public static async Task ConfidentialClientWithX509TestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null);
string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var certificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, ExportX509Certificate(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword), sts.ConfidentialClientCertificatePassword);
RecorderJwtId.JwtIdIndex = 1;
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate, null);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "authorizationCode");
result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "authorizationCode");
// Send null for redirect
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, null, certificate, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "redirectUri");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientAssertionCertificate)null, sts.ValidResource);
VerifyErrorResult(result, Sts.InvalidArgumentError, "clientCertificate");
}
public static async Task ConfidentialClientTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
context.SetCorrelationId(new Guid("2ddbba59-1a04-43fb-b363-7fb0ae785031"));
// Test cache usage in AcquireTokenByAuthorizationCodeAsync
// There is no cache lookup, so the results should be different.
AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result2);
Verify.AreNotEqual(result.AccessToken, result2.AccessToken);
AuthenticationContextProxy.ClearDefaultCache();
result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_argument", "authorizationCode");
result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_argument", "authorizationCode");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode + "x", sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_grant", "authorization code");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, new Uri(sts.ValidRedirectUriForConfidentialClient.OriginalString + "x"), credential);
VerifyErrorResult(result, "invalid_grant", "does not match the reply address", 400, "70002");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientCredential)null);
VerifyErrorResult(result, "invalid_argument", "credential");
var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, invalidCredential);
VerifyErrorResult(result, "invalid_client", "client secret", 401);
}
internal static async Task TokenSubjectTypeTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId);
VerifySuccessResult(sts, result2);
VerifyExpiresOnAreEqual(result, result2);
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, credential);
VerifySuccessResult(sts, result3, false, false);
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource, credential);
VerifySuccessResult(sts, result4, false, false);
VerifyExpiresOnAreEqual(result3, result4);
VerifyExpiresOnAreNotEqual(result, result3);
var cacheItems = TokenCache.DefaultShared.ReadItems().ToList();
Verify.AreEqual(cacheItems.Count, 2);
}
internal static async Task ConfidentialClientTokenRefreshWithMRRTTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId);
VerifyErrorResult(result2, AdalError.FailedToAcquireTokenSilently, null);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
}
internal static async Task AcquireTokenByAuthorizationCodeWithCacheTestAsync(Sts sts)
{
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword);
string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
EndBrowserDialogSession();
AuthenticationContextProxy.SetCredentials(sts.ValidUserName2, sts.ValidPassword2);
string authorizationCode2 = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidRequiredUserId2);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
AuthenticationContextProxy.Delay(2000);
AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode2, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result, true, false);
VerifySuccessResult(sts, result2, true, false);
VerifyExpiresOnAreNotEqual(result, result2);
AuthenticationResultProxy result3 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser);
VerifyErrorResult(result3, "multiple_matching_tokens_detected", null);
AuthenticationResultProxy result4 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId);
AuthenticationResultProxy result5 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidRequiredUserId2);
VerifySuccessResult(sts, result4, true, false);
VerifySuccessResult(sts, result5, true, false);
VerifyExpiresOnAreEqual(result4, result);
VerifyExpiresOnAreEqual(result5, result2);
VerifyExpiresOnAreNotEqual(result4, result5);
}