public void ConstructorTests() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = new TokenCache(); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = true, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; SilentRequest request = new SilentRequest(parameters, (string) null, new PlatformParameters(), false); Assert.IsNotNull(request); request = new SilentRequest(parameters, (User) null, new PlatformParameters(), false); Assert.IsNotNull(request); request = new SilentRequest(parameters, TestConstants.DefaultDisplayableId, new PlatformParameters(), false); Assert.IsNotNull(request); request = new SilentRequest(parameters, TestConstants.DefaultUniqueId, new PlatformParameters(), false); Assert.IsNotNull(request); request = new SilentRequest(parameters, TestConstants.DefaultUser, new PlatformParameters(), false); Assert.IsNotNull(request); }
public SilentRequest(AuthenticationRequestParameters authenticationRequestParameters, string userIdentifer, IPlatformParameters parameters, bool forceRefresh) : this(authenticationRequestParameters, (User)null, parameters, forceRefresh) { this.User = this.MapIdentifierToUser(userIdentifer); PlatformPlugin.BrokerHelper.PlatformParameters = parameters; this.SupportADFS = false; }
protected BaseRequest(AuthenticationRequestParameters authenticationRequestParameters) { this.Authenticator = authenticationRequestParameters.Authenticator; this.CallState = CreateCallState(this.Authenticator.CorrelationId); PlatformPlugin.Logger.Information(this.CallState, string.Format(CultureInfo.InvariantCulture,"=== Token Acquisition started:\n\tAuthority: {0}\n\tScope: {1}\n\tClientId: {2}\n\tCacheType: {3}", Authenticator.Authority, authenticationRequestParameters.Scope.AsSingleString(), authenticationRequestParameters.ClientKey.ClientId, (tokenCache != null) ? tokenCache.GetType().FullName + string.Format(CultureInfo.InvariantCulture," ({0} items)", tokenCache.Count) : "null")); this.tokenCache = authenticationRequestParameters.TokenCache; this.ClientKey = authenticationRequestParameters.ClientKey; this.Policy = authenticationRequestParameters.Policy; this.restrictToSingleUser = authenticationRequestParameters.RestrictToSingleUser; if (MsalStringHelper.IsNullOrEmpty(authenticationRequestParameters.Scope)) { throw new ArgumentNullException("scope"); } this.Scope = authenticationRequestParameters.Scope.CreateSetFromArray(); ValidateScopeInput(this.Scope); this.LoadFromCache = (tokenCache != null); this.StoreToCache = (tokenCache != null); this.SupportADFS = false; if (this.tokenCache != null && (restrictToSingleUser && this.tokenCache.GetUniqueIdsFromCache(this.ClientKey.ClientId).Count() > 1)) { throw new ArgumentException( "Cache cannot have entries for more than 1 unique id when RestrictToSingleUser is set to TRUE."); } }
public SilentWebUiRequest(AuthenticationRequestParameters authenticationRequestParameters, UserCredential userCredential) : base(authenticationRequestParameters) { if (userCredential == null) { throw new ArgumentNullException("userCredential"); } this.userCredential = userCredential; }
public SilentRequest(AuthenticationRequestParameters authenticationRequestParameters, User user, IPlatformParameters parameters, bool forceRefresh) : base(authenticationRequestParameters) { if (user != null) { this.User = user; } PlatformPlugin.BrokerHelper.PlatformParameters = parameters; this.SupportADFS = false; this.ForceRefresh = forceRefresh; }
public OnBehalfOfRequest(AuthenticationRequestParameters authenticationRequestParameters, UserAssertion userAssertion) : base(authenticationRequestParameters) { if (userAssertion == null) { throw new ArgumentNullException("userAssertion"); } this.userAssertion = userAssertion; this.User = new User { DisplayableId = userAssertion.UserName }; this.assertionHash = PlatformPlugin.CryptographyHelper.CreateSha256Hash(userAssertion.Assertion); this.SupportADFS = false; }
public SilentWebUiRequest(AuthenticationRequestParameters authenticationRequestParameters, UserAssertion userAssertion) : base(authenticationRequestParameters) { if (userAssertion == null) { throw new ArgumentNullException("userAssertion"); } if (string.IsNullOrWhiteSpace(userAssertion.AssertionType)) { throw new ArgumentException(MsalErrorMessage.UserCredentialAssertionTypeEmpty, "userAssertion"); } this.userAssertion = userAssertion; }
public InteractiveRequest(AuthenticationRequestParameters authenticationRequestParameters, string[] additionalScope, Uri redirectUri, IPlatformParameters parameters, string loginHint, UiOptions? uiOptions, string extraQueryParameters, IWebUI webUI) : base(authenticationRequestParameters) { this._redirectUri = PlatformPlugin.PlatformInformation.ValidateRedirectUri(redirectUri, this.CallState); if (!string.IsNullOrWhiteSpace(this._redirectUri.Fragment)) { throw new ArgumentException(MsalErrorMessage.RedirectUriContainsFragment, "redirectUri"); } _additionalScope = new HashSet<string>(); if (!MsalStringHelper.IsNullOrEmpty(additionalScope)) { this._additionalScope = additionalScope.CreateSetFromArray(); } ValidateScopeInput(this._additionalScope); this._authorizationParameters = parameters; this._redirectUriRequestParameter = PlatformPlugin.PlatformInformation.GetRedirectUriAsString(this._redirectUri, this.CallState); this._loginHint = loginHint; if (!string.IsNullOrWhiteSpace(extraQueryParameters) && extraQueryParameters[0] == '&') { extraQueryParameters = extraQueryParameters.Substring(1); } this._extraQueryParameters = extraQueryParameters; this._webUi = webUI; this._uiOptions = uiOptions; this.LoadFromCache = false; //no cache lookup and refresh for interactive. this.SupportADFS = false; if (string.IsNullOrWhiteSpace(loginHint) && _uiOptions == UiOptions.ActAsCurrentUser) { throw new ArgumentException(MsalErrorMessage.LoginHintNullForUiOption, "loginHint"); } PlatformPlugin.BrokerHelper.PlatformParameters = _authorizationParameters; }
public AuthorizationCodeRequest(AuthenticationRequestParameters authenticationRequestParameters, string authorizationCode, Uri redirectUri) : base(authenticationRequestParameters) { if (string.IsNullOrWhiteSpace(authorizationCode)) { throw new ArgumentNullException("authorizationCode"); } this.authorizationCode = authorizationCode; if (redirectUri == null) { throw new ArgumentNullException("redirectUri"); } this.redirectUri = redirectUri; this.LoadFromCache = false; this.SupportADFS = false; }
public void NoCacheLookup() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = new TokenCache(); TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultScope, TestConstants.DefaultClientId, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultPolicy); AuthenticationResultEx ex = new AuthenticationResultEx(); ex.Result = new AuthenticationResult("Bearer", key.ToString(), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599))); ex.Result.User = new User { DisplayableId = TestConstants.DefaultDisplayableId, UniqueId = TestConstants.DefaultUniqueId, HomeObjectId = TestConstants.DefaultHomeObjectId }; ex.Result.FamilyId = "1"; ex.RefreshToken = "someRT"; cache.tokenCacheDictionary[key] = ex; IWebUI ui = Substitute.For<IWebUI>(); AuthorizationResult ar = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.DefaultAuthorityHomeTenant + "?code=some-code"); ui.AcquireAuthorizationAsync(Arg.Any<Uri>(), Arg.Any<Uri>(), Arg.Any<IDictionary<string, string>>(), Arg.Any<CallState>()) .Returns(ar); MockHttpMessageHandler mockHandler = new MockHttpMessageHandler(); mockHandler.Method = HttpMethod.Post; mockHandler.QueryParams = new Dictionary<string, string>() {{"p", "some-policy"}}; mockHandler.ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(); HttpMessageHandlerFactory.MockHandler = mockHandler; AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = "some-policy", RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), TestConstants.DefaultDisplayableId, UiOptions.SelectAccount, "extra=qp", ui); Task<AuthenticationResult> task = request.RunAsync(); task.Wait(); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(2, cache.Count); Assert.AreEqual(result.Token, "some-access-token"); //both cache entry authorities are TestConstants.DefaultAuthorityHomeTenant foreach (var item in cache.ReadItems(TestConstants.DefaultClientId)) { Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, item.Authority); } }
public void ActAsCurrentUserNoSsoHeaderForLoginHintOnlyTest() { //this test validates that no SSO header is added when developer passes only login hint and UiOption.ActAsCurrentUser Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = new TokenCache(); TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultScope, TestConstants.DefaultClientId, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultPolicy); AuthenticationResultEx ex = new AuthenticationResultEx(); ex.Result = new AuthenticationResult("Bearer", key.ToString(), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599))); ex.Result.User = new User { DisplayableId = TestConstants.DefaultDisplayableId, UniqueId = TestConstants.DefaultUniqueId, HomeObjectId = TestConstants.DefaultHomeObjectId }; ex.Result.FamilyId = "1"; ex.RefreshToken = "someRT"; cache.tokenCacheDictionary[key] = ex; MockWebUI webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.DefaultAuthorityHomeTenant + "?code=some-code"); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), ex.Result.User, UiOptions.ActAsCurrentUser, "extra=qp", webUi); request.PreRunAsync().Wait(); request.PreTokenRequest().Wait(); }
internal static async Task <MsalTokenResponse> RefreshAccessTokenAsync(MsalRefreshTokenCacheItem msalRefreshTokenItem, RequestBase request, AuthenticationRequestParameters authenticationRequestParameters, CancellationToken cancellationToken) { authenticationRequestParameters.RequestContext.Logger.Verbose("Refreshing access token..."); await authenticationRequestParameters.AuthorityManager.RunInstanceDiscoveryAndValidationAsync().ConfigureAwait(false); var msalTokenResponse = await request.SendTokenRequestAsync(GetBodyParameters(msalRefreshTokenItem.Secret), cancellationToken) .ConfigureAwait(false); if (msalTokenResponse.RefreshToken == null) { msalTokenResponse.RefreshToken = msalRefreshTokenItem.Secret; authenticationRequestParameters.RequestContext.Logger.Info( "Refresh token was missing from the token refresh response, so the refresh token in the request is returned instead. "); } return(msalTokenResponse); }
public void MapToIdentifierNullInputTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = new TokenCache(); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = true, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; SilentRequest request = new SilentRequest(parameters, (string)null, new PlatformParameters(), false); User user = request.MapIdentifierToUser(null); Assert.IsNull(user); }
public InteractiveRequest(AuthenticationRequestParameters authenticationRequestParameters, string[] additionalScope, Uri redirectUri, IPlatformParameters parameters, User user, UiOptions uiOptions, string extraQueryParameters, IWebUI webUI) :this(authenticationRequestParameters, additionalScope, redirectUri, parameters, user?.DisplayableId, uiOptions, extraQueryParameters, webUI) { this.User = user; }
public void SilentRefreshFailedNoCacheItemFoundTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = new TokenCache(); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = new[] { "some-scope1", "some-scope2" }, TokenCache = cache }; HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }; try { SilentRequest request = new SilentRequest(parameters, (string) null, new PlatformParameters(), false); Task<AuthenticationResult> task = request.RunAsync(); var authenticationResult = task.Result; Assert.Fail("MsalSilentTokenAcquisitionException should be thrown here"); } catch (AggregateException ae) { Assert.IsTrue(ae.InnerException is MsalSilentTokenAcquisitionException); } }
public void CacheWithMultipleUsersAndRestrictToSingleUserTrueTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); try { AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = true, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), new User {UniqueId = TestConstants.DefaultUniqueId}, UiOptions.ForceLogin, "extra=qp", new MockWebUI()); Assert.Fail("ArgumentException should be thrown here"); } catch (ArgumentException ae) { Assert.AreEqual( "Cache cannot have entries for more than 1 unique id when RestrictToSingleUser is set to TRUE.", ae.Message); } }
public void MapToIdentifierMultipleMatchingEntriesTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultPolicy); AuthenticationResultEx ex = new AuthenticationResultEx(); ex.Result = new AuthenticationResult("Bearer", key.ToString(), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3600))); ex.Result.User = new User { DisplayableId = TestConstants.DefaultDisplayableId, UniqueId = TestConstants.DefaultUniqueId, HomeObjectId = TestConstants.DefaultHomeObjectId }; ex.Result.ScopeSet = TestConstants.DefaultScope; ex.Result.FamilyId = "1"; ex.RefreshToken = "someRT"; cache.tokenCacheDictionary[key] = ex; AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = new[] { "something" }, TokenCache = cache }; SilentRequest request = new SilentRequest(parameters, (string) null, new PlatformParameters(), false); User user = request.MapIdentifierToUser(TestConstants.DefaultUniqueId); Assert.IsNotNull(user); Assert.AreEqual(TestConstants.DefaultUniqueId, user.UniqueId); }
public void ExpiredTokenRefreshFlowTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = new[] { "some-scope1", "some-scope2" }, TokenCache = cache }; HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }; SilentRequest request = new SilentRequest(parameters, (string)null, new PlatformParameters(), false); Task<AuthenticationResult> task = request.RunAsync(); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.Token); Assert.AreEqual("some-scope1 some-scope2", result.Scope.AsSingleString()); }
public void MapToIdentifierItemFoundTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; SilentRequest request = new SilentRequest(parameters, (string)null, new PlatformParameters(), false); User user = request.MapIdentifierToUser(TestConstants.DefaultUniqueId); Assert.IsNotNull(user); Assert.AreEqual(TestConstants.DefaultUniqueId, user.UniqueId); }
internal static async Task <MsalTokenResponse> RefreshAccessTokenAsync(MsalRefreshTokenCacheItem msalRefreshTokenItem, RequestBase request, AuthenticationRequestParameters authenticationRequestParameters, CancellationToken cancellationToken) { authenticationRequestParameters.RequestContext.Logger.Verbose("Refreshing access token..."); await authenticationRequestParameters.AuthorityManager.RunInstanceDiscoveryAndValidationAsync().ConfigureAwait(false); var dict = GetBodyParameters(msalRefreshTokenItem.Secret); #if iOS var realEnrollmentId = IntuneEnrollmentIdHelper.GetEnrollmentId(authenticationRequestParameters.RequestContext.Logger); if (!string.IsNullOrEmpty(realEnrollmentId)) { dict[MamEnrollmentIdKey] = realEnrollmentId; } #endif var msalTokenResponse = await request.SendTokenRequestAsync(dict, cancellationToken) .ConfigureAwait(false); if (msalTokenResponse.RefreshToken == null) { msalTokenResponse.RefreshToken = msalRefreshTokenItem.Secret; authenticationRequestParameters.RequestContext.Logger.Warning( "Refresh token was missing from the token refresh response, so the refresh token in the request is returned instead. "); } return(msalTokenResponse); }
public void VerifyAuthorizationResultTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); MockWebUI webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp, TestConstants.DefaultAuthorityHomeTenant + "?error="+OAuthError.LoginRequired); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = null }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (string) null, UiOptions.ForceLogin, "extra=qp", webUi); request.PreRunAsync().Wait(); try { request.PreTokenRequest().Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual(MsalError.UserInteractionRequired, ((MsalException)exc.InnerException).ErrorCode); } webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp, TestConstants.DefaultAuthorityHomeTenant + "?error=invalid_request&error_description=some error description"); request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (string)null, UiOptions.ForceLogin, "extra=qp", webUi); request.PreRunAsync().Wait(); try { request.PreTokenRequest().Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode); Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message); } }
public void DuplicateQueryParameterErrorTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = null }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (User) null, UiOptions.ForceLogin, "extra=qp&prompt=login", new MockWebUI()); request.PreRunAsync().Wait(); try { request.PreTokenRequest().Wait(); Assert.Fail("MsalException should be thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual(MsalError.DuplicateQueryParameter, ((MsalException)exc.InnerException).ErrorCode); } }
public void NullUserForActAsCurrentUserTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); try { AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = null }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (User) null, UiOptions.ActAsCurrentUser, "extra=qp", new MockWebUI()); Assert.Fail("ArgumentException should be thrown here"); } catch (ArgumentException ae) { Assert.IsTrue(ae.Message.Contains(MsalErrorMessage.LoginHintNullForUiOption)); } }