public void AcquireTokenSilentServiceErrorTestAsync()
{
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityCommonTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User, "unique_id",
"*****@*****.**");
cache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "something-invalid",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "some-access-token", DateTimeOffset.UtcNow)
};
AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, cache);
var ex = AssertException.TaskThrows <AdalSilentTokenAcquisitionException>(async() =>
{
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage()
});
await context.AcquireTokenSilentAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, new UserIdentifier("unique_id", UserIdentifierType.UniqueId));
});
Assert.AreEqual(AdalError.FailedToAcquireTokenSilently, ex.ErrorCode);
Assert.AreEqual(AdalErrorMessage.FailedToRefreshToken, ex.Message);
Assert.IsNotNull(ex.InnerException);
Assert.IsTrue(ex.InnerException is AdalException);
Assert.AreEqual(((AdalException)ex.InnerException).ErrorCode, "invalid_grant");
}
public void OBOUserAssertionHashUsernamePassedTest()
{
TokenCache cache = TokenCacheHelper.CreateCacheWithItems();
string someAssertion = "some-assertion-passed-by-developer";
TokenCacheKey key = cache.tokenCacheDictionary.Keys.First();
//update cache entry with hash of an assertion that will not match
cache.tokenCacheDictionary[key].UserAssertionHash =
new CryptographyHelper().CreateSha256Hash(someAssertion);
ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new ClientCredential(TestConstants.DefaultClientSecret), new TokenCache());
app.UserTokenCache = cache;
//this is a fail safe. No call should go on network
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage =
MockHelpers.CreateInvalidGrantTokenResponseMessage()
};
UserAssertion assertion = new UserAssertion(someAssertion, AssertionType, key.DisplayableId);
Task <AuthenticationResult> task = app.AcquireTokenOnBehalfOfAsync(key.Scope.AsArray(),
assertion, key.Authority, TestConstants.DefaultPolicy);
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(key.UniqueId, result.User.UniqueId);
Assert.AreEqual(key.DisplayableId, result.User.DisplayableId);
Assert.AreEqual(HashAccessToken,
cache.tokenCacheDictionary[key].UserAssertionHash);
}
private async Task SilentAsync(
PublicClientApplication app,
ServerTokenResponse serverTokenResponse)
{
var account = (await app.GetAccountsAsync().ConfigureAwait(false)).Single();
// 2 network calls - one for endpoint discovery on the tenanted authority, one to refresh the token
if (!_instanceAndEndpointRequestPerformed)
{
_instanceAndEndpointRequestPerformed = true;
_harness.HttpManager.AddInstanceDiscoveryMockHandler();
}
_harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage =
IsError(serverTokenResponse) ?
MockHelpers.CreateInvalidGrantTokenResponseMessage(GetSubError(serverTokenResponse)) :
MockHelpers.CreateSuccessTokenResponseMessage(
TestConstants.UniqueId,
TestConstants.DisplayableId,
TestConstants.s_scope.ToArray(),
foci: serverTokenResponse == ServerTokenResponse.FociToken)
});
AuthenticationResult resultB = await app.AcquireTokenSilent(TestConstants.s_scope, account)
.WithForceRefresh(true)
.ExecuteAsync()
.ConfigureAwait(false);
Assert.IsNotNull(resultB.AccessToken);
AssertAppMetadata(app, serverTokenResponse == ServerTokenResponse.FociToken);
}
public void AcquireTokenSilentServiceErrorTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems();
MockHttpMessageHandler mockHandler = new MockHttpMessageHandler();
mockHandler.Method = HttpMethod.Post;
mockHandler.ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage();
HttpMessageHandlerFactory.MockHandler = mockHandler;
try
{
Task <AuthenticationResult> task = app.AcquireTokenSilentAsync(TestConstants.ScopeForAnotherResource.ToArray(), TestConstants.DefaultUniqueId);
AuthenticationResult result = task.Result;
Assert.Fail("AdalSilentTokenAcquisitionException was expected");
}
catch (AggregateException ex)
{
Assert.IsNotNull(ex.InnerException);
Assert.IsTrue(ex.InnerException is MsalSilentTokenAcquisitionException);
var msalExc = (MsalSilentTokenAcquisitionException)ex.InnerException;
Assert.AreEqual(MsalError.FailedToAcquireTokenSilently, msalExc.ErrorCode);
Assert.IsNotNull(msalExc.InnerException, "MsalSilentTokenAcquisitionException inner exception is null");
Assert.AreEqual(((MsalException)msalExc.InnerException).ErrorCode, "invalid_grant");
}
}
private static void AddHttpMocks_BadTokenError(MockHttpManager httpManager)
{
httpManager.AddInstanceDiscoveryMockHandler();
var handler = new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage(MsalError.BadToken)
};
httpManager.AddMockHandler(handler);
}
public void AcquireTokenSilentServiceErrorTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId)
{
ValidateAuthority = false
};
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
//populate cache
cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
app.UserTokenCache = cache;
TokenCacheHelper.PopulateCache(cache.TokenCacheAccessor);
MockHttpMessageHandler mockHandler = new MockHttpMessageHandler();
mockHandler.Method = HttpMethod.Post;
mockHandler.ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage();
HttpMessageHandlerFactory.AddMockHandler(mockHandler);
try
{
Task <AuthenticationResult> task =
app.AcquireTokenSilentAsync(TestConstants.ScopeForAnotherResource.ToArray(),
new User()
{
DisplayableId = TestConstants.DisplayableId,
Identifier = TestConstants.UserIdentifier,
}, app.Authority, false);
AuthenticationResult result = task.Result;
Assert.Fail("MsalUiRequiredException was expected");
}
catch (AggregateException ex)
{
Assert.IsNotNull(ex.InnerException);
Assert.IsTrue(ex.InnerException is MsalUiRequiredException);
var msalExc = (MsalUiRequiredException)ex.InnerException;
Assert.AreEqual(msalExc.ErrorCode, MsalUiRequiredException.InvalidGrantError);
}
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
private static void AddTokenResponse(TokenResponseType aadResponse, MockHttpManager httpManager)
{
switch (aadResponse)
{
case TokenResponseType.Valid:
var refreshHandler = new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(
TestConstants.UniqueId,
TestConstants.DisplayableId,
TestConstants.s_scope.ToArray())
};
httpManager.AddMockHandler(refreshHandler);
break;
case TokenResponseType.Invalid_AADUnavailable:
var refreshHandler1 = new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateFailureMessage(
System.Net.HttpStatusCode.GatewayTimeout, "gateway timeout")
};
var refreshHandler2 = new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateFailureMessage(
System.Net.HttpStatusCode.GatewayTimeout, "gateway timeout")
};
// MSAL retries once for errors in the 500 - 600 range
httpManager.AddMockHandler(refreshHandler1);
httpManager.AddMockHandler(refreshHandler2);
break;
case TokenResponseType.Invalid_AADAvailable:
var handler = new MockHttpMessageHandler()
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage()
};
httpManager.AddMockHandler(handler);
break;
default:
throw new NotImplementedException();
}
}
public void ManagedUsernameIncorrectPasswordAcquireTokenTest()
{
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
AddMockResponseforManagedAccounts(httpManager);
var str = new SecureString();
str.AppendChar('y');
str.MakeReadOnly();
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage(),
PostDataObject = new Dictionary <string, object>
{
{ "grant_type", "password" },
{ "username", MsalTestConstants.User.Username },
{ "password", _secureString }
}
});
_cache.ClientId = MsalTestConstants.ClientId;
var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority)
{
UserTokenCache = _cache
};
// Call acquire token
var result = AssertException.TaskThrows <MsalException>(
async() => await app.AcquireTokenByUsernamePasswordAsync(
MsalTestConstants.Scope,
MsalTestConstants.User.Username,
str).ConfigureAwait(false));
// Check error code
Assert.AreEqual(CoreErrorCodes.InvalidGrantError, result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount);
}
}
public void AcquireTokenSilentServiceErrorTest()
{
using (var httpManager = new MockHttpManager())
{
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityUtidTenant);
//populate cache
var tokenCacheHelper = new TokenCacheHelper();
tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor);
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage()
});
try
{
Task <AuthenticationResult> task = app
.AcquireTokenSilent(
TestConstants.s_cacheMissScope,
new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null))
.WithAuthority(app.Authority)
.WithForceRefresh(false)
.ExecuteAsync(CancellationToken.None);
AuthenticationResult result = task.Result;
Assert.Fail("MsalUiRequiredException was expected");
}
catch (AggregateException ex)
{
Assert.IsNotNull(ex.InnerException);
Assert.IsTrue(ex.InnerException is MsalUiRequiredException);
var msalExc = (MsalUiRequiredException)ex.InnerException;
Assert.AreEqual(msalExc.ErrorCode, MsalError.InvalidGrantError);
}
}
}
public async Task ManagedUsernameIncorrectPasswordAcquireTokenTestAsync()
{
using (var httpManager = new MockHttpManager())
{
httpManager.AddInstanceDiscoveryMockHandler();
AddMockResponseforManagedAccounts(httpManager);
var str = new SecureString();
str.AppendChar('y');
str.MakeReadOnly();
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage(),
ExpectedPostDataObject = new Dictionary <string, object>
{
{ "grant_type", "password" },
{ "username", TestConstants.s_user.Username },
{ "password", _secureString }
}
});
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs)
.WithHttpManager(httpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
// Call acquire token
MsalUiRequiredException result = await Assert.ThrowsExceptionAsync <MsalUiRequiredException>(
() => app.AcquireTokenByUsernamePassword(
TestConstants.s_scope,
TestConstants.s_user.Username,
str).ExecuteAsync(CancellationToken.None)).ConfigureAwait(false);
// Check error code
Assert.AreEqual(MsalError.InvalidGrantError, result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, app.UserTokenCacheInternal.Accessor.GetAllAccessTokens().Count());
}
}
public async Task AuthorityMigrationTestAsync()
{
// make sure that for all network calls "preferred_cache" environment is used
// (it is taken from metadata in instance discovery response),
// except very first network call - instance discovery
using (var httpManager = new MockHttpManager())
{
var authorityUri = new Uri(
string.Format(
CultureInfo.InvariantCulture,
"https://{0}/common",
TestConstants.ProductionNotPrefEnvironmentAlias));
httpManager.AddInstanceDiscoveryMockHandler(authorityUri.AbsoluteUri);
PublicClientApplication app = PublicClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority(authorityUri, true)
.WithHttpManager(httpManager)
.WithUserTokenLegacyCachePersistenceForTest(new TestLegacyCachePersistance())
.WithTelemetry(new TraceTelemetryConfig())
.WithDebugLoggingCallback()
.BuildConcrete();
// mock for openId config request
httpManager.AddMockHandler(new MockHttpMessageHandler
{
ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/common/v2.0/.well-known/openid-configuration",
TestConstants.ProductionPrefNetworkEnvironment),
ExpectedMethod = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
// mock webUi authorization
MsalMockHelpers.ConfigureMockWebUI(
app.ServiceBundle.PlatformProxy,
AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code"), null, TestConstants.ProductionPrefNetworkEnvironment);
// mock token request
httpManager.AddMockHandler(new MockHttpMessageHandler
{
ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/home/oauth2/v2.0/token",
TestConstants.ProductionPrefNetworkEnvironment),
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = app.AcquireTokenInteractive(TestConstants.s_scope).ExecuteAsync(CancellationToken.None).Result;
// make sure that all cache entities are stored with "preferred_cache" environment
// (it is taken from metadata in instance discovery response)
await ValidateCacheEntitiesEnvironmentAsync(app.UserTokenCacheInternal, TestConstants.ProductionPrefCacheEnvironment).ConfigureAwait(false);
// silent request targeting at, should return at from cache for any environment alias
foreach (var envAlias in TestConstants.s_prodEnvAliases)
{
result = await app
.AcquireTokenSilent(
TestConstants.s_scope,
app.GetAccountsAsync().Result.First())
.WithAuthority(string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/", envAlias, TestConstants.Utid))
.WithForceRefresh(false)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsNotNull(result);
}
// mock for openId config request for tenant specific authority
httpManager.AddMockHandler(new MockHttpMessageHandler
{
ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/v2.0/.well-known/openid-configuration",
TestConstants.ProductionPrefNetworkEnvironment, TestConstants.Utid),
ExpectedMethod = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityUtidTenant)
});
// silent request targeting rt should find rt in cache for authority with any environment alias
foreach (var envAlias in TestConstants.s_prodEnvAliases)
{
result = null;
httpManager.AddMockHandler(new MockHttpMessageHandler()
{
ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/oauth2/v2.0/token",
TestConstants.ProductionPrefNetworkEnvironment, TestConstants.Utid),
ExpectedMethod = HttpMethod.Post,
ExpectedPostData = new Dictionary <string, string>()
{
{ "grant_type", "refresh_token" }
},
// return not retriable status code
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage()
});
try
{
result = await app
.AcquireTokenSilent(
TestConstants.s_scopeForAnotherResource,
(await app.GetAccountsAsync().ConfigureAwait(false)).First())
.WithAuthority(string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/", envAlias, TestConstants.Utid))
.WithForceRefresh(false)
.ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
}
catch (MsalUiRequiredException)
{
}
catch (Exception)
{
Assert.Fail();
}
Assert.IsNull(result);
}
}
}
public void AuthorityMigration_IntegrationTest()
{
// make sure that for all network calls "preferred_cache" environment is used
// (it is taken from metadata in instance discovery response),
// except very first network call - instance discovery
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
TestInitialize(httpManager);
PublicClientApplication app = new PublicClientApplication(
serviceBundle,
MsalTestConstants.ClientId,
string.Format(
CultureInfo.InvariantCulture,
"https://{0}/common",
MsalTestConstants.ProductionNotPrefEnvironmentAlias))
{
UserTokenCache =
{
LegacyCachePersistence = new TestLegacyCachePersistance()
}
};
// mock for openId config request
httpManager.AddMockHandler(new MockHttpMessageHandler
{
Url = string.Format(CultureInfo.InvariantCulture, "https://{0}/common/v2.0/.well-known/openid-configuration",
MsalTestConstants.ProductionPrefNetworkEnvironment),
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(MsalTestConstants.AuthorityHomeTenant)
});
// mock webUi authorization
MsalMockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"), null, MsalTestConstants.ProductionPrefNetworkEnvironment);
// mock token request
httpManager.AddMockHandler(new MockHttpMessageHandler
{
Url = string.Format(CultureInfo.InvariantCulture, "https://{0}/home/oauth2/v2.0/token",
MsalTestConstants.ProductionPrefNetworkEnvironment),
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = app.AcquireTokenAsync(MsalTestConstants.Scope).Result;
// make sure that all cache entities are stored with "preferred_cache" environment
// (it is taken from metadata in instance discovery response)
ValidateCacheEntitiesEnvironment(app.UserTokenCache, MsalTestConstants.ProductionPrefCacheEnvironment);
// silent request targeting at, should return at from cache for any environment alias
foreach (var envAlias in MsalTestConstants.ProdEnvAliases)
{
result = app.AcquireTokenSilentAsync(MsalTestConstants.Scope,
app.GetAccountsAsync().Result.First(),
string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/", envAlias, MsalTestConstants.Utid),
false).Result;
Assert.IsNotNull(result);
}
// mock for openId config request for tenant spesific authority
httpManager.AddMockHandler(new MockHttpMessageHandler
{
Url = string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/v2.0/.well-known/openid-configuration",
MsalTestConstants.ProductionPrefNetworkEnvironment, MsalTestConstants.Utid),
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(MsalTestConstants.AuthorityUtidTenant)
});
// silent request targeting rt should find rt in cahce for authority with any environment alias
foreach (var envAlias in MsalTestConstants.ProdEnvAliases)
{
httpManager.AddMockHandler(new MockHttpMessageHandler()
{
Url = string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/oauth2/v2.0/token",
MsalTestConstants.ProductionPrefNetworkEnvironment, MsalTestConstants.Utid),
Method = HttpMethod.Post,
PostData = new Dictionary <string, string>()
{
{ "grant_type", "refresh_token" }
},
// return not retriable status code
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage()
});
try
{
result = null;
result = app.AcquireTokenSilentAsync(MsalTestConstants.ScopeForAnotherResource,
app.GetAccountsAsync().Result.First(),
string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/", envAlias, MsalTestConstants.Utid),
false).Result;
}
catch (AggregateException ex)
{
Assert.IsNotNull(ex.InnerException);
Assert.IsTrue(ex.InnerException is MsalUiRequiredException);
}
Assert.IsNull(result);
}
}
}
public async Task AuthorityMigrationTestAsync()
{
// make sure that for all network calls "preferred_cache" environment is used
// (it is taken from metadata in instance discovery response),
// except very first network call - instance discovery
using var harness = base.CreateTestHarness();
var httpManager = harness.HttpManager;
var authorityUri = new Uri(
string.Format(
CultureInfo.InvariantCulture,
"https://{0}/common",
TestConstants.ProductionNotPrefEnvironmentAlias));
httpManager.AddInstanceDiscoveryMockHandler(authorityUri.AbsoluteUri);
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(authorityUri, validateAuthority: true)
.WithHttpManager(httpManager)
.WithDebugLoggingCallback()
.BuildConcrete();
InMemoryTokenCache cache = new InMemoryTokenCache();
cache.Bind(app.UserTokenCache);
app.ServiceBundle.ConfigureMockWebUI(
AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code"),
null,
TestConstants.ProductionPrefNetworkEnvironment);
// mock token request
httpManager.AddMockHandler(new MockHttpMessageHandler
{
ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/common/oauth2/v2.0/token",
TestConstants.ProductionPrefNetworkEnvironment),
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = await app.AcquireTokenInteractive(TestConstants.s_scope).ExecuteAsync().ConfigureAwait(false);
// make sure that all cache entities are stored with "preferred_cache" environment
// (it is taken from metadata in instance discovery response)
ValidateCacheEntitiesEnvironment(app.UserTokenCacheInternal, TestConstants.ProductionPrefCacheEnvironment);
// silent request targeting at, should return at from cache for any environment alias
foreach (var envAlias in TestConstants.s_prodEnvAliases)
{
var app2 = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority($"https://{envAlias}/common", validateAuthority: true)
.WithHttpManager(httpManager)
.WithDebugLoggingCallback()
.BuildConcrete();
cache.Bind(app2.UserTokenCache);
IEnumerable <IAccount> accounts = await app.GetAccountsAsync().ConfigureAwait(false);
result = await app2.AcquireTokenSilent(TestConstants.s_scope, accounts.First())
.WithAuthority(string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/", envAlias, TestConstants.Utid))
.WithForceRefresh(false)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
Assert.IsNotNull(result);
}
// silent request targeting rt should find rt in cache for authority with any environment alias
foreach (var envAlias in TestConstants.s_prodEnvAliases)
{
result = null;
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedUrl = string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/oauth2/v2.0/token",
TestConstants.ProductionPrefNetworkEnvironment, TestConstants.Utid),
ExpectedMethod = HttpMethod.Post,
ExpectedPostData = new Dictionary <string, string>
{
{ "grant_type", "refresh_token" }
},
// return not retriable status code
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage()
});
try
{
var app3 = PublicClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithAuthority($"https://{envAlias}/common", true)
.WithHttpManager(httpManager)
.WithDebugLoggingCallback()
.BuildConcrete();
cache.Bind(app3.UserTokenCache);
result = await app3
.AcquireTokenSilent(
TestConstants.s_scopeForAnotherResource,
(await app.GetAccountsAsync().ConfigureAwait(false)).First())
.WithAuthority(string.Format(CultureInfo.InvariantCulture, "https://{0}/{1}/", envAlias, TestConstants.Utid))
.WithForceRefresh(false)
.ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
}
catch (MsalUiRequiredException)
{
}
Assert.IsNull(result);
}
}