public void AcquireTokenSilentScopeAndUserOverloadWithNoMatchingScopesInCacheTest() { // this test ensures that the API can // get authority (if unique) from the cache entries where scope does not match. // it should only happen for case where no authority is passed. using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .BuildConcrete(); TokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); var cacheAccess = app.UserTokenCache.RecordAccess(); Task <AuthenticationResult> task = app .AcquireTokenSilent( TestConstants.s_scopeForAnotherResource.ToArray(), new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null)) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(TestConstants.s_scopeForAnotherResource.AsSingleString(), result.Scopes.AsSingleString()); Assert.AreEqual(2, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); cacheAccess.AssertAccessCounts(1, 0); } }
public async Task AfterAccess_Is_Called_When_BeforeAceess_Throws_Async() { using (var harness = CreateTestHarness()) { var pca = PublicClientApplicationBuilder .Create(TestConstants.ClientId) .WithHttpManager(harness.HttpManager) .BuildConcrete(); TokenCacheHelper.PopulateCache(pca.UserTokenCacheInternal.Accessor, addSecondAt: false); var account = (await pca.GetAccountsAsync().ConfigureAwait(false)).First(); // All these actions trigger a reloading of the cache await RunAfterAccessFailureAsync(pca, () => pca.GetAccountsAsync()).ConfigureAwait(false); await RunAfterAccessFailureAsync(pca, () => pca.AcquireTokenSilent(new[] { "User.Read" }, account).ExecuteAsync()) .ConfigureAwait(false); await RunAfterAccessFailureAsync(pca, () => pca.RemoveAsync(account)).ConfigureAwait(false); // AcquireTokenInteractive will save a token to the cache, but needs more setup harness.HttpManager.AddInstanceDiscoveryMockHandler(); harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(TestConstants.AuthorityCommonTenant); pca.ServiceBundle.ConfigureMockWebUI(); await RunAfterAccessFailureAsync(pca, () => pca.AcquireTokenInteractive(new[] { "User.Read" }).ExecuteAsync()) .ConfigureAwait(false); } }
public async Task AcquireTokenSilent_LoginHintAsync() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(TestConstants.AuthorityTestTenant), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); var tokenCacheHelper = new TokenCacheHelper(); tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); var cacheAccess = app.UserTokenCache.RecordAccess(); AuthenticationResult result = await app.AcquireTokenSilent( TestConstants.s_scope.ToArray(), TestConstants.DisplayableId) .WithAuthority(app.Authority, false) .ExecuteAsync() .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(TestConstants.s_scope.AsSingleString(), result.Scopes.AsSingleString()); cacheAccess.AssertAccessCounts(1, 0); } }
public void ExpiredTokenRefreshFlowTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); HandlerData data = new HandlerData() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = new[] { "some-scope1", "some-scope2" }, TokenCache = cache }; HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }; AcquireTokenSilentHandler handler = new AcquireTokenSilentHandler(data, (string)null, new PlatformParameters(), false); Task <AuthenticationResult> task = handler.RunAsync(); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.Token); Assert.AreEqual("some-scope1 some-scope2", result.Scope.AsSingleString()); }
public void ForceRefreshParameterFalseTestAsync() { var cache = new TokenCache(); TokenCacheHelper.PopulateCache(cache.TokenCacheAccessor); var authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false).CanonicalAuthority; var app = new ConfidentialClientApplication(TestConstants.ClientId, authority, TestConstants.RedirectUri, new ClientCredential(TestConstants.ClientSecret), null, cache) { ValidateAuthority = false }; var accessTokens = cache.GetAllAccessTokensForClient(new RequestContext(Guid.NewGuid(), null)); var accessTokenInCache = accessTokens.Where( item => item.ScopeSet.ScopeContains(TestConstants.Scope)) .ToList() .FirstOrDefault(); //add mock to fail in case of network call HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { ExceptionToThrow = new AssertFailedException("Unexpected Network Call") }); var task = app.AcquireTokenForClientAsync(TestConstants.Scope, false); var result = task.Result; Assert.AreEqual(accessTokenInCache?.AccessToken, result.AccessToken); }
/* * Callback function when an authorization code is received */ private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedNotification notification) { // Extract the code from the response notification string code = notification.Code; // Extract signed in user id string signedInUserID = notification.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; // MSAL v3 confidential application creation IConfidentialClientApplication cca = ConfidentialClientApplicationBuilder.Create(ClientId) .WithB2CAuthority(Authority) .WithClientSecret(ClientSecret) .WithRedirectUri(RedirectUri) .Build(); // Enable encrypted persistence to local file for tokens TokenCacheHelper.EnableSerialization(cca.UserTokenCache); try { // MSAL v3 get accesstoken by authorization code AuthenticationResult result = await cca.AcquireTokenByAuthorizationCode(Scopes, code).ExecuteAsync(); } catch (Exception ex) { //TODO: Handle throw; } }
public async Task AcquireTokenByOboAccessTokenExpiredRefreshTokenAvailableAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); AddMockHandlerAadSuccess(httpManager, TestConstants.AuthorityCommonTenant); var cca = ConfidentialClientApplicationBuilder .Create(TestConstants.ClientId) .WithClientSecret(TestConstants.ClientSecret) .WithAuthority(TestConstants.AuthorityCommonTenant) .WithHttpManager(httpManager) .BuildConcrete(); UserAssertion userAssertion = new UserAssertion(TestConstants.DefaultAccessToken); var result = await cca.AcquireTokenOnBehalfOf(TestConstants.s_scope, userAssertion).ExecuteAsync().ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); //Expire access tokens TokenCacheHelper.ExpireAccessTokens(cca.UserTokenCacheInternal); MockHttpMessageHandler mockTokenRequestHttpHandlerRefresh = AddMockHandlerAadSuccess(httpManager, TestConstants.AuthorityCommonTenant); mockTokenRequestHttpHandlerRefresh.ExpectedPostData = new Dictionary <string, string> { { "grant_type", "refresh_token" } }; result = await cca.AcquireTokenOnBehalfOf(TestConstants.s_scope, userAssertion).ExecuteAsync().ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); } }
/// <summary> /// Retrieves an access token for the specified scopes. /// </summary> private async Task <string> GetAccessTokenAsync(params string[] scopes) { string signedInUserID = User.GetId(); // MSAL v3 confidential application creation IConfidentialClientApplication cca = ConfidentialClientApplicationBuilder.Create(Startup.ClientId) .WithB2CAuthority(Startup.Authority) .WithClientSecret(Startup.ClientSecret) .WithRedirectUri(Startup.RedirectUri) .Build(); // Enable encrypted persistence to local file for tokens TokenCacheHelper.EnableSerialization(cca.UserTokenCache); IEnumerable <IAccount> accounts = await cca.GetAccountsAsync(); IAccount account = accounts.FirstOrDefault(acc => acc.HomeAccountId.Identifier.StartsWith(signedInUserID)); if (account == null) { throw new Exception("The account is NULL. Please clear your cookies and try again. Specifically delete cookies for 'login.microsoftonline.com'. See this GitHub issue for more details: https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi/issues/9"); } AuthenticationResult result = await cca.AcquireTokenSilent(Startup.Scopes, account) .WithB2CAuthority(Startup.Authority) .ExecuteAsync(); return(result.AccessToken); }
[TestCategory(TestCategories.Regression)] //https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2706 public async Task NullAndIosBroker_RemoveAccounts_Async(Type brokerType) { using (var harness = CreateTestHarness()) { var broker = CreateBroker(brokerType); var builder = PublicClientApplicationBuilder .Create(TestConstants.ClientId) .WithHttpManager(harness.HttpManager); builder.Config.BrokerCreatorFunc = (parent, config, logger) => { return(broker); }; var app = builder.WithBroker(true).BuildConcrete(); TokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); // Act var accounts = await app.GetAccountsAsync().ConfigureAwait(false); await app.RemoveAsync(accounts.Single()).ConfigureAwait(false); var accounts2 = await app.GetAccountsAsync().ConfigureAwait(false); // Assert Assert.AreEqual(1, accounts.Count()); Assert.IsFalse(accounts2.Any()); } }
public async Task Logout() { TokenCacheHelper.Clear(); _graphClient = null; await _publicClientApp.RemoveAsync(Account) .ConfigureAwait(false); }
public void AcquireTokenSilentServiceErrorTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId); app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems(); MockHttpMessageHandler mockHandler = new MockHttpMessageHandler(); mockHandler.Method = HttpMethod.Post; mockHandler.ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage(); HttpMessageHandlerFactory.MockHandler = mockHandler; try { Task <AuthenticationResult> task = app.AcquireTokenSilentAsync(TestConstants.ScopeForAnotherResource.ToArray(), TestConstants.DefaultUniqueId); AuthenticationResult result = task.Result; Assert.Fail("AdalSilentTokenAcquisitionException was expected"); } catch (AggregateException ex) { Assert.IsNotNull(ex.InnerException); Assert.IsTrue(ex.InnerException is MsalSilentTokenAcquisitionException); var msalExc = (MsalSilentTokenAcquisitionException)ex.InnerException; Assert.AreEqual(MsalError.FailedToAcquireTokenSilently, msalExc.ErrorCode); Assert.IsNotNull(msalExc.InnerException, "MsalSilentTokenAcquisitionException inner exception is null"); Assert.AreEqual(((MsalException)msalExc.InnerException).ErrorCode, "invalid_grant"); } }
public void GetTokenTest() { var key = new Uri("http://www.contoso.com/"); SecurityToken actual = TokenCacheHelper.GetToken(key); Assert.IsNull(actual); }
public DriveAccountService(SiteContext siteContext) { if (Configuration.Type == Configuration.OfficeType.China) { app = ConfidentialClientApplicationBuilder .Create(Configuration.ClientId) .WithClientSecret(Configuration.ClientSecret) .WithRedirectUri(Configuration.BaseUri + "/api/admin/bind/new") .WithAuthority(AzureCloudInstance.AzureChina, "common") .Build(); } else { app = ConfidentialClientApplicationBuilder .Create(Configuration.ClientId) .WithClientSecret(Configuration.ClientSecret) .WithRedirectUri(Configuration.BaseUri + "/api/admin/bind/new") .WithAuthority(AzureCloudInstance.AzurePublic, "common") .Build(); } //缓存Token TokenCacheHelper.EnableSerialization(app.UserTokenCache); //这里要传入一个 Scope 否则默认使用 https://graph.microsoft.com/.default //而导致无法使用世纪互联版本 authProvider = new AuthorizationCodeProvider(app, Configuration.Scopes); //获取Token if (File.Exists(TokenCacheHelper.CacheFilePath)) { authorizeResult = authProvider.ClientApplication.AcquireTokenSilent(Configuration.Scopes, Configuration.AccountName).ExecuteAsync().Result; //Debug.WriteLine(authorizeResult.AccessToken); } //启用代理 if (!string.IsNullOrEmpty(Configuration.Proxy)) { // Configure your proxy var httpClientHandler = new HttpClientHandler { Proxy = new WebProxy(Configuration.Proxy), UseDefaultCredentials = true }; var httpProvider = new Microsoft.Graph.HttpProvider(httpClientHandler, false) { OverallTimeout = TimeSpan.FromSeconds(10) }; Graph = new Microsoft.Graph.GraphServiceClient($"{Configuration.GraphApi}/v1.0", authProvider, httpProvider); } else { Graph = new Microsoft.Graph.GraphServiceClient($"{Configuration.GraphApi}/v1.0", authProvider); } this.SiteContext = siteContext; //定时更新Token Timer timer = new Timer(o => { if (File.Exists(TokenCacheHelper.CacheFilePath)) { authorizeResult = authProvider.ClientApplication.AcquireTokenSilent(Configuration.Scopes, Configuration.AccountName).ExecuteAsync().Result; } }, null, TimeSpan.FromSeconds(0), TimeSpan.FromHours(1)); }
public void FindAccessToken_ScopeCaseInsensitive() { var tokenCache = new TokenCache() { ClientId = TestConstants.ClientId }; TokenCacheHelper.PopulateCache(tokenCache.TokenCacheAccessor); var param = new AuthenticationRequestParameters() { RequestContext = new RequestContext(Guid.Empty, null), ClientId = TestConstants.ClientId, Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false), Scope = new SortedSet <string>(), User = TestConstants.User }; var scopeInCache = TestConstants.Scope.FirstOrDefault(); var upperCaseScope = scopeInCache.ToUpper(); param.Scope.Add(upperCaseScope); var item = tokenCache.FindAccessToken(param); Assert.IsNotNull(item); Assert.IsTrue(item.ScopeSet.Contains(scopeInCache)); }
public void AcquireTokenSilentCacheOnlyLookupTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId, TestConstants.AuthorityHomeTenant) { ValidateAuthority = false }; cache = new TokenCache() { ClientId = TestConstants.ClientId }; app.UserTokenCache = cache; TokenCacheHelper.PopulateCache(cache.TokenCacheAccessor); cache.TokenCacheAccessor.AccessTokenCacheDictionary.Remove(new AccessTokenCacheKey( TestConstants.AuthorityGuestTenant, TestConstants.ScopeForAnotherResource, TestConstants.ClientId, TestConstants.UserIdentifier).ToString()); Task <AuthenticationResult> task = app.AcquireTokenSilentAsync(TestConstants.Scope.ToArray(), new User() { DisplayableId = TestConstants.DisplayableId, Identifier = TestConstants.UserIdentifier, }, app.Authority, false); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId); Assert.AreEqual(TestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString()); Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.WasSuccessfulKey] == "true" && anEvent[ApiEvent.ApiIdKey] == "31")); }
static App() { _clientApp = PublicClientApplicationBuilder.Create(ClientId) .WithAuthority(AzureCloudInstance.AzurePublic, Tenant) .Build(); TokenCacheHelper.EnableSerialization(_clientApp.UserTokenCache); }
public async Task AcquireTokenSilent_BypassesCacheForAccessTokens_IfClaimsUsed_Async() { using (var harness = CreateTestHarness()) { Trace.WriteLine("1. Setup an app with a token cache with a valid AT"); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithHttpManager(harness.HttpManager) .BuildConcrete(); TokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor, addSecondAt: false); Trace.WriteLine("2. Silent Request without claims returns the AT from the cache"); var account = (await app.GetAccountsAsync().ConfigureAwait(false)).Single(); var result = await app.AcquireTokenSilent(TestConstants.s_scope, account) .ExecuteAsync() .ConfigureAwait(false); Assert.IsNotNull(result, "A result is obtained from the cache, i.e. without HTTP calls"); Trace.WriteLine("3. Silent Request + WithClaims does not return an AT from the cache"); harness.HttpManager.AddInstanceDiscoveryMockHandler(TestConstants.AuthorityUtidTenant); harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(TestConstants.AuthorityUtidTenant); result = await app.AcquireTokenSilent(TestConstants.s_scope, account) .WithClaims(TestConstants.Claims) .ExecuteAsync() .ConfigureAwait(false); Assert.IsNotNull(result, "An access token is no longer obtained from the cache. The RT is used to get one from the STS."); } }
public async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req, ILogger log) { var scopes = new string[] { "https://admin.services.crm.dynamics.com/user_impersonation", "offline_access" }; if (req.Method == "POST" && req.Form.ContainsKey("code")) { var code = req.Form["code"].FirstOrDefault(); var app = ConfidentialClientApplicationBuilder.Create(_settings.ClientId) .WithClientSecret(_settings.ClientSecret) .WithTenantId(_settings.Tenant) .WithRedirectUri(req.GetDisplayUrl()) .Build(); var cache = new TokenCacheHelper(AzureApp.CacheFileDir); cache.EnableSerialization(app.UserTokenCache); _ = await app.AcquireTokenByAuthorizationCode(new string[] { $"{_settings.DynamicsUrl}/user_impersonation" }, code).ExecuteAsync(); return(new OkObjectResult("The app is authorized to perform operations on behalf of your account.")); } var url = new StringBuilder(); url.Append($"https://login.microsoftonline.com/{_settings.Tenant}/oauth2/v2.0/authorize?"); url.Append($"client_id={_settings.ClientId}&"); url.Append($"response_type=code&"); url.Append($"redirect_uri={req.GetEncodedUrl()}&"); url.Append($"response_mode=form_post&"); url.Append($"scope={WebUtility.UrlEncode(string.Join(" ", scopes))}&"); return(new RedirectResult(url.ToString(), false)); }
public async Task BrokerSilentRequestTestExecutorAsync(bool brokerConfiguredByUser, bool brokerIsInstalledAndInvokable) { string brokerID = "*****@*****.**"; using (var harness = new MockHttpTestHarness(TestConstants.AuthorityHomeTenant)) { // resul will be from the cache TokenCacheHelper.PopulateCache(harness.Cache.Accessor, TestConstants.Uid, TestConstants.Utid, TestConstants.ClientId, TestConstants.ProductionPrefCacheEnvironment, brokerID); IBroker mockBroker = Substitute.For <IBroker>(); mockBroker.IsBrokerInstalledAndInvokable().ReturnsForAnyArgs(brokerIsInstalledAndInvokable); harness.ServiceBundle.Config.BrokerCreatorFunc = (app, config, logger) => mockBroker; var parameters = harness.CreateRequestParams( harness.Cache, null, TestConstants.ExtraQueryParameters, null, authorityOverride: AuthorityInfo.FromAuthorityUri(TestConstants.AuthorityCommonTenant, false)); parameters.AppConfig.IsBrokerEnabled = brokerConfiguredByUser; var silentParameters = new AcquireTokenSilentParameters() { Account = new Account(TestConstants.HomeAccountId, TestConstants.DisplayableId, TestConstants.ProductionPrefCacheEnvironment), }; var request = new SilentRequest(harness.ServiceBundle, parameters, silentParameters); var result = await request.RunAsync(default).ConfigureAwait(false);
private async Task <string> GetAccessToken() { IConfidentialClientApplication app = ConfidentialClientApplicationBuilder .Create(_options.Value.ClientId) .WithClientSecret(_options.Value.ClientSecret) .WithAuthority(_options.Value.Authority) .Build(); string key = User.FindFirstValue("http://schemas.microsoft.com/identity/claims/objectidentifier"); TokenCacheHelper.Initialize( key, _cache, app.UserTokenCache ); //IEnumerable<string> scopes = _options.Value.Scopes.Split(";").Where(c => !string.IsNullOrEmpty(c)); IEnumerable <string> scopes = new string[] { "api://core/.default" }; try { var account = (await app.GetAccountsAsync()).FirstOrDefault(); var result = await app.AcquireTokenSilent(scopes, account) .ExecuteAsync(); return($"200:{result.AccessToken}"); } catch (MsalUiRequiredException) { return($"401:unauthorized"); } catch (Exception ex) { return($"500:{ex.Message}"); } }
public async Task AcquireTokenByOboMissMatchUserAssertionsAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); AddMockHandlerAadSuccess(httpManager, TestConstants.AuthorityCommonTenant); var cca = ConfidentialClientApplicationBuilder .Create(TestConstants.ClientId) .WithClientSecret(TestConstants.ClientSecret) .WithAuthority(TestConstants.AuthorityCommonTenant) .WithHttpManager(httpManager) .BuildConcrete(); UserAssertion userAssertion = new UserAssertion(TestConstants.DefaultAccessToken); var result = await cca.AcquireTokenOnBehalfOf(TestConstants.s_scope, userAssertion).ExecuteAsync().ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); //Update user assertions TokenCacheHelper.UpdateUserAssertions(cca); MockHttpMessageHandler mockTokenRequestHttpHandlerRefresh = AddMockHandlerAadSuccess(httpManager, TestConstants.AuthorityCommonTenant); //Access and refresh tokens are have a different user assertion so MSAL should perform OBO. result = await cca.AcquireTokenOnBehalfOf(TestConstants.s_scope, userAssertion).ExecuteAsync().ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.AreEqual(result.AuthenticationResultMetadata.TokenSource, TokenSource.IdentityProvider); } }
public void OBOUserAssertionHashUsernamePassedTest() { TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); string someAssertion = "some-assertion-passed-by-developer"; TokenCacheKey key = cache.tokenCacheDictionary.Keys.First(); //update cache entry with hash of an assertion that will not match cache.tokenCacheDictionary[key].UserAssertionHash = new CryptographyHelper().CreateSha256Hash(someAssertion); ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.DefaultClientId, TestConstants.DefaultRedirectUri, new ClientCredential(TestConstants.DefaultClientSecret), new TokenCache()); app.UserTokenCache = cache; //this is a fail safe. No call should go on network HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage() }; UserAssertion assertion = new UserAssertion(someAssertion, AssertionType, key.DisplayableId); Task <AuthenticationResult> task = app.AcquireTokenOnBehalfOfAsync(key.Scope.AsArray(), assertion, key.Authority, TestConstants.DefaultPolicy); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(key.UniqueId, result.User.UniqueId); Assert.AreEqual(key.DisplayableId, result.User.DisplayableId); Assert.AreEqual(HashAccessToken, cache.tokenCacheDictionary[key].UserAssertionHash); }
public void CacheWithMultipleUsersAndRestrictToSingleUserTrueTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); try { AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = true, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), new User { UniqueId = TestConstants.DefaultUniqueId }, UiOptions.ForceLogin, "extra=qp", new MockWebUI()); Assert.Fail("ArgumentException should be thrown here"); } catch (ArgumentException ae) { Assert.AreEqual( "Cache cannot have entries for more than 1 unique id when RestrictToSingleUser is set to TRUE.", ae.Message); } }
public void GetUserTest() { var app = new PublicClientApplication(TestConstants.ClientId); var users = app.Users; Assert.IsNotNull(users); // no users in the cache Assert.AreEqual(0, users.Count()); var fetchedUser = app.GetUser(null); Assert.IsNull(fetchedUser); fetchedUser = app.GetUser(""); Assert.IsNull(fetchedUser); TokenCacheHelper.AddRefreshTokenToCache(app.UserTokenCache.TokenCacheAccessor, TestConstants.Uid, TestConstants.Utid, TestConstants.Name); TokenCacheHelper.AddRefreshTokenToCache(app.UserTokenCache.TokenCacheAccessor, TestConstants.Uid + "1", TestConstants.Utid, TestConstants.Name + "1"); users = app.Users; Assert.IsNotNull(users); // two users in the cache Assert.AreEqual(2, users.Count()); var userToFind = users.First(); fetchedUser = app.GetUser(userToFind.Identifier); Assert.AreEqual(userToFind.DisplayableId, fetchedUser.DisplayableId); Assert.AreEqual(userToFind.Identifier, fetchedUser.Identifier); Assert.AreEqual(userToFind.IdentityProvider, fetchedUser.IdentityProvider); Assert.AreEqual(userToFind.Name, fetchedUser.Name); }
public static string GetAccessToken(string[] scopes) { // create new public client application var appPublic = PublicClientApplicationBuilder.Create(applicationId) .WithAuthority(tenantCommonAuthority) .WithRedirectUri(redirectUri) .Build(); // connect application to token cache TokenCacheHelper.EnableSerialization(appPublic.UserTokenCache); AuthenticationResult authResult; try { // try to acquire token from token cache var user = appPublic.GetAccountsAsync().Result.FirstOrDefault(); authResult = appPublic.AcquireTokenSilent(scopes, user).ExecuteAsync().Result; } catch { authResult = appPublic.AcquireTokenInteractive(scopes).ExecuteAsync().Result; } // return access token to caller return(authResult.AccessToken); }
public async Task AcquireTokenSilentScopeAndUserMultipleTokensFoundTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId) { ValidateAuthority = false }; cache = new TokenCache() { ClientId = TestConstants.ClientId }; app.UserTokenCache = cache; TokenCacheHelper.PopulateCache(cache.TokenCacheAccessor); try { AuthenticationResult result = await app.AcquireTokenSilentAsync(TestConstants.Scope.ToArray(), new User() { DisplayableId = TestConstants.DisplayableId, Identifier = TestConstants.UserIdentifier, }) .ConfigureAwait(false); } catch (MsalClientException exc) { Assert.AreEqual(MsalClientException.MultipleTokensMatchedError, exc.ErrorCode); } }
public void AcquireTokenSilentScopeAndUserOverloadDefaultAuthorityTest() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(TestConstants.AuthorityTestTenant), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); var tokenCacheHelper = new TokenCacheHelper(); tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); app.UserTokenCacheInternal.Accessor.DeleteAccessToken( new MsalAccessTokenCacheKey( TestConstants.ProductionPrefNetworkEnvironment, TestConstants.Utid, TestConstants.s_userIdentifier, TestConstants.ClientId, TestConstants.ScopeForAnotherResourceStr, TestConstants.Bearer)); Task <AuthenticationResult> task = app .AcquireTokenSilent( TestConstants.s_scope.ToArray(), new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null)) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(TestConstants.s_scope.AsSingleString(), result.Scopes.AsSingleString()); } }
public void AcquireTokenSilentScopeAndUserOverloadTenantSpecificAuthorityTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId, TestConstants.AuthorityGuestTenant) { ValidateAuthority = false }; cache = new TokenCache() { ClientId = TestConstants.ClientId }; app.UserTokenCache = cache; TokenCacheHelper.PopulateCache(cache.TokenCacheAccessor); cache.TokenCacheAccessor.AccessTokenCacheDictionary.Remove(new AccessTokenCacheKey( TestConstants.AuthorityGuestTenant, TestConstants.ScopeForAnotherResource, TestConstants.ClientId, TestConstants.UserIdentifier).ToString()); Task <AuthenticationResult> task = app.AcquireTokenSilentAsync(TestConstants.Scope.ToArray(), new User() { DisplayableId = TestConstants.DisplayableId, Identifier = TestConstants.UserIdentifier, }); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId); Assert.AreEqual(TestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString()); }
public async Task AcquireTokenSilent_LoginHint_MultipleAccountsAsync() { var receiver = new MyReceiver(); using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(TestConstants.AuthorityTestTenant), true) .WithHttpManager(httpManager) .WithTelemetry(receiver.HandleTelemetryEvents) .BuildConcrete(); var tokenCacheHelper = new TokenCacheHelper(); var cacheAccess = app.UserTokenCache.RecordAccess(); tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor, "uid1", "utid"); tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor, "uid2", "utid"); var exception = await AssertException.TaskThrowsAsync <MsalUiRequiredException>(async() => await app.AcquireTokenSilent( TestConstants.s_scope.ToArray(), TestConstants.DisplayableId) .WithAuthority(app.Authority, false) .ExecuteAsync().ConfigureAwait(false)).ConfigureAwait(false); Assert.AreEqual(MsalError.MultipleAccountsForLoginHint, exception.ErrorCode); Assert.AreEqual(UiRequiredExceptionClassification.AcquireTokenSilentFailed, exception.Classification); cacheAccess.AssertAccessCounts(1, 0); } }
public void AcquireTokenSilentScopeAndUserOverloadTenantSpecificAuthorityTest() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(TestConstants.AuthorityGuestTenant), true) .WithHttpManager(httpManager) .BuildConcrete(); TokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( TestConstants.Uid, TestConstants.DisplayableId, TestConstants.s_scope.ToArray()) }); Task <AuthenticationResult> task = app .AcquireTokenSilent( TestConstants.s_scope.ToArray(), new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null)) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(TestConstants.s_scope.AsSingleString(), result.Scopes.AsSingleString()); } }