public async Task UsesTenantIdHint(
[Values(null, TenantIdHint)] string tenantId,
[Values(true)] bool allowMultiTenantAuthentication,
[Values(null, TenantId)] string explicitTenantId)
{
TestSetup();
options = new OnBehalfOfCredentialOptions();
options.AllowMultiTenantAuthentication = allowMultiTenantAuthentication;
var context = new TokenRequestContext(new[] { Scope }, tenantId: tenantId);
expectedTenantId = TenantIdResolver.Resolve(explicitTenantId, context, options.AllowMultiTenantAuthentication);
OnBehalfOfCredential client = InstrumentClient(
new OnBehalfOfCredential(
TenantId,
ClientId,
"secret",
expectedUserAssertion,
options as OnBehalfOfCredentialOptions,
null,
mockConfidentialMsalClient));
var token = await client.GetTokenAsync(new TokenRequestContext(MockScopes.Default), default);
Assert.AreEqual(token.Token, expectedToken, "Should be the expected token value");
}
public async Task AuthenticateWithCliCredential(
[Values(null, TenantIdHint)] string tenantId,
[Values(true)] bool allowMultiTenantAuthentication,
[Values(null, TenantId)] string explicitTenantId)
{
var context = new TokenRequestContext(new[] { Scope }, tenantId: tenantId);
var options = new AzureCliCredentialOptions {
TenantId = explicitTenantId, AllowMultiTenantAuthentication = allowMultiTenantAuthentication
};
string expectedTenantId = TenantIdResolver.Resolve(explicitTenantId, context, options.AllowMultiTenantAuthentication);
var(expectedToken, expectedExpiresOn, processOutput) = CredentialTestHelpers.CreateTokenForAzureCli();
var testProcess = new TestProcess {
Output = processOutput
};
AzureCliCredential credential =
InstrumentClient(new AzureCliCredential(CredentialPipeline.GetInstance(null), new TestProcessService(testProcess, true), options));
AccessToken actualToken = await credential.GetTokenAsync(context);
Assert.AreEqual(expectedToken, actualToken.Token);
Assert.AreEqual(expectedExpiresOn, actualToken.ExpiresOn);
var expectTenantId = expectedTenantId != null;
if (expectTenantId)
{
Assert.That(testProcess.StartInfo.Arguments, Does.Contain($"-tenant {expectedTenantId}"));
}
else
{
Assert.That(testProcess.StartInfo.Arguments, Does.Not.Contain("-tenant"));
}
}
public void AdfsTenantThrowsCredentialUnavailable()
{
var options = new VisualStudioCodeCredentialOptions { TenantId = "adfs", Transport = new MockTransport() };
var context = new TokenRequestContext(new[] { Scope });
string expectedTenantId = TenantIdResolver.Resolve(null, context);
VisualStudioCodeCredential credential = InstrumentClient(new VisualStudioCodeCredential(options));
Assert.ThrowsAsync<CredentialUnavailableException>(
async () => await credential.GetTokenAsync(new TokenRequestContext(new[] { "https://vault.azure.net/.default" }), CancellationToken.None));
}
public async Task UsesTenantIdHint(
[Values(true, false)] bool usePemFile,
[Values(null, TenantIdHint)] string tenantId,
[Values(true)] bool allowMultiTenantAuthentication)
{
TestSetup();
options.AllowMultiTenantAuthentication = allowMultiTenantAuthentication;
var context = new TokenRequestContext(new[] { Scope }, tenantId: tenantId);
expectedTenantId = TenantIdResolver.Resolve(TenantId, context, options.AllowMultiTenantAuthentication);
ClientSecretCredential client = InstrumentClient(new ClientSecretCredential(expectedTenantId, ClientId, "secret", options, null, mockMsalClient));
var token = await client.GetTokenAsync(new TokenRequestContext(MockScopes.Default));
Assert.AreEqual(token.Token, expectedToken, "Should be the expected token value");
}
public async Task AuthenticateWithAuthCodeHonorsTenantId([Values(null, TenantIdHint)] string tenantId, [Values(true)] bool allowMultiTenantAuthentication)
{
var context = new TokenRequestContext(new[] { Scope }, tenantId: tenantId);
expectedTenantId = TenantIdResolver.Resolve(TenantId, context);
AuthorizationCodeCredential cred = InstrumentClient(
new AuthorizationCodeCredential(TenantId, ClientId, clientSecret, authCode, options, mockConfidentialMsalClient));
AccessToken token = await cred.GetTokenAsync(context);
Assert.AreEqual(token.Token, expectedToken, "Should be the expected token value");
AccessToken token2 = await cred.GetTokenAsync(context);
Assert.AreEqual(token2.Token, expectedToken, "Should be the expected token value");
}
public async Task AuthenticateWithDeviceCodeMockAsync([Values(null, TenantIdHint)] string tenantId, [Values(true)] bool allowMultiTenantAuthentication)
{
options = new TokenCredentialOptions();
var context = new TokenRequestContext(new[] { Scope }, tenantId: tenantId);
expectedTenantId = TenantIdResolver.Resolve(TenantId, context);
var cred = InstrumentClient(
new DeviceCodeCredential((code, _) => VerifyDeviceCode(code, expectedCode), TenantId, ClientId, options, null, mockPublicMsalClient));
AccessToken token = await cred.GetTokenAsync(context);
Assert.AreEqual(token.Token, expectedToken);
token = await cred.GetTokenAsync(context);
Assert.AreEqual(token.Token, expectedToken);
}
public async Task UsesTenantIdHint([Values(null, TenantIdHint)] string tenantId, [Values(true)] bool allowMultiTenantAuthentication)
{
TestSetup();
var options = new SharedTokenCacheCredentialOptions();
var context = new TokenRequestContext(new[] { Scope }, tenantId: tenantId);
expectedTenantId = TenantIdResolver.Resolve(TenantId, context);
mockPublicMsalClient.Accounts = new List <IAccount> {
new MockAccount(expectedUsername, expectedTenantId)
};
var credential = InstrumentClient(new SharedTokenCacheCredential(TenantId, null, options, null, mockPublicMsalClient));
AccessToken token = await credential.GetTokenAsync(context);
Assert.AreEqual(expectedToken, token.Token);
Assert.AreEqual(expiresOn, token.ExpiresOn);
}
public async Task AuthenticateWithAzurePowerShellCredential(
[Values(null, TenantIdHint)] string tenantId,
[Values(true)] bool allowMultiTenantAuthentication,
[Values(null, TenantId)] string explicitTenantId)
{
var context = new TokenRequestContext(new[] { Scope }, tenantId: tenantId);
var options = new AzurePowerShellCredentialOptions {
TenantId = explicitTenantId, AllowMultiTenantAuthentication = allowMultiTenantAuthentication
};
string expectedTenantId = TenantIdResolver.Resolve(explicitTenantId, context, options.AllowMultiTenantAuthentication);
var(expectedToken, expectedExpiresOn, processOutput) = CredentialTestHelpers.CreateTokenForAzurePowerShell(TimeSpan.FromSeconds(30));
var testProcess = new TestProcess {
Output = processOutput
};
AzurePowerShellCredential credential = InstrumentClient(
new AzurePowerShellCredential(options, CredentialPipeline.GetInstance(null), new TestProcessService(testProcess, true)));
AccessToken actualToken = await credential.GetTokenAsync(context);
Assert.AreEqual(expectedToken, actualToken.Token);
Assert.AreEqual(expectedExpiresOn, actualToken.ExpiresOn);
var iStart = testProcess.StartInfo.Arguments.IndexOf("EncodedCommand");
iStart = testProcess.StartInfo.Arguments.IndexOf('\"', iStart) + 1;
var iEnd = testProcess.StartInfo.Arguments.IndexOf('\"', iStart);
var commandString = testProcess.StartInfo.Arguments.Substring(iStart, iEnd - iStart);
var b = Convert.FromBase64String(commandString);
commandString = Encoding.Unicode.GetString(b);
var expectTenantId = expectedTenantId != null;
if (expectTenantId)
{
Assert.That(commandString, Does.Contain($"-TenantId {expectedTenantId}"));
}
else
{
Assert.That(commandString, Does.Not.Contain("-TenantId"));
}
}
public async Task AuthenticateWithVsCodeCredential([Values(null, TenantIdHint)] string tenantId, [Values(true)] bool allowMultiTenantAuthentication)
{
using var env = new TestEnvVar(new Dictionary<string, string> {{"TENANT_ID", TenantId}});
var environment = new IdentityTestEnvironment();
var options = new VisualStudioCodeCredentialOptions { TenantId = environment.TenantId, Transport = new MockTransport() };
var context = new TokenRequestContext(new[] { Scope }, tenantId: tenantId);
expectedTenantId = TenantIdResolver.Resolve(environment.TenantId, context);
VisualStudioCodeCredential credential = InstrumentClient(
new VisualStudioCodeCredential(
options,
null,
mockPublicMsalClient,
CredentialTestHelpers.CreateFileSystemForVisualStudioCode(environment),
new TestVscAdapter("VS Code Azure", "AzureCloud", expectedToken)));
var actualToken = await credential.GetTokenAsync(context, CancellationToken.None);
Assert.AreEqual(expectedToken, actualToken.Token, "Token should match");
Assert.AreEqual(expiresOn, actualToken.ExpiresOn, "expiresOn should match");
}