/// <summary>
/// Initializes a new instance of the <see cref="MsalAuthenticationService{TAccount, TProviderOptions}"/> class.
/// </summary>
/// <param name="clientApplication">The public client application to use to connect.</param>
/// <param name="protectedStorage">The protect storage where refresh tokens will be stored.</param>
/// <param name="accountClaimsPrincipalFactory">The <see cref="AccountClaimsPrincipalFactory{TAccount}"/> used to generate the <see cref="ClaimsPrincipal"/> for the user.</param>
public MsalAuthenticationService(
PublicClientApplication clientApplication,
IProtectedStorage protectedStorage,
AccountClaimsPrincipalFactory <TAccount> accountClaimsPrincipalFactory) :
base(new RemoteAuthenticationOptions <TProviderOptions>()
{
ProviderOptions = new TProviderOptions()
{
#pragma warning disable CA1062 // Validate arguments of public methods
ClientCapabilities = clientApplication.AppConfig.ClientCapabilities,
ClientId = clientApplication.AppConfig.ClientId,
ClientName = clientApplication.AppConfig.ClientName,
ClientVersion = clientApplication.AppConfig.ClientVersion,
EnablePiiLogging = clientApplication.AppConfig.EnablePiiLogging,
IsDefaultPlatformLoggingEnabled = clientApplication.AppConfig.IsDefaultPlatformLoggingEnabled,
LogLevel = clientApplication.AppConfig.LogLevel,
RedirectUri = clientApplication.AppConfig.RedirectUri,
TenantId = clientApplication.AppConfig.TenantId,
#pragma warning restore CA1062 // Validate arguments of public methods
},
}, accountClaimsPrincipalFactory)
{
_clientApplication = clientApplication ?? throw new ArgumentNullException(nameof(clientApplication));
MsalDefaultOptionsConfiguration.Configure(Options as RemoteAuthenticationOptions <PublicClientApplicationOptions>);
SetUpSerializationHandlers(protectedStorage);
}
/// <inheritdoc />
protected async override Task <ClaimsPrincipal> GetAuthenticatedUser()
{
var tokenResult = await RequestAccessToken().ConfigureAwait(false);
if (tokenResult.TryGetToken(out var accessToken))
{
using var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken.Value);
TAccount account = null;
if (_currentScopes.Contains("User.Read"))
{
var response = await httpClient.GetAsync(UserInfoEndpoint).ConfigureAwait(false);
if (response.IsSuccessStatusCode)
{
using var stream = await response.Content.ReadAsStreamAsync().ConfigureAwait(false);
account = await JsonSerializer.DeserializeAsync <TAccount>(stream).ConfigureAwait(false);
}
}
else
{
account = new TAccount();
}
AddIdTokenClaimsToAccount(account, _idToken);
return(await AccountClaimsPrincipalFactory.CreateUserAsync(account, Options.UserOptions).ConfigureAwait(false));
}
return(new ClaimsPrincipal(new ClaimsIdentity()));
}
public RemoteAuthenticationService(
IJSRuntime jsRuntime,
IOptionsSnapshot <RemoteAuthenticationOptions <TProviderOptions> > options,
NavigationManager navigation,
AccountClaimsPrincipalFactory <TAccount> accountClaimsPrincipalFactory)
: this(jsRuntime, options, navigation, accountClaimsPrincipalFactory, null)
{
}
/// <summary>
/// Gets the current authenticated used using JavaScript interop.
/// </summary>
/// <returns>A <see cref="Task{ClaimsPrincipal}"/>that will return the current authenticated user when completes.</returns>
protected internal virtual async ValueTask <ClaimsPrincipal> GetAuthenticatedUser()
{
await EnsureAuthService();
var account = await JsRuntime.InvokeAsync <TAccount>("AuthenticationService.getUser");
var user = await AccountClaimsPrincipalFactory.CreateUserAsync(account, Options.UserOptions);
return(user);
}
/// <summary>
/// Initializes a new instance of the <see cref="MsalAuthenticationService{TAccount, TProviderOptions}"/> class.
/// </summary>
/// <param name="options">The options to be passed down to the underlying Authentication library handling the authentication operations.</param>
/// <param name="protectedStorage">The protect storage where refresh tokens will be stored.</param>
/// <param name="accountClaimsPrincipalFactory">The <see cref="AccountClaimsPrincipalFactory{TAccount}"/> used to generate the <see cref="ClaimsPrincipal"/> for the user.</param>
public MsalAuthenticationService(
IOptionsSnapshot <RemoteAuthenticationOptions <TProviderOptions> > options,
IProtectedStorage protectedStorage,
AccountClaimsPrincipalFactory <TAccount> accountClaimsPrincipalFactory) :
base(options?.Value, accountClaimsPrincipalFactory)
{
_clientApplication = (PublicClientApplication)PublicClientApplicationBuilder.CreateWithApplicationOptions(Options.ProviderOptions).Build();
SetUpSerializationHandlers(protectedStorage);
}
/// <summary>
/// Initializes a new instance.
/// </summary>
/// <param name="jsRuntime">The <see cref="IJSRuntime"/> to use for performing JavaScript interop operations.</param>
/// <param name="options">The options to be passed down to the underlying JavaScript library handling the authentication operations.</param>
/// <param name="navigation">The <see cref="NavigationManager"/> used to generate URLs.</param>
/// <param name="accountClaimsPrincipalFactory">The <see cref="AccountClaimsPrincipalFactory{TAccount}"/> used to generate the <see cref="ClaimsPrincipal"/> for the user.</param>
public RemoteAuthenticationService(
IJSRuntime jsRuntime,
IOptionsSnapshot <RemoteAuthenticationOptions <TProviderOptions> > options,
NavigationManager navigation,
AccountClaimsPrincipalFactory <TAccount> accountClaimsPrincipalFactory)
{
JsRuntime = jsRuntime;
Navigation = navigation;
AccountClaimsPrincipalFactory = accountClaimsPrincipalFactory;
Options = options.Value;
}
/// <summary>
/// Initializes a new instance.
/// </summary>
/// <param name="jsRuntime">The <see cref="IJSRuntime"/> to use for performing JavaScript interop operations.</param>
/// <param name="options">The options to be passed down to the underlying JavaScript library handling the authentication operations.</param>
/// <param name="navigation">The <see cref="NavigationManager"/> used to generate URLs.</param>
/// <param name="accountClaimsPrincipalFactory">The <see cref="AccountClaimsPrincipalFactory{TAccount}"/> used to generate the <see cref="ClaimsPrincipal"/> for the user.</param>
/// <param name="logger">The logger to use for login authentication operations.</param>
public RemoteAuthenticationService(
IJSRuntime jsRuntime,
IOptionsSnapshot <RemoteAuthenticationOptions <TProviderOptions> > options,
NavigationManager navigation,
AccountClaimsPrincipalFactory <TAccount> accountClaimsPrincipalFactory,
ILogger <RemoteAuthenticationService <TRemoteAuthenticationState, TAccount, TProviderOptions> > logger)
{
JsRuntime = jsRuntime;
Navigation = navigation;
AccountClaimsPrincipalFactory = accountClaimsPrincipalFactory;
Options = options.Value;
_loggingOptions = new JavaScriptLoggingOptions(logger?.IsEnabled(LogLevel.Debug) ?? false, logger?.IsEnabled(LogLevel.Trace) ?? false);
}
