Finalize tests

Author: bgavrilMS

tests/E2E Tests/OidcIdPSignedAssertionProviderTests/OidCIdPSignedAssertionProviderExtensibilityTests.cs

@@ -2,12 +2,20 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
 using System.Linq;
+using System.Net.Http;
+using System.Text.Json;
 using System.Threading.Tasks;
+using Azure.Core;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Identity.Abstractions;
 using Microsoft.Identity.Client;
 using Microsoft.Identity.Web;
+using Microsoft.Identity.Web.Test.Common;
+using Microsoft.Identity.Web.Test.Common.Mocks;
 using Xunit.Sdk;
 
 
@@ -16,7 +24,7 @@ namespace CustomSignedAssertionProviderTests
     public class OidCIdPSignedAssertionProviderExtensibilityTests
     {
         [Fact]
-        public async Task UseSignedAssertionFromCustomSignedAssertionProvider()
+        public async Task CrossCloudFicIntegrationTest()
         {
             // Arrange
             TokenAcquirerFactory tokenAcquirerFactory = TokenAcquirerFactory.GetDefaultInstance();
@@ -39,15 +47,86 @@ public async Task UseSignedAssertionFromCustomSignedAssertionProvider()
             IServiceProvider serviceProvider = tokenAcquirerFactory.Build();
             IAuthorizationHeaderProvider authorizationHeaderProvider = serviceProvider.GetRequiredService<IAuthorizationHeaderProvider>();
 
-            try
+            // Act
+            string result = await authorizationHeaderProvider.CreateAuthorizationHeaderForAppAsync("https://graph.microsoft.com/.default");
+
+            // Assert
+            Assert.NotNull(result);
+            Assert.StartsWith("Bearer", result, StringComparison.Ordinal);
+        }
+
+        [Fact]
+        public async Task CrossCloudFicUnitTest()
+        {
+            // Arrange
+            using (MockHttpClientFactory httpFactoryForTest = new MockHttpClientFactory())
             {
+
+                _ = httpFactoryForTest.AddMockHandler(
+                    MockHttpCreator.CreateInstanceDiscoveryMockHandler());
+                var credentialRequestHttpHandler = httpFactoryForTest.AddMockHandler(
+                    MockHttpCreator.CreateClientCredentialTokenHandler());
+                var tokenRequestHttpHandler = httpFactoryForTest.AddMockHandler(
+                    MockHttpCreator.CreateClientCredentialTokenHandler());
+
+                // TODO: need to reset the configuration to avoid conflicts with other tests
+                TokenAcquirerFactory tokenAcquirerFactory = TokenAcquirerFactory.GetDefaultInstance();
+                tokenAcquirerFactory.Services.AddOidcSignedAssertionProvider();
+                tokenAcquirerFactory.Services.AddSingleton<IHttpClientFactory>(httpFactoryForTest);
+
+                tokenAcquirerFactory.Services.Configure<MicrosoftIdentityApplicationOptions>("AzureAd2",
+                       options =>
+                       {
+                           options.Instance = "https://login.microsoftonline.us/";
+                           options.TenantId = "t1";
+                           options.ClientId = "c1";
+                           options.ClientCredentials = [ new CredentialDescription() {
+                            SourceType = CredentialSource.ClientSecret,
+                            ClientSecret = TestConstants.ClientSecret
+                        }];
+                       });
+
+                tokenAcquirerFactory.Services.Configure<MicrosoftIdentityApplicationOptions>(options =>
+                {
+                    options.Instance = "https://login.microsoftonline.com/";
+                    options.TenantId = "t2";
+                    options.ClientId = "c2";
+                    options.ExtraQueryParameters = null;
+                    options.ClientCredentials = [ new CredentialDescription() {
+                    SourceType = CredentialSource.CustomSignedAssertion,
+                    CustomSignedAssertionProviderName = "OidIdpSignedAssertion",
+                    CustomSignedAssertionProviderData = new Dictionary<string, object>{{
+                            "ConfigurationSection", "AzureAd2"
+                        }}
+                    }];
+                });
+
+                IServiceProvider serviceProvider = tokenAcquirerFactory.Build();
+                IAuthorizationHeaderProvider authorizationHeaderProvider =
+                    serviceProvider.GetRequiredService<IAuthorizationHeaderProvider>();
+
                 // Act
-                _ = await authorizationHeaderProvider.CreateAuthorizationHeaderForAppAsync("https://graph.microsoft.com/.default");
-            }
-            catch (Exception ex) when (ex is not XunitException)
-            {
-                Assert.Fail(ex.Message);
+                var result = await authorizationHeaderProvider.CreateAuthorizationHeaderForAppAsync(TestConstants.s_scopeForApp);
+
+                // Assert
+                Assert.Equal("api://AzureADTokenExchange/.default", credentialRequestHttpHandler.ActualRequestPostData["scope"]);
+                Assert.Equal(TestConstants.s_scopeForApp, tokenRequestHttpHandler.ActualRequestPostData["scope"]);
+                Assert.Equal("c1", credentialRequestHttpHandler.ActualRequestPostData["client_id"]);
+                Assert.Equal("https://login.microsoftonline.us/t1/oauth2/v2.0/token", credentialRequestHttpHandler.ActualRequestMessage?.RequestUri?.AbsoluteUri);
+                Assert.Equal("c2", tokenRequestHttpHandler.ActualRequestPostData["client_id"]);
+                Assert.Equal("https://login.microsoftonline.com/t2/oauth2/v2.0/token", tokenRequestHttpHandler.ActualRequestMessage?.RequestUri?.AbsoluteUri);
+
+                string? accessTokenFromRequest1;
+                using (JsonDocument document = JsonDocument.Parse(credentialRequestHttpHandler.ResponseString))
+                {
+                    accessTokenFromRequest1 = document.RootElement.GetProperty("access_token").GetString();
+                }
+
+                // the jwt credential from request1 is used as credential on request2
+                Assert.Equal(
+                    tokenRequestHttpHandler.ActualRequestPostData["client_assertion"],
+                    accessTokenFromRequest1);
             }
-        }
+        }    
     }
 }

tests/E2E Tests/OidcIdPSignedAssertionProviderTests/OidcIdpSignedAssertionLoader.cs

@@ -58,6 +58,7 @@ public async Task LoadIfNeededAsync(CredentialDescription credentialDescription,
                 }
 
                 MicrosoftIdentityApplicationOptions microsoftIdentityApplicationOptions = _options.Get(sectionName);
+                
                 if (string.IsNullOrEmpty(microsoftIdentityApplicationOptions.Instance) && microsoftIdentityApplicationOptions.Authority == "//v2.0")
                 {
                     _configuration.GetSection(sectionName).Bind(microsoftIdentityApplicationOptions);

tests/E2E Tests/OidcIdPSignedAssertionProviderTests/OidcIdpSignedAssertionProviderTests.csproj

@@ -28,6 +28,7 @@
     <ProjectReference Include="..\..\..\src\Microsoft.Identity.Web\Microsoft.Identity.Web.csproj" />
     <ProjectReference Include="..\..\..\src\Microsoft.Identity.Web.Certificate\Microsoft.Identity.Web.Certificate.csproj" />
     <ProjectReference Include="..\..\..\src\Microsoft.Identity.Web.Certificateless\Microsoft.Identity.Web.Certificateless.csproj" />
+    <ProjectReference Include="..\..\Microsoft.Identity.Web.Test.Common\Microsoft.Identity.Web.Test.Common.csproj" />
   </ItemGroup>
 
   <ItemGroup>

tests/E2E Tests/OidcIdPSignedAssertionProviderTests/appsettings.json

@@ -1,7 +1,9 @@
 {
+    "$schema": "https://raw.githubusercontent.com/AzureAD/microsoft-identity-web/refs/heads/master/JsonSchemas/microsoft-identity-web.json",
     "AzureAd": {
         "Instance": "https://login.microsoftonline.com/",
         "TenantId": "msidlab4.onmicrosoft.com",
+        "ExtraQueryParameters": { "dc": "ESTS-PUB-WEULR1-AZ1-FD000-TEST1" },        
         "ClientId": "5e71875b-ae52-4a3c-8b82-f6fdc8e1dbe1", // this app is configured to trust credentials (tokens) from f6b698c0-140c-448f-8155-4aa9bf77ceba
         "ClientCredentials": [
             {
@@ -17,6 +19,8 @@
         "Instance": "https://login.microsoftonline.us/",
         "TenantId": "45ff0c17-f8b5-489b-b7fd-2fedebbec0c4",
         "ClientId": "f13080ee-01fe-48c1-8e9f-f0dd6f69ac7b",
+        "ExtraQueryParameters": { "dc": "ESTS-PUB-WEULR1-AZ1-FD000-TEST1" },
+        "SendX5C": true,
         "ClientCredentials": [
             {
                 "SourceType": "StoreWithDistinguishedName",

tests/Microsoft.Identity.Web.Test.Common/Mocks/MockHttpClientFactory.cs

@@ -8,14 +8,18 @@
 using System.Net.Http.Headers;
 using System.Runtime.InteropServices;
 using Microsoft.Identity.Client;
+using NSubstitute.Routing.Handlers;
 using Xunit;
 
 namespace Microsoft.Identity.Web.Test.Common.Mocks
 {
     /// <summary>
     /// HttpClient that serves Http responses for testing purposes. Instance Discovery is added by default.
     /// </summary>
-    public class MockHttpClientFactory : IMsalHttpClientFactory, IDisposable
+    /// <remarks>
+    /// This implements the both IHttpClientFactory, which is what ID.Web uses. And IMsalHttpClientFactory which is what MSAL uses.
+    /// </remarks>
+    public class MockHttpClientFactory : IMsalHttpClientFactory, IHttpClientFactory, IDisposable
     {
         /// <inheritdoc />
         public void Dispose()
@@ -58,5 +62,10 @@ public HttpClient GetHttpClient()
 
             return httpClient;
         }
+
+        public HttpClient CreateClient(string name)
+        {
+            return GetHttpClient();
+        }
     }
 }

tests/Microsoft.Identity.Web.Test.Common/Mocks/MockHttpMessageHandler.cs

@@ -32,6 +32,8 @@ public MockHttpMessageHandler()
 
         public Exception ExceptionToThrow { get; set; }
 
+        public string ResponseString { get; private set; }
+
         /// <summary>
         /// Once the http message is executed, this property holds the request message.
         /// </summary>
@@ -66,6 +68,8 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
                     Content = new StringContent(TestConstants.DiscoveryJsonResponse),
                 };
 
+                ResponseString = TestConstants.DiscoveryJsonResponse;
+
                 return responseMessage;
             }
 
@@ -82,7 +86,9 @@ protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage
 
             Assert.Equal(ExpectedMethod, request.Method);
             await ValidatePostDataAsync(request);
-            
+
+            // Read the content of ResponseMessage.Content into a string variable
+            ResponseString = await ResponseMessage.Content.ReadAsStringAsync();
 
             return ResponseMessage;
         }