private void CreateBrokerHelper() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false), extraQueryParameters: TestConstants.s_extraQueryParams, claims: TestConstants.Claims); parameters.IsBrokerEnabled = true; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters(); InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, new MockWebUI()); IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(); _brokerInteractiveRequest = new BrokerInteractiveRequest( parameters, interactiveParameters, harness.ServiceBundle, null, broker); } }
public void NullUserForActAsCurrentUserTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); try { AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = null }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (User)null, UiOptions.ActAsCurrentUser, "extra=qp", new MockWebUI()); Assert.Fail("ArgumentException should be thrown here"); } catch (ArgumentException ae) { Assert.IsTrue(ae.Message.Contains(MsalErrorMessage.LoginHintNullForUiOption)); } }
public async Task WithExtraQueryParamsAndClaimsAsync() { IDictionary <string, string> extraQueryParamsAndClaims = TestConstants.ExtraQueryParameters.ToDictionary(e => e.Key, e => e.Value); extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims); using (MockHttpAndServiceBundle harness = CreateTestHarness()) { var cache = new TokenCache(harness.ServiceBundle, false); var ui = new MockWebUI() { MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=some-code"), QueryParamsToValidate = TestConstants.ExtraQueryParameters }; MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, ui); MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); var tokenResponseHandler = new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ExpectedQueryParams = TestConstants.ExtraQueryParameters, ExpectedPostData = new Dictionary <string, string>() { { OAuth2Parameter.Claims, TestConstants.Claims } }, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }; harness.HttpManager.AddMockHandler(tokenResponseHandler); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, cache, extraQueryParameters: TestConstants.ExtraQueryParameters, claims: TestConstants.Claims); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.SelectAccount, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; var request = new InteractiveRequest( parameters, interactiveParameters); AuthenticationResult result = await request.RunAsync().ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllRefreshTokens().Count()); Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(result.AccessToken, "some-access-token"); } }
[WorkItem(1418)] // test for bug https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1418 public async Task VerifyAuthorizationResult_NoErrorDescription_Async() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); MockWebUI webUi = new MockWebUI() { // error code and error description is empty string (not null) MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=some_error&error_description= "), }; AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false)); InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, new AcquireTokenInteractiveParameters(), webUi); var ex = await AssertException.TaskThrowsAsync <MsalServiceException>( () => request.ExecuteAsync(CancellationToken.None)) .ConfigureAwait(false); Assert.AreEqual("some_error", ex.ErrorCode); Assert.AreEqual(InteractiveRequest.UnknownError, ex.Message); } }
public async Task RedirectUriContainsFragmentErrorTestAsync() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false), extraQueryParameters: new Dictionary <string, string> { { "extra", "qp" } }); parameters.RedirectUri = new Uri("some://uri#fragment=not-so-good"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.ForceLogin, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; var request = new InteractiveRequest( parameters, interactiveParameters); var ex = await AssertException.TaskThrowsAsync <ArgumentException> (() => request.RunAsync()).ConfigureAwait(false); Assert.IsTrue(ex.Message.Contains(MsalErrorMessage.RedirectUriContainsFragment)); } }
private async Task <AuthenticationResult> AcquireTokenForLoginHintCommonAsync( Authority authority, IEnumerable <string> scopes, IEnumerable <string> extraScopesToConsent, string loginHint, UIBehavior behavior, string extraQueryParameters, UIParent parent, ApiEvent.ApiIds apiId) { var requestParams = CreateRequestParameters(authority, scopes, null, UserTokenCache); requestParams.ExtraQueryParameters = extraQueryParameters; var handler = new InteractiveRequest( ServiceBundle, requestParams, apiId, extraScopesToConsent, loginHint, behavior, CreateWebAuthenticationDialog( parent, behavior, requestParams.RequestContext)); return(await handler.RunAsync(CancellationToken.None).ConfigureAwait(false)); }
public void CacheWithMultipleUsersAndRestrictToSingleUserTrueTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); try { AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = true, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), new User { UniqueId = TestConstants.DefaultUniqueId }, UiOptions.ForceLogin, "extra=qp", new MockWebUI()); Assert.Fail("ArgumentException should be thrown here"); } catch (ArgumentException ae) { Assert.AreEqual( "Cache cannot have entries for more than 1 unique id when RestrictToSingleUser is set to TRUE.", ae.Message); } }
private void CreateBrokerHelper() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityHomeTenant, MsalTestConstants.Scope, new TokenCache(harness.ServiceBundle), extraQueryParameters: MsalTestConstants.ExtraQueryParams, claims: MsalTestConstants.Claims); parameters.IsBrokerEnabled = true; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters(); InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, new MockWebUI()); BrokerFactory brokerFactory = new BrokerFactory(); _brokerInteractiveRequest = new BrokerInteractiveRequest(parameters, interactiveParameters, harness.ServiceBundle, null, brokerFactory.Create(harness.ServiceBundle)); } }
public void DuplicateQueryParameterErrorTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = null }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (User)null, UiOptions.ForceLogin, "extra=qp&prompt=login", new MockWebUI()); request.PreRunAsync().Wait(); try { request.PreTokenRequest().Wait(); Assert.Fail("MsalException should be thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual(MsalError.DuplicateQueryParameter, ((MsalException)exc.InnerException).ErrorCode); } }
public async Task <Uri> ExecuteAsync( AcquireTokenCommonParameters commonParameters, GetAuthorizationRequestUrlParameters authorizationRequestUrlParameters, CancellationToken cancellationToken) { var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId); var requestParameters = _confidentialClientApplication.CreateRequestParameters( commonParameters, requestContext, _confidentialClientApplication.UserTokenCacheInternal); requestParameters.Account = authorizationRequestUrlParameters.Account; requestParameters.LoginHint = authorizationRequestUrlParameters.LoginHint; if (!string.IsNullOrWhiteSpace(authorizationRequestUrlParameters.RedirectUri)) { requestParameters.RedirectUri = new Uri(authorizationRequestUrlParameters.RedirectUri); } var handler = new InteractiveRequest( ServiceBundle, requestParameters, authorizationRequestUrlParameters.ToInteractiveParameters(), null); // todo: need to pass through cancellation token here return(await handler.CreateAuthorizationUriAsync().ConfigureAwait(false)); }
public async Task BrokerInteractiveRequestBrokerRequiredTestAsync() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockWebUI ui = new MockWebUI() { // When the auth code is returned from the authorization server prefixed with msauth:// // this means the user who logged requires cert based auth and broker MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=msauth://some-code") }; MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); harness.ServiceBundle.PlatformProxy.SetBrokerForTest(CreateMockBroker()); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false)); parameters.IsBrokerEnabled = false; InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, new AcquireTokenInteractiveParameters(), ui); AuthenticationResult result = await request.RunAsync(CancellationToken.None).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("access-token", result.AccessToken); } }
public void VerifyAuthorizationResultTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); MockWebUI webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp, TestConstants.DefaultAuthorityHomeTenant + "?error=" + OAuthError.LoginRequired); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = null }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (string)null, UiOptions.ForceLogin, "extra=qp", webUi); request.PreRunAsync().Wait(); try { request.PreTokenRequest().Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual(MsalError.UserInteractionRequired, ((MsalException)exc.InnerException).ErrorCode); } webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp, TestConstants.DefaultAuthorityHomeTenant + "?error=invalid_request&error_description=some error description"); request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (string)null, UiOptions.ForceLogin, "extra=qp", webUi); request.PreRunAsync().Wait(); try { request.PreTokenRequest().Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode); Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message); } }
public void OAuthClient_FailsWithServiceExceptionWhenResponseIsHttpNotFound() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver); var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false); var responseMessage = MockHelpers.CreateHttpStatusNotFoundResponseMessage(); httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = responseMessage }); var parameters = new AuthenticationRequestParameters { Authority = authority, ClientId = MsalTestConstants.ClientId, Scope = MsalTestConstants.Scope, TokenCache = null, RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)), RedirectUri = new Uri("some://uri"), }; var ui = new MockWebUI(); var request = new InteractiveRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, MsalTestConstants.ScopeForAnotherResource.ToArray(), MsalTestConstants.DisplayableId, UIBehavior.SelectAccount, ui); try { request.ExecuteAsync(CancellationToken.None).Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { var serverEx = exc.InnerException as MsalServiceException; Assert.IsNotNull(serverEx); Assert.AreEqual((int)HttpStatusCode.NotFound, serverEx.StatusCode); Assert.IsNotNull(serverEx.ResponseBody); Assert.AreEqual(MsalError.HttpStatusNotFound, serverEx.ErrorCode); } } }
/// <summary> /// Gets URL of the authorize endpoint including the query parameters. /// </summary> /// <param name="scope"></param> /// <param name="redirectUri"></param> /// <param name="loginHint"></param> /// <param name="extraQueryParameters"></param> /// <param name="additionalScope"></param> /// <param name="authority"></param> /// <param name="policy"></param> /// <returns>URL of the authorize endpoint including the query parameters.</returns> public async Task <Uri> GetAuthorizationRequestUrlAsync(string[] scope, string redirectUri, string loginHint, string extraQueryParameters, string[] additionalScope, string authority, string policy) { Authenticator authenticator = new Authenticator(authority, this.ValidateAuthority, this.CorrelationId); AuthenticationRequestParameters parameters = this.GetHandlerData(authenticator, scope, policy, this.UserTokenCache); parameters.ClientKey = new ClientKey(this.ClientId); var handler = new InteractiveRequest(parameters, additionalScope, new Uri(redirectUri), null, loginHint, null, extraQueryParameters, null); return(await handler.CreateAuthorizationUriAsync(this.CorrelationId).ConfigureAwait(false)); }
private async Task <AuthenticationResult> AcquireTokenCommonAsync(Authority authority, string[] scope, string[] additionalScope, User user, UiOptions uiOptions, string extraQueryParameters, string policy) { var requestParams = this.CreateRequestParameters(authority, scope, policy, user, this.UserTokenCache); requestParams.ExtraQueryParameters = extraQueryParameters; var handler = new InteractiveRequest(requestParams, additionalScope, uiOptions, this.CreateWebAuthenticationDialog(this.PlatformParameters)); return(await handler.RunAsync().ConfigureAwait(false)); }
public async Task NoBroker_WebUiOnly_Async() { // Arrange - common stuff using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockInstanceDiscovery(harness.HttpManager); ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle, false); var requestParams = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, cache); var interactiveParameters = new AcquireTokenInteractiveParameters(); // Arrange - important for test requestParams.AppConfig.IsBrokerEnabled = false; var authCodeResult = new Tuple <AuthorizationResult, string>(new AuthorizationResult() { Code = "some_auth_code" }, "pkce_verifier"); _authCodeRequestComponentOverride.FetchAuthCodeAndPkceVerifierAsync(CancellationToken.None) .Returns(Task.FromResult(authCodeResult)); _authCodeExchangeComponentOverride.FetchTokensAsync(CancellationToken.None) .Returns(Task.FromResult(_msalTokenResponse)); InteractiveRequest interactiveRequest = new InteractiveRequest( requestParams, interactiveParameters, _authCodeRequestComponentOverride, _authCodeExchangeComponentOverride, _brokerExchangeComponentOverride); // Act AuthenticationResult result = await interactiveRequest.RunAsync().ConfigureAwait(false); // Assert - common stuff Assert.IsNotNull(result); Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); Assert.IsTrue(!string.IsNullOrEmpty(result.AccessToken)); Assert.AreEqual(1, cache.Accessor.GetAllAccessTokens().Count()); // Assert - orchestration #pragma warning disable VSTHRD101 // Avoid unsupported async delegates Received.InOrder(async() => { await _authCodeRequestComponentOverride .FetchAuthCodeAndPkceVerifierAsync(default)
private async Task <AuthenticationResult> AcquireTokenCommonAsync(Authenticator authenticator, string[] scope, string[] additionalScope, Uri redirectUri, User user, UiOptions uiOptions, string extraQueryParameters, string policy) { if (this.PlatformParameters == null) { this.PlatformParameters = PlatformPlugin.DefaultPlatformParameters; } var handler = new InteractiveRequest( this.GetHandlerData(authenticator, scope, policy, this.UserTokenCache), additionalScope, redirectUri, this.PlatformParameters, user, uiOptions, extraQueryParameters, this.CreateWebAuthenticationDialog(this.PlatformParameters)); return(await handler.RunAsync().ConfigureAwait(false)); }
/// <summary> /// Gets URL of the authorize endpoint including the query parameters. /// </summary> /// <param name="scopes">Array of scopes requested for resource</param> /// <param name="loginHint">Identifier of the user. Generally a UPN.</param> /// <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.</param> /// <returns>URL of the authorize endpoint including the query parameters.</returns> public async Task <Uri> GetAuthorizationRequestUrlAsync(IEnumerable <string> scopes, string loginHint, string extraQueryParameters) { Authority authority = Internal.Instance.Authority.CreateAuthority(Authority, ValidateAuthority); var requestParameters = CreateRequestParameters(authority, scopes, null, UserTokenCache); requestParameters.ClientId = ClientId; requestParameters.ExtraQueryParameters = extraQueryParameters; var handler = new InteractiveRequest(requestParameters, null, loginHint, UIBehavior.SelectAccount, null); return(await handler.CreateAuthorizationUriAsync().ConfigureAwait(false)); }
/// <summary> /// Gets URL of the authorize endpoint including the query parameters. /// </summary> /// <param name="scope"></param> /// <param name="loginHint"></param> /// <param name="extraQueryParameters"></param> /// <returns>URL of the authorize endpoint including the query parameters.</returns> public async Task <Uri> GetAuthorizationRequestUrlAsync(string[] scope, string loginHint, string extraQueryParameters) { Authority authority = Internal.Instance.Authority.CreateAuthority(this.Authority, this.ValidateAuthority); var requestParameters = this.CreateRequestParameters(authority, scope, null, null, this.UserTokenCache); requestParameters.ClientKey = new ClientKey(this.ClientId); requestParameters.ExtraQueryParameters = extraQueryParameters; var handler = new InteractiveRequest(requestParameters, null, loginHint, null, null); return(await handler.CreateAuthorizationUriAsync(CreateCallState(CorrelationId)).ConfigureAwait(false)); }
private async Task <AuthenticationResult> AcquireTokenForUserCommonAsync(Authority authority, IEnumerable <string> scopes, IEnumerable <string> extraScopesToConsent, IUser user, UIBehavior behavior, string extraQueryParameters, UIParent parent, ApiEvent.ApiIds apiId) { var requestParams = CreateRequestParameters(authority, scopes, user, UserTokenCache); requestParams.ExtraQueryParameters = extraQueryParameters; var handler = new InteractiveRequest(requestParams, extraScopesToConsent, behavior, CreateWebAuthenticationDialog(parent, behavior, requestParams.RequestContext)) { ApiId = apiId }; return(await handler.RunAsync().ConfigureAwait(false)); }
private async Task ExecuteTestAsync( bool withTokenRequest, Action <ICustomWebUi> customizeWebUiBehavior, Func <InteractiveRequest, Task> executionBehavior) { var customWebUi = Substitute.For <ICustomWebUi>(); customizeWebUiBehavior(customWebUi); using (var harness = CreateTestHarness()) { MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); if (withTokenRequest) { harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }); } var parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false)); parameters.RedirectUri = new Uri(ExpectedRedirectUri); parameters.LoginHint = TestConstants.DisplayableId; var interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.ForceLogin, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), CustomWebUi = customWebUi }; var ui = new CustomWebUiHandler(customWebUi); MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, ui); var request = new InteractiveRequest( parameters, interactiveParameters); await executionBehavior(request).ConfigureAwait(false); } }
public void ActAsCurrentUserNoSsoHeaderForLoginHintOnlyTest() { //this test validates that no SSO header is added when developer passes only login hint and UiOption.ActAsCurrentUser Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = new TokenCache(); TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultScope, TestConstants.DefaultClientId, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultPolicy); AuthenticationResultEx ex = new AuthenticationResultEx(); ex.Result = new AuthenticationResult("Bearer", key.ToString(), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599))); ex.Result.User = new User { DisplayableId = TestConstants.DefaultDisplayableId, UniqueId = TestConstants.DefaultUniqueId, HomeObjectId = TestConstants.DefaultHomeObjectId }; ex.Result.FamilyId = "1"; ex.RefreshToken = "someRT"; cache.tokenCacheDictionary[key] = ex; MockWebUI webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.DefaultAuthorityHomeTenant + "?code=some-code"); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), ex.Result.User, UiOptions.ActAsCurrentUser, "extra=qp", webUi); request.PreRunAsync().Wait(); request.PreTokenRequest().Wait(); }
public void DuplicateQueryParameterErrorTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver); var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false); var parameters = new AuthenticationRequestParameters { Authority = authority, ClientId = MsalTestConstants.ClientId, Scope = MsalTestConstants.Scope, TokenCache = null, RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)), RedirectUri = new Uri("some://uri"), ExtraQueryParameters = "extra=qp&prompt=login" }; MockInstanceDiscoveryAndOpenIdRequest(httpManager); var request = new InteractiveRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, MsalTestConstants.ScopeForAnotherResource.ToArray(), null, UIBehavior.ForceLogin, new MockWebUI()); try { request.ExecuteAsync(CancellationToken.None).Wait(); Assert.Fail("MsalException should be thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual( MsalClientException.DuplicateQueryParameterError, ((MsalException)exc.InnerException).ErrorCode); } } }
public void DuplicateQueryParameterErrorTest() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); harness.HttpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityHomeTenant); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false), extraQueryParameters: new Dictionary <string, string> { { "extra", "qp" }, { "prompt", "login" } }); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.ForceLogin, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, new MockWebUI()); try { request.ExecuteAsync(CancellationToken.None).Wait(); Assert.Fail("MsalException should be thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual( MsalError.DuplicateQueryParameterError, ((MsalException)exc.InnerException).ErrorCode); } } }
public async Task <AuthenticationResult> ExecuteAsync( AcquireTokenCommonParameters commonParameters, AcquireTokenInteractiveParameters interactiveParameters, CancellationToken cancellationToken) { var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId); AuthenticationRequestParameters requestParams = _publicClientApplication.CreateRequestParameters( commonParameters, requestContext, _publicClientApplication.UserTokenCacheInternal); requestParams.LoginHint = interactiveParameters.LoginHint; requestParams.Account = interactiveParameters.Account; InteractiveRequest interactiveRequest = new InteractiveRequest(requestParams, interactiveParameters); return(await interactiveRequest.RunAsync(cancellationToken).ConfigureAwait(false)); }
private void ValidateOathClient(HttpResponseMessage httpResponseMessage, Action <Exception> validationHandler) { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); harness.HttpManager.AddMockHandler( new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Get, ResponseMessage = httpResponseMessage }); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( MsalTestConstants.AuthorityHomeTenant, MsalTestConstants.Scope, null); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = MsalTestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.SelectAccount, ExtraScopesToConsent = MsalTestConstants.ScopeForAnotherResource.ToArray(), }; InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, new MockWebUI()); try { request.ExecuteAsync(CancellationToken.None).Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { validationHandler(exc); } } }
public void DuplicateQueryParameterErrorTest() { Authority authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authority = authority, ClientId = TestConstants.ClientId, Scope = TestConstants.Scope, TokenCache = null, RequestContext = new RequestContext(Guid.Empty, null) }; parameters.RedirectUri = new Uri("some://uri"); parameters.ExtraQueryParameters = "extra=qp&prompt=login"; //add mock response for tenant endpoint discovery HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant) }); InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), null, UIBehavior.ForceLogin, new MockWebUI()); try { request.PreTokenRequestAsync().Wait(); Assert.Fail("MsalException should be thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual(MsalClientException.DuplicateQueryParameterError, ((MsalException)exc.InnerException).ErrorCode); } Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed"); }
public async Task <AuthenticationResult> ExecuteAsync( AcquireTokenCommonParameters commonParameters, AcquireTokenInteractiveParameters interactiveParameters, CancellationToken cancellationToken) { var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.TelemetryCorrelationId); var requestParams = _publicClientApplication.CreateRequestParameters( commonParameters, requestContext, _publicClientApplication.UserTokenCacheInternal); requestParams.LoginHint = interactiveParameters.LoginHint; requestParams.Account = interactiveParameters.Account; var handler = new InteractiveRequest( ServiceBundle, requestParams, interactiveParameters, CreateWebAuthenticationDialog(interactiveParameters, requestParams.RequestContext)); return(await handler.RunAsync(cancellationToken).ConfigureAwait(false)); }
/// <summary> /// Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in /// the user's name. The URL targets the /authorize endpoint of the authority specified as the <paramref name="authority"/> parameter. /// This override enables you to specify a redirectUri, login hint extra query parameters, extra scope to consent (which are not for the /// same resource as the <paramref name="scopes"/>), and an authority. /// </summary> /// <param name="scopes">Scopes requested to access a protected API (a resource)</param> /// <param name="redirectUri">Address to return to upon receiving a response from the authority.</param> /// <param name="loginHint">Identifier of the user. Generally a UPN.</param> /// <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. /// This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character. /// The parameter can be null.</param> /// <param name="extraScopesToConsent">Scopes for additional resources (other than the resource for which <paramref name="scopes"/> are requested), /// which a developer can request the user to consent to upfront.</param> /// <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param> /// <returns>URL of the authorize endpoint including the query parameters.</returns> public async Task <Uri> GetAuthorizationRequestUrlAsync(IEnumerable <string> scopes, string redirectUri, string loginHint, string extraQueryParameters, IEnumerable <string> extraScopesToConsent, string authority) { GuardMobileFrameworks(); Authority authorityInstance = Instance.Authority.CreateAuthority(ServiceBundle, authority, ValidateAuthority); var requestParameters = CreateRequestParameters(authorityInstance, scopes, null, UserTokenCache); requestParameters.RedirectUri = new Uri(redirectUri); requestParameters.ClientId = ClientId; requestParameters.ExtraQueryParameters = extraQueryParameters; var handler = new InteractiveRequest( ServiceBundle, requestParameters, ApiEvent.ApiIds.None, extraScopesToConsent, loginHint, UIBehavior.SelectAccount, null); return(await handler.CreateAuthorizationUriAsync().ConfigureAwait(false)); }
public void NoCacheLookup() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = new TokenCache(); TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultScope, TestConstants.DefaultClientId, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultPolicy); AuthenticationResultEx ex = new AuthenticationResultEx(); ex.Result = new AuthenticationResult("Bearer", key.ToString(), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599))); ex.Result.User = new User { DisplayableId = TestConstants.DefaultDisplayableId, UniqueId = TestConstants.DefaultUniqueId, HomeObjectId = TestConstants.DefaultHomeObjectId }; ex.Result.FamilyId = "1"; ex.RefreshToken = "someRT"; cache.tokenCacheDictionary[key] = ex; IWebUI ui = Substitute.For <IWebUI>(); AuthorizationResult ar = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.DefaultAuthorityHomeTenant + "?code=some-code"); ui.AcquireAuthorizationAsync(Arg.Any <Uri>(), Arg.Any <Uri>(), Arg.Any <IDictionary <string, string> >(), Arg.Any <CallState>()) .Returns(ar); MockHttpMessageHandler mockHandler = new MockHttpMessageHandler(); mockHandler.Method = HttpMethod.Post; mockHandler.QueryParams = new Dictionary <string, string>() { { "p", "some-policy" } }; mockHandler.ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(); HttpMessageHandlerFactory.MockHandler = mockHandler; AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = "some-policy", RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), TestConstants.DefaultDisplayableId, UiOptions.SelectAccount, "extra=qp", ui); Task <AuthenticationResult> task = request.RunAsync(); task.Wait(); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(2, cache.Count); Assert.AreEqual(result.Token, "some-access-token"); //both cache entry authorities are TestConstants.DefaultAuthorityHomeTenant foreach (var item in cache.ReadItems(TestConstants.DefaultClientId)) { Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, item.Authority); } }