/// <summary>
/// Initializes the Authentication Provider
/// </summary>
/// <param name="options">The options to use</param>
internal override void Init(PnPCoreAuthenticationCredentialConfigurationOptions options)
{
// We need the OnBehalfOf options
if (options.OnBehalfOf == null)
{
throw new ConfigurationErrorsException(
PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidConfiguration);
}
// We need the certificate thumbprint
if (string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret) && string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint))
{
throw new ConfigurationErrorsException(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_InvalidClientSecretOrCertificate);
}
ClientId = !string.IsNullOrEmpty(options.ClientId) ? options.ClientId : AuthGlobals.DefaultClientId;
TenantId = !string.IsNullOrEmpty(options.TenantId) ? options.TenantId : AuthGlobals.OrganizationsTenantId;
if (!string.IsNullOrEmpty(options.OnBehalfOf.Thumbprint))
{
// We prioritize the X.509 certificate, if any
Certificate = X509CertificateUtility.LoadCertificate(
options.OnBehalfOf.StoreName,
options.OnBehalfOf.StoreLocation,
options.OnBehalfOf.Thumbprint);
}
else if (!string.IsNullOrEmpty(options.OnBehalfOf.ClientSecret))
{
// Otherwise we fallback to the client secret
ClientSecret = options.OnBehalfOf.ClientSecret.ToSecureString();
}
if (Certificate != null)
{
confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(ClientId)
.WithCertificate(Certificate)
.WithPnPAdditionalAuthenticationSettings(
options.OnBehalfOf.AuthorityUri,
options.OnBehalfOf.RedirectUri,
TenantId)
.Build();
}
else
{
confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(ClientId)
.WithClientSecret(ClientSecret.ToInsecureString())
.WithPnPAdditionalAuthenticationSettings(
options.OnBehalfOf.AuthorityUri,
options.OnBehalfOf.RedirectUri,
TenantId)
.Build();
}
// Log the initialization information
Log?.LogInformation(PnPCoreAuthResources.OnBehalfOfAuthenticationProvider_LogInit);
}
