-
Notifications
You must be signed in to change notification settings - Fork 328
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OBO for SP with RT support #3266
Conversation
tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/OboTests2.cs
Show resolved
Hide resolved
tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/OboTests2.cs
Outdated
Show resolved
Hide resolved
tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/OboTests2.cs
Show resolved
Hide resolved
tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/OboTests2.cs
Show resolved
Hide resolved
src/client/Microsoft.Identity.Client/Internal/Requests/OnBehalfOfRequest.cs
Show resolved
Hide resolved
tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/OboTests2.cs
Show resolved
Hide resolved
tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/OboTests2.cs
Outdated
Show resolved
Hide resolved
tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/OboTests2.cs
Outdated
Show resolved
Hide resolved
tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/OboTests2.cs
Outdated
Show resolved
Hide resolved
tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/OboTests2.cs
Show resolved
Hide resolved
@@ -505,7 +493,7 @@ private static string GetPreferredUsernameFromIdToken(bool isAdfsAuthority, IdTo | |||
} | |||
|
|||
MsalAccessTokenCacheItem msalAccessTokenCacheItem = GetSingleToken(accessTokens, requestParams); | |||
msalAccessTokenCacheItem = FilterTokensByKeyId(msalAccessTokenCacheItem, requestParams); | |||
msalAccessTokenCacheItem = FilterTokensByPopKeyId(msalAccessTokenCacheItem, requestParams); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thx!
This reverts commit aad1331.
|
||
var msalTokenResponse = await SilentRequestHelper.RefreshAccessTokenAsync(cachedRefreshToken, this, AuthenticationRequestParameters, cancellationToken) | ||
.ConfigureAwait(false); | ||
|
||
return await CacheTokenResponseAndCreateAuthenticationResultAsync(msalTokenResponse).ConfigureAwait(false); | ||
} | ||
|
||
if (AcquireTokenInLongRunningOboWasCalled()) | ||
{ | ||
AuthenticationRequestParameters.RequestContext.Logger.Error("[FindAccessTokenAsync] AcquireTokenInLongRunningProcess was called and OBO token was not found in the cache."); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Change log to "[OBO request] AcquireTokenInLongRunningProcess was called and no access or refresh tokens were found in the cache."
Need to verify that MsalErrorMessage.OboCacheKeyNotInCache
is still accurate.
// Returns whether AcquireTokenInLongRunningProcess was called (user assertion is null in this case) | ||
private bool AcquireTokenInLongRunningOboWasCalled() | ||
{ | ||
return AuthenticationRequestParameters.ApiId == ApiEvent.ApiIds.AcquireTokenOnBehalfOf && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: ApiId
check can be removed.
* OBO for SP with RT support * Address PR * Resolving OBO for long running process error when different scopes are used. Co-authored-by: trwalke <trwalke@microsoft.com>
* OBO for SP with RT support (#3266) * OBO for SP with RT support * Address PR * Resolving OBO for long running process error when different scopes are used. Co-authored-by: trwalke <trwalke@microsoft.com> * Update src/client/Microsoft.Identity.Client/Internal/Requests/OnBehalfOfRequest.cs Co-authored-by: Peter M <34331512+pmaytak@users.noreply.github.com> * Pr Feedback * Fix build Co-authored-by: trwalke <trwalke@microsoft.com> Co-authored-by: Travis Walker <travis.walker@microsoft.com> Co-authored-by: Peter M <34331512+pmaytak@users.noreply.github.com>
…library-for-dotnet * 'master' of github.com:AzureAD/microsoft-authentication-library-for-dotnet: (39 commits) OBO for SP with RT support (AzureAD#3266) (AzureAD#3280) Update some projects to net48 (AzureAD#3269) Bump Source Link version (tool change) (AzureAD#3275) Update changelog.txt (AzureAD#3282) Default to WebView1 instead of WebView2 when using AAD or ADFS authorities (AzureAD#3276) Revert "OBO for SP with RT support (AzureAD#3266)" OBO for SP with RT support (AzureAD#3266) Add perf tests for Acquire Token calls with serialization cache and Builders (AzureAD#3250) Minor fix to SuggestedCacheKey comment and update NuGet icon in Readme. (AzureAD#3268) MSAL changelog 4.43.0 (AzureAD#3263) Bogavril/3251 (AzureAD#3255) Fix for AzureAD#3248 - use the correct plugin to sing out (AzureAD#3253) Performance project improvements (AzureAD#3064) Reuse lists in token cache filtering logic. (AzureAD#3233) Update andorid install script to use andorid 30 (AzureAD#3243) Fix for UWP packaging (AzureAD#3239) Pass account to Auth result (AzureAD#3199) App ported to Lab4 (AzureAD#3229) Trwalke/ruleset updates (AzureAD#3189) Conditional Access for Android (AzureAD#3210) ...
* OBO for SP with RT support * Address PR * Resolving OBO for long running process error when different scopes are used. Co-authored-by: trwalke <trwalke@microsoft.com>
* OBO for SP with RT support (#3266) * OBO for SP with RT support * Address PR * Resolving OBO for long running process error when different scopes are used. Co-authored-by: trwalke <trwalke@microsoft.com> * Update src/client/Microsoft.Identity.Client/Internal/Requests/OnBehalfOfRequest.cs Co-authored-by: Peter M <34331512+pmaytak@users.noreply.github.com> * Pr Feedback * Fix build Co-authored-by: trwalke <trwalke@microsoft.com> Co-authored-by: Travis Walker <travis.walker@microsoft.com> Co-authored-by: Peter M <34331512+pmaytak@users.noreply.github.com>
Fixes #2817
Changes proposed in this request
Testing
integration test
Performance impact
similar to user obo
Based on @trwalke 's research.