public static async Task AcquireTokenPositiveByRefreshTokenTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, (string)null); VerifySuccessResult(sts, result, true, false); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken + "x", sts.ValidClientId, (string)null); VerifyErrorResult(result2, "invalid_grant", "Refresh Token", 400); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource); if (sts.Type == StsType.ADFS) { VerifyErrorResult(result, Sts.InvalidArgumentError, "multiple resource"); } else { VerifySuccessResult(sts, result, true, false); } }
public static async Task ConfidentialClientTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); AuthenticationContextProxy.Delay(2000); // 2 seconds delay context.SetCorrelationId(new Guid("2ddbba59-1a04-43fb-b363-7fb0ae785031")); // Test cache usage in AcquireTokenByAuthorizationCodeAsync // There is no cache lookup, so the results should be different. AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result2); Verify.AreNotEqual(result.AccessToken, result2.AccessToken); AuthenticationContextProxy.ClearDefaultCache(); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential); VerifySuccessResult(sts, result, true, false); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidConfidentialClientId, sts.ValidResource); VerifyErrorResult(result, "invalid_request", null, 400, "90014"); // ACS90014: The request body must contain the following parameter: 'client_secret or client_assertion'. result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, credential); VerifyErrorResult(result, "invalid_argument", "authorizationCode"); result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, credential); VerifyErrorResult(result, "invalid_argument", "authorizationCode"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode + "x", sts.ValidRedirectUriForConfidentialClient, credential); VerifyErrorResult(result, "invalid_grant", "authorization code"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, new Uri(sts.ValidRedirectUriForConfidentialClient.AbsoluteUri + "x"), credential); VerifyErrorResult(result, "invalid_grant", "does not match the reply address", 400, "70002"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientCredential)null); VerifyErrorResult(result, "invalid_argument", "credential"); var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, invalidCredential); VerifyErrorResult(result, "invalid_client", "client secret", 401); }
public static async Task ConfidentialClientTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); AuthenticationContextProxy.Delay(2000); // 2 seconds delay context.SetCorrelationId(new Guid("2ddbba59-1a04-43fb-b363-7fb0ae785031")); // Test cache usage in AcquireTokenByAuthorizationCodeAsync // There is no cache lookup, so the results should be different. AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result2); Verify.AreNotEqual(result.AccessToken, result2.AccessToken); AuthenticationContextProxy.ClearDefaultCache(); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential); VerifySuccessResult(sts, result, true, false); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidConfidentialClientId, sts.ValidResource); VerifyErrorResult(result, "invalid_request", null, 400, "90014"); // ACS90014: The request body must contain the following parameter: 'client_secret or client_assertion'. result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, credential); VerifyErrorResult(result, "invalid_argument", "authorizationCode"); result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, credential); VerifyErrorResult(result, "invalid_argument", "authorizationCode"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode + "x", sts.ValidRedirectUriForConfidentialClient, credential); VerifyErrorResult(result, "invalid_grant", "authorization code"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, new Uri(sts.ValidRedirectUriForConfidentialClient.AbsoluteUri + "x"), credential); VerifyErrorResult(result, "invalid_grant", "does not match the reply address", 400, "70002"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientCredential)null); VerifyErrorResult(result, "invalid_argument", "credential"); var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, invalidCredential); VerifyErrorResult(result, "invalid_client", "client secret", 401); }
internal static async Task ConfidentialClientTokenRefreshWithMRRTTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential, sts.ValidResource2); VerifySuccessResult(sts, result2, true, false); AuthenticationContextProxy.ClearDefaultCache(); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result2, true, false); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result2, AdalError.FailedToAcquireTokenSilently, null); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result2, true, false); }
public static async Task InstanceDiscoveryTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.SetEnvironmentVariable("ExtraQueryParameter", string.Empty); // PROD discovery endpoint knows about PPE as well, so this passes discovery and fails later as refresh token is invalid for PPE. context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows-ppe.net"), sts.ValidateAuthority); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource); VerifyErrorResult(result, "invalid_grant", "Refresh Token"); try { context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows.unknown"), sts.ValidateAuthority); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, "authority_not_in_valid_list", "authority"); } #if TEST_ADAL_WINPHONE_UNIT catch (AdalServiceException ex) { Verify.AreNotEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ErrorCode, Sts.AuthorityNotInValidList); Verify.IsTrue(ex.Message.Contains("authority")); } #endif finally { } }
public static async Task MultiResourceRefreshTokenTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource2); if (sts.Type == StsType.AAD) { VerifySuccessResult(sts, result2, true, false); Verify.IsTrue(result.IsMultipleResourceRefreshToken); Verify.IsTrue(result2.IsMultipleResourceRefreshToken); } result2 = context.AcquireToken(sts.ValidResource2, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result2); if (sts.Type == StsType.ADFS) { Verify.IsFalse(result.IsMultipleResourceRefreshToken); } else { Verify.IsTrue(result.IsMultipleResourceRefreshToken); } if (sts.Type == StsType.AAD) { result2 = context.AcquireToken(sts.ValidResource3, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result2); Verify.IsTrue(result.IsMultipleResourceRefreshToken); } }
public static async Task CorrelationIdTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); Guid correlationId = Guid.NewGuid(); AuthenticationResultProxy result = null; MemoryStream stream = new MemoryStream(); using (var listener = new TextWriterTraceListener(stream)) { Trace.Listeners.Add(listener); context.SetCorrelationId(correlationId); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); listener.Flush(); string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position); Verify.IsTrue(trace.Contains(correlationId.ToString())); Trace.Listeners.Remove(listener); } stream = new MemoryStream(); using (var listener = new TextWriterTraceListener(stream)) { Trace.Listeners.Add(listener); context.SetCorrelationId(Guid.Empty); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId); Verify.IsNotNull(result2.AccessToken); listener.Flush(); string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position); Verify.IsFalse(trace.Contains(correlationId.ToString())); Verify.IsTrue(trace.Contains("Correlation ID")); Trace.Listeners.Remove(listener); } }
public static async Task ConfidentialClientWithX509TestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var certificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 1; AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource); VerifySuccessResult(sts, result); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate); VerifySuccessResult(sts, result); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, certificate, sts.ValidResource); VerifySuccessResult(sts, result, true, false); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidConfidentialClientId, sts.ValidResource); VerifyErrorResult(result, Sts.InvalidRequest, null, 400, "90014"); // The request body must contain the following parameter: 'client_secret or client_assertion'. result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate, null); VerifySuccessResult(sts, result); result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource); VerifyErrorResult(result, Sts.InvalidArgumentError, "authorizationCode"); result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource); VerifyErrorResult(result, Sts.InvalidArgumentError, "authorizationCode"); // Send null for redirect result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, null, certificate, sts.ValidResource); VerifyErrorResult(result, Sts.InvalidArgumentError, "redirectUri"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientAssertionCertificate)null, sts.ValidResource); VerifyErrorResult(result, Sts.InvalidArgumentError, "clientCertificate"); }
public static async Task AcquireTokenPositiveByRefreshTokenTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, (string)null); VerifySuccessResult(sts, result, true, false); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken + "x", sts.ValidClientId, (string)null); VerifyErrorResult(result2, "invalid_grant", "Refresh Token", 400); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource); if (sts.Type == StsType.ADFS) { VerifyErrorResult(result, Sts.InvalidArgumentError, "multiple resource"); } else { VerifySuccessResult(sts, result, true, false); } }
public static async Task WebExceptionAccessTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.InvalidClientId); VerifyErrorResult(result, "unauthorized_client", "AADSTS70001"); Verify.IsNotNull(result.Exception); Verify.IsNotNull(result.Exception.InnerException); Verify.IsTrue(result.Exception.InnerException is WebException); using (StreamReader sr = new StreamReader(((WebException)(result.Exception.InnerException)).Response.GetResponseStream())) { string streamBody = sr.ReadToEnd(); Verify.IsTrue(streamBody.Contains("AADSTS70001")); } }
public static async Task CorrelationIdTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); Guid correlationId = Guid.NewGuid(); AuthenticationResultProxy result = null; MemoryStream stream = new MemoryStream(); using (var listener = new TextWriterTraceListener(stream)) { Trace.Listeners.Add(listener); context.SetCorrelationId(correlationId); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); listener.Flush(); string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position); Verify.IsTrue(trace.Contains(correlationId.ToString())); Trace.Listeners.Remove(listener); } stream = new MemoryStream(); using (var listener = new TextWriterTraceListener(stream)) { Trace.Listeners.Add(listener); context.SetCorrelationId(Guid.Empty); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId); Verify.IsNotNullOrEmptyString(result2.AccessToken); listener.Flush(); string trace = Encoding.UTF8.GetString(stream.ToArray(), 0, (int)stream.Position); Verify.IsFalse(trace.Contains(correlationId.ToString())); Verify.IsTrue(trace.Contains("Correlation ID")); Trace.Listeners.Remove(listener); } }
public static async Task WebExceptionAccessTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.InvalidClientId); VerifyErrorResult(result, "unauthorized_client", "AADSTS70001"); Verify.IsNotNull(result.Exception); Verify.IsNotNull(result.Exception.InnerException); Verify.IsTrue(result.Exception.InnerException is WebException); using (StreamReader sr = new StreamReader(((WebException)(result.Exception.InnerException)).Response.GetResponseStream())) { string streamBody = sr.ReadToEnd(); Verify.IsTrue(streamBody.Contains("AADSTS70001")); } }
public static async Task InstanceDiscoveryTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.SetEnvironmentVariable("ExtraQueryParameter", string.Empty); // PROD discovery endpoint knows about PPE as well, so this passes discovery and fails later as refresh token is invalid for PPE. context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows-ppe.net"), sts.ValidateAuthority); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource); VerifyErrorResult(result, "invalid_grant", "Refresh Token"); try { context = new AuthenticationContextProxy(sts.Authority.Replace("windows.net", "windows.unknown"), sts.ValidateAuthority); result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifyErrorResult(result, "authority_not_in_valid_list", "authority"); } #if TEST_ADAL_WINPHONE_UNIT catch (AdalServiceException ex) { Verify.AreNotEqual(sts.Type, StsType.ADFS); Verify.AreEqual(ex.ErrorCode, Sts.AuthorityNotInValidList); Verify.IsTrue(ex.Message.Contains("authority")); } #endif finally { } }
public static async Task MultiResourceRefreshTokenTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidClientId, sts.ValidResource2); if (sts.Type == StsType.AAD) { VerifySuccessResult(sts, result2, true, false); Verify.IsTrue(result.IsMultipleResourceRefreshToken); Verify.IsTrue(result2.IsMultipleResourceRefreshToken); } result2 = context.AcquireToken(sts.ValidResource2, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result2); if (sts.Type == StsType.ADFS) { Verify.IsFalse(result.IsMultipleResourceRefreshToken); } else { Verify.IsTrue(result.IsMultipleResourceRefreshToken); } if (sts.Type == StsType.AAD) { result2 = context.AcquireToken(sts.ValidResource3, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result2); Verify.IsTrue(result.IsMultipleResourceRefreshToken); } }
public static async Task ConfidentialClientWithX509TestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var certificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 1; AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource); VerifySuccessResult(sts, result); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate); VerifySuccessResult(sts, result); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, certificate, sts.ValidResource); VerifySuccessResult(sts, result, true, false); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidConfidentialClientId, sts.ValidResource); VerifyErrorResult(result, Sts.InvalidRequest, null, 400, "90014"); // The request body must contain the following parameter: 'client_secret or client_assertion'. result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, certificate, null); VerifySuccessResult(sts, result); result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource); VerifyErrorResult(result, Sts.InvalidArgumentError, "authorizationCode"); result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, certificate, sts.ValidResource); VerifyErrorResult(result, Sts.InvalidArgumentError, "authorizationCode"); // Send null for redirect result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, null, certificate, sts.ValidResource); VerifyErrorResult(result, Sts.InvalidArgumentError, "redirectUri"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientAssertionCertificate)null, sts.ValidResource); VerifyErrorResult(result, Sts.InvalidArgumentError, "clientCertificate"); }
internal static async Task ConfidentialClientTokenRefreshWithMRRTTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential, sts.ValidResource2); VerifySuccessResult(sts, result2, true, false); AuthenticationContextProxy.ClearDefaultCache(); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result2, true, false); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result2, AdalError.FailedToAcquireTokenSilently, null); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result2, true, false); }