public static async Task AcquireTokenPositiveByRefreshTokenTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, (string)null);
VerifySuccessResult(sts, result, true, false);
AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken + "x", sts.ValidClientId, (string)null);
VerifyErrorResult(result2, "invalid_grant", "Refresh Token", 400);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource);
if (sts.Type == StsType.ADFS)
{
VerifyErrorResult(result, Sts.InvalidArgumentError, "multiple resource");
}
else
{
VerifySuccessResult(sts, result, true, false);
}
}
public static async Task ConfidentialClientTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
context.SetCorrelationId(new Guid("2ddbba59-1a04-43fb-b363-7fb0ae785031"));
// Test cache usage in AcquireTokenByAuthorizationCodeAsync
// There is no cache lookup, so the results should be different.
AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result2);
Verify.AreNotEqual(result.AccessToken, result2.AccessToken);
AuthenticationContextProxy.ClearDefaultCache();
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential);
VerifySuccessResult(sts, result, true, false);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidConfidentialClientId, sts.ValidResource);
VerifyErrorResult(result, "invalid_request", null, 400, "90014"); // ACS90014: The request body must contain the following parameter: 'client_secret or client_assertion'.
result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_argument", "authorizationCode");
result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_argument", "authorizationCode");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode + "x", sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_grant", "authorization code");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, new Uri(sts.ValidRedirectUriForConfidentialClient.AbsoluteUri + "x"), credential);
VerifyErrorResult(result, "invalid_grant", "does not match the reply address", 400, "70002");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientCredential)null);
VerifyErrorResult(result, "invalid_argument", "credential");
var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, invalidCredential);
VerifyErrorResult(result, "invalid_client", "client secret", 401);
}
public static async Task ConfidentialClientTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
context.SetCorrelationId(new Guid("2ddbba59-1a04-43fb-b363-7fb0ae785031"));
// Test cache usage in AcquireTokenByAuthorizationCodeAsync
// There is no cache lookup, so the results should be different.
AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result2);
Verify.AreNotEqual(result.AccessToken, result2.AccessToken);
AuthenticationContextProxy.ClearDefaultCache();
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential);
VerifySuccessResult(sts, result, true, false);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidConfidentialClientId, sts.ValidResource);
VerifyErrorResult(result, "invalid_request", null, 400, "90014"); // ACS90014: The request body must contain the following parameter: 'client_secret or client_assertion'.
result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_argument", "authorizationCode");
result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_argument", "authorizationCode");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode + "x", sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_grant", "authorization code");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, new Uri(sts.ValidRedirectUriForConfidentialClient.AbsoluteUri + "x"), credential);
VerifyErrorResult(result, "invalid_grant", "does not match the reply address", 400, "70002");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientCredential)null);
VerifyErrorResult(result, "invalid_argument", "credential");
var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, invalidCredential);
VerifyErrorResult(result, "invalid_client", "client secret", 401);
}
internal static async Task ConfidentialClientTokenRefreshWithMRRTTest(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential, sts.ValidResource2);
VerifySuccessResult(sts, result2, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId);
VerifyErrorResult(result2, AdalError.FailedToAcquireTokenSilently, null);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
}
public static async Task InstanceDiscoveryTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
AuthenticationContextProxy.SetEnvironmentVariable("ExtraQueryParameter", string.Empty);
// PROD discovery endpoint knows about PPE as well, so this passes discovery and fails later as refresh token is invalid for PPE.
context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows-ppe.net"), sts.ValidateAuthority);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource);
VerifyErrorResult(result, "invalid_grant", "Refresh Token");
try
{
context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows.unknown"), sts.ValidateAuthority);
result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifyErrorResult(result, "authority_not_in_valid_list", "authority");
}
#if TEST_ADAL_WINPHONE_UNIT
catch (AdalServiceException ex)
{
Verify.AreNotEqual(sts.Type, StsType.ADFS);
Verify.AreEqual(ex.ErrorCode, Sts.AuthorityNotInValidList);
Verify.IsTrue(ex.Message.Contains("authority"));
}
#endif
finally
{
}
}
public static async Task MultiResourceRefreshTokenTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource2);
if (sts.Type == StsType.AAD)
{
VerifySuccessResult(sts, result2, true, false);
Verify.IsTrue(result.IsMultipleResourceRefreshToken);
Verify.IsTrue(result2.IsMultipleResourceRefreshToken);
}
result2 = context.AcquireToken(sts.ValidResource2, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result2);
if (sts.Type == StsType.ADFS)
{
Verify.IsFalse(result.IsMultipleResourceRefreshToken);
}
else
{
Verify.IsTrue(result.IsMultipleResourceRefreshToken);
}
if (sts.Type == StsType.AAD)
{
result2 = context.AcquireToken(sts.ValidResource3, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result2);
Verify.IsTrue(result.IsMultipleResourceRefreshToken);
}
}
public static async Task CorrelationIdTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
Guid correlationId = Guid.NewGuid();
AuthenticationResultProxy result = null;
MemoryStream stream = new MemoryStream();
using (var listener = new TextWriterTraceListener(stream))
{
Trace.Listeners.Add(listener);
context.SetCorrelationId(correlationId);
result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
listener.Flush();
string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position);
Verify.IsTrue(trace.Contains(correlationId.ToString()));
Trace.Listeners.Remove(listener);
}
stream = new MemoryStream();
using (var listener = new TextWriterTraceListener(stream))
{
Trace.Listeners.Add(listener);
context.SetCorrelationId(Guid.Empty);
AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId);
Verify.IsNotNull(result2.AccessToken);
listener.Flush();
string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position);
Verify.IsFalse(trace.Contains(correlationId.ToString()));
Verify.IsTrue(trace.Contains("Correlation ID"));
Trace.Listeners.Remove(listener);
}
}
public static async Task ConfidentialClientWithX509TestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null);
string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var certificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword));
RecorderJwtId.JwtIdIndex = 1;
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, certificate, sts.ValidResource);
VerifySuccessResult(sts, result, true, false);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidConfidentialClientId, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidRequest, null, 400, "90014"); // The request body must contain the following parameter: 'client_secret or client_assertion'.
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate, null);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "authorizationCode");
result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "authorizationCode");
// Send null for redirect
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, null, certificate, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "redirectUri");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientAssertionCertificate)null, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "clientCertificate");
}
public static async Task AcquireTokenPositiveByRefreshTokenTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, (string)null);
VerifySuccessResult(sts, result, true, false);
AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken + "x", sts.ValidClientId, (string)null);
VerifyErrorResult(result2, "invalid_grant", "Refresh Token", 400);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource);
if (sts.Type == StsType.ADFS)
{
VerifyErrorResult(result, Sts.InvalidArgumentError, "multiple resource");
}
else
{
VerifySuccessResult(sts, result, true, false);
}
}
public static async Task WebExceptionAccessTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.InvalidClientId);
VerifyErrorResult(result, "unauthorized_client", "AADSTS70001");
Verify.IsNotNull(result.Exception);
Verify.IsNotNull(result.Exception.InnerException);
Verify.IsTrue(result.Exception.InnerException is WebException);
using (StreamReader sr = new StreamReader(((WebException)(result.Exception.InnerException)).Response.GetResponseStream()))
{
string streamBody = sr.ReadToEnd();
Verify.IsTrue(streamBody.Contains("AADSTS70001"));
}
}
public static async Task CorrelationIdTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
Guid correlationId = Guid.NewGuid();
AuthenticationResultProxy result = null;
MemoryStream stream = new MemoryStream();
using (var listener = new TextWriterTraceListener(stream))
{
Trace.Listeners.Add(listener);
context.SetCorrelationId(correlationId);
result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
listener.Flush();
string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position);
Verify.IsTrue(trace.Contains(correlationId.ToString()));
Trace.Listeners.Remove(listener);
}
stream = new MemoryStream();
using (var listener = new TextWriterTraceListener(stream))
{
Trace.Listeners.Add(listener);
context.SetCorrelationId(Guid.Empty);
AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId);
Verify.IsNotNullOrEmptyString(result2.AccessToken);
listener.Flush();
string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position);
Verify.IsFalse(trace.Contains(correlationId.ToString()));
Verify.IsTrue(trace.Contains("Correlation ID"));
Trace.Listeners.Remove(listener);
}
}
public static async Task WebExceptionAccessTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.InvalidClientId);
VerifyErrorResult(result, "unauthorized_client", "AADSTS70001");
Verify.IsNotNull(result.Exception);
Verify.IsNotNull(result.Exception.InnerException);
Verify.IsTrue(result.Exception.InnerException is WebException);
using (StreamReader sr = new StreamReader(((WebException)(result.Exception.InnerException)).Response.GetResponseStream()))
{
string streamBody = sr.ReadToEnd();
Verify.IsTrue(streamBody.Contains("AADSTS70001"));
}
}
public static async Task InstanceDiscoveryTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
AuthenticationContextProxy.SetEnvironmentVariable("ExtraQueryParameter", string.Empty);
// PROD discovery endpoint knows about PPE as well, so this passes discovery and fails later as refresh token is invalid for PPE.
context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows-ppe.net"), sts.ValidateAuthority);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource);
VerifyErrorResult(result, "invalid_grant", "Refresh Token");
try
{
context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows.unknown"), sts.ValidateAuthority);
result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifyErrorResult(result, "authority_not_in_valid_list", "authority");
}
#if TEST_ADAL_WINPHONE_UNIT
catch (AdalServiceException ex)
{
Verify.AreNotEqual(sts.Type, StsType.ADFS);
Verify.AreEqual(ex.ErrorCode, Sts.AuthorityNotInValidList);
Verify.IsTrue(ex.Message.Contains("authority"));
}
#endif
finally
{
}
}
public static async Task MultiResourceRefreshTokenTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource2);
if (sts.Type == StsType.AAD)
{
VerifySuccessResult(sts, result2, true, false);
Verify.IsTrue(result.IsMultipleResourceRefreshToken);
Verify.IsTrue(result2.IsMultipleResourceRefreshToken);
}
result2 = context.AcquireToken(sts.ValidResource2, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result2);
if (sts.Type == StsType.ADFS)
{
Verify.IsFalse(result.IsMultipleResourceRefreshToken);
}
else
{
Verify.IsTrue(result.IsMultipleResourceRefreshToken);
}
if (sts.Type == StsType.AAD)
{
result2 = context.AcquireToken(sts.ValidResource3, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result2);
Verify.IsTrue(result.IsMultipleResourceRefreshToken);
}
}
public static async Task ConfidentialClientWithX509TestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null);
string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var certificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword));
RecorderJwtId.JwtIdIndex = 1;
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, certificate, sts.ValidResource);
VerifySuccessResult(sts, result, true, false);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidConfidentialClientId, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidRequest, null, 400, "90014"); // The request body must contain the following parameter: 'client_secret or client_assertion'.
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate, null);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "authorizationCode");
result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "authorizationCode");
// Send null for redirect
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, null, certificate, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "redirectUri");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientAssertionCertificate)null, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "clientCertificate");
}
internal static async Task ConfidentialClientTokenRefreshWithMRRTTest(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential, sts.ValidResource2);
VerifySuccessResult(sts, result2, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId);
VerifyErrorResult(result2, AdalError.FailedToAcquireTokenSilently, null);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
}
