private async System.Threading.Tasks.Task buttonAppConsent_ClickAsync(object sender, EventArgs e) { // Obtain admin consent for application (which will return an id token that we use to get other tokens) OAuthContext oAuthContext = InitOAuthContextFromFormValues(); oAuthContext.appConsent = true; oAuthContext.adminConsent = true; // This is implicit in app consent, but we'll set it anyway if (oAuthContext.cert == null) { // We MUST use certificate auth for application consent, so we fail here as we don't have one System.Windows.Forms.MessageBox.Show(this, "Certificate authentication is required for application authentication.", "Invalid Configuration", MessageBoxButtons.OK, MessageBoxIcon.Error); return; } FormGetUserPermission formGetPermission = new FormGetUserPermission(oAuthContext); if (formGetPermission.ShowDialog() == System.Windows.Forms.DialogResult.OK) { string code = formGetPermission.Token; // When we get our token, it will be cached in the TokenCache, so next time the silent calls will work ClientAssertionCertificate clientCert = new ClientAssertionCertificate(oAuthContext.clientId, oAuthContext.cert); AuthenticationResult authenticationResult = await _oAuthHelper.AuthenticationContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(oAuthContext.redirectUrl), clientCert); } return; }
public static async Task <AuthenticationResult> GetToken(OAuthContext oAuthContext) { // Get OAuth token using client credentials string tenantName = oAuthContext.tenantName; if (_authenticationContext == null) { _authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(oAuthContext.authUrl + "/" + tenantName, _tokenCache); } AuthenticationResult authenticationResult = null; if (oAuthContext.ObtainUserConsent) { // We need to get user consent FormGetUserPermission formGetPermission = new FormGetUserPermission(oAuthContext); if (formGetPermission.ShowDialog() == System.Windows.Forms.DialogResult.OK) { string code = formGetPermission.Code; // When we get our token, it will be cached in the TokenCache, so next time the silent calls will work if (oAuthContext.cert == null) { ClientCredential clientCred = new ClientCredential(oAuthContext.clientId, oAuthContext.secretKey); authenticationResult = await _authenticationContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(oAuthContext.redirectUrl), clientCred); } else { ClientAssertionCertificate clientCert = new ClientAssertionCertificate(oAuthContext.clientId, oAuthContext.cert); authenticationResult = await _authenticationContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(oAuthContext.redirectUrl), clientCert); } } return(authenticationResult); } if (oAuthContext.isNativeApplication) { if (oAuthContext.adminConsent) { authenticationResult = await _authenticationContext.AcquireTokenAsync(oAuthContext.resource, oAuthContext.clientId, new Uri(oAuthContext.redirectUrl), new PlatformParameters(PromptBehavior.Always), UserIdentifier.AnyUser, "prompt=admin_consent"); } else { authenticationResult = await _authenticationContext.AcquireTokenAsync(oAuthContext.resource, oAuthContext.clientId, new Uri(oAuthContext.redirectUrl), new PlatformParameters(PromptBehavior.Always)); } } else { if (!String.IsNullOrEmpty(oAuthContext.userId)) { // We have the UserId for the mailbox we want to access, so we'll try to get a token silently (we should have a cached token) try { if (oAuthContext.cert == null) { ClientCredential clientCred = new ClientCredential(oAuthContext.clientId, oAuthContext.secretKey); authenticationResult = await _authenticationContext.AcquireTokenSilentAsync(oAuthContext.resource, clientCred, new UserIdentifier(oAuthContext.userId, UserIdentifierType.UniqueId)); } else { ClientAssertionCertificate clientCert = new ClientAssertionCertificate(oAuthContext.clientId, oAuthContext.cert); authenticationResult = await _authenticationContext.AcquireTokenSilentAsync(oAuthContext.resource, clientCert, new UserIdentifier(oAuthContext.userId, UserIdentifierType.UniqueId)); } return(authenticationResult); } catch (Exception ex) { _lastError = ex; } } } return(authenticationResult); }