pull client_info from the protocol message not the form (#303)

* use protocol message and not form for client_info * add tests
AzureAD · Jul 9, 2020 · 4e8a66d · 4e8a66d
1 parent 6e10d22
commit 4e8a66d
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 16 deletions.
diff --git a/...crosoft.Identity.Web/WebAppExtensions/WebAppCallsWebApiAuthenticationBuilderExtensions.cs b/...crosoft.Identity.Web/WebAppExtensions/WebAppCallsWebApiAuthenticationBuilderExtensions.cs
@@ -149,23 +149,20 @@ public static AuthenticationBuilder AddMicrosoftWebAppCallsWebApi(
                 var onTokenValidatedHandler = options.Events.OnTokenValidated;
                 options.Events.OnTokenValidated = async context =>
                 {
-                    if (context.Request.Form.ContainsKey(ClaimConstants.ClientInfo))
-                    {
-                        context.Request.Form.TryGetValue(ClaimConstants.ClientInfo, out Microsoft.Extensions.Primitives.StringValues value);
+                        string? clientInfo = context.ProtocolMessage?.GetParameter(ClaimConstants.ClientInfo);
 
-                        if (!string.IsNullOrEmpty(value))
+                        if (!string.IsNullOrEmpty(clientInfo))
                         {
-                            ClientInfo? clientInfoFromServer = ClientInfo.CreateFromJson(value);
+                            ClientInfo? clientInfoFromServer = ClientInfo.CreateFromJson(clientInfo);
 
                             if (clientInfoFromServer != null)
                             {
                                 context.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueTenantIdentifier, clientInfoFromServer.UniqueTenantIdentifier));
                                 context.Principal.Identities.FirstOrDefault()?.AddClaim(new Claim(ClaimConstants.UniqueObjectIdentifier, clientInfoFromServer.UniqueObjectIdentifier));
                             }
                         }
-                    }
 
-                    await onTokenValidatedHandler(context).ConfigureAwait(false);
+                        await onTokenValidatedHandler(context).ConfigureAwait(false);
                 };
 
                 // Handling the sign-out: removing the account from MSAL.NET cache

diff --git a/tests/Microsoft.Identity.Web.Test/WebAppExtensionsTests.cs b/tests/Microsoft.Identity.Web.Test/WebAppExtensionsTests.cs
@@ -15,7 +15,6 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
 using Microsoft.Extensions.Options;
-using Microsoft.Extensions.Primitives;
 using Microsoft.Identity.Client;
 using Microsoft.Identity.Web.Resource;
 using Microsoft.Identity.Web.Test.Common;
@@ -410,7 +409,7 @@ private async Task AddMicrosoftWebApp_TestRedirectToIdentityProviderEvent(IServi
         private void AddMicrosoftWebApp_TestSubscribesToDiagnostics(IServiceCollection services, IOpenIdConnectMiddlewareDiagnostics diagnosticsMock, bool subscribeToDiagnostics)
         {
             services.RemoveAll<IOpenIdConnectMiddlewareDiagnostics>();
-            services.AddSingleton<IOpenIdConnectMiddlewareDiagnostics>((provider) => diagnosticsMock);
+            services.AddSingleton((provider) => diagnosticsMock);
 
             var provider = services.BuildServiceProvider();
 
@@ -439,8 +438,10 @@ private async Task AddMicrosoftWebApp_TestB2cSpecificSetup(IServiceCollection se
             var (httpContext, authScheme, authProperties) = CreateContextParameters(provider);
             authProperties.Items[OidcConstants.PolicyKey] = TestConstants.B2CEditProfileUserFlow;
 
-            var redirectContext = new RedirectContext(httpContext, authScheme, oidcOptions, authProperties);
-            redirectContext.ProtocolMessage = new OpenIdConnectMessage() { IssuerAddress = $"IssuerAddress/{TestConstants.B2CSignUpSignInUserFlow}/" };
+            var redirectContext = new RedirectContext(httpContext, authScheme, oidcOptions, authProperties)
+            {
+                ProtocolMessage = new OpenIdConnectMessage() { IssuerAddress = $"IssuerAddress/{TestConstants.B2CSignUpSignInUserFlow}/" },
+            };
 
             (httpContext, authScheme, authProperties) = CreateContextParameters(provider);
 
@@ -452,8 +453,8 @@ private async Task AddMicrosoftWebApp_TestB2cSpecificSetup(IServiceCollection se
             await remoteFailureFuncMock.ReceivedWithAnyArgs().Invoke(Arg.Any<RemoteFailureContext>()).ConfigureAwait(false);
             // Assert issuer is updated to non-default user flow
             Assert.Contains(TestConstants.B2CEditProfileUserFlow, redirectContext.ProtocolMessage.IssuerAddress);
-            Assert.NotNull(redirectContext.ProtocolMessage.Parameters["client_info"]);
-            Assert.Equal("1", redirectContext.ProtocolMessage.Parameters["client_info"].ToString(CultureInfo.InvariantCulture));
+            Assert.NotNull(redirectContext.ProtocolMessage.Parameters[ClaimConstants.ClientInfo]);
+            Assert.Equal(Constants.One, redirectContext.ProtocolMessage.Parameters[ClaimConstants.ClientInfo].ToString(CultureInfo.InvariantCulture));
         }
 
         private void AddMicrosoftWebAppCallsWebApi_TestCommon(IServiceCollection services, ServiceProvider provider, OpenIdConnectOptions oidcOptions, IEnumerable<string> initialScopes)
@@ -494,7 +495,15 @@ private async Task AddMicrosoftWebAppCallsWebApi_TestAuthorizationCodeReceivedEv
         private async Task AddMicrosoftWebAppCallsWebApi_TestTokenValidatedEvent(IServiceProvider provider, OpenIdConnectOptions oidcOptions, Func<TokenValidatedContext, Task> tokenValidatedFuncMock)
         {
             var (httpContext, authScheme, authProperties) = CreateContextParameters(provider);
-            var tokenValidatedContext = new TokenValidatedContext(httpContext, authScheme, oidcOptions, httpContext.User, authProperties);
+
+            var tokenValidatedContext = new TokenValidatedContext(httpContext, authScheme, oidcOptions, httpContext.User, authProperties)
+            {
+                ProtocolMessage = new OpenIdConnectMessage(
+                    new Dictionary<string, string[]>()
+                    {
+                        { ClaimConstants.ClientInfo, new string[] { Base64UrlHelpers.Encode($"{{\"uid\":\"{TestConstants.Uid}\",\"utid\":\"{TestConstants.Utid}\"}}") } },
+                    }),
+            };
 
             await oidcOptions.Events.TokenValidated(tokenValidatedContext).ConfigureAwait(false);
 
@@ -523,8 +532,7 @@ private async Task AddMicrosoftWebAppCallsWebApi_TestRedirectToIdentityProviderF
         {
             var httpContext = HttpContextUtilities.CreateHttpContext();
             httpContext.RequestServices = provider;
-            httpContext.Request.Form = new FormCollection(
-                new Dictionary<string, StringValues>() { { ClaimConstants.ClientInfo, Base64UrlHelpers.Encode($"{{\"uid\":\"{TestConstants.Uid}\",\"utid\":\"{TestConstants.Utid}\"}}") } });
+
             var authScheme = new AuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme, typeof(OpenIdConnectHandler));
             var authProperties = new AuthenticationProperties();