public GraphAccount(GraphUserAccount graphUserAccount)
{
if (graphUserAccount != null)
{
Username = graphUserAccount.Email;
Environment = graphUserAccount.Environment;
HomeAccountId = new AccountId($"{graphUserAccount.ObjectId}.{graphUserAccount.TenantId}", graphUserAccount.ObjectId, graphUserAccount.TenantId);
}
}
public void Setup()
{
_graphUserAccount = new GraphUserAccount
{
Email = "*****@*****.**",
Environment = "login.microsoftonline.com",
ObjectId = Guid.NewGuid().ToString(),
TenantId = Guid.NewGuid().ToString()
};
_silentAuthResult = MockAuthResult.GetAuthenticationResult(new GraphAccount(_graphUserAccount), _scopes);
_mockClientApplicationBase = new MockPublicClientApplication(_scopes, _organizationsAuthority, false, _clientId, _silentAuthResult);
}
/// <summary>
/// Sets <see cref="GraphUserAccount"/> to be used to retrieve an access token for this request.
/// It is also used to handle multi-user/ multi-tenant access token cache storage and retrieval.
/// </summary>
/// <param name="baseRequest">The <see cref="IBaseRequest"/>.</param>
/// <param name="userAccount">A <see cref="GraphUserAccount"/> that represents a user account. At a minimum, the ObjectId and TenantId must be set.
/// </param>
public static T WithUserAccount <T>(this T baseRequest, GraphUserAccount userAccount) where T : IBaseRequest
{
string authHandlerOptionKey = typeof(AuthenticationHandlerOption).ToString();
AuthenticationHandlerOption authHandlerOptions = baseRequest.MiddlewareOptions[authHandlerOptionKey] as AuthenticationHandlerOption;
MsalAuthenticationProviderOption msalAuthProviderOption = authHandlerOptions.AuthenticationProviderOption as MsalAuthenticationProviderOption ?? new MsalAuthenticationProviderOption();
msalAuthProviderOption.UserAccount = userAccount;
authHandlerOptions.AuthenticationProviderOption = msalAuthProviderOption;
baseRequest.MiddlewareOptions[authHandlerOptionKey] = authHandlerOptions;
return(baseRequest);
}
public void Setup()
{
_clientCredential = new ClientCredential("app_secret");
_graphUserAccount = new GraphUserAccount
{
Email = "*****@*****.**",
Environment = "login.microsoftonline.com",
ObjectId = Guid.NewGuid().ToString(),
TenantId = Guid.NewGuid().ToString()
};
_mockAuthResult = MockAuthResult.GetAuthenticationResult(new GraphAccount(_graphUserAccount), _scopes);
_mockClientApplicationBase = new MockConfidentialClientApplication(_scopes, "common", false, _clientId, _mockAuthResult);
}
public void ShouldGetGraphUserAccountFromJwtString()
{
IEnumerable <string> scopes = new List <string> {
"User.ReadBasic.All"
};
string jwtAccessToken = "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkFBMjMyVEVTVCIsImFsZyI6IkhTMjU2In0.eyJmYW1pbHlfbmFtZSI6IkRvZSIsImdpdmVuX25hbWUiOiJKb2huIiwibmFtZSI6IkpvaG4gRG9lIiwib2lkIjoiZTYwMmFkYTctNmVmZC00ZTE4LWE5NzktNjNjMDJiOWYzYzc2Iiwic2NwIjoiVXNlci5SZWFkQmFzaWMuQWxsIiwidGlkIjoiNmJjMTUzMzUtZTJiOC00YTlhLTg2ODMtYTUyYTI2YzhjNTgzIiwidW5pcXVlX25hbWUiOiJqb2huQGRvZS50ZXN0LmNvbSIsInVwbiI6ImpvaG5AZG9lLnRlc3QuY29tIn0.hf9xI5XYBjGec-4n4_Kxj8Nd2YHBtihdevYhzFxbpXQ";
var mock = Mock.Of <IConfidentialClientApplication>();
OnBehalfOfProvider authProvider = new OnBehalfOfProvider(mock, scopes);
GraphUserAccount userAccount = authProvider.GetGraphUserAccountFromJwt(jwtAccessToken);
Assert.NotNull(userAccount);
Assert.Equal("e602ada7-6efd-4e18-a979-63c02b9f3c76", userAccount?.ObjectId);
Assert.Equal("6bc15335-e2b8-4a9a-8683-a52a26c8c583", userAccount?.TenantId);
Assert.Equal("*****@*****.**", userAccount?.Email);
}
public void ToGraphUserAccount_ShouldReturnGraphUserAccountWhenClaimsArePresent()
{
string objectId = Guid.NewGuid().ToString();
string tenantId = Guid.NewGuid().ToString();
string email = "*****@*****.**";
List <Claim> claims = new List <Claim>
{
new Claim(AuthConstants.ClaimTypes.ObjectIdUriSchema, objectId),
new Claim(AuthConstants.ClaimTypes.TenantIdJwt, tenantId),
new Claim(AuthConstants.ClaimTypes.EmailUriSchema, email),
};
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity(claims));
GraphUserAccount graphUserAccount = claimsPrincipal.ToGraphUserAccount();
Assert.AreEqual(objectId, graphUserAccount.ObjectId, "Unexpected objcetId set.");
Assert.AreEqual(tenantId, graphUserAccount.TenantId, "Unexpected tenantId set.");
Assert.AreEqual(email, graphUserAccount.Email, "Unexpected email set.");
}
public void WithUserAccount_ShouldAddUserAccountToAuthProviderOption()
{
BaseRequest baseRequest = new BaseRequest(baseUrl, baseClient);
GraphUserAccount graphUser = new GraphUserAccount
{
Email = "*****@*****.**",
ObjectId = Guid.NewGuid().ToString(),
TenantId = Guid.NewGuid().ToString()
};
baseRequest.WithUserAccount(graphUser);
var httpRequestMessage = baseRequest.GetHttpRequestMessage();
MsalAuthenticationProviderOption msalAuthProviderOption = httpRequestMessage.GetMsalAuthProviderOption();
Assert.IsNotNull(msalAuthProviderOption);
Assert.AreSame(graphUser, msalAuthProviderOption.UserAccount);
Assert.AreEqual(graphUser.Email, msalAuthProviderOption.UserAccount.Email);
Assert.AreEqual(graphUser.ObjectId, msalAuthProviderOption.UserAccount.ObjectId);
}