Refactored WwwAuthenticateParameters

src/client/Microsoft.Identity.Client/Http/HttpClientConfig.cs

@@ -10,7 +10,7 @@ namespace Microsoft.Identity.Client.Http
     internal static class HttpClientConfig
     {
         public const long MaxResponseContentBufferSizeInBytes = 1024 * 1024;
-        public const int MaxConnections = 50; // default depends on rutnime but it is much smaller
+        public const int MaxConnections = 50; // default depends on runtime but it is much smaller
         public static readonly TimeSpan ConnectionLifeTime = TimeSpan.FromMinutes(1);
 
         public static void ConfigureRequestHeadersAndSize(HttpClient httpClient)

src/client/Microsoft.Identity.Client/WwwAuthenticateParameters.cs

@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
+// Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
 using System;
@@ -7,7 +7,9 @@
 using System.Net.Http;
 using System.Net.Http.Headers;
 using System.Text;
+using System.Threading;
 using System.Threading.Tasks;
+using Microsoft.Identity.Client.PlatformsCommon.Factories;
 
 namespace Microsoft.Identity.Client
 {
@@ -32,7 +34,7 @@ public IEnumerable<string> Scopes
         {
             get
             {
-                if (_scopes != null)
+                if (_scopes is object)
                 {
                     return _scopes;
                 }
@@ -134,13 +136,52 @@ public static WwwAuthenticateParameters CreateFromWwwAuthenticateHeaderValue(str
         /// Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
         /// </summary>
         /// <param name="resourceUri">URI of the resource.</param>
+        /// <param name="cancellationToken">The cancellation token to cancel operation.</param>
         /// <returns>WWW-Authenticate Parameters extracted from response to the un-authenticated call.</returns>
-        public static async Task<WwwAuthenticateParameters> CreateFromResourceResponseAsync(string resourceUri)
+        public static Task<WwwAuthenticateParameters> CreateFromResourceResponseAsync(string resourceUri, CancellationToken cancellationToken = default)
         {
+            var httpClientFactory = PlatformProxyFactory.CreatePlatformProxy(null).CreateDefaultHttpClientFactory();
+            return CreateFromResourceResponseAsync(httpClientFactory, resourceUri, cancellationToken);
+        }
+
+        /// <summary>
+        /// Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
+        /// </summary>
+        /// <param name="httpClientFactory">Factory to produce an instance of <see cref="HttpClient"/> to make the request with.</param>
+        /// <param name="resourceUri">URI of the resource.</param>
+        /// <param name="cancellationToken">The cancellation token to cancel operation.</param>
+        /// <returns>WWW-Authenticate Parameters extracted from response to the un-authenticated call.</returns>
+        public static Task<WwwAuthenticateParameters> CreateFromResourceResponseAsync(IMsalHttpClientFactory httpClientFactory, string resourceUri, CancellationToken cancellationToken = default)
+        {
+            if (httpClientFactory is null)
+            {
+                throw new ArgumentException($"'{nameof(httpClientFactory)}' cannot be null.", nameof(httpClientFactory));
+            }
+
+            var httpClient = httpClientFactory.GetHttpClient();
+            return CreateFromResourceResponseAsync(httpClient, resourceUri, cancellationToken);
+        }
+
+        /// <summary>
+        /// Create the authenticate parameters by attempting to call the resource unauthenticated, and analyzing the response.
+        /// </summary>
+        /// <param name="httpClient">Instance of <see cref="HttpClient"/> to make the request with.</param>
+        /// <param name="resourceUri">URI of the resource.</param>
+        /// <param name="cancellationToken">The cancellation token to cancel operation.</param>
+        /// <returns>WWW-Authenticate Parameters extracted from response to the un-authenticated call.</returns>
+        public static async Task<WwwAuthenticateParameters> CreateFromResourceResponseAsync(HttpClient httpClient, string resourceUri, CancellationToken cancellationToken = default)
+        {
+            if (httpClient is null)
+            {
+                throw new ArgumentException($"'{nameof(httpClient)}' cannot be null.", nameof(httpClient));
+            }
+            if (string.IsNullOrWhiteSpace(resourceUri))
+            {
+                throw new ArgumentException($"'{nameof(resourceUri)}' cannot be null or whitespace.", nameof(resourceUri));
+            }
+
             // call this endpoint and see what the header says and return that
-            HttpClient httpClient = new HttpClient();
-            HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethod.Get, resourceUri);
-            HttpResponseMessage httpResponseMessage = await httpClient.SendAsync(httpRequestMessage).ConfigureAwait(false);
+            HttpResponseMessage httpResponseMessage = await httpClient.GetAsync(resourceUri, cancellationToken).ConfigureAwait(false);
             var wwwAuthParam = CreateFromResponseHeaders(httpResponseMessage.Headers);
             return wwwAuthParam;
         }
@@ -160,31 +201,24 @@ public static async Task<WwwAuthenticateParameters> CreateFromResourceResponseAs
                 httpResponseHeaders,
                 scheme);
 
-            try
+            // read the header and checks if it contains an error with insufficient_claims value.
+            if (string.Equals(parameters.Error, "insufficient_claims", StringComparison.OrdinalIgnoreCase) &&
+                parameters.Claims is object)
             {
-                // read the header and checks if it contains an error with insufficient_claims value.
-                if (null != parameters.Error && "insufficient_claims" == parameters.Error)
-                {
-                    if (null != parameters.Claims)
-                    {
-                        return parameters.Claims;
-                    }
-                }
-            }
-            catch (Exception ex)
-            {
-                throw ex;
+                return parameters.Claims;
             }
 
             return null;
         }
 
         internal static WwwAuthenticateParameters CreateWwwAuthenticateParameters(IDictionary<string, string> values)
         {
-            WwwAuthenticateParameters wwwAuthenticateParameters = new WwwAuthenticateParameters();
-            wwwAuthenticateParameters.RawParameters = values;
-            string value;
+            WwwAuthenticateParameters wwwAuthenticateParameters = new WwwAuthenticateParameters
+            {
+                RawParameters = values
+            };
 
+            string value;
             if (values.TryGetValue("authorization_uri", out value))
             {
                 wwwAuthenticateParameters.Authority = value.Replace("/oauth2/authorize", string.Empty);
@@ -325,7 +359,7 @@ private static string GetJsonFragment(string inputString)
                 var decoded = Encoding.UTF8.GetString(decodedBase64Bytes);
                 return decoded;
             }
-            catch (Exception)
+            catch
             {
                 return inputString;
             }

tests/Microsoft.Identity.Test.Common/Core/Mocks/MockHttpMessageHandler.cs

@@ -4,7 +4,6 @@
 using System;
 using System.Collections.Generic;
 using System.Globalization;
-using System.IO;
 using System.Linq;
 using System.Net.Http;
 using System.Threading;
@@ -26,7 +25,7 @@ internal class MockHttpMessageHandler : HttpMessageHandler
         public IList<string> UnexpectedRequestHeaders { get; set; }
 
         public HttpMethod ExpectedMethod { get; set; }
-        
+
         public Exception ExceptionToThrow { get; set; }
         public Action<HttpRequestMessage> AdditionalRequestValidation { get; set; }
 
@@ -51,11 +50,7 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
             {
                 Assert.AreEqual(
                     ExpectedUrl,
-                    uri.AbsoluteUri.Split(
-                        new[]
-                        {
-                            '?'
-                        })[0]);
+                    uri.AbsoluteUri.Split('?')[0]);
             }
 
             Assert.AreEqual(ExpectedMethod, request.Method);
@@ -67,7 +62,7 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
                     string.IsNullOrEmpty(uri.Query),
                     string.Format(
                         CultureInfo.InvariantCulture,
-                        "provided url ({0}) does not contain query parameters, as expected",
+                        "Provided url ({0}) does not contain query parameters, as expected",
                         uri.AbsolutePath));
                 IDictionary<string, string> inputQp = CoreHelpers.ParseKeyValueList(uri.Query.Substring(1), '&', false, null);
                 Assert.AreEqual(ExpectedQueryParams.Count, inputQp.Count, "Different number of query params`");
@@ -77,7 +72,7 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
                         inputQp.ContainsKey(key),
                         string.Format(
                             CultureInfo.InvariantCulture,
-                            "expected QP ({0}) not found in the url ({1})",
+                            "Expected query parameter ({0}) not found in the url ({1})",
                             key,
                             uri.AbsolutePath));
                     Assert.AreEqual(ExpectedQueryParams[key], inputQp[key]);
@@ -104,8 +99,8 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
                         Assert.AreEqual(ExpectedPostData[key], ActualRequestPostData[key]);
                     }
                 }
-            }       
-            
+            }
+
             if (ExpectedRequestHeaders != null )
             {
                 foreach (var kvp in ExpectedRequestHeaders)
@@ -132,13 +127,5 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
 
             return new TaskFactory().StartNew(() => ResponseMessage, cancellationToken);
         }
-
-        private string ReturnValueFromRequestHeader(string telemRequest)
-        {
-            IEnumerable<string> telemRequestValue = ActualRequestMessage.Headers.GetValues(telemRequest);
-            List<string> telemRequestValueAsList = telemRequestValue.ToList();
-            string value = telemRequestValueAsList[0];
-            return value;
-        }
     }
 }

tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/WwwAuthenticateParametersIntegrationTests.cs

@@ -37,5 +37,31 @@ public async Task CreateWwwAuthenticateResponseFromGraphUrlAsync()
             Assert.IsNull(authParams.Claims);
             Assert.IsNull(authParams.Error);
         }
+
+        /// <summary>
+        /// Makes unauthorized call to Azure Resource Manager REST API https://docs.microsoft.com/en-us/rest/api/resources/subscriptions/get.
+        /// Expects response 401 Unauthorized. Analyzes the WWW-Authenticate header values.
+        /// </summary>
+        /// <param name="hostName">ARM endpoint, e.g. Production or Dogfood</param>
+        /// <param name="subscriptionId">Well-known subscription ID</param>
+        /// <param name="authority">AAD endpoint, e.g. Production or PPE</param>
+        /// <param name="tenantId">Expected Tenant ID</param>
+        [TestMethod]
+        [DataRow("management.azure.com", "c1686c51-b717-4fe0-9af3-24a20a41fb0c", "login.windows.net", "72f988bf-86f1-41af-91ab-2d7cd011db47")]
+        [DataRow("api-dogfood.resources.windows-int.net", "1835ad3d-4585-4c5f-b55a-b0c3cbda1103", "login.windows-ppe.net", "f686d426-8d16-42db-81b7-ab578e110ccd")]
+        public async Task CreateWwwAuthenticateResponseFromAzureResourceManagerUrlAsync(string hostName, string subscriptionId, string authority, string tenantId)
+        {
+            const string apiVersion = "2020-08-01"; // current latest API version for /subscriptions/get
+            var url = $"https://{hostName}/subscriptions/{subscriptionId}?api-version={apiVersion}";
+
+            var authParams = await WwwAuthenticateParameters.CreateFromResourceResponseAsync(url).ConfigureAwait(false);
+
+            Assert.IsNull(authParams.Resource);
+            Assert.AreEqual($"https://{authority}/{tenantId}", authParams.Authority); // authority consists of AAD endpoint and tenant ID
+            Assert.IsNull(authParams.Scopes);
+            Assert.AreEqual(3, authParams.RawParameters.Count);
+            Assert.IsNull(authParams.Claims);
+            Assert.AreEqual("invalid_token", authParams.Error);
+        }
     }
 }

tests/Microsoft.Identity.Test.Unit/Microsoft.Identity.Test.Unit.csproj

@@ -4,7 +4,7 @@
     <TargetFrameworkNetDesktop461>net472</TargetFrameworkNetDesktop461>
     <TargetFrameworkNetCore>netcoreapp3.1</TargetFrameworkNetCore>
     <TargetFrameworkNet5Win>net5.0-windows10.0.17763.0</TargetFrameworkNet5Win>
-      
+
     <TargetFrameworks>$(TargetFrameworkNetDesktop461);$(TargetFrameworkNetCore);$(TargetFrameworkNet5Win)</TargetFrameworks>
     <IsPackable>false</IsPackable>
   </PropertyGroup>

tests/Microsoft.Identity.Test.Unit/TestBase.cs

@@ -20,7 +20,7 @@ public static void AssemblyInit(TestContext context)
             Trace.WriteLine("Test run started");
         }
 
-        [AssemblyCleanup()]
+        [AssemblyCleanup]
         public static void AssemblyCleanup()
         {
             Trace.WriteLine("Test run finished");
@@ -61,7 +61,6 @@ public virtual void TestCleanup()
                 testContext: TestContext);
         }
 
-
         private static void EnableFileTracingOnEnvVar()
         {
             string traceFile = Environment.GetEnvironmentVariable("MsalTracePath");