public async Task BrokerInteractiveRequestBrokerRequiredTestAsync() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockWebUI ui = new MockWebUI() { // When the auth code is returned from the authorization server prefixed with msauth:// // this means the user who logged requires cert based auth and broker MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=msauth://some-code") }; MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); harness.ServiceBundle.PlatformProxy.SetBrokerForTest(CreateMockBroker()); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false)); parameters.IsBrokerEnabled = false; InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, new AcquireTokenInteractiveParameters(), ui); AuthenticationResult result = await request.RunAsync(CancellationToken.None).ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("access-token", result.AccessToken); } }
public async Task WithExtraQueryParamsAndClaimsAsync() { IDictionary <string, string> extraQueryParamsAndClaims = TestConstants.ExtraQueryParameters.ToDictionary(e => e.Key, e => e.Value); extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims); using (MockHttpAndServiceBundle harness = CreateTestHarness()) { var cache = new TokenCache(harness.ServiceBundle, false); var ui = new MockWebUI() { MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=some-code"), QueryParamsToValidate = TestConstants.ExtraQueryParameters }; MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, ui); MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); var tokenResponseHandler = new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ExpectedQueryParams = TestConstants.ExtraQueryParameters, ExpectedPostData = new Dictionary <string, string>() { { OAuth2Parameter.Claims, TestConstants.Claims } }, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }; harness.HttpManager.AddMockHandler(tokenResponseHandler); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, cache, extraQueryParameters: TestConstants.ExtraQueryParameters, claims: TestConstants.Claims); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.SelectAccount, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; var request = new InteractiveRequest( parameters, interactiveParameters); AuthenticationResult result = await request.RunAsync().ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllRefreshTokens().Count()); Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(result.AccessToken, "some-access-token"); } }
[WorkItem(1418)] // test for bug https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1418 public async Task VerifyAuthorizationResult_NoErrorDescription_Async() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); MockWebUI webUi = new MockWebUI() { // error code and error description is empty string (not null) MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=some_error&error_description= "), }; AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false)); InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, new AcquireTokenInteractiveParameters(), webUi); var ex = await AssertException.TaskThrowsAsync <MsalServiceException>( () => request.ExecuteAsync(CancellationToken.None)) .ConfigureAwait(false); Assert.AreEqual("some_error", ex.ErrorCode); Assert.AreEqual(InteractiveRequest.UnknownError, ex.Message); } }
public void AcquireTokenAddTwoUsersTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId); MockWebUI ui = new MockWebUI() { MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.AuthorityHomeTenant + "?code=some-code") }; MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, app.RedirectUri + "?code=some-code")); //add mock response for tenant endpoint discovery HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant) }); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }); AuthenticationResult result = app.AcquireTokenAsync(TestConstants.Scope).Result; Assert.IsNotNull(result); Assert.IsNotNull(result.User); Assert.AreEqual(TestConstants.UniqueId, result.UniqueId); Assert.AreEqual(TestConstants.CreateUserIdentifer(), result.User.Identifier); Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId); Assert.AreEqual(TestConstants.IdentityProvider, result.TenantId); // repeat interactive call and pass in the same user MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, app.RedirectUri + "?code=some-code")); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.Scope.ToString(), MockHelpers.CreateIdToken(TestConstants.UniqueId + "more", TestConstants.DisplayableId + "more", TestConstants.IdentityProvider + "more"), MockHelpers.CreateClientInfo(TestConstants.Uid + "more", TestConstants.IdentityProvider + "more")) }); result = app.AcquireTokenAsync(TestConstants.Scope).Result; Assert.IsNotNull(result); Assert.IsNotNull(result.User); Assert.AreEqual(TestConstants.UniqueId + "more", result.UniqueId); Assert.AreEqual(TestConstants.CreateUserIdentifer(TestConstants.Uid + "more", TestConstants.IdentityProvider + "more"), result.User.Identifier); Assert.AreEqual(TestConstants.DisplayableId + "more", result.User.DisplayableId); Assert.AreEqual(TestConstants.IdentityProvider + "more", result.TenantId); Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed"); }
private static void ValidateB2CLoginAuthority(MockHttpAndServiceBundle harness, string authority) { var app = PublicClientApplicationBuilder .Create(TestConstants.ClientId) .WithB2CAuthority(authority) .WithHttpManager(harness.HttpManager) .BuildConcrete(); var ui = new MockWebUI() { MockResult = AuthorizationResult.FromUri(authority + "?code=some-code") }; MsalMockHelpers.ConfigureMockWebUI(app.ServiceBundle.PlatformProxy, ui); harness.HttpManager.AddMockHandlerForTenantEndpointDiscovery(authority); harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(authority); var result = app .AcquireTokenInteractive(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .Result; Assert.IsNotNull(result); Assert.IsNotNull(result.Account); }
public async Task AcquireTokenByIntegratedWindowsAuthTestAsync() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityHomeTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustWindowsTransport(httpManager); AddMockHandlerAadSuccess(httpManager, MsalTestConstants.AuthorityHomeTenant); var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority); var result = await app .AcquireTokenByIntegratedWindowsAuthAsync(MsalTestConstants.Scope, MsalTestConstants.User.Username) .ConfigureAwait(false); Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.AccessToken); Assert.IsNotNull(result.Account); Assert.AreEqual(MsalTestConstants.DisplayableId, result.Account.Username); } }
public void VerifyAuthorizationResultTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); MockWebUI webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp, TestConstants.DefaultAuthorityHomeTenant + "?error=" + OAuthError.LoginRequired); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = null }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (string)null, UiOptions.ForceLogin, "extra=qp", webUi); request.PreRunAsync().Wait(); try { request.PreTokenRequest().Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual(MsalError.UserInteractionRequired, ((MsalException)exc.InnerException).ErrorCode); } webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp, TestConstants.DefaultAuthorityHomeTenant + "?error=invalid_request&error_description=some error description"); request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (string)null, UiOptions.ForceLogin, "extra=qp", webUi); request.PreRunAsync().Wait(); try { request.PreTokenRequest().Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode); Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message); } }
public void AcquireTokenIdTokenOnlyResponseTest() { MockWebUI webUi = new MockWebUI(); webUi.HeadersToValidate = new Dictionary <string, string>(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.DefaultAuthorityHomeTenant + "?code=some-code"); IWebUIFactory mockFactory = Substitute.For <IWebUIFactory>(); mockFactory.CreateAuthenticationDialog(Arg.Any <IPlatformParameters>()).Returns(webUi); PlatformPlugin.WebUIFactory = mockFactory; HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessIdTokenResponseMessage() }; // this is a flow where we pass client id as a scope PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId); Task <AuthenticationResult> task = app.AcquireTokenAsync(new string[] { TestConstants.DefaultClientId }); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(result.Token, result.IdToken); Assert.AreEqual(1, app.UserTokenCache.Count); foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId)) { Assert.AreEqual(1, item.Scope.Count); Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString()); } //call AcquireTokenSilent to make sure we get same token back and no call goes over network HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest) }; task = app.AcquireTokenSilentAsync(new string[] { TestConstants.DefaultClientId }); AuthenticationResult result1 = task.Result; Assert.IsNotNull(result1); Assert.AreEqual(result1.Token, result1.IdToken); Assert.AreEqual(result.Token, result1.Token); Assert.AreEqual(result.IdToken, result1.IdToken); Assert.AreEqual(1, app.UserTokenCache.Count); foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId)) { Assert.AreEqual(1, item.Scope.Count); Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString()); } }
public void OAuthClient_FailsWithServiceExceptionWhenResponseIsHttpNotFound() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver); var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false); var responseMessage = MockHelpers.CreateHttpStatusNotFoundResponseMessage(); httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = responseMessage }); var parameters = new AuthenticationRequestParameters { Authority = authority, ClientId = MsalTestConstants.ClientId, Scope = MsalTestConstants.Scope, TokenCache = null, RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)), RedirectUri = new Uri("some://uri"), }; var ui = new MockWebUI(); var request = new InteractiveRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, MsalTestConstants.ScopeForAnotherResource.ToArray(), MsalTestConstants.DisplayableId, UIBehavior.SelectAccount, ui); try { request.ExecuteAsync(CancellationToken.None).Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { var serverEx = exc.InnerException as MsalServiceException; Assert.IsNotNull(serverEx); Assert.AreEqual((int)HttpStatusCode.NotFound, serverEx.StatusCode); Assert.IsNotNull(serverEx.ResponseBody); Assert.AreEqual(MsalError.HttpStatusNotFound, serverEx.ErrorCode); } } }
public void MexEndpointFailsToResolveTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); // MEX httpManager.AddMockHandler( new MockHttpMessageHandler { Url = "https://msft.sts.microsoft.com/adfs/services/trust/mex", Method = HttpMethod.Get, ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent( File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("TestMex.xml")) .Replace("<wsp:All>", " ")) } }); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token, Mex parser fails var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false)); // Check exception message Assert.AreEqual("Parsing WS metadata exchange failed", result.Message); Assert.AreEqual("parsing_ws_metadata_exchange_failed", result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
internal void AddMockResponseForFederatedAccounts(MockHttpManager httpManager) { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code") }; httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustUserName(httpManager); AddMockHandlerAadSuccess(httpManager, MsalTestConstants.AuthorityOrganizationsTenant); }
public void FederatedUsernamePasswordCommonAuthorityTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityCommonTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); AddMockHandlerWsTrustUserName(httpManager); // AAD httpManager.AddMockHandler( new MockHttpMessageHandler { Url = "https://login.microsoftonline.com/common/oauth2/v2.0/token", Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage() }); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false)); // Check inner exception Assert.AreEqual(CoreErrorCodes.InvalidRequest, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public void ActAsCurrentUserNoSsoHeaderForLoginHintOnlyTest() { //this test validates that no SSO header is added when developer passes only login hint and UiOption.ActAsCurrentUser Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = new TokenCache(); TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultScope, TestConstants.DefaultClientId, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultPolicy); AuthenticationResultEx ex = new AuthenticationResultEx(); ex.Result = new AuthenticationResult("Bearer", key.ToString(), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599))); ex.Result.User = new User { DisplayableId = TestConstants.DefaultDisplayableId, UniqueId = TestConstants.DefaultUniqueId, HomeObjectId = TestConstants.DefaultHomeObjectId }; ex.Result.FamilyId = "1"; ex.RefreshToken = "someRT"; cache.tokenCacheDictionary[key] = ex; MockWebUI webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.DefaultAuthorityHomeTenant + "?code=some-code"); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), ex.Result.User, UiOptions.ActAsCurrentUser, "extra=qp", webUi); request.PreRunAsync().Wait(); request.PreTokenRequest().Wait(); }
public void FederatedUsernameNullPasswordTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); AddMockHandlerMex(httpManager); // Mex does not return integrated auth endpoint (.../13/windowstransport) httpManager.AddMockHandlerContentNotFound(HttpMethod.Post, "https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport"); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; SecureString str = null; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, str).ConfigureAwait(false)); // Check inner exception Assert.AreEqual(CoreErrorCodes.ParsingWsTrustResponseFailed, result.ErrorCode); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public async Task AcquireTokenNoClientInfoReturnedTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId); MockWebUI ui = new MockWebUI() { MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.AuthorityHomeTenant + "?code=some-code") }; MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, app.RedirectUri + "?code=some-code")); //add mock response for tenant endpoint discovery HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant) }); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage("some-scope1 some-scope2", MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId), string.Empty) }); try { AuthenticationResult result = await app.AcquireTokenAsync(TestConstants.Scope).ConfigureAwait(false); } catch (MsalClientException exc) { Assert.IsNotNull(exc); Assert.AreEqual(MsalClientException.JsonParseError, exc.ErrorCode); Assert.AreEqual("client info is null", exc.Message); } finally { Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed"); } }
public void MexParsingFailsTest() { var ui = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code") }; using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); httpManager.AddInstanceDiscoveryMockHandler(); httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant); AddMockHandlerDefaultUserRealmDiscovery(httpManager); // MEX httpManager.AddMockHandlerContentNotFound(HttpMethod.Get, "https://msft.sts.microsoft.com/adfs/services/trust/mex"); _cache.ClientId = MsalTestConstants.ClientId; var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId, ClientApplicationBase.DefaultAuthority) { UserTokenCache = _cache }; // Call acquire token var result = AssertException.TaskThrows <MsalException>( async() => await app.AcquireTokenByUsernamePasswordAsync( MsalTestConstants.Scope, MsalTestConstants.User.Username, _secureString).ConfigureAwait(false)); // Check inner exception Assert.AreEqual("Response status code does not indicate success: 404 (NotFound).", result.Message); // There should be no cached entries. Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount); } }
public async Task NoStateReturnedTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId); MockWebUI ui = new MockWebUI() { AddStateInAuthorizationResult = false, MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.AuthorityHomeTenant + "?code=some-code") }; MockHelpers.ConfigureMockWebUI(ui); //add mock response for tenant endpoint discovery HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant) }); try { AuthenticationResult result = await app.AcquireTokenAsync(TestConstants.Scope); Assert.Fail("API should have failed here"); } catch (MsalClientException exc) { Assert.IsNotNull(exc); Assert.AreEqual(MsalClientException.StateMismatchError, exc.ErrorCode); } finally { Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed"); } Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.ApiIdKey] == "170" && anEvent[ApiEvent.WasSuccessfulKey] == "false" && anEvent[ApiEvent.ApiErrorCodeKey] == "state_mismatch" )); }
public async Task B2CAcquireTokenWithResetPasswordTestAsync() { using (var httpManager = new MockHttpManager()) { PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithB2CAuthority(TestConstants.B2CLoginAuthority) .WithHttpManager(httpManager) .WithDebugLoggingCallback(logLevel: LogLevel.Verbose) .BuildConcrete(); // Interactive call and user wants to reset password var ui = new MockWebUI() { MockResult = AuthorizationResult.FromUri(TestConstants.B2CLoginAuthority + "?error=access_denied&error_description=AADB2C90091%3a+The+user+has+cancelled+entering+self-asserted+information.") }; httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.B2CLoginAuthority); MsalMockHelpers.ConfigureMockWebUI(app.ServiceBundle.PlatformProxy, ui); try { AuthenticationResult result = await app .AcquireTokenInteractive(TestConstants.s_scope) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); } catch (MsalServiceException exc) { Assert.IsNotNull(exc); Assert.AreEqual("access_denied", exc.ErrorCode); Assert.AreEqual("AADB2C90091: The user has cancelled entering self-asserted information.", exc.Message); return; } } Assert.Fail("Should not reach here. Exception was not thrown."); }
public void RunCacheFormatValidation() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager); TestInitialize(httpManager); PublicClientApplication app = new PublicClientApplication(serviceBundle, ClientId, RequestAuthority); MockWebUI ui = new MockWebUI() { MockResult = new AuthorizationResult(AuthorizationStatus.Success, MsalTestConstants.AuthorityHomeTenant + "?code=some-code") }; MsalMockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, app.RedirectUri + "?code=some-code")); //add mock response for tenant endpoint discovery httpManager.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(MsalTestConstants.AuthorityHomeTenant) }); httpManager.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessResponseMessage(TokenResponse) }); AuthenticationResult result = app.AcquireTokenAsync(MsalTestConstants.Scope).Result; Assert.IsNotNull(result); ValidateAt(app.UserTokenCache); ValidateRt(app.UserTokenCache); ValidateIdToken(app.UserTokenCache); ValidateAccount(app.UserTokenCache); } }
public async Task DifferentStateReturnedTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId); MockWebUI ui = new MockWebUI() { AddStateInAuthorizationResult = false, MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.AuthorityHomeTenant + "?code=some-code&state=mistmatched") }; MockHelpers.ConfigureMockWebUI(ui); //add mock response for tenant endpoint discovery HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant) }); try { AuthenticationResult result = await app.AcquireTokenAsync(TestConstants.Scope); Assert.Fail("API should have failed here"); } catch (MsalClientException exc) { Assert.IsNotNull(exc); Assert.AreEqual(MsalClientException.StateMismatchError, exc.ErrorCode); } finally { Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed"); } }
public void NoCacheLookup() { MyReceiver myReceiver = new MyReceiver(); using (MockHttpAndServiceBundle harness = CreateTestHarness(telemetryCallback: myReceiver.HandleTelemetryEvents)) { TokenCache cache = new TokenCache(harness.ServiceBundle, false); MsalAccessTokenCacheItem atItem = new MsalAccessTokenCacheItem( TestConstants.ProductionPrefNetworkEnvironment, TestConstants.ClientId, TestConstants.s_scope.AsSingleString(), TestConstants.Utid, null, new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(7200)), MockHelpers.CreateClientInfo()); string atKey = atItem.GetKey().ToString(); atItem.Secret = atKey; ((ITokenCacheInternal)cache).Accessor.SaveAccessToken(atItem); MockWebUI ui = new MockWebUI() { MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=some-code") }; MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(TestConstants.AuthorityHomeTenant); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, cache, extraQueryParameters: new Dictionary <string, string> { { "extra", "qp" } }); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.SelectAccount, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, ui); Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None); task.Wait(); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllRefreshTokens().Count()); Assert.AreEqual(2, ((ITokenCacheInternal)cache).Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(result.AccessToken, "some-access-token"); Assert.IsNotNull( myReceiver.EventsReceived.Find( anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("ui_event") && anEvent[UiEvent.UserCancelledKey] == "false")); Assert.IsNotNull( myReceiver.EventsReceived.Find( anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.PromptKey] == "select_account")); Assert.IsNotNull( myReceiver.EventsReceived.Find( anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("ui_event") && anEvent[UiEvent.AccessDeniedKey] == "false")); } }
public void AcquireTokenNullUserPassedInAndNewUserReturnedFromServiceTest() { cache.ClientId = TestConstants.ClientId; PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId) { UserTokenCache = cache }; MockWebUI ui = new MockWebUI() { MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.AuthorityHomeTenant + "?code=some-code") }; MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, app.RedirectUri + "?code=some-code")); //add mock response for tenant endpoint discovery HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant) }); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }); AuthenticationResult result = app.AcquireTokenAsync(TestConstants.Scope).Result; Assert.IsNotNull(result); Assert.IsNotNull(result.User); Assert.AreEqual(TestConstants.UniqueId, result.UniqueId); Assert.AreEqual(TestConstants.CreateUserIdentifer(), result.User.Identifier); Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId); Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed"); // repeat interactive call and pass in the same user MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, app.RedirectUri + "?code=some-code")); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.Scope.AsSingleString(), MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId), MockHelpers.CreateClientInfo(TestConstants.Uid, TestConstants.Utid + "more")) }); result = app.AcquireTokenAsync(TestConstants.Scope, (IUser)null, UIBehavior.SelectAccount, null).Result; Assert.IsNotNull(result); Assert.IsNotNull(result.User); Assert.AreEqual(TestConstants.UniqueId, result.UniqueId); Assert.AreEqual(TestConstants.CreateUserIdentifer(TestConstants.Uid, TestConstants.Utid + "more"), result.User.Identifier); Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId); Assert.AreEqual(2, app.Users.Count()); Assert.AreEqual(2, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count); Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed"); }
public void AcquireTokenDifferentUserReturnedFromServiceTest() { cache.ClientId = TestConstants.ClientId; PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId) { UserTokenCache = cache }; MockWebUI ui = new MockWebUI() { MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.AuthorityHomeTenant + "?code=some-code") }; MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, app.RedirectUri + "?code=some-code")); //add mock response for tenant endpoint discovery HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Get, ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant) }); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }); AuthenticationResult result = app.AcquireTokenAsync(TestConstants.Scope).Result; Assert.IsNotNull(result); Assert.IsNotNull(result.User); Assert.AreEqual(TestConstants.UniqueId, result.UniqueId); Assert.AreEqual(TestConstants.CreateUserIdentifer(), result.User.Identifier); Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId); Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed"); var dict = new Dictionary <string, string>(); dict[OAuth2Parameter.DomainReq] = TestConstants.Utid; dict[OAuth2Parameter.LoginReq] = TestConstants.Uid; // repeat interactive call and pass in the same user MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success, app.RedirectUri + "?code=some-code"), dict); HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.Scope.AsSingleString(), MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId), MockHelpers.CreateClientInfo(TestConstants.Uid, TestConstants.Utid + "more")) }); try { result = app.AcquireTokenAsync(TestConstants.Scope, result.User, UIBehavior.SelectAccount, null).Result; Assert.Fail("API should have failed here"); } catch (AggregateException ex) { MsalServiceException exc = (MsalServiceException)ex.InnerException; Assert.IsNotNull(exc); Assert.AreEqual("user_mismatch", exc.ErrorCode); } Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.ApiIdKey] == "174" && anEvent[ApiEvent.WasSuccessfulKey] == "false" && anEvent[ApiEvent.ApiErrorCodeKey] == "user_mismatch" )); Assert.AreEqual(1, app.Users.Count()); Assert.AreEqual(1, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count); Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed"); }
public void ActAsCurrentUserNoSsoHeaderForLoginHintOnlyTest() { //this test validates that no SSO header is added when developer passes only login hint and UiOption.ActAsCurrentUser Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = new TokenCache(); TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultScope, TestConstants.DefaultClientId, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultPolicy); AuthenticationResultEx ex = new AuthenticationResultEx(); ex.Result = new AuthenticationResult("Bearer", key.ToString(), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599))); ex.Result.User = new User { DisplayableId = TestConstants.DefaultDisplayableId, UniqueId = TestConstants.DefaultUniqueId, HomeObjectId = TestConstants.DefaultHomeObjectId }; ex.Result.FamilyId = "1"; ex.RefreshToken = "someRT"; cache.tokenCacheDictionary[key] = ex; MockWebUI webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.DefaultAuthorityHomeTenant + "?code=some-code"); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), ex.Result.User, UiOptions.ActAsCurrentUser, "extra=qp", webUi); request.PreRunAsync().Wait(); request.PreTokenRequest().Wait(); }
public async Task VerifyAuthorizationResultTestAsync() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); MockWebUI webUi = new MockWebUI() { MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=" + OAuth2Error.LoginRequired), }; MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, webUi); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false), extraQueryParameters: new Dictionary <string, string> { { "extra", "qp" } }); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.ForceLogin, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; InteractiveRequest request = new InteractiveRequest( parameters, interactiveParameters); var ex = await AssertException.TaskThrowsAsync <MsalUiRequiredException>( () => request.RunAsync()) .ConfigureAwait(false); Assert.AreEqual( MsalError.NoPromptFailedError, ex.ErrorCode); Assert.AreEqual( UiRequiredExceptionClassification.PromptNeverFailed, ex.Classification); webUi = new MockWebUI { MockResult = AuthorizationResult.FromUri( TestConstants.AuthorityHomeTenant + "?error=invalid_request&error_description=some error description") }; MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, webUi); request = new InteractiveRequest( parameters, interactiveParameters); var ex2 = await AssertException.TaskThrowsAsync <MsalServiceException>( () => request.RunAsync()) .ConfigureAwait(false); Assert.AreEqual("invalid_request", ex2.ErrorCode); Assert.AreEqual("some error description", ex2.Message); } }
public void SliceParametersTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver); var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false); var cache = new TokenCache() { ClientId = MsalTestConstants.ClientId, ServiceBundle = serviceBundle }; var ui = new MockWebUI() { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityHomeTenant + "?code=some-code"), QueryParamsToValidate = new Dictionary <string, string>() { { "key1", "value1%20with%20encoded%20space" }, { "key2", "value2" } } }; MockInstanceDiscoveryAndOpenIdRequest(httpManager); httpManager.AddMockHandler( new MockHttpMessageHandler { Method = HttpMethod.Post, QueryParams = new Dictionary <string, string>() { { "key1", "value1%20with%20encoded%20space" }, { "key2", "value2" } }, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }); var parameters = new AuthenticationRequestParameters { Authority = authority, SliceParameters = "key1=value1%20with%20encoded%20space&key2=value2", ClientId = MsalTestConstants.ClientId, Scope = MsalTestConstants.Scope, TokenCache = cache, RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)), RedirectUri = new Uri("some://uri"), ExtraQueryParameters = "extra=qp" }; var request = new InteractiveRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, MsalTestConstants.ScopeForAnotherResource.ToArray(), MsalTestConstants.DisplayableId, UIBehavior.SelectAccount, ui); Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None); task.Wait(); var result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(1, cache.TokenCacheAccessor.RefreshTokenCount); Assert.AreEqual(1, cache.TokenCacheAccessor.AccessTokenCount); Assert.AreEqual(result.AccessToken, "some-access-token"); } }
public void VerifyAuthorizationResultTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); MockWebUI webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp, TestConstants.DefaultAuthorityHomeTenant + "?error="+OAuthError.LoginRequired); AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = null }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (string) null, UiOptions.ForceLogin, "extra=qp", webUi); request.PreRunAsync().Wait(); try { request.PreTokenRequest().Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual(MsalError.UserInteractionRequired, ((MsalException)exc.InnerException).ErrorCode); } webUi = new MockWebUI(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp, TestConstants.DefaultAuthorityHomeTenant + "?error=invalid_request&error_description=some error description"); request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), (string)null, UiOptions.ForceLogin, "extra=qp", webUi); request.PreRunAsync().Wait(); try { request.PreTokenRequest().Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode); Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message); } }
public void VerifyAuthorizationResultTest() { using (MockHttpAndServiceBundle harness = CreateTestHarness()) { MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); MockWebUI webUi = new MockWebUI() { MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=" + OAuth2Error.LoginRequired), }; AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, new TokenCache(harness.ServiceBundle, false), extraQueryParameters: new Dictionary <string, string> { { "extra", "qp" } }); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.ForceLogin, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; InteractiveRequest request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, webUi); try { request.ExecuteAsync(CancellationToken.None).Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalUiRequiredException); Assert.AreEqual( MsalError.NoPromptFailedError, ((MsalUiRequiredException)exc.InnerException).ErrorCode); Assert.AreEqual( UiRequiredExceptionClassification.PromptNeverFailed, ((MsalUiRequiredException)exc.InnerException).Classification); } webUi = new MockWebUI { MockResult = AuthorizationResult.FromUri( TestConstants.AuthorityHomeTenant + "?error=invalid_request&error_description=some error description") }; request = new InteractiveRequest( harness.ServiceBundle, parameters, interactiveParameters, webUi); try { request.ExecuteAsync(CancellationToken.None).Wait(CancellationToken.None); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode); Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message); } } }
private async Task CreateFailedAndThenSuccessfulResponseToVerifyErrorCodesInHttpTelemetryDataAsync(string errorCode) { using (var harness = CreateTestHarness()) { harness.HttpManager.AddInstanceDiscoveryMockHandler(); PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId) .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true) .WithHttpManager(harness.HttpManager) .WithTelemetry(new TraceTelemetryConfig()) .BuildConcrete(); // Interactive call and authentication fails var ui = new MockWebUI() { MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=" + errorCode) }; harness.HttpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant); MsalMockHelpers.ConfigureMockWebUI(app.ServiceBundle.PlatformProxy, ui); _correlationId = new Guid(); AuthenticationResult result = null; try { result = await app .AcquireTokenInteractive(TestConstants.s_scope) .WithCorrelationId(_correlationId) .ExecuteAsync(CancellationToken.None) .ConfigureAwait(false); } catch (MsalException exc) { Assert.IsNotNull(exc); Assert.AreEqual(errorCode, exc.ErrorCode); // Try authentication again... MsalMockHelpers.ConfigureMockWebUI( app.ServiceBundle.PlatformProxy, AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code")); var userCacheAccess = app.UserTokenCache.RecordAccess(); harness.HttpManager.AddSuccessfulTokenResponseWithHttpTelemetryMockHandlerForPost( TestConstants.AuthorityCommonTenant, null, null, CreateHttpTelemetryHeaders( _correlationId, TestConstants.InteractiveRequestApiId, exc.ErrorCode, TelemetryConstants.Zero)); result = app .AcquireTokenInteractive(TestConstants.s_scope) .WithCorrelationId(_correlationId) .ExecuteAsync(CancellationToken.None) .Result; Assert.IsNotNull(result); Assert.IsNotNull(result.Account); Assert.AreEqual(TestConstants.UniqueId, result.UniqueId); Assert.AreEqual(TestConstants.CreateUserIdentifier(), result.Account.HomeAccountId.Identifier); Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username); userCacheAccess.AssertAccessCounts(0, 1); } } }
public void VerifyAuthorizationResultTest() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver); var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false); MockInstanceDiscoveryAndOpenIdRequest(httpManager); var webUi = new MockWebUI() { MockResult = new AuthorizationResult( AuthorizationStatus.ErrorHttp, MsalTestConstants.AuthorityHomeTenant + "?error=" + OAuth2Error.LoginRequired) }; var parameters = new AuthenticationRequestParameters { Authority = authority, ClientId = MsalTestConstants.ClientId, Scope = MsalTestConstants.Scope, TokenCache = null, RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)), RedirectUri = new Uri("some://uri"), ExtraQueryParameters = "extra=qp" }; var request = new InteractiveRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, MsalTestConstants.ScopeForAnotherResource.ToArray(), null, UIBehavior.ForceLogin, webUi); try { request.ExecuteAsync(CancellationToken.None).Wait(); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalUiRequiredException); Assert.AreEqual( MsalUiRequiredException.NoPromptFailedError, ((MsalUiRequiredException)exc.InnerException).ErrorCode); } webUi = new MockWebUI { MockResult = new AuthorizationResult( AuthorizationStatus.ErrorHttp, MsalTestConstants.AuthorityHomeTenant + "?error=invalid_request&error_description=some error description") }; request = new InteractiveRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, MsalTestConstants.ScopeForAnotherResource.ToArray(), null, UIBehavior.ForceLogin, webUi); try { request.ExecuteAsync(CancellationToken.None).Wait(CancellationToken.None); Assert.Fail("MsalException should have been thrown here"); } catch (Exception exc) { Assert.IsTrue(exc.InnerException is MsalException); Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode); Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message); } } }
public void NoCacheLookup() { using (var httpManager = new MockHttpManager()) { var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver); var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false); var cache = new TokenCache() { ClientId = MsalTestConstants.ClientId, ServiceBundle = serviceBundle }; var atItem = new MsalAccessTokenCacheItem( MsalTestConstants.ProductionPrefNetworkEnvironment, MsalTestConstants.ClientId, "Bearer", MsalTestConstants.Scope.AsSingleString(), MsalTestConstants.Utid, null, new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(7200)), MockHelpers.CreateClientInfo()); string atKey = atItem.GetKey().ToString(); atItem.Secret = atKey; cache.TokenCacheAccessor.SaveAccessToken(atItem); var ui = new MockWebUI() { MockResult = new AuthorizationResult( AuthorizationStatus.Success, MsalTestConstants.AuthorityHomeTenant + "?code=some-code") }; MockInstanceDiscoveryAndOpenIdRequest(httpManager); httpManager.AddSuccessTokenResponseMockHandlerForPost(); var parameters = new AuthenticationRequestParameters { Authority = authority, ClientId = MsalTestConstants.ClientId, Scope = MsalTestConstants.Scope, TokenCache = cache, RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)), RedirectUri = new Uri("some://uri"), ExtraQueryParameters = "extra=qp" }; var request = new InteractiveRequest( serviceBundle, parameters, ApiEvent.ApiIds.None, MsalTestConstants.ScopeForAnotherResource.ToArray(), MsalTestConstants.DisplayableId, UIBehavior.SelectAccount, ui); Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None); task.Wait(); var result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(1, cache.TokenCacheAccessor.RefreshTokenCount); Assert.AreEqual(2, cache.TokenCacheAccessor.AccessTokenCount); Assert.AreEqual(result.AccessToken, "some-access-token"); Assert.IsNotNull( _myReceiver.EventsReceived.Find( anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("ui_event") && anEvent[UiEvent.UserCancelledKey] == "false")); Assert.IsNotNull( _myReceiver.EventsReceived.Find( anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.UiBehaviorKey] == "select_account")); Assert.IsNotNull( _myReceiver.EventsReceived.Find( anEvent => // Expect finding such an event anEvent[EventBase.EventNameKey].EndsWith("ui_event") && anEvent[UiEvent.AccessDeniedKey] == "false")); } }
public async Task WithMultiCloudSupportEnabledAsync(bool multiCloudSupportEnabled) { var expectedQueryParams = TestConstants.ExtraQueryParameters; var authorizationResultUri = TestConstants.AuthorityHomeTenant + "?code=some-code"; if (multiCloudSupportEnabled) { expectedQueryParams.Add("instance_aware", "true"); authorizationResultUri = authorizationResultUri + "&cloud_instance_name=microsoftonline.us&cloud_instance_host_name=login.microsoftonline.us"; } using (MockHttpAndServiceBundle harness = CreateTestHarness(isMultiCloudSupportEnabled: multiCloudSupportEnabled)) { var cache = new TokenCache(harness.ServiceBundle, false); var ui = new MockWebUI() { MockResult = AuthorizationResult.FromUri(authorizationResultUri), QueryParamsToValidate = expectedQueryParams }; MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle, ui); MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager); var tokenResponseHandler = new MockHttpMessageHandler { ExpectedMethod = HttpMethod.Post, ExpectedQueryParams = expectedQueryParams, ExpectedPostData = new Dictionary <string, string>() { { OAuth2Parameter.Claims, TestConstants.Claims } }, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }; harness.HttpManager.AddMockHandler(tokenResponseHandler); AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters( TestConstants.AuthorityHomeTenant, TestConstants.s_scope, cache, extraQueryParameters: TestConstants.ExtraQueryParameters, claims: TestConstants.Claims); parameters.RedirectUri = new Uri("some://uri"); parameters.LoginHint = TestConstants.DisplayableId; AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters { Prompt = Prompt.SelectAccount, ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(), }; var request = new InteractiveRequest( parameters, interactiveParameters); AuthenticationResult result = await request.RunAsync().ConfigureAwait(false); Assert.IsNotNull(result); if (multiCloudSupportEnabled) { Assert.AreEqual("https://login.microsoftonline.us/home/oauth2/v2.0/token", result.AuthenticationResultMetadata.TokenEndpoint); } else { Assert.AreEqual("https://login.microsoftonline.com/home/oauth2/v2.0/token", result.AuthenticationResultMetadata.TokenEndpoint); } Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllRefreshTokens().Count()); Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllAccessTokens().Count()); Assert.AreEqual(result.AccessToken, "some-access-token"); } }
public void AcquireTokenIdTokenOnlyResponseTest() { MockWebUI webUi = new MockWebUI(); webUi.HeadersToValidate = new Dictionary<string, string>(); webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success, TestConstants.DefaultAuthorityHomeTenant + "?code=some-code"); IWebUIFactory mockFactory = Substitute.For<IWebUIFactory>(); mockFactory.CreateAuthenticationDialog(Arg.Any<IPlatformParameters>()).Returns(webUi); PlatformPlugin.WebUIFactory = mockFactory; HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessIdTokenResponseMessage() }; // this is a flow where we pass client id as a scope PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId); Task<AuthenticationResult> task = app.AcquireTokenAsync(new string[] {TestConstants.DefaultClientId}); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(result.Token, result.IdToken); Assert.AreEqual(1, app.UserTokenCache.Count); foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId)) { Assert.AreEqual(1, item.Scope.Count); Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString()); } //call AcquireTokenSilent to make sure we get same token back and no call goes over network HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest) }; task = app.AcquireTokenSilentAsync(new string[] { TestConstants.DefaultClientId }); AuthenticationResult result1 = task.Result; Assert.IsNotNull(result1); Assert.AreEqual(result1.Token, result1.IdToken); Assert.AreEqual(result.Token, result1.Token); Assert.AreEqual(result.IdToken, result1.IdToken); Assert.AreEqual(1, app.UserTokenCache.Count); foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId)) { Assert.AreEqual(1, item.Scope.Count); Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString()); } }