/// <summary>
/// Get a Microsoft Graph access token using the v2.0 Endpoint.
/// </summary>
/// <param name="appClientId">Application client ID</param>
/// <param name="uiParent">UiParent instance - required for Android</param>
/// <param name="redirectUri">Redirect Uri - required for Android</param>
/// <param name="loginHint">UPN</param>
/// <returns>An oauth2 access token.</returns>
internal async Task <string> GetUserTokenV2Async(string appClientId, UIParent uiParent = null, string redirectUri = null, string loginHint = null)
{
if (_identityClient == null)
{
_identityClient = new MSAL.PublicClientApplication(appClientId);
}
if (!string.IsNullOrEmpty(redirectUri))
{
_identityClient.RedirectUri = redirectUri;
}
var upnLoginHint = string.Empty;
if (!string.IsNullOrEmpty(loginHint))
{
upnLoginHint = loginHint;
}
MSAL.AuthenticationResult authenticationResult = null;
var user = _identityClient.Users.FirstOrDefault();
authenticationResult = user != null ? await _identityClient.AcquireTokenSilentAsync(DelegatedPermissionScopes, user) : await _identityClient.AcquireTokenAsync(DelegatedPermissionScopes, upnLoginHint, uiParent);
return(authenticationResult?.AccessToken);
}
public async Task<string> GetTokenSilentAsync(IPlatformParameters parameters)
{
try
{
app = new PublicClientApplication("https://login.windows.net/common", "CLIENT_ID");
var result = await app.AcquireTokenSilentAsync(Sts.ValidScope, Sts.ValidUserName);
return result.Token;
}
catch (Exception ex)
{
string msg = ex.Message + "\n" + ex.StackTrace;
return msg;
}
}
/// <summary>
/// Get Token for User.
/// </summary>
/// <returns>Token for user.</returns>
public static async Task <string> GetTokenForUserAsync()
{
AuthenticationResult authResult;
IEnumerable <IAccount> accounts = await IdentityClientApp.GetAccountsAsync();
IAccount firstAccount = accounts.FirstOrDefault();
try
{
authResult = await IdentityClientApp.AcquireTokenSilentAsync(Scopes, firstAccount);
}
catch (MsalUiRequiredException)
{
authResult = await IdentityClientApp.AcquireTokenAsync(Scopes);
}
return(authResult.AccessToken);
}
public static async Task<AuthenticationResult> GetTokenSilentAsync(User user)
{
TokenBroker brkr = new TokenBroker();
PublicClientApplication app =
new PublicClientApplication("7c7a2f70-caef-45c8-9a6c-091633501de4");
try
{
return await app.AcquireTokenSilentAsync(brkr.Sts.ValidScope);
}
catch (Exception ex)
{
string msg = ex.Message + "\n" + ex.StackTrace;
Console.WriteLine(msg);
return await app.AcquireTokenAsync(brkr.Sts.ValidScope, user.DisplayableId, UiOptions.ActAsCurrentUser, null);
}
}
/// <summary>
/// Get a Microsoft Graph access token from Azure AD V2.
/// </summary>
/// <param name="scopes">Scopes represent various permission levels that an app can request from a user</param>
/// <returns>An oauth2 access token.</returns>
internal static async Task <string> AuthenticateMsalUserAsync(string[] scopes)
{
if (_identityClient == null)
{
_identityClient = new MSAL.PublicClientApplication(_appClientId);
}
MSAL.AuthenticationResult authenticationResult = null;
try
{
authenticationResult = await _identityClient.AcquireTokenSilentAsync(scopes, _identityClient.Users.First());
}
catch (Exception)
{
authenticationResult = await _identityClient.AcquireTokenAsync(scopes);
}
return(authenticationResult.AccessToken);
}
/// <summary>
/// Get a Microsoft Graph access token using the v2.0 Endpoint.
/// </summary>
/// <param name="appClientId">Application client ID</param>
/// <param name="uiParent">UiParent instance - required for Android</param>
/// <param name="redirectUri">Redirect Uri - required for Android</param>
/// <param name="loginHint">UPN</param>
/// <returns>An oauth2 access token.</returns>
public async Task <string> GetUserTokenV2Async(string appClientId, UIParent uiParent = null, string redirectUri = null, string loginHint = null)
{
if (_identityClient == null)
{
_identityClient = new MSAL.PublicClientApplication(appClientId);
}
if (!string.IsNullOrEmpty(redirectUri))
{
_identityClient.RedirectUri = redirectUri;
}
var upnLoginHint = string.Empty;
if (!string.IsNullOrEmpty(loginHint))
{
upnLoginHint = loginHint;
}
MSAL.AuthenticationResult authenticationResult = null;
try
{
IAccount account = (await _identityClient.GetAccountsAsync()).FirstOrDefault();
authenticationResult = await _identityClient.AcquireTokenSilentAsync(DelegatedPermissionScopes, account);
}
catch (MsalUiRequiredException)
{
try
{
authenticationResult = await _identityClient.AcquireTokenAsync(DelegatedPermissionScopes, upnLoginHint, uiParent);
}
catch (MsalException)
{
throw;
}
}
return(authenticationResult?.AccessToken);
}
/// <summary>
/// Get Token for User.
/// </summary>
/// <returns>Token for user.</returns>
public static async Task <string> GetTokenForUserAsync()
{
AuthenticationResult authResult = null;
try
{
IEnumerable <IAccount> accounts = await IdentityClientApp.GetAccountsAsync();
IAccount firstAccount = accounts.FirstOrDefault();
authResult = await IdentityClientApp.AcquireTokenSilentAsync(Scopes, firstAccount);
return(authResult.AccessToken);
}
catch (MsalUiRequiredException ex)
{
// A MsalUiRequiredException happened on AcquireTokenSilentAsync.
//This indicates you need to call AcquireTokenAsync to acquire a token
authResult = await IdentityClientApp.AcquireTokenAsync(Scopes);
return(authResult.AccessToken);
}
}
public void AcquireTokenSilentServiceErrorTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems();
MockHttpMessageHandler mockHandler = new MockHttpMessageHandler();
mockHandler.Method = HttpMethod.Post;
mockHandler.ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage();
HttpMessageHandlerFactory.MockHandler = mockHandler;
try
{
Task<AuthenticationResult> task =app.AcquireTokenSilentAsync(TestConstants.ScopeForAnotherResource.ToArray(), TestConstants.DefaultUniqueId);
AuthenticationResult result = task.Result;
Assert.Fail("AdalSilentTokenAcquisitionException was expected");
}
catch (AggregateException ex)
{
Assert.IsNotNull(ex.InnerException);
Assert.IsTrue(ex.InnerException is MsalSilentTokenAcquisitionException);
var msalExc = (MsalSilentTokenAcquisitionException) ex.InnerException;
Assert.AreEqual(MsalError.FailedToAcquireTokenSilently, msalExc.ErrorCode);
Assert.IsNotNull(msalExc.InnerException, "MsalSilentTokenAcquisitionException inner exception is null");
Assert.AreEqual(((MsalException)msalExc.InnerException).ErrorCode, "invalid_grant");
}
}
public void AcquireTokenSilentForceRefreshTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems();
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultScope.Union(TestConstants.ScopeForAnotherResource).ToArray())
};
Task<AuthenticationResult> task = app.AcquireTokenSilentAsync(TestConstants.DefaultScope.ToArray(), TestConstants.DefaultUniqueId, app.Authority, null, true);
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.User.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.User.UniqueId);
Assert.AreEqual(TestConstants.DefaultScope.Union(TestConstants.ScopeForAnotherResource).ToArray().AsSingleString(), result.Scope.AsSingleString());
}
public void AcquireTokenSilentCacheOnlyLookupTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems();
app.UserTokenCache.tokenCacheDictionary.Remove(new TokenCacheKey(TestConstants.DefaultAuthorityGuestTenant,
TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId + "more", TestConstants.DefaultDisplayableId,
TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy));
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.Forbidden) //fail the request if it goes to http client due to any error
};
Task<AuthenticationResult> task = app.AcquireTokenSilentAsync(TestConstants.DefaultScope.ToArray());
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.User.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.User.UniqueId);
Assert.AreEqual(TestConstants.DefaultScope.AsSingleString(), result.Scope.AsSingleString());
}
public void AcquireTokenIdTokenOnlyResponseTest()
{
MockWebUI webUi = new MockWebUI();
webUi.HeadersToValidate = new Dictionary<string, string>();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
IWebUIFactory mockFactory = Substitute.For<IWebUIFactory>();
mockFactory.CreateAuthenticationDialog(Arg.Any<IPlatformParameters>()).Returns(webUi);
PlatformPlugin.WebUIFactory = mockFactory;
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessIdTokenResponseMessage()
};
// this is a flow where we pass client id as a scope
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
Task<AuthenticationResult> task = app.AcquireTokenAsync(new string[] {TestConstants.DefaultClientId});
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(result.Token, result.IdToken);
Assert.AreEqual(1, app.UserTokenCache.Count);
foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(1, item.Scope.Count);
Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString());
}
//call AcquireTokenSilent to make sure we get same token back and no call goes over network
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest)
};
task = app.AcquireTokenSilentAsync(new string[] { TestConstants.DefaultClientId });
AuthenticationResult result1 = task.Result;
Assert.IsNotNull(result1);
Assert.AreEqual(result1.Token, result1.IdToken);
Assert.AreEqual(result.Token, result1.Token);
Assert.AreEqual(result.IdToken, result1.IdToken);
Assert.AreEqual(1, app.UserTokenCache.Count);
foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(1, item.Scope.Count);
Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString());
}
}