Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

set response type to just idToken for web app only scenario in b2c #510

Merged
merged 1 commit into from
Aug 27, 2020
Merged

set response type to just idToken for web app only scenario in b2c #510

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion src/Microsoft.Identity.Web/AzureADB2COpenIDConnectEventHandlers.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,17 @@ public Task OnRedirectToIdentityProvider(RedirectContext context)
!string.IsNullOrEmpty(userFlow) &&
!string.Equals(userFlow, defaultUserFlow, StringComparison.OrdinalIgnoreCase))
{
context.ProtocolMessage.ResponseType = OpenIdConnectResponseType.CodeIdToken;
context.ProtocolMessage.IssuerAddress = BuildIssuerAddress(context, defaultUserFlow, userFlow);
context.Properties.Items.Remove(OidcConstants.PolicyKey);

if (!Options.HasClientCredentials)
{
context.ProtocolMessage.ResponseType = OpenIdConnectResponseType.IdToken;
}
else
{
context.ProtocolMessage.ResponseType = OpenIdConnectResponseType.CodeIdToken;
}
}

return Task.CompletedTask;
Expand Down
6 changes: 6 additions & 0 deletions src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions src/Microsoft.Identity.Web/MicrosoftIdentityOptions.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
// Licensed under the MIT License.

using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
Expand Down Expand Up @@ -56,6 +57,15 @@ internal bool IsB2C
get => !string.IsNullOrWhiteSpace(DefaultUserFlow);
}

/// <summary>
/// Is considered to have client credentials if the attribute ClientCertificates
/// or ClientSecret is defined.
/// </summary>
internal bool HasClientCredentials
{
get => !string.IsNullOrWhiteSpace(ClientSecret) || (ClientCertificates != null && ClientCertificates.Any());
}

/// <summary>
/// Description of the certificates used to prove the identity of the Web app or Web API.
/// For the moment only the first certificate is considered.
Expand Down
1 change: 1 addition & 0 deletions tests/Microsoft.Identity.Web.Test.Common/TestConstants.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ public static class TestConstants
public const string B2CInstance = "https://fabrikamb2c.b2clogin.com";
public const string B2CInstance2 = "https://catb2c.b2clogin.com";
public const string B2CCustomDomainInstance = "https://catsAreAmazing.com";
public const string ClientSecret = "catsarecool";

public const string B2CAuthority = B2CInstance + "/" + B2CTenant + "/" + B2CSignUpSignInUserFlow;
public const string B2CAuthorityWithV2 = B2CAuthority + "/v2.0";
Expand Down
20 changes: 17 additions & 3 deletions tests/Microsoft.Identity.Web.Test/AzureADB2COpenIDConnectEventHandlersTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,17 @@ public AzureADB2COpenIDConnectEventHandlersTests()
_authScheme = new AuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme, typeof(OpenIdConnectHandler));
}

[Fact]
public async void OnRedirectToIdentityProvider_CustomUserFlow_UpdatesContext()
[Theory]
[InlineData(true)]
[InlineData(false)]
public async void OnRedirectToIdentityProvider_CustomUserFlow_UpdatesContext(bool hasClientCredentials)
{
var options = new MicrosoftIdentityOptions() { SignUpSignInPolicyId = DefaultUserFlow };
if (hasClientCredentials)
{
options.ClientSecret = TestConstants.ClientSecret;
}

var handler = new AzureADB2COpenIDConnectEventHandlers(OpenIdConnectDefaults.AuthenticationScheme, options);
var httpContext = HttpContextUtilities.CreateHttpContext();
var authProperties = new AuthenticationProperties();
Expand All @@ -46,9 +53,16 @@ public async void OnRedirectToIdentityProvider_CustomUserFlow_UpdatesContext()
await handler.OnRedirectToIdentityProvider(context).ConfigureAwait(false);

Assert.Equal(TestConstants.Scopes, context.ProtocolMessage.Scope);
Assert.Equal(OpenIdConnectResponseType.CodeIdToken, context.ProtocolMessage.ResponseType);
Assert.Equal(_customIssuer, context.ProtocolMessage.IssuerAddress, true);
Assert.False(context.Properties.Items.ContainsKey(OidcConstants.PolicyKey));
if (hasClientCredentials)
{
Assert.Equal(OpenIdConnectResponseType.CodeIdToken, context.ProtocolMessage.ResponseType);
}
else
{
Assert.Equal(OpenIdConnectResponseType.IdToken, context.ProtocolMessage.ResponseType);
}
}

[Fact]
Expand Down