public void VerifyCorrectAuthorityUsedInTokenAcquisition_B2CAuthorityTests(
string authorityInstance,
bool withTfp = false)
{
_microsoftIdentityOptionsMonitor = new TestOptionsMonitor <MicrosoftIdentityOptions>(new MicrosoftIdentityOptions
{
SignUpSignInPolicyId = TestConstants.B2CSignUpSignInUserFlow,
Domain = TestConstants.B2CTenant,
});
if (withTfp)
{
_applicationOptionsMonitor = new TestOptionsMonitor <ConfidentialClientApplicationOptions>(new ConfidentialClientApplicationOptions
{
Instance = authorityInstance + "/tfp/",
ClientId = TestConstants.ConfidentialClientId,
ClientSecret = TestConstants.ClientSecret,
});
BuildTheRequiredServices();
}
else
{
_applicationOptionsMonitor = new TestOptionsMonitor <ConfidentialClientApplicationOptions>(new ConfidentialClientApplicationOptions
{
Instance = authorityInstance,
ClientId = TestConstants.ConfidentialClientId,
ClientSecret = TestConstants.ClientSecret,
});
BuildTheRequiredServices();
}
MergedOptions mergedOptions = _provider.GetRequiredService <IOptionsMonitor <MergedOptions> >().Get(OpenIdConnectDefaults.AuthenticationScheme);
MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityOptions(_microsoftIdentityOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions);
MergedOptions.UpdateMergedOptionsFromConfidentialClientApplicationOptions(_applicationOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions);
InitializeTokenAcquisitionObjects();
IConfidentialClientApplication app = _tokenAcquisition.GetOrBuildConfidentialClientApplication(mergedOptions);
string expectedAuthority = string.Format(
CultureInfo.InvariantCulture,
"{0}/tfp/{1}/{2}/",
authorityInstance,
TestConstants.B2CTenant,
TestConstants.B2CSignUpSignInUserFlow);
Assert.Equal(expectedAuthority, app.Authority);
}
public void ValidateRequiredMicrosoftIdentityOptions(
string clientId,
string instance,
string tenantid,
string signUpSignInPolicyId,
string domain,
string optionsName,
MissingParam missingParam = MissingParam.None)
{
if (optionsName == AzureAdB2C)
{
_microsoftIdentityOptionsMonitor = new TestOptionsMonitor <MicrosoftIdentityOptions>(new MicrosoftIdentityOptions
{
SignUpSignInPolicyId = signUpSignInPolicyId,
Domain = domain,
ClientId = clientId,
Instance = instance,
TenantId = tenantid,
});
}
else
{
_microsoftIdentityOptionsMonitor = new TestOptionsMonitor <MicrosoftIdentityOptions>(new MicrosoftIdentityOptions
{
ClientId = clientId,
Instance = instance,
TenantId = tenantid,
});
}
BuildTheRequiredServices();
MergedOptions mergedOptions = _provider.GetRequiredService <IOptionsMonitor <MergedOptions> >().Get(OpenIdConnectDefaults.AuthenticationScheme);
MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityOptions(_microsoftIdentityOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions);
if (missingParam != MissingParam.None)
{
var exception = Assert.Throws <ArgumentNullException>(() => MergedOptionsValidation.Validate(mergedOptions));
CheckReturnValueAgainstExpectedMissingParam(missingParam, exception);
}
else
{
MergedOptionsValidation.Validate(mergedOptions);
}
}
private void InitializeTokenAcquisitionObjects()
{
MergedOptions mergedOptions = _provider.GetRequiredService <IOptionsMonitor <MergedOptions> >().Get(OpenIdConnectDefaults.AuthenticationScheme);
MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityOptions(_microsoftIdentityOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions);
MergedOptions.UpdateMergedOptionsFromConfidentialClientApplicationOptions(_applicationOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions);
_msalTestTokenCacheProvider = new MsalTestTokenCacheProvider(
_provider.GetService <IMemoryCache>(),
_provider.GetService <IOptions <MsalMemoryTokenCacheOptions> >());
_tokenAcquisition = new TokenAcquisition(
_msalTestTokenCacheProvider,
MockHttpContextAccessor.CreateMockHttpContextAccessor(),
_provider.GetService <IOptionsMonitor <MergedOptions> >(),
_provider.GetService <IHttpClientFactory>(),
_provider.GetService <ILogger <TokenAcquisition> >(),
_provider);
_tokenAcquisition.GetOptions(OpenIdConnectDefaults.AuthenticationScheme, out string effectiveAuthenticationScheme);
Assert.Equal(OpenIdConnectDefaults.AuthenticationScheme, effectiveAuthenticationScheme);
}
/// <summary>
/// Allows a higher level abstraction of security token (i.e. System.IdentityModel.Tokens.Jwt and more modern, Microsoft.IdentityModel.JsonWebTokens)
/// to be used with Microsoft Identity Web.
/// Developers should continue to use `EnableTokenAcquisitionToCallDownstreamApi`.
/// This API is not considered part of the public API and may change.
/// </summary>
/// <param name="configureConfidentialClientApplicationOptions">The action to configure <see cref="ConfidentialClientApplicationOptions"/>.</param>
/// <param name="authenticationScheme">Authentication scheme.</param>
/// <param name="services">The services being configured.</param>
/// <param name="configuration">IConfigurationSection.</param>
/// <returns>The authentication builder to chain.</returns>
public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisition(
Action <ConfidentialClientApplicationOptions> configureConfidentialClientApplicationOptions,
string authenticationScheme,
IServiceCollection services,
IConfigurationSection?configuration)
{
services.AddOptions <ConfidentialClientApplicationOptions>(authenticationScheme)
.Configure <IOptionsMonitor <MergedOptions> >((
ccaOptions, mergedOptionsMonitor) =>
{
configureConfidentialClientApplicationOptions(ccaOptions);
MergedOptions mergedOptions = mergedOptionsMonitor.Get(authenticationScheme);
configuration?.Bind(mergedOptions);
MergedOptions.UpdateMergedOptionsFromConfidentialClientApplicationOptions(ccaOptions, mergedOptions);
});
services.AddTokenAcquisition();
return(new MicrosoftIdentityAppCallsWebApiAuthenticationBuilder(
services,
configuration));
}
public void VerifyCorrectRedirectUriAsync(
string redirectUri)
{
_microsoftIdentityOptionsMonitor = new TestOptionsMonitor <MicrosoftIdentityOptions>(new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
CallbackPath = string.Empty,
});
_applicationOptionsMonitor = new TestOptionsMonitor <ConfidentialClientApplicationOptions>(new ConfidentialClientApplicationOptions
{
Instance = TestConstants.AadInstance,
RedirectUri = redirectUri,
ClientSecret = TestConstants.ClientSecret,
});
BuildTheRequiredServices();
MergedOptions mergedOptions = _provider.GetRequiredService <IOptionsMonitor <MergedOptions> >().Get(OpenIdConnectDefaults.AuthenticationScheme);
MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityOptions(_microsoftIdentityOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions);
MergedOptions.UpdateMergedOptionsFromConfidentialClientApplicationOptions(_applicationOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions);
InitializeTokenAcquisitionObjects();
IConfidentialClientApplication app = _tokenAcquisition.GetOrBuildConfidentialClientApplication(mergedOptions);
if (!string.IsNullOrEmpty(redirectUri))
{
Assert.Equal(redirectUri, app.AppConfig.RedirectUri);
}
else
{
Assert.Equal("https://IdentityDotNetSDKAutomation/", app.AppConfig.RedirectUri);
}
}
