public void VerifyCorrectAuthorityUsedInTokenAcquisition_B2CAuthorityTests( string authorityInstance, bool withTfp = false) { _microsoftIdentityOptionsMonitor = new TestOptionsMonitor <MicrosoftIdentityOptions>(new MicrosoftIdentityOptions { SignUpSignInPolicyId = TestConstants.B2CSignUpSignInUserFlow, Domain = TestConstants.B2CTenant, }); if (withTfp) { _applicationOptionsMonitor = new TestOptionsMonitor <ConfidentialClientApplicationOptions>(new ConfidentialClientApplicationOptions { Instance = authorityInstance + "/tfp/", ClientId = TestConstants.ConfidentialClientId, ClientSecret = TestConstants.ClientSecret, }); BuildTheRequiredServices(); } else { _applicationOptionsMonitor = new TestOptionsMonitor <ConfidentialClientApplicationOptions>(new ConfidentialClientApplicationOptions { Instance = authorityInstance, ClientId = TestConstants.ConfidentialClientId, ClientSecret = TestConstants.ClientSecret, }); BuildTheRequiredServices(); } MergedOptions mergedOptions = _provider.GetRequiredService <IOptionsMonitor <MergedOptions> >().Get(OpenIdConnectDefaults.AuthenticationScheme); MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityOptions(_microsoftIdentityOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions); MergedOptions.UpdateMergedOptionsFromConfidentialClientApplicationOptions(_applicationOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions); InitializeTokenAcquisitionObjects(); IConfidentialClientApplication app = _tokenAcquisition.GetOrBuildConfidentialClientApplication(mergedOptions); string expectedAuthority = string.Format( CultureInfo.InvariantCulture, "{0}/tfp/{1}/{2}/", authorityInstance, TestConstants.B2CTenant, TestConstants.B2CSignUpSignInUserFlow); Assert.Equal(expectedAuthority, app.Authority); }
public void ValidateRequiredMicrosoftIdentityOptions( string clientId, string instance, string tenantid, string signUpSignInPolicyId, string domain, string optionsName, MissingParam missingParam = MissingParam.None) { if (optionsName == AzureAdB2C) { _microsoftIdentityOptionsMonitor = new TestOptionsMonitor <MicrosoftIdentityOptions>(new MicrosoftIdentityOptions { SignUpSignInPolicyId = signUpSignInPolicyId, Domain = domain, ClientId = clientId, Instance = instance, TenantId = tenantid, }); } else { _microsoftIdentityOptionsMonitor = new TestOptionsMonitor <MicrosoftIdentityOptions>(new MicrosoftIdentityOptions { ClientId = clientId, Instance = instance, TenantId = tenantid, }); } BuildTheRequiredServices(); MergedOptions mergedOptions = _provider.GetRequiredService <IOptionsMonitor <MergedOptions> >().Get(OpenIdConnectDefaults.AuthenticationScheme); MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityOptions(_microsoftIdentityOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions); if (missingParam != MissingParam.None) { var exception = Assert.Throws <ArgumentNullException>(() => MergedOptionsValidation.Validate(mergedOptions)); CheckReturnValueAgainstExpectedMissingParam(missingParam, exception); } else { MergedOptionsValidation.Validate(mergedOptions); } }
private void InitializeTokenAcquisitionObjects() { MergedOptions mergedOptions = _provider.GetRequiredService <IOptionsMonitor <MergedOptions> >().Get(OpenIdConnectDefaults.AuthenticationScheme); MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityOptions(_microsoftIdentityOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions); MergedOptions.UpdateMergedOptionsFromConfidentialClientApplicationOptions(_applicationOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions); _msalTestTokenCacheProvider = new MsalTestTokenCacheProvider( _provider.GetService <IMemoryCache>(), _provider.GetService <IOptions <MsalMemoryTokenCacheOptions> >()); _tokenAcquisition = new TokenAcquisition( _msalTestTokenCacheProvider, MockHttpContextAccessor.CreateMockHttpContextAccessor(), _provider.GetService <IOptionsMonitor <MergedOptions> >(), _provider.GetService <IHttpClientFactory>(), _provider.GetService <ILogger <TokenAcquisition> >(), _provider); _tokenAcquisition.GetOptions(OpenIdConnectDefaults.AuthenticationScheme, out string effectiveAuthenticationScheme); Assert.Equal(OpenIdConnectDefaults.AuthenticationScheme, effectiveAuthenticationScheme); }
/// <summary> /// Allows a higher level abstraction of security token (i.e. System.IdentityModel.Tokens.Jwt and more modern, Microsoft.IdentityModel.JsonWebTokens) /// to be used with Microsoft Identity Web. /// Developers should continue to use `EnableTokenAcquisitionToCallDownstreamApi`. /// This API is not considered part of the public API and may change. /// </summary> /// <param name="configureConfidentialClientApplicationOptions">The action to configure <see cref="ConfidentialClientApplicationOptions"/>.</param> /// <param name="authenticationScheme">Authentication scheme.</param> /// <param name="services">The services being configured.</param> /// <param name="configuration">IConfigurationSection.</param> /// <returns>The authentication builder to chain.</returns> public static MicrosoftIdentityAppCallsWebApiAuthenticationBuilder EnableTokenAcquisition( Action <ConfidentialClientApplicationOptions> configureConfidentialClientApplicationOptions, string authenticationScheme, IServiceCollection services, IConfigurationSection?configuration) { services.AddOptions <ConfidentialClientApplicationOptions>(authenticationScheme) .Configure <IOptionsMonitor <MergedOptions> >(( ccaOptions, mergedOptionsMonitor) => { configureConfidentialClientApplicationOptions(ccaOptions); MergedOptions mergedOptions = mergedOptionsMonitor.Get(authenticationScheme); configuration?.Bind(mergedOptions); MergedOptions.UpdateMergedOptionsFromConfidentialClientApplicationOptions(ccaOptions, mergedOptions); }); services.AddTokenAcquisition(); return(new MicrosoftIdentityAppCallsWebApiAuthenticationBuilder( services, configuration)); }
public void VerifyCorrectRedirectUriAsync( string redirectUri) { _microsoftIdentityOptionsMonitor = new TestOptionsMonitor <MicrosoftIdentityOptions>(new MicrosoftIdentityOptions { Authority = TestConstants.AuthorityCommonTenant, ClientId = TestConstants.ConfidentialClientId, CallbackPath = string.Empty, }); _applicationOptionsMonitor = new TestOptionsMonitor <ConfidentialClientApplicationOptions>(new ConfidentialClientApplicationOptions { Instance = TestConstants.AadInstance, RedirectUri = redirectUri, ClientSecret = TestConstants.ClientSecret, }); BuildTheRequiredServices(); MergedOptions mergedOptions = _provider.GetRequiredService <IOptionsMonitor <MergedOptions> >().Get(OpenIdConnectDefaults.AuthenticationScheme); MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityOptions(_microsoftIdentityOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions); MergedOptions.UpdateMergedOptionsFromConfidentialClientApplicationOptions(_applicationOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions); InitializeTokenAcquisitionObjects(); IConfidentialClientApplication app = _tokenAcquisition.GetOrBuildConfidentialClientApplication(mergedOptions); if (!string.IsNullOrEmpty(redirectUri)) { Assert.Equal(redirectUri, app.AppConfig.RedirectUri); } else { Assert.Equal("https://IdentityDotNetSDKAutomation/", app.AppConfig.RedirectUri); } }