public void GetAuthorizationRequestUrlDuplicateParamsTest()
{
ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.ClientId,
TestConstants.RedirectUri, new ClientCredential(TestConstants.ClientSecret),
new TokenCache(), new TokenCache())
{
ValidateAuthority = false
};
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(app.Authority)
});
try
{
Task <Uri> task = app.GetAuthorizationRequestUrlAsync(TestConstants.Scope.AsArray(),
TestConstants.DisplayableId, "[email protected]");
Uri uri = task.Result;
Assert.Fail("MSALException should be thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual("duplicate_query_parameter", ((MsalException)exc.InnerException).ErrorCode);
Assert.AreEqual("Duplicate query parameter 'login_hint' in extraQueryParameters",
((MsalException)exc.InnerException).Message);
}
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public void GetAuthorizationRequestUrlCustomRedirectUriTest()
{
ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new ClientCredential(TestConstants.DefaultClientSecret), new TokenCache());
Task <Uri> task = app.GetAuthorizationRequestUrlAsync(TestConstants.DefaultScope.AsArray(),
"custom://redirect-uri", TestConstants.DefaultDisplayableId, "extra=qp&prompt=none",
TestConstants.ScopeForAnotherResource.AsArray(), TestConstants.DefaultAuthorityGuestTenant,
TestConstants.DefaultPolicy);
Uri uri = task.Result;
Assert.IsNotNull(uri);
Assert.IsTrue(uri.AbsoluteUri.StartsWith(TestConstants.DefaultAuthorityGuestTenant, StringComparison.CurrentCulture));
Dictionary <string, string> qp = EncodingHelper.ParseKeyValueList(uri.Query.Substring(1), '&', true, null);
Assert.IsNotNull(qp);
Assert.AreEqual(12, qp.Count);
Assert.AreEqual("r1/scope1 r1/scope2 r2/scope1 r2/scope2 openid offline_access", qp["scope"]);
Assert.AreEqual(TestConstants.DefaultClientId, qp["client_id"]);
Assert.AreEqual("code", qp["response_type"]);
Assert.AreEqual("custom://redirect-uri", qp["redirect_uri"]);
Assert.AreEqual(TestConstants.DefaultDisplayableId, qp["login_hint"]);
Assert.AreEqual("MSAL.Desktop", qp["x-client-sku"]);
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-ver"]));
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-cpu"]));
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-os"]));
Assert.AreEqual("qp", qp["extra"]);
Assert.AreEqual("none", qp["prompt"]);
Assert.AreEqual(TestConstants.DefaultPolicy, qp["p"]);
}
public async Task GetAuthorizationRequestUrlNoRedirectUriTestAsync()
{
await RunWithMockHttpAsync(
async (httpManager, serviceBundle, receiver) =>
{
httpManager.AddInstanceDiscoveryMockHandler();
var app = new ConfidentialClientApplication(
serviceBundle,
MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority,
MsalTestConstants.RedirectUri,
new ClientCredential(MsalTestConstants.ClientSecret),
new TokenCache(),
new TokenCache())
{
ValidateAuthority = false
};
httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority);
var uri = await app.GetAuthorizationRequestUrlAsync(
MsalTestConstants.Scope,
MsalTestConstants.DisplayableId,
null).ConfigureAwait(false);
Assert.IsNotNull(uri);
Dictionary <string, string> qp = CoreHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null);
ValidateCommonQueryParams(qp);
Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2", qp["scope"]);
}).ConfigureAwait(false);
}
public static async Task <string> GetAuthUrlAsync(ConversationReference cf)
{
//encode the conversation reference to pass it to the callback controller
//it will be use to resume the context after the Sign In process
var extraQueryParameters = WebEncoders.Base64UrlEncode(System.Text.Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(cf)));
//create client passing information about the registered application in Azure AD
//registration is explained here https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-app-registration
ConfidentialClientApplication client = new ConfidentialClientApplication(
Environment.GetEnvironmentVariable("aad:ClientId"),
"https://login.microsoftonline.com/" + Environment.GetEnvironmentVariable("aad:Tenant") + "/oauth2/v2.0",
new Uri(Environment.GetEnvironmentVariable("aad:RedirectUrl")).ToString(),
new ClientCredential(Environment.GetEnvironmentVariable("aad:ClientSecret")),
null, null
);
List <string> listscopes = Environment.GetEnvironmentVariable("aad:Scopes").Split(',').ToList();
//obtain the Authorization url
var uri = await client.GetAuthorizationRequestUrlAsync(
listscopes,
null,
$"state={extraQueryParameters}"
);
return(uri.ToString());
}
public async Task <string> GetAuthUrlAsync(AuthenticationOptions authOptions, string state)
{
var redirectUri = new Uri(authOptions.RedirectUrl);
var tokenCache = new AuthTokenCache().GetCacheInstance();
var client = new ConfidentialClientApplication(authOptions.ClientId, redirectUri.ToString(), new ClientCredential(authOptions.ClientSecret), tokenCache, null);
var uri = await client.GetAuthorizationRequestUrlAsync(authOptions.Scopes, null, $"state={state}");
return(uri.ToString());
}
public async Task <IActionResult> AuthorizeAsync()
{
// 認証を行うための URL にリダイレクトします
var clientCredential = new ClientCredential(ClientSecret);
var clientApplication = new ConfidentialClientApplication(ClientId, RedirectUrl, clientCredential, null, null);
var requestUrl = await clientApplication.GetAuthorizationRequestUrlAsync(new[] { Scope }, null, null);
return(this.Redirect(requestUrl.ToString()));
}
public async Task <string> GetAuthUrlAsync(AuthenticationOptions authOptions, string state)
{
Uri redirectUri = new Uri(authOptions.RedirectUrl);
InMemoryTokenCacheMSAL tokenCache = new InMemoryTokenCacheMSAL();
ConfidentialClientApplication client = new ConfidentialClientApplication(authOptions.ClientId, redirectUri.ToString(),
new ClientCredential(authOptions.ClientSecret),
tokenCache);
var uri = await client.GetAuthorizationRequestUrlAsync(authOptions.Scopes, null, $"state={state}");
return(uri.ToString());
}
public static async Task <string> GenerateAuthorizationRequestUrl(string[] scopes, ConfidentialClientApplication cca, HttpContextBase httpcontext, UrlHelper url)
{
string signedInUserID = ClaimsPrincipal.Current.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier).Value;
string preferredUserName = ClaimsPrincipal.Current.FindFirst("preferred_name").Value;
Uri oauthCodeProcessingPath = new Uri(httpcontext.Request.Url.GetLeftPart(UriPartial.Authority).ToString());
string state = GenerateState(httpcontext.Request.Url.ToString(), httpcontext, url, scopes);
string tenantID = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/tenantid").Value;
// 9188040d-6c67-4c5b-b112-36a304b66dad is the GUID that indicates that the user is a consumer user from a Microsoft account. All personal account will have this tenant id.
string domain_hint = (tenantID == "9188040d-6c67-4c5b-b112-36a304b66dad") ? "customers" : "organizations";
Uri authzMessageUri = await cca.GetAuthorizationRequestUrlAsync(scopes, oauthCodeProcessingPath.ToString(), preferredUserName, state == null?null : "&state" + state + "&domain_hint" + domain_hint, null, cca.Authority);
return(authzMessageUri.ToString());
}
public void GetAuthorizationRequestUrlCustomRedirectUriTest()
{
ConfidentialClientApplication app =
new ConfidentialClientApplication(TestConstants.ClientId, TestConstants.AuthorityGuestTenant,
TestConstants.RedirectUri, new ClientCredential(TestConstants.ClientSecret),
new TokenCache(), new TokenCache())
{
ValidateAuthority = false
};
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(app.Authority)
});
const string CustomRedirectUri = "custom://redirect-uri";
Task <Uri> task = app.GetAuthorizationRequestUrlAsync(TestConstants.Scope.AsArray(),
CustomRedirectUri, TestConstants.DisplayableId, "extra=qp",
TestConstants.ScopeForAnotherResource.AsArray(), TestConstants.AuthorityGuestTenant);
Uri uri = task.Result;
Assert.IsNotNull(uri);
Assert.IsTrue(uri.AbsoluteUri.StartsWith(TestConstants.AuthorityGuestTenant, StringComparison.CurrentCulture));
Dictionary <string, string> qp = MsalHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null);
Assert.IsNotNull(qp);
Assert.AreEqual(12, qp.Count);
Assert.IsTrue(qp.ContainsKey("client-request-id"));
Assert.IsFalse(qp.ContainsKey("client_secret"));
Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2 r2/scope1 r2/scope2", qp["scope"]);
Assert.AreEqual(TestConstants.ClientId, qp["client_id"]);
Assert.AreEqual("code", qp["response_type"]);
Assert.AreEqual(CustomRedirectUri, qp["redirect_uri"]);
Assert.AreEqual(TestConstants.DisplayableId, qp["login_hint"]);
Assert.AreEqual("MSAL.Desktop", qp["x-client-sku"]);
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-ver"]));
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-cpu"]));
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-os"]));
Assert.AreEqual("qp", qp["extra"]);
Assert.AreEqual("select_account", qp["prompt"]);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public void GetAuthorizationRequestUrlDuplicateParamsTest()
{
ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new ClientCredential(TestConstants.DefaultClientSecret), new TokenCache());
try
{
Task <Uri> task = app.GetAuthorizationRequestUrlAsync(TestConstants.DefaultScope.AsArray(),
TestConstants.DefaultDisplayableId, "[email protected]");
Uri uri = task.Result;
Assert.Fail("MSALException should be thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual("duplicate_query_parameter", ((MsalException)exc.InnerException).ErrorCode);
Assert.AreEqual("Duplicate query parameter 'login_hint' in extraQueryParameters", ((MsalException)exc.InnerException).Message);
}
}
public async Task GetAuthorizationRequestUrlB2CTestAsync()
{
await RunWithMockHttpAsync(
async (httpManager, serviceBundle, receiver) =>
{
httpManager.AddInstanceDiscoveryMockHandler();
var app = new ConfidentialClientApplication(
serviceBundle,
MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority,
MsalTestConstants.RedirectUri,
new ClientCredential(MsalTestConstants.ClientSecret),
new TokenCache(),
new TokenCache())
{
ValidateAuthority = false
};
//add mock response for tenant endpoint discovery
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(
File.ReadAllText(
ResourceHelper.GetTestResourceRelativePath(@"OpenidConfiguration-QueryParams-B2C.json")))
});
var uri = await app.GetAuthorizationRequestUrlAsync(
MsalTestConstants.Scope,
MsalTestConstants.DisplayableId,
null).ConfigureAwait(false);
Assert.IsNotNull(uri);
Dictionary <string, string> qp = CoreHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null);
Assert.IsNotNull(qp);
Assert.AreEqual("my-policy", qp["p"]);
ValidateCommonQueryParams(qp);
Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2", qp["scope"]);
}).ConfigureAwait(false);
}
/// <summary>
/// Given a set of scopes, uses MSAL to formulate the proper Uri for the first part of the Code auth flow.
/// See https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow for more details on the flow.
/// </summary>
/// <param name="scopes">List of desired scopes for the Access Token. For the Worker classes in this library,
/// this should be set to <code>$api://{configurationManager["ClientId"]}/access_as_user</code></param>
/// <returns>Auth Uri that should be requested via GET to start the Code auth flow</returns>
/// <exception cref="Microsoft.Identity.Client.MsalException">Throws an MsalException if there are any authentication issues</exception>
public async Task <Uri> GetAuthUriAsync(IEnumerable <string> scopes)
{
try
{
logger.LogInformation("Getting Auth Request Uri using scopes: [{0}]...", string.Join(", ", scopes));
var clientTokenCache = new TokenCache();
var userTokenCache = tokenCacheService.FetchUserCache();
var appTokenCache = new TokenCache();
var msalApp = new ConfidentialClientApplication(configuration["ClientId"], configuration["RedirectUri"], new ClientCredential(configuration["ClientSecret"]), userTokenCache, appTokenCache);
var result = await msalApp.GetAuthorizationRequestUrlAsync(scopes, null, null);
return(result);
}
catch (MsalException msalException)
{
logger.LogError(new EventId(0), msalException, $"Exception getting Auth Request Uri using scopes: [string.Join(", ", scopes)]. Look at the app registration and make sure you have the correct ClientId, ClientSecret and RedirectUri configured in the app settings...");
throw msalException;
}
}
public void GetAuthorizationRequestUrlB2CTest()
{
ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.ClientId,
TestConstants.RedirectUri, new ClientCredential(TestConstants.ClientSecret),
new TokenCache(), new TokenCache())
{
ValidateAuthority = false
};
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(File.ReadAllText(@"OpenidConfiguration-B2C.json"))
});
Task <Uri> task = app.GetAuthorizationRequestUrlAsync(TestConstants.Scope.AsArray(),
TestConstants.DisplayableId, null);
Uri uri = task.Result;
Assert.IsNotNull(uri);
Dictionary <string, string> qp = MsalHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null);
Assert.IsNotNull(qp);
Assert.AreEqual(12, qp.Count);
Assert.AreEqual("my-policy", qp["p"]);
Assert.IsTrue(qp.ContainsKey("client-request-id"));
Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2", qp["scope"]);
Assert.AreEqual(TestConstants.ClientId, qp["client_id"]);
Assert.AreEqual("code", qp["response_type"]);
Assert.AreEqual(TestConstants.RedirectUri, qp["redirect_uri"]);
Assert.AreEqual(TestConstants.DisplayableId, qp["login_hint"]);
Assert.AreEqual(UIBehavior.SelectAccount.PromptValue, qp["prompt"]);
Assert.AreEqual("MSAL.Desktop", qp["x-client-sku"]);
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-ver"]));
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-cpu"]));
Assert.IsFalse(string.IsNullOrEmpty(qp["x-client-os"]));
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public void GetAuthorizationRequestUrlCustomRedirectUriTest()
{
RunWithMockHttp(
(httpManager, serviceBundle, receiver) =>
{
httpManager.AddInstanceDiscoveryMockHandler();
var app = new ConfidentialClientApplication(
serviceBundle,
MsalTestConstants.ClientId,
MsalTestConstants.AuthorityGuestTenant,
MsalTestConstants.RedirectUri,
new ClientCredential(MsalTestConstants.ClientSecret),
new TokenCache(),
new TokenCache())
{
ValidateAuthority = false
};
httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority);
const string CustomRedirectUri = "custom://redirect-uri";
Task <Uri> task = app.GetAuthorizationRequestUrlAsync(
MsalTestConstants.Scope,
CustomRedirectUri,
MsalTestConstants.DisplayableId,
"extra=qp",
MsalTestConstants.ScopeForAnotherResource,
MsalTestConstants.AuthorityGuestTenant);
var uri = task.Result;
Assert.IsNotNull(uri);
Assert.IsTrue(
uri.AbsoluteUri.StartsWith(MsalTestConstants.AuthorityGuestTenant, StringComparison.CurrentCulture));
Dictionary <string, string> qp = CoreHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', true, null);
ValidateCommonQueryParams(qp, CustomRedirectUri);
Assert.AreEqual("offline_access openid profile r1/scope1 r1/scope2 r2/scope1 r2/scope2", qp["scope"]);
Assert.IsFalse(qp.ContainsKey("client_secret"));
Assert.AreEqual("qp", qp["extra"]);
});
}
public async Task GetAuthorizationRequestUrlDuplicateParamsTestAsync()
{
await RunWithMockHttpAsync(
async (httpManager, serviceBundle, receiver) =>
{
httpManager.AddInstanceDiscoveryMockHandler();
var app = new ConfidentialClientApplication(
serviceBundle,
MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority,
MsalTestConstants.RedirectUri,
new ClientCredential(MsalTestConstants.ClientSecret),
new TokenCache(),
new TokenCache())
{
ValidateAuthority = false
};
httpManager.AddMockHandlerForTenantEndpointDiscovery(app.Authority);
try
{
var uri = await app.GetAuthorizationRequestUrlAsync(
MsalTestConstants.Scope,
MsalTestConstants.DisplayableId,
"[email protected]").ConfigureAwait(false);
Assert.Fail("MSALException should be thrown here");
}
catch (MsalException exc)
{
Assert.AreEqual("duplicate_query_parameter", exc.ErrorCode);
Assert.AreEqual("Duplicate query parameter 'login_hint' in extraQueryParameters", exc.Message);
}
catch (Exception ex)
{
Assert.Fail("Wrong type of exception thrown: " + ex);
}
}).ConfigureAwait(false);
}
