[Ignore] // https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1038 public void B2CMicrosoftOnlineCreateAuthority() { using (var harness = CreateTestHarness()) { // add mock response for tenant endpoint discovery harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://login.microsoftonline.com/tfp/mytenant.com/my-policy/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-B2C.json"))) }); Authority instance = Authority.CreateAuthority( "https://login.microsoftonline.com/tfp/mytenant.com/my-policy/"); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C); var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/token", endpoints.TokenEndpoint); Assert.AreEqual("https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/", endpoints.SelfSignedJwtAudience); } }
public void FailedTenantDiscoveryMissingEndpointsTest() { using (var harness = CreateTestHarness()) { // add mock response for tenant endpoint discovery harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://fs.contoso.com/adfs/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("OpenidConfiguration-MissingFields-OnPremise.json"))) }); Authority instance = Authority.CreateAuthority(TestConstants.OnPremiseAuthority); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Adfs); try { var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, TestConstants.FabrikamDisplayableId, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.Fail("validation should have failed here"); } catch (MsalServiceException exc) { Assert.AreEqual(MsalError.TenantDiscoveryFailedError, exc.ErrorCode); } } }
public void B2CLoginAuthorityEndpoints() { using (var httpManager = new MockHttpManager()) { var appConfig = new ApplicationConfiguration() { HttpManager = httpManager, AuthorityInfo = AuthorityInfo.FromAuthorityUri( "https://sometenantid.b2clogin.com/tfp/6babcaad-604b-40ac-a9d7-9fd97c0b779f/b2c_1_susi/", true) }; var serviceBundle = ServiceBundle.Create(appConfig); Authority instance = Authority.CreateAuthority( "https://sometenantid.b2clogin.com/tfp/6babcaad-604b-40ac-a9d7-9fd97c0b779f/b2c_1_susi/"); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C); var resolver = new AuthorityEndpointResolutionManager(serviceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(serviceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.AreEqual( "https://sometenantid.b2clogin.com/tfp/6babcaad-604b-40ac-a9d7-9fd97c0b779f/b2c_1_susi/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint); Assert.AreEqual( "https://sometenantid.b2clogin.com/tfp/6babcaad-604b-40ac-a9d7-9fd97c0b779f/b2c_1_susi/oauth2/v2.0/token", endpoints.TokenEndpoint); Assert.AreEqual("https://sometenantid.b2clogin.com/tfp/6babcaad-604b-40ac-a9d7-9fd97c0b779f/b2c_1_susi/oauth2/v2.0/token", endpoints.SelfSignedJwtAudience); } }
public void ValidationOffSuccessTest() { using (var harness = CreateTestHarness()) { // add mock response for tenant endpoint discovery harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://fs.contoso.com/adfs/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("OpenidConfiguration-OnPremise.json"))) }); Authority instance = Authority.CreateAuthority(TestConstants.OnPremiseAuthority); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Adfs); var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, TestConstants.FabrikamDisplayableId, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/authorize/", endpoints.AuthorizationEndpoint); Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/token/", endpoints.TokenEndpoint); Assert.AreEqual("https://fs.contoso.com/adfs", endpoints.SelfSignedJwtAudience); } }
public void FailedTenantDiscoveryMissingEndpointsTest() { using (var harness = CreateTestHarness()) { // add mock response for tenant endpoint discovery harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://login.microsoftonline.in/mytenant.com/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-MissingFields.json"))) }); Authority instance = Authority.CreateAuthority(harness.ServiceBundle, "https://login.microsoftonline.in/mytenant.com"); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad); try { var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .ConfigureAwait(false).GetAwaiter().GetResult(); Assert.Fail("validation should have failed here"); } catch (MsalClientException exc) { Assert.AreEqual(MsalError.TenantDiscoveryFailedError, exc.ErrorCode); } } }
public void CreateEndpointsWithCommonTenantTest() { using (var harness = CreateTestHarness()) { // add mock response for tenant endpoint discovery harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfigurationCommon.json"))) }); Authority instance = Authority.CreateAuthority(harness.ServiceBundle, "https://login.microsoftonline.com/common"); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad); var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .ConfigureAwait(false).GetAwaiter().GetResult(); Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint); Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/token", endpoints.TokenEndpoint); Assert.AreEqual("https://login.microsoftonline.com/common/v2.0", endpoints.SelfSignedJwtAudience); } }
public void SuccessfulValidationTest() { using (var harness = CreateTestHarness()) { // add mock response for instance validation harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://login.microsoftonline.com/common/discovery/instance", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.1" }, { "authorization_endpoint", "https%3A%2F%2Flogin.microsoftonline.in%2Fmytenant.com%2Foauth2%2Fv2.0%2Fauthorize" }, }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( "{\"tenant_discovery_endpoint\":\"https://login.microsoftonline.in/mytenant.com/.well-known/openid-configuration\"}") }); // add mock response for tenant endpoint discovery harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://login.microsoftonline.in/mytenant.com/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration.json"))) }); Authority instance = Authority.CreateAuthority("https://login.microsoftonline.in/mytenant.com", true); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad); var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint); Assert.AreEqual( "https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/oauth2/v2.0/token", endpoints.TokenEndpoint); Assert.AreEqual("https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/oauth2/v2.0/token", endpoints.SelfSignedJwtAudience); Assert.AreEqual("https://login.microsoftonline.in/common/userrealm/", instance.AuthorityInfo.UserRealmUriPrefix); } }
public void FailedValidationTest() { using (var harness = CreateTestHarness()) { // add mock response for on-premise DRS request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" } }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("drs-response.json"))) }); // add mock response for on-premise webfinger request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://fs.fabrikam.com/adfs/.well-known/webfinger", ExpectedQueryParams = new Dictionary <string, string> { { "resource", "https://fs.contoso.com" }, { "rel", "http://schemas.microsoft.com/rel/trusted-realm" } }, ResponseMessage = MockHelpers.CreateFailureMessage(HttpStatusCode.NotFound, "not-found") }); Authority instance = Authority.CreateAuthority(TestConstants.OnPremiseAuthority); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Adfs); try { var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, TestConstants.FabrikamDisplayableId, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.Fail("ResolveEndpointsAsync should have failed here"); } catch (Exception exc) { Assert.IsNotNull(exc); } } }
public void FailedValidationTest() { using (var harness = CreateTestHarness()) { // add mock response for instance validation harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://login.microsoftonline.com/common/discovery/instance", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.1" }, { "authorization_endpoint", "https%3A%2F%2Flogin.microsoft0nline.com%2Fmytenant.com%2Foauth2%2Fv2.0%2Fauthorize" }, }, ResponseMessage = MockHelpers.CreateFailureMessage( HttpStatusCode.BadRequest, "{\"error\":\"invalid_instance\"," + "\"error_description\":\"AADSTS50049: " + "Unknown or invalid instance. Trace " + "ID: b9d0894d-a9a4-4dba-b38e-8fb6a009bc00 " + "Correlation ID: 34f7b4cf-4fa2-4f35-a59b" + "-54b6f91a9c94 Timestamp: 2016-08-23 " + "20:45:49Z\",\"error_codes\":[50049]," + "\"timestamp\":\"2016-08-23 20:45:49Z\"," + "\"trace_id\":\"b9d0894d-a9a4-4dba-b38e-8f" + "b6a009bc00\",\"correlation_id\":\"34f7b4cf-" + "4fa2-4f35-a59b-54b6f91a9c94\"}") }); Authority instance = Authority.CreateAuthority("https://login.microsoft0nline.com/mytenant.com", true); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad); TestCommon.CreateServiceBundleWithCustomHttpManager(harness.HttpManager, authority: instance.AuthorityInfo.CanonicalAuthority, validateAuthority: true); try { var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .ConfigureAwait(false).GetAwaiter().GetResult(); Assert.Fail("validation should have failed here"); } catch (Exception exc) { Assert.IsTrue(exc is MsalServiceException); Assert.AreEqual(((MsalServiceException)exc).ErrorCode, "invalid_instance"); } } }
public void B2CLoginAuthorityCreateAuthority() { using (var httpManager = new MockHttpManager()) { var appConfig = new ApplicationConfiguration() { HttpManager = httpManager, AuthorityInfo = AuthorityInfo.FromAuthorityUri(TestConstants.B2CLoginAuthority, false) }; var serviceBundle = ServiceBundle.Create(appConfig); // add mock response for tenant endpoint discovery httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://sometenantid.b2clogin.com/tfp/sometenantid/policy/v2.0/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-B2CLogin.json"))) }); Authority instance = Authority.CreateAuthority( serviceBundle, TestConstants.B2CLoginAuthority); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C); var resolver = new AuthorityEndpointResolutionManager(serviceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(serviceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.AreEqual( "https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/policy/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint); Assert.AreEqual( "https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/policy/oauth2/v2.0/token", endpoints.TokenEndpoint); Assert.AreEqual("https://sometenantid.b2clogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/v2.0/", endpoints.SelfSignedJwtAudience); } }
public void CreateEndpointsWithCommonTenantTest() { using (var harness = CreateTestHarness()) { Authority instance = Authority.CreateAuthority("https://login.microsoftonline.com/common"); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad); var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .ConfigureAwait(false).GetAwaiter().GetResult(); Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint); Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/token", endpoints.TokenEndpoint); Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/token", endpoints.SelfSignedJwtAudience); } }
public void NotEnoughPathSegmentsTest() { try { var serviceBundle = TestCommon.CreateDefaultServiceBundle(); var instance = Authority.CreateAuthority(serviceBundle, "https://login.microsoftonline.in/tfp/"); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C); var resolver = new AuthorityEndpointResolutionManager(serviceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, RequestContext.CreateForTest(serviceBundle)).ConfigureAwait(false).GetAwaiter().GetResult(); Assert.Fail("test should have failed"); } catch (Exception exc) { Assert.IsInstanceOfType(exc, typeof(ArgumentException)); Assert.AreEqual(MsalErrorMessage.B2cAuthorityUriInvalidPath, exc.Message); } }
public void FailedValidationMissingFieldsInDrsResponseTest() { using (var harness = CreateTestHarness()) { // add mock failure response for on-premise DRS request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" } }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("drs-response-missing-field.json"))) }); Authority instance = Authority.CreateAuthority(harness.ServiceBundle, TestConstants.OnPremiseAuthority); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Adfs); try { var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, TestConstants.FabrikamDisplayableId, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.Fail("ResolveEndpointsAsync should have failed here"); } catch (Exception exc) { Assert.IsNotNull(exc); } } }
public void FailedValidationMissingFieldsTest() { using (var harness = CreateTestHarness()) { // add mock response for instance validation harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://login.windows.net/common/discovery/instance", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" }, { "authorization_endpoint", "https://login.microsoft0nline.com/mytenant.com/oauth2/v2.0/authorize" }, }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage("{}") }); Authority instance = Authority.CreateAuthority(harness.ServiceBundle, "https://login.microsoft0nline.com/mytenant.com"); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad); try { var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, null, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .ConfigureAwait(false).GetAwaiter().GetResult(); Assert.Fail("validation should have failed here"); } catch (Exception exc) { Assert.IsNotNull(exc); } } }
public void SuccessfulValidationUsingCloudDrsFallbackTest() { using (var harness = CreateTestHarness()) { // add mock failure response for on-premise DRS request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://enterpriseregistration.fabrikam.com/enrollmentserver/contract", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" } }, ResponseMessage = MockHelpers.CreateFailureMessage(HttpStatusCode.NotFound, "not found") }); // add mock response for cloud DRS request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://enterpriseregistration.windows.net/fabrikam.com/enrollmentserver/contract", ExpectedQueryParams = new Dictionary <string, string> { { "api-version", "1.0" } }, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("drs-response.json"))) }); // add mock response for on-premise webfinger request harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://fs.fabrikam.com/adfs/.well-known/webfinger", ExpectedQueryParams = new Dictionary <string, string> { { "resource", "https://fs.contoso.com" }, { "rel", "http://schemas.microsoft.com/rel/trusted-realm" } }, ResponseMessage = MockHelpers.CreateSuccessWebFingerResponseMessage() }); // add mock response for tenant endpoint discovery harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ExpectedUrl = "https://fs.contoso.com/adfs/.well-known/openid-configuration", ResponseMessage = MockHelpers.CreateSuccessResponseMessage( ResourceHelper.GetTestResourceRelativePath(File.ReadAllText("OpenidConfiguration-OnPremise.json"))) }); Authority instance = Authority.CreateAuthority(TestConstants.OnPremiseAuthority); Assert.IsNotNull(instance); Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Adfs); var resolver = new AuthorityEndpointResolutionManager(harness.ServiceBundle); var endpoints = resolver.ResolveEndpointsAsync( instance.AuthorityInfo, TestConstants.FabrikamDisplayableId, new RequestContext(harness.ServiceBundle, Guid.NewGuid())) .GetAwaiter().GetResult(); Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/authorize/", endpoints.AuthorizationEndpoint); Assert.AreEqual("https://fs.contoso.com/adfs/oauth2/token/", endpoints.TokenEndpoint); Assert.AreEqual("https://fs.contoso.com/adfs", endpoints.SelfSignedJwtAudience); } }