[Ignore] // https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/1038
public void B2CMicrosoftOnlineCreateAuthority()
{
using (var harness = CreateTestHarness())
{
// add mock response for tenant endpoint discovery
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://login.microsoftonline.com/tfp/mytenant.com/my-policy/v2.0/.well-known/openid-configuration",
ResponseMessage = MockHelpers.CreateSuccessResponseMessage(
File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("OpenidConfiguration-B2C.json")))
});
Authority instance = Authority.CreateAuthority(
"https://login.microsoftonline.com/tfp/mytenant.com/my-policy/");
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C);
var resolver = new AuthorityResolutionManager();
var endpoints = resolver.ResolveEndpoints(
instance,
null,
new RequestContext(harness.ServiceBundle, Guid.NewGuid()));
Assert.AreEqual(
"https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/authorize",
endpoints.AuthorizationEndpoint);
Assert.AreEqual(
"https://login.microsoftonline.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/my-policy/oauth2/v2.0/token",
endpoints.TokenEndpoint);
Assert.AreEqual("https://sts.windows.net/6babcaad-604b-40ac-a9d7-9fd97c0b779f/", endpoints.SelfSignedJwtAudience);
}
}
public void B2CLoginAuthorityEndpoints()
{
using (var httpManager = new MockHttpManager())
{
var appConfig = new ApplicationConfiguration()
{
HttpManager = httpManager,
AuthorityInfo = AuthorityInfo.FromAuthorityUri(
"https://sometenantid.b2clogin.com/tfp/6babcaad-604b-40ac-a9d7-9fd97c0b779f/b2c_1_susi/", true)
};
var serviceBundle = ServiceBundle.Create(appConfig);
Authority instance = Authority.CreateAuthority(
"https://sometenantid.b2clogin.com/tfp/6babcaad-604b-40ac-a9d7-9fd97c0b779f/b2c_1_susi/");
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C);
var resolver = new AuthorityResolutionManager();
var endpoints = resolver.ResolveEndpoints(
instance,
null,
new RequestContext(serviceBundle, Guid.NewGuid()));
Assert.AreEqual(
"https://sometenantid.b2clogin.com/tfp/6babcaad-604b-40ac-a9d7-9fd97c0b779f/b2c_1_susi/oauth2/v2.0/authorize",
endpoints.AuthorizationEndpoint);
Assert.AreEqual(
"https://sometenantid.b2clogin.com/tfp/6babcaad-604b-40ac-a9d7-9fd97c0b779f/b2c_1_susi/oauth2/v2.0/token",
endpoints.TokenEndpoint);
Assert.AreEqual("https://sometenantid.b2clogin.com/tfp/6babcaad-604b-40ac-a9d7-9fd97c0b779f/b2c_1_susi/oauth2/v2.0/token",
endpoints.SelfSignedJwtAudience);
}
}
public async Task FailedValidationTestAsync()
{
using (var harness = CreateTestHarness())
{
// add mock response for instance validation
harness.HttpManager.AddMockHandler(
new MockHttpMessageHandler
{
ExpectedMethod = HttpMethod.Get,
ExpectedUrl = "https://login.microsoftonline.com/common/discovery/instance",
ExpectedQueryParams = new Dictionary <string, string>
{
{ "api-version", "1.1" },
{
"authorization_endpoint",
"https%3A%2F%2Flogin.microsoft0nline.com%2Fmytenant.com%2Foauth2%2Fv2.0%2Fauthorize"
},
},
ResponseMessage = MockHelpers.CreateFailureMessage(
HttpStatusCode.BadRequest,
"{\"error\":\"invalid_instance\"," + "\"error_description\":\"AADSTS50049: " +
"Unknown or invalid instance. Trace " + "ID: b9d0894d-a9a4-4dba-b38e-8fb6a009bc00 " +
"Correlation ID: 34f7b4cf-4fa2-4f35-a59b" + "-54b6f91a9c94 Timestamp: 2016-08-23 " +
"20:45:49Z\",\"error_codes\":[50049]," + "\"timestamp\":\"2016-08-23 20:45:49Z\"," +
"\"trace_id\":\"b9d0894d-a9a4-4dba-b38e-8f" + "b6a009bc00\",\"correlation_id\":\"34f7b4cf-" +
"4fa2-4f35-a59b-54b6f91a9c94\"}")
});
Authority instance = Authority.CreateAuthority("https://login.microsoft0nline.com/mytenant.com", true);
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad);
TestCommon.CreateServiceBundleWithCustomHttpManager(harness.HttpManager, authority: instance.AuthorityInfo.CanonicalAuthority, validateAuthority: true);
try
{
var resolver = new AuthorityResolutionManager();
await resolver.ValidateAuthorityAsync(
instance,
new RequestContext(harness.ServiceBundle, Guid.NewGuid())).ConfigureAwait(false);
Assert.Fail("validation should have failed here");
}
catch (Exception exc)
{
Assert.IsTrue(exc is MsalServiceException);
Assert.AreEqual(((MsalServiceException)exc).ErrorCode, "invalid_instance");
}
}
}
internal ServiceBundle(
ApplicationConfiguration config,
bool shouldClearCaches = false)
{
Config = config;
DefaultLogger = new MsalLogger(
Guid.Empty,
config.ClientName,
config.ClientVersion,
config.LogLevel,
config.EnablePiiLogging,
config.IsDefaultPlatformLoggingEnabled,
config.LoggingCallback);
PlatformProxy = config.PlatformProxy ?? PlatformProxyFactory.CreatePlatformProxy(DefaultLogger);
HttpManager = config.HttpManager ?? new HttpManager(
config.HttpClientFactory ??
PlatformProxy.CreateDefaultHttpClientFactory());
HttpTelemetryManager = new HttpTelemetryManager();
if (config.TelemetryConfig != null)
{
// This can return null if the device isn't sampled in. There's no need for processing MATS events if we're not going to send them.
Mats = TelemetryClient.CreateMats(config, PlatformProxy, config.TelemetryConfig);
MatsTelemetryManager = Mats?.TelemetryManager ??
new TelemetryManager(config, PlatformProxy, config.TelemetryCallback);
}
else
{
MatsTelemetryManager = new TelemetryManager(config, PlatformProxy, config.TelemetryCallback);
}
InstanceDiscoveryManager = new InstanceDiscoveryManager(
HttpManager,
shouldClearCaches,
config.CustomInstanceDiscoveryMetadata,
config.CustomInstanceDiscoveryMetadataUri);
WsTrustWebRequestManager = new WsTrustWebRequestManager(HttpManager);
ThrottlingManager = SingletonThrottlingManager.GetInstance();
AuthorityEndpointResolutionManager = new AuthorityResolutionManager(shouldClearCaches);
DeviceAuthManager = config.DeviceAuthManagerForTest ?? PlatformProxy.CreateDeviceAuthManager();
}
public void CreateEndpointsWithCommonTenantTest()
{
using (var harness = CreateTestHarness())
{
Authority instance = Authority.CreateAuthority("https://login.microsoftonline.com/common");
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.Aad);
var resolver = new AuthorityResolutionManager();
var endpoints = resolver.ResolveEndpoints(
instance,
null,
new RequestContext(harness.ServiceBundle, Guid.NewGuid()));
Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/authorize", endpoints.AuthorizationEndpoint);
Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/token", endpoints.TokenEndpoint);
Assert.AreEqual("https://login.microsoftonline.com/common/oauth2/v2.0/token", endpoints.SelfSignedJwtAudience);
}
}
public void NotEnoughPathSegmentsTest()
{
try
{
var serviceBundle = TestCommon.CreateDefaultServiceBundle();
var instance = Authority.CreateAuthority("https://login.microsoftonline.in/tfp/");
Assert.IsNotNull(instance);
Assert.AreEqual(instance.AuthorityInfo.AuthorityType, AuthorityType.B2C);
var resolver = new AuthorityResolutionManager();
var endpoints = resolver.ResolveEndpoints(
instance,
null,
new RequestContext(serviceBundle, Guid.NewGuid()));
Assert.Fail("test should have failed");
}
catch (Exception exc)
{
Assert.IsInstanceOfType(exc, typeof(ArgumentException));
Assert.AreEqual(MsalErrorMessage.B2cAuthorityUriInvalidPath, exc.Message);
}
}
