internal static void TokenCacheSerializationTest()
{
var context = new AuthenticationContext("https://login.windows.net/common", false);
var tokenCache = context.TokenCache;
const int MaxItemCount = 100;
const int MaxFieldSize = 1024;
for (int i = 0; i < 100; i++)
{
tokenCache.Clear();
for (int count = 0; count < Rand.Next(1, MaxItemCount); count++)
{
TokenCacheKey key = GenerateRandomTokenCacheKey();
AuthenticationResult result = GenerateRandomCacheValue(MaxFieldSize, key.UniqueId, key.DisplayableId);
AddToDictionary(tokenCache, key, result);
}
byte[] serializedCache = tokenCache.Serialize();
TokenCache cache2 = new TokenCache(serializedCache);
foreach (var key in tokenCache.tokenCacheDictionary.Keys)
{
AuthenticationResult result2 = cache2.tokenCacheDictionary[key];
VerifyAuthenticationResultsAreEqual(tokenCache.tokenCacheDictionary[key], result2);
}
}
}
//292916 Ensure AcquireTokenSilent tests exist in ADAL.NET for public clients
public async Task ExpiredATValidRTInCache_GetNewATRTFromServiceAsync()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, new TokenCache());
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityCommonTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(),
PostData = new Dictionary <string, string>()
{
{ "client_id", TestConstants.DefaultClientId },
{ "grant_type", "refresh_token" },
{ "refresh_token", "some_rt" }
}
});
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityCommonTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some_rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token",
DateTimeOffset.UtcNow)
};
AuthenticationResult result = await context.AcquireTokenSilentAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
new UserIdentifier(TestConstants.DefaultDisplayableId, UserIdentifierType.RequiredDisplayableId)).ConfigureAwait(false);
Assert.IsNotNull(result);
}
public void AcquireTokenSilentServiceErrorTestAsync()
{
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityCommonTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User, "unique_id",
"*****@*****.**");
cache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "something-invalid",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "some-access-token", DateTimeOffset.UtcNow)
};
AuthenticationContext context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, cache);
var ex = AssertException.TaskThrows <AdalSilentTokenAcquisitionException>(async() =>
{
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage()
});
await context.AcquireTokenSilentAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, new UserIdentifier("unique_id", UserIdentifierType.UniqueId));
});
Assert.AreEqual(AdalError.FailedToAcquireTokenSilently, ex.ErrorCode);
Assert.AreEqual(AdalErrorMessage.FailedToRefreshToken, ex.Message);
Assert.IsNotNull(ex.InnerException);
Assert.IsTrue(ex.InnerException is AdalException);
Assert.AreEqual(((AdalException)ex.InnerException).ErrorCode, "invalid_grant");
}
public RefreshTokenCacheItem FindRefreshToken(AuthenticationRequestParameters requestParam)
{
lock (lockObject)
{
TokenCacheKey key = new TokenCacheKey(null, null, requestParam.ClientKey.ClientId, null, null,
requestParam.User?.HomeObjectId,
requestParam.Policy);
TokenCacheNotificationArgs args = new TokenCacheNotificationArgs
{
TokenCache = this,
ClientId = _clientId,
User = requestParam.User
};
OnBeforeAccess(args);
IList <RefreshTokenCacheItem> refreshTokenCacheItems = TokenCacheAccessor.GetRefreshTokens(key);
OnAfterAccess(args);
if (refreshTokenCacheItems.Count == 0)
{
// TODO: no RT returned
return(null);
}
// User info already provided, if there are multiple items found will throw since we don't what
// is the one we should use.
if (refreshTokenCacheItems.Count > 1)
{
throw new MsalException(MsalError.MultipleTokensMatched);
}
return(refreshTokenCacheItems[0]);
}
}
public async Task AcquireTokenWithInvalidResourceTestAsync()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityCommonTenant, new TokenCache());
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "some-access-token", DateTimeOffset.UtcNow)
};
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage()
});
try
{
await context.AcquireTokenSilentAsync("random-resource", TestConstants.DefaultClientId);
}
catch (AdalServiceException exc)
{
Assert.AreEqual(AdalError.FailedToRefreshToken, exc.ErrorCode);
}
}
public void ConstructorInitCombinations()
{
//no policy, user properties
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId);
this.ValidateTokenCacheKey(key, true);
//with policy, user properties
key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
this.ValidateTokenCacheKey(key, false);
User user = new User();
user.DisplayableId = TestConstants.DefaultDisplayableId;
user.UniqueId = TestConstants.DefaultUniqueId;
user.HomeObjectId = TestConstants.DefaultHomeObjectId;
//no policy, user object
key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId, user);
this.ValidateTokenCacheKey(key, true);
//with policy, user object
key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId, user,
TestConstants.DefaultPolicy);
this.ValidateTokenCacheKey(key, false);
}
public void TestScopeContains()
{
//null scope
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
null, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
//null will contain null
HashSet <string> otherScope = null;
Assert.IsTrue(key.ScopeContains(otherScope));
Assert.IsFalse(key.ScopeContains(new HashSet <string>()));
//put scope value
key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
Assert.IsTrue(key.ScopeContains(otherScope));
Assert.IsTrue(key.ScopeContains(new HashSet <string>()));
otherScope = new HashSet <string>(TestConstants.DefaultScope.ToArray());
Assert.IsTrue(key.ScopeContains(otherScope));
// other scope has more
otherScope.Add("anotherscope");
Assert.IsFalse(key.ScopeContains(otherScope));
}
public void DeleteRefreshToken(TokenCacheKey key)
{
CryptographyHelper helper = new CryptographyHelper();
string hashed = helper.CreateSha256Hash(key.ToString());
_refreshTokenContainer.Values.Remove(hashed);
}
public async Task AcquireTokenSilentServiceErrorTestAsync()
{
Sts sts = new AadSts();
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(sts.Authority, sts.ValidResource, sts.ValidClientId, TokenSubjectType.User, "unique_id", "*****@*****.**");
cache.tokenCacheDictionary[key] = new AuthenticationResult("Bearer", "some-access-token",
"invalid-refresh-token", DateTimeOffset.UtcNow);
AuthenticationContext context = new AuthenticationContext(sts.Authority, sts.ValidateAuthority, cache);
try
{
await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId, new UserIdentifier("unique_id", UserIdentifierType.UniqueId));
Verify.Fail("AdalSilentTokenAcquisitionException was expected");
}
catch (AdalSilentTokenAcquisitionException ex)
{
Verify.AreEqual(AdalError.FailedToAcquireTokenSilently, ex.ErrorCode);
Verify.AreEqual(AdalErrorMessage.FailedToRefreshToken, ex.Message);
Verify.IsNotNull(ex.InnerException);
Verify.IsTrue(ex.InnerException is AdalException);
Verify.AreEqual(((AdalException)ex.InnerException).ErrorCode, "invalid_grant");
}
catch
{
Verify.Fail("AdalSilentTokenAcquisitionException was expected");
}
}
public void OBOUserAssertionHashUsernamePassedTest()
{
TokenCache cache = TokenCacheHelper.CreateCacheWithItems();
string someAssertion = "some-assertion-passed-by-developer";
TokenCacheKey key = cache.tokenCacheDictionary.Keys.First();
//update cache entry with hash of an assertion that will not match
cache.tokenCacheDictionary[key].UserAssertionHash =
new CryptographyHelper().CreateSha256Hash(someAssertion);
ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new ClientCredential(TestConstants.DefaultClientSecret), new TokenCache());
app.UserTokenCache = cache;
//this is a fail safe. No call should go on network
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage =
MockHelpers.CreateInvalidGrantTokenResponseMessage()
};
UserAssertion assertion = new UserAssertion(someAssertion, AssertionType, key.DisplayableId);
Task <AuthenticationResult> task = app.AcquireTokenOnBehalfOfAsync(key.Scope.AsArray(),
assertion, key.Authority, TestConstants.DefaultPolicy);
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(key.UniqueId, result.User.UniqueId);
Assert.AreEqual(key.DisplayableId, result.User.DisplayableId);
Assert.AreEqual(HashAccessToken,
cache.tokenCacheDictionary[key].UserAssertionHash);
}
public void TokenCacheKey_GetHashCode_IsNotCurrentCultureDependent()
{
var initialCulture = Thread.CurrentThread.CurrentCulture;
try
{
// Setup
var testSubject = new TokenCacheKey(Authority, Resource, ClientId, SubjectType, UniqueId, "a displayable ID with four types of letter iIİı");
// Act: en-US as current culture
Thread.CurrentThread.CurrentCulture = GetEnglishUsCulture();
var enUsHashCode = testSubject.GetHashCode();
// Act: tr-TK as current culture
Thread.CurrentThread.CurrentCulture = GetTurkishCulture();
var trTkHashCode = testSubject.GetHashCode();
// Verify
Assert.AreEqual(enUsHashCode, trTkHashCode, "Expected hash codes to be the same regardless of current thread culture");
}
catch (CultureNotFoundException ex)
{
Assert.Inconclusive($"The culture {ex.InvalidCultureId} is not available.");
}
finally
{
// To ensure isolation with other test cases in this assembly,
// ensure the test exits with the same culture it started with.
Thread.CurrentThread.CurrentCulture = initialCulture;
}
}
public async Task AutoPromptBehaviorWithTokenInCacheTestAsync()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token",
DateTimeOffset.UtcNow + TimeSpan.FromMinutes(100))
};
AuthenticationResult result =
await
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Auto)).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("existing-access-token", result.AccessToken);
// There should be only one cache entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
public string ToString(TokenCacheKey key)
{
var fields = new string[]
{
key.Authority,
key.ClientId,
key.ExpiresOn.ToString("o", CultureInfo.InvariantCulture),
key.FamilyName,
key.GivenName,
key.IdentityProviderName,
key.IsMultipleResourceRefreshToken.ToString(),
key.IsUserIdDisplayable.ToString(),
key.Resource,
key.TenantId,
key.UserId
};
// Escape our separator characters. Using ` instead
// of \ because hey, powershell.
for (int i = 0; i < fields.Length; ++i)
{
if (fields[i] == null)
{
fields[i] = String.Empty;
}
fields[i] = fields[i].Replace(escapeString, escapeString + escapeString);
fields[i] = fields[i].Replace(separatorString, escapeString + separatorString);
}
return String.Join(separatorString, fields);
}
public async Task AcquireTokenWithValidTokenInCache_ReturnsCachedTokenAsync()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, true, new TokenCache());
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token",
DateTimeOffset.UtcNow + TimeSpan.FromMinutes(100))
};
var result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
new UserPasswordCredential(TestConstants.DefaultDisplayableId, TestConstants.DefaultPassword)).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("existing-access-token", result.AccessToken);
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, context.Authenticator.Authority);
Assert.IsNotNull(result.UserInfo);
// There should be one cached entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
public void ForcePromptForNeverPromptBehaviorTest()
{
var context = new AuthenticationContext(TestConstants.DefaultAuthorityHomeTenant, new TokenCache());
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultResource, TestConstants.DefaultClientId, TokenSubjectType.User,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId);
context.TokenCache.tokenCacheDictionary[key] = new AuthenticationResultEx
{
RefreshToken = "some-rt",
ResourceInResponse = TestConstants.DefaultResource,
Result = new AuthenticationResult("Bearer", "existing-access-token", DateTimeOffset.UtcNow)
};
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler(TestConstants.GetTokenEndpoint(TestConstants.DefaultAuthorityHomeTenant))
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage()
});
var exc = AssertException.TaskThrows <AdalServiceException>(() =>
context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId,
TestConstants.DefaultRedirectUri, new PlatformParameters(PromptBehavior.Never)));
Assert.AreEqual(AdalError.FailedToRefreshToken, exc.ErrorCode);
// There should be only one cache entry.
Assert.AreEqual(1, context.TokenCache.Count);
}
internal static void TokenCacheSerializationTest()
{
var context = new AuthenticationContext("https://login.windows.net/common", false);
var tokenCache = context.TokenCache;
const int MaxItemCount = 100;
const int MaxFieldSize = 1024;
tokenCache.Clear();
for (int count = 0; count < Rand.Next(1, MaxItemCount); count++)
{
TokenCacheKey key = GenerateRandomTokenCacheKey();
AuthenticationResultEx result = GenerateRandomCacheValue(MaxFieldSize, key.UniqueId, key.DisplayableId);
AddToDictionary(tokenCache, key, result);
}
byte[] serializedCache = tokenCache.Serialize();
TokenCache tokenCache2 = new TokenCache(serializedCache);
Assert.AreEqual(tokenCache.Count, tokenCache2.Count);
foreach (TokenCacheItem item in tokenCache.ReadItems())
{
var item2 = tokenCache2.ReadItems().FirstOrDefault(it => it.AccessToken == item.AccessToken);
Assert.IsNotNull(item2);
double diff = Math.Abs((item.ExpiresOn - item2.ExpiresOn).TotalSeconds);
Assert.IsTrue((1.0 - diff) >= 0);
}
foreach (var key in tokenCache.tokenCacheDictionary.Keys)
{
AuthenticationResultEx result2 = tokenCache2.tokenCacheDictionary[key];
VerifyAuthenticationResultExsAreEqual(tokenCache.tokenCacheDictionary[key], result2);
}
}
/// <summary>
/// Decode cache contents into something we can feed to AuthenticationResult.Deserialize.
/// WARNING: This will be deprecated eventually by ADAL team and replaced by something supported.
/// </summary>
/// <param name="key">The cache key for the entry to decode</param>
/// <returns>The decoded string to pass to AuthenticationResult.Deserialize</returns>
private AuthenticationResult DecodeCachedAuthResult(TokenCacheKey key)
{
string encoded = tokenCache[key];
string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(encoded));
return(AuthenticationResult.Deserialize(decoded));
}
public static TokenCacheKey DecodeCacheKey(string cacheKey)
{
var elements = new TokenCacheKey();
IDictionary <TokenCacheKeyElement, string> elementDictionary = Decode(cacheKey);
elements.Authority = elementDictionary.ContainsKey(TokenCacheKeyElement.Authority) ? elementDictionary[TokenCacheKeyElement.Authority] : null;
elements.ClientId = elementDictionary.ContainsKey(TokenCacheKeyElement.ClientId) ? elementDictionary[TokenCacheKeyElement.ClientId] : null;
elements.FamilyName = elementDictionary.ContainsKey(TokenCacheKeyElement.FamilyName) ? elementDictionary[TokenCacheKeyElement.FamilyName] : null;
elements.GivenName = elementDictionary.ContainsKey(TokenCacheKeyElement.GivenName) ? elementDictionary[TokenCacheKeyElement.GivenName] : null;
elements.IdentityProviderName = elementDictionary.ContainsKey(TokenCacheKeyElement.IdentityProviderName) ? elementDictionary[TokenCacheKeyElement.IdentityProviderName] : null;
elements.Resource = elementDictionary.ContainsKey(TokenCacheKeyElement.Resource) ? elementDictionary[TokenCacheKeyElement.Resource] : null;
elements.TenantId = elementDictionary.ContainsKey(TokenCacheKeyElement.TenantId) ? elementDictionary[TokenCacheKeyElement.TenantId] : null;
elements.UserId = elementDictionary.ContainsKey(TokenCacheKeyElement.UserId) ? elementDictionary[TokenCacheKeyElement.UserId] : null;
if (elementDictionary.ContainsKey(TokenCacheKeyElement.ExpiresOn))
{
elements.ExpiresOn = DateTimeOffset.Parse(elementDictionary[TokenCacheKeyElement.ExpiresOn]);
}
if (elementDictionary.ContainsKey(TokenCacheKeyElement.IsUserIdDisplayable))
{
elements.IsUserIdDisplayable = bool.Parse(elementDictionary[TokenCacheKeyElement.IsUserIdDisplayable]);
}
if (elementDictionary.ContainsKey(TokenCacheKeyElement.IsMultipleResourceRefreshToken))
{
elements.IsMultipleResourceRefreshToken = bool.Parse(elementDictionary[TokenCacheKeyElement.IsMultipleResourceRefreshToken]);
}
return(elements);
}
internal static void TokenCacheCapacityTest()
{
var tokenCache = new TokenCache();
tokenCache.Clear();
const int MaxItemCount = 100;
TokenCacheKey[] keys = new TokenCacheKey[MaxItemCount];
AuthenticationResultEx[] values = new AuthenticationResultEx[MaxItemCount];
for (int i = 0; i < MaxItemCount; i++)
{
keys[i] = GenerateRandomTokenCacheKey();
values[i] = CreateCacheValue(null, null);
AddToDictionary(tokenCache, keys[i], values[i]);
}
Assert.AreEqual(MaxItemCount, tokenCache.Count);
for (int i = 0; i < MaxItemCount; i++)
{
AuthenticationResultEx cacheValue;
int index = MaxItemCount - i - 1;
Assert.IsTrue(tokenCache.tokenCacheDictionary.TryGetValue(keys[index], out cacheValue));
Assert.AreEqual(values[index], cacheValue);
RemoveFromDictionary(tokenCache, keys[index]);
Assert.AreEqual(index, tokenCache.Count);
}
tokenCache.Clear();
}
public string ToString(TokenCacheKey key)
{
var fields = new string[]
{
key.Authority,
key.ClientId,
key.ExpiresOn.ToString("o", CultureInfo.InvariantCulture),
key.FamilyName,
key.GivenName,
key.IdentityProviderName,
key.IsMultipleResourceRefreshToken.ToString(),
key.IsUserIdDisplayable.ToString(),
key.Resource,
key.TenantId,
key.UserId
};
// Escape our separator characters. Using ` instead
// of \ because hey, powershell.
for (int i = 0; i < fields.Length; ++i)
{
if (fields[i] == null)
{
fields[i] = String.Empty;
}
fields[i] = fields[i].Replace(escapeString, escapeString + escapeString);
fields[i] = fields[i].Replace(separatorString, escapeString + separatorString);
}
return(String.Join(separatorString, fields));
}
public void SaveRefreshToken(RefreshTokenCacheItem refreshTokenItem)
{
TokenCacheKey key = refreshTokenItem.GetTokenCacheKey();
ISharedPreferencesEditor editor = _accessTokenSharedPreference.Edit();
editor.PutString(key.ToString(), JsonHelper.SerializeToJson(refreshTokenItem));
editor.Apply();
}
private static void AddToDictionary(TokenCache tokenCache, TokenCacheKey key, AuthenticationResult value)
{
tokenCache.OnBeforeAccess(null);
tokenCache.OnBeforeWrite(null);
tokenCache.tokenCacheDictionary.Add(key, value);
tokenCache.HasStateChanged = true;
tokenCache.OnAfterAccess(null);
}
public static string EncodeCacheKey(TokenCacheKey cacheKey)
{
var keyElements = new SortedDictionary <TokenCacheKeyElement, string>();
keyElements[TokenCacheKeyElement.Authority] = cacheKey.Authority;
if (!String.IsNullOrEmpty(cacheKey.Resource))
{
keyElements[TokenCacheKeyElement.Resource] = cacheKey.Resource;
}
if (!String.IsNullOrEmpty(cacheKey.ClientId))
{
keyElements[TokenCacheKeyElement.ClientId] = cacheKey.ClientId;
}
if (null != cacheKey.ExpiresOn)
{
keyElements[TokenCacheKeyElement.ExpiresOn] = cacheKey.ExpiresOn.ToString();
}
if (!String.IsNullOrEmpty(cacheKey.FamilyName))
{
keyElements[TokenCacheKeyElement.FamilyName] = cacheKey.FamilyName;
}
if (!String.IsNullOrEmpty(cacheKey.GivenName))
{
keyElements[TokenCacheKeyElement.GivenName] = cacheKey.GivenName;
}
if (!String.IsNullOrEmpty(cacheKey.IdentityProviderName))
{
keyElements[TokenCacheKeyElement.IdentityProviderName] = cacheKey.IdentityProviderName;
}
if (cacheKey.IsMultipleResourceRefreshToken)
{
keyElements[TokenCacheKeyElement.IsMultipleResourceRefreshToken] = cacheKey.IsMultipleResourceRefreshToken.ToString();
}
if (cacheKey.IsUserIdDisplayable)
{
keyElements[TokenCacheKeyElement.IsUserIdDisplayable] = cacheKey.IsUserIdDisplayable.ToString();
}
if (!String.IsNullOrEmpty(cacheKey.TenantId))
{
keyElements[TokenCacheKeyElement.TenantId] = cacheKey.TenantId;
}
if (!String.IsNullOrEmpty(cacheKey.UserId))
{
keyElements[TokenCacheKeyElement.UserId] = cacheKey.UserId;
}
return(CreateFromKeyElements(keyElements));
}
internal bool Match(TokenCacheKey key)
{
return(key != null &&
(key.Authority == this.Authority && key.ScopeEquals(this.Scope) &&
key.Equals(key.ClientId, this.ClientId) &&
key.UniqueId == this.UniqueId &&
key.Equals(key.DisplayableId, this.DisplayableId) && (key.HomeObjectId == this.HomeObjectId) &&
key.Equals(key.Policy, this.Policy)));
}
private void DeleteItemFromCache(TokenCacheItem item)
{
TokenCacheKey toRemoveKey = this.tokenCacheDictionary.Keys.FirstOrDefault(item.Match);
if (toRemoveKey != null)
{
this.tokenCacheDictionary.Remove(toRemoveKey);
}
}
public void TokenCacheKey_Equals_SameInstancesAreEqual()
{
// Setup
var testSubject = new TokenCacheKey(Authority, Resource, ClientId, SubjectType, UniqueId, DisplayableId);
// Act
var result = testSubject.Equals(testSubject);
// Verify
Assert.IsTrue(result, "Expected same instance to be considered equal");
}
internal static void TokenCacheCrossTenantOperationsTest()
{
var tokenCache = new TokenCache();
var cacheDictionary = tokenCache.tokenCacheDictionary;
tokenCache.Clear();
TokenCacheKey key = new TokenCacheKey("https://localhost/MockSts/", "resource1", "client1",
TokenSubjectType.User, null, "user1");
AuthenticationResultEx value = CreateCacheValue(null, "user1");
}
internal void StoreToCache(AuthenticationResultEx resultEx, string authority, string clientId,
string policy, bool restrictToSingleUser, CallState callState)
{
lock (lockObject)
{
PlatformPlugin.Logger.Verbose(callState, "Storing token in the cache...");
//single user mode cannot allow more than 1 unique id in the cache including null
if (restrictToSingleUser &&
(resultEx.Result.User == null || string.IsNullOrEmpty(resultEx.Result.User.UniqueId) ||
!this.GetUniqueIdsFromCache(clientId).Contains(resultEx.Result.User.UniqueId)))
{
throw new MsalException(MsalError.InvalidCacheOperation,
"Cannot add more than 1 user with a different unique id when RestrictToSingleUser is set to TRUE.");
}
this.OnBeforeWrite(new TokenCacheNotificationArgs
{
Scope = resultEx.Result.Scope,
ClientId = clientId,
User = resultEx.Result.User,
Policy = policy
});
TokenCacheKey tokenCacheKey = new TokenCacheKey(authority, resultEx.Result.ScopeSet, clientId,
resultEx.Result.User, policy);
// First identify all potential tokens.
List <KeyValuePair <TokenCacheKey, AuthenticationResultEx> > items = this.QueryCache(authority, clientId,
resultEx.Result.User, policy);
List <KeyValuePair <TokenCacheKey, AuthenticationResultEx> > itemsToRemove =
items.Where(p => p.Key.ScopeIntersects(resultEx.Result.ScopeSet)).ToList();
if (!itemsToRemove.Any())
{
this.tokenCacheDictionary[tokenCacheKey] = resultEx;
PlatformPlugin.Logger.Verbose(callState, "An item was stored in the cache");
}
else
{
//remove all intersections
PlatformPlugin.Logger.Verbose(callState, "Items to remove - " + itemsToRemove.Count);
foreach (var itemToRemove in itemsToRemove)
{
this.tokenCacheDictionary.Remove(itemToRemove);
}
this.tokenCacheDictionary[tokenCacheKey] = resultEx;
PlatformPlugin.Logger.Verbose(callState, "An item was updated in the cache");
}
this.UpdateCachedRefreshTokens(resultEx, authority, clientId, policy);
this.HasStateChanged = true;
}
}
public static void CheckPublicGetSets()
{
DateTimeOffset now = DateTimeOffset.UtcNow;
TokenCacheKey tokenCacheKey = new TokenCacheKey("Authority", "Resource", "ClientId", TokenSubjectType.User, "UniqueId", "DisplayableId");
Verify.IsTrue(tokenCacheKey.Authority == "Authority");
Verify.IsTrue(tokenCacheKey.ClientId == "ClientId");
Verify.IsTrue(tokenCacheKey.Resource == "Resource");
Verify.IsTrue(tokenCacheKey.UniqueId == "UniqueId");
Verify.IsTrue(tokenCacheKey.DisplayableId == "DisplayableId");
Verify.IsTrue(tokenCacheKey.TokenSubjectType == TokenSubjectType.User);
}
private static bool RemoveFromDictionary(TokenCache tokenCache, TokenCacheKey key)
{
bool result;
tokenCache.OnBeforeAccess(null);
tokenCache.OnBeforeWrite(null);
result = tokenCache.tokenCacheDictionary.Remove(key);
tokenCache.HasStateChanged = true;
tokenCache.OnAfterAccess(null);
return(result);
}
public static void CheckPublicGetSets()
{
TokenCacheKey tokenCacheKey = new TokenCacheKey("Authority", "Resource", "ClientId", TokenSubjectType.User,
"UniqueId", "DisplayableId");
Assert.IsTrue(tokenCacheKey.Authority == "Authority");
Assert.IsTrue(tokenCacheKey.ClientId == "ClientId");
Assert.IsTrue(tokenCacheKey.Resource == "Resource");
Assert.IsTrue(tokenCacheKey.UniqueId == "UniqueId");
Assert.IsTrue(tokenCacheKey.DisplayableId == "DisplayableId");
Assert.IsTrue(tokenCacheKey.TokenSubjectType == TokenSubjectType.User);
}
/// <summary>
/// Decode cache contents into something we can feed to AuthenticationResult.Deserialize.
/// WARNING: This will be deprecated eventually by ADAL team and replaced by something supported.
/// </summary>
/// <param name="key">The cache key for the entry to decode</param>
/// <returns>The decoded string to pass to AuthenticationResult.Deserialize</returns>
private AuthenticationResult DecodeCachedAuthResult(TokenCacheKey key)
{
string encoded = tokenCache[key];
string decoded = Encoding.UTF8.GetString(Convert.FromBase64String(encoded));
return AuthenticationResult.Deserialize(decoded);
}
