public async Task WAM_AccountIds_GetMerged_Async()
{
// Arrange
using (var httpManager = new MockHttpManager())
{
var cache = new InMemoryTokenCache();
httpManager.AddInstanceDiscoveryMockHandler();
var mockBroker = Substitute.For <IBroker>();
mockBroker.IsBrokerInstalledAndInvokable().Returns(true);
var msalTokenResponse1 = CreateMsalTokenResponseFromWam("wam1");
var msalTokenResponse2 = CreateMsalTokenResponseFromWam("wam2");
var msalTokenResponse3 = CreateMsalTokenResponseFromWam("wam3");
// 2 apps must share the token cache, like FOCI apps, for this test to be interesting
var pca1 = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithExperimentalFeatures(true)
.WithBroker(true)
.WithHttpManager(httpManager)
.BuildConcrete();
var pca2 = PublicClientApplicationBuilder.Create(TestConstants.ClientId2)
.WithExperimentalFeatures(true)
.WithBroker(true)
.WithHttpManager(httpManager)
.BuildConcrete();
cache.Bind(pca1.UserTokenCache);
cache.Bind(pca2.UserTokenCache);
pca1.ServiceBundle.PlatformProxy.SetBrokerForTest(mockBroker);
pca2.ServiceBundle.PlatformProxy.SetBrokerForTest(mockBroker);
// Act
mockBroker.AcquireTokenInteractiveAsync(null, null).ReturnsForAnyArgs(Task.FromResult(msalTokenResponse1));
await pca1.AcquireTokenInteractive(TestConstants.s_scope).ExecuteAsync().ConfigureAwait(false);
// this should override wam1 id
mockBroker.AcquireTokenInteractiveAsync(null, null).ReturnsForAnyArgs(Task.FromResult(msalTokenResponse2));
await pca1.AcquireTokenInteractive(TestConstants.s_scope).ExecuteAsync().ConfigureAwait(false);
mockBroker.AcquireTokenInteractiveAsync(null, null).ReturnsForAnyArgs(Task.FromResult(msalTokenResponse3));
await pca2.AcquireTokenInteractive(TestConstants.s_scope).ExecuteAsync().ConfigureAwait(false);
var accounts1 = await pca1.GetAccountsAsync().ConfigureAwait(false);
var accounts2 = await pca2.GetAccountsAsync().ConfigureAwait(false);
// Assert
var wamAccountIds = (accounts1.Single() as IAccountInternal).WamAccountIds;
Assert.AreEqual(2, wamAccountIds.Count);
Assert.AreEqual("wam2", wamAccountIds[TestConstants.ClientId]);
Assert.AreEqual("wam3", wamAccountIds[TestConstants.ClientId2]);
CoreAssert.AssertDictionariesAreEqual(wamAccountIds, (accounts2.Single() as IAccountInternal).WamAccountIds, StringComparer.Ordinal);
}
}
public async Task TokensAreInterchangable_Regional_To_NonRegional_Async()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddRegionDiscoveryMockHandler(TestConstants.Region);
httpManager.AddMockHandler(CreateTokenResponseHttpHandler(true));
IConfidentialClientApplication appWithRegion = CreateCca(
httpManager,
ConfidentialClientApplication.AttemptRegionDiscovery);
InMemoryTokenCache memoryTokenCache = new InMemoryTokenCache();
memoryTokenCache.Bind(appWithRegion.AppTokenCache);
IConfidentialClientApplication appWithoutRegion = CreateCca(
httpManager,
null);
memoryTokenCache.Bind(appWithoutRegion.AppTokenCache);
AuthenticationResult result = await appWithRegion
.AcquireTokenForClient(TestConstants.s_scope)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(TestConstants.Region, result.ApiEvent.RegionUsed);
Assert.AreEqual(TestConstants.Region, result.ApiEvent.AutoDetectedRegion);
Assert.AreEqual(RegionAutodetectionSource.Imds, result.ApiEvent.RegionAutodetectionSource);
Assert.AreEqual(RegionOutcome.AutodetectSuccess, result.ApiEvent.RegionOutcome);
Assert.AreEqual(TestConstants.Region, result.AuthenticationResultMetadata.RegionDetails.RegionUsed);
Assert.AreEqual(RegionOutcome.AutodetectSuccess, result.AuthenticationResultMetadata.RegionDetails.RegionOutcome);
Assert.IsNull(result.AuthenticationResultMetadata.RegionDetails.AutoDetectionError);
// when switching to non-region, token is found in the cache
result = await appWithoutRegion
.AcquireTokenForClient(TestConstants.s_scope)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(null, result.ApiEvent.RegionUsed);
Assert.IsNull(result.ApiEvent.AutoDetectedRegion);
Assert.AreEqual(RegionAutodetectionSource.None, result.ApiEvent.RegionAutodetectionSource);
Assert.AreEqual(RegionOutcome.None, result.ApiEvent.RegionOutcome);
Assert.IsTrue(result.AuthenticationResultMetadata.TokenSource == TokenSource.Cache);
Assert.IsNull(result.AuthenticationResultMetadata.RegionDetails.RegionUsed);
Assert.AreEqual(RegionOutcome.None, result.AuthenticationResultMetadata.RegionDetails.RegionOutcome);
Assert.IsNull(result.AuthenticationResultMetadata.RegionDetails.AutoDetectionError);
}
}
private PublicClientApplication CreatePca(MockHttpManager httpManager, bool populateUserCache = false)
{
PublicClientApplication pca = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), false)
.WithHttpManager(httpManager)
.BuildConcrete();
if (populateUserCache)
{
TokenCacheHelper.PopulateCache(pca.UserTokenCacheInternal.Accessor);
}
InMemoryTokenCache memoryTokenCache = new InMemoryTokenCache(withOperationDelay: true, shouldClearExistingCache: false);
memoryTokenCache.Bind(pca.UserTokenCache);
return(pca);
}
public async Task TelemetrySerializedTokenCacheTestAsync()
{
Environment.SetEnvironmentVariable(TestConstants.RegionName, TestConstants.Region);
var inMemoryTokenCache = new InMemoryTokenCache();
inMemoryTokenCache.Bind(_app.AppTokenCache);
Trace.WriteLine("Acquire token for client with token serialization.");
var result = await RunAcquireTokenForClientAsync(AcquireTokenForClientOutcome.Success).ConfigureAwait(false);
AssertCurrentTelemetry(result.HttpRequest,
ApiIds.AcquireTokenForClient,
"1",
isCacheSerialized: true);
AssertPreviousTelemetry(result.HttpRequest, expectedSilentCount: 0);
}
public async Task MetricsUpdatedSucessfully_AcquireTokenForClient_Async()
{
using (var harness = CreateTestHarness())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
harness.HttpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage();
ConfidentialClientApplication cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), false)
.WithRedirectUri(TestConstants.RedirectUri)
.WithClientSecret(TestConstants.ClientSecret)
.WithHttpManager(harness.HttpManager)
.BuildConcrete();
InMemoryTokenCache memoryTokenCache = new InMemoryTokenCache(withOperationDelay: true, shouldClearExistingCache: false);
memoryTokenCache.Bind(cca.AppTokenCache);
// Act - AcquireTokenForClient
AuthenticationResult result = await cca.AcquireTokenForClient(TestConstants.s_scope.ToArray()).ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
Assert.IsTrue(result.AuthenticationResultMetadata.DurationInCacheInMs > 0);
Assert.IsTrue(result.AuthenticationResultMetadata.DurationTotalInMs > 0);
Assert.AreEqual(
"https://login.microsoftonline.com/common/oauth2/v2.0/token",
result.AuthenticationResultMetadata.TokenEndpoint);
Assert.AreEqual(1, Metrics.TotalAccessTokensFromIdP);
Assert.AreEqual(0, Metrics.TotalAccessTokensFromCache);
Assert.AreEqual(0, Metrics.TotalAccessTokensFromBroker);
// Act - AcquireTokenForClient returns result from cache
result = await cca.AcquireTokenForClient(TestConstants.s_scope.ToArray()).ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
Assert.IsTrue(result.AuthenticationResultMetadata.DurationInCacheInMs > 0);
Assert.IsTrue(result.AuthenticationResultMetadata.DurationInHttpInMs == 0);
Assert.IsTrue(result.AuthenticationResultMetadata.DurationTotalInMs > 0);
Assert.AreEqual(1, Metrics.TotalAccessTokensFromIdP);
Assert.AreEqual(1, Metrics.TotalAccessTokensFromCache);
Assert.AreEqual(0, Metrics.TotalAccessTokensFromBroker);
Assert.IsTrue(Metrics.TotalDurationInMs > 0);
Assert.IsNull(result.AuthenticationResultMetadata.TokenEndpoint);
}
}
public void GlobalSetup()
{
var cca = ConfidentialClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority(new Uri(TestConstants.AuthorityTestTenant))
.WithRedirectUri(TestConstants.RedirectUri)
.WithClientSecret(TestConstants.ClientSecret)
.BuildConcrete();
var inMemoryTokenCache = new InMemoryTokenCache();
inMemoryTokenCache.Bind(cca.AppTokenCache);
TokenCacheHelper tokenCacheHelper = new TokenCacheHelper();
tokenCacheHelper.PopulateCacheForClientCredential(cca.AppTokenCacheInternal.Accessor, TokenCacheSize);
_acquireTokenForClientBuilder = cca
.AcquireTokenForClient(TestConstants.s_scope)
.WithForceRefresh(false);
}
public async Task TelemetryTestSerializedTokenCacheAsync()
{
using (_harness = CreateTestHarness())
{
_harness.HttpManager.AddInstanceDiscoveryMockHandler();
_app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithHttpManager(_harness.HttpManager)
.WithDefaultRedirectUri()
.WithLogging((lvl, msg, pii) => Trace.WriteLine($"[MSAL_LOG][{lvl}] {msg}"))
.BuildConcrete();
var inMemoryTokenCache = new InMemoryTokenCache();
inMemoryTokenCache.Bind(_app.UserTokenCache);
Trace.WriteLine("Step 1. Acquire Token Interactive successful");
var result = await RunAcquireTokenInteractiveAsync(AcquireTokenInteractiveOutcome.Success).ConfigureAwait(false);
AssertCurrentTelemetry(result.HttpRequest, ApiIds.AcquireTokenInteractive, CacheInfoTelemetry.None, isCacheSerialized: true);
AssertPreviousTelemetry(result.HttpRequest, expectedSilentCount: 0);
}
}
public async Task TokensAreInterchangable_NonRegional_To_Regional_Async()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandler(CreateTokenResponseHttpHandler(false));
IConfidentialClientApplication appWithRegion = CreateCca(
httpManager,
ConfidentialClientApplication.AttemptRegionDiscovery);
InMemoryTokenCache memoryTokenCache = new InMemoryTokenCache();
memoryTokenCache.Bind(appWithRegion.AppTokenCache);
IConfidentialClientApplication appWithoutRegion = CreateCca(
httpManager,
null);
memoryTokenCache.Bind(appWithoutRegion.AppTokenCache);
AuthenticationResult result = await appWithoutRegion
.AcquireTokenForClient(TestConstants.s_scope)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsTrue(result.AuthenticationResultMetadata.TokenSource == TokenSource.IdentityProvider);
httpManager.AddRegionDiscoveryMockHandler("uscentral");
// when switching to non-region, token is found in the cache
result = await appWithRegion
.AcquireTokenForClient(TestConstants.s_scope)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsTrue(result.AuthenticationResultMetadata.TokenSource == TokenSource.Cache);
}
}
private async Task <(HttpRequestMessage HttpRequest, Guid Correlationid)> RunAcquireTokenForClientAsync(
AcquireTokenForClientOutcome outcome, bool forceRefresh = false, bool serializeCache = false)
{
MockHttpMessageHandler tokenRequestHandler = null;
Guid correlationId = default;
switch (outcome)
{
case AcquireTokenForClientOutcome.Success:
var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(AzureCloudInstance.AzurePublic, TestConstants.TenantId, false)
.WithClientSecret(TestConstants.ClientSecret)
.WithHttpManager(_harness.HttpManager)
.WithAzureRegion()
.WithExperimentalFeatures(true)
.BuildConcrete();
if (serializeCache)
{
InMemoryTokenCache mem = new InMemoryTokenCache();
mem.Bind(app.AppTokenCache);
}
tokenRequestHandler = _harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(authority: TestConstants.AuthorityRegional);
var authResult = await app
.AcquireTokenForClient(TestConstants.s_scope)
.WithForceRefresh(forceRefresh)
.ExecuteAsync()
.ConfigureAwait(false);
correlationId = authResult.CorrelationId;
break;
case AcquireTokenForClientOutcome.FallbackToGlobal:
_harness.HttpManager.AddInstanceDiscoveryMockHandler();
tokenRequestHandler = _harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(authority: TestConstants.AuthorityTenant);
var app2 = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(AzureCloudInstance.AzurePublic, TestConstants.TenantId, false)
.WithClientSecret(TestConstants.ClientSecret)
.WithHttpManager(_harness.HttpManager)
.WithAzureRegion()
.WithExperimentalFeatures(true)
.BuildConcrete();
authResult = await app2
.AcquireTokenForClient(TestConstants.s_scope)
.WithForceRefresh(forceRefresh)
.ExecuteAsync()
.ConfigureAwait(false);
correlationId = authResult.CorrelationId;
break;
case AcquireTokenForClientOutcome.UserProvidedRegion:
tokenRequestHandler = _harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(authority: TestConstants.AuthorityRegional);
var app3 = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(AzureCloudInstance.AzurePublic, TestConstants.TenantId, false)
.WithClientSecret(TestConstants.ClientSecret)
.WithHttpManager(_harness.HttpManager)
.WithAzureRegion(TestConstants.Region)
.WithExperimentalFeatures(true)
.BuildConcrete();
authResult = await app3
.AcquireTokenForClient(TestConstants.s_scope)
.WithForceRefresh(forceRefresh)
.ExecuteAsync()
.ConfigureAwait(false);
correlationId = authResult.CorrelationId;
break;
case AcquireTokenForClientOutcome.AADUnavailableError:
correlationId = Guid.NewGuid();
var app5 = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(AzureCloudInstance.AzurePublic, TestConstants.TenantId, false)
.WithClientSecret(TestConstants.ClientSecret)
.WithHttpManager(_harness.HttpManager)
.WithAzureRegion()
.WithExperimentalFeatures(true)
.BuildConcrete();
tokenRequestHandler = new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateFailureMessage(
System.Net.HttpStatusCode.GatewayTimeout, "gateway timeout")
};
var tokenRequestHandler2 = new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateFailureMessage(
System.Net.HttpStatusCode.GatewayTimeout, "gateway timeout")
};
// 2 of these are needed because MSAL has a "retry once" policy for 5xx errors
_harness.HttpManager.AddMockHandler(tokenRequestHandler2);
_harness.HttpManager.AddMockHandler(tokenRequestHandler);
var serviceEx = await AssertException.TaskThrowsAsync <MsalServiceException>(() =>
app5
.AcquireTokenForClient(TestConstants.s_scope)
.WithForceRefresh(true)
.WithCorrelationId(correlationId)
.ExecuteAsync())
.ConfigureAwait(false);
break;
default:
throw new NotImplementedException();
}
Assert.AreEqual(0, _harness.HttpManager.QueueSize);
return(tokenRequestHandler?.ActualRequestMessage, correlationId);
}
public async Task OboAndSilent_Async(bool serializeCache, bool usePartitionedSerializationCache)
{
// Setup: Get lab users, create PCA and get user tokens
var user1 = (await LabUserHelper.GetSpecificUserAsync("*****@*****.**").ConfigureAwait(false)).User;
var user2 = (await LabUserHelper.GetSpecificUserAsync("*****@*****.**").ConfigureAwait(false)).User;
var partitionedInMemoryTokenCache = new InMemoryPartitionedTokenCache();
var nonPartitionedInMemoryTokenCache = new InMemoryTokenCache();
var oboTokens = new HashSet <string>();
var pca = PublicClientApplicationBuilder
.Create(PublicClientID)
.WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
.Build();
var user1AuthResult = await pca
.AcquireTokenByUsernamePassword(s_oboServiceScope, user1.Upn, new NetworkCredential("", user1.GetOrFetchPassword()).SecurePassword)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
var user2AuthResult = await pca
.AcquireTokenByUsernamePassword(s_oboServiceScope, user2.Upn, new NetworkCredential("", user2.GetOrFetchPassword()).SecurePassword)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(user1AuthResult.TenantId, user2AuthResult.TenantId);
var cca = CreateCCA();
// Asserts
// Silent calls should throw
await AssertException.TaskThrowsAsync <MsalUiRequiredException>(() =>
cca.AcquireTokenSilent(s_scopes, user1.Upn)
.ExecuteAsync(CancellationToken.None)
).ConfigureAwait(false);
await AssertException.TaskThrowsAsync <MsalUiRequiredException>(() =>
cca.AcquireTokenSilent(s_scopes, user2.Upn)
.ExecuteAsync(CancellationToken.None)
).ConfigureAwait(false);
// User1 - no AT, RT in cache - retrieves from IdP
var authResult = await cca.AcquireTokenOnBehalfOf(s_scopes, new UserAssertion(user1AuthResult.AccessToken))
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(TokenSource.IdentityProvider, authResult.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(CacheRefreshReason.NoCachedAccessToken, authResult.AuthenticationResultMetadata.CacheRefreshReason);
oboTokens.Add(authResult.AccessToken);
// User1 - finds AT in cache
authResult = await cca.AcquireTokenOnBehalfOf(s_scopes, new UserAssertion(user1AuthResult.AccessToken))
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(TokenSource.Cache, authResult.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(CacheRefreshReason.NotApplicable, authResult.AuthenticationResultMetadata.CacheRefreshReason);
oboTokens.Add(authResult.AccessToken);
// User2 - no AT, RT - retrieves from IdP
authResult = await cca.AcquireTokenOnBehalfOf(s_scopes, new UserAssertion(user2AuthResult.AccessToken))
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(TokenSource.IdentityProvider, authResult.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(CacheRefreshReason.NoCachedAccessToken, authResult.AuthenticationResultMetadata.CacheRefreshReason);
oboTokens.Add(authResult.AccessToken);
// User2 - finds AT in cache
authResult = await cca.AcquireTokenOnBehalfOf(s_scopes, new UserAssertion(user2AuthResult.AccessToken))
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(TokenSource.Cache, authResult.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(CacheRefreshReason.NotApplicable, authResult.AuthenticationResultMetadata.CacheRefreshReason);
oboTokens.Add(authResult.AccessToken);
Assert.AreEqual(2, oboTokens.Count);
// Silent calls should throw
await AssertException.TaskThrowsAsync <MsalUiRequiredException>(() =>
cca.AcquireTokenSilent(s_scopes, user1.Upn)
.ExecuteAsync(CancellationToken.None)
).ConfigureAwait(false);
await AssertException.TaskThrowsAsync <MsalUiRequiredException>(() =>
cca.AcquireTokenSilent(s_scopes, user2.Upn)
.ExecuteAsync(CancellationToken.None)
).ConfigureAwait(false);
IConfidentialClientApplication CreateCCA()
{
var app = ConfidentialClientApplicationBuilder
.Create(OboConfidentialClientID)
.WithAuthority(new Uri($"https://login.microsoftonline.com/{user1AuthResult.TenantId}"), true)
.WithClientSecret(_confidentialClientSecret)
.WithLegacyCacheCompatibility(false)
.Build();
if (serializeCache)
{
if (usePartitionedSerializationCache)
{
partitionedInMemoryTokenCache.Bind(app.UserTokenCache);
}
else
{
nonPartitionedInMemoryTokenCache.Bind(app.UserTokenCache);
}
}
return(app);
}
}
public async Task AuthorityMigrationTestAsync()
{
// make sure that for all network calls "preferred_cache" environment is used
// (it is taken from metadata in instance discovery response),
// except very first network call - instance discovery
using (var harness = base.CreateTestHarness())
{
var httpManager = harness.HttpManager;
var authorityUri = new Uri(
string.Format(
CultureInfo.InvariantCulture,
"https://{0}/common",
TestConstants.ProductionNotPrefEnvironmentAlias));
httpManager.AddInstanceDiscoveryMockHandler(authorityUri.AbsoluteUri);
PublicClientApplication app = PublicClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority(authorityUri, true)
.WithHttpManager(httpManager)
//.WithUserTokenLegacyCachePersistenceForTest(new TestLegacyCachePersistance())
.WithTelemetry(new TraceTelemetryConfig())
.WithDebugLoggingCallback()
.BuildConcrete();
InMemoryTokenCache cache = new InMemoryTokenCache();
cache.Bind(app.UserTokenCache);
app.ServiceBundle.ConfigureMockWebUI(
AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code"),
null,
TestConstants.ProductionPrefNetworkEnvironment);
// mock token request
httpManager.AddMockHandler(new MockHttpMessageHandler
{
ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/common/oauth2/v2.0/token",
TestConstants.ProductionPrefNetworkEnvironment),
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = await app.AcquireTokenInteractive(TestConstants.s_scope).ExecuteAsync().ConfigureAwait(false);
// make sure that all cache entities are stored with "preferred_cache" environment
// (it is taken from metadata in instance discovery response)
await ValidateCacheEntitiesEnvironmentAsync(app.UserTokenCacheInternal, TestConstants.ProductionPrefCacheEnvironment).ConfigureAwait(false);
// silent request targeting at, should return at from cache for any environment alias
foreach (var envAlias in TestConstants.s_prodEnvAliases)
{
var app2 = PublicClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority($"https://{envAlias}/common", true)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.WithDebugLoggingCallback()
.BuildConcrete();
cache.Bind(app2.UserTokenCache);
result = await app2
.AcquireTokenSilent(
TestConstants.s_scope,
app.GetAccountsAsync().Result.First())
.WithAuthority(string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/", envAlias, TestConstants.Utid))
.WithForceRefresh(false)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsNotNull(result);
}
// silent request targeting rt should find rt in cache for authority with any environment alias
foreach (var envAlias in TestConstants.s_prodEnvAliases)
{
result = null;
httpManager.AddMockHandler(new MockHttpMessageHandler()
{
ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/oauth2/v2.0/token",
TestConstants.ProductionPrefNetworkEnvironment, TestConstants.Utid),
ExpectedMethod = HttpMethod.Post,
ExpectedPostData = new Dictionary <string, string>()
{
{ "grant_type", "refresh_token" }
},
// return not retriable status code
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage()
});
try
{
var app3 = PublicClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority($"https://{envAlias}/common", true)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.WithDebugLoggingCallback()
.BuildConcrete();
cache.Bind(app3.UserTokenCache);
result = await app3
.AcquireTokenSilent(
TestConstants.s_scopeForAnotherResource,
(await app.GetAccountsAsync().ConfigureAwait(false)).First())
.WithAuthority(string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/", envAlias, TestConstants.Utid))
.WithForceRefresh(false)
.ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
}
catch (MsalUiRequiredException)
{
}
Assert.IsNull(result);
}
}
}
