/// <inheritdoc/>
public async Task <MexDocument> GetMexDocumentAsync(string federationMetadataUrl, RequestContext requestContext)
{
IDictionary <string, string> msalIdParams = MsalIdHelper.GetMsalIdParameters(requestContext.Logger);
var uri = new UriBuilder(federationMetadataUrl);
HttpResponse httpResponse = await _httpManager.SendGetAsync(
uri.Uri,
msalIdParams,
requestContext.Logger,
cancellationToken : requestContext.UserCancellationToken).ConfigureAwait(false);
if (httpResponse.StatusCode != System.Net.HttpStatusCode.OK)
{
string message = string.Format(CultureInfo.CurrentCulture,
MsalErrorMessage.HttpRequestUnsuccessful + "See https://aka.ms/msal-net-ropc for more information. ",
(int)httpResponse.StatusCode, httpResponse.StatusCode);
throw MsalServiceExceptionFactory.FromHttpResponse(
MsalError.AccessingWsMetadataExchangeFailed,
message,
httpResponse);
}
var mexDoc = new MexDocument(httpResponse.Body);
requestContext.Logger.InfoPii(
$"MEX document fetched and parsed from '{federationMetadataUrl}'",
"Fetched and parsed MEX");
return(mexDoc);
}
private Dictionary <string, string> CreateAuthorizationRequestParameters()
{
SortedSet <string> unionScope =
GetDecoratedScope(
new SortedSet <string>(AuthenticationRequestParameters.Scope.Union(_extraScopesToConsent)));
Dictionary <string, string> authorizationRequestParameters = new Dictionary <string, string>();
authorizationRequestParameters[OAuth2Parameter.Scope] = unionScope.AsSingleString();
authorizationRequestParameters[OAuth2Parameter.ResponseType] = OAuth2ResponseType.Code;
authorizationRequestParameters[OAuth2Parameter.ClientId] = AuthenticationRequestParameters.ClientId;
authorizationRequestParameters[OAuth2Parameter.RedirectUri] =
AuthenticationRequestParameters.RedirectUri.OriginalString;
if (!string.IsNullOrWhiteSpace(AuthenticationRequestParameters.LoginHint))
{
authorizationRequestParameters[OAuth2Parameter.LoginHint] = AuthenticationRequestParameters.LoginHint;
}
if (!string.IsNullOrEmpty(AuthenticationRequestParameters.RequestContext?.CorrelationId))
{
authorizationRequestParameters[OAuth2Parameter.CorrelationId] = AuthenticationRequestParameters.RequestContext.CorrelationId;
}
IDictionary <string, string> adalIdParameters = MsalIdHelper.GetMsalIdParameters();
foreach (KeyValuePair <string, string> kvp in adalIdParameters)
{
authorizationRequestParameters[kvp.Key] = kvp.Value;
}
authorizationRequestParameters[OAuth2Parameter.Prompt] = _UIBehavior.PromptValue;
return(authorizationRequestParameters);
}
private void LogMessage(string logMessage, LogLevel logLevel, bool containsPii)
{
if ((logLevel > Level) || (!PiiLoggingEnabled && containsPii))
{
return;
}
//format log message;
string correlationId = (CorrelationId.Equals(Guid.Empty))
? string.Empty
: " - " + CorrelationId;
string os = "N/A";
if (MsalIdHelper.GetMsalIdParameters().ContainsKey(MsalIdParameter.OS))
{
os = MsalIdHelper.GetMsalIdParameters()[MsalIdParameter.OS];
}
string log = string.Format(CultureInfo.InvariantCulture, "MSAL {0} {1} {2} [{3}{4}]{5} {6}",
MsalIdHelper.GetMsalVersion(),
MsalIdHelper.GetMsalIdParameters()[MsalIdParameter.Product],
os, DateTime.UtcNow, correlationId, Component, logMessage);
if (DefaultLoggingEnabled)
{
PlatformPlugin.LogMessage(logLevel, log);
}
ExecuteCallback(logLevel, log, containsPii);
}
public async Task <UserRealmDiscoveryResponse> GetUserRealmAsync(
string userRealmUriPrefix,
string userName,
RequestContext requestContext)
{
requestContext.Logger.Info("Sending request to userrealm endpoint. ");
IDictionary <string, string> msalIdParams = MsalIdHelper.GetMsalIdParameters(requestContext.Logger);
var uri = new UriBuilder(userRealmUriPrefix + userName + "?api-version=1.0").Uri;
var httpResponse = await _httpManager.SendGetAsync(
uri,
msalIdParams,
requestContext.Logger,
cancellationToken : requestContext.UserCancellationToken).ConfigureAwait(false);
if (httpResponse.StatusCode == System.Net.HttpStatusCode.OK)
{
return(JsonHelper.DeserializeFromJson <UserRealmDiscoveryResponse>(httpResponse.Body));
}
string message = string.Format(CultureInfo.CurrentCulture,
MsalErrorMessage.HttpRequestUnsuccessful,
(int)httpResponse.StatusCode, httpResponse.StatusCode);
throw MsalServiceExceptionFactory.FromHttpResponse(
MsalError.UserRealmDiscoveryFailed,
message,
httpResponse);
}
public void Log(LogLevel logLevel, string messageWithPii, string messageScrubbed)
{
if (_loggingCallback == null || logLevel > _minLogLevel)
{
return;
}
string correlationId = _correlationId.Equals(Guid.Empty)
? string.Empty
: " - " + _correlationId;
var msalIdParameters = MsalIdHelper.GetMsalIdParameters(this);
string os = "N/A";
if (msalIdParameters.TryGetValue(MsalIdParameter.OS, out string osValue))
{
os = osValue;
}
bool messageWithPiiExists = !string.IsNullOrWhiteSpace(messageWithPii);
// If we have a message with PII, and PII logging is enabled, use the PII message, else use the scrubbed message.
bool isLoggingPii = messageWithPiiExists && PiiLoggingEnabled;
string messageToLog = isLoggingPii ? messageWithPii : messageScrubbed;
string log = string.Format(CultureInfo.InvariantCulture, "{0} MSAL {1} {2} {3} [{4}{5}]{6} {7}",
isLoggingPii ? "(True)" : "(False)",
MsalIdHelper.GetMsalVersion(),
msalIdParameters[MsalIdParameter.Product],
os, DateTime.UtcNow, correlationId, ClientInformation, messageToLog);
if (_isDefaultPlatformLoggingEnabled)
{
switch (logLevel)
{
case LogLevel.Error:
_platformLogger.Error(log);
break;
case LogLevel.Warning:
_platformLogger.Warning(log);
break;
case LogLevel.Info:
_platformLogger.Information(log);
break;
case LogLevel.Verbose:
_platformLogger.Verbose(log);
break;
}
}
_loggingCallback.Invoke(logLevel, log, isLoggingPii);
}
private static void AddTelemetryPropertiesToRequest(WebTokenRequest request, ICoreLogger logger)
{
if (s_telemetryHeaders == null)
{
s_telemetryHeaders = MsalIdHelper.GetMsalIdParameters(logger);
}
foreach (var kvp in s_telemetryHeaders)
{
request.Properties.Add(kvp);
}
}
private DictionaryRequestParameters CreateAuthorizationRequest(string loginHint)
{
HashSet <string> unionScope = this.GetDecoratedScope(new HashSet <string>(this.Scope.Union(this._additionalScope)));
var authorizationRequestParameters = new DictionaryRequestParameters(unionScope, this.ClientKey);
authorizationRequestParameters[OAuthParameter.ResponseType] = OAuthResponseType.Code;
if (!string.IsNullOrWhiteSpace(this.Policy))
{
authorizationRequestParameters[OAuthParameter.Policy] = this.Policy;
}
authorizationRequestParameters[OAuthParameter.RedirectUri] = this._redirectUriRequestParameter;
if (!string.IsNullOrWhiteSpace(loginHint))
{
authorizationRequestParameters[OAuthParameter.LoginHint] = loginHint;
}
if (this.CallState != null && this.CallState.CorrelationId != Guid.Empty)
{
authorizationRequestParameters[OAuthParameter.CorrelationId] = this.CallState.CorrelationId.ToString();
}
IDictionary <string, string> adalIdParameters = MsalIdHelper.GetMsalIdParameters();
foreach (KeyValuePair <string, string> kvp in adalIdParameters)
{
authorizationRequestParameters[kvp.Key] = kvp.Value;
}
AddUiOptionToRequestParameters(authorizationRequestParameters);
if (!string.IsNullOrWhiteSpace(_extraQueryParameters))
{
// Checks for _extraQueryParameters duplicating standard parameters
Dictionary <string, string> kvps = EncodingHelper.ParseKeyValueList(_extraQueryParameters, '&', false, this.CallState);
foreach (KeyValuePair <string, string> kvp in kvps)
{
if (authorizationRequestParameters.ContainsKey(kvp.Key))
{
throw new MsalException(MsalError.DuplicateQueryParameter, string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.DuplicateQueryParameterTemplate, kvp.Key));
}
}
authorizationRequestParameters.ExtraQueryParameter = _extraQueryParameters;
}
return(authorizationRequestParameters);
}
public async Task <UserRealmDiscoveryResponse> GetUserRealmAsync(
string userRealmUriPrefix,
string userName,
RequestContext requestContext)
{
requestContext.Logger.Info("Sending request to userrealm endpoint.");
var uri = new UriBuilder(userRealmUriPrefix + userName + "?api-version=1.0").Uri;
var httpResponse = await _httpManager.SendGetAsync(uri, MsalIdHelper.GetMsalIdParameters(requestContext.Logger), requestContext).ConfigureAwait(false);
return(httpResponse.StatusCode == System.Net.HttpStatusCode.OK
? JsonHelper.DeserializeFromJson <UserRealmDiscoveryResponse>(httpResponse.Body)
: null);
}
private Dictionary <string, string> CreateAuthorizationRequestParameters(Uri redirectUriOverride = null)
{
SortedSet <string> unionScope = GetDecoratedScope(
new SortedSet <string>(AuthenticationRequestParameters.Scope.Union(_extraScopesToConsent)));
var authorizationRequestParameters = new Dictionary <string, string>
{
[OAuth2Parameter.Scope] = unionScope.AsSingleString(),
[OAuth2Parameter.ResponseType] = OAuth2ResponseType.Code,
[OAuth2Parameter.ClientId] = AuthenticationRequestParameters.ClientId,
[OAuth2Parameter.RedirectUri] = redirectUriOverride?.OriginalString ?? AuthenticationRequestParameters.RedirectUri.OriginalString
};
if (!string.IsNullOrWhiteSpace(AuthenticationRequestParameters.Claims))
{
authorizationRequestParameters[OAuth2Parameter.Claims] = AuthenticationRequestParameters.Claims;
}
if (!string.IsNullOrWhiteSpace(_interactiveParameters.LoginHint))
{
authorizationRequestParameters[OAuth2Parameter.LoginHint] = _interactiveParameters.LoginHint;
}
if (AuthenticationRequestParameters.RequestContext?.Logger?.CorrelationId != Guid.Empty)
{
authorizationRequestParameters[OAuth2Parameter.CorrelationId] =
AuthenticationRequestParameters.RequestContext.Logger.CorrelationId.ToString();
}
foreach (KeyValuePair <string, string> kvp in MsalIdHelper.GetMsalIdParameters(AuthenticationRequestParameters.RequestContext.Logger))
{
authorizationRequestParameters[kvp.Key] = kvp.Value;
}
if (_interactiveParameters.Prompt.PromptValue != Prompt.NoPrompt.PromptValue)
{
authorizationRequestParameters[OAuth2Parameter.Prompt] = _interactiveParameters.Prompt.PromptValue;
}
return(authorizationRequestParameters);
}
private Dictionary <string, string> CreateAuthorizationRequestParameters()
{
SortedSet <string> unionScope =
this.GetDecoratedScope(
new SortedSet <string>(AuthenticationRequestParameters.Scope.Union(this._additionalScope)));
Dictionary <string, string> authorizationRequestParameters =
new Dictionary <string, string>(AuthenticationRequestParameters.ClientKey.ToParameters());
authorizationRequestParameters[OAuth2Parameter.Scope] = unionScope.AsSingleString();
authorizationRequestParameters[OAuth2Parameter.ResponseType] = OAuth2ResponseType.Code;
if (!string.IsNullOrWhiteSpace(AuthenticationRequestParameters.Policy))
{
authorizationRequestParameters[OAuth2Parameter.Policy] = AuthenticationRequestParameters.Policy;
}
authorizationRequestParameters[OAuth2Parameter.RedirectUri] =
AuthenticationRequestParameters.RedirectUri.AbsoluteUri;
if (!string.IsNullOrWhiteSpace(AuthenticationRequestParameters.LoginHint))
{
authorizationRequestParameters[OAuth2Parameter.LoginHint] = AuthenticationRequestParameters.LoginHint;
}
if (this.CallState != null && !string.IsNullOrEmpty(CallState.CorrelationId))
{
authorizationRequestParameters[OAuth2Parameter.CorrelationId] = this.CallState.CorrelationId;
}
IDictionary <string, string> adalIdParameters = MsalIdHelper.GetMsalIdParameters();
foreach (KeyValuePair <string, string> kvp in adalIdParameters)
{
authorizationRequestParameters[kvp.Key] = kvp.Value;
}
AddUiOptionToRequestParameters(authorizationRequestParameters);
return(authorizationRequestParameters);
}
public OAuth2Client(ICoreLogger logger, IHttpManager httpManager, ITelemetryManager telemetryManager)
{
_headers = new Dictionary <string, string>(MsalIdHelper.GetMsalIdParameters(logger));
_httpManager = httpManager ?? throw new ArgumentNullException(nameof(httpManager));
_telemetryManager = telemetryManager ?? throw new ArgumentNullException(nameof(telemetryManager));
}