public static TokenCache CreateCacheWithItems()
{
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.ScopeSet = TestConstants.DefaultScope;
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
key = new TokenCacheKey(TestConstants.DefaultAuthorityGuestTenant,
TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId + "more", TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId + "more",
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.ScopeSet = TestConstants.ScopeForAnotherResource;
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
return cache;
}
public void LoadFromCacheExpiredToken()
{
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(), new DateTimeOffset(DateTime.UtcNow));
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
AuthenticationResultEx resultEx = cache.LoadFromCache(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUser,
TestConstants.DefaultPolicy, null);
Assert.IsNotNull(resultEx);
Assert.IsNotNull(resultEx.Result);
Assert.IsNull(resultEx.Result.Token);
Assert.AreEqual(resultEx.RefreshToken, "someRT");
}
public void GetUsersTest()
{
PublicClientApplication app = new PublicClientApplication(TestConstants.DefaultClientId);
IEnumerable<User> users = app.Users;
Assert.IsNotNull(users);
Assert.IsFalse(users.Any());
app.UserTokenCache = TokenCacheHelper.CreateCacheWithItems();
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(1, users.Count());
foreach (var user in users)
{
Assert.AreEqual(TestConstants.DefaultClientId, user.ClientId);
Assert.IsNotNull(user.TokenCache);
}
// another cache entry for different home object id. user count should be 2.
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId+"more",
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3600)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.ScopeSet = TestConstants.DefaultScope;
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
app.UserTokenCache.tokenCacheDictionary[key] = ex;
users = app.Users;
Assert.IsNotNull(users);
Assert.AreEqual(2, users.Count());
foreach (var user in users)
{
Assert.AreEqual(TestConstants.DefaultClientId, user.ClientId);
Assert.IsNotNull(user.TokenCache);
}
}
public void MapToIdentifierMultipleMatchingEntriesTest()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false,
Guid.NewGuid());
TokenCache cache = TokenCacheHelper.CreateCacheWithItems();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.ScopeForAnotherResource, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3600)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.ScopeSet = TestConstants.DefaultScope;
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = new[] { "something" },
TokenCache = cache
};
SilentRequest request = new SilentRequest(parameters, (string) null,
new PlatformParameters(), false);
User user = request.MapIdentifierToUser(TestConstants.DefaultUniqueId);
Assert.IsNotNull(user);
Assert.AreEqual(TestConstants.DefaultUniqueId, user.UniqueId);
}
public void NoCacheLookup()
{
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
IWebUI ui = Substitute.For<IWebUI>();
AuthorizationResult ar = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
ui.AcquireAuthorizationAsync(Arg.Any<Uri>(), Arg.Any<Uri>(), Arg.Any<IDictionary<string, string>>(),
Arg.Any<CallState>())
.Returns(ar);
MockHttpMessageHandler mockHandler = new MockHttpMessageHandler();
mockHandler.Method = HttpMethod.Post;
mockHandler.QueryParams = new Dictionary<string, string>() {{"p", "some-policy"}};
mockHandler.ResponseMessage = MockHelpers.CreateSuccessTokenResponseMessage();
HttpMessageHandlerFactory.MockHandler = mockHandler;
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = "some-policy",
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(), TestConstants.DefaultDisplayableId,
UiOptions.SelectAccount, "extra=qp", ui);
Task<AuthenticationResult> task = request.RunAsync();
task.Wait();
AuthenticationResult result = task.Result;
Assert.IsNotNull(result);
Assert.AreEqual(2, cache.Count);
Assert.AreEqual(result.Token, "some-access-token");
//both cache entry authorities are TestConstants.DefaultAuthorityHomeTenant
foreach (var item in cache.ReadItems(TestConstants.DefaultClientId))
{
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, item.Authority);
}
}
public void ActAsCurrentUserNoSsoHeaderForLoginHintOnlyTest()
{
//this test validates that no SSO header is added when developer passes only login hint and UiOption.ActAsCurrentUser
Authenticator authenticator = new Authenticator(TestConstants.DefaultAuthorityHomeTenant, false, Guid.NewGuid());
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(3599)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
MockWebUI webUi = new MockWebUI();
webUi.MockResult = new AuthorizationResult(AuthorizationStatus.Success,
TestConstants.DefaultAuthorityHomeTenant + "?code=some-code");
AuthenticationRequestParameters parameters = new AuthenticationRequestParameters()
{
Authenticator = authenticator,
ClientKey = new ClientKey(TestConstants.DefaultClientId),
Policy = TestConstants.DefaultPolicy,
RestrictToSingleUser = TestConstants.DefaultRestrictToSingleUser,
Scope = TestConstants.DefaultScope.ToArray(),
TokenCache = cache
};
InteractiveRequest request = new InteractiveRequest(parameters,
TestConstants.ScopeForAnotherResource.ToArray(),
new Uri("some://uri"), new PlatformParameters(),
ex.Result.User, UiOptions.ActAsCurrentUser, "extra=qp", webUi);
request.PreRunAsync().Wait();
request.PreTokenRequest().Wait();
}
public void StoreToCacheNewUserRestrictToSingleUserTrueTest()
{
var tokenCache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
tokenCache.tokenCacheDictionary[key] = ex;
var result = new AuthenticationResult("Bearer", "some-access-token",
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)))
{
User =
new User
{
UniqueId = TestConstants.DefaultUniqueId+"more",
DisplayableId = TestConstants.DefaultDisplayableId
},
ScopeSet = new HashSet<string>(new string[] { "r1/scope5", "r1/scope7" })
};
AuthenticationResultEx resultEx = new AuthenticationResultEx
{
Result = result,
RefreshToken = "someRT"
};
try
{
tokenCache.StoreToCache(resultEx, TestConstants.DefaultAuthorityGuestTenant, TestConstants.DefaultClientId,
TestConstants.DefaultPolicy, true, null);
Assert.Fail("MsalException should be thrown here");
}
catch (MsalException me)
{
Assert.AreEqual(MsalError.InvalidCacheOperation, me.ErrorCode);
Assert.AreEqual("Cannot add more than 1 user with a different unique id when RestrictToSingleUser is set to TRUE.", me.Message);
}
}
public void ClearCacheTest()
{
TokenCache tokenCache = TokenCacheHelper.CreateCacheWithItems();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId + "more",
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
tokenCache.tokenCacheDictionary[key] = ex;
tokenCache.Clear(TestConstants.DefaultClientId);
Assert.AreEqual(1, tokenCache.Count);
Assert.AreEqual(key, tokenCache.tokenCacheDictionary.Keys.First());
}
public void LoadSingleItemFromCacheCrossTenantLookupTest()
{
var tokenCache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
tokenCache.tokenCacheDictionary[key] = ex;
User user = TestConstants.DefaultUser;
user.DisplayableId = null;
user.UniqueId = null;
//cross-tenant works by default. search cache using non-existant authority
//using root id. Code will find multiple results with the same root id. it can return any.
KeyValuePair<TokenCacheKey, AuthenticationResultEx>? item =
tokenCache.LoadSingleItemFromCache(TestConstants.DefaultAuthorityGuestTenant + "non-existant",
new HashSet<string>(new[] {"scope1", "random-scope"}),
TestConstants.DefaultClientId, user, TestConstants.DefaultPolicy, null);
Assert.IsNotNull(item);
key = item.Value.Key;
AuthenticationResultEx resultEx = item.Value.Value;
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, key.Authority);
Assert.AreEqual(TestConstants.DefaultScope, key.Scope);
Assert.AreEqual(TestConstants.DefaultClientId, key.ClientId);
Assert.AreEqual(TestConstants.DefaultUniqueId, key.UniqueId);
Assert.AreEqual(TestConstants.DefaultDisplayableId, key.DisplayableId);
Assert.AreEqual(TestConstants.DefaultHomeObjectId, key.HomeObjectId);
Assert.AreEqual(TestConstants.DefaultPolicy, key.Policy);
Assert.AreEqual(key.ToString(), resultEx.Result.Token);
}
public void LoadSingleItemFromCacheNullUserSingleUniqueIdInCacheTest()
{
TokenCache cache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
cache.tokenCacheDictionary[key] = ex;
KeyValuePair<TokenCacheKey, AuthenticationResultEx>? item =
cache.LoadSingleItemFromCache(TestConstants.DefaultAuthorityCommonTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
null,
TestConstants.DefaultPolicy, null);
Assert.IsNotNull(item);
Assert.AreEqual(TestConstants.DefaultAuthorityHomeTenant, key.Authority);
Assert.AreEqual(TestConstants.DefaultScope, key.Scope);
Assert.AreEqual(TestConstants.DefaultClientId, key.ClientId);
Assert.AreEqual(TestConstants.DefaultUniqueId, key.UniqueId);
Assert.AreEqual(TestConstants.DefaultDisplayableId, key.DisplayableId);
Assert.AreEqual(TestConstants.DefaultHomeObjectId, key.HomeObjectId);
Assert.AreEqual(TestConstants.DefaultPolicy, key.Policy);
}
public void LoadFromCacheCrossTenantNullUserToken()
{
//this test will result only in a RT and no access token returned.
TokenCache tokenCache = TokenCacheHelper.CreateCacheWithItems();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId + "more", TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
tokenCache.tokenCacheDictionary[key] = ex;
try
{
AuthenticationResultEx resultEx =
tokenCache.LoadFromCache(TestConstants.DefaultAuthorityHomeTenant, TestConstants.DefaultScope,
TestConstants.DefaultClientId, null, TestConstants.DefaultPolicy, null);
Assert.Fail("multiple tokens should have been detected");
}
catch (MsalException exception)
{
Assert.AreEqual("multiple_matching_tokens_detected", exception.ErrorCode);
}
}
public void LoadFromCacheNullUserSingleEntry()
{
var tokenCache = new TokenCache();
TokenCacheKey key = new TokenCacheKey(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope, TestConstants.DefaultClientId,
TestConstants.DefaultUniqueId, TestConstants.DefaultDisplayableId, TestConstants.DefaultHomeObjectId,
TestConstants.DefaultPolicy);
AuthenticationResultEx ex = new AuthenticationResultEx();
ex.Result = new AuthenticationResult("Bearer", key.ToString(),
new DateTimeOffset(DateTime.UtcNow + TimeSpan.FromSeconds(ValidExpiresIn)));
ex.Result.User = new User
{
DisplayableId = TestConstants.DefaultDisplayableId,
UniqueId = TestConstants.DefaultUniqueId,
HomeObjectId = TestConstants.DefaultHomeObjectId
};
ex.Result.FamilyId = "1";
ex.RefreshToken = "someRT";
tokenCache.tokenCacheDictionary[key] = ex;
AuthenticationResultEx resultEx = tokenCache.LoadFromCache(TestConstants.DefaultAuthorityHomeTenant,
TestConstants.DefaultScope,
TestConstants.DefaultClientId, null,
TestConstants.DefaultPolicy, null);
Assert.IsNotNull(resultEx);
Assert.IsNotNull(resultEx.Result);
Assert.IsNotNull(resultEx.Result.Token);
}