/// <summary>
///
/// </summary>
/// <param name="account"></param>
/// <param name="environment"></param>
/// <param name="redirectUri"></param>
/// <returns></returns>
public IClientApplicationBase GetClient(PartnerAccount account, PartnerEnvironment environment, string redirectUri = null)
{
IClientApplicationBase app;
if (account.IsPropertySet(PartnerAccountPropertyType.CertificateThumbprint) || account.IsPropertySet(PartnerAccountPropertyType.ServicePrincipalSecret))
{
app = SharedTokenCacheClientFactory.CreateConfidentialClient(
$"{environment.ActiveDirectoryAuthority}{account.Tenant}",
account.GetProperty(PartnerAccountPropertyType.ApplicationId),
account.GetProperty(PartnerAccountPropertyType.ServicePrincipalSecret),
GetCertificate(account.GetProperty(PartnerAccountPropertyType.CertificateThumbprint)),
redirectUri,
account.Tenant);
}
else
{
app = SharedTokenCacheClientFactory.CreatePublicClient(
$"{environment.ActiveDirectoryAuthority}{account.Tenant}",
account.GetProperty(PartnerAccountPropertyType.ApplicationId),
redirectUri,
account.Tenant);
}
return(app);
}
/// <summary>
/// Performs the execution of the command.
/// </summary>
protected override void ProcessRecord()
{
PartnerAccount account = new PartnerAccount();
if (ParameterSetName.Equals(AccessTokenParameterSet, StringComparison.InvariantCultureIgnoreCase))
{
account.SetProperty(PartnerAccountPropertyType.AccessToken, AccessToken);
account.Type = AccountType.AccessToken;
}
else if (ParameterSetName.Equals(ServicePrincipalParameterSet, StringComparison.InvariantCultureIgnoreCase))
{
account.ObjectId = Credential.UserName;
account.SetProperty(PartnerAccountPropertyType.ServicePrincipalSecret, Credential.Password.ConvertToString());
account.Type = AccountType.ServicePrincipal;
}
else
{
account.Type = AccountType.User;
}
if (UseAuthorizationCode.IsPresent)
{
account.SetProperty("UseAuthCode", "true");
}
if (UseDeviceAuthentication.IsPresent)
{
account.SetProperty("UseDeviceAuth", "true");
}
if (!string.IsNullOrEmpty(RefreshToken))
{
account.SetProperty(PartnerAccountPropertyType.RefreshToken, RefreshToken);
}
account.SetProperty(PartnerAccountPropertyType.ApplicationId, ApplicationId);
account.Tenant = string.IsNullOrEmpty(Tenant) ? "common" : Tenant;
AuthenticationResult authResult = PartnerSession.Instance.AuthenticationFactory.Authenticate(
account,
PartnerEnvironment.PublicEnvironments[Environment],
Scopes,
Message);
byte[] cacheData = SharedTokenCacheClientFactory.GetTokenCache(ApplicationId).SerializeMsalV3();
IEnumerable <string> knownPropertyNames = new[] { "AccessToken", "RefreshToken", "IdToken", "Account", "AppMetadata" };
JObject root = JObject.Parse(Encoding.UTF8.GetString(cacheData, 0, cacheData.Length));
IDictionary <string, JToken> known = (root as IDictionary <string, JToken>)
.Where(kvp => knownPropertyNames.Any(p => string.Equals(kvp.Key, p, StringComparison.OrdinalIgnoreCase)))
.ToDictionary(kvp => kvp.Key, kvp => kvp.Value);
IDictionary <string, TokenCacheItem> tokens = new Dictionary <string, TokenCacheItem>();
if (known.ContainsKey("RefreshToken"))
{
foreach (JToken token in root["RefreshToken"].Values())
{
if (token is JObject j)
{
TokenCacheItem item = new TokenCacheItem
{
ClientId = ExtractExistingOrEmptyString(j, "client_id"),
CredentialType = ExtractExistingOrEmptyString(j, "credential_type"),
Environment = ExtractExistingOrEmptyString(j, "environment"),
HomeAccountId = ExtractExistingOrEmptyString(j, "home_account_id"),
RawClientInfo = ExtractExistingOrEmptyString(j, "client_info"),
Secret = ExtractExistingOrEmptyString(j, "secret")
};
tokens.Add($"{item.HomeAccountId}-{item.Environment}-RefreshToken-{item.ClientId}--", item);
}
}
}
string key = GetTokenCacheKey(authResult);
AuthResult result = new AuthResult(
authResult.AccessToken,
authResult.IsExtendedLifeTimeToken,
authResult.UniqueId,
authResult.ExpiresOn,
authResult.ExtendedExpiresOn,
authResult.TenantId,
authResult.Account,
authResult.IdToken,
authResult.Scopes);
if (tokens.ContainsKey(key))
{
result.RefreshToken = tokens[key].Secret;
}
FlushDebugMessages();
WriteObject(result);
}
/// <summary>
/// Executes the operations associated with the cmdlet.
/// </summary>
public override void ExecuteCmdlet()
{
Scheduler.RunTask(async() =>
{
PartnerAccount account = new PartnerAccount();
string applicationId;
if (ParameterSetName.Equals(AccessTokenParameterSet, StringComparison.InvariantCultureIgnoreCase))
{
account.SetProperty(PartnerAccountPropertyType.AccessToken, AccessToken);
account.Type = AccountType.AccessToken;
applicationId = ApplicationId;
}
else if (ParameterSetName.Equals(ByModuleParameterSet, StringComparison.InvariantCultureIgnoreCase))
{
account.SetProperty(PartnerAccountPropertyType.UseDeviceAuth, "true");
account.Type = AccountType.User;
applicationId = PowerShellModule.KnownModules[Module].ApplicationId;
Scopes = PowerShellModule.KnownModules[Module].Scopes.ToArray();
}
else if (ParameterSetName.Equals(ServicePrincipalParameterSet, StringComparison.InvariantCultureIgnoreCase))
{
account.ObjectId = Credential.UserName;
account.SetProperty(PartnerAccountPropertyType.ServicePrincipalSecret, Credential.Password.ConvertToString());
account.Type = AccountType.ServicePrincipal;
applicationId = ApplicationId;
}
else
{
account.Type = AccountType.User;
applicationId = ApplicationId;
}
if (!ParameterSetName.Equals(ByModuleParameterSet, StringComparison.InvariantCultureIgnoreCase))
{
if (UseAuthorizationCode.IsPresent)
{
account.SetProperty(PartnerAccountPropertyType.UseAuthCode, "true");
}
if (UseDeviceAuthentication.IsPresent)
{
account.SetProperty(PartnerAccountPropertyType.UseDeviceAuth, "true");
}
}
if (!string.IsNullOrEmpty(RefreshToken))
{
account.SetProperty(PartnerAccountPropertyType.RefreshToken, RefreshToken);
}
account.SetProperty(PartnerAccountPropertyType.ApplicationId, applicationId);
account.Tenant = string.IsNullOrEmpty(Tenant) ? "organizations" : Tenant;
AuthenticationResult authResult = await PartnerSession.Instance.AuthenticationFactory.AuthenticateAsync(
account,
PartnerEnvironment.PublicEnvironments[Environment],
Scopes,
Message,
CancellationToken).ConfigureAwait(false);
byte[] cacheData = SharedTokenCacheClientFactory.GetMsalCacheStorage(ApplicationId).ReadData();
IEnumerable <string> knownPropertyNames = new[] { "AccessToken", "RefreshToken", "IdToken", "Account", "AppMetadata" };
JObject root = JObject.Parse(Encoding.UTF8.GetString(cacheData, 0, cacheData.Length));
IDictionary <string, JToken> known = (root as IDictionary <string, JToken>)
.Where(kvp => knownPropertyNames.Any(p => string.Equals(kvp.Key, p, StringComparison.OrdinalIgnoreCase)))
.ToDictionary(kvp => kvp.Key, kvp => kvp.Value);
IDictionary <string, TokenCacheItem> tokens = new Dictionary <string, TokenCacheItem>();
if (known.ContainsKey("RefreshToken"))
{
foreach (JToken token in root["RefreshToken"].Values())
{
if (token is JObject j)
{
TokenCacheItem item = new TokenCacheItem
{
ClientId = ExtractExistingOrEmptyString(j, "client_id"),
CredentialType = ExtractExistingOrEmptyString(j, "credential_type"),
Environment = ExtractExistingOrEmptyString(j, "environment"),
HomeAccountId = ExtractExistingOrEmptyString(j, "home_account_id"),
RawClientInfo = ExtractExistingOrEmptyString(j, "client_info"),
Secret = ExtractExistingOrEmptyString(j, "secret")
};
tokens.Add($"{item.HomeAccountId}-{item.Environment}-RefreshToken-{item.ClientId}--", item);
}
}
}
AuthResult result = new AuthResult(
authResult.AccessToken,
authResult.IsExtendedLifeTimeToken,
authResult.UniqueId,
authResult.ExpiresOn,
authResult.ExtendedExpiresOn,
authResult.TenantId,
authResult.Account,
authResult.IdToken,
authResult.Scopes,
authResult.CorrelationId);
if (authResult.Account != null)
{
string key = SharedTokenCacheClientFactory.GetTokenCacheKey(authResult, applicationId);
if (tokens.ContainsKey(key))
{
result.RefreshToken = tokens[key].Secret;
}
}
WriteObject(result);
});
}
