Merge pull request #53 from OneDrive/dev

Authentication and exception handling bug fixes

Author: ginach

samples/OneDriveApiBrowser/FormBrowser.cs

@@ -330,7 +330,7 @@ private async Task SignIn(ClientType clientType)
                     }
                     else
                     {
-                        throw;
+                        PresentOneDriveException(exception);
                     }
                 }
             }
@@ -473,10 +473,15 @@ await this.oneDriveClient.Drive.Items[this.SelectedItem.Id].Children.Request()
 
         private static void PresentOneDriveException(Exception exception)
         {
-            string message = exception.Message;
-            if (string.IsNullOrEmpty(message) && exception.InnerException != null)
+            string message = null;
+            var oneDriveException = exception as OneDriveException;
+            if (oneDriveException == null)
             {
-                message = exception.InnerException.Message;
+                message = exception.Message;
+            }
+            else
+            {
+                message = string.Format("{0}{1}", Environment.NewLine, oneDriveException.ToString());
             }
 
             MessageBox.Show(string.Format("OneDrive reported the following error: {0}", message));

src/OneDriveSdk.Common/Authentication/AdalAuthenticationProviderBase.cs

@@ -27,6 +27,7 @@ namespace Microsoft.OneDrive.Sdk
     using System.Net.Http;
     using System.Net.Http.Headers;
     using System.Threading.Tasks;
+    using Microsoft.IdentityModel.Clients.ActiveDirectory;
 
     public abstract class AdalAuthenticationProviderBase : IAuthenticationProvider
     {
@@ -161,6 +162,13 @@ protected void DeleteUserCredentialsFromCache(AccountSession accountSession)
             }
         }
 
+        protected UserIdentifier GetUserIdentifierForAuthentication()
+        {
+            return string.IsNullOrEmpty(this.serviceInfo.UserId)
+                ? UserIdentifier.AnyUser
+                : new UserIdentifier(this.serviceInfo.UserId, UserIdentifierType.OptionalDisplayableId);
+        }
+
         private async Task<string> GetAuthenticationTokenForResourceAsync(string resource)
         {
             var authenticationResult = await this.AuthenticateResourceAsync(resource);

src/OneDriveSdk.WinRT/Authentication/AdalAuthenticationProvider.cs

@@ -60,10 +60,11 @@ public override async Task SignOutAsync()
         protected override async Task<IAuthenticationResult> AuthenticateResourceAsync(string resource)
         {
             IAuthenticationResult authenticationResult = null;
+            var userIdentifier = this.GetUserIdentifierForAuthentication();
 
             try
             {
-                authenticationResult = await this.authenticationContextWrapper.AcquireTokenSilentAsync(resource, this.serviceInfo.AppId);
+                authenticationResult = await this.authenticationContextWrapper.AcquireTokenSilentAsync(resource, this.serviceInfo.AppId, userIdentifier);
             }
             catch (Exception)
             {
@@ -78,7 +79,9 @@ protected override async Task<IAuthenticationResult> AuthenticateResourceAsync(s
             authenticationResult = await this.authenticationContextWrapper.AcquireTokenAsync(
                 resource,
                 this.ServiceInfo.AppId,
-                new Uri(this.ServiceInfo.ReturnUrl));
+                new Uri(this.ServiceInfo.ReturnUrl),
+                PromptBehavior.Auto,
+                userIdentifier);
 
             if (authenticationResult == null || authenticationResult.Status != AuthenticationStatus.Success)
             {

src/OneDriveSdk.WinRT/Authentication/AuthenticationContextWrapper.cs

@@ -41,16 +41,37 @@ public AuthenticationContextWrapper(string serviceUrl, bool validateAuthority, T
             this.authenticationContext = new AuthenticationContext(serviceUrl, validateAuthority, tokenCache);
         }
 
-        public async Task<IAuthenticationResult> AcquireTokenSilentAsync(string resource, string clientId)
+        /// <summary>
+        /// Authenticates the user silently using <see cref="AuthenticationContext.AcquireToken(string, string, UserIdentifier)"/>.
+        /// </summary>
+        /// <param name="resource">The resource to authenticate against.</param>
+        /// <param name="clientId">The client ID of the application.</param>
+        /// <param name="userIdentifier">The <see cref="UserIdentifier"/> for authentication.</param>
+        /// <returns>The <see cref="IAuthenticationResult"/>.</returns>
+        public async Task<IAuthenticationResult> AcquireTokenSilentAsync(string resource, string clientId, UserIdentifier userIdentifier)
         {
-            var result = await this.authenticationContext.AcquireTokenSilentAsync(resource, clientId);
+            var result = await this.authenticationContext.AcquireTokenSilentAsync(resource, clientId, userIdentifier);
 
             return result == null ? null : new AuthenticationResultWrapper(result);
         }
 
-        public async Task<IAuthenticationResult> AcquireTokenAsync(string resource, string clientId, Uri redirectUri)
+        /// <summary>
+        /// Authenticates the user using <see cref="AuthenticationContext.AcquireTokenAsync(string, string, Uri, PromptBehavior, UserIdentifier)"/>.
+        /// </summary>
+        /// <param name="resource">The resource to authenticate against.</param>
+        /// <param name="clientId">The client ID of the application.</param>
+        /// <param name="redirectUri">The redirect URI of the application.</param>
+        /// <param name="promptBehavior">The <see cref="PromptBehavior"/> for authentication.</param>
+        /// <param name="userIdentifier">The <see cref="UserIdentifier"/> for authentication.</param>
+        /// <returns>The <see cref="IAuthenticationResult"/>.</returns>
+        public async Task<IAuthenticationResult> AcquireTokenAsync(
+            string resource,
+            string clientId,
+            Uri redirectUri,
+            PromptBehavior promptBehavior,
+            UserIdentifier userIdentifier)
         {
-            var result = await this.authenticationContext.AcquireTokenAsync(resource, clientId, redirectUri);
+            var result = await this.authenticationContext.AcquireTokenAsync(resource, clientId, redirectUri, promptBehavior, userIdentifier);
 
             return result == null ? null : new AuthenticationResultWrapper(result);
         }

src/OneDriveSdk.WinRT/Authentication/IAuthenticationContextWrapper.cs

@@ -22,13 +22,30 @@
 
 namespace Microsoft.OneDrive.Sdk
 {
+    using IdentityModel.Clients.ActiveDirectory;
     using System;
     using System.Threading.Tasks;
 
     public interface IAuthenticationContextWrapper
     {
-        Task<IAuthenticationResult> AcquireTokenSilentAsync(string resource, string clientId);
+        /// <summary>
+        /// Authenticates the user silently using <see cref="AuthenticationContext.AcquireToken(string, string, UserIdentifier)"/>.
+        /// </summary>
+        /// <param name="resource">The resource to authenticate against.</param>
+        /// <param name="clientId">The client ID of the application.</param>
+        /// <param name="userIdentifier">The <see cref="UserIdentifier"/> for authentication.</param>
+        /// <returns>The <see cref="IAuthenticationResult"/>.</returns>
+        Task<IAuthenticationResult> AcquireTokenSilentAsync(string resource, string clientId, UserIdentifier userIdentifier);
 
-        Task<IAuthenticationResult> AcquireTokenAsync(string resource, string clientId, Uri redirectUri);
+        /// <summary>
+        /// Authenticates the user using <see cref="AuthenticationContext.AcquireTokenAsync(string, string, Uri, PromptBehavior, UserIdentifier)"/>.
+        /// </summary>
+        /// <param name="resource">The resource to authenticate against.</param>
+        /// <param name="clientId">The client ID of the application.</param>
+        /// <param name="redirectUri">The redirect URI of the application.</param>
+        /// <param name="promptBehavior">The <see cref="PromptBehavior"/> for authentication.</param>
+        /// <param name="userIdentifier">The <see cref="UserIdentifier"/> for authentication.</param>
+        /// <returns>The <see cref="IAuthenticationResult"/>.</returns>
+        Task<IAuthenticationResult> AcquireTokenAsync(string resource, string clientId, Uri redirectUri, PromptBehavior promptBehavior, UserIdentifier userIdentifier);
     }
 }

src/OneDriveSdk.WinStore/Authentication/WebAuthenticationBrokerAuthenticationProvider.cs

@@ -23,6 +23,7 @@
 namespace Microsoft.OneDrive.Sdk
 {
     using System;
+    using System.Net;
     using System.Text;
     using System.Threading.Tasks;
     using Windows.Security.Authentication.Web;
@@ -65,28 +66,22 @@ protected override Task<AccountSession> GetAuthenticationResultAsync()
 
         internal async Task<AccountSession> GetAccountSessionAsync()
         {
-            var returnUrlForRequest = string.IsNullOrEmpty(this.ServiceInfo.ReturnUrl)
+            var returnUrl = string.IsNullOrEmpty(this.ServiceInfo.ReturnUrl)
                 ? WebAuthenticationBroker.GetCurrentApplicationCallbackUri().ToString()
                 : this.ServiceInfo.ReturnUrl;
 
-            var requestUriStringBuilder = new StringBuilder();
-            requestUriStringBuilder.Append(this.ServiceInfo.AuthenticationServiceUrl);
-            requestUriStringBuilder.AppendFormat("?{0}={1}", Constants.Authentication.RedirectUriKeyName, returnUrlForRequest);
-            requestUriStringBuilder.AppendFormat("&{0}={1}", Constants.Authentication.ClientIdKeyName, this.ServiceInfo.AppId);
-            requestUriStringBuilder.AppendFormat("&{0}={1}", Constants.Authentication.ScopeKeyName, string.Join("%20", this.ServiceInfo.Scopes));
-            requestUriStringBuilder.AppendFormat("&{0}={1}", Constants.Authentication.ResponseTypeKeyName, Constants.Authentication.TokenResponseTypeValueName);
-
-            var requestUri = new Uri(requestUriStringBuilder.ToString());
+            // Log the user in if we haven't already pulled their credentials from the cache.
+            var code = await this.GetAuthorizationCodeAsync(returnUrl);
 
-            var authenticationResponseValues = await this.ServiceInfo.WebAuthenticationUi.AuthenticateAsync(
-                requestUri,
-                string.IsNullOrEmpty(this.ServiceInfo.ReturnUrl)
-                    ? null
-                    : new Uri(this.ServiceInfo.ReturnUrl));
+            if (!string.IsNullOrEmpty(code))
+            {
+                var authResult = await this.SendTokenRequestAsync(this.GetCodeRedemptionRequestBody(code, returnUrl));
+                authResult.CanSignOut = true;
 
-            OAuthErrorHandler.ThrowIfError(authenticationResponseValues);
+                return authResult;
+            }
 
-            return new AccountSession(authenticationResponseValues, this.ServiceInfo.AppId, AccountType.MicrosoftAccount) { CanSignOut = true };
+            return null;
         }
     }
 }

src/OneDriveSdk.WinStore/Authentication/WebAuthenticationBrokerWebAuthenticationUi.cs

@@ -45,7 +45,7 @@ public async Task<IDictionary<string, string>> AuthenticateAsync(Uri requestUri,
             {
                 result = await this.AuthenticateAsync(requestUri, callbackUri, WebAuthenticationOptions.SilentMode);
             }
-            catch (Exception exception)
+            catch (Exception)
             {
                 // WebAuthenticationBroker can throw an exception in silent authentication mode when not using SSO and
                 // silent authentication isn't available. Swallow it and try authenticating with user prompt. Even if

src/OneDriveSdk.WindowsForms/Authentication/AdalAuthenticationProvider.cs

@@ -64,12 +64,13 @@ protected override async Task<IAuthenticationResult> AuthenticateResourceAsync(s
         {
             IAuthenticationResult authenticationResult = null;
             var clientCredential = string.IsNullOrEmpty(this.serviceInfo.ClientSecret) ? null : new ClientCredential(this.serviceInfo.AppId, this.serviceInfo.ClientSecret);
+            var userIdentifier = this.GetUserIdentifierForAuthentication();
 
             try
             {
                 authenticationResult = clientCredential == null
                     ? await this.authenticationContextWrapper.AcquireTokenSilentAsync(resource, this.serviceInfo.AppId)
-                    : await this.authenticationContextWrapper.AcquireTokenSilentAsync(resource, clientCredential, UserIdentifier.AnyUser);
+                    : await this.authenticationContextWrapper.AcquireTokenSilentAsync(resource, clientCredential, userIdentifier);
             }
             catch (Exception)
             {
@@ -88,7 +89,8 @@ protected override async Task<IAuthenticationResult> AuthenticateResourceAsync(s
                         resource,
                         this.ServiceInfo.AppId,
                         new Uri(this.ServiceInfo.ReturnUrl),
-                        PromptBehavior.Always)
+                        PromptBehavior.Auto,
+                        userIdentifier)
                     : await this.authenticationContextWrapper.AcquireTokenAsync(resource, clientCredential);
             }
             catch (AdalException adalException)

src/OneDriveSdk.WindowsForms/Authentication/AuthenticationContextWrapper.cs

@@ -79,16 +79,17 @@ public async Task<IAuthenticationResult> AcquireTokenSilentAsync(string resource
         }
 
         /// <summary>
-        /// Authenticates the user silently using <see cref="AuthenticationContext.AcquireToken(string, string, Uri, PromptBehavior)"/>.
+        /// Authenticates the user using <see cref="AuthenticationContext.AcquireToken(string, string, Uri, PromptBehavior, UserIdentifier)"/>.
         /// </summary>
         /// <param name="resource">The resource to authenticate against.</param>
         /// <param name="clientId">The client ID of the application.</param>
         /// <param name="redirectUri">The redirect URI of the application.</param>
         /// <param name="promptBehavior">The <see cref="PromptBehavior"/> for authentication.</param>
+        /// <param name="userIdentifier">The <see cref="UserIdentifier"/> for authentication.</param>
         /// <returns>The <see cref="IAuthenticationResult"/>.</returns>
-        public IAuthenticationResult AcquireToken(string resource, string clientId, Uri redirectUri, PromptBehavior promptBehavior)
+        public IAuthenticationResult AcquireToken(string resource, string clientId, Uri redirectUri, PromptBehavior promptBehavior, UserIdentifier userIdentifier)
         {
-            var result = this.authenticationContext.AcquireToken(resource, clientId, redirectUri, promptBehavior);
+            var result = this.authenticationContext.AcquireToken(resource, clientId, redirectUri, promptBehavior, userIdentifier);
 
             return result == null ? null : new AuthenticationResultWrapper(result);
         }

src/OneDriveSdk.WindowsForms/Authentication/IAuthenticationContextWrapper.cs

@@ -47,14 +47,15 @@ public interface IAuthenticationContextWrapper
         Task<IAuthenticationResult> AcquireTokenSilentAsync(string resource, ClientCredential clientCredential, UserIdentifier userIdentifier);
 
         /// <summary>
-        /// Authenticates the user silently using <see cref="AuthenticationContext.AcquireToken(string, string, Uri, PromptBehavior)"/>.
+        /// Authenticates the user silently using <see cref="AuthenticationContext.AcquireToken(string, string, Uri, PromptBehavior, UserIdentifier)"/>.
         /// </summary>
         /// <param name="resource">The resource to authenticate against.</param>
         /// <param name="clientId">The client ID of the application.</param>
         /// <param name="redirectUri">The redirect URI of the application.</param>
         /// <param name="promptBehavior">The <see cref="PromptBehavior"/> for authentication.</param>
+        /// <param name="userIdentifier">The <see cref="UserIdentifier"/> for authentication.</param>
         /// <returns>The <see cref="IAuthenticationResult"/>.</returns>
-        IAuthenticationResult AcquireToken(string resource, string clientId, Uri redirectUri, PromptBehavior promptBehavior);
+        IAuthenticationResult AcquireToken(string resource, string clientId, Uri redirectUri, PromptBehavior promptBehavior, UserIdentifier userIdentifier);
 
         /// <summary>
         /// Authenticates the user silently using <see cref="AuthenticationContext.AcquireTokenAsync(string, ClientCredential)"/>.