microsoft-authentication-library-for-dotnet/src/client/Microsoft.Identity.Lab.Api/LabInfra/KeyVaultSecrets.cs at 69656d5af0c0e46f19b7f56d7a3bf2679aa1959a · AzureAD/microsoft-authentication-library-for-dotnet · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.

namespace Microsoft.Identity.Test.LabInfrastructure
{
    /// <summary>
    /// Contains names of secrets stored in Azure Key Vault for lab configuration.
    /// These secrets contain JSON-serialized configuration objects for users, apps, and lab environments.
    /// </summary>
    public static class KeyVaultSecrets
    {
        /// <summary>
        /// Represents the configuration key for user public cloud settings.
        /// </summary>
        public const string UserPublicCloud = "User-PublicCloud-Config";
        /// <summary>
        /// Represents the configuration key for federated user settings.
        /// </summary>
        public const string UserFederated = "User-Federated-Config";
        /// <summary>
        /// Represents the configuration key for user public cloud settings (alternative).
        /// </summary>
        public const string UserPublicCloud2 = "MSAL-User-Default2-JSON";
        /// <summary>
        /// Represents the configuration key for user XCG settings.
        /// </summary>
        public const string UserXcg = "MSAL-User-XCG-JSON";
        /// <summary>
        /// Represents the configuration key for B2C user settings.
        /// </summary>
        public const string UserB2C = "MSAL-USER-B2C-JSON";
        /// <summary>
        /// Represents the configuration key for Arlington user settings.
        /// </summary>
        public const string UserArlington = "MSAL-USER-Arlington-JSON";
        /// <summary>
        /// Represents the configuration key for CIAM user settings.
        /// </summary>
        public const string UserCiam = "MSAL-USER-CIAM-JSON";
        /// <summary>
        /// Represents the configuration key for POP user settings.
        /// </summary>
        public const string UserPop = "MSAL-User-POP-JSON";

        // Names of key vault secrets for application configuration JSONs
        //  - Broad test scenarios
        /// <summary>
        /// application configuration for testing server-to-server (S2S) authentication scenarios, which may involve client credentials flow, certificate-based authentication, or other non-interactive authentication methods. This configuration would typically include details such as the application (client) ID, tenant ID, authority, and any necessary secrets or certificates required for S2S authentication.
        /// </summary>
        public const string AppS2S = "App-S2S-Config";
        /// <summary>
        /// Application configuration for testing scenarios involving the Microsoft Authentication Library (MSAL) in a client application context, which may include interactive user authentication flows, token acquisition, and API access. This configuration would typically include details such as the application (client) ID, tenant ID, authority, redirect URI, and any necessary secrets or certificates required for client application authentication and authorization scenarios.
        /// </summary>
        public const string AppPCAClient = "App-PCAClient-Config";
        /// <summary>
        /// Application configuration for ADFS native client testing scenarios. ADFS public client flows (ROPC, interactive)
        /// require a NativeClientApplication registration — ServerApplications reject them with MSIS9622.
        /// </summary>
        public const string AppAdfsNativeClient = "App-AdfsNativeClient-Config";
        /// <summary>
        /// Represents the configuration key for the application's Web API settings.
        /// </summary>
        public const string AppWebApi = "App-WebApi-Config";
        //  - More specific test scenarios, edge cases, etc.
        /// <summary>
        /// Represents the application identifier used for B2C test scenarios in the MSAL App B2C JSON configuration.
        /// </summary>
        public const string B2CAppIdLabsAppB2C = "MSAL-App-B2C-JSON";
        /// <summary>
        /// Represents the application identifier used for Arlington test scenarios in the MSAL App Arlington JSON configuration.
        /// </summary>
        public const string ArlAppIdLabsApp = "MSAL-App-Arlington-JSON";
        /// <summary>
        /// Represents the identifier for the MSAL App CIAM JSON configuration format.
        /// </summary>
        public const string MsalAppCiam = "MSAL-App-CIAM-JSON";
        /// <summary>
        /// multiple orgs app in public cloud, with regional authority. Used for testing regional authority discovery and token acquisition in multi-tenant scenarios.
        /// </summary>
        public const string MsalAppAzureAdMultipleOrgsRegional = "MSAL-APP-AzureADMultipleOrgsRegional-JSON";
        /// <summary>
        /// Multiple orgs app in public cloud (id4slab1 tenant). Used for client credentials and regional token acquisition tests.
        /// </summary>
        public const string MsalAppAzureAdMultipleOrgs = "MSAL-APP-AzureADMultipleOrgs-JSON";
        /// <summary>
        /// Regional app in id4slab1 tenant with SN+I claims (xms_idrel, xms_ds_cnf). Used for regional ESTS token acquisition tests.
        /// </summary>
        public const string MsalAppRegion = "MSAL-App-Region-JSON";
        /// <summary>
        /// Represents the application identifier used for Arlington CCA test scenarios in the MSAL App Arlington CCA JSON configuration.
        /// </summary>
        public const string MsalAppArlingtonCCA = "MSAL-App-ArlingtonCCA-JSON";

        /// <summary>
        /// OBO service app (MSAL-APP-TodoListService) in ID4SLAB1 tenant. Used for On-Behalf-Of flow integration tests
        /// with certificate-based authentication (LabAuth cert from msidlabs vault).
        /// </summary>
        public const string AppOBOService = "MSAL-APP-TodoListService-JSON";
        /// <summary>
        /// OBO public client app (MSAL-APP-TodoListClient) in ID4SLAB1 tenant. Used as the public client
        /// that acquires user tokens for On-Behalf-Of flow integration tests.
        /// </summary>
        public const string AppOBOClient = "MSAL-APP-TodoListClient-JSON";

        // Name of key vault secrets for app secrets and certificates
        /// <summary>
        /// default secret value used for testing application authentication scenarios that require a client secret. This secret is typically associated with a test application registered in Azure Active Directory and is used to validate authentication flows that involve client credentials or other secret-based authentication methods.
        /// </summary>
        public const string DefaultAppSecret = "MSAL-App-Default";
    }
}