/// <summary>
/// Generates a "personal access token" or service specific, usage resticted access token.
/// </summary>
/// <param name="targetUri">
/// The target resource for which to acquire the personal access token for.
/// </param>
/// <param name="accessToken">
/// Azure Directory access token with privileges to grant access to the target resource.
/// </param>
/// <param name="requestCompactToken">
/// Generates a compact token if <see langword="true"/>; generates a self describing token if <see langword="false"/>.
/// </param>
/// <returns><see langword="true"/> if successful; <see langword="false"/> otherwise.</returns>
protected async Task <Credential> GeneratePersonalAccessToken(
TargetUri targetUri,
Token accessToken,
bool requestCompactToken)
{
BaseSecureStore.ValidateTargetUri(targetUri);
if (ReferenceEquals(accessToken, null))
{
throw new ArgumentNullException(nameof(accessToken));
}
Credential credential = null;
Token personalAccessToken;
if ((personalAccessToken = await VstsAuthority.GeneratePersonalAccessToken(targetUri, accessToken, TokenScope, requestCompactToken)) != null)
{
credential = (Credential)personalAccessToken;
Git.Trace.WriteLine($"personal access token created for '{targetUri}'.");
PersonalAccessTokenStore.WriteCredentials(targetUri, credential);
}
return(credential);
}
/// <summary>
/// Generates a "personal access token" or service specific, usage restricted access token.
/// <para/>
/// Returns a "personal access token" for the user if successful; otherwise `<see langword="null"/>`.
/// </summary>
/// <param name="targetUri">The target resource for which to acquire the personal access token for.</param>
/// <param name="accessToken">Azure Directory access token with privileges to grant access to the target resource.</param>
/// <param name="options">Set of options related to generation of personal access tokens.</param>
protected async Task <Credential> GeneratePersonalAccessToken(
TargetUri targetUri,
Token accessToken,
PersonalAccessTokenOptions options)
{
BaseSecureStore.ValidateTargetUri(targetUri);
if (accessToken is null)
{
throw new ArgumentNullException(nameof(accessToken));
}
VstsTokenScope requestedScope = TokenScope;
if (options.TokenScope != null)
{
// Take the intersection of the authority scope and the requested scope
requestedScope &= options.TokenScope;
// If the result of the intersection is none, then fail
if (string.IsNullOrWhiteSpace(requestedScope.Value))
{
throw new InvalidOperationException("Invalid scope requested. Requested scope would result in no access privileges.");
}
}
Credential credential = null;
Token personalAccessToken;
if ((personalAccessToken = await VstsAuthority.GeneratePersonalAccessToken(targetUri, accessToken, requestedScope, options.RequireCompactToken, options.TokenDuration)) != null)
{
credential = (Credential)personalAccessToken;
Git.Trace.WriteLine($"personal access token created for '{targetUri}'.");
try
{
PersonalAccessTokenStore.WriteCredentials(targetUri, credential);
}
catch (Exception exception)
{
System.Diagnostics.Debug.WriteLine(exception);
Git.Trace.WriteLine($"failed to write credentials to the secure store: {exception.GetType().Name}.");
}
}
return(credential);
}
/// <summary>
/// Opens an interactive logon prompt to acquire an authentication token from the Microsoft Live authentication and identity service.
/// <para/>
/// Returns a `<see cref="Credential"/>` for packing into a basic authentication header; otherwise `<see langword="null"/>`.
/// </summary>
/// <param name="targetUri">
/// The uniform resource indicator of the resource access tokens are being requested for.
/// </param>
/// <param name="options"></param>
public async Task <Credential> InteractiveLogon(TargetUri targetUri, PersonalAccessTokenOptions options)
{
BaseSecureStore.ValidateTargetUri(targetUri);
try
{
Token token;
if ((token = await VstsAuthority.InteractiveAcquireToken(targetUri, ClientId, Resource, new Uri(RedirectUrl), QueryParameters)) != null)
{
Trace.WriteLine($"token '{targetUri}' successfully acquired.");
return(await GeneratePersonalAccessToken(targetUri, token, options));
}
}
catch (AdalException exception)
{
Debug.Write(exception);
}
Trace.WriteLine($"failed to acquire token for '{targetUri}'.");
return(null);
}
public async Task <Credential> NoninteractiveLogon(TargetUri targetUri, bool requestCompactToken)
{
BaseSecureStore.ValidateTargetUri(targetUri);
try
{
Token token;
if ((token = await VstsAuthority.NoninteractiveAcquireToken(targetUri, ClientId, Resource, new Uri(RedirectUrl))) != null)
{
Trace.WriteLine($"token acquisition for '{targetUri}' succeeded");
return(await GeneratePersonalAccessToken(targetUri, token, requestCompactToken));
}
}
catch (AdalException)
{
Trace.WriteLine($"failed to acquire for '{targetUri}' token from VstsAuthority.");
}
Trace.WriteLine($"non-interactive logon for '{targetUri}' failed");
return(null);
}
/// <summary>
/// <para>
/// Creates an interactive logon session, using ADAL secure browser GUI, which enables users
/// to authenticate with the Azure tenant and acquire the necessary access tokens to exchange
/// for a VSTS personal access token.
/// </para>
/// <para>Tokens acquired are stored in the secure secret stores provided during initialization.</para>
/// </summary>
/// <param name="targetUri">
/// The unique identifier for the resource for which access is to be acquired.
/// </param>
/// <param name="requestCompactToken">
/// <para>
/// Requests a compact format personal access token; otherwise requests a standard personal
/// access token.
/// </para>
/// <para>
/// Compact tokens are necessary for clients which have restrictions on the size of the basic
/// authentication header which they can create (example: Git).
/// </para>
/// </param>
/// <returns>
/// A <see cref="Credential"/> for packing into a basic authentication header; otherwise <see langword="null"/>.
/// </returns>
public async Task <Credential> InteractiveLogon(TargetUri targetUri, PersonalAccessTokenOptions options)
{
BaseSecureStore.ValidateTargetUri(targetUri);
try
{
Token token;
if ((token = await VstsAuthority.InteractiveAcquireToken(targetUri, ClientId, Resource, new Uri(RedirectUrl), null)) != null)
{
Git.Trace.WriteLine($"token acquisition for '{targetUri}' succeeded.");
return(await GeneratePersonalAccessToken(targetUri, token, options));
}
}
catch (AdalException)
{
Git.Trace.WriteLine($"token acquisition for '{targetUri}' failed.");
}
Git.Trace.WriteLine($"interactive logon for '{targetUri}' failed");
return(null);
}
/// <summary>
/// Generates a "personal access token" or service specific, usage restricted access token.
/// <para/>
/// Returns `<see langword="true"/>` if successful; `<see langword="false"/>` otherwise.
/// </summary>
/// <param name="targetUri">The target resource for which to acquire the personal access token for.</param>
/// <param name="accessToken">Azure Directory access token with privileges to grant access to the target resource.</param>
/// <param name="requestCompactToken">Generates a compact token if `<see langword="true"/>`; generates a self describing token if `<see langword="false"/>`.</param>
protected async Task <Credential> GeneratePersonalAccessToken(
TargetUri targetUri,
Token accessToken,
bool requestCompactToken)
{
BaseSecureStore.ValidateTargetUri(targetUri);
if (accessToken is null)
{
throw new ArgumentNullException(nameof(accessToken));
}
Credential credential = null;
Token personalAccessToken;
if ((personalAccessToken = await VstsAuthority.GeneratePersonalAccessToken(targetUri, accessToken, TokenScope, requestCompactToken)) != null)
{
credential = (Credential)personalAccessToken;
Trace.WriteLine($"personal access token created for '{targetUri}'.");
try
{
await PersonalAccessTokenStore.WriteCredentials(targetUri, credential);
}
catch (Exception exception)
{
System.Diagnostics.Debug.WriteLine(exception);
Trace.WriteLine($"failed to write credentials to the secure store.");
Trace.WriteException(exception);
}
}
return(credential);
}
/// <summary>
/// Validates that a set of credentials grants access to the target resource.
/// <para/>
/// Returns `<see langword="true"/>` if successful; otherwise `<see langword="false"/>`.
/// </summary>
/// <param name="targetUri">The target resource to validate against.</param>
/// <param name="credentials">The credentials to validate.</param>
public async Task <bool> ValidateCredentials(TargetUri targetUri, Credential credentials)
{
return(await VstsAuthority.ValidateCredentials(targetUri, credentials));
}
