public async Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
using (_logger.LogMethodDuration())
{
var defaultAccountProvider = await _webAccountProviderFactory.GetDefaultProviderAsync().ConfigureAwait(false);
if (defaultAccountProvider == null)
{
throw new MsalUiRequiredException(
MsalError.InteractionRequired,
"A default account was not found");
}
// special case: passthrough + default MSA account. Need to use the transfer token protocol.
if (_wamOptions.MsaPassthrough &&
_webAccountProviderFactory.IsConsumerProvider(defaultAccountProvider))
{
return(await AcquireTokenSilentDefaultUserPassthroughAsync(authenticationRequestParameters, defaultAccountProvider).ConfigureAwait(false));
}
bool isMsa = await IsMsaRequestAsync(
authenticationRequestParameters.Authority,
null,
_wamOptions.MsaPassthrough).ConfigureAwait(false);
IWamPlugin wamPlugin = isMsa ? _msaPlugin : _aadPlugin;
WebAccountProvider provider = await GetProviderAsync(
authenticationRequestParameters.Authority.AuthorityInfo.CanonicalAuthority,
isMsa).ConfigureAwait(false);
WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync(
provider,
authenticationRequestParameters,
isForceLoginPrompt : false,
isAccountInWam : false,
isInteractive : false)
.ConfigureAwait(false);
WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest, _logger);
var wamResult =
await _wamProxy.GetTokenSilentlyForDefaultAccountAsync(webTokenRequest).ConfigureAwait(false);
return(WamAdapters.CreateMsalResponseFromWamResponse(
wamResult,
wamPlugin,
authenticationRequestParameters.AppConfig.ClientId,
_logger,
isInteractive: false));
}
}
public async Task FetchTransferToken_DefaultAccount_Silent_Async()
{
// Arrange
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
var msaProvider = new WebAccountProvider("id", "*****@*****.**", null);
Client.Internal.Requests.AuthenticationRequestParameters requestParams =
harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
validateAuthority: true);
requestParams.AppConfig.WindowsBrokerOptions = new WindowsBrokerOptions()
{
MsaPassthrough = true
};
var msaRequest = new WebTokenRequest(msaProvider);
_msaPlugin.CreateWebTokenRequestAsync(msaProvider, requestParams, false, false, true, MsaPassthroughHandler.TransferTokenScopes)
.Returns(Task.FromResult(msaRequest));
var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>();
webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success);
WebAccount accountFromMsaProvider = new WebAccount(msaProvider, "*****@*****.**", WebAccountState.Connected);
var webTokenResponse = new WebTokenResponse("transfer_token", accountFromMsaProvider);
webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>()
{
webTokenResponse
});
_wamProxy.GetTokenSilentlyForDefaultAccountAsync(msaRequest).Returns(webTokenResponseWrapper);
_msaPlugin.ParseSuccessfullWamResponse(Arg.Any <WebTokenResponse>(), out Arg.Any <Dictionary <string, string> >())
.Returns(x =>
{
x[1] = new Dictionary <string, string>();
(x[1] as Dictionary <string, string>).Add("code", "actual_transfer_token");
return(new MsalTokenResponse());
});
// Act
var transferToken = await _msaPassthroughHandler.TryFetchTransferTokenSilentDefaultAccountAsync(
requestParams,
msaProvider)
.ConfigureAwait(false);
// Assert
Assert.AreEqual("actual_transfer_token", transferToken);
}
}
public async Task ATS_DefaultAccount_Async()
{
string homeAccId = $"{TestConstants.Uid}.{TestConstants.Utid}";
// Arrange
using (var harness = CreateTestHarness())
{
var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null);
var requestParams = harness.CreateAuthenticationRequestParameters(TestConstants.AuthorityHomeTenant); // AAD authority, no account
var webTokenRequest = new WebTokenRequest(wamAccountProvider);
var atsParams = new AcquireTokenSilentParameters();
_webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider));
var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>();
webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success);
var webTokenResponse = new WebTokenResponse();
webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>()
{
webTokenResponse
});
_aadPlugin.CreateWebTokenRequestAsync(
wamAccountProvider,
requestParams,
isForceLoginPrompt: false,
isAccountInWam: false,
isInteractive: false)
.Returns(Task.FromResult(webTokenRequest));
_wamProxy.GetTokenSilentlyForDefaultAccountAsync(webTokenRequest).
Returns(Task.FromResult(webTokenResponseWrapper));
_aadPlugin.ParseSuccesfullWamResponse(webTokenResponse).Returns(_msalTokenResponse);
// Act
var result = await _wamBroker.AcquireTokenSilentDefaultUserAsync(requestParams, atsParams).ConfigureAwait(false);
// Assert
Assert.AreSame(_msalTokenResponse, result);
await _aadPlugin.Received(1).CreateWebTokenRequestAsync(wamAccountProvider,
requestParams,
isForceLoginPrompt: false,
isAccountInWam: false,
isInteractive: false).ConfigureAwait(false);
}
}
public async Task <MsalTokenResponse> AcquireTokenSilentDefaultUserAsync(
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenSilentParameters acquireTokenSilentParameters)
{
using (_logger.LogMethodDuration())
{
bool isMsa = await IsMsaRequestAsync(
authenticationRequestParameters.Authority,
null,
_wamOptions.MsaPassthrough).ConfigureAwait(false);
IWamPlugin wamPlugin = isMsa ? _msaPlugin : _aadPlugin;
WebAccountProvider provider = await GetProviderAsync(
authenticationRequestParameters.Authority.AuthorityInfo.CanonicalAuthority,
isMsa).ConfigureAwait(false);
WebTokenRequest webTokenRequest = await wamPlugin.CreateWebTokenRequestAsync(
provider,
authenticationRequestParameters,
isForceLoginPrompt : false,
isAccountInWam : false,
isInteractive : false)
.ConfigureAwait(false);
WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequest, _logger);
var wamResult =
await _wamProxy.GetTokenSilentlyForDefaultAccountAsync(webTokenRequest).ConfigureAwait(false);
return(WamAdapters.CreateMsalResponseFromWamResponse(
wamResult,
wamPlugin,
authenticationRequestParameters.AppConfig.ClientId,
_logger,
isInteractive: false));
}
}
public async Task <string> TryFetchTransferTokenSilentDefaultAccountAsync(AuthenticationRequestParameters authenticationRequestParameters, WebAccountProvider accountProvider)
{
// First party apps can have MSA-PT enabled and can configured to allow MSA users
_logger.Verbose("WAM MSA-PT - fetching transfer token for silent flow with default OS account");
var webTokenRequestMsa = await _msaPlugin.CreateWebTokenRequestAsync(
accountProvider,
authenticationRequestParameters,
isForceLoginPrompt : false,
isInteractive : false,
isAccountInWam : true,
TransferTokenScopes)
.ConfigureAwait(false);
WamAdapters.AddMsalParamsToRequest(authenticationRequestParameters, webTokenRequestMsa, _logger);
var transferResponse = await _wamProxy.GetTokenSilentlyForDefaultAccountAsync(webTokenRequestMsa)
.ConfigureAwait(true);
return(ExtractTransferToken(
authenticationRequestParameters.AppConfig.ClientId,
transferResponse,
isInteractive: false));
}