public async Task GetAuthorizationRequestUrlB2CTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithRedirectUri(MsalTestConstants.RedirectUri) .WithClientSecret(MsalTestConstants.ClientSecret) .WithHttpManager(httpManager) .BuildConcrete(); // add mock response for tenant endpoint discovery httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = MockHelpers.CreateSuccessResponseMessage( File.ReadAllText( ResourceHelper.GetTestResourceRelativePath(@"OpenidConfiguration-QueryParams-B2C.json"))) }); var uri = await app .GetAuthorizationRequestUrl(MsalTestConstants.Scope) .WithLoginHint(MsalTestConstants.DisplayableId) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(uri); Dictionary <string, string> qp = CoreHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null); Assert.IsNotNull(qp); Assert.AreEqual("my-policy", qp["p"]); ValidateCommonQueryParams(qp); Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2", qp["scope"]); } }
public async Task AcquireTokenByRefreshTokenTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddSuccessTokenResponseMockHandlerForPost(TestConstants.AuthorityCommonTenant); var app = ConfidentialClientApplicationBuilder .Create(TestConstants.ClientId) .WithAuthority(new Uri(TestConstants.AuthorityCommonTenant), true) .WithRedirectUri(TestConstants.RedirectUri) .WithClientSecret(TestConstants.ClientSecret) .WithHttpManager(httpManager) .BuildConcrete(); var result = await(app as IByRefreshToken) .AcquireTokenByRefreshToken(null, "SomeRefreshToken") .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); Assert.IsNotNull(result.AccessToken); Assert.AreEqual(result.AccessToken, "some-access-token"); app.UserTokenCacheInternal.Accessor.Clear(); httpManager.AddSuccessTokenResponseMockHandlerForPost(TestConstants.AuthorityCommonTenant); result = await((IByRefreshToken)app) .AcquireTokenByRefreshToken(TestConstants.s_scope, "SomeRefreshToken") .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); Assert.IsNotNull(result.AccessToken); Assert.AreEqual(result.AccessToken, "some-access-token"); } }
private async Task ValidateGetAccountsWithDiscoveryAsync(string tokenCacheAsString) { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var pcaGlobal = InitPcaFromCacheString(AzureCloudInstance.AzurePublic, httpManager, tokenCacheAsString); var pcaDe = InitPcaFromCacheString(AzureCloudInstance.AzureGermany, httpManager, tokenCacheAsString); var pcaCn = InitPcaFromCacheString(AzureCloudInstance.AzureChina, httpManager, tokenCacheAsString); // Act var accountsGlobal = await pcaGlobal.GetAccountsAsync().ConfigureAwait(false); var accountsDe = await pcaDe.GetAccountsAsync().ConfigureAwait(false); var accountsCn = await pcaCn.GetAccountsAsync().ConfigureAwait(false); // Assert Assert.AreEqual("login.microsoftonline.com", accountsGlobal.Single().Environment); Assert.IsTrue(!accountsDe.Any()); Assert.AreEqual("login.chinacloudapi.cn", accountsCn.Single().Environment); } }
public async Task RegionFallbackToGlobalAsync() { _httpManager.AddRegionDiscoveryMockHandlerNotFound(); _httpManager.AddInstanceDiscoveryMockHandler(); _httpManager.AddMockHandler(CreateTokenResponseHttpHandler(true)); var app = CreateApp(); try { AuthenticationResult result = await app .AcquireTokenForClient(TestConstants.s_scope) .WithPreferredAzureRegion(true, string.Empty, true) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result.AccessToken); } catch (MsalServiceException) { Assert.Fail("Fallback to global failed."); } }
public async Task FederatedUsernamePasswordWithSecureStringAcquireTokenTestAsync() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); AddMockResponseForFederatedAccounts(httpManager); var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority); var result = await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.Account); Assert.AreEqual(MsalTestConstants.User.Username, result.Account.Username); } }
public async Task ManagedUsernameSecureStringPasswordAcquireTokenTestAsync() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); AddMockResponseforManagedAccounts(httpManager); httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(), PostDataObject = new Dictionary <string, object> { { "grant_type", "password" }, { "username", MsalTestConstants.User.Username }, { "password", _secureString } } }); var app = new PublicClientApplication( serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority); var result = await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.Account); Assert.AreEqual(MsalTestConstants.User.Username, result.Account.Username); } }
public void AcquireTokenByIntegratedWindowsAuthTest_UnknownUser() { // Arrange using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant); // user realm discovery - unknown user type httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\"," + "\"account_type\":\"Bogus\"}") } }); var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority); // Act var exception = AssertException.TaskThrows <MsalClientException>( async() => await app.AcquireTokenByIntegratedWindowsAuthAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username) .ConfigureAwait(false)); // Assert Assert.AreEqual(MsalError.UnknownUserType, exception.ErrorCode); } }
public async Task GetAuthorizationRequestUrlDuplicateParamsTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithRedirectUri(MsalTestConstants.RedirectUri) .WithClientSecret(MsalTestConstants.ClientSecret) .WithHttpManager(httpManager) .BuildConcrete(); httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority); try { var uri = await app .GetAuthorizationRequestUrl(MsalTestConstants.Scope) .WithLoginHint(MsalTestConstants.DisplayableId) .WithExtraQueryParameters("[email protected]") .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.Fail("MSALException should be thrown here"); } catch (MsalException exc) { Assert.AreEqual("duplicate_query_parameter", exc.ErrorCode); Assert.AreEqual("Duplicate query parameter 'login_hint' in extraQueryParameters", exc.Message); } catch (Exception ex) { Assert.Fail("Wrong type of exception thrown: " + ex); } } }
public async Task AcquireTokenByIntegratedWindowsAuthTest_UnknownUserAsync() { // Arrange using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); // user realm discovery - unknown user type httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( "{\"ver\":\"1.0\"," + "\"account_type\":\"Bogus\"}") } }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .BuildConcrete(); // Act MsalClientException exception = await AssertException.TaskThrowsAsync <MsalClientException>( async() => await app .AcquireTokenByIntegratedWindowsAuth(TestConstants.s_scope) .WithUsername(TestConstants.s_user.Username) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false)).ConfigureAwait(false); // Assert Assert.AreEqual(MsalError.UnknownUserType, exception.ErrorCode); } }
public async Task FederatedUsernamePasswordCommonAuthorityTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustUserName(httpManager); // AAD httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedUrl = "https://login.microsoftonline.com/common/oauth2/v2.0/token", ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage() }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .BuildConcrete(); // Call acquire token MsalServiceException result = await AssertException.TaskThrowsAsync <MsalServiceException>( async() => await app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, _secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false)).ConfigureAwait(false); // Check inner exception Assert.AreEqual(MsalError.InvalidRequest, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
public async Task ManagedUsernameSecureStringPasswordAcquireTokenTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); AddMockResponseforManagedAccounts(httpManager); httpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(), ExpectedPostDataObject = new Dictionary <string, object> { { "grant_type", "password" }, { "username", TestConstants.s_user.Username }, { "password", _secureString } } }); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); AuthenticationResult result = await app.AcquireTokenByUsernamePassword( TestConstants.s_scope, TestConstants.s_user.Username, _secureString).ExecuteAsync(CancellationToken.None).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.Account); Assert.AreEqual(TestConstants.s_user.Username, result.Account.Username); } }
public void AcquireTokenSilentScopeAndUserOverloadWithNoMatchingScopesInCacheTest() { // this test ensures that the API can // get authority (if unique) from the cache entries where scope does not match. // it should only happen for case where no authority is passed. using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); PublicClientApplication app = PublicClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .BuildConcrete(); _tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); app.UserTokenCacheInternal.Accessor.DeleteAccessToken( new MsalAccessTokenCacheKey( MsalTestConstants.ProductionPrefNetworkEnvironment, MsalTestConstants.Utid, MsalTestConstants.UserIdentifier, MsalTestConstants.ClientId, MsalTestConstants.ScopeForAnotherResourceStr)); Task <AuthenticationResult> task = app .AcquireTokenSilent( MsalTestConstants.ScopeForAnotherResource.ToArray(), new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null)) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(MsalTestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(MsalTestConstants.ScopeForAnotherResource.AsSingleString(), result.Scopes.AsSingleString()); Assert.AreEqual(2, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); } }
public async Task AcquireTokenSilent_LoginHintAsync() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(MsalTestConstants.AuthorityTestTenant), true) .WithHttpManager(httpManager) .BuildConcrete(); _tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); httpManager.AddInstanceDiscoveryMockHandler(); AuthenticationResult result = await app.AcquireTokenSilent( MsalTestConstants.Scope.ToArray(), MsalTestConstants.DisplayableId) .WithAuthority(app.Authority, false) .ExecuteAsync() .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(MsalTestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(MsalTestConstants.Scope.AsSingleString(), result.Scopes.AsSingleString()); } }
[WorkItem(1403)] // https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1403 public async Task FooAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithClientSecret(TestConstants.ClientSecret) .WithHttpManager(httpManager) .BuildConcrete(); var handler = httpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage(); handler.ExpectedPostData = new Dictionary <string, string>() { // Bug 1403: Do not add reserved scopes profile, offline_access and openid to Confidential Client request { "scope", TestConstants.s_scope.AsSingleString() } }; var result = await app.AcquireTokenForClient(TestConstants.s_scope.ToArray()) .WithAuthority(TestConstants.AuthorityUtidTenant) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); } }
public async Task TokensAreInterchangable_NonRegional_To_Regional_Async() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandler(CreateTokenResponseHttpHandler(false)); IConfidentialClientApplication appWithRegion = CreateCca( httpManager, ConfidentialClientApplication.AttemptRegionDiscovery); InMemoryTokenCache memoryTokenCache = new InMemoryTokenCache(); memoryTokenCache.Bind(appWithRegion.AppTokenCache); IConfidentialClientApplication appWithoutRegion = CreateCca( httpManager, null); memoryTokenCache.Bind(appWithoutRegion.AppTokenCache); AuthenticationResult result = await appWithoutRegion .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsTrue(result.AuthenticationResultMetadata.TokenSource == TokenSource.IdentityProvider); httpManager.AddRegionDiscoveryMockHandler("uscentral"); // when switching to non-region, token is found in the cache result = await appWithRegion .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsTrue(result.AuthenticationResultMetadata.TokenSource == TokenSource.Cache); } }
public async Task RegionFallbackToGlobalAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddRegionDiscoveryMockHandlerNotFound(); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandler(CreateTokenResponseHttpHandler(false)); IConfidentialClientApplication app = CreateCca( httpManager, ConfidentialClientApplication.AttemptRegionDiscovery); try { AuthenticationResult result = await app .AcquireTokenForClient(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result.AccessToken); Assert.AreEqual(null, result.ApiEvent.RegionUsed); Assert.IsNull(result.ApiEvent.AutoDetectedRegion); Assert.AreEqual(RegionAutodetectionSource.FailedAutoDiscovery, result.ApiEvent.RegionAutodetectionSource); Assert.AreEqual(RegionOutcome.FallbackToGlobal, result.ApiEvent.RegionOutcome); Assert.IsNull(result.AuthenticationResultMetadata.RegionDetails.RegionUsed); Assert.AreEqual(RegionOutcome.FallbackToGlobal, result.AuthenticationResultMetadata.RegionDetails.RegionOutcome); Assert.IsTrue(result.AuthenticationResultMetadata.RegionDetails.AutoDetectionError .Contains(TestConstants.RegionDiscoveryIMDSCallFailedMessage)); } catch (MsalServiceException) { Assert.Fail("Fallback to global failed."); } } }
public async Task AcquireTokenByOboNullCcsTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var extraUnexpectedHeaders = new List <string>() { { Constants.CcsRoutingHintHeader } }; AddMockHandlerAadSuccess(httpManager, TestConstants.AuthorityCommonTenant, extraUnexpectedHeaders); var cca = ConfidentialClientApplicationBuilder .Create(TestConstants.ClientId) .WithClientSecret(TestConstants.ClientSecret) .WithAuthority(TestConstants.AuthorityCommonTenant) .WithHttpManager(httpManager) .BuildConcrete(); UserAssertion userAssertion = new UserAssertion(TestConstants.DefaultAccessToken); var result = await cca.AcquireTokenOnBehalfOf(TestConstants.s_scope, userAssertion) .WithCcsRoutingHint("") .WithCcsRoutingHint("", "") .ExecuteAsync().ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); result = await cca.AcquireTokenOnBehalfOf(TestConstants.s_scope, userAssertion) .WithCcsRoutingHint("") .WithCcsRoutingHint("", "") .ExecuteAsync().ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); } }
public void GetAuthorizationRequestUrlCustomRedirectUriTest() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var app = ConfidentialClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithRedirectUri(MsalTestConstants.RedirectUri) .WithClientSecret(MsalTestConstants.ClientSecret) .WithHttpManager(httpManager) .BuildConcrete(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityGuestTenant); const string CustomRedirectUri = "custom://redirect-uri"; Task <Uri> task = app .GetAuthorizationRequestUrl(MsalTestConstants.Scope) .WithRedirectUri(CustomRedirectUri) .WithLoginHint(MsalTestConstants.DisplayableId) .WithExtraQueryParameters("extra=qp") .WithExtraScopesToConsent(MsalTestConstants.ScopeForAnotherResource) .WithAuthority(MsalTestConstants.AuthorityGuestTenant) .ExecuteAsync(CancellationToken.None); var uri = task.Result; Assert.IsNotNull(uri); Assert.IsTrue( uri.AbsoluteUri.StartsWith(MsalTestConstants.AuthorityGuestTenant, StringComparison.CurrentCulture)); Dictionary <string, string> qp = CoreHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null); ValidateCommonQueryParams(qp, CustomRedirectUri); Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2 r2/scope1 r2/scope2", qp["scope"]); Assert.IsFalse(qp.ContainsKey("client_secret")); Assert.AreEqual("qp", qp["extra"]); } }
public void UnifiedCache_RemoveAccountIsApplicationSpecific() { byte[] data = null; using (var httpManager = new MockHttpManager()) { // login to app var app = PublicClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); app.UserTokenCache.SetBeforeAccess((TokenCacheNotificationArgs args) => { args.TokenCache.DeserializeMsalV3(data); }); app.UserTokenCache.SetAfterAccess((TokenCacheNotificationArgs args) => { data = args.TokenCache.SerializeMsalV3(); }); httpManager.AddInstanceDiscoveryMockHandler(); MsalMockHelpers.ConfigureMockWebUI( app.ServiceBundle.PlatformProxy, AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code")); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant); httpManager.AddSuccessTokenResponseMockHandlerForPost(ClientApplicationBase.DefaultAuthority); AuthenticationResult result = app .AcquireTokenInteractive(MsalTestConstants.Scope) .ExecuteAsync(CancellationToken.None) .Result; Assert.IsNotNull(result); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllAccounts().Count()); Assert.AreEqual(1, app.GetAccountsAsync().Result.Count()); // login to app1 with same credentials var app1 = PublicClientApplicationBuilder.Create(MsalTestConstants.ClientId2) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .WithAuthority( new Uri(ClientApplicationBase.DefaultAuthority), true).BuildConcrete(); MsalMockHelpers.ConfigureMockWebUI( app1.ServiceBundle.PlatformProxy, AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code")); app1.UserTokenCache.SetBeforeAccess((TokenCacheNotificationArgs args) => { args.TokenCache.DeserializeMsalV3(data); }); app1.UserTokenCache.SetAfterAccess((TokenCacheNotificationArgs args) => { data = args.TokenCache.SerializeMsalV3(); }); httpManager.AddSuccessTokenResponseMockHandlerForPost(ClientApplicationBase.DefaultAuthority); result = app1 .AcquireTokenInteractive(MsalTestConstants.Scope) .ExecuteAsync(CancellationToken.None) .Result; Assert.IsNotNull(result); // make sure that only one account cache entity was created Assert.AreEqual(1, app1.GetAccountsAsync().Result.Count()); Assert.AreEqual(2, app1.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(2, app1.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); Assert.AreEqual(2, app1.UserTokenCacheInternal.Accessor.GetAllIdTokens().Count()); Assert.AreEqual(1, app1.UserTokenCacheInternal.Accessor.GetAllAccounts().Count()); // remove account from app app.RemoveAsync(app.GetAccountsAsync().Result.First()).Wait(); // make sure account removed from app Assert.AreEqual(0, app.GetAccountsAsync().Result.Count()); // make sure account Not removed from app1 Assert.AreEqual(1, app1.GetAccountsAsync().Result.Count()); } }
public void UnifiedCache_MsalStoresToAndReadRtFromAdalCache() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var app = PublicClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .WithUserTokenLegacyCachePersistenceForTest( new TestLegacyCachePersistance()) .BuildConcrete(); MsalMockHelpers.ConfigureMockWebUI( app.ServiceBundle.PlatformProxy, AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code")); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant); httpManager.AddSuccessTokenResponseMockHandlerForPost(ClientApplicationBase.DefaultAuthority); AuthenticationResult result = app.AcquireTokenInteractive(MsalTestConstants.Scope).ExecuteAsync(CancellationToken.None).Result; Assert.IsNotNull(result); // make sure Msal stored RT in Adal cache IDictionary <AdalTokenCacheKey, AdalResultWrapper> adalCacheDictionary = AdalCacheOperations.Deserialize(app.ServiceBundle.DefaultLogger, app.UserTokenCacheInternal.LegacyPersistence.LoadCache()); Assert.IsTrue(adalCacheDictionary.Count == 1); var requestContext = new RequestContext(app.ServiceBundle, Guid.NewGuid()); var accounts = app.UserTokenCacheInternal.GetAccountsAsync( MsalTestConstants.AuthorityCommonTenant, requestContext).Result; foreach (IAccount account in accounts) { app.UserTokenCacheInternal.RemoveMsalAccountWithNoLocks(account, requestContext); } httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ExpectedPostData = new Dictionary <string, string>() { { "grant_type", "refresh_token" } }, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( MsalTestConstants.UniqueId, MsalTestConstants.DisplayableId, MsalTestConstants.Scope.ToArray()) }); // Using RT from Adal cache for silent call AuthenticationResult result1 = app .AcquireTokenSilent(MsalTestConstants.Scope, result.Account) .WithAuthority(MsalTestConstants.AuthorityCommonTenant) .WithForceRefresh(false) .ExecuteAsync(CancellationToken.None) .Result; Assert.IsNotNull(result1); } }
[WorkItem(695)] // Fix for https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/695 public void AcquireTokenSilentForceRefreshFalseMultipleTenantsTest() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // PopulateCache() creates two access tokens var tokenCacheHelper = new TokenCacheHelper(); tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor); Task <AuthenticationResult> task = app .AcquireTokenSilent( TestConstants.s_scope.ToArray(), new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null)) .WithAuthority(TestConstants.AuthorityCommonTenant) .WithForceRefresh(false) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(TestConstants.s_scope.ToArray().AsSingleString(), result.Scopes.AsSingleString()); Assert.AreEqual(0, httpManager.QueueSize); Assert.AreEqual(2, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityGuidTenant2); httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( TestConstants.UniqueId, TestConstants.DisplayableId, TestConstants.s_scope.ToArray()) }); // Same user, scopes, clientId, but different authority // Should result in new AccessToken, but same refresh token Task <AuthenticationResult> task2 = app .AcquireTokenSilent( TestConstants.s_scope.ToArray(), new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null)) .WithAuthority(TestConstants.AuthorityGuidTenant2) .WithForceRefresh(false) .ExecuteAsync(CancellationToken.None); AuthenticationResult result2 = task2.Result; Assert.IsNotNull(result2); Assert.AreEqual(TestConstants.DisplayableId, result2.Account.Username); Assert.AreEqual(TestConstants.s_scope.ToArray().AsSingleString(), result2.Scopes.AsSingleString()); Assert.AreEqual(3, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityGuidTenant); httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( TestConstants.UniqueId, TestConstants.DisplayableId, TestConstants.s_scope.ToArray()) }); // Same user, scopes, clientId, but different authority // Should result in new AccessToken, but same refresh token Task <AuthenticationResult> task3 = app .AcquireTokenSilent( TestConstants.s_scope.ToArray(), new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null)) .WithAuthority(TestConstants.AuthorityGuidTenant) .WithForceRefresh(false) .ExecuteAsync(CancellationToken.None); AuthenticationResult result3 = task3.Result; Assert.IsNotNull(result3); Assert.AreEqual(TestConstants.DisplayableId, result3.Account.Username); Assert.AreEqual(TestConstants.s_scope.ToArray().AsSingleString(), result3.Scopes.AsSingleString()); Assert.AreEqual(4, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); } }
public void UnifiedCache_MsalStoresToAndReadRtFromAdalCache() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); PublicClientApplication app = new PublicClientApplication( serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = { LegacyCachePersistence = new TestLegacyCachePersistance() } }; MsalMockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, app.RedirectUri + "?code=some-code")); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant); httpManager.AddSuccessTokenResponseMockHandlerForPost(); AuthenticationResult result = app.AcquireTokenAsync(MsalTestConstants.Scope).Result; Assert.IsNotNull(result); // make sure Msal stored RT in Adal cache IDictionary <AdalTokenCacheKey, AdalResultWrapper> adalCacheDictionary = AdalCacheOperations.Deserialize(app.UserTokenCache.LegacyCachePersistence.LoadCache()); Assert.IsTrue(adalCacheDictionary.Count == 1); var requestContext = new RequestContext(null, new MsalLogger(Guid.Empty, null)); var accounts = app.UserTokenCache.GetAccounts(MsalTestConstants.AuthorityCommonTenant, false, requestContext); foreach (IAccount account in accounts) { app.UserTokenCache.RemoveMsalAccount(account, requestContext); } httpManager.AddMockHandler( new MockHttpMessageHandler() { Method = HttpMethod.Post, PostData = new Dictionary <string, string>() { { "grant_type", "refresh_token" } }, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( MsalTestConstants.UniqueId, MsalTestConstants.DisplayableId, MsalTestConstants.Scope.ToArray()) }); // Using RT from Adal cache for silent call AuthenticationResult result1 = app.AcquireTokenSilentAsync( MsalTestConstants.Scope, result.Account, MsalTestConstants.AuthorityCommonTenant, false).Result; Assert.IsNotNull(result1); } }
private static void MockInstanceDiscoveryAndOpenIdRequest(MockHttpManager mockHttpManager) { mockHttpManager.AddInstanceDiscoveryMockHandler(); }
public async Task WAM_AccountIds_GetMerged_Async() { // Arrange using (var httpManager = new MockHttpManager()) { var cache = new InMemoryTokenCache(); httpManager.AddInstanceDiscoveryMockHandler(); var mockBroker = Substitute.For <IBroker>(); mockBroker.IsBrokerInstalledAndInvokable(AuthorityType.Aad).Returns(true); var msalTokenResponse1 = CreateMsalTokenResponseFromWam("wam1"); var msalTokenResponse2 = CreateMsalTokenResponseFromWam("wam2"); var msalTokenResponse3 = CreateMsalTokenResponseFromWam("wam3"); // 2 apps must share the token cache, like FOCI apps, for this test to be interesting var pca1 = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithExperimentalFeatures(true) .WithTestBroker(mockBroker) .WithHttpManager(httpManager) .BuildConcrete(); var pca2 = PublicClientApplicationBuilder.Create(TestConstants.ClientId2) .WithExperimentalFeatures(true) .WithTestBroker(mockBroker) .WithHttpManager(httpManager) .BuildConcrete(); cache.Bind(pca1.UserTokenCache); cache.Bind(pca2.UserTokenCache); pca1.ServiceBundle.Config.BrokerCreatorFunc = (app, config, logger) => mockBroker; pca2.ServiceBundle.Config.BrokerCreatorFunc = (app, config, logger) => mockBroker; // Act mockBroker.AcquireTokenInteractiveAsync(null, null).ReturnsForAnyArgs(Task.FromResult(msalTokenResponse1)); await pca1.AcquireTokenInteractive(TestConstants.s_scope).ExecuteAsync().ConfigureAwait(false); // this should override wam1 id mockBroker.AcquireTokenInteractiveAsync(null, null).ReturnsForAnyArgs(Task.FromResult(msalTokenResponse2)); await pca1.AcquireTokenInteractive(TestConstants.s_scope).ExecuteAsync().ConfigureAwait(false); mockBroker.AcquireTokenInteractiveAsync(null, null).ReturnsForAnyArgs(Task.FromResult(msalTokenResponse3)); await pca2.AcquireTokenInteractive(TestConstants.s_scope).ExecuteAsync().ConfigureAwait(false); var accounts1 = await pca1.GetAccountsAsync().ConfigureAwait(false); var accounts2 = await pca2.GetAccountsAsync().ConfigureAwait(false); // Assert #if SUPPORTS_BROKER var wamAccountIds = (accounts1.Single() as Account).WamAccountIds; Assert.AreEqual(2, wamAccountIds.Count); Assert.AreEqual("wam2", wamAccountIds[TestConstants.ClientId]); Assert.AreEqual("wam3", wamAccountIds[TestConstants.ClientId2]); CoreAssert.AssertDictionariesAreEqual(wamAccountIds, (accounts2.Single() as Account).WamAccountIds, StringComparer.Ordinal); #else Assert.IsTrue(accounts1.All(a => (a as IAccountInternal).WamAccountIds == null)); Assert.IsTrue(accounts2.All(a => (a as IAccountInternal).WamAccountIds == null)); #endif } }
public async Task AuthorityMigrationTestAsync() { // make sure that for all network calls "preferred_cache" environment is used // (it is taken from metadata in instance discovery response), // except very first network call - instance discovery using (var httpManager = new MockHttpManager()) { var authorityUri = new Uri( string.Format( CultureInfo.InvariantCulture, "https://{0}/common", TestConstants.ProductionNotPrefEnvironmentAlias)); httpManager.AddInstanceDiscoveryMockHandler(authorityUri.AbsoluteUri); PublicClientApplication app = PublicClientApplicationBuilder .Create(TestConstants.ClientId) .WithAuthority(authorityUri, true) .WithHttpManager(httpManager) .WithUserTokenLegacyCachePersistenceForTest(new TestLegacyCachePersistance()) .WithTelemetry(new TraceTelemetryConfig()) .WithDebugLoggingCallback() .BuildConcrete(); // mock for openId config request httpManager.AddMockHandler(new MockHttpMessageHandler { ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/common/v2.0/.well-known/openid-configuration", TestConstants.ProductionPrefNetworkEnvironment), ExpectedMethod = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant) }); // mock webUi authorization MsalMockHelpers.ConfigureMockWebUI( app.ServiceBundle.PlatformProxy, AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code"), null, TestConstants.ProductionPrefNetworkEnvironment); // mock token request httpManager.AddMockHandler(new MockHttpMessageHandler { ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/home/oauth2/v2.0/token", TestConstants.ProductionPrefNetworkEnvironment), ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }); AuthenticationResult result = app.AcquireTokenInteractive(TestConstants.s_scope).ExecuteAsync(CancellationToken.None).Result; // make sure that all cache entities are stored with "preferred_cache" environment // (it is taken from metadata in instance discovery response) await ValidateCacheEntitiesEnvironmentAsync(app.UserTokenCacheInternal, TestConstants.ProductionPrefCacheEnvironment).ConfigureAwait(false); // silent request targeting at, should return at from cache for any environment alias foreach (var envAlias in TestConstants.s_prodEnvAliases) { result = await app .AcquireTokenSilent( TestConstants.s_scope, app.GetAccountsAsync().Result.First()) .WithAuthority(string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/", envAlias, TestConstants.Utid)) .WithForceRefresh(false) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result); } // mock for openId config request for tenant specific authority httpManager.AddMockHandler(new MockHttpMessageHandler { ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/v2.0/.well-known/openid-configuration", TestConstants.ProductionPrefNetworkEnvironment, TestConstants.Utid), ExpectedMethod = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityUtidTenant) }); // silent request targeting rt should find rt in cache for authority with any environment alias foreach (var envAlias in TestConstants.s_prodEnvAliases) { result = null; httpManager.AddMockHandler(new MockHttpMessageHandler() { ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/oauth2/v2.0/token", TestConstants.ProductionPrefNetworkEnvironment, TestConstants.Utid), ExpectedMethod = HttpMethod.Post, ExpectedPostData = new Dictionary <string, string>() { { "grant_type", "refresh_token" } }, // return not retriable status code ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage() }); try { result = await app .AcquireTokenSilent( TestConstants.s_scopeForAnotherResource, (await app.GetAccountsAsync().ConfigureAwait(false)).First()) .WithAuthority(string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/", envAlias, TestConstants.Utid)) .WithForceRefresh(false) .ExecuteAsync(CancellationToken.None).ConfigureAwait(false); } catch (MsalUiRequiredException) { } catch (Exception) { Assert.Fail(); } Assert.IsNull(result); } } }
internal static void MockInstanceDiscoveryAndOpenIdRequest(MockHttpManager mockHttpManager) { mockHttpManager.AddInstanceDiscoveryMockHandler(); mockHttpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityHomeTenant); }
private void Init(MockHttpManager httpManager) { httpManager.AddInstanceDiscoveryMockHandler(); }
public async Task ConfidentialClientUsingCertificateTestAsync() { using (var httpManager = new MockHttpManager()) { httpManager.AddInstanceDiscoveryMockHandler(); var cert = new X509Certificate2(ResourceHelper.GetTestResourceRelativePath("valid.crtfile")); var app = CreateConfidentialClient(httpManager, cert, 3); var appCacheAccess = app.AppTokenCache.RecordAccess(); var userCacheAccess = app.UserTokenCache.RecordAccess(); var result = await app.AcquireTokenForClient(TestConstants.s_scope.ToArray()).ExecuteAsync(CancellationToken.None).ConfigureAwait(false); Assert.IsNotNull(result); Assert.IsNotNull("header.payload.signature", result.AccessToken); Assert.AreEqual(TestConstants.s_scope.AsSingleString(), result.Scopes.AsSingleString()); appCacheAccess.AssertAccessCounts(1, 1); userCacheAccess.AssertAccessCounts(0, 0); // make sure user token cache is empty Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); // check app token cache count to be 1 Assert.AreEqual(1, app.AppTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(0, app.AppTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); // no RTs are returned // assert client credential Assert.IsNotNull(app.ClientCredential.CachedAssertion); Assert.AreNotEqual(0, app.ClientCredential.ValidTo); // save client assertion. string cachedAssertion = app.ClientCredential.CachedAssertion; long cacheValidTo = app.ClientCredential.ValidTo; result = await app .AcquireTokenForClient(TestConstants.s_scopeForAnotherResource.ToArray()) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); appCacheAccess.AssertAccessCounts(2, 2); userCacheAccess.AssertAccessCounts(0, 0); Assert.IsNotNull(result); Assert.AreEqual(cacheValidTo, app.ClientCredential.ValidTo); Assert.AreEqual(cachedAssertion, app.ClientCredential.CachedAssertion); // validate the send x5c forces a refresh of the cached client assertion await app .AcquireTokenForClient(TestConstants.s_scope.ToArray()) .WithSendX5C(true) .WithForceRefresh(true) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.AreNotEqual(cachedAssertion, app.ClientCredential.CachedAssertion); appCacheAccess.AssertAccessCounts(2, 3); userCacheAccess.AssertAccessCounts(0, 0); } }
[WorkItem(695)] // Fix for https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/695 public void AcquireTokenSilentForceRefreshMultipleTenantsTest() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(MsalTestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(httpManager) .BuildConcrete(); var tokenCacheHelper = new TokenCacheHelper(); tokenCacheHelper.PopulateCacheWithOneAccessToken(app.UserTokenCacheInternal.Accessor); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant); httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( MsalTestConstants.UniqueId, MsalTestConstants.DisplayableId, MsalTestConstants.Scope.ToArray()) }); // ForceRefresh=true, so skip cache lookup of Access Token // Use refresh token to acquire a new Access Token Task <AuthenticationResult> task = app .AcquireTokenSilent( MsalTestConstants.Scope.ToArray(), new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null)) .WithAuthority(MsalTestConstants.AuthorityCommonTenant) .WithForceRefresh(true) .ExecuteAsync(CancellationToken.None); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(MsalTestConstants.DisplayableId, result.Account.Username); Assert.AreEqual(MsalTestConstants.Scope.ToArray().AsSingleString(), result.Scopes.AsSingleString()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityGuidTenant2); httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( MsalTestConstants.UniqueId, MsalTestConstants.DisplayableId, MsalTestConstants.Scope.ToArray()) }); Task <AuthenticationResult> task2 = app .AcquireTokenSilent( MsalTestConstants.Scope.ToArray(), new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null)) .WithAuthority(MsalTestConstants.AuthorityGuidTenant2) .WithForceRefresh(true) .ExecuteAsync(CancellationToken.None); // Same user, scopes, clientId, but different authority // Should result in new AccessToken, but same refresh token AuthenticationResult result2 = task2.Result; Assert.IsNotNull(result2); Assert.AreEqual(MsalTestConstants.DisplayableId, result2.Account.Username); Assert.AreEqual(MsalTestConstants.Scope.ToArray().AsSingleString(), result2.Scopes.AsSingleString()); Assert.AreEqual(2, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityGuidTenant); httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( MsalTestConstants.UniqueId, MsalTestConstants.DisplayableId, MsalTestConstants.Scope.ToArray()) }); // Same user, scopes, clientId, but different authority // Should result in new AccessToken, but same refresh token Task <AuthenticationResult> task3 = app .AcquireTokenSilent( MsalTestConstants.Scope.ToArray(), new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null)) .WithAuthority(MsalTestConstants.AuthorityGuidTenant) .WithForceRefresh(true) .ExecuteAsync(CancellationToken.None); AuthenticationResult result3 = task3.Result; Assert.IsNotNull(result3); Assert.AreEqual(MsalTestConstants.DisplayableId, result3.Account.Username); Assert.AreEqual(MsalTestConstants.Scope.ToArray().AsSingleString(), result3.Scopes.AsSingleString()); Assert.AreEqual(3, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); // Use same authority as above, number of access tokens should remain constant httpManager.AddMockHandler( new MockHttpMessageHandler() { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage( MsalTestConstants.UniqueId, MsalTestConstants.DisplayableId, MsalTestConstants.Scope.ToArray()) }); Task <AuthenticationResult> task4 = app .AcquireTokenSilent( MsalTestConstants.Scope.ToArray(), new Account(MsalTestConstants.UserIdentifier, MsalTestConstants.DisplayableId, null)) .WithAuthority(MsalTestConstants.AuthorityGuidTenant) .WithForceRefresh(true) .ExecuteAsync(CancellationToken.None); AuthenticationResult result4 = task4.Result; Assert.IsNotNull(result4); Assert.AreEqual(MsalTestConstants.DisplayableId, result4.Account.Username); Assert.AreEqual(MsalTestConstants.Scope.ToArray().AsSingleString(), result4.Scopes.AsSingleString()); Assert.AreEqual(3, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count()); } }
public void UnifiedCache_RemoveAccountIsApplicationSpecific() { byte[] data = null; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); // login to app var tokenCache = new TokenCache(); tokenCache.SetBeforeAccess((TokenCacheNotificationArgs args) => { args.TokenCache.Deserialize(data); }); tokenCache.SetAfterAccess((TokenCacheNotificationArgs args) => { data = args.TokenCache.Serialize(); }); PublicClientApplication app = new PublicClientApplication( serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = tokenCache }; httpManager.AddInstanceDiscoveryMockHandler(); MsalMockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, app.RedirectUri + "?code=some-code")); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant); httpManager.AddSuccessTokenResponseMockHandlerForPost(); AuthenticationResult result = app.AcquireTokenAsync(MsalTestConstants.Scope).Result; Assert.IsNotNull(result); Assert.AreEqual(1, tokenCache.TokenCacheAccessor.GetAllAccountsAsString().Count); Assert.AreEqual(1, app.GetAccountsAsync().Result.Count()); // login tp app1 with same credentials var tokenCache1 = new TokenCache(); tokenCache1.SetBeforeAccess((TokenCacheNotificationArgs args) => { args.TokenCache.Deserialize(data); }); tokenCache1.SetAfterAccess((TokenCacheNotificationArgs args) => { data = args.TokenCache.Serialize(); }); PublicClientApplication app1 = new PublicClientApplication( serviceBundle, MsalTestConstants.ClientId_1, ClientApplicationBase.DefaultAuthority) { UserTokenCache = tokenCache1 }; MsalMockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, app.RedirectUri + "?code=some-code")); httpManager.AddSuccessTokenResponseMockHandlerForPost(); result = app1.AcquireTokenAsync(MsalTestConstants.Scope).Result; Assert.IsNotNull(result); // make sure that only one account cache entity was created Assert.AreEqual(1, tokenCache1.TokenCacheAccessor.GetAllAccountsAsString().Count); Assert.AreEqual(1, app1.GetAccountsAsync().Result.Count()); Assert.AreEqual(2, tokenCache1.TokenCacheAccessor.GetAllAccessTokensAsString().Count); Assert.AreEqual(2, tokenCache1.TokenCacheAccessor.GetAllRefreshTokensAsString().Count); Assert.AreEqual(2, tokenCache1.TokenCacheAccessor.GetAllIdTokensAsString().Count); // remove account from app app.RemoveAsync(app.GetAccountsAsync().Result.First()).Wait(); // make sure account removed from app Assert.AreEqual(0, app.GetAccountsAsync().Result.Count()); // make sure account Not removed from app1 Assert.AreEqual(1, app1.GetAccountsAsync().Result.Count()); } }