private async System.Threading.Tasks.Task buttonAppConsent_ClickAsync(object sender, EventArgs e)
{
// Obtain admin consent for application (which will return an id token that we use to get other tokens)
OAuthContext oAuthContext = InitOAuthContextFromFormValues();
oAuthContext.appConsent = true;
oAuthContext.adminConsent = true; // This is implicit in app consent, but we'll set it anyway
if (oAuthContext.cert == null)
{
// We MUST use certificate auth for application consent, so we fail here as we don't have one
System.Windows.Forms.MessageBox.Show(this, "Certificate authentication is required for application authentication.", "Invalid Configuration", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
FormGetUserPermission formGetPermission = new FormGetUserPermission(oAuthContext);
if (formGetPermission.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
string code = formGetPermission.Token;
// When we get our token, it will be cached in the TokenCache, so next time the silent calls will work
ClientAssertionCertificate clientCert = new ClientAssertionCertificate(oAuthContext.clientId, oAuthContext.cert);
AuthenticationResult authenticationResult = await _oAuthHelper.AuthenticationContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(oAuthContext.redirectUrl), clientCert);
}
return;
}
public static async Task <AuthenticationResult> GetToken(OAuthContext oAuthContext)
{
// Get OAuth token using client credentials
string tenantName = oAuthContext.tenantName;
if (_authenticationContext == null)
{
_authenticationContext = new Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext(oAuthContext.authUrl + "/" + tenantName, _tokenCache);
}
AuthenticationResult authenticationResult = null;
if (oAuthContext.ObtainUserConsent)
{
// We need to get user consent
FormGetUserPermission formGetPermission = new FormGetUserPermission(oAuthContext);
if (formGetPermission.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
string code = formGetPermission.Code;
// When we get our token, it will be cached in the TokenCache, so next time the silent calls will work
if (oAuthContext.cert == null)
{
ClientCredential clientCred = new ClientCredential(oAuthContext.clientId, oAuthContext.secretKey);
authenticationResult = await _authenticationContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(oAuthContext.redirectUrl), clientCred);
}
else
{
ClientAssertionCertificate clientCert = new ClientAssertionCertificate(oAuthContext.clientId, oAuthContext.cert);
authenticationResult = await _authenticationContext.AcquireTokenByAuthorizationCodeAsync(code, new Uri(oAuthContext.redirectUrl), clientCert);
}
}
return(authenticationResult);
}
if (oAuthContext.isNativeApplication)
{
if (oAuthContext.adminConsent)
{
authenticationResult = await _authenticationContext.AcquireTokenAsync(oAuthContext.resource,
oAuthContext.clientId,
new Uri(oAuthContext.redirectUrl),
new PlatformParameters(PromptBehavior.Always),
UserIdentifier.AnyUser,
"prompt=admin_consent");
}
else
{
authenticationResult = await _authenticationContext.AcquireTokenAsync(oAuthContext.resource, oAuthContext.clientId, new Uri(oAuthContext.redirectUrl), new PlatformParameters(PromptBehavior.Always));
}
}
else
{
if (!String.IsNullOrEmpty(oAuthContext.userId))
{
// We have the UserId for the mailbox we want to access, so we'll try to get a token silently (we should have a cached token)
try
{
if (oAuthContext.cert == null)
{
ClientCredential clientCred = new ClientCredential(oAuthContext.clientId, oAuthContext.secretKey);
authenticationResult = await _authenticationContext.AcquireTokenSilentAsync(oAuthContext.resource, clientCred, new UserIdentifier(oAuthContext.userId, UserIdentifierType.UniqueId));
}
else
{
ClientAssertionCertificate clientCert = new ClientAssertionCertificate(oAuthContext.clientId, oAuthContext.cert);
authenticationResult = await _authenticationContext.AcquireTokenSilentAsync(oAuthContext.resource, clientCert, new UserIdentifier(oAuthContext.userId, UserIdentifierType.UniqueId));
}
return(authenticationResult);
}
catch (Exception ex)
{
_lastError = ex;
}
}
}
return(authenticationResult);
}
