private static WebAccount MatchWamAccountToMsalAccount(
IWamPlugin wamPlugin,
IAccount account,
string loginHint,
IEnumerable <WebAccount> wamAccounts)
{
WebAccount matchedAccountByLoginHint = null;
foreach (var wamAccount in wamAccounts)
{
string homeAccountId = wamPlugin.GetHomeAccountIdOrNull(wamAccount);
if (!string.IsNullOrEmpty(homeAccountId) &&
string.Equals(homeAccountId, account?.HomeAccountId?.Identifier, StringComparison.OrdinalIgnoreCase))
{
return(wamAccount);
}
if (!string.IsNullOrEmpty(loginHint) &&
string.Equals(loginHint, wamAccount.UserName, StringComparison.OrdinalIgnoreCase))
{
matchedAccountByLoginHint = wamAccount;
}
}
return(matchedAccountByLoginHint);
}
public async Task ATS_AccountMatchingInWAM_MatchingHomeAccId_Async()
{
string homeAccId = $"{TestConstants.Uid}.{TestConstants.Utid}";
// Arrange
using (var harness = CreateTestHarness())
{
var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null);
var requestParams = harness.CreateAuthenticationRequestParameters(TestConstants.AuthorityConsumerTidTenant); // MSA
var webAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected);
IReadOnlyList <WebAccount> webAccounts = new List <WebAccount>()
{
webAccount
};
var webTokenRequest = new WebTokenRequest(wamAccountProvider);
var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>();
webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success);
var webTokenResponse = new WebTokenResponse();
webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>()
{
webTokenResponse
});
_wamProxy.FindAllWebAccountsAsync(wamAccountProvider, TestConstants.ClientId).Returns(Task.FromResult(webAccounts));
// WAM can give MSAL the home account ID of a Wam account, which MSAL matches to a WAM account
_msaPlugin.GetHomeAccountIdOrNull(webAccount).Returns(homeAccId);
_msaPlugin.CreateWebTokenRequestAsync(
wamAccountProvider,
requestParams,
isForceLoginPrompt: false,
isAccountInWam: true,
isInteractive: false)
.Returns(Task.FromResult(webTokenRequest));
requestParams.Account = new Account(
homeAccId, // matching in on home acc id
"*****@*****.**", // matching is not on UPN
null); // account does not have wam_id, might be coming directly from WAM
var atsParams = new AcquireTokenSilentParameters();
_webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider));
_wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest).
Returns(Task.FromResult(webTokenResponseWrapper));
_msaPlugin.ParseSuccesfullWamResponse(webTokenResponse).Returns(_msalTokenResponse);
// Act
var result = await _wamBroker.AcquireTokenSilentAsync(requestParams, atsParams).ConfigureAwait(false);
// Assert
Assert.AreSame(_msalTokenResponse, result);
}
}
public async Task ATS_NoAccountMatching_ThrowsUiRequiredException_Async()
{
string homeAccId = $"{TestConstants.Uid}.{TestConstants.Utid}";
// Arrange
using (var harness = CreateTestHarness())
{
_webAccountProviderFactory.ClearReceivedCalls();
var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null);
var requestParams = harness.CreateAuthenticationRequestParameters(TestConstants.AuthorityHomeTenant); // AAD
var webAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected);
IReadOnlyList <WebAccount> webAccounts = new List <WebAccount>()
{
webAccount
};
var webTokenRequest = new WebTokenRequest(wamAccountProvider);
_wamProxy.FindAllWebAccountsAsync(wamAccountProvider, TestConstants.ClientId).Returns(Task.FromResult(webAccounts));
_aadPlugin.GetHomeAccountIdOrNull(webAccount).Returns("other_home_acc_id");
requestParams.Account = new Account(
homeAccId, // matching in on home acc id
"*****@*****.**", // matching is not on UPN
null); // account does not have wam_id, might be coming directly from WAM
var atsParams = new AcquireTokenSilentParameters();
_webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider));
// Act / Assert
var ex = await AssertException.TaskThrowsAsync <MsalUiRequiredException>(
() => _wamBroker.AcquireTokenSilentAsync(requestParams, atsParams)).ConfigureAwait(false);
}
}
