public void DeleteAccessToken(MsalAccessTokenCacheKey cacheKey)
{
if (!_accessTokenCacheDictionary.TryRemove(cacheKey.ToString(), out _))
{
_logger.InfoPii(
$"Cannot delete an access token because it was already deleted. Key {cacheKey}",
"Cannot delete an access token because it was already deleted");
}
}
private Intent GetInteractiveBrokerIntent(BrokerRequest brokerRequest, Intent brokerIntent)
{
ValidateBrokerRedirectURI(brokerRequest);
string brokerRequestJson = JsonHelper.SerializeToJson(brokerRequest);
_logger.InfoPii("GetInteractiveBrokerIntent: " + brokerRequestJson, "Enable PII to see the broker request. ");
brokerIntent.PutExtra(BrokerConstants.BrokerRequestV2, brokerRequestJson);
return(brokerIntent);
}
public Bundle CreateSilentBrokerBundle(BrokerRequest brokerRequest)
{
ValidateBrokerRedirectURI(brokerRequest);
Bundle bundle = new Bundle();
string brokerRequestJson = JsonHelper.SerializeToJson(brokerRequest);
_logger.InfoPii("[Android broker] CreateSilentBrokerBundle: " + brokerRequestJson, "Enable PII to see the silent broker request. ");
bundle.PutString(BrokerConstants.BrokerRequestV2, brokerRequestJson);
bundle.PutInt(BrokerConstants.CallerInfoUID, Binder.CallingUid);
return(bundle);
}
public void DeleteAccessToken(MsalAccessTokenCacheItem item)
{
string partitionKey = CacheKeyFactory.GetKeyFromCachedItem(item);
AccessTokenCacheDictionary.TryGetValue(partitionKey, out var partition);
if (partition == null || !partition.TryRemove(item.GetKey().ToString(), out _))
{
_logger.InfoPii(
$"Cannot delete access token because it was not found in the cache. Key {item.GetKey()}.",
"Cannot delete access token because it was not found in the cache.");
}
}
internal void LogParameters(ICoreLogger logger)
{
logger.Info("DefaultBrowserOptions configured");
logger.InfoPii("HtmlMessageSuccess " + HtmlMessageSuccess,
"HtmlMessageSuccess? " + !String.IsNullOrEmpty(HtmlMessageSuccess));
logger.InfoPii("HtmlMessageError " + HtmlMessageError,
"HtmlMessageError? " + !String.IsNullOrEmpty(HtmlMessageError));
logger.InfoPii("BrowserRedirectSuccess " + BrowserRedirectSuccess,
"BrowserRedirectSuccess? " + (BrowserRedirectSuccess != null));
logger.InfoPii("BrowserRedirectError " + BrowserRedirectError,
"BrowserRedirectError? " + (BrowserRedirectError != null));
}
private async Task <Account> ConvertToMsalAccountOrNullAsync(
string clientId,
WebAccount webAccount,
InstanceDiscoveryMetadataEntry envMetadata,
ICacheSessionManager cacheManager,
IEnumerable <IAccount> accountsFromCache)
{
webAccount.Properties.TryGetValue("TenantId", out string realm);
if (!_wamProxy.TryGetAccountProperty(webAccount, "Authority", out string accountAuthority))
{
_logger.WarningPii(
$"[WAM AAD Provider] Could not convert the WAM account {webAccount.UserName} (id: {webAccount.Id}) to an MSAL account because the Authority could not be found",
$"[WAM AAD Provider] Could not convert the WAM account {webAccount.Id} to an MSAL account because the Authority could not be found");
return(null);
}
string accountEnv = (new Uri(accountAuthority)).Host;
if (!envMetadata.Aliases.ContainsOrdinalIgnoreCase(accountEnv))
{
_logger.InfoPii(
$"[WAM AAD Provider] Account {webAccount.UserName} enviroment {accountEnv} does not match input authority env {envMetadata.PreferredNetwork} or an alias",
$"[WAM AAD Provider] Account enviroment {accountEnv} does not match input authority env {envMetadata.PreferredNetwork}");
return(null);
}
if (MatchCacheAccount(webAccount, accountsFromCache, out AccountId homeAccountId))
{
_logger.VerbosePii(
$"[WAM AAD Provider] ConvertToMsalAccountOrNullAsync account {webAccount.UserName} matched a cached account",
$"[WAM AAD Provider] Account matched a cache account");
return(new Account(
homeAccountId.Identifier,
webAccount.UserName,
envMetadata.PreferredNetwork,
new Dictionary <string, string>()
{
{ clientId, webAccount.Id }
}));
}
return(await GetIdFromWebResponseAsync(clientId, webAccount, envMetadata, cacheManager).ConfigureAwait(false));
}
internal void LogParameters(ICoreLogger logger)
{
logger.Info("WebView2Options configured");
logger.Info($"Title: {Title}");
logger.InfoPii($"BrowserExecutableFolder: {WebView2BrowserExecutableFolder}", "BrowserExecutableFolder set");
}
/// <inheritdoc />
public void LogParameters(ICoreLogger logger)
{
logger.Info("=== AcquireTokenSilent Parameters ===");
logger.Info("LoginHint provided: " + !string.IsNullOrEmpty(LoginHint));
logger.InfoPii(
"Account provided: " + ((Account != null) ? Account.ToString() : "false"),
"Account provided: " + (Account != null));
logger.Info("ForceRefresh: " + ForceRefresh);
}
private Bundle CreateInteractiveBrokerBundle(BrokerRequest brokerRequest)
{
_brokerHelper.ValidateBrokerRedirectUri(brokerRequest);
Bundle bundle = new Bundle();
string brokerRequestJson = JsonHelper.SerializeToJson(brokerRequest);
bundle.PutString(BrokerConstants.BrokerRequestV2, brokerRequestJson);
bundle.PutInt(BrokerConstants.CallerInfoUID, Binder.CallingUid);
_logger.InfoPii("[Android broker] GetInteractiveBrokerBundle: " + brokerRequestJson, "Enable PII to see the broker request. ");
return(bundle);
}
public bool TryGetOrRemoveExpired(string key, ICoreLogger logger, out MsalServiceException ex)
{
ex = null;
if (_cache.TryGetValue(key, out var entry))
{
logger.Info($"[Throttling] Entry found. Creation: {entry.CreationTime} Expiration: {entry.ExpirationTime} ");
if (entry.IsExpired)
{
logger.Info($"[Throttling] Removing entry because it is expired");
_cache.TryRemove(key, out _);
return(false);
}
logger.InfoPii($"[Throttling] Returning valid entry for key {key}", "[Throttling] Returning valid entry.");
ex = entry.Exception;
return(true);
}
return(false);
}
public void LogParameters(ICoreLogger logger)
{
// Create Pii enabled string builder
var builder = new StringBuilder(
Environment.NewLine + "=== Request Data ===" + Environment.NewLine + "Authority Provided? - " +
(Authority != null) + Environment.NewLine);
builder.AppendLine("Client Id - " + ClientId)
.AppendLine("Scopes - " + Scope?.AsSingleString())
.AppendLine("Redirect Uri - " + RedirectUri?.OriginalString)
.AppendLine("Extra Query Params Keys (space separated) - " + ExtraQueryParameters.Keys.AsSingleString());
string messageWithPii = builder.ToString();
// Create no Pii enabled string builder
builder = new StringBuilder(
Environment.NewLine + "=== Request Data ===" + Environment.NewLine + "Authority Provided? - " +
(Authority != null) + Environment.NewLine);
builder.AppendLine("Scopes - " + Scope?.AsSingleString())
.AppendLine("Extra Query Params Keys (space separated) - " + ExtraQueryParameters.Keys.AsSingleString());
logger.InfoPii(messageWithPii, builder.ToString());
}
private string ExtractTransferToken(
string clientId,
IWebTokenRequestResultWrapper transferResponse,
bool isInteractive)
{
if (!transferResponse.ResponseStatus.IsSuccessStatus())
{
try
{
_ = WamAdapters.CreateMsalResponseFromWamResponse(
transferResponse,
_msaPlugin,
clientId,
_logger,
isInteractive: isInteractive);
}
catch (MsalServiceException exception)
{
_logger.Warning(
"WAM MSA-PT: could not get a transfer token, ussually this is because the " +
"1st party app is configured for MSA-PT but not configured to login MSA users (signinaudience =2). " +
"Error was: " + exception.ErrorCode + " " + exception.Message);
}
return(null);
}
_ = _msaPlugin.ParseSuccessfullWamResponse(transferResponse.ResponseData[0], out var properties);
properties.TryGetValue("code", out string code);
// Important: cannot use this WebAccount with the AAD provider
WebAccount msaPtWebAccount = transferResponse.ResponseData[0].WebAccount;
_logger.InfoPii($"Obtained a transfer token for {msaPtWebAccount.UserName} ? {code != null}", $"Obtained a transfer token? {code != null}");
return(code);
}
public MsalTokenResponse ParseSuccesfullWamResponse(WebTokenResponse webTokenResponse)
{
if (!webTokenResponse.Properties.TryGetValue("TokenExpiresOn", out string expiresOn))
{
_logger.Warning("Result from WAM does not have expiration. Marking access token as expired.");
expiresOn = null;
}
if (!webTokenResponse.Properties.TryGetValue("ExtendedLifetimeToken", out string extendedExpiresOn))
{
extendedExpiresOn = null;
}
if (!webTokenResponse.Properties.TryGetValue("Authority", out string authority))
{
_logger.Error("Result from WAM does not have authority.");
return(new MsalTokenResponse()
{
Error = "no_authority_in_wam_response",
ErrorDescription = "No authority in WAM response"
});
}
if (!webTokenResponse.Properties.TryGetValue("correlationId", out string correlationId))
{
_logger.Warning("No correlation ID in response");
correlationId = null;
}
bool hasIdToken = webTokenResponse.Properties.TryGetValue("wamcompat_id_token", out string idToken);
_logger.Info("Result from WAM has id token? " + hasIdToken);
bool hasClientInfo = webTokenResponse.Properties.TryGetValue("wamcompat_client_info", out string clientInfo);
_logger.Info("Result from WAM has client info? " + hasClientInfo);
bool hasScopes = webTokenResponse.Properties.TryGetValue("wamcompat_scopes", out string scopes);
_logger.InfoPii("Result from WAM scopes: " + scopes,
"Result from WAM has scopes? " + hasScopes);
//foreach (var kvp in webTokenResponse.Properties)
//{
// Debug.WriteLine($"Other params {kvp.Key}: {kvp.Value}");
//}
MsalTokenResponse msalTokenResponse = new MsalTokenResponse()
{
AccessToken = webTokenResponse.Token,
IdToken = idToken,
CorrelationId = correlationId,
Scope = scopes,
ExpiresIn = CoreHelpers.GetDurationFromWindowsTimestamp(expiresOn, _logger),
ExtendedExpiresIn = CoreHelpers.GetDurationFromWindowsTimestamp(extendedExpiresOn, _logger),
ClientInfo = clientInfo,
TokenType = "Bearer",
WamAccountId = webTokenResponse.WebAccount.Id,
TokenSource = TokenSource.Broker
};
return(msalTokenResponse);
}
