From 4bce2211e4bdfad6e3762d740ea402b0ac9d252d Mon Sep 17 00:00:00 2001 From: Gladwin Johnson <90415114+gladjohn@users.noreply.github.com> Date: Sat, 4 Jan 2025 07:26:36 -0800 Subject: [PATCH] Mark `WithSignedHttpRequestProofOfPossession` as experimental (#5047) shr pop exp Co-authored-by: Gladwin Johnson --- ...fidentialClientAcquireTokenParameterBuilder.cs | 2 ++ .../HeadlessTests/PoPTests.NetFwk.cs | 15 ++++++++++++++- .../Microsoft.Identity.Test.Unit/pop/PoPTests.cs | 6 ++++++ .../pop/PopAuthenticationOperationTests.cs | 1 + 4 files changed, 23 insertions(+), 1 deletion(-) diff --git a/src/client/Microsoft.Identity.Client/ApiConfig/AbstractConfidentialClientAcquireTokenParameterBuilder.cs b/src/client/Microsoft.Identity.Client/ApiConfig/AbstractConfidentialClientAcquireTokenParameterBuilder.cs index 5ae00be31e..e034b977c8 100644 --- a/src/client/Microsoft.Identity.Client/ApiConfig/AbstractConfidentialClientAcquireTokenParameterBuilder.cs +++ b/src/client/Microsoft.Identity.Client/ApiConfig/AbstractConfidentialClientAcquireTokenParameterBuilder.cs @@ -105,6 +105,8 @@ public T WithProofOfPossession(PoPAuthenticationConfiguration popAuthenticationC /// public T WithSignedHttpRequestProofOfPossession(PoPAuthenticationConfiguration popAuthenticationConfiguration) { + ValidateUseOfExperimentalFeature(); + CommonParameters.PopAuthenticationConfiguration = popAuthenticationConfiguration ?? throw new ArgumentNullException(nameof(popAuthenticationConfiguration)); CommonParameters.AuthenticationOperation = new PopAuthenticationOperation(CommonParameters.PopAuthenticationConfiguration, ServiceBundle); diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/PoPTests.NetFwk.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/PoPTests.NetFwk.cs index 6f49f3ded2..bfe661bfca 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/PoPTests.NetFwk.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/PoPTests.NetFwk.cs @@ -80,6 +80,7 @@ public async Task HappyPath_Async() .Create(settings.ClientId) .WithAuthority(settings.Authority) .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) .WithTestLogging() .Build(); @@ -107,6 +108,7 @@ private async Task BearerAndPoP_CanCoexist_Async() var cca = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) .WithTestLogging() .WithAuthority(settings.Authority).Build(); ConfigureInMemoryCache(cca); @@ -155,7 +157,9 @@ private async Task MultipleKeys_Async() var cca = ConfidentialClientApplicationBuilder.Create(settings.ClientId) .WithTestLogging() .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()).Build(); + .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) + .Build(); ConfigureInMemoryCache(cca); var result = await cca @@ -176,6 +180,7 @@ private async Task MultipleKeys_Async() .Create(settings.ClientId) .WithAuthority(settings.Authority) .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) .WithHttpClientFactory(new NoAccessHttpClientFactory()) // token should be served from the cache, no network access necessary .Build(); ConfigureInMemoryCache(cca); @@ -221,6 +226,7 @@ public async Task PopTestWithConfigObjectAsync() .Create(settings.ClientId) .WithAuthority(settings.Authority) .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) .WithTestLogging() .Build(); @@ -257,6 +263,7 @@ public async Task PopTestWithRSAAsync() .Create(settings.ClientId) .WithAuthority(settings.Authority) .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) .Build(); //RSA provider @@ -294,6 +301,7 @@ public async Task ROPC_PopTestWithRSAAsync() .Create(settings.ClientId) .WithAuthority(settings.Authority) .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) .Build(); //RSA provider @@ -324,6 +332,7 @@ public async Task PopTest_ExternalWilsonSigning_Async() .Create(settings.ClientId) .WithAuthority(settings.Authority) .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) .Build(); // Create an RSA key Wilson style (SigningCredentials) @@ -389,6 +398,7 @@ public async Task PopTestWithECDAsync() .Create(settings.ClientId) .WithAuthority(settings.Authority) .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) .Build(); //ECD Provider @@ -520,6 +530,7 @@ public async Task InMemoryCryptoProvider_AlgIsPS256() .Create(settings.ClientId) .WithAuthority(settings.Authority) .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) .Build(); // Create a new InMemoryCryptoProvider and get its JWK @@ -572,6 +583,7 @@ public async Task InMemoryCryptoProvider_WithGraph() .Create(settings.ClientId) .WithAuthority(settings.Authority) .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) .Build(); // Create a new InMemoryCryptoProvider and get its JWK @@ -659,6 +671,7 @@ public async Task PoPToken_ShouldHaveCorrectAlgorithm_PS256_Async() .Create(settings.ClientId) .WithAuthority(settings.Authority) .WithClientSecret(settings.GetSecret()) + .WithExperimentalFeatures(true) .Build(); var popConfig = new PoPAuthenticationConfiguration(new Uri(ProtectedUrl)) diff --git a/tests/Microsoft.Identity.Test.Unit/pop/PoPTests.cs b/tests/Microsoft.Identity.Test.Unit/pop/PoPTests.cs index 0536b148b7..1fb27b4cad 100644 --- a/tests/Microsoft.Identity.Test.Unit/pop/PoPTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/pop/PoPTests.cs @@ -58,6 +58,7 @@ public async Task POP_ShrValidation_Async() ConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithClientSecret(TestConstants.ClientSecret) + .WithExperimentalFeatures(true) .WithHttpManager(httpManager) .BuildConcrete(); @@ -91,6 +92,7 @@ public async Task POP_NoHttpRequest_Async() ConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithClientSecret(TestConstants.ClientSecret) + .WithExperimentalFeatures(true) .WithHttpManager(httpManager) .BuildConcrete(); @@ -128,6 +130,7 @@ public async Task POP_WithCustomNonce_Async() ConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithClientSecret(TestConstants.ClientSecret) + .WithExperimentalFeatures(true) .WithHttpManager(httpManager) .BuildConcrete(); @@ -403,6 +406,7 @@ public async Task CacheKey_Includes_POPKid_Async() ConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithClientSecret(TestConstants.ClientSecret) + .WithExperimentalFeatures(true) .WithHttpManager(httpManager) .BuildConcrete(); var testTimeService = new TestTimeService(); @@ -579,6 +583,7 @@ public async Task POP_SignatureValidationWithPS256_Async() ConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithClientSecret(TestConstants.ClientSecret) + .WithExperimentalFeatures(true) .WithHttpManager(httpManager) .BuildConcrete(); @@ -647,6 +652,7 @@ public async Task TokenGenerationAndValidation_Async() { ConfidentialClientApplication app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithClientSecret(TestConstants.ClientSecret) + .WithExperimentalFeatures(true) .WithHttpManager(httpManager) .BuildConcrete(); diff --git a/tests/Microsoft.Identity.Test.Unit/pop/PopAuthenticationOperationTests.cs b/tests/Microsoft.Identity.Test.Unit/pop/PopAuthenticationOperationTests.cs index 7cacc8c614..71178fa9ad 100644 --- a/tests/Microsoft.Identity.Test.Unit/pop/PopAuthenticationOperationTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/pop/PopAuthenticationOperationTests.cs @@ -114,6 +114,7 @@ public async Task ValidateKeyExpirationAsync() var app = ConfidentialClientApplicationBuilder.Create(TestConstants.ClientId) .WithHttpManager(harness.HttpManager) .WithClientSecret("some-secret") + .WithExperimentalFeatures(true) .BuildConcrete(); TokenCacheHelper.PopulateCache(app.AppTokenCacheInternal.Accessor);