private void CreateBrokerHelper()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: TestConstants.s_extraQueryParams,
claims: TestConstants.Claims);
parameters.IsBrokerEnabled = true;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters();
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
new MockWebUI());
IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker();
_brokerInteractiveRequest =
new BrokerInteractiveRequest(
parameters,
interactiveParameters,
harness.ServiceBundle,
null,
broker);
}
}
public void NullUserForActAsCurrentUserTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
try
{
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = null
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(),
(User)null, UiOptions.ActAsCurrentUser, "extra=qp", new MockWebUI());
Assert.Fail("ArgumentException should be thrown here");
}
catch (ArgumentException ae)
{
Assert.IsTrue(ae.Message.Contains(MsalErrorMessage.LoginHintNullForUiOption));
}
}
public async Task WithExtraQueryParamsAndClaimsAsync()
{
IDictionary <string, string> extraQueryParamsAndClaims =
TestConstants.ExtraQueryParameters.ToDictionary(e => e.Key, e => e.Value);
extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims);
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
var cache = new TokenCache(harness.ServiceBundle, false);
var ui = new MockWebUI()
{
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=some-code"),
QueryParamsToValidate = TestConstants.ExtraQueryParameters
};
MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, ui);
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
var tokenResponseHandler = new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ExpectedQueryParams = TestConstants.ExtraQueryParameters,
ExpectedPostData = new Dictionary <string, string>()
{
{ OAuth2Parameter.Claims, TestConstants.Claims }
},
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
};
harness.HttpManager.AddMockHandler(tokenResponseHandler);
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
cache,
extraQueryParameters: TestConstants.ExtraQueryParameters,
claims: TestConstants.Claims);
parameters.RedirectUri = new Uri("some://uri");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.SelectAccount,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
var request = new InteractiveRequest(
parameters,
interactiveParameters);
AuthenticationResult result = await request.RunAsync().ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllRefreshTokens().Count());
Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(result.AccessToken, "some-access-token");
}
}
[WorkItem(1418)] // test for bug https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1418
public async Task VerifyAuthorizationResult_NoErrorDescription_Async()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
MockWebUI webUi = new MockWebUI()
{
// error code and error description is empty string (not null)
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=some_error&error_description= "),
};
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false));
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
new AcquireTokenInteractiveParameters(),
webUi);
var ex = await AssertException.TaskThrowsAsync <MsalServiceException>(
() => request.ExecuteAsync(CancellationToken.None))
.ConfigureAwait(false);
Assert.AreEqual("some_error", ex.ErrorCode);
Assert.AreEqual(InteractiveRequest.UnknownError, ex.Message);
}
}
public async Task RedirectUriContainsFragmentErrorTestAsync()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: new Dictionary <string, string>
{
{ "extra", "qp" }
});
parameters.RedirectUri = new Uri("some://uri#fragment=not-so-good");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.ForceLogin,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
var request = new InteractiveRequest(
parameters,
interactiveParameters);
var ex = await AssertException.TaskThrowsAsync <ArgumentException>
(() => request.RunAsync()).ConfigureAwait(false);
Assert.IsTrue(ex.Message.Contains(MsalErrorMessage.RedirectUriContainsFragment));
}
}
private async Task <AuthenticationResult> AcquireTokenForLoginHintCommonAsync(
Authority authority,
IEnumerable <string> scopes,
IEnumerable <string> extraScopesToConsent,
string loginHint,
UIBehavior behavior,
string extraQueryParameters,
UIParent parent,
ApiEvent.ApiIds apiId)
{
var requestParams = CreateRequestParameters(authority, scopes, null, UserTokenCache);
requestParams.ExtraQueryParameters = extraQueryParameters;
var handler = new InteractiveRequest(
ServiceBundle,
requestParams,
apiId,
extraScopesToConsent,
loginHint,
behavior,
CreateWebAuthenticationDialog(
parent,
behavior,
requestParams.RequestContext));
return(await handler.RunAsync(CancellationToken.None).ConfigureAwait(false));
}
public void CacheWithMultipleUsersAndRestrictToSingleUserTrueTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = TokenCacheHelper.CreateCacheWithItems();
try
{
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = true,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(),
new User {
UniqueId = TestConstants.DefaultUniqueId
}, UiOptions.ForceLogin, "extra=qp",
new MockWebUI());
Assert.Fail("ArgumentException should be thrown here");
}
catch (ArgumentException ae)
{
Assert.AreEqual(
"Cache cannot have entries for more than 1 unique id when RestrictToSingleUser is set to TRUE.",
ae.Message);
}
}
private void CreateBrokerHelper()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityHomeTenant,
MsalTestConstants.Scope,
new TokenCache(harness.ServiceBundle),
extraQueryParameters: MsalTestConstants.ExtraQueryParams,
claims: MsalTestConstants.Claims);
parameters.IsBrokerEnabled = true;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters();
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
new MockWebUI());
BrokerFactory brokerFactory = new BrokerFactory();
_brokerInteractiveRequest = new BrokerInteractiveRequest(parameters, interactiveParameters, harness.ServiceBundle, null, brokerFactory.Create(harness.ServiceBundle));
}
}
public void DuplicateQueryParameterErrorTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = null
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(),
(User)null, UiOptions.ForceLogin, "extra=qp&prompt=login", new MockWebUI());
request.PreRunAsync().Wait();
try
{
request.PreTokenRequest().Wait();
Assert.Fail("MsalException should be thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual(MsalError.DuplicateQueryParameter, ((MsalException)exc.InnerException).ErrorCode);
}
}
public async Task <Uri> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
GetAuthorizationRequestUrlParameters authorizationRequestUrlParameters,
CancellationToken cancellationToken)
{
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId);
var requestParameters = _confidentialClientApplication.CreateRequestParameters(
commonParameters,
requestContext,
_confidentialClientApplication.UserTokenCacheInternal);
requestParameters.Account = authorizationRequestUrlParameters.Account;
requestParameters.LoginHint = authorizationRequestUrlParameters.LoginHint;
if (!string.IsNullOrWhiteSpace(authorizationRequestUrlParameters.RedirectUri))
{
requestParameters.RedirectUri = new Uri(authorizationRequestUrlParameters.RedirectUri);
}
var handler = new InteractiveRequest(
ServiceBundle,
requestParameters,
authorizationRequestUrlParameters.ToInteractiveParameters(),
null);
// todo: need to pass through cancellation token here
return(await handler.CreateAuthorizationUriAsync().ConfigureAwait(false));
}
public async Task BrokerInteractiveRequestBrokerRequiredTestAsync()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockWebUI ui = new MockWebUI()
{
// When the auth code is returned from the authorization server prefixed with msauth://
// this means the user who logged requires cert based auth and broker
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=msauth://some-code")
};
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
harness.ServiceBundle.PlatformProxy.SetBrokerForTest(CreateMockBroker());
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false));
parameters.IsBrokerEnabled = false;
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
new AcquireTokenInteractiveParameters(),
ui);
AuthenticationResult result = await request.RunAsync(CancellationToken.None).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("access-token", result.AccessToken);
}
}
public void VerifyAuthorizationResultTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
MockWebUI webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp,
TestConstants.DefaultAuthorityHomeTenant + "?error=" + OAuthError.LoginRequired);
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = null
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(),
(string)null, UiOptions.ForceLogin, "extra=qp", webUi);
request.PreRunAsync().Wait();
try
{
request.PreTokenRequest().Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual(MsalError.UserInteractionRequired, ((MsalException)exc.InnerException).ErrorCode);
}
webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp,
TestConstants.DefaultAuthorityHomeTenant + "?error=invalid_request&error_description=some error description");
request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(),
(string)null, UiOptions.ForceLogin, "extra=qp", webUi);
request.PreRunAsync().Wait();
try
{
request.PreTokenRequest().Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode);
Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message);
}
}
public void OAuthClient_FailsWithServiceExceptionWhenResponseIsHttpNotFound()
{
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver);
var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false);
var responseMessage = MockHelpers.CreateHttpStatusNotFoundResponseMessage();
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = responseMessage
});
var parameters = new AuthenticationRequestParameters
{
Authority = authority,
ClientId = MsalTestConstants.ClientId,
Scope = MsalTestConstants.Scope,
TokenCache = null,
RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)),
RedirectUri = new Uri("some://uri"),
};
var ui = new MockWebUI();
var request = new InteractiveRequest(
serviceBundle,
parameters,
ApiEvent.ApiIds.None,
MsalTestConstants.ScopeForAnotherResource.ToArray(),
MsalTestConstants.DisplayableId,
UIBehavior.SelectAccount,
ui);
try
{
request.ExecuteAsync(CancellationToken.None).Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
var serverEx = exc.InnerException as MsalServiceException;
Assert.IsNotNull(serverEx);
Assert.AreEqual((int)HttpStatusCode.NotFound, serverEx.StatusCode);
Assert.IsNotNull(serverEx.ResponseBody);
Assert.AreEqual(MsalError.HttpStatusNotFound, serverEx.ErrorCode);
}
}
}
/// <summary>
/// Gets URL of the authorize endpoint including the query parameters.
/// </summary>
/// <param name="scope"></param>
/// <param name="redirectUri"></param>
/// <param name="loginHint"></param>
/// <param name="extraQueryParameters"></param>
/// <param name="additionalScope"></param>
/// <param name="authority"></param>
/// <param name="policy"></param>
/// <returns>URL of the authorize endpoint including the query parameters.</returns>
public async Task <Uri> GetAuthorizationRequestUrlAsync(string[] scope, string redirectUri, string loginHint, string extraQueryParameters, string[] additionalScope, string authority, string policy)
{
Authenticator authenticator = new Authenticator(authority, this.ValidateAuthority, this.CorrelationId);
AuthenticationRequestParameters parameters = this.GetHandlerData(authenticator, scope, policy, this.UserTokenCache);
parameters.ClientKey = new ClientKey(this.ClientId);
var handler =
new InteractiveRequest(parameters, additionalScope,
new Uri(redirectUri), null, loginHint, null, extraQueryParameters, null);
return(await handler.CreateAuthorizationUriAsync(this.CorrelationId).ConfigureAwait(false));
}
private async Task <AuthenticationResult> AcquireTokenCommonAsync(Authority authority, string[] scope,
string[] additionalScope, User user, UiOptions uiOptions, string extraQueryParameters,
string policy)
{
var requestParams = this.CreateRequestParameters(authority, scope, policy, user, this.UserTokenCache);
requestParams.ExtraQueryParameters = extraQueryParameters;
var handler =
new InteractiveRequest(requestParams, additionalScope, uiOptions,
this.CreateWebAuthenticationDialog(this.PlatformParameters));
return(await handler.RunAsync().ConfigureAwait(false));
}
public async Task NoBroker_WebUiOnly_Async()
{
// Arrange - common stuff
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockInstanceDiscovery(harness.HttpManager);
ITokenCacheInternal cache = new TokenCache(harness.ServiceBundle, false);
var requestParams = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
cache);
var interactiveParameters = new AcquireTokenInteractiveParameters();
// Arrange - important for test
requestParams.AppConfig.IsBrokerEnabled = false;
var authCodeResult = new Tuple <AuthorizationResult, string>(new AuthorizationResult()
{
Code = "some_auth_code"
}, "pkce_verifier");
_authCodeRequestComponentOverride.FetchAuthCodeAndPkceVerifierAsync(CancellationToken.None)
.Returns(Task.FromResult(authCodeResult));
_authCodeExchangeComponentOverride.FetchTokensAsync(CancellationToken.None)
.Returns(Task.FromResult(_msalTokenResponse));
InteractiveRequest interactiveRequest = new InteractiveRequest(
requestParams,
interactiveParameters,
_authCodeRequestComponentOverride,
_authCodeExchangeComponentOverride,
_brokerExchangeComponentOverride);
// Act
AuthenticationResult result = await interactiveRequest.RunAsync().ConfigureAwait(false);
// Assert - common stuff
Assert.IsNotNull(result);
Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
Assert.IsTrue(!string.IsNullOrEmpty(result.AccessToken));
Assert.AreEqual(1, cache.Accessor.GetAllAccessTokens().Count());
// Assert - orchestration
#pragma warning disable VSTHRD101 // Avoid unsupported async delegates
Received.InOrder(async() =>
{
await _authCodeRequestComponentOverride
.FetchAuthCodeAndPkceVerifierAsync(default)
private async Task <AuthenticationResult> AcquireTokenCommonAsync(Authenticator authenticator, string[] scope, string[] additionalScope, Uri redirectUri, User user, UiOptions uiOptions, string extraQueryParameters, string policy)
{
if (this.PlatformParameters == null)
{
this.PlatformParameters = PlatformPlugin.DefaultPlatformParameters;
}
var handler =
new InteractiveRequest(
this.GetHandlerData(authenticator, scope, policy, this.UserTokenCache), additionalScope, redirectUri,
this.PlatformParameters, user, uiOptions, extraQueryParameters,
this.CreateWebAuthenticationDialog(this.PlatformParameters));
return(await handler.RunAsync().ConfigureAwait(false));
}
/// <summary>
/// Gets URL of the authorize endpoint including the query parameters.
/// </summary>
/// <param name="scopes">Array of scopes requested for resource</param>
/// <param name="loginHint">Identifier of the user. Generally a UPN.</param>
/// <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority. The parameter can be null.</param>
/// <returns>URL of the authorize endpoint including the query parameters.</returns>
public async Task <Uri> GetAuthorizationRequestUrlAsync(IEnumerable <string> scopes, string loginHint,
string extraQueryParameters)
{
Authority authority = Internal.Instance.Authority.CreateAuthority(Authority, ValidateAuthority);
var requestParameters =
CreateRequestParameters(authority, scopes, null, UserTokenCache);
requestParameters.ClientId = ClientId;
requestParameters.ExtraQueryParameters = extraQueryParameters;
var handler =
new InteractiveRequest(requestParameters, null, loginHint, UIBehavior.SelectAccount, null);
return(await handler.CreateAuthorizationUriAsync().ConfigureAwait(false));
}
/// <summary>
/// Gets URL of the authorize endpoint including the query parameters.
/// </summary>
/// <param name="scope"></param>
/// <param name="loginHint"></param>
/// <param name="extraQueryParameters"></param>
/// <returns>URL of the authorize endpoint including the query parameters.</returns>
public async Task <Uri> GetAuthorizationRequestUrlAsync(string[] scope, string loginHint,
string extraQueryParameters)
{
Authority authority = Internal.Instance.Authority.CreateAuthority(this.Authority, this.ValidateAuthority);
var requestParameters =
this.CreateRequestParameters(authority, scope, null, null, this.UserTokenCache);
requestParameters.ClientKey = new ClientKey(this.ClientId);
requestParameters.ExtraQueryParameters = extraQueryParameters;
var handler =
new InteractiveRequest(requestParameters, null, loginHint, null, null);
return(await handler.CreateAuthorizationUriAsync(CreateCallState(CorrelationId)).ConfigureAwait(false));
}
private async Task <AuthenticationResult> AcquireTokenForUserCommonAsync(Authority authority, IEnumerable <string> scopes,
IEnumerable <string> extraScopesToConsent, IUser user, UIBehavior behavior, string extraQueryParameters, UIParent parent, ApiEvent.ApiIds apiId)
{
var requestParams = CreateRequestParameters(authority, scopes, user, UserTokenCache);
requestParams.ExtraQueryParameters = extraQueryParameters;
var handler =
new InteractiveRequest(requestParams, extraScopesToConsent, behavior,
CreateWebAuthenticationDialog(parent, behavior, requestParams.RequestContext))
{
ApiId = apiId
};
return(await handler.RunAsync().ConfigureAwait(false));
}
private async Task ExecuteTestAsync(
bool withTokenRequest,
Action <ICustomWebUi> customizeWebUiBehavior,
Func <InteractiveRequest, Task> executionBehavior)
{
var customWebUi = Substitute.For <ICustomWebUi>();
customizeWebUiBehavior(customWebUi);
using (var harness = CreateTestHarness())
{
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
if (withTokenRequest)
{
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
}
var parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false));
parameters.RedirectUri = new Uri(ExpectedRedirectUri);
parameters.LoginHint = TestConstants.DisplayableId;
var interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.ForceLogin,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
CustomWebUi = customWebUi
};
var ui = new CustomWebUiHandler(customWebUi);
MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, ui);
var request = new InteractiveRequest(
parameters,
interactiveParameters);
await executionBehavior(request).ConfigureAwait(false);
}
}
public void ActAsCurrentUserNoSsoHeaderForLoginHintOnlyTest()
{
//this test validates that no SSO header is added when developer passes only login hint and UiOption.ActAsCurrentUser
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
MockWebUI webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(),
ex.Result.User, UiOptions.ActAsCurrentUser, "extra=qp", webUi);
request.PreRunAsync().Wait();
request.PreTokenRequest().Wait();
}
public void DuplicateQueryParameterErrorTest()
{
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver);
var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false);
var parameters = new AuthenticationRequestParameters
{
Authority = authority,
ClientId = MsalTestConstants.ClientId,
Scope = MsalTestConstants.Scope,
TokenCache = null,
RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)),
RedirectUri = new Uri("some://uri"),
ExtraQueryParameters = "extra=qp&prompt=login"
};
MockInstanceDiscoveryAndOpenIdRequest(httpManager);
var request = new InteractiveRequest(
serviceBundle,
parameters,
ApiEvent.ApiIds.None,
MsalTestConstants.ScopeForAnotherResource.ToArray(),
null,
UIBehavior.ForceLogin,
new MockWebUI());
try
{
request.ExecuteAsync(CancellationToken.None).Wait();
Assert.Fail("MsalException should be thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual(
MsalClientException.DuplicateQueryParameterError,
((MsalException)exc.InnerException).ErrorCode);
}
}
}
public void DuplicateQueryParameterErrorTest()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
harness.HttpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityHomeTenant);
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: new Dictionary <string, string> {
{ "extra", "qp" }, { "prompt", "login" }
});
parameters.RedirectUri = new Uri("some://uri");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.ForceLogin,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
new MockWebUI());
try
{
request.ExecuteAsync(CancellationToken.None).Wait();
Assert.Fail("MsalException should be thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual(
MsalError.DuplicateQueryParameterError,
((MsalException)exc.InnerException).ErrorCode);
}
}
}
public async Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenInteractiveParameters interactiveParameters,
CancellationToken cancellationToken)
{
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId);
AuthenticationRequestParameters requestParams = _publicClientApplication.CreateRequestParameters(
commonParameters,
requestContext,
_publicClientApplication.UserTokenCacheInternal);
requestParams.LoginHint = interactiveParameters.LoginHint;
requestParams.Account = interactiveParameters.Account;
InteractiveRequest interactiveRequest =
new InteractiveRequest(requestParams, interactiveParameters);
return(await interactiveRequest.RunAsync(cancellationToken).ConfigureAwait(false));
}
private void ValidateOathClient(HttpResponseMessage httpResponseMessage, Action <Exception> validationHandler)
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ResponseMessage = httpResponseMessage
});
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
MsalTestConstants.AuthorityHomeTenant,
MsalTestConstants.Scope,
null);
parameters.RedirectUri = new Uri("some://uri");
parameters.LoginHint = MsalTestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.SelectAccount,
ExtraScopesToConsent = MsalTestConstants.ScopeForAnotherResource.ToArray(),
};
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
new MockWebUI());
try
{
request.ExecuteAsync(CancellationToken.None).Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
validationHandler(exc);
}
}
}
public void DuplicateQueryParameterErrorTest()
{
Authority authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false);
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authority = authority,
ClientId = TestConstants.ClientId,
Scope = TestConstants.Scope,
TokenCache = null,
RequestContext = new RequestContext(Guid.Empty, null)
};
parameters.RedirectUri = new Uri("some://uri");
parameters.ExtraQueryParameters = "extra=qp&prompt=login";
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
null, UIBehavior.ForceLogin, new MockWebUI());
try
{
request.PreTokenRequestAsync().Wait();
Assert.Fail("MsalException should be thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual(MsalClientException.DuplicateQueryParameterError, ((MsalException)exc.InnerException).ErrorCode);
}
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public async Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenInteractiveParameters interactiveParameters,
CancellationToken cancellationToken)
{
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.TelemetryCorrelationId);
var requestParams = _publicClientApplication.CreateRequestParameters(
commonParameters,
requestContext,
_publicClientApplication.UserTokenCacheInternal);
requestParams.LoginHint = interactiveParameters.LoginHint;
requestParams.Account = interactiveParameters.Account;
var handler = new InteractiveRequest(
ServiceBundle,
requestParams,
interactiveParameters,
CreateWebAuthenticationDialog(interactiveParameters, requestParams.RequestContext));
return(await handler.RunAsync(cancellationToken).ConfigureAwait(false));
}
/// <summary>
/// Computes the URL of the authorization request letting the user sign-in and consent to the application accessing specific scopes in
/// the user's name. The URL targets the /authorize endpoint of the authority specified as the <paramref name="authority"/> parameter.
/// This override enables you to specify a redirectUri, login hint extra query parameters, extra scope to consent (which are not for the
/// same resource as the <paramref name="scopes"/>), and an authority.
/// </summary>
/// <param name="scopes">Scopes requested to access a protected API (a resource)</param>
/// <param name="redirectUri">Address to return to upon receiving a response from the authority.</param>
/// <param name="loginHint">Identifier of the user. Generally a UPN.</param>
/// <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
/// This is expected to be a string of segments of the form <c>key=value</c> separated by an ampersand character.
/// The parameter can be null.</param>
/// <param name="extraScopesToConsent">Scopes for additional resources (other than the resource for which <paramref name="scopes"/> are requested),
/// which a developer can request the user to consent to upfront.</param>
/// <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
/// <returns>URL of the authorize endpoint including the query parameters.</returns>
public async Task <Uri> GetAuthorizationRequestUrlAsync(IEnumerable <string> scopes, string redirectUri, string loginHint,
string extraQueryParameters, IEnumerable <string> extraScopesToConsent, string authority)
{
GuardMobileFrameworks();
Authority authorityInstance = Instance.Authority.CreateAuthority(ServiceBundle, authority, ValidateAuthority);
var requestParameters = CreateRequestParameters(authorityInstance, scopes, null,
UserTokenCache);
requestParameters.RedirectUri = new Uri(redirectUri);
requestParameters.ClientId = ClientId;
requestParameters.ExtraQueryParameters = extraQueryParameters;
var handler = new InteractiveRequest(
ServiceBundle,
requestParameters,
ApiEvent.ApiIds.None,
extraScopesToConsent,
loginHint,
UIBehavior.SelectAccount,
null);
return(await handler.CreateAuthorizationUriAsync().ConfigureAwait(false));
}
public void NoCacheLookup()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
IWebUI ui = Substitute.For <IWebUI>();
AuthorizationResult ar = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
ui.AcquireAuthorizationAsync(Arg.Any <Uri>(), Arg.Any <Uri>(), Arg.Any <IDictionary <string, string> >(),
Arg.Any <CallState>())
.Returns(ar);
MockHttpMessageHandler mockHandler = new MockHttpMessageHandler();
mockHandler.Method = HttpMethod.Post;
mockHandler.QueryParams = new Dictionary <string, string>()
{
{ "p", "some-policy" }
};
mockHandler.ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage();
HttpMessageHandlerFactory.MockHandler = mockHandler;
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = "some-policy",
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(), TestConstants.DefaultDisplayableId,
UiOptions.SelectAccount, "extra=qp", ui);
Task <AuthenticationResult> task = request.RunAsync();
task.Wait();
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(2, cache.Count);
Assert.AreEqual(result.Token, "some-access-token");
//both cache entry authorities are TestConstants.DefaultAuthorityHomeTenant
foreach (var item in cache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, item.Authority);
}
}
