private async Task <IEnumerable <IAccount> > GetAccountsFromBrokerAsync( string homeAccountIdFilter, ICacheSessionManager cacheSessionManager) { if (AppConfig.IsBrokerEnabled && ServiceBundle.PlatformProxy.CanBrokerSupportSilentAuth()) { var broker = ServiceBundle.PlatformProxy.CreateBroker(ServiceBundle.Config, null); var brokerAccounts = (await broker.GetAccountsAsync( AppConfig.ClientId, AppConfig.RedirectUri, Authority, cacheSessionManager, ServiceBundle.InstanceDiscoveryManager).ConfigureAwait(false)) ?? Enumerable.Empty <IAccount>(); if (!string.IsNullOrEmpty(homeAccountIdFilter)) { brokerAccounts = brokerAccounts.Where( acc => homeAccountIdFilter.Equals( acc.HomeAccountId.Identifier, StringComparison.OrdinalIgnoreCase)); } brokerAccounts = await FilterBrokerAccountsByEnvAsync(brokerAccounts).ConfigureAwait(false); return(brokerAccounts); } return(Enumerable.Empty <IAccount>()); }
/// <summary> /// iOS broker does not handle silent flow /// </summary> public Task <IReadOnlyList <IAccount> > GetAccountsAsync( string clientID, string redirectUri, string authority, ICacheSessionManager cacheSessionManager, IInstanceDiscoveryManager instanceDiscoveryManager) { throw new NotImplementedException(); }
/// <summary> /// iOS broker does not handle silent flow /// </summary> public Task <IReadOnlyList <IAccount> > GetAccountsAsync( string clientID, string redirectUri, AuthorityInfo authorityInfo, ICacheSessionManager cacheSessionManager, IInstanceDiscoveryManager instanceDiscoveryManager) { return(Task.FromResult(CollectionHelpers.GetEmptyReadOnlyList <IAccount>())); // nop }
public Task <IReadOnlyList <IAccount> > GetAccountsAsync( string clientID, string redirectUri, AuthorityInfo authorityInfo, ICacheSessionManager cacheSessionManager, IInstanceDiscoveryManager instanceDiscoveryManager) { _logger.Info("NullBroker - returning empty list on GetAccounts request."); return(Task.FromResult(CollectionHelpers.GetEmptyReadOnlyList <IAccount>())); // nop }
public Task <IReadOnlyList <IAccount> > GetAccountsAsync( string clientID, string redirectUri, AuthorityInfo authorityInfo, ICacheSessionManager cacheSessionManager, IInstanceDiscoveryManager instanceDiscoveryManager) { // runtime does not yet support account discovery return(Task.FromResult <IReadOnlyList <IAccount> >(Array.Empty <IAccount>())); }
public void Init() { _logger = Substitute.For <ICoreLogger>(); _wamProxy = Substitute.For <IWamProxy>(); _webAccountProviderFactory = Substitute.For <IWebAccountProviderFactory>(); _accountPickerFactory = Substitute.For <IAccountPickerFactory>(); _webAccountProviderFactory.ClearReceivedCalls(); _cacheSessionManager = Substitute.For <ICacheSessionManager>(); _instanceDiscoveryManager = Substitute.For <IInstanceDiscoveryManager>(); _aadPlugin = new AadPlugin(_wamProxy, _webAccountProviderFactory, _logger); }
private async Task <Account> ConvertToMsalAccountOrNullAsync( string clientId, WebAccount webAccount, InstanceDiscoveryMetadataEntry envMetadata, ICacheSessionManager cacheManager, IEnumerable <IAccount> accountsFromCache) { webAccount.Properties.TryGetValue("TenantId", out string realm); if (!_wamProxy.TryGetAccountProperty(webAccount, "Authority", out string accountAuthority)) { _logger.WarningPii( $"[WAM AAD Provider] Could not convert the WAM account {webAccount.UserName} (id: {webAccount.Id}) to an MSAL account because the Authority could not be found", $"[WAM AAD Provider] Could not convert the WAM account {webAccount.Id} to an MSAL account because the Authority could not be found"); return(null); } string accountEnv = (new Uri(accountAuthority)).Host; if (!envMetadata.Aliases.ContainsOrdinalIgnoreCase(accountEnv)) { _logger.InfoPii( $"[WAM AAD Provider] Account {webAccount.UserName} enviroment {accountEnv} does not match input authority env {envMetadata.PreferredNetwork} or an alias", $"[WAM AAD Provider] Account enviroment {accountEnv} does not match input authority env {envMetadata.PreferredNetwork}"); return(null); } if (MatchCacheAccount(webAccount, accountsFromCache, out AccountId homeAccountId)) { _logger.VerbosePii( $"[WAM AAD Provider] ConvertToMsalAccountOrNullAsync account {webAccount.UserName} matched a cached account", $"[WAM AAD Provider] Account matched a cache account"); return(new Account( homeAccountId.Identifier, webAccount.UserName, envMetadata.PreferredNetwork, new Dictionary <string, string>() { { clientId, webAccount.Id } })); } return(await GetIdFromWebResponseAsync(clientId, webAccount, envMetadata, cacheManager).ConfigureAwait(false)); }
/// <summary> /// Generally the MSA plugin will NOT return the accounts back to the app. This is due /// to privacy concerns. However, some test apps are allowed to do this, hence the code. /// Normal 1st and 3rd party apps must use AcquireTokenInteractive to login first, and then MSAL will /// save the account for later use. /// </summary> public async Task <IReadOnlyList <IAccount> > GetAccountsAsync( string clientID, string authority, ICacheSessionManager cacheSessionManager, IInstanceDiscoveryManager instanceDiscoveryManager) { var webAccounProvider = await _webAccountProviderFactory.GetAccountProviderAsync("consumers").ConfigureAwait(false); var webAccounts = await _wamProxy.FindAllWebAccountsAsync(webAccounProvider, clientID).ConfigureAwait(false); var msalAccounts = webAccounts .Select(webAcc => ConvertToMsalAccountOrNull(webAcc)) .Where(a => a != null) .ToList(); _logger.Info($"[WAM MSA Plugin] GetAccountsAsync converted {webAccounts.Count} MSAL accounts"); return(msalAccounts); }
public async Task <IReadOnlyList <IAccount> > GetAccountsAsync( string clientId, string redirectUri, AuthorityInfo authorityInfo, ICacheSessionManager cacheSessionManager, IInstanceDiscoveryManager instanceDiscoveryManager) { using (_logger.LogMethodDuration()) { if (!IsBrokerInstalledAndInvokable()) { _logger.Warning("[Android broker] Broker is either not installed or is not reachable so no accounts will be returned. "); return(null); } return(await GetAccountsInternalAsync(clientId, redirectUri).ConfigureAwait(false)); } }
public async Task <IReadOnlyList <IAccount> > GetAccountsAsync( string clientId, string redirectUri, AuthorityInfo authorityInfo, ICacheSessionManager cacheSessionManager, IInstanceDiscoveryManager instanceDiscoveryManager) { using (_logger.LogMethodDuration()) { if (!IsBrokerInstalledAndInvokable()) { _logger.Warning("[Android broker] Broker is either not installed or is not reachable so no accounts will be returned. "); return(new List <IAccount>()); } BrokerRequest brokerRequest = new BrokerRequest() { ClientId = clientId, RedirectUri = new Uri(redirectUri) }; try { await InitiateBrokerHandshakeAsync().ConfigureAwait(false); var accounts = GetBrokerAccounts(brokerRequest); return(_brokerHelper.ExtractBrokerAccountsFromAccountData(accounts)); } catch (Exception ex) { _logger.Error("[Android broker] Failed to get Android broker accounts from the broker. "); _brokerHelper.HandleBrokerOperationError(ex); throw; } } }
public async Task <IReadOnlyList <IAccount> > GetAccountsAsync( string clientID, string redirectUri, string authority, ICacheSessionManager cacheSessionManager, IInstanceDiscoveryManager instanceDiscoveryManager) { using (_logger.LogMethodDuration()) { if (!ApiInformation.IsMethodPresent( "Windows.Security.Authentication.Web.Core.WebAuthenticationCoreManager", "FindAllAccountsAsync")) { _logger.Info("WAM::FindAllAccountsAsync method does not exist. Returning 0 broker accounts. "); return(Array.Empty <IAccount>()); } var aadAccounts = await _aadPlugin.GetAccountsAsync(clientID, authority, cacheSessionManager, instanceDiscoveryManager).ConfigureAwait(false); var msaAccounts = await _msaPlugin.GetAccountsAsync(clientID, authority, cacheSessionManager, instanceDiscoveryManager).ConfigureAwait(false); return((aadAccounts.Concat(msaAccounts)).ToList()); } }
private async Task <Account> GetIdFromWebResponseAsync(string clientId, WebAccount webAccount, InstanceDiscoveryMetadataEntry envMetadata, ICacheSessionManager cacheManager) { MsalTokenResponse response = await AcquireBasicTokenSilentAsync( webAccount, clientId).ConfigureAwait(false); if (response != null) { var tuple = await cacheManager.SaveTokenResponseAsync(response).ConfigureAwait(false); _logger.InfoPii( $"[WAM AAD Provider] ConvertToMsalAccountOrNullAsync resolved account {webAccount.UserName} via web call? {tuple?.Item3 != null}", $"[WAM AAD Provider] ConvertToMsalAccountOrNullAsync resolved account via web call? {tuple?.Item3 != null}"); return(tuple.Item3); // Account } return(null); }