Skip to content

Commit

Permalink
AT PoP Version 1
Browse files Browse the repository at this point in the history
  • Loading branch information
FehintolaObafemi committed Apr 25, 2024
1 parent b2c68f2 commit 5e9961e
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,12 @@
<EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Azure.Identity" Version="1.11.0-beta.1" />
<PackageReference Include="Azure.Core" Version="1.38.0" />
<PackageReference Include="Azure.Identity.Broker" Version="1.1.0-beta.1" />
<PackageReference Include="Microsoft.Graph.Core" Version="3.1.8" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.59.0" />
<PackageReference Include="Microsoft.Identity.Client.Broker" Version="4.59.0" />
<PackageReference Include="Azure.Identity" Version="1.12.0-beta.1" />
<PackageReference Include="Azure.Core" Version="1.39.0" />
<PackageReference Include="Azure.Identity.Broker" Version="1.1.0" />
<PackageReference Include="Microsoft.Graph.Core" Version="3.1.10" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.60.3" />
<PackageReference Include="Microsoft.Identity.Client.Broker" Version="4.60.3" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
</ItemGroup>
<Target Name="CopyFiles" AfterTargets="Build">
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,10 @@
using System.Globalization;
using System.IO;
using System.Linq;
using System.Net.Http;
using System.Security.Claims;
using System.Security.Cryptography.X509Certificates;
using System.Text.RegularExpressions;
using System.Threading;
using System.Threading.Tasks;

Expand Down Expand Up @@ -120,7 +123,9 @@ private static async Task<InteractiveBrowserCredential> GetInteractiveBrowserCre
{
if (authContext is null)
throw new AuthenticationException(ErrorConstants.Message.MissingAuthContext);
var interactiveOptions = IsWamSupported() ? new InteractiveBrowserCredentialBrokerOptions(WindowHandleUtlities.GetConsoleOrTerminalWindow()) : new InteractiveBrowserCredentialOptions();
var interactiveOptions = IsWamSupported() ?
new InteractiveBrowserCredentialBrokerOptions(WindowHandleUtlities.GetConsoleOrTerminalWindow()) :
new InteractiveBrowserCredentialOptions();
interactiveOptions.ClientId = authContext.ClientId;
interactiveOptions.TenantId = authContext.TenantId ?? "common";
interactiveOptions.AuthorityHost = new Uri(GetAuthorityUrl(authContext));
Expand All @@ -138,8 +143,21 @@ private static async Task<InteractiveBrowserCredential> GetInteractiveBrowserCre
// Logic to implement ATPoP Authentication
authRecord = await Task.Run(() =>
{
// Creating a Request to retrieve nonce value
string popNonce = null;
var popNonceToken = "nonce=\"";
Uri resourceUri = new Uri("https://canary.graph.microsoft.com/beta/me"); //PPE (https://graph.microsoft-ppe.com) or Canary (https://canary.graph.microsoft.com) or (https://20.190.132.47/beta/me)
HttpClient httpClient = new(new HttpClientHandler { ServerCertificateCustomValidationCallback = (_, _, _, _) => true });
HttpResponseMessage response = httpClient.SendAsync(new HttpRequestMessage(HttpMethod.Get, resourceUri)).Result;

// Find the WWW-Authenticate header in the response.
var popChallenge = response.Headers.WwwAuthenticate.First(wa => wa.Scheme == "PoP");
var nonceStart = popChallenge.Parameter.IndexOf(popNonceToken) + popNonceToken.Length;
var nonceEnd = popChallenge.Parameter.IndexOf('"', nonceStart);
popNonce = popChallenge.Parameter.Substring(nonceStart, nonceEnd - nonceStart);

// Refresh token logic --- start
var popTokenAuthenticationPolicy = new PopTokenAuthenticationPolicy(interactiveBrowserCredential as ISupportsProofOfPossession, $"https://graph.microsoft.com/.default");

var pipelineOptions = new HttpPipelineOptions(new PopClientOptions()
{
Diagnostics =
Expand All @@ -151,16 +169,19 @@ private static async Task<InteractiveBrowserCredential> GetInteractiveBrowserCre
pipelineOptions.PerRetryPolicies.Add(popTokenAuthenticationPolicy);

var _pipeline = HttpPipelineBuilder.Build(pipelineOptions, new HttpPipelineTransportOptions { ServerCertificateCustomValidationCallback = (_) => true });

using var request = _pipeline.CreateRequest();
request.Method = RequestMethod.Get;
request.Uri.Reset(new Uri("https://20.190.132.47/beta/me"));
var response = _pipeline.SendRequest(request, cancellationToken);
var message = new HttpMessage(request, new ResponseClassifier());

request.Uri.Reset(resourceUri);

// Manually invoke the authentication policy's process method
popTokenAuthenticationPolicy.ProcessAsync(message, ReadOnlyMemory<HttpPipelinePolicy>.Empty);
popTokenAuthenticationPolicy.ProcessAsync(new HttpMessage(request, new ResponseClassifier()), ReadOnlyMemory<HttpPipelinePolicy>.Empty);
// Refresh token logic --- end

// Run the thread in MTA.
return interactiveBrowserCredential.Authenticate(new TokenRequestContext(authContext.Scopes), cancellationToken);
var popContext = new PopTokenRequestContext(authContext.Scopes, isProofOfPossessionEnabled: true, proofOfPossessionNonce: popNonce, request: request);
//var token = interactiveBrowserCredential.GetToken(popContext, cancellationToken);
return interactiveBrowserCredential.Authenticate(popContext, cancellationToken);
});
}
else
Expand Down

0 comments on commit 5e9961e

Please sign in to comment.