stackoom
  简体   繁体   中英

Azure AD B2C get token programatically for unit testing

 原文  2018-03-15 19:43:54       c#/ unit-testing/ azure/ azure-functions/ azure-ad-b2c

Question

My scenario is simple I have a simple Azure Function with B2C authentication on it and I'm writing unit tests but I found an issue, I'm not able to authenticate to the azure functions programmatically.

I'm able to access through the browser and even I can grab the token and put it into the unit test and it works fine, but when I try to generate a token using the ClientID, TenantID, etc. I get a token, but 401 Unauthorized response on the Azure functions.

Is there a way to generate a valid B2C token programmatically (without login in the browser?

The approach I'm using so far: 

public static async  Task<AuthenticationResult> GetAccessToken(string resourceUri, string clientId, string clientSecret)
{
        ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);

        string aadInstance = "https://login.microsoftonline.com/";
        string tenant = "<mytenant>.onmicrosoft.com";
        string authority = string.Concat(aadInstance, tenant);
        AuthenticationContext authContext = new AuthenticationContext(authority);

        return await authContext.AcquireTokenAsync(resourceUri, clientCredential);
}

I'm getting a token (EY.......) but is not valid, when I passed to the Azure Function request, it returns 401 Unauthorized.

Thanks in advance! Ivan

2 answers

solution1
 2 ACCPTED  2018-08-28 09:53:16

A couple of months ago, Microsoft released a policy for resource owner password credentials flow, with that policy you can simulate a login passing the login details in a query as follows:

  1. Create a ROPC policy in B2C
  2. Register an application

  3. Test the policy as follows: 

      https://te.cpim.windows.net/{B2C TENANT}/{ROPC B2C POLICY}/oauth2/v2.0/token?username={USERNAME}&password={password}&grant_type=password&scope=openid+{CLIENT ID}+offline_access&client_id=[CLIENT ID]&response_type=token+id_token

You can find more detailed info here

solution2
 1  2018-03-15 23:13:13

Your unit test is acquiring a token from the Azure AD v1.0 endpoint rather than the Azure AD B2C v2.0 endpoint.

Your Azure function is expecting the token to be issued by the Azure AD B2C v2.0 endpoint.

In the short term, you can consider acquiring the token from the Azure AD B2C v2.0 endpoint by replaying the browser requests using the HttpClient class.

In the near term, support for the resource owner password credential grant by Azure AD B2C will enable your unit test to acquire a token from the Azure AD B2C v2.0 endpoint by POSTing a user credential to the endpoint.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to get Azure AD b2c sign-in logs through Microsoft Graph programatically Azure AD B2C - Wrong URL Azure AD B2C - Role management Azure Graph with B2C AD Azure AD B2C - how is username/password exchanged for id_token? Scope “scp” missing when Requesting a token in Azure AD B2C Blazor Web Assembly, OIDC and Azure AD B2C failed to handle token Azure B2C and authentication with token Azure AD B2C + Azure Mobile Apps - MobileServiceInvalidOperationException Validating JTW token generated by Azured AD B2C
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM