/// <summary> /// Initializes the Authentication Provider /// </summary> /// <param name="options">The options to use</param> internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options) { // We need the OnBehalfOf options if (options.OnBehalfOf == null) { throw new ConfigurationErrorsException( PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidConfiguration); } // We need the certificate thumbprint if (string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret) && string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint)) { throw new ConfigurationErrorsException(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidClientSecretOrCertificate); } ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId; TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId; if (!string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint)) { // We prioritize the X.509 certificate, if any Certificate = X509CertificateUtility.LoadCertificate( options.OnBehalfOf.StoreName, options.OnBehalfOf.StoreLocation, options.OnBehalfOf.Thumbprint); } else if (!string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret)) { // Otherwise we fallback to the client secret ClientSecret = options.OnBehalfOf.ClientSecret.ToSecureString(); } if (Certificate != null) { confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(ClientId) .WithCertificate(Certificate) .WithPnPAdditionalAuthenticationSettings( options.OnBehalfOf.AuthorityUri, options.OnBehalfOf.RedirectUri, TenantId) .Build(); } else { confidentialClientApplication = ConfidentialClientApplicationBuilder .Create(ClientId) .WithClientSecret(ClientSecret.ToInsecureString()) .WithPnPAdditionalAuthenticationSettings( options.OnBehalfOf.AuthorityUri, options.OnBehalfOf.RedirectUri, TenantId) .Build(); } // Log the initialization information Log?.LogInformation(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_LogInit); }