Elgato_dark/products
1
0
Fork 0
mirror of https://github.com/DuendeSoftware/products synced 2026-05-24 01:18:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make CT required in ITokenCreationService and IClaimsService, flow through implementations, callers, and tests

Browse source
This commit is contained in:
Damian Hickey 2026-02-20 22:13:59 +01:00
parent 86975952a2
commit ea9ba0c05f
13 changed files with 66 additions and 82 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
identity-server/src/IdentityServer/Endpoints/Results/IntrospectionResult.cs
View file

@ -84,7 +84,7 @@ internal class IntrospectionHttpWriter(IIssuerNameService issuerNameService, ITo
CreationTime = DateTime.UtcNow,
Claims = [new Claim("token_introspection", ObjectSerializer.ToString(result.Entries), IdentityServerConstants.ClaimValueTypes.Json)]
};
var jwt = await tokenCreationService.CreateTokenAsync(token);
var jwt = await tokenCreationService.CreateTokenAsync(token, context.RequestAborted);
await context.Response.WriteAsync(jwt);
}

2
identity-server/src/IdentityServer/IdentityServerTools.cs
View file

@ -142,7 +142,7 @@ public class IdentityServerTools : IIdentityServerTools
Claims = new HashSet<Claim>(claims, new ClaimComparer())
};
return await _tokenCreation.CreateTokenAsync(token);
return await _tokenCreation.CreateTokenAsync(token, default);
}
/// <inheritdoc/>

25
identity-server/src/IdentityServer/Services/Default/DefaultClaimsService.cs
View file

@ -38,17 +38,8 @@ public class DefaultClaimsService : IClaimsService
Profile = profile;
}
/// <summary>
/// Returns claims for an identity token
/// </summary>
/// <param name="subject">The subject</param>
/// <param name="resources">The requested resources</param>
/// <param name="includeAllIdentityClaims">Specifies if all claims should be included in the token, or if the userinfo endpoint can be used to retrieve them</param>
/// <param name="request">The raw request</param>
/// <returns>
/// Claims for the identity token
/// </returns>
public virtual async Task<IEnumerable<Claim>> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request)
/// <inheritdoc/>
public virtual async Task<IEnumerable<Claim>> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request, CT ct)
{
using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultClaimsService.GetIdentityTokenClaims");
@ -101,16 +92,8 @@ public class DefaultClaimsService : IClaimsService
return outputClaims;
}
/// <summary>
/// Returns claims for an access token.
/// </summary>
/// <param name="subject">The subject.</param>
/// <param name="resourceResult">The validated resource result</param>
/// <param name="request">The raw request.</param>
/// <returns>
/// Claims for the access token
/// </returns>
public virtual async Task<IEnumerable<Claim>> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resourceResult, ValidatedRequest request)
/// <inheritdoc/>
public virtual async Task<IEnumerable<Claim>> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resourceResult, ValidatedRequest request, CT ct)
{
using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultClaimsService.GetAccessTokenClaims");

17
identity-server/src/IdentityServer/Services/Default/DefaultTokenCreationService.cs
View file

@ -56,21 +56,15 @@ public class DefaultTokenCreationService : ITokenCreationService
Logger = logger;
}
/// <summary>
/// Creates the token.
/// </summary>
/// <param name="token">The token.</param>
/// <returns>
/// A protected and serialized security token
/// </returns>
public virtual async Task<string> CreateTokenAsync(Token token)
/// <inheritdoc/>
public virtual async Task<string> CreateTokenAsync(Token token, CT ct)
{
using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultTokenCreationService.CreateToken");
var payload = await CreatePayloadAsync(token);
var headerElements = await CreateHeaderElementsAsync(token);
return await CreateJwtAsync(token, payload, headerElements);
return await CreateJwtAsync(token, payload, headerElements, ct);
}
/// <summary>
@ -121,14 +115,15 @@ public class DefaultTokenCreationService : ITokenCreationService
/// <param name="token"></param>
/// <param name="payload"></param>
/// <param name="headerElements"></param>
/// <param name="ct"></param>
/// <returns></returns>
/// <exception cref="InvalidOperationException"></exception>
protected virtual async Task<string> CreateJwtAsync(Token token, string payload,
Dictionary<string, object> headerElements)
Dictionary<string, object> headerElements, CT ct)
{
using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultTokenCreationService.CreateJwt");
var credential = await Keys.GetSigningCredentialsAsync(token.AllowedSigningAlgorithms, default);
var credential = await Keys.GetSigningCredentialsAsync(token.AllowedSigningAlgorithms, ct);
if (credential == null)
{

10
identity-server/src/IdentityServer/Services/Default/DefaultTokenService.cs
View file

@ -135,7 +135,8 @@ public class DefaultTokenService : ITokenService
request.Subject,
request.ValidatedResources,
request.IncludeAllIdentityClaims,
request.ValidatedRequest));
request.ValidatedRequest,
ct));
var issuer = request.ValidatedRequest.IssuerName;
var token = new Token(OidcConstants.TokenTypes.IdentityToken)
@ -165,7 +166,8 @@ public class DefaultTokenService : ITokenService
claims.AddRange(await ClaimsProvider.GetAccessTokenClaimsAsync(
request.Subject,
request.ValidatedResources,
request.ValidatedRequest));
request.ValidatedRequest,
ct));
if (request.ValidatedRequest.SessionId.IsPresent())
{
@ -231,7 +233,7 @@ public class DefaultTokenService : ITokenService
{
Logger.LogTrace("Creating JWT access token");
tokenResult = await CreationService.CreateTokenAsync(token);
tokenResult = await CreationService.CreateTokenAsync(token, ct);
}
else
{
@ -246,7 +248,7 @@ public class DefaultTokenService : ITokenService
{
Logger.LogTrace("Creating JWT identity token");
tokenResult = await CreationService.CreateTokenAsync(token);
tokenResult = await CreationService.CreateTokenAsync(token, ct);
}
else
{

6
identity-server/src/IdentityServer/Services/IClaimsService.cs
View file

@ -21,10 +21,11 @@ public interface IClaimsService
/// <param name="resources">The resources.</param>
/// <param name="includeAllIdentityClaims">Specifies if all claims should be included in the token, or if the userinfo endpoint can be used to retrieve them</param>
/// <param name="request">The raw request</param>
/// <param name="ct">A token to monitor for cancellation requests.</param>
/// <returns>
/// Claims for the identity token
/// </returns>
Task<IEnumerable<Claim>> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request);
Task<IEnumerable<Claim>> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request, CT ct);
/// <summary>
/// Returns claims for an access token.
@ -32,8 +33,9 @@ public interface IClaimsService
/// <param name="subject">The subject.</param>
/// <param name="resources">The resources.</param>
/// <param name="request">The raw request.</param>
/// <param name="ct">A token to monitor for cancellation requests.</param>
/// <returns>
/// Claims for the access token
/// </returns>
Task<IEnumerable<Claim>> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, ValidatedRequest request);
Task<IEnumerable<Claim>> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, ValidatedRequest request, CT ct);
}

3
identity-server/src/IdentityServer/Services/ITokenCreationService.cs
View file

@ -17,6 +17,7 @@ public interface ITokenCreationService
/// Creates a token.
/// </summary>
/// <param name="token">The token description.</param>
/// <param name="ct">A token to monitor for cancellation requests.</param>
/// <returns>A protected and serialized security token</returns>
Task<string> CreateTokenAsync(Token token);
Task<string> CreateTokenAsync(Token token, CT ct);
}

4
identity-server/test/IdentityServer.IntegrationTests/Extensibility/CustomClaimsServiceTests.cs
View file

@ -77,9 +77,9 @@ public class CustomClaimsService : DefaultClaimsService
{
}
public override async Task<IEnumerable<Claim>> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resourceResult, ValidatedRequest request)
public override async Task<IEnumerable<Claim>> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resourceResult, ValidatedRequest request, CT ct)
{
var result = (await base.GetAccessTokenClaimsAsync(subject, resourceResult, request)).ToList();
var result = (await base.GetAccessTokenClaimsAsync(subject, resourceResult, request, ct)).ToList();
result.Add(new Claim("foo", "foo1"));

4
identity-server/test/IdentityServer.UnitTests/Common/MockClaimsService.cs
View file

@ -13,7 +13,7 @@ internal class MockClaimsService : IClaimsService
public List<Claim> IdentityTokenClaims { get; set; } = new List<Claim>();
public List<Claim> AccessTokenClaims { get; set; } = new List<Claim>();
public Task<IEnumerable<Claim>> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request) => Task.FromResult(IdentityTokenClaims.AsEnumerable());
public Task<IEnumerable<Claim>> GetIdentityTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, bool includeAllIdentityClaims, ValidatedRequest request, CT ct) => Task.FromResult(IdentityTokenClaims.AsEnumerable());
public Task<IEnumerable<Claim>> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, ValidatedRequest request) => Task.FromResult(AccessTokenClaims.AsEnumerable());
public Task<IEnumerable<Claim>> GetAccessTokenClaimsAsync(ClaimsPrincipal subject, ResourceValidationResult resources, ValidatedRequest request, CT ct) => Task.FromResult(AccessTokenClaims.AsEnumerable());
}

2
identity-server/test/IdentityServer.UnitTests/Common/MockTokenCreationService.cs
View file

@ -12,7 +12,7 @@ internal class MockTokenCreationService : ITokenCreationService
public string TokenResult { get; set; }
public Token Token { get; set; }
public Task<string> CreateTokenAsync(Token token)
public Task<string> CreateTokenAsync(Token token, CT ct)
{
Token = token;
return Task.FromResult(TokenResult);

47
identity-server/test/IdentityServer.UnitTests/Services/Default/DefaultClaimsServiceTests.cs
View file

@ -17,6 +17,7 @@ public class DefaultClaimsServiceTests
{
private DefaultClaimsService _subject;
private MockProfileService _mockMockProfileService = new MockProfileService();
private readonly CT _ct = TestContext.Current.CancellationToken;
private ClaimsPrincipal _user;
private Client _client;
@ -58,7 +59,7 @@ public class DefaultClaimsServiceTests
[Fact]
public async Task GetIdentityTokenClaimsAsync_should_return_standard_user_claims()
{
var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest);
var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest, _ct);
var types = claims.Select(x => x.Type);
types.ShouldContain(JwtClaimTypes.Subject);
@ -73,7 +74,7 @@ public class DefaultClaimsServiceTests
{
_resources.IdentityResources.Add(new IdentityResource("id_scope", new[] { "foo" }));
var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest);
var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest, _ct);
_mockMockProfileService.GetProfileWasCalled.ShouldBeFalse();
}
@ -84,7 +85,7 @@ public class DefaultClaimsServiceTests
_resources.IdentityResources.Add(new IdentityResource("id_scope", new[] { "foo" }));
_mockMockProfileService.ProfileClaims.Add(new Claim("foo", "foo1"));
var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, true, _validatedRequest);
var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, true, _validatedRequest, _ct);
_mockMockProfileService.GetProfileWasCalled.ShouldBeTrue();
_mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("foo");
@ -98,7 +99,7 @@ public class DefaultClaimsServiceTests
_resources.IdentityResources.Add(new IdentityResource("id_scope", new[] { "foo" }));
_mockMockProfileService.ProfileClaims.Add(new Claim("foo", "foo1"));
var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest);
var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, false, _validatedRequest, _ct);
_mockMockProfileService.GetProfileWasCalled.ShouldBeTrue();
_mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("foo");
@ -110,7 +111,7 @@ public class DefaultClaimsServiceTests
_resources.IdentityResources.Add(new IdentityResource("id_scope", new[] { "foo" }));
_mockMockProfileService.ProfileClaims.Add(new Claim("aud", "bar"));
var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, true, _validatedRequest);
var claims = await _subject.GetIdentityTokenClaimsAsync(_user, ResourceValidationResult, true, _validatedRequest, _ct);
claims.Count(x => x.Type == "aud" && x.Value == "bar").ShouldBe(0);
}
@ -118,7 +119,7 @@ public class DefaultClaimsServiceTests
[Fact]
public async Task GetAccessTokenClaimsAsync_should_contain_client_id()
{
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
claims.Count(x => x.Type == JwtClaimTypes.ClientId && x.Value == _client.ClientId).ShouldBe(1);
}
@ -126,7 +127,7 @@ public class DefaultClaimsServiceTests
[Fact]
public async Task GetAccessTokenClaimsAsync_client_claims_should_be_prefixed_with_default_value()
{
var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest, _ct);
claims.Count(x => x.Type == "client_some_claim" && x.Value == "some_claim_value").ShouldBe(1);
}
@ -135,7 +136,7 @@ public class DefaultClaimsServiceTests
public async Task GetAccessTokenClaimsAsync_client_claims_should_be_prefixed_with_custom_value()
{
_validatedRequest.Client.ClientClaimsPrefix = "custom_prefix_";
var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest, _ct);
claims.Count(x => x.Type == "custom_prefix_some_claim" && x.Value == "some_claim_value").ShouldBe(1);
}
@ -144,7 +145,7 @@ public class DefaultClaimsServiceTests
public async Task GetAccessTokenClaimsAsync_should_contain_client_claims_when_no_subject()
{
_validatedRequest.Client.ClientClaimsPrefix = null;
var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest, _ct);
claims.Count(x => x.Type == "some_claim" && x.Value == "some_claim_value").ShouldBe(1);
}
@ -155,7 +156,7 @@ public class DefaultClaimsServiceTests
_validatedRequest.Client.ClientClaimsPrefix = null;
_validatedRequest.Client.AlwaysSendClientClaims = true;
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
claims.Count(x => x.Type == "some_claim" && x.Value == "some_claim_value").ShouldBe(1);
}
@ -168,7 +169,7 @@ public class DefaultClaimsServiceTests
_resources.ApiScopes.Add(new ApiScope("api1"));
_resources.ApiScopes.Add(new ApiScope("api2"));
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value);
scopes.Count().ShouldBe(4);
@ -185,7 +186,7 @@ public class DefaultClaimsServiceTests
ParsedScopes = { new ParsedScopeValue("api:123", "api", "123") }
};
var claims = await _subject.GetAccessTokenClaimsAsync(_user, resourceResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, resourceResult, _validatedRequest, _ct);
var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value);
scopes.Count().ShouldBe(1);
@ -197,7 +198,7 @@ public class DefaultClaimsServiceTests
{
_resources.ApiResources.Add(new ApiResource("api1"));
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value);
scopes.Count().ShouldBe(0);
@ -215,7 +216,7 @@ public class DefaultClaimsServiceTests
ParsedScopes = { new ParsedScopeValue("api2") }
};
var claims = await _subject.GetAccessTokenClaimsAsync(_user, resourceResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, resourceResult, _validatedRequest, _ct);
var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value);
scopes.Count().ShouldBe(1);
@ -235,7 +236,7 @@ public class DefaultClaimsServiceTests
_resources.ApiResources.Add(new ApiResource { Name = "api3", Scopes = { "resource" } });
_resources.ApiScopes.Add(new ApiScope("resource"));
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value);
scopes.Count().ShouldBe(1);
@ -251,7 +252,7 @@ public class DefaultClaimsServiceTests
_resources.ApiResources.Add(new ApiResource("api2"));
_resources.OfflineAccess = true;
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value);
scopes.ShouldContain(IdentityServerConstants.StandardScopes.OfflineAccess);
@ -266,7 +267,7 @@ public class DefaultClaimsServiceTests
_resources.ApiResources.Add(new ApiResource("api2"));
_resources.OfflineAccess = true;
var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(null, ResourceValidationResult, _validatedRequest, _ct);
var scopes = claims.Where(x => x.Type == JwtClaimTypes.Scope).Select(x => x.Value);
scopes.ShouldNotContain(IdentityServerConstants.StandardScopes.OfflineAccess);
@ -275,7 +276,7 @@ public class DefaultClaimsServiceTests
[Fact]
public async Task GetAccessTokenClaimsAsync_should_return_standard_user_claims()
{
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
var types = claims.Select(x => x.Type);
types.ShouldContain(JwtClaimTypes.Subject);
@ -291,7 +292,7 @@ public class DefaultClaimsServiceTests
_resources.IdentityResources.Add(new IdentityResource("id1", new[] { "foo" }));
_resources.ApiResources.Add(new ApiResource("api1", new string[] { "bar" }));
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
_mockMockProfileService.GetProfileWasCalled.ShouldBeTrue();
_mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldNotContain("foo");
@ -304,7 +305,7 @@ public class DefaultClaimsServiceTests
_resources.ApiResources.Add(new ApiResource("api1", new[] { "foo" }));
_mockMockProfileService.ProfileClaims.Add(new Claim("aud", "bar"));
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
claims.Count(x => x.Type == "aud" && x.Value == "bar").ShouldBe(0);
}
@ -314,7 +315,7 @@ public class DefaultClaimsServiceTests
{
_resources.ApiResources.Add(new ApiResource("api1", new[] { "foo" }));
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
_mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("foo");
}
@ -335,7 +336,7 @@ public class DefaultClaimsServiceTests
}
);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
_mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("foo");
}
@ -357,7 +358,7 @@ public class DefaultClaimsServiceTests
}
);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest);
var claims = await _subject.GetAccessTokenClaimsAsync(_user, ResourceValidationResult, _validatedRequest, _ct);
_mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("foo");
_mockMockProfileService.ProfileContext.RequestedClaimTypes.ShouldContain("bar");

14
identity-server/test/IdentityServer.UnitTests/Validation/AccessTokenValidation.cs
View file

@ -163,7 +163,7 @@ public class AccessTokenValidation
public async Task Valid_JWT_Token()
{
var signer = Factory.CreateDefaultTokenCreator();
var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"));
var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"), _ct);
var validator = Factory.CreateTokenValidator(null);
var result = await validator.ValidateAccessTokenAsync(jwt, null, _ct);
@ -181,7 +181,7 @@ public class AccessTokenValidation
options.EmitScopesAsSpaceDelimitedStringInJwt = flag;
var signer = Factory.CreateDefaultTokenCreator(options);
var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"));
var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write"), _ct);
var validator = Factory.CreateTokenValidator(null);
var result = await validator.ValidateAccessTokenAsync(jwt, null, _ct);
@ -204,7 +204,7 @@ public class AccessTokenValidation
var signer = Factory.CreateDefaultTokenCreator();
var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write");
token.Issuer = "invalid";
var jwt = await signer.CreateTokenAsync(token);
var jwt = await signer.CreateTokenAsync(token, _ct);
var validator = Factory.CreateTokenValidator(null);
var result = await validator.ValidateAccessTokenAsync(jwt, null, _ct);
@ -218,7 +218,7 @@ public class AccessTokenValidation
public async Task JWT_Token_Too_Long()
{
var signer = Factory.CreateDefaultTokenCreator();
var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessTokenLong(new Client { ClientId = "roclient" }, "valid", 600, 1000, "read", "write"));
var jwt = await signer.CreateTokenAsync(TokenFactory.CreateAccessTokenLong(new Client { ClientId = "roclient" }, "valid", 600, 1000, "read", "write"), _ct);
var validator = Factory.CreateTokenValidator(null);
var result = await validator.ValidateAccessTokenAsync(jwt, null, _ct);
@ -236,7 +236,7 @@ public class AccessTokenValidation
futureClock.SetUtcNow(definitelyNotNow);
var signer = Factory.CreateDefaultTokenCreator(timeProvider: futureClock);
var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write");
var jwt = await signer.CreateTokenAsync(token);
var jwt = await signer.CreateTokenAsync(token, _ct);
var options = TestIdentityServerOptions.Create();
options.JwtValidationClockSkew = TimeSpan.FromSeconds(10);
@ -255,7 +255,7 @@ public class AccessTokenValidation
futureClock.SetUtcNow(definitelyNotNow);
var signer = Factory.CreateDefaultTokenCreator(timeProvider: futureClock);
var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write");
var jwt = await signer.CreateTokenAsync(token);
var jwt = await signer.CreateTokenAsync(token, _ct);
var options = TestIdentityServerOptions.Create();
options.JwtValidationClockSkew = TimeSpan.FromSeconds(5);
@ -272,7 +272,7 @@ public class AccessTokenValidation
{
var signer = Factory.CreateDefaultTokenCreator();
var token = TokenFactory.CreateAccessToken(new Client { ClientId = "roclient" }, "valid", 600, "read", "write");
var jwt = await signer.CreateTokenAsync(token);
var jwt = await signer.CreateTokenAsync(token, _ct);
var options = TestIdentityServerOptions.Create();
options.SupportedRequestObjectSigningAlgorithms = ["Test"];

12
identity-server/test/IdentityServer.UnitTests/Validation/IdentityTokenValidation.cs
View file

@ -24,7 +24,7 @@ public class IdentityTokenValidation
{
var creator = Factory.CreateDefaultTokenCreator();
var token = TokenFactory.CreateIdentityToken("roclient", "valid");
var jwt = await creator.CreateTokenAsync(token);
var jwt = await creator.CreateTokenAsync(token, _ct);
var validator = Factory.CreateTokenValidator();
var result = await validator.ValidateIdentityTokenAsync(jwt, "roclient", true, _ct);
@ -37,7 +37,7 @@ public class IdentityTokenValidation
public async Task Valid_IdentityToken_DefaultKeyType_no_ClientId_supplied()
{
var creator = Factory.CreateDefaultTokenCreator();
var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"));
var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"), _ct);
var validator = Factory.CreateTokenValidator();
var result = await validator.ValidateIdentityTokenAsync(jwt, "roclient", true, _ct);
@ -49,7 +49,7 @@ public class IdentityTokenValidation
public async Task Valid_IdentityToken_no_ClientId_supplied()
{
var creator = Factory.CreateDefaultTokenCreator();
var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"));
var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"), _ct);
var validator = Factory.CreateTokenValidator();
var result = await validator.ValidateIdentityTokenAsync(jwt, null, true, _ct);
@ -61,7 +61,7 @@ public class IdentityTokenValidation
public async Task IdentityToken_InvalidClientId()
{
var creator = Factory.CreateDefaultTokenCreator();
var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"));
var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityToken("roclient", "valid"), _ct);
var validator = Factory.CreateTokenValidator();
var result = await validator.ValidateIdentityTokenAsync(jwt, "invalid", true, _ct);
@ -74,7 +74,7 @@ public class IdentityTokenValidation
public async Task IdentityToken_Too_Long()
{
var creator = Factory.CreateDefaultTokenCreator();
var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityTokenLong("roclient", "valid", 1000));
var jwt = await creator.CreateTokenAsync(TokenFactory.CreateIdentityTokenLong("roclient", "valid", 1000), _ct);
var validator = Factory.CreateTokenValidator();
var result = await validator.ValidateIdentityTokenAsync(jwt, "roclient", true, _ct);
@ -91,7 +91,7 @@ public class IdentityTokenValidation
id_token.Claims.Add(new System.Security.Claims.Claim("aud", "some_aud"));
// this should not throw
var jwt = await creator.CreateTokenAsync(id_token);
var jwt = await creator.CreateTokenAsync(id_token, _ct);
// check that the custom aud was ignored
var payload = jwt.Split('.')[1];