Example #1
0
        public async Task ATI_WithPicker_MsaPt_Async()
        {
            string homeAccId = $"{TestConstants.Uid}.{TestConstants.Utid}";

            // Arrange
            using (var harness = CreateTestHarness())
            {
                var requestParams = harness.CreateAuthenticationRequestParameters(
                    TestConstants.AuthorityHomeTenant); // AAD authorities for whi

                // msa-pt scenario
                requestParams.AppConfig.IsMsaPassthrough = true;
                var accountPicker = Substitute.For <IAccountPicker>();
                _accountPickerFactory.Create(Arg.Any <IntPtr>(), null, null, null, false).ReturnsForAnyArgs(accountPicker);
                var msaProvider = new WebAccountProvider("msa", "*****@*****.**", null);
                accountPicker.DetermineAccountInteractivelyAsync().Returns(Task.FromResult(msaProvider));
                // AAD plugin + consumer provider = Guest MSA-PT scenario
                _webAccountProviderFactory.IsConsumerProvider(msaProvider).Returns(true);
                _msaPassthroughHandler.TryFetchTransferTokenAsync(requestParams, msaProvider)
                .Returns(Task.FromResult("transfer_token"));

                var aadProvider = new WebAccountProvider("aad", "*****@*****.**", null);
                _webAccountProviderFactory.GetAccountProviderAsync("home").Returns(aadProvider);

                // make sure the final request is done with the AAD provider
                var webTokenRequest = new WebTokenRequest(aadProvider);
                _aadPlugin.CreateWebTokenRequestAsync(
                    aadProvider,
                    requestParams,
                    isForceLoginPrompt: false,
                    isInteractive: true,
                    isAccountInWam: false)
                .Returns(Task.FromResult(webTokenRequest));

                var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>();
                webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success);
                var webTokenResponse = new WebTokenResponse();
                webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>()
                {
                    webTokenResponse
                });

                _wamProxy.RequestTokenForWindowAsync(Arg.Any <IntPtr>(), webTokenRequest).
                Returns(Task.FromResult(webTokenResponseWrapper));
                _aadPlugin.ParseSuccessfullWamResponse(webTokenResponse, out _).Returns(_msalTokenResponse);

                var atiParams = new AcquireTokenInteractiveParameters();

                // Act
                var result = await _wamBroker.AcquireTokenInteractiveAsync(requestParams, atiParams)
                             .ConfigureAwait(false);

                // Assert
                Assert.AreSame(_msalTokenResponse, result);
                _msaPassthroughHandler.Received(1).AddTransferTokenToRequest(webTokenRequest, "transfer_token");
            }
        }
Example #2
0
        private async Task <MsalTokenResponse> AcquireInteractiveWithPickerAsync(
            AuthenticationRequestParameters authenticationRequestParameters,
            Prompt msalPrompt)
        {
            bool isMsaPassthrough = _wamOptions.MsaPassthrough;
            var  accountPicker    = _accountPickerFactory.Create(
                _parentHandle,
                _logger,
                _synchronizationContext,
                authenticationRequestParameters.Authority,
                isMsaPassthrough);

            IWamPlugin      wamPlugin;
            WebTokenRequest webTokenRequest;

            try
            {
                WebAccountProvider accountProvider = await
                                                     accountPicker.DetermineAccountInteractivelyAsync().ConfigureAwait(false);

                if (accountProvider == null)
                {
                    var errorMessage = "WAM Account Picker did not return an account.";
#if !WINDOWS_APP
                    if (WindowsNativeUtils.IsElevatedUser())
                    {
                        errorMessage = MsalErrorMessage.AuthenticationFailedWamElevatedProcess;
                    }
#endif
                    throw new MsalClientException(MsalError.AuthenticationCanceledError, errorMessage);
                }

                bool isConsumerTenant = _webAccountProviderFactory.IsConsumerProvider(accountProvider);
                // WAM returns the tenant here, not the full authority
                wamPlugin = (isConsumerTenant && !isMsaPassthrough) ? _msaPlugin : _aadPlugin;

                string transferToken      = null;
                bool   isForceLoginPrompt = false;
                if (isConsumerTenant && isMsaPassthrough)
                {
                    // Get a transfer token to avoid prompting the user twice
                    transferToken = await _msaPassthroughHandler.TryFetchTransferTokenAsync(
                        authenticationRequestParameters,
                        accountProvider).ConfigureAwait(false);

                    // If a TT cannot be obtained, force the interactive experience again
                    isForceLoginPrompt = string.IsNullOrEmpty(transferToken);

                    // For MSA-PT, the MSA provider will issue v1 token, which cannot be used.
                    // Only the AAD provider can issue a v2 token
                    accountProvider = await _webAccountProviderFactory.GetAccountProviderAsync(
                        authenticationRequestParameters.Authority.TenantId)
                                      .ConfigureAwait(false);
                }

                webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync(
                    accountProvider,
                    authenticationRequestParameters,
                    isForceLoginPrompt : isForceLoginPrompt,
                    isInteractive : true,
                    isAccountInWam : false)
                                  .ConfigureAwait(true);

                _msaPassthroughHandler.AddTransferTokenToRequest(webTokenRequest, transferToken);

                WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest, _logger);
                AddPromptToRequest(msalPrompt, isForceLoginPrompt, webTokenRequest);
            }
            catch (Exception ex) when(!(ex is MsalException))
            {
                _logger.ErrorPii(ex);
                throw new MsalServiceException(
                          MsalError.WamPickerError,
                          "Could not get the account provider - account picker. See inner exception for details", ex);
            }

            IWebTokenRequestResultWrapper wamResult;
            try
            {
                wamResult = await _wamProxy.RequestTokenForWindowAsync(_parentHandle, webTokenRequest).ConfigureAwait(false);
            }
            catch (Exception ex)
            {
                _logger.ErrorPii(ex);
                throw new MsalServiceException(
                          MsalError.WamPickerError,
                          "Could not get the result - account picker. See inner exception for details", ex);
            }

            return(WamAdapters.CreateMsalResponseFromWamResponse(
                       wamResult,
                       wamPlugin,
                       authenticationRequestParameters.AppConfig.ClientId,
                       _logger,
                       isInteractive: true));
        }