public async Task InteractiveBrowserRefreshException()
{
string expInnerExMessage = Guid.NewGuid().ToString();
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
var mockMsalClient = new MockMsalPublicClient
{
InteractiveAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); },
SilentAuthFactory = (_) => { throw new MsalUiRequiredException("errorCode", "message"); }
};
var credential = InstrumentClient(new InteractiveBrowserCredential(CredentialPipeline.GetInstance(null), mockMsalClient));
AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(expToken, token.Token);
Assert.AreEqual(expExpiresOn, token.ExpiresOn);
mockMsalClient.InteractiveAuthFactory = (_) => { throw new MockClientException(expInnerExMessage); };
var ex = Assert.ThrowsAsync <AuthenticationFailedException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.IsNotNull(ex.InnerException);
Assert.IsInstanceOf(typeof(MockClientException), ex.InnerException);
Assert.AreEqual(expInnerExMessage, ex.InnerException.Message);
await Task.CompletedTask;
}
public async Task NoMatchingAccountsTenantIdOnly()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
string fakeuserTenantId = Guid.NewGuid().ToString();
string madeupuserTenantId = Guid.NewGuid().ToString();
string tenantId = Guid.NewGuid().ToString();
var mockMsalClient = new MockMsalPublicClient
{
Accounts =
new List <IAccount>
{
new MockAccount("*****@*****.**", fakeuserTenantId), new MockAccount("*****@*****.**", madeupuserTenantId)
},
SilentAuthFactory = (_, _) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
// with username
var credential = InstrumentClient(new SharedTokenCacheCredential(tenantId, null, null, null, mockMsalClient));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(
ex.Message,
$"SharedTokenCacheCredential authentication unavailable. No account matching the specified tenantId: {tenantId} was found in the cache.");
await Task.CompletedTask;
}
public async Task MultipleAccountsNoTenantIdOrUsername()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
string fakeuserTenantId = Guid.NewGuid().ToString();
string madeupuserTenantId = Guid.NewGuid().ToString();
var mockMsalClient = new MockMsalPublicClient
{
Accounts =
new List <IAccount>
{
new MockAccount("*****@*****.**", fakeuserTenantId), new MockAccount("*****@*****.**", madeupuserTenantId)
},
SilentAuthFactory = (_, _) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
var credential = InstrumentClient(new SharedTokenCacheCredential(null, null, null, null, mockMsalClient));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(ex.Message, SharedTokenCacheCredential.MultipleAccountsInCacheMessage);
await Task.CompletedTask;
}
public async Task OneMatchingAccountTenantIdAndUsername()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
string tenantId = Guid.NewGuid().ToString();
var mockMsalClient = new MockMsalPublicClient
{
Accounts =
new List <IAccount>
{
new MockAccount(expectedUsername, Guid.NewGuid().ToString()),
new MockAccount("*****@*****.**"),
new MockAccount(expectedUsername, tenantId)
},
SilentAuthFactory = (_, _) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
var credential = InstrumentClient(new SharedTokenCacheCredential(tenantId, expectedUsername, null, null, mockMsalClient));
AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(expToken, token.Token);
Assert.AreEqual(expExpiresOn, token.ExpiresOn);
}
public async Task MultipleMatchingAccountsUsernameAndTenantId()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
string fakeuserTenantId = Guid.NewGuid().ToString();
string mockuserTenantId = Guid.NewGuid().ToString();
string mockuserGuestTenantId = fakeuserTenantId;
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new IAccount[] { new MockAccount("*****@*****.**", fakeuserTenantId), new MockAccount("*****@*****.**", mockuserTenantId), new MockAccount("*****@*****.**", mockuserTenantId) },
SilentAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
var credential = InstrumentClient(new SharedTokenCacheCredential(mockuserTenantId, "*****@*****.**", CredentialPipeline.GetInstance(null), mockMsalClient));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.True(ex.Message.StartsWith($"Multiple accounts matching the specified username: [email protected] tenantId: {mockuserTenantId} were found in the cache"));
Assert.True(ex.Message.Contains($"username: [email protected] tenantId: {fakeuserTenantId}"));
Assert.True(ex.Message.IndexOf($"username: [email protected] tenantId: {mockuserTenantId}") != ex.Message.LastIndexOf($"username: [email protected] tenantId: {mockuserTenantId}"));
await Task.CompletedTask;
}
public async Task ValidateClientSecretCredentialSucceededEvents()
{
var mockMsalClient = new MockMsalConfidentialClient(AuthenticationResultFactory.Create());
var credential = InstrumentClient(new ClientSecretCredential(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), CredentialPipeline.GetInstance(null), mockMsalClient));
var method = "ClientSecretCredential.GetToken";
await AssertCredentialGetTokenSucceededAsync(credential, method);
}
public async Task ValidateClientCertificateCredentialSucceededEvents()
{
var mockMsalClient = new MockMsalConfidentialClient(AuthenticationResultFactory.Create(Guid.NewGuid().ToString(), expiresOn: DateTimeOffset.Now + TimeSpan.FromMinutes(10)));
var mockAadClient = new MockAadIdentityClient(() => new AccessToken(Guid.NewGuid().ToString(), DateTimeOffset.UtcNow.AddMinutes(10)));
var credential = InstrumentClient(new ClientCertificateCredential(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), new X509Certificate2(), CredentialPipeline.GetInstance(null), mockMsalClient));
var method = "ClientCertificateCredential.GetToken";
await AssertCredentialGetTokenSucceededAsync(credential, method);
}
public async Task ValidateDeviceCodeCredentialSucceededEvents()
{
var mockMsalClient = new MockMsalPublicClient()
{
DeviceCodeAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: Guid.NewGuid().ToString(), expiresOn: DateTimeOffset.UtcNow.AddMinutes(10))); }
};
var credential = InstrumentClient(new DeviceCodeCredential((_, __) => { return(Task.CompletedTask); }, Guid.NewGuid().ToString(), CredentialPipeline.GetInstance(null), mockMsalClient));
var method = "Azure.Identity.DeviceCodeCredential.GetToken";
await AssertCredentialGetTokenSucceededAsync(credential, method);
}
public async Task ValidateInteractiveBrowserCredentialSucceededEvents()
{
var mockMsalClient = new MockMsalPublicClient()
{
InteractiveAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: Guid.NewGuid().ToString(), expiresOn: DateTimeOffset.UtcNow.AddMinutes(10))); }
};
var credential = InstrumentClient(new InteractiveBrowserCredential(CredentialPipeline.GetInstance(null), mockMsalClient));
var method = "InteractiveBrowserCredential.GetToken";
await AssertCredentialGetTokenSucceededAsync(credential, method);
}
public async Task ValidateSharedTokenCacheCredentialSucceededEvents()
{
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new IAccount[] { new MockAccount("*****@*****.**") },
SilentAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: Guid.NewGuid().ToString(), expiresOn: DateTimeOffset.UtcNow.AddMinutes(10))); }
};
var credential = InstrumentClient(new SharedTokenCacheCredential(null, "*****@*****.**", CredentialPipeline.GetInstance(null), mockMsalClient));
var method = "SharedTokenCacheCredential.GetToken";
await AssertCredentialGetTokenSucceededAsync(credential, method);
}
public async Task OneMatchingAccountUsernameOnly()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new IAccount[] { new MockAccount("*****@*****.**"), new MockAccount("*****@*****.**") },
SilentAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
var credential = InstrumentClient(new SharedTokenCacheCredential(null, "*****@*****.**", CredentialPipeline.GetInstance(null), mockMsalClient));
AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(expToken, token.Token);
Assert.AreEqual(expExpiresOn, token.ExpiresOn);
}
public async Task VerifyAuthenticationRecordOption()
{
var expectedHomeId = $"{Guid.NewGuid()}.{Guid.NewGuid()}";
var expectedEnvironment = AzureAuthorityHosts.AzurePublicCloud.ToString();
var acquireTokenSilentCalled = false;
var options = new SharedTokenCacheCredentialOptions
{
AuthenticationRecord = new AuthenticationRecord(
expectedUsername,
expectedEnvironment,
expectedHomeId,
Guid.NewGuid().ToString(),
Guid.NewGuid().ToString())
};
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new List <IAccount> {
new MockAccount("*****@*****.**")
},
ExtendedSilentAuthFactory = (_, _, account, _, _, _) =>
{
Assert.AreEqual(expectedUsername, account.Username);
Assert.AreEqual(expectedEnvironment, account.Environment);
Assert.AreEqual(expectedHomeId, account.HomeAccountId.Identifier);
acquireTokenSilentCalled = true;
return(AuthenticationResultFactory.Create());
}
};
var credential = InstrumentClient(new SharedTokenCacheCredential(null, null, options, null, mockMsalClient));
AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.IsTrue(acquireTokenSilentCalled);
}
public async Task NoAccounts()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new List <IAccount> {
},
SilentAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
// without username
var credential = InstrumentClient(new SharedTokenCacheCredential(null, null, null, null, mockMsalClient));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(SharedTokenCacheCredential.NoAccountsInCacheMessage, ex.Message);
// with username
var credential2 = InstrumentClient(new SharedTokenCacheCredential(null, "*****@*****.**", null, null, mockMsalClient));
var ex2 = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential2.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(SharedTokenCacheCredential.NoAccountsInCacheMessage, ex2.Message);
// with tenantId
var credential3 = InstrumentClient(new SharedTokenCacheCredential(Guid.NewGuid().ToString(), null, null, null, mockMsalClient));
var ex3 = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential3.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(SharedTokenCacheCredential.NoAccountsInCacheMessage, ex3.Message);
// with tenantId and username
var credential4 = InstrumentClient(new SharedTokenCacheCredential(Guid.NewGuid().ToString(), "*****@*****.**", null, null, mockMsalClient));
var ex4 = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential4.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(SharedTokenCacheCredential.NoAccountsInCacheMessage, ex4.Message);
await Task.CompletedTask;
}
public async Task MultipleMatchingAccountsDifferentHomeIds()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new IAccount[] { new MockAccount("*****@*****.**"), new MockAccount("*****@*****.**"), new MockAccount("*****@*****.**") },
SilentAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
// with username
var credential = InstrumentClient(new SharedTokenCacheCredential("*****@*****.**", CredentialPipeline.GetInstance(null), mockMsalClient));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.True(ex.Message.Contains("Multiple entries for the user account '*****@*****.**' were found in the shared token cache. This is not currently supported by the SharedTokenCacheCredential."));
await Task.CompletedTask;
}
public async Task NoMatchingAccounts()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new IAccount[] { new MockAccount("*****@*****.**"), new MockAccount("*****@*****.**") },
SilentAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
// with username
var credential = InstrumentClient(new SharedTokenCacheCredential("*****@*****.**", CredentialPipeline.GetInstance(null), mockMsalClient));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.True(ex.Message.Contains($"account '*****@*****.**' was not found"));
Assert.True(ex.Message.Contains($"Discovered Accounts: [ '*****@*****.**', '*****@*****.**' ]"));
await Task.CompletedTask;
}
public async Task MultipleMatchingAccountsUsernameOnly()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
string fakeuserTenantId = Guid.NewGuid().ToString();
string mockuserTenantId = Guid.NewGuid().ToString();
string mockuserGuestTenantId = fakeuserTenantId;
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new IAccount[] { new MockAccount("*****@*****.**", fakeuserTenantId), new MockAccount("*****@*****.**", mockuserTenantId), new MockAccount("*****@*****.**", mockuserGuestTenantId) },
SilentAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
var credential = InstrumentClient(new SharedTokenCacheCredential(null, "*****@*****.**", null, null, mockMsalClient));
var ex = Assert.ThrowsAsync <CredentialUnavailableException>(async() => await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default)));
Assert.AreEqual(ex.Message, "SharedTokenCacheCredential authentication unavailable. Multiple accounts matching the specified username: [email protected] were found in the cache.");
await Task.CompletedTask;
}
public async Task MatchAnySingleTenantIdWithEnableGuestTenantAuthentication()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
string tenantId = Guid.NewGuid().ToString();
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new List <IAccount> {
new MockAccount("*****@*****.**", Guid.NewGuid().ToString())
},
SilentAuthFactory = (_) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
var credential = InstrumentClient(new SharedTokenCacheCredential(tenantId, null, new SharedTokenCacheCredentialOptions {
EnableGuestTenantAuthentication = true
}, null, mockMsalClient));
AccessToken token = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(expToken, token.Token);
Assert.AreEqual(expExpiresOn, token.ExpiresOn);
}
public async Task MultipleMatchingAccountsUsernameAndTenantIdWithEnableGuestTenantAuthentication()
{
string expToken = Guid.NewGuid().ToString();
DateTimeOffset expExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5);
string fakeuserTenantId = Guid.NewGuid().ToString();
string mockuserTenantId1 = Guid.NewGuid().ToString();
string mockuserTenantId2 = Guid.NewGuid().ToString();
string mockuserGuestTenantId = fakeuserTenantId;
var mockMsalClient = new MockMsalPublicClient
{
Accounts = new List <IAccount>
{
new MockAccount("*****@*****.**", fakeuserTenantId),
new MockAccount(expectedUsername, mockuserTenantId1),
new MockAccount(expectedUsername, mockuserTenantId2)
},
SilentAuthFactory = (_, _) => { return(AuthenticationResultFactory.Create(accessToken: expToken, expiresOn: expExpiresOn)); }
};
var credential = InstrumentClient(
new SharedTokenCacheCredential(
mockuserTenantId1,
expectedUsername,
new SharedTokenCacheCredentialOptions {
EnableGuestTenantAuthentication = true
},
null,
mockMsalClient));
var token = await credential.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(expToken, token.Token);
Assert.AreEqual(expExpiresOn, token.ExpiresOn);
}
public async Task ValidateClientSecretCredentialSucceededEvents()
{
var mockMsalClient = new MockMsalConfidentialClient(AuthenticationResultFactory.Create());
var credential = InstrumentClient(new ClientSecretCredential(Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), Guid.NewGuid().ToString(), default, default, mockMsalClient));
