public void TestCacheKeyForRemoveAccount()
{
// Arrange
var appTokenCache = new TokenCache(_serviceBundle, isApplicationTokenCache: true);
var requestContext = new RequestContext(_serviceBundle, Guid.NewGuid());
var tenantAuthority = AuthorityInfo.FromAadAuthority(AzureCloudInstance.AzurePublic, tenant: TestConstants.AadTenantId, validateAuthority: false);
var acquireTokenCommonParameters = new AcquireTokenCommonParameters
{
ApiId = ApiEvent.ApiIds.RemoveAccount,
AuthorityOverride = tenantAuthority
};
var parameters = new AuthenticationRequestParameters(
_serviceBundle,
appTokenCache,
acquireTokenCommonParameters,
requestContext,
Authority.CreateAuthority(tenantAuthority),
TestConstants.HomeAccountId)
{
Account = new Account(TestConstants.HomeAccountId, TestConstants.Username, TestConstants.ProductionPrefCacheEnvironment)
};
// Act
var actualKey = CacheKeyFactory.GetKeyFromRequest(parameters);
// Assert
Assert.IsNotNull(actualKey);
Assert.AreEqual(parameters.HomeAccountId, actualKey);
}
public void TestCacheKeyForObo_WithCacheKey()
{
// Arrange
var userTokenCache = new TokenCache(_serviceBundle, isApplicationTokenCache: false);
var requestContext = new RequestContext(_serviceBundle, Guid.NewGuid());
var tenantAuthority = AuthorityInfo.FromAadAuthority(AzureCloudInstance.AzurePublic, tenant: TestConstants.AadTenantId, validateAuthority: false);
var acquireTokenCommonParameters = new AcquireTokenCommonParameters
{
ApiId = ApiEvent.ApiIds.AcquireTokenOnBehalfOf,
AuthorityOverride = tenantAuthority
};
string oboCacheKey = "obo-cache-key";
var parameters = new AuthenticationRequestParameters(
_serviceBundle,
userTokenCache,
acquireTokenCommonParameters,
requestContext,
Authority.CreateAuthority(tenantAuthority))
{
UserAssertion = new UserAssertion(TestConstants.UserAssertion),
LongRunningOboCacheKey = oboCacheKey
};
// Act
var actualKey = CacheKeyFactory.GetKeyFromRequest(parameters);
// Assert
Assert.IsNotNull(actualKey);
Assert.AreEqual(oboCacheKey, actualKey);
}
public AuthenticationRequestParameters CreateAuthenticationRequestParameters(
string authority,
IEnumerable <string> scopes = null,
ITokenCacheInternal tokenCache = null,
IAccount account = null,
IDictionary <string, string> extraQueryParameters = null,
string claims = null,
ApiEvent.ApiIds apiId = ApiEvent.ApiIds.None,
bool validateAuthority = false)
{
scopes = scopes ?? TestConstants.s_scope;
tokenCache = tokenCache ?? new TokenCache(ServiceBundle, false);
var commonParameters = new AcquireTokenCommonParameters
{
Scopes = scopes ?? TestConstants.s_scope,
ExtraQueryParameters = extraQueryParameters ?? new Dictionary <string, string>(),
Claims = claims,
ApiId = apiId
};
return(new AuthenticationRequestParameters(
ServiceBundle,
tokenCache,
commonParameters,
new RequestContext(ServiceBundle, Guid.NewGuid()))
{
Account = account,
Authority = Authority.CreateAuthority(authority, validateAuthority)
});
}
public static AuthenticationRequestParameters CreateAuthenticationRequestParameters(
IServiceBundle serviceBundle,
Authority authority = null,
HashSet <string> scopes = null,
RequestContext requestContext = null,
ApiIds apiID = ApiIds.None)
{
var commonParameters = new AcquireTokenCommonParameters
{
Scopes = scopes ?? TestConstants.s_scope,
ApiId = apiID
};
authority = authority ?? Authority.CreateAuthority(TestConstants.AuthorityTestTenant);
requestContext = requestContext ?? new RequestContext(serviceBundle, Guid.NewGuid())
{
ApiEvent = new Client.TelemetryCore.Internal.Events.ApiEvent(Guid.NewGuid())
};
return(new AuthenticationRequestParameters(
serviceBundle,
new TokenCache(serviceBundle, false),
commonParameters,
requestContext,
authority)
{
});
}
public AuthenticationRequestParameters CreateAuthenticationRequestParameters(
string authority,
SortedSet <string> scopes,
ITokenCacheInternal tokenCache = null,
IAccount account = null,
IDictionary <string, string> extraQueryParameters = null,
string claims = null)
{
var commonParameters = new AcquireTokenCommonParameters
{
Scopes = scopes ?? MsalTestConstants.Scope,
ExtraQueryParameters = extraQueryParameters ?? new Dictionary <string, string>(),
Claims = claims
};
return(new AuthenticationRequestParameters(
ServiceBundle,
tokenCache,
commonParameters,
new RequestContext(ServiceBundle, Guid.NewGuid()))
{
Account = account,
Authority = Authority.CreateAuthority(ServiceBundle, authority)
});
}
public AuthenticationRequestParameters CreateRequestParams(
ITokenCacheInternal cache,
SortedSet <string> scopes,
IDictionary <string, string> extraQueryParams = null,
string claims = null,
AuthorityInfo authorityOverride = null)
{
var commonParameters = new AcquireTokenCommonParameters
{
Scopes = scopes ?? TestConstants.s_scope,
ExtraQueryParameters = extraQueryParams,
Claims = claims,
AuthorityOverride = authorityOverride
};
var parameters = new AuthenticationRequestParameters(
ServiceBundle,
cache,
commonParameters,
new RequestContext(ServiceBundle, Guid.NewGuid()))
{
Account = new Account(TestConstants.s_userIdentifier, TestConstants.DisplayableId, null),
};
return(parameters);
}
public async Task <Uri> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
GetAuthorizationRequestUrlParameters authorizationRequestUrlParameters,
CancellationToken cancellationToken)
{
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId, cancellationToken);
var requestParameters = _confidentialClientApplication.CreateRequestParameters(
commonParameters,
requestContext,
_confidentialClientApplication.UserTokenCacheInternal);
requestParameters.Account = authorizationRequestUrlParameters.Account;
requestParameters.LoginHint = authorizationRequestUrlParameters.LoginHint;
if (!string.IsNullOrWhiteSpace(authorizationRequestUrlParameters.RedirectUri))
{
requestParameters.RedirectUri = new Uri(authorizationRequestUrlParameters.RedirectUri);
}
await AuthorityEndpoints.UpdateAuthorityEndpointsAsync(requestParameters).ConfigureAwait(false);
var handler = new AuthCodeRequestComponent(
requestParameters,
authorizationRequestUrlParameters.ToInteractiveParameters());
return(handler.GetAuthorizationUriWithoutPkce());
}
public async Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenSilentParameters silentParameters,
CancellationToken cancellationToken)
{
//Since the AcquireTokenSilentParameterBuilder api is shared between public and confidential clients,
//We need some way to validate that MSAL is not performing AcquireTokenSilent with POP on public clients without Broker
if (commonParameters.PopAuthenticationConfiguration != null &&
ServiceBundle?.Config.IsBrokerEnabled == false &&
//Validates that we are not on CCA
//TODO: Find a better way to determine this
ServiceBundle?.Config.ClientCredential == null &&
commonParameters.OnBeforeTokenRequestHandler == null &&
ServiceBundle?.Config.AppTokenProvider == null
)
{
throw new MsalClientException(MsalError.BrokerRequiredForPop, MsalErrorMessage.BrokerRequiredForPop);
}
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId, cancellationToken);
var requestParameters = await _clientApplicationBase.CreateRequestParametersAsync(
commonParameters,
requestContext,
_clientApplicationBase.UserTokenCacheInternal).ConfigureAwait(false);
requestParameters.SendX5C = silentParameters.SendX5C ?? false;
var handler = new SilentRequest(ServiceBundle, requestParameters, silentParameters);
return(await handler.RunAsync(cancellationToken).ConfigureAwait(false));
}
public async Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenByRefreshTokenParameters refreshTokenParameters,
CancellationToken cancellationToken)
{
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId, cancellationToken);
if (commonParameters.Scopes == null || !commonParameters.Scopes.Any())
{
commonParameters.Scopes = new SortedSet <string>
{
_clientApplicationBase.AppConfig.ClientId + "/.default"
};
requestContext.Logger.Info(LogMessages.NoScopesProvidedForRefreshTokenRequest);
}
var requestParameters = _clientApplicationBase.CreateRequestParameters(
commonParameters,
requestContext,
_clientApplicationBase.UserTokenCacheInternal);
requestContext.Logger.Info(LogMessages.UsingXScopesForRefreshTokenRequest(commonParameters.Scopes.Count()));
requestParameters.SendX5C = refreshTokenParameters.SendX5C;
var handler = new ByRefreshTokenRequest(ServiceBundle, requestParameters, refreshTokenParameters);
return(await handler.RunAsync(CancellationToken.None).ConfigureAwait(false));
}
public AuthenticationRequestParameters CreateAuthenticationRequestParameters(
string authority,
IEnumerable <string> scopes,
ITokenCacheInternal tokenCache,
IAccount account = null,
IDictionary <string, string> extraQueryParameters = null,
string claims = null,
ApiEvent.ApiIds apiId = ApiEvent.ApiIds.None)
{
if (tokenCache == null)
{
throw new ArgumentNullException(nameof(tokenCache));
}
var commonParameters = new AcquireTokenCommonParameters
{
Scopes = scopes ?? TestConstants.s_scope,
ExtraQueryParameters = extraQueryParameters ?? new Dictionary <string, string>(),
Claims = claims,
ApiId = apiId
};
return(new AuthenticationRequestParameters(
ServiceBundle,
tokenCache,
commonParameters,
new RequestContext(ServiceBundle, Guid.NewGuid()))
{
Account = account,
Authority = Authority.CreateAuthority(authority)
});
}
public void TestCacheKeyForTenantAuthority()
{
// Arrange
const string tenantId = TestConstants.AadTenantId;
var appTokenCache = new TokenCache(this._serviceBundle, isApplicationTokenCache: true);
var requestContext = new RequestContext(this._serviceBundle, Guid.NewGuid());
var tenantAuthority = AuthorityInfo.FromAadAuthority(AzureCloudInstance.AzurePublic, tenant: tenantId, validateAuthority: false);
var acquireTokenCommonParameters = new AcquireTokenCommonParameters
{
ApiId = ApiEvent.ApiIds.AcquireTokenForClient,
AuthorityOverride = tenantAuthority
};
var parameters = new AuthenticationRequestParameters(
this._serviceBundle,
appTokenCache,
acquireTokenCommonParameters,
requestContext,
Authority.CreateAuthority(tenantAuthority));
// Act
var actualKey = SuggestedWebCacheKeyFactory.GetKeyFromRequest(parameters);
// Assert
Assert.IsNotNull(actualKey);
var expectedKey = $"{this._serviceBundle.Config.ClientId}_{tenantId}_AppTokenCache";
Assert.AreEqual(expectedKey, actualKey);
}
public static AuthenticationRequestParameters CreateAuthenticationRequestParameters(
IServiceBundle serviceBundle,
Authority authority = null,
HashSet <string> scopes = null,
RequestContext requestContext = null)
{
var commonParameters = new AcquireTokenCommonParameters
{
Scopes = scopes ?? TestConstants.s_scope,
};
authority = authority ?? Authority.CreateAuthority(TestConstants.AuthorityTestTenant);
requestContext = requestContext ?? new RequestContext(serviceBundle, Guid.NewGuid())
{
ApiEvent = new Client.TelemetryCore.Internal.Events.ApiEvent(
serviceBundle.DefaultLogger,
serviceBundle.PlatformProxy.CryptographyManager,
Guid.NewGuid().ToString())
};
return(new AuthenticationRequestParameters(
serviceBundle,
new TokenCache(serviceBundle, false),
commonParameters,
requestContext,
authority)
{
});
}
public void TestCacheKeyForADFSAuthority()
{
// Arrange
var appTokenCache = new TokenCache(this._serviceBundle, isApplicationTokenCache: true);
var requestContext = new RequestContext(this._serviceBundle, Guid.NewGuid());
var authority = Authority.CreateAuthority(TestConstants.ADFSAuthority, true);
requestContext.ServiceBundle.Config.AuthorityInfo = authority.AuthorityInfo;
var acquireTokenCommonParameters = new AcquireTokenCommonParameters
{
ApiId = ApiEvent.ApiIds.AcquireTokenForClient,
};
var parameters = new AuthenticationRequestParameters(
this._serviceBundle,
appTokenCache,
acquireTokenCommonParameters,
requestContext,
authority);
// Act
var actualKey = SuggestedWebCacheKeyFactory.GetKeyFromRequest(parameters);
// Assert
Assert.IsNotNull(actualKey);
var expectedKey = $"{this._serviceBundle.Config.ClientId}__AppTokenCache";
Assert.AreEqual(expectedKey, actualKey);
}
public AuthenticationRequestParameters(
IServiceBundle serviceBundle,
ITokenCacheInternal tokenCache,
AcquireTokenCommonParameters commonParameters,
RequestContext requestContext)
{
_commonParameters = commonParameters;
Authority = Authority.CreateAuthorityForRequest(serviceBundle.Config.AuthorityInfo, commonParameters.AuthorityOverride);
ClientId = serviceBundle.Config.ClientId;
CacheSessionManager = new CacheSessionManager(tokenCache, this, serviceBundle.TelemetryManager);
Scope = ScopeHelper.CreateSortedSetFromEnumerable(commonParameters.Scopes);
RedirectUri = new Uri(serviceBundle.Config.RedirectUri);
RequestContext = requestContext;
IsBrokerEnabled = serviceBundle.Config.IsBrokerEnabled;
// Set application wide query parameters.
ExtraQueryParameters = serviceBundle.Config.ExtraQueryParameters ?? new Dictionary <string, string>();
// Copy in call-specific query parameters.
if (commonParameters.ExtraQueryParameters != null)
{
foreach (KeyValuePair <string, string> kvp in commonParameters.ExtraQueryParameters)
{
ExtraQueryParameters[kvp.Key] = kvp.Value;
}
}
}
public async Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenByIntegratedWindowsAuthParameters integratedWindowsAuthParameters,
CancellationToken cancellationToken)
{
#if NET_CORE
if (string.IsNullOrWhiteSpace(integratedWindowsAuthParameters.Username))
{
throw new PlatformNotSupportedException("AcquireTokenByIntegratedWindowsAuth is not supported on .net core without adding .WithUsername() because " +
"MSAL cannot determine the username (UPN) of the currently logged in user. Please use .WithUsername() before calling ExecuteAsync(). " +
"For more details see https://aka.ms/msal-net-iwa");
}
#endif
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId);
var requestParams = _publicClientApplication.CreateRequestParameters(
commonParameters,
requestContext,
_publicClientApplication.UserTokenCacheInternal);
var handler = new IntegratedWindowsAuthRequest(
ServiceBundle,
requestParams,
integratedWindowsAuthParameters);
return(await handler.RunAsync(cancellationToken).ConfigureAwait(false));
}
public async Task <Uri> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
GetAuthorizationRequestUrlParameters authorizationRequestUrlParameters,
CancellationToken cancellationToken)
{
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId);
var requestParameters = _confidentialClientApplication.CreateRequestParameters(
commonParameters,
requestContext,
_confidentialClientApplication.UserTokenCacheInternal);
requestParameters.Account = authorizationRequestUrlParameters.Account;
requestParameters.LoginHint = authorizationRequestUrlParameters.LoginHint;
if (!string.IsNullOrWhiteSpace(authorizationRequestUrlParameters.RedirectUri))
{
requestParameters.RedirectUri = new Uri(authorizationRequestUrlParameters.RedirectUri);
}
var handler = new InteractiveRequest(
ServiceBundle,
requestParameters,
authorizationRequestUrlParameters.ToInteractiveParameters(),
null);
// todo: need to pass through cancellation token here
return(await handler.CreateAuthorizationUriAsync().ConfigureAwait(false));
}
public async Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenForClientParameters clientParameters,
CancellationToken cancellationToken)
{
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId, cancellationToken);
var requestParams = _confidentialClientApplication.CreateRequestParameters(
commonParameters,
requestContext,
_confidentialClientApplication.AppTokenCacheInternal);
if (clientParameters.AutoDetectRegion && requestContext.ServiceBundle.Config.AuthorityInfo.AuthorityType == AuthorityType.Adfs)
{
throw new MsalClientException(MsalError.RegionDiscoveryNotEnabled, MsalErrorMessage.RegionDiscoveryNotAvailable);
}
requestParams.SendX5C = clientParameters.SendX5C;
requestContext.ServiceBundle.Config.AuthorityInfo.AutoDetectRegion = clientParameters.AutoDetectRegion;
requestContext.ServiceBundle.Config.AuthorityInfo.RegionToUse = clientParameters.RegionToUse;
var handler = new ClientCredentialRequest(
ServiceBundle,
requestParams,
clientParameters);
return(await handler.RunAsync(cancellationToken).ConfigureAwait(false));
}
public Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenByUsernamePasswordParameters usernamePasswordParameters,
CancellationToken cancellationToken)
{
return(ExecuteMatsAsync(
commonParameters,
async() => await _executor.ExecuteAsync(commonParameters, usernamePasswordParameters, cancellationToken).ConfigureAwait(false)));
}
public Task <Uri> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
GetAuthorizationRequestUrlParameters authorizationRequestUrlParameters,
CancellationToken cancellationToken)
{
return(ExecuteMatsToUriAsync(
commonParameters,
async() => await _executor.ExecuteAsync(commonParameters, authorizationRequestUrlParameters, cancellationToken).ConfigureAwait(false)));
}
public Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenOnBehalfOfParameters onBehalfOfParameters,
CancellationToken cancellationToken)
{
return(ExecuteMatsAsync(
commonParameters,
async() => await _executor.ExecuteAsync(commonParameters, onBehalfOfParameters, cancellationToken).ConfigureAwait(false)));
}
public Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenByIntegratedWindowsAuthParameters integratedWindowsAuthParameters,
CancellationToken cancellationToken)
{
return(ExecuteMatsAsync(
commonParameters,
async() => await _executor.ExecuteAsync(commonParameters, integratedWindowsAuthParameters, cancellationToken).ConfigureAwait(false)));
}
internal override async Task <AuthenticationRequestParameters> CreateRequestParametersAsync(
AcquireTokenCommonParameters commonParameters,
RequestContext requestContext,
ITokenCacheInternal cache)
{
AuthenticationRequestParameters requestParams = await base.CreateRequestParametersAsync(commonParameters, requestContext, cache).ConfigureAwait(false);
return(requestParams);
}
internal override AuthenticationRequestParameters CreateRequestParameters(
AcquireTokenCommonParameters commonParameters,
RequestContext requestContext,
ITokenCacheInternal cache)
{
AuthenticationRequestParameters requestParams = base.CreateRequestParameters(commonParameters, requestContext, cache);
requestParams.ClientCredential = ServiceBundle.Config.ClientCredential;
return(requestParams);
}
internal virtual AuthenticationRequestParameters CreateRequestParameters(
AcquireTokenCommonParameters commonParameters,
RequestContext requestContext,
ITokenCacheInternal cache)
{
return(new AuthenticationRequestParameters(
ServiceBundle,
cache,
commonParameters,
requestContext));
}
public async Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenSilentParameters silentParameters,
CancellationToken cancellationToken)
{
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.TelemetryCorrelationId);
var requestParameters = _clientApplicationBase.CreateRequestParameters(
commonParameters,
requestContext,
_clientApplicationBase.UserTokenCacheInternal);
var handler = new SilentRequest(ServiceBundle, requestParameters, silentParameters);
return(await handler.RunAsync(cancellationToken).ConfigureAwait(false));
}
internal virtual async Task <AuthenticationRequestParameters> CreateRequestParametersAsync(
AcquireTokenCommonParameters commonParameters,
RequestContext requestContext,
ITokenCacheInternal cache)
{
var authority = await Instance.Authority.CreateAuthorityForRequestAsync(
requestContext,
commonParameters.AuthorityOverride).ConfigureAwait(false);
return(new AuthenticationRequestParameters(
ServiceBundle,
cache,
commonParameters,
requestContext,
authority));
}
internal virtual AuthenticationRequestParameters CreateRequestParameters(
AcquireTokenCommonParameters commonParameters,
RequestContext requestContext,
ITokenCacheInternal cache)
{
var authority = Microsoft.Identity.Client.Instance.Authority.CreateAuthorityForRequest(
requestContext.ServiceBundle.Config.AuthorityInfo,
commonParameters.AuthorityOverride);
return(new AuthenticationRequestParameters(
ServiceBundle,
cache,
commonParameters,
requestContext,
authority));
}
protected async Task <Uri> ExecuteMatsToUriAsync(
AcquireTokenCommonParameters commonParameters,
Func <Task <Uri> > executorAction)
{
var action = _mats.StartAction(null, commonParameters.CorrelationId.AsMatsCorrelationId());
try
{
Uri result = await executorAction().ConfigureAwait(false);
_mats.EndAction(action, AuthOutcome.Succeeded, ErrorSource.None, string.Empty, string.Empty);
return(result);
}
catch (Exception ex)
{
_mats.EndAction(action, ex);
throw;
}
}
protected async Task <AuthenticationResult> ExecuteMatsAsync(
AcquireTokenCommonParameters commonParameters,
Func <Task <AuthenticationResult> > executorAction)
{
var action = _mats.StartAction(_mats.CreateScenario(), commonParameters.CorrelationId.AsMatsCorrelationId());
try
{
var result = await executorAction().ConfigureAwait(false);
_mats.EndAction(action, result);
return(result);
}
catch (Exception ex)
{
_mats.EndAction(action, ex);
throw;
}
}
public async Task <AuthenticationResult> ExecuteAsync(
AcquireTokenCommonParameters commonParameters,
AcquireTokenByUsernamePasswordParameters usernamePasswordParameters,
CancellationToken cancellationToken)
{
var requestContext = CreateRequestContextAndLogVersionInfo(commonParameters.CorrelationId);
var requestParams = _publicClientApplication.CreateRequestParameters(
commonParameters,
requestContext,
_publicClientApplication.UserTokenCacheInternal);
var handler = new UsernamePasswordRequest(
ServiceBundle,
requestParams,
usernamePasswordParameters);
return(await handler.RunAsync(cancellationToken).ConfigureAwait(false));
}
