private async Task RunPromptTestForUserAsync(LabResponse labResponse, Prompt prompt, bool useLoginHint) { var pca = PublicClientApplicationBuilder .Create(labResponse.App.AppId) .WithDefaultRedirectUri() .WithRedirectUri(SeleniumWebUI.FindFreeLocalhostRedirectUri()) .WithTestLogging() .Build(); AcquireTokenInteractiveParameterBuilder builder = pca .AcquireTokenInteractive(s_scopes) .WithPrompt(prompt) .WithCustomWebUi(CreateSeleniumCustomWebUI(labResponse.User, prompt, useLoginHint)); if (useLoginHint) { builder = builder.WithLoginHint(labResponse.User.Upn); } AuthenticationResult result = await builder .ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token) .ConfigureAwait(false); await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false); }
private async Task ValidateAuthResultAsync( AuthenticationResult authResult, LabResponse labResponse) { MsalAssert.AssertAuthResult(authResult, labResponse.User); var at1 = authResult.AccessToken; // If test fails with "user needs to consent to the application, do an interactive request" error - see UsernamePassword tests Trace.WriteLine("Part 2 - Acquire a token silently, with forceRefresh = true"); IAccount account = await MsalAssert.AssertSingleAccountAsync(labResponse, pca, authResult).ConfigureAwait(false); authResult = await pca.AcquireTokenSilent(s_scopes, account) .WithForceRefresh(true) .ExecuteAsync() .ConfigureAwait(false); MsalAssert.AssertAuthResult(authResult, labResponse.User); var at2 = authResult.AccessToken; Trace.WriteLine("Part 3 - Acquire a token silently with a login hint, with forceRefresh = true"); authResult = await pca.AcquireTokenSilent(s_scopes, labResponse.User.Upn) .WithForceRefresh(true) .ExecuteAsync() .ConfigureAwait(false); MsalAssert.AssertAuthResult(authResult, labResponse.User); var at3 = authResult.AccessToken; Assert.IsFalse(at1.Equals(at2, System.StringComparison.InvariantCultureIgnoreCase)); Assert.IsFalse(at1.Equals(at3, System.StringComparison.InvariantCultureIgnoreCase)); Assert.IsFalse(at2.Equals(at3, System.StringComparison.InvariantCultureIgnoreCase)); Assert.AreEqual(TokenSource.IdentityProvider, authResult.AuthenticationResultMetadata.TokenSource); }
private async Task <AuthenticationResult> RunTestForUserAsync(LabResponse labResponse, bool directToAdfs = false) { IPublicClientApplication pca; if (directToAdfs) { pca = PublicClientApplicationBuilder .Create(Adfs2019LabConstants.PublicClientId) .WithRedirectUri(Adfs2019LabConstants.ClientRedirectUri) .WithAdfsAuthority(Adfs2019LabConstants.Authority) .BuildConcrete(); } else { pca = PublicClientApplicationBuilder .Create(labResponse.AppId) .WithRedirectUri(SeleniumWebUI.FindFreeLocalhostRedirectUri()) .Build(); } Trace.WriteLine("Part 1 - Acquire a token interactively, no login hint"); AuthenticationResult result = await pca .AcquireTokenInteractive(s_scopes) .WithCustomWebUi(CreateSeleniumCustomWebUI(labResponse.User, Prompt.SelectAccount, false, directToAdfs)) .ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token) .ConfigureAwait(false); IAccount account = await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false); Trace.WriteLine("Part 2 - Clear the cache"); await pca.RemoveAsync(account).ConfigureAwait(false); Assert.IsFalse((await pca.GetAccountsAsync().ConfigureAwait(false)).Any()); Trace.WriteLine("Part 3 - Acquire a token interactively again, with login hint"); result = await pca .AcquireTokenInteractive(s_scopes) .WithCustomWebUi(CreateSeleniumCustomWebUI(labResponse.User, Prompt.ForceLogin, true, directToAdfs)) .WithPrompt(Prompt.ForceLogin) .WithLoginHint(labResponse.User.HomeUPN) .ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token) .ConfigureAwait(false); account = await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false); Trace.WriteLine("Part 4 - Acquire a token silently"); result = await pca .AcquireTokenSilent(s_scopes, account) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false); return(result); }
public async Task Interactive_SSHCert_Async() { LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); IPublicClientApplication pca = PublicClientApplicationBuilder .Create(labResponse.AppId) .WithRedirectUri(SeleniumWebUI.FindFreeLocalhostRedirectUri()) .Build(); TokenCacheAccessRecorder userCacheAccess = pca.UserTokenCache.RecordAccess(); Trace.WriteLine("Part 1 - Acquire an SSH cert interactively "); string jwk = CreateJwk(); AuthenticationResult result = await pca .AcquireTokenInteractive(s_scopes) .WithCustomWebUi(CreateSeleniumCustomWebUI(labResponse.User, Prompt.ForceLogin)) .WithSSHCertificateAuthenticationScheme(jwk, "key1") .WithExtraQueryParameters(GetTestSliceParams()) // TODO: remove this once feature is in PROD .ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token) .ConfigureAwait(false); userCacheAccess.AssertAccessCounts(0, 1); Assert.AreEqual("ssh-cert", result.TokenType); IAccount account = await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false); userCacheAccess.AssertAccessCounts(1, 1); // the assert calls GetAccounts Trace.WriteLine("Part 2 - Acquire a token silent with the same keyID - should be served from the cache"); result = await pca .AcquireTokenSilent(s_scopes, account) .WithSSHCertificateAuthenticationScheme(jwk, "key1") .WithExtraQueryParameters(GetTestSliceParams()) // TODO: remove this once feature is in PROD .ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token) .ConfigureAwait(false); userCacheAccess.AssertAccessCounts(2, 1); account = await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false); userCacheAccess.AssertAccessCounts(3, 1); Trace.WriteLine("Part 3 - Acquire a token silent with a different keyID - should not sbe served from the cache"); result = await pca .AcquireTokenSilent(s_scopes, account) .WithSSHCertificateAuthenticationScheme(jwk, "key2") .WithExtraQueryParameters(GetTestSliceParams()) // TODO: remove this once feature is in PROD .ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token) .ConfigureAwait(false); Assert.AreEqual("ssh-cert", result.TokenType); userCacheAccess.AssertAccessCounts(4, 2); await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false); }
public async Task SilentAuth_ForceRefresh_Async() { var labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); var user = labResponse.User; var pca = PublicClientApplicationBuilder .Create(labResponse.App.AppId) .WithAuthority("https://login.microsoftonline.com/organizations") .Build(); Trace.WriteLine("Part 1 - Acquire a token with U/P"); AuthenticationResult authResult = await pca .AcquireTokenByUsernamePassword(s_scopes, user.Upn, new NetworkCredential("", user.GetOrFetchPassword()).SecurePassword) .ExecuteAsync(new CancellationTokenSource().Token) .ConfigureAwait(false); MsalAssert.AssertAuthResult(authResult, user); var at1 = authResult.AccessToken; // If test fails with "user needs to consent to the application, do an interactive request" error - see UsernamePassword tests Trace.WriteLine("Part 2 - Acquire a token silently, with forceRefresh = true"); IAccount account = await MsalAssert.AssertSingleAccountAsync(labResponse, pca, authResult).ConfigureAwait(false); authResult = await pca.AcquireTokenSilent(s_scopes, account) .WithForceRefresh(true) .ExecuteAsync() .ConfigureAwait(false); MsalAssert.AssertAuthResult(authResult, user); var at2 = authResult.AccessToken; Trace.WriteLine("Part 3 - Acquire a token silently with a login hint, with forceRefresh = true"); authResult = await pca.AcquireTokenSilent(s_scopes, user.Upn) .WithForceRefresh(true) .ExecuteAsync() .ConfigureAwait(false); MsalAssert.AssertAuthResult(authResult, user); var at3 = authResult.AccessToken; Assert.IsFalse(at1.Equals(at2, System.StringComparison.InvariantCultureIgnoreCase)); Assert.IsFalse(at1.Equals(at3, System.StringComparison.InvariantCultureIgnoreCase)); Assert.IsFalse(at2.Equals(at3, System.StringComparison.InvariantCultureIgnoreCase)); }
private async Task <AuthenticationResult> RunTestForUserAsync(LabResponse labResponse, bool directToAdfs = false) { HttpSnifferClientFactory factory = null; IPublicClientApplication pca; if (directToAdfs) { pca = PublicClientApplicationBuilder .Create(Adfs2019LabConstants.PublicClientId) .WithRedirectUri(Adfs2019LabConstants.ClientRedirectUri) .WithAdfsAuthority(Adfs2019LabConstants.Authority) .WithTestLogging() .Build(); } else { pca = PublicClientApplicationBuilder .Create(labResponse.App.AppId) .WithRedirectUri(SeleniumWebUI.FindFreeLocalhostRedirectUri()) .WithAuthority(labResponse.Lab.Authority + "common") .WithTestLogging(out factory) .Build(); } var userCacheAccess = pca.UserTokenCache.RecordAccess(); Trace.WriteLine("Part 1 - Acquire a token interactively, no login hint"); AuthenticationResult result = await pca .AcquireTokenInteractive(s_scopes) .WithCustomWebUi(CreateSeleniumCustomWebUI(labResponse.User, Prompt.SelectAccount, false, directToAdfs)) .ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token) .ConfigureAwait(false); Assert.IsTrue(result.AuthenticationResultMetadata.DurationTotalInMs > 0); Assert.IsTrue(result.AuthenticationResultMetadata.DurationInHttpInMs > 0); userCacheAccess.AssertAccessCounts(0, 1); IAccount account = await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false); userCacheAccess.AssertAccessCounts(1, 1); // the assert calls GetAccounts Assert.IsFalse(userCacheAccess.LastAfterAccessNotificationArgs.IsApplicationCache); Trace.WriteLine("Part 2 - Clear the cache"); await pca.RemoveAsync(account).ConfigureAwait(false); userCacheAccess.AssertAccessCounts(1, 2); Assert.IsFalse((await pca.GetAccountsAsync().ConfigureAwait(false)).Any()); userCacheAccess.AssertAccessCounts(2, 2); Assert.IsFalse(userCacheAccess.LastAfterAccessNotificationArgs.IsApplicationCache); if (factory?.RequestsAndResponses != null) { factory.RequestsAndResponses.Clear(); } Trace.WriteLine("Part 3 - Acquire a token interactively again, with login hint"); result = await pca .AcquireTokenInteractive(s_scopes) .WithCustomWebUi(CreateSeleniumCustomWebUI(labResponse.User, Prompt.ForceLogin, true, directToAdfs)) .WithPrompt(Prompt.ForceLogin) .WithLoginHint(labResponse.User.Upn) .ExecuteAsync(new CancellationTokenSource(_interactiveAuthTimeout).Token) .ConfigureAwait(false); userCacheAccess.AssertAccessCounts(2, 3); AssertCcsRoutingInformationIsSent(factory, labResponse); account = await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false); userCacheAccess.AssertAccessCounts(3, 3); Assert.IsFalse(userCacheAccess.LastAfterAccessNotificationArgs.IsApplicationCache); if (factory?.RequestsAndResponses != null) { factory.RequestsAndResponses.Clear(); } Trace.WriteLine("Part 4 - Acquire a token silently"); result = await pca .AcquireTokenSilent(s_scopes, account) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Trace.WriteLine("Part 5 - Acquire a token silently with force refresh"); result = await pca .AcquireTokenSilent(s_scopes, account) .WithForceRefresh(true) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); await MsalAssert.AssertSingleAccountAsync(labResponse, pca, result).ConfigureAwait(false); Assert.IsFalse(userCacheAccess.LastAfterAccessNotificationArgs.IsApplicationCache); AssertCcsRoutingInformationIsSent(factory, labResponse); return(result); }