/// <summary>
/// Only used by dev test apps
/// </summary>
/// <param name="refreshTokenCacheItem"></param>
internal void SaveRefreshTokenCacheItem(RefreshTokenCacheItem refreshTokenCacheItem)
{
lock (LockObject)
{
TokenCacheNotificationArgs args = new TokenCacheNotificationArgs
{
TokenCache = this,
ClientId = ClientId,
User = refreshTokenCacheItem.User
};
try
{
HasStateChanged = true;
OnBeforeAccess(args);
OnBeforeWrite(args);
TokenCacheAccessor.SaveRefreshToken(refreshTokenCacheItem.GetRefreshTokenItemKey().ToString(),
JsonHelper.SerializeToJson(refreshTokenCacheItem));
}
finally
{
OnAfterAccess(args);
HasStateChanged = false;
}
}
}
public void GetRefreshTokenDifferentEnvironmentTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
RefreshTokenCacheItem rtItem = new RefreshTokenCacheItem()
{
Environment = TestConstants.SovereignEnvironment,
ClientId = TestConstants.ClientId,
RefreshToken = "someRT",
RawClientInfo = MockHelpers.CreateClientInfo(),
DisplayableId = TestConstants.DisplayableId,
IdentityProvider = TestConstants.IdentityProvider,
Name = TestConstants.Name
};
RefreshTokenCacheKey rtKey = rtItem.GetRefreshTokenItemKey();
cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtKey.ToString()] = JsonHelper.SerializeToJson(rtItem);
var authParams = new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = TestConstants.Scope,
User = TestConstants.User
};
Assert.IsNull(cache.FindRefreshToken(authParams));
}
internal void AddRefreshTokenCacheItem(RefreshTokenCacheItem refreshTokenCacheItem)
{
// this method is called by serialize and does not require
// delegates because serialize itself is called from delegates
lock (LockObject)
{
TokenCacheAccessor.SaveRefreshToken(refreshTokenCacheItem.GetRefreshTokenItemKey().ToString(),
JsonHelper.SerializeToJson(refreshTokenCacheItem));
}
}
public void GetRefreshTokenTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
RefreshTokenCacheItem rtItem = new RefreshTokenCacheItem()
{
Environment = TestConstants.ProductionEnvironment,
ClientId = TestConstants.ClientId,
RefreshToken = "someRT",
RawClientInfo = MockHelpers.CreateClientInfo(),
DisplayableId = TestConstants.DisplayableId,
IdentityProvider = TestConstants.IdentityProvider,
Name = TestConstants.Name
};
rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo);
RefreshTokenCacheKey rtKey = rtItem.GetRefreshTokenItemKey();
cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtKey.ToString()] = JsonHelper.SerializeToJson(rtItem);
var authParams = new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = TestConstants.Scope,
User = TestConstants.User
};
Assert.IsNotNull(cache.FindRefreshToken(authParams));
// RT is stored by environment, client id and userIdentifier as index.
// any change to authority (within same environment), uniqueid and displyableid will not
// change the outcome of cache look up.
Assert.IsNotNull(cache.FindRefreshToken(new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant + "more", false),
Scope = TestConstants.Scope,
User = TestConstants.User
}));
}
public static void AddRefreshTokenToCache(TokenCacheAccessor accessor, string uid, string utid, string name)
{
var rtItem = new RefreshTokenCacheItem
{
Environment = TestConstants.ProductionEnvironment,
ClientId = TestConstants.ClientId,
RefreshToken = "someRT",
RawClientInfo = MockHelpers.CreateClientInfo(uid, utid),
DisplayableId = TestConstants.DisplayableId,
IdentityProvider = TestConstants.IdentityProvider,
Name = name
};
rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo);
accessor.RefreshTokenCacheDictionary[rtItem.GetRefreshTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(rtItem);
}
internal void DeleteRefreshToken(RefreshTokenCacheItem refreshTokenCacheItem)
{
lock (LockObject)
{
try
{
TokenCacheNotificationArgs args = new TokenCacheNotificationArgs
{
TokenCache = this,
ClientId = ClientId,
User = refreshTokenCacheItem.User
};
OnBeforeAccess(args);
OnBeforeWrite(args);
TokenCacheAccessor.DeleteRefreshToken(refreshTokenCacheItem.GetRefreshTokenItemKey().ToString());
OnAfterAccess(args);
}
finally
{
HasStateChanged = false;
}
}
}
internal AccessTokenCacheItem SaveAccessAndRefreshToken(AuthenticationRequestParameters requestParams,
TokenResponse response)
{
lock (LockObject)
{
try
{
// create the access token cache item
AccessTokenCacheItem accessTokenCacheItem =
new AccessTokenCacheItem(requestParams.TenantUpdatedCanonicalAuthority, requestParams.ClientId,
response)
{
UserAssertionHash = requestParams.UserAssertion?.AssertionHash
};
TokenCacheNotificationArgs args = new TokenCacheNotificationArgs
{
TokenCache = this,
ClientId = ClientId,
User = accessTokenCacheItem.User
};
HasStateChanged = true;
OnBeforeAccess(args);
OnBeforeWrite(args);
//delete all cache entries with intersecting scopes.
//this should not happen but we have this as a safe guard
//against multiple matches.
requestParams.RequestContext.Logger.Info(
"Looking for scopes for the authority in the cache which intersect with " +
requestParams.Scope.AsSingleString());
IList <AccessTokenCacheItem> accessTokenItemList = new List <AccessTokenCacheItem>();
foreach (var accessTokenString in TokenCacheAccessor.GetAllAccessTokensAsString())
{
AccessTokenCacheItem accessTokenItem =
JsonHelper.DeserializeFromJson <AccessTokenCacheItem>(accessTokenString);
if (accessTokenItem.ClientId.Equals(ClientId) &&
accessTokenItem.Authority.Equals(requestParams.TenantUpdatedCanonicalAuthority) &&
accessTokenItem.ScopeSet.ScopeIntersects(accessTokenCacheItem.ScopeSet))
{
requestParams.RequestContext.Logger.Verbose(
"Intersecting scopes found - " + accessTokenItem.Scope);
accessTokenItemList.Add(accessTokenItem);
}
}
requestParams.RequestContext.Logger.Info(
"Intersecting scope entries count - " + accessTokenItemList.Count);
if (!requestParams.IsClientCredentialRequest)
{
//filter by identifer of the user instead
accessTokenItemList =
accessTokenItemList.Where(
item => item.GetUserIdentifier().Equals(accessTokenCacheItem.GetUserIdentifier()))
.ToList();
requestParams.RequestContext.Logger.Info(
"Matching entries after filtering by user - " + accessTokenItemList.Count);
}
foreach (var cacheItem in accessTokenItemList)
{
TokenCacheAccessor.DeleteAccessToken(cacheItem.GetAccessTokenItemKey().ToString(), requestParams.RequestContext);
}
TokenCacheAccessor.SaveAccessToken(accessTokenCacheItem.GetAccessTokenItemKey().ToString(),
JsonHelper.SerializeToJson(accessTokenCacheItem), requestParams.RequestContext);
// if server returns the refresh token back, save it in the cache.
if (response.RefreshToken != null)
{
// create the refresh token cache item
RefreshTokenCacheItem refreshTokenCacheItem = new RefreshTokenCacheItem(
requestParams.Authority.Host,
requestParams.ClientId,
response);
requestParams.RequestContext.Logger.Info("Saving RT in cache...");
TokenCacheAccessor.SaveRefreshToken(refreshTokenCacheItem.GetRefreshTokenItemKey().ToString(),
JsonHelper.SerializeToJson(refreshTokenCacheItem), requestParams.RequestContext);
}
OnAfterAccess(args);
return(accessTokenCacheItem);
}
finally
{
HasStateChanged = false;
}
}
}
public void GetUsersTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
IEnumerable <IUser> users = app.Users;
Assert.IsNotNull(users);
Assert.IsFalse(users.Any());
cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
app.UserTokenCache = cache;
TokenCacheHelper.PopulateCache(cache.TokenCacheAccessor);
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(1, users.Count());
AccessTokenCacheItem item = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ExpiresOnUnixTimestamp =
MsalHelpers.DateTimeToUnixTimestamp((DateTime.UtcNow + TimeSpan.FromSeconds(3600))),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
RawClientInfo = MockHelpers.CreateClientInfo(),
ScopeSet = TestConstants.Scope
};
item.IdToken = IdToken.Parse(item.RawIdToken);
item.ClientInfo = ClientInfo.CreateFromJson(item.RawClientInfo);
item.AccessToken = item.GetAccessTokenItemKey().ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[item.GetAccessTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(item);
// another cache entry for different uid. user count should be 2.
RefreshTokenCacheItem rtItem = new RefreshTokenCacheItem()
{
Environment = TestConstants.ProductionEnvironment,
ClientId = TestConstants.ClientId,
RefreshToken = "someRT",
RawClientInfo = MockHelpers.CreateClientInfo(TestConstants.Uid + "more", TestConstants.Utid),
DisplayableId = TestConstants.DisplayableId,
IdentityProvider = TestConstants.IdentityProvider,
Name = TestConstants.Name
};
rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo);
cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtItem.GetRefreshTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(rtItem);
Assert.AreEqual(2, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(2, users.Count());
// another cache entry for different environment. user count should still be 2. Sovereign cloud user must not be returned
rtItem = new RefreshTokenCacheItem()
{
Environment = TestConstants.SovereignEnvironment,
ClientId = TestConstants.ClientId,
RefreshToken = "someRT",
RawClientInfo = MockHelpers.CreateClientInfo(TestConstants.Uid + "more1", TestConstants.Utid),
DisplayableId = TestConstants.DisplayableId,
IdentityProvider = TestConstants.IdentityProvider,
Name = TestConstants.Name
};
rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo);
cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtItem.GetRefreshTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(rtItem);
Assert.AreEqual(3, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(2, users.Count());
}