openId id_token validation in javascript (an angular service)

This post is related to the following stackoverflow question :
How can I validate an openId id_token in javascript.

The Short story

we need to use JSWS.

  1. download the libraries from here. I’ve downloaded version 3.0.2.
  2. in your index.html,reference the jws-3.0.js, the json-sans-eval.js file that you downloaded above
    (json-sans-eval is located in [jsjws-3.0.2\ext] directory. (more info on it can be found here
    json-sans-eval site)
  3. if you run the code, you will get the following exception : b64utohex is not defined
  4. you need to reference another library. in fact I found the related project jsrsasign having the required libraries.
    you can download a release here :
    I downloaded the version 4.7.0 and took out the jsrsasign-4.7.0-all-min.js file and added in referencing scripts.

Now you have all the necessary files to get it done using the following code :

  function validateToken(id_token, cert) {
        var jws = new KJUR.jws.JWS();
        var result = 0;
        result = jws.verifyJWSByPemX509Cert(id_token, cert);
        if (result) {
            result = JSON.parse(jws.parsedJWS.payloadS);
        } else {
            result = 'unable to verify token';
        return result;

Token validation coming from an openid endpoint will also be part fo my angular-toolkit project : check it here

Read more to get the Long story …

Continue reading openId id_token validation in javascript (an angular service)

Async Test with jasmine and angularjs

This post describes how to test angular services that makes use of promise (simple or with $http, $timeout…) with the jasmine testing framework. All the code is located here : angular-playground. I use karma to display the test result. So just karma start at the root.
for more info on async support check this:

Continue reading Async Test with jasmine and angularjs

Install sinon with jasmine and Karma

lately I wanted to use sinon within karma. So I simply did the following :

install sinon with bower : bower install sinon

then added the sinon.js to the karma files in the karma.conf.js like so :

files: [

and use it in my jasmine test specs file…. but it didn’t work.

And here is the solution:

in a command prompt, navigate to the root of your project and type :

npm install karma-sinon --save-dev

then in your karma.conf.js file add the following:

frameworks: ['jasmine', 'sinon']

You can now use sinon in your jasmine files

var mySUT = {
    callCallback: function (cb) {

 describe('spies', function () {
        it('should spy on a callback', function(){
            var spy = sinon.spy();  

Testing angularjs modules with jasmine and Karma

Lately I had to choose a testing framework and wanted to be fast and to provide fast feedback (kind of Ncrunch for .net) I achieved that with jasmine and karma.

As an example to this post, I will describe the setup using angular-toolkit as a reference project. (while writing this post, I use tag 0.0.5 of angular-toolkit project)

In this post, I will describe how to set up jasmine, write a little spec and run these with karma, so you have direct feedback of your changes.

Continue reading Testing angularjs modules with jasmine and Karma

selfhosted IdentityServer v3 and WebApi running in the same process

This article walks through creating a project in visual studio to run Identity Server V3 as self-hosted, so we won’t required IIS and we will use this installation to test some of angular-toolkit functionalities.

For more in depth information, this article is based on this post : Creating the simplest OAuth2 Authorization Server, Client and API. The difference here is that we will put everything in one selfhosted project. (we will host multiple server in one process)

the code is available here :

Continue reading selfhosted IdentityServer v3 and WebApi running in the same process

setting up an angular dev-build-test environment : part 1

This post is part of a series that documents the setup of a complete development environment for developing robust angular apps or libraries.

In this post and subsequent, I will document how to set up a development environment to create an angular module which I called angular toolkit and that can be found here :  angular-toolkit

angular-toolkit will be a module where I will put the common patterns and services that we need in every angular application like logging, notification, authentication, dataservice …

To develop it, I choose the following:

Code editor :

Continuous integration with Travis CI

build automation with gulp

Testing with jasmine an karma

Continue reading setting up an angular dev-build-test environment : part 1