public static async Task <List <AuthenticationResultProxy> > AcquireTokenPositiveWithCacheAsync(Sts sts, AuthenticationContextProxy context) { AuthenticationResultProxy result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result2; if (result.UserInfo != null) { result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId), SecondCallExtraQueryParameter); } else { result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters); } VerifySuccessResult(sts, result2); return(new List <AuthenticationResultProxy> { result, result2 }); }
public static async Task ClientCredentialTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); AuthenticationResultProxy result = null; var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); result = await context.AcquireTokenAsync(sts.ValidResource, credential); Verify.IsNotNullOrEmptyString(result.AccessToken); result = await context.AcquireTokenAsync(null, credential); VerifyErrorResult(result, Sts.InvalidArgumentError, "resource"); result = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null); VerifyErrorResult(result, Sts.InvalidArgumentError, "clientCredential"); var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); VerifyErrorResult(result, Sts.InvalidClientError, null, 0, "50012"); invalidCredential = new ClientCredential(sts.ValidConfidentialClientId.Replace("0", "1"), sts.ValidConfidentialClientSecret + "x"); result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); VerifyErrorResult(result, Sts.UnauthorizedClient, null, 400, "70001"); }
public static async Task ClientAssertionWithX509TestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); AuthenticationResultProxy result = null; var certificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 2; result = await context.AcquireTokenAsync(sts.ValidResource, certificate); Verify.IsNotNullOrEmptyString(result.AccessToken); result = await context.AcquireTokenAsync(null, certificate); VerifyErrorResult(result, Sts.InvalidArgumentError, "resource"); result = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertionCertificate)null); VerifyErrorResult(result, Sts.InvalidArgumentError, "clientCertificate"); var invalidCertificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.InvalidConfidentialClientCertificateName, sts.InvalidConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 3; result = await context.AcquireTokenAsync(sts.ValidResource, invalidCertificate); VerifyErrorResult(result, Sts.InvalidClientError, "50012"); // AADSTS50012: Client assertion contains an invalid signature. invalidCertificate = new ClientAssertionCertificate(sts.InvalidClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 4; result = await context.AcquireTokenAsync(sts.ValidResource, invalidCertificate); VerifyErrorResult(result, Sts.UnauthorizedClient, "70001"); // AADSTS70001: Application '87002806-c87a-41cd-896b-84ca5690d29e' is not registered for the account. }
internal static async Task MultiThreadedClientAssertionWithX509Test(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); const int ParallelCount = 20; AuthenticationResultProxy[] result = new AuthenticationResultProxy[ParallelCount]; var certificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 8; AuthenticationContextProxy.CallSync = true; Parallel.For(0, ParallelCount, async(i) => { result[i] = await context.AcquireTokenAsync(sts.ValidResource, certificate); Log.Comment("Error: " + result[i].Error); Log.Comment("Error Description: " + result[i].ErrorDescription); Verify.IsNotNullOrEmptyString(result[i].AccessToken); }); result[0] = await context.AcquireTokenAsync(sts.ValidResource, certificate); Log.Comment("Error: " + result[0].Error); Log.Comment("Error Description: " + result[0].ErrorDescription); Verify.IsNotNullOrEmptyString(result[0].AccessToken); }
public async Task MsAppRedirectUriTest() { Sts sts = new AadSts(); AuthenticationContextProxy context = new AuthenticationContextProxy(sts.Authority); AuthenticationResultProxy result = null; result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, new Uri("ms-app://test/"), null); Verify.IsNotNullOrEmptyString(result.Error); Verify.AreEqual(result.Error, Sts.AuthenticationUiFailedError); try { WebAuthenticationBroker.GetCurrentApplicationCallbackUri(); Verify.Fail("Exception expected"); } catch (Exception ex) { Verify.IsTrue(ex.Message.Contains("hostname")); } result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, null, null); Verify.AreEqual(result.Error, "need_to_set_callback_uri_as_local_setting"); // Incorrect ms-app ApplicationData.Current.LocalSettings.Values["CurrentApplicationCallbackUri"] = "ms-app://s-1-15-2-2097830667-3131301884-2920402518-3338703368-1480782779-4157212157-3811015497/"; result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, null, null); Verify.AreEqual(result.Error, Sts.AuthenticationUiFailedError); }
internal static async Task TokenSubjectTypeTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId); VerifySuccessResult(sts, result2); VerifyExpiresOnAreEqual(result, result2); AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, credential); VerifySuccessResult(sts, result3, false, false); AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource, credential); VerifySuccessResult(sts, result4, false, false); VerifyExpiresOnAreEqual(result3, result4); VerifyExpiresOnAreNotEqual(result, result3); var cacheItems = TokenCache.DefaultShared.ReadItems().ToList(); Verify.AreEqual(cacheItems.Count, 2); }
public static async Task UserInfoTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(TestConstants.DefaultAuthorityCommonTenant, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationResultProxy result2; if (sts.Type == StsType.AAD) { Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Verify.IsNotNullOrEmptyString(result.UserInfo.UniqueId); Verify.IsNotNullOrEmptyString(result.UserInfo.GivenName); Verify.IsNotNullOrEmptyString(result.UserInfo.FamilyName); EndBrowserDialogSession(); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationContextProxy.SetCredentials(null, null); result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId), SecondCallExtraQueryParameter); ValidateAuthenticationResultsAreEqual(result, result2); } AuthenticationContextProxy.SetCredentials(null, null); result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters); Verify.AreEqual(result.AccessToken, result2.AccessToken); SetCredential(sts); result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId, ThirdCallExtraQueryParameter); VerifySuccessResult(sts, result2); if (result.UserInfo != null) { ValidateAuthenticationResultsAreEqual(result, result2); } else { VerifyExpiresOnAreNotEqual(result, result2); } EndBrowserDialogSession(); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.InvalidRequiredUserId, SecondCallExtraQueryParameter); VerifyErrorResult(result2, "user_mismatch", null); }
public static async Task MixedCaseUserNameTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); UserCredentialProxy credential = new UserCredentialProxy(sts.ValidUserName3, sts.ValidPassword3); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result); Verify.IsNotNull(result.UserInfo); Verify.AreNotEqual(result.UserInfo.DisplayableId, result.UserInfo.DisplayableId.ToLower()); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result2); Verify.IsTrue(AreDateTimeOffsetsEqual(result.ExpiresOn, result2.ExpiresOn)); }
public static async Task AcquireTokenPositiveWithoutRedirectUriOrUserIdTestAsync(Sts sts) { AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters); VerifySuccessResult(sts, result); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, null); VerifyErrorResult(result, Sts.InvalidArgumentError, "userId"); VerifyErrorResult(result, Sts.InvalidArgumentError, "UserIdentifier.AnyUser"); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, UserIdentifier.AnyUser); VerifySuccessResult(sts, result); }
public static async Task AcquireTokenPositiveTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); }
public static async Task CorrelationIdTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); Guid correlationId = Guid.NewGuid(); AuthenticationResultProxy result = null; var eventListener = new SampleEventListener(); eventListener.EnableEvents(AdalOption.AdalEventSource, EventLevel.Verbose); context.SetCorrelationId(correlationId); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); Verify.IsTrue(eventListener.TraceBuffer.Contains(correlationId.ToString())); eventListener.TraceBuffer = string.Empty; context.SetCorrelationId(Guid.Empty); AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId); Verify.IsNotNullOrEmptyString(result2.AccessToken); Verify.IsFalse(eventListener.TraceBuffer.Contains(correlationId.ToString())); }
public async Task MsAppRedirectUriTest() { Sts sts = new AadSts(); AuthenticationContextProxy context = new AuthenticationContextProxy(sts.Authority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, new Uri("ms-app://s-1-15-2-2097830667-3131301884-2920402518-3338703368-1480782779-4157212157-3811015497/"), new PlatformParameters(PromptBehavior.Auto, false)); Verify.IsNotNullOrEmptyString(result.Error); Verify.AreEqual(result.Error, Sts.AuthenticationUiFailedError); Uri uri = WebAuthenticationBroker.GetCurrentApplicationCallbackUri(); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, uri, new PlatformParameters(PromptBehavior.Auto, false)); Verify.IsNotNullOrEmptyString(result.Error); Verify.AreEqual(result.Error, Sts.AuthenticationUiFailedError); }
public static async Task AcquireTokenWithAuthenticationCanceledTestAsync(Sts sts) { AuthenticationContextProxy.SetCredentials(null, null); var context = new AuthenticationContextProxy(TestConstants.DefaultAuthorityCommonTenant, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, new UserIdentifier("*****@*****.**", UserIdentifierType.OptionalDisplayableId)); VerifyErrorResult(result, Sts.AuthenticationCanceledError, "canceled"); }
public static async Task MultiResourceRefreshTokenTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(TestConstants.DefaultAuthorityCommonTenant, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource2, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result2); if (sts.Type == StsType.AAD) { result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource3, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result2); } }
public static async Task AcquireTokenNonInteractivePositiveTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); UserCredentialProxy credential = new UserCredentialProxy(sts.ValidUserName, sts.ValidPassword); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result); Verify.IsNotNull(result.UserInfo); Verify.IsNotNullOrEmptyString(result.UserInfo.UniqueId); Verify.IsNotNullOrEmptyString(result.UserInfo.DisplayableId); AuthenticationContextProxy.Delay(2000); // Test token cache AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result2); VerifyExpiresOnAreEqual(result, result2); }
internal static async Task MultiUserCacheTestAsync(Sts sts) { Log.Comment("Acquire token for user1 interactively"); AuthenticationContextProxy.SetCredentials(null, sts.ValidPassword); var context = new AuthenticationContextProxy(TestConstants.DefaultAuthorityCommonTenant, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token for user1 returning cached token"); AuthenticationContextProxy.SetCredentials(null, null); result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Clear cookie and acquire token for user2 interactively"); EndBrowserDialogSession(); AuthenticationContextProxy.SetCredentials(null, sts.ValidPassword2); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidRequiredUserId2); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); Log.Comment("Acquire token for user1 returning cached token"); AuthenticationContextProxy.SetCredentials(null, null); result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token for user2 returning cached token"); AuthenticationContextProxy.SetCredentials(null, null); result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidRequiredUserId2); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); Log.Comment("Acquire token for user1 and resource2 using cached multi resource refresh token"); AuthenticationContextProxy.SetCredentials(null, null); result = await context.AcquireTokenAsync(TestConstants.DefaultResource2, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token for user2 and resource2 using cached multi resource refresh token"); AuthenticationContextProxy.SetCredentials(null, null); result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource2, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidRequiredUserId2); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); }
internal static async Task AcquireTokenOnBehalfAndClientAssertionTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); RecorderJwtId.JwtIdIndex = 13; ClientAssertion clientAssertion = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientAssertion, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertion)null, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientAssertion, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
internal static async Task LoggerTest(Sts sts) { var traceSourceListener = new TestTraceListner(); AdalTrace.TraceSource.Listeners.Add(traceSourceListener); traceSourceListener.Filter = new SourceFilter("Microsoft.IdentityModel.Clients.ActiveDirectory"); Trace.TraceInformation("$$$$$"); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); await context.AcquireTokenAsync(sts.ValidResource, credential); var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); Verify.IsTrue(traceSourceListener.TraceBuffer.IndexOf("$$") < 0); Verify.IsTrue(traceSourceListener.TraceBuffer.IndexOf("Correlation ID") > 0); traceSourceListener.TraceBuffer = string.Empty; var traceListener = new TestTraceListner(); Trace.Listeners.Add(traceListener); credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); await context.AcquireTokenAsync(sts.ValidResource, credential); invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); Verify.IsFalse(string.IsNullOrEmpty(traceListener.TraceBuffer)); Verify.IsFalse(string.IsNullOrEmpty(traceSourceListener.TraceBuffer)); Verify.AreEqual(traceListener.TraceBuffer, traceSourceListener.TraceBuffer); traceSourceListener.TraceBuffer = string.Empty; traceListener.TraceBuffer = string.Empty; AdalTrace.LegacyTraceSwitch.Level = TraceLevel.Off; credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); await context.AcquireTokenAsync(sts.ValidResource, credential); invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); Verify.IsTrue(string.IsNullOrEmpty(traceListener.TraceBuffer)); Verify.IsFalse(string.IsNullOrEmpty(traceSourceListener.TraceBuffer)); }
public static async Task AcquireTokenPositiveWithDefaultCacheTestAsync(Sts sts) { AuthenticationContextProxy.ClearDefaultCache(); SetCredential(sts); var context = new AuthenticationContextProxy(TestConstants.DefaultAuthorityCommonTenant, sts.ValidateAuthority); List <AuthenticationResultProxy> results = await AcquireTokenPositiveWithCacheAsync(sts, context); VerifyExpiresOnAreEqual(results[0], results[1]); EndBrowserDialogSession(); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy resultWithoutUser = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, UserIdentifier.AnyUser, SecondCallExtraQueryParameter); VerifyExpiresOnAreEqual(results[0], resultWithoutUser); context.VerifySingleItemInCache(results[0], sts.Type); }
public static async Task CorrelationIdTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); Guid correlationId = Guid.NewGuid(); AuthenticationResultProxy result = null; var eventListener = new SampleEventListener(); eventListener.EnableEvents(AdalOption.AdalEventSource, EventLevel.Verbose); context.SetCorrelationId(correlationId); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); Verify.IsTrue(eventListener.TraceBuffer.Contains(correlationId.ToString())); eventListener.TraceBuffer = string.Empty; context.SetCorrelationId(Guid.Empty); AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId); Verify.IsNotNullOrEmptyString(result2.AccessToken); Verify.IsFalse(eventListener.TraceBuffer.Contains(correlationId.ToString())); }
public static async Task ClientAssertionWithSelfSignedJwtTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); AuthenticationResultProxy result = null; RecorderJwtId.JwtIdIndex = 10; ClientAssertion validCredential = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword); result = await context.AcquireTokenAsync(sts.ValidResource, validCredential); Verify.IsNotNullOrEmptyString(result.AccessToken); result = await context.AcquireTokenAsync(null, validCredential); VerifyErrorResult(result, Sts.InvalidArgumentError, "resource"); result = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertion)null); VerifyErrorResult(result, Sts.InvalidArgumentError, "clientAssertion"); RecorderJwtId.JwtIdIndex = 11; ClientAssertion invalidCredential = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.InvalidConfidentialClientCertificateName, sts.InvalidConfidentialClientCertificatePassword); result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); VerifyErrorResult(result, Sts.InvalidClientError, "50012", 401); // AADSTS50012: Client assertion contains an invalid signature. result = await context.AcquireTokenAsync(sts.InvalidResource, validCredential); VerifyErrorResult(result, Sts.InvalidResourceError, "50001", 400); // ACS50001: Resource not found. RecorderJwtId.JwtIdIndex = 12; invalidCredential = CreateClientAssertion(sts.Authority, sts.InvalidClientId, sts.InvalidConfidentialClientCertificateName, sts.InvalidConfidentialClientCertificatePassword); result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); VerifyErrorResult(result, Sts.UnauthorizedClient, "70001", 400); // AADSTS70001: Application '87002806-c87a-41cd-896b-84ca5690d29e' is not registered for the account. }
internal static async Task SwitchUserTestAsync(Sts sts) { Log.Comment("Acquire token for user1 interactively"); AuthenticationContextProxy.SetCredentials(null, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token via cookie for user1 without user"); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName, result2.UserInfo.DisplayableId); Log.Comment("Acquire token for user2 via force prompt and user"); AuthenticationContextProxy.SetCredentials(sts.ValidUserName2, sts.ValidPassword2); var alwaysAuthorizationParameters = new PlatformParameters(PromptBehavior.Always, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, alwaysAuthorizationParameters, sts.ValidRequiredUserId2); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); Log.Comment("Acquire token for user2 via force prompt"); AuthenticationContextProxy.SetCredentials(sts.ValidUserName2, sts.ValidPassword2); result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, alwaysAuthorizationParameters); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); Log.Comment("Fail to acquire token without user while tokens for two users in the cache"); result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters); VerifyErrorResult(result2, "multiple_matching_tokens_detected", null); }
internal static async Task AcquireTokenWithPromptBehaviorNeverTestAsync(Sts sts) { // Should not be able to get a token silently on first try. var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); var neverAuthorizationParameters = new PlatformParameters(PromptBehavior.Never, null); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, neverAuthorizationParameters); VerifyErrorResult(result, Sts.UserInteractionRequired, null); AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); // Obtain a token interactively. result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.SetCredentials(null, null); // Now there should be a token available in the cache so token should be available silently. result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, neverAuthorizationParameters); VerifySuccessResult(sts, result); // Clear the cache and silent auth should work via session cookies. AuthenticationContextProxy.ClearDefaultCache(); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, neverAuthorizationParameters); VerifySuccessResult(sts, result); // Clear the cache and cookies and silent auth should fail. AuthenticationContextProxy.ClearDefaultCache(); EndBrowserDialogSession(); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, neverAuthorizationParameters); VerifyErrorResult(result, Sts.UserInteractionRequired, null); }
public static async Task ForcePromptTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.SetCredentials(null, null); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, (sts.Type == StsType.ADFS) ? null : sts.ValidUserId); VerifySuccessResult(sts, result2); Verify.AreEqual(result2.AccessToken, result.AccessToken); AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); var neverAuthorizationParameters = new PlatformParameters(PromptBehavior.Always, null); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, neverAuthorizationParameters); VerifySuccessResult(sts, result); Verify.AreNotEqual(result2.AccessToken, result.AccessToken); }
public static async Task<List<AuthenticationResultProxy>> AcquireTokenPositiveWithCacheAsync(Sts sts, AuthenticationContextProxy context) { AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result2; if (result.UserInfo != null) result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId), SecondCallExtraQueryParameter); else result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters); VerifySuccessResult(sts, result2); return new List<AuthenticationResultProxy> { result, result2 }; }
public static async Task InnerExceptionAccessTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); result = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.InvalidClientId); VerifyErrorResult(result, "failed_to_acquire_token_silently", null); Verify.IsNotNull(result.Exception); }
internal static async Task LoggerTestAsync(Sts sts) { var eventListener = new SampleEventListener(); eventListener.EnableEvents(AdalOption.AdalEventSource, EventLevel.Verbose); Trace.TraceInformation("$$$$$"); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); await context.AcquireTokenAsync(sts.ValidResource, credential); var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); Verify.IsTrue(eventListener.TraceBuffer.IndexOf("$$") < 0); eventListener.TraceBuffer = string.Empty; credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); await context.AcquireTokenAsync(sts.ValidResource, credential); invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); Verify.IsFalse(string.IsNullOrEmpty(eventListener.TraceBuffer)); eventListener.TraceBuffer = string.Empty; eventListener.DisableEvents(AdalOption.AdalEventSource); credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); await context.AcquireTokenAsync(sts.ValidResource, credential); invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); Verify.IsTrue(string.IsNullOrEmpty(eventListener.TraceBuffer)); }
public static async Task AcquireTokenNonInteractivePositiveTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); UserCredentialProxy credential = new UserCredentialProxy(sts.ValidUserName, sts.ValidPassword); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result); Verify.IsNotNull(result.UserInfo); Verify.IsNotNullOrEmptyString(result.UserInfo.UniqueId); Verify.IsNotNullOrEmptyString(result.UserInfo.DisplayableId); AuthenticationContextProxy.Delay(2000); // Test token cache AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result2); VerifyExpiresOnAreEqual(result, result2); }
public static async Task ClientAssertionWithSelfSignedJwtTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); AuthenticationResultProxy result = null; RecorderJwtId.JwtIdIndex = 10; ClientAssertion validCredential = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword); result = await context.AcquireTokenAsync(sts.ValidResource, validCredential); Verify.IsNotNullOrEmptyString(result.AccessToken); result = await context.AcquireTokenAsync(null, validCredential); VerifyErrorResult(result, Sts.InvalidArgumentError, "resource"); result = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertion)null); VerifyErrorResult(result, Sts.InvalidArgumentError, "clientAssertion"); RecorderJwtId.JwtIdIndex = 11; ClientAssertion invalidCredential = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.InvalidConfidentialClientCertificateName, sts.InvalidConfidentialClientCertificatePassword); result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); VerifyErrorResult(result, Sts.InvalidClientError, "50012", 401); // AADSTS50012: Client assertion contains an invalid signature. result = await context.AcquireTokenAsync(sts.InvalidResource, validCredential); VerifyErrorResult(result, Sts.InvalidResourceError, "50001", 400); // ACS50001: Resource not found. RecorderJwtId.JwtIdIndex = 12; invalidCredential = CreateClientAssertion(sts.Authority, sts.InvalidClientId, sts.InvalidConfidentialClientCertificateName, sts.InvalidConfidentialClientCertificatePassword); result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); VerifyErrorResult(result, Sts.UnauthorizedClient, "70001", 400); // AADSTS70001: Application '87002806-c87a-41cd-896b-84ca5690d29e' is not registered for the account. }
public static async Task ClientAssertionWithX509TestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); AuthenticationResultProxy result = null; var certificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, ExportX509Certificate(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword), sts.ConfidentialClientCertificatePassword); RecorderJwtId.JwtIdIndex = 2; result = await context.AcquireTokenAsync(sts.ValidResource, certificate); Verify.IsNotNullOrEmptyString(result.AccessToken); result = await context.AcquireTokenAsync(null, certificate); VerifyErrorResult(result, Sts.InvalidArgumentError, "resource"); result = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertionCertificate)null); VerifyErrorResult(result, Sts.InvalidArgumentError, "clientCertificate"); var invalidCertificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, ExportX509Certificate(sts.InvalidConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword), sts.InvalidConfidentialClientCertificatePassword); RecorderJwtId.JwtIdIndex = 3; result = await context.AcquireTokenAsync(sts.ValidResource, invalidCertificate); VerifyErrorResult(result, Sts.InvalidClientError, null, 0, "50012"); invalidCertificate = new ClientAssertionCertificate(sts.InvalidClientId, ExportX509Certificate(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword), sts.ConfidentialClientCertificatePassword); RecorderJwtId.JwtIdIndex = 4; result = await context.AcquireTokenAsync(sts.ValidResource, invalidCertificate); VerifyErrorResult(result, Sts.UnauthorizedClient, null, 400, "70001"); }
public static async Task ClientCredentialTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = null; var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); result = await context.AcquireTokenAsync(sts.ValidResource, credential); Verify.IsNotNullOrEmptyString(result.AccessToken); AuthenticationContextProxy.Delay(2000); // 2 seconds delay var result2 = await context.AcquireTokenAsync(sts.ValidResource, credential); Verify.IsNotNullOrEmptyString(result2.AccessToken); VerifyExpiresOnAreEqual(result, result2); result = await context.AcquireTokenAsync(null, credential); VerifyErrorResult(result, Sts.InvalidArgumentError, "resource"); result = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null); VerifyErrorResult(result, Sts.InvalidArgumentError, "clientCredential"); context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); VerifyErrorResult(result, Sts.InvalidClientError, "70002"); invalidCredential = new ClientCredential(sts.ValidConfidentialClientId.Replace("0", "1"), sts.ValidConfidentialClientSecret + "x"); result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); VerifyErrorResult(result, Sts.UnauthorizedClient, "70001", 400); }
public static async Task AcquireTokenAndRefreshSessionTestAsync(Sts sts) { var userId = sts.ValidUserId; AuthenticationContextProxy.SetCredentials(userId.Id, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, false, TokenCacheType.InMemory); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, userId); VerifySuccessResult(sts, result); AuthenticationContextProxy.Delay(2000); var refreshSessionAuthorizationParameters = new PlatformParameters(PromptBehavior.RefreshSession, null); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, refreshSessionAuthorizationParameters, userId); VerifySuccessResult(sts, result2); Verify.AreNotEqual(result.AccessToken, result2.AccessToken); }
internal static async Task TokenSubjectTypeTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId); VerifySuccessResult(sts, result2); VerifyExpiresOnAreEqual(result, result2); AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, credential); VerifySuccessResult(sts, result3, false, false); AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource, credential); VerifySuccessResult(sts, result4, false, false); VerifyExpiresOnAreEqual(result3, result4); VerifyExpiresOnAreNotEqual(result, result3); var cacheItems = TokenCache.DefaultShared.ReadItems().ToList(); Verify.AreEqual(cacheItems.Count, 2); }
internal static async Task AcquireTokenOnBehalfAndClientCertificateTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); var clientCertificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 5; AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertionCertificate)null, result.AccessToken); RecorderJwtId.JwtIdIndex = 6; VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCertificate"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCertificate, result.AccessToken + "x"); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidResourceError, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken + "x"); VerifyErrorResult(result2, "invalid_grant", "invalid signature"); var invalidClientCredential = new ClientAssertionCertificate(sts.ValidConfidentialClientId.Replace('1', '2'), new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 7; result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.UnauthorizedClient, "not found"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCertificate, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
public static async Task ExtraQueryParametersTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId, null); VerifySuccessResult(sts, result); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId, "redirect_uri=123"); VerifyErrorResult(result, "duplicate_query_parameter", "redirect_uri"); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId, "resource=123&dummy=dummy_value#$%^@%^^%"); VerifyErrorResult(result, "duplicate_query_parameter", "resource"); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId, "client_id=123"); VerifyErrorResult(result, "duplicate_query_parameter", "client_id"); EndBrowserDialogSession(); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId, "login_hint=123"); VerifyErrorResult(result, "duplicate_query_parameter", "login_hint"); EndBrowserDialogSession(); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId, "login_hintx=123"); VerifySuccessResult(sts, result); EndBrowserDialogSession(); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, UserIdentifier.AnyUser, "login_hint=" + sts.ValidUserName); VerifySuccessResult(sts, result); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId, string.Empty); VerifySuccessResult(sts, result); }
internal static async Task MultiUserCacheTestAsync(Sts sts) { Log.Comment("Acquire token for user1 interactively"); AuthenticationContextProxy.SetCredentials(null, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token for user1 returning cached token"); AuthenticationContextProxy.SetCredentials(null, null); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Clear cookie and acquire token for user2 interactively"); EndBrowserDialogSession(); AuthenticationContextProxy.SetCredentials(null, sts.ValidPassword2); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidRequiredUserId2); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); Log.Comment("Acquire token for user1 returning cached token"); AuthenticationContextProxy.SetCredentials(null, null); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token for user2 returning cached token"); AuthenticationContextProxy.SetCredentials(null, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidRequiredUserId2); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); Log.Comment("Acquire token for user1 and resource2 using cached multi resource refresh token"); AuthenticationContextProxy.SetCredentials(null, null); result = await context.AcquireTokenAsync(sts.ValidResource2, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResultAndTokenContent(sts, result); Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Log.Comment("Acquire token for user2 and resource2 using cached multi resource refresh token"); AuthenticationContextProxy.SetCredentials(null, null); result2 = await context.AcquireTokenAsync(sts.ValidResource2, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidRequiredUserId2); VerifySuccessResultAndTokenContent(sts, result2); Verify.AreEqual(sts.ValidUserName2, result2.UserInfo.DisplayableId); }
public static async Task AcquireTokenPositiveWithFederatedTenantTestAsync(Sts sts) { var userId = sts.ValidUserId; AuthenticationContextProxy.SetCredentials(userId.Id, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, false, TokenCacheType.Null); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, userId); VerifySuccessResult(sts, result); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, UserIdentifier.AnyUser); VerifySuccessResult(sts, result); }
public static async Task InstanceDiscoveryTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.SetEnvironmentVariable("ExtraQueryParameter", string.Empty); // PROD discovery endpoint knows about PPE as well, so this passes discovery and fails later as refresh token is invalid for PPE. context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows-ppe.net"), sts.ValidateAuthority); result = await context.AcquireTokenAsync(sts.ValidResource, new ClientCredential(sts.ValidClientId, sts.ValidPassword)); VerifyErrorResult(result, "invalid_request", "No service namespace"); try { context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows.unknown"), sts.ValidateAuthority); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifyErrorResult(result, "authority_not_in_valid_list", "authority"); } #if TEST_ADAL_WINPHONE_UNIT catch (AdalServiceException ex) { Verify.AreNotEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ErrorCode, Sts.AuthorityNotInValidList); Verify.IsTrue(ex.Message.Contains("authority")); } #endif finally { } }
internal static async Task MultiThreadedClientAssertionWithX509TestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); const int ParallelCount = 20; AuthenticationResultProxy[] result = new AuthenticationResultProxy[ParallelCount]; var certificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, ExportX509Certificate(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword), sts.ConfidentialClientCertificatePassword); RecorderJwtId.JwtIdIndex = 8; Parallel.For(0, ParallelCount, async (i) => { result[i] = await context.AcquireTokenAsync(sts.ValidResource, certificate); Log.Comment("Error: " + result[i].Error); Log.Comment("Error Description: " + result[i].ErrorDescription); Verify.IsNotNullOrEmptyString(result[i].AccessToken); }); result[0] = await context.AcquireTokenAsync(sts.ValidResource, certificate); Log.Comment("Error: " + result[0].Error); Log.Comment("Error Description: " + result[0].ErrorDescription); Verify.IsNotNullOrEmptyString(result[0].AccessToken); }
public static async Task AuthenticationContextAuthorityValidationTestAsync(Sts sts) { SetCredential(sts); AuthenticationContextProxy context = null; AuthenticationResultProxy result = null; try { context = new AuthenticationContextProxy(sts.InvalidAuthority, true); Verify.AreNotEqual(sts.Type, StsType.ADFS); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthorityNotInValidList, "authority"); } catch (ArgumentException ex) { Verify.AreEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ParamName, "validateAuthority"); } #if TEST_ADAL_WINPHONE_UNIT catch (AdalServiceException ex) { Verify.AreNotEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ErrorCode, Sts.AuthorityNotInValidList); Verify.IsTrue(ex.Message.Contains("authority")); } #endif context = new AuthenticationContextProxy(sts.InvalidAuthority, false); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthenticationUiFailedError, "authentication dialog"); context = new AuthenticationContextProxy(sts.Authority, false); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); if (sts.Type != StsType.ADFS) { context = new AuthenticationContextProxy(sts.Authority, true); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); } try { context = new AuthenticationContextProxy(sts.InvalidAuthority); Verify.AreNotEqual(sts.Type, StsType.ADFS); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifyErrorResult(result, Sts.AuthorityNotInValidList, "authority"); } catch (ArgumentException ex) { Verify.AreEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ParamName, "validateAuthority"); } #if TEST_ADAL_WINPHONE_UNIT catch (AdalServiceException ex) { Verify.AreNotEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ErrorCode, Sts.AuthorityNotInValidList); Verify.IsTrue(ex.Message.Contains("authority")); } #endif context = new AuthenticationContextProxy(sts.Authority + "/extraPath1/extraPath2", sts.ValidateAuthority); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); }
internal static async Task AcquireTokenOnBehalfAndClientCredentialTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); ClientCredential clientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCredential"); result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidResourceError, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCredential, result.AccessToken + "x"); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken + "x"); VerifyErrorResult(result2, "invalid_grant", "invalid signature"); ClientCredential invalidClientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidClientError, "Invalid client secret"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCredential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
internal static async Task AcquireTokenOnBehalfAndClientCredentialTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); ClientCredential clientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCredential"); result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidResourceError, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCredential, result.AccessToken + "x"); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken + "x"); VerifyErrorResult(result2, "invalid_grant", "invalid signature"); ClientCredential invalidClientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidClientError, "Invalid client secret"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCredential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
internal static async Task AcquireTokenOnBehalfAndClientCertificateTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); var clientCertificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, ExportX509Certificate(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword), sts.ConfidentialClientCertificatePassword); RecorderJwtId.JwtIdIndex = 5; AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertionCertificate)null, result.AccessToken); RecorderJwtId.JwtIdIndex = 6; VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCertificate"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCertificate, result.AccessToken + "x"); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidResourceError, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken + "x"); VerifyErrorResult(result2, "invalid_grant", "invalid signature"); var invalidClientCredential = new ClientAssertionCertificate(sts.ValidConfidentialClientId.Replace('1', '2'), ExportX509Certificate(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword), sts.ConfidentialClientCertificatePassword); RecorderJwtId.JwtIdIndex = 7; result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.UnauthorizedClient, "not found"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCertificate, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
internal static async Task AcquireTokenOnBehalfAndClientAssertionTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); RecorderJwtId.JwtIdIndex = 13; ClientAssertion clientAssertion = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientAssertion, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertion)null, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientAssertion, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
public static async Task AcquireTokenFromCacheTestAsync(Sts sts) { AuthenticationContext context = new AuthenticationContext(sts.Authority, sts.ValidateAuthority); try { await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId, sts.ValidUserId); Verify.Fail("AdalSilentTokenAcquisitionException was expected"); } catch (AdalSilentTokenAcquisitionException ex) { Verify.AreEqual(AdalError.FailedToAcquireTokenSilently, ex.ErrorCode); } catch { Verify.Fail("AdalSilentTokenAcquisitionException was expected"); } AuthenticationContextProxy.SetCredentials(sts.Type == StsType.ADFS ? sts.ValidUserName : null, sts.ValidPassword); var contextProxy = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy resultProxy = await contextProxy.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, resultProxy); AuthenticationResult result = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId, (sts.Type == StsType.ADFS) ? UserIdentifier.AnyUser : sts.ValidUserId); VerifySuccessResult(result); result = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId); VerifySuccessResult(result); }
public static async Task TenantlessTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.TenantlessAuthority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); Verify.IsNotNullOrEmptyString(result.TenantId); AuthenticationContextProxy.SetCredentials(null, null); AuthenticationResultProxy result2 = await context.AcquireTokenAsync( sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); ValidateAuthenticationResultsAreEqual(result, result2); SetCredential(sts); context = new AuthenticationContextProxy(sts.TenantlessAuthority.Replace("Common", result.TenantId), sts.ValidateAuthority, TokenCacheType.Null); result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result2); }
public static async Task MixedCaseUserNameTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); UserCredentialProxy credential = new UserCredentialProxy(sts.ValidUserName3, sts.ValidPassword3); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result); Verify.IsNotNull(result.UserInfo); Verify.AreNotEqual(result.UserInfo.DisplayableId, result.UserInfo.DisplayableId.ToLower()); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result2); Verify.IsTrue(AreDateTimeOffsetsEqual(result.ExpiresOn, result2.ExpiresOn)); }
internal static async Task CacheExpirationMarginTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationContextProxy.SetCredentials(null, null); var userId = (result.UserInfo != null) ? new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId) : UserIdentifier.AnyUser; AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, userId, SecondCallExtraQueryParameter); VerifySuccessResult(sts, result2); VerifyExpiresOnAreEqual(result, result2); var dummyContext = new AuthenticationContext("https://dummy/dummy", false); AdalFriend.UpdateTokenExpiryOnTokenCache(dummyContext.TokenCache, DateTime.UtcNow + TimeSpan.FromSeconds(4 * 60 + 50)); result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, userId); VerifySuccessResult(sts, result2); Verify.AreNotEqual(result.AccessToken, result2.AccessToken); }