Support AAD on MSA accounts

2019-01-03 16:07:49 -05:00 · 2019-01-03 16:07:49 -05:00 · 03861a9e2e
--- a/AzureDevOps.Authentication/Src/MsaAuthentication.cs
+++ b/AzureDevOps.Authentication/Src/MsaAuthentication.cs
@ -33,16 +33,13 @@ namespace AzureDevOps.Authentication

    public sealed class MsaAuthentication : Authentication, IMsaAuthentication
    {
-        public const string DefaultAuthorityHost = AzureDevOps.Authentication.Authority.AuthorityHostUrlBase + "/live.com";
-        internal const string QueryParameters = "domain_hint=live.com&display=popup&site_id=501454&nux=1";
-
        public MsaAuthentication(
            RuntimeContext context,
            TokenScope tokenScope,
            ICredentialStore personalAccessTokenStore)
            : base(context, tokenScope, personalAccessTokenStore)
        {
-            Authority = new Authority(context, DefaultAuthorityHost);
+            Authority = new Authority(context, AzureDevOps.Authentication.Authority.DefaultAuthorityHostUrl);
        }

        /// <summary>
@ -79,7 +76,12 @@ namespace AzureDevOps.Authentication
            try
            {
                Token token;
-                if ((token = await Authority.InteractiveAcquireToken(targetUri, ClientId, Resource, new Uri(RedirectUrl), QueryParameters)) != null)
+                if ((token = await Authority.InteractiveAcquireToken(
+                    targetUri,
+                    ClientId,
+                    Resource,
+                    new Uri(RedirectUrl),
+                    queryParameters: null)) != null)
                {
                    Trace.WriteLine($"token '{targetUri}' successfully acquired.");

@ -109,7 +111,12 @@ namespace AzureDevOps.Authentication
            try
            {
                Token token;
-                if ((token = await Authority.InteractiveAcquireToken(targetUri, ClientId, Resource, new Uri(RedirectUrl), QueryParameters)) != null)
+                if ((token = await Authority.InteractiveAcquireToken(
+                    targetUri,
+                    ClientId,
+                    Resource,
+                    new Uri(RedirectUrl),
+                    queryParameters: null)) != null)
                {
                    Trace.WriteLine($"token '{targetUri}' successfully acquired.");

--- a/AzureDevOps.Authentication/Test/MsaTests.cs
+++ b/AzureDevOps.Authentication/Test/MsaTests.cs
@ -109,7 +109,7 @@ namespace AzureDevOps.Authentication.Test
        {
            ICredentialStore tokenStore1 = new SecretCache(context, @namespace + 1, Secret.UriToIdentityUrl);
            ITokenStore tokenStore2 = new SecretCache(context, @namespace + 2, Secret.UriToIdentityUrl);
-            IAuthority liveAuthority = new AuthorityFake(MsaAuthentication.QueryParameters);
+            IAuthority liveAuthority = new AuthorityFake(null);
            return new MsaAuthentication(context, tokenStore1, tokenStore2, liveAuthority);
        }
    }
--- a/Cli/Test/Data/AzureDevOpsLogonTests_InteractiveMsaLogonWithRevokedCredentials_Success.json
+++ b/Cli/Test/Data/AzureDevOpsLogonTests_InteractiveMsaLogonWithRevokedCredentials_Success.json
@ -3231,17 +3231,17 @@
    "Adal": {
      "Operations": [
        {
-          "AuthorityUrl": "https://login.microsoftonline.com/live.com",
+          "AuthorityUrl": "https://login.microsoftonline.com/common",
          "Error": {},
          "Input": {
            "ClientId": "872cd9fa-d31f-45e0-9eab-6e460a02d1f1",
-            "ExtraQueryParameters": "domain_hint=live.com&display=popup&site_id=501454&nux=1",
+            "ExtraQueryParameters": "",
            "Resource": "499b84ac-1321-427f-aa17-267ca6975798",
            "RedirectUrl": "urn:ietf:wg:oauth:2.0:oob"
          },
          "Result": {
            "AccessToken": "Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token",
-            "Authority": "https://login.microsoftonline.com/live.com/",
+            "Authority": "https://login.microsoftonline.com/common/",
            "TokenType": "Bearer",
            "TenantId": "9cd80435-793b-4f48-844b-6b3f37d1c1f3"
          }
--- a/Cli/Test/Data/AzureDevOpsLogonTests_InteractiveMsaLogon_Canceled.json
+++ b/Cli/Test/Data/AzureDevOpsLogonTests_InteractiveMsaLogon_Canceled.json
@ -3005,7 +3005,7 @@
    "Adal": {
      "Operations": [
        {
-          "AuthorityUrl": "https://login.microsoftonline.com/live.com",
+          "AuthorityUrl": "https://login.microsoftonline.com/common",
          "Error": {
            "Message": "User canceled authentication"
          },
@ -3013,7 +3013,7 @@
            "Resource": "499b84ac-1321-427f-aa17-267ca6975798",
            "ClientId": "872cd9fa-d31f-45e0-9eab-6e460a02d1f1",
            "RedirectUrl": "urn:ietf:wg:oauth:2.0:oob",
-            "ExtraQueryParameters": "domain_hint=live.com&display=popup&site_id=501454&nux=1"
+            "ExtraQueryParameters": ""
          },
          "Result": {}
        }
--- a/Cli/Test/Data/AzureDevOpsLogonTests_InteractiveMsaLogon_Success.json
+++ b/Cli/Test/Data/AzureDevOpsLogonTests_InteractiveMsaLogon_Success.json
@ -3670,17 +3670,17 @@
    "Adal": {
      "Operations": [
        {
-          "AuthorityUrl": "https://login.microsoftonline.com/live.com",
+          "AuthorityUrl": "https://login.microsoftonline.com/common",
          "Error": {},
          "Input": {
            "ClientId": "872cd9fa-d31f-45e0-9eab-6e460a02d1f1",
-            "ExtraQueryParameters": "domain_hint=live.com&display=popup&site_id=501454&nux=1",
+            "ExtraQueryParameters": "",
            "Resource": "499b84ac-1321-427f-aa17-267ca6975798",
            "RedirectUrl": "urn:ietf:wg:oauth:2.0:oob"
          },
          "Result": {
            "AccessToken": "Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token;Fake+Token",
-            "Authority": "https://login.microsoftonline.com/live.com/",
+            "Authority": "https://login.microsoftonline.com/common/",
            "TokenType": "Bearer",
            "TenantId": "9cd80435-793b-4f48-844b-6b3f37d1c1f3"
          }