From f2342aa70bc3ad7d32d07cb1bd4b4f4bb9cbbe9d Mon Sep 17 00:00:00 2001 From: Saurabh Gautam Date: Mon, 2 Sep 2024 12:26:32 +0100 Subject: [PATCH 1/5] Use Azure Region for key --- src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs index 71c27e424..16adeeffd 100644 --- a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs +++ b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs @@ -198,7 +198,7 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsyn private static string GetApplicationKey(MergedOptions mergedOptions) { - return mergedOptions.Instance! + mergedOptions.ClientId; + return mergedOptions.Instance! + mergedOptions.ClientId + mergedOptions.AzureRegion; } /// From c5d991d0ac216cf2cddbe27d6f9d541d48b298eb Mon Sep 17 00:00:00 2001 From: Saurabh Gautam Date: Mon, 2 Sep 2024 12:33:10 +0100 Subject: [PATCH 2/5] Use getkey algorithm for factory class --- src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs index 16adeeffd..78836f9e3 100644 --- a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs +++ b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs @@ -198,7 +198,7 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsyn private static string GetApplicationKey(MergedOptions mergedOptions) { - return mergedOptions.Instance! + mergedOptions.ClientId + mergedOptions.AzureRegion; + return DefaultTokenAcquirerFactoryImplementation.GetKey(mergedOptions.Authority, mergedOptions.ClientId, mergedOptions.AzureRegion); } /// From ffd3ec0e38cf3e75ef17e002823b8350a6168394 Mon Sep 17 00:00:00 2001 From: Saurabh Gautam Date: Wed, 4 Sep 2024 15:46:51 +0100 Subject: [PATCH 3/5] Add comment --- .../TokenAcquisition.cs | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs index 78836f9e3..b6c02aefd 100644 --- a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs +++ b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs @@ -196,6 +196,13 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsyn } } + + /// + /// Allows creation of confidential client applications targeting regional and global authorities + /// when supporting managed identities. + /// + /// + /// private static string GetApplicationKey(MergedOptions mergedOptions) { return DefaultTokenAcquirerFactoryImplementation.GetKey(mergedOptions.Authority, mergedOptions.ClientId, mergedOptions.AzureRegion); From d53f1e0dc89c263ba5725e7a26192e0daf932cd4 Mon Sep 17 00:00:00 2001 From: Saurabh Gautam Date: Fri, 6 Sep 2024 14:44:14 +0100 Subject: [PATCH 4/5] Added comments --- .../TokenAcquisition.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs index b6c02aefd..3fb225015 100644 --- a/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs +++ b/src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs @@ -201,8 +201,8 @@ public async Task AddAccountToCacheFromAuthorizationCodeAsyn /// Allows creation of confidential client applications targeting regional and global authorities /// when supporting managed identities. /// - /// - /// + /// Merged configuration options + /// Concatenated string of authority, cliend id and azure region private static string GetApplicationKey(MergedOptions mergedOptions) { return DefaultTokenAcquirerFactoryImplementation.GetKey(mergedOptions.Authority, mergedOptions.ClientId, mergedOptions.AzureRegion); From ead197902d7b0605980490b94f4be98cf0bae749 Mon Sep 17 00:00:00 2001 From: Saurabh Gautam Date: Fri, 6 Sep 2024 15:01:37 +0100 Subject: [PATCH 5/5] Add a test case --- .../TokenAcquisitionAuthorityTests.cs | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs b/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs index 3c3204349..8f98b093e 100644 --- a/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs +++ b/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs @@ -177,6 +177,41 @@ public async Task VerifyCorrectRedirectUriAsync( } } + [Fact] + public async Task VerifyDifferentRegionsDifferentApp() + { + _microsoftIdentityOptionsMonitor = new TestOptionsMonitor(new MicrosoftIdentityOptions + { + Authority = TC.AuthorityCommonTenant, + ClientId = TC.ConfidentialClientId, + CallbackPath = string.Empty, + }); + + _applicationOptionsMonitor = new TestOptionsMonitor(new ConfidentialClientApplicationOptions + { + Instance = TC.AadInstance, + RedirectUri = "http://localhost:1729/", + ClientSecret = TC.ClientSecret, + }); + + BuildTheRequiredServices(); + MergedOptions mergedOptions = _provider.GetRequiredService().Get(OpenIdConnectDefaults.AuthenticationScheme); + MergedOptions.UpdateMergedOptionsFromMicrosoftIdentityOptions(_microsoftIdentityOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions); + MergedOptions.UpdateMergedOptionsFromConfidentialClientApplicationOptions(_applicationOptionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme), mergedOptions); + + InitializeTokenAcquisitionObjects(); + + mergedOptions.AzureRegion = "UKEast"; + + IConfidentialClientApplication appEast = await _tokenAcquisition.GetOrBuildConfidentialClientApplicationAsync(mergedOptions); + + mergedOptions.AzureRegion = "UKWest"; + + IConfidentialClientApplication appWest = await _tokenAcquisition.GetOrBuildConfidentialClientApplicationAsync(mergedOptions); + + Assert.NotSame(appEast, appWest); + } + [Theory] [InlineData(true)] [InlineData(false)]