public async Task <AuthorityEndpoints> ResolveEndpointsAsync( AuthorityInfo authorityInfo, string userPrincipalName, RequestContext requestContext) { if (TryGetCacheValue(authorityInfo, userPrincipalName, out var endpoints)) { requestContext.Logger.Info("Resolving authority endpoints... Already resolved? - TRUE"); return(endpoints); } requestContext.Logger.Info("Resolving authority endpoints... Already resolved? - FALSE"); var authorityUri = new Uri(authorityInfo.CanonicalAuthority); string path = authorityUri.AbsolutePath.Substring(1); string tenant = path.Substring(0, path.IndexOf("/", StringComparison.Ordinal)); bool isTenantless = Authority.TenantlessTenantNames.Contains(tenant); // TODO: where is the value in this log message? we have a bunch of code supporting printing just this out... requestContext.Logger.Info("Is Authority tenantless? - " + isTenantless); var endpointManager = OpenIdConfigurationEndpointManagerFactory.Create(authorityInfo, _serviceBundle); string openIdConfigurationEndpoint = await endpointManager.ValidateAuthorityAndGetOpenIdDiscoveryEndpointAsync( authorityInfo, userPrincipalName, requestContext).ConfigureAwait(false); // Discover endpoints via openid-configuration var edr = await DiscoverEndpointsAsync(openIdConfigurationEndpoint, requestContext).ConfigureAwait(false); if (string.IsNullOrEmpty(edr.AuthorizationEndpoint)) { throw new MsalClientException( MsalError.TenantDiscoveryFailedError, "Authorize endpoint was not found in the openid configuration"); } if (string.IsNullOrEmpty(edr.TokenEndpoint)) { throw new MsalClientException( MsalError.TenantDiscoveryFailedError, "Token endpoint was not found in the openid configuration"); } if (string.IsNullOrEmpty(edr.Issuer)) { throw new MsalClientException( MsalError.TenantDiscoveryFailedError, "Issuer was not found in the openid configuration"); } endpoints = new AuthorityEndpoints( edr.AuthorizationEndpoint.Replace("{tenant}", tenant), edr.TokenEndpoint.Replace("{tenant}", tenant), edr.Issuer.Replace("{tenant}", tenant)); Add(authorityInfo, userPrincipalName, endpoints); return(endpoints); }
public async Task <AuthorityEndpoints> ResolveEndpointsAsync( AuthorityInfo authorityInfo, string userPrincipalName, RequestContext requestContext) { if (TryGetCacheValue(authorityInfo, userPrincipalName, out var endpoints)) { requestContext.Logger.Info(LogMessages.ResolvingAuthorityEndpointsTrue); return(endpoints); } requestContext.Logger.Info(LogMessages.ResolvingAuthorityEndpointsFalse); var endpointManager = OpenIdConfigurationEndpointManagerFactory.Create(authorityInfo, _serviceBundle); string openIdConfigurationEndpoint = await endpointManager.ValidateAuthorityAndGetOpenIdDiscoveryEndpointAsync( authorityInfo, userPrincipalName, requestContext).ConfigureAwait(false); // Discover endpoints via openid-configuration var edr = await DiscoverEndpointsAsync(openIdConfigurationEndpoint, requestContext).ConfigureAwait(false); if (string.IsNullOrEmpty(edr.AuthorizationEndpoint)) { throw new MsalClientException( MsalError.TenantDiscoveryFailedError, MsalErrorMessage.AuthorizeEndpointWasNotFoundInTheOpenIdConfiguration); } if (string.IsNullOrEmpty(edr.TokenEndpoint)) { throw new MsalClientException( MsalError.TenantDiscoveryFailedError, MsalErrorMessage.TokenEndpointWasNotFoundInTheOpenIdConfiguration); } if (string.IsNullOrEmpty(edr.Issuer)) { throw new MsalClientException( MsalError.TenantDiscoveryFailedError, MsalErrorMessage.IssuerWasNotFoundInTheOpenIdConfiguration); } var authority = Authority.CreateAuthority(authorityInfo); var tenantId = authority.GetTenantId(); string authorizationEndpoint = ReplaceTenantToken(edr.AuthorizationEndpoint, tenantId); string tokenEndpoint = ReplaceTenantToken(edr.TokenEndpoint, tenantId); endpoints = new AuthorityEndpoints( authorizationEndpoint, tokenEndpoint, GetSelfSignedJwtAudience(edr.Issuer, tokenEndpoint, tenantId, authorityInfo.AuthorityType)); Add(authorityInfo, userPrincipalName, endpoints); return(endpoints); }
public async Task <AuthorityEndpoints> ResolveEndpointsAsync( AuthorityInfo authorityInfo, string userPrincipalName, RequestContext requestContext) { if (TryGetCacheValue(authorityInfo, userPrincipalName, out var endpoints)) { requestContext.Logger.Info(LogMessages.ResolvingAuthorityEndpointsTrue); return(endpoints); } requestContext.Logger.Info(LogMessages.ResolvingAuthorityEndpointsFalse); var authorityUri = new Uri(authorityInfo.CanonicalAuthority); string path = authorityUri.AbsolutePath.Substring(1); string tenant = path.Substring(0, path.IndexOf("/", StringComparison.Ordinal)); var endpointManager = OpenIdConfigurationEndpointManagerFactory.Create(authorityInfo, _serviceBundle); string openIdConfigurationEndpoint = await endpointManager.ValidateAuthorityAndGetOpenIdDiscoveryEndpointAsync( authorityInfo, userPrincipalName, requestContext).ConfigureAwait(false); // Discover endpoints via openid-configuration var edr = await DiscoverEndpointsAsync(openIdConfigurationEndpoint, requestContext).ConfigureAwait(false); if (string.IsNullOrEmpty(edr.AuthorizationEndpoint)) { throw new MsalClientException( MsalError.TenantDiscoveryFailedError, MsalErrorMessage.AuthorizeEndpointWasNotFoundInTheOpenIdConfiguration); } if (string.IsNullOrEmpty(edr.TokenEndpoint)) { throw new MsalClientException( MsalError.TenantDiscoveryFailedError, MsalErrorMessage.TokenEndpointWasNotFoundInTheOpenIdConfiguration); } if (string.IsNullOrEmpty(edr.Issuer)) { throw new MsalClientException( MsalError.TenantDiscoveryFailedError, MsalErrorMessage.IssuerWasNotFoundInTheOpenIdConfiguration); } endpoints = new AuthorityEndpoints( edr.AuthorizationEndpoint.Replace(Constants.Tenant, tenant), edr.TokenEndpoint.Replace(Constants.Tenant, tenant), ReplaceNonTenantSpecificValueWithTenant(edr, tenant)); Add(authorityInfo, userPrincipalName, endpoints); return(endpoints); }
private void Add(AuthorityInfo authorityInfo, string userPrincipalName, AuthorityEndpoints endpoints) { var updatedCacheEntry = new AuthorityEndpointCacheEntry(endpoints); if (authorityInfo.AuthorityType == AuthorityType.Adfs) { // Since we're here, we've made a call to the backend. We want to ensure we're caching // the latest values from the server. if (s_endpointCacheEntries.TryGetValue(authorityInfo.CanonicalAuthority, out var cacheEntry)) { foreach (string s in cacheEntry.ValidForDomainsList) { updatedCacheEntry.ValidForDomainsList.Add(s); } } updatedCacheEntry.ValidForDomainsList.Add(AdfsUpnHelper.GetDomainFromUpn(userPrincipalName)); } s_endpointCacheEntries.TryAdd(authorityInfo.CanonicalAuthority, updatedCacheEntry); }
public AuthorityEndpointCacheEntry(AuthorityEndpoints endpoints) { Endpoints = endpoints; }
private bool TryGetCacheValue(AuthorityInfo authorityInfo, string userPrincipalName, out AuthorityEndpoints endpoints) { endpoints = null; if (!s_endpointCacheEntries.TryGetValue(authorityInfo.CanonicalAuthority, out var cacheEntry)) { return(false); } if (authorityInfo.AuthorityType != AuthorityType.Adfs) { endpoints = cacheEntry.Endpoints; return(true); } if (!string.IsNullOrEmpty(userPrincipalName)) { if (!cacheEntry.ValidForDomainsList.Contains(AdfsUpnHelper.GetDomainFromUpn(userPrincipalName))) { return(false); } } endpoints = cacheEntry.Endpoints; return(true); }