public App()
{
InitializeComponent();
AuthenticationClient = new PublicClientApplication(Constants.ApplicationID);
MainPage = new NavigationPage(new LoginPage());
}
/// <summary>
/// Get a Microsoft Graph access token using the v2.0 Endpoint.
/// </summary>
/// <param name="appClientId">Application client ID</param>
/// <param name="uiParent">UiParent instance - required for Android</param>
/// <param name="redirectUri">Redirect Uri - required for Android</param>
/// <param name="loginHint">UPN</param>
/// <returns>An oauth2 access token.</returns>
internal async Task <string> GetUserTokenV2Async(string appClientId, UIParent uiParent = null, string redirectUri = null, string loginHint = null)
{
if (_identityClient == null)
{
_identityClient = new MSAL.PublicClientApplication(appClientId);
}
if (!string.IsNullOrEmpty(redirectUri))
{
_identityClient.RedirectUri = redirectUri;
}
var upnLoginHint = string.Empty;
if (!string.IsNullOrEmpty(loginHint))
{
upnLoginHint = loginHint;
}
MSAL.AuthenticationResult authenticationResult = null;
var user = _identityClient.Users.FirstOrDefault();
authenticationResult = user != null ? await _identityClient.AcquireTokenSilentAsync(DelegatedPermissionScopes, user) : await _identityClient.AcquireTokenAsync(DelegatedPermissionScopes, upnLoginHint, uiParent);
return(authenticationResult?.AccessToken);
}
protected override void ProcessRecord()
{
PublicClientApplication clientApplication =
new PublicClientApplication(MSALPnPPowerShellClientId);
// Acquire an access token for the given scope
var authenticationResult = clientApplication.AcquireTokenAsync(Scopes).GetAwaiter().GetResult();
// Get back the Access Token and the Refresh Token
PnPAzureADConnection.AuthenticationResult = authenticationResult;
}
public async Task<string> GetTokenSilentAsync(IPlatformParameters parameters)
{
try
{
app = new PublicClientApplication("https://login.windows.net/common", "CLIENT_ID");
var result = await app.AcquireTokenSilentAsync(Sts.ValidScope, Sts.ValidUserName);
return result.Token;
}
catch (Exception ex)
{
string msg = ex.Message + "\n" + ex.StackTrace;
return msg;
}
}
public void ConstructorsTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
Assert.IsNotNull(app);
Assert.AreEqual("https://login.microsoftonline.com/common/", app.Authority);
Assert.AreEqual(TestConstants.DefaultClientId, app.ClientId);
Assert.AreEqual("urn:ietf:wg:oauth:2.0:oob", app.RedirectUri);
Assert.IsTrue(app.ValidateAuthority);
app = new PublicClientApplication(TestConstants.DefaultAuthorityGuestTenant, TestConstants.DefaultClientId);
Assert.IsNotNull(app);
Assert.AreEqual(TestConstants.DefaultAuthorityGuestTenant, app.Authority);
Assert.AreEqual(TestConstants.DefaultClientId, app.ClientId);
Assert.AreEqual("urn:ietf:wg:oauth:2.0:oob", app.RedirectUri);
Assert.IsTrue(app.ValidateAuthority);
}
public static async Task<AuthenticationResult> GetTokenSilentAsync(User user)
{
TokenBroker brkr = new TokenBroker();
PublicClientApplication app =
new PublicClientApplication("7c7a2f70-caef-45c8-9a6c-091633501de4");
try
{
return await app.AcquireTokenSilentAsync(brkr.Sts.ValidScope);
}
catch (Exception ex)
{
string msg = ex.Message + "\n" + ex.StackTrace;
Console.WriteLine(msg);
return await app.AcquireTokenAsync(brkr.Sts.ValidScope, user.DisplayableId, UiOptions.ActAsCurrentUser, null);
}
}
public void GetUsersTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
IEnumerable<User> users = app.Users;
Assert.IsNotNull(users);
Assert.IsFalse(users.Any());
app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems();
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(1, users.Count());
foreach (var user in users)
{
Assert.AreEqual(TestConstants.DefaultClientId, user.ClientId);
Assert.IsNotNull(user.TokenCache);
}
// another cache entry for different home object id. user count should be 2.
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId+"more",
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3600)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.ScopeSet = TestConstants.DefaultScope;
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
app.UserTokenCache.tokenCacheDictionary[key] = ex;
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(2, users.Count());
foreach (var user in users)
{
Assert.AreEqual(TestConstants.DefaultClientId, user.ClientId);
Assert.IsNotNull(user.TokenCache);
}
}
/// <summary>
/// Get a Microsoft Graph access token from Azure AD V2.
/// </summary>
/// <param name="scopes">Scopes represent various permission levels that an app can request from a user</param>
/// <returns>An oauth2 access token.</returns>
internal static async Task <string> AuthenticateMsalUserAsync(string[] scopes)
{
if (_identityClient == null)
{
_identityClient = new MSAL.PublicClientApplication(_appClientId);
}
MSAL.AuthenticationResult authenticationResult = null;
try
{
authenticationResult = await _identityClient.AcquireTokenSilentAsync(scopes, _identityClient.Users.First());
}
catch (Exception)
{
authenticationResult = await _identityClient.AcquireTokenAsync(scopes);
}
return(authenticationResult.AccessToken);
}
/// <summary>
/// Get a Microsoft Graph access token using the v2.0 Endpoint.
/// </summary>
/// <param name="appClientId">Application client ID</param>
/// <param name="uiParent">UiParent instance - required for Android</param>
/// <param name="redirectUri">Redirect Uri - required for Android</param>
/// <param name="loginHint">UPN</param>
/// <returns>An oauth2 access token.</returns>
public async Task <string> GetUserTokenV2Async(string appClientId, UIParent uiParent = null, string redirectUri = null, string loginHint = null)
{
if (_identityClient == null)
{
_identityClient = new MSAL.PublicClientApplication(appClientId);
}
if (!string.IsNullOrEmpty(redirectUri))
{
_identityClient.RedirectUri = redirectUri;
}
var upnLoginHint = string.Empty;
if (!string.IsNullOrEmpty(loginHint))
{
upnLoginHint = loginHint;
}
MSAL.AuthenticationResult authenticationResult = null;
try
{
IAccount account = (await _identityClient.GetAccountsAsync()).FirstOrDefault();
authenticationResult = await _identityClient.AcquireTokenSilentAsync(DelegatedPermissionScopes, account);
}
catch (MsalUiRequiredException)
{
try
{
authenticationResult = await _identityClient.AcquireTokenAsync(DelegatedPermissionScopes, upnLoginHint, uiParent);
}
catch (MsalException)
{
throw;
}
}
return(authenticationResult?.AccessToken);
}
public AuthenticationHelperMSAL(IPlatformParameters platformParameters)
{
_identityClient = new PublicClientApplication(ClientId);
_identityClient.PlatformParameters = platformParameters;
}
public IdentityService(IConfiguration configuration)
{
_configuration = configuration;
_pca = new PublicClientApplication(_configuration.ApplicationId);
}
public void AcquireTokenSilentForceRefreshTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems();
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultScope.Union(TestConstants.ScopeForAnotherResource).ToArray())
};
Task<AuthenticationResult> task = app.AcquireTokenSilentAsync(TestConstants.DefaultScope.ToArray(), TestConstants.DefaultUniqueId, app.Authority, null, true);
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.User.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.User.UniqueId);
Assert.AreEqual(TestConstants.DefaultScope.Union(TestConstants.ScopeForAnotherResource).ToArray().AsSingleString(), result.Scope.AsSingleString());
}
public void AcquireTokenSilentServiceErrorTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems();
MockHttpMessageHandler mockHandler = new MockHttpMessageHandler();
mockHandler.Method = HttpMethod.Post;
mockHandler.ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage();
HttpMessageHandlerFactory.MockHandler = mockHandler;
try
{
Task<AuthenticationResult> task =app.AcquireTokenSilentAsync(TestConstants.ScopeForAnotherResource.ToArray(), TestConstants.DefaultUniqueId);
AuthenticationResult result = task.Result;
Assert.Fail("AdalSilentTokenAcquisitionException was expected");
}
catch (AggregateException ex)
{
Assert.IsNotNull(ex.InnerException);
Assert.IsTrue(ex.InnerException is MsalSilentTokenAcquisitionException);
var msalExc = (MsalSilentTokenAcquisitionException) ex.InnerException;
Assert.AreEqual(MsalError.FailedToAcquireTokenSilently, msalExc.ErrorCode);
Assert.IsNotNull(msalExc.InnerException, "MsalSilentTokenAcquisitionException inner exception is null");
Assert.AreEqual(((MsalException)msalExc.InnerException).ErrorCode, "invalid_grant");
}
}
public void GetUsersAndSignThemOutTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems();
foreach (var user in app.Users)
{
user.SignOut();
}
Assert.AreEqual(0, app.UserTokenCache.Count);
}
public void AcquireTokenSilentCacheOnlyLookupTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems();
app.UserTokenCache.tokenCacheDictionary.Remove(new TokenCacheKey(TestConstants.DefaultAuthorityGuestTenant,
TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId + "more", TestConstants.DefaultDisplayableId,
TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy));
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.Forbidden) //fail the request if it goes to http client due to any error
};
Task<AuthenticationResult> task = app.AcquireTokenSilentAsync(TestConstants.DefaultScope.ToArray());
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.User.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.User.UniqueId);
Assert.AreEqual(TestConstants.DefaultScope.AsSingleString(), result.Scope.AsSingleString());
}
public AuthenticationProvider()
{
ActiveDirectoryB2CAuthenticationClient = new PublicClientApplication(Constants.ApplicationID);
}
/// <summary>
/// .NET specific method for intergrated auth. To support Xamarin, we would need to move these to platform specific libraries.
/// </summary>
/// <param name="scope"></param>
/// <param name="authority"></param>
/// <param name="policy"></param>
/// <param name="app"></param>
/// <returns></returns>
public static async Task <AuthenticationResult> AcquireTokenWithIntegratedAuthAsync(this PublicClientApplication app, string[] scope, string authority, string policy)
{
return
(await
app.AcquireTokenWithIntegratedAuthInternalAsync(scope, authority, policy).ConfigureAwait(false));
}
public static async Task<string> GetTokenIntegratedAuthAsync(Sts Sts)
{
try
{
PublicClientApplication app = new PublicClientApplication(Sts.Authority, "7c7a2f70-caef-45c8-9a6c-091633501de4");
var result = await app.AcquireTokenWithIntegratedAuthAsync(Sts.ValidScope);
return result.Token;
}
catch (Exception ex)
{
string msg = ex.Message + "\n" + ex.StackTrace;
return msg;
}
}
public static async Task<AuthenticationResult> GetTokenInteractiveAsync()
{
try
{
TokenBroker brkr = new TokenBroker();
PublicClientApplication app =
new PublicClientApplication("7c7a2f70-caef-45c8-9a6c-091633501de4");
await app.AcquireTokenAsync(brkr.Sts.ValidScope);
return await app.AcquireTokenAsync(brkr.Sts.ValidScope);
}
catch (Exception ex)
{
string msg = ex.Message + "\n" + ex.StackTrace;
Console.WriteLine(msg);
}
return null;
}
public void AcquireTokenIdTokenOnlyResponseTest()
{
MockWebUI webUi = new MockWebUI();
webUi.HeadersToValidate = new Dictionary<string, string>();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
IWebUIFactory mockFactory = Substitute.For<IWebUIFactory>();
mockFactory.CreateAuthenticationDialog(Arg.Any<IPlatformParameters>()).Returns(webUi);
PlatformPlugin.WebUIFactory = mockFactory;
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessIdTokenResponseMessage()
};
// this is a flow where we pass client id as a scope
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
Task<AuthenticationResult> task = app.AcquireTokenAsync(new string[] {TestConstants.DefaultClientId});
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(result.Token, result.IdToken);
Assert.AreEqual(1, app.UserTokenCache.Count);
foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(1, item.Scope.Count);
Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString());
}
//call AcquireTokenSilent to make sure we get same token back and no call goes over network
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest)
};
task = app.AcquireTokenSilentAsync(new string[] { TestConstants.DefaultClientId });
AuthenticationResult result1 = task.Result;
Assert.IsNotNull(result1);
Assert.AreEqual(result1.Token, result1.IdToken);
Assert.AreEqual(result.Token, result1.Token);
Assert.AreEqual(result.IdToken, result1.IdToken);
Assert.AreEqual(1, app.UserTokenCache.Count);
foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(1, item.Scope.Count);
Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString());
}
}
