using System.Text;
using Microsoft.IdentityModel.JsonWebTokens;
using Microsoft.IdentityModel.Tokens;
namespace Bff.Tests;
/// Mints JWTs for the BFF tests — signed with the factory's test key (valid) or otherwise
/// (a wrong key / expired) to exercise the bearer validation the BFF configures.
internal static class TestTokens
{
public static string Valid(string bsn) => Create(bsn, BffFactory.TestSigningKey, expired: false);
public static string Expired(string bsn) => Create(bsn, BffFactory.TestSigningKey, expired: true);
public static string WrongKey(string bsn) => Create(
bsn,
new SymmetricSecurityKey(Encoding.UTF8.GetBytes("a-different-signing-key-256-bits-long-indeed-yes!")),
expired: false);
private static string Create(string bsn, SymmetricSecurityKey key, bool expired)
{
var handler = new JsonWebTokenHandler();
return handler.CreateToken(new SecurityTokenDescriptor
{
Claims = new Dictionary { ["bsn"] = bsn },
Expires = DateTime.UtcNow.AddMinutes(expired ? -5 : 30),
SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.HmacSha256),
});
}
}