|
public static GetMsalIdParameters ( ) : string>.IDictionary |
||
| return | string>.IDictionary | |
private Dictionary <string, string> CreateAuthorizationRequestParameters(Uri redirectUriOverride = null)
{
var extraScopesToConsent = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
if (!_interactiveParameters.ExtraScopesToConsent.IsNullOrEmpty())
{
extraScopesToConsent = ScopeHelper.CreateScopeSet(_interactiveParameters.ExtraScopesToConsent);
}
if (extraScopesToConsent.Contains(_requestParams.AppConfig.ClientId))
{
throw new ArgumentException("API does not accept client id as a user-provided scope");
}
var unionScope = ScopeHelper.GetMsalScopes(
new HashSet <string>(_requestParams.Scope.Concat(extraScopesToConsent)));
var authorizationRequestParameters = new Dictionary <string, string>
{
[OAuth2Parameter.Scope] = unionScope.AsSingleString(),
[OAuth2Parameter.ResponseType] = OAuth2ResponseType.Code,
[OAuth2Parameter.ClientId] = _requestParams.AppConfig.ClientId,
[OAuth2Parameter.RedirectUri] = redirectUriOverride?.OriginalString ?? _requestParams.RedirectUri.OriginalString
};
if (!string.IsNullOrWhiteSpace(_requestParams.ClaimsAndClientCapabilities))
{
authorizationRequestParameters[OAuth2Parameter.Claims] = _requestParams.ClaimsAndClientCapabilities;
}
if (!string.IsNullOrWhiteSpace(_interactiveParameters.LoginHint))
{
authorizationRequestParameters[OAuth2Parameter.LoginHint] = _interactiveParameters.LoginHint;
}
if (_requestParams.RequestContext.CorrelationId != Guid.Empty)
{
authorizationRequestParameters[OAuth2Parameter.CorrelationId] =
_requestParams.RequestContext.CorrelationId.ToString();
}
foreach (KeyValuePair <string, string> kvp in MsalIdHelper.GetMsalIdParameters(_requestParams.RequestContext.Logger))
{
authorizationRequestParameters[kvp.Key] = kvp.Value;
}
if (_interactiveParameters.Prompt == Prompt.NotSpecified)
{
authorizationRequestParameters[OAuth2Parameter.Prompt] = Prompt.SelectAccount.PromptValue;
}
else if (_interactiveParameters.Prompt.PromptValue != Prompt.NoPrompt.PromptValue)
{
authorizationRequestParameters[OAuth2Parameter.Prompt] = _interactiveParameters.Prompt.PromptValue;
}
return(authorizationRequestParameters);
}
private void Log(LogLevel msalLogLevel, string messageWithPii, string messageScrubbed)
{
if (msalLogLevel > Logger.Level)
{
return;
}
//format log message;
string correlationId = CorrelationId.Equals(Guid.Empty)
? string.Empty
: " - " + CorrelationId;
var msalIdParameters = MsalIdHelper.GetMsalIdParameters();
string os = "N/A";
if (msalIdParameters.TryGetValue(MsalIdParameter.OS, out string osValue))
{
os = osValue;
}
bool messageWithPiiExists = !string.IsNullOrWhiteSpace(messageWithPii);
// If we have a message with PII, and PII logging is enabled, use the PII message, else use the scrubbed message.
bool isLoggingPii = messageWithPiiExists && Logger.PiiLoggingEnabled;
string messageToLog = isLoggingPii ? messageWithPii : messageScrubbed;
string log = string.Format(CultureInfo.InvariantCulture, "{0} MSAL {1} {2} {3} [{4}{5}]{6} {7}",
isLoggingPii ? "(True)" : "(False)",
MsalIdHelper.GetMsalVersion(),
msalIdParameters[MsalIdParameter.Product],
os, DateTime.UtcNow, correlationId, Component, messageToLog);
if (Logger.DefaultLoggingEnabled)
{
switch (Logger.Level)
{
case LogLevel.Error:
_platformLogger.Error(log);
break;
case LogLevel.Warning:
_platformLogger.Warning(log);
break;
case LogLevel.Info:
_platformLogger.Information(log);
break;
case LogLevel.Verbose:
_platformLogger.Verbose(log);
break;
}
}
ExecuteCallback(msalLogLevel, log, isLoggingPii);
}
public async Task <T> GetResponseAsync <T>(string endpointType)
{
T typedResponse = default(T);
ClientMetrics clientMetrics = new ClientMetrics();
try
{
clientMetrics.BeginClientMetricsRecord(this.CallState);
Dictionary <string, string> clientMetricsHeaders = clientMetrics.GetPreviousRequestRecord(this.CallState);
foreach (KeyValuePair <string, string> kvp in clientMetricsHeaders)
{
this.Client.Headers[kvp.Key] = kvp.Value;
}
IDictionary <string, string> adalIdHeaders = MsalIdHelper.GetMsalIdParameters();
foreach (KeyValuePair <string, string> kvp in adalIdHeaders)
{
this.Client.Headers[kvp.Key] = kvp.Value;
}
IHttpWebResponse response;
using (response = await this.Client.GetResponseAsync().ConfigureAwait(false))
{
typedResponse = DeserializeResponse <T>(response.ResponseStream);
clientMetrics.SetLastError(null);
}
}
catch (HttpRequestWrapperException ex)
{
PlatformPlugin.Logger.Error(this.CallState, ex);
MsalServiceException serviceEx;
if (ex.WebResponse != null)
{
TokenResponse tokenResponse = TokenResponse.CreateFromErrorResponse(ex.WebResponse);
string[] errorCodes = tokenResponse.ErrorCodes ?? new[] { ex.WebResponse.StatusCode.ToString() };
serviceEx = new MsalServiceException(tokenResponse.Error, tokenResponse.ErrorDescription,
errorCodes, ex);
}
else
{
serviceEx = new MsalServiceException(MsalError.Unknown, ex);
}
clientMetrics.SetLastError(serviceEx.ServiceErrorCodes);
PlatformPlugin.Logger.Error(CallState, serviceEx);
throw serviceEx;
}
finally
{
clientMetrics.EndClientMetricsRecord(endpointType, this.CallState);
}
return(typedResponse);
}
private Dictionary <string, string> CreateAuthorizationRequestParameters(Uri redirectUriOverride = null)
{
var extraScopesToConsent = new SortedSet <string>();
if (!_interactiveParameters.ExtraScopesToConsent.IsNullOrEmpty())
{
extraScopesToConsent = ScopeHelper.CreateSortedSetFromEnumerable(_interactiveParameters.ExtraScopesToConsent);
}
if (extraScopesToConsent.Contains(_requestParams.ClientId))
{
throw new ArgumentException("API does not accept client id as a user-provided scope");
}
SortedSet <string> unionScope = GetDecoratedScope(
new SortedSet <string>(_requestParams.Scope.Union(extraScopesToConsent)));
var authorizationRequestParameters = new Dictionary <string, string>
{
[OAuth2Parameter.Scope] = unionScope.AsSingleString(),
[OAuth2Parameter.ResponseType] = OAuth2ResponseType.Code,
[OAuth2Parameter.ClientId] = _requestParams.ClientId,
[OAuth2Parameter.RedirectUri] = redirectUriOverride?.OriginalString ?? _requestParams.RedirectUri.OriginalString
};
if (!string.IsNullOrWhiteSpace(_requestParams.ClaimsAndClientCapabilities))
{
authorizationRequestParameters[OAuth2Parameter.Claims] = _requestParams.ClaimsAndClientCapabilities;
}
if (!string.IsNullOrWhiteSpace(_interactiveParameters.LoginHint))
{
authorizationRequestParameters[OAuth2Parameter.LoginHint] = _interactiveParameters.LoginHint;
}
if (_requestParams.RequestContext?.Logger?.CorrelationId != Guid.Empty)
{
authorizationRequestParameters[OAuth2Parameter.CorrelationId] =
_requestParams.RequestContext.Logger.CorrelationId.ToString();
}
foreach (KeyValuePair <string, string> kvp in MsalIdHelper.GetMsalIdParameters(_requestParams.RequestContext.Logger))
{
authorizationRequestParameters[kvp.Key] = kvp.Value;
}
if (_interactiveParameters.Prompt.PromptValue != Prompt.NoPrompt.PromptValue)
{
authorizationRequestParameters[OAuth2Parameter.Prompt] = _interactiveParameters.Prompt.PromptValue;
}
return(authorizationRequestParameters);
}
private Dictionary <string, string> CreateAuthorizationRequestParameters(Uri redirectUriOverride = null)
{
var extraScopesToConsent = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
if (!_interactiveParameters.ExtraScopesToConsent.IsNullOrEmpty())
{
extraScopesToConsent = ScopeHelper.CreateScopeSet(_interactiveParameters.ExtraScopesToConsent);
}
if (extraScopesToConsent.Contains(_requestParams.AppConfig.ClientId))
{
throw new ArgumentException("API does not accept client id as a user-provided scope");
}
var unionScope = ScopeHelper.GetMsalScopes(
new HashSet <string>(_requestParams.Scope.Concat(extraScopesToConsent)));
var authorizationRequestParameters = new Dictionary <string, string>
{
[OAuth2Parameter.Scope] = unionScope.AsSingleString(),
[OAuth2Parameter.ResponseType] = OAuth2ResponseType.Code,
[OAuth2Parameter.ClientId] = _requestParams.AppConfig.ClientId,
[OAuth2Parameter.RedirectUri] = redirectUriOverride?.OriginalString ?? _requestParams.RedirectUri.OriginalString
};
if (!string.IsNullOrWhiteSpace(_requestParams.ClaimsAndClientCapabilities))
{
authorizationRequestParameters[OAuth2Parameter.Claims] = _requestParams.ClaimsAndClientCapabilities;
}
if (!string.IsNullOrWhiteSpace(_interactiveParameters.LoginHint))
{
authorizationRequestParameters[OAuth2Parameter.LoginHint] = _interactiveParameters.LoginHint;
//The CCS header is used by the CCS service to help route requests to resources in Azure during requests to speed up authentication.
//It consists of either the ObjectId.TenantId or the upn of the account signign in.
//See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2525
string OidCcsHeader = CoreHelpers.GetCcsUpnHeader(_interactiveParameters.LoginHint);
authorizationRequestParameters[Constants.CcsRoutingHintHeader] = OidCcsHeader;
}
if (_requestParams.RequestContext.CorrelationId != Guid.Empty)
{
authorizationRequestParameters[OAuth2Parameter.CorrelationId] =
_requestParams.RequestContext.CorrelationId.ToString();
}
foreach (KeyValuePair <string, string> kvp in MsalIdHelper.GetMsalIdParameters(_requestParams.RequestContext.Logger))
{
authorizationRequestParameters[kvp.Key] = kvp.Value;
}
if (_interactiveParameters.Prompt == Prompt.NotSpecified)
{
authorizationRequestParameters[OAuth2Parameter.Prompt] = Prompt.SelectAccount.PromptValue;
}
else if (_interactiveParameters.Prompt.PromptValue != Prompt.NoPrompt.PromptValue)
{
authorizationRequestParameters[OAuth2Parameter.Prompt] = _interactiveParameters.Prompt.PromptValue;
}
return(authorizationRequestParameters);
}