internal SharedTokenCacheCredential(string tenantId, string username, TokenCredentialOptions options, CredentialPipeline pipeline, MsalPublicClient client)
{
_tenantId = tenantId;
_username = username;
_record = (options as SharedTokenCacheCredentialOptions)?.AuthenticationRecord;
_pipeline = pipeline ?? CredentialPipeline.GetInstance(options);
_client = client ?? new MsalPublicClient(_pipeline, tenantId, Constants.DeveloperSignOnClientId, null, (options as ITokenCacheOptions) ?? s_DefaultCacheOptions);
_accountAsyncLock = new AsyncLockWithValue <IAccount>();
}
internal SharedTokenCacheCredential(string tenantId, string username, TokenCredentialOptions options, CredentialPipeline pipeline, MsalPublicClient client)
{
_tenantId = tenantId;
_username = username;
_skipTenantValidation = (options as SharedTokenCacheCredentialOptions)?.EnableGuestTenantAuthentication ?? false;
_record = (options as SharedTokenCacheCredentialOptions)?.AuthenticationRecord;
_pipeline = pipeline ?? CredentialPipeline.GetInstance(options);
Client = client ?? new MsalPublicClient(
_pipeline,
tenantId,
(options as SharedTokenCacheCredentialOptions)?.ClientId ?? Constants.DeveloperSignOnClientId,
null,
(options as ITokenCacheOptions) ?? s_DefaultCacheOptions,
options?.IsLoggingPIIEnabled ?? false);
_accountAsyncLock = new AsyncLockWithValue <IAccount>();
}
private async Task <AccessToken> GetTokenViaBrowserLoginAsync(TokenRequestContext context, bool async, CancellationToken cancellationToken)
{
Prompt prompt = LoginHint switch
{
null => Prompt.SelectAccount,
_ => Prompt.NoPrompt
};
var tenantId = TenantIdResolver.Resolve(_tenantId ?? Record?.TenantId, context, _allowMultiTenantAuthentication);
AuthenticationResult result = await Client
.AcquireTokenInteractiveAsync(context.Scopes, context.Claims, prompt, LoginHint, tenantId, async, cancellationToken)
.ConfigureAwait(false);
Record = new AuthenticationRecord(result, ClientId);
return(new AccessToken(result.AccessToken, result.ExpiresOn));
}
}
private async Task <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("UsernamePasswordCredential.GetToken", requestContext);
try
{
AuthenticationResult result = await _client
.AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, _username, _password, async, cancellationToken)
.ConfigureAwait(false);
_record = new AuthenticationRecord(result, _clientId);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e);
}
}
private async Task <AuthenticationResult> AuthenticateImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(UsernamePasswordCredential)}.{nameof(Authenticate)}", requestContext);
try
{
var tenantId = TenantIdResolver.Resolve(_tenantId, requestContext);
AuthenticationResult result = await Client
.AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, requestContext.Claims, _username, _password, tenantId, async, cancellationToken)
.ConfigureAwait(false);
_record = new AuthenticationRecord(result, _clientId);
return(result);
}
catch (Exception e)
{
throw scope.FailWrapAndThrow(e, Troubleshooting);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(AuthorizationCodeCredential)}.{nameof(GetToken)}", requestContext);
try
{
AccessToken token = default;
if (_record is null)
{
AuthenticationResult result = await _confidentialClient.AcquireTokenByAuthorizationCode(requestContext.Scopes, _authCode).ExecuteAsync(async, cancellationToken).ConfigureAwait(false);
_record = new AuthenticationRecord(result);
token = new AccessToken(result.AccessToken, result.ExpiresOn);
}
else
{
AuthenticationResult result = await _confidentialClient.AcquireTokenSilent(requestContext.Scopes, (AuthenticationAccount)_record).ExecuteAsync(async, cancellationToken).ConfigureAwait(false);
token = new AccessToken(result.AccessToken, result.ExpiresOn);
}
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
/// <summary>
/// Creates a new DeviceCodeCredential with the specified options, which will authenticate users using the device code flow.
/// </summary>
/// <param name="deviceCodeCallback">The callback to be executed to display the device code to the user.</param>
/// <param name="options">The client options for the newly created <see cref="DeviceCodeCredential"/>.</param>
internal DeviceCodeCredential(Func <DeviceCodeInfo, CancellationToken, Task> deviceCodeCallback, DeviceCodeCredentialOptions options = default)
: this(deviceCodeCallback, options?.TenantId, options?.ClientId, options, null)
{
_disableAutomaticAuthentication = options?.DisableAutomaticAuthentication ?? false;
_record = options?.AuthenticationRecord;
}
public virtual async ValueTask <AuthenticationResult> AcquireTokenSilentAsync(string[] scopes, string claims, AuthenticationRecord record, bool async, CancellationToken cancellationToken)
{
IPublicClientApplication client = await GetClientAsync(async, cancellationToken).ConfigureAwait(false);
// if the user specified a TenantId when they created the client we want to authenticate to that tenant.
// otherwise we should authenticate with the tenant specified by the authentication record since that's the tenant the
// user authenticated to originally.
return(await client.AcquireTokenSilent(scopes, (AuthenticationAccount)record)
.WithAuthority(Pipeline.AuthorityHost.AbsoluteUri, TenantId ?? record.TenantId)
.WithClaims(claims)
.ExecuteAsync(async, cancellationToken)
.ConfigureAwait(false));
}
/// <summary>
/// Creates a new <see cref="InteractiveBrowserCredential"/> with the specified options, which will authenticate users with the specified application.
/// </summary>
/// <param name="options">The client options for the newly created <see cref="InteractiveBrowserCredential"/>.</param>
internal InteractiveBrowserCredential(InteractiveBrowserCredentialOptions options)
: this(options?.TenantId, options?.ClientId ?? Constants.DeveloperSignOnClientId, null, null)
{
_disableAutomaticAuthentication = options?.DisableAutomaticAuthentication ?? false;
_record = options?.AuthenticationRecord;
}
public async ValueTask <AuthenticationResult> AcquireTokenSilentAsync(string[] scopes, string claims, AuthenticationRecord record, string tenantId, bool async, CancellationToken cancellationToken)
{
return(await AcquireTokenSilentCoreAsync(scopes, claims, record, tenantId, async, cancellationToken).ConfigureAwait(false));
}
/// <summary>
/// Creates a new <see cref="InteractiveBrowserCredential"/> with the specified options, which will authenticate users with the specified application.
/// </summary>
/// <param name="options">The client options for the newly created <see cref="InteractiveBrowserCredential"/>.</param>
public InteractiveBrowserCredential(InteractiveBrowserCredentialOptions options)
: this(options?.TenantId, options?.ClientId ?? Constants.DeveloperSignOnClientId, CredentialPipeline.GetInstance(options), options?.EnablePersistentCache ?? false)
{
_disableAutomaticAuthentication = options?.DisableAutomaticAuthentication ?? false;
_record = options?.AuthenticationRecord;
}
/// <summary>
/// Creates a new DeviceCodeCredential with the specified options, which will authenticate users using the device code flow.
/// </summary>
/// <param name="deviceCodeCallback">The callback to be executed to display the device code to the user.</param>
/// <param name="options">The client options for the newly created <see cref="DeviceCodeCredential"/>.</param>
public DeviceCodeCredential(Func <DeviceCodeInfo, CancellationToken, Task> deviceCodeCallback, DeviceCodeCredentialOptions options = default)
: this(deviceCodeCallback, options?.TenantId, options?.ClientId, CredentialPipeline.GetInstance(options), options)
{
_disableAutomaticAuthentication = options?.DisableAutomaticAuthentication ?? false;
_record = options?.AuthenticationRecord;
}
internal AuthenticationAccount(AuthenticationRecord profile)
{
_profile = profile;
}