public async Task ClientCreds_OnBehalfOf_NonExpired_NeedsRefresh_ValidResponse_Async() { // Arrange using (MockHttpAndServiceBundle harness = base.CreateTestHarness()) { Trace.WriteLine("1. Setup an app with a token cache with one AT"); ConfidentialClientApplication app = SetupCca(harness); Trace.WriteLine("2. Configure AT so that it shows it needs to be refreshed"); UpdateATWithRefreshOn(app.UserTokenCacheInternal.Accessor, DateTime.UtcNow - TimeSpan.FromMinutes(1)); TokenCacheAccessRecorder cacheAccess = app.UserTokenCache.RecordAccess(); Trace.WriteLine("3. Configure AAD to respond with valid token to the refresh RT flow"); harness.HttpManager.AddAllMocks(TokenResponseType.Valid); // Act Trace.WriteLine("4. ATS - should perform an RT refresh"); AuthenticationResult result = await app.AcquireTokenOnBehalfOf(TestConstants.s_scope, new UserAssertion(TestConstants.UserAssertion, "assertiontype")) .ExecuteAsync() .ConfigureAwait(false); // Assert Assert.IsNotNull(result); Assert.AreEqual(0, harness.HttpManager.QueueSize, "MSAL should have refreshed the token because the original AT was marked for refresh"); cacheAccess.AssertAccessCounts(1, 1); } }
#pragma warning disable UseAsyncSuffix // Use Async suffix public async Task <long> Get() #pragma warning restore UseAsyncSuffix // Use Async suffix { Stopwatch sw = new Stopwatch(); sw.Start(); Guid requestId = Guid.NewGuid(); StringBuilder sb = new StringBuilder(); ConfidentialClientApplication local_cca = ConfidentialClientApplicationBuilder .Create("d3adb33f-c0de-ed0c-c0de-deadb33fc0d3") .WithAuthority($"https://login.microsoftonline.com/tid") .WithHttpManager(s_httpManager) .WithClientSecret("secret") .WithLegacyCacheCompatibility(false) .WithLogging((lvl, msg, pii) => sb.AppendLine(msg), LogLevel.Verbose, true, false) .BuildConcrete(); ConfidentialClientApplication cca = local_cca; var user = $"user_{s_random.Next(Settings.NumberOfUsers)}"; s_inMemoryPartitionedCacheSerializer.Initialize(cca.UserTokenCache as TokenCache); string fakeUpstreamToken = $"upstream_token_{user}"; var res = await cca.AcquireTokenOnBehalfOf(new[] { "scope" }, new UserAssertion(fakeUpstreamToken)) .WithCorrelationId(requestId) .ExecuteAsync() .ConfigureAwait(false); sw.Stop(); TraceResult(res, user, sw.ElapsedMilliseconds); // Log the very bad requests if (res.AuthenticationResultMetadata.DurationTotalInMs > 2 * 1000 || sw.ElapsedMilliseconds > 2 * 1000) { s_traceSource.TraceEvent(TraceEventType.Error, 1, "##### FOUND!! " + requestId); System.IO.File.WriteAllText($"c:\\temp\\obo_{requestId}.txt", sb.ToString()); System.IO.File.WriteAllText($"c:\\temp\\obo2_{requestId}.txt", sb2.ToString()); } return(res.AuthenticationResultMetadata.DurationTotalInMs); }
private static async Task RunObo_Async(MockHttpManager httpManager, ConfidentialClientApplication app) { httpManager.AddSuccessTokenResponseMockHandlerForPost(); UserAssertion userAssertion = new UserAssertion(TestConstants.DefaultAccessToken); var result = await app.AcquireTokenOnBehalfOf(TestConstants.s_scope, userAssertion).ExecuteAsync().ConfigureAwait(false); Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); // get AT from cache result = await app.AcquireTokenOnBehalfOf(TestConstants.s_scope, userAssertion).ExecuteAsync().ConfigureAwait(false); Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource); // get AT via OBO flow (no RT cached for OBO) TokenCacheHelper.ExpireAllAccessTokens(app.UserTokenCacheInternal); var handler = httpManager.AddSuccessTokenResponseMockHandlerForPost(); handler.ExpectedPostData = new Dictionary <string, string> { { OAuth2Parameter.GrantType, OAuth2GrantType.JwtBearer } }; result = await app.AcquireTokenOnBehalfOf(TestConstants.s_scope, userAssertion).ExecuteAsync().ConfigureAwait(false); Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); }
#pragma warning disable UseAsyncSuffix // Use Async suffix public async Task <long> Get(bool refreshFlow) #pragma warning restore UseAsyncSuffix // Use Async suffix { Stopwatch sw = new Stopwatch(); sw.Start(); Guid requestId = Guid.NewGuid(); StringBuilder sb = new StringBuilder(); ConfidentialClientApplication local_cca = ConfidentialClientApplicationBuilder .Create("d3adb33f-c0de-ed0c-c0de-deadb33fc0d3") .WithAuthority($"https://login.microsoftonline.com/tid") .WithHttpManager(refreshFlow ? s_httpManagerRefreshFlow : s_httpManager) .WithClientSecret("secret") .WithLegacyCacheCompatibility(false) .WithLogging((lvl, msg, pii) => sb.AppendLine(msg), LogLevel.Verbose, true, false) .BuildConcrete(); ConfidentialClientApplication cca = local_cca; var user = $"user_{_random.Next(refreshFlow ? Settings.NumberOfUsersRefreshFlow : Settings.NumberOfUsers)}"; s_distributedCacheWithDelay.Initialize(cca.UserTokenCache as TokenCache); string fakeUpstreamToken = $"upstream_token_{user}"; var res = await cca.AcquireTokenOnBehalfOf(new[] { "scope" }, new UserAssertion(fakeUpstreamToken)) .WithCorrelationId(requestId) .ExecuteAsync() .ConfigureAwait(false); sw.Stop(); TraceResult(res, user, sw.ElapsedMilliseconds); return(res.AuthenticationResultMetadata.DurationTotalInMs); }
public async Task RefreshReasonExpired_ConfidentialClient_Async() { using (var harness = CreateTestHarness()) { #region ClientCredential harness.HttpManager.AddInstanceDiscoveryMockHandler(); harness.HttpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage(); harness.HttpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage(); ConfidentialClientApplication cca = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), false) .WithRedirectUri(TestConstants.RedirectUri) .WithClientSecret(TestConstants.ClientSecret) .WithHttpManager(harness.HttpManager) .BuildConcrete(); // Act - AcquireTokenForClient returns result from IDP. Refresh reason is no access tokens. AuthenticationResult result = await cca.AcquireTokenForClient(TestConstants.s_scope.ToArray()) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); Assert.AreEqual(CacheRefreshReason.NoCachedAccessToken, result.AuthenticationResultMetadata.CacheRefreshReason); //expire access tokens TokenCacheHelper.ExpireAllAccessTokens(cca.AppTokenCacheInternal); // Act - AcquireTokenForClient returns result from IDP because token is expired. result = await cca.AcquireTokenForClient(TestConstants.s_scope.ToArray()) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); Assert.AreEqual(CacheRefreshReason.Expired, result.AuthenticationResultMetadata.CacheRefreshReason); // Act - AcquireTokenForClient returns result from Cache. Refresh reason is not applicable. result = await cca.AcquireTokenForClient(TestConstants.s_scope.ToArray()) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource); Assert.AreEqual(CacheRefreshReason.NotApplicable, result.AuthenticationResultMetadata.CacheRefreshReason); #endregion #region ObBehalfOf harness.HttpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage(); harness.HttpManager.AddMockHandlerSuccessfulClientCredentialTokenResponseMessage(); // Act - AcquireTokenForClient returns result from IDP. Refresh reason is no access tokens. result = await cca.AcquireTokenOnBehalfOf(TestConstants.s_scope.ToArray(), new UserAssertion(TestConstants.UserAssertion)) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); Assert.AreEqual(CacheRefreshReason.NoCachedAccessToken, result.AuthenticationResultMetadata.CacheRefreshReason); //expire access tokens TokenCacheHelper.ExpireAllAccessTokens(cca.UserTokenCacheInternal); // Act - AcquireTokenOnBehalfOf returns result from IDP because access token is expired. result = await cca.AcquireTokenOnBehalfOf(TestConstants.s_scope.ToArray(), new UserAssertion(TestConstants.UserAssertion)) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); Assert.AreEqual(CacheRefreshReason.Expired, result.AuthenticationResultMetadata.CacheRefreshReason); // Act - AcquireTokenOnBehalfOf returns result from cache. Refresh reason is not applicable. result = await cca.AcquireTokenOnBehalfOf(TestConstants.s_scope.ToArray(), new UserAssertion(TestConstants.UserAssertion)) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(TokenSource.Cache, result.AuthenticationResultMetadata.TokenSource); Assert.AreEqual(CacheRefreshReason.NotApplicable, result.AuthenticationResultMetadata.CacheRefreshReason); #endregion } }
public async Task <AuthenticationResult> AcquireTokenOnBehalfOf_TestAsync() { return(await _cca.AcquireTokenOnBehalfOf(_scope, _userAssertion) .ExecuteAsync() .ConfigureAwait(false)); }