private async Task <string> AuthenticationCallbackAsync(string authority, string resource, string scope)
{
if (_authResult != null)
{
return(_authResult.AccessToken);
}
var authContext = new AuthenticationContext(authority, keyVaultTokenCache);
AuthenticationResult authResult;
switch (_config.AuthType)
{
case KeyVaultAuthenticationType.ClientCertificate:
if (_assertionCert == null)
{
var cert = CertificateHelper.FindCertificateByThumbprint(_config.CertThumbprint);
if (cert == null)
{
throw new InvalidOperationException(
"Test setup error - cannot find a certificate in the My store for KeyVault. This is available for Microsoft employees only.");
}
_assertionCert = new ClientAssertionCertificate(_config.ClientId, cert);
}
authResult = await authContext.AcquireTokenAsync(resource, _assertionCert).ConfigureAwait(false);
break;
case KeyVaultAuthenticationType.ClientSecret:
ClientCredential cred = new ClientCredential(_config.ClientId, _config.KeyVaultSecret);
authResult = await authContext.AcquireTokenAsync(resource, cred).ConfigureAwait(false);
break;
case KeyVaultAuthenticationType.UserCredential:
authResult = await authContext.AcquireTokenAsync(resource, _config.ClientId, new UserCredential()).ConfigureAwait(false);
break;
default:
throw new ArgumentOutOfRangeException();
}
_authResult = authResult;
return(authResult?.AccessToken);
}
public static async Task <string> GetLabAccessTokenAsync(string authority, string[] scopes, LabAccessAuthenticationType authType, string clientId, string certThumbprint, string clientSecret)
{
AuthenticationResult authResult;
IConfidentialClientApplication confidentialApp;
X509Certificate2 cert;
switch (authType)
{
case LabAccessAuthenticationType.ClientCertificate:
var clientIdForCertAuth = String.IsNullOrEmpty(clientId) ? LabAccessConfidentialClientId : clientId;
var certThumbprintForLab = String.IsNullOrEmpty(clientId) ? LabAccessThumbPrint : certThumbprint;
cert = CertificateHelper.FindCertificateByThumbprint(certThumbprintForLab);
if (cert == null)
{
throw new InvalidOperationException(
"Test setup error - cannot find a certificate in the My store for KeyVault. This is available for Microsoft employees only.");
}
confidentialApp = ConfidentialClientApplicationBuilder
.Create(clientIdForCertAuth)
.WithAuthority(new Uri(authority), true)
.WithCertificate(cert)
.Build();
s_staticCache.Bind(confidentialApp.AppTokenCache);
authResult = await confidentialApp
.AcquireTokenForClient(scopes)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
break;
case LabAccessAuthenticationType.ClientSecret:
var clientIdForSecretAuth = String.IsNullOrEmpty(clientId) ? LabAccessConfidentialClientId : clientId;
var clientSecretForLab = String.IsNullOrEmpty(clientId) ? s_secret : clientSecret;
confidentialApp = ConfidentialClientApplicationBuilder
.Create(clientIdForSecretAuth)
.WithAuthority(new Uri(authority), true)
.WithClientSecret(clientSecretForLab)
.Build();
s_staticCache.Bind(confidentialApp.AppTokenCache);
authResult = await confidentialApp
.AcquireTokenForClient(scopes)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
break;
case LabAccessAuthenticationType.UserCredential:
var clientIdForPublicClientAuth = String.IsNullOrEmpty(clientId) ? LabAccessPublicClientId : clientId;
var publicApp = PublicClientApplicationBuilder
.Create(clientIdForPublicClientAuth)
.WithAuthority(new Uri(authority), true)
.Build();
s_staticCache.Bind(publicApp.UserTokenCache);
authResult = await publicApp
.AcquireTokenByIntegratedWindowsAuth(scopes)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
break;
default:
throw new ArgumentOutOfRangeException();
}
return(authResult?.AccessToken);
}
private async Task <string> AuthenticationCallbackAsync(string authority, string resource, string scope)
{
if (_authResult != null)
{
return(_authResult.AccessToken);
}
var scopes = new[] { resource + "/.default" };
AuthenticationResult authResult;
IConfidentialClientApplication confidentialApp;
X509Certificate2 cert;
switch (_config.AuthType)
{
case KeyVaultAuthenticationType.ClientCertificate:
cert = CertificateHelper.FindCertificateByThumbprint(_config.CertThumbprint);
if (cert == null)
{
throw new InvalidOperationException(
"Test setup error - cannot find a certificate in the My store for KeyVault. This is available for Microsoft employees only.");
}
confidentialApp = ConfidentialClientApplicationBuilder
.Create(KeyVaultConfidentialClientId)
.WithAuthority(new Uri(authority), true)
.WithCertificate(cert)
.Build();
authResult = await confidentialApp
.AcquireTokenForClient(scopes)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
break;
case KeyVaultAuthenticationType.ClientSecret:
confidentialApp = ConfidentialClientApplicationBuilder
.Create(KeyVaultConfidentialClientId)
.WithAuthority(new Uri(authority), true)
.WithClientSecret(_config.KeyVaultSecret)
.Build();
authResult = await confidentialApp
.AcquireTokenForClient(scopes)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
break;
case KeyVaultAuthenticationType.UserCredential:
var publicApp = PublicClientApplicationBuilder
.Create(KeyVaultPublicClientId)
.WithAuthority(new Uri(authority), true)
.Build();
authResult = await publicApp
.AcquireTokenByIntegratedWindowsAuth(scopes)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
break;
default:
throw new ArgumentOutOfRangeException();
}
_authResult = authResult;
return(authResult?.AccessToken);
}
