internal static Authority CreateAuthorityWithTenant(AuthorityInfo authorityInfo, string tenantId)
{
Authority initialAuthority = authorityInfo.CreateAuthority();
if (string.IsNullOrEmpty(tenantId))
{
return(initialAuthority);
}
string tenantedAuthority = initialAuthority.GetTenantedAuthority(tenantId);
return(Authority.CreateAuthority(tenantedAuthority, authorityInfo.ValidateAuthority));
}
/// <summary>
/// Figures out the authority based on the authority from the config and the authority from the request,
/// and optionally the homeAccountTenantId, which has an impact on AcquireTokenSilent
///
/// The algorithm is:
///
/// 1. If there is no request authority (i.e. no authority override), use the config authority.
/// 1.1. For AAD, if the config authority is "common" etc, try to use the tenanted version with the home account tenant ID
/// 2. If there is a request authority, try to use it.
/// 2.1. If the request authority is not "common", then use it
/// 2.2 If the request authority is "common", ignore it, and use 1.1
///
/// Special cases:
///
/// - if the authority is not defined at the application level and the request level is not AAD, use the request authority
/// - if the authority is defined at app level, and the request level authority of is of different type, throw an exception
///
/// </summary>
public static async Task <Authority> CreateAuthorityForRequestAsync(RequestContext requestContext,
AuthorityInfo requestAuthorityInfo,
IAccount account = null)
{
var configAuthorityInfo = requestContext.ServiceBundle.Config.Authority.AuthorityInfo;
if (configAuthorityInfo == null)
{
throw new ArgumentNullException(nameof(configAuthorityInfo));
}
ValidateTypeMismatch(configAuthorityInfo, requestAuthorityInfo);
await ValidateSameHostAsync(requestAuthorityInfo, requestContext).ConfigureAwait(false);
AuthorityInfo nonNullAuthInfo = requestAuthorityInfo ?? configAuthorityInfo;
switch (configAuthorityInfo.AuthorityType)
{
// ADFS is tenant-less, no need to consider tenant
case AuthorityType.Adfs:
return(new AdfsAuthority(nonNullAuthInfo));
case AuthorityType.Dsts:
return(new DstsAuthority(nonNullAuthInfo));
case AuthorityType.B2C:
return(new B2CAuthority(nonNullAuthInfo));
case AuthorityType.Aad:
bool updateEnvironment = requestContext.ServiceBundle.Config.MultiCloudSupportEnabled && account != null;
if (requestAuthorityInfo == null)
{
return(updateEnvironment ?
CreateAuthorityWithTenant(CreateAuthorityWithEnvironment(configAuthorityInfo, account.Environment).AuthorityInfo, account?.HomeAccountId?.TenantId) :
CreateAuthorityWithTenant(configAuthorityInfo, account?.HomeAccountId?.TenantId));
}
// In case the authority is defined only at the request level
if (configAuthorityInfo.IsDefaultAuthority &&
requestAuthorityInfo.AuthorityType != AuthorityType.Aad)
{
return(requestAuthorityInfo.CreateAuthority());
}
var requestAuthority = updateEnvironment ?
new AadAuthority(CreateAuthorityWithEnvironment(requestAuthorityInfo, account?.Environment).AuthorityInfo) :
new AadAuthority(requestAuthorityInfo);
if (!requestAuthority.IsCommonOrganizationsOrConsumersTenant())
{
return(requestAuthority);
}
return(updateEnvironment ?
CreateAuthorityWithTenant(CreateAuthorityWithEnvironment(configAuthorityInfo, account.Environment).AuthorityInfo, account?.HomeAccountId?.TenantId) :
CreateAuthorityWithTenant(configAuthorityInfo, account?.HomeAccountId?.TenantId));
default:
throw new MsalClientException(
MsalError.InvalidAuthorityType,
"Unsupported authority type");
}
}