internal static async Task ConfidentialClientTokenRefreshWithMRRTTest(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential, sts.ValidResource2);
VerifySuccessResult(sts, result2, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId);
VerifyErrorResult(result2, AdalError.FailedToAcquireTokenSilently, null);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
}
internal static async Task TokenSubjectTypeTest(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId);
VerifySuccessResult(sts, result2);
VerifyExpiresOnAreEqual(result, result2);
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, credential);
VerifySuccessResult(sts, result3, false, false);
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource, credential);
VerifySuccessResult(sts, result4, false, false);
VerifyExpiresOnAreEqual(result3, result4);
VerifyExpiresOnAreNotEqual(result, result3);
var cacheItems = TokenCache.DefaultShared.ReadItems().ToList();
Verify.AreEqual(cacheItems.Count, 2);
}
public static async Task CorrelationIdTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
Guid correlationId = Guid.NewGuid();
AuthenticationResultProxy result = null;
var eventListener = new SampleEventListener();
eventListener.EnableEvents(AdalOption.AdalEventSource, EventLevel.Verbose);
context.SetCorrelationId(correlationId);
result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId);
VerifySuccessResult(sts, result);
Verify.IsTrue(eventListener.TraceBuffer.Contains(correlationId.ToString()));
eventListener.TraceBuffer = string.Empty;
context.SetCorrelationId(Guid.Empty);
AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId);
Verify.IsNotNullOrEmptyString(result2.AccessToken);
Verify.IsFalse(eventListener.TraceBuffer.Contains(correlationId.ToString()));
}
internal static async Task AcquireTokenOnBehalfAndClientAssertionTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
RecorderJwtId.JwtIdIndex = 13;
ClientAssertion clientAssertion = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword);
AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientAssertion, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, null);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertion)null, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Testing cache
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result3, true, false);
VerifyExpiresOnAreEqual(result2, result3);
// Using MRRT in cached token to acquire token for a different resource
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result4, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientAssertion, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result3, true, false);
}
internal static async Task AcquireTokenByAuthorizationCodeWithCacheTest(Sts sts)
{
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword);
string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
EndBrowserDialogSession();
AuthenticationContextProxy.SetCredentials(sts.ValidUserName2, sts.ValidPassword2);
string authorizationCode2 = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidRequiredUserId2);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
AuthenticationContextProxy.Delay(2000);
AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode2, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result, true, false);
VerifySuccessResult(sts, result2, true, false);
VerifyExpiresOnAreNotEqual(result, result2);
AuthenticationResultProxy result3 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser);
VerifyErrorResult(result3, "multiple_matching_tokens_detected", null);
AuthenticationResultProxy result4 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId);
AuthenticationResultProxy result5 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidRequiredUserId2);
VerifySuccessResult(sts, result4, true, false);
VerifySuccessResult(sts, result5, true, false);
VerifyExpiresOnAreEqual(result4, result);
VerifyExpiresOnAreEqual(result5, result2);
VerifyExpiresOnAreNotEqual(result4, result5);
}
public static async Task CorrelationIdTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
Guid correlationId = Guid.NewGuid();
AuthenticationResultProxy result = null;
var eventListener = new SampleEventListener();
eventListener.EnableEvents(AdalOption.AdalEventSource, EventLevel.Verbose);
context.SetCorrelationId(correlationId);
result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId);
VerifySuccessResult(sts, result);
Verify.IsTrue(eventListener.TraceBuffer.Contains(correlationId.ToString()));
eventListener.TraceBuffer = string.Empty;
context.SetCorrelationId(Guid.Empty);
AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId);
Verify.IsNotNullOrEmptyString(result2.AccessToken);
Verify.IsFalse(eventListener.TraceBuffer.Contains(correlationId.ToString()));
}
internal static async Task AcquireTokenOnBehalfAndClientCertificateTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
var clientCertificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword));
RecorderJwtId.JwtIdIndex = 5;
AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCertificate, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, null);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertionCertificate)null, result.AccessToken);
RecorderJwtId.JwtIdIndex = 6;
VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCertificate");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Testing cache
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken);
VerifySuccessResult(sts, result3, true, false);
VerifyExpiresOnAreEqual(result2, result3);
// Using MRRT in cached token to acquire token for a different resource
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCertificate, result.AccessToken + "x");
VerifySuccessResult(sts, result4, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCertificate, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidResourceError, null);
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken + "x");
VerifyErrorResult(result2, "invalid_grant", "invalid signature");
var invalidClientCredential = new ClientAssertionCertificate(sts.ValidConfidentialClientId.Replace('1', '2'), new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword));
RecorderJwtId.JwtIdIndex = 7;
result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.UnauthorizedClient, "not found");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId);
VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCertificate, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result3, true, false);
}
internal static async Task AcquireTokenOnBehalfAndClientCredentialTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
ClientCredential clientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, null);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCredential");
result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidResourceError, null);
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Testing cache
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken);
VerifySuccessResult(sts, result3, true, false);
VerifyExpiresOnAreEqual(result2, result3);
// Using MRRT in cached token to acquire token for a different resource
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCredential, result.AccessToken + "x");
VerifySuccessResult(sts, result4, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken + "x");
VerifyErrorResult(result2, "invalid_grant", "invalid signature");
ClientCredential invalidClientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x");
result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidClientError, "Invalid client secret");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId);
VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCredential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result3, true, false);
}
internal static async Task TokenSubjectTypeTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId);
VerifySuccessResult(sts, result2);
VerifyExpiresOnAreEqual(result, result2);
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, credential);
VerifySuccessResult(sts, result3, false, false);
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource, credential);
VerifySuccessResult(sts, result4, false, false);
VerifyExpiresOnAreEqual(result3, result4);
VerifyExpiresOnAreNotEqual(result, result3);
var cacheItems = TokenCache.DefaultShared.ReadItems().ToList();
Verify.AreEqual(cacheItems.Count, 2);
}
internal static async Task ConfidentialClientTokenRefreshWithMRRTTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId);
VerifyErrorResult(result2, AdalError.FailedToAcquireTokenSilently, null);
result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result2, true, false);
}
internal static async Task AcquireTokenByAuthorizationCodeWithCacheTestAsync(Sts sts)
{
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword);
string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
EndBrowserDialogSession();
AuthenticationContextProxy.SetCredentials(sts.ValidUserName2, sts.ValidPassword2);
string authorizationCode2 = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidRequiredUserId2);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
AuthenticationContextProxy.Delay(2000);
AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode2, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result, true, false);
VerifySuccessResult(sts, result2, true, false);
VerifyExpiresOnAreNotEqual(result, result2);
AuthenticationResultProxy result3 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser);
VerifyErrorResult(result3, "multiple_matching_tokens_detected", null);
AuthenticationResultProxy result4 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId);
AuthenticationResultProxy result5 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidRequiredUserId2);
VerifySuccessResult(sts, result4, true, false);
VerifySuccessResult(sts, result5, true, false);
VerifyExpiresOnAreEqual(result4, result);
VerifyExpiresOnAreEqual(result5, result2);
VerifyExpiresOnAreNotEqual(result4, result5);
}
internal static async Task AcquireTokenOnBehalfAndClientAssertionTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId);
VerifySuccessResult(sts, result);
RecorderJwtId.JwtIdIndex = 13;
ClientAssertion clientAssertion = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword);
AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientAssertion, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, null);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertion)null, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Testing cache
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result3, true, false);
VerifyExpiresOnAreEqual(result2, result3);
// Using MRRT in cached token to acquire token for a different resource
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result4, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientAssertion, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result3, true, false);
}
internal static async Task AcquireTokenOnBehalfAndClientCertificateTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId);
VerifySuccessResult(sts, result);
var clientCertificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, ExportX509Certificate(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword), sts.ConfidentialClientCertificatePassword);
RecorderJwtId.JwtIdIndex = 5;
AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCertificate, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, null);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertionCertificate)null, result.AccessToken);
RecorderJwtId.JwtIdIndex = 6;
VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCertificate");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Testing cache
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken);
VerifySuccessResult(sts, result3, true, false);
VerifyExpiresOnAreEqual(result2, result3);
// Using MRRT in cached token to acquire token for a different resource
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCertificate, result.AccessToken + "x");
VerifySuccessResult(sts, result4, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCertificate, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidResourceError, null);
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken + "x");
VerifyErrorResult(result2, "invalid_grant", "invalid signature");
var invalidClientCredential = new ClientAssertionCertificate(sts.ValidConfidentialClientId.Replace('1', '2'), ExportX509Certificate(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword), sts.ConfidentialClientCertificatePassword);
RecorderJwtId.JwtIdIndex = 7;
result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.UnauthorizedClient, "not found");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId);
VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCertificate, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result3, true, false);
}
internal static async Task AcquireTokenOnBehalfAndClientCredentialTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId);
VerifySuccessResult(sts, result);
ClientCredential clientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, null);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCredential");
result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidResourceError, null);
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Testing cache
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken);
VerifySuccessResult(sts, result3, true, false);
VerifyExpiresOnAreEqual(result2, result3);
// Using MRRT in cached token to acquire token for a different resource
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCredential, result.AccessToken + "x");
VerifySuccessResult(sts, result4, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken + "x");
VerifyErrorResult(result2, "invalid_grant", "invalid signature");
ClientCredential invalidClientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x");
result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidClientError, "Invalid client secret");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId);
VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCredential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result3, true, false);
}
public static async Task InnerExceptionAccessTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId);
VerifySuccessResult(sts, result);
result = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.InvalidClientId);
VerifyErrorResult(result, "failed_to_acquire_token_silently", null);
Verify.IsNotNull(result.Exception);
}
