public async ValueTask <AccessTokenResult> RequestAccessToken(AccessTokenRequestOptions options)
{
var tokenObject = await _localStorage.GetItemAsync <TokenObject>("token");
if (tokenObject != null && tokenObject.Token != null)
{
var now = DateTimeOffset.Now;
if (now >= tokenObject.tokenExpirationTime.AddSeconds(-30))
{
if (await _authenticationService.RefreshToken())
{
tokenObject = await _localStorage.GetItemAsync <TokenObject>("token");
}
else
{
throw new Exception("refresh token failed");
}
}
var token = new AccessToken {
Value = tokenObject.Token, Expires = tokenObject.tokenExpirationTime
};
var accessTokenResult = new AccessTokenResult(AccessTokenResultStatus.Success, token, "");
return(accessTokenResult);
}
return(null);
}
/// <inheritdoc />
public async Task <AccessTokenResult> RequestAccessToken(AccessTokenRequestOptions options)
{
if (_currentAccount == null)
{
var accounts = await _clientApplication.GetAccountsAsync().ConfigureAwait(false);
if (accounts.Any())
{
_currentAccount = accounts.First();
}
else
{
return(new AccessTokenResult(this, AccessTokenResultStatus.RequiresRedirect, null));
}
}
AuthenticationResult result = null;
try
{
result = await _clientApplication
.AcquireTokenSilent(_currentScopes = options?.Scopes != null?_currentScopes.Union(options.Scopes) : _currentScopes, _currentAccount)
.ExecuteAsync()
.ConfigureAwait(false);
}
catch (MsalUiRequiredException)
{
}
if (result == null)
{
return(new AccessTokenResult(this, AccessTokenResultStatus.RequiresRedirect, null));
}
if (!string.IsNullOrEmpty(result.IdToken))
{
_idToken = new JwtSecurityToken(result.IdToken);
}
_currentScopes = result.Scopes;
return(new AccessTokenResult(this, AccessTokenResultStatus.Success, new AccessToken()
{
Expires = result.ExpiresOn,
GrantedScopes = result.Scopes.ToList(),
Value = result.AccessToken,
}));
}
/// <summary>
/// Configures this handler to authorize outbound HTTP requests using an access token. The access token is only attached if at least one of
/// <paramref name="authorizedUrls" /> is a base of <see cref="HttpRequestMessage.RequestUri" />.
/// </summary>
/// <param name="authorizedUrls">The base addresses of endpoint URLs to which the token will be attached.</param>
/// <param name="scopes">The list of scopes to use when requesting an access token.</param>
/// <param name="returnUrl">The return URL to use in case there is an issue provisioning the token and a redirection to the
/// identity provider is necessary.
/// </param>
/// <param name="authenticationScheme">
/// The authentication scheme to be used with in Authorization, ProxyAuthorization, WWW-Authenticate, and Proxy-Authenticate headers.
/// Defaults to 'Bearer'.
/// </param>
/// <returns>This <see cref="AuthorizationMessageHandler"/>.</returns>
public AuthorizationMessageHandler ConfigureHandler(
IEnumerable <string> authorizedUrls,
IEnumerable <string> scopes = null,
string returnUrl = null,
string authenticationScheme = null)
{
if (_authorizedUris != null)
{
throw new InvalidOperationException("Handler already configured.");
}
if (authorizedUrls == null)
{
throw new ArgumentNullException(nameof(authorizedUrls));
}
var uris = authorizedUrls.Select(uri => new Uri(uri, UriKind.Absolute)).ToArray();
if (uris.Length == 0)
{
throw new ArgumentException("At least one URL must be configured.", nameof(authorizedUrls));
}
_authorizedUris = uris;
var scopesList = scopes?.ToArray();
if (scopesList != null || returnUrl != null)
{
_tokenOptions = new AccessTokenRequestOptions
{
Scopes = scopesList,
ReturnUrl = returnUrl
};
}
if (!string.IsNullOrWhiteSpace(authenticationScheme))
{
_authenticationScheme = authenticationScheme;
}
return(this);
}
public virtual async ValueTask <AccessTokenResult> RequestAccessToken(AccessTokenRequestOptions options)
{
if (options is null)
{
throw new ArgumentNullException(nameof(options));
}
await EnsureAuthService();
var result = await JsRuntime.InvokeAsync <InternalAccessTokenResult>("AuthenticationService.getAccessToken", options);
return(new AccessTokenResult(
result.Status,
result.Token,
result.Status == AccessTokenResultStatus.RequiresRedirect ? Options.AuthenticationPaths.LogInPath : null,
result.Status == AccessTokenResultStatus.RequiresRedirect ? new InteractiveRequestOptions
{
Interaction = InteractionType.GetToken,
ReturnUrl = GetReturnUrl(options.ReturnUrl),
Scopes = options.Scopes ?? Array.Empty <string>(),
} : null));
}
public async Task RemoteAuthenticationService_GetAccessToken_PassesDownOptions()
{
// Arrange
var testJsRuntime = new TestJsRuntime();
var options = CreateOptions();
var runtime = new RemoteAuthenticationService <RemoteAuthenticationState, RemoteUserAccount, OidcProviderOptions>(
testJsRuntime,
options,
new TestNavigationManager(),
new AccountClaimsPrincipalFactory <RemoteUserAccount>(Mock.Of <IAccessTokenProviderAccessor>()));
var state = new RemoteAuthenticationState();
testJsRuntime.GetAccessTokenResult = new InternalAccessTokenResult
{
Status = "requiresRedirect",
};
var tokenOptions = new AccessTokenRequestOptions
{
Scopes = new[] { "something" }
};
var expectedRedirectUrl = "https://www.example.com/base/login?returnUrl=https%3A%2F%2Fwww.example.com%2Fbase%2Fadd-product";
// Act
var result = await runtime.RequestAccessToken(tokenOptions);
// Assert
Assert.Equal(
new[] { "AuthenticationService.init", "AuthenticationService.getAccessToken" },
testJsRuntime.PastInvocations.Select(i => i.identifier).ToArray());
Assert.False(result.TryGetToken(out var token));
Assert.Null(token);
Assert.Equal(result.Status, Enum.Parse <AccessTokenResultStatus>(testJsRuntime.GetAccessTokenResult.Status, ignoreCase: true));
Assert.Equal(expectedRedirectUrl, result.RedirectUrl);
Assert.Equal(tokenOptions, (AccessTokenRequestOptions)testJsRuntime.PastInvocations[^ 1].args[0]);
/// <inheritdoc />
public virtual async ValueTask <AccessTokenResult> RequestAccessToken(AccessTokenRequestOptions options)
{
if (options is null)
{
throw new ArgumentNullException(nameof(options));
}
await EnsureAuthService();
var result = await JsRuntime.InvokeAsync <InternalAccessTokenResult>("AuthenticationService.getAccessToken", options);
if (!Enum.TryParse <AccessTokenResultStatus>(result.Status, ignoreCase: true, out var parsedStatus))
{
throw new InvalidOperationException($"Invalid access token result status '{result.Status ?? "(null)"}'");
}
if (parsedStatus == AccessTokenResultStatus.RequiresRedirect)
{
var redirectUrl = GetRedirectUrl(options.ReturnUrl);
result.RedirectUrl = redirectUrl.ToString();
}
return(new AccessTokenResult(parsedStatus, result.Token, result.RedirectUrl));
}
public ValueTask <AccessTokenResult> RequestAccessToken(AccessTokenRequestOptions options)
{
throw new NotImplementedException();
}
public ValueTask <AccessTokenResult> RequestAccessToken(AccessTokenRequestOptions options)
{
return(this.RequestAccessToken());
}
