From f46153c1e90f9ca5ab73f4dbc83cdb68fbd84639 Mon Sep 17 00:00:00 2001 From: "Taofeek F. Obafemi-Babatunde" Date: Mon, 26 Feb 2024 14:44:43 -0800 Subject: [PATCH] Filling ou tthe AT PoP skeleton --- .../Utilities/AuthenticationHelpers.cs | 37 ++++++-- .../Utilities/PopClient.cs | 88 ------------------- .../Utilities/PopClientOptions.cs | 2 - 3 files changed, 28 insertions(+), 99 deletions(-) delete mode 100644 src/Authentication/Authentication.Core/Utilities/PopClient.cs delete mode 100644 src/Authentication/Authentication.Core/Utilities/PopClientOptions.cs diff --git a/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs b/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs index d6397ef2106..d43c2a9c96e 100644 --- a/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs +++ b/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs @@ -136,16 +136,32 @@ private static async Task GetInteractiveBrowserCre if (IsATPoPSupported()) { // Logic to implement ATPoP Authentication - var client = new PopClient(interactiveBrowserCredential, authContext, new PopClientOptions() - { - Diagnostics = - { - IsLoggingContentEnabled = true, - LoggedHeaderNames = { "Authorization" } - } + authRecord = await Task.Run(() => + { + var popTokenAuthenticationPolicy = new PopTokenAuthenticationPolicy(interactiveBrowserCredential as ISupportsProofOfPossession, $"https://graph.microsoft.com/.default"); + + var pipelineOptions = new HttpPipelineOptions(new PopClientOptions() + { + Diagnostics = + { + IsLoggingContentEnabled = true, + LoggedHeaderNames = { "Authorization" } + }, + }); + pipelineOptions.PerRetryPolicies.Add(popTokenAuthenticationPolicy); + + var _pipeline = HttpPipelineBuilder.Build(pipelineOptions, new HttpPipelineTransportOptions { ServerCertificateCustomValidationCallback = (_) => true }); + using var request = _pipeline.CreateRequest(); + request.Method = RequestMethod.Get; + request.Uri.Reset(new Uri("https://20.190.132.47/beta/me")); + var response = _pipeline.SendRequest(request, cancellationToken); + var message = new HttpMessage(request, new ResponseClassifier()); + + // Manually invoke the authentication policy's process method + popTokenAuthenticationPolicy.ProcessAsync(message, ReadOnlyMemory.Empty); + // Run the thread in MTA. + return interactiveBrowserCredential.Authenticate(new TokenRequestContext(authContext.Scopes), cancellationToken); }); - //var response = client.Get(new Uri("https://20.190.132.47/beta/me"), CancellationToken.None); - authRecord = client.GetAuthRecord(); } else { @@ -471,4 +487,7 @@ public static Task DeleteAuthRecordAsync() return Task.CompletedTask; } } + internal class PopClientOptions : ClientOptions + { + } } \ No newline at end of file diff --git a/src/Authentication/Authentication.Core/Utilities/PopClient.cs b/src/Authentication/Authentication.Core/Utilities/PopClient.cs deleted file mode 100644 index 7343a6960d7..00000000000 --- a/src/Authentication/Authentication.Core/Utilities/PopClient.cs +++ /dev/null @@ -1,88 +0,0 @@ -using System; -using System.IdentityModel; -using System.Threading; -using System.Threading.Tasks; -using Azure; -using Azure.Core; -using Azure.Core.Pipeline; -using Azure.Identity; -using Azure.Identity.Broker; -using Microsoft.Identity.Client.NativeInterop; - -namespace Microsoft.Graph.PowerShell.Authentication.Core.Utilities -{ - public class PopClient - { - private readonly HttpPipeline _pipeline; - private AuthenticationRecord _authenticationRecord; - private readonly InteractiveBrowserCredential _interactiveBrowserCredential; - - public PopClient(TokenCredential credential, IAuthContext authContext, ClientOptions options = null) - { - //_interactiveBrowserCredential = (InteractiveBrowserCredential)credential; - _interactiveBrowserCredential = new InteractiveBrowserCredential(new InteractiveBrowserCredentialBrokerOptions(WindowHandleUtlities.GetConsoleOrTerminalWindow())); - - if (!(credential is ISupportsProofOfPossession)) - { - throw new ArgumentException("The provided TokenCredential does not support proof of possession.", nameof(credential)); - } - - var pipelineOptions = new HttpPipelineOptions(options); - pipelineOptions.PerRetryPolicies.Add(new InteractivePopTokenAuthenticationPolicy(_interactiveBrowserCredential, "https://graph.microsoft.com/.default", () => _authenticationRecord)); - - _pipeline = HttpPipelineBuilder.Build(pipelineOptions); - } - - public async ValueTask GetAsync(Uri uri, CancellationToken cancellationToken = default) - { - using var request = _pipeline.CreateRequest(); - request.Method = RequestMethod.Get; - request.Uri.Reset(uri); - return await _pipeline.SendRequestAsync(request, cancellationToken).ConfigureAwait(false); - } - - public Response Get(Uri uri, CancellationToken cancellationToken = default) - { - using var request = _pipeline.CreateRequest(); - request.Method = RequestMethod.Get; - request.Uri.Reset(uri); - return _pipeline.SendRequest(request, cancellationToken); - } - - public async ValueTask GetAuthRecordAsync() - { - _authenticationRecord ??= await _interactiveBrowserCredential.AuthenticateAsync(); - return _authenticationRecord; - } - - public AuthenticationRecord GetAuthRecord() - { - _authenticationRecord ??= _interactiveBrowserCredential.Authenticate(); - return _authenticationRecord; - } - } - - public class InteractivePopTokenAuthenticationPolicy : PopTokenAuthenticationPolicy - { - private readonly InteractiveBrowserCredential _interactiveBrowserCredential; - private readonly Func _getAuthRecord; - - public InteractivePopTokenAuthenticationPolicy(InteractiveBrowserCredential credential, string scope, Func getAuthRecord) - : base(credential, scope) - { - _interactiveBrowserCredential = credential; - _getAuthRecord = getAuthRecord; - } - - protected override ValueTask AuthorizeRequestAsync(HttpMessage message) - { - var authRecord = _getAuthRecord(); - if (authRecord != null) - { - _interactiveBrowserCredential.AuthenticateAsync(new TokenRequestContext(new[] { "https://graph.microsoft.com/.default" })).ConfigureAwait(false); - } - - return base.AuthorizeRequestAsync(message); - } - } -} diff --git a/src/Authentication/Authentication.Core/Utilities/PopClientOptions.cs b/src/Authentication/Authentication.Core/Utilities/PopClientOptions.cs deleted file mode 100644 index f0954c0b32f..00000000000 --- a/src/Authentication/Authentication.Core/Utilities/PopClientOptions.cs +++ /dev/null @@ -1,2 +0,0 @@ -using Azure.Core; -public class PopClientOptions : ClientOptions { } \ No newline at end of file