Red — the medewerker JWT scheme, the behandelaar policy, and the werkbak endpoint do not exist yet (endpoint 404s). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
47 lines
1.9 KiB
C#
47 lines
1.9 KiB
C#
using System.Text;
|
|
using Microsoft.IdentityModel.JsonWebTokens;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
|
|
namespace Bff.Tests;
|
|
|
|
/// <summary>Mints JWTs for the BFF tests — signed with the factory's test key (valid) or otherwise
|
|
/// (a wrong key / expired) to exercise the bearer validation the BFF configures.</summary>
|
|
internal static class TestTokens
|
|
{
|
|
public static string Valid(string bsn) => Create(bsn, BffFactory.TestSigningKey, expired: false);
|
|
|
|
public static string Expired(string bsn) => Create(bsn, BffFactory.TestSigningKey, expired: true);
|
|
|
|
public static string WrongKey(string bsn) => Create(
|
|
bsn,
|
|
new SymmetricSecurityKey(Encoding.UTF8.GetBytes("a-different-signing-key-256-bits-long-indeed-yes!")),
|
|
expired: false);
|
|
|
|
/// <summary>A medewerker-realm token carrying the given realm roles under <c>realm_access.roles</c>
|
|
/// (Keycloak's shape), signed with the valid test key. Used to exercise behandel authorization.</summary>
|
|
public static string Medewerker(params string[] roles)
|
|
{
|
|
var handler = new JsonWebTokenHandler();
|
|
return handler.CreateToken(new SecurityTokenDescriptor
|
|
{
|
|
Claims = new Dictionary<string, object>
|
|
{
|
|
["realm_access"] = new Dictionary<string, object> { ["roles"] = roles },
|
|
},
|
|
Expires = DateTime.UtcNow.AddMinutes(30),
|
|
SigningCredentials = new SigningCredentials(BffFactory.TestSigningKey, SecurityAlgorithms.HmacSha256),
|
|
});
|
|
}
|
|
|
|
private static string Create(string bsn, SymmetricSecurityKey key, bool expired)
|
|
{
|
|
var handler = new JsonWebTokenHandler();
|
|
return handler.CreateToken(new SecurityTokenDescriptor
|
|
{
|
|
Claims = new Dictionary<string, object> { ["bsn"] = bsn },
|
|
Expires = DateTime.UtcNow.AddMinutes(expired ? -5 : 30),
|
|
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256),
|
|
});
|
|
}
|
|
}
|