AzureAD · jennyf19 · Mar 20, 2023 · Mar 19, 2023
@@ -63,14 +63,11 @@ protected MicrosoftIdentityAuthenticationMessageHandlerOptions GetOptionsForRequ
             return options;
         }
 
-        private static void CreateProofOfPossessionConfiguration(MicrosoftIdentityAuthenticationMessageHandlerOptions options, Uri apiUri, HttpMethod method)
+        internal static void CreateProofOfPossessionConfiguration(MicrosoftIdentityAuthenticationMessageHandlerOptions options, Uri apiUri, HttpMethod method)
         {
             if (options.IsProofOfPossessionRequest)
             {
-                if (options.TokenAcquisitionOptions == null)
-                {
-                    options.TokenAcquisitionOptions = new TokenAcquisitionOptions();
-                }
+                options.TokenAcquisitionOptions ??= new TokenAcquisitionOptions();
 
                 options.TokenAcquisitionOptions.PoPConfiguration = new PoPAuthenticationConfiguration(apiUri)
                 {

@@ -92,5 +92,28 @@ public void DecodeToBytes_InvalidBase64UrlStringLength_ThrowsException()
             var exception = Assert.Throws<ArgumentException>(decodeAction);
             Assert.Equal(IDWebErrorMessage.InvalidBase64UrlString + " (Parameter 'str')", exception.Message);
         }
+
+        [Fact]
+        public void EncodeString_TakesStringArgument_ReturnsEncodedString()
+        {
+            // Arrange
+            var input = "Hello, world!";
+
+            // Act
+            string? result = Base64UrlHelpers.EncodeString(input);
+
+            // Assert
+            Assert.NotEmpty(result!);
+        }
+
+        [Fact]
+        public void DecodeBytes_TakesNullArgument_ReturnsNull()
+        {
+            // Arrange & Act
+            var result = Base64UrlHelpers.DecodeBytes(null);
+
+            // Assert
+            Assert.Null(result);
+        }
     }
 }
@@ -0,0 +1,56 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using Xunit;
+
+namespace Microsoft.Identity.Web.Test
+{
+    public class CertificateLessOptionsTests
+    {
+        [Fact]
+        public void IsEnabled_DefaultValue_IsFalse()
+        {
+            // Arrange
+            var options = new CertificatelessOptions();
+
+            // Act/Assert
+            Assert.False(options.IsEnabled);
+        }
+
+        [Fact]
+        public void IsEnabled_SetValue_GetsValue()
+        {
+            // Arrange
+            var options = new CertificatelessOptions
+            {
+                IsEnabled = true
+            };
+
+            // Act/Assert
+            Assert.True(options.IsEnabled);
+        }
+
+        [Fact]
+        public void ManagedIdentityClientId_DefaultValue_IsNull()
+        {
+            // Arrange
+            var options = new CertificatelessOptions();
+
+            // Act/Assert
+            Assert.Null(options.ManagedIdentityClientId);
+        }
+
+        [Fact]
+        public void ManagedIdentityClientId_SetValue_GetsValue()
+        {
+            // Arrange
+            var options = new CertificatelessOptions
+            {
+                ManagedIdentityClientId = "client_id"
+            };
+
+            // Act/Assert
+            Assert.Equal("client_id", options.ManagedIdentityClientId);
+        }
+    }
+}
@@ -40,5 +40,20 @@ public async Task TestClientAssertion()
             assertion = await clientAssertionDescription.GetSignedAssertion(CancellationToken.None).ConfigureAwait(false);
             Assert.Equal("2", assertion);
         }
+
+        [Fact]
+        public void Constructor_ValidInput_SetsProperties()
+        {
+            // Arrange
+            var signedAssertion = "assertion";
+            var expiry = DateTimeOffset.Now.AddDays(1);
+
+            // Act
+            var assertion = new ClientAssertion(signedAssertion, expiry);
+
+            // Assert
+            Assert.Equal(signedAssertion, assertion.SignedAssertion);
+            Assert.Equal(expiry, assertion.Expiry);
+        }
     }
 }
@@ -0,0 +1,51 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using System.Net.Http;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Identity.Web.TokenCacheProviders.InMemory;
+using Xunit;
+
+namespace Microsoft.Identity.Web.Test
+{
+    public class DefaultMicrosoftIdentityAuthDelegatingHandlerFactoryTests
+    {
+        private IServiceProvider InitializeServiceCollection()
+        {
+            var services = new ServiceCollection();
+            services.AddTokenAcquisition();
+            services.AddInMemoryTokenCaches();
+            services.AddHttpClient();
+            return services.BuildServiceProvider();
+        }
+
+            [Fact]
+        public void CreateAppHandler_Should_Return_MicrosoftIdentityAppAuthenticationMessageHandler()
+        {
+            // Arrange
+            var factory = new DefaultMicrosoftIdentityAuthenticationDelegatingHandlerFactory(InitializeServiceCollection());
+            string serviceName = "test-service";
+
+            // Act
+            DelegatingHandler handler = factory.CreateAppHandler(serviceName);
+
+            // Assert
+            Assert.IsType<MicrosoftIdentityAppAuthenticationMessageHandler>(handler);
+        }
+
+        [Fact]
+        public void CreateUserHandler_Should_Return_MicrosoftIdentityUserAuthenticationMessageHandler()
+        {
+            // Arrange
+            var factory = new DefaultMicrosoftIdentityAuthenticationDelegatingHandlerFactory(InitializeServiceCollection());
+            string serviceName = "test-service";
+
+            // Act
+            DelegatingHandler handler = factory.CreateUserHandler(serviceName);
+
+            // Assert
+            Assert.IsType<MicrosoftIdentityUserAuthenticationMessageHandler>(handler);
+        }
+    }
+}
@@ -3,7 +3,6 @@
 
 using System.Collections.Generic;
 using System.Linq;
-using Microsoft.Graph.SecurityNamespace;
 using Microsoft.Identity.Abstractions;
 using Xunit;
 

@@ -31,7 +31,7 @@
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net472'">
     <!-- Special need for Microsoft.Extensions.Hosting.Host which is only available from 3.1-->
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="3.1"/>
+    <PackageReference Include="Microsoft.Extensions.Hosting" Version="3.1" />
   </ItemGroup>
 
   <ItemGroup Condition="'$(TargetFramework)' == 'net472' Or '$(TargetFramework)' == 'net462'">

@@ -173,6 +173,73 @@ public async Task MicrosoftIdentityAuthenticationMessageHandler_Replaces_Authori
             Assert.Equal($"Bearer {_authenticationResult.AccessToken}", _mockedMessageHandler.Requests[0].Headers.GetValues(Constants.Authorization).ElementAt(0));
         }
 
+        [Fact]
+        public void CreateProofOfPossessionConfiguration_WithProofOfPossessionRequest_SetsTokenAcquisitionOptions()
+        {
+            // Arrange
+            var options = new MicrosoftIdentityAuthenticationMessageHandlerOptions
+            {
+                IsProofOfPossessionRequest = true
+            };
+            var httpPath = new Uri("https://api.example.com");
+            var method = HttpMethod.Post;
+
+            // Act
+            MicrosoftIdentityAuthenticationBaseMessageHandler.CreateProofOfPossessionConfiguration(options, httpPath, method);
+
+            // Assert
+            Assert.NotNull(options.TokenAcquisitionOptions);
+            Assert.NotNull(options.TokenAcquisitionOptions.PoPConfiguration);
+            Assert.Equal(httpPath.AbsolutePath, options.TokenAcquisitionOptions.PoPConfiguration.HttpPath);
+            Assert.Equal(method, options.TokenAcquisitionOptions.PoPConfiguration.HttpMethod);
+        }
+
+        [Fact]
+        public void CreateProofOfPossessionConfiguration_WithoutProofOfPossessionRequest_DoesNotSetTokenAcquisitionOptions()
+        {
+            // Arrange
+            var options = new MicrosoftIdentityAuthenticationMessageHandlerOptions
+            {
+                IsProofOfPossessionRequest = false
+            };
+            var httpPath = new Uri("https://api.example.com");
+            var method = HttpMethod.Post;
+
+            // Act
+            MicrosoftIdentityAuthenticationBaseMessageHandler.CreateProofOfPossessionConfiguration(options, httpPath, method);
+
+            // Assert
+            Assert.NotNull(options.TokenAcquisitionOptions);
+            Assert.Null(options.TokenAcquisitionOptions.PoPConfiguration);
+        }
+
+        [Fact]
+        public void Clone_ClonesOptionsSuccessfully()
+        {
+            // Arrange
+            var options = new MicrosoftIdentityAuthenticationMessageHandlerOptions
+            {
+                Scopes = TestConstants.Scopes,
+                Tenant = TestConstants.TenantIdAsGuid,
+                UserFlow = TestConstants.B2CSignUpSignInUserFlow,
+                IsProofOfPossessionRequest = true,
+                TokenAcquisitionOptions = new TokenAcquisitionOptions { Tenant = TestConstants.B2CTenant },
+                AuthenticationScheme = "Bearer",
+            };
+
+            // Act
+            var clonedOptions = options.Clone();
+
+            // Assert
+            Assert.NotSame(clonedOptions, options);
+            Assert.Equal(options.Scopes, clonedOptions.Scopes);
+            Assert.Equal(options.Tenant, clonedOptions.Tenant);
+            Assert.Equal(options.UserFlow, clonedOptions.UserFlow);
+            Assert.Equal(options.IsProofOfPossessionRequest, clonedOptions.IsProofOfPossessionRequest);
+            Assert.Equal(options.TokenAcquisitionOptions.Tenant, clonedOptions.TokenAcquisitionOptions.Tenant);
+            Assert.Equal(options.AuthenticationScheme, clonedOptions.AuthenticationScheme);
+        }
+
         private class MockHttpMessageHandler : HttpMessageHandler
         {
             private readonly HttpStatusCode _statusCode;

@@ -211,5 +211,25 @@ public void VerifyCorrectBooleansAsync(
                 Assert.False(mergedOptions.SendX5C);
             }
         }
+
+        [Fact]
+        public void TestParseAuthorityIfNecessary()
+        {
+            // Arrange
+            MergedOptions mergedOptions = new()
+            {
+                Authority = TestConstants.AuthorityWithTenantSpecified,
+                TenantId = TestConstants.TenantIdAsGuid,
+                Instance = TestConstants.AadInstance
+            };
+
+            // Act
+            MergedOptions.ParseAuthorityIfNecessary(mergedOptions);
+
+            // Assert
+            Assert.Equal(TestConstants.AuthorityWithTenantSpecified, mergedOptions.Authority);
+            Assert.Equal(TestConstants.AadInstance, mergedOptions.Instance);
+            Assert.Equal(TestConstants.TenantIdAsGuid, mergedOptions.TenantId);
+        }
     }
 }