public static TokenCache CreateCacheWithItems()
{
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.ScopeSet = TestConstants.DefaultScope;
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
key = new TokenCacheKey(TestConstants.DefaultAuthorityGuestTenant,
TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId + "more", TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId + "more",
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.ScopeSet = TestConstants.ScopeForAnotherResource;
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
return cache;
}
public void LoadFromCacheExpiredToken()
{
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(), new DateTimeOffset(DateTime.UtcNow));
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
AuthenticationResultEx resultEx = cache.LoadFromCache(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUser,
TestConstants.DefaultPolicy, null);
Assert.IsNotNull(resultEx);
Assert.IsNotNull(resultEx.Result);
Assert.IsNull(resultEx.Result.Token);
Assert.AreEqual(resultEx.RefreshToken, "someRT");
}
public void StoreToCacheNewUserRestrictToSingleUserTrueTest()
{
var tokenCache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
tokenCache.tokenCacheDictionary[key] = ex;
var result = new AuthenticationResult("Bearer", "some-access-token",
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)))
{
User =
new User
{
UniqueId = TestConstants.DefaultUniqueId+"more",
DisplayableId = TestConstants.DefaultDisplayableId
},
ScopeSet = new HashSet<string>(new string[] { "r1/scope5", "r1/scope7" })
};
AuthenticationResultEx resultEx = new AuthenticationResultEx
{
Result = result,
RefreshToken = "someRT"
};
try
{
tokenCache.StoreToCache(resultEx, TestConstants.DefaultAuthorityGuestTenant, TestConstants.DefaultClientId,
TestConstants.DefaultPolicy, true, null);
Assert.Fail("MsalException should be thrown here");
}
catch (MsalException me)
{
Assert.AreEqual(MsalError.InvalidCacheOperation, me.ErrorCode);
Assert.AreEqual("Cannot add more than 1 user with a different unique id when RestrictToSingleUser is set to TRUE.", me.Message);
}
}
private AuthenticationResultEx CreateResultExFromCacheResultEx(TokenCacheKey key, AuthenticationResultEx resultEx)
{
var newResultEx = new AuthenticationResultEx
{
Result = new AuthenticationResult(null, null, DateTimeOffset.MinValue)
{
ScopeSet = new HashSet<string>(resultEx.Result.ScopeSet.ToArray())
},
RefreshToken = resultEx.RefreshToken,
};
newResultEx.Result.UpdateTenantAndUser(resultEx.Result.TenantId, resultEx.Result.IdToken,
resultEx.Result.User);
if (newResultEx.Result.User != null)
{
newResultEx.Result.User.Authority = key.Authority;
newResultEx.Result.User.ClientId = key.ClientId;
newResultEx.Result.User.TokenCache = this;
}
return newResultEx;
}
public AuthenticationResultEx GetResultEx()
{
AuthenticationResultEx resultEx = null;
if (!string.IsNullOrEmpty(this.AccessToken) || !string.IsNullOrEmpty(this.IdToken))
{
DateTimeOffset accessTokenExpiresOn = DateTime.UtcNow + TimeSpan.FromSeconds(this.ExpiresIn);
DateTimeOffset idTokenExpiresOn = DateTime.UtcNow + TimeSpan.FromSeconds(this.IdTokenExpiresIn);
AuthenticationResult result = null;
if (!string.IsNullOrEmpty(this.AccessToken))
{
result = new AuthenticationResult(this.TokenType, this.AccessToken, accessTokenExpiresOn);
}
else
{
result = new AuthenticationResult(this.TokenType, this.IdToken, idTokenExpiresOn);
}
result.FamilyId = FamilyId;
IdToken idToken = Internal.IdToken.Parse(this.IdToken);
if (idToken != null)
{
string tenantId = idToken.TenantId;
string uniqueId = null;
if (!string.IsNullOrWhiteSpace(idToken.ObjectId))
{
uniqueId = idToken.ObjectId;
}
else if (!string.IsNullOrWhiteSpace(idToken.Subject))
{
uniqueId = idToken.Subject;
}
if (string.IsNullOrWhiteSpace(idToken.HomeObjectId))
{
idToken.HomeObjectId = uniqueId;
}
result.UpdateTenantAndUser(tenantId, this.IdToken,
new User
{
UniqueId = uniqueId,
DisplayableId = idToken.PreferredUsername,
HomeObjectId = idToken.HomeObjectId,
Name = idToken.Name,
IdentityProvider = idToken.Issuer
});
}
result.ScopeSet = Scope.AsSet();
resultEx = new AuthenticationResultEx
{
Result = result,
RefreshToken = this.RefreshToken
};
}
else if (this.Error != null)
{
throw new MsalServiceException(this.Error, this.ErrorDescription);
}
else
{
throw new MsalServiceException(MsalError.Unknown, MsalErrorMessage.Unknown);
}
return(resultEx);
}
public void NoCacheLookup()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
IWebUI ui = Substitute.For<IWebUI>();
AuthorizationResult ar = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
ui.AcquireAuthorizationAsync(Arg.Any<Uri>(), Arg.Any<Uri>(), Arg.Any<IDictionary<string, string>>(),
Arg.Any<CallState>())
.Returns(ar);
MockHttpMessageHandler mockHandler = new MockHttpMessageHandler();
mockHandler.Method = HttpMethod.Post;
mockHandler.QueryParams = new Dictionary<string, string>() {{"p", "some-policy"}};
mockHandler.ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage();
HttpMessageHandlerFactory.MockHandler = mockHandler;
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = "some-policy",
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(), TestConstants.DefaultDisplayableId,
UiOptions.SelectAccount, "extra=qp", ui);
Task<AuthenticationResult> task = request.RunAsync();
task.Wait();
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(2, cache.Count);
Assert.AreEqual(result.Token, "some-access-token");
//both cache entry authorities are TestConstants.DefaultAuthorityHomeTenant
foreach (var item in cache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, item.Authority);
}
}
public AuthenticationResultEx GetResultEx()
{
AuthenticationResultEx resultEx = null;
if (!string.IsNullOrEmpty(this.AccessToken) || !string.IsNullOrEmpty(this.IdToken))
{
DateTimeOffset accessTokenExpiresOn = DateTime.UtcNow + TimeSpan.FromSeconds(this.ExpiresIn);
DateTimeOffset idTokenExpiresOn = DateTime.UtcNow + TimeSpan.FromSeconds(this.IdTokenExpiresIn);
AuthenticationResult result = null;
if (!string.IsNullOrEmpty(this.AccessToken))
{
result = new AuthenticationResult(this.TokenType, this.AccessToken, accessTokenExpiresOn);
}
else
{
result = new AuthenticationResult(this.TokenType, this.IdToken, idTokenExpiresOn);
}
result.FamilyId = FamilyId;
IdToken idToken = Internal.IdToken.Parse(this.IdToken);
if (idToken != null)
{
string tenantId = idToken.TenantId;
string uniqueId = null;
if (!string.IsNullOrWhiteSpace(idToken.ObjectId))
{
uniqueId = idToken.ObjectId;
}
else if (!string.IsNullOrWhiteSpace(idToken.Subject))
{
uniqueId = idToken.Subject;
}
if (string.IsNullOrWhiteSpace(idToken.HomeObjectId))
{
idToken.HomeObjectId = uniqueId;
}
result.UpdateTenantAndUser(tenantId, this.IdToken,
new User
{
UniqueId = uniqueId,
DisplayableId = idToken.PreferredUsername,
HomeObjectId = idToken.HomeObjectId,
Name = idToken.Name,
IdentityProvider = idToken.Issuer
});
}
result.ScopeSet = Scope.AsSet();
resultEx = new AuthenticationResultEx
{
Result = result,
RefreshToken = this.RefreshToken
};
}
else if (this.Error != null)
{
throw new MsalServiceException(this.Error, this.ErrorDescription);
}
else
{
throw new MsalServiceException(MsalError.Unknown, MsalErrorMessage.Unknown);
}
return resultEx;
}
private static bool AreAuthenticationResultExsEqual(AuthenticationResultEx resultEx1,
AuthenticationResultEx resultEx2)
{
return AreAuthenticationResultsEqual(resultEx1.Result, resultEx2.Result) &&
resultEx1.RefreshToken == resultEx2.RefreshToken &&
resultEx1.IsMultipleScopeRefreshToken == resultEx2.IsMultipleScopeRefreshToken;
}
public void LoadFromCacheCrossTenantNullUserToken()
{
//this test will result only in a RT and no access token returned.
TokenCache tokenCache = TokenCacheHelper.CreateCacheWithItems();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId + "more", TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
tokenCache.tokenCacheDictionary[key] = ex;
try
{
AuthenticationResultEx resultEx =
tokenCache.LoadFromCache(TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultScope,
TestConstants.DefaultClientId, null, TestConstants.DefaultPolicy, null);
Assert.Fail("multiple tokens should have been detected");
}
catch (MsalException exception)
{
Assert.AreEqual("multiple_matching_tokens_detected", exception.ErrorCode);
}
}
public void LoadFromCacheNullUserSingleEntry()
{
var tokenCache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
tokenCache.tokenCacheDictionary[key] = ex;
AuthenticationResultEx resultEx = tokenCache.LoadFromCache(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope,
TestConstants.DefaultClientId, null,
TestConstants.DefaultPolicy, null);
Assert.IsNotNull(resultEx);
Assert.IsNotNull(resultEx.Result);
Assert.IsNotNull(resultEx.Result.Token);
}
internal async Task<AuthenticationResultEx> RefreshAccessTokenAsync(AuthenticationResultEx result)
{
AuthenticationResultEx newResultEx = null;
if (this.Scope != null)
{
PlatformPlugin.Logger.Verbose(this.CallState, "Refreshing access token...");
try
{
newResultEx = await this.SendTokenRequestByRefreshTokenAsync(result.RefreshToken).ConfigureAwait(false);
this.Authenticator.UpdateTenantId(result.Result.TenantId);
if (newResultEx.Result.IdToken == null)
{
// If Id token is not returned by token endpoint when refresh token is redeemed, we should copy tenant and user information from the cached token.
newResultEx.Result.UpdateTenantAndUser(result.Result.TenantId, result.Result.IdToken, result.Result.User);
}
}
catch (MsalException ex)
{
MsalServiceException serviceException = ex as MsalServiceException;
if (serviceException != null && serviceException.ErrorCode == "invalid_request")
{
throw new MsalServiceException(
MsalError.FailedToRefreshToken,
MsalErrorMessage.FailedToRefreshToken + ". " + serviceException.Message,
serviceException.ServiceErrorCodes,
serviceException.InnerException);
}
newResultEx = new AuthenticationResultEx { Exception = ex };
}
}
return newResultEx;
}
protected virtual void PostTokenRequest(AuthenticationResultEx result)
{
this.Authenticator.UpdateTenantId(result.Result.TenantId);
}
private void UpdateCachedRefreshTokens(AuthenticationResultEx result, string authority, string clientId, string policy)
{
lock (lockObject)
{
if (result.Result.User != null && result.IsMultipleScopeRefreshToken)
{
List<KeyValuePair<TokenCacheKey, AuthenticationResultEx>> mrrtItems =
this.QueryCache(authority, clientId, result.Result.User.UniqueId,
result.Result.User.DisplayableId, result.Result.User.HomeObjectId, policy)
.Where(p => p.Value.IsMultipleScopeRefreshToken)
.ToList();
foreach (KeyValuePair<TokenCacheKey, AuthenticationResultEx> mrrtItem in mrrtItems)
{
mrrtItem.Value.RefreshToken = result.RefreshToken;
}
}
}
}
internal void StoreToCache(AuthenticationResultEx resultEx, string authority, string clientId,
string policy, bool restrictToSingleUser, CallState callState)
{
lock (lockObject)
{
PlatformPlugin.Logger.Verbose(callState, "Storing token in the cache...");
//single user mode cannot allow more than 1 unique id in the cache including null
if (restrictToSingleUser &&
(resultEx.Result.User == null || string.IsNullOrEmpty(resultEx.Result.User.UniqueId) ||
!this.GetUniqueIdsFromCache(clientId).Contains(resultEx.Result.User.UniqueId)))
{
throw new MsalException(MsalError.InvalidCacheOperation,
"Cannot add more than 1 user with a different unique id when RestrictToSingleUser is set to TRUE.");
}
this.OnBeforeWrite(new TokenCacheNotificationArgs
{
Scope = resultEx.Result.Scope,
ClientId = clientId,
User = resultEx.Result.User,
Policy = policy
});
TokenCacheKey tokenCacheKey = new TokenCacheKey(authority, resultEx.Result.ScopeSet, clientId,
resultEx.Result.User, policy);
// First identify all potential tokens.
List<KeyValuePair<TokenCacheKey, AuthenticationResultEx>> items = this.QueryCache(authority, clientId,
resultEx.Result.User, policy);
List<KeyValuePair<TokenCacheKey, AuthenticationResultEx>> itemsToRemove =
items.Where(p => p.Key.ScopeIntersects(resultEx.Result.ScopeSet)).ToList();
if (!itemsToRemove.Any())
{
this.tokenCacheDictionary[tokenCacheKey] = resultEx;
PlatformPlugin.Logger.Verbose(callState, "An item was stored in the cache");
}
else
{
//remove all intersections
PlatformPlugin.Logger.Verbose(callState, "Items to remove - " + itemsToRemove.Count);
foreach (var itemToRemove in itemsToRemove)
{
this.tokenCacheDictionary.Remove(itemToRemove);
}
this.tokenCacheDictionary[tokenCacheKey] = resultEx;
PlatformPlugin.Logger.Verbose(callState, "An item was updated in the cache");
}
this.UpdateCachedRefreshTokens(resultEx, authority, clientId, policy);
this.HasStateChanged = true;
}
}
public void StoreToCacheUniqueScopesTest()
{
var tokenCache = new TokenCache();
tokenCache.AfterAccess = null;
tokenCache.BeforeAccess = null;
tokenCache.BeforeWrite = null;
tokenCache = TokenCacheHelper.CreateCacheWithItems();
//save result with intersecting scopes
var result = new AuthenticationResult("Bearer", "some-access-token",
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)))
{
User =
new User
{
UniqueId = TestConstants.DefaultUniqueId,
DisplayableId = TestConstants.DefaultDisplayableId
},
ScopeSet = new HashSet<string>(new string[] { "r1/scope5", "r1/scope7" })
};
AuthenticationResultEx resultEx = new AuthenticationResultEx
{
Result = result,
RefreshToken = "someRT"
};
tokenCache.StoreToCache(resultEx, TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultClientId,
TestConstants.DefaultPolicy, TestConstants.DefaultRestrictToSingleUser, null);
Assert.AreEqual(3, tokenCache.Count);
AuthenticationResultEx resultExOut =
tokenCache.LoadFromCache(TestConstants.DefaultAuthorityHomeTenant,
new HashSet<string>(new string[] {"r1/scope5"}), TestConstants.DefaultClientId,
null, TestConstants.DefaultPolicy, null);
Assert.AreEqual(resultEx.RefreshToken, resultExOut.RefreshToken);
Assert.AreEqual(resultEx.Result.Token, resultExOut.Result.Token);
Assert.AreEqual(resultEx.Result.TokenType, resultExOut.Result.TokenType);
Assert.AreEqual(resultEx.Result.User.UniqueId, resultExOut.Result.User.UniqueId);
Assert.AreEqual(resultEx.Result.User.DisplayableId, resultExOut.Result.User.DisplayableId);
Assert.AreEqual(resultEx.Result.User.HomeObjectId, resultExOut.Result.User.HomeObjectId);
}
private static void VerifyAuthenticationResultExsAreNotEqual(AuthenticationResultEx resultEx1,
AuthenticationResultEx resultEx2)
{
Assert.IsFalse(AreAuthenticationResultExsEqual(resultEx1, resultEx2));
}
public void LoadSingleItemFromCacheNullUserSingleUniqueIdInCacheTest()
{
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
KeyValuePair<TokenCacheKey, AuthenticationResultEx>? item =
cache.LoadSingleItemFromCache(TestConstants.DefaultAuthorityCommonTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
null,
TestConstants.DefaultPolicy, null);
Assert.IsNotNull(item);
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, key.Authority);
Assert.AreEqual(TestConstants.DefaultScope, key.Scope);
Assert.AreEqual(TestConstants.DefaultClientId, key.ClientId);
Assert.AreEqual(TestConstants.DefaultUniqueId, key.UniqueId);
Assert.AreEqual(TestConstants.DefaultDisplayableId, key.DisplayableId);
Assert.AreEqual(TestConstants.DefaultHomeObjectId, key.HomeObjectId);
Assert.AreEqual(TestConstants.DefaultPolicy, key.Policy);
}
private static void AddToDictionary(TokenCache tokenCache, TokenCacheKey key, AuthenticationResultEx value)
{
tokenCache.OnBeforeAccess(new TokenCacheNotificationArgs {TokenCache = tokenCache});
tokenCache.OnBeforeWrite(new TokenCacheNotificationArgs {TokenCache = tokenCache});
tokenCache.tokenCacheDictionary.Add(key, value);
tokenCache.HasStateChanged = true;
tokenCache.OnAfterAccess(new TokenCacheNotificationArgs {TokenCache = tokenCache});
}
public void LoadSingleItemFromCacheIntersectingScopeDifferentAuthorities()
{
TokenCache cache = TokenCacheHelper.CreateCacheWithItems();
HashSet<string> scope = new HashSet<string>(new[] {"r1/scope1"});
KeyValuePair<TokenCacheKey, AuthenticationResultEx>? item =
cache.LoadSingleItemFromCache(TestConstants.DefaultAuthorityHomeTenant,
scope, TestConstants.DefaultClientId,
TestConstants.DefaultUser,
TestConstants.DefaultPolicy, null);
Assert.IsNotNull(item);
TokenCacheKey key = item.Value.Key;
AuthenticationResultEx resultEx = item.Value.Value;
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, key.Authority);
Assert.AreEqual(TestConstants.DefaultScope, key.Scope);
Assert.AreEqual(TestConstants.DefaultClientId, key.ClientId);
Assert.AreEqual(TestConstants.DefaultUniqueId, key.UniqueId);
Assert.AreEqual(TestConstants.DefaultDisplayableId, key.DisplayableId);
Assert.AreEqual(TestConstants.DefaultHomeObjectId, key.HomeObjectId);
Assert.AreEqual(TestConstants.DefaultPolicy, key.Policy);
Assert.AreEqual(key.ToString(), resultEx.Result.Token);
scope.Add("unique-scope");
item = cache.LoadSingleItemFromCache(TestConstants.DefaultAuthorityHomeTenant,
scope, TestConstants.DefaultClientId,
TestConstants.DefaultUser,
TestConstants.DefaultPolicy, null);
Assert.IsNotNull(item);
key = item.Value.Key;
resultEx = item.Value.Value;
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, key.Authority);
Assert.AreEqual(TestConstants.DefaultScope, key.Scope); //default scope contains r1/scope1
Assert.AreEqual(TestConstants.DefaultClientId, key.ClientId);
Assert.AreEqual(TestConstants.DefaultUniqueId, key.UniqueId);
Assert.AreEqual(TestConstants.DefaultDisplayableId, key.DisplayableId);
Assert.AreEqual(TestConstants.DefaultHomeObjectId, key.HomeObjectId);
Assert.AreEqual(TestConstants.DefaultPolicy, key.Policy);
Assert.AreEqual(key.ToString(), resultEx.Result.Token);
//invoke multiple tokens error
TokenCacheKey cacheKey = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId + "more", TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[cacheKey] = ex;
try
{
User user = TestConstants.DefaultUser;
user.DisplayableId = null;
item = cache.LoadSingleItemFromCache(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId, user,
TestConstants.DefaultPolicy, null);
Assert.Fail("multiple tokens should have been detected");
}
catch (MsalException exception)
{
Assert.AreEqual("multiple_matching_tokens_detected", exception.ErrorCode);
}
}
public void ActAsCurrentUserNoSsoHeaderForLoginHintOnlyTest()
{
//this test validates that no SSO header is added when developer passes only login hint and UiOption.ActAsCurrentUser
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
MockWebUI webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(),
ex.Result.User, UiOptions.ActAsCurrentUser, "extra=qp", webUi);
request.PreRunAsync().Wait();
request.PreTokenRequest().Wait();
}
public void LoadSingleItemFromCacheCrossTenantLookupTest()
{
var tokenCache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
tokenCache.tokenCacheDictionary[key] = ex;
User user = TestConstants.DefaultUser;
user.DisplayableId = null;
user.UniqueId = null;
//cross-tenant works by default. search cache using non-existant authority
//using root id. Code will find multiple results with the same root id. it can return any.
KeyValuePair<TokenCacheKey, AuthenticationResultEx>? item =
tokenCache.LoadSingleItemFromCache(TestConstants.DefaultAuthorityGuestTenant + "non-existant",
new HashSet<string>(new[] {"scope1", "random-scope"}),
TestConstants.DefaultClientId, user, TestConstants.DefaultPolicy, null);
Assert.IsNotNull(item);
key = item.Value.Key;
AuthenticationResultEx resultEx = item.Value.Value;
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, key.Authority);
Assert.AreEqual(TestConstants.DefaultScope, key.Scope);
Assert.AreEqual(TestConstants.DefaultClientId, key.ClientId);
Assert.AreEqual(TestConstants.DefaultUniqueId, key.UniqueId);
Assert.AreEqual(TestConstants.DefaultDisplayableId, key.DisplayableId);
Assert.AreEqual(TestConstants.DefaultHomeObjectId, key.HomeObjectId);
Assert.AreEqual(TestConstants.DefaultPolicy, key.Policy);
Assert.AreEqual(key.ToString(), resultEx.Result.Token);
}
public void MapToIdentifierMultipleMatchingEntriesTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false,
Guid.NewGuid());
TokenCache cache = TokenCacheHelper.CreateCacheWithItems();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3600)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.ScopeSet = TestConstants.DefaultScope;
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = new[] { "something" },
TokenCache = cache
};
SilentRequest request = new SilentRequest(parameters, (string) null,
new PlatformParameters(), false);
User user = request.MapIdentifierToUser(TestConstants.DefaultUniqueId);
Assert.IsNotNull(user);
Assert.AreEqual(TestConstants.DefaultUniqueId, user.UniqueId);
}
public void ClearCacheTest()
{
TokenCache tokenCache = TokenCacheHelper.CreateCacheWithItems();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId + "more",
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
tokenCache.tokenCacheDictionary[key] = ex;
tokenCache.Clear(TestConstants.DefaultClientId);
Assert.AreEqual(1, tokenCache.Count);
Assert.AreEqual(key, tokenCache.tokenCacheDictionary.Keys.First());
}
protected override void PostTokenRequest(AuthenticationResultEx resultEx)
{
base.PostTokenRequest(resultEx);
//MSAL does not compare the input loginHint to the returned identifier anymore.
}
public void StoreToCacheClientCredentialTest()
{
TokenCache tokenCache = TokenCacheHelper.CreateCacheWithItems();
var result = new AuthenticationResult("Bearer", "some-access-token",
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)))
{
User = null,
ScopeSet = new HashSet<string>(new string[] { "r1/scope1" })
};
AuthenticationResultEx resultEx = new AuthenticationResultEx
{
Result = result,
RefreshToken = null
};
}
public void GetUsersTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
IEnumerable<User> users = app.Users;
Assert.IsNotNull(users);
Assert.IsFalse(users.Any());
app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems();
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(1, users.Count());
foreach (var user in users)
{
Assert.AreEqual(TestConstants.DefaultClientId, user.ClientId);
Assert.IsNotNull(user.TokenCache);
}
// another cache entry for different home object id. user count should be 2.
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId+"more",
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3600)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.ScopeSet = TestConstants.DefaultScope;
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
app.UserTokenCache.tokenCacheDictionary[key] = ex;
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(2, users.Count());
foreach (var user in users)
{
Assert.AreEqual(TestConstants.DefaultClientId, user.ClientId);
Assert.IsNotNull(user.TokenCache);
}
}
protected override void PostTokenRequest(AuthenticationResultEx resultEx)
{
base.PostTokenRequest(resultEx);
this.User = resultEx.Result.User;
}