fix #2096 auth code redemption issue

AzureAD · Mar 23, 2023 · e125746 · e125746
1 parent 5c38def
commit e125746
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 2 deletions.
diff --git a/...t.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs b/...t.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs
@@ -402,13 +402,13 @@ private static void AddMicrosoftIdentityWebAppInternal(
                 });
         }
 
-        private static void PopulateOpenIdOptionsFromMergedOptions(
+        internal static void PopulateOpenIdOptionsFromMergedOptions(
             OpenIdConnectOptions options,
             MergedOptions mergedOptions)
         {
             options.Authority = mergedOptions.Authority;
             options.ClientId = mergedOptions.ClientId;
-            options.ClientSecret = mergedOptions.ClientSecret;
+            options.ClientSecret = mergedOptions.ClientSecret ?? mergedOptions.ClientCredentials?.FirstOrDefault(c => c.CredentialType == Abstractions.CredentialType.Secret)?.ClientSecret;
             options.Configuration = mergedOptions.Configuration;
             options.ConfigurationManager = mergedOptions.ConfigurationManager;
             options.GetClaimsFromUserInfoEndpoint = mergedOptions.GetClaimsFromUserInfoEndpoint;

diff --git a/tests/Microsoft.Identity.Web.Test/PopulateOpenIdOptionsFromMergedOptionsTests.cs b/tests/Microsoft.Identity.Web.Test/PopulateOpenIdOptionsFromMergedOptionsTests.cs
@@ -0,0 +1,61 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.Linq;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.Identity.Abstractions;
+using Microsoft.Identity.Web.Test.Common;
+using Xunit;
+
+namespace Microsoft.Identity.Web.Test
+{
+    public class PopulateOpenIdOptionsFromMergedOptionsTests
+    {
+        [Theory]
+        [InlineData(false)]
+        [InlineData(true)]
+        public void PopulateOpenIdOptionsFromMergedOptions_WithValidOptions_PopulatesAllProperties(bool withCredentialDescription)
+        {         
+            // Arrange
+            var options = new OpenIdConnectOptions();
+            var mergedOptions = new MergedOptions
+            {
+                Authority = TestConstants.AuthorityCommonTenant,
+                ClientId = TestConstants.ClientId,
+                GetClaimsFromUserInfoEndpoint = true,
+            };
+
+            if (withCredentialDescription)
+            {
+                CredentialDescription credentialDescription = new()
+                {
+                    SourceType = CredentialSource.ClientSecret,
+                    ClientSecret = TestConstants.ClientSecret
+                };
+
+                mergedOptions.ClientCredentials = new CredentialDescription[] { credentialDescription };
+            }
+            else
+            {
+                mergedOptions.ClientSecret = TestConstants.ClientSecret;
+            }
+
+
+            // Act
+            MicrosoftIdentityWebAppAuthenticationBuilderExtensions.PopulateOpenIdOptionsFromMergedOptions(options, mergedOptions);
+
+            // Assert
+            Assert.Equal(options.Authority, mergedOptions.Authority);
+            Assert.Equal(options.ClientId, mergedOptions.ClientId);
+            Assert.Equal(options.GetClaimsFromUserInfoEndpoint, mergedOptions.GetClaimsFromUserInfoEndpoint);
+            if (withCredentialDescription)
+            {
+                Assert.Equal(options.ClientSecret, mergedOptions.ClientCredentials?.FirstOrDefault(c => c.CredentialType == CredentialType.Secret)?.ClientSecret);
+            }
+            else
+            {
+                Assert.Equal(options.ClientSecret, mergedOptions.ClientSecret);
+            }
+        }
+    }
+}