public void ValidateRedirectUri_NoOAuth2DefaultWhenUsingSystemBrowser()
{
Assert.ThrowsException <MsalClientException>(() =>
RedirectUriHelper.Validate(new Uri(Constants.DefaultRedirectUri), true));
RedirectUriHelper.Validate(new Uri(Constants.DefaultRedirectUri), false);
}
public InteractiveRequest(
IServiceBundle serviceBundle,
AuthenticationRequestParameters authenticationRequestParameters,
ApiEvent.ApiIds apiId,
IEnumerable <string> extraScopesToConsent,
string loginHint,
UIBehavior uiBehavior,
IWebUI webUi)
: base(serviceBundle, authenticationRequestParameters, apiId)
{
RedirectUriHelper.Validate(authenticationRequestParameters.RedirectUri);
webUi?.ValidateRedirectUri(authenticationRequestParameters.RedirectUri);
_extraScopesToConsent = new SortedSet <string>();
if (!extraScopesToConsent.IsNullOrEmpty())
{
_extraScopesToConsent = ScopeHelper.CreateSortedSetFromEnumerable(extraScopesToConsent);
}
ValidateScopeInput(_extraScopesToConsent);
authenticationRequestParameters.LoginHint = loginHint;
if (!string.IsNullOrWhiteSpace(authenticationRequestParameters.ExtraQueryParameters) &&
authenticationRequestParameters.ExtraQueryParameters[0] == '&')
{
authenticationRequestParameters.ExtraQueryParameters =
authenticationRequestParameters.ExtraQueryParameters.Substring(1);
}
_webUi = webUi;
_uiBehavior = uiBehavior;
AuthenticationRequestParameters.RequestContext.Logger.Info(
"Additional scopes - " + _extraScopesToConsent.AsSingleString() + ";" +
"UIBehavior - " + _uiBehavior.PromptValue);
}
private async Task <Tuple <AuthorizationResult, string> > FetchAuthCodeAndPkceInternalAsync(
IWebUI webUi,
CancellationToken cancellationToken)
{
RedirectUriHelper.Validate(_requestParams.RedirectUri);
_requestParams.RedirectUri = webUi.UpdateRedirectUri(_requestParams.RedirectUri);
Tuple <Uri, string, string> authorizationTuple = CreateAuthorizationUri(true);
Uri authorizationUri = authorizationTuple.Item1;
string state = authorizationTuple.Item2;
string codeVerifier = authorizationTuple.Item3;
var uiEvent = new UiEvent(_requestParams.RequestContext.CorrelationId.AsMatsCorrelationId());
using (_requestParams.RequestContext.CreateTelemetryHelper(uiEvent))
{
var authorizationResult = await webUi.AcquireAuthorizationAsync(
authorizationUri,
_requestParams.RedirectUri,
_requestParams.RequestContext,
cancellationToken).ConfigureAwait(false);
uiEvent.UserCancelled = authorizationResult.Status == AuthorizationStatus.UserCancel;
uiEvent.AccessDenied = authorizationResult.Status == AuthorizationStatus.ProtocolError;
VerifyAuthorizationResult(authorizationResult, state);
return(new Tuple <AuthorizationResult, string>(authorizationResult, codeVerifier));
}
}
public ConfidentialAuthCodeRequest(
IServiceBundle serviceBundle,
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenByAuthorizationCodeParameters authorizationCodeParameters)
: base(serviceBundle, authenticationRequestParameters, authorizationCodeParameters)
{
_authorizationCodeParameters = authorizationCodeParameters;
RedirectUriHelper.Validate(authenticationRequestParameters.RedirectUri);
}
public void ValidateRedirectUri_Throws()
{
Assert.ThrowsException <MsalClientException>(
() => RedirectUriHelper.Validate(null));
Assert.ThrowsException <ArgumentException>(
() => RedirectUriHelper.Validate(new Uri("https://redirectUri/uri#fragment")),
"Validatation should fail if uri has a fragment, i.e. #foo");
}
public void ValidateRedirectUri_DoesNotThrow()
{
// Arrange
Uri inputUri = new Uri("http://redirectUri");
// Act
RedirectUriHelper.Validate(inputUri);
// Assert
// no exception is thrown
}
public AuthorizationCodeRequest(
IServiceBundle serviceBundle,
AuthenticationRequestParameters authenticationRequestParameters,
ApiEvent.ApiIds apiId)
: base(serviceBundle, authenticationRequestParameters, apiId)
{
if (string.IsNullOrWhiteSpace(authenticationRequestParameters.AuthorizationCode))
{
throw new ArgumentNullException(nameof(authenticationRequestParameters.AuthorizationCode));
}
RedirectUriHelper.Validate(authenticationRequestParameters.RedirectUri);
}
public Uri UpdateRedirectUri(Uri redirectUri)
{
if (string.Equals(redirectUri.OriginalString, Constants.UapWEBRedirectUri, StringComparison.OrdinalIgnoreCase))
{
_ssoMode = true;
return(WebAuthenticationBroker.GetCurrentApplicationCallbackUri());
}
else
{
RedirectUriHelper.Validate(redirectUri, usesSystemBrowser: false);
return(redirectUri);
}
}
public InteractiveRequest(
IServiceBundle serviceBundle,
AuthenticationRequestParameters authenticationRequestParameters,
AcquireTokenInteractiveParameters interactiveParameters,
IWebUI webUi)
: base(serviceBundle, authenticationRequestParameters, interactiveParameters)
{
_webUi = webUi; // can be null just to generate the authorization uri
_interactiveParameters = interactiveParameters;
RedirectUriHelper.Validate(authenticationRequestParameters.RedirectUri);
// todo(migration): can't this just come directly from interactive parameters instead of needing do to this?
_extraScopesToConsent = new SortedSet <string>();
if (!_interactiveParameters.ExtraScopesToConsent.IsNullOrEmpty())
{
_extraScopesToConsent = ScopeHelper.CreateSortedSetFromEnumerable(_interactiveParameters.ExtraScopesToConsent);
}
ValidateScopeInput(_extraScopesToConsent);
_interactiveParameters.LogParameters(authenticationRequestParameters.RequestContext.Logger);
}
private async Task <Tuple <AuthorizationResult, string> > FetchAuthCodeAndPkceInternalAsync(
IWebUI webUi,
CancellationToken cancellationToken)
{
RedirectUriHelper.Validate(_requestParams.RedirectUri);
_requestParams.RedirectUri = webUi.UpdateRedirectUri(_requestParams.RedirectUri);
Tuple <Uri, string, string> authorizationTuple = CreateAuthorizationUri(true);
Uri authorizationUri = authorizationTuple.Item1;
string state = authorizationTuple.Item2;
string codeVerifier = authorizationTuple.Item3;
var authorizationResult = await webUi.AcquireAuthorizationAsync(
authorizationUri,
_requestParams.RedirectUri,
_requestParams.RequestContext,
cancellationToken).ConfigureAwait(false);
VerifyAuthorizationResult(authorizationResult, state);
return(new Tuple <AuthorizationResult, string>(authorizationResult, codeVerifier));
}
public void iOSBrokerRedirectUri()
{
string bundleId = "bundleId";
RedirectUriHelper.ValidateIosBrokerRedirectUri(new Uri($"msauth.{bundleId}://auth"), bundleId, new NullLogger());
RedirectUriHelper.ValidateIosBrokerRedirectUri(new Uri($"msauth.{bundleId}://auth/"), bundleId, new NullLogger());
RedirectUriHelper.ValidateIosBrokerRedirectUri(new Uri($"myscheme://{bundleId}"), bundleId, new NullLogger());
RedirectUriHelper.ValidateIosBrokerRedirectUri(new Uri($"myscheme://{bundleId}/"), bundleId, new NullLogger());
RedirectUriHelper.ValidateIosBrokerRedirectUri(new Uri($"myscheme://{bundleId}/suffix"), bundleId, new NullLogger());
// the comparison MUST be case sensitive
Assert.ThrowsException <MsalClientException>(() =>
RedirectUriHelper.ValidateIosBrokerRedirectUri(
new Uri($"msauth.{bundleId.ToUpper(CultureInfo.InvariantCulture)}://auth"),
bundleId, new NullLogger()));
Assert.ThrowsException <MsalClientException>(() =>
RedirectUriHelper.ValidateIosBrokerRedirectUri(
new Uri($"other.{bundleId}://auth"), bundleId, new NullLogger()));
Assert.ThrowsException <MsalClientException>(() =>
RedirectUriHelper.ValidateIosBrokerRedirectUri(
new Uri($"msauth.{bundleId}://other"), bundleId, new NullLogger()));
}
public Uri UpdateRedirectUri(Uri redirectUri)
{
RedirectUriHelper.Validate(redirectUri, usesSystemBrowser: false);
return(redirectUri);
}
public Uri UpdateRedirectUri(Uri redirectUri)
{
RedirectUriHelper.Validate(redirectUri);
return(redirectUri);
}
public override Uri UpdateRedirectUri(Uri redirectUri)
{
RedirectUriHelper.Validate(redirectUri, usesSystemBrowser: true);
return(redirectUri);
}
private void ValidateRedirectUri(Uri redirectUri)
{
string bundleId = NSBundle.MainBundle.BundleIdentifier;
RedirectUriHelper.ValidateIosBrokerRedirectUri(redirectUri, bundleId, _logger);
}
public override void ValidateRedirectUri(Uri redirectUri)
{
RedirectUriHelper.Validate(redirectUri, usesSystemBrowser: false);
}
public void ValidateRedirectUri(Uri redirectUri)
{
RedirectUriHelper.Validate(redirectUri);
}
