internal static async Task ConfidentialClientTokenRefreshWithMRRTTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential, sts.ValidResource2); VerifySuccessResult(sts, result2, true, false); AuthenticationContextProxy.ClearDefaultCache(); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result2, true, false); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result2, AdalError.FailedToAcquireTokenSilently, null); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result2, true, false); }
internal static async Task TokenSubjectTypeTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId); VerifySuccessResult(sts, result2); VerifyExpiresOnAreEqual(result, result2); AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, credential); VerifySuccessResult(sts, result3, false, false); AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource, credential); VerifySuccessResult(sts, result4, false, false); VerifyExpiresOnAreEqual(result3, result4); VerifyExpiresOnAreNotEqual(result, result3); var cacheItems = TokenCache.DefaultShared.ReadItems().ToList(); Verify.AreEqual(cacheItems.Count, 2); }
public static async Task CorrelationIdTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); Guid correlationId = Guid.NewGuid(); AuthenticationResultProxy result = null; var eventListener = new SampleEventListener(); eventListener.EnableEvents(AdalOption.AdalEventSource, EventLevel.Verbose); context.SetCorrelationId(correlationId); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); Verify.IsTrue(eventListener.TraceBuffer.Contains(correlationId.ToString())); eventListener.TraceBuffer = string.Empty; context.SetCorrelationId(Guid.Empty); AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId); Verify.IsNotNullOrEmptyString(result2.AccessToken); Verify.IsFalse(eventListener.TraceBuffer.Contains(correlationId.ToString())); }
internal static async Task AcquireTokenOnBehalfAndClientAssertionTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); RecorderJwtId.JwtIdIndex = 13; ClientAssertion clientAssertion = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientAssertion, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertion)null, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientAssertion, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
internal static async Task AcquireTokenByAuthorizationCodeWithCacheTest(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); EndBrowserDialogSession(); AuthenticationContextProxy.SetCredentials(sts.ValidUserName2, sts.ValidPassword2); string authorizationCode2 = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidRequiredUserId2); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); AuthenticationContextProxy.Delay(2000); AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode2, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result, true, false); VerifySuccessResult(sts, result2, true, false); VerifyExpiresOnAreNotEqual(result, result2); AuthenticationResultProxy result3 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser); VerifyErrorResult(result3, "multiple_matching_tokens_detected", null); AuthenticationResultProxy result4 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId); AuthenticationResultProxy result5 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidRequiredUserId2); VerifySuccessResult(sts, result4, true, false); VerifySuccessResult(sts, result5, true, false); VerifyExpiresOnAreEqual(result4, result); VerifyExpiresOnAreEqual(result5, result2); VerifyExpiresOnAreNotEqual(result4, result5); }
public static async Task CorrelationIdTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); Guid correlationId = Guid.NewGuid(); AuthenticationResultProxy result = null; var eventListener = new SampleEventListener(); eventListener.EnableEvents(AdalOption.AdalEventSource, EventLevel.Verbose); context.SetCorrelationId(correlationId); result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); Verify.IsTrue(eventListener.TraceBuffer.Contains(correlationId.ToString())); eventListener.TraceBuffer = string.Empty; context.SetCorrelationId(Guid.Empty); AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.ValidClientId); Verify.IsNotNullOrEmptyString(result2.AccessToken); Verify.IsFalse(eventListener.TraceBuffer.Contains(correlationId.ToString())); }
internal static async Task AcquireTokenOnBehalfAndClientCertificateTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); var clientCertificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 5; AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertionCertificate)null, result.AccessToken); RecorderJwtId.JwtIdIndex = 6; VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCertificate"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCertificate, result.AccessToken + "x"); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidResourceError, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken + "x"); VerifyErrorResult(result2, "invalid_grant", "invalid signature"); var invalidClientCredential = new ClientAssertionCertificate(sts.ValidConfidentialClientId.Replace('1', '2'), new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 7; result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.UnauthorizedClient, "not found"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCertificate, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
internal static async Task AcquireTokenOnBehalfAndClientCredentialTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); ClientCredential clientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCredential"); result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidResourceError, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCredential, result.AccessToken + "x"); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken + "x"); VerifyErrorResult(result2, "invalid_grant", "invalid signature"); ClientCredential invalidClientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidClientError, "Invalid client secret"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCredential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
internal static async Task TokenSubjectTypeTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId); VerifySuccessResult(sts, result2); VerifyExpiresOnAreEqual(result, result2); AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, credential); VerifySuccessResult(sts, result3, false, false); AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource, credential); VerifySuccessResult(sts, result4, false, false); VerifyExpiresOnAreEqual(result3, result4); VerifyExpiresOnAreNotEqual(result, result3); var cacheItems = TokenCache.DefaultShared.ReadItems().ToList(); Verify.AreEqual(cacheItems.Count, 2); }
internal static async Task ConfidentialClientTokenRefreshWithMRRTTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); AuthenticationResultProxy result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result2, true, false); AuthenticationContextProxy.ClearDefaultCache(); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result2, true, false); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result2, AdalError.FailedToAcquireTokenSilently, null); result2 = await context.AcquireTokenSilentAsync(sts.ValidResource2, credential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result2, true, false); }
internal static async Task AcquireTokenByAuthorizationCodeWithCacheTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); string authorizationCode = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); EndBrowserDialogSession(); AuthenticationContextProxy.SetCredentials(sts.ValidUserName2, sts.ValidPassword2); string authorizationCode2 = await context.AcquireAccessCodeAsync(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidRequiredUserId2); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); AuthenticationContextProxy.Delay(2000); AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode2, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result, true, false); VerifySuccessResult(sts, result2, true, false); VerifyExpiresOnAreNotEqual(result, result2); AuthenticationResultProxy result3 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser); VerifyErrorResult(result3, "multiple_matching_tokens_detected", null); AuthenticationResultProxy result4 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId); AuthenticationResultProxy result5 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidRequiredUserId2); VerifySuccessResult(sts, result4, true, false); VerifySuccessResult(sts, result5, true, false); VerifyExpiresOnAreEqual(result4, result); VerifyExpiresOnAreEqual(result5, result2); VerifyExpiresOnAreNotEqual(result4, result5); }
internal static async Task AcquireTokenOnBehalfAndClientAssertionTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); RecorderJwtId.JwtIdIndex = 13; ClientAssertion clientAssertion = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientAssertion, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertion)null, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientAssertion, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
internal static async Task AcquireTokenOnBehalfAndClientCertificateTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); var clientCertificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, ExportX509Certificate(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword), sts.ConfidentialClientCertificatePassword); RecorderJwtId.JwtIdIndex = 5; AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertionCertificate)null, result.AccessToken); RecorderJwtId.JwtIdIndex = 6; VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCertificate"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCertificate, result.AccessToken + "x"); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidResourceError, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken + "x"); VerifyErrorResult(result2, "invalid_grant", "invalid signature"); var invalidClientCredential = new ClientAssertionCertificate(sts.ValidConfidentialClientId.Replace('1', '2'), ExportX509Certificate(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword), sts.ConfidentialClientCertificatePassword); RecorderJwtId.JwtIdIndex = 7; result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.UnauthorizedClient, "not found"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCertificate, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
internal static async Task AcquireTokenOnBehalfAndClientCredentialTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); ClientCredential clientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCredential"); result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidResourceError, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCredential, result.AccessToken + "x"); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken + "x"); VerifyErrorResult(result2, "invalid_grant", "invalid signature"); ClientCredential invalidClientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidClientError, "Invalid client secret"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCredential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
public static async Task InnerExceptionAccessTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); result = await context.AcquireTokenSilentAsync(sts.ValidResource, sts.InvalidClientId); VerifyErrorResult(result, "failed_to_acquire_token_silently", null); Verify.IsNotNull(result.Exception); }