Azure · seantleonard · Nov 30, 2022 · Nov 18, 2022 · Nov 18, 2022 · Nov 22, 2022
@@ -1,3 +1,4 @@
+#nullable enable
 using System;
 using System.Collections.Generic;
 using System.Security.Claims;
@@ -13,8 +14,14 @@ internal static class AuthTestHelper
         /// <summary>
         /// Creates a mocked EasyAuth token, namely, the value of the header injected by EasyAuth.
         /// </summary>
+        /// <param name="nameClaimType">Defines the ClaimType of the claim used for the return value of Identity.Name </param>
+        /// <param name="roleClaimType">Defines the ClaimType of the claim used for the return value of ClaimsPrincpal.IsInRole(roleName)</param>
         /// <returns>A Base64 encoded string of a serialized EasyAuthClientPrincipal object</returns>
-        public static string CreateAppServiceEasyAuthToken()
+        /// <seealso cref="https://learn.microsoft.com/en-us/dotnet/api/system.security.claims.claimsidentity.nameclaimtype?view=net-6.0"/>
+        /// <seealso cref="https://learn.microsoft.com/en-us/dotnet/api/system.security.claims.claimsidentity.roleclaimtype?view=net-6.0"/>
+        public static string CreateAppServiceEasyAuthToken(
+            string? nameClaimType = ClaimTypes.Name,
+            string? roleClaimType = ClaimTypes.Role)
         {
             AppServiceClaim emailClaim = new()
             {
@@ -25,26 +32,56 @@ public static string CreateAppServiceEasyAuthToken()
             AppServiceClaim roleClaimAnonymous = new()
             {
                 Val = "Anonymous",
-                Typ = ClaimTypes.Role
+                Typ = roleClaimType
             };
 
             AppServiceClaim roleClaimAuthenticated = new()
             {
                 Val = "Authenticated",
+                Typ = roleClaimType
+            };
+
+            AppServiceClaim roleClaimShortNameClaimType = new()
+            {
+                Val = "RoleShortClaimType",
+                Typ = "roles"
+            };
+
+            AppServiceClaim roleClaimUriClaimType = new()
+            {
+                Val = "RoleUriClaimType",
                 Typ = ClaimTypes.Role
             };
 
-            List<AppServiceClaim> claims = new();
-            claims.Add(emailClaim);
-            claims.Add(roleClaimAnonymous);
-            claims.Add(roleClaimAuthenticated);
+            AppServiceClaim nameShortClaimType = new()
+            {
+                Val = "NameShortClaimType",
+                Typ = "unique_name"
+            };
+
+            AppServiceClaim nameUriClaimType = new()
+            {
+                Val = "NameUriClaimType",
+                Typ = ClaimTypes.Name
+            };
+
+            List<AppServiceClaim> claims = new()
+            {
+                emailClaim,
+                roleClaimAnonymous,
+                roleClaimAuthenticated,
+                roleClaimShortNameClaimType,
+                roleClaimUriClaimType,
+                nameShortClaimType,
+                nameUriClaimType
+            };
 
             AppServiceClientPrincipal token = new()
             {
                 Auth_typ = "aad",
-                Name_typ = "Apple Banana",
+                Name_typ = nameClaimType,
                 Claims = claims,
-                Role_typ = ClaimTypes.Role
+                Role_typ = roleClaimType
             };
 
             string serializedToken = JsonSerializer.Serialize(value: token);
@@ -60,8 +97,8 @@ public static string CreateAppServiceEasyAuthToken()
         /// <returns>A Base64 encoded string of a serialized StaticWebAppsClientPrincipal object</returns>
         public static string CreateStaticWebAppsEasyAuthToken(
             bool addAuthenticated = true,
-            string specificRole = null,
-            IEnumerable<SWAPrincipalClaim> claims = null)
+            string? specificRole = null,
+            IEnumerable<SWAPrincipalClaim>? claims = null)
         {
             // The anonymous role is present in all requests sent to Static Web Apps or AppService endpoints.
             List<string> roles = new()