From 8c9ff02a149a4631db155ee0e1118e0f1b1c2578 Mon Sep 17 00:00:00 2001 From: Oleksandr Kyselov Date: Sat, 22 Oct 2022 19:04:09 +0200 Subject: [PATCH] - Enhanced Token Validation Parameter Helpers to allow multiple audiences. --- .../TokenValidationShould.cs | 38 +++++++++++++++++++ .../TokenValidationShould.cs | 38 +++++++++++++++++++ .../Configuration/ConfigurationBuilder.cs | 5 +++ .../TokenValidationParametersHelpers.cs | 17 +++++++++ 4 files changed, 98 insertions(+) diff --git a/src/AzureFunctions.Extensions.OpenIDConnect.InProcess.Tests/TokenValidationShould.cs b/src/AzureFunctions.Extensions.OpenIDConnect.InProcess.Tests/TokenValidationShould.cs index c2bacad..291d4d3 100644 --- a/src/AzureFunctions.Extensions.OpenIDConnect.InProcess.Tests/TokenValidationShould.cs +++ b/src/AzureFunctions.Extensions.OpenIDConnect.InProcess.Tests/TokenValidationShould.cs @@ -7,6 +7,7 @@ namespace AzureFunctions.Extensions.OpenIDConnect.InProcess.Tests using Microsoft.Extensions.DependencyInjection; using Microsoft.IdentityModel.Tokens; using NUnit.Framework; + using System.Collections.Generic; public class TokenValidationShould { @@ -46,5 +47,42 @@ public void BeSecure_When_Using_Audience_And_Issuer() // Assert tokenValidationParameters.Should().BeEquivalentTo(expected); } + + [Test] + public void BeSecure_When_Using_Audiences_And_Issuer() + { + // Arrange + var collection = ServiceCollectionFixture.MinimalAzFunctionsServices(); + + var audiences = new List { "my_audience_1", "my_audience_2" }; + var issuer = "https://me.secure.com"; + + collection.AddOpenIDConnect(builder => + { + builder.SetIssuerBaseUrlConfiguration("http://anyurl.com"); + builder.SetTokenValidation(audiences, issuer); + }); + + var provider = collection.BuildServiceProvider(); + + var expected = new TokenValidationParameters + { + RequireSignedTokens = true, + ValidateIssuerSigningKey = true, + ValidateLifetime = true, + + ValidateAudience = true, + ValidAudiences = audiences, + + ValidateIssuer = true, + ValidIssuer = issuer + }; + + // Act + var tokenValidationParameters = provider.GetService(); + + // Assert + tokenValidationParameters.Should().BeEquivalentTo(expected); + } } } \ No newline at end of file diff --git a/src/AzureFunctions.Extensions.OpenIDConnect.Isolated.Tests/TokenValidationShould.cs b/src/AzureFunctions.Extensions.OpenIDConnect.Isolated.Tests/TokenValidationShould.cs index 25f2df4..031ec7b 100644 --- a/src/AzureFunctions.Extensions.OpenIDConnect.Isolated.Tests/TokenValidationShould.cs +++ b/src/AzureFunctions.Extensions.OpenIDConnect.Isolated.Tests/TokenValidationShould.cs @@ -4,6 +4,7 @@ using Microsoft.Extensions.DependencyInjection; using Microsoft.IdentityModel.Tokens; using NUnit.Framework; +using System.Collections.Generic; namespace AzureFunctions.Extensions.OpenIDConnect.Isolated.Tests { @@ -45,5 +46,42 @@ public void BeSecure_When_Using_Audience_And_Issuer() // Assert tokenValidationParameters.Should().BeEquivalentTo(expected); } + + [Test] + public void BeSecure_When_Using_Audiences_And_Issuer() + { + // Arrange + var collection = ServiceCollectionFixture.MinimalAzFunctionsServices(); + + var audiences = new List { "my_audience_1", "my_audience_2" }; + var issuer = "https://me.secure.com"; + + collection.AddOpenIDConnect(builder => + { + builder.SetIssuerBaseUrlConfiguration("http://anyurl.com"); + builder.SetTokenValidation(audiences, issuer); + }); + + var provider = collection.BuildServiceProvider(); + + var expected = new TokenValidationParameters + { + RequireSignedTokens = true, + ValidateIssuerSigningKey = true, + ValidateLifetime = true, + + ValidateAudience = true, + ValidAudiences = audiences, + + ValidateIssuer = true, + ValidIssuer = issuer + }; + + // Act + var tokenValidationParameters = provider.GetService(); + + // Assert + tokenValidationParameters.Should().BeEquivalentTo(expected); + } } } \ No newline at end of file diff --git a/src/AzureFunctions.Extensions.OpenIDConnect/Configuration/ConfigurationBuilder.cs b/src/AzureFunctions.Extensions.OpenIDConnect/Configuration/ConfigurationBuilder.cs index aa0f6aa..5938604 100644 --- a/src/AzureFunctions.Extensions.OpenIDConnect/Configuration/ConfigurationBuilder.cs +++ b/src/AzureFunctions.Extensions.OpenIDConnect/Configuration/ConfigurationBuilder.cs @@ -35,6 +35,11 @@ public void SetTokenValidation(string audience, string issuer) SetTokenValidation(TokenValidationParametersHelpers.Default(audience, issuer)); } + public void SetTokenValidation(IEnumerable audiences, string issuer) + { + SetTokenValidation(TokenValidationParametersHelpers.Default(audiences, issuer)); + } + public void SetTokenValidation(TokenValidationParameters settings) { _services.AddSingleton(settings); diff --git a/src/AzureFunctions.Extensions.OpenIDConnect/Configuration/TokenValidationParametersHelpers.cs b/src/AzureFunctions.Extensions.OpenIDConnect/Configuration/TokenValidationParametersHelpers.cs index f86d809..cef05d3 100644 --- a/src/AzureFunctions.Extensions.OpenIDConnect/Configuration/TokenValidationParametersHelpers.cs +++ b/src/AzureFunctions.Extensions.OpenIDConnect/Configuration/TokenValidationParametersHelpers.cs @@ -1,4 +1,5 @@ using Microsoft.IdentityModel.Tokens; +using System.Collections.Generic; namespace AzureFunctions.Extensions.OpenIDConnect.Configuration { @@ -19,5 +20,21 @@ public static TokenValidationParameters Default(string audience, string issuer) ValidIssuer = issuer }; } + + public static TokenValidationParameters Default(IEnumerable audiences, string issuer) + { + return new TokenValidationParameters + { + RequireSignedTokens = true, + ValidateIssuerSigningKey = true, + ValidateLifetime = true, + + ValidateAudience = true, + ValidAudiences = audiences, + + ValidateIssuer = true, + ValidIssuer = issuer + }; + } } } \ No newline at end of file