public static async Task <List <AuthenticationResultProxy> > AcquireTokenPositiveWithCacheAsync(Sts sts, AuthenticationContextProxy context) { AuthenticationResultProxy result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result2; if (result.UserInfo != null) { result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId), SecondCallExtraQueryParameter); } else { result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters); } VerifySuccessResult(sts, result2); return(new List <AuthenticationResultProxy> { result, result2 }); }
internal static void CacheExpirationMarginTest(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationContextProxy.SetCredentials(null, null); var userId = (result.UserInfo != null) ? new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId) : UserIdentifier.AnyUser; AuthenticationResultProxy result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, userId, SecondCallExtraQueryParameter); VerifySuccessResult(sts, result2); VerifyExpiresOnAreEqual(result, result2); var dummyContext = new AuthenticationContext("https://dummy/dummy", false); AdalFriend.UpdateTokenExpiryOnTokenCache(dummyContext.TokenCache, DateTime.UtcNow + TimeSpan.FromSeconds(4 * 60 + 50)); result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, userId); VerifySuccessResult(sts, result2); Verify.AreNotEqual(result.AccessToken, result2.AccessToken); }
public static List <AuthenticationResultProxy> AcquireTokenPositiveWithCache(Sts sts, AuthenticationContextProxy context) { AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result2; if (result.UserInfo != null) { result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId), SecondCallExtraQueryParameter); } else { result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri); } VerifySuccessResult(sts, result2); return(new List <AuthenticationResultProxy> { result, result2 }); }
public static async Task ConfidentialClientTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result); AuthenticationContextProxy.Delay(2000); // 2 seconds delay context.SetCorrelationId(new Guid("2ddbba59-1a04-43fb-b363-7fb0ae785031")); // Test cache usage in AcquireTokenByAuthorizationCodeAsync // There is no cache lookup, so the results should be different. AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result2); Verify.AreNotEqual(result.AccessToken, result2.AccessToken); AuthenticationContextProxy.ClearDefaultCache(); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential); VerifySuccessResult(sts, result, true, false); result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidConfidentialClientId, sts.ValidResource); VerifyErrorResult(result, "invalid_request", null, 400, "90014"); // ACS90014: The request body must contain the following parameter: 'client_secret or client_assertion'. result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, credential); VerifyErrorResult(result, "invalid_argument", "authorizationCode"); result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, credential); VerifyErrorResult(result, "invalid_argument", "authorizationCode"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode + "x", sts.ValidRedirectUriForConfidentialClient, credential); VerifyErrorResult(result, "invalid_grant", "authorization code"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, new Uri(sts.ValidRedirectUriForConfidentialClient.AbsoluteUri + "x"), credential); VerifyErrorResult(result, "invalid_grant", "does not match the reply address", 400, "70002"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientCredential)null); VerifyErrorResult(result, "invalid_argument", "credential"); var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, invalidCredential); VerifyErrorResult(result, "invalid_client", "client secret", 401); }
public static async Task UserInfoTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(TestConstants.DefaultAuthorityCommonTenant, sts.ValidateAuthority); AuthenticationResultProxy result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId); VerifySuccessResult(sts, result); AuthenticationResultProxy result2; if (sts.Type == StsType.AAD) { Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId); Verify.IsNotNullOrEmptyString(result.UserInfo.UniqueId); Verify.IsNotNullOrEmptyString(result.UserInfo.GivenName); Verify.IsNotNullOrEmptyString(result.UserInfo.FamilyName); EndBrowserDialogSession(); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationContextProxy.SetCredentials(null, null); result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId), SecondCallExtraQueryParameter); ValidateAuthenticationResultsAreEqual(result, result2); } AuthenticationContextProxy.SetCredentials(null, null); result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters); Verify.AreEqual(result.AccessToken, result2.AccessToken); SetCredential(sts); result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId, ThirdCallExtraQueryParameter); VerifySuccessResult(sts, result2); if (result.UserInfo != null) { ValidateAuthenticationResultsAreEqual(result, result2); } else { VerifyExpiresOnAreNotEqual(result, result2); } EndBrowserDialogSession(); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.InvalidRequiredUserId, SecondCallExtraQueryParameter); VerifyErrorResult(result2, "user_mismatch", null); }
internal static async Task AcquireTokenOnBehalfAndClientAssertionTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); RecorderJwtId.JwtIdIndex = 13; ClientAssertion clientAssertion = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientAssertion, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertion)null, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientAssertion, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
public static void AcquireTokenAndRefreshSessionTest(Sts sts) { var userId = sts.ValidUserId; AuthenticationContextProxy.SetCredentials(userId.Id, sts.ValidPassword); var context = new AuthenticationContextProxy(sts.Authority, false, TokenCacheType.InMemory); AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, userId); VerifySuccessResult(sts, result); AuthenticationContextProxy.Delay(2000); AuthenticationResultProxy result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.RefreshSession, userId); VerifySuccessResult(sts, result2); Verify.AreNotEqual(result.AccessToken, result2.AccessToken); }
public static async Task MixedCaseUserNameTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); UserCredentialProxy credential = new UserCredentialProxy(sts.ValidUserName3, sts.ValidPassword3); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result); Verify.IsNotNull(result.UserInfo); Verify.AreNotEqual(result.UserInfo.DisplayableId, result.UserInfo.DisplayableId.ToLower()); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result2); Verify.IsTrue(AreDateTimeOffsetsEqual(result.ExpiresOn, result2.ExpiresOn)); }
public static async Task AcquireTokenNonInteractivePositiveTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); UserCredentialProxy credential = new UserCredentialProxy(sts.ValidUserName, sts.ValidPassword); AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result); Verify.IsNotNull(result.UserInfo); Verify.IsNotNullOrEmptyString(result.UserInfo.UniqueId); Verify.IsNotNullOrEmptyString(result.UserInfo.DisplayableId); AuthenticationContextProxy.Delay(2000); // Test token cache AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential); VerifySuccessResult(sts, result2); VerifyExpiresOnAreEqual(result, result2); }
public static void AcquireTokenPositiveWithDefaultCacheTest(Sts sts) { AuthenticationContextProxy.ClearDefaultCache(); SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); List <AuthenticationResultProxy> results = AcquireTokenPositiveWithCache(sts, context); VerifyExpiresOnAreEqual(results[0], results[1]); EndBrowserDialogSession(); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy resultWithoutUser = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, UserIdentifier.AnyUser, SecondCallExtraQueryParameter); VerifyExpiresOnAreEqual(results[0], resultWithoutUser); context.VerifySingleItemInCache(results[0], sts.Type); }
public static async Task AcquireTokenPositiveWithDefaultCacheTestAsync(Sts sts) { AuthenticationContextProxy.ClearDefaultCache(); SetCredential(sts); var context = new AuthenticationContextProxy(TestConstants.DefaultAuthorityCommonTenant, sts.ValidateAuthority); List <AuthenticationResultProxy> results = await AcquireTokenPositiveWithCacheAsync(sts, context); VerifyExpiresOnAreEqual(results[0], results[1]); EndBrowserDialogSession(); Log.Comment("Waiting 2 seconds before next token request..."); AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy resultWithoutUser = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, UserIdentifier.AnyUser, SecondCallExtraQueryParameter); VerifyExpiresOnAreEqual(results[0], resultWithoutUser); context.VerifySingleItemInCache(results[0], sts.Type); }
internal static void MsaTest() { AadSts sts = new AadSts(); string liveIdtoken = StsLoginFlow.TryGetSamlToken("https://login.live.com", sts.MsaUserName, sts.MsaPassword, "urn:federation:MicrosoftOnline"); var context = new AuthenticationContext(sts.Authority, sts.ValidateAuthority); try { var result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, new UserAssertion(liveIdtoken, "urn:ietf:params:oauth:grant-type:saml1_1-bearer")); VerifySuccessResult(result); var result2 = context.AcquireTokenSilent(sts.ValidResource2, sts.ValidClientId, new UserIdentifier(sts.MsaUserName, UserIdentifierType.OptionalDisplayableId)); VerifySuccessResult(result2); Verify.IsNotNull(result2.RefreshToken); Verify.IsTrue(result2.IsMultipleResourceRefreshToken); AuthenticationContextProxy.Delay(2000); // 2 seconds delay var result3 = context.AcquireTokenSilent(sts.ValidResource, sts.ValidClientId, new UserIdentifier(sts.MsaUserName, UserIdentifierType.OptionalDisplayableId)); VerifySuccessResult(result3); Verify.IsTrue(AreDateTimeOffsetsEqual(result.ExpiresOn, result3.ExpiresOn)); } catch (Exception ex) { Verify.Fail("Unexpected exception: " + ex); } try { context.TokenCache.Clear(); var result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, new UserAssertion("x", "urn:ietf:params:oauth:grant-type:saml1_1-bearer")); Verify.Fail("Exception expected"); VerifySuccessResult(result); } catch (AdalServiceException ex) { Verify.AreEqual(ex.ErrorCode, "invalid_grant"); Verify.AreEqual(ex.StatusCode, 400); Verify.IsTrue(ex.ServiceErrorCodes.Contains("50008")); } }
public static async Task ClientCredentialTestAsync(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = null; var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); result = await context.AcquireTokenAsync(sts.ValidResource, credential); Verify.IsNotNullOrEmptyString(result.AccessToken); AuthenticationContextProxy.Delay(2000); // 2 seconds delay var result2 = await context.AcquireTokenAsync(sts.ValidResource, credential); Verify.IsNotNullOrEmptyString(result2.AccessToken); VerifyExpiresOnAreEqual(result, result2); result = await context.AcquireTokenAsync(null, credential); VerifyErrorResult(result, Sts.InvalidArgumentError, "resource"); result = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null); VerifyErrorResult(result, Sts.InvalidArgumentError, "clientCredential"); context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null); var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); VerifyErrorResult(result, Sts.InvalidClientError, null, 0, "70002"); invalidCredential = new ClientCredential(sts.ValidConfidentialClientId.Replace("0", "1"), sts.ValidConfidentialClientSecret + "x"); result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential); VerifyErrorResult(result, Sts.UnauthorizedClient, null, 400, "70001"); }
internal static async Task AcquireTokenByAuthorizationCodeWithCacheTest(Sts sts) { var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword); string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId); EndBrowserDialogSession(); AuthenticationContextProxy.SetCredentials(sts.ValidUserName2, sts.ValidPassword2); string authorizationCode2 = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidRequiredUserId2); var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential); AuthenticationContextProxy.Delay(2000); AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode2, sts.ValidRedirectUriForConfidentialClient, credential); VerifySuccessResult(sts, result, true, false); VerifySuccessResult(sts, result2, true, false); VerifyExpiresOnAreNotEqual(result, result2); AuthenticationResultProxy result3 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser); VerifyErrorResult(result3, "multiple_matching_tokens_detected", null); AuthenticationResultProxy result4 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId); AuthenticationResultProxy result5 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidRequiredUserId2); VerifySuccessResult(sts, result4, true, false); VerifySuccessResult(sts, result5, true, false); VerifyExpiresOnAreEqual(result4, result); VerifyExpiresOnAreEqual(result5, result2); VerifyExpiresOnAreNotEqual(result4, result5); }
internal static async Task AcquireTokenOnBehalfAndClientCertificateTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); var clientCertificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 5; AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertionCertificate)null, result.AccessToken); RecorderJwtId.JwtIdIndex = 6; VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCertificate"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCertificate, result.AccessToken + "x"); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCertificate, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidResourceError, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken + "x"); VerifyErrorResult(result2, "invalid_grant", "invalid signature"); var invalidClientCredential = new ClientAssertionCertificate(sts.ValidConfidentialClientId.Replace('1', '2'), new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword)); RecorderJwtId.JwtIdIndex = 7; result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.UnauthorizedClient, "not found"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCertificate, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }
internal static async Task AcquireTokenOnBehalfAndClientCredentialTestAsync(Sts sts) { SetCredential(sts); var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority); AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId); VerifySuccessResult(sts, result); ClientCredential clientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret); AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, null); VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion"); result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCredential"); result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidResourceError, null); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Testing cache AuthenticationContextProxy.Delay(2000); // 2 seconds delay AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result3, true, false); VerifyExpiresOnAreEqual(result2, result3); // Using MRRT in cached token to acquire token for a different resource AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCredential, result.AccessToken + "x"); VerifySuccessResult(sts, result4, true, false); AuthenticationContextProxy.ClearDefaultCache(); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken + "x"); VerifyErrorResult(result2, "invalid_grant", "invalid signature"); ClientCredential invalidClientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x"); result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken); VerifyErrorResult(result2, Sts.InvalidClientError, "Invalid client secret"); result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken); VerifySuccessResult(sts, result2, true, false); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId); VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null); // Using MRRT in cached token to acquire token for a different resource result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCredential, UserIdentifier.AnyUser); VerifySuccessResult(sts, result3, true, false); }