public void ExpiredTokenRefreshFlowTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); HandlerData data = new HandlerData() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = new[] { "some-scope1", "some-scope2" }, TokenCache = cache }; HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage() }; AcquireTokenSilentHandler handler = new AcquireTokenSilentHandler(data, (string)null, new PlatformParameters(), false); Task <AuthenticationResult> task = handler.RunAsync(); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual("some-access-token", result.Token); Assert.AreEqual("some-scope1 some-scope2", result.Scope.AsSingleString()); }
public void CacheWithMultipleUsersAndRestrictToSingleUserTrueTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); try { AuthenticationRequestParameters parameters = new AuthenticationRequestParameters() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = true, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; InteractiveRequest request = new InteractiveRequest(parameters, TestConstants.ScopeForAnotherResource.ToArray(), new Uri("some://uri"), new PlatformParameters(), new User { UniqueId = TestConstants.DefaultUniqueId }, UiOptions.ForceLogin, "extra=qp", new MockWebUI()); Assert.Fail("ArgumentException should be thrown here"); } catch (ArgumentException ae) { Assert.AreEqual( "Cache cannot have entries for more than 1 unique id when RestrictToSingleUser is set to TRUE.", ae.Message); } }
public void AcquireTokenSilentServiceErrorTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId); app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems(); MockHttpMessageHandler mockHandler = new MockHttpMessageHandler(); mockHandler.Method = HttpMethod.Post; mockHandler.ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage(); HttpMessageHandlerFactory.MockHandler = mockHandler; try { Task <AuthenticationResult> task = app.AcquireTokenSilentAsync(TestConstants.ScopeForAnotherResource.ToArray(), TestConstants.DefaultUniqueId); AuthenticationResult result = task.Result; Assert.Fail("AdalSilentTokenAcquisitionException was expected"); } catch (AggregateException ex) { Assert.IsNotNull(ex.InnerException); Assert.IsTrue(ex.InnerException is MsalSilentTokenAcquisitionException); var msalExc = (MsalSilentTokenAcquisitionException)ex.InnerException; Assert.AreEqual(MsalError.FailedToAcquireTokenSilently, msalExc.ErrorCode); Assert.IsNotNull(msalExc.InnerException, "MsalSilentTokenAcquisitionException inner exception is null"); Assert.AreEqual(((MsalException)msalExc.InnerException).ErrorCode, "invalid_grant"); } }
public void OBOUserAssertionHashUsernamePassedTest() { TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); string someAssertion = "some-assertion-passed-by-developer"; TokenCacheKey key = cache.tokenCacheDictionary.Keys.First(); //update cache entry with hash of an assertion that will not match cache.tokenCacheDictionary[key].UserAssertionHash = new CryptographyHelper().CreateSha256Hash(someAssertion); ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.DefaultClientId, TestConstants.DefaultRedirectUri, new ClientCredential(TestConstants.DefaultClientSecret), new TokenCache()); app.UserTokenCache = cache; //this is a fail safe. No call should go on network HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateInvalidGrantTokenResponseMessage() }; UserAssertion assertion = new UserAssertion(someAssertion, AssertionType, key.DisplayableId); Task <AuthenticationResult> task = app.AcquireTokenOnBehalfOfAsync(key.Scope.AsArray(), assertion, key.Authority, TestConstants.DefaultPolicy); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(key.UniqueId, result.User.UniqueId); Assert.AreEqual(key.DisplayableId, result.User.DisplayableId); Assert.AreEqual(HashAccessToken, cache.tokenCacheDictionary[key].UserAssertionHash); }
public void GetUsersAndSignThemOutTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId); app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems(); foreach (var user in app.Users) { user.SignOut(); } Assert.AreEqual(0, app.UserTokenCache.Count); }
public void GetUsersTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId); IEnumerable <User> users = app.Users; Assert.IsNotNull(users); Assert.IsFalse(users.Any()); app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems(); users = app.Users; Assert.IsNotNull(users); Assert.AreEqual(1, users.Count()); foreach (var user in users) { Assert.AreEqual(TestConstants.DefaultClientId, user.ClientId); Assert.IsNotNull(user.TokenCache); } // another cache entry for different home object id. user count should be 2. TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId + "more", TestConstants.DefaultPolicy); AuthenticationResultEx ex = new AuthenticationResultEx(); ex.Result = new AuthenticationResult("Bearer", key.ToString(), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3600))); ex.Result.User = new User { DisplayableId = TestConstants.DefaultDisplayableId, UniqueId = TestConstants.DefaultUniqueId, HomeObjectId = TestConstants.DefaultHomeObjectId }; ex.Result.ScopeSet = TestConstants.DefaultScope; ex.Result.FamilyId = "1"; ex.RefreshToken = "someRT"; app.UserTokenCache.tokenCacheDictionary[key] = ex; users = app.Users; Assert.IsNotNull(users); Assert.AreEqual(2, users.Count()); foreach (var user in users) { Assert.AreEqual(TestConstants.DefaultClientId, user.ClientId); Assert.IsNotNull(user.TokenCache); } }
public void MapToIdentifierMultipleMatchingEntriesTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant, TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId, TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultPolicy); AuthenticationResultEx ex = new AuthenticationResultEx(); ex.Result = new AuthenticationResult("Bearer", key.ToString(), new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3600))); ex.Result.User = new User { DisplayableId = TestConstants.DefaultDisplayableId, UniqueId = TestConstants.DefaultUniqueId, HomeObjectId = TestConstants.DefaultHomeObjectId }; ex.Result.ScopeSet = TestConstants.DefaultScope; ex.Result.FamilyId = "1"; ex.RefreshToken = "someRT"; cache.tokenCacheDictionary[key] = ex; HandlerData data = new HandlerData() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = new[] { "something" }, TokenCache = cache }; AcquireTokenSilentHandler handler = new AcquireTokenSilentHandler(data, (string)null, new PlatformParameters(), false); User user = handler.MapIdentifierToUser(TestConstants.DefaultUniqueId); Assert.IsNotNull(user); Assert.AreEqual(TestConstants.DefaultUniqueId, user.UniqueId); }
public void AcquireTokenSilentForceRefreshTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId); app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems(); HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage(TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultScope.Union(TestConstants.ScopeForAnotherResource).ToArray()) }; Task <AuthenticationResult> task = app.AcquireTokenSilentAsync(TestConstants.DefaultScope.ToArray(), TestConstants.DefaultUniqueId, app.Authority, null, true); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DefaultDisplayableId, result.User.DisplayableId); Assert.AreEqual(TestConstants.DefaultUniqueId, result.User.UniqueId); Assert.AreEqual(TestConstants.DefaultScope.Union(TestConstants.ScopeForAnotherResource).ToArray().AsSingleString(), result.Scope.AsSingleString()); }
public void MapToIdentifierItemFoundTest() { Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid()); TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); HandlerData data = new HandlerData() { Authenticator = authenticator, ClientKey = new ClientKey(TestConstants.DefaultClientId), Policy = TestConstants.DefaultPolicy, RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser, Scope = TestConstants.DefaultScope.ToArray(), TokenCache = cache }; AcquireTokenSilentHandler handler = new AcquireTokenSilentHandler(data, (string)null, new PlatformParameters(), false); User user = handler.MapIdentifierToUser(TestConstants.DefaultUniqueId); Assert.IsNotNull(user); Assert.AreEqual(TestConstants.DefaultUniqueId, user.UniqueId); }
public void OBOUserAssertionHashNotFoundTest() { TokenCache cache = TokenCacheHelper.CreateCacheWithItems(); string someAssertion = "some-assertion-passed-by-developer"; TokenCacheKey key = cache.tokenCacheDictionary.Keys.First(); //update cache entry with hash of an assertion that will not match cache.tokenCacheDictionary[key].UserAssertionHash = new CryptographyHelper().CreateSha256Hash(someAssertion + "-but-not-in-cache"); ConfidentialClientApplication app = new ConfidentialClientApplication(TestConstants.DefaultClientId, TestConstants.DefaultRedirectUri, new ClientCredential(TestConstants.DefaultClientSecret), new TokenCache()); app.UserTokenCache = cache; string[] scope = { "mail.read" }; HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage("unique_id_3", "*****@*****.**", "root_id_3", scope) }; UserAssertion assertion = new UserAssertion(someAssertion, AssertionType); Task <AuthenticationResult> task = app.AcquireTokenOnBehalfOfAsync(key.Scope.AsArray(), assertion, key.Authority, TestConstants.DefaultPolicy); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual("unique_id_3", result.User.UniqueId); Assert.AreEqual("*****@*****.**", result.User.DisplayableId); //check for new assertion Hash AuthenticationResultEx resultEx = cache.tokenCacheDictionary.Values.First(r => r.Result.User.UniqueId.Equals("unique_id_3")); Assert.AreEqual(HashAccessToken, resultEx.UserAssertionHash); }
public void AcquireTokenSilentCacheOnlyLookupTest() { PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId); app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems(); app.UserTokenCache.tokenCacheDictionary.Remove(new TokenCacheKey(TestConstants.DefaultAuthorityGuestTenant, TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId, TestConstants.DefaultUniqueId + "more", TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId, TestConstants.DefaultPolicy)); HttpMessageHandlerFactory.MockHandler = new MockHttpMessageHandler() { Method = HttpMethod.Post, ResponseMessage = new HttpResponseMessage(HttpStatusCode.Forbidden) //fail the request if it goes to http client due to any error }; Task <AuthenticationResult> task = app.AcquireTokenSilentAsync(TestConstants.DefaultScope.ToArray()); AuthenticationResult result = task.Result; Assert.IsNotNull(result); Assert.AreEqual(TestConstants.DefaultDisplayableId, result.User.DisplayableId); Assert.AreEqual(TestConstants.DefaultUniqueId, result.User.UniqueId); Assert.AreEqual(TestConstants.DefaultScope.AsSingleString(), result.Scope.AsSingleString()); }