public async Task ATI_WithPicker_MsaPt_Async() { string homeAccId = $"{TestConstants.Uid}.{TestConstants.Utid}"; // Arrange using (var harness = CreateTestHarness()) { var requestParams = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant); // AAD authorities for whi // msa-pt scenario requestParams.AppConfig.IsMsaPassthrough = true; var accountPicker = Substitute.For <IAccountPicker>(); _accountPickerFactory.Create(Arg.Any <IntPtr>(), null, null, null, false).ReturnsForAnyArgs(accountPicker); var msaProvider = new WebAccountProvider("msa", "*****@*****.**", null); accountPicker.DetermineAccountInteractivelyAsync().Returns(Task.FromResult(msaProvider)); // AAD plugin + consumer provider = Guest MSA-PT scenario _webAccountProviderFactory.IsConsumerProvider(msaProvider).Returns(true); _msaPassthroughHandler.FetchTransferTokenAsync(requestParams, msaProvider) .Returns(Task.FromResult("transfer_token")); var aadProvider = new WebAccountProvider("aad", "*****@*****.**", null); _webAccountProviderFactory.GetAccountProviderAsync("home").Returns(aadProvider); // make sure the final request is done with the AAD provider var webTokenRequest = new WebTokenRequest(aadProvider); _aadPlugin.CreateWebTokenRequestAsync( aadProvider, requestParams, isForceLoginPrompt: false, isInteractive: true, isAccountInWam: false) .Returns(Task.FromResult(webTokenRequest)); var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>(); webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success); var webTokenResponse = new WebTokenResponse(); webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>() { webTokenResponse }); _wamProxy.RequestTokenForWindowAsync(Arg.Any <IntPtr>(), webTokenRequest). Returns(Task.FromResult(webTokenResponseWrapper)); _aadPlugin.ParseSuccessfullWamResponse(webTokenResponse, out _).Returns(_msalTokenResponse); var atiParams = new AcquireTokenInteractiveParameters(); // Act var result = await _wamBroker.AcquireTokenInteractiveAsync(requestParams, atiParams) .ConfigureAwait(false); // Assert Assert.AreSame(_msalTokenResponse, result); _msaPassthroughHandler.Received(1).AddTransferTokenToRequest(webTokenRequest, "transfer_token"); } }
private async Task <MsalTokenResponse> AcquireInteractiveWithPickerAsync( AuthenticationRequestParameters authenticationRequestParameters) { bool isMsaPassthrough = authenticationRequestParameters.AppConfig.IsMsaPassthrough; var accountPicker = _accountPickerFactory.Create( _parentHandle, _logger, _synchronizationContext, authenticationRequestParameters.Authority, isMsaPassthrough); IWamPlugin wamPlugin; WebTokenRequest webTokenRequest; try { WebAccountProvider accountProvider = await accountPicker.DetermineAccountInteractivelyAsync().ConfigureAwait(false); if (accountProvider == null) { throw new MsalClientException(MsalError.AuthenticationCanceledError, "WAM Account Picker did not return an account."); } bool isConsumerTenant = _webAccountProviderFactory.IsConsumerProvider(accountProvider); // WAM returns the tenant here, not the full authority wamPlugin = (isConsumerTenant && !isMsaPassthrough) ? _msaPlugin : _aadPlugin; string transferToken = null; if (isConsumerTenant && isMsaPassthrough) { // Get a transfer token to avoid prompting the user twice transferToken = await _msaPassthroughHandler.FetchTransferTokenAsync( authenticationRequestParameters, accountProvider).ConfigureAwait(false); // For MSA-PT, the MSA provider will issue v1 token, which cannot be used. // Only the AAD provider can issue a v2 token accountProvider = await _webAccountProviderFactory.GetAccountProviderAsync( authenticationRequestParameters.Authority.TenantId) .ConfigureAwait(false); } webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync( accountProvider, authenticationRequestParameters, isForceLoginPrompt : false, isInteractive : true, isAccountInWam : false) .ConfigureAwait(true); _msaPassthroughHandler.AddTransferTokenToRequest(webTokenRequest, transferToken); WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest); } catch (Exception ex) when(!(ex is MsalException)) { _logger.ErrorPii(ex); throw new MsalServiceException( MsalError.WamPickerError, "Could not get the account provider - account picker. See inner exception for details", ex); } IWebTokenRequestResultWrapper wamResult; try { wamResult = await _wamProxy.RequestTokenForWindowAsync(_parentHandle, webTokenRequest).ConfigureAwait(false); } catch (Exception ex) { _logger.ErrorPii(ex); throw new MsalServiceException( MsalError.WamPickerError, "Could not get the result - account picker. See inner exception for details", ex); } return(CreateMsalTokenResponse(wamResult, wamPlugin, isInteractive: true)); }