Credential type containing an assertion representing user credential.
 /// <summary>
 /// AcquireTokenOnBehalfOfAsync
 /// </summary> 
 public async Task<AuthenticationResult> AcquireTokenOnBehalfOfAsync(string[] scope, UserAssertion userAssertion)
 {
     Authenticator authenticator = new Authenticator(this.Authority, this.ValidateAuthority, this.CorrelationId);
     return
         await
             this.AcquireTokenOnBehalfCommonAsync(authenticator, scope, userAssertion, null)
                 .ConfigureAwait(false);
 }
 /// <summary>
 /// Acquires an access token for this application (usually a Web API) from the authority configured in the application,
 /// in order to access another downstream protected Web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
 /// See https://aka.ms/msal-net-on-behalf-of.
 /// This confidential client application was itself called with a token which will be provided in the
 /// <paramref name="userAssertion">userAssertion</paramref> parameter.
 /// </summary>
 /// <param name="scopes">Scopes requested to access a protected API</param>
 /// <param name="userAssertion">Instance of <see cref="UserAssertion"/> containing credential information about
 /// the user on behalf of whom to get a token.</param>
 /// <returns>A builder enabling you to add optional parameters before executing the token request</returns>
 /// <remarks>You can also chain the following optional parameters:
 /// <see cref="AbstractAcquireTokenParameterBuilder{T}.WithExtraQueryParameters(Dictionary{string, string})"/>
 /// </remarks>
 public AcquireTokenOnBehalfOfParameterBuilder AcquireTokenOnBehalfOf(
     IEnumerable <string> scopes,
     UserAssertion userAssertion)
 {
     return(AcquireTokenOnBehalfOfParameterBuilder.Create(
                ClientExecutorFactory.CreateConfidentialClientExecutor(this),
                scopes,
                userAssertion));
 }
 internal static AcquireTokenOnBehalfOfParameterBuilder Create(
     IConfidentialClientApplicationExecutor confidentialClientApplicationExecutor,
     IEnumerable <string> scopes,
     UserAssertion userAssertion)
 {
     return(new AcquireTokenOnBehalfOfParameterBuilder(confidentialClientApplicationExecutor)
            .WithScopes(scopes)
            .WithUserAssertion(userAssertion));
 }
        /// <summary>
        /// Acquires an access token for this application (usually a Web API) from the authority configured in the application,
        /// in order to access another downstream protected web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow.
        /// See https://aka.ms/msal-net-on-behalf-of.
        /// This confidential client application was itself called with a token which will be provided in the
        /// <paramref name="userAssertion">userAssertion</paramref> parameter.
        /// </summary>
        /// <param name="scopes">Scopes requested to access a protected API</param>
        /// <param name="userAssertion">Instance of <see cref="UserAssertion"/> containing credential information about
        /// the user on behalf of whom to get a token.</param>
        /// <returns>A builder enabling you to add optional parameters before executing the token request</returns>
        /// <remarks>You can also chain the following optional parameters:
        /// <see cref="AbstractAcquireTokenParameterBuilder{T}.WithExtraQueryParameters(Dictionary{string, string})"/>
        /// </remarks>
        public AcquireTokenOnBehalfOfParameterBuilder AcquireTokenOnBehalfOf(
            IEnumerable <string> scopes,
            UserAssertion userAssertion)
        {
            if (userAssertion == null)
            {
                ServiceBundle.ApplicationLogger.Error("User assertion for OBO request should not be null");
                throw new MsalClientException(MsalError.UserAssertionNullError);
            }

            return(AcquireTokenOnBehalfOfParameterBuilder.Create(
                       ClientExecutorFactory.CreateConfidentialClientExecutor(this),
                       scopes,
                       userAssertion));
        }
コード例 #5
0
        /// <inheritdoc />
        public AcquireTokenOnBehalfOfParameterBuilder InitiateLongRunningProcessInWebApi(
            IEnumerable <string> scopes,
            string userToken,
            ref string longRunningProcessSessionKey)
        {
            if (string.IsNullOrEmpty(userToken))
            {
                throw new ArgumentNullException(nameof(userToken));
            }

            UserAssertion userAssertion = new UserAssertion(userToken);

            if (string.IsNullOrEmpty(longRunningProcessSessionKey))
            {
                longRunningProcessSessionKey = userAssertion.AssertionHash;
            }

            return(AcquireTokenOnBehalfOfParameterBuilder.Create(
                       ClientExecutorFactory.CreateConfidentialClientExecutor(this),
                       scopes,
                       userAssertion,
                       longRunningProcessSessionKey));
        }
 private AcquireTokenOnBehalfOfParameterBuilder WithUserAssertion(UserAssertion userAssertion)
 {
     CommonParameters.AddApiTelemetryFeature(ApiTelemetryFeature.WithUserAssertion);
     Parameters.UserAssertion = userAssertion;
     return(this);
 }
コード例 #7
0
 private AcquireTokenOnBehalfOfParameterBuilder WithUserAssertion(UserAssertion userAssertion)
 {
     Parameters.UserAssertion = userAssertion;
     return(this);
 }
コード例 #8
0
        private async Task <AuthenticationResult> AcquireTokenOnBehalfCommonAsync(Authority authority,
                                                                                  string[] scope, UserAssertion userAssertion, string policy)
        {
            var requestParams = this.CreateRequestParameters(authority, scope, policy, null, this.UserTokenCache);

            requestParams.UserAssertion = userAssertion;
            var handler = new OnBehalfOfRequest(requestParams);

            return(await handler.RunAsync().ConfigureAwait(false));
        }
コード例 #9
0
        /// <summary>
        /// Acquires token using On-Behalf-Of flow.
        /// </summary>
        /// <param name="scopes">Array of scopes requested for resource</param>
        /// <param name="userAssertion">Instance of UserAssertion containing user's token.</param>
        /// <returns>Authentication result containing token of the user for the requested scopes</returns>
        public async Task <AuthenticationResult> AcquireTokenOnBehalfOfAsync(IEnumerable <string> scopes, UserAssertion userAssertion)
        {
            Authority authority = Internal.Instance.Authority.CreateAuthority(Authority, ValidateAuthority);

            return
                (await
                 AcquireTokenOnBehalfCommonAsync(authority, scopes, userAssertion, ApiEvent.ApiIds.AcquireTokenOnBehalfOfWithScopeUser)
                 .ConfigureAwait(false));
        }
 private async Task<AuthenticationResult> AcquireTokenOnBehalfCommonAsync(Authenticator authenticator, string[] scope, UserAssertion userAssertion, string policy)
 {
     var handler = new OnBehalfOfRequest(this.GetHandlerData(authenticator, scope, policy, this.UserTokenCache), userAssertion);
     return await handler.RunAsync();
 }
コード例 #11
0
        /// <summary>
        /// AcquireTokenOnBehalfOfAsync
        /// </summary>
        public async Task <AuthenticationResult> AcquireTokenOnBehalfOfAsync(string[] scope, UserAssertion userAssertion)
        {
            Authority authority = Internal.Instance.Authority.CreateAuthority(this.Authority, this.ValidateAuthority);

            return
                (await
                 this.AcquireTokenOnBehalfCommonAsync(authority, scope, userAssertion, null)
                 .ConfigureAwait(false));
        }
コード例 #12
0
        /// <summary>
        /// Acquires an access token for this application (usually a Web API) from the authority configured in the application, in order to access
        /// another downstream protected Web API on behalf of a user using the OAuth 2.0 On-Behalf-Of flow. (See https://aka.ms/msal-net-on-behalf-of).
        /// This confidential client application was itself called with a token which will be provided in the
        /// <paramref name="userAssertion">userAssertion</paramref> parameter.
        /// </summary>
        /// <param name="scopes">Scopes requested to access a protected API</param>
        /// <param name="userAssertion">Instance of <see cref="UserAssertion"/> containing credential information about
        /// the user on behalf of whom to get a token.</param>
        /// <returns>Authentication result containing a token for the requested scopes and account</returns>
        /// <seealso cref="AcquireTokenOnBehalfOfAsync(IEnumerable{string}, UserAssertion, string)"/> for the on-behalf-of flow when specifying the authority
        public async Task <AuthenticationResult> AcquireTokenOnBehalfOfAsync(IEnumerable <string> scopes, UserAssertion userAssertion)
        {
            GuardMobileFrameworks();

            Authority authority = Instance.Authority.CreateAuthority(ServiceBundle, Authority, ValidateAuthority);

            return
                (await
                 AcquireTokenOnBehalfCommonAsync(authority, scopes, userAssertion, ApiEvent.ApiIds.AcquireTokenOnBehalfOfWithScopeUser, false)
                 .ConfigureAwait(false));
        }
コード例 #13
0
        /// <summary>
        /// Acquires an access token for this application (usually a Web API) from a specific authority, in order to access
        /// another downstream protected Web API on behalf of a user (See https://aka.ms/msal-net-on-behalf-of).
        /// This confidential client application was itself called with a token which will be provided in the
        /// This override sends the certificate, which helps certificate rotation in Azure AD
        /// <paramref name="userAssertion">userAssertion</paramref> parameter.
        /// </summary>
        /// <param name="scopes">Scopes requested to access a protected API</param>
        /// <param name="userAssertion">Instance of <see cref="UserAssertion"/> containing credential information about
        /// the user on behalf of whom to get a token.</param>
        /// <param name="authority">Specific authority for which the token is requested. Passing a different value than configured does not change the configured value</param>
        /// <returns>Authentication result containing a token for the requested scopes and account</returns>
        async Task <AuthenticationResult> IConfidentialClientApplicationWithCertificate.AcquireTokenOnBehalfOfWithCertificateAsync(IEnumerable <string> scopes, UserAssertion userAssertion,
                                                                                                                                   string authority)
        {
            GuardMobileFrameworks();

            Authority authorityInstance = Instance.Authority.CreateAuthority(ServiceBundle, authority, ValidateAuthority);

            return
                (await
                 AcquireTokenOnBehalfCommonAsync(authorityInstance, scopes, userAssertion, ApiEvent.ApiIds.AcquireTokenOnBehalfOfWithScopeUserAuthority, true)
                 .ConfigureAwait(false));
        }
コード例 #14
0
        private async Task <AuthenticationResult> AcquireTokenOnBehalfCommonAsync(Authority authority,
                                                                                  IEnumerable <string> scopes, UserAssertion userAssertion, ApiEvent.ApiIds apiId)
        {
            var requestParams = CreateRequestParameters(authority, scopes, null, UserTokenCache);

            requestParams.UserAssertion = userAssertion;
            var handler = new OnBehalfOfRequest(requestParams)
            {
                ApiId = apiId, IsConfidentialClient = true
            };

            return(await handler.RunAsync().ConfigureAwait(false));
        }
        public void OBOUserAssertionHashUsernamePassedTest()
        {
            TokenCache cache = TokenCacheHelper.CreateCacheWithItems();
            string someAssertion = "some-assertion-passed-by-developer";
            TokenCacheKey key = cache.tokenCacheDictionary.Keys.First();

            //update cache entry with hash of an assertion that will not match
            cache.tokenCacheDictionary[key].UserAssertionHash =
                new CryptographyHelper().CreateSha256Hash(someAssertion);

            ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.DefaultClientId,
                TestConstants.DefaultRedirectUri, new ClientCredential(TestConstants.DefaultClientSecret), new TokenCache());
            app.UserTokenCache = cache;

            //this is a fail safe. No call should go on network
            HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
            {
                Method = HttpMethod.Post,
                ResponseMessage =
                    MockHelpers.CreateInvalidGrantTokenResponseMessage()
            };

            UserAssertion assertion = new UserAssertion(someAssertion, AssertionType, key.DisplayableId);
            Task<AuthenticationResult> task = app.AcquireTokenOnBehalfOfAsync(key.Scope.AsArray(),
                assertion, key.Authority, TestConstants.DefaultPolicy);
            AuthenticationResult result = task.Result;
            Assert.IsNotNull(result);
            Assert.AreEqual(key.UniqueId, result.User.UniqueId);
            Assert.AreEqual(key.DisplayableId, result.User.DisplayableId);
            Assert.AreEqual(HashAccessToken,
                cache.tokenCacheDictionary[key].UserAssertionHash);
        }
        public void OBOUserAssertionHashNotFoundTest()
        {
            TokenCache cache = TokenCacheHelper.CreateCacheWithItems();
            string someAssertion = "some-assertion-passed-by-developer";
            TokenCacheKey key = cache.tokenCacheDictionary.Keys.First();

            //update cache entry with hash of an assertion that will not match
            cache.tokenCacheDictionary[key].UserAssertionHash =
                new CryptographyHelper().CreateSha256Hash(someAssertion + "-but-not-in-cache");

            ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.DefaultClientId,
                TestConstants.DefaultRedirectUri, new ClientCredential(TestConstants.DefaultClientSecret), new TokenCache());
            app.UserTokenCache = cache;

            string[] scope = {"mail.read"};
            HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
            {
                Method = HttpMethod.Post,
                ResponseMessage =
                    MockHelpers.CreateSuccessTokenResponseMessage("unique_id_3", "*****@*****.**", "root_id_3",
                        scope)
            };

            UserAssertion assertion = new UserAssertion(someAssertion, AssertionType);
            Task<AuthenticationResult> task = app.AcquireTokenOnBehalfOfAsync(key.Scope.AsArray(),
                assertion, key.Authority, TestConstants.DefaultPolicy);
            AuthenticationResult result = task.Result;
            Assert.IsNotNull(result);
            Assert.AreEqual("unique_id_3", result.User.UniqueId);
            Assert.AreEqual("*****@*****.**", result.User.DisplayableId);

            //check for new assertion Hash
            AuthenticationResultEx resultEx =
                cache.tokenCacheDictionary.Values.First(r => r.Result.User.UniqueId.Equals("unique_id_3"));
            Assert.AreEqual(HashAccessToken, resultEx.UserAssertionHash);
        }
コード例 #17
0
        /// <summary>
        /// AcquireTokenOnBehalfOfAsync
        /// </summary>
        public async Task <AuthenticationResult> AcquireTokenOnBehalfOfAsync(string[] scope, UserAssertion userAssertion, string authority, string policy)
        {
            Authenticator authenticator = new Authenticator(authority, this.ValidateAuthority, this.CorrelationId);

            return
                (await
                 this.AcquireTokenOnBehalfCommonAsync(authenticator, scope, userAssertion, policy)
                 .ConfigureAwait(false));
        }
コード例 #18
0
        private async Task <AuthenticationResult> AcquireTokenOnBehalfCommonAsync(Authenticator authenticator, string[] scope, UserAssertion userAssertion, string policy)
        {
            var handler = new OnBehalfOfRequest(this.GetHandlerData(authenticator, scope, policy, this.UserTokenCache), userAssertion);

            return(await handler.RunAsync());
        }