Skip to content

Commit

Permalink
Use MSAL
Browse files Browse the repository at this point in the history
  • Loading branch information
Oren Novotny committed Jan 18, 2019
1 parent 4663b73 commit 22a2222
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 32 deletions.
4 changes: 2 additions & 2 deletions src/SignClient/SignClient.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@
<PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="2.1.1" />
<PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="2.1.1" />
<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="2.1.1" />
<PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="4.4.1" />
<PackageReference Include="Refit" Version="4.6.48" />
<PackageReference Include="Microsoft.Identity.Client" Version="2.7.0" />
<PackageReference Include="Refit" Version="4.6.58" />
</ItemGroup>

</Project>
46 changes: 16 additions & 30 deletions src/SignClient/SignCommand.cs
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,14 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Net;
using System.Net.Http;
using System.Security;
using System.Security.Authentication;
using System.Threading.Tasks;
using Microsoft.Extensions.CommandLineUtils;
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Microsoft.Identity.Client;
using Newtonsoft.Json.Linq;
using Refit;

Expand Down Expand Up @@ -88,39 +90,23 @@ CommandOption descriptionUrl
if (username.HasValue())
{
// ROPC flow
// Cannot use ADAL since there's no support for ROPC in .NET Core
var parameters = new Dictionary<string, string>
{
{"resource", resourceId},
{"client_id", clientId},
{"grant_type", "password"},
{"username", username.Value()},
{"password", clientSecret.Value()},
};
using (var adalClient = new HttpClient())
{
var result = await adalClient.PostAsync($"{authority}/oauth2/token", new FormUrlEncodedContent(parameters));

var res = await result.Content.ReadAsStringAsync();

var jObj = JObject.Parse(res);

if (!result.IsSuccessStatusCode)
{
var desc = jObj["error_description"].Value<string>();
throw new AuthenticationException(desc);
}

var token = jObj["access_token"]
.Value<string>();
return token;
}
var pca = new PublicClientApplication(clientId, authority);

var scope = $"{resourceId}/user_impersonation";

var secret = new NetworkCredential("", clientSecret.Value()).SecurePassword;
var tokenResult = await pca.AcquireTokenByUsernamePasswordAsync(new[] { scope }, username.Value(), secret);

return tokenResult.AccessToken;
}
else
{
// Client credential flow
var context = new AuthenticationContext(authority);
var res = await context.AcquireTokenAsync(resourceId, new ClientCredential(clientId, clientSecret.Value()));

var context = new ConfidentialClientApplication(clientId, authority, "urn:ietf:wg:oauth:2.0:oob", new ClientCredential(clientSecret.Value()), new TokenCache(), new TokenCache());

var scope = $"{resourceId}/.default";
var res = await context.AcquireTokenForClientAsync(new[] { scope });
return res.AccessToken;
}
}
Expand Down

0 comments on commit 22a2222

Please sign in to comment.