public static AuthenticationResult ParseTokenResponse(TokenResponse tokenResponse, CallState callState) { AuthenticationResult result; if (tokenResponse.AccessToken != null) { DateTimeOffset expiresOn = DateTime.UtcNow + TimeSpan.FromSeconds(tokenResponse.ExpiresIn); result = new AuthenticationResult(tokenResponse.TokenType, tokenResponse.AccessToken, tokenResponse.RefreshToken, expiresOn) { #if ADAL_NET // This is only needed for AcquireTokenByAuthorizationCode in which parameter resource is optional and we need // to get it from the STS response. Resource = tokenResponse.Resource, #endif }; IdToken idToken = ParseIdToken(tokenResponse.IdToken); if (idToken != null) { string tenantId = idToken.TenantId; string uniqueId = null; string displayableId = null; if (!string.IsNullOrWhiteSpace(idToken.ObjectId)) { uniqueId = idToken.ObjectId; } else if (!string.IsNullOrWhiteSpace(idToken.Subject)) { uniqueId = idToken.Subject; } if (!string.IsNullOrWhiteSpace(idToken.UPN)) { displayableId = idToken.UPN; } else if (!string.IsNullOrWhiteSpace(idToken.Email)) { displayableId = idToken.Email; } string givenName = idToken.GivenName; string familyName = idToken.FamilyName; string identityProvider = idToken.IdentityProvider ?? idToken.Issuer; DateTimeOffset? passwordExpiresOffest = null; if (idToken.PasswordExpiration > 0) { passwordExpiresOffest = DateTime.UtcNow + TimeSpan.FromSeconds(idToken.PasswordExpiration); } Uri changePasswordUri = null; if (!string.IsNullOrEmpty(idToken.PasswordChangeUrl)) { changePasswordUri = new Uri(idToken.PasswordChangeUrl); } result.UpdateTenantAndUserInfo(tenantId, tokenResponse.IdToken, new UserInfo { UniqueId = uniqueId, DisplayableId = displayableId, GivenName = givenName, FamilyName = familyName, IdentityProvider = identityProvider, PasswordExpiresOn = passwordExpiresOffest, PasswordChangeUrl = changePasswordUri }); } } else if (tokenResponse.Error != null) { throw new AdalServiceException(tokenResponse.Error, tokenResponse.ErrorDescription); } else { throw new AdalServiceException(AdalError.Unknown, AdalErrorMessage.Unknown); } return result; }
public static TokenResponse ReadErrorResponse(WebResponse response) { if (response == null) { return new TokenResponse { Error = AdalError.ServiceReturnedError, ErrorDescription = AdalErrorMessage.ServiceReturnedError }; } Stream responseStream = response.GetResponseStream(); if (responseStream == null) { return new TokenResponse { Error = AdalError.Unknown, ErrorDescription = AdalErrorMessage.Unknown }; } TokenResponse tokenResponse; StringBuilder responseStreamString = new StringBuilder(); try { responseStreamString.Append(HttpHelper.ReadStreamContent(responseStream)); using (MemoryStream ms = new MemoryStream(responseStreamString.ToByteArray())) { DataContractJsonSerializer serializer = new DataContractJsonSerializer(typeof (TokenResponse)); tokenResponse = ((TokenResponse) serializer.ReadObject(ms)); } } catch (SerializationException) { tokenResponse = new TokenResponse { Error = (((HttpWebResponse)response).StatusCode == HttpStatusCode.ServiceUnavailable) ? AdalError.ServiceUnavailable : AdalError.Unknown, ErrorDescription = responseStreamString.ToString() }; } return tokenResponse; }
public static TokenResponse ReadErrorResponse(WebResponse response) { if (response == null) { return new TokenResponse { Error = AdalError.ServiceReturnedError, ErrorDescription = AdalErrorMessage.ServiceReturnedError }; } Stream responseStream = response.GetResponseStream(); if (responseStream == null) { return new TokenResponse { Error = AdalError.Unknown, ErrorDescription = AdalErrorMessage.Unknown }; } TokenResponse tokenResponse; try { DataContractJsonSerializer serializer = new DataContractJsonSerializer(typeof(TokenResponse)); tokenResponse = ((TokenResponse)serializer.ReadObject(responseStream)); // Reset stream position to make it possible for application to read WebException body again responseStream.Position = 0; } catch (SerializationException) { responseStream.Position = 0; tokenResponse = new TokenResponse { Error = (((HttpWebResponse)response).StatusCode == HttpStatusCode.ServiceUnavailable) ? AdalError.ServiceUnavailable : AdalError.Unknown, ErrorDescription = HttpHelper.ReadStreamContent(responseStream) }; } return tokenResponse; }
private TokenResponse CreateTokenResponse() { TokenResponse tr = new TokenResponse(); tr.AccessToken = "access_token"; tr.RefreshToken = "refresh_token"; tr.CorrelationId = Guid.NewGuid().ToString(); tr.Resource = "my-resource"; tr.TokenType = "Bearer"; tr.ExpiresIn = 3899; tr.ExpiresOn = 1400545595; return tr; }
public static AuthenticationResult ParseTokenResponse(TokenResponse tokenResponse, CallState callState) { AuthenticationResult result; if (tokenResponse.AccessToken != null) { DateTimeOffset expiresOn = DateTime.UtcNow + TimeSpan.FromSeconds(tokenResponse.ExpiresIn); result = new AuthenticationResult(tokenResponse.TokenType, tokenResponse.AccessToken, tokenResponse.RefreshToken, expiresOn) { #if ADAL_NET // This is only needed for AcquireTokenByAuthorizationCode in which parameter resource is optional and we need // to get it from the STS response. Resource = tokenResponse.Resource, #endif }; IdToken idToken = ParseIdToken(tokenResponse.IdToken); if (idToken != null) { string tenantId = idToken.TenantId; string uniqueId = null; string displayableId = null; if (!string.IsNullOrWhiteSpace(idToken.ObjectId)) { uniqueId = idToken.ObjectId; } else if (!string.IsNullOrWhiteSpace(idToken.Subject)) { uniqueId = idToken.Subject; } if (!string.IsNullOrWhiteSpace(idToken.UPN)) { displayableId = idToken.UPN; } else if (!string.IsNullOrWhiteSpace(idToken.Email)) { displayableId = idToken.Email; } string givenName = idToken.GivenName; string familyName = idToken.FamilyName; string identityProvider = idToken.IdentityProvider ?? idToken.Issuer; DateTimeOffset?passwordExpiresOffest = null; if (idToken.PasswordExpiration > 0) { passwordExpiresOffest = DateTime.UtcNow + TimeSpan.FromSeconds(idToken.PasswordExpiration); } Uri changePasswordUri = null; if (!string.IsNullOrEmpty(idToken.PasswordChangeUrl)) { changePasswordUri = new Uri(idToken.PasswordChangeUrl); } result.UpdateTenantAndUserInfo(tenantId, tokenResponse.IdToken, new UserInfo { UniqueId = uniqueId, DisplayableId = displayableId, GivenName = givenName, FamilyName = familyName, IdentityProvider = identityProvider, PasswordExpiresOn = passwordExpiresOffest, PasswordChangeUrl = changePasswordUri }); } } else if (tokenResponse.Error != null) { throw new AdalServiceException(tokenResponse.Error, tokenResponse.ErrorDescription); } else { throw new AdalServiceException(AdalError.Unknown, AdalErrorMessage.Unknown); } return(result); }
private async Task <T> GetResponseAsync <T>(bool respondToDeviceAuthChallenge) { T typedResponse = default(T); IHttpWebResponse response; try { if (PlatformPlugin.HttpClientFactory.AddAdditionalHeaders) { IDictionary <string, string> adalIdHeaders = AdalIdHelper.GetAdalIdParameters(); foreach (KeyValuePair <string, string> kvp in adalIdHeaders) { this.Client.Headers[kvp.Key] = kvp.Value; } } //add pkeyauth header this.Client.Headers[DeviceAuthHeaderName] = DeviceAuthHeaderValue; using (response = await this.Client.GetResponseAsync().ConfigureAwait(false)) { typedResponse = EncodingHelper.DeserializeResponse <T>(response.ResponseString); } } catch (HttpRequestWrapperException ex) { if (ex.InnerException is TaskCanceledException) { Resiliency = true; PlatformPlugin.Logger.Information(this.CallState, "Network timeout - " + ex.InnerException.Message); } if (!this.isDeviceAuthChallenge(ex.WebResponse, respondToDeviceAuthChallenge)) { AdalServiceException serviceEx; if (ex.WebResponse != null) { TokenResponse tokenResponse = TokenResponse.CreateFromErrorResponse(ex.WebResponse); string[] errorCodes = tokenResponse.ErrorCodes ?? new[] { ex.WebResponse.StatusCode.ToString() }; serviceEx = new AdalServiceException(tokenResponse.Error, tokenResponse.ErrorDescription, errorCodes, ex); if ((ex.WebResponse.StatusCode.Equals(HttpStatusCode.InternalServerError)) || (ex.WebResponse.StatusCode).Equals(HttpStatusCode.GatewayTimeout) || (ex.WebResponse.StatusCode).Equals(HttpStatusCode.ServiceUnavailable)) { PlatformPlugin.Logger.Information(this.CallState, "HttpStatus code: " + ex.WebResponse.StatusCode + " - " + ex.InnerException.Message); Resiliency = true; } } else { serviceEx = new AdalServiceException(AdalError.Unknown, ex); } if (Resiliency) { if (RetryOnce) { await Task.Delay(DelayTimePeriodMilliSeconds).ConfigureAwait(false); RetryOnce = false; PlatformPlugin.Logger.Information(this.CallState, "Retrying one more time.."); return(await this.GetResponseAsync <T>(respondToDeviceAuthChallenge).ConfigureAwait(false)); } PlatformPlugin.Logger.Information(this.CallState, "Retry Failed - " + ex.InnerException.Message); } PlatformPlugin.Logger.Error(CallState, serviceEx); throw serviceEx; } else { response = ex.WebResponse; } } //check for pkeyauth challenge if (this.isDeviceAuthChallenge(response, respondToDeviceAuthChallenge)) { return(await HandleDeviceAuthChallenge <T>(response).ConfigureAwait(false)); } return(typedResponse); }
private async Task <T> GetResponseAsync <T>(string endpointType, bool respondToDeviceAuthChallenge) { T typedResponse = default(T); IHttpWebResponse response; ClientMetrics clientMetrics = new ClientMetrics(); try { clientMetrics.BeginClientMetricsRecord(this.CallState); if (PlatformPlugin.HttpClientFactory.AddAdditionalHeaders) { Dictionary <string, string> clientMetricsHeaders = clientMetrics.GetPreviousRequestRecord(this.CallState); foreach (KeyValuePair <string, string> kvp in clientMetricsHeaders) { this.Client.Headers[kvp.Key] = kvp.Value; } IDictionary <string, string> adalIdHeaders = AdalIdHelper.GetAdalIdParameters(); foreach (KeyValuePair <string, string> kvp in adalIdHeaders) { this.Client.Headers[kvp.Key] = kvp.Value; } } //add pkeyauth header this.Client.Headers[DeviceAuthHeaderName] = DeviceAuthHeaderValue; using (response = await this.Client.GetResponseAsync()) { typedResponse = DeserializeResponse <T>(response.ResponseStream); clientMetrics.SetLastError(null); } } catch (HttpRequestWrapperException ex) { if (!this.isDeviceAuthChallenge(endpointType, ex.WebResponse, respondToDeviceAuthChallenge)) { AdalServiceException serviceEx; if (ex.WebResponse != null) { TokenResponse tokenResponse = TokenResponse.CreateFromErrorResponse(ex.WebResponse); string[] errorCodes = tokenResponse.ErrorCodes ?? new[] { ex.WebResponse.StatusCode.ToString() }; serviceEx = new AdalServiceException(tokenResponse.Error, tokenResponse.ErrorDescription, errorCodes, ex); } else { serviceEx = new AdalServiceException(AdalError.Unknown, ex); } clientMetrics.SetLastError(serviceEx.ServiceErrorCodes); PlatformPlugin.Logger.Error(CallState, serviceEx); throw serviceEx; } else { response = ex.WebResponse; } } finally { clientMetrics.EndClientMetricsRecord(endpointType, this.CallState); } //check for pkeyauth challenge if (this.isDeviceAuthChallenge(endpointType, response, respondToDeviceAuthChallenge)) { return(await HandleDeviceAuthChallenge <T>(endpointType, response)); } return(typedResponse); }