public bool TryCreateDeviceAuthChallengeResponse(HttpResponseHeaders headers, Uri endpointUri, out string responseHeader)
{
if (!DeviceAuthHelper.IsDeviceAuthChallenge(headers))
{
responseHeader = string.Empty;
return(false);
}
//Bypassing challenge
responseHeader = DeviceAuthHelper.GetBypassChallengeResponse(headers);
return(true);
}
public bool TryCreateDeviceAuthChallengeResponse(HttpResponseHeaders responseHeaders, Uri endpointUri, out string responseHeader)
{
responseHeader = string.Empty;
X509Certificate2 certificate = null;
if (!DeviceAuthHelper.IsDeviceAuthChallenge(responseHeaders))
{
return(false);
}
if (!DeviceAuthHelper.CanOSPerformPKeyAuth())
{
responseHeader = DeviceAuthHelper.GetBypassChallengeResponse(responseHeaders);
return(true);
}
IDictionary <string, string> challengeData = DeviceAuthHelper.ParseChallengeData(responseHeaders);
if (!challengeData.TryGetValue("SubmitUrl", out string submitUrl))
{
submitUrl = endpointUri.AbsoluteUri;
}
try
{
certificate = FindCertificate(challengeData);
}
catch (MsalException ex)
{
if (ex.ErrorCode == MsalError.DeviceCertificateNotFound)
{
responseHeader = DeviceAuthHelper.GetBypassChallengeResponse(responseHeaders);
return(true);
}
}
DeviceAuthJWTResponse responseJWT = GetDeviceAuthJwtResponse(submitUrl, challengeData["nonce"], certificate);
byte[] signedResponse = SignWithCertificate(responseJWT, certificate);
FormatResponseHeader(responseJWT, signedResponse, challengeData, out responseHeader);
return(true);
}