public void NoCredentialTypesDefined_Throw()
{
// Arrange
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = string.Empty,
};
// Act
MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation();
Action credentialAction = () =>
microsoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
// Assert
var exception = Assert.Throws <MsalClientException>(credentialAction);
Assert.Equal(
string.Format(CultureInfo.InvariantCulture, "Both client secret & client certificate cannot be null or whitespace, " +
"and ONE, must be included in the configuration of the web app when calling a web API. " +
"For instance, in the appsettings.json file. "), exception.Message);
Assert.Equal("missing_client_credentials", exception.ErrorCode);
}
public void BothCredentialTypesDefined_Throw()
{
// Arrange
CertificateDescription certificateDescription =
CertificateDescription.FromBase64Encoded("encoded");
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
ClientCertificates = new CertificateDescription[] { certificateDescription },
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = "some secret",
};
// Act
MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation();
Action credentialAction = () =>
microsoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
// Assert
var exception = Assert.Throws <MsalClientException>(credentialAction);
Assert.Equal(
string.Format(CultureInfo.InvariantCulture, "Both Client secret & client certificate, " +
"cannot be included in the configuration of the web app when calling a web API. "), exception.Message);
Assert.Equal("duplicate_client_credentials", exception.ErrorCode);
}
public void BothCredentialTypesDefined_Throw()
{
// Arrange
CertificateDescription certificateDescription =
CertificateDescription.FromBase64Encoded("encoded");
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
ClientCertificates = new CertificateDescription[] { certificateDescription },
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = "some secret",
};
// Act
Action credentialAction = () =>
MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
// Assert
var exception = Assert.Throws <MsalClientException>(credentialAction);
Assert.Equal(IDWebErrorMessage.BothClientSecretAndCertificateProvided, exception.Message);
Assert.Equal(ErrorCodes.DuplicateClientCredentials, exception.ErrorCode);
}
public void ValidateRequiredMicrosoftIdentityOptions(
string clientId,
string instance,
string tenantid,
string signUpSignInPolicyId,
string domain,
string optionsName,
MissingParam missingParam = MissingParam.None)
{
_microsoftIdentityOptions = new MicrosoftIdentityOptions
{
ClientId = clientId,
Instance = instance,
TenantId = tenantid,
};
if (optionsName == AzureAdB2C)
{
_microsoftIdentityOptions.SignUpSignInPolicyId = signUpSignInPolicyId;
_microsoftIdentityOptions.Domain = domain;
}
MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation();
ValidateOptionsResult result = microsoftIdentityOptionsValidation.Validate(optionsName, _microsoftIdentityOptions);
CheckReturnValueAgainstExpectedMissingParam(missingParam, result);
}
public void ValidateCredentialType()
{
// Arrange
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = "some secret",
};
// Act & Assert
// Should not throw
MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
}
public void ValidateCredentialType_Certificate(string base64Encoded)
{
// Arrange
CertificateDescription certificateDescription =
CertificateDescription.FromBase64Encoded(base64Encoded);
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
ClientCertificates = new CertificateDescription[] { certificateDescription },
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = string.Empty,
};
// Act & Assert
// Should not throw
MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
}
public void ApplicationOptionsIncludeClientSecret(string clientSecret)
{
// Arrange
InitializeTokenAcquisitionObjects();
var options = new ConfidentialClientApplicationOptions
{
ClientSecret = clientSecret
};
MicrosoftIdentityOptionsValidation microsoftIdentityOptionsValidation = new MicrosoftIdentityOptionsValidation();
ValidateOptionsResult result = microsoftIdentityOptionsValidation.ValidateClientSecret(options);
if (result.Failed)
{
string msg = string.Format(CultureInfo.InvariantCulture, "The 'ClientSecret' option must be provided.");
Assert.Equal(msg, result.FailureMessage);
}
else
{
Assert.True(result.Succeeded);
}
}
public void NoCredentialTypesDefined_Throw()
{
// Arrange
MicrosoftIdentityOptions microsoftIdentityOptions = new MicrosoftIdentityOptions
{
Authority = TestConstants.AuthorityCommonTenant,
ClientId = TestConstants.ConfidentialClientId,
};
ConfidentialClientApplicationOptions options = new ConfidentialClientApplicationOptions
{
ClientSecret = string.Empty,
};
// Act
Action credentialAction = () =>
MicrosoftIdentityOptionsValidation.ValidateEitherClientCertificateOrClientSecret(options.ClientSecret, microsoftIdentityOptions.ClientCertificates);
// Assert
var exception = Assert.Throws <MsalClientException>(credentialAction);
Assert.Equal(IDWebErrorMessage.ClientSecretAndCertficateNull, exception.Message);
Assert.Equal(ErrorCodes.MissingClientCredentials, exception.ErrorCode);
}
