diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs index a0f4cf5d0..dc966f12a 100644 --- a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs +++ b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs @@ -1068,11 +1068,6 @@ private async Task BuildConfidentialClientApplic enablePiiLogging: mergedOptions.ConfidentialClientApplicationOptions.EnablePiiLogging) .WithExperimentalFeatures(); - if (_tokenCacheProvider is MsalMemoryTokenCacheProvider) - { - builder.WithCacheOptions(CacheOptions.EnableSharedCacheOptions); - } - string? currentUri = _tokenAcquisitionHost.GetCurrentRedirectUri(mergedOptions); // The redirect URI is not needed for OBO @@ -1163,11 +1158,8 @@ await builder.WithClientCredentialsAsync( NotifyCertificateSelection(mergedOptions, app, CerticateObserverAction.Selected, null); // Initialize token cache providers - if (!(_tokenCacheProvider is MsalMemoryTokenCacheProvider)) - { - _tokenCacheProvider.Initialize(app.AppTokenCache); - _tokenCacheProvider.Initialize(app.UserTokenCache); - } + _tokenCacheProvider.Initialize(app.AppTokenCache); + _tokenCacheProvider.Initialize(app.UserTokenCache); return app; } @@ -1664,7 +1656,7 @@ private void Log( /// Temporary. Replace with Builder.WithClientAssertion when MSAL.NET supports it. /// private static bool OverrideClientAssertionIfNeeded(TokenAcquisitionOptions? tokenAcquisitionOptions, AbstractConfidentialClientAcquireTokenParameterBuilder builder) - where T: AbstractAcquireTokenParameterBuilder + where T : AbstractAcquireTokenParameterBuilder { if (tokenAcquisitionOptions == null || tokenAcquisitionOptions.ExtraParameters == null) { diff --git a/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs b/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs index c93a0b8ae..0558a05d3 100644 --- a/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs +++ b/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs @@ -141,7 +141,7 @@ public async Task VerifyCorrectAuthorityUsedInTokenAcquisition_B2CAuthorityTests Assert.Equal(expectedAuthority, app.Authority); } - + [Theory] [InlineData("https://localhost:1234")] [InlineData("")] diff --git a/tests/Microsoft.Identity.Web.Test/TokenAcquisitionTests.cs b/tests/Microsoft.Identity.Web.Test/TokenAcquisitionTests.cs index 65e4ee2d1..c6b168cf3 100644 --- a/tests/Microsoft.Identity.Web.Test/TokenAcquisitionTests.cs +++ b/tests/Microsoft.Identity.Web.Test/TokenAcquisitionTests.cs @@ -6,14 +6,20 @@ using System.Net.Http; using System.Threading; using System.Threading.Tasks; +using Microsoft.AspNetCore.Authentication.OpenIdConnect; +using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Logging; +using Microsoft.Extensions.Options; using Microsoft.Identity.Abstractions; using Microsoft.Identity.Client; using Microsoft.Identity.Web.Test.Common; using Microsoft.Identity.Web.Test.Common.Mocks; +using Microsoft.Identity.Web.Test.Common.TestHelpers; using Microsoft.Identity.Web.TestOnly; +using Microsoft.Identity.Web.TokenCacheProviders.InMemory; using Xunit; - +using TC = Microsoft.Identity.Web.Test.Common.TestConstants; namespace Microsoft.Identity.Web.Test { @@ -126,6 +132,71 @@ public async Task ExtraBodyParametersAreSentToEndpointTest() Assert.Equal("Bearer header.payload.signature", result); } + // https://github.com/AzureAD/microsoft-identity-web/issues/3237 + [Fact] + public async Task TokenAcquisitionUsesMemoryCacheWhenConfigured() + { + // Arrange + var microsoftIdentityOptionsMonitor = new TestOptionsMonitor(new MicrosoftIdentityOptions + { + Authority = TC.AuthorityCommonTenant, + ClientId = TC.ConfidentialClientId, + CallbackPath = string.Empty, + }); + + var applicationOptionsMonitor = new TestOptionsMonitor(new ConfidentialClientApplicationOptions + { + Instance = TC.AadInstance, + RedirectUri = "https://localhost:1234", + ClientSecret = TC.ClientSecret, + }); + + var services = new ServiceCollection(); + services.AddTransient( + provider => microsoftIdentityOptionsMonitor); + services.AddTransient( + provider => applicationOptionsMonitor); + services.Configure(options => { }); + services.AddTokenAcquisition(); + services.AddLogging(); + services.AddAuthentication(); + services.AddSingleton(); + services.AddMemoryCache(); + var provider = services.BuildServiceProvider(); + + + MergedOptions mergedOptions = provider.GetRequiredService().Get(OpenIdConnectDefaults.AuthenticationScheme); + MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityOptions(microsoftIdentityOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions); + MergedOptions.UpdateMergedOptionsFromConfidentialClientApplicationOptions(applicationOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions); + + var credentialsLoader = new DefaultCredentialsLoader(); + var tokenAcquisitionAspnetCoreHost = new TokenAcquisitionAspnetCoreHost( + MockHttpContextAccessor.CreateMockHttpContextAccessor(), + provider.GetService()!, + provider); + var tokenAcquisition = new TokenAcquisitionAspNetCore( + new MsalTestTokenCacheProvider( + provider.GetService()!, + provider.GetService>()!), + provider.GetService()!, + provider.GetService>()!, + tokenAcquisitionAspnetCoreHost, + provider, + credentialsLoader); + var mockHttpClient = provider.GetRequiredService() as MockHttpClientFactory; + + IConfidentialClientApplication app = await tokenAcquisition.GetOrBuildConfidentialClientApplicationAsync(mergedOptions); + mockHttpClient!.AddMockHandler(MockHttpCreator.CreateClientCredentialTokenHandler()); + + // Act + var result = await app.AcquireTokenForClient(new[] { "r" }).ExecuteAsync(); + + // Assert + Assert.Equal(TokenSource.IdentityProvider, result.AuthenticationResultMetadata.TokenSource); + IMemoryCache memoryCache = provider.GetService()!; + Assert.Equal(1, (memoryCache as MemoryCache)!.Count); // this proves that MemoryCache is used + } + private TokenAcquirerFactory InitTokenAcquirerFactory() { TokenAcquirerFactoryTesting.ResetTokenAcquirerFactoryInTest();