Example #1
0
        public static async Task <string> GetUserToken(string userId)
        {
            var confidentialClient = new ConfidentialClientApplication(notifAppId,
                                                                       authority, redirectUri, notifClientCreds, BlobTokenCache.GetMsalCacheInstance(), null);

            //Logger.LogCallback = AuthLog;
            //Logger.Level = Microsoft.Identity.Client.LogLevel.Verbose;
            //Logger.PiiLoggingEnabled = true;

            var account = await confidentialClient.GetAccountAsync($"{userId}.{tid}");

            if (account == null)
            {
                return(string.Empty);
            }

            try
            {
                var result = await confidentialClient.AcquireTokenSilentAsync(notifScopes, account);

                return(result.AccessToken);
            }
            catch (MsalException)
            {
                return(string.Empty);
            }
        }
Example #2
0
        private async Task <string> GetUserAccessTokenAsync(IEnumerable <string> scopes)
        {
            var userId    = this.GetUserObjectId();
            var appSecret = await this.keyVaultService.GetSecret(this.config.AppSecretKeyVaultKey);

            var credential = new ClientCredential(appSecret);

            var request    = this.httpContextAccessor.HttpContext.Request;
            var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase);

            var tokenCache  = new DistributedTokenCacheHelper(this.cache, this.dataProtectionProvider, userId).GetTokenCache();
            var application = new ConfidentialClientApplication(this.config.ClientId, this.config.Authority, currentUri, credential, tokenCache, null);

            AuthenticationResult result;

            try
            {
                IAccount account = await application.GetAccountAsync($"{userId}.{this.config.TenantId}");

                result = await application.AcquireTokenSilentAsync(scopes, account);
            }
            catch
            {
                var token = await this.httpContextAccessor.HttpContext.GetTokenAsync("access_token");

                var userAssertion = new UserAssertion(token, "urn:ietf:params:oauth:grant-type:jwt-bearer");
                result = await application.AcquireTokenOnBehalfOfAsync(scopes, userAssertion);
            }

            return(result.AccessToken);
        }
        public async Task <string> GetUserAccessTokenAsync(string userId, string userTenant)
        {
            _tokenCache = new SessionTokenCache(userId, _memoryCache).GetCacheInstance();

            var confidentialClientApplication = new ConfidentialClientApplication(_appId, _redirectUri, _credential, _tokenCache, null);

            //var account = await confidentialClientApplication.GetAccountsAsync("446985bc-8939-42d8-8fbc-962f84527b57.99360fd3-03fe-4f03-9291-fe0c7db80be3");

            var account = await confidentialClientApplication.GetAccountAsync($"{userId}.{userTenant}");

            //var c = account.First();

            var result = await confidentialClientApplication.AcquireTokenSilentAsync(_scopes, account);

            return(result.AccessToken);
        }
Example #4
0
        private static async Task RunAuthCode_Async(MockHttpManager httpManager, ConfidentialClientApplication app)
        {
            httpManager.AddSuccessTokenResponseMockHandlerForPost();
            var result = await app
                         .AcquireTokenByAuthorizationCode(TestConstants.s_scope, "some-code")
                         .ExecuteAsync(CancellationToken.None)
                         .ConfigureAwait(false);

            Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);

            var acc = await app.GetAccountAsync(result.Account.HomeAccountId.Identifier).ConfigureAwait(false);

            result = await app.AcquireTokenSilent(TestConstants.s_scope, acc).ExecuteAsync().ConfigureAwait(false);

            Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
        }
        /// <summary>
        /// Gets an access token for a downstream API on behalf of the user which account ID is passed as an argument
        /// </summary>
        /// <param name="accountIdentifier">User account identifier for which to acquire a token.
        /// See <see cref="Microsoft.Identity.Client.AccountId.Identifier"/></param>
        /// <param name="scopes">Scopes for the downstream API to call</param>
        private async Task <string> GetAccessTokenOnBehalfOfUser(ConfidentialClientApplication application, string accountIdentifier, IEnumerable <string> scopes, string loginHint)
        {
            if (accountIdentifier == null)
            {
                throw new ArgumentNullException(nameof(accountIdentifier));
            }

            if (scopes == null)
            {
                throw new ArgumentNullException(nameof(scopes));
            }

            // Get the account
            IAccount account = await application.GetAccountAsync(accountIdentifier);

            // Special case for guest users as the Guest iod / tenant id are not surfaced.
            if (account == null)
            {
                var accounts = await application.GetAccountsAsync();

                account = accounts.FirstOrDefault(a => a.Username == loginHint);
            }

            try
            {
                AuthenticationResult result = null;
                result = await application.AcquireTokenSilentAsync(scopes.Except(scopesRequestedByMsalNet), account);

                return(result.AccessToken);
            }
            catch (MsalException)
            {
                // TODO process the exception see if this is retryable etc ...
                throw;
            }
        }
Example #6
0
        /// <summary>
        /// Gets an access token for a downstream API on behalf of the user which account ID is passed as an argument
        /// </summary>
        /// <param name="accountIdentifier">User account identifier for which to acquire a token.
        /// See <see cref="Microsoft.Identity.Client.AccountId.Identifier"/></param>
        /// <param name="scopes">Scopes for the downstream API to call</param>
        private async Task <string> GetAccessTokenOnBehalfOfUser(HttpContext httpContext, ConfidentialClientApplication application, string accountIdentifier, IEnumerable <string> scopes)
        {
            if (accountIdentifier == null)
            {
                throw new ArgumentNullException(nameof(accountIdentifier));
            }

            if (scopes == null)
            {
                throw new ArgumentNullException(nameof(scopes));
            }

            var accounts = await application.GetAccountsAsync();

            try
            {
                AuthenticationResult result = null;
                var allAccounts             = await application.GetAccountsAsync();

                IAccount account = await application.GetAccountAsync(accountIdentifier);

                result = await application.AcquireTokenSilentAsync(scopes.Except(_scopesRequestedByMsalNet), account);

                return(result.AccessToken);
            }
            catch (MsalUiRequiredException ex)
            {
                ReplyForbiddenWithWwwAuthenticateHeader(httpContext, scopes, ex);
                return(null);
            }
            catch (MsalException ex)
            {
                // TODO process the exception see if this is retryable etc ...
                throw;
            }
        }