private async ValueTask <AcsTokenResponse> GetUserAccessToken(Uri target) { if (target == null) { return(null); } var realm = await GetRealm(target); var resource = SharePointAuthUtils.GetFormattedPrincipal( SharePointContextConstants.SharePointPrincipal, target.Authority, realm); var clientId = SharePointAuthUtils.GetFormattedPrincipal( _options.ClientId, _options.AddInHostName ?? _httpContextAccessor.HttpContext.Request.GetUri().Authority, realm); var sharePointContext = GetSharePointContext(); return(await _acsClient.GetUserAccessTokenWithRefreshToken( clientId, _options.ClientSecret, sharePointContext.RefreshToken, resource, realm)); }
private void ValidateContextToken(SharePointContextToken spToken) { var audience = spToken.Audiences.First(); var realm = _options.Realm ?? spToken.Realm; var principal = SharePointAuthUtils.GetFormattedPrincipal( _options.ClientId, _httpContextAccessor.HttpContext.Request.GetUri().Authority, realm); if (!audience.Equals(principal, StringComparison.OrdinalIgnoreCase)) { throw new SecurityTokenInvalidAudienceException($"{audience} is not the intended audience {principal}"); } }
private static string GetAcsPrincipalName(string realm) => SharePointAuthUtils.GetFormattedPrincipal(_acsPrincipalName, new Uri(GetAcsGlobalEndpoint()).Host, realm);