Skip to content

Commit 5e9961e

Browse files
FehintolaObafemiFehintolaObafemi
committed
AT PoP Version 1
1 parent b2c68f2 commit 5e9961e

File tree

2 files changed

+35
-14
lines changed

2 files changed

+35
-14
lines changed

src/Authentication/Authentication.Core/Microsoft.Graph.Authentication.Core.csproj

+6-6
Original file line numberDiff line numberDiff line change
@@ -11,12 +11,12 @@
1111
<EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
1212
</PropertyGroup>
1313
<ItemGroup>
14-
<PackageReference Include="Azure.Identity" Version="1.11.0-beta.1" />
15-
<PackageReference Include="Azure.Core" Version="1.38.0" />
16-
<PackageReference Include="Azure.Identity.Broker" Version="1.1.0-beta.1" />
17-
<PackageReference Include="Microsoft.Graph.Core" Version="3.1.8" />
18-
<PackageReference Include="Microsoft.Identity.Client" Version="4.59.0" />
19-
<PackageReference Include="Microsoft.Identity.Client.Broker" Version="4.59.0" />
14+
<PackageReference Include="Azure.Identity" Version="1.12.0-beta.1" />
15+
<PackageReference Include="Azure.Core" Version="1.39.0" />
16+
<PackageReference Include="Azure.Identity.Broker" Version="1.1.0" />
17+
<PackageReference Include="Microsoft.Graph.Core" Version="3.1.10" />
18+
<PackageReference Include="Microsoft.Identity.Client" Version="4.60.3" />
19+
<PackageReference Include="Microsoft.Identity.Client.Broker" Version="4.60.3" />
2020
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
2121
</ItemGroup>
2222
<Target Name="CopyFiles" AfterTargets="Build">

src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs

+29-8
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,10 @@
1515
using System.Globalization;
1616
using System.IO;
1717
using System.Linq;
18+
using System.Net.Http;
19+
using System.Security.Claims;
1820
using System.Security.Cryptography.X509Certificates;
21+
using System.Text.RegularExpressions;
1922
using System.Threading;
2023
using System.Threading.Tasks;
2124

@@ -120,7 +123,9 @@ private static async Task<InteractiveBrowserCredential> GetInteractiveBrowserCre
120123
{
121124
if (authContext is null)
122125
throw new AuthenticationException(ErrorConstants.Message.MissingAuthContext);
123-
var interactiveOptions = IsWamSupported() ? new InteractiveBrowserCredentialBrokerOptions(WindowHandleUtlities.GetConsoleOrTerminalWindow()) : new InteractiveBrowserCredentialOptions();
126+
var interactiveOptions = IsWamSupported() ?
127+
new InteractiveBrowserCredentialBrokerOptions(WindowHandleUtlities.GetConsoleOrTerminalWindow()) :
128+
new InteractiveBrowserCredentialOptions();
124129
interactiveOptions.ClientId = authContext.ClientId;
125130
interactiveOptions.TenantId = authContext.TenantId ?? "common";
126131
interactiveOptions.AuthorityHost = new Uri(GetAuthorityUrl(authContext));
@@ -138,8 +143,21 @@ private static async Task<InteractiveBrowserCredential> GetInteractiveBrowserCre
138143
// Logic to implement ATPoP Authentication
139144
authRecord = await Task.Run(() =>
140145
{
146+
// Creating a Request to retrieve nonce value
147+
string popNonce = null;
148+
var popNonceToken = "nonce=\"";
149+
Uri resourceUri = new Uri("https://canary.graph.microsoft.com/beta/me"); //PPE (https://graph.microsoft-ppe.com) or Canary (https://canary.graph.microsoft.com) or (https://20.190.132.47/beta/me)
150+
HttpClient httpClient = new(new HttpClientHandler { ServerCertificateCustomValidationCallback = (_, _, _, _) => true });
151+
HttpResponseMessage response = httpClient.SendAsync(new HttpRequestMessage(HttpMethod.Get, resourceUri)).Result;
152+
153+
// Find the WWW-Authenticate header in the response.
154+
var popChallenge = response.Headers.WwwAuthenticate.First(wa => wa.Scheme == "PoP");
155+
var nonceStart = popChallenge.Parameter.IndexOf(popNonceToken) + popNonceToken.Length;
156+
var nonceEnd = popChallenge.Parameter.IndexOf('"', nonceStart);
157+
popNonce = popChallenge.Parameter.Substring(nonceStart, nonceEnd - nonceStart);
158+
159+
// Refresh token logic --- start
141160
var popTokenAuthenticationPolicy = new PopTokenAuthenticationPolicy(interactiveBrowserCredential as ISupportsProofOfPossession, $"https://graph.microsoft.com/.default");
142-
143161
var pipelineOptions = new HttpPipelineOptions(new PopClientOptions()
144162
{
145163
Diagnostics =
@@ -151,16 +169,19 @@ private static async Task<InteractiveBrowserCredential> GetInteractiveBrowserCre
151169
pipelineOptions.PerRetryPolicies.Add(popTokenAuthenticationPolicy);
152170

153171
var _pipeline = HttpPipelineBuilder.Build(pipelineOptions, new HttpPipelineTransportOptions { ServerCertificateCustomValidationCallback = (_) => true });
172+
154173
using var request = _pipeline.CreateRequest();
155174
request.Method = RequestMethod.Get;
156-
request.Uri.Reset(new Uri("https://20.190.132.47/beta/me"));
157-
var response = _pipeline.SendRequest(request, cancellationToken);
158-
var message = new HttpMessage(request, new ResponseClassifier());
159-
175+
request.Uri.Reset(resourceUri);
176+
160177
// Manually invoke the authentication policy's process method
161-
popTokenAuthenticationPolicy.ProcessAsync(message, ReadOnlyMemory<HttpPipelinePolicy>.Empty);
178+
popTokenAuthenticationPolicy.ProcessAsync(new HttpMessage(request, new ResponseClassifier()), ReadOnlyMemory<HttpPipelinePolicy>.Empty);
179+
// Refresh token logic --- end
180+
162181
// Run the thread in MTA.
163-
return interactiveBrowserCredential.Authenticate(new TokenRequestContext(authContext.Scopes), cancellationToken);
182+
var popContext = new PopTokenRequestContext(authContext.Scopes, isProofOfPossessionEnabled: true, proofOfPossessionNonce: popNonce, request: request);
183+
//var token = interactiveBrowserCredential.GetToken(popContext, cancellationToken);
184+
return interactiveBrowserCredential.Authenticate(popContext, cancellationToken);
164185
});
165186
}
166187
else

0 commit comments

Comments
 (0)