public async Task ResolveEndpointsAsync(string userPrincipalName, RequestContext requestContext)
        {
            var msg = "Resolving authority endpoints... Already resolved? - " + _resolved;

            requestContext.Logger.Info(msg);
            requestContext.Logger.InfoPii(msg);

            if (!_resolved)
            {
                var    authorityUri = new Uri(CanonicalAuthority);
                string host         = authorityUri.Authority;
                string path         = authorityUri.AbsolutePath.Substring(1);
                string tenant       = path.Substring(0, path.IndexOf("/", StringComparison.Ordinal));
                IsTenantless = TenantlessTenantNames.Contains(tenant.ToLowerInvariant());
                // create log message
                msg = "Is Authority tenantless? - " + IsTenantless;
                requestContext.Logger.Info(msg);
                requestContext.Logger.InfoPii(msg);

                if (ExistsInValidatedAuthorityCache(userPrincipalName))
                {
                    msg = "Authority found in validated authority cache";
                    requestContext.Logger.Info(msg);
                    requestContext.Logger.InfoPii(msg);
                    Authority authority = ValidatedAuthorities[CanonicalAuthority];
                    AuthorityType         = authority.AuthorityType;
                    CanonicalAuthority    = authority.CanonicalAuthority;
                    ValidateAuthority     = authority.ValidateAuthority;
                    IsTenantless          = authority.IsTenantless;
                    AuthorizationEndpoint = authority.AuthorizationEndpoint;
                    TokenEndpoint         = authority.TokenEndpoint;
                    EndSessionEndpoint    = authority.EndSessionEndpoint;
                    SelfSignedJwtAudience = authority.SelfSignedJwtAudience;

                    return;
                }

                string openIdConfigurationEndpoint =
                    await
                    GetOpenIdConfigurationEndpoint(userPrincipalName, requestContext)
                    .ConfigureAwait(false);

                //discover endpoints via openid-configuration
                TenantDiscoveryResponse edr =
                    await DiscoverEndpoints(openIdConfigurationEndpoint, requestContext).ConfigureAwait(false);

                if (string.IsNullOrEmpty(edr.AuthorizationEndpoint))
                {
                    throw new MsalClientException(MsalClientException.TenantDiscoveryFailedError,
                                                  "Authorize endpoint was not found in the openid configuration");
                }

                if (string.IsNullOrEmpty(edr.TokenEndpoint))
                {
                    throw new MsalClientException(MsalClientException.TenantDiscoveryFailedError,
                                                  "Token endpoint was not found in the openid configuration");
                }

                if (string.IsNullOrEmpty(edr.Issuer))
                {
                    throw new MsalClientException(MsalClientException.TenantDiscoveryFailedError,
                                                  "Issuer was not found in the openid configuration");
                }

                AuthorizationEndpoint = edr.AuthorizationEndpoint.Replace("{tenant}", tenant);
                TokenEndpoint         = edr.TokenEndpoint.Replace("{tenant}", tenant);
                SelfSignedJwtAudience = edr.Issuer.Replace("{tenant}", tenant);

                _resolved = true;

                AddToValidatedAuthorities(userPrincipalName);
            }
        }
Ejemplo n.º 2
0
        public async Task ResolveEndpointsAsync(string userPrincipalName, CallState callState)
        {
            if (!this._resolved)
            {
                var    authorityUri = new Uri(this.CanonicalAuthority);
                string host         = authorityUri.Authority;
                string path         = authorityUri.AbsolutePath.Substring(1);
                string tenant       = path.Substring(0, path.IndexOf("/", StringComparison.Ordinal));
                this.IsTenantless =
                    TenantlessTenantName.Any(
                        name => string.Compare(tenant, name, StringComparison.OrdinalIgnoreCase) == 0);

                if (ExistsInValidatedAuthorityCache(userPrincipalName))
                {
                    Authority authority = ValidatedAuthorities[this.CanonicalAuthority];
                    AuthorityType         = authority.AuthorityType;
                    CanonicalAuthority    = authority.CanonicalAuthority;
                    ValidateAuthority     = authority.ValidateAuthority;
                    IsTenantless          = authority.IsTenantless;
                    AuthorizationEndpoint = authority.AuthorizationEndpoint;
                    TokenEndpoint         = authority.TokenEndpoint;
                    EndSessionEndpoint    = authority.EndSessionEndpoint;
                    SelfSignedJwtAudience = authority.SelfSignedJwtAudience;

                    return;
                }

                string openIdConfigurationEndpoint =
                    await
                    this.GetOpenIdConfigurationEndpoint(host, tenant, userPrincipalName, callState)
                    .ConfigureAwait(false);

                //discover endpoints via openid-configuration
                TenantDiscoveryResponse edr =
                    await this.DiscoverEndpoints(openIdConfigurationEndpoint, callState).ConfigureAwait(false);

                if (string.IsNullOrEmpty(edr.AuthorizationEndpoint))
                {
                    throw new MsalServiceException(MsalError.TenantDiscoveryFailed,
                                                   string.Format(CultureInfo.InvariantCulture, "Authorize endpoint was not found at {0}",
                                                                 openIdConfigurationEndpoint));
                }

                if (string.IsNullOrEmpty(edr.TokenEndpoint))
                {
                    throw new MsalServiceException(MsalError.TenantDiscoveryFailed,
                                                   string.Format(CultureInfo.InvariantCulture, "Authorize endpoint was not found at {0}",
                                                                 openIdConfigurationEndpoint));
                }

                if (string.IsNullOrEmpty(edr.Issuer))
                {
                    throw new MsalServiceException(MsalError.TenantDiscoveryFailed,
                                                   string.Format(CultureInfo.InvariantCulture, "Issuer was not found at {0}",
                                                                 openIdConfigurationEndpoint));
                }

                this.AuthorizationEndpoint = edr.AuthorizationEndpoint.Replace("{tenant}", tenant);
                this.TokenEndpoint         = edr.TokenEndpoint.Replace("{tenant}", tenant);
                this.SelfSignedJwtAudience = edr.Issuer.Replace("{tenant}", tenant);

                this._resolved = true;

                this.AddToValidatedAuthorities(userPrincipalName);
            }
        }