using System; using System.Collections.Generic; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Options; using StellaOps.Auth.Abstractions; using StellaOps.Auth.ServerIntegration; using Xunit; namespace StellaOps.Auth.ServerIntegration.Tests; public class ServiceCollectionExtensionsTests { [Fact] public void AddStellaOpsResourceServerAuthentication_ConfiguresJwtBearer() { var configuration = new ConfigurationBuilder() .AddInMemoryCollection(new Dictionary { ["Authority:ResourceServer:Authority"] = "https://authority.example", ["Authority:ResourceServer:Audiences:0"] = "api://concelier", ["Authority:ResourceServer:RequiredScopes:0"] = "concelier.jobs.trigger", ["Authority:ResourceServer:BypassNetworks:0"] = "127.0.0.1/32" }) .Build(); var services = new ServiceCollection(); services.AddLogging(); services.AddStellaOpsResourceServerAuthentication(configuration); using var provider = services.BuildServiceProvider(); var resourceOptions = provider.GetRequiredService>().CurrentValue; var jwtOptions = provider.GetRequiredService>().Get(StellaOpsAuthenticationDefaults.AuthenticationScheme); Assert.NotNull(jwtOptions.Authority); Assert.Equal(new Uri("https://authority.example/"), new Uri(jwtOptions.Authority!)); Assert.True(jwtOptions.TokenValidationParameters.ValidateAudience); Assert.Contains("api://concelier", jwtOptions.TokenValidationParameters.ValidAudiences); Assert.Equal(TimeSpan.FromSeconds(60), jwtOptions.TokenValidationParameters.ClockSkew); Assert.Equal(new[] { "concelier.jobs.trigger" }, resourceOptions.NormalizedScopes); Assert.IsType(jwtOptions.ConfigurationManager); } }