public void BrokerInteractiveRequestTest()
{
string CanonicalizedAuthority = AuthorityInfo.CanonicalizeAuthorityUri(CoreHelpers.UrlDecode(TestConstants.AuthorityTestTenant));
using (var harness = CreateTestHarness())
{
// Arrange
var parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityTestTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
null,
TestConstants.ExtraQueryParameters);
// Act
IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(null);
_brokerInteractiveRequest =
new BrokerInteractiveRequestComponent(
parameters,
null,
broker,
"install_url");
Assert.AreEqual(false, _brokerInteractiveRequest.Broker.IsBrokerInstalledAndInvokable());
AssertException.TaskThrowsAsync <PlatformNotSupportedException>(
() => _brokerInteractiveRequest.Broker.AcquireTokenInteractiveAsync(
parameters, new AcquireTokenInteractiveParameters())).ConfigureAwait(false);
}
}
public void BrokerInteractiveRequestTest()
{
string CanonicalizedAuthority = AuthorityInfo.CanonicalizeAuthorityUri(CoreHelpers.UrlDecode(TestConstants.AuthorityTestTenant));
using (var harness = CreateTestHarness())
{
// Arrange
var parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityTestTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
null,
TestConstants.ExtraQueryParameters);
// Act
IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(harness.ServiceBundle.Config, null);
_brokerInteractiveRequest =
new BrokerInteractiveRequestComponent(
parameters,
null,
broker,
"install_url");
#if NET5_WIN
Assert.AreEqual(true, _brokerInteractiveRequest.Broker.IsBrokerInstalledAndInvokable());
#else
Assert.AreEqual(false, _brokerInteractiveRequest.Broker.IsBrokerInstalledAndInvokable());
#endif
}
}
private async Task <MsalTokenResponse> GetTokenResponseAsync(CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
if (_requestParams.AppConfig.IsBrokerEnabled)
{
_logger.Info("Broker is configured. Starting broker flow without knowing the broker installation app link. ");
MsalTokenResponse brokerTokenResponse = await FetchTokensFromBrokerAsync(
null, // we don't have an installation URI yet
cancellationToken)
.ConfigureAwait(false);
// if we don't get back a result, then continue with the WebUi
if (brokerTokenResponse != null)
{
_logger.Info("Broker attempt completed successfully. ");
Metrics.IncrementTotalAccessTokensFromBroker();
return(brokerTokenResponse);
}
_logger.Info("Broker attempt did not complete, most likely because the broker is not installed. Attempting to use a browser / web UI. ");
cancellationToken.ThrowIfCancellationRequested();
}
IAuthCodeRequestComponent authorizationFetcher =
_authCodeRequestComponentOverride ??
new AuthCodeRequestComponent(
_requestParams,
_interactiveParameters);
var result = await authorizationFetcher.FetchAuthCodeAndPkceVerifierAsync(cancellationToken)
.ConfigureAwait(false);
_logger.Info("An authorization code was retrieved from the /authorize endpoint. ");
AuthorizationResult authResult = result.Item1;
string authCode = authResult.Code;
string pkceCodeVerifier = result.Item2;
if (BrokerInteractiveRequestComponent.IsBrokerRequiredAuthCode(authCode, out string brokerInstallUri))
{
return(await RunBrokerWithInstallUriAsync(brokerInstallUri, cancellationToken).ConfigureAwait(false));
}
_logger.Info("Exchanging the auth code for tokens. ");
var authCodeExchangeComponent =
_authCodeExchangeComponentOverride ??
new AuthCodeExchangeComponent(
_requestParams,
_interactiveParameters,
authCode,
pkceCodeVerifier,
authResult.ClientInfo);
MsalTokenResponse idpTokenResponse = await authCodeExchangeComponent.FetchTokensAsync(cancellationToken)
.ConfigureAwait(false);
Metrics.IncrementTotalAccessTokensFromIdP();
return(idpTokenResponse);
}
public void BrokerInteractiveRequest_CreateBrokerParametersTest()
{
using (var harness = CreateTestHarness())
{
// Arrange
var parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityTestTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
null,
TestConstants.ExtraQueryParameters);
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters();
// Act
IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(null);
BrokerInteractiveRequestComponent brokerInteractiveRequest =
new BrokerInteractiveRequestComponent(
parameters,
interactiveParameters,
broker,
null);
brokerInteractiveRequest.CreateRequestParametersForBroker();
// Assert
Assert.AreEqual(11, brokerInteractiveRequest.BrokerPayload.Count);
Assert.AreEqual(s_canonicalizedAuthority, brokerInteractiveRequest.BrokerPayload[BrokerParameter.Authority]);
Assert.AreEqual(TestConstants.ScopeStr, brokerInteractiveRequest.BrokerPayload[BrokerParameter.Scope]);
Assert.AreEqual(TestConstants.ClientId, brokerInteractiveRequest.BrokerPayload[BrokerParameter.ClientId]);
Assert.IsFalse(string.IsNullOrEmpty(brokerInteractiveRequest.BrokerPayload[BrokerParameter.CorrelationId]));
Assert.AreNotEqual(Guid.Empty.ToString(), brokerInteractiveRequest.BrokerPayload[BrokerParameter.CorrelationId]);
Assert.AreEqual(MsalIdHelper.GetMsalVersion(), brokerInteractiveRequest.BrokerPayload[BrokerParameter.ClientVersion]);
Assert.AreEqual("NO", brokerInteractiveRequest.BrokerPayload[BrokerParameter.Force]);
Assert.AreEqual(string.Empty, brokerInteractiveRequest.BrokerPayload[BrokerParameter.Username]);
Assert.AreEqual(TestConstants.RedirectUri, brokerInteractiveRequest.BrokerPayload[BrokerParameter.RedirectUri]);
Assert.AreEqual(TestConstants.BrokerExtraQueryParameters, brokerInteractiveRequest.BrokerPayload[BrokerParameter.ExtraQp]);
//Assert.AreEqual(TestConstants.BrokerClaims, brokerInteractiveRequest._brokerPayload[BrokerParameter.Claims]); //TODO
Assert.AreEqual(BrokerParameter.OidcScopesValue, brokerInteractiveRequest.BrokerPayload[BrokerParameter.ExtraOidcScopes]);
}
}
private MockHttpAndServiceBundle CreateBrokerHelper()
{
MockHttpAndServiceBundle harness = CreateTestHarness();
_parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: TestConstants.ExtraQueryParameters,
claims: TestConstants.Claims);
_parameters.IsBrokerConfigured = true;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters();
_acquireTokenSilentParameters = new AcquireTokenSilentParameters();
IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(null);
_brokerInteractiveRequest =
new BrokerInteractiveRequestComponent(
_parameters,
interactiveParameters,
broker,
"install_url");
_brokerSilentAuthStrategy =
new SilentBrokerAuthStrategy(
new SilentRequest(harness.ServiceBundle, _parameters, _acquireTokenSilentParameters),
harness.ServiceBundle,
_parameters,
_acquireTokenSilentParameters,
broker);
_brokerHttpResponse = new HttpResponse();
_brokerHttpResponse.Body = "SomeBody";
_brokerHttpResponse.StatusCode = HttpStatusCode.Unauthorized;
_brokerHttpResponse.Headers = new HttpResponseMessage().Headers;
return(harness);
}
private void CreateBrokerHelper()
{
using (MockHttpAndServiceBundle harness = CreateTestHarness())
{
AuthenticationRequestParameters parameters = harness.CreateAuthenticationRequestParameters(
TestConstants.AuthorityHomeTenant,
TestConstants.s_scope,
new TokenCache(harness.ServiceBundle, false),
extraQueryParameters: TestConstants.ExtraQueryParameters,
claims: TestConstants.Claims);
parameters.IsBrokerConfigured = true;
AcquireTokenInteractiveParameters interactiveParameters = new AcquireTokenInteractiveParameters();
AcquireTokenSilentParameters acquireTokenSilentParameters = new AcquireTokenSilentParameters();
//PublicAuthCodeRequest request = new PublicAuthCodeRequest(
// parameters,
// interactiveParameters,
// new MockWebUI());
IBroker broker = harness.ServiceBundle.PlatformProxy.CreateBroker(null);
_brokerInteractiveRequest =
new BrokerInteractiveRequestComponent(
parameters,
interactiveParameters,
broker,
"install_url");
_brokerSilentRequest =
new BrokerSilentRequest(
parameters,
acquireTokenSilentParameters,
harness.ServiceBundle,
broker);
}
}
private async Task <MsalTokenResponse> GetTokenResponseAsync(CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
if (_requestParams.AppConfig.IsBrokerEnabled)
{
_logger.Info("Broker is configured. Starting broker flow without knowing the broker installation app link. ");
MsalTokenResponse brokerTokenResponse = await FetchTokensFromBrokerAsync(
null, // we don't have an installation URI yet
cancellationToken)
.ConfigureAwait(false);
// if we don't get back a result, then continue with the WebUi
if (brokerTokenResponse != null)
{
_logger.Info("Broker attempt completed successfully. ");
Metrics.IncrementTotalAccessTokensFromBroker();
return(brokerTokenResponse);
}
if (string.Equals(_requestParams.AuthenticationScheme.AccessTokenType, Constants.PoPTokenType))
{
_logger.Error("A broker application is required for Proof-of-Possesion, but one could not be found or communicated with. See https://aka.ms/msal-net-pop");
throw new MsalClientException(MsalError.BrokerApplicationRequired, MsalErrorMessage.CannotInvokeBrokerForPop);
}
_logger.Info("Broker attempt did not complete, most likely because the broker is not installed. Attempting to use a browser / web UI. ");
cancellationToken.ThrowIfCancellationRequested();
}
if (_requestParams.AppConfig.MultiCloudSupportEnabled)
{
_logger.Info("Instance Aware was configured.");
_requestParams.AppConfig.ExtraQueryParameters[InstanceAwareParam] = "true";
}
IAuthCodeRequestComponent authorizationFetcher =
_authCodeRequestComponentOverride ??
new AuthCodeRequestComponent(
_requestParams,
_interactiveParameters);
var result = await authorizationFetcher.FetchAuthCodeAndPkceVerifierAsync(cancellationToken)
.ConfigureAwait(false);
_logger.Info("An authorization code was retrieved from the /authorize endpoint. ");
AuthorizationResult authResult = result.Item1;
string authCode = authResult.Code;
string pkceCodeVerifier = result.Item2;
if (BrokerInteractiveRequestComponent.IsBrokerRequiredAuthCode(authCode, out string brokerInstallUri))
{
return(await RunBrokerWithInstallUriAsync(brokerInstallUri, cancellationToken).ConfigureAwait(false));
}
if (_requestParams.AppConfig.MultiCloudSupportEnabled && !string.IsNullOrEmpty(authResult.CloudInstanceHost))
{
_logger.Info("Updating the authority to the cloud specific authority.");
_requestParams.AuthorityManager = new AuthorityManager(
_requestParams.RequestContext,
Authority.CreateAuthorityWithEnvironment(_requestParams.Authority.AuthorityInfo, authResult.CloudInstanceHost));
await ResolveAuthorityAsync().ConfigureAwait(false);
}
_logger.Info("Exchanging the auth code for tokens. ");
var authCodeExchangeComponent =
_authCodeExchangeComponentOverride ??
new AuthCodeExchangeComponent(
_requestParams,
_interactiveParameters,
authCode,
pkceCodeVerifier,
authResult.ClientInfo);
MsalTokenResponse idpTokenResponse = await authCodeExchangeComponent.FetchTokensAsync(cancellationToken)
.ConfigureAwait(false);
Metrics.IncrementTotalAccessTokensFromIdP();
return(idpTokenResponse);
}