Skip to content

Commit

Permalink
Process composite OBO tokens (#2221)
Browse files Browse the repository at this point in the history 
* Investigation (to understand requirements)

* Updating comments

* Remove assertion and sub_assertion from
extra query parameters.
  • Loading branch information
@jmprieur
jmprieur authored May 3, 2023
1 parent 7fb9638 commit 6ef91da
Showing 1 changed file with 20 additions and 1 deletion.
21 changes: 20 additions & 1 deletion src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -715,9 +715,28 @@ private IConfidentialClientApplication BuildConfidentialClientApplication(Merged
if (tokenAcquisitionOptions != null)
{
var dict = MergeExtraQueryParameters(mergedOptions, tokenAcquisitionOptions);

if (dict != null)
{
const string assertionConstant = "assertion";
const string subAssertionConstant = "sub_assertion";

// Special case when the OBO inbound token is composite (for instance PFT)
if (dict.ContainsKey(assertionConstant) && dict.ContainsKey(subAssertionConstant))
{
builder.OnBeforeTokenRequest((data) =>
{
// Replace the assertion and adds sub_assertion with the values from the extra query parameters
data.BodyParameters[assertionConstant] = dict[assertionConstant];
data.BodyParameters.Add(subAssertionConstant, dict[subAssertionConstant]);
return Task.CompletedTask;
});

// Remove the assertion and sub_assertion from the extra query parameters
// as they are already handled as body parameters.
dict.Remove(assertionConstant);
dict.Remove(subAssertionConstant);
}

builder.WithExtraQueryParameters(dict);
}
if (tokenAcquisitionOptions.ExtraHeadersParameters != null)
Expand Down

0 comments on commit 6ef91da

Please sign in to comment.