-
Notifications
You must be signed in to change notification settings - Fork 4.5k
/
PopTokenRequestContext.cs
114 lines (99 loc) · 6.05 KB
/
PopTokenRequestContext.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
using System;
using System.Net.Http;
namespace Azure.Core
{
/// <summary>
/// Contains the details of an authentication token request.
/// </summary>
public readonly struct PopTokenRequestContext
{
/// <summary>
/// Creates a new TokenRequest with the specified scopes.
/// </summary>
/// <param name="scopes">The scopes required for the token.</param>
/// <param name="parentRequestId">The <see cref="Request.ClientRequestId"/> of the request requiring a token for authentication, if applicable.</param>
/// <param name="claims">Additional claims to be included in the token.</param>
/// <param name="tenantId">The tenant ID to be included in the token request.</param>
/// <param name="isCaeEnabled">Indicates whether to enable Continuous Access Evaluation (CAE) for the requested token.</param>
/// <param name="isProofOfPossessionEnabled">Indicates whether to enable Proof of Possession (PoP) for the requested token.</param>
/// <param name="proofOfPossessionNonce">The nonce value required for PoP token requests.</param>
/// <param name="request">The request to be authorized with a PoP token.</param>
public PopTokenRequestContext(string[] scopes, string? parentRequestId = default, string? claims = default, string? tenantId = default, bool isCaeEnabled = false, bool isProofOfPossessionEnabled = false, string? proofOfPossessionNonce = default, Request? request = default)
{
Scopes = scopes;
ParentRequestId = parentRequestId;
Claims = claims;
TenantId = tenantId;
IsCaeEnabled = isCaeEnabled;
ProofOfPossessionNonce = proofOfPossessionNonce;
IsProofOfPossessionEnabled = isProofOfPossessionEnabled;
_request = request;
}
/// <summary>
/// Creates a new TokenRequestContext from this instance.
/// </summary>
/// <returns>A <see cref="TokenRequestContext"/>.</returns>
public TokenRequestContext ToTokenRequestContext()
{
return new TokenRequestContext(Scopes, ParentRequestId, Claims, TenantId, IsCaeEnabled);
}
/// <param name="context">The <see cref="TokenRequestContext"/> to use for creation of this instance.</param>
/// <param name="request">The <see cref="Request"/> to be authenticated.</param>
/// <param name="isProofOfPossessionEnabled">If <c>true</c> enables Proof of Possession (PoP) for the requested token.</param>
/// <returns>A <see cref="PopTokenRequestContext"/>.</returns>
public static PopTokenRequestContext FromTokenRequestContext(TokenRequestContext context, Request? request = default, bool? isProofOfPossessionEnabled = false)
{
return new PopTokenRequestContext(context.Scopes, context.ParentRequestId, context.Claims, context.TenantId, context.IsCaeEnabled, isProofOfPossessionEnabled ?? false, default, request);
}
/// <summary>
/// Creates a new TokenRequestContext from this instance.
/// </summary>
/// <param name="context"></param>
public static implicit operator TokenRequestContext(PopTokenRequestContext context) => context.ToTokenRequestContext();
/// <summary>
/// The scopes required for the token.
/// </summary>
public string[] Scopes { get; }
/// <summary>
/// The <see cref="Request.ClientRequestId"/> of the request requiring a token for authentication, if applicable.
/// </summary>
public string? ParentRequestId { get; }
/// <summary>
/// Additional claims to be included in the token. See <see href="https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter">https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter</see> for more information on format and content.
/// </summary>
public string? Claims { get; }
/// <summary>
/// The tenant ID to be included in the token request.
/// </summary>
public string? TenantId { get; }
/// <summary>
/// Indicates whether to enable Continuous Access Evaluation (CAE) for the requested token.
/// </summary>
/// <remarks>
/// If a resource API implements CAE and your application declares it can handle CAE, your app receives CAE tokens for that resource.
/// For this reason, if you declare your app CAE-ready, your app must handle the CAE claim challenge for all resource APIs that accept Microsoft Identity access tokens.
/// If you don't handle CAE responses in these API calls, your app could end up in a loop retrying an API call with a token that is still in the returned lifespan of the token but has been revoked due to CAE.
/// </remarks>
public bool IsCaeEnabled { get; }
/// <summary>
/// Indicates whether to enable Proof of Possession (PoP) for the requested token.
/// </summary>
public bool IsProofOfPossessionEnabled { get; }
/// <summary>
/// The nonce value required for PoP token requests. This is typically retrieved from teh WWW-Authenticate header of a 401 challenge response.
/// This is used in combination with <see cref="Uri"/> and <see cref="HttpMethod"/> to generate the PoP token.
/// </summary>
public string? ProofOfPossessionNonce { get; }
private readonly Request? _request;
/// <summary>
/// The HTTP method of the request. This is used in combination with <see cref="Uri"/> and <see cref="ProofOfPossessionNonce"/> to generate the PoP token.
/// </summary>
public HttpMethod? HttpMethod => new(_request!.Method.ToString());
/// <summary>
/// The URI of the request. This is used in combination with <see cref="HttpMethod"/> and <see cref="ProofOfPossessionNonce"/> to generate the PoP token.
/// </summary>
public Uri? Uri => _request?.Uri.ToUri();
}
}