/// <summary> /// Only used by dev test apps /// </summary> /// <param name="refreshTokenCacheItem"></param> internal void SaveRefreshTokenCacheItem(RefreshTokenCacheItem refreshTokenCacheItem) { lock (LockObject) { TokenCacheNotificationArgs args = new TokenCacheNotificationArgs { TokenCache = this, ClientId = ClientId, User = refreshTokenCacheItem.User }; try { HasStateChanged = true; OnBeforeAccess(args); OnBeforeWrite(args); TokenCacheAccessor.SaveRefreshToken(refreshTokenCacheItem.GetRefreshTokenItemKey().ToString(), JsonHelper.SerializeToJson(refreshTokenCacheItem)); } finally { OnAfterAccess(args); HasStateChanged = false; } } }
public void GetRefreshTokenDifferentEnvironmentTest() { TokenCache cache = new TokenCache() { ClientId = TestConstants.ClientId }; RefreshTokenCacheItem rtItem = new RefreshTokenCacheItem() { Environment = TestConstants.SovereignEnvironment, ClientId = TestConstants.ClientId, RefreshToken = "someRT", RawClientInfo = MockHelpers.CreateClientInfo(), DisplayableId = TestConstants.DisplayableId, IdentityProvider = TestConstants.IdentityProvider, Name = TestConstants.Name }; RefreshTokenCacheKey rtKey = rtItem.GetRefreshTokenItemKey(); cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtKey.ToString()] = JsonHelper.SerializeToJson(rtItem); var authParams = new AuthenticationRequestParameters() { RequestContext = new RequestContext(Guid.Empty, null), ClientId = TestConstants.ClientId, Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false), Scope = TestConstants.Scope, User = TestConstants.User }; Assert.IsNull(cache.FindRefreshToken(authParams)); }
internal void AddRefreshTokenCacheItem(RefreshTokenCacheItem refreshTokenCacheItem) { // this method is called by serialize and does not require // delegates because serialize itself is called from delegates lock (LockObject) { TokenCacheAccessor.SaveRefreshToken(refreshTokenCacheItem.GetRefreshTokenItemKey().ToString(), JsonHelper.SerializeToJson(refreshTokenCacheItem)); } }
public void GetRefreshTokenTest() { TokenCache cache = new TokenCache() { ClientId = TestConstants.ClientId }; RefreshTokenCacheItem rtItem = new RefreshTokenCacheItem() { Environment = TestConstants.ProductionEnvironment, ClientId = TestConstants.ClientId, RefreshToken = "someRT", RawClientInfo = MockHelpers.CreateClientInfo(), DisplayableId = TestConstants.DisplayableId, IdentityProvider = TestConstants.IdentityProvider, Name = TestConstants.Name }; rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo); RefreshTokenCacheKey rtKey = rtItem.GetRefreshTokenItemKey(); cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtKey.ToString()] = JsonHelper.SerializeToJson(rtItem); var authParams = new AuthenticationRequestParameters() { RequestContext = new RequestContext(Guid.Empty, null), ClientId = TestConstants.ClientId, Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false), Scope = TestConstants.Scope, User = TestConstants.User }; Assert.IsNotNull(cache.FindRefreshToken(authParams)); // RT is stored by environment, client id and userIdentifier as index. // any change to authority (within same environment), uniqueid and displyableid will not // change the outcome of cache look up. Assert.IsNotNull(cache.FindRefreshToken(new AuthenticationRequestParameters() { RequestContext = new RequestContext(Guid.Empty, null), ClientId = TestConstants.ClientId, Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant + "more", false), Scope = TestConstants.Scope, User = TestConstants.User })); }
public static void AddRefreshTokenToCache(TokenCacheAccessor accessor, string uid, string utid, string name) { var rtItem = new RefreshTokenCacheItem { Environment = TestConstants.ProductionEnvironment, ClientId = TestConstants.ClientId, RefreshToken = "someRT", RawClientInfo = MockHelpers.CreateClientInfo(uid, utid), DisplayableId = TestConstants.DisplayableId, IdentityProvider = TestConstants.IdentityProvider, Name = name }; rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo); accessor.RefreshTokenCacheDictionary[rtItem.GetRefreshTokenItemKey().ToString()] = JsonHelper.SerializeToJson(rtItem); }
internal void DeleteRefreshToken(RefreshTokenCacheItem refreshTokenCacheItem) { lock (LockObject) { try { TokenCacheNotificationArgs args = new TokenCacheNotificationArgs { TokenCache = this, ClientId = ClientId, User = refreshTokenCacheItem.User }; OnBeforeAccess(args); OnBeforeWrite(args); TokenCacheAccessor.DeleteRefreshToken(refreshTokenCacheItem.GetRefreshTokenItemKey().ToString()); OnAfterAccess(args); } finally { HasStateChanged = false; } } }
internal AccessTokenCacheItem SaveAccessAndRefreshToken(AuthenticationRequestParameters requestParams, TokenResponse response) { lock (LockObject) { try { // create the access token cache item AccessTokenCacheItem accessTokenCacheItem = new AccessTokenCacheItem(requestParams.TenantUpdatedCanonicalAuthority, requestParams.ClientId, response) { UserAssertionHash = requestParams.UserAssertion?.AssertionHash }; TokenCacheNotificationArgs args = new TokenCacheNotificationArgs { TokenCache = this, ClientId = ClientId, User = accessTokenCacheItem.User }; HasStateChanged = true; OnBeforeAccess(args); OnBeforeWrite(args); //delete all cache entries with intersecting scopes. //this should not happen but we have this as a safe guard //against multiple matches. requestParams.RequestContext.Logger.Info( "Looking for scopes for the authority in the cache which intersect with " + requestParams.Scope.AsSingleString()); IList <AccessTokenCacheItem> accessTokenItemList = new List <AccessTokenCacheItem>(); foreach (var accessTokenString in TokenCacheAccessor.GetAllAccessTokensAsString()) { AccessTokenCacheItem accessTokenItem = JsonHelper.DeserializeFromJson <AccessTokenCacheItem>(accessTokenString); if (accessTokenItem.ClientId.Equals(ClientId) && accessTokenItem.Authority.Equals(requestParams.TenantUpdatedCanonicalAuthority) && accessTokenItem.ScopeSet.ScopeIntersects(accessTokenCacheItem.ScopeSet)) { requestParams.RequestContext.Logger.Verbose( "Intersecting scopes found - " + accessTokenItem.Scope); accessTokenItemList.Add(accessTokenItem); } } requestParams.RequestContext.Logger.Info( "Intersecting scope entries count - " + accessTokenItemList.Count); if (!requestParams.IsClientCredentialRequest) { //filter by identifer of the user instead accessTokenItemList = accessTokenItemList.Where( item => item.GetUserIdentifier().Equals(accessTokenCacheItem.GetUserIdentifier())) .ToList(); requestParams.RequestContext.Logger.Info( "Matching entries after filtering by user - " + accessTokenItemList.Count); } foreach (var cacheItem in accessTokenItemList) { TokenCacheAccessor.DeleteAccessToken(cacheItem.GetAccessTokenItemKey().ToString(), requestParams.RequestContext); } TokenCacheAccessor.SaveAccessToken(accessTokenCacheItem.GetAccessTokenItemKey().ToString(), JsonHelper.SerializeToJson(accessTokenCacheItem), requestParams.RequestContext); // if server returns the refresh token back, save it in the cache. if (response.RefreshToken != null) { // create the refresh token cache item RefreshTokenCacheItem refreshTokenCacheItem = new RefreshTokenCacheItem( requestParams.Authority.Host, requestParams.ClientId, response); requestParams.RequestContext.Logger.Info("Saving RT in cache..."); TokenCacheAccessor.SaveRefreshToken(refreshTokenCacheItem.GetRefreshTokenItemKey().ToString(), JsonHelper.SerializeToJson(refreshTokenCacheItem), requestParams.RequestContext); } OnAfterAccess(args); return(accessTokenCacheItem); } finally { HasStateChanged = false; } } }
public void GetUsersTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId); IEnumerable <IUser> users = app.Users; Assert.IsNotNull(users); Assert.IsFalse(users.Any()); cache = new TokenCache() { ClientId = TestConstants.ClientId }; app.UserTokenCache = cache; TokenCacheHelper.PopulateCache(cache.TokenCacheAccessor); users = app.Users; Assert.IsNotNull(users); Assert.AreEqual(1, users.Count()); AccessTokenCacheItem item = new AccessTokenCacheItem() { Authority = TestConstants.AuthorityHomeTenant, ClientId = TestConstants.ClientId, TokenType = "Bearer", ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp((DateTime.UtcNow + TimeSpan.FromSeconds(3600))), RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId), RawClientInfo = MockHelpers.CreateClientInfo(), ScopeSet = TestConstants.Scope }; item.IdToken = IdToken.Parse(item.RawIdToken); item.ClientInfo = ClientInfo.CreateFromJson(item.RawClientInfo); item.AccessToken = item.GetAccessTokenItemKey().ToString(); cache.TokenCacheAccessor.AccessTokenCacheDictionary[item.GetAccessTokenItemKey().ToString()] = JsonHelper.SerializeToJson(item); // another cache entry for different uid. user count should be 2. RefreshTokenCacheItem rtItem = new RefreshTokenCacheItem() { Environment = TestConstants.ProductionEnvironment, ClientId = TestConstants.ClientId, RefreshToken = "someRT", RawClientInfo = MockHelpers.CreateClientInfo(TestConstants.Uid + "more", TestConstants.Utid), DisplayableId = TestConstants.DisplayableId, IdentityProvider = TestConstants.IdentityProvider, Name = TestConstants.Name }; rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo); cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtItem.GetRefreshTokenItemKey().ToString()] = JsonHelper.SerializeToJson(rtItem); Assert.AreEqual(2, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count); users = app.Users; Assert.IsNotNull(users); Assert.AreEqual(2, users.Count()); // another cache entry for different environment. user count should still be 2. Sovereign cloud user must not be returned rtItem = new RefreshTokenCacheItem() { Environment = TestConstants.SovereignEnvironment, ClientId = TestConstants.ClientId, RefreshToken = "someRT", RawClientInfo = MockHelpers.CreateClientInfo(TestConstants.Uid + "more1", TestConstants.Utid), DisplayableId = TestConstants.DisplayableId, IdentityProvider = TestConstants.IdentityProvider, Name = TestConstants.Name }; rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo); cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtItem.GetRefreshTokenItemKey().ToString()] = JsonHelper.SerializeToJson(rtItem); Assert.AreEqual(3, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count); users = app.Users; Assert.IsNotNull(users); Assert.AreEqual(2, users.Count()); }