public void DeleteAccessToken(MsalAccessTokenCacheKey cacheKey)
 {
     if (!_accessTokenCacheDictionary.TryRemove(cacheKey.ToString(), out _))
     {
         _logger.InfoPii(
             $"Cannot delete an access token because it was already deleted. Key {cacheKey}",
             "Cannot delete an access token because it was already deleted");
     }
 }
        private Intent GetInteractiveBrokerIntent(BrokerRequest brokerRequest, Intent brokerIntent)
        {
            ValidateBrokerRedirectURI(brokerRequest);
            string brokerRequestJson = JsonHelper.SerializeToJson(brokerRequest);

            _logger.InfoPii("GetInteractiveBrokerIntent: " + brokerRequestJson, "Enable PII to see the broker request. ");
            brokerIntent.PutExtra(BrokerConstants.BrokerRequestV2, brokerRequestJson);

            return(brokerIntent);
        }
Esempio n. 3
0
        public Bundle CreateSilentBrokerBundle(BrokerRequest brokerRequest)
        {
            ValidateBrokerRedirectURI(brokerRequest);
            Bundle bundle            = new Bundle();
            string brokerRequestJson = JsonHelper.SerializeToJson(brokerRequest);

            _logger.InfoPii("[Android broker] CreateSilentBrokerBundle: " + brokerRequestJson, "Enable PII to see the silent broker request. ");
            bundle.PutString(BrokerConstants.BrokerRequestV2, brokerRequestJson);
            bundle.PutInt(BrokerConstants.CallerInfoUID, Binder.CallingUid);

            return(bundle);
        }
Esempio n. 4
0
        public void DeleteAccessToken(MsalAccessTokenCacheItem item)
        {
            string partitionKey = CacheKeyFactory.GetKeyFromCachedItem(item);

            AccessTokenCacheDictionary.TryGetValue(partitionKey, out var partition);
            if (partition == null || !partition.TryRemove(item.GetKey().ToString(), out _))
            {
                _logger.InfoPii(
                    $"Cannot delete access token because it was not found in the cache. Key {item.GetKey()}.",
                    "Cannot delete access token because it was not found in the cache.");
            }
        }
Esempio n. 5
0
        internal void LogParameters(ICoreLogger logger)
        {
            logger.Info("DefaultBrowserOptions configured");

            logger.InfoPii("HtmlMessageSuccess " + HtmlMessageSuccess,
                           "HtmlMessageSuccess? " + !String.IsNullOrEmpty(HtmlMessageSuccess));
            logger.InfoPii("HtmlMessageError " + HtmlMessageError,
                           "HtmlMessageError? " + !String.IsNullOrEmpty(HtmlMessageError));
            logger.InfoPii("BrowserRedirectSuccess " + BrowserRedirectSuccess,
                           "BrowserRedirectSuccess? " + (BrowserRedirectSuccess != null));
            logger.InfoPii("BrowserRedirectError " + BrowserRedirectError,
                           "BrowserRedirectError? " + (BrowserRedirectError != null));
        }
Esempio n. 6
0
        private async Task <Account> ConvertToMsalAccountOrNullAsync(
            string clientId,
            WebAccount webAccount,
            InstanceDiscoveryMetadataEntry envMetadata,
            ICacheSessionManager cacheManager,
            IEnumerable <IAccount> accountsFromCache)
        {
            webAccount.Properties.TryGetValue("TenantId", out string realm);

            if (!_wamProxy.TryGetAccountProperty(webAccount, "Authority", out string accountAuthority))
            {
                _logger.WarningPii(
                    $"[WAM AAD Provider] Could not convert the WAM account {webAccount.UserName} (id: {webAccount.Id}) to an MSAL account because the Authority could not be found",
                    $"[WAM AAD Provider] Could not convert the WAM account {webAccount.Id} to an MSAL account because the Authority could not be found");

                return(null);
            }

            string accountEnv = (new Uri(accountAuthority)).Host;

            if (!envMetadata.Aliases.ContainsOrdinalIgnoreCase(accountEnv))
            {
                _logger.InfoPii(
                    $"[WAM AAD Provider] Account {webAccount.UserName} enviroment {accountEnv} does not match input authority env {envMetadata.PreferredNetwork} or an alias",
                    $"[WAM AAD Provider] Account enviroment {accountEnv} does not match input authority env {envMetadata.PreferredNetwork}");

                return(null);
            }

            if (MatchCacheAccount(webAccount, accountsFromCache, out AccountId homeAccountId))
            {
                _logger.VerbosePii(
                    $"[WAM AAD Provider] ConvertToMsalAccountOrNullAsync account {webAccount.UserName} matched a cached account",
                    $"[WAM AAD Provider] Account matched a cache account");


                return(new Account(
                           homeAccountId.Identifier,
                           webAccount.UserName,
                           envMetadata.PreferredNetwork,
                           new Dictionary <string, string>()
                {
                    { clientId, webAccount.Id }
                }));
            }

            return(await GetIdFromWebResponseAsync(clientId, webAccount, envMetadata, cacheManager).ConfigureAwait(false));
        }
Esempio n. 7
0
        internal void LogParameters(ICoreLogger logger)
        {
            logger.Info("WebView2Options configured");

            logger.Info($"Title: {Title}");
            logger.InfoPii($"BrowserExecutableFolder: {WebView2BrowserExecutableFolder}", "BrowserExecutableFolder set");
        }
 /// <inheritdoc />
 public void LogParameters(ICoreLogger logger)
 {
     logger.Info("=== AcquireTokenSilent Parameters ===");
     logger.Info("LoginHint provided: " + !string.IsNullOrEmpty(LoginHint));
     logger.InfoPii(
         "Account provided: " + ((Account != null) ? Account.ToString() : "false"),
         "Account provided: " + (Account != null));
     logger.Info("ForceRefresh: " + ForceRefresh);
 }
Esempio n. 9
0
        private Bundle CreateInteractiveBrokerBundle(BrokerRequest brokerRequest)
        {
            _brokerHelper.ValidateBrokerRedirectUri(brokerRequest);

            Bundle bundle            = new Bundle();
            string brokerRequestJson = JsonHelper.SerializeToJson(brokerRequest);

            bundle.PutString(BrokerConstants.BrokerRequestV2, brokerRequestJson);
            bundle.PutInt(BrokerConstants.CallerInfoUID, Binder.CallingUid);
            _logger.InfoPii("[Android broker] GetInteractiveBrokerBundle: " + brokerRequestJson, "Enable PII to see the broker request. ");
            return(bundle);
        }
        public bool TryGetOrRemoveExpired(string key, ICoreLogger logger, out MsalServiceException ex)
        {
            ex = null;
            if (_cache.TryGetValue(key, out var entry))
            {
                logger.Info($"[Throttling] Entry found. Creation: {entry.CreationTime} Expiration: {entry.ExpirationTime} ");
                if (entry.IsExpired)
                {
                    logger.Info($"[Throttling] Removing entry because it is expired");
                    _cache.TryRemove(key, out _);
                    return(false);
                }

                logger.InfoPii($"[Throttling] Returning valid entry for key {key}", "[Throttling] Returning valid entry.");
                ex = entry.Exception;
                return(true);
            }

            return(false);
        }
Esempio n. 11
0
        public void LogParameters(ICoreLogger logger)
        {
            // Create Pii enabled string builder
            var builder = new StringBuilder(
                Environment.NewLine + "=== Request Data ===" + Environment.NewLine + "Authority Provided? - " +
                (Authority != null) + Environment.NewLine);

            builder.AppendLine("Client Id - " + ClientId)
            .AppendLine("Scopes - " + Scope?.AsSingleString())
            .AppendLine("Redirect Uri - " + RedirectUri?.OriginalString)
            .AppendLine("Extra Query Params Keys (space separated) - " + ExtraQueryParameters.Keys.AsSingleString());

            string messageWithPii = builder.ToString();

            // Create no Pii enabled string builder
            builder = new StringBuilder(
                Environment.NewLine + "=== Request Data ===" + Environment.NewLine + "Authority Provided? - " +
                (Authority != null) + Environment.NewLine);
            builder.AppendLine("Scopes - " + Scope?.AsSingleString())
            .AppendLine("Extra Query Params Keys (space separated) - " + ExtraQueryParameters.Keys.AsSingleString());
            logger.InfoPii(messageWithPii, builder.ToString());
        }
Esempio n. 12
0
        private string ExtractTransferToken(
            string clientId,
            IWebTokenRequestResultWrapper transferResponse,
            bool isInteractive)
        {
            if (!transferResponse.ResponseStatus.IsSuccessStatus())
            {
                try
                {
                    _ = WamAdapters.CreateMsalResponseFromWamResponse(
                        transferResponse,
                        _msaPlugin,
                        clientId,
                        _logger,
                        isInteractive: isInteractive);
                }
                catch (MsalServiceException exception)
                {
                    _logger.Warning(
                        "WAM MSA-PT: could not get a transfer token, ussually this is because the " +
                        "1st party app is configured for MSA-PT but not configured to login MSA users (signinaudience =2). " +
                        "Error was: " + exception.ErrorCode + " " + exception.Message);
                }

                return(null);
            }

            _ = _msaPlugin.ParseSuccessfullWamResponse(transferResponse.ResponseData[0], out var properties);
            properties.TryGetValue("code", out string code);

            // Important: cannot use this WebAccount with the AAD provider
            WebAccount msaPtWebAccount = transferResponse.ResponseData[0].WebAccount;

            _logger.InfoPii($"Obtained a transfer token for {msaPtWebAccount.UserName} ?  {code != null}", $"Obtained a transfer token? {code != null}");

            return(code);
        }
        public MsalTokenResponse ParseSuccesfullWamResponse(WebTokenResponse webTokenResponse)
        {
            if (!webTokenResponse.Properties.TryGetValue("TokenExpiresOn", out string expiresOn))
            {
                _logger.Warning("Result from WAM does not have expiration. Marking access token as expired.");
                expiresOn = null;
            }

            if (!webTokenResponse.Properties.TryGetValue("ExtendedLifetimeToken", out string extendedExpiresOn))
            {
                extendedExpiresOn = null;
            }

            if (!webTokenResponse.Properties.TryGetValue("Authority", out string authority))
            {
                _logger.Error("Result from WAM does not have authority.");
                return(new MsalTokenResponse()
                {
                    Error = "no_authority_in_wam_response",
                    ErrorDescription = "No authority in WAM response"
                });
            }

            if (!webTokenResponse.Properties.TryGetValue("correlationId", out string correlationId))
            {
                _logger.Warning("No correlation ID in response");
                correlationId = null;
            }

            bool hasIdToken = webTokenResponse.Properties.TryGetValue("wamcompat_id_token", out string idToken);

            _logger.Info("Result from WAM has id token? " + hasIdToken);

            bool hasClientInfo = webTokenResponse.Properties.TryGetValue("wamcompat_client_info", out string clientInfo);

            _logger.Info("Result from WAM has client info? " + hasClientInfo);

            bool hasScopes = webTokenResponse.Properties.TryGetValue("wamcompat_scopes", out string scopes);

            _logger.InfoPii("Result from WAM scopes: " + scopes,
                            "Result from WAM has scopes? " + hasScopes);

            //foreach (var kvp in webTokenResponse.Properties)
            //{
            //    Debug.WriteLine($"Other params {kvp.Key}: {kvp.Value}");
            //}

            MsalTokenResponse msalTokenResponse = new MsalTokenResponse()
            {
                AccessToken       = webTokenResponse.Token,
                IdToken           = idToken,
                CorrelationId     = correlationId,
                Scope             = scopes,
                ExpiresIn         = CoreHelpers.GetDurationFromWindowsTimestamp(expiresOn, _logger),
                ExtendedExpiresIn = CoreHelpers.GetDurationFromWindowsTimestamp(extendedExpiresOn, _logger),
                ClientInfo        = clientInfo,
                TokenType         = "Bearer",
                WamAccountId      = webTokenResponse.WebAccount.Id,
                TokenSource       = TokenSource.Broker
            };

            return(msalTokenResponse);
        }