public async Task BrokerSilentRequestTestExecutorAsync(bool brokerConfiguredByUser, bool brokerIsInstalledAndInvokable)
{
string brokerID = "*****@*****.**";
using (var harness = new MockHttpTestHarness(TestConstants.AuthorityHomeTenant))
{
// resul will be from the cache
TokenCacheHelper.PopulateCache(harness.Cache.Accessor,
TestConstants.Uid,
TestConstants.Utid,
TestConstants.ClientId,
TestConstants.ProductionPrefCacheEnvironment,
brokerID);
IBroker mockBroker = Substitute.For <IBroker>();
mockBroker.IsBrokerInstalledAndInvokable().ReturnsForAnyArgs(brokerIsInstalledAndInvokable);
harness.ServiceBundle.Config.BrokerCreatorFunc = (app, config, logger) => mockBroker;
var parameters = harness.CreateRequestParams(
harness.Cache,
null,
TestConstants.ExtraQueryParameters,
null,
authorityOverride: AuthorityInfo.FromAuthorityUri(TestConstants.AuthorityCommonTenant, false));
parameters.AppConfig.IsBrokerEnabled = brokerConfiguredByUser;
var silentParameters = new AcquireTokenSilentParameters()
{
Account = new Account(TestConstants.HomeAccountId, TestConstants.DisplayableId, TestConstants.ProductionPrefCacheEnvironment),
};
var request = new SilentRequest(harness.ServiceBundle, parameters, silentParameters);
var result = await request.RunAsync(default).ConfigureAwait(false);
private async Task RunPluginSelectionTestAsync(string inputAuthority, bool expectMsaPlugin)
{
// Arrange
using (var harness = CreateTestHarness())
{
_webAccountProviderFactory.ClearReceivedCalls();
var acc = new WebAccountProvider("id", "*****@*****.**", null);
var requestParams = harness.CreateAuthenticationRequestParameters(inputAuthority);
requestParams.Account = new Account(
$"{TestConstants.Uid}.{TestConstants.Utid}",
TestConstants.DisplayableId,
null);
var atsParams = new AcquireTokenSilentParameters();
_webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(acc));
// Act
var ex = await AssertException.TaskThrowsAsync <MsalUiRequiredException>(
() => _wamBroker.AcquireTokenSilentAsync(requestParams, atsParams)).ConfigureAwait(false);
// Assert
Assert.AreEqual(MsalError.InteractionRequired, ex.ErrorCode);
if (expectMsaPlugin)
{
await _webAccountProviderFactory.Received(1).GetAccountProviderAsync("consumers").ConfigureAwait(false);
}
else
{
await _webAccountProviderFactory.Received(1).GetAccountProviderAsync(inputAuthority).ConfigureAwait(false);
}
}
}
public async Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
using (_logger.LogMethodDuration())
{
bool isMsa = await IsMsaRequestAsync(
authenticationRequestParameters.Authority,
null,
IsMsaPassthrough(authenticationRequestParameters)).ConfigureAwait(false);
IWamPlugin wamPlugin = isMsa ? _msaPlugin : _aadPlugin;
WebAccountProvider provider = await GetProviderAsync(
authenticationRequestParameters.Authority.AuthorityInfo.CanonicalAuthority,
isMsa).ConfigureAwait(false);
WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync(
provider,
authenticationRequestParameters,
isForceLoginPrompt : false,
isAccountInWam : false,
isInteractive : false)
.ConfigureAwait(false);
AddCommonParamsToRequest(authenticationRequestParameters, webTokenRequest);
var wamResult =
await _wamProxy.GetTokenSilentlyForDefaultAccountAsync(webTokenRequest).ConfigureAwait(false);
return(CreateMsalTokenResponse(wamResult, wamPlugin, isInteractive: false));
}
}
public void SilentRefreshFailedNoCacheItemFoundTest()
{
using (var harness = new MockHttpTestHarness(TestConstants.AuthorityHomeTenant))
{
var parameters = harness.CreateRequestParams(
harness.Cache,
ScopeHelper.CreateSortedSetFromEnumerable(
new[]
{
"some-scope1",
"some-scope2"
}),
authorityOverride: AuthorityInfo.FromAuthorityUri(TestConstants.AuthorityHomeTenant, false));
var silentParameters = new AcquireTokenSilentParameters()
{
Account = new Account(TestConstants.HomeAccountId, TestConstants.DisplayableId, TestConstants.ProductionPrefCacheEnvironment),
};
try
{
var request = new SilentRequest(harness.ServiceBundle, parameters, silentParameters);
Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None);
var authenticationResult = task.Result;
Assert.Fail("MsalUiRequiredException should be thrown here");
}
catch (AggregateException ae)
{
var exc = ae.InnerException as MsalUiRequiredException;
Assert.IsNotNull(exc, "Actual exception type is " + ae.InnerException.GetType());
Assert.AreEqual(MsalError.NoTokensFoundError, exc.ErrorCode);
}
}
}
public async Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken;
MsalTokenResponse msalTokenResponse = null;
_logger.Verbose("[WamBroker] Acquiring token silently for default account.");
using (var core = new NativeInterop.Core())
using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough))
{
using (NativeInterop.AuthResult result = await core.SignInSilentlyAsync(
authParams,
authenticationRequestParameters.CorrelationId.ToString("D"),
cancellationToken).ConfigureAwait(false))
{
if (result.IsSuccess)
{
msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger);
}
else
{
WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger);
}
}
}
return(msalTokenResponse);
}
public async Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenSilentParameters silentParameters,
CancellationToken cancellationToken)
{
//Since the AcquireTokenSilentParameterBuilder api is shared between public and confidential clients,
//We need some way to validate that MSAL is not performing AcquireTokenSilent with POP on public clients without Broker
if (commonParameters.PopAuthenticationConfiguration != null &&
ServiceBundle?.Config.IsBrokerEnabled == false &&
//Validates that we are not on CCA
//TODO: Find a better way to determine this
ServiceBundle?.Config.ClientCredential == null &&
commonParameters.OnBeforeTokenRequestHandler == null &&
ServiceBundle?.Config.AppTokenProvider == null
)
{
throw new MsalClientException(MsalError.BrokerRequiredForPop, MsalErrorMessage.BrokerRequiredForPop);
}
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId, cancellationToken);
var requestParameters = await _clientApplicationBase.CreateRequestParametersAsync(
commonParameters,
requestContext,
_clientApplicationBase.UserTokenCacheInternal).ConfigureAwait(false);
requestParameters.SendX5C = silentParameters.SendX5C ?? false;
var handler = new SilentRequest(ServiceBundle, requestParameters, silentParameters);
return(await handler.RunAsync(cancellationToken).ConfigureAwait(false));
}
public SilentRequest(
IServiceBundle serviceBundle,
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters silentParameters)
: base(serviceBundle, authenticationRequestParameters, silentParameters)
{
_silentParameters = silentParameters;
}
public Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenSilentParameters silentParameters,
CancellationToken cancellationToken)
{
return(ExecuteMatsAsync(
commonParameters,
async() => await _executor.ExecuteAsync(commonParameters, silentParameters, cancellationToken).ConfigureAwait(false)));
}
private async Task <IAccount> GetAccountFromParamsOrLoginHintAsync(AcquireTokenSilentParameters silentParameters)
{
if (silentParameters.Account != null)
{
return(silentParameters.Account);
}
return(await GetSingleAccountForLoginHintAsync(silentParameters.LoginHint).ConfigureAwait(false));
}
public async Task ATS_AccountMatchingInWAM_MatchingHomeAccId_Async()
{
string homeAccId = $"{TestConstants.Uid}.{TestConstants.Utid}";
// Arrange
using (var harness = CreateTestHarness())
{
var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null);
var requestParams = harness.CreateAuthenticationRequestParameters(TestConstants.AuthorityConsumerTidTenant); // MSA
var webAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected);
IReadOnlyList <WebAccount> webAccounts = new List <WebAccount>()
{
webAccount
};
var webTokenRequest = new WebTokenRequest(wamAccountProvider);
var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>();
webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success);
var webTokenResponse = new WebTokenResponse();
webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>()
{
webTokenResponse
});
_wamProxy.FindAllWebAccountsAsync(wamAccountProvider, TestConstants.ClientId).Returns(Task.FromResult(webAccounts));
// WAM can give MSAL the home account ID of a Wam account, which MSAL matches to a WAM account
_msaPlugin.GetHomeAccountIdOrNull(webAccount).Returns(homeAccId);
_msaPlugin.CreateWebTokenRequestAsync(
wamAccountProvider,
requestParams,
isForceLoginPrompt: false,
isAccountInWam: true,
isInteractive: false)
.Returns(Task.FromResult(webTokenRequest));
requestParams.Account = new Account(
homeAccId, // matching in on home acc id
"*****@*****.**", // matching is not on UPN
null); // account does not have wam_id, might be coming directly from WAM
var atsParams = new AcquireTokenSilentParameters();
_webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider));
_wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest).
Returns(Task.FromResult(webTokenResponseWrapper));
_msaPlugin.ParseSuccesfullWamResponse(webTokenResponse).Returns(_msalTokenResponse);
// Act
var result = await _wamBroker.AcquireTokenSilentAsync(requestParams, atsParams).ConfigureAwait(false);
// Assert
Assert.AreSame(_msalTokenResponse, result);
}
}
public async Task <MsalTokenResponse> AcquireTokenSilentAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
using (_logger.LogMethodDuration())
{
// Important: MSAL will have already resolved the authority by now,
// so we are not expecting "common" or "organizations" but a tenanted authority
bool isMsa = IsMsaRequest(
authenticationRequestParameters.Authority,
null,
IsMsaPassthrough(authenticationRequestParameters));
IWamPlugin wamPlugin = isMsa ? _msaPlugin : _aadPlugin;
WebAccountProvider provider;
if (isMsa)
{
provider = await _webAccountProviderFactory.GetAccountProviderAsync("consumers").ConfigureAwait(false);
}
else
{
provider = await _webAccountProviderFactory.GetAccountProviderAsync(authenticationRequestParameters.Authority.AuthorityInfo.CanonicalAuthority)
.ConfigureAwait(false);
}
WebAccount webAccount = await FindWamAccountForMsalAccountAsync(
provider,
wamPlugin,
authenticationRequestParameters.Account,
null, // ATS requires an account object, login_hint is not supported on its own
authenticationRequestParameters.ClientId).ConfigureAwait(false);
if (webAccount == null)
{
throw new MsalUiRequiredException(
MsalError.InteractionRequired,
"Could not find a WAM account for the silent request.");
}
WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync(
provider,
authenticationRequestParameters,
isForceLoginPrompt : false,
isAccountInWam : true,
isInteractive : false)
.ConfigureAwait(false);
AddCommonParamsToRequest(authenticationRequestParameters, webTokenRequest);
var wamResult =
await _wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest).ConfigureAwait(false);
return(CreateMsalTokenResponse(wamResult, wamPlugin, isInteractive: false));
}
}
/// <summary>
/// Android Broker does not support logging in a "default" user.
/// </summary>
public Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
throw new MsalUiRequiredException(
MsalError.CurrentBrokerAccount,
MsalErrorMessage.MsalUiRequiredMessage,
null,
UiRequiredExceptionClassification.AcquireTokenSilentFailed);
}
public async Task <MsalTokenResponse> AcquireTokenSilentAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
await InitiateBrokerHandShakeAsync().ConfigureAwait(false);
BrokerRequest brokerRequest = BrokerRequest.FromSilentParameters(
authenticationRequestParameters, acquireTokenSilentParameters);
return(await AcquireTokenSilentInternalAsync(brokerRequest).ConfigureAwait(false));
}
internal BrokerSilentRequest(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters,
IServiceBundle serviceBundle,
IBroker broker)
{
_authenticationRequestParameters = authenticationRequestParameters;
_silentParameters = acquireTokenSilentParameters;
_serviceBundle = serviceBundle;
Broker = broker;
}
public SilentClientAuthStretegy(
SilentRequest request,
IServiceBundle serviceBundle,
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters silentParameters)
{
AuthenticationRequestParameters = authenticationRequestParameters;
_silentParameters = silentParameters;
ServiceBundle = serviceBundle;
_silentRequest = request;
}
public async Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
using (_logger.LogMethodDuration())
{
var defaultAccountProvider = await _webAccountProviderFactory.GetDefaultProviderAsync().ConfigureAwait(false);
if (defaultAccountProvider == null)
{
throw new MsalUiRequiredException(
MsalError.InteractionRequired,
"A default account was not found");
}
// special case: passthrough + default MSA account. Need to use the transfer token protocol.
if (_wamOptions.MsaPassthrough &&
_webAccountProviderFactory.IsConsumerProvider(defaultAccountProvider))
{
return(await AcquireTokenSilentDefaultUserPassthroughAsync(authenticationRequestParameters, defaultAccountProvider).ConfigureAwait(false));
}
bool isMsa = await IsMsaRequestAsync(
authenticationRequestParameters.Authority,
null,
_wamOptions.MsaPassthrough).ConfigureAwait(false);
IWamPlugin wamPlugin = isMsa ? _msaPlugin : _aadPlugin;
WebAccountProvider provider = await GetProviderAsync(
authenticationRequestParameters.Authority.AuthorityInfo.CanonicalAuthority,
isMsa).ConfigureAwait(false);
WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync(
provider,
authenticationRequestParameters,
isForceLoginPrompt : false,
isAccountInWam : false,
isInteractive : false)
.ConfigureAwait(false);
WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest, _logger);
var wamResult =
await _wamProxy.GetTokenSilentlyForDefaultAccountAsync(webTokenRequest).ConfigureAwait(false);
return(WamAdapters.CreateMsalResponseFromWamResponse(
wamResult,
wamPlugin,
authenticationRequestParameters.AppConfig.ClientId,
_logger,
isInteractive: false));
}
}
public async Task ExpiredTokenRefreshFlowTestAsync()
{
IDictionary <string, string> extraQueryParamsAndClaims =
TestConstants.s_extraQueryParams.ToDictionary(e => e.Key, e => e.Value);
extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims);
using (var harness = new MockHttpTestHarness(TestConstants.AuthorityHomeTenant))
{
_tokenCacheHelper.PopulateCache(harness.Cache.Accessor);
var parameters = harness.CreateRequestParams(
harness.Cache,
null,
TestConstants.s_extraQueryParams,
TestConstants.Claims,
authorityOverride: AuthorityInfo.FromAuthorityUri(TestConstants.AuthorityHomeTenant, false));
var silentParameters = new AcquireTokenSilentParameters()
{
Account = new Account(TestConstants.HomeAccountId, TestConstants.DisplayableId, TestConstants.ProductionPrefCacheEnvironment),
};
// set access tokens as expired
foreach (var accessItem in (await harness.Cache.GetAllAccessTokensAsync(true).ConfigureAwait(false)))
{
accessItem.ExpiresOnUnixTimestamp =
((long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds)
.ToString(CultureInfo.InvariantCulture);
harness.Cache.AddAccessTokenCacheItem(accessItem);
}
TestCommon.MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
ExpectedQueryParams = extraQueryParamsAndClaims
});
var request = new SilentRequest(harness.ServiceBundle, parameters, silentParameters);
Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None);
var result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.AreEqual(TestConstants.s_scope.AsSingleString(), result.Scopes.AsSingleString());
}
}
public SilentBrokerAuthStrategy(
SilentRequest request,
IServiceBundle serviceBundle,
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters silentParameters,
IBroker broker)
{
_authenticationRequestParameters = authenticationRequestParameters;
_silentParameters = silentParameters;
_serviceBundle = serviceBundle;
_silentRequest = request;
Broker = broker;
_logger = authenticationRequestParameters.RequestContext.Logger;
}
public BrokerSilentStrategy(
SilentRequest request,
IServiceBundle serviceBundle,
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters silentParameters,
IBroker broker)
{
_authenticationRequestParameters = authenticationRequestParameters;
_silentParameters = silentParameters;
_serviceBundle = serviceBundle;
_silentRequest = request;
Broker = broker ?? throw new ArgumentNullException(nameof(broker));
_logger = authenticationRequestParameters.RequestContext.Logger;
}
public async Task <MsalTokenResponse> AcquireTokenSilentAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
var cancellationToken = authenticationRequestParameters.RequestContext.UserCancellationToken;
MsalTokenResponse msalTokenResponse = null;
_logger.Verbose("[WamBroker] Acquiring token silently.");
using (var core = new NativeInterop.Core())
using (var authParams = WamAdapters.GetCommonAuthParameters(authenticationRequestParameters, _wamOptions.MsaPassthrough))
{
using (var account = await core.ReadAccountByIdAsync(
acquireTokenSilentParameters.Account.HomeAccountId.ObjectId,
authenticationRequestParameters.CorrelationId.ToString("D"),
cancellationToken).ConfigureAwait(false))
{
if (account == null)
{
_logger.WarningPii(
$"Could not find a WAM account for the selected user {acquireTokenSilentParameters.Account.Username}",
"Could not find a WAM account for the selected user");
throw new MsalUiRequiredException(
"wam_no_account_for_id",
$"Could not find a WAM account for the selected user {acquireTokenSilentParameters.Account.Username}");
}
using (NativeInterop.AuthResult result = await core.AcquireTokenSilentlyAsync(
authParams,
authenticationRequestParameters.CorrelationId.ToString("D"),
account,
cancellationToken).ConfigureAwait(false))
{
if (result.IsSuccess)
{
msalTokenResponse = WamAdapters.ParseRuntimeResponse(result, authenticationRequestParameters, _logger);
}
else
{
WamAdapters.ThrowExceptionFromWamError(result, authenticationRequestParameters, _logger);
}
}
}
}
return(msalTokenResponse);
}
public async Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenSilentParameters silentParameters,
CancellationToken cancellationToken)
{
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.TelemetryCorrelationId);
var requestParameters = _clientApplicationBase.CreateRequestParameters(
commonParameters,
requestContext,
_clientApplicationBase.UserTokenCacheInternal);
var handler = new SilentRequest(ServiceBundle, requestParameters, silentParameters);
return(await handler.RunAsync(cancellationToken).ConfigureAwait(false));
}
public void ConstructorTests()
{
using (var harness = new MockHttpTestHarness(TestConstants.AuthorityHomeTenant))
{
var parameters = harness.CreateRequestParams(harness.Cache, null);
var silentParameters = new AcquireTokenSilentParameters();
var request = new SilentRequest(harness.ServiceBundle, parameters, silentParameters);
Assert.IsNotNull(request);
parameters.Account = new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null);
request = new SilentRequest(harness.ServiceBundle, parameters, silentParameters);
Assert.IsNotNull(request);
request = new SilentRequest(harness.ServiceBundle, parameters, silentParameters);
Assert.IsNotNull(request);
}
}
public async Task ATS_DefaultAccount_Async()
{
string homeAccId = $"{TestConstants.Uid}.{TestConstants.Utid}";
// Arrange
using (var harness = CreateTestHarness())
{
var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null);
var requestParams = harness.CreateAuthenticationRequestParameters(TestConstants.AuthorityHomeTenant); // AAD authority, no account
var webTokenRequest = new WebTokenRequest(wamAccountProvider);
var atsParams = new AcquireTokenSilentParameters();
_webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider));
var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>();
webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success);
var webTokenResponse = new WebTokenResponse();
webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>()
{
webTokenResponse
});
_aadPlugin.CreateWebTokenRequestAsync(
wamAccountProvider,
requestParams,
isForceLoginPrompt: false,
isAccountInWam: false,
isInteractive: false)
.Returns(Task.FromResult(webTokenRequest));
_wamProxy.GetTokenSilentlyForDefaultAccountAsync(webTokenRequest).
Returns(Task.FromResult(webTokenResponseWrapper));
_aadPlugin.ParseSuccesfullWamResponse(webTokenResponse).Returns(_msalTokenResponse);
// Act
var result = await _wamBroker.AcquireTokenSilentDefaultUserAsync(requestParams, atsParams).ConfigureAwait(false);
// Assert
Assert.AreSame(_msalTokenResponse, result);
await _aadPlugin.Received(1).CreateWebTokenRequestAsync(wamAccountProvider,
requestParams,
isForceLoginPrompt: false,
isAccountInWam: false,
isInteractive: false).ConfigureAwait(false);
}
}
public void BrokerSilentRequestBrokerRequiredTestAsync()
{
IDictionary <string, string> extraQueryParamsAndClaims =
TestConstants.s_extraQueryParams.ToDictionary(e => e.Key, e => e.Value);
extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims);
using (var harness = new MockHttpTestHarness(TestConstants.AuthorityHomeTenant))
{
_tokenCacheHelper.PopulateCache(harness.Cache.Accessor);
harness.ServiceBundle.PlatformProxy.SetBrokerForTest(CreateMockBroker());
var parameters = harness.CreateRequestParams(
harness.Cache,
null,
TestConstants.s_extraQueryParams,
TestConstants.Claims,
authorityOverride: AuthorityInfo.FromAuthorityUri(TestConstants.AuthorityHomeTenant, false));
parameters.IsBrokerEnabled = false;
var silentParameters = new AcquireTokenSilentParameters()
{
Account = new Account(TestConstants.HomeAccountId, TestConstants.DisplayableId, TestConstants.ProductionPrefCacheEnvironment),
};
TestCommon.MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
ExpectedQueryParams = extraQueryParamsAndClaims
});
var request = new SilentRequest(harness.ServiceBundle, parameters, silentParameters);
Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None);
var result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.AreEqual(TestConstants.s_scope.AsSingleString(), result.Scopes.AsSingleString());
}
}
public static BrokerRequest FromSilentParameters(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
BrokerRequest br = FromAuthenticationParameters(authenticationRequestParameters);
#pragma warning disable CA1305 // Specify IFormatProvider
br.ForceRefresh = acquireTokenSilentParameters.ForceRefresh.ToString();
#pragma warning restore CA1305 // Specify IFormatProvider
br.UserName = !string.IsNullOrEmpty(acquireTokenSilentParameters.Account?.Username) ?
acquireTokenSilentParameters.Account?.Username :
acquireTokenSilentParameters.LoginHint;
br.HomeAccountId = acquireTokenSilentParameters.Account?.HomeAccountId?.Identifier;
br.LocalAccountId = acquireTokenSilentParameters.Account?.HomeAccountId?.ObjectId;
return(br);
}
public SilentRequest(
IServiceBundle serviceBundle,
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters silentParameters,
ISilentAuthRequestStrategy clientStrategyOverride = null,
ISilentAuthRequestStrategy brokerStrategyOverride = null)
: base(serviceBundle, authenticationRequestParameters, silentParameters)
{
_silentParameters = silentParameters;
_brokerStrategyLazy = new Lazy <ISilentAuthRequestStrategy>(() => brokerStrategyOverride ?? new BrokerSilentStrategy(this,
serviceBundle,
authenticationRequestParameters,
silentParameters,
serviceBundle.PlatformProxy.CreateBroker(null)));
_clientStrategy = clientStrategyOverride ?? new CacheSilentStrategy(this, serviceBundle, authenticationRequestParameters, silentParameters);
_logger = authenticationRequestParameters.RequestContext.Logger;
}
public void ExpiredTokenRefreshFlowTest()
{
using (var harness = new MockHttpTestHarness(TestConstants.AuthorityHomeTenant))
{
TokenCacheHelper.PopulateCache(harness.Cache.Accessor);
var parameters = harness.CreateRequestParams(
harness.Cache,
null,
TestConstants.ExtraQueryParameters,
TestConstants.Claims,
authorityOverride: AuthorityInfo.FromAuthorityUri(TestConstants.AuthorityHomeTenant, false));
var silentParameters = new AcquireTokenSilentParameters()
{
Account = new Account(TestConstants.HomeAccountId, TestConstants.DisplayableId, TestConstants.ProductionPrefCacheEnvironment),
};
TokenCacheHelper.ExpireAllAccessTokens(harness.Cache);
harness.HttpManager.AddInstanceDiscoveryMockHandler();
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
ExpectedQueryParams = TestConstants.ExtraQueryParameters,
ExpectedPostData = new Dictionary <string, string>()
{
{ OAuth2Parameter.Claims, TestConstants.Claims }
}
});
var request = new SilentRequest(harness.ServiceBundle, parameters, silentParameters);
Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None);
var result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.AreEqual(TestConstants.s_scope.AsSingleString(), result.Scopes.AsSingleString());
}
}
private MockHttpAndServiceBundle CreateBrokerHelper()
{
MockHttpAndServiceBundle harness = CreateTestHarness();
_parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: TestConstants.ExtraQueryParameters,
claims: TestConstants.Claims);
_parameters.IsBrokerConfigured = true;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters();
_acquireTokenSilentParameters = new AcquireTokenSilentParameters();
IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(null);
_brokerInteractiveRequest =
new BrokerInteractiveRequestComponent(
_parameters,
interactiveParameters,
broker,
"install_url");
_brokerSilentAuthStrategy =
new SilentBrokerAuthStrategy(
new SilentRequest(harness.ServiceBundle, _parameters, _acquireTokenSilentParameters),
harness.ServiceBundle,
_parameters,
_acquireTokenSilentParameters,
broker);
_brokerHttpResponse = new HttpResponse();
_brokerHttpResponse.Body = "SomeBody";
_brokerHttpResponse.StatusCode = HttpStatusCode.Unauthorized;
_brokerHttpResponse.Headers = new HttpResponseMessage().Headers;
return(harness);
}
public async Task <MsalTokenResponse> AcquireTokenSilentAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
CheckPowerOptimizationStatus();
BrokerRequest brokerRequest = BrokerRequest.FromSilentParameters(
authenticationRequestParameters, acquireTokenSilentParameters);
try
{
await InitiateBrokerHandshakeAsync().ConfigureAwait(false);
return(await AcquireTokenSilentViaBrokerAsync(brokerRequest).ConfigureAwait(false));
}
catch (Exception ex)
{
_logger.ErrorPiiWithPrefix(ex, "[Android broker] Android broker silent invocation failed. ");
_brokerHelper.HandleBrokerOperationError(ex);
throw;
}
}
public async Task <MsalTokenResponse> AcquireTokenSilentAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
BrokerRequest brokerRequest = BrokerRequest.FromSilentParameters(
authenticationRequestParameters, acquireTokenSilentParameters);
try
{
await _brokerHelper.InitiateBrokerHandshakeAsync(_parentActivity).ConfigureAwait(false);
var androidBrokerTokenResponse = await AcquireTokenSilentViaBrokerAsync(brokerRequest).ConfigureAwait(false);
return(androidBrokerTokenResponse);
}
catch (Exception ex)
{
_logger.ErrorPiiWithPrefix(ex, "Android broker silent invocation failed. ");
HandleBrokerOperationError(ex);
throw;
}
}
