Adding authentication extension api to enable the extending of MSAL (#4859)

* Initial commit

* Updating Core logic for CDT

* Updates

* Refactoring CdtAuthScheme
Adding unit tests

* Adding cache test case

* Resolving issues

* Update

* Adding api to enable additional caching parameters

* clean up

* Clean up, Refactoring, Updating tests

* Fixing test issue

* Resolving build issue

* Test fix

* Refactoring CDT logic to make it extensible

* hooking up addin

* Adding support for arrays and objects

* Hooking up Additional cache param logic

* Clean up
fix test

* Adding integration test

* Fixing tests

* Ignoring test

* Resolving build error

* Making constraints an array

* Updating CDT format

* Moving CDT implementation to new project.

* clean up

* Moving cdt implementation to new project. Removing MSAL internal dependencies

* Setting tokenType to internal

* Resolving build issues

* Refactoring CdtAuthScheme to use wilson

* Resolving build errors

* Revert "Resolving build errors"

This reverts commit 68a8922.

* Fixing error

* Revert "Fixing error"

This reverts commit 75e9955.

* Revert "Revert "Resolving build errors""

This reverts commit 3fba7ba.

* Revert "Resolving build errors"

This reverts commit 68a8922.

* Renaming authentication extension apis

* Removing CDT

* Ignoring failing test

* Revert "Removing CDT"

This reverts commit 54fb683.

* Updating naming

* Revert "Revert "Removing CDT""

This reverts commit fba6bd9.

* Update Microsoft.Identity.Client.csproj

* Revert "Revert "Revert "Removing CDT"""

This reverts commit 2a96823.

* Revert "Revert "Revert "Revert "Removing CDT""""

This reverts commit ab14305.

* Refactoring.
Clean up.
Removing CDT

* Additional test cases

* Clean up

* Refactoring
clean up

* Enabling CdtTelemetry

* Renaming

* TestFix

* Apply suggestions from code review

Co-authored-by: Ray Luo <[email protected]>
Co-authored-by: Gladwin Johnson <[email protected]>

* Adding test

* Fixing test issue

---------

Co-authored-by: trwalke <[email protected]>
Co-authored-by: Ray Luo <[email protected]>
Co-authored-by: Gladwin Johnson <[email protected]>

Author: 4 people

src/client/Microsoft.Identity.Client/ApiConfig/AbstractAcquireTokenParameterBuilder.cs

@@ -334,9 +334,10 @@ public T WithB2CAuthority(string authorityUri)
             return this as T;
         }
 
-        internal /* for testing */ T WithAuthenticationScheme(IAuthenticationScheme scheme)
+        internal /* for testing */ T WithAuthenticationOperation(IAuthenticationOperation authOperation)
         {
-            CommonParameters.AuthenticationScheme = scheme ?? throw new ArgumentNullException(nameof(scheme));
+            ValidateUseOfExperimentalFeature();
+            CommonParameters.AuthenticationOperation = authOperation ?? throw new ArgumentNullException(nameof(authOperation));
             return this as T;
         }
     }

src/client/Microsoft.Identity.Client/ApiConfig/AbstractConfidentialClientAcquireTokenParameterBuilder.cs

@@ -2,9 +2,12 @@
 // Licensed under the MIT License.
 
 using System;
+using System.Collections.Generic;
 using System.ComponentModel;
+using System.Security.Cryptography.X509Certificates;
 using System.Threading;
 using System.Threading.Tasks;
+using Microsoft.Identity.Client.ApiConfig;
 using Microsoft.Identity.Client.ApiConfig.Executors;
 using Microsoft.Identity.Client.AppConfig;
 using Microsoft.Identity.Client.AuthScheme.PoP;
@@ -82,7 +85,7 @@ public T WithProofOfPossession(PoPAuthenticationConfiguration popAuthenticationC
 
             CommonParameters.PopAuthenticationConfiguration = popAuthenticationConfiguration ?? throw new ArgumentNullException(nameof(popAuthenticationConfiguration));
 
-            CommonParameters.AuthenticationScheme = new PopAuthenticationScheme(CommonParameters.PopAuthenticationConfiguration, ServiceBundle);
+            CommonParameters.AuthenticationOperation = new PopAuthenticationOperation(CommonParameters.PopAuthenticationConfiguration, ServiceBundle);
 
             return this as T;
         }

src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenByUsernamePasswordParameterBuilder.cs

@@ -102,7 +102,7 @@ public AcquireTokenByUsernamePasswordParameterBuilder WithProofOfPossession(stri
             popConfig.HttpMethod = httpMethod;
 
             CommonParameters.PopAuthenticationConfiguration = popConfig;
-            CommonParameters.AuthenticationScheme = new PopBrokerAuthenticationScheme();
+            CommonParameters.AuthenticationOperation = new PopBrokerAuthenticationOperation();
 
             return this;
         }

src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenInteractiveParameterBuilder.cs

@@ -384,7 +384,7 @@ public AcquireTokenInteractiveParameterBuilder WithProofOfPossession(string nonc
             popConfig.HttpMethod = httpMethod;
 
             CommonParameters.PopAuthenticationConfiguration = popConfig;
-            CommonParameters.AuthenticationScheme = new PopBrokerAuthenticationScheme();
+            CommonParameters.AuthenticationOperation = new PopBrokerAuthenticationOperation();
 
             return this;
         }

src/client/Microsoft.Identity.Client/ApiConfig/AcquireTokenSilentParameterBuilder.cs

@@ -169,7 +169,7 @@ public AcquireTokenSilentParameterBuilder WithProofOfPossession(PoPAuthenticatio
 
             CommonParameters.PopAuthenticationConfiguration = popAuthenticationConfiguration ?? throw new ArgumentNullException(nameof(popAuthenticationConfiguration));
 
-            CommonParameters.AuthenticationScheme = new PopAuthenticationScheme(CommonParameters.PopAuthenticationConfiguration, ServiceBundle);
+            CommonParameters.AuthenticationOperation = new PopAuthenticationOperation(CommonParameters.PopAuthenticationConfiguration, ServiceBundle);
 
             return this;
         }
@@ -232,20 +232,20 @@ public AcquireTokenSilentParameterBuilder WithProofOfPossession(string nonce, Ht
             popConfig.HttpMethod = httpMethod ?? throw new ArgumentNullException(nameof(httpMethod));
             popConfig.Nonce = nonce;
 
-            IAuthenticationScheme authenticationScheme;
+            IAuthenticationOperation authenticationScheme;
 
             //POP Auth scheme should not wrap and sign token when broker is enabled for public clients
             if (ServiceBundle.Config.IsBrokerEnabled)
             {
                 popConfig.SignHttpRequest = false;
-                authenticationScheme = new PopBrokerAuthenticationScheme();
+                authenticationScheme = new PopBrokerAuthenticationOperation();
             }
             else
             {
-                authenticationScheme = new PopAuthenticationScheme(popConfig, ServiceBundle);
+                authenticationScheme = new PopAuthenticationOperation(popConfig, ServiceBundle);
             }
             CommonParameters.PopAuthenticationConfiguration = popConfig;
-            CommonParameters.AuthenticationScheme = authenticationScheme;
+            CommonParameters.AuthenticationOperation = authenticationScheme;
 
             return this;
         }

src/client/Microsoft.Identity.Client/ApiConfig/Parameters/AcquireTokenCommonParameters.cs

@@ -24,7 +24,7 @@ internal class AcquireTokenCommonParameters
         public IDictionary<string, string> ExtraQueryParameters { get; set; }
         public string Claims { get; set; }
         public AuthorityInfo AuthorityOverride { get; set; }
-        public IAuthenticationScheme AuthenticationScheme { get; set; } = new BearerAuthenticationScheme();
+        public IAuthenticationOperation AuthenticationOperation { get; set; } = new BearerAuthenticationOperation();
         public IDictionary<string, string> ExtraHttpHeaders { get; set; }
         public PoPAuthenticationConfiguration PopAuthenticationConfiguration { get; set; }
         public Func<OnBeforeTokenRequestData, Task> OnBeforeTokenRequestHandler { get; internal set; }

src/client/Microsoft.Identity.Client/AuthScheme/AuthSchemeHelper.cs

@@ -19,15 +19,15 @@ public static bool StoreTokenTypeInCacheKey(string tokenType)
         {
             if (string.Equals(
                 tokenType,
-                BearerAuthenticationScheme.BearerTokenType,
+                BearerAuthenticationOperation.BearerTokenType,
                 StringComparison.OrdinalIgnoreCase))
             {
                 return false;
             }
 
             if (string.Equals(
                 tokenType,
-                SSHCertAuthenticationScheme.SSHCertTokenType,
+                SSHCertAuthenticationOperation.SSHCertTokenType,
                 StringComparison.OrdinalIgnoreCase))
             {
                 return false;

src/client/Microsoft.Identity.Client/AuthScheme/Bearer/BearerAuthenticationScheme.cs renamed to src/client/Microsoft.Identity.Client/AuthScheme/Bearer/BearerAuthenticationOperation.cs

@@ -7,21 +7,21 @@
 
 namespace Microsoft.Identity.Client.AuthScheme.Bearer
 {
-    internal class BearerAuthenticationScheme : IAuthenticationScheme
+    internal class BearerAuthenticationOperation : IAuthenticationOperation
     {
         internal const string BearerTokenType = "bearer";
 
-        public TokenType TelemetryTokenType => TokenType.Bearer;
+        public int TelemetryTokenType => (int)TokenType.Bearer;
 
         public string AuthorizationHeaderPrefix => "Bearer";
 
         public string AccessTokenType => BearerTokenType;
 
         public string KeyId => null;
 
-        public string FormatAccessToken(MsalAccessTokenCacheItem msalAccessTokenCacheItem)
+        public void FormatResult(AuthenticationResult authenticationResult)
         {
-            return msalAccessTokenCacheItem.Secret;
+            // no-op
         }
 
         public IReadOnlyDictionary<string, string> GetTokenRequestParams()

src/client/Microsoft.Identity.Client/AuthScheme/IAuthenticationScheme.cs renamed to src/client/Microsoft.Identity.Client/AuthScheme/IAuthenticationOperation.cs

@@ -9,12 +9,28 @@ namespace Microsoft.Identity.Client.AuthScheme
     /// <summary>
     /// Used to modify the experience depending on the type of token asked. 
     /// </summary>
-    internal interface IAuthenticationScheme
+    public interface IAuthenticationOperation
     {
         /// <summary>
-        /// Value to log to telemetry to indicate pop usage.
+        /// Value to log to telemetry
+        /// Values available:
+        /// 
+        /// Bearer token type.
+        /// Bearer = 1
+        /// 
+        /// Pop token type.
+        /// Pop = 2,
+        ///
+        /// Ssh-cert token type.
+        /// SshCert = 3,
+        ///
+        /// External token type.
+        /// External = 4,
+        ///
+        /// Extension token type.
+        /// Extension = 5
         /// </summary>
-        TokenType TelemetryTokenType { get; }
+        int TelemetryTokenType { get; }
 
         /// <summary>
         /// Prefix for the HTTP header that has the token. E.g. "Bearer" or "POP"
@@ -37,7 +53,7 @@ internal interface IAuthenticationScheme
         /// <summary>
         /// Creates the access token that goes into an Authorization HTTP header. 
         /// </summary>
-        string FormatAccessToken(MsalAccessTokenCacheItem msalAccessTokenCacheItem);
+        void FormatResult(AuthenticationResult authenticationResult);
 
         /// <summary>
         /// Expected to match the token_type parameter returned by ESTS. Used to disambiguate

src/client/Microsoft.Identity.Client/AuthScheme/PoP/InMemoryCryptoProvider.cs

@@ -3,12 +3,10 @@
 
 using System;
 using System.Security.Cryptography;
-using Microsoft.Identity.Client.AuthScheme.PoP;
 using Microsoft.Identity.Client.Utils;
 
 namespace Microsoft.Identity.Client.AuthScheme.PoP
 {
-
     /// <summary>
     /// The default implementation will store a key in memory    
     /// </summary>