@@ -19,13 +19,13 @@ public class Agentic
1919 const string TenantId = "31a58c3b-ae9c-4448-9e8f-e9e143e800df" ;
2020 const string AgentIdentity = "d84da24a-2ea2-42b8-b5ab-8637ec208024" ;
2121 const string UserUpn = "aui1@msidlabtoint.onmicrosoft.com" ;
22+ private const string TokenExchangeUrl = "api://AzureADTokenExchange/.default" ;
2223
2324 [ TestMethod ]
2425 public async Task AgentUserIdentityGetsTokenForGraphTest ( )
2526 {
2627 await AgentUserIdentityGetsTokenForGraphAsync ( ) . ConfigureAwait ( false ) ;
2728 await AgentUserIdentityGetsTokenForGraphAsync ( ) . ConfigureAwait ( false ) ;
28-
2929 }
3030
3131 [ TestMethod ]
@@ -42,10 +42,10 @@ private static async Task AgentGetsAppTokenForGraph()
4242 . WithAuthority ( "https://login.microsoftonline.com/" , TenantId )
4343 . WithCacheOptions ( CacheOptions . EnableSharedCacheOptions )
4444 . WithExperimentalFeatures ( true )
45- . WithClientAssertion ( ( AssertionRequestOptions _ ) => GetAppCredential ( ) )
45+ . WithClientAssertion ( ( AssertionRequestOptions _ ) => GetAppCredentialAsync ( AgentIdentity ) )
4646 . Build ( ) ;
4747
48- var result = await cca . AcquireTokenForClient ( [ "https://graph.microsoft.com/.default" ] )
48+ var result = await cca . AcquireTokenForClient ( [ "https://graph.microsoft.com/.default" ] )
4949 . ExecuteAsync ( )
5050 . ConfigureAwait ( false ) ;
5151
@@ -60,7 +60,7 @@ private static async Task AgentUserIdentityGetsTokenForGraphAsync()
6060 . WithCacheOptions ( CacheOptions . EnableSharedCacheOptions )
6161 . WithExperimentalFeatures ( true )
6262 . WithExtraQueryParameters ( "slice=first" )
63- . WithClientAssertion ( ( AssertionRequestOptions _ ) => GetAppCredential ( ) )
63+ . WithClientAssertion ( ( AssertionRequestOptions _ ) => GetAppCredentialAsync ( AgentIdentity ) )
6464 . Build ( ) ;
6565
6666 var result = await ( cca as IByUsernameAndPassword ) . AcquireTokenByUsernamePassword ( [ "https://graph.microsoft.com/.default" ] , UserUpn , "no_password" )
@@ -89,8 +89,9 @@ private static async Task AgentUserIdentityGetsTokenForGraphAsync()
8989 . ConfigureAwait ( false ) ;
9090 }
9191
92- private static async Task < string > GetAppCredential ( )
92+ private static async Task < string > GetAppCredentialAsync ( string fmiPath )
9393 {
94+ Assert . IsNotNull ( fmiPath , "fmiPath cannot be null" ) ;
9495 X509Certificate2 cert = CertificateHelper . FindCertificateByName ( TestConstants . AutomationTestCertName ) ;
9596
9697 var cca1 = ConfidentialClientApplicationBuilder
@@ -101,8 +102,8 @@ private static async Task<string> GetAppCredential()
101102 . WithCertificate ( cert , sendX5C : true ) //sendX5c enables SN+I auth which is required for FMI flows
102103 . Build ( ) ;
103104
104- var result = await cca1 . AcquireTokenForClient ( [ "api://AzureADTokenExchange/.default" ] )
105- . WithFmiPath ( AgentIdentity )
105+ var result = await cca1 . AcquireTokenForClient ( [ TokenExchangeUrl ] )
106+ . WithFmiPath ( fmiPath )
106107 . ExecuteAsync ( )
107108 . ConfigureAwait ( false ) ;
108109
@@ -118,10 +119,15 @@ private static async Task<string> GetUserFic()
118119 . WithAuthority ( "https://login.microsoftonline.com/" , TenantId )
119120 . WithExperimentalFeatures ( true )
120121 . WithCacheOptions ( CacheOptions . EnableSharedCacheOptions )
121- . WithClientAssertion ( ( AssertionRequestOptions _ ) => GetAppCredential ( ) )
122+ . WithClientAssertion ( async ( AssertionRequestOptions a ) =>
123+ {
124+ Assert . AreEqual ( AgentIdentity , a . ClientAssertionFmiPath ) ;
125+ var cred = await GetAppCredentialAsync ( a . ClientAssertionFmiPath ) . ConfigureAwait ( false ) ;
126+ return cred ;
127+ } )
122128 . Build ( ) ;
123129
124- var result = await cca1 . AcquireTokenForClient ( [ "api://AzureADTokenExchange/.default" ] )
130+ var result = await cca1 . AcquireTokenForClient ( [ TokenExchangeUrl ] )
125131 . WithFmiPathForClientAssertion ( AgentIdentity )
126132 . ExecuteAsync ( ) . ConfigureAwait ( false ) ;
127133
0 commit comments