public void SaveAccessAndRefreshTokenWithIntersectingScopesTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
TokenResponse response = new TokenResponse
{
IdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
AccessToken = "access-token",
ClientInfo = MockHelpers.CreateClientInfo(),
ExpiresIn = 3599,
CorrelationId = "correlation-id",
RefreshToken = "refresh-token",
Scope = TestConstants.Scope.AsSingleString(),
TokenType = "Bearer"
};
RequestContext requestContext = new RequestContext(Guid.NewGuid(), null);
AuthenticationRequestParameters requestParams = new AuthenticationRequestParameters()
{
RequestContext = requestContext,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
ClientId = TestConstants.ClientId,
TenantUpdatedCanonicalAuthority = TestConstants.AuthorityHomeTenant
};
cache.SaveAccessAndRefreshToken(requestParams, response);
response = new TokenResponse
{
IdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
ClientInfo = MockHelpers.CreateClientInfo(),
AccessToken = "access-token-2",
ExpiresIn = 3599,
CorrelationId = "correlation-id",
RefreshToken = "refresh-token-2",
Scope = TestConstants.Scope.First() + " random-scope",
TokenType = "Bearer"
};
cache.SaveAccessAndRefreshToken(requestParams, response);
Assert.AreEqual(1, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
Assert.AreEqual(1, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.AreEqual("refresh-token-2", cache.GetAllRefreshTokensForClient(requestContext).First().RefreshToken);
Assert.AreEqual("access-token-2", cache.GetAllAccessTokensForClient(requestContext).First().AccessToken);
}
public static MsalTokenResponse CreateMsalTokenResponse()
{
return(new MsalTokenResponse
{
IdToken = MockHelpers.CreateIdToken(UniqueId, DisplayableId),
AccessToken = "access-token",
ClientInfo = MockHelpers.CreateClientInfo(),
ExpiresIn = 3599,
CorrelationId = "correlation-id",
RefreshToken = "refresh-token",
Scope = s_scope.AsSingleString(),
TokenType = "Bearer"
});
}
private static IWebTokenRequestResultWrapper CreateSuccessResponse(WebAccount account)
{
var webTokenResponseWrapper = Substitute.For<IWebTokenRequestResultWrapper>();
webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success);
var webTokenResponse = new WebTokenResponse("at", account);
webTokenResponseWrapper.ResponseData.Returns(new List<WebTokenResponse>() { webTokenResponse });
webTokenResponse.Properties.Add("Authority", TestConstants.AuthorityHomeTenant);
webTokenResponse.Properties.Add("wamcompat_client_info", MockHelpers.CreateClientInfo());
webTokenResponse.Properties.Add("wamcompat_id_token", MockHelpers.CreateIdToken("oid", "upn", "tid"));
webTokenResponse.Properties.Add("wamcompat_scopes", "profile openid");
return webTokenResponseWrapper;
}
private static MsalTokenResponse CreateMsalTokenResponseFromWam(string wamAccountId)
{
return(new MsalTokenResponse
{
IdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
AccessToken = "access-token",
ClientInfo = MockHelpers.CreateClientInfo(),
ExpiresIn = 3599,
CorrelationId = "correlation-id",
RefreshToken = null, // brokers don't return RT
Scope = TestConstants.s_scope.AsSingleString(),
TokenType = "Bearer",
WamAccountId = wamAccountId,
});
}
public void GetIntersectedScopesMatchedAccessTokenTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem atItem = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ScopeSet = TestConstants.Scope,
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromHours(1)),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId)
};
// create key out of access token cache item and then
// set it as the value of the access token.
AccessTokenCacheKey atKey = atItem.GetAccessTokenItemKey();
atItem.AccessToken = atKey.ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[atKey.ToString()] = JsonHelper.SerializeToJson(atItem);
var param = new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = new SortedSet <string>(),
User =
new User()
{
DisplayableId = TestConstants.DisplayableId,
Identifier = TestConstants.UserIdentifier
}
};
param.Scope.Add(TestConstants.Scope.First());
param.Scope.Add("non-existant-scopes");
AccessTokenCacheItem item = cache.FindAccessToken(param);
//intersected scopes are not returned.
Assert.IsNull(item);
}
public void GetSubsetScopesMatchedAccessTokenTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem atItem = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ScopeSet = TestConstants.Scope,
Scope = TestConstants.Scope.AsSingleString(),
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromHours(1)),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
RawClientInfo = MockHelpers.CreateClientInfo(),
};
atItem.IdToken = IdToken.Parse(atItem.RawIdToken);
atItem.ClientInfo = ClientInfo.CreateFromJson(atItem.RawClientInfo);
// create key out of access token cache item and then
// set it as the value of the access token.
AccessTokenCacheKey atKey = atItem.GetAccessTokenItemKey();
atItem.AccessToken = atKey.ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[atKey.ToString()] = JsonHelper.SerializeToJson(atItem);
var param = new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = new SortedSet <string>(),
User = TestConstants.User
};
param.Scope.Add("r1/scope1");
AccessTokenCacheItem item = cache.FindAccessToken(param);
Assert.IsNotNull(item);
Assert.AreEqual(atKey.ToString(), item.AccessToken);
}
public async Task PopWhenBrokerIsNotAvailableTest_Async()
{
//MSAL should not fall back to using the browser if the broker is not available when using POP
// Arrange
using (var harness = CreateTestHarness())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
var mockBroker = Substitute.For <IBroker>();
mockBroker.IsBrokerInstalledAndInvokable(AuthorityType.Aad).Returns(false);
mockBroker.IsPopSupported.Returns(true);
var pca = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithExperimentalFeatures(true)
.WithBrokerPreview()
.WithTestBroker(mockBroker)
.WithHttpManager(harness.HttpManager)
.BuildConcrete();
pca.ServiceBundle.Config.BrokerCreatorFunc = (x, y, z) => mockBroker;
pca.ServiceBundle.ConfigureMockWebUI();
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(
"user.read",
MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
MockHelpers.CreateClientInfo(TestConstants.Uid, TestConstants.Utid))
});
// Act
var exception = await AssertException.TaskThrowsAsync <MsalClientException>(async() => { await pca.AcquireTokenInteractive(TestConstants.s_graphScopes)
.WithProofOfPossession(TestConstants.Nonce, HttpMethod.Get, new Uri(TestConstants.AuthorityCommonTenant))
.ExecuteAsync()
.ConfigureAwait(false); }).ConfigureAwait(false);
Assert.AreEqual(MsalError.BrokerApplicationRequired, exception.ErrorCode);
Assert.AreEqual(MsalErrorMessage.CannotInvokeBrokerForPop, exception.Message);
}
}
public async Task AcquireTokenNoClientInfoReturnedTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage("some-scope1 some-scope2",
MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId), string.Empty)
});
try
{
AuthenticationResult result = await app.AcquireTokenAsync(TestConstants.Scope).ConfigureAwait(false);
}
catch (MsalClientException exc)
{
Assert.IsNotNull(exc);
Assert.AreEqual(MsalClientException.JsonParseError, exc.ErrorCode);
Assert.AreEqual("client info is null", exc.Message);
}
finally
{
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
}
private void PopulateLegacyWithRtAndId(
ILegacyCachePersistence legacyCachePersistence,
string clientId,
string env,
string uid,
string uniqueTenantId,
string username,
string scope)
{
string clientInfoString;
string homeAccountId;
if (string.IsNullOrEmpty(uid) || string.IsNullOrEmpty(uniqueTenantId))
{
clientInfoString = null;
homeAccountId = null;
}
else
{
clientInfoString = MockHelpers.CreateClientInfo(uid, uniqueTenantId);
homeAccountId = ClientInfo.CreateFromJson(clientInfoString).ToAccountIdentifier();
}
var rtItem = new MsalRefreshTokenCacheItem(env, clientId, "someRT", clientInfoString, null, homeAccountId);
var idTokenCacheItem = new MsalIdTokenCacheItem(
env,
clientId,
MockHelpers.CreateIdToken(uid, username),
clientInfoString,
homeAccountId,
tenantId: uniqueTenantId);
CacheFallbackOperations.WriteAdalRefreshToken(
_logger,
legacyCachePersistence,
rtItem,
idTokenCacheItem,
"https://" + env + "/common",
uid,
scope);
}
public void GetExpiredAccessTokenTest()
{
cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem item = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
RawClientInfo = MockHelpers.CreateClientInfo(),
ScopeSet = TestConstants.Scope
};
item.IdToken = IdToken.Parse(item.RawIdToken);
item.ClientInfo = ClientInfo.CreateFromJson(item.RawClientInfo);
item.AccessToken = item.GetAccessTokenItemKey().ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[item.GetAccessTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(item);
cache.TokenCacheAccessor.AccessTokenCacheDictionary[item.GetAccessTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(item);
Assert.IsNull(cache.FindAccessToken(new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = TestConstants.Scope,
User =
new User()
{
DisplayableId = TestConstants.DisplayableId,
Identifier = TestConstants.UserIdentifier
}
}));
}
private readonly MockHttpMessageHandler X5CMockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(
MsalTestConstants.Scope.AsSingleString(),
MockHelpers.CreateIdToken(MsalTestConstants.UniqueId, MsalTestConstants.DisplayableId),
MockHelpers.CreateClientInfo(MsalTestConstants.Uid, MsalTestConstants.Utid + "more")),
AdditionalRequestValidation = request =>
{
var requestContent = request.Content.ReadAsStringAsync().GetAwaiter().GetResult();
var formsData = CoreHelpers.ParseKeyValueList(requestContent, '&', true, null);
// Check presence of client_assertion in request
Assert.IsTrue(formsData.TryGetValue("client_assertion", out string encodedJwt), "Missing client_assertion from request");
// Check presence of x5c cert claim. It should exist.
var handler = new JwtSecurityTokenHandler();
var jsonToken = handler.ReadJwtToken(encodedJwt);
Assert.IsTrue(jsonToken.Header.Any(header => header.Key == "x5c"), "x5c should be present");
}
};
public void GetAccessTokenMatchedUserAssertionInCacheTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem atItem = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ScopeSet = TestConstants.Scope,
Scope = TestConstants.Scope.AsSingleString(),
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromHours(1)),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId)
};
// create key out of access token cache item and then
// set it as the value of the access token.
AccessTokenCacheKey atKey = atItem.GetAccessTokenItemKey();
atItem.AccessToken = atKey.ToString();
atItem.UserAssertionHash = CryptographyHelper.CreateBase64UrlEncodedSha256Hash(atKey.ToString());
cache.TokenCacheAccessor.AccessTokenCacheDictionary[atKey.ToString()] = JsonHelper.SerializeToJson(atItem);
var param = new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = TestConstants.Scope,
UserAssertion = new UserAssertion(atKey.ToString())
};
cache.AfterAccess = AfterAccessNoChangeNotification;
AccessTokenCacheItem item = cache.FindAccessToken(param);
Assert.IsNotNull(item);
Assert.AreEqual(atKey.ToString(), item.AccessToken);
}
public void GetAccessTokenUserAssertionMismatchInCacheTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem atItem = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ScopeSet = TestConstants.Scope,
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromHours(1)),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId)
};
// create key out of access token cache item and then
// set it as the value of the access token.
AccessTokenCacheKey atKey = atItem.GetAccessTokenItemKey();
atItem.AccessToken = atKey.ToString();
atItem.UserAssertionHash = CryptographyHelper.CreateBase64UrlEncodedSha256Hash(atKey.ToString());
cache.TokenCacheAccessor.AccessTokenCacheDictionary[atKey.ToString()] = JsonHelper.SerializeToJson(atItem);
var param = new AuthenticationRequestParameters()
{
RequestContext = new RequestContext(Guid.Empty, null),
ClientId = TestConstants.ClientId,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
Scope = TestConstants.Scope,
UserAssertion = new UserAssertion(atItem.UserAssertionHash + "-random")
};
AccessTokenCacheItem item = cache.FindAccessToken(param);
// cache lookup should fail because there was userassertion hash did not match the one
// stored in token cache item.
Assert.IsNull(item);
}
public void WriteAdalRefreshToken_ErrorLog()
{
// Arrange
_legacyCachePersistence.ThrowOnWrite = true;
string clientInfo = MockHelpers.CreateClientInfo("u1", "ut1");
string homeAccountId = ClientInfo.CreateFromJson(clientInfo).ToAccountIdentifier();
var rtItem = new MsalRefreshTokenCacheItem(
TestConstants.ProductionPrefNetworkEnvironment,
TestConstants.ClientId,
"someRT",
clientInfo,
null,
homeAccountId);
var idTokenCacheItem = new MsalIdTokenCacheItem(
TestConstants.ProductionPrefCacheEnvironment, // different env
TestConstants.ClientId,
MockHelpers.CreateIdToken("u1", "username"),
clientInfo,
tenantId: "ut1",
homeAccountId: homeAccountId);
// Act
CacheFallbackOperations.WriteAdalRefreshToken(
_logger,
_legacyCachePersistence,
rtItem,
idTokenCacheItem,
"https://some_env.com/common", // yet another env
"uid",
"scope1");
// Assert
_logger.Received().Error(Arg.Is <string>(CacheFallbackOperations.DifferentAuthorityError));
_logger.Received().Error(Arg.Is <string>(CacheFallbackOperations.DifferentEnvError));
}
private static void PopulateLegacyWithRtAndId(
ILegacyCachePersistence legacyCachePersistence,
string clientId,
string env,
string uid,
string uniqueTenantId,
string username,
string scope)
{
string clientInfoString;
if (string.IsNullOrEmpty(uid) || string.IsNullOrEmpty(uniqueTenantId))
{
clientInfoString = null;
}
else
{
clientInfoString = MockHelpers.CreateClientInfo(uid, uniqueTenantId);
}
var rtItem = new MsalRefreshTokenCacheItem(env, clientId, "someRT", clientInfoString);
var idTokenCacheItem = new MsalIdTokenCacheItem(
env,
clientId,
MockHelpers.CreateIdToken(uid, username),
clientInfoString,
uniqueTenantId);
CacheFallbackOperations.WriteAdalRefreshToken(
legacyCachePersistence,
rtItem,
idTokenCacheItem,
"https://" + env + "/common",
"uid",
scope);
}
public void SerializeDeserializeCacheTest()
{
TokenCache cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
TokenResponse response = new TokenResponse();
response.IdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId);
response.ClientInfo = MockHelpers.CreateClientInfo();
response.AccessToken = "access-token";
response.ExpiresIn = 3599;
response.CorrelationId = "correlation-id";
response.RefreshToken = "refresh-token";
response.Scope = TestConstants.Scope.AsSingleString();
response.TokenType = "Bearer";
RequestContext requestContext = new RequestContext(Guid.NewGuid(), null);
AuthenticationRequestParameters requestParams = new AuthenticationRequestParameters()
{
RequestContext = requestContext,
Authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false),
ClientId = TestConstants.ClientId,
TenantUpdatedCanonicalAuthority = TestConstants.AuthorityHomeTenant
};
cache.SaveAccessAndRefreshToken(requestParams, response);
byte[] serializedCache = cache.Serialize();
cache.TokenCacheAccessor.AccessTokenCacheDictionary.Clear();
cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Clear();
Assert.AreEqual(0, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
Assert.AreEqual(0, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
cache.Deserialize(serializedCache);
Assert.AreEqual(1, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
Assert.AreEqual(1, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
serializedCache = cache.Serialize();
cache.Deserialize(serializedCache);
//item count should not change because old cache entries should have
//been overriden
Assert.AreEqual(1, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
Assert.AreEqual(1, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
AccessTokenCacheItem atItem = cache.GetAllAccessTokensForClient(requestContext).First();
Assert.AreEqual(response.AccessToken, atItem.AccessToken);
Assert.AreEqual(TestConstants.AuthorityHomeTenant, atItem.Authority);
Assert.AreEqual(TestConstants.ClientId, atItem.ClientId);
Assert.AreEqual(response.TokenType, atItem.TokenType);
Assert.AreEqual(response.Scope, atItem.ScopeSet.AsSingleString());
Assert.AreEqual(response.IdToken, atItem.RawIdToken);
RefreshTokenCacheItem rtItem = cache.GetAllRefreshTokensForClient(requestContext).First();
Assert.AreEqual(response.RefreshToken, rtItem.RefreshToken);
Assert.AreEqual(TestConstants.ClientId, rtItem.ClientId);
Assert.AreEqual(TestConstants.UserIdentifier, rtItem.GetUserIdentifier());
Assert.AreEqual(TestConstants.ProductionEnvironment, rtItem.Environment);
}
public void TestGetAccounts()
{
var tokenCacheHelper = new TokenCacheHelper();
using (var httpManager = new MockHttpManager())
{
PublicClientApplication app = PublicClientApplicationBuilder.Create(MsalTestConstants.ClientId)
.WithHttpManager(httpManager)
.BuildConcrete();
IEnumerable <IAccount> accounts = app.GetAccountsAsync().Result;
Assert.IsNotNull(accounts);
Assert.IsFalse(accounts.Any());
tokenCacheHelper.PopulateCache(app.UserTokenCacheInternal.Accessor);
accounts = app.GetAccountsAsync().Result;
Assert.IsNotNull(accounts);
Assert.AreEqual(1, accounts.Count());
var atItem = new MsalAccessTokenCacheItem(
MsalTestConstants.ProductionPrefCacheEnvironment,
MsalTestConstants.ClientId,
MsalTestConstants.Scope.AsSingleString(),
MsalTestConstants.Utid,
null,
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3600)),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(7200)),
MockHelpers.CreateClientInfo());
atItem.Secret = atItem.GetKey().ToString();
app.UserTokenCacheInternal.Accessor.SaveAccessToken(atItem);
// another cache entry for different uid. user count should be 2.
MsalRefreshTokenCacheItem rtItem = new MsalRefreshTokenCacheItem(
MsalTestConstants.ProductionPrefCacheEnvironment,
MsalTestConstants.ClientId,
"someRT",
MockHelpers.CreateClientInfo("uId1", "uTId1"));
app.UserTokenCacheInternal.Accessor.SaveRefreshToken(rtItem);
MsalIdTokenCacheItem idTokenCacheItem = new MsalIdTokenCacheItem(
MsalTestConstants.ProductionPrefCacheEnvironment,
MsalTestConstants.ClientId,
MockHelpers.CreateIdToken(MsalTestConstants.UniqueId, MsalTestConstants.DisplayableId),
MockHelpers.CreateClientInfo("uId1", "uTId1"),
"uTId1");
app.UserTokenCacheInternal.Accessor.SaveIdToken(idTokenCacheItem);
MsalAccountCacheItem accountCacheItem = new MsalAccountCacheItem(
MsalTestConstants.ProductionPrefCacheEnvironment,
null,
MockHelpers.CreateClientInfo("uId1", "uTId1"),
null,
null,
"uTId1",
null,
null);
app.UserTokenCacheInternal.Accessor.SaveAccount(accountCacheItem);
Assert.AreEqual(2, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count());
accounts = app.GetAccountsAsync().Result;
Assert.IsNotNull(accounts);
Assert.AreEqual(2, accounts.Count()); // scoped by env
// another cache entry for different environment. user count should still be 2. Sovereign cloud user must not be returned
rtItem = new MsalRefreshTokenCacheItem(
MsalTestConstants.SovereignNetworkEnvironment,
MsalTestConstants.ClientId,
"someRT",
MockHelpers.CreateClientInfo(MsalTestConstants.Uid + "more1", MsalTestConstants.Utid));
app.UserTokenCacheInternal.Accessor.SaveRefreshToken(rtItem);
Assert.AreEqual(3, app.UserTokenCacheInternal.Accessor.GetAllRefreshTokens().Count());
accounts = app.GetAccountsAsync().Result;
Assert.IsNotNull(accounts);
Assert.AreEqual(2, accounts.Count());
}
}
public void GetUsersTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
IEnumerable <IUser> users = app.Users;
Assert.IsNotNull(users);
Assert.IsFalse(users.Any());
cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
app.UserTokenCache = cache;
TokenCacheHelper.PopulateCache(cache.TokenCacheAccessor);
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(1, users.Count());
AccessTokenCacheItem item = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
TokenType = "Bearer",
ExpiresOnUnixTimestamp =
MsalHelpers.DateTimeToUnixTimestamp((DateTime.UtcNow + TimeSpan.FromSeconds(3600))),
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
RawClientInfo = MockHelpers.CreateClientInfo(),
ScopeSet = TestConstants.Scope
};
item.IdToken = IdToken.Parse(item.RawIdToken);
item.ClientInfo = ClientInfo.CreateFromJson(item.RawClientInfo);
item.AccessToken = item.GetAccessTokenItemKey().ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[item.GetAccessTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(item);
// another cache entry for different uid. user count should be 2.
RefreshTokenCacheItem rtItem = new RefreshTokenCacheItem()
{
Environment = TestConstants.ProductionEnvironment,
ClientId = TestConstants.ClientId,
RefreshToken = "someRT",
RawClientInfo = MockHelpers.CreateClientInfo(TestConstants.Uid + "more", TestConstants.Utid),
DisplayableId = TestConstants.DisplayableId,
IdentityProvider = TestConstants.IdentityProvider,
Name = TestConstants.Name
};
rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo);
cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtItem.GetRefreshTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(rtItem);
Assert.AreEqual(2, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(2, users.Count());
// another cache entry for different environment. user count should still be 2. Sovereign cloud user must not be returned
rtItem = new RefreshTokenCacheItem()
{
Environment = TestConstants.SovereignEnvironment,
ClientId = TestConstants.ClientId,
RefreshToken = "someRT",
RawClientInfo = MockHelpers.CreateClientInfo(TestConstants.Uid + "more1", TestConstants.Utid),
DisplayableId = TestConstants.DisplayableId,
IdentityProvider = TestConstants.IdentityProvider,
Name = TestConstants.Name
};
rtItem.ClientInfo = ClientInfo.CreateFromJson(rtItem.RawClientInfo);
cache.TokenCacheAccessor.RefreshTokenCacheDictionary[rtItem.GetRefreshTokenItemKey().ToString()] =
JsonHelper.SerializeToJson(rtItem);
Assert.AreEqual(3, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(2, users.Count());
}
public void AcquireTokenNullUserPassedInAndNewUserReturnedFromServiceTest()
{
cache.ClientId = TestConstants.ClientId;
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId)
{
UserTokenCache = cache
};
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = app.AcquireTokenAsync(TestConstants.Scope).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(), result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
// repeat interactive call and pass in the same user
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.Scope.AsSingleString(),
MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
MockHelpers.CreateClientInfo(TestConstants.Uid, TestConstants.Utid + "more"))
});
result = app.AcquireTokenAsync(TestConstants.Scope, (IUser)null, UIBehavior.SelectAccount, null).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(TestConstants.Uid, TestConstants.Utid + "more"),
result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId);
Assert.AreEqual(2, app.Users.Count());
Assert.AreEqual(2, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public void AcquireTokenDifferentUserReturnedFromServiceTest()
{
cache.ClientId = TestConstants.ClientId;
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId)
{
UserTokenCache = cache
};
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = app.AcquireTokenAsync(TestConstants.Scope).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(), result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
var dict = new Dictionary <string, string>();
dict[OAuth2Parameter.DomainReq] = TestConstants.Utid;
dict[OAuth2Parameter.LoginReq] = TestConstants.Uid;
// repeat interactive call and pass in the same user
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"), dict);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.Scope.AsSingleString(),
MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
MockHelpers.CreateClientInfo(TestConstants.Uid, TestConstants.Utid + "more"))
});
try
{
result = app.AcquireTokenAsync(TestConstants.Scope, result.User, UIBehavior.SelectAccount, null).Result;
Assert.Fail("API should have failed here");
}
catch (AggregateException ex)
{
MsalServiceException exc = (MsalServiceException)ex.InnerException;
Assert.IsNotNull(exc);
Assert.AreEqual("user_mismatch", exc.ErrorCode);
}
Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.ApiIdKey] == "174" &&
anEvent[ApiEvent.WasSuccessfulKey] == "false" && anEvent[ApiEvent.ApiErrorCodeKey] == "user_mismatch"
));
Assert.AreEqual(1, app.Users.Count());
Assert.AreEqual(1, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public void NoCacheLookup()
{
Authority authority = Authority.CreateAuthority(TestConstants.AuthorityHomeTenant, false);
cache = new TokenCache()
{
ClientId = TestConstants.ClientId
};
AccessTokenCacheItem atItem = new AccessTokenCacheItem()
{
Authority = TestConstants.AuthorityHomeTenant,
ClientId = TestConstants.ClientId,
RawIdToken = MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
RawClientInfo = MockHelpers.CreateClientInfo(),
TokenType = "Bearer",
ExpiresOnUnixTimestamp = MsalHelpers.DateTimeToUnixTimestamp(DateTime.UtcNow + TimeSpan.FromSeconds(3599)),
ScopeSet = TestConstants.Scope
};
atItem.IdToken = IdToken.Parse(atItem.RawIdToken);
atItem.ClientInfo = ClientInfo.CreateFromJson(atItem.RawClientInfo);
AccessTokenCacheKey atKey = atItem.GetAccessTokenItemKey();
atItem.AccessToken = atKey.ToString();
cache.TokenCacheAccessor.AccessTokenCacheDictionary[atKey.ToString()] = JsonHelper.SerializeToJson(atItem);
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
MockHttpMessageHandler mockHandler = new MockHttpMessageHandler();
mockHandler.Method = HttpMethod.Post;
mockHandler.ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage();
HttpMessageHandlerFactory.AddMockHandler(mockHandler);
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authority = authority,
ClientId = TestConstants.ClientId,
Scope = TestConstants.Scope,
TokenCache = cache,
RequestContext = new RequestContext(Guid.Empty, null)
};
parameters.RedirectUri = new Uri("some://uri");
parameters.ExtraQueryParameters = "extra=qp";
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
TestConstants.DisplayableId,
UIBehavior.SelectAccount, ui);
Task <AuthenticationResult> task = request.RunAsync();
task.Wait();
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(1, cache.TokenCacheAccessor.RefreshTokenCacheDictionary.Count);
Assert.AreEqual(2, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.AreEqual(result.AccessToken, "some-access-token");
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("ui_event") && anEvent[UiEvent.UserCancelledKey] == "false"));
Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.UiBehaviorKey] == "select_account"));
}
