public async Task JsonWebTokenWithX509PublicCertClaimTest()
{
var certificate = new X509Certificate2("valid_cert.pfx", TestConstants.DefaultPassword);
var clientAssertion = new ClientAssertionCertificate(TestConstants.DefaultClientId, certificate);
var context = new AuthenticationContext(TestConstants.TenantSpecificAuthority, new TokenCache());
var validCertClaim = "\"x5c\":\"" + Convert.ToBase64String(certificate.GetRawCertData());
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.TenantSpecificAuthority))
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent("{\"token_type\":\"Bearer\",\"expires_in\":\"3599\",\"access_token\":\"some-access-token\"}")
},
AdditionalRequestValidation = request =>
{
var requestContent = request.Content.ReadAsStringAsync().GetAwaiter().GetResult();
var formsData = EncodingHelper.ParseKeyValueList(requestContent, '&', true, null);
// Check presence of client_assertion in request
string encodedJwt;
Assert.IsTrue(formsData.TryGetValue("client_assertion", out encodedJwt), "Missing client_assertion from request");
// Check presence of x5c cert claim. It should not exist.
var jwtHeader = EncodingHelper.UrlDecode(encodedJwt.Split('.')[0]);
Assert.IsTrue(!jwtHeader.Contains("\"x5c\":"));
}
});
AuthenticationResult result = await context.AcquireTokenAsync(TestConstants.DefaultResource, clientAssertion);
Assert.IsNotNull(result.AccessToken);
}
public void AdalClaimsChallengeExceptionThrownWithAcquireTokenClientCredentialWhenClaimsChallengeRequiredTestAsync()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, new TokenCache());
var credential = new ClientCredential(TestConstants.DefaultClientId, TestConstants.DefaultClientSecret);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityCommonTenant))
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(responseContent)
}
});
var result = AssertException.TaskThrows <AdalClaimChallengeException>(() =>
context.AcquireTokenAsync(TestConstants.DefaultResource, credential));
Assert.AreEqual(claims.Replace("\\", ""), result.Claims);
}
public void InnerExceptionIncludedWithAdalClaimsChallengeExceptionTestAsync()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, new TokenCache());
var credential = new ClientCredential(TestConstants.DefaultClientId, TestConstants.DefaultClientSecret);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityCommonTenant))
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest)
{
Content = new StringContent(responseContent)
}
});
var result = AssertException.TaskThrows <AdalClaimChallengeException>(() =>
context.AcquireTokenAsync(TestConstants.DefaultResource, credential));
// Check inner exception
Assert.AreEqual("Response status code does not indicate success: 400 (BadRequest).", result.InnerException.Message);
Assert.AreEqual(responseContent + ": Unknown error", result.InnerException.InnerException.Message);
}
