public void GetAccessTokenExpiryInRangeTest()
{
cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem atItem = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
ScopeSet = TestConstants.Scope,
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
TokenType = "Bearer",
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromMinutes(4))
};
atItem.AccessToken = atItem.GetAccessTokenItemKey().ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[atItem.GetAccessTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(atItem);
Assert.IsNull(cache.FindAccessToken(new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = TestConstants.Scope,
User =
new User()
{
DisplayableId = TestConstants.DisplayableId,
Identifier = TestConstants.UserIdentifier
}
}));
}
public InteractiveRequest(AuthenticationRequestParameters authenticationRequestParameters,
IEnumerable <string> extraScopesToConsent, string loginHint,
UIBehavior UIBehavior, IWebUI webUI)
: base(authenticationRequestParameters)
{
PlatformPlugin.PlatformInformation.ValidateRedirectUri(authenticationRequestParameters.RedirectUri,
authenticationRequestParameters.RequestContext);
if (!string.IsNullOrWhiteSpace(authenticationRequestParameters.RedirectUri.Fragment))
{
throw new ArgumentException(MsalErrorMessage.RedirectUriContainsFragment, nameof(authenticationRequestParameters.RedirectUri));
}
_extraScopesToConsent = new SortedSet <string>();
if (!MsalHelpers.IsNullOrEmpty(extraScopesToConsent))
{
_extraScopesToConsent = extraScopesToConsent.CreateSetFromEnumerable();
}
ValidateScopeInput(_extraScopesToConsent);
authenticationRequestParameters.LoginHint = loginHint;
if (!string.IsNullOrWhiteSpace(authenticationRequestParameters.ExtraQueryParameters) &&
authenticationRequestParameters.ExtraQueryParameters[0] == '&')
{
authenticationRequestParameters.ExtraQueryParameters =
authenticationRequestParameters.ExtraQueryParameters.Substring(1);
}
_webUi = webUI;
_UIBehavior = UIBehavior;
LoadFromCache = false; //no cache lookup and refresh for interactive.
AuthenticationRequestParameters.RequestContext.Logger.Info("Additional scopes - " + _extraScopesToConsent.AsSingleString() + ";" + "UIBehavior - " + _UIBehavior.PromptValue);
}
public void LogState()
{
StringBuilder builder = new StringBuilder(Environment.NewLine + "=== Request Data ===" +
Environment.NewLine +
"Authority Provided? - " + (Authority != null) +
Environment.NewLine);
builder.AppendLine("Client Id - " + ClientId);
builder.AppendLine("Scopes - " + Scope?.AsSingleString());
builder.AppendLine("Redirect Uri - " + RedirectUri?.OriginalString);
builder.AppendLine("Validate Authority? - " + ValidateAuthority);
builder.AppendLine("LoginHint provided? - " + !string.IsNullOrEmpty(LoginHint));
builder.AppendLine("User provided? - " + (User != null));
var dict = MsalHelpers.ParseKeyValueList(ExtraQueryParameters, '&', true, RequestContext);
builder.AppendLine("Extra Query Params Keys (space separated) - " + dict.Keys.AsSingleString());
dict = MsalHelpers.ParseKeyValueList(ExtraQueryParameters, '&', true, RequestContext);
builder.AppendLine("Slice Parameters Keys(space separated) - " + dict.Keys.AsSingleString());
#if DESKTOP || NETSTANDARD1_3
builder.AppendLine("Confidential Client? - " + (ClientCredential != null));
builder.AppendLine("Client Credential Request? - " + IsClientCredentialRequest);
if (IsClientCredentialRequest)
{
builder.AppendLine("Client Certificate Provided? - " + (ClientCredential.Certificate != null));
}
#endif
RequestContext.Logger.Info(builder.ToString());
}
public async Task <AuthorizationResult> AcquireAuthorizationAsync(Uri authorizationUri, Uri redirectUri, RequestContext requestContext)
{
if (ExceptionToThrow != null)
{
throw ExceptionToThrow;
}
IDictionary <string, string> inputQp = MsalHelpers.ParseKeyValueList(authorizationUri.Query.Substring(1), '&', true, null);
Assert.IsNotNull(inputQp[OAuth2Parameter.State]);
if (AddStateInAuthorizationResult)
{
MockResult.State = inputQp[OAuth2Parameter.State];
}
//match QP passed in for validation.
if (QueryParamsToValidate != null)
{
Assert.IsNotNull(authorizationUri.Query);
foreach (var key in QueryParamsToValidate.Keys)
{
Assert.IsTrue(inputQp.ContainsKey(key));
Assert.AreEqual(QueryParamsToValidate[key], inputQp[key]);
}
}
return(await Task.Factory.StartNew(() => MockResult).ConfigureAwait(false));
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (ExceptionToThrow != null)
{
throw ExceptionToThrow;
}
Assert.AreEqual(Method, request.Method);
Uri uri = request.RequestUri;
if (!string.IsNullOrEmpty(Url))
{
Assert.AreEqual(Url, uri.AbsoluteUri.Split(new[] { '?' })[0]);
}
//match QP passed in for validation.
if (QueryParams != null)
{
Assert.IsFalse(string.IsNullOrEmpty(uri.Query),
string.Format(CultureInfo.InvariantCulture,
"provided url ({0}) does not contain query parameters, as expected", uri.AbsolutePath));
IDictionary <string, string> inputQp = MsalHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', false, null);
foreach (var key in QueryParams.Keys)
{
Assert.IsTrue(inputQp.ContainsKey(key),
string.Format(CultureInfo.InvariantCulture,
"expected QP ({0}) not found in the url ({1})", key, uri.AbsolutePath));
Assert.AreEqual(QueryParams[key], inputQp[key]);
}
}
//match QP passed in for validation.
if (QueryParams != null)
{
Assert.IsFalse(string.IsNullOrEmpty(uri.Query));
IDictionary <string, string> inputQp = MsalHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', false, null);
foreach (var key in QueryParams.Keys)
{
Assert.IsTrue(inputQp.ContainsKey(key));
Assert.AreEqual(QueryParams[key], inputQp[key]);
}
}
if (PostData != null)
{
string postData = request.Content.ReadAsStringAsync().Result;
Dictionary <string, string> requestPostDataPairs = MsalHelpers.ParseKeyValueList(postData, '&', true, null);
foreach (var key in PostData.Keys)
{
Assert.IsTrue(requestPostDataPairs.ContainsKey(key));
Assert.AreEqual(PostData[key], requestPostDataPairs[key]);
}
}
return(new TaskFactory().StartNew(() => ResponseMessage, cancellationToken));
}
private void WebBrowserNavigatedHandler(object sender, WebBrowserNavigatedEventArgs e)
{
if (!this.CheckForClosingUrl(e.Url))
{
PlatformPlugin.Logger.Verbose(null,
string.Format(CultureInfo.InvariantCulture, "Navigated to '{0}'.",
MsalHelpers.UrlDecode(e.Url.ToString())));
}
}
public string GenerateCodeVerifier()
{
byte[] buffer = new byte[Constants.CodeVerifierByteSize];
var windowsBuffer = CryptographicBuffer.GenerateRandom((uint)buffer.Length);
Array.Copy(windowsBuffer.ToArray(), buffer, buffer.Length);
return(MsalHelpers.EncodeToBase64Url(buffer));
}
public string GenerateCodeVerifier()
{
byte[] buffer = new byte[Internal.Constants.CodeVerifierByteSize];
using (RNGCryptoServiceProvider randomSource = new RNGCryptoServiceProvider())
{
randomSource.GetBytes(buffer);
}
return(MsalHelpers.EncodeToBase64Url(buffer));
}
public ICollection <string> GetAllAccessTokensAsString()
{
ICollection <string> list = new List <string>();
foreach (ApplicationDataCompositeValue item in _accessTokenContainer.Values.Values)
{
list.Add(MsalHelpers.CreateString(GetCacheValue(item)));
}
return(list);
}
/// <summary>
/// Returns the hash code for this TokenCacheKey.
/// </summary>
/// <returns>
/// A 32-bit signed integer hash code.
/// </returns>
public override int GetHashCode()
{
const string Delimiter = ":::";
return((this.Authority + Delimiter
+ MsalHelpers.AsSingleString(this.Scope) + Delimiter
+ this.ClientId.ToLower() + Delimiter
+ this.UniqueId + Delimiter
+ this.HomeObjectId + Delimiter
+ ((this.DisplayableId != null) ? this.DisplayableId.ToLower() : null) + Delimiter
+ ((this.Policy != null) ? this.Policy.ToLower() : null)).GetHashCode());
}
private void WebBrowserNavigatedHandler(object sender, WebBrowserNavigatedEventArgs e)
{
// Guard condition
if (CheckForClosingUrl(e.Url))
{
return;
}
string urlDecode = MsalHelpers.UrlDecode(e.Url.ToString());
string message = string.Format(CultureInfo.InvariantCulture, "Navigated to '{0}'.", urlDecode);
RequestContext.Logger.VerbosePii(message);
}
/// <summary>
/// </summary>
/// <returns></returns>
public override string ToString()
{
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.Append(MsalHelpers.Base64Encode(Authority) + "$");
stringBuilder.Append(MsalHelpers.Base64Encode(ClientId) + "$");
// scope is treeSet to guarantee the order of the scopes when converting to string.
stringBuilder.Append(MsalHelpers.Base64Encode(Scope.AsSingleString()) + "$");
stringBuilder.Append(MsalHelpers.Base64Encode(DisplayableId) + "$");
stringBuilder.Append(MsalHelpers.Base64Encode(UniqueId) + "$");
stringBuilder.Append(MsalHelpers.Base64Encode(HomeObjectId) + "$");
stringBuilder.Append(MsalHelpers.Base64Encode(Policy));
return(stringBuilder.ToString());
}
public TokenCacheItem(string authority, string clientId, string policy, TokenResponse response)
: base(authority, clientId, policy, response)
{
if (response.AccessToken != null)
{
Token = response.AccessToken;
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(response.AccessTokenExpiresOn);
}
else if (response.IdToken != null)
{
Token = response.IdToken;
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(response.IdTokenExpiresOn);
}
Scope = response.Scope.AsSet();
}
public AccessTokenCacheItem(string authority, string clientId, TokenResponse response)
: base(clientId)
{
TokenType = response.TokenType;
Scope = response.Scope;
Authority = authority;
if (response.AccessToken != null)
{
AccessToken = response.AccessToken;
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(response.AccessTokenExpiresOn);
}
RawClientInfo = response.ClientInfo;
RawIdToken = response.IdToken;
CreateDerivedProperties();
}
private Uri CreateAuthorizationUri(bool addVerifier = false, bool addState = false)
{
IDictionary <string, string> requestParameters = this.CreateAuthorizationRequestParameters();
if (addVerifier)
{
_codeVerifier = PlatformPlugin.CryptographyHelper.GenerateCodeVerifier();
string codeVerifierHash = PlatformPlugin.CryptographyHelper.CreateSha256Hash(_codeVerifier);
requestParameters[OAuth2Parameter.CodeChallenge] = MsalHelpers.EncodeToBase64Url(codeVerifierHash);
requestParameters[OAuth2Parameter.CodeChallengeMethod] = OAuth2Value.CodeChallengeMethodValue;
}
if (addState)
{
_state = Guid.NewGuid().ToString();
requestParameters[OAuth2Parameter.State] = _state;
}
if (!string.IsNullOrWhiteSpace(AuthenticationRequestParameters.ExtraQueryParameters))
{
// Checks for _extraQueryParameters duplicating standard parameters
Dictionary <string, string> kvps =
MsalHelpers.ParseKeyValueList(AuthenticationRequestParameters.ExtraQueryParameters, '&', false,
this.CallState);
foreach (KeyValuePair <string, string> kvp in kvps)
{
if (requestParameters.ContainsKey(kvp.Key))
{
throw new MsalException(MsalError.DuplicateQueryParameter,
string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.DuplicateQueryParameterTemplate,
kvp.Key));
}
}
}
string qp = requestParameters.ToQueryParameter();
if (!string.IsNullOrEmpty(AuthenticationRequestParameters.ExtraQueryParameters))
{
qp += "&" + AuthenticationRequestParameters.ExtraQueryParameters;
}
return(new Uri(new Uri(this.Authority.AuthorizationEndpoint), "?" + qp));
}
public void GetAuthorizationRequestUrlCustomRedirectUriTest()
{
ConfidentialClientApplication app =
new ConfidentialClientApplication(TestConstants.ClientId, TestConstants.AuthorityGuestTenant,
TestConstants.RedirectUri, new ClientCredential(TestConstants.ClientSecret),
new TokenCache(), new TokenCache())
{
ValidateAuthority = false
};
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(app.Authority)
});
const string CustomRedirectUri = "custom://redirect-uri";
Task <Uri> task = app.GetAuthorizationRequestUrlAsync(TestConstants.Scope.AsArray(),
CustomRedirectUri, TestConstants.DisplayableId, "extra=qp",
TestConstants.ScopeForAnotherResource.AsArray(), TestConstants.AuthorityGuestTenant);
Uri uri = task.Result;
Assert.IsNotNull(uri);
Assert.IsTrue(uri.AbsoluteUri.StartsWith(TestConstants.AuthorityGuestTenant, StringComparison.CurrentCulture));
Dictionary <string, string> qp = MsalHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null);
Assert.IsNotNull(qp);
Assert.AreEqual(12, qp.Count);
Assert.IsTrue(qp.ContainsKey("client-request-id"));
Assert.IsFalse(qp.ContainsKey("client_secret"));
Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2 r2/scope1 r2/scope2", qp["scope"]);
Assert.AreEqual(TestConstants.ClientId, qp["client_id"]);
Assert.AreEqual("code", qp["response_type"]);
Assert.AreEqual(CustomRedirectUri, qp["redirect_uri"]);
Assert.AreEqual(TestConstants.DisplayableId, qp["login_hint"]);
Assert.AreEqual("MSAL.Desktop", qp["x-client-sku"]);
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-ver"]));
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-cpu"]));
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-os"]));
Assert.AreEqual("qp", qp["extra"]);
Assert.AreEqual("select_account", qp["prompt"]);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public void GetIntersectedScopesMatchedAccessTokenTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem atItem = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ScopeSet = TestConstants.Scope,
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromHours(1)),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId)
};
// create key out of access token cache item and then
// set it as the value of the access token.
AccessTokenCacheKey atKey = atItem.GetAccessTokenItemKey();
atItem.AccessToken = atKey.ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[atKey.ToString()] = JsonHelper.SerializeToJson(atItem);
var param = new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = new SortedSet <string>(),
User =
new User()
{
DisplayableId = TestConstants.DisplayableId,
Identifier = TestConstants.UserIdentifier
}
};
param.Scope.Add(TestConstants.Scope.First());
param.Scope.Add("non-existant-scopes");
AccessTokenCacheItem item = cache.FindAccessToken(param);
//intersected scopes are not returned.
Assert.IsNull(item);
}
public void GetSubsetScopesMatchedAccessTokenTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem atItem = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ScopeSet = TestConstants.Scope,
Scope = TestConstants.Scope.AsSingleString(),
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromHours(1)),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
RawClientInfo = MockHelpers.CreateClientInfo(),
};
atItem.IdToken = IdToken.Parse(atItem.RawIdToken);
atItem.ClientInfo = ClientInfo.CreateFromJson(atItem.RawClientInfo);
// create key out of access token cache item and then
// set it as the value of the access token.
AccessTokenCacheKey atKey = atItem.GetAccessTokenItemKey();
atItem.AccessToken = atKey.ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[atKey.ToString()] = JsonHelper.SerializeToJson(atItem);
var param = new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = new SortedSet <string>(),
User = TestConstants.User
};
param.Scope.Add("r1/scope1");
AccessTokenCacheItem item = cache.FindAccessToken(param);
Assert.IsNotNull(item);
Assert.AreEqual(atKey.ToString(), item.AccessToken);
}
/// <summary>
/// </summary>
protected virtual void WebBrowserNavigatingHandler(object sender, WebBrowserNavigatingEventArgs e)
{
if (this.DialogResult == DialogResult.OK)
{
e.Cancel = true;
return;
}
if (this.webBrowser.IsDisposed)
{
// we cancel all flows in disposed object and just do nothing, let object to close.
// it just for safety.
e.Cancel = true;
return;
}
if (key == Keys.Back)
{
//navigation is being done via back key. This needs to be disabled.
key = Keys.None;
e.Cancel = true;
}
// we cancel further processing, if we reached final URL.
// Security issue: we prohibit navigation with auth code
// if redirect URI is URN, then we prohibit navigation, to prevent random browser popup.
e.Cancel = this.CheckForClosingUrl(e.Url);
// check if the url scheme is of type browser-install://
// this means we need to launch external browser
if (e.Url.Scheme.Equals("browser", StringComparison.OrdinalIgnoreCase))
{
Process.Start(e.Url.AbsoluteUri.Replace("browser://", "https://"));
e.Cancel = true;
}
if (!e.Cancel)
{
PlatformPlugin.Logger.Verbose(null,
string.Format(CultureInfo.InvariantCulture, "Navigating to '{0}'.",
MsalHelpers.UrlDecode(e.Url.ToString())));
}
}
public void GetExpiredAccessTokenTest()
{
cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem item = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
RawClientInfo = MockHelpers.CreateClientInfo(),
ScopeSet = TestConstants.Scope
};
item.IdToken = IdToken.Parse(item.RawIdToken);
item.ClientInfo = ClientInfo.CreateFromJson(item.RawClientInfo);
item.AccessToken = item.GetAccessTokenItemKey().ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[item.GetAccessTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(item);
cache.TokenCacheAccessor.AccessTokenCacheDictionary[item.GetAccessTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(item);
Assert.IsNull(cache.FindAccessToken(new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = TestConstants.Scope,
User =
new User()
{
DisplayableId = TestConstants.DisplayableId,
Identifier = TestConstants.UserIdentifier
}
}));
}
public void GetAccessTokenMatchedUserAssertionInCacheTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem atItem = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ScopeSet = TestConstants.Scope,
Scope = TestConstants.Scope.AsSingleString(),
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromHours(1)),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId)
};
// create key out of access token cache item and then
// set it as the value of the access token.
AccessTokenCacheKey atKey = atItem.GetAccessTokenItemKey();
atItem.AccessToken = atKey.ToString();
atItem.UserAssertionHash = CryptographyHelper.CreateBase64UrlEncodedSha256Hash(atKey.ToString());
cache.TokenCacheAccessor.AccessTokenCacheDictionary[atKey.ToString()] = JsonHelper.SerializeToJson(atItem);
var param = new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = TestConstants.Scope,
UserAssertion = new UserAssertion(atKey.ToString())
};
cache.AfterAccess = AfterAccessNoChangeNotification;
AccessTokenCacheItem item = cache.FindAccessToken(param);
Assert.IsNotNull(item);
Assert.AreEqual(atKey.ToString(), item.AccessToken);
}
public void GetAuthorizationRequestUrlB2CTest()
{
ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.ClientId,
TestConstants.RedirectUri, new ClientCredential(TestConstants.ClientSecret),
new TokenCache(), new TokenCache())
{
ValidateAuthority = false
};
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(File.ReadAllText(@"OpenidConfiguration-B2C.json"))
});
Task <Uri> task = app.GetAuthorizationRequestUrlAsync(TestConstants.Scope.AsArray(),
TestConstants.DisplayableId, null);
Uri uri = task.Result;
Assert.IsNotNull(uri);
Dictionary <string, string> qp = MsalHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null);
Assert.IsNotNull(qp);
Assert.AreEqual(12, qp.Count);
Assert.AreEqual("my-policy", qp["p"]);
Assert.IsTrue(qp.ContainsKey("client-request-id"));
Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2", qp["scope"]);
Assert.AreEqual(TestConstants.ClientId, qp["client_id"]);
Assert.AreEqual("code", qp["response_type"]);
Assert.AreEqual(TestConstants.RedirectUri, qp["redirect_uri"]);
Assert.AreEqual(TestConstants.DisplayableId, qp["login_hint"]);
Assert.AreEqual(UIBehavior.SelectAccount.PromptValue, qp["prompt"]);
Assert.AreEqual("MSAL.Desktop", qp["x-client-sku"]);
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-ver"]));
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-cpu"]));
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-os"]));
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public static void PopulateCache(TokenCacheAccessor accessor)
{
AccessTokenCacheItem item = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn))),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
RawClientInfo = MockHelpers.CreateClientInfo(),
Scope = TestConstants.Scope.AsSingleString(),
ScopeSet = TestConstants.Scope
};
item.IdToken = IdToken.Parse(item.RawIdToken);
item.ClientInfo = ClientInfo.CreateFromJson(item.RawClientInfo);
item.AccessToken = item.GetAccessTokenItemKey().ToString();
//add access token
accessor.AccessTokenCacheDictionary[item.GetAccessTokenItemKey().ToString()] = JsonHelper.SerializeToJson(item);
item = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityGuestTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn))),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId + "more", TestConstants.DisplayableId),
RawClientInfo = MockHelpers.CreateClientInfo(),
Scope = TestConstants.ScopeForAnotherResource.AsSingleString(),
ScopeSet = TestConstants.ScopeForAnotherResource
};
item.IdToken = IdToken.Parse(item.RawIdToken);
item.ClientInfo = ClientInfo.CreateFromJson(item.RawClientInfo);
item.AccessToken = item.GetAccessTokenItemKey().ToString();
//add another access token
accessor.AccessTokenCacheDictionary[item.GetAccessTokenItemKey().ToString()] = JsonHelper.SerializeToJson(item);
AddRefreshTokenToCache(accessor, TestConstants.Uid, TestConstants.Utid, TestConstants.Name);
}
public void GetAccessTokenUserAssertionMismatchInCacheTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem atItem = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ScopeSet = TestConstants.Scope,
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromHours(1)),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId)
};
// create key out of access token cache item and then
// set it as the value of the access token.
AccessTokenCacheKey atKey = atItem.GetAccessTokenItemKey();
atItem.AccessToken = atKey.ToString();
atItem.UserAssertionHash = CryptographyHelper.CreateBase64UrlEncodedSha256Hash(atKey.ToString());
cache.TokenCacheAccessor.AccessTokenCacheDictionary[atKey.ToString()] = JsonHelper.SerializeToJson(atItem);
var param = new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = TestConstants.Scope,
UserAssertion = new UserAssertion(atItem.UserAssertionHash + "-random")
};
AccessTokenCacheItem item = cache.FindAccessToken(param);
// cache lookup should fail because there was userassertion hash did not match the one
// stored in token cache item.
Assert.IsNull(item);
}
private void CheckForDuplicateQueryParameters(string queryParams, IDictionary <string, string> requestParameters)
{
if (!string.IsNullOrWhiteSpace(queryParams))
{
// Checks for _extraQueryParameters duplicating standard parameters
Dictionary <string, string> kvps =
MsalHelpers.ParseKeyValueList(queryParams, '&', false,
AuthenticationRequestParameters.RequestContext);
foreach (KeyValuePair <string, string> kvp in kvps)
{
if (requestParameters.ContainsKey(kvp.Key))
{
throw new MsalClientException(MsalClientException.DuplicateQueryParameterError,
string.Format(CultureInfo.InvariantCulture, MsalErrorMessage.DuplicateQueryParameterTemplate,
kvp.Key));
}
requestParameters[kvp.Key] = kvp.Value;
}
}
}
public InteractiveRequest(AuthenticationRequestParameters authenticationRequestParameters,
string[] additionalScope, string loginHint,
UiOptions?uiOptions, IWebUI webUI)
: base(authenticationRequestParameters)
{
PlatformPlugin.PlatformInformation.ValidateRedirectUri(authenticationRequestParameters.RedirectUri,
this.CallState);
if (!string.IsNullOrWhiteSpace(authenticationRequestParameters.RedirectUri.Fragment))
{
throw new ArgumentException(MsalErrorMessage.RedirectUriContainsFragment, "redirectUri");
}
_additionalScope = new SortedSet <string>();
if (!MsalHelpers.IsNullOrEmpty(additionalScope))
{
this._additionalScope = additionalScope.CreateSetFromArray();
}
ValidateScopeInput(this._additionalScope);
authenticationRequestParameters.LoginHint = loginHint;
if (!string.IsNullOrWhiteSpace(authenticationRequestParameters.ExtraQueryParameters) &&
authenticationRequestParameters.ExtraQueryParameters[0] == '&')
{
authenticationRequestParameters.ExtraQueryParameters =
authenticationRequestParameters.ExtraQueryParameters.Substring(1);
}
this._webUi = webUI;
this._uiOptions = uiOptions;
this.LoadFromCache = false; //no cache lookup and refresh for interactive.
if (string.IsNullOrWhiteSpace(loginHint) && _uiOptions == UiOptions.ActAsCurrentUser)
{
throw new ArgumentException(MsalErrorMessage.LoginHintNullForUiOption, "loginHint");
}
PlatformPlugin.BrokerHelper.PlatformParameters = authenticationRequestParameters.PlatformParameters;
}
public void GetAppTokenFromCacheTest()
{
cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem item = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ExpiresOnUnixTimestamp =
MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)),
RawIdToken = null,
RawClientInfo = null,
User = null,
Scope = TestConstants.Scope.AsSingleString(),
ScopeSet = TestConstants.Scope
};
item.AccessToken = item.GetAccessTokenItemKey().ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[item.GetAccessTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(item);
AccessTokenCacheItem cacheItem = cache.FindAccessToken(new AuthenticationRequestParameters()
{
IsClientCredentialRequest = true,
RequestContext = new RequestContext(Guid.Empty, null),
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
ClientId = TestConstants.ClientId,
ClientCredential = TestConstants.CredentialWithSecret,
Scope = TestConstants.Scope
});
Assert.IsNotNull(cacheItem);
Assert.AreEqual(item.GetAccessTokenItemKey().ToString(), cacheItem.GetAccessTokenItemKey().ToString());
}
public string GetRefreshToken(string refreshTokenKey)
{
return(MsalHelpers.ByteArrayToString(
GetCacheValue((ApplicationDataCompositeValue)_refreshTokenContainer.Values[
CryptographyHelper.CreateBase64UrlEncodedSha256Hash(refreshTokenKey)])));
}
protected static long CurrentUnixTimeMilliseconds()
{
return(MsalHelpers.DateTimeToUnixTimestampMilliseconds(DateTimeOffset.Now));
}
public void GetUsersTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
IEnumerable <IUser> users = app.Users;
Assert.IsNotNull(users);
Assert.IsFalse(users.Any());
cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
app.UserTokenCache = cache;
TokenCacheHelper.PopulateCache(cache.TokenCacheAccessor);
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(1, users.Count());
AccessTokenCacheItem item = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ExpiresOnUnixTimestamp =
MsalHelpers.DateTimeToUnixTimestamp((DateTime.UtcNow + TimeSpan.FromSeconds(3600))),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
RawClientInfo = MockHelpers.CreateClientInfo(),
ScopeSet = TestConstants.Scope
};
item.IdToken = IdToken.Parse(item.RawIdToken);
item.ClientInfo = ClientInfo.CreateFromJson(item.RawClientInfo);
item.AccessToken = item.GetAccessTokenItemKey().ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[item.GetAccessTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(item);
// another cache entry for different uid. user count should be 2.
RefreshTokenCacheItem rtItem = new RefreshTokenCacheItem()
{
Environment = TestConstants.ProductionEnvironment,
ClientId = TestConstants.ClientId,
RefreshToken = "someRT",
RawClientInfo = MockHelpers.CreateClientInfo(TestConstants.Uid + "more", TestConstants.Utid),
DisplayableId = TestConstants.DisplayableId,
IdentityProvider = TestConstants.IdentityProvider,
Name = TestConstants.Name
};
rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo);
cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtItem.GetRefreshTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(rtItem);
Assert.AreEqual(2, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(2, users.Count());
// another cache entry for different environment. user count should still be 2. Sovereign cloud user must not be returned
rtItem = new RefreshTokenCacheItem()
{
Environment = TestConstants.SovereignEnvironment,
ClientId = TestConstants.ClientId,
RefreshToken = "someRT",
RawClientInfo = MockHelpers.CreateClientInfo(TestConstants.Uid + "more1", TestConstants.Utid),
DisplayableId = TestConstants.DisplayableId,
IdentityProvider = TestConstants.IdentityProvider,
Name = TestConstants.Name
};
rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo);
cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtItem.GetRefreshTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(rtItem);
Assert.AreEqual(3, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(2, users.Count());
}
