private async ValueTask <AcsTokenResponse> GetUserAccessToken(Uri target)
{
if (target == null)
{
return(null);
}
var realm = await GetRealm(target);
var resource = SharePointAuthUtils.GetFormattedPrincipal(
SharePointContextConstants.SharePointPrincipal,
target.Authority,
realm);
var clientId = SharePointAuthUtils.GetFormattedPrincipal(
_options.ClientId,
_options.AddInHostName ?? _httpContextAccessor.HttpContext.Request.GetUri().Authority,
realm);
var sharePointContext = GetSharePointContext();
return(await _acsClient.GetUserAccessTokenWithRefreshToken(
clientId,
_options.ClientSecret,
sharePointContext.RefreshToken,
resource,
realm));
}
private void ValidateContextToken(SharePointContextToken spToken)
{
var audience = spToken.Audiences.First();
var realm = _options.Realm ?? spToken.Realm;
var principal = SharePointAuthUtils.GetFormattedPrincipal(
_options.ClientId,
_httpContextAccessor.HttpContext.Request.GetUri().Authority,
realm);
if (!audience.Equals(principal, StringComparison.OrdinalIgnoreCase))
{
throw new SecurityTokenInvalidAudienceException($"{audience} is not the intended audience {principal}");
}
}
private static string GetAcsPrincipalName(string realm) => SharePointAuthUtils.GetFormattedPrincipal(_acsPrincipalName, new Uri(GetAcsGlobalEndpoint()).Host, realm);
