public void AcquireTokenAddTwoUsersTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = app.AcquireTokenAsync(TestConstants.Scope).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(), result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId);
Assert.AreEqual(TestConstants.IdentityProvider, result.TenantId);
// repeat interactive call and pass in the same user
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.Scope.ToString(),
MockHelpers.CreateIdToken(TestConstants.UniqueId + "more", TestConstants.DisplayableId + "more",
TestConstants.IdentityProvider + "more"),
MockHelpers.CreateClientInfo(TestConstants.Uid + "more",
TestConstants.IdentityProvider + "more"))
});
result = app.AcquireTokenAsync(TestConstants.Scope).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId + "more", result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(TestConstants.Uid + "more",
TestConstants.IdentityProvider + "more"), result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId + "more", result.User.DisplayableId);
Assert.AreEqual(TestConstants.IdentityProvider + "more", result.TenantId);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public async Task AutoPromptBehaviorTestAsync()
{
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
PostData = new Dictionary <string, string>()
{
{ "grant_type", "authorization_code" }
}
});
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Auto)).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.IsNotNull(result.UserInfo);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.UserInfo.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.UserInfo.UniqueId);
// There should be one cached entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
public async Task AuthenticationContextAuthorityValidationTestAsync()
{
AuthenticationContext context = null;
AuthenticationResult result = null;
try
{
context = new AuthenticationContext("https://login.contoso.com/adfs");
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters);
}
catch (ArgumentException ex)
{
Assert.AreEqual(ex.ParamName, "validateAuthority");
}
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
//whitelisted authority
context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, true);
result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters,
new UserIdentifier(TestConstants.DefaultDisplayableId, UserIdentifierType.RequiredDisplayableId));
Assert.IsNotNull(result);
Assert.AreEqual(result.AccessToken, "some-access-token");
Assert.IsNotNull(result.UserInfo);
//add handler to return failed discovery response
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Get,
ResponseMessage =
MockHelpers.CreateFailureResponseMessage(
"{\"error\":\"invalid_instance\",\"error_description\":\"AADSTS70002: Error in validating authority.\"}")
});
try
{
context = new AuthenticationContext("https://login.microsoft0nline.com/common");
result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters);
}
catch (AdalException ex)
{
Assert.AreEqual(ex.ErrorCode, AdalError.AuthorityNotInValidList);
}
}
public async Task ForcePromptForSelectAccountPromptBehaviorTestAsync()
{
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"),
// validate that authorizationUri passed to WebUi contains prompt=select_account query parameter
new Dictionary <string, string> {
{ "prompt", "select_account" }
});
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
await context.TokenCache.StoreToCacheAsync(new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token",
DateTimeOffset.UtcNow + TimeSpan.FromMinutes(100))
{
UserInfo =
new UserInfo()
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId
}
},
},
TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
new CallState(new Guid())).ConfigureAwait(false);
ResetInstanceDiscovery();
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
PostData = new Dictionary <string, string>
{
{ "grant_type", "authorization_code" }
}
});
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.SelectAccount)).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.IsNotNull(result.UserInfo);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.UserInfo.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.UserInfo.UniqueId);
// There should be only one cache entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
public async Task SovereignUserWorldWideAuthorityIntegrationTest()
{
// creating AuthenticationContext with common Authority
var authenticationContext =
new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, false, new TokenCache());
// mock value for authentication returnedUriInput, with cloud_instance_name claim
var authReturnedUriInputMock = TestConstants.DefaultRedirectUri + "?code=some-code" + "&" +
TokenResponseClaim.CloudInstanceHost + "=" + SovereignAuthorityHost;
MockHelpers.ConfigureMockWebUI(
new AuthorizationResult(AuthorizationStatus.Success, authReturnedUriInputMock),
// validate that authorizationUri passed to WebUi contains instance_aware query parameter
new Dictionary <string, string> {
{ "instance_aware", "true" }
});
HttpMessageHandlerFactory.AddMockHandler(MockHelpers.CreateInstanceDiscoveryMockHandler(TestConstants.GetDiscoveryEndpoint(TestConstants.DefaultAuthorityCommonTenant)));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityBlackforestTenant))
{
Method = HttpMethod.Post,
ResponseMessage =
MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.DefaultUniqueId,
TestConstants.DefaultDisplayableId, TestConstants.DefaultResource),
AdditionalRequestValidation = request =>
{
// make sure that Sovereign authority was used for Authorization request
Assert.AreEqual(SovereignAuthorityHost, request.RequestUri.Authority);
}
});
var authenticationResult = await authenticationContext.AcquireTokenAsync(TestConstants.DefaultResource,
TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, _platformParameters, UserIdentifier.AnyUser, "instance_aware=true");
// make sure that tenant specific sovereign Authority returned to the app in AuthenticationResult
Assert.AreEqual(_sovereignTenantSpecificAuthority, authenticationResult.Authority);
// make sure that AuthenticationContext Authority was updated
Assert.AreEqual(_sovereignTenantSpecificAuthority, authenticationContext.Authority);
// make sure AT was stored in the cache with tenant specific Sovereign Authority in the key
Assert.AreEqual(1, authenticationContext.TokenCache.tokenCacheDictionary.Count);
Assert.AreEqual(_sovereignTenantSpecificAuthority,
authenticationContext.TokenCache.tokenCacheDictionary.Keys.FirstOrDefault()?.Authority);
// all mocks are consumed
Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount());
}
public async Task AutoPromptBehaviorWithExpiredAccessTokenAndGoodRefreshTokenInCacheTestAsync()
{
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
await context.TokenCache.StoreToCacheAsync(new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token", DateTimeOffset.UtcNow)
{
UserInfo =
new UserInfo()
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId
}
},
},
TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
new CallState(new Guid())).ConfigureAwait(false);
ResetInstanceDiscovery();
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
PostData = new Dictionary <string, string>()
{
{ "grant_type", "refresh_token" }
}
});
AuthenticationResult result =
await
context.AcquireTokenSilentAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
new UserIdentifier(TestConstants.DefaultDisplayableId, UserIdentifierType.RequiredDisplayableId),
new PlatformParameters(PromptBehavior.Auto)).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("some-access-token", result.AccessToken);
// There should be only one cache entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
public async Task AcquireTokenWithAuthenticationCanceledTest()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, new TokenCache());
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.UserCancel,
TestConstants.DefaultRedirectUri + "?error=user_cancelled"));
try
{
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters);
}
catch (AdalServiceException ex)
{
Assert.AreEqual(ex.ErrorCode, AdalError.AuthenticationCanceled);
}
}
public async Task AcquireTokenNoClientInfoReturnedTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage("some-scope1 some-scope2",
MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId), string.Empty)
});
try
{
AuthenticationResult result = await app.AcquireTokenAsync(TestConstants.Scope).ConfigureAwait(false);
}
catch (MsalClientException exc)
{
Assert.IsNotNull(exc);
Assert.AreEqual(MsalClientException.JsonParseError, exc.ErrorCode);
Assert.AreEqual("client info is null", exc.Message);
}
finally
{
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
}
public async Task AcquireTokenPositiveWithNullCacheTest()
{
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
var context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, null);
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters);
Assert.IsNotNull(result);
Assert.AreEqual(result.AccessToken, "some-access-token");
Assert.IsNotNull(result.UserInfo);
}
public async Task NoStateReturnedTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
MockWebUI ui = new MockWebUI()
{
AddStateInAuthorizationResult = false,
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(ui);
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
try
{
AuthenticationResult result = await app.AcquireTokenAsync(TestConstants.Scope);
Assert.Fail("API should have failed here");
}
catch (MsalClientException exc)
{
Assert.IsNotNull(exc);
Assert.AreEqual(MsalClientException.StateMismatchError, exc.ErrorCode);
}
finally
{
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.ApiIdKey] == "170" &&
anEvent[ApiEvent.WasSuccessfulKey] == "false" && anEvent[ApiEvent.ApiErrorCodeKey] == "state_mismatch"
));
}
public async Task AcquireTokenPositiveWithoutUserIdAsync()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, new TokenCache());
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters);
Assert.IsNotNull(result);
Assert.AreEqual(result.AccessToken, "some-access-token");
try
{
result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters, null);
}
catch (ArgumentException exc)
{
Assert.IsTrue(exc.Message.StartsWith(AdalErrorMessage.SpecifyAnyUser));
}
// this should hit the cache
result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters, UserIdentifier.AnyUser);
Assert.IsNotNull(result);
Assert.AreEqual(result.AccessToken, "some-access-token");
}
public async Task AuthUiFailedExceptionTest()
{
cache.ClientId = TestConstants.ClientId;
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId)
{
UserTokenCache = cache
};
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
// repeat interactive call and pass in the same user
MockHelpers.ConfigureMockWebUI(new MockWebUI()
{
ExceptionToThrow =
new MsalClientException(MsalClientException.AuthenticationUiFailedError,
"Failed to invoke webview", new Exception("some-inner-Exception"))
});
try
{
AuthenticationResult result = await app.AcquireTokenAsync(TestConstants.Scope);
Assert.Fail("API should have failed here");
}
catch (MsalClientException exc)
{
Assert.IsNotNull(exc);
Assert.AreEqual(MsalClientException.AuthenticationUiFailedError, exc.ErrorCode);
Assert.AreEqual("some-inner-Exception", exc.InnerException.Message);
}
finally
{
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
}
public async Task ForcePromptTestAsync()
{
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
PostData = new Dictionary <string, string>()
{
{ "grant_type", "authorization_code" }
}
});
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true);
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token", DateTimeOffset.UtcNow)
};
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Always));
Assert.IsNotNull(result);
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority);
Assert.AreEqual(result.AccessToken, "some-access-token");
Assert.IsNotNull(result.UserInfo);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.UserInfo.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.UserInfo.UniqueId);
}
public async Task SmokeTest()
{
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultRedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
var context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, true);
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, platformParameters);
Assert.IsNotNull(result);
Assert.IsTrue(context.Authenticator.Authority.EndsWith("/some-tenant-id/"));
Assert.AreEqual(result.AccessToken, "some-access-token");
Assert.IsNotNull(result.UserInfo);
Assert.AreEqual(TestConstants.DefaultDisplayableId, result.UserInfo.DisplayableId);
Assert.AreEqual(TestConstants.DefaultUniqueId, result.UserInfo.UniqueId);
}
public async Task DifferentStateReturnedTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
MockWebUI ui = new MockWebUI()
{
AddStateInAuthorizationResult = false,
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code&state=mistmatched")
};
MockHelpers.ConfigureMockWebUI(ui);
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
try
{
AuthenticationResult result = await app.AcquireTokenAsync(TestConstants.Scope);
Assert.Fail("API should have failed here");
}
catch (MsalClientException exc)
{
Assert.IsNotNull(exc);
Assert.AreEqual(MsalClientException.StateMismatchError, exc.ErrorCode);
}
finally
{
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
}
public void AcquireTokenDifferentUserReturnedFromServiceTest()
{
cache.ClientId = TestConstants.ClientId;
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId)
{
UserTokenCache = cache
};
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = app.AcquireTokenAsync(TestConstants.Scope).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(), result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
var dict = new Dictionary <string, string>();
dict[OAuth2Parameter.DomainReq] = TestConstants.Utid;
dict[OAuth2Parameter.LoginReq] = TestConstants.Uid;
// repeat interactive call and pass in the same user
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"), dict);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.Scope.AsSingleString(),
MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
MockHelpers.CreateClientInfo(TestConstants.Uid, TestConstants.Utid + "more"))
});
try
{
result = app.AcquireTokenAsync(TestConstants.Scope, result.User, UIBehavior.SelectAccount, null).Result;
Assert.Fail("API should have failed here");
}
catch (AggregateException ex)
{
MsalServiceException exc = (MsalServiceException)ex.InnerException;
Assert.IsNotNull(exc);
Assert.AreEqual("user_mismatch", exc.ErrorCode);
}
Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.ApiIdKey] == "174" &&
anEvent[ApiEvent.WasSuccessfulKey] == "false" && anEvent[ApiEvent.ApiErrorCodeKey] == "user_mismatch"
));
Assert.AreEqual(1, app.Users.Count());
Assert.AreEqual(1, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public async Task AuthorityNotInInstanceCache_InstanceDiscoverCallMadeTestAsync()
{
const string content = @"{
""tenant_discovery_endpoint"":""https://login.microsoftonline.com/tenant/.well-known/openid-configuration"",
""api-version"":""1.1"",
""metadata"":[{
""preferred_network"":""login.microsoftonline.com"",
""preferred_cache"":""login.windows.net"",
""aliases"":[
""login.microsoftonline.com"",
""login.windows.net"",
""login.microsoft.com"",
""sts.windows.net""]}]}";
// creating AuthenticationContext with common Authority
var authenticationContext =
new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, false, new TokenCache());
// mock value for authentication returnedUriInput, with cloud_instance_name claim
var authReturnedUriInputMock = TestConstants.DefaultRedirectUri + "?code=some-code" + "&" +
TokenResponseClaim.CloudInstanceHost + "=" + SovereignAuthorityHost;
MockHelpers.ConfigureMockWebUI(
new AuthorizationResult(AuthorizationStatus.Success, authReturnedUriInputMock),
// validate that authorizationUri passed to WebUi contains instance_aware query parameter
new Dictionary <string, string> {
{ "instance_aware", "true" }
});
HttpMessageHandlerFactory.AddMockHandler(MockHelpers.CreateInstanceDiscoveryMockHandler(TestConstants.GetDiscoveryEndpoint(TestConstants.DefaultAuthorityCommonTenant), content));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetDiscoveryEndpoint(TestConstants.DefaultAuthorityBlackforestTenant))
{
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(content)
}
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityBlackforestTenant))
{
Method = HttpMethod.Post,
ResponseMessage =
MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.DefaultUniqueId,
TestConstants.DefaultDisplayableId, TestConstants.DefaultResource)
});
// Assure instance cache is empty
Assert.AreEqual(0, InstanceDiscovery.InstanceCache.Count());
await authenticationContext.AcquireTokenAsync(TestConstants.DefaultResource,
TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, _platformParameters, UserIdentifier.AnyUser, "instance_aware=true");
// make sure AT was stored in the cache with tenant specific Sovereign Authority in the key
Assert.AreEqual(1, authenticationContext.TokenCache.tokenCacheDictionary.Count);
Assert.AreEqual(_sovereignTenantSpecificAuthority,
authenticationContext.TokenCache.tokenCacheDictionary.Keys.FirstOrDefault()?.Authority);
// DE cloud authority now included in instance cache
Assert.AreEqual(5, InstanceDiscovery.InstanceCache.Count());
Assert.AreEqual(true, InstanceDiscovery.InstanceCache.Keys.Contains("login.microsoftonline.de"));
Assert.AreEqual(true, InstanceDiscovery.InstanceCache.Keys.Contains("login.windows.net"));
Assert.AreEqual(false, InstanceDiscovery.InstanceCache.Keys.Contains("login.partner.microsoftonline.cn"));
// all mocks are consumed
Assert.AreEqual(0, HttpMessageHandlerFactory.MockHandlersCount());
}
public void AcquireTokenNullUserPassedInAndNewUserReturnedFromServiceTest()
{
cache.ClientId = TestConstants.ClientId;
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId)
{
UserTokenCache = cache
};
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = app.AcquireTokenAsync(TestConstants.Scope).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(), result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
// repeat interactive call and pass in the same user
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.Scope.AsSingleString(),
MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
MockHelpers.CreateClientInfo(TestConstants.Uid, TestConstants.Utid + "more"))
});
result = app.AcquireTokenAsync(TestConstants.Scope, (IUser)null, UIBehavior.SelectAccount, null).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(TestConstants.Uid, TestConstants.Utid + "more"),
result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId);
Assert.AreEqual(2, app.Users.Count());
Assert.AreEqual(2, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
