Fix for #3294 - throw UiRequiredException when WAM cannot get a trans… (

#3306) * Fix for #3294 - throw UiRequiredException when WAM cannot get a transfer token in MSA-PT * Address PR
AzureAD · May 11, 2022 · f883d74 · f883d74
1 parent 15273f3
commit f883d74
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 0 deletions.
diff --git a/src/client/Microsoft.Identity.Client/Platforms/Features/WamBroker/WamBroker.cs b/src/client/Microsoft.Identity.Client/Platforms/Features/WamBroker/WamBroker.cs
@@ -711,6 +711,13 @@ private async Task<MsalTokenResponse> AcquireTokenSilentDefaultUserPassthroughAs
         {
             var transferToken = await _msaPassthroughHandler.TryFetchTransferTokenSilentDefaultAccountAsync(authenticationRequestParameters, defaultAccountProvider).ConfigureAwait(false);
 
+            if (string.IsNullOrEmpty(transferToken))
+            {
+                throw new MsalUiRequiredException(
+                    MsalError.InteractionRequired,
+                    "Cannot get a token silently (internal error: found an MSA account, but could not retrieve a transfer token for it when calling WAM)");
+            }
+
             var aadAccountProvider = await _webAccountProviderFactory.GetAccountProviderAsync("organizations").ConfigureAwait(false);
             var webTokenRequest = await _aadPlugin.CreateWebTokenRequestAsync(
               aadAccountProvider,

diff --git a/tests/Microsoft.Identity.Test.Unit/BrokerTests/WamTests.cs b/tests/Microsoft.Identity.Test.Unit/BrokerTests/WamTests.cs
@@ -501,6 +501,65 @@ public async Task ATS_DefaultAccount_Passthrough_Async()
             }
         }
 
+
+        [TestMethod]
+        public async Task ATS_DefaultAccount_NoTransferToken_ThrowsException_Async()
+        {
+            // Arrange
+            using (var harness = CreateTestHarness())
+            {
+                var msaAccountProvider = new WebAccountProvider("id", "user@outlook.com", null);
+                var aadAccountProvider = new WebAccountProvider("id", "organizations", null);
+
+                var requestParams = harness.CreateAuthenticationRequestParameters(TestConstants.AuthorityOrganizationsTenant);
+                requestParams.AppConfig.WindowsBrokerOptions = new WindowsBrokerOptions()
+                {
+                    MsaPassthrough = true
+                };
+                _wamBroker = new WamBroker(
+                     _coreUIParent,
+                      requestParams.AppConfig,
+                     _logger,
+                     _aadPlugin,
+                     _msaPlugin,
+                     _wamProxy,
+                     _webAccountProviderFactory,
+                     _accountPickerFactory,
+                     _msaPassthroughHandler);
+
+                _webAccountProviderFactory.GetDefaultProviderAsync().ReturnsForAnyArgs(Task.FromResult(msaAccountProvider));
+                _webAccountProviderFactory.IsConsumerProvider(msaAccountProvider).Returns(true);
+                _msaPassthroughHandler.TryFetchTransferTokenSilentDefaultAccountAsync(requestParams, msaAccountProvider).Returns(string.Empty);
+
+                _webAccountProviderFactory.GetAccountProviderAsync("organizations").Returns(aadAccountProvider);
+
+                var webTokenRequest = new WebTokenRequest(aadAccountProvider);
+                var atsParams = new AcquireTokenSilentParameters();
+                var webTokenResponseWrapper = Substitute.For<IWebTokenRequestResultWrapper>();
+                webTokenResponseWrapper.ResponseStatus.Returns(WebTokenRequestStatus.Success);
+                var webTokenResponse = new WebTokenResponse();
+                webTokenResponseWrapper.ResponseData.Returns(new List<WebTokenResponse>() { webTokenResponse });
+
+                _aadPlugin.CreateWebTokenRequestAsync(
+                   aadAccountProvider,
+                   requestParams,
+                   isForceLoginPrompt: false,
+                   isAccountInWam: true,
+                   isInteractive: false)
+                   .Returns(Task.FromResult(webTokenRequest));
+
+                _wamProxy.RequestTokenForWindowAsync(Arg.Any<IntPtr>(), webTokenRequest).Returns(webTokenResponseWrapper);
+                _aadPlugin.ParseSuccessfullWamResponse(webTokenResponse, out _).Returns(_msalTokenResponse);
+
+
+                var ex = await AssertException.TaskThrowsAsync<MsalUiRequiredException>(
+                    () => _wamBroker.AcquireTokenSilentDefaultUserAsync(requestParams, atsParams)).ConfigureAwait(false);
+
+                Assert.AreEqual(MsalError.InteractionRequired, ex.ErrorCode);
+            }
+        }
+
+
         [TestMethod]
         public async Task ATI_WithoutPicker_AccountMatch_Async()
         {