public void SaveAccount(MsalAccountCacheItem item) { ISharedPreferencesEditor editor = _accountSharedPreference.Edit(); editor.PutString(item.GetKey().ToString(), item.ToJsonString()); editor.Apply(); }
public void SaveAccount(MsalAccountCacheItem item) { ApplicationDataCompositeValue composite = new ApplicationDataCompositeValue(); SetCacheValue(composite, JsonHelper.SerializeToJson(item)); _accountContainer.Values[/*CoreCryptographyHelpers.CreateBase64UrlEncodedSha256Hash(cacheKey)*/ item.GetKey().ToString()] = composite; }
public static void AddAccountToCache(ITokenCacheAccessor accessor, string uid, string utid) { MsalAccountCacheItem accountCacheItem = new MsalAccountCacheItem (MsalTestConstants.ProductionPrefCacheEnvironment, null, MockHelpers.CreateClientInfo(uid, utid), null, null, utid, null, null); accessor.SaveAccount(accountCacheItem); }
public void TestSerializeMsalAccountCacheItem() { var item = CreateAccountItem(); string asJson = item.ToJsonString(); var item2 = MsalAccountCacheItem.FromJsonString(asJson); AssertAccountCacheItemsAreEqual(item, item2); }
public void SaveAccount(MsalAccountCacheItem item) { string itemKey = item.GetKey().ToString(); string partitionKey = CacheKeyFactory.GetKeyFromCachedItem(item); AccountCacheDictionary .GetOrAdd(partitionKey, new ConcurrentDictionary <string, MsalAccountCacheItem>())[itemKey] = item; }
private bool RtMatchesAccount(MsalRefreshTokenCacheItem rtItem, MsalAccountCacheItem account) { bool homeAccIdMatch = rtItem.HomeAccountId.Equals(account.HomeAccountId, StringComparison.OrdinalIgnoreCase); bool clientIdMatch = rtItem.IsFRT || // Cannot filter by client ID if the RT can be used by multiple clients rtItem.ClientId.Equals(ClientId, StringComparison.OrdinalIgnoreCase); return(homeAccIdMatch && clientIdMatch); }
public MsalAccountCacheItem GetAccount(MsalAccountCacheKey accountKey) { string partitionKey = CacheKeyFactory.GetKeyFromAccount(accountKey); AccountCacheDictionary.TryGetValue(partitionKey, out var partition); MsalAccountCacheItem cacheItem = null; partition?.TryGetValue(accountKey.ToString(), out cacheItem); return(cacheItem); }
public void SaveAccount(MsalAccountCacheItem item, RequestContext requestContext) { using (TelemetryManager.CreateTelemetryHelper(requestContext.TelemetryRequestId, requestContext.ClientId, new CacheEvent(CacheEvent.TokenCacheWrite) { TokenType = CacheEvent.TokenTypes.ACCOUNT })) { SaveAccount(item); } }
internal MsalUserRefreshTokenControl(PublicClientApplication publicClient, MsalRefreshTokenCacheItem rtItem) : this() { _publicClient = publicClient; _cache = publicClient.UserTokenCacheInternal; _rtItem = rtItem; _accountItem = _cache.GetAccountAsync(_rtItem, RequestContext.CreateForTest()).GetAwaiter().GetResult(); // todo: yuck upnLabel.Text = _accountItem.PreferredUsername; invalidateRefreshTokenBtn.Enabled = !_rtItem.Secret.Equals(GarbageRtValue, StringComparison.OrdinalIgnoreCase); }
internal MsalUserRefreshTokenControl(PublicClientApplication publicClient, MsalRefreshTokenCacheItem rtIitem) : this() { this.publicClient = publicClient; cache = publicClient.UserTokenCache; rtItem = rtIitem; accountItem = cache.GetAccount(rtIitem, new RequestContext(null, new MsalLogger(Guid.NewGuid(), null))); upnLabel.Text = accountItem.PreferredUsername; invalidateRefreshTokenBtn.Enabled = !rtItem.Secret.Equals(GarbageRtValue, StringComparison.OrdinalIgnoreCase); }
private void AssertAccountCacheItemsAreEqual(MsalAccountCacheItem expected, MsalAccountCacheItem actual) { AssertCacheItemBaseItemsAreEqual(expected, actual); Assert.AreEqual(expected.PreferredUsername, actual.PreferredUsername, nameof(actual.PreferredUsername)); Assert.AreEqual(expected.Name, actual.Name, nameof(actual.Name)); Assert.AreEqual(expected.GivenName, actual.GivenName, nameof(actual.GivenName)); Assert.AreEqual(expected.FamilyName, actual.FamilyName, nameof(actual.FamilyName)); Assert.AreEqual(expected.LocalAccountId, actual.LocalAccountId, nameof(actual.LocalAccountId)); Assert.AreEqual(expected.AuthorityType, actual.AuthorityType, nameof(actual.AuthorityType)); Assert.AreEqual(expected.TenantId, actual.TenantId, nameof(actual.TenantId)); }
private void MergeWamAccountIds(MsalAccountCacheItem msalAccountCacheItem) { var existingAccount = _accessor.GetAllAccounts() .SingleOrDefault( acc => string.Equals( acc.GetKey().ToString(), msalAccountCacheItem.GetKey().ToString(), StringComparison.OrdinalIgnoreCase)); var existingWamAccountIds = existingAccount?.WamAccountIds; msalAccountCacheItem.WamAccountIds.MergeDifferentEntries(existingWamAccountIds); }
public void DeleteAccount(MsalAccountCacheItem item) { string partitionKey = CacheKeyFactory.GetKeyFromCachedItem(item); AccountCacheDictionary.TryGetValue(partitionKey, out var partition); if (partition == null || !partition.TryRemove(item.GetKey().ToString(), out _)) { _logger.InfoPii( $"Cannot delete account because it was not found in the cache. Key {item.GetKey()}.", "Cannot delete account because it was not found in the cache"); } }
public void SaveAccount(MsalAccountCacheItem item) { var key = item.GetKey(); var account = key.GetiOSAccountKey(); var service = key.GetiOSServiceKey(); var generic = key.GetiOSGenericKey(); var type = AuthorityTypeToAttrType[item.AuthorityType]; var value = JsonHelper.SerializeToJson(item); Save(account, service, generic, type, value); }
private void AssertAccountCacheItemsAreEqual(MsalAccountCacheItem expected, MsalAccountCacheItem actual) { AssertCacheItemBaseItemsAreEqual(expected, actual); Assert.AreEqual(expected.PreferredUsername, actual.PreferredUsername, nameof(actual.PreferredUsername)); Assert.AreEqual(expected.Name, actual.Name, nameof(actual.Name)); Assert.AreEqual(expected.GivenName, actual.GivenName, nameof(actual.GivenName)); Assert.AreEqual(expected.FamilyName, actual.FamilyName, nameof(actual.FamilyName)); Assert.AreEqual(expected.LocalAccountId, actual.LocalAccountId, nameof(actual.LocalAccountId)); Assert.AreEqual(expected.AuthorityType, actual.AuthorityType, nameof(actual.AuthorityType)); Assert.AreEqual(expected.TenantId, actual.TenantId, nameof(actual.TenantId)); CoreAssert.AssertDictionariesAreEqual(expected.WamAccountIds, actual.WamAccountIds, StringComparer.Ordinal); }
internal static (MsalAccessTokenCacheItem AT, MsalRefreshTokenCacheItem RT, MsalIdTokenCacheItem ID, MsalAccountCacheItem Account) PopulateCacheWithOneAccessToken(ITokenCacheAccessor accessor, bool randomizeClientInfo = false) { string uid = randomizeClientInfo ? Guid.NewGuid().ToString() : TestConstants.Uid; string utid = randomizeClientInfo ? Guid.NewGuid().ToString() : TestConstants.Utid; string clientInfo = MockHelpers.CreateClientInfo(uid, utid); string homeAccountId = ClientInfo.CreateFromJson(clientInfo).ToAccountIdentifier(); MsalAccessTokenCacheItem atItem = new MsalAccessTokenCacheItem( TestConstants.ProductionPrefCacheEnvironment, TestConstants.ClientId, TestConstants.s_scope.AsSingleString(), TestConstants.Utid, "", DateTimeOffset.UtcNow, new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExtendedExpiresIn)), clientInfo, homeAccountId); // add access token accessor.SaveAccessToken(atItem); MsalIdTokenCacheItem idTokenCacheItem = new MsalIdTokenCacheItem( TestConstants.ProductionPrefCacheEnvironment, TestConstants.ClientId, MockHelpers.CreateIdToken(TestConstants.UniqueId + "more", TestConstants.DisplayableId), clientInfo, homeAccountId, TestConstants.Utid); accessor.SaveIdToken(idTokenCacheItem); MsalAccountCacheItem accountCacheItem = new MsalAccountCacheItem( TestConstants.ProductionPrefNetworkEnvironment, null, clientInfo, homeAccountId, null, null, TestConstants.Utid, null, null, null); accessor.SaveAccount(accountCacheItem); var rt = AddRefreshTokenToCache(accessor, uid, utid); return(atItem, rt, idTokenCacheItem, accountCacheItem); }
internal AccountCacheItemDetails(MsalAccountCacheItem msalAccountCacheItem) { InitializeComponent(); authorityTypeLabel.Text = msalAccountCacheItem.AuthorityType; environmentLabel.Text = msalAccountCacheItem.Environment; userIdentifierLabel.Text = msalAccountCacheItem.HomeAccountId; preferredUsernameLabel.Text = msalAccountCacheItem.PreferredUsername; localAccountIdLabel.Text = msalAccountCacheItem.LocalAccountId; rawClientInfoLabel.Text = msalAccountCacheItem.RawClientInfo; clientInfoUniqueIdentifierLabel.Text = msalAccountCacheItem.ClientInfo.UniqueObjectIdentifier; clientInfoUniqueTenantIdentifierLabel.Text = msalAccountCacheItem.ClientInfo.UniqueTenantIdentifier; }
internal static void PopulateCache(ITokenCacheAccessor accessor) { MsalAccessTokenCacheItem atItem = new MsalAccessTokenCacheItem( CoreTestConstants.ProductionPrefCacheEnvironment, CoreTestConstants.ClientId, "Bearer", CoreTestConstants.Scope.AsSingleString(), CoreTestConstants.Utid, "", new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExtendedExpiresIn)), MockHelpers.CreateClientInfo()); // add access token accessor.SaveAccessToken(atItem); MsalIdTokenCacheItem idTokenCacheItem = new MsalIdTokenCacheItem( CoreTestConstants.ProductionPrefCacheEnvironment, CoreTestConstants.ClientId, MockHelpers.CreateIdToken(CoreTestConstants.UniqueId + "more", CoreTestConstants.DisplayableId), MockHelpers.CreateClientInfo(), CoreTestConstants.Utid); accessor.SaveIdToken(idTokenCacheItem); MsalAccountCacheItem accountCacheItem = new MsalAccountCacheItem (CoreTestConstants.ProductionPrefNetworkEnvironment, null, MockHelpers.CreateClientInfo(), null, null, CoreTestConstants.Utid, null, null); accessor.SaveAccount(accountCacheItem); atItem = new MsalAccessTokenCacheItem( CoreTestConstants.ProductionPrefCacheEnvironment, CoreTestConstants.ClientId, "Bearer", CoreTestConstants.ScopeForAnotherResource.AsSingleString(), CoreTestConstants.Utid, "", new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExtendedExpiresIn)), MockHelpers.CreateClientInfo()); // add another access token accessor.SaveAccessToken(atItem); AddRefreshTokenToCache(accessor, CoreTestConstants.Uid, CoreTestConstants.Utid, CoreTestConstants.Name); }
internal void PopulateCacheWithOneAccessToken(ITokenCacheAccessor accessor) { string clientInfo = MockHelpers.CreateClientInfo(); string homeAccountId = ClientInfo.CreateFromJson(clientInfo).ToAccountIdentifier(); MsalAccessTokenCacheItem atItem = new MsalAccessTokenCacheItem( TestConstants.ProductionPrefCacheEnvironment, TestConstants.ClientId, TestConstants.s_scope.AsSingleString(), TestConstants.Utid, "", new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExtendedExpiresIn)), clientInfo, homeAccountId); // add access token accessor.SaveAccessToken(atItem); MsalIdTokenCacheItem idTokenCacheItem = new MsalIdTokenCacheItem( TestConstants.ProductionPrefCacheEnvironment, TestConstants.ClientId, MockHelpers.CreateIdToken(TestConstants.UniqueId + "more", TestConstants.DisplayableId), clientInfo, homeAccountId, TestConstants.Utid); accessor.SaveIdToken(idTokenCacheItem); MsalAccountCacheItem accountCacheItem = new MsalAccountCacheItem( TestConstants.ProductionPrefNetworkEnvironment, null, clientInfo, homeAccountId, null, null, TestConstants.Utid, null, null, null); accessor.SaveAccount(accountCacheItem); AddRefreshTokenToCache(accessor, TestConstants.Uid, TestConstants.Utid); }
public void TestSerializeAccountWithWamId() { MsalAccountCacheItem item = CreateAccountItem(); item.WamAccountIds = new Dictionary <string, string>() { { "client_id_1", "wam_id_1" }, { "client_id_2", "wam_id_2" } }; string asJson = item.ToJsonString(); Assert.IsTrue(asJson.Contains(@" ""wam_account_ids"": { ""client_id_1"": ""wam_id_1"", ""client_id_2"": ""wam_id_2"" }")); var item2 = MsalAccountCacheItem.FromJsonString(asJson); AssertAccountCacheItemsAreEqual(item, item2); }
internal MsalUserRefreshTokenControl(PublicClientApplication publicClient, MsalRefreshTokenCacheItem rtItem) : this() { _publicClient = publicClient; _cache = publicClient.UserTokenCacheInternal; _rtItem = rtItem; foreach (var acc in _cache.Accessor.GetAllAccounts()) { if (_rtItem.HomeAccountId.Equals(acc.HomeAccountId, StringComparison.OrdinalIgnoreCase) && _rtItem.Environment.Equals(acc.Environment, StringComparison.OrdinalIgnoreCase)) { _accountItem = acc; } } upnLabel.Text = _accountItem?.PreferredUsername; invalidateRefreshTokenBtn.Enabled = !_rtItem.Secret.Equals(GarbageRtValue, StringComparison.OrdinalIgnoreCase); }
private void RefreshCacheView() { var tokenCache = App.MsalPublicClient.UserTokenCache; var requestContext = new RequestContext(null, new MsalLogger(Guid.NewGuid(), null)); IDictionary <string, MsalAccessTokenCacheItem> accessTokens = new Dictionary <string, MsalAccessTokenCacheItem>(); foreach (var accessItemStr in tokenCache.GetAllAccessTokenCacheItems(requestContext)) { MsalAccessTokenCacheItem accessItem = JsonHelper.DeserializeFromJson <MsalAccessTokenCacheItem>(accessItemStr); accessTokens.Add(accessItem.GetKey().ToString(), accessItem); } accessTokenCacheItems.ItemsSource = accessTokens; IDictionary <string, MsalRefreshTokenCacheItem> refreshTokens = new Dictionary <string, MsalRefreshTokenCacheItem>(); foreach (var refreshItemStr in tokenCache.GetAllRefreshTokenCacheItems(requestContext)) { MsalRefreshTokenCacheItem refreshItem = JsonHelper.DeserializeFromJson <MsalRefreshTokenCacheItem>(refreshItemStr); refreshTokens.Add(refreshItem.GetKey().ToString(), refreshItem); } refreshTokenCacheItems.ItemsSource = refreshTokens; IDictionary <string, MsalIdTokenCacheItem> idTokens = new Dictionary <string, MsalIdTokenCacheItem>(); foreach (var idItemStr in tokenCache.GetAllIdTokenCacheItems(requestContext)) { MsalIdTokenCacheItem idItem = JsonHelper.DeserializeFromJson <MsalIdTokenCacheItem>(idItemStr); idTokens.Add(idItem.GetKey().ToString(), idItem); } idTokenCacheItems.ItemsSource = idTokens; IDictionary <string, MsalAccountCacheItem> accounts = new Dictionary <string, MsalAccountCacheItem>(); foreach (var accountStr in tokenCache.GetAllAccountCacheItems(requestContext)) { MsalAccountCacheItem accountItem = JsonHelper.DeserializeFromJson <MsalAccountCacheItem>(accountStr); accounts.Add(accountItem.GetKey().ToString(), accountItem); } accountsCacheItems.ItemsSource = accounts; }
public void TestSerializeMsalAccountCacheItemWithAdditionalFields() { var item = CreateAccountItem(); // Add an unknown field into the json var asJObject = item.ToJObject(); asJObject["unsupported_field_name"] = "this is a value"; // Ensure unknown field remains in the AdditionalFieldsJson block var item2 = MsalAccountCacheItem.FromJObject(asJObject); Assert.AreEqual("{\r\n \"unsupported_field_name\": \"this is a value\"\r\n}", item2.AdditionalFieldsJson); // Ensure additional fields make the round trip into json asJObject = item2.ToJObject(); AssertAccountHasJObjectFields( asJObject, new List <string> { "unsupported_field_name" }); }
public void TestMsalNet2XCacheSerializationInterop() { var accessor = new InMemoryTokenCacheAccessor(Substitute.For <ICoreLogger>()); var s = new TokenCacheDictionarySerializer(accessor); string binFilePath = ResourceHelper.GetTestResourceRelativePath("cachecompat_dotnet_dictionary.bin"); byte[] bytes = File.ReadAllBytes(binFilePath); s.Deserialize(bytes, false); Assert.AreEqual(1, accessor.GetAllAccessTokens().Count()); Assert.AreEqual(1, accessor.GetAllRefreshTokens().Count()); Assert.AreEqual(1, accessor.GetAllIdTokens().Count()); Assert.AreEqual(1, accessor.GetAllAccounts().Count()); Assert.AreEqual(0, accessor.GetAllAppMetadata().Count()); var expectedAccessTokenItem = new MsalAccessTokenCacheItem("User.Read User.ReadBasic.All profile openid email") { AdditionalFieldsJson = "{\r\n \"access_token_type\": \"Bearer\"\r\n}", Environment = "login.windows.net", HomeAccountId = "13dd2c19-84cd-416a-ae7d-49573e425619.26039cce-489d-4002-8293-5b0c5134eacb", RawClientInfo = string.Empty, ClientId = "b945c513-3946-4ecd-b179-6499803a2167", TenantId = "26039cce-489d-4002-8293-5b0c5134eacb", CachedAt = "1548803419", ExpiresOnUnixTimestamp = "1548846619", ExtendedExpiresOnUnixTimestamp = "1548846619", UserAssertionHash = string.Empty, TokenType = StorageJsonValues.TokenTypeBearer }; AssertAccessTokenCacheItemsAreEqual(expectedAccessTokenItem, accessor.GetAllAccessTokens().First()); var expectedRefreshTokenItem = new MsalRefreshTokenCacheItem { Environment = "login.windows.net", HomeAccountId = "13dd2c19-84cd-416a-ae7d-49573e425619.26039cce-489d-4002-8293-5b0c5134eacb", RawClientInfo = string.Empty, ClientId = "b945c513-3946-4ecd-b179-6499803a2167" }; AssertRefreshTokenCacheItemsAreEqual(expectedRefreshTokenItem, accessor.GetAllRefreshTokens().First()); var expectedIdTokenItem = new MsalIdTokenCacheItem { Environment = "login.windows.net", HomeAccountId = "13dd2c19-84cd-416a-ae7d-49573e425619.26039cce-489d-4002-8293-5b0c5134eacb", RawClientInfo = string.Empty, ClientId = "b945c513-3946-4ecd-b179-6499803a2167", TenantId = "26039cce-489d-4002-8293-5b0c5134eacb" }; AssertIdTokenCacheItemsAreEqual(expectedIdTokenItem, accessor.GetAllIdTokens().First()); var expectedAccountItem = new MsalAccountCacheItem { Environment = "login.windows.net", HomeAccountId = "13dd2c19-84cd-416a-ae7d-49573e425619.26039cce-489d-4002-8293-5b0c5134eacb", RawClientInfo = "eyJ1aWQiOiIxM2RkMmMxOS04NGNkLTQxNmEtYWU3ZC00OTU3M2U0MjU2MTkiLCJ1dGlkIjoiMjYwMzljY2UtNDg5ZC00MDAyLTgyOTMtNWIwYzUxMzRlYWNiIn0", PreferredUsername = "******", Name = "Abhi Test", GivenName = string.Empty, FamilyName = string.Empty, LocalAccountId = "13dd2c19-84cd-416a-ae7d-49573e425619", TenantId = "26039cce-489d-4002-8293-5b0c5134eacb" }; AssertAccountCacheItemsAreEqual(expectedAccountItem, accessor.GetAllAccounts().First()); }
public void TestMsalAccountCacheItemFromJsonStringEmpty() { var item = MsalAccountCacheItem.FromJsonString(null); Assert.IsNull(item); }
internal void PopulateCache( ITokenCacheAccessor accessor, string uid = MsalTestConstants.Uid, string utid = MsalTestConstants.Utid, string clientId = MsalTestConstants.ClientId) { MsalAccessTokenCacheItem atItem = new MsalAccessTokenCacheItem( MsalTestConstants.ProductionPrefCacheEnvironment, clientId, MsalTestConstants.Scope.AsSingleString(), utid, "", new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExtendedExpiresIn)), MockHelpers.CreateClientInfo(uid, utid)); // add access token accessor.SaveAccessToken(atItem); var idTokenCacheItem = new MsalIdTokenCacheItem( MsalTestConstants.ProductionPrefCacheEnvironment, clientId, MockHelpers.CreateIdToken(MsalTestConstants.UniqueId + "more", MsalTestConstants.DisplayableId), MockHelpers.CreateClientInfo(uid, utid), utid); accessor.SaveIdToken(idTokenCacheItem); var accountCacheItem = new MsalAccountCacheItem( MsalTestConstants.ProductionPrefCacheEnvironment, null, MockHelpers.CreateClientInfo(uid, utid), null, MsalTestConstants.DisplayableId, utid, null, null); accessor.SaveAccount(accountCacheItem); atItem = new MsalAccessTokenCacheItem( MsalTestConstants.ProductionPrefCacheEnvironment, clientId, MsalTestConstants.ScopeForAnotherResource.AsSingleString(), utid, "", new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExtendedExpiresIn)), MockHelpers.CreateClientInfo(uid, utid)); // add another access token accessor.SaveAccessToken(atItem); AddRefreshTokenToCache(accessor, uid, utid, clientId); var appMetadataItem = new MsalAppMetadataCacheItem( clientId, MsalTestConstants.ProductionPrefCacheEnvironment, null); accessor.SaveAppMetadata(appMetadataItem); }
async Task <Tuple <MsalAccessTokenCacheItem, MsalIdTokenCacheItem, Account> > ITokenCacheInternal.SaveTokenResponseAsync( AuthenticationRequestParameters requestParams, MsalTokenResponse response) { response.Log(requestParams.RequestContext.Logger, LogLevel.Verbose); MsalAccessTokenCacheItem msalAccessTokenCacheItem = null; MsalRefreshTokenCacheItem msalRefreshTokenCacheItem = null; MsalIdTokenCacheItem msalIdTokenCacheItem = null; MsalAccountCacheItem msalAccountCacheItem = null; IdToken idToken = IdToken.Parse(response.IdToken); if (idToken == null) { requestParams.RequestContext.Logger.Info("ID Token not present in response. "); } var tenantId = GetTenantId(idToken, requestParams); bool isAdfsAuthority = requestParams.AuthorityInfo.AuthorityType == AuthorityType.Adfs; string preferredUsername = GetPreferredUsernameFromIdToken(isAdfsAuthority, idToken); string username = isAdfsAuthority ? idToken?.Upn : preferredUsername; string homeAccountId = GetHomeAccountId(requestParams, response, idToken); string suggestedWebCacheKey = SuggestedWebCacheKeyFactory.GetKeyFromResponse(requestParams, homeAccountId); // Do a full instance discovery when saving tokens (if not cached), // so that the PreferredNetwork environment is up to date. var instanceDiscoveryMetadata = await ServiceBundle.InstanceDiscoveryManager .GetMetadataEntryAsync( requestParams.Authority.AuthorityInfo, requestParams.RequestContext) .ConfigureAwait(false); #region Create Cache Objects if (!string.IsNullOrEmpty(response.AccessToken)) { msalAccessTokenCacheItem = new MsalAccessTokenCacheItem( instanceDiscoveryMetadata.PreferredCache, requestParams.AppConfig.ClientId, response, tenantId, homeAccountId, requestParams.AuthenticationScheme.KeyId) { UserAssertionHash = requestParams.UserAssertion?.AssertionHash, IsAdfs = isAdfsAuthority }; } if (!string.IsNullOrEmpty(response.RefreshToken)) { msalRefreshTokenCacheItem = new MsalRefreshTokenCacheItem( instanceDiscoveryMetadata.PreferredCache, requestParams.AppConfig.ClientId, response, homeAccountId); if (!_featureFlags.IsFociEnabled) { msalRefreshTokenCacheItem.FamilyId = null; } } Dictionary <string, string> wamAccountIds = GetWamAccountIds(requestParams, response); Account account; if (idToken != null) { msalIdTokenCacheItem = new MsalIdTokenCacheItem( instanceDiscoveryMetadata.PreferredCache, requestParams.AppConfig.ClientId, response, tenantId, homeAccountId) { IsAdfs = isAdfsAuthority }; msalAccountCacheItem = new MsalAccountCacheItem( instanceDiscoveryMetadata.PreferredCache, response.ClientInfo, homeAccountId, idToken, preferredUsername, tenantId, wamAccountIds); } #endregion account = new Account( homeAccountId, username, instanceDiscoveryMetadata.PreferredNetwork, wamAccountIds); requestParams.RequestContext.Logger.Verbose("[SaveTokenResponseAsync] Entering token cache semaphore. "); await _semaphoreSlim.WaitAsync().ConfigureAwait(false); requestParams.RequestContext.Logger.Verbose("[SaveTokenResponseAsync] Entered token cache semaphore. "); try { #pragma warning disable CS0618 // Type or member is obsolete HasStateChanged = true; #pragma warning restore CS0618 // Type or member is obsolete try { ITokenCacheInternal tokenCacheInternal = this; if (tokenCacheInternal.IsTokenCacheSerialized()) { var args = new TokenCacheNotificationArgs( this, ClientId, account, hasStateChanged: true, tokenCacheInternal.IsApplicationCache, hasTokens: tokenCacheInternal.HasTokensNoLocks(), requestParams.RequestContext.UserCancellationToken, suggestedCacheKey: suggestedWebCacheKey); Stopwatch sw = Stopwatch.StartNew(); await tokenCacheInternal.OnBeforeAccessAsync(args).ConfigureAwait(false); await tokenCacheInternal.OnBeforeWriteAsync(args).ConfigureAwait(false); requestParams.RequestContext.ApiEvent.DurationInCacheInMs += sw.ElapsedMilliseconds; } if (msalAccessTokenCacheItem != null) { requestParams.RequestContext.Logger.Info("Saving AT in cache and removing overlapping ATs..."); DeleteAccessTokensWithIntersectingScopes( requestParams, instanceDiscoveryMetadata.Aliases, tenantId, msalAccessTokenCacheItem.ScopeSet, msalAccessTokenCacheItem.HomeAccountId, msalAccessTokenCacheItem.TokenType); _accessor.SaveAccessToken(msalAccessTokenCacheItem); } if (idToken != null) { requestParams.RequestContext.Logger.Info("Saving Id Token and Account in cache ..."); _accessor.SaveIdToken(msalIdTokenCacheItem); MergeWamAccountIds(msalAccountCacheItem); _accessor.SaveAccount(msalAccountCacheItem); } // if server returns the refresh token back, save it in the cache. if (msalRefreshTokenCacheItem != null) { requestParams.RequestContext.Logger.Info("Saving RT in cache..."); _accessor.SaveRefreshToken(msalRefreshTokenCacheItem); } UpdateAppMetadata(requestParams.AppConfig.ClientId, instanceDiscoveryMetadata.PreferredCache, response.FamilyId); // Do not save RT in ADAL cache for client credentials flow or B2C if (ServiceBundle.Config.LegacyCacheCompatibilityEnabled && !requestParams.IsClientCredentialRequest && requestParams.AuthorityInfo.AuthorityType != AuthorityType.B2C) { var tenatedAuthority = Authority.CreateAuthorityWithTenant(requestParams.AuthorityInfo, tenantId); var authorityWithPreferredCache = Authority.CreateAuthorityWithEnvironment( tenatedAuthority.AuthorityInfo, instanceDiscoveryMetadata.PreferredCache); CacheFallbackOperations.WriteAdalRefreshToken( Logger, LegacyCachePersistence, msalRefreshTokenCacheItem, msalIdTokenCacheItem, authorityWithPreferredCache.AuthorityInfo.CanonicalAuthority, msalIdTokenCacheItem.IdToken.ObjectId, response.Scope); } } finally { ITokenCacheInternal tokenCacheInternal = this; if (tokenCacheInternal.IsTokenCacheSerialized()) { var args = new TokenCacheNotificationArgs( this, ClientId, account, hasStateChanged: true, tokenCacheInternal.IsApplicationCache, tokenCacheInternal.HasTokensNoLocks(), requestParams.RequestContext.UserCancellationToken, suggestedCacheKey: suggestedWebCacheKey); Stopwatch sw = Stopwatch.StartNew(); await tokenCacheInternal.OnAfterAccessAsync(args).ConfigureAwait(false); requestParams.RequestContext.ApiEvent.DurationInCacheInMs += sw.ElapsedMilliseconds; } #pragma warning disable CS0618 // Type or member is obsolete HasStateChanged = false; #pragma warning restore CS0618 // Type or member is obsolete } return(Tuple.Create(msalAccessTokenCacheItem, msalIdTokenCacheItem, account)); } finally { _semaphoreSlim.Release(); requestParams.RequestContext.Logger.Verbose("[SaveTokenResponseAsync] Released token cache semaphore. "); } }
public MsalAccountCacheItem GetAccount(MsalAccountCacheKey accountKey) { return(MsalAccountCacheItem.FromJsonString(_accountSharedPreference.GetString(accountKey.ToString(), null))); }
async Task <Tuple <MsalAccessTokenCacheItem, MsalIdTokenCacheItem> > ITokenCacheInternal.SaveTokenResponseAsync( AuthenticationRequestParameters requestParams, MsalTokenResponse response) { var tenantId = Authority .CreateAuthority(requestParams.TenantUpdatedCanonicalAuthority.AuthorityInfo.CanonicalAuthority) .GetTenantId(); bool isAdfsAuthority = requestParams.AuthorityInfo.AuthorityType == AuthorityType.Adfs; IdToken idToken = IdToken.Parse(response.IdToken); string subject = idToken?.Subject; if (idToken != null && string.IsNullOrEmpty(subject)) { requestParams.RequestContext.Logger.Warning("Subject not present in Id token"); } string preferredUsername = GetPreferredUsernameFromIdToken(isAdfsAuthority, idToken); // Do a full instance discovery when saving tokens (if not cached), // so that the PreferredNetwork environment is up to date. var instanceDiscoveryMetadata = await ServiceBundle.InstanceDiscoveryManager .GetMetadataEntryAsync( requestParams.TenantUpdatedCanonicalAuthority.AuthorityInfo.CanonicalAuthority, requestParams.RequestContext) .ConfigureAwait(false); var msalAccessTokenCacheItem = new MsalAccessTokenCacheItem( instanceDiscoveryMetadata.PreferredCache, requestParams.ClientId, response, tenantId, subject, requestParams.AuthenticationScheme.KeyId) { UserAssertionHash = requestParams.UserAssertion?.AssertionHash, IsAdfs = isAdfsAuthority }; MsalRefreshTokenCacheItem msalRefreshTokenCacheItem = null; MsalIdTokenCacheItem msalIdTokenCacheItem = null; if (idToken != null) { msalIdTokenCacheItem = new MsalIdTokenCacheItem( instanceDiscoveryMetadata.PreferredCache, requestParams.ClientId, response, tenantId, subject) { IsAdfs = isAdfsAuthority }; } await _semaphoreSlim.WaitAsync().ConfigureAwait(false); try { try { Account account = null; string username = isAdfsAuthority ? idToken?.Upn : preferredUsername; if (msalAccessTokenCacheItem.HomeAccountId != null) { account = new Account( msalAccessTokenCacheItem.HomeAccountId, username, instanceDiscoveryMetadata.PreferredCache); } var args = new TokenCacheNotificationArgs(this, ClientId, account, true, (this as ITokenCacheInternal).IsApplicationCache); #pragma warning disable CS0618 // Type or member is obsolete HasStateChanged = true; #pragma warning restore CS0618 // Type or member is obsolete await(this as ITokenCacheInternal).OnBeforeAccessAsync(args).ConfigureAwait(false); try { await(this as ITokenCacheInternal).OnBeforeWriteAsync(args).ConfigureAwait(false); DeleteAccessTokensWithIntersectingScopes( requestParams, instanceDiscoveryMetadata.Aliases, tenantId, msalAccessTokenCacheItem.ScopeSet, msalAccessTokenCacheItem.HomeAccountId, msalAccessTokenCacheItem.TokenType); _accessor.SaveAccessToken(msalAccessTokenCacheItem); if (idToken != null) { _accessor.SaveIdToken(msalIdTokenCacheItem); var msalAccountCacheItem = new MsalAccountCacheItem( instanceDiscoveryMetadata.PreferredCache, response, preferredUsername, tenantId); //The ADFS direct scenario does not return client info so the home account id is acquired from the subject if (isAdfsAuthority && String.IsNullOrEmpty(msalAccountCacheItem.HomeAccountId)) { msalAccountCacheItem.HomeAccountId = idToken.Subject; } _accessor.SaveAccount(msalAccountCacheItem); } // if server returns the refresh token back, save it in the cache. if (response.RefreshToken != null) { msalRefreshTokenCacheItem = new MsalRefreshTokenCacheItem( instanceDiscoveryMetadata.PreferredCache, requestParams.ClientId, response, subject); if (!_featureFlags.IsFociEnabled) { msalRefreshTokenCacheItem.FamilyId = null; } requestParams.RequestContext.Logger.Info("Saving RT in cache..."); _accessor.SaveRefreshToken(msalRefreshTokenCacheItem); } UpdateAppMetadata(requestParams.ClientId, instanceDiscoveryMetadata.PreferredCache, response.FamilyId); // save RT in ADAL cache for public clients // do not save RT in ADAL cache for MSAL B2C scenarios if (!requestParams.IsClientCredentialRequest && !requestParams.AuthorityInfo.AuthorityType.Equals(AuthorityType.B2C)) { var authorityWithPrefferedCache = Authority.CreateAuthorityWithEnvironment( requestParams.TenantUpdatedCanonicalAuthority.AuthorityInfo, instanceDiscoveryMetadata.PreferredCache); CacheFallbackOperations.WriteAdalRefreshToken( Logger, LegacyCachePersistence, msalRefreshTokenCacheItem, msalIdTokenCacheItem, authorityWithPrefferedCache.AuthorityInfo.CanonicalAuthority, msalIdTokenCacheItem.IdToken.ObjectId, response.Scope); } } finally { await(this as ITokenCacheInternal).OnAfterAccessAsync(args).ConfigureAwait(false); } return(Tuple.Create(msalAccessTokenCacheItem, msalIdTokenCacheItem)); } finally { #pragma warning disable CS0618 // Type or member is obsolete HasStateChanged = false; #pragma warning restore CS0618 // Type or member is obsolete } } finally { _semaphoreSlim.Release(); } }
internal void PopulateCache( ITokenCacheAccessor accessor, string uid = TestConstants.Uid, string utid = TestConstants.Utid, string clientId = TestConstants.ClientId, string environment = TestConstants.ProductionPrefCacheEnvironment, string displayableId = TestConstants.DisplayableId, string rtSecret = TestConstants.RTSecret, string overridenScopes = null, bool expiredAccessTokens = false, bool addSecondAt = true) { string clientInfo = MockHelpers.CreateClientInfo(uid, utid); string homeAccId = ClientInfo.CreateFromJson(clientInfo).ToAccountIdentifier(); var accessTokenExpiresOn = expiredAccessTokens ? new DateTimeOffset(DateTime.UtcNow) : new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)); var extendedAccessTokenExpiresOn = expiredAccessTokens ? new DateTimeOffset(DateTime.UtcNow) : new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExtendedExpiresIn)); MsalAccessTokenCacheItem atItem = new MsalAccessTokenCacheItem( environment, clientId, overridenScopes ?? TestConstants.s_scope.AsSingleString(), utid, "", accessTokenExpiresOn, extendedAccessTokenExpiresOn, clientInfo, homeAccId); // add access token accessor.SaveAccessToken(atItem); var idTokenCacheItem = new MsalIdTokenCacheItem( environment, clientId, MockHelpers.CreateIdToken(TestConstants.UniqueId + "more", displayableId), clientInfo, homeAccId, tenantId: utid); accessor.SaveIdToken(idTokenCacheItem); // add another access token if (addSecondAt) { atItem = new MsalAccessTokenCacheItem( environment, clientId, TestConstants.s_scopeForAnotherResource.AsSingleString(), utid, "", accessTokenExpiresOn, extendedAccessTokenExpiresOn, clientInfo, homeAccId); accessor.SaveAccessToken(atItem); } var accountCacheItem = new MsalAccountCacheItem( environment, null, clientInfo, homeAccId, null, displayableId, utid, null, null); accessor.SaveAccount(accountCacheItem); AddRefreshTokenToCache(accessor, uid, utid, clientId, environment, rtSecret); var appMetadataItem = new MsalAppMetadataCacheItem( clientId, environment, null); accessor.SaveAppMetadata(appMetadataItem); }