Im implementing Aspnet OpenIdConnect Server (ASOS) in a asp.net core 1.1 project and im currently trying to implement some integration testing (xunit
& moq
) using Microsoft.AspNetCore.TestHost.TestServer.
The issue i have is manually generating a fake accesstoken with which to populate a AuthenticationHeaderValue
for the HttpClient
requests. Searched for a working solution to this but sofar ive been unsuccessful.
So my question: Anyone has a tip as how to manually generating accesstokens for TestServer without having to call the token endpoint of ASOS for testing?
While ASOS deliberately prevents you from creating tokens from arbitrary places (they can be only generated during OpenID Connect requests), you can directly use the underlying ASP.NET Core APIs to generate fake tokens that will be accepted by the OAuth2 validation middleware:
That said, it's rarely the most efficient method if you want to test your own token-protected APIs. Instead, I'd recommend setting
HttpContext.User
or using the OAuth2 validation middleware events to use fake identities without involving crypto operations.You can also mock the
AccessTokenFormat
: