Esempio n. 1
0
        private async Task <IEnumerable <IAccount> > GetAccountsFromBrokerAsync(
            string homeAccountIdFilter,
            ICacheSessionManager cacheSessionManager)
        {
            if (AppConfig.IsBrokerEnabled && ServiceBundle.PlatformProxy.CanBrokerSupportSilentAuth())
            {
                var broker         = ServiceBundle.PlatformProxy.CreateBroker(ServiceBundle.Config, null);
                var brokerAccounts =
                    (await broker.GetAccountsAsync(
                         AppConfig.ClientId,
                         AppConfig.RedirectUri,
                         Authority,
                         cacheSessionManager,
                         ServiceBundle.InstanceDiscoveryManager).ConfigureAwait(false))
                    ?? Enumerable.Empty <IAccount>();

                if (!string.IsNullOrEmpty(homeAccountIdFilter))
                {
                    brokerAccounts = brokerAccounts.Where(
                        acc => homeAccountIdFilter.Equals(
                            acc.HomeAccountId.Identifier,
                            StringComparison.OrdinalIgnoreCase));
                }

                brokerAccounts = await FilterBrokerAccountsByEnvAsync(brokerAccounts).ConfigureAwait(false);

                return(brokerAccounts);
            }

            return(Enumerable.Empty <IAccount>());
        }
 /// <summary>
 /// iOS broker does not handle silent flow
 /// </summary>
 public Task <IReadOnlyList <IAccount> > GetAccountsAsync(
     string clientID,
     string redirectUri,
     string authority,
     ICacheSessionManager cacheSessionManager,
     IInstanceDiscoveryManager instanceDiscoveryManager)
 {
     throw new NotImplementedException();
 }
Esempio n. 3
0
 /// <summary>
 /// iOS broker does not handle silent flow
 /// </summary>
 public Task <IReadOnlyList <IAccount> > GetAccountsAsync(
     string clientID,
     string redirectUri,
     AuthorityInfo authorityInfo,
     ICacheSessionManager cacheSessionManager,
     IInstanceDiscoveryManager instanceDiscoveryManager)
 {
     return(Task.FromResult(CollectionHelpers.GetEmptyReadOnlyList <IAccount>())); // nop
 }
Esempio n. 4
0
 public Task <IReadOnlyList <IAccount> > GetAccountsAsync(
     string clientID,
     string redirectUri,
     AuthorityInfo authorityInfo,
     ICacheSessionManager cacheSessionManager,
     IInstanceDiscoveryManager instanceDiscoveryManager)
 {
     _logger.Info("NullBroker - returning empty list on GetAccounts request.");
     return(Task.FromResult(CollectionHelpers.GetEmptyReadOnlyList <IAccount>())); // nop
 }
        public Task <IReadOnlyList <IAccount> > GetAccountsAsync(
            string clientID,
            string redirectUri,
            AuthorityInfo authorityInfo,
            ICacheSessionManager cacheSessionManager,
            IInstanceDiscoveryManager instanceDiscoveryManager)
        {
            // runtime does not yet support account discovery

            return(Task.FromResult <IReadOnlyList <IAccount> >(Array.Empty <IAccount>()));
        }
Esempio n. 6
0
        public void Init()
        {
            _logger   = Substitute.For <ICoreLogger>();
            _wamProxy = Substitute.For <IWamProxy>();
            _webAccountProviderFactory = Substitute.For <IWebAccountProviderFactory>();
            _accountPickerFactory      = Substitute.For <IAccountPickerFactory>();

            _webAccountProviderFactory.ClearReceivedCalls();
            _cacheSessionManager = Substitute.For <ICacheSessionManager>();

            _instanceDiscoveryManager = Substitute.For <IInstanceDiscoveryManager>();

            _aadPlugin = new AadPlugin(_wamProxy, _webAccountProviderFactory, _logger);
        }
Esempio n. 7
0
        private async Task <Account> ConvertToMsalAccountOrNullAsync(
            string clientId,
            WebAccount webAccount,
            InstanceDiscoveryMetadataEntry envMetadata,
            ICacheSessionManager cacheManager,
            IEnumerable <IAccount> accountsFromCache)
        {
            webAccount.Properties.TryGetValue("TenantId", out string realm);

            if (!_wamProxy.TryGetAccountProperty(webAccount, "Authority", out string accountAuthority))
            {
                _logger.WarningPii(
                    $"[WAM AAD Provider] Could not convert the WAM account {webAccount.UserName} (id: {webAccount.Id}) to an MSAL account because the Authority could not be found",
                    $"[WAM AAD Provider] Could not convert the WAM account {webAccount.Id} to an MSAL account because the Authority could not be found");

                return(null);
            }

            string accountEnv = (new Uri(accountAuthority)).Host;

            if (!envMetadata.Aliases.ContainsOrdinalIgnoreCase(accountEnv))
            {
                _logger.InfoPii(
                    $"[WAM AAD Provider] Account {webAccount.UserName} enviroment {accountEnv} does not match input authority env {envMetadata.PreferredNetwork} or an alias",
                    $"[WAM AAD Provider] Account enviroment {accountEnv} does not match input authority env {envMetadata.PreferredNetwork}");

                return(null);
            }

            if (MatchCacheAccount(webAccount, accountsFromCache, out AccountId homeAccountId))
            {
                _logger.VerbosePii(
                    $"[WAM AAD Provider] ConvertToMsalAccountOrNullAsync account {webAccount.UserName} matched a cached account",
                    $"[WAM AAD Provider] Account matched a cache account");


                return(new Account(
                           homeAccountId.Identifier,
                           webAccount.UserName,
                           envMetadata.PreferredNetwork,
                           new Dictionary <string, string>()
                {
                    { clientId, webAccount.Id }
                }));
            }

            return(await GetIdFromWebResponseAsync(clientId, webAccount, envMetadata, cacheManager).ConfigureAwait(false));
        }
Esempio n. 8
0
        /// <summary>
        /// Generally the MSA plugin will NOT return the accounts back to the app. This is due
        /// to privacy concerns. However, some test apps are allowed to do this, hence the code.
        /// Normal 1st and 3rd party apps must use AcquireTokenInteractive to login first, and then MSAL will
        /// save the account for later use.
        /// </summary>
        public async Task <IReadOnlyList <IAccount> > GetAccountsAsync(
            string clientID,
            string authority,
            ICacheSessionManager cacheSessionManager,
            IInstanceDiscoveryManager instanceDiscoveryManager)
        {
            var webAccounProvider = await _webAccountProviderFactory.GetAccountProviderAsync("consumers").ConfigureAwait(false);

            var webAccounts = await _wamProxy.FindAllWebAccountsAsync(webAccounProvider, clientID).ConfigureAwait(false);

            var msalAccounts = webAccounts
                               .Select(webAcc => ConvertToMsalAccountOrNull(webAcc))
                               .Where(a => a != null)
                               .ToList();

            _logger.Info($"[WAM MSA Plugin] GetAccountsAsync converted {webAccounts.Count} MSAL accounts");
            return(msalAccounts);
        }
Esempio n. 9
0
        public async Task <IReadOnlyList <IAccount> > GetAccountsAsync(
            string clientId,
            string redirectUri,
            AuthorityInfo authorityInfo,
            ICacheSessionManager cacheSessionManager,
            IInstanceDiscoveryManager instanceDiscoveryManager)
        {
            using (_logger.LogMethodDuration())
            {
                if (!IsBrokerInstalledAndInvokable())
                {
                    _logger.Warning("[Android broker] Broker is either not installed or is not reachable so no accounts will be returned. ");
                    return(null);
                }

                return(await GetAccountsInternalAsync(clientId, redirectUri).ConfigureAwait(false));
            }
        }
        public async Task <IReadOnlyList <IAccount> > GetAccountsAsync(
            string clientId,
            string redirectUri,
            AuthorityInfo authorityInfo,
            ICacheSessionManager cacheSessionManager,
            IInstanceDiscoveryManager instanceDiscoveryManager)
        {
            using (_logger.LogMethodDuration())
            {
                if (!IsBrokerInstalledAndInvokable())
                {
                    _logger.Warning("[Android broker] Broker is either not installed or is not reachable so no accounts will be returned. ");
                    return(new List <IAccount>());
                }

                BrokerRequest brokerRequest = new BrokerRequest()
                {
                    ClientId = clientId, RedirectUri = new Uri(redirectUri)
                };

                try
                {
                    await InitiateBrokerHandshakeAsync().ConfigureAwait(false);

                    var accounts = GetBrokerAccounts(brokerRequest);

                    return(_brokerHelper.ExtractBrokerAccountsFromAccountData(accounts));
                }
                catch (Exception ex)
                {
                    _logger.Error("[Android broker] Failed to get Android broker accounts from the broker. ");
                    _brokerHelper.HandleBrokerOperationError(ex);
                    throw;
                }
            }
        }
        public async Task <IReadOnlyList <IAccount> > GetAccountsAsync(
            string clientID,
            string redirectUri,
            string authority,
            ICacheSessionManager cacheSessionManager,
            IInstanceDiscoveryManager instanceDiscoveryManager)
        {
            using (_logger.LogMethodDuration())
            {
                if (!ApiInformation.IsMethodPresent(
                        "Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager",
                        "FindAllAccountsAsync"))
                {
                    _logger.Info("WAM::FindAllAccountsAsync method does not exist. Returning 0 broker accounts. ");
                    return(Array.Empty <IAccount>());
                }

                var aadAccounts = await _aadPlugin.GetAccountsAsync(clientID, authority, cacheSessionManager, instanceDiscoveryManager).ConfigureAwait(false);

                var msaAccounts = await _msaPlugin.GetAccountsAsync(clientID, authority, cacheSessionManager, instanceDiscoveryManager).ConfigureAwait(false);

                return((aadAccounts.Concat(msaAccounts)).ToList());
            }
        }
Esempio n. 12
0
        private async Task <Account> GetIdFromWebResponseAsync(string clientId, WebAccount webAccount, InstanceDiscoveryMetadataEntry envMetadata, ICacheSessionManager cacheManager)
        {
            MsalTokenResponse response = await AcquireBasicTokenSilentAsync(
                webAccount,
                clientId).ConfigureAwait(false);

            if (response != null)
            {
                var tuple = await cacheManager.SaveTokenResponseAsync(response).ConfigureAwait(false);

                _logger.InfoPii(
                    $"[WAM AAD Provider] ConvertToMsalAccountOrNullAsync resolved account {webAccount.UserName} via web call? {tuple?.Item3 != null}",
                    $"[WAM AAD Provider] ConvertToMsalAccountOrNullAsync resolved account via web call? {tuple?.Item3 != null}");

                return(tuple.Item3); // Account
            }

            return(null);
        }