private async Task AcquireTokenWithDeviceCodeFlowAsync(LabResponse labResponse, string userType)
{
Trace.WriteLine($"Calling AcquireTokenWithDeviceCodeAsync with {0}", userType);
var builder = PublicClientApplicationBuilder.Create(labResponse.App.AppId).WithTestLogging();
switch (labResponse.User.AzureEnvironment)
{
case AzureEnvironment.azureusgovernment:
builder.WithAuthority(labResponse.Lab.Authority + labResponse.Lab.TenantId);
break;
default:
break;
}
var pca = builder.Build();
var userCacheAccess = pca.UserTokenCache.RecordAccess();
var result = await pca.AcquireTokenWithDeviceCode(s_scopes, deviceCodeResult =>
{
SeleniumExtensions.PerformDeviceCodeLogin(deviceCodeResult, labResponse.User, TestContext, false);
return(Task.FromResult(0));
}).ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
Trace.WriteLine("Running asserts");
userCacheAccess.AssertAccessCounts(0, 1);
Assert.IsFalse(userCacheAccess.LastAfterAccessNotificationArgs.IsApplicationCache);
Assert.IsNotNull(result);
Assert.IsTrue(!string.IsNullOrEmpty(result.AccessToken));
}
[Ignore] // Failing sporadically https://identitydivision.visualstudio.com/Engineering/_workitems/edit/1045664
public async Task SilentAuth_MsaUser_ForceRefresh_Async()
{
var labResponse = await LabUserHelper.GetMsaUserAsync().ConfigureAwait(false);
pca = PublicClientApplicationBuilder
.Create(LabApiConstants.MSAOutlookAccountClientID)
.WithTestLogging()
.WithAuthority(AadAuthorityAudience.PersonalMicrosoftAccount)
.Build();
Trace.WriteLine("Part 1 - Acquire a token with device code with msa user");
AuthenticationResult authResult = await pca.AcquireTokenWithDeviceCode(s_scopes, deviceCodeResult =>
{
SeleniumExtensions.PerformDeviceCodeLogin(
deviceCodeResult,
labResponse.User,
TestContext,
false);
return(Task.FromResult(0));
}).ExecuteAsync()
.ConfigureAwait(false);
await ValidateAuthResultAsync(authResult, labResponse).ConfigureAwait(false);
}
[Timeout(2 * 60 * 1000)] // 2 min timeout
public async Task DeviceCodeFlowAdfsTestAsync()
{
UserQuery query = new UserQuery
{
FederationProvider = FederationProvider.ADFSv2019,
IsMamUser = false,
IsMfaUser = false,
IsFederatedUser = true
};
LabResponse labResponse = await LabUserHelper.GetLabUserDataAsync(query).ConfigureAwait(false);
Trace.WriteLine("Calling AcquireTokenWithDeviceCodeAsync");
PublicClientApplication pca = PublicClientApplicationBuilder.Create(Adfs2019LabConstants.PublicClientId)
.WithRedirectUri(Adfs2019LabConstants.ClientRedirectUri)
.WithAdfsAuthority(Adfs2019LabConstants.Authority)
.BuildConcrete();
var result = await pca.AcquireTokenWithDeviceCode(s_scopes, deviceCodeResult =>
{
SeleniumExtensions.PerformDeviceCodeLogin(deviceCodeResult, labResponse.User, TestContext, true);
return(Task.FromResult(0));
}).ExecuteAsync().ConfigureAwait(false);
Trace.WriteLine("Running asserts");
Assert.IsNotNull(result);
Assert.IsTrue(!string.IsNullOrEmpty(result.AccessToken));
}
private async Task KerberosAcquireTokenWithDeviceCodeFlowAsync(LabResponse labResponse, string userType, KerberosTicketContainer ticketContainer)
{
Trace.WriteLine($"Calling KerberosAcquireTokenWithDeviceCodeFlowAsync with {0}", userType);
var builder = PublicClientApplicationBuilder.Create(labResponse.App.AppId)
.WithTestLogging()
.WithTenantId(labResponse.Lab.TenantId)
.WithClientId(TestConstants.KerberosTestApplicationId)
.WithKerberosTicketClaim(TestConstants.KerberosServicePrincipalName, ticketContainer);
switch (labResponse.User.AzureEnvironment)
{
case AzureEnvironment.azureusgovernment:
builder.WithAuthority(labResponse.Lab.Authority + labResponse.Lab.TenantId);
break;
default:
break;
}
var pca = builder.Build();
var userCacheAccess = pca.UserTokenCache.RecordAccess();
var result = await pca.AcquireTokenWithDeviceCode(s_scopes, deviceCodeResult =>
{
SeleniumExtensions.PerformDeviceCodeLogin(deviceCodeResult, labResponse.User, TestContext, false);
return(Task.FromResult(0));
}).ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
Trace.WriteLine("Running asserts");
userCacheAccess.AssertAccessCounts(0, 1);
Assert.IsFalse(userCacheAccess.LastAfterAccessNotificationArgs.IsApplicationCache);
Assert.IsNotNull(result);
Assert.IsTrue(!string.IsNullOrEmpty(result.AccessToken));
KerberosSupplementalTicket ticket = TestCommon.GetValidatedKerberosTicketFromAuthenticationResult(
result,
ticketContainer,
labResponse.User.Upn);
Assert.IsNotNull(ticket);
TestCommon.ValidateKerberosWindowsTicketCacheOperation(ticket);
}
[Timeout(2 * 60 * 1000)] // 2 min timeout
public async Task DeviceCodeFlowTestAsync()
{
LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
Trace.WriteLine("Calling AcquireTokenWithDeviceCodeAsync");
var pca = PublicClientApplicationBuilder.Create(labResponse.AppId).Build();
var userCacheAccess = pca.UserTokenCache.RecordAccess();
var result = await pca.AcquireTokenWithDeviceCode(s_scopes, deviceCodeResult =>
{
SeleniumExtensions.PerformDeviceCodeLogin(deviceCodeResult, labResponse.User, TestContext, false);
return(Task.FromResult(0));
}).ExecuteAsync(CancellationToken.None).ConfigureAwait(false);
Trace.WriteLine("Running asserts");
userCacheAccess.AssertAccessCounts(0, 1);
Assert.IsNotNull(result);
Assert.IsTrue(!string.IsNullOrEmpty(result.AccessToken));
}
public async Task FociSingInSignOutAsync()
{
LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
LabUser user = labResponse.User;
string cacheFilePath = null;
try
{
cacheFilePath = Path.GetTempFileName();
CreateFamilyApps(labResponse, cacheFilePath, out IPublicClientApplication pca_fam1, out IPublicClientApplication pca_fam2, out IPublicClientApplication pca_nonFam);
var userCacheAccess1 = pca_fam1.UserTokenCache.RecordAccess();
var userCacheAccess2 = pca_fam2.UserTokenCache.RecordAccess();
var userCacheAccess3 = pca_nonFam.UserTokenCache.RecordAccess();
Trace.WriteLine("Get a token interactively with an app from the family.");
AuthenticationResult authResult = await pca_fam1.AcquireTokenWithDeviceCode(s_scopes, deviceCodeResult =>
{
SeleniumExtensions.PerformDeviceCodeLogin(
deviceCodeResult,
labResponse.User,
TestContext,
false);
return(Task.FromResult(0));
}).ExecuteAsync()
.ConfigureAwait(false);
MsalAssert.AssertAuthResult(authResult, user);
userCacheAccess1.AssertAccessCounts(0, 1);
userCacheAccess2.AssertAccessCounts(0, 0);
userCacheAccess3.AssertAccessCounts(0, 0);
Trace.WriteLine("Get a token silently with another app from the family.");
authResult = await pca_fam2.AcquireTokenSilent(s_scopes, user.Upn)
.ExecuteAsync()
.ConfigureAwait(false);
MsalAssert.AssertAuthResult(authResult, user);
userCacheAccess1.AssertAccessCounts(0, 1);
userCacheAccess2.AssertAccessCounts(1, 1); // a write occurs because appA does not have an AT, so it needs to refresh the FRT
userCacheAccess3.AssertAccessCounts(0, 0);
Trace.WriteLine("Apps that are not part of the family cannot get tokens this way.");
await AssertException.TaskThrowsAsync <MsalUiRequiredException>(() => pca_nonFam
.AcquireTokenSilent(s_scopes, user.Upn)
.ExecuteAsync())
.ConfigureAwait(false);
userCacheAccess1.AssertAccessCounts(0, 1);
userCacheAccess2.AssertAccessCounts(1, 1);
userCacheAccess3.AssertAccessCounts(1, 0);
Trace.WriteLine("Sing-out from one app - sign out of all apps in the family");
System.Collections.Generic.IEnumerable <IAccount> accounts = await pca_fam1.GetAccountsAsync().ConfigureAwait(false);
await pca_fam1.RemoveAsync(accounts.Single()).ConfigureAwait(false);
System.Collections.Generic.IEnumerable <IAccount> acc2 = await pca_fam2.GetAccountsAsync().ConfigureAwait(false);
Assert.IsFalse(acc2.Any());
}
finally
{
if (cacheFilePath != null && File.Exists(cacheFilePath))
{
File.Delete(cacheFilePath);
}
}
}
