public async Task GetAccounts_WamAccounts_DifferentCloud_Async()
{
const string BogusAuthority = "https://login.bogus.com/common";
// Arrange
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null);
_webAccountProviderFactory.GetAccountProviderAsync("organizations").Returns(wamAccountProvider);
var wamAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected);
_wamProxy.FindAllWebAccountsAsync(wamAccountProvider, TestConstants.ClientId).Returns(new[] { wamAccount });
_wamProxy.TryGetAccountProperty(wamAccount, "Authority", out string _).Returns(x =>
{
x[2] = BogusAuthority;
return(true);
});
var rq = new Client.Internal.RequestContext(harness.ServiceBundle, Guid.NewGuid(), default);
_cacheSessionManager.RequestContext.Returns(rq);
_instanceDiscoveryManager.GetMetadataEntryTryAvoidNetworkAsync(
Arg.Any <AuthorityInfo>(),
Arg.Any <IEnumerable <string> >(), rq)
.Returns(CreateEntryForSingleAuthority(new Uri(TestConstants.AuthorityCommonTenant))); // user set this authority in config
// Act
var accounts = await _aadPlugin.GetAccountsAsync(
TestConstants.ClientId,
AuthorityInfo.FromAuthorityUri(TestConstants.AuthorityCommonTenant, true),
_cacheSessionManager,
_instanceDiscoveryManager).ConfigureAwait(false);
// Assert
Assert.AreEqual(0, accounts.Count(), "The only WAM account has an authority which is not in the aliases of the input authority, so it is not returned.");
}
}
/// <summary>
/// The algorithm here is much more complex in order to workaround a limitation in the AAD plugin's
/// handling of guest accounts:
///
/// 1. Read the accounts from WAM.AADPlugin
/// 2. For each account, we need to find its home_account_id as the one from WAM may not be correct
/// 3. If we can find a cached account with the same LocalAccountId or UPN, use it
/// 4. If not, make a simple silent token request and use the client info provided
/// </summary>
public async Task <IReadOnlyList <IAccount> > GetAccountsAsync(
string clientId,
AuthorityInfo authorityInfo,
Cache.ICacheSessionManager cacheSessionManager,
Instance.Discovery.IInstanceDiscoveryManager instanceDiscoveryManager)
{
var webAccountProvider = await _webAccountProviderFactory.GetAccountProviderAsync("organizations").ConfigureAwait(false);
var wamAccounts = await _wamProxy.FindAllWebAccountsAsync(webAccountProvider, clientId).ConfigureAwait(false);
if (wamAccounts.Count > 0)
{
var webAccountEnvs = wamAccounts
.Select(w =>
{
_wamProxy.TryGetAccountProperty(w, "Authority", out string accountAuthority);
if (accountAuthority != null)
{
return((new Uri(accountAuthority)).Host);
}
else
{
_logger.WarningPii(
$"[WAM AAD Provider] Could not convert the WAM account {w.UserName} (id: {w.Id}) to an MSAL account because the Authority could not be found",
$"[WAM AAD Provider] Could not convert the WAM account {w.Id} to an MSAL account because the Authority could not be found");
return(null);
}
})
.Where(a => a != null);
var instanceMetadata = await instanceDiscoveryManager.GetMetadataEntryTryAvoidNetworkAsync(authorityInfo, webAccountEnvs, cacheSessionManager.RequestContext)
.ConfigureAwait(false);
var accountsFromCache = await cacheSessionManager.GetAccountsAsync().ConfigureAwait(false);
var msalAccountTasks = wamAccounts
.Select(
async webAcc =>
await ConvertToMsalAccountOrNullAsync(
clientId,
webAcc,
instanceMetadata,
cacheSessionManager,
accountsFromCache).ConfigureAwait(false));
var msalAccounts = (await Task.WhenAll(msalAccountTasks).ConfigureAwait(false)).Where(a => a != null).ToList();
_logger.Info($"[WAM AAD Provider] GetAccountsAsync converted {msalAccounts.Count} accounts from {wamAccounts.Count} WAM accounts");
return(msalAccounts);
}
_logger.Info("[WAM AAD provider] No accounts found.");
return(Array.Empty <IAccount>());
}