public static async Task <List <AuthenticationResultProxy> > AcquireTokenPositiveWithCacheAsync(Sts sts, AuthenticationContextProxy context)
{
AuthenticationResultProxy result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId);
VerifySuccessResult(sts, result);
Log.Comment("Waiting 2 seconds before next token request...");
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result2;
if (result.UserInfo != null)
{
result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId), SecondCallExtraQueryParameter);
}
else
{
result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters);
}
VerifySuccessResult(sts, result2);
return(new List <AuthenticationResultProxy> {
result, result2
});
}
internal static void CacheExpirationMarginTest(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationContextProxy.SetCredentials(null, null);
var userId = (result.UserInfo != null) ? new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId) : UserIdentifier.AnyUser;
AuthenticationResultProxy result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, userId, SecondCallExtraQueryParameter);
VerifySuccessResult(sts, result2);
VerifyExpiresOnAreEqual(result, result2);
var dummyContext = new AuthenticationContext("https://dummy/dummy", false);
AdalFriend.UpdateTokenExpiryOnTokenCache(dummyContext.TokenCache, DateTime.UtcNow + TimeSpan.FromSeconds(4 * 60 + 50));
result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, userId);
VerifySuccessResult(sts, result2);
Verify.AreNotEqual(result.AccessToken, result2.AccessToken);
}
public static List <AuthenticationResultProxy> AcquireTokenPositiveWithCache(Sts sts, AuthenticationContextProxy context)
{
AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
Log.Comment("Waiting 2 seconds before next token request...");
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result2;
if (result.UserInfo != null)
{
result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId), SecondCallExtraQueryParameter);
}
else
{
result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri);
}
VerifySuccessResult(sts, result2);
return(new List <AuthenticationResultProxy> {
result, result2
});
}
public static async Task ConfidentialClientTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result);
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
context.SetCorrelationId(new Guid("2ddbba59-1a04-43fb-b363-7fb0ae785031"));
// Test cache usage in AcquireTokenByAuthorizationCodeAsync
// There is no cache lookup, so the results should be different.
AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result2);
Verify.AreNotEqual(result.AccessToken, result2.AccessToken);
AuthenticationContextProxy.ClearDefaultCache();
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, credential);
VerifySuccessResult(sts, result, true, false);
result = await context.AcquireTokenByRefreshTokenAsync(result.RefreshToken, sts.ValidConfidentialClientId, sts.ValidResource);
VerifyErrorResult(result, "invalid_request", null, 400, "90014"); // ACS90014: The request body must contain the following parameter: 'client_secret or client_assertion'.
result = await context.AcquireTokenByAuthorizationCodeAsync(null, sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_argument", "authorizationCode");
result = await context.AcquireTokenByAuthorizationCodeAsync(string.Empty, sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_argument", "authorizationCode");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode + "x", sts.ValidRedirectUriForConfidentialClient, credential);
VerifyErrorResult(result, "invalid_grant", "authorization code");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, new Uri(sts.ValidRedirectUriForConfidentialClient.AbsoluteUri + "x"), credential);
VerifyErrorResult(result, "invalid_grant", "does not match the reply address", 400, "70002");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, (ClientCredential)null);
VerifyErrorResult(result, "invalid_argument", "credential");
var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x");
result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, invalidCredential);
VerifyErrorResult(result, "invalid_client", "client secret", 401);
}
public static async Task UserInfoTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(TestConstants.DefaultAuthorityCommonTenant, sts.ValidateAuthority);
AuthenticationResultProxy result = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId);
VerifySuccessResult(sts, result);
AuthenticationResultProxy result2;
if (sts.Type == StsType.AAD)
{
Verify.AreEqual(sts.ValidUserName, result.UserInfo.DisplayableId);
Verify.IsNotNullOrEmptyString(result.UserInfo.UniqueId);
Verify.IsNotNullOrEmptyString(result.UserInfo.GivenName);
Verify.IsNotNullOrEmptyString(result.UserInfo.FamilyName);
EndBrowserDialogSession();
Log.Comment("Waiting 2 seconds before next token request...");
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationContextProxy.SetCredentials(null, null);
result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters,
new UserIdentifier(result.UserInfo.DisplayableId, UserIdentifierType.OptionalDisplayableId),
SecondCallExtraQueryParameter);
ValidateAuthenticationResultsAreEqual(result, result2);
}
AuthenticationContextProxy.SetCredentials(null, null);
result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters);
Verify.AreEqual(result.AccessToken, result2.AccessToken);
SetCredential(sts);
result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.ValidUserId, ThirdCallExtraQueryParameter);
VerifySuccessResult(sts, result2);
if (result.UserInfo != null)
{
ValidateAuthenticationResultsAreEqual(result, result2);
}
else
{
VerifyExpiresOnAreNotEqual(result, result2);
}
EndBrowserDialogSession();
Log.Comment("Waiting 2 seconds before next token request...");
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword);
result2 = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, sts.InvalidRequiredUserId, SecondCallExtraQueryParameter);
VerifyErrorResult(result2, "user_mismatch", null);
}
internal static async Task AcquireTokenOnBehalfAndClientAssertionTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
RecorderJwtId.JwtIdIndex = 13;
ClientAssertion clientAssertion = CreateClientAssertion(sts.Authority, sts.ValidConfidentialClientId, sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword);
AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientAssertion, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, null);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertion)null, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Testing cache
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result3, true, false);
VerifyExpiresOnAreEqual(result2, result3);
// Using MRRT in cached token to acquire token for a different resource
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result4, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientAssertion, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientAssertion, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result3, true, false);
}
public static void AcquireTokenAndRefreshSessionTest(Sts sts)
{
var userId = sts.ValidUserId;
AuthenticationContextProxy.SetCredentials(userId.Id, sts.ValidPassword);
var context = new AuthenticationContextProxy(sts.Authority, false, TokenCacheType.InMemory);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, userId);
VerifySuccessResult(sts, result);
AuthenticationContextProxy.Delay(2000);
AuthenticationResultProxy result2 = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.RefreshSession, userId);
VerifySuccessResult(sts, result2);
Verify.AreNotEqual(result.AccessToken, result2.AccessToken);
}
public static async Task MixedCaseUserNameTestAsync(Sts sts)
{
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
UserCredentialProxy credential = new UserCredentialProxy(sts.ValidUserName3, sts.ValidPassword3);
AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential);
VerifySuccessResult(sts, result);
Verify.IsNotNull(result.UserInfo);
Verify.AreNotEqual(result.UserInfo.DisplayableId, result.UserInfo.DisplayableId.ToLower());
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential);
VerifySuccessResult(sts, result2);
Verify.IsTrue(AreDateTimeOffsetsEqual(result.ExpiresOn, result2.ExpiresOn));
}
public static async Task AcquireTokenNonInteractivePositiveTestAsync(Sts sts)
{
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
UserCredentialProxy credential = new UserCredentialProxy(sts.ValidUserName, sts.ValidPassword);
AuthenticationResultProxy result = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential);
VerifySuccessResult(sts, result);
Verify.IsNotNull(result.UserInfo);
Verify.IsNotNullOrEmptyString(result.UserInfo.UniqueId);
Verify.IsNotNullOrEmptyString(result.UserInfo.DisplayableId);
AuthenticationContextProxy.Delay(2000);
// Test token cache
AuthenticationResultProxy result2 = await context.AcquireTokenAsync(sts.ValidResource, sts.ValidClientId, credential);
VerifySuccessResult(sts, result2);
VerifyExpiresOnAreEqual(result, result2);
}
public static void AcquireTokenPositiveWithDefaultCacheTest(Sts sts)
{
AuthenticationContextProxy.ClearDefaultCache();
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
List <AuthenticationResultProxy> results = AcquireTokenPositiveWithCache(sts, context);
VerifyExpiresOnAreEqual(results[0], results[1]);
EndBrowserDialogSession();
Log.Comment("Waiting 2 seconds before next token request...");
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy resultWithoutUser = context.AcquireToken(sts.ValidResource, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, UserIdentifier.AnyUser, SecondCallExtraQueryParameter);
VerifyExpiresOnAreEqual(results[0], resultWithoutUser);
context.VerifySingleItemInCache(results[0], sts.Type);
}
public static async Task AcquireTokenPositiveWithDefaultCacheTestAsync(Sts sts)
{
AuthenticationContextProxy.ClearDefaultCache();
SetCredential(sts);
var context = new AuthenticationContextProxy(TestConstants.DefaultAuthorityCommonTenant, sts.ValidateAuthority);
List <AuthenticationResultProxy> results = await AcquireTokenPositiveWithCacheAsync(sts, context);
VerifyExpiresOnAreEqual(results[0], results[1]);
EndBrowserDialogSession();
Log.Comment("Waiting 2 seconds before next token request...");
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy resultWithoutUser = await context.AcquireTokenAsync(TestConstants.DefaultResource, TestConstants.DefaultClientId, TestConstants.DefaultResource, PlatformParameters, UserIdentifier.AnyUser, SecondCallExtraQueryParameter);
VerifyExpiresOnAreEqual(results[0], resultWithoutUser);
context.VerifySingleItemInCache(results[0], sts.Type);
}
internal static void MsaTest()
{
AadSts sts = new AadSts();
string liveIdtoken = StsLoginFlow.TryGetSamlToken("https://login.live.com", sts.MsaUserName, sts.MsaPassword, "urn:federation:MicrosoftOnline");
var context = new AuthenticationContext(sts.Authority, sts.ValidateAuthority);
try
{
var result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, new UserAssertion(liveIdtoken, "urn:ietf:params:oauth:grant-type:saml1_1-bearer"));
VerifySuccessResult(result);
var result2 = context.AcquireTokenSilent(sts.ValidResource2, sts.ValidClientId, new UserIdentifier(sts.MsaUserName, UserIdentifierType.OptionalDisplayableId));
VerifySuccessResult(result2);
Verify.IsNotNull(result2.RefreshToken);
Verify.IsTrue(result2.IsMultipleResourceRefreshToken);
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
var result3 = context.AcquireTokenSilent(sts.ValidResource, sts.ValidClientId, new UserIdentifier(sts.MsaUserName, UserIdentifierType.OptionalDisplayableId));
VerifySuccessResult(result3);
Verify.IsTrue(AreDateTimeOffsetsEqual(result.ExpiresOn, result3.ExpiresOn));
}
catch (Exception ex)
{
Verify.Fail("Unexpected exception: " + ex);
}
try
{
context.TokenCache.Clear();
var result = context.AcquireToken(sts.ValidResource, sts.ValidClientId, new UserAssertion("x", "urn:ietf:params:oauth:grant-type:saml1_1-bearer"));
Verify.Fail("Exception expected");
VerifySuccessResult(result);
}
catch (AdalServiceException ex)
{
Verify.AreEqual(ex.ErrorCode, "invalid_grant");
Verify.AreEqual(ex.StatusCode, 400);
Verify.IsTrue(ex.ServiceErrorCodes.Contains("50008"));
}
}
public static async Task ClientCredentialTestAsync(Sts sts)
{
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = null;
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
result = await context.AcquireTokenAsync(sts.ValidResource, credential);
Verify.IsNotNullOrEmptyString(result.AccessToken);
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
var result2 = await context.AcquireTokenAsync(sts.ValidResource, credential);
Verify.IsNotNullOrEmptyString(result2.AccessToken);
VerifyExpiresOnAreEqual(result, result2);
result = await context.AcquireTokenAsync(null, credential);
VerifyErrorResult(result, Sts.InvalidArgumentError, "resource");
result = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null);
VerifyErrorResult(result, Sts.InvalidArgumentError, "clientCredential");
context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority, TokenCacheType.Null);
var invalidCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x");
result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential);
VerifyErrorResult(result, Sts.InvalidClientError, null, 0, "70002");
invalidCredential = new ClientCredential(sts.ValidConfidentialClientId.Replace("0", "1"), sts.ValidConfidentialClientSecret + "x");
result = await context.AcquireTokenAsync(sts.ValidResource, invalidCredential);
VerifyErrorResult(result, Sts.UnauthorizedClient, null, 400, "70001");
}
internal static async Task AcquireTokenByAuthorizationCodeWithCacheTest(Sts sts)
{
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationContextProxy.SetCredentials(sts.ValidUserName, sts.ValidPassword);
string authorizationCode = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidUserId);
EndBrowserDialogSession();
AuthenticationContextProxy.SetCredentials(sts.ValidUserName2, sts.ValidPassword2);
string authorizationCode2 = context.AcquireAccessCode(sts.ValidResource, sts.ValidConfidentialClientId, sts.ValidRedirectUriForConfidentialClient, sts.ValidRequiredUserId2);
var credential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode, sts.ValidRedirectUriForConfidentialClient, credential);
AuthenticationContextProxy.Delay(2000);
AuthenticationResultProxy result2 = await context.AcquireTokenByAuthorizationCodeAsync(authorizationCode2, sts.ValidRedirectUriForConfidentialClient, credential);
VerifySuccessResult(sts, result, true, false);
VerifySuccessResult(sts, result2, true, false);
VerifyExpiresOnAreNotEqual(result, result2);
AuthenticationResultProxy result3 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, UserIdentifier.AnyUser);
VerifyErrorResult(result3, "multiple_matching_tokens_detected", null);
AuthenticationResultProxy result4 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidUserId);
AuthenticationResultProxy result5 = await context.AcquireTokenSilentAsync(sts.ValidResource, credential, sts.ValidRequiredUserId2);
VerifySuccessResult(sts, result4, true, false);
VerifySuccessResult(sts, result5, true, false);
VerifyExpiresOnAreEqual(result4, result);
VerifyExpiresOnAreEqual(result5, result2);
VerifyExpiresOnAreNotEqual(result4, result5);
}
internal static async Task AcquireTokenOnBehalfAndClientCertificateTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
var clientCertificate = new ClientAssertionCertificate(sts.ValidConfidentialClientId, new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword));
RecorderJwtId.JwtIdIndex = 5;
AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCertificate, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, null);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientAssertionCertificate)null, result.AccessToken);
RecorderJwtId.JwtIdIndex = 6;
VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCertificate");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Testing cache
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken);
VerifySuccessResult(sts, result3, true, false);
VerifyExpiresOnAreEqual(result2, result3);
// Using MRRT in cached token to acquire token for a different resource
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCertificate, result.AccessToken + "x");
VerifySuccessResult(sts, result4, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCertificate, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidResourceError, null);
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken + "x");
VerifyErrorResult(result2, "invalid_grant", "invalid signature");
var invalidClientCredential = new ClientAssertionCertificate(sts.ValidConfidentialClientId.Replace('1', '2'), new X509Certificate2(sts.ConfidentialClientCertificateName, sts.ConfidentialClientCertificatePassword));
RecorderJwtId.JwtIdIndex = 7;
result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.UnauthorizedClient, "not found");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCertificate, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId);
VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCertificate, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result3, true, false);
}
internal static async Task AcquireTokenOnBehalfAndClientCredentialTestAsync(Sts sts)
{
SetCredential(sts);
var context = new AuthenticationContextProxy(sts.Authority, sts.ValidateAuthority);
AuthenticationResultProxy result = context.AcquireToken(sts.ValidConfidentialClientId, sts.ValidClientId, sts.ValidDefaultRedirectUri, PromptBehaviorProxy.Auto, sts.ValidUserId);
VerifySuccessResult(sts, result);
ClientCredential clientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret);
AuthenticationResultProxy result2 = await context.AcquireTokenAsync(null, clientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "resource");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, null);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "userAssertion");
result2 = await context.AcquireTokenAsync(sts.ValidResource, (ClientCredential)null, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidArgumentError, "clientCredential");
result2 = await context.AcquireTokenAsync(sts.ValidResource + "x", clientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidResourceError, null);
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Testing cache
AuthenticationContextProxy.Delay(2000); // 2 seconds delay
AuthenticationResultProxy result3 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken);
VerifySuccessResult(sts, result3, true, false);
VerifyExpiresOnAreEqual(result2, result3);
// Using MRRT in cached token to acquire token for a different resource
AuthenticationResultProxy result4 = await context.AcquireTokenAsync(sts.ValidResource2, clientCredential, result.AccessToken + "x");
VerifySuccessResult(sts, result4, true, false);
AuthenticationContextProxy.ClearDefaultCache();
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken + "x");
VerifyErrorResult(result2, "invalid_grant", "invalid signature");
ClientCredential invalidClientCredential = new ClientCredential(sts.ValidConfidentialClientId, sts.ValidConfidentialClientSecret + "x");
result2 = await context.AcquireTokenAsync(sts.ValidResource, invalidClientCredential, result.AccessToken);
VerifyErrorResult(result2, Sts.InvalidClientError, "Invalid client secret");
result2 = await context.AcquireTokenAsync(sts.ValidResource, clientCredential, result.AccessToken);
VerifySuccessResult(sts, result2, true, false);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, sts.ValidConfidentialClientId);
VerifyErrorResult(result3, AdalError.FailedToAcquireTokenSilently, null);
// Using MRRT in cached token to acquire token for a different resource
result3 = await context.AcquireTokenSilentAsync(sts.ValidResource2, clientCredential, UserIdentifier.AnyUser);
VerifySuccessResult(sts, result3, true, false);
}
