public GraphAuthProvider(IMemoryCache memoryCache, IConfiguration configuration) { var azureOptions = new AzureAdOptions(); configuration.Bind("AzureAd", azureOptions); _appId = azureOptions.ClientId; _aadInstance = azureOptions.Instance; _appSecret = azureOptions.ClientSecret; _credential = new Microsoft.Identity.Client.ClientCredential(azureOptions.ClientSecret); // For development mode purposes only. Production apps should use a client certificate. _scopes = azureOptions.GraphScopes.Split(new[] { ' ' }); _redirectUri = azureOptions.BaseUrl + azureOptions.CallbackPath; _graphResourceId = azureOptions.GraphResourceId; _tenantId = azureOptions.TenantId; _memoryCache = memoryCache; }
protected override void ProcessRecord() { AuthenticationResult authenticationResult; if (Scopes != null) { var clientApplication = new PublicClientApplication(MSALPnPPowerShellClientId); // Acquire an access token for the given scope authenticationResult = clientApplication.AcquireTokenAsync(Scopes).GetAwaiter().GetResult(); } else { var appCredentials = new ClientCredential(AppSecret); var authority = new Uri(AADLogin, AADDomain).AbsoluteUri; var clientApplication = new ConfidentialClientApplication(authority, AppId, RedirectUri, appCredentials, null); authenticationResult = clientApplication.AcquireTokenForClient(DefaultScope, null).GetAwaiter().GetResult(); } // Get back the Access Token and the Refresh Token PnPAzureADConnection.AuthenticationResult = authenticationResult; }
/// <summary> /// /// </summary> /// <param name="authority"></param> /// <param name="clientId"></param> /// <param name="redirectUri"></param> /// <param name="clientCredential"></param> /// <param name="userTokenCache"></param> public ConfidentialClientApplication(string authority, string clientId, string redirectUri, ClientCredential clientCredential, TokenCache userTokenCache) :base(authority, clientId, redirectUri, true) { this.ClientCredential = clientCredential; this.UserTokenCache = userTokenCache; this.AppTokenCache = TokenCache.DefaultSharedAppTokenCache; }
/// <summary> /// /// </summary> /// <param name="clientId"></param> /// <param name="redirectUri"></param> /// <param name="clientCredential"></param> /// <param name="userTokenCache"></param> public ConfidentialClientApplication(string clientId, string redirectUri, ClientCredential clientCredential, TokenCache userTokenCache):this(DefaultAuthority, clientId, redirectUri, clientCredential, userTokenCache) { }
public void ConfidentialClientUsingCertificateTest() { ClientCredential cc = new ClientCredential(new ClientAssertionCertificate(new X509Certificate2("valid_cert.pfx", "password"))); ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.DefaultClientId, TestConstants.DefaultRedirectUri, cc, new TokenCache()); app.AppTokenCache = new TokenCache(); HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessfulClientCredentialTokenResponseMessage() }; Task<AuthenticationResult> task = app.AcquireTokenForClient(TestConstants.DefaultScope.ToArray(), TestConstants.DefaultPolicy); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.IsNotNull("header.payload.signature", result.Token); Assert.AreEqual(TestConstants.DefaultScope.AsSingleString(), result.ScopeSet.AsSingleString()); //make sure user token cache is empty Assert.AreEqual(0, app.UserTokenCache.Count); //check app token cache count to be 1 Assert.AreEqual(1, app.AppTokenCache.Count); //make sure refresh token is null foreach (var value in app.AppTokenCache.tokenCacheDictionary.Values) { Assert.IsNull(value.RefreshToken); } //assert client credential Assert.IsNotNull(cc.ClientAssertion); Assert.AreNotEqual(0, cc.ValidTo); //save client assertion. string cachedAssertion = cc.ClientAssertion.Assertion; long cacheValidTo = cc.ValidTo; HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessfulClientCredentialTokenResponseMessage() }; task = app.AcquireTokenForClient(TestConstants.ScopeForAnotherResource.ToArray(), TestConstants.DefaultPolicy); result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(cacheValidTo, cc.ValidTo); Assert.AreEqual(cachedAssertion, cc.ClientAssertion.Assertion); }
/// <summary> /// /// </summary> /// <param name="authority"></param> /// <param name="clientId"></param> /// <param name="redirectUri"></param> /// <param name="clientCredential"></param> /// <param name="userTokenCache"></param> public ConfidentialClientApplication(string authority, string clientId, string redirectUri, ClientCredential clientCredential, TokenCache userTokenCache) : base(authority, clientId, redirectUri, true) { this.ClientCredential = clientCredential; this.UserTokenCache = userTokenCache; this.AppTokenCache = TokenCache.DefaultSharedAppTokenCache; }
/// <summary> /// /// </summary> /// <param name="clientId"></param> /// <param name="redirectUri"></param> /// <param name="clientCredential"></param> /// <param name="userTokenCache"></param> public ConfidentialClientApplication(string clientId, string redirectUri, ClientCredential clientCredential, TokenCache userTokenCache) : this(DefaultAuthority, clientId, redirectUri, clientCredential, userTokenCache) { }
/// <summary> /// Constructor for a confidential client application requesting tokens with the default authority (<see cref="ClientApplicationBase.DefaultAuthority"/>) /// </summary> /// <param name="clientId">Client ID (also known as App ID) of the application as registered in the /// application registration portal (https://aka.ms/msal-net-register-app)/. REQUIRED</param> /// <param name="redirectUri">URL where the STS will call back the application with the security token. REQUIRED</param> /// <param name="clientCredential">Credential, previously shared with Azure AD during the application registration and proving the identity /// of the application. An instance of <see cref="ClientCredential"/> can be created either from an application secret, or a certificate. REQUIRED.</param> /// <param name="userTokenCache">Token cache for saving user tokens. Can be set to null if the confidential client /// application only uses the Client Credentials grants (that is requests token in its own name and not in the name of users). /// Otherwise should be provided. REQUIRED</param> /// <param name="appTokenCache">Token cache for saving application (that is client token). Can be set to <c>null</c> except if the application /// uses the client credentials grants</param> /// <remarks> /// See https://aka.ms/msal-net-client-applications for a description of confidential client applications (and public client applications) /// Client credential grants are overrides of <see cref="ConfidentialClientApplication.AcquireTokenForClientAsync(IEnumerable{string})"/> /// </remarks> /// <seealso cref="ConfidentialClientApplication"/> which /// enables app developers to specify the authority public ConfidentialClientApplication(string clientId, string redirectUri, ClientCredential clientCredential, TokenCache userTokenCache, TokenCache appTokenCache) : this(clientId, DefaultAuthority, redirectUri, clientCredential, userTokenCache, appTokenCache) { GuardMobileFrameworks(); }