private async Task AddBodyParamsAndHeadersAsync(
IDictionary <string, string> additionalBodyParameters,
string scopes,
CancellationToken cancellationToken)
{
_oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientId, _requestParams.AppConfig.ClientId);
if (_serviceBundle.Config.ClientCredential != null)
{
await _serviceBundle.Config.ClientCredential.AddConfidentialClientParametersAsync(
_oAuth2Client,
_requestParams.RequestContext.Logger,
_serviceBundle.PlatformProxy.CryptographyManager,
_requestParams.AppConfig.ClientId,
_requestParams.Authority.GetTokenEndpoint(),
_requestParams.SendX5C,
cancellationToken).ConfigureAwait(false);
}
_oAuth2Client.AddBodyParameter(OAuth2Parameter.Scope, scopes);
// Add Kerberos Ticket claims if there's valid service principal name in Configuration.
// Kerberos Ticket claim is only allowed at token request due to security issue.
// It should not be included for authorize request.
KerberosSupplementalTicketManager.AddKerberosTicketClaim(_oAuth2Client, _requestParams);
foreach (var kvp in additionalBodyParameters)
{
_oAuth2Client.AddBodyParameter(kvp.Key, kvp.Value);
}
foreach (var kvp in _requestParams.AuthenticationScheme.GetTokenRequestParams())
{
_oAuth2Client.AddBodyParameter(kvp.Key, kvp.Value);
}
_oAuth2Client.AddHeader(
TelemetryConstants.XClientCurrentTelemetry,
_serviceBundle.HttpTelemetryManager.GetCurrentRequestHeader(
_requestParams.RequestContext.ApiEvent));
if (!_requestInProgress)
{
_requestInProgress = true;
_oAuth2Client.AddHeader(
TelemetryConstants.XClientLastTelemetry,
_serviceBundle.HttpTelemetryManager.GetLastRequestHeader());
}
//Signaling that the client can perform PKey Auth on supported platforms
if (DeviceAuthHelper.CanOSPerformPKeyAuth())
{
_oAuth2Client.AddHeader(PKeyAuthConstants.DeviceAuthHeaderName, PKeyAuthConstants.DeviceAuthHeaderValue);
}
AddExtraHttpHeaders();
}
private void AddBodyParamsAndHeaders(IDictionary <string, string> additionalBodyParameters, string scopes)
{
_oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientId, _requestParams.AppConfig.ClientId);
_oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientInfo, "1");
if (_requestParams.ClientCredential != null)
{
Dictionary <string, string> ccBodyParameters = ClientCredentialHelper.CreateClientCredentialBodyParameters(
_requestParams.RequestContext.Logger,
_serviceBundle.PlatformProxy.CryptographyManager,
_requestParams.ClientCredential,
_requestParams.AppConfig.ClientId,
_requestParams.Endpoints,
_requestParams.SendX5C);
foreach (var entry in ccBodyParameters)
{
_oAuth2Client.AddBodyParameter(entry.Key, entry.Value);
}
}
_oAuth2Client.AddBodyParameter(OAuth2Parameter.Scope, scopes);
_oAuth2Client.AddBodyParameter(OAuth2Parameter.Claims, _requestParams.ClaimsAndClientCapabilities);
foreach (var kvp in additionalBodyParameters)
{
_oAuth2Client.AddBodyParameter(kvp.Key, kvp.Value);
}
foreach (var kvp in _requestParams.AuthenticationScheme.GetTokenRequestParams())
{
_oAuth2Client.AddBodyParameter(kvp.Key, kvp.Value);
}
_oAuth2Client.AddHeader(
TelemetryConstants.XClientCurrentTelemetry,
_serviceBundle.HttpTelemetryManager.GetCurrentRequestHeader(
_requestParams.RequestContext.ApiEvent));
if (!_requestInProgress)
{
_requestInProgress = true;
_oAuth2Client.AddHeader(
TelemetryConstants.XClientLastTelemetry,
_serviceBundle.HttpTelemetryManager.GetLastRequestHeader());
}
//Signaling that the client can perform PKey Auth on supported platforms
if (DeviceAuthHelper.CanOSPerformPKeyAuth())
{
_oAuth2Client.AddHeader(PKeyAuthConstants.DeviceAuthHeaderName, PKeyAuthConstants.DeviceAuthHeaderValue);
}
}
private void AddBodyParamsAndHeaders(IDictionary <string, string> additionalBodyParameters, string scopes)
{
_oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientId, _requestParams.ClientId);
_oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientInfo, "1");
#if DESKTOP || NETSTANDARD1_3 || NET_CORE
if (_requestParams.ClientCredential != null)
{
Dictionary <string, string> ccBodyParameters = ClientCredentialHelper.CreateClientCredentialBodyParameters(
_requestParams.RequestContext.Logger,
_serviceBundle.PlatformProxy.CryptographyManager,
_requestParams.ClientCredential,
_requestParams.ClientId,
_requestParams.Endpoints,
_requestParams.SendX5C);
foreach (var entry in ccBodyParameters)
{
_oAuth2Client.AddBodyParameter(entry.Key, entry.Value);
}
}
#endif
_oAuth2Client.AddBodyParameter(OAuth2Parameter.Scope, scopes);
_oAuth2Client.AddBodyParameter(OAuth2Parameter.Claims, _requestParams.ClaimsAndClientCapabilities);
foreach (var kvp in additionalBodyParameters)
{
_oAuth2Client.AddBodyParameter(kvp.Key, kvp.Value);
}
foreach (var kvp in _requestParams.AuthenticationScheme.GetTokenRequestParams())
{
_oAuth2Client.AddBodyParameter(kvp.Key, kvp.Value);
}
_oAuth2Client.AddHeader(
TelemetryConstants.XClientCurrentTelemetry,
_serviceBundle.HttpTelemetryManager.GetCurrentRequestHeader(
_requestParams.RequestContext.ApiEvent));
if (!_requestInProgress)
{
_requestInProgress = true;
_oAuth2Client.AddHeader(
TelemetryConstants.XClientLastTelemetry,
_serviceBundle.HttpTelemetryManager.GetLastRequestHeader());
}
}
public async Task <MsalTokenResponse> SendTokenRequestAsync(
IDictionary <string, string> additionalBodyParameters,
string scopeOverride = null,
string tokenEndpointOverride = null,
CancellationToken cancellationToken = default)
{
string tokenEndpoint = tokenEndpointOverride ?? _requestParams.Endpoints.TokenEndpoint;
string scopes = !string.IsNullOrEmpty(scopeOverride) ? scopeOverride: GetDefaultScopes(_requestParams.Scope);
_oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientId, _requestParams.ClientId);
_oAuth2Client.AddBodyParameter(OAuth2Parameter.ClientInfo, "1");
#if DESKTOP || NETSTANDARD1_3 || NET_CORE
if (_requestParams.ClientCredential != null)
{
Dictionary <string, string> ccBodyParameters = ClientCredentialHelper.CreateClientCredentialBodyParameters(
_requestParams.RequestContext.Logger,
_serviceBundle.PlatformProxy.CryptographyManager,
_requestParams.ClientCredential,
_requestParams.ClientId,
_requestParams.Endpoints,
_requestParams.SendX5C);
foreach (var entry in ccBodyParameters)
{
_oAuth2Client.AddBodyParameter(entry.Key, entry.Value);
}
}
#endif
_oAuth2Client.AddBodyParameter(OAuth2Parameter.Scope, scopes);
_oAuth2Client.AddBodyParameter(OAuth2Parameter.Claims, _requestParams.ClaimsAndClientCapabilities);
foreach (var kvp in additionalBodyParameters)
{
_oAuth2Client.AddBodyParameter(kvp.Key, kvp.Value);
}
foreach (var kvp in _requestParams.AuthenticationScheme.GetTokenRequestParams())
{
_oAuth2Client.AddBodyParameter(kvp.Key, kvp.Value);
}
MsalTokenResponse response = await SendHttpMessageAsync(tokenEndpoint)
.ConfigureAwait(false);
if (!string.Equals(
response.TokenType,
_requestParams.AuthenticationScheme.AccessTokenType,
StringComparison.OrdinalIgnoreCase))
{
throw new MsalClientException(
MsalError.TokenTypeMismatch,
MsalErrorMessage.TokenTypeMismatch(
_requestParams.AuthenticationScheme.AccessTokenType,
response.TokenType));
}
return(response);
}