public async Task FromX509Certificate2()
{
var tenantId = TestEnvironment.ServicePrincipalTenantId;
var clientId = TestEnvironment.ServicePrincipalClientId;
var cert = new X509Certificate2(TestEnvironment.ServicePrincipalCertificatePfxPath);
var options = Recording.InstrumentClientOptions(new TokenCredentialOptions());
var credential = new ClientCertificateCredential(tenantId, clientId, cert, options);
var tokenRequestContext = new TokenRequestContext(new[] { KnownAuthorityHosts.GetDefaultScope(KnownAuthorityHosts.AzureCloud) });
// ensure we can initially acquire a token
AccessToken token = await credential.GetTokenAsync(tokenRequestContext);
Assert.IsNotNull(token.Token);
// ensure subsequent calls before the token expires are served from the token cache
AccessToken cachedToken = await credential.GetTokenAsync(tokenRequestContext);
Assert.AreEqual(token.Token, cachedToken.Token);
// ensure new credentials don't share tokens from the cache
var credential2 = new ClientCertificateCredential(tenantId, clientId, cert, options);
AccessToken token2 = await credential2.GetTokenAsync(tokenRequestContext);
// this assert is conditional because the access token is scrubbed in the recording so they will never be different
if (Mode != RecordedTestMode.Playback && Mode != RecordedTestMode.None)
{
Assert.AreNotEqual(token.Token, token2.Token);
}
}
public async Task GetToken()
{
var tenantId = TestEnvironment.ServicePrincipalTenantId;
var clientId = TestEnvironment.ServicePrincipalClientId;
var secret = TestEnvironment.ServicePrincipalClientSecret;
var options = Recording.InstrumentClientOptions(new TokenCredentialOptions());
var credential = new ClientSecretCredential(tenantId, clientId, secret, options);
var tokenRequestContext = new TokenRequestContext(new[] { KnownAuthorityHosts.GetDefaultScope(KnownAuthorityHosts.AzureCloud) });
// ensure we can initially acquire a token
AccessToken token = await credential.GetTokenAsync(tokenRequestContext);
Assert.IsNotNull(token.Token);
// ensure subsequent calls before the token expires are served from the token cache
AccessToken cachedToken = await credential.GetTokenAsync(tokenRequestContext);
Assert.AreEqual(token.Token, cachedToken.Token);
// ensure new credentials don't share tokens from the cache
var credential2 = new ClientSecretCredential(tenantId, clientId, secret, options);
AccessToken token2 = await credential2.GetTokenAsync(tokenRequestContext);
if (Mode != RecordedTestMode.Playback && Mode != RecordedTestMode.None)
{
Assert.AreNotEqual(token.Token, token2.Token);
}
}
public void IncorrectCertificate()
{
var tenantId = TestEnvironment.ServicePrincipalTenantId;
var clientId = TestEnvironment.ServicePrincipalClientId;
var certPath = Path.Combine(TestContext.CurrentContext.TestDirectory, "Data", "cert.pfx");
var options = Recording.InstrumentClientOptions(new TokenCredentialOptions());
var credential = new ClientCertificateCredential(tenantId, clientId, new X509Certificate2(certPath), options);
var tokenRequestContext = new TokenRequestContext(new[] { KnownAuthorityHosts.GetDefaultScope(KnownAuthorityHosts.AzureCloud) });
// ensure the incorrect client claim is rejected, handled and wrapped in AuthenticationFailedException
Assert.ThrowsAsync <AuthenticationFailedException>(async() => await credential.GetTokenAsync(tokenRequestContext));
}
public void GetTokenIncorrectPassword()
{
var tenantId = TestEnvironment.ServicePrincipalTenantId;
var clientId = TestEnvironment.ServicePrincipalClientId;
var secret = "badsecret";
var options = Recording.InstrumentClientOptions(new TokenCredentialOptions());
var credential = new ClientSecretCredential(tenantId, clientId, secret, options);
var tokenRequestContext = new TokenRequestContext(new[] { KnownAuthorityHosts.GetDefaultScope(KnownAuthorityHosts.AzureCloud) });
// ensure we can initially acquire a token
Assert.ThrowsAsync <AuthenticationFailedException>(async() => await credential.GetTokenAsync(tokenRequestContext));
}
