/// <summary>
/// Sets Extra Query Parameters for the query string in the HTTP authentication request.
/// </summary>
/// <param name="extraQueryParameters">This parameter will be appended as is to the query string in the HTTP authentication request to the authority.
/// The string needs to be properly URL-encdoded and ready to send as a string of segments of the form <c>key=value</c> separated by an ampersand character.
/// </param>
/// <returns>The builder to chain the .With methods.</returns>
public T WithExtraQueryParameters(string extraQueryParameters)
{
if (!string.IsNullOrWhiteSpace(extraQueryParameters))
{
return(WithExtraQueryParameters(CoreHelpers.ParseKeyValueList(extraQueryParameters, '&', true, null)));
}
return((T)this);
}
public void ParseAuthorizeResponse(string webAuthenticationResult)
{
var resultUri = new Uri(webAuthenticationResult);
// NOTE: The Fragment property actually contains the leading '#' character and that must be dropped
string resultData = resultUri.Query;
if (!string.IsNullOrWhiteSpace(resultData))
{
// RemoveAccount the leading '?' first
Dictionary <string, string> response = CoreHelpers.ParseKeyValueList(
resultData.Substring(1),
'&',
true,
null);
if (response.ContainsKey(OAuth2Parameter.State))
{
State = response[OAuth2Parameter.State];
}
if (response.ContainsKey(TokenResponseClaim.Code))
{
Code = response[TokenResponseClaim.Code];
}
else if (webAuthenticationResult.StartsWith("msauth://", StringComparison.OrdinalIgnoreCase))
{
Code = webAuthenticationResult;
}
else if (response.ContainsKey(OAuth2ResponseBaseClaim.Error))
{
Error = response[OAuth2ResponseBaseClaim.Error];
ErrorDescription = response.ContainsKey(OAuth2ResponseBaseClaim.ErrorDescription)
? response[OAuth2ResponseBaseClaim.ErrorDescription]
: null;
Status = AuthorizationStatus.ProtocolError;
}
else
{
Error = AuthError.AuthenticationFailed;
ErrorDescription = AuthErrorMessage.AuthorizationServerInvalidResponse;
Status = AuthorizationStatus.UnknownError;
}
if (response.ContainsKey(TokenResponseClaim.CloudInstanceHost))
{
CloudInstanceHost = response[TokenResponseClaim.CloudInstanceHost];
}
}
else
{
Error = AuthError.AuthenticationFailed;
ErrorDescription = AuthErrorMessage.AuthorizationServerInvalidResponse;
Status = AuthorizationStatus.UnknownError;
}
}
/// <inheritdoc />
public async Task <AuthorizationResult> AcquireAuthorizationAsync(
Uri authorizationUri,
Uri redirectUri,
RequestContext requestContext,
CancellationToken cancellationToken)
{
requestContext.Logger.Info(LogMessages.CustomWebUiAcquiringAuthorizationCode);
try
{
requestContext.Logger.InfoPii(
LogMessages.CustomWebUiCallingAcquireAuthorizationCodePii(authorizationUri, redirectUri),
LogMessages.CustomWebUiCallingAcquireAuthorizationCodeNoPii);
var uri = await _customWebUi.AcquireAuthorizationCodeAsync(authorizationUri, redirectUri, cancellationToken)
.ConfigureAwait(false);
if (uri == null || string.IsNullOrWhiteSpace(uri.Query))
{
throw new AuthClientException(
AuthError.CustomWebUiReturnedInvalidUri,
AuthErrorMessage.CustomWebUiReturnedInvalidUri);
}
if (uri.Authority.Equals(redirectUri.Authority, StringComparison.OrdinalIgnoreCase) &&
uri.AbsolutePath.Equals(redirectUri.AbsolutePath, StringComparison.OrdinalIgnoreCase))
{
IDictionary <string, string> inputQp = CoreHelpers.ParseKeyValueList(
authorizationUri.Query.Substring(1),
'&',
true,
null);
requestContext.Logger.Info(LogMessages.CustomWebUiRedirectUriMatched);
return(new AuthorizationResult(AuthorizationStatus.Success, uri.OriginalString));
}
throw new AuthClientException(
AuthError.CustomWebUiRedirectUriMismatch,
AuthErrorMessage.CustomWebUiRedirectUriMismatch(
uri.AbsolutePath,
redirectUri.AbsolutePath));
}
catch (OperationCanceledException)
{
requestContext.Logger.Info(LogMessages.CustomWebUiOperationCancelled);
return(new AuthorizationResult(AuthorizationStatus.UserCancel, null));
}
catch (Exception ex)
{
requestContext.Logger.WarningPiiWithPrefix(ex, AuthErrorMessage.CustomWebUiAuthorizationCodeFailed);
throw;
}
}
public void DecidePolicyForNavigation(WebView webView, NSDictionary actionInformation, NSUrlRequest request, WebFrame frame, NSObject decisionToken)
{
if (request == null)
{
WebView.DecideUse(decisionToken);
return;
}
string requestUrlString = request.Url.ToString();
if (requestUrlString.StartsWith(BrokerConstants.BrowserExtPrefix, StringComparison.OrdinalIgnoreCase))
{
var result = new AuthorizationResult(AuthorizationStatus.ProtocolError)
{
Error = "Unsupported request",
ErrorDescription = "Server is redirecting client to browser. This behavior is not yet defined on Mac OS X."
};
_callbackMethod(result);
WebView.DecideIgnore(decisionToken);
Close();
return;
}
if (requestUrlString.ToLower(CultureInfo.InvariantCulture).StartsWith(_callback.ToLower(CultureInfo.InvariantCulture), StringComparison.OrdinalIgnoreCase) ||
requestUrlString.StartsWith(BrokerConstants.BrowserExtInstallPrefix, StringComparison.OrdinalIgnoreCase))
{
_callbackMethod(new AuthorizationResult(AuthorizationStatus.Success, request.Url.ToString()));
WebView.DecideIgnore(decisionToken);
Close();
return;
}
if (requestUrlString.StartsWith(BrokerConstants.DeviceAuthChallengeRedirect, StringComparison.CurrentCultureIgnoreCase))
{
var uri = new Uri(requestUrlString);
string query = uri.Query;
if (query.StartsWith("?", StringComparison.OrdinalIgnoreCase))
{
query = query.Substring(1);
}
Dictionary <string, string> keyPair = CoreHelpers.ParseKeyValueList(query, '&', true, false, null);
string responseHeader = DeviceAuthHelper.CreateDeviceAuthChallengeResponseAsync(keyPair).Result;
var newRequest = (NSMutableUrlRequest)request.MutableCopy();
newRequest.Url = new NSUrl(keyPair["SubmitUrl"]);
newRequest[BrokerConstants.ChallengeResponseHeader] = responseHeader;
webView.MainFrame.LoadRequest(newRequest);
WebView.DecideIgnore(decisionToken);
return;
}
if (!request.Url.AbsoluteString.Equals("about:blank", StringComparison.CurrentCultureIgnoreCase) &&
!request.Url.Scheme.Equals("https", StringComparison.CurrentCultureIgnoreCase))
{
var result = new AuthorizationResult(AuthorizationStatus.ErrorHttp);
result.Error = AuthError.NonHttpsRedirectNotSupported;
result.ErrorDescription = AuthErrorMessage.NonHttpsRedirectNotSupported;
_callbackMethod(result);
WebView.DecideIgnore(decisionToken);
Close();
}
WebView.DecideUse(decisionToken);
}
[Obsolete] // because parent is obsolete
public override bool ShouldOverrideUrlLoading(WebView view, string url)
{
Uri uri = new Uri(url);
if (url.StartsWith(BrokerConstants.BrowserExtPrefix, StringComparison.OrdinalIgnoreCase))
{
// TODO(migration): Figure out how to get logger into this class. MsalLogger.Default.Verbose("It is browser launch request");
OpenLinkInBrowser(url, Activity);
view.StopLoading();
Activity.Finish();
return(true);
}
if (url.StartsWith(BrokerConstants.BrowserExtInstallPrefix, StringComparison.OrdinalIgnoreCase))
{
// TODO(migration): Figure out how to get logger into this class. MsalLogger.Default.Verbose("It is an azure authenticator install request");
view.StopLoading();
Finish(Activity, url);
return(true);
}
if (url.StartsWith(BrokerConstants.ClientTlsRedirect, StringComparison.OrdinalIgnoreCase))
{
string query = uri.Query;
if (query.StartsWith("?", StringComparison.OrdinalIgnoreCase))
{
query = query.Substring(1);
}
Dictionary <string, string> keyPair = CoreHelpers.ParseKeyValueList(query, '&', true, false, null);
string responseHeader = DeviceAuthHelper.CreateDeviceAuthChallengeResponseAsync(keyPair).Result;
Dictionary <string, string> pkeyAuthEmptyResponse = new Dictionary <string, string>
{
[BrokerConstants.ChallangeResponseHeader] = responseHeader
};
view.LoadUrl(keyPair["SubmitUrl"], pkeyAuthEmptyResponse);
return(true);
}
if (url.StartsWith(_callback, StringComparison.OrdinalIgnoreCase))
{
Finish(Activity, url);
return(true);
}
if (!url.Equals(AboutBlankUri, StringComparison.OrdinalIgnoreCase) && !uri.Scheme.Equals(Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase))
{
UriBuilder errorUri = new UriBuilder(_callback)
{
Query = string.Format(
CultureInfo.InvariantCulture,
"error={0}&error_description={1}",
AuthError.NonHttpsRedirectNotSupported,
AuthErrorMessage.NonHttpsRedirectNotSupported)
};
Finish(Activity, errorUri.ToString());
return(true);
}
return(false);
}