private async Task <WebAccount> FindWamAccountForMsalAccountAsync(
WebAccountProvider provider,
IWamPlugin wamPlugin,
IAccount msalAccount,
string loginHint,
string clientId)
{
if (msalAccount == null && string.IsNullOrEmpty(loginHint))
{
return(null);
}
Account accountInternal = (msalAccount as Account);
if (accountInternal?.WamAccountIds != null &&
accountInternal.WamAccountIds.TryGetValue(clientId, out string wamAccountId))
{
_logger.Info("WAM will try to find an account based on the WAM account id from the cache");
WebAccount result = await _wamProxy.FindAccountAsync(provider, wamAccountId).ConfigureAwait(false);
if (result != null)
{
return(result);
}
_logger.Warning("WAM account was not found for given WAM account id.");
}
var wamAccounts = await _wamProxy.FindAllWebAccountsAsync(provider, clientId).ConfigureAwait(false);
return(MatchWamAccountToMsalAccount(
wamPlugin,
msalAccount,
loginHint,
wamAccounts));
}
public async Task ATS_AccountWithWamId_Async()
{
// Arrange
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
_webAccountProviderFactory.ClearReceivedCalls();
var wamAccountProvider = new WebAccountProvider("id", "*****@*****.**", null);
var extraQP = new Dictionary <string, string>()
{
{ "extraQp1", "extraVal1" }, { "instance_aware", "true" }
};
var requestParams = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
extraQueryParameters: extraQP,
validateAuthority: true); // AAD
requestParams.UserConfiguredAuthority = Authority.CreateAuthority("https://login.microsoftonline.com/organizations");
requestParams.Account = new Account(
$"{TestConstants.Uid}.{TestConstants.Utid}",
TestConstants.DisplayableId,
null,
new Dictionary <string, string>()
{
{ TestConstants.ClientId, "wam_id_1" }
}); // account has wam_id!
var webAccount = new WebAccount(wamAccountProvider, "*****@*****.**", WebAccountState.Connected);
var webTokenRequest = new WebTokenRequest(wamAccountProvider);
var webTokenResponseWrapper = Substitute.For <IWebTokenRequestResultWrapper>();
webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success);
var webTokenResponse = new WebTokenResponse();
webTokenResponseWrapper.ResponseData.Returns(new List <WebTokenResponse>()
{
webTokenResponse
});
_webAccountProviderFactory.GetAccountProviderAsync(null).ReturnsForAnyArgs(Task.FromResult(wamAccountProvider));
_wamProxy.FindAccountAsync(Arg.Any <WebAccountProvider>(), "wam_id_1").Returns(Task.FromResult(webAccount));
_aadPlugin.CreateWebTokenRequestAsync(
wamAccountProvider,
requestParams,
isForceLoginPrompt: false,
isAccountInWam: true,
isInteractive: false)
.Returns(Task.FromResult(webTokenRequest));
var atsParams = new AcquireTokenSilentParameters();
_wamProxy.GetTokenSilentlyAsync(webAccount, webTokenRequest).
Returns(Task.FromResult(webTokenResponseWrapper));
_aadPlugin.ParseSuccesfullWamResponse(webTokenResponse).Returns(_msalTokenResponse);
// Act
var result = await _wamBroker.AcquireTokenSilentAsync(requestParams, atsParams).ConfigureAwait(false);
// Assert
Assert.AreSame(_msalTokenResponse, result);
Assert.AreEqual("yes", webTokenRequest.Properties["validateAuthority"]);
Assert.AreEqual("extraVal1", webTokenRequest.Properties["extraQp1"]);
// Although at the time of writing, MSAL does not support instance aware ...
// WAM does support it but the param is different - discovery=home
Assert.AreEqual("home", webTokenRequest.Properties["discover"]);
Assert.AreEqual("https://login.microsoftonline.com/organizations/", webTokenRequest.Properties["authority"]);
}
}
