private async Task <(HttpRequestMessage HttpRequest, Guid Correlationid)> RunAcquireTokenSilentAsync(
AcquireTokenSilentOutcome outcome,
bool forceRefresh = false)
{
MockHttpMessageHandler tokenRequest = null;
Guid correlationId = Guid.Empty;
var account = (await _app.GetAccountsAsync().ConfigureAwait(false)).Single();
AcquireTokenSilentParameterBuilder request = _app
.AcquireTokenSilent(TestConstants.s_scope, account)
.WithForceRefresh(forceRefresh);
switch (outcome)
{
case AcquireTokenSilentOutcome.SuccessFromCache:
var authResult = await request
.ExecuteAsync()
.ConfigureAwait(false);
correlationId = authResult.CorrelationId;
break;
case AcquireTokenSilentOutcome.SuccessViaRefreshGrant:
// let's remove the AT so that they can't be used
_app.UserTokenCacheInternal.Accessor.ClearAccessTokens();
tokenRequest = _harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(TestConstants.AuthorityUtidTenant);
authResult = await request
.ExecuteAsync()
.ConfigureAwait(false);
correlationId = authResult.CorrelationId;
break;
case AcquireTokenSilentOutcome.FailInvalidGrant:
(tokenRequest, correlationId) = await RunSilentFlowWithTokenErrorAsync(request, "invalid_grant")
.ConfigureAwait(false);
break;
case AcquireTokenSilentOutcome.FailInteractionRequired:
(tokenRequest, correlationId) = await RunSilentFlowWithTokenErrorAsync(request, "interaction_required")
.ConfigureAwait(false);
break;
default:
throw new NotImplementedException();
}
Assert.AreEqual(0, _harness.HttpManager.QueueSize);
return(tokenRequest?.ActualRequestMessage, correlationId);
}
/// <summary>
/// Attempts to acquire access token silently from the token cache.
/// </summary>
/// <exception cref="AuthenticationException">An exception occured when attempting to get access token silently.</exception>
internal static async Task <AuthenticationResult> GetAccessTokenSilentAsync(this IClientApplicationBase clientApplication, AuthenticationProviderOption msalAuthProviderOption)
{
IAccount account;
if (msalAuthProviderOption.UserAccount?.ObjectId != null)
{
// Parse GraphUserAccount to IAccount instance
account = new GraphAccount(msalAuthProviderOption.UserAccount);
}
else
{
// If no graph user account is passed, try get the one in cache.
IEnumerable <IAccount> accounts = await clientApplication.GetAccountsAsync();
account = accounts.FirstOrDefault();
}
if (account == null)
{
return(null);
}
try
{
AcquireTokenSilentParameterBuilder tokenSilentBuilder = clientApplication.AcquireTokenSilent(msalAuthProviderOption.Scopes, account)
.WithForceRefresh(msalAuthProviderOption.ForceRefresh);
if (!ContainsWellKnownTenantName(clientApplication.Authority))
{
tokenSilentBuilder.WithAuthority(clientApplication.Authority);
}
if (!string.IsNullOrEmpty(msalAuthProviderOption.Claims))
{
tokenSilentBuilder.WithClaims(msalAuthProviderOption.Claims);
}
return(await tokenSilentBuilder.ExecuteAsync());
}
catch (MsalException)
{
return(null);
}
catch (Exception exception)
{
throw new AuthenticationException(
new Error
{
Code = ErrorConstants.Codes.GeneralException,
Message = ErrorConstants.Message.UnexpectedException
},
exception);
}
}
