Bogavril/regionaltest (#4962)

* Add an E2E test around refresh_in and region * msg * Update tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.NetFwk.cs Co-authored-by: Travis Walker <[email protected]> --------- Co-authored-by: Travis Walker <[email protected]>
AzureAD · Nov 8, 2024 · 2364608 · 2364608
1 parent f29be92
commit 2364608
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 24 deletions.
diff --git a/...icrosoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.NetFwk.cs b/...icrosoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.NetFwk.cs
@@ -6,6 +6,7 @@
 using System.Diagnostics;
 using System.Globalization;
 using System.Linq;
+using System.Runtime.ConstrainedExecution;
 using System.Security.Cryptography;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
@@ -50,9 +51,46 @@ public void TestInitialize()
             TestCommon.ResetInternalStaticCaches();
         }
 
+        // regression test based on SAL introducing a new SKU value and making ESTS not issue the refresh_in value
+        // This needs to run on .NET and .NET FWK to protect against MSAL SKU value changes
         [DataTestMethod]
-        [DataRow(Cloud.Public, TargetFrameworks.NetFx | TargetFrameworks.NetCore )]
-        [DataRow(Cloud.Adfs, TargetFrameworks.NetFx | TargetFrameworks.NetCore )]
+        [DataRow(true)]
+        [DataRow(false)]
+        public async Task RefreshOnIsEnabled(bool useRegional)
+        {
+            // if this test runs on local devbox, disable it
+            if (useRegional && Environment.GetEnvironmentVariable("TF_BUILD") == null)
+            {
+                Assert.Inconclusive("Can't run regional on local devbox.");
+            }
+
+            var cert = CertificateHelper.FindCertificateByName(TestConstants.AutomationTestCertName);
+
+            var builder = ConfidentialClientApplicationBuilder.Create(LabAuthenticationHelper.LabAccessConfidentialClientId)
+                .WithCertificate(cert, sendX5C: true)
+                .WithAuthority(LabAuthenticationHelper.LabClientInstance, LabAuthenticationHelper.LabClientTenantId);
+
+            // auto-detect should work on Azure DevOps build
+            if (useRegional)
+                builder = builder.WithAzureRegion();
+
+            var cca = builder.Build();
+
+            var result = await cca.AcquireTokenForClient([LabAuthenticationHelper.LabScope]).ExecuteAsync().ConfigureAwait(false);
+
+            Assert.AreEqual(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource);
+            Assert.IsTrue(result.AuthenticationResultMetadata.RefreshOn.HasValue, "refresh_in was not issued - did the MSAL SKU value change?");
+
+            if (useRegional)
+                Assert.AreEqual(
+                    Client.Region.RegionOutcome.AutodetectSuccess,
+                    result.AuthenticationResultMetadata.RegionDetails.RegionOutcome);
+        }
+
+
+        [DataTestMethod]
+        [DataRow(Cloud.Public, TargetFrameworks.NetFx | TargetFrameworks.NetCore)]
+        [DataRow(Cloud.Adfs, TargetFrameworks.NetFx | TargetFrameworks.NetCore)]
         //[DataRow(Cloud.PPE, TargetFrameworks.NetFx)]      
         [DataRow(Cloud.Public, TargetFrameworks.NetCore, true)]
         //[DataRow(Cloud.Arlington)] - cert not setup
@@ -63,7 +101,7 @@ public async Task WithCertificate_TestAsync(Cloud cloud, TargetFrameworks runOn,
         }
 
         [DataTestMethod]
-        [DataRow(Cloud.Public,  TargetFrameworks.NetCore)]
+        [DataRow(Cloud.Public, TargetFrameworks.NetCore)]
         [DataRow(Cloud.Adfs, TargetFrameworks.NetFx)]
         //[DataRow(Cloud.Arlington, TargetFrameworks.NetCore)] TODO: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4905
         //[DataRow(Cloud.PPE)] - secret not setup
@@ -74,8 +112,8 @@ public async Task WithSecret_TestAsync(Cloud cloud, TargetFrameworks runOn)
         }
 
         [DataTestMethod]
-        [DataRow(Cloud.Public,  TargetFrameworks.NetCore)]
-        [DataRow(Cloud.Adfs,  TargetFrameworks.NetCore)]
+        [DataRow(Cloud.Public, TargetFrameworks.NetCore)]
+        [DataRow(Cloud.Adfs, TargetFrameworks.NetCore)]
         //[DataRow(Cloud.PPE, TargetFrameworks.NetCore)]
         // [DataRow(Cloud.Arlington)] - cert not setup
         public async Task WithClientAssertion_Manual_TestAsync(Cloud cloud, TargetFrameworks runOn)
@@ -85,7 +123,7 @@ public async Task WithClientAssertion_Manual_TestAsync(Cloud cloud, TargetFramew
         }
 
         [DataTestMethod]
-        [DataRow(Cloud.Public, TargetFrameworks.NetFx  )]
+        [DataRow(Cloud.Public, TargetFrameworks.NetFx)]
         [DataRow(Cloud.Adfs, TargetFrameworks.NetFx)]
         //[DataRow(Cloud.PPE, TargetFrameworks.NetCore)]
         // [DataRow(Cloud.Arlington)] - cert not setup
@@ -134,7 +172,7 @@ public async Task WithClientClaims_SendX5C_OverrideClaims_TestAsync(Cloud cloud,
         }
 
         [DataTestMethod]
-        [DataRow(Cloud.Public, TargetFrameworks.NetCore)]                
+        [DataRow(Cloud.Public, TargetFrameworks.NetCore)]
         public async Task WithOnBeforeTokenRequest_TestAsync(Cloud cloud, TargetFrameworks runOn)
         {
             runOn.AssertFramework();
@@ -148,7 +186,7 @@ public async Task WithOnBeforeTokenRequest_TestAsync(Cloud cloud, TargetFramewor
                 .WithAuthority(settings.Authority, true)
                 .WithTestLogging()
                 .Build();
-            
+
             authResult = await confidentialApp
                 .AcquireTokenForClient(settings.AppScopes)
                 .OnBeforeTokenRequest((data) =>
@@ -171,7 +209,7 @@ public async Task WithOnBeforeTokenRequest_TestAsync(Cloud cloud, TargetFramewor
                .ExecuteAsync()
                .ConfigureAwait(false);
 
-            Assert.AreEqual(TokenSource.Cache, authResult.AuthenticationResultMetadata.TokenSource);            
+            Assert.AreEqual(TokenSource.Cache, authResult.AuthenticationResultMetadata.TokenSource);
         }
 
         [RunOn(TargetFrameworks.NetCore)]
@@ -229,9 +267,9 @@ private static void ModifyRequest(OnBeforeTokenRequestData data, X509Certificate
             string tokenEndpoint = data.RequestUri.AbsoluteUri;
 
             string assertion = GetSignedClientAssertionManual(
-                issuer: clientId, 
-                audience: tokenEndpoint, 
-                certificate: certificate, 
+                issuer: clientId,
+                audience: tokenEndpoint,
+                certificate: certificate,
                 useSha2AndPss: true);
 
             data.BodyParameters.Add("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
@@ -294,9 +332,9 @@ private async Task RunClientCredsAsync(Cloud cloud, CredentialType credentialTyp
         }
 
         private static IConfidentialClientApplication CreateApp(
-            CredentialType credentialType, 
-            IConfidentialAppSettings settings, 
-            bool sendX5C, 
+            CredentialType credentialType,
+            IConfidentialAppSettings settings,
+            bool sendX5C,
             bool useSha2AndPssForAssertion)
         {
             var builder = ConfidentialClientApplicationBuilder
@@ -420,9 +458,9 @@ private static string GetSignedClientAssertionUsingWilson(
         /// <param name="certificate"></param>
         /// <returns></returns>
         private static string GetSignedClientAssertionManual(
-            string issuer, 
-            string audience, 
-            X509Certificate2 certificate, 
+            string issuer,
+            string audience,
+            X509Certificate2 certificate,
             bool useSha2AndPss)
         {
             const uint JwtToAadLifetimeInSeconds = 60 * 10; // Ten minutes
@@ -464,7 +502,7 @@ private static string GetSignedClientAssertionManual(
                   { "x5t", Base64UrlHelpers.Encode(certificate.GetCertHash())},
                 };
             }
-          
+
 
             var headerBytes = JsonSerializer.SerializeToUtf8Bytes(header);
             var claimsBytes = JsonSerializer.SerializeToUtf8Bytes(claims);

diff --git a/tests/Microsoft.Identity.Test.LabInfrastructure/LabAuthenticationHelper.cs b/tests/Microsoft.Identity.Test.LabInfrastructure/LabAuthenticationHelper.cs
@@ -15,15 +15,17 @@ namespace Microsoft.Identity.Test.LabInfrastructure
 {
     public static class LabAuthenticationHelper
     {
-        private const string LabAccessConfidentialClientId = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9";
-        private const string LabAccessPublicClientId = "3c1e0e0d-b742-45ba-a35e-01c664e14b16";
-
+        public const string LabAccessConfidentialClientId = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9";
+        public const string LabScope = "https://request.msidlab.com/.default";
+        public const string LabClientInstance = "https://login.microsoftonline.com/";
+        public const string LabClientTenantId = "72f988bf-86f1-41af-91ab-2d7cd011db47";
+
         public static async Task<AccessToken> GetAccessTokenForLabAPIAsync(string labAccessClientId)
         {
-            string[] scopes = new string[] { "https://request.msidlab.com/.default" };
+            string[] scopes = new string[] { LabScope };
 
             return await GetLabAccessTokenAsync(
-                "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/", 
+                LabClientInstance + LabClientTenantId, 
                 scopes,  
                 labAccessClientId).ConfigureAwait(false);
         }