public async Task WebAPIAccessingGraphOnBehalfOfUserTestAsync()
{
var keyvault = new KeyVaultSecretsProvider();
var secret = keyvault.GetSecret(MsalTestConstants.MsalOBOKeyVaultUri).Value;
var labResponse = LabUserHelper.GetSpecificUser("*****@*****.**");
var user = labResponse.User;
//TODO: acquire scenario specific client ids from the lab resonse
var publicClientID = "be9b0186-7dfd-448a-a944-f771029105bf";
var oboConfidentialClientID = "23c64cd8-21e4-41dd-9756-ab9e2c23f58c";
SecureString securePassword = new NetworkCredential("", user.GetOrFetchPassword()).SecurePassword;
var msalPublicClient = PublicClientApplicationBuilder.Create(publicClientID).WithAuthority(MsalTestConstants.AuthorityOrganizationsTenant).WithRedirectUri("urn:ietf:wg:oauth:2.0:oob").Build();
AuthenticationResult authResult = await msalPublicClient
.AcquireTokenByUsernamePassword(s_oboServiceScope, user.Upn, securePassword)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
var confidentialApp = ConfidentialClientApplicationBuilder
.Create(oboConfidentialClientID)
.WithAuthority(new Uri("https://login.microsoftonline.com/" + authResult.TenantId), true)
.WithClientSecret(secret)
.Build();
authResult = await confidentialApp.AcquireTokenOnBehalfOf(s_scopes, new UserAssertion(authResult.AccessToken))
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
MsalAssert.AssertAuthResult(authResult, user);
}
