public async Task BrokerInteractiveRequestBrokerRequiredTestAsync()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockWebUI ui = new MockWebUI()
{
// When the auth code is returned from the authorization server prefixed with msauth://
// this means the user who logged requires cert based auth and broker
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=msauth://some-code")
};
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
harness.ServiceBundle.PlatformProxy.SetBrokerForTest(CreateMockBroker());
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false));
parameters.IsBrokerEnabled = false;
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
new AcquireTokenInteractiveParameters(),
ui);
AuthenticationResult result = await request.RunAsync(CancellationToken.None).ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("access-token", result.AccessToken);
}
}
public async Task WithExtraQueryParamsAndClaimsAsync()
{
IDictionary <string, string> extraQueryParamsAndClaims =
TestConstants.ExtraQueryParameters.ToDictionary(e => e.Key, e => e.Value);
extraQueryParamsAndClaims.Add(OAuth2Parameter.Claims, TestConstants.Claims);
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
var cache = new TokenCache(harness.ServiceBundle, false);
var ui = new MockWebUI()
{
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=some-code"),
QueryParamsToValidate = TestConstants.ExtraQueryParameters
};
MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, ui);
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
var tokenResponseHandler = new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ExpectedQueryParams = TestConstants.ExtraQueryParameters,
ExpectedPostData = new Dictionary <string, string>()
{
{ OAuth2Parameter.Claims, TestConstants.Claims }
},
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
};
harness.HttpManager.AddMockHandler(tokenResponseHandler);
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
cache,
extraQueryParameters: TestConstants.ExtraQueryParameters,
claims: TestConstants.Claims);
parameters.RedirectUri = new Uri("some://uri");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.SelectAccount,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
var request = new InteractiveRequest(
parameters,
interactiveParameters);
AuthenticationResult result = await request.RunAsync().ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllRefreshTokens().Count());
Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(result.AccessToken, "some-access-token");
}
}
[WorkItem(1418)] // test for bug https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1418
public async Task VerifyAuthorizationResult_NoErrorDescription_Async()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
MockWebUI webUi = new MockWebUI()
{
// error code and error description is empty string (not null)
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=some_error&error_description= "),
};
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false));
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
new AcquireTokenInteractiveParameters(),
webUi);
var ex = await AssertException.TaskThrowsAsync <MsalServiceException>(
() => request.ExecuteAsync(CancellationToken.None))
.ConfigureAwait(false);
Assert.AreEqual("some_error", ex.ErrorCode);
Assert.AreEqual(InteractiveRequest.UnknownError, ex.Message);
}
}
public void AcquireTokenAddTwoUsersTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = app.AcquireTokenAsync(TestConstants.Scope).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(), result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId);
Assert.AreEqual(TestConstants.IdentityProvider, result.TenantId);
// repeat interactive call and pass in the same user
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.Scope.ToString(),
MockHelpers.CreateIdToken(TestConstants.UniqueId + "more", TestConstants.DisplayableId + "more",
TestConstants.IdentityProvider + "more"),
MockHelpers.CreateClientInfo(TestConstants.Uid + "more",
TestConstants.IdentityProvider + "more"))
});
result = app.AcquireTokenAsync(TestConstants.Scope).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId + "more", result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(TestConstants.Uid + "more",
TestConstants.IdentityProvider + "more"), result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId + "more", result.User.DisplayableId);
Assert.AreEqual(TestConstants.IdentityProvider + "more", result.TenantId);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
private static void ValidateB2CLoginAuthority(MockHttpAndServiceBundle harness, string authority)
{
var app = PublicClientApplicationBuilder
.Create(TestConstants.ClientId)
.WithB2CAuthority(authority)
.WithHttpManager(harness.HttpManager)
.BuildConcrete();
var ui = new MockWebUI()
{
MockResult = AuthorizationResult.FromUri(authority + "?code=some-code")
};
MsalMockHelpers.ConfigureMockWebUI(app.ServiceBundle.PlatformProxy, ui);
harness.HttpManager.AddMockHandlerForTenantEndpointDiscovery(authority);
harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(authority);
var result = app
.AcquireTokenInteractive(TestConstants.s_scope)
.ExecuteAsync(CancellationToken.None)
.Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.Account);
}
public async Task AcquireTokenByIntegratedWindowsAuthTestAsync()
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityHomeTenant + "?code=some-code")
};
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityHomeTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
AddMockHandlerWsTrustWindowsTransport(httpManager);
AddMockHandlerAadSuccess(httpManager, MsalTestConstants.AuthorityHomeTenant);
var app =
new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority);
var result = await app
.AcquireTokenByIntegratedWindowsAuthAsync(MsalTestConstants.Scope, MsalTestConstants.User.Username)
.ConfigureAwait(false);
Assert.IsNotNull(result);
Assert.AreEqual("some-access-token", result.AccessToken);
Assert.IsNotNull(result.Account);
Assert.AreEqual(MsalTestConstants.DisplayableId, result.Account.Username);
}
}
public void VerifyAuthorizationResultTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
MockWebUI webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp,
TestConstants.DefaultAuthorityHomeTenant + "?error=" + OAuthError.LoginRequired);
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = null
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(),
(string)null, UiOptions.ForceLogin, "extra=qp", webUi);
request.PreRunAsync().Wait();
try
{
request.PreTokenRequest().Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual(MsalError.UserInteractionRequired, ((MsalException)exc.InnerException).ErrorCode);
}
webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp,
TestConstants.DefaultAuthorityHomeTenant + "?error=invalid_request&error_description=some error description");
request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(),
(string)null, UiOptions.ForceLogin, "extra=qp", webUi);
request.PreRunAsync().Wait();
try
{
request.PreTokenRequest().Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode);
Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message);
}
}
public void AcquireTokenIdTokenOnlyResponseTest()
{
MockWebUI webUi = new MockWebUI();
webUi.HeadersToValidate = new Dictionary <string, string>();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
IWebUIFactory mockFactory = Substitute.For <IWebUIFactory>();
mockFactory.CreateAuthenticationDialog(Arg.Any <IPlatformParameters>()).Returns(webUi);
PlatformPlugin.WebUIFactory = mockFactory;
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessIdTokenResponseMessage()
};
// this is a flow where we pass client id as a scope
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
Task <AuthenticationResult> task = app.AcquireTokenAsync(new string[] { TestConstants.DefaultClientId });
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(result.Token, result.IdToken);
Assert.AreEqual(1, app.UserTokenCache.Count);
foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(1, item.Scope.Count);
Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString());
}
//call AcquireTokenSilent to make sure we get same token back and no call goes over network
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest)
};
task = app.AcquireTokenSilentAsync(new string[] { TestConstants.DefaultClientId });
AuthenticationResult result1 = task.Result;
Assert.IsNotNull(result1);
Assert.AreEqual(result1.Token, result1.IdToken);
Assert.AreEqual(result.Token, result1.Token);
Assert.AreEqual(result.IdToken, result1.IdToken);
Assert.AreEqual(1, app.UserTokenCache.Count);
foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(1, item.Scope.Count);
Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString());
}
}
public void OAuthClient_FailsWithServiceExceptionWhenResponseIsHttpNotFound()
{
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver);
var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false);
var responseMessage = MockHelpers.CreateHttpStatusNotFoundResponseMessage();
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = responseMessage
});
var parameters = new AuthenticationRequestParameters
{
Authority = authority,
ClientId = MsalTestConstants.ClientId,
Scope = MsalTestConstants.Scope,
TokenCache = null,
RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)),
RedirectUri = new Uri("some://uri"),
};
var ui = new MockWebUI();
var request = new InteractiveRequest(
serviceBundle,
parameters,
ApiEvent.ApiIds.None,
MsalTestConstants.ScopeForAnotherResource.ToArray(),
MsalTestConstants.DisplayableId,
UIBehavior.SelectAccount,
ui);
try
{
request.ExecuteAsync(CancellationToken.None).Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
var serverEx = exc.InnerException as MsalServiceException;
Assert.IsNotNull(serverEx);
Assert.AreEqual((int)HttpStatusCode.NotFound, serverEx.StatusCode);
Assert.IsNotNull(serverEx.ResponseBody);
Assert.AreEqual(MsalError.HttpStatusNotFound, serverEx.ErrorCode);
}
}
}
public void MexEndpointFailsToResolveTest()
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code")
};
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
// MEX
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
Url = "https://msft.sts.microsoft.com/adfs/services/trust/mex",
Method = HttpMethod.Get,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new StringContent(
File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("TestMex.xml"))
.Replace("<wsp:All>", " "))
}
});
_cache.ClientId = MsalTestConstants.ClientId;
var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority)
{
UserTokenCache = _cache
};
// Call acquire token, Mex parser fails
var result = AssertException.TaskThrows <MsalException>(
async() => await app.AcquireTokenByUsernamePasswordAsync(
MsalTestConstants.Scope,
MsalTestConstants.User.Username,
_secureString).ConfigureAwait(false));
// Check exception message
Assert.AreEqual("Parsing WS metadata exchange failed", result.Message);
Assert.AreEqual("parsing_ws_metadata_exchange_failed", result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount);
}
}
internal void AddMockResponseForFederatedAccounts(MockHttpManager httpManager)
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code")
};
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
AddMockHandlerWsTrustUserName(httpManager);
AddMockHandlerAadSuccess(httpManager, MsalTestConstants.AuthorityOrganizationsTenant);
}
public void FederatedUsernamePasswordCommonAuthorityTest()
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityCommonTenant + "?code=some-code")
};
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityCommonTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
AddMockHandlerWsTrustUserName(httpManager);
// AAD
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
Url = "https://login.microsoftonline.com/common/oauth2/v2.0/token",
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateInvalidRequestTokenResponseMessage()
});
_cache.ClientId = MsalTestConstants.ClientId;
var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority)
{
UserTokenCache = _cache
};
// Call acquire token
var result = AssertException.TaskThrows <MsalException>(
async() => await app.AcquireTokenByUsernamePasswordAsync(
MsalTestConstants.Scope,
MsalTestConstants.User.Username,
_secureString).ConfigureAwait(false));
// Check inner exception
Assert.AreEqual(CoreErrorCodes.InvalidRequest, result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount);
}
}
public void ActAsCurrentUserNoSsoHeaderForLoginHintOnlyTest()
{
//this test validates that no SSO header is added when developer passes only login hint and UiOption.ActAsCurrentUser
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
MockWebUI webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(),
ex.Result.User, UiOptions.ActAsCurrentUser, "extra=qp", webUi);
request.PreRunAsync().Wait();
request.PreTokenRequest().Wait();
}
public void FederatedUsernameNullPasswordTest()
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code")
};
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
AddMockHandlerMex(httpManager);
// Mex does not return integrated auth endpoint (.../13/windowstransport)
httpManager.AddMockHandlerContentNotFound(HttpMethod.Post,
"https://msft.sts.microsoft.com/adfs/services/trust/13/windowstransport");
_cache.ClientId = MsalTestConstants.ClientId;
var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority)
{
UserTokenCache = _cache
};
SecureString str = null;
// Call acquire token
var result = AssertException.TaskThrows <MsalException>(
async() => await app.AcquireTokenByUsernamePasswordAsync(
MsalTestConstants.Scope,
MsalTestConstants.User.Username,
str).ConfigureAwait(false));
// Check inner exception
Assert.AreEqual(CoreErrorCodes.ParsingWsTrustResponseFailed, result.ErrorCode);
// There should be no cached entries.
Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount);
}
}
public async Task AcquireTokenNoClientInfoReturnedTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage("some-scope1 some-scope2",
MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId), string.Empty)
});
try
{
AuthenticationResult result = await app.AcquireTokenAsync(TestConstants.Scope).ConfigureAwait(false);
}
catch (MsalClientException exc)
{
Assert.IsNotNull(exc);
Assert.AreEqual(MsalClientException.JsonParseError, exc.ErrorCode);
Assert.AreEqual("client info is null", exc.Message);
}
finally
{
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
}
public void MexParsingFailsTest()
{
var ui = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityOrganizationsTenant + "?code=some-code")
};
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
httpManager.AddInstanceDiscoveryMockHandler();
httpManager.AddMockHandlerForTenantEndpointDiscovery(MsalTestConstants.AuthorityOrganizationsTenant);
AddMockHandlerDefaultUserRealmDiscovery(httpManager);
// MEX
httpManager.AddMockHandlerContentNotFound(HttpMethod.Get,
"https://msft.sts.microsoft.com/adfs/services/trust/mex");
_cache.ClientId = MsalTestConstants.ClientId;
var app = new PublicClientApplication(serviceBundle, MsalTestConstants.ClientId,
ClientApplicationBase.DefaultAuthority)
{
UserTokenCache = _cache
};
// Call acquire token
var result = AssertException.TaskThrows <MsalException>(
async() => await app.AcquireTokenByUsernamePasswordAsync(
MsalTestConstants.Scope,
MsalTestConstants.User.Username,
_secureString).ConfigureAwait(false));
// Check inner exception
Assert.AreEqual("Response status code does not indicate success: 404 (NotFound).", result.Message);
// There should be no cached entries.
Assert.AreEqual(0, _cache.TokenCacheAccessor.AccessTokenCount);
}
}
public async Task NoStateReturnedTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
MockWebUI ui = new MockWebUI()
{
AddStateInAuthorizationResult = false,
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(ui);
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
try
{
AuthenticationResult result = await app.AcquireTokenAsync(TestConstants.Scope);
Assert.Fail("API should have failed here");
}
catch (MsalClientException exc)
{
Assert.IsNotNull(exc);
Assert.AreEqual(MsalClientException.StateMismatchError, exc.ErrorCode);
}
finally
{
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.ApiIdKey] == "170" &&
anEvent[ApiEvent.WasSuccessfulKey] == "false" && anEvent[ApiEvent.ApiErrorCodeKey] == "state_mismatch"
));
}
public async Task B2CAcquireTokenWithResetPasswordTestAsync()
{
using (var httpManager = new MockHttpManager())
{
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithB2CAuthority(TestConstants.B2CLoginAuthority)
.WithHttpManager(httpManager)
.WithDebugLoggingCallback(logLevel: LogLevel.Verbose)
.BuildConcrete();
// Interactive call and user wants to reset password
var ui = new MockWebUI()
{
MockResult = AuthorizationResult.FromUri(TestConstants.B2CLoginAuthority +
"?error=access_denied&error_description=AADB2C90091%3a+The+user+has+cancelled+entering+self-asserted+information.")
};
httpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.B2CLoginAuthority);
MsalMockHelpers.ConfigureMockWebUI(app.ServiceBundle.PlatformProxy, ui);
try
{
AuthenticationResult result = await app
.AcquireTokenInteractive(TestConstants.s_scope)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
}
catch (MsalServiceException exc)
{
Assert.IsNotNull(exc);
Assert.AreEqual("access_denied", exc.ErrorCode);
Assert.AreEqual("AADB2C90091: The user has cancelled entering self-asserted information.", exc.Message);
return;
}
}
Assert.Fail("Should not reach here. Exception was not thrown.");
}
public void RunCacheFormatValidation()
{
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager);
TestInitialize(httpManager);
PublicClientApplication app = new PublicClientApplication(serviceBundle, ClientId, RequestAuthority);
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
MsalTestConstants.AuthorityHomeTenant + "?code=some-code")
};
MsalMockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
httpManager.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(MsalTestConstants.AuthorityHomeTenant)
});
httpManager.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(TokenResponse)
});
AuthenticationResult result = app.AcquireTokenAsync(MsalTestConstants.Scope).Result;
Assert.IsNotNull(result);
ValidateAt(app.UserTokenCache);
ValidateRt(app.UserTokenCache);
ValidateIdToken(app.UserTokenCache);
ValidateAccount(app.UserTokenCache);
}
}
public async Task DifferentStateReturnedTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId);
MockWebUI ui = new MockWebUI()
{
AddStateInAuthorizationResult = false,
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code&state=mistmatched")
};
MockHelpers.ConfigureMockWebUI(ui);
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
try
{
AuthenticationResult result = await app.AcquireTokenAsync(TestConstants.Scope);
Assert.Fail("API should have failed here");
}
catch (MsalClientException exc)
{
Assert.IsNotNull(exc);
Assert.AreEqual(MsalClientException.StateMismatchError, exc.ErrorCode);
}
finally
{
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
}
public void NoCacheLookup()
{
MyReceiver myReceiver = new MyReceiver();
using (MockHttpAndServiceBundle harness = CreateTestHarness(telemetryCallback: myReceiver.HandleTelemetryEvents))
{
TokenCache cache = new TokenCache(harness.ServiceBundle, false);
MsalAccessTokenCacheItem atItem = new MsalAccessTokenCacheItem(
TestConstants.ProductionPrefNetworkEnvironment,
TestConstants.ClientId,
TestConstants.s_scope.AsSingleString(),
TestConstants.Utid,
null,
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(7200)),
MockHelpers.CreateClientInfo());
string atKey = atItem.GetKey().ToString();
atItem.Secret = atKey;
((ITokenCacheInternal)cache).Accessor.SaveAccessToken(atItem);
MockWebUI ui = new MockWebUI()
{
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
harness.HttpManager.AddSuccessTokenResponseMockHandlerForPost(TestConstants.AuthorityHomeTenant);
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
cache,
extraQueryParameters: new Dictionary <string, string>
{
{ "extra", "qp" }
});
parameters.RedirectUri = new Uri("some://uri");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.SelectAccount,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
ui);
Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None);
task.Wait();
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllRefreshTokens().Count());
Assert.AreEqual(2, ((ITokenCacheInternal)cache).Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(result.AccessToken, "some-access-token");
Assert.IsNotNull(
myReceiver.EventsReceived.Find(
anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("ui_event") &&
anEvent[UiEvent.UserCancelledKey] == "false"));
Assert.IsNotNull(
myReceiver.EventsReceived.Find(
anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("api_event") &&
anEvent[ApiEvent.PromptKey] == "select_account"));
Assert.IsNotNull(
myReceiver.EventsReceived.Find(
anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("ui_event") &&
anEvent[UiEvent.AccessDeniedKey] == "false"));
}
}
public void AcquireTokenNullUserPassedInAndNewUserReturnedFromServiceTest()
{
cache.ClientId = TestConstants.ClientId;
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId)
{
UserTokenCache = cache
};
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = app.AcquireTokenAsync(TestConstants.Scope).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(), result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
// repeat interactive call and pass in the same user
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.Scope.AsSingleString(),
MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
MockHelpers.CreateClientInfo(TestConstants.Uid, TestConstants.Utid + "more"))
});
result = app.AcquireTokenAsync(TestConstants.Scope, (IUser)null, UIBehavior.SelectAccount, null).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(TestConstants.Uid, TestConstants.Utid + "more"),
result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId);
Assert.AreEqual(2, app.Users.Count());
Assert.AreEqual(2, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public void AcquireTokenDifferentUserReturnedFromServiceTest()
{
cache.ClientId = TestConstants.ClientId;
PublicClientApplication app = new PublicClientApplication(TestConstants.ClientId)
{
UserTokenCache = cache
};
MockWebUI ui = new MockWebUI()
{
MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"));
//add mock response for tenant endpoint discovery
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Get,
ResponseMessage = MockHelpers.CreateOpenIdConfigurationResponse(TestConstants.AuthorityHomeTenant)
});
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
AuthenticationResult result = app.AcquireTokenAsync(TestConstants.Scope).Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.User);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifer(), result.User.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.User.DisplayableId);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
var dict = new Dictionary <string, string>();
dict[OAuth2Parameter.DomainReq] = TestConstants.Utid;
dict[OAuth2Parameter.LoginReq] = TestConstants.Uid;
// repeat interactive call and pass in the same user
MockHelpers.ConfigureMockWebUI(new AuthorizationResult(AuthorizationStatus.Success,
app.RedirectUri + "?code=some-code"), dict);
HttpMessageHandlerFactory.AddMockHandler(new MockHttpMessageHandler
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.Scope.AsSingleString(),
MockHelpers.CreateIdToken(TestConstants.UniqueId, TestConstants.DisplayableId),
MockHelpers.CreateClientInfo(TestConstants.Uid, TestConstants.Utid + "more"))
});
try
{
result = app.AcquireTokenAsync(TestConstants.Scope, result.User, UIBehavior.SelectAccount, null).Result;
Assert.Fail("API should have failed here");
}
catch (AggregateException ex)
{
MsalServiceException exc = (MsalServiceException)ex.InnerException;
Assert.IsNotNull(exc);
Assert.AreEqual("user_mismatch", exc.ErrorCode);
}
Assert.IsNotNull(_myReceiver.EventsReceived.Find(anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("api_event") && anEvent[ApiEvent.ApiIdKey] == "174" &&
anEvent[ApiEvent.WasSuccessfulKey] == "false" && anEvent[ApiEvent.ApiErrorCodeKey] == "user_mismatch"
));
Assert.AreEqual(1, app.Users.Count());
Assert.AreEqual(1, cache.TokenCacheAccessor.AccessTokenCacheDictionary.Count);
Assert.IsTrue(HttpMessageHandlerFactory.IsMocksQueueEmpty, "All mocks should have been consumed");
}
public void ActAsCurrentUserNoSsoHeaderForLoginHintOnlyTest()
{
//this test validates that no SSO header is added when developer passes only login hint and UiOption.ActAsCurrentUser
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
MockWebUI webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(),
ex.Result.User, UiOptions.ActAsCurrentUser, "extra=qp", webUi);
request.PreRunAsync().Wait();
request.PreTokenRequest().Wait();
}
public async Task VerifyAuthorizationResultTestAsync()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
MockWebUI webUi = new MockWebUI()
{
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=" + OAuth2Error.LoginRequired),
};
MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, webUi);
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: new Dictionary <string, string> {
{ "extra", "qp" }
});
parameters.RedirectUri = new Uri("some://uri");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.ForceLogin,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
InteractiveRequest request = new InteractiveRequest(
parameters,
interactiveParameters);
var ex = await AssertException.TaskThrowsAsync <MsalUiRequiredException>(
() => request.RunAsync())
.ConfigureAwait(false);
Assert.AreEqual(
MsalError.NoPromptFailedError,
ex.ErrorCode);
Assert.AreEqual(
UiRequiredExceptionClassification.PromptNeverFailed,
ex.Classification);
webUi = new MockWebUI
{
MockResult = AuthorizationResult.FromUri(
TestConstants.AuthorityHomeTenant + "?error=invalid_request&error_description=some error description")
};
MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle.PlatformProxy, webUi);
request = new InteractiveRequest(
parameters,
interactiveParameters);
var ex2 = await AssertException.TaskThrowsAsync <MsalServiceException>(
() => request.RunAsync())
.ConfigureAwait(false);
Assert.AreEqual("invalid_request", ex2.ErrorCode);
Assert.AreEqual("some error description", ex2.Message);
}
}
public void SliceParametersTest()
{
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver);
var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false);
var cache = new TokenCache()
{
ClientId = MsalTestConstants.ClientId,
ServiceBundle = serviceBundle
};
var ui = new MockWebUI()
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityHomeTenant + "?code=some-code"),
QueryParamsToValidate = new Dictionary <string, string>()
{
{ "key1", "value1%20with%20encoded%20space" },
{ "key2", "value2" }
}
};
MockInstanceDiscoveryAndOpenIdRequest(httpManager);
httpManager.AddMockHandler(
new MockHttpMessageHandler
{
Method = HttpMethod.Post,
QueryParams = new Dictionary <string, string>()
{
{ "key1", "value1%20with%20encoded%20space" },
{ "key2", "value2" }
},
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
});
var parameters = new AuthenticationRequestParameters
{
Authority = authority,
SliceParameters = "key1=value1%20with%20encoded%20space&key2=value2",
ClientId = MsalTestConstants.ClientId,
Scope = MsalTestConstants.Scope,
TokenCache = cache,
RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)),
RedirectUri = new Uri("some://uri"),
ExtraQueryParameters = "extra=qp"
};
var request = new InteractiveRequest(
serviceBundle,
parameters,
ApiEvent.ApiIds.None,
MsalTestConstants.ScopeForAnotherResource.ToArray(),
MsalTestConstants.DisplayableId,
UIBehavior.SelectAccount,
ui);
Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None);
task.Wait();
var result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(1, cache.TokenCacheAccessor.RefreshTokenCount);
Assert.AreEqual(1, cache.TokenCacheAccessor.AccessTokenCount);
Assert.AreEqual(result.AccessToken, "some-access-token");
}
}
public void VerifyAuthorizationResultTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
MockWebUI webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp,
TestConstants.DefaultAuthorityHomeTenant + "?error="+OAuthError.LoginRequired);
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = null
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(),
(string) null, UiOptions.ForceLogin, "extra=qp", webUi);
request.PreRunAsync().Wait();
try
{
request.PreTokenRequest().Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual(MsalError.UserInteractionRequired, ((MsalException)exc.InnerException).ErrorCode);
}
webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.ErrorHttp,
TestConstants.DefaultAuthorityHomeTenant + "?error=invalid_request&error_description=some error description");
request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(),
(string)null, UiOptions.ForceLogin, "extra=qp", webUi);
request.PreRunAsync().Wait();
try
{
request.PreTokenRequest().Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode);
Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message);
}
}
public void VerifyAuthorizationResultTest()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
MockWebUI webUi = new MockWebUI()
{
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=" + OAuth2Error.LoginRequired),
};
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: new Dictionary <string, string> {
{ "extra", "qp" }
});
parameters.RedirectUri = new Uri("some://uri");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.ForceLogin,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
InteractiveRequest request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
webUi);
try
{
request.ExecuteAsync(CancellationToken.None).Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalUiRequiredException);
Assert.AreEqual(
MsalError.NoPromptFailedError,
((MsalUiRequiredException)exc.InnerException).ErrorCode);
Assert.AreEqual(
UiRequiredExceptionClassification.PromptNeverFailed,
((MsalUiRequiredException)exc.InnerException).Classification);
}
webUi = new MockWebUI
{
MockResult = AuthorizationResult.FromUri(
TestConstants.AuthorityHomeTenant + "?error=invalid_request&error_description=some error description")
};
request = new InteractiveRequest(
harness.ServiceBundle,
parameters,
interactiveParameters,
webUi);
try
{
request.ExecuteAsync(CancellationToken.None).Wait(CancellationToken.None);
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode);
Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message);
}
}
}
private async Task CreateFailedAndThenSuccessfulResponseToVerifyErrorCodesInHttpTelemetryDataAsync(string errorCode)
{
using (var harness = CreateTestHarness())
{
harness.HttpManager.AddInstanceDiscoveryMockHandler();
PublicClientApplication app = PublicClientApplicationBuilder.Create(TestConstants.ClientId)
.WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
.WithHttpManager(harness.HttpManager)
.WithTelemetry(new TraceTelemetryConfig())
.BuildConcrete();
// Interactive call and authentication fails
var ui = new MockWebUI()
{
MockResult = AuthorizationResult.FromUri(TestConstants.AuthorityHomeTenant + "?error=" + errorCode)
};
harness.HttpManager.AddMockHandlerForTenantEndpointDiscovery(TestConstants.AuthorityCommonTenant);
MsalMockHelpers.ConfigureMockWebUI(app.ServiceBundle.PlatformProxy, ui);
_correlationId = new Guid();
AuthenticationResult result = null;
try
{
result = await app
.AcquireTokenInteractive(TestConstants.s_scope)
.WithCorrelationId(_correlationId)
.ExecuteAsync(CancellationToken.None)
.ConfigureAwait(false);
}
catch (MsalException exc)
{
Assert.IsNotNull(exc);
Assert.AreEqual(errorCode, exc.ErrorCode);
// Try authentication again...
MsalMockHelpers.ConfigureMockWebUI(
app.ServiceBundle.PlatformProxy,
AuthorizationResult.FromUri(app.AppConfig.RedirectUri + "?code=some-code"));
var userCacheAccess = app.UserTokenCache.RecordAccess();
harness.HttpManager.AddSuccessfulTokenResponseWithHttpTelemetryMockHandlerForPost(
TestConstants.AuthorityCommonTenant,
null,
null,
CreateHttpTelemetryHeaders(
_correlationId,
TestConstants.InteractiveRequestApiId,
exc.ErrorCode,
TelemetryConstants.Zero));
result = app
.AcquireTokenInteractive(TestConstants.s_scope)
.WithCorrelationId(_correlationId)
.ExecuteAsync(CancellationToken.None)
.Result;
Assert.IsNotNull(result);
Assert.IsNotNull(result.Account);
Assert.AreEqual(TestConstants.UniqueId, result.UniqueId);
Assert.AreEqual(TestConstants.CreateUserIdentifier(), result.Account.HomeAccountId.Identifier);
Assert.AreEqual(TestConstants.DisplayableId, result.Account.Username);
userCacheAccess.AssertAccessCounts(0, 1);
}
}
}
public void VerifyAuthorizationResultTest()
{
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver);
var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false);
MockInstanceDiscoveryAndOpenIdRequest(httpManager);
var webUi = new MockWebUI()
{
MockResult = new AuthorizationResult(
AuthorizationStatus.ErrorHttp,
MsalTestConstants.AuthorityHomeTenant + "?error=" + OAuth2Error.LoginRequired)
};
var parameters = new AuthenticationRequestParameters
{
Authority = authority,
ClientId = MsalTestConstants.ClientId,
Scope = MsalTestConstants.Scope,
TokenCache = null,
RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)),
RedirectUri = new Uri("some://uri"),
ExtraQueryParameters = "extra=qp"
};
var request = new InteractiveRequest(
serviceBundle,
parameters,
ApiEvent.ApiIds.None,
MsalTestConstants.ScopeForAnotherResource.ToArray(),
null,
UIBehavior.ForceLogin,
webUi);
try
{
request.ExecuteAsync(CancellationToken.None).Wait();
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalUiRequiredException);
Assert.AreEqual(
MsalUiRequiredException.NoPromptFailedError,
((MsalUiRequiredException)exc.InnerException).ErrorCode);
}
webUi = new MockWebUI
{
MockResult = new AuthorizationResult(
AuthorizationStatus.ErrorHttp,
MsalTestConstants.AuthorityHomeTenant + "?error=invalid_request&error_description=some error description")
};
request = new InteractiveRequest(
serviceBundle,
parameters,
ApiEvent.ApiIds.None,
MsalTestConstants.ScopeForAnotherResource.ToArray(),
null,
UIBehavior.ForceLogin,
webUi);
try
{
request.ExecuteAsync(CancellationToken.None).Wait(CancellationToken.None);
Assert.Fail("MsalException should have been thrown here");
}
catch (Exception exc)
{
Assert.IsTrue(exc.InnerException is MsalException);
Assert.AreEqual("invalid_request", ((MsalException)exc.InnerException).ErrorCode);
Assert.AreEqual("some error description", ((MsalException)exc.InnerException).Message);
}
}
}
public void NoCacheLookup()
{
using (var httpManager = new MockHttpManager())
{
var serviceBundle = ServiceBundle.CreateWithCustomHttpManager(httpManager, _myReceiver);
var authority = Authority.CreateAuthority(serviceBundle, MsalTestConstants.AuthorityHomeTenant, false);
var cache = new TokenCache()
{
ClientId = MsalTestConstants.ClientId,
ServiceBundle = serviceBundle
};
var atItem = new MsalAccessTokenCacheItem(
MsalTestConstants.ProductionPrefNetworkEnvironment,
MsalTestConstants.ClientId,
"Bearer",
MsalTestConstants.Scope.AsSingleString(),
MsalTestConstants.Utid,
null,
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(7200)),
MockHelpers.CreateClientInfo());
string atKey = atItem.GetKey().ToString();
atItem.Secret = atKey;
cache.TokenCacheAccessor.SaveAccessToken(atItem);
var ui = new MockWebUI()
{
MockResult = new AuthorizationResult(
AuthorizationStatus.Success,
MsalTestConstants.AuthorityHomeTenant + "?code=some-code")
};
MockInstanceDiscoveryAndOpenIdRequest(httpManager);
httpManager.AddSuccessTokenResponseMockHandlerForPost();
var parameters = new AuthenticationRequestParameters
{
Authority = authority,
ClientId = MsalTestConstants.ClientId,
Scope = MsalTestConstants.Scope,
TokenCache = cache,
RequestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)),
RedirectUri = new Uri("some://uri"),
ExtraQueryParameters = "extra=qp"
};
var request = new InteractiveRequest(
serviceBundle,
parameters,
ApiEvent.ApiIds.None,
MsalTestConstants.ScopeForAnotherResource.ToArray(),
MsalTestConstants.DisplayableId,
UIBehavior.SelectAccount,
ui);
Task <AuthenticationResult> task = request.RunAsync(CancellationToken.None);
task.Wait();
var result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(1, cache.TokenCacheAccessor.RefreshTokenCount);
Assert.AreEqual(2, cache.TokenCacheAccessor.AccessTokenCount);
Assert.AreEqual(result.AccessToken, "some-access-token");
Assert.IsNotNull(
_myReceiver.EventsReceived.Find(
anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("ui_event") &&
anEvent[UiEvent.UserCancelledKey] == "false"));
Assert.IsNotNull(
_myReceiver.EventsReceived.Find(
anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("api_event") &&
anEvent[ApiEvent.UiBehaviorKey] == "select_account"));
Assert.IsNotNull(
_myReceiver.EventsReceived.Find(
anEvent => // Expect finding such an event
anEvent[EventBase.EventNameKey].EndsWith("ui_event") &&
anEvent[UiEvent.AccessDeniedKey] == "false"));
}
}
public async Task WithMultiCloudSupportEnabledAsync(bool multiCloudSupportEnabled)
{
var expectedQueryParams = TestConstants.ExtraQueryParameters;
var authorizationResultUri = TestConstants.AuthorityHomeTenant + "?code=some-code";
if (multiCloudSupportEnabled)
{
expectedQueryParams.Add("instance_aware", "true");
authorizationResultUri = authorizationResultUri + "&cloud_instance_name=microsoftonline.us&cloud_instance_host_name=login.microsoftonline.us";
}
using (MockHttpAndServiceBundle harness = CreateTestHarness(isMultiCloudSupportEnabled: multiCloudSupportEnabled))
{
var cache = new TokenCache(harness.ServiceBundle, false);
var ui = new MockWebUI()
{
MockResult = AuthorizationResult.FromUri(authorizationResultUri),
QueryParamsToValidate = expectedQueryParams
};
MsalMockHelpers.ConfigureMockWebUI(harness.ServiceBundle, ui);
MockInstanceDiscoveryAndOpenIdRequest(harness.HttpManager);
var tokenResponseHandler = new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Post,
ExpectedQueryParams = expectedQueryParams,
ExpectedPostData = new Dictionary <string, string>()
{
{ OAuth2Parameter.Claims, TestConstants.Claims }
},
ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage()
};
harness.HttpManager.AddMockHandler(tokenResponseHandler);
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
cache,
extraQueryParameters: TestConstants.ExtraQueryParameters,
claims: TestConstants.Claims);
parameters.RedirectUri = new Uri("some://uri");
parameters.LoginHint = TestConstants.DisplayableId;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters
{
Prompt = Prompt.SelectAccount,
ExtraScopesToConsent = TestConstants.s_scopeForAnotherResource.ToArray(),
};
var request = new InteractiveRequest(
parameters,
interactiveParameters);
AuthenticationResult result = await request.RunAsync().ConfigureAwait(false);
Assert.IsNotNull(result);
if (multiCloudSupportEnabled)
{
Assert.AreEqual("https://login.microsoftonline.us/home/oauth2/v2.0/token", result.AuthenticationResultMetadata.TokenEndpoint);
}
else
{
Assert.AreEqual("https://login.microsoftonline.com/home/oauth2/v2.0/token", result.AuthenticationResultMetadata.TokenEndpoint);
}
Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllRefreshTokens().Count());
Assert.AreEqual(1, ((ITokenCacheInternal)cache).Accessor.GetAllAccessTokens().Count());
Assert.AreEqual(result.AccessToken, "some-access-token");
}
}
public void AcquireTokenIdTokenOnlyResponseTest()
{
MockWebUI webUi = new MockWebUI();
webUi.HeadersToValidate = new Dictionary<string, string>();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
IWebUIFactory mockFactory = Substitute.For<IWebUIFactory>();
mockFactory.CreateAuthenticationDialog(Arg.Any<IPlatformParameters>()).Returns(webUi);
PlatformPlugin.WebUIFactory = mockFactory;
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = MockHelpers.CreateSuccessIdTokenResponseMessage()
};
// this is a flow where we pass client id as a scope
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
Task<AuthenticationResult> task = app.AcquireTokenAsync(new string[] {TestConstants.DefaultClientId});
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(result.Token, result.IdToken);
Assert.AreEqual(1, app.UserTokenCache.Count);
foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(1, item.Scope.Count);
Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString());
}
//call AcquireTokenSilent to make sure we get same token back and no call goes over network
HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler()
{
Method = HttpMethod.Post,
ResponseMessage = new HttpResponseMessage(HttpStatusCode.BadRequest)
};
task = app.AcquireTokenSilentAsync(new string[] { TestConstants.DefaultClientId });
AuthenticationResult result1 = task.Result;
Assert.IsNotNull(result1);
Assert.AreEqual(result1.Token, result1.IdToken);
Assert.AreEqual(result.Token, result1.Token);
Assert.AreEqual(result.IdToken, result1.IdToken);
Assert.AreEqual(1, app.UserTokenCache.Count);
foreach (var item in app.UserTokenCache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(1, item.Scope.Count);
Assert.AreEqual(TestConstants.DefaultClientId, item.Scope.AsSingleString());
}
}
