public void AcquireTokenADFSV3InteractiveNonFederatedTest()
{
TestCommon.ResetInternalStaticCaches();
_mobileTestHelper.AcquireTokenTestHelper(
_xamarinController,
LabUserHelper.GetAdfsUserAsync(FederationProvider.AdfsV4, false).GetAwaiter().GetResult(),
CoreUiTestConstants.ADFSv3NonFederated);
}
public void AcquireTokenSilentTest()
{
TestCommon.ResetInternalStaticCaches();
_mobileTestHelper.AcquireTokenTestHelper(
_xamarinController,
LabUserHelper.GetDefaultUserAsync().GetAwaiter().GetResult(),
CoreUiTestConstants.AcquireTokenSilent);
}
public void B2CLocalAccountAcquireTokenTest()
{
TestCommon.ResetInternalStaticCaches();
_mobileTestHelper.B2CLocalAccountAcquireTokenSilentTest(
_xamarinController,
LabUserHelper.GetB2CLocalAccountAsync().GetAwaiter().GetResult(),
CoreUiTestConstants.B2CLocalb2clogin);
}
private void GetB2CClientIdFromLab()
{
if (_b2CClientId != null)
{
return;
}
LabResponse labResponse = LabUserHelper.GetB2CLocalAccount();
_b2CClientId = labResponse.AppId;
}
public void PerformB2CFacebookProviderSignInFlow(ITestController controller, LabUser user, UserInformationFieldIds userInformationFieldIds)
{
controller.Tap(CoreUiTestConstants.FacebookAccountID, XamarinSelector.ByHtmlIdAttribute);
controller.EnterText(CoreUiTestConstants.WebUPNB2CFacebookInputID, 20, user.Upn, XamarinSelector.ByHtmlIdAttribute);
controller.EnterText(userInformationFieldIds.PasswordInputId, LabUserHelper.GetUserPassword(user), XamarinSelector.ByHtmlIdAttribute);
controller.Tap(userInformationFieldIds.SignInButtonId, XamarinSelector.ByHtmlIdAttribute);
}
public void B2CFacebookMicrosoftLoginAcquireTokenTest()
{
TestCommon.ResetInternalStaticCaches();
_mobileTestHelper.PerformB2CSelectProviderOnlyFlow(
_xamarinController,
LabUserHelper.GetB2CFacebookAccountAsync().GetAwaiter().GetResult().User,
B2CIdentityProvider.Facebook,
false);
_mobileTestHelper.B2CSilentFlowHelper(_xamarinController);
}
private async Task GetB2CClientIdFromLabAsync()
{
if (_b2CClientId != null)
{
return;
}
LabResponse labResponse = await LabUserHelper.GetB2CLocalAccountAsync().ConfigureAwait(false);
_b2CClientId = labResponse.App.AppId;
}
public async Task Interactive_SSHCert_Async()
{
LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
IPublicClientApplication pca = PublicClientApplicationBuilder
.Create(labResponse.AppId)
.WithRedirectUri(SeleniumWebUI.FindFreeLocalhostRedirectUri())
.Build();
TokenCacheAccessRecorder userCacheAccess = pca.UserTokenCache.RecordAccess();
Trace.WriteLine("Part 1 - Acquire an SSH cert interactively ");
string jwk = CreateJwk();
AuthenticationResult result = await pca
.AcquireTokenInteractive(s_scopes)
.WithCustomWebUi(CreateSeleniumCustomWebUI(labResponse.User, Prompt.ForceLogin))
.WithSSHCertificateAuthenticationScheme(jwk, "key1")
.WithExtraQueryParameters(GetTestSliceParams()) // TODO: remove this once feature is in PROD
.ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token)
.ConfigureAwait(false);
userCacheAccess.AssertAccessCounts(0, 1);
Assert.AreEqual("ssh-cert", result.TokenType);
IAccount account = await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false);
userCacheAccess.AssertAccessCounts(1, 1); // the assert calls GetAccounts
Trace.WriteLine("Part 2 - Acquire a token silent with the same keyID - should be served from the cache");
result = await pca
.AcquireTokenSilent(s_scopes, account)
.WithSSHCertificateAuthenticationScheme(jwk, "key1")
.WithExtraQueryParameters(GetTestSliceParams()) // TODO: remove this once feature is in PROD
.ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token)
.ConfigureAwait(false);
userCacheAccess.AssertAccessCounts(2, 1);
account = await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false);
userCacheAccess.AssertAccessCounts(3, 1);
Trace.WriteLine("Part 3 - Acquire a token silent with a different keyID - should not sbe served from the cache");
result = await pca
.AcquireTokenSilent(s_scopes, account)
.WithSSHCertificateAuthenticationScheme(jwk, "key2")
.WithExtraQueryParameters(GetTestSliceParams()) // TODO: remove this once feature is in PROD
.ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token)
.ConfigureAwait(false);
Assert.AreEqual("ssh-cert", result.TokenType);
userCacheAccess.AssertAccessCounts(4, 2);
await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false);
}
public async Task AcquireTokenWithManagedUsernameIncorrectPasswordAsync()
{
var labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
var msalPublicClient = PublicClientApplicationBuilder
.Create(labResponse.App.AppId)
.WithTestLogging()
.WithAuthority(Authority)
.Build();
await RunAcquireTokenWithUsernameIncorrectPasswordAsync(msalPublicClient, labResponse.User.Upn).ConfigureAwait(false);
}
public void B2CLocalEditPolicyAcquireTokenTest()
{
TestCommon.ResetInternalStaticCaches();
_mobileTestHelper.B2CLocalAccountAcquireTokenInteractiveTestHelper(
_xamarinController,
LabUserHelper.GetB2CLocalAccountAsync().GetAwaiter().GetResult(),
CoreUiTestConstants.B2CLocalEditProfile);
_mobileTestHelper.PerformB2CSignInEditProfileFlow(
_xamarinController);
}
public async Task MultiUserCacheCompatabilityTestAsync()
{
// Arrange
//Acquire AT for default lab account
LabResponse labResponseDefault = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
AuthenticationResult defaultAccountResult = await RunTestForUserAsync(labResponseDefault).ConfigureAwait(false);
//Acquire AT for ADFS 2019 account
LabResponse labResponseFederated = await LabUserHelper.GetAdfsUserAsync(FederationProvider.ADFSv2019, true).ConfigureAwait(false);
var federatedAccountResult = await RunTestForUserAsync(labResponseFederated, false).ConfigureAwait(false);
//Acquire AT for MSA account
LabResponse labResponseMsa = await LabUserHelper.GetMsaUserAsync().ConfigureAwait(false);
labResponseMsa.App.AppId = LabApiConstants.MSAOutlookAccountClientID;
var msaAccountResult = await RunTestForUserAsync(labResponseMsa).ConfigureAwait(false);
PublicClientApplication pca = PublicClientApplicationBuilder.Create(labResponseDefault.App.AppId).BuildConcrete();
AuthenticationResult authResult = await pca.AcquireTokenSilent(new[] { CoreUiTestConstants.DefaultScope }, defaultAccountResult.Account)
.ExecuteAsync()
.ConfigureAwait(false);
Assert.IsNotNull(authResult);
Assert.IsNotNull(authResult.AccessToken);
Assert.IsNotNull(authResult.IdToken);
TestCommon.ValidateNoKerberosTicketFromAuthenticationResult(authResult);
pca = PublicClientApplicationBuilder.Create(labResponseFederated.App.AppId).BuildConcrete();
authResult = await pca.AcquireTokenSilent(new[] { CoreUiTestConstants.DefaultScope }, federatedAccountResult.Account)
.ExecuteAsync()
.ConfigureAwait(false);
Assert.IsNotNull(authResult);
Assert.IsNotNull(authResult.AccessToken);
Assert.IsNull(authResult.IdToken);
TestCommon.ValidateNoKerberosTicketFromAuthenticationResult(authResult);
pca = PublicClientApplicationBuilder.Create(LabApiConstants.MSAOutlookAccountClientID).BuildConcrete();
authResult = await pca.AcquireTokenSilent(new[] { CoreUiTestConstants.DefaultScope }, msaAccountResult.Account)
.ExecuteAsync()
.ConfigureAwait(false);
Assert.IsNotNull(authResult);
Assert.IsNotNull(authResult.AccessToken);
Assert.IsNull(authResult.IdToken);
TestCommon.ValidateNoKerberosTicketFromAuthenticationResult(authResult);
}
public async Task Interactive_Arlington_MultiCloudSupport_AADAsync()
{
// Arrange
LabResponse labResponse = await LabUserHelper.GetArlingtonUserAsync().ConfigureAwait(false);
IPublicClientApplication pca = PublicClientApplicationBuilder
.Create(labResponse.App.AppId)
.WithRedirectUri(SeleniumWebUI.FindFreeLocalhostRedirectUri())
.WithAuthority("https://login.microsoftonline.com/common")
.WithMultiCloudSupport(true)
.WithTestLogging()
.Build();
Trace.WriteLine("Part 1 - Acquire a token interactively");
AuthenticationResult result = await pca
.AcquireTokenInteractive(s_scopes)
.WithCustomWebUi(CreateSeleniumCustomWebUI(labResponse.User, Prompt.SelectAccount, false))
.ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token)
.ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.IsNotNull(result.Account);
Assert.IsNotNull(result.Account.GetTenantProfiles());
Assert.IsTrue(result.Account.GetTenantProfiles().Any());
Assert.AreEqual(labResponse.User.Upn, result.Account.Username);
Assert.IsTrue(labResponse.Lab.Authority.Contains(result.Account.Environment));
Trace.WriteLine("Part 2 - Get Accounts");
var accounts = await pca.GetAccountsAsync().ConfigureAwait(false);
Assert.IsNotNull(accounts);
Assert.IsNotNull(accounts.Single());
var account = accounts.Single();
Assert.IsNotNull(account.GetTenantProfiles());
Assert.IsTrue(account.GetTenantProfiles().Any());
Assert.AreEqual(labResponse.User.Upn, account.Username);
Assert.AreEqual("login.microsoftonline.us", account.Environment);
Trace.WriteLine("Part 3 - Acquire a token silently");
result = await pca
.AcquireTokenSilent(s_scopes, result.Account)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.IsNotNull(result.Account);
Assert.IsNotNull(result.Account.GetTenantProfiles());
Assert.IsTrue(result.Account.GetTenantProfiles().Any());
Assert.IsTrue(labResponse.Lab.Authority.Contains(result.Account.Environment));
}
public async Task SilentAuth_TokenCacheRemainsPersistent_Async()
{
var labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
var user = labResponse.User;
string cacheFilePath = null;
try
{
cacheFilePath = Path.GetTempFileName();
var pca1 = PublicClientApplicationBuilder
.Create(labResponse.App.AppId)
.WithTestLogging()
.WithAuthority("https://login.microsoftonline.com/organizations")
.Build();
SetCacheSerializationToFile(pca1, cacheFilePath);
AuthenticationResult authResult = await pca1
.AcquireTokenByUsernamePassword(s_scopes, user.Upn, new NetworkCredential("", user.GetOrFetchPassword()).SecurePassword)
.ExecuteAsync()
.ConfigureAwait(false);
MsalAssert.AssertAuthResult(authResult, user);
Assert.AreEqual(
"https://login.microsoftonline.com/organizations/oauth2/v2.0/token",
authResult.AuthenticationResultMetadata.TokenEndpoint);
// simulate a restart by creating a new client
var pca2 = PublicClientApplicationBuilder
.Create(labResponse.App.AppId)
.WithTestLogging()
.Build();
SetCacheSerializationToFile(pca2, cacheFilePath);
authResult = await pca2.AcquireTokenSilent(s_scopes, user.Upn)
.WithTenantId("organizations")
.ExecuteAsync()
.ConfigureAwait(false);
MsalAssert.AssertAuthResult(authResult, user);
}
finally
{
if (cacheFilePath != null && File.Exists(cacheFilePath))
{
File.Delete(cacheFilePath);
}
}
}
public async Task AcquireTokenByObo_NormalOboThenLongRunningInitiate_WithTheSameKey_TestAsync()
{
var user1 = (await LabUserHelper.GetSpecificUserAsync("*****@*****.**").ConfigureAwait(false)).User;
var pca = PublicClientApplicationBuilder
.Create(PublicClientID)
.WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
.Build();
var userAuthResult = await pca
.AcquireTokenByUsernamePassword(s_oboServiceScope, user1.Upn, new NetworkCredential("", user1.GetOrFetchPassword()).SecurePassword)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
var cca = BuildCCA(userAuthResult.TenantId);
UserAssertion userAssertion = new UserAssertion(userAuthResult.AccessToken);
string oboCacheKey = userAssertion.AssertionHash;
// AcquireNormal - AT from IdP via OBO flow(only new AT cached, no RT in cache)
var result = await cca.AcquireTokenOnBehalfOf(s_scopes, userAssertion).ExecuteAsync().ConfigureAwait(false);
Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(1, cca.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count);
Assert.AreEqual(0, cca.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count);
// InitiateLR - AT from cache
result = await cca.InitiateLongRunningProcessInWebApi(s_scopes, userAuthResult.AccessToken, ref oboCacheKey)
.ExecuteAsync().ConfigureAwait(false);
Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
// Expire AT
TokenCacheHelper.ExpireAllAccessTokens(cca.UserTokenCacheInternal);
// InitiateLR - AT via OBO flow (new AT, RT cached)
result = await cca.InitiateLongRunningProcessInWebApi(s_scopes, userAuthResult.AccessToken, ref oboCacheKey)
.ExecuteAsync().ConfigureAwait(false);
Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(1, cca.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count);
Assert.AreEqual(1, cca.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count);
// Expire AT
TokenCacheHelper.ExpireAllAccessTokens(cca.UserTokenCacheInternal);
// AcquireLR - AT from IdP via RT flow(new AT, RT cached)
result = await cca.AcquireTokenInLongRunningProcess(s_scopes, oboCacheKey).ExecuteAsync().ConfigureAwait(false);
Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(1, cca.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count);
Assert.AreEqual(1, cca.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count);
}
public async Task OBO_WithCache_MultipleUsers_Async()
{
var aadUser1 = (await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false)).User;
var aadUser2 = (await LabUserHelper.GetAdfsUserAsync(FederationProvider.AdfsV2, true).ConfigureAwait(false)).User;
var adfsUser = (await LabUserHelper.GetAdfsUserAsync(FederationProvider.ADFSv2019).ConfigureAwait(false)).User;
await RunOnBehalfOfTestAsync(adfsUser, false).ConfigureAwait(false);
await RunOnBehalfOfTestAsync(aadUser1, false).ConfigureAwait(false);
await RunOnBehalfOfTestAsync(aadUser1, true).ConfigureAwait(false);
await RunOnBehalfOfTestAsync(aadUser2, false).ConfigureAwait(false);
await RunOnBehalfOfTestAsync(adfsUser, true).ConfigureAwait(false);
await RunOnBehalfOfTestAsync(aadUser2, true).ConfigureAwait(false);
}
public void AcquireTokenWithFederatedUsernameIncorrectPassword()
{
var user = LabUserHelper.GetDefaultUser().User;
SecureString incorrectSecurePassword = new SecureString();
incorrectSecurePassword.AppendChar('x');
incorrectSecurePassword.MakeReadOnly();
PublicClientApplication msalPublicClient = new PublicClientApplication(ClientId, Authority);
var result = Assert.ThrowsExceptionAsync <MsalException>(async() =>
await msalPublicClient.AcquireTokenByUsernamePasswordAsync(Scopes, user.Upn, incorrectSecurePassword).ConfigureAwait(false));
}
public async Task ROPC_MSA_Async()
{
var labResponse = await LabUserHelper.GetMsaUserAsync().ConfigureAwait(false);
SecureString securePassword = new NetworkCredential("", labResponse.User.GetOrFetchPassword()).SecurePassword;
var msalPublicClient = PublicClientApplicationBuilder.Create(labResponse.App.AppId).WithAuthority(Authority).Build();
var result = await AssertException.TaskThrowsAsync <MsalServiceException>(() =>
msalPublicClient
.AcquireTokenByUsernamePassword(s_scopes, labResponse.User.Upn, securePassword)
.ExecuteAsync(CancellationToken.None))
.ConfigureAwait(false);
}
public void PerformSignInFlow(ITestController controller, LabUser user)
{
UserInformationFieldIds userInformationFieldIds = DetermineUserInformationFieldIds(user);
//Acquire token flow
controller.Tap(CoreUiTestConstants.AcquireTokenID);
//i0116 = UPN text field on AAD sign in endpoint
controller.EnterText(CoreUiTestConstants.WebUPNInputID, 20, user.Upn, XamarinSelector.ByHtmlIdAttribute);
//idSIButton9 = Sign in button
controller.Tap(CoreUiTestConstants.WebSubmitID, XamarinSelector.ByHtmlIdAttribute);
//i0118 = password text field
controller.EnterText(userInformationFieldIds.PasswordInputId, LabUserHelper.GetUserPassword(user), XamarinSelector.ByHtmlIdAttribute);
controller.Tap(userInformationFieldIds.SignInButtonId, XamarinSelector.ByHtmlIdAttribute);
}
public async Task AcquireTokenFromAdfsUsernamePasswordAsync()
{
LabResponse labResponse = await LabUserHelper.GetAdfsUserAsync(FederationProvider.ADFSv2019, true).ConfigureAwait(false);
var user = labResponse.User;
SecureString securePassword = new NetworkCredential("", user.GetOrFetchPassword()).SecurePassword;
var msalPublicClient = PublicClientApplicationBuilder.Create(Adfs2019LabConstants.PublicClientId).WithAdfsAuthority(Adfs2019LabConstants.Authority).Build();
AuthenticationResult authResult = await msalPublicClient.AcquireTokenByUsernamePassword(s_scopes, user.Upn, securePassword).ExecuteAsync().ConfigureAwait(false);
Assert.IsNotNull(authResult);
Assert.IsNotNull(authResult.AccessToken);
Assert.IsNotNull(authResult.IdToken);
}
public async Task Interactive_AdfsV3_FederatedAsync()
{
// Arrange
UserQuery query = new UserQuery
{
FederationProvider = FederationProvider.AdfsV4,
IsMamUser = false,
IsMfaUser = false,
IsFederatedUser = true
};
LabResponse labResponse = await LabUserHelper.GetLabUserDataAsync(query).ConfigureAwait(false);
await RunTestForUserAsync(labResponse).ConfigureAwait(false);
}
public async Task OboAndClient_WithRegional_TestAsync()
{
// Setup: Get lab user, create PCA and get user tokens
var user = (await LabUserHelper.GetSpecificUserAsync("*****@*****.**").ConfigureAwait(false)).User;
var pca = PublicClientApplicationBuilder
.Create(PublicClientID)
.WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
.Build();
var userResult = await pca
.AcquireTokenByUsernamePassword(s_oboServiceScope, user.Upn, new NetworkCredential("", user.GetOrFetchPassword()).SecurePassword)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
// Act and Assert different scenarios
var cca = BuildCCA(userResult.TenantId, true);
// OBO uses global - IdP
var oboResult = await cca.AcquireTokenOnBehalfOf(s_scopes, new UserAssertion(userResult.AccessToken))
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(TokenSource.IdentityProvider, oboResult.AuthenticationResultMetadata.TokenSource);
Assert.IsFalse(oboResult.AuthenticationResultMetadata.TokenEndpoint.Contains(TestConstants.Region));
// Client uses regional - IdP
var clientResult = await cca.AcquireTokenForClient(new string[] { "https://graph.microsoft.com/.default" })
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(TokenSource.IdentityProvider, clientResult.AuthenticationResultMetadata.TokenSource);
Assert.IsTrue(clientResult.AuthenticationResultMetadata.TokenEndpoint.Contains(TestConstants.Region));
// OBO from cache
oboResult = await cca.AcquireTokenOnBehalfOf(s_scopes, new UserAssertion(userResult.AccessToken))
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(TokenSource.Cache, oboResult.AuthenticationResultMetadata.TokenSource);
// Client from cache
clientResult = await cca.AcquireTokenForClient(new string[] { "https://graph.microsoft.com/.default" })
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.AreEqual(TokenSource.Cache, clientResult.AuthenticationResultMetadata.TokenSource);
}
public async Task SilentAuth_ForceRefresh_Async()
{
var labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
var user = labResponse.User;
var pca = PublicClientApplicationBuilder
.Create(labResponse.App.AppId)
.WithAuthority("https://login.microsoftonline.com/organizations")
.Build();
Trace.WriteLine("Part 1 - Acquire a token with U/P");
AuthenticationResult authResult = await pca
.AcquireTokenByUsernamePassword(s_scopes, user.Upn, new NetworkCredential("", user.GetOrFetchPassword()).SecurePassword)
.ExecuteAsync(new CancellationTokenSource().Token)
.ConfigureAwait(false);
MsalAssert.AssertAuthResult(authResult, user);
var at1 = authResult.AccessToken;
// If test fails with "user needs to consent to the application, do an interactive request" error - see UsernamePassword tests
Trace.WriteLine("Part 2 - Acquire a token silently, with forceRefresh = true");
IAccount account = await MsalAssert.AssertSingleAccountAsync(labResponse, pca, authResult).ConfigureAwait(false);
authResult = await pca.AcquireTokenSilent(s_scopes, account)
.WithForceRefresh(true)
.ExecuteAsync()
.ConfigureAwait(false);
MsalAssert.AssertAuthResult(authResult, user);
var at2 = authResult.AccessToken;
Trace.WriteLine("Part 3 - Acquire a token silently with a login hint, with forceRefresh = true");
authResult = await pca.AcquireTokenSilent(s_scopes, user.Upn)
.WithForceRefresh(true)
.ExecuteAsync()
.ConfigureAwait(false);
MsalAssert.AssertAuthResult(authResult, user);
var at3 = authResult.AccessToken;
Assert.IsFalse(at1.Equals(at2, System.StringComparison.InvariantCultureIgnoreCase));
Assert.IsFalse(at1.Equals(at3, System.StringComparison.InvariantCultureIgnoreCase));
Assert.IsFalse(at2.Equals(at3, System.StringComparison.InvariantCultureIgnoreCase));
}
public async Task GetTokenByAuthCode_HybridSPA_Async()
{
// Arrange
LabResponse labResponse = await LabUserHelper.GetHybridSpaAccontAsync().ConfigureAwait(false);
var result = await RunTestForUserAsync(labResponse.App.AppId, labResponse,
"https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca", false,
"http://localhost:3000/auth/implicit-redirect").ConfigureAwait(false);
Assert.IsNotNull(result.SpaAuthCode);
result = await RunTestForUserAsync(labResponse.App.AppId, labResponse,
"https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca", false,
"http://localhost:3000/auth/implicit-redirect", false).ConfigureAwait(false);
Assert.IsNull(result.SpaAuthCode);
}
public void TestInitialize()
{
if (user == null)
{
user = LabUserHelper.GetDefaultUser().User;
string stringPassword = LabUserHelper.GetUserPassword(user);
securePassword = new NetworkCredential("", stringPassword).SecurePassword;
authority = string.Format(
CultureInfo.InvariantCulture,
AuthorityTemplate,
user.CurrentTenantId);
}
InitAdal();
InitMsal();
}
public async Task SilentAuth_ForceRefresh_Async()
{
var labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
pca = PublicClientApplicationBuilder
.Create(labResponse.App.AppId)
.WithAuthority("https://login.microsoftonline.com/organizations")
.Build();
Trace.WriteLine("Part 1 - Acquire a token with U/P");
AuthenticationResult authResult = await pca
.AcquireTokenByUsernamePassword(s_scopes, labResponse.User.Upn, new NetworkCredential("", labResponse.User.GetOrFetchPassword()).SecurePassword)
.ExecuteAsync(new CancellationTokenSource().Token)
.ConfigureAwait(false);
await ValidateAuthResultAsync(authResult, labResponse).ConfigureAwait(false);
}
[Timeout(1 * 60 * 1000)] // 1 min timeout
public async Task DeviceCodeFlowTestAsync()
{
LabResponse labResponse = LabUserHelper.GetDefaultUser();
Trace.WriteLine("Calling AcquireTokenWithDeviceCodeAsync");
PublicClientApplication pca = new PublicClientApplication(labResponse.AppId);
var result = await pca.AcquireTokenWithDeviceCodeAsync(Scopes, deviceCodeResult =>
{
RunAutomatedDeviceCodeFlow(deviceCodeResult, labResponse.User);
return(Task.FromResult(0));
}).ConfigureAwait(false);
Trace.WriteLine("Running asserts");
Assert.IsNotNull(result);
Assert.IsTrue(!string.IsNullOrEmpty(result.AccessToken));
}
[Timeout(1 * 60 * 1000)] // 1 min timeout
public async Task DeviceCodeFlowTestAsync()
{
LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
Trace.WriteLine("Calling AcquireTokenWithDeviceCodeAsync");
var pca = PublicClientApplicationBuilder.Create(labResponse.AppId).Build();
var result = await pca.AcquireTokenWithDeviceCode(s_scopes, deviceCodeResult =>
{
RunAutomatedDeviceCodeFlow(deviceCodeResult, labResponse.User);
return(Task.FromResult(0));
}).ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
Trace.WriteLine("Running asserts");
Assert.IsNotNull(result);
Assert.IsTrue(!string.IsNullOrEmpty(result.AccessToken));
}
public async Task AcquireTokenByObo_LongRunningAndNormalObo_WithDifferentKeys_TestAsync()
{
var user1 = (await LabUserHelper.GetSpecificUserAsync("*****@*****.**").ConfigureAwait(false)).User;
var pca = PublicClientApplicationBuilder
.Create(PublicClientID)
.WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
.Build();
var userAuthResult = await pca
.AcquireTokenByUsernamePassword(s_oboServiceScope, user1.Upn, new NetworkCredential("", user1.GetOrFetchPassword()).SecurePassword)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
var cca = BuildCCA(userAuthResult.TenantId);
string oboCacheKey = "obo-cache-key";
UserAssertion userAssertion = new UserAssertion(userAuthResult.AccessToken);
var result = await cca.InitiateLongRunningProcessInWebApi(s_scopes, userAuthResult.AccessToken, ref oboCacheKey)
.ExecuteAsync().ConfigureAwait(false);
// Cache has 1 partition (user-provided key) with 1 token
Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(1, cca.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count);
Assert.AreEqual(1, cca.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count);
result = await cca.AcquireTokenOnBehalfOf(s_scopes, userAssertion).ExecuteAsync().ConfigureAwait(false);
// Cache has 2 partitions (user-provided key, assertion) with 1 token each
Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
Assert.AreEqual(2, cca.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count);
Assert.AreEqual(1, cca.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count);
// Returns long-running token
result = await cca.AcquireTokenInLongRunningProcess(s_scopes, oboCacheKey).ExecuteAsync().ConfigureAwait(false);
Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
// Returns normal token
result = await cca.AcquireTokenOnBehalfOf(s_scopes, userAssertion).ExecuteAsync().ConfigureAwait(false);
Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource);
}
private static async Task<AuthenticationResult> AcquireTokenForLabUserAsync()
{
var labResponse = await LabUserHelper.GetSpecificUserAsync(TestConstants.OBOUser).ConfigureAwait(false);
var msalPublicClient = PublicClientApplicationBuilder
.Create(TestConstants.OBOClientSideClientId)
.WithAuthority(labResponse.Lab.Authority, TestConstants.Organizations)
.Build();
AuthenticationResult authResult = await msalPublicClient
.AcquireTokenByUsernamePassword(
TestConstants.OBOApiScope,
TestConstants.OBOUser,
new NetworkCredential(
TestConstants.OBOUser,
labResponse.User.GetOrFetchPassword()).SecurePassword)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
return authResult;
}
[Timeout(2 * 60 * 1000)] // 2 min timeout
public async Task DeviceCodeFlowTestAsync()
{
LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
Trace.WriteLine("Calling AcquireTokenWithDeviceCodeAsync");
var pca = PublicClientApplicationBuilder.Create(labResponse.AppId).Build();
var userCacheAccess = pca.UserTokenCache.RecordAccess();
var result = await pca.AcquireTokenWithDeviceCode(s_scopes, deviceCodeResult =>
{
SeleniumExtensions.PerformDeviceCodeLogin(deviceCodeResult, labResponse.User, TestContext, false);
return(Task.FromResult(0));
}).ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
Trace.WriteLine("Running asserts");
userCacheAccess.AssertAccessCounts(0, 1);
Assert.IsNotNull(result);
Assert.IsTrue(!string.IsNullOrEmpty(result.AccessToken));
}
