public void GetExactScopesMatchedAccessTokenTest()
{
var atItem = Credential.CreateAccessToken(
MsalTestConstants.HomeAccountId,
MsalTestConstants.ProductionPrefNetworkEnvironment,
new Uri(MsalTestConstants.AuthorityTestTenant).GetRealm(),
MsalTestConstants.ClientId,
ScopeUtils.JoinScopes(MsalTestConstants.Scope),
TimeUtils.GetSecondsFromEpochNow(),
TimeUtils.GetSecondsFromEpochNow() + MsalCacheV2TestConstants.ValidExpiresIn,
TimeUtils.GetSecondsFromEpochNow() + MsalCacheV2TestConstants.ValidExtendedExpiresIn,
TheSecret,
string.Empty);
_storageWorker.WriteCredentials(
new List <Credential>
{
atItem
});
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
var cacheManager = new CacheManager(
_storageManager,
new AuthenticationRequestParameters
{
Account = MsalTestConstants.User,
// TODO: In MSALC++, the request parameters only really needs the
// Authority URI itself since the cache isn't meant to
// do ANY network calls.
// So it would be great if we could reduce the complexity/dependencies
// here and do any of the validated authority cache / instance discovery
// outside of the context of the authentication parameters and
// cache interaction and just track the authority we're using...
// AccountId = MsalTestConstants.HomeAccountId,
// Authority = new Uri(MsalTestConstants.AuthorityTestTenant),
Authority = Authority.CreateAuthority(
serviceBundle,
MsalTestConstants.AuthorityTestTenant,
false),
ClientId = MsalTestConstants.ClientId,
Scope = new SortedSet <string>(MsalCacheV2TestConstants.Scope) // todo(mzuber): WHY SORTED SET?
});
Assert.IsTrue(cacheManager.TryReadCache(out var tokenResponse, out var accountResponse));
Assert.IsNotNull(tokenResponse);
Assert.IsNull(accountResponse);
Assert.AreEqual(TheSecret, tokenResponse.AccessToken);
}
}
public static Credential GetAccessToken()
{
return(Credential.CreateAccessToken(
GetHomeAccountId(),
Environment,
Realm,
ClientId,
GetTarget(),
CachedAt,
ExpiresOn,
ExtendedExpiresOn,
AccessTokenRaw,
AdditionalFieldsJson));
}
/// <inheritdoc />
public IAccount CacheTokenResponse(MsalTokenResponse msalTokenResponse)
{
var tokenResponse = new TokenResponse(msalTokenResponse);
string homeAccountId = GetHomeAccountId(tokenResponse);
var authority = new Uri(_authParameters.Authority.CanonicalAuthority);
string environment = authority.GetEnvironment();
string realm = authority.GetRealm();
string clientId = _authParameters.ClientId;
string target = ScopeUtils.JoinScopes(tokenResponse.GrantedScopes);
if (string.IsNullOrWhiteSpace(homeAccountId) || string.IsNullOrWhiteSpace(environment) ||
string.IsNullOrWhiteSpace(realm) || string.IsNullOrWhiteSpace(clientId) || string.IsNullOrWhiteSpace(target))
{
// skipping writing to the cache, PK is empty
return(null);
}
var credentialsToWrite = new List <Credential>();
long cachedAt = DateTime.UtcNow.Ticks; // todo: this is probably wrong
if (tokenResponse.HasRefreshToken)
{
credentialsToWrite.Add(
Credential.CreateRefreshToken(
homeAccountId,
environment,
clientId,
cachedAt,
tokenResponse.RefreshToken,
string.Empty));
}
if (tokenResponse.HasAccessToken)
{
long expiresOn = tokenResponse.ExpiresOn.Ticks; // todo: this is probably wrong
long extendedExpiresOn = tokenResponse.ExtendedExpiresOn.Ticks; // todo: this is probably wrong
var accessToken = Credential.CreateAccessToken(
homeAccountId,
environment,
realm,
clientId,
target,
cachedAt,
expiresOn,
extendedExpiresOn,
tokenResponse.AccessToken,
string.Empty);
if (IsAccessTokenValid(accessToken))
{
credentialsToWrite.Add(accessToken);
}
}
var idTokenJwt = tokenResponse.IdToken;
if (!idTokenJwt.IsEmpty)
{
credentialsToWrite.Add(
Credential.CreateIdToken(
homeAccountId,
environment,
realm,
clientId,
cachedAt,
idTokenJwt.Raw,
string.Empty));
}
var status = _storageManager.WriteCredentials(string.Empty, credentialsToWrite);
if (status.StatusType != OperationStatusType.Success)
{
// warning error writing to cache
}
// if id token jwt is empty, return null
string localAccountId = GetLocalAccountId(idTokenJwt);
var authorityType = GetAuthorityType();
var account = Microsoft.Identity.Client.CacheV2.Schema.Account.Create(
homeAccountId,
environment,
realm,
localAccountId,
authorityType,
idTokenJwt.PreferredUsername,
idTokenJwt.GivenName,
idTokenJwt.FamilyName,
idTokenJwt.MiddleName,
idTokenJwt.Name,
idTokenJwt.AlternativeId,
tokenResponse.RawClientInfo,
string.Empty);
status = _storageManager.WriteAccount(string.Empty, account);
if (status.StatusType != OperationStatusType.Success)
{
// warning error writing account to cache
}
return(account);
}
