuer); Assert.IsTrue(object.ReferenceEquals(validationParametersInline.ValidAudience, validAudience)); Assert.IsTrue(object.ReferenceEquals(validationParametersInline.ValidAudiences, validAudiences)); Assert.IsTrue(object.ReferenceEquals(validationParametersInline.ValidIssuer, validIssuer)); TokenValidationParameters validationParametersSets = new TokenValidationParameters(); validationParametersSets.AudienceValidator = IdentityUtilities.AudienceValidatorDoesNotThrow; validationParametersSets.IssuerSigningKey = new InMemorySymmetricSecurityKey(KeyingMaterial.DefaultSymmetricKeyBytes_256); validationParametersSets.IssuerSigningKeyResolver = (token, securityToken, keyIdentifier, tvp) => { return issuerSigningKey2; }; validationParametersSets.IssuerSigningKeys = issuerSigningKeysDup; validationParametersSets.IssuerValidator = IdentityUtilities.IssuerValidatorEcho; validationParametersSets.LifetimeValidator = IdentityUtilities.LifetimeValidatorDoesNotThrow; validationParametersSets.SaveSigninToken = true; validationParametersSets.ValidateAudience = false; validationParametersSets.ValidateIssuer = false; validationParametersSets.ValidAudience = validAudience; validationParametersSets.ValidAudiences = validAudiences; validationParametersSets.ValidIssuer = validIssuer; validationParametersSets.ValidIssuers = validIssuers; Assert.IsTrue(IdentityComparer.AreEqual<TokenValidationParameters>(validationParametersInline, validationParametersSets)); var tokenValidationParametersCloned = validationParametersInline.Clone(); Assert.IsTrue(IdentityComparer.AreEqual<TokenValidationParameters>(tokenValidationParametersCloned, validationParametersInline)); //tokenValidationParametersCloned.AudienceValidator(new string[]{"bob"}, JwtTestTokens.Simple(); string id = Guid.NewGuid().ToString(); DerivedTokenValidationParameters derivedValidationParameters = new DerivedTokenValidationParameters(id, validationParametersInline); DerivedTokenValidationParameters derivedValidationParametersCloned = derivedValidationParameters.Clone() as DerivedTokenValidationParameters; Assert.IsTrue(IdentityComparer.AreEqual<TokenValidationParameters>(derivedValidationParameters, derivedValidationParametersCloned)); Assert.AreEqual(derivedValidationParameters.InternalString, derivedValidationParametersCloned.InternalString); }