1- // Copyright (c) Microsoft Corporation. All rights reserved.
2- // Licensed under the MIT License.
3-
4- using System ;
5- using System . Collections . Generic ;
6- using System . Threading ;
7- using System . Threading . Tasks ;
8- using Microsoft . Identity . Client . Advanced ;
9- using Microsoft . Identity . Client . ApiConfig . Executors ;
10- using Microsoft . Identity . Client . ApiConfig . Parameters ;
11- using Microsoft . Identity . Client . Internal ;
12- using Microsoft . Identity . Client . TelemetryCore . Internal . Events ;
13- using Microsoft . Identity . Client . Utils ;
14-
15- namespace Microsoft . Identity . Client
1+ // Copyright (c) Microsoft Corporation. All rights reserved.
2+ // Licensed under the MIT License.
3+
4+ using System ;
5+ using System . Collections . Generic ;
6+ using System . Threading ;
7+ using System . Threading . Tasks ;
8+ using Microsoft . Identity . Client . Extensibility ;
9+ using Microsoft . Identity . Client . ApiConfig . Executors ;
10+ using Microsoft . Identity . Client . ApiConfig . Parameters ;
11+ using Microsoft . Identity . Client . Internal ;
12+ using Microsoft . Identity . Client . TelemetryCore . Internal . Events ;
13+ using Microsoft . Identity . Client . Utils ;
14+
15+ namespace Microsoft . Identity . Client
1616{
17- /// <summary>
18- /// Builder for AcquireTokenOnBehalfOf (OBO flow)
19- /// See https://aka.ms/msal-net-on-behalf-of
20- /// </summary>
21- #if ! SUPPORTS_CONFIDENTIAL_CLIENT
22- [ System . ComponentModel . EditorBrowsable ( System . ComponentModel . EditorBrowsableState . Never ) ] // hide confidential client on mobile
23- #endif
24- public sealed class AcquireTokenOnBehalfOfParameterBuilder :
25- AbstractConfidentialClientAcquireTokenParameterBuilder < AcquireTokenOnBehalfOfParameterBuilder >
26- {
27- internal AcquireTokenOnBehalfOfParameters Parameters { get ; } = new AcquireTokenOnBehalfOfParameters ( ) ;
28-
29- /// <inheritdoc/>
30- internal AcquireTokenOnBehalfOfParameterBuilder ( IConfidentialClientApplicationExecutor confidentialClientApplicationExecutor )
31- : base ( confidentialClientApplicationExecutor )
32- {
33- }
34-
35- internal static AcquireTokenOnBehalfOfParameterBuilder Create (
36- IConfidentialClientApplicationExecutor confidentialClientApplicationExecutor ,
37- IEnumerable < string > scopes ,
38- UserAssertion userAssertion )
39- {
40- return new AcquireTokenOnBehalfOfParameterBuilder ( confidentialClientApplicationExecutor )
41- . WithScopes ( scopes )
42- . WithUserAssertion ( userAssertion ) ;
43- }
44-
45- internal static AcquireTokenOnBehalfOfParameterBuilder Create (
46- IConfidentialClientApplicationExecutor confidentialClientApplicationExecutor ,
47- IEnumerable < string > scopes ,
48- UserAssertion userAssertion ,
49- string cacheKey )
50- {
51- return new AcquireTokenOnBehalfOfParameterBuilder ( confidentialClientApplicationExecutor )
52- . WithScopes ( scopes )
53- . WithUserAssertion ( userAssertion )
54- . WithCacheKey ( cacheKey ) ;
55- }
56-
57- internal static AcquireTokenOnBehalfOfParameterBuilder Create (
58- IConfidentialClientApplicationExecutor confidentialClientApplicationExecutor ,
59- IEnumerable < string > scopes ,
60- string cacheKey )
61- {
62- return new AcquireTokenOnBehalfOfParameterBuilder ( confidentialClientApplicationExecutor )
63- . WithScopes ( scopes )
64- . WithCacheKey ( cacheKey ) ;
65- }
66-
67- private AcquireTokenOnBehalfOfParameterBuilder WithUserAssertion ( UserAssertion userAssertion )
68- {
69- Parameters . UserAssertion = userAssertion ;
70- return this ;
71- }
72-
73- /// <summary>
74- /// Specifies a key by which to look up the token in the cache instead of searching by an assertion.
75- /// </summary>
76- /// <param name="cacheKey">Key by which to look up the token in the cache</param>
77- /// <returns>A builder enabling you to add optional parameters before executing the token request</returns>
78- private AcquireTokenOnBehalfOfParameterBuilder WithCacheKey ( string cacheKey )
79- {
80- Parameters . LongRunningOboCacheKey = cacheKey ?? throw new ArgumentNullException ( nameof ( cacheKey ) ) ;
81- return this ;
82- }
83-
84- /// <summary>
17+ /// <summary>
18+ /// Builder for AcquireTokenOnBehalfOf (OBO flow)
19+ /// See https://aka.ms/msal-net-on-behalf-of
20+ /// </summary>
21+ #if ! SUPPORTS_CONFIDENTIAL_CLIENT
22+ [ System . ComponentModel . EditorBrowsable ( System . ComponentModel . EditorBrowsableState . Never ) ] // hide confidential client on mobile
23+ #endif
24+ public sealed class AcquireTokenOnBehalfOfParameterBuilder :
25+ AbstractConfidentialClientAcquireTokenParameterBuilder < AcquireTokenOnBehalfOfParameterBuilder >
26+ {
27+ internal AcquireTokenOnBehalfOfParameters Parameters { get ; } = new AcquireTokenOnBehalfOfParameters ( ) ;
28+
29+ /// <inheritdoc/>
30+ internal AcquireTokenOnBehalfOfParameterBuilder ( IConfidentialClientApplicationExecutor confidentialClientApplicationExecutor )
31+ : base ( confidentialClientApplicationExecutor )
32+ {
33+ }
34+
35+ internal static AcquireTokenOnBehalfOfParameterBuilder Create (
36+ IConfidentialClientApplicationExecutor confidentialClientApplicationExecutor ,
37+ IEnumerable < string > scopes ,
38+ UserAssertion userAssertion )
39+ {
40+ return new AcquireTokenOnBehalfOfParameterBuilder ( confidentialClientApplicationExecutor )
41+ . WithScopes ( scopes )
42+ . WithUserAssertion ( userAssertion ) ;
43+ }
44+
45+ internal static AcquireTokenOnBehalfOfParameterBuilder Create (
46+ IConfidentialClientApplicationExecutor confidentialClientApplicationExecutor ,
47+ IEnumerable < string > scopes ,
48+ UserAssertion userAssertion ,
49+ string cacheKey )
50+ {
51+ return new AcquireTokenOnBehalfOfParameterBuilder ( confidentialClientApplicationExecutor )
52+ . WithScopes ( scopes )
53+ . WithUserAssertion ( userAssertion )
54+ . WithCacheKey ( cacheKey ) ;
55+ }
56+
57+ internal static AcquireTokenOnBehalfOfParameterBuilder Create (
58+ IConfidentialClientApplicationExecutor confidentialClientApplicationExecutor ,
59+ IEnumerable < string > scopes ,
60+ string cacheKey )
61+ {
62+ return new AcquireTokenOnBehalfOfParameterBuilder ( confidentialClientApplicationExecutor )
63+ . WithScopes ( scopes )
64+ . WithCacheKey ( cacheKey ) ;
65+ }
66+
67+ private AcquireTokenOnBehalfOfParameterBuilder WithUserAssertion ( UserAssertion userAssertion )
68+ {
69+ Parameters . UserAssertion = userAssertion ;
70+ return this ;
71+ }
72+
73+ /// <summary>
74+ /// Specifies a key by which to look up the token in the cache instead of searching by an assertion.
75+ /// </summary>
76+ /// <param name="cacheKey">Key by which to look up the token in the cache</param>
77+ /// <returns>A builder enabling you to add optional parameters before executing the token request</returns>
78+ private AcquireTokenOnBehalfOfParameterBuilder WithCacheKey ( string cacheKey )
79+ {
80+ Parameters . LongRunningOboCacheKey = cacheKey ?? throw new ArgumentNullException ( nameof ( cacheKey ) ) ;
81+ return this ;
82+ }
83+
84+ /// <summary>
8585 /// Applicable to first-party applications only, this method also allows to specify
8686 /// if the <see href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.7">x5c claim</see> should be sent to Azure AD.
8787 /// Sending the x5c enables application developers to achieve easy certificate roll-over in Azure AD:
8888 /// this method will send the certificate chain to Azure AD along with the token request,
8989 /// so that Azure AD can use it to validate the subject name based on a trusted issuer policy.
9090 /// This saves the application admin from the need to explicitly manage the certificate rollover
9191 /// (either via portal or PowerShell/CLI operation). For details see https://aka.ms/msal-net-sni
92- /// </summary>
93- /// <param name="withSendX5C"><c>true</c> if the x5c should be sent. Otherwise <c>false</c>.
94- /// The default is <c>false</c></param>
95- /// <returns>The builder to chain the .With methods</returns>
96- public AcquireTokenOnBehalfOfParameterBuilder WithSendX5C ( bool withSendX5C )
97- {
92+ /// </summary>
93+ /// <param name="withSendX5C"><c>true</c> if the x5c should be sent. Otherwise <c>false</c>.
94+ /// The default is <c>false</c></param>
95+ /// <returns>The builder to chain the .With methods</returns>
96+ public AcquireTokenOnBehalfOfParameterBuilder WithSendX5C ( bool withSendX5C )
97+ {
9898 Parameters . SendX5C = withSendX5C ;
99- return this ;
100- }
101-
102- /// <summary>
99+ return this ;
100+ }
101+
102+ /// <summary>
103103 /// Specifies if the client application should ignore access tokens when reading the token cache.
104104 /// New tokens will still be written to the token cache.
105105 /// By default the token is taken from the the user token cache (forceRefresh=false)
106- /// </summary>
107- /// <param name="forceRefresh">If <c>true</c>, ignore any access token in the user token cache
108- /// and attempt to acquire new access token using the refresh token for the account
106+ /// </summary>
107+ /// <param name="forceRefresh">If <c>true</c>, ignore any access token in the user token cache
108+ /// and attempt to acquire new access token using the refresh token for the account
109109 /// if one is available. The default is <c>false</c></param>
110- /// <returns>The builder to chain the .With methods</returns>
110+ /// <returns>The builder to chain the .With methods</returns>
111111 /// <remarks>
112112 /// Do not use this flag except in well understood cases. Identity Providers will throttle clients that issue too many similar token requests.
113113 /// </remarks>
114- public AcquireTokenOnBehalfOfParameterBuilder WithForceRefresh ( bool forceRefresh )
115- {
116- Parameters . ForceRefresh = forceRefresh ;
117- return this ;
118- }
119-
120- /// <summary>
121- /// To help with resiliency, the AAD backup authentication system operates as an AAD backup.
122- /// This will provide the AAD backup authentication system with a routing hint to help improve performance during authentication.
123- /// </summary>
124- /// <param name="userObjectIdentifier">GUID which is unique to the user, parsed from the client_info.</param>
125- /// <param name="tenantIdentifier">GUID format of the tenant ID, parsed from the client_info.</param>
126- /// <returns>The builder to chain the .With methods</returns>
127- public AcquireTokenOnBehalfOfParameterBuilder WithCcsRoutingHint ( string userObjectIdentifier , string tenantIdentifier )
128- {
129- if ( string . IsNullOrEmpty ( userObjectIdentifier ) || string . IsNullOrEmpty ( tenantIdentifier ) )
130- {
131- return this ;
132- }
133-
134- var ccsRoutingHeader = new Dictionary < string , string > ( )
135- {
136- { Constants . CcsRoutingHintHeader , CoreHelpers . GetCcsClientInfoHint ( userObjectIdentifier , tenantIdentifier ) }
137- } ;
138-
139- this . WithExtraHttpHeaders ( ccsRoutingHeader ) ;
140- return this ;
141- }
142-
143- /// <summary>
144- /// To help with resiliency, the AAD backup authentication system operates as an AAD backup.
145- /// This will provide the AAD backup authentication system with a routing hint to help improve performance during authentication.
146- /// </summary>
147- /// <param name="userName">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>[email protected] </c></param> 148- /// <returns>The builder to chain the .With methods</returns>
149- public AcquireTokenOnBehalfOfParameterBuilder WithCcsRoutingHint ( string userName )
150- {
151- if ( string . IsNullOrEmpty ( userName ) )
152- {
153- return this ;
154- }
155-
156- var ccsRoutingHeader = new Dictionary < string , string > ( )
157- {
158- { Constants . CcsRoutingHintHeader , CoreHelpers . GetCcsUpnHint ( userName ) }
159- } ;
160-
161- this . WithExtraHttpHeaders ( ccsRoutingHeader ) ;
162- return this ;
114+ public AcquireTokenOnBehalfOfParameterBuilder WithForceRefresh ( bool forceRefresh )
115+ {
116+ Parameters . ForceRefresh = forceRefresh ;
117+ return this ;
118+ }
119+
120+ /// <summary>
121+ /// To help with resiliency, the AAD backup authentication system operates as an AAD backup.
122+ /// This will provide the AAD backup authentication system with a routing hint to help improve performance during authentication.
123+ /// </summary>
124+ /// <param name="userObjectIdentifier">GUID which is unique to the user, parsed from the client_info.</param>
125+ /// <param name="tenantIdentifier">GUID format of the tenant ID, parsed from the client_info.</param>
126+ /// <returns>The builder to chain the .With methods</returns>
127+ public AcquireTokenOnBehalfOfParameterBuilder WithCcsRoutingHint ( string userObjectIdentifier , string tenantIdentifier )
128+ {
129+ if ( string . IsNullOrEmpty ( userObjectIdentifier ) || string . IsNullOrEmpty ( tenantIdentifier ) )
130+ {
131+ return this ;
132+ }
133+
134+ var ccsRoutingHeader = new Dictionary < string , string > ( )
135+ {
136+ { Constants . CcsRoutingHintHeader , CoreHelpers . GetCcsClientInfoHint ( userObjectIdentifier , tenantIdentifier ) }
137+ } ;
138+
139+ this . WithExtraHttpHeaders ( ccsRoutingHeader ) ;
140+ return this ;
141+ }
142+
143+ /// <summary>
144+ /// To help with resiliency, the AAD backup authentication system operates as an AAD backup.
145+ /// This will provide the AAD backup authentication system with a routing hint to help improve performance during authentication.
146+ /// </summary>
147+ /// <param name="userName">Identifier of the user. Generally in UserPrincipalName (UPN) format, e.g. <c>[email protected] </c></param> 148+ /// <returns>The builder to chain the .With methods</returns>
149+ public AcquireTokenOnBehalfOfParameterBuilder WithCcsRoutingHint ( string userName )
150+ {
151+ if ( string . IsNullOrEmpty ( userName ) )
152+ {
153+ return this ;
154+ }
155+
156+ var ccsRoutingHeader = new Dictionary < string , string > ( )
157+ {
158+ { Constants . CcsRoutingHintHeader , CoreHelpers . GetCcsUpnHint ( userName ) }
159+ } ;
160+
161+ this . WithExtraHttpHeaders ( ccsRoutingHeader ) ;
162+ return this ;
163163 }
164-
165- /// <inheritdoc/>
166- internal override Task < AuthenticationResult > ExecuteInternalAsync ( CancellationToken cancellationToken )
167- {
168- return ConfidentialClientApplicationExecutor . ExecuteAsync ( CommonParameters , Parameters , cancellationToken ) ;
169- }
170-
164+
165+ /// <inheritdoc/>
166+ internal override Task < AuthenticationResult > ExecuteInternalAsync ( CancellationToken cancellationToken )
167+ {
168+ return ConfidentialClientApplicationExecutor . ExecuteAsync ( CommonParameters , Parameters , cancellationToken ) ;
169+ }
170+
171171 /// <inheritdoc/>
172172 protected override void Validate ( )
173173 {
174174 base . Validate ( ) ;
175- if ( Parameters . SendX5C == null )
176- {
177- Parameters . SendX5C = this . ServiceBundle . Config ? . SendX5C ?? false ;
175+ if ( Parameters . SendX5C == null )
176+ {
177+ Parameters . SendX5C = this . ServiceBundle . Config ? . SendX5C ?? false ;
178178 }
179- }
180- /// <inheritdoc/>
181- internal override ApiEvent . ApiIds CalculateApiEventId ( )
179+ }
180+ /// <inheritdoc/>
181+ internal override ApiEvent . ApiIds CalculateApiEventId ( )
182182 {
183183 if ( string . IsNullOrEmpty ( Parameters . LongRunningOboCacheKey ) )
184184 {
@@ -194,7 +194,7 @@ internal override ApiEvent.ApiIds CalculateApiEventId()
194194 {
195195 return ApiEvent . ApiIds . AcquireTokenInLongRunningObo ;
196196 }
197- }
198- }
199- }
200- }
197+ }
198+ }
199+ }
200+ }
0 commit comments