Skip to content

Commit 04e8ab9

Browse files
armin-azariarekk
authored andcommitted
Removing try-catch block to allow the exception propagate naturally
1 parent 5649a1b commit 04e8ab9

1 file changed

Lines changed: 122 additions & 130 deletions

File tree

src/Microsoft.Identity.Web.TokenAcquisition/TokenAcquisition.cs

Lines changed: 122 additions & 130 deletions
Original file line numberDiff line numberDiff line change
@@ -1272,168 +1272,160 @@ private void NotifyCertificateSelection(
12721272
MergedOptions mergedOptions,
12731273
ClaimsPrincipal? userHint)
12741274
{
1275-
try
1276-
{
1277-
// In web API, validatedToken will not be null
1278-
SecurityToken? validatedToken = userHint?.GetBootstrapToken() ?? _tokenAcquisitionHost.GetTokenUsedToCallWebAPI();
1275+
// In web API, validatedToken will not be null
1276+
SecurityToken? validatedToken = userHint?.GetBootstrapToken() ?? _tokenAcquisitionHost.GetTokenUsedToCallWebAPI();
12791277

1280-
// In the case the token is a JWE (encrypted token), we use the decrypted token.
1281-
string? tokenUsedToCallTheWebApi = GetActualToken(validatedToken);
1282-
string? originalTokenToCallWebApi = tokenUsedToCallTheWebApi;
1278+
// In the case the token is a JWE (encrypted token), we use the decrypted token.
1279+
string? tokenUsedToCallTheWebApi = GetActualToken(validatedToken);
1280+
string? originalTokenToCallWebApi = tokenUsedToCallTheWebApi;
12831281

1284-
AcquireTokenOnBehalfOfParameterBuilder? builder = null;
1285-
TokenAcquisitionExtensionOptions? addInOptions = tokenAcquisitionExtensionOptionsMonitor?.CurrentValue;
1282+
AcquireTokenOnBehalfOfParameterBuilder? builder = null;
1283+
TokenAcquisitionExtensionOptions? addInOptions = tokenAcquisitionExtensionOptionsMonitor?.CurrentValue;
12861284

1287-
// Case of web APIs: we need to do an on-behalf-of flow, with the token used to call the API
1288-
if (tokenUsedToCallTheWebApi != null)
1285+
// Case of web APIs: we need to do an on-behalf-of flow, with the token used to call the API
1286+
if (tokenUsedToCallTheWebApi != null)
1287+
{
1288+
if (addInOptions != null && addInOptions.InvokeOnBeforeOnBehalfOfInitializedAsync != null)
12891289
{
1290-
if (addInOptions != null && addInOptions.InvokeOnBeforeOnBehalfOfInitializedAsync != null)
1290+
var oboInitEventArgs = new OnBehalfOfEventArgs
12911291
{
1292-
var oboInitEventArgs = new OnBehalfOfEventArgs
1293-
{
1294-
UserAssertionToken = tokenUsedToCallTheWebApi,
1295-
User = userHint
1296-
};
1297-
await addInOptions.InvokeOnBeforeOnBehalfOfInitializedAsync(oboInitEventArgs).ConfigureAwait(false);
1298-
1299-
if (oboInitEventArgs.UserAssertionToken != null)
1300-
{
1301-
tokenUsedToCallTheWebApi = oboInitEventArgs.UserAssertionToken;
1302-
}
1303-
}
1292+
UserAssertionToken = tokenUsedToCallTheWebApi,
1293+
User = userHint
1294+
};
1295+
await addInOptions.InvokeOnBeforeOnBehalfOfInitializedAsync(oboInitEventArgs).ConfigureAwait(false);
13041296

1305-
if (string.IsNullOrEmpty(tokenAcquisitionOptions?.LongRunningWebApiSessionKey))
1297+
if (oboInitEventArgs.UserAssertionToken != null)
13061298
{
1307-
builder = application
1308-
.AcquireTokenOnBehalfOf(
1309-
scopes.Except(_scopesRequestedByMsal),
1310-
new UserAssertion(tokenUsedToCallTheWebApi));
1299+
tokenUsedToCallTheWebApi = oboInitEventArgs.UserAssertionToken;
13111300
}
1312-
else
1313-
{
1314-
string? sessionKey = tokenAcquisitionOptions!.LongRunningWebApiSessionKey;
1315-
if (sessionKey == Abstractions.AcquireTokenOptions.LongRunningWebApiSessionKeyAuto)
1316-
{
1317-
sessionKey = null;
1318-
}
1301+
}
13191302

1320-
builder = (application as ILongRunningWebApi)?
1321-
.InitiateLongRunningProcessInWebApi(
1322-
scopes.Except(_scopesRequestedByMsal),
1323-
tokenUsedToCallTheWebApi,
1324-
ref sessionKey);
1325-
tokenAcquisitionOptions.LongRunningWebApiSessionKey = sessionKey;
1326-
}
1303+
if (string.IsNullOrEmpty(tokenAcquisitionOptions?.LongRunningWebApiSessionKey))
1304+
{
1305+
builder = application
1306+
.AcquireTokenOnBehalfOf(
1307+
scopes.Except(_scopesRequestedByMsal),
1308+
new UserAssertion(tokenUsedToCallTheWebApi));
13271309
}
1328-
else if (!string.IsNullOrEmpty(tokenAcquisitionOptions?.LongRunningWebApiSessionKey))
1310+
else
13291311
{
1330-
string sessionKey = tokenAcquisitionOptions!.LongRunningWebApiSessionKey!;
1312+
string? sessionKey = tokenAcquisitionOptions!.LongRunningWebApiSessionKey;
1313+
if (sessionKey == Abstractions.AcquireTokenOptions.LongRunningWebApiSessionKeyAuto)
1314+
{
1315+
sessionKey = null;
1316+
}
1317+
13311318
builder = (application as ILongRunningWebApi)?
1332-
.AcquireTokenInLongRunningProcess(
1319+
.InitiateLongRunningProcessInWebApi(
13331320
scopes.Except(_scopesRequestedByMsal),
1334-
sessionKey);
1321+
tokenUsedToCallTheWebApi,
1322+
ref sessionKey);
1323+
tokenAcquisitionOptions.LongRunningWebApiSessionKey = sessionKey;
13351324
}
1325+
}
1326+
else if (!string.IsNullOrEmpty(tokenAcquisitionOptions?.LongRunningWebApiSessionKey))
1327+
{
1328+
string sessionKey = tokenAcquisitionOptions!.LongRunningWebApiSessionKey!;
1329+
builder = (application as ILongRunningWebApi)?
1330+
.AcquireTokenInLongRunningProcess(
1331+
scopes.Except(_scopesRequestedByMsal),
1332+
sessionKey);
1333+
}
13361334

1337-
if (builder != null)
1338-
{
1339-
builder.WithSendX5C(mergedOptions.SendX5C);
1335+
if (builder != null)
1336+
{
1337+
builder.WithSendX5C(mergedOptions.SendX5C);
13401338

1341-
ClaimsPrincipal? userForCcsRouting = _tokenAcquisitionHost.GetUserFromRequest();
1342-
var userTenant = string.Empty;
1343-
if (userForCcsRouting != null)
1344-
{
1345-
userTenant = userForCcsRouting.GetTenantId();
1346-
builder.WithCcsRoutingHint(userForCcsRouting.GetObjectId(), userTenant);
1347-
}
1348-
if (!string.IsNullOrEmpty(tenantId))
1339+
ClaimsPrincipal? userForCcsRouting = _tokenAcquisitionHost.GetUserFromRequest();
1340+
var userTenant = string.Empty;
1341+
if (userForCcsRouting != null)
1342+
{
1343+
userTenant = userForCcsRouting.GetTenantId();
1344+
builder.WithCcsRoutingHint(userForCcsRouting.GetObjectId(), userTenant);
1345+
}
1346+
if (!string.IsNullOrEmpty(tenantId))
1347+
{
1348+
builder.WithTenantId(tenantId);
1349+
}
1350+
else
1351+
{
1352+
if (!string.IsNullOrEmpty(userTenant))
13491353
{
1350-
builder.WithTenantId(tenantId);
1354+
builder.WithTenantId(userTenant);
13511355
}
1352-
else
1356+
}
1357+
if (tokenAcquisitionOptions != null)
1358+
{
1359+
if (addInOptions != null && addInOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync != null)
13531360
{
1354-
if (!string.IsNullOrEmpty(userTenant))
1361+
var eventArgs = new OnBehalfOfEventArgs
13551362
{
1356-
builder.WithTenantId(userTenant);
1357-
}
1363+
User = userHint,
1364+
UserAssertionToken = originalTokenToCallWebApi
1365+
};
1366+
1367+
await addInOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync(builder, tokenAcquisitionOptions, eventArgs).ConfigureAwait(false);
13581368
}
1359-
if (tokenAcquisitionOptions != null)
1360-
{
1361-
if (addInOptions != null && addInOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync != null)
1362-
{
1363-
var eventArgs = new OnBehalfOfEventArgs
1364-
{
1365-
User = userHint,
1366-
UserAssertionToken = originalTokenToCallWebApi
1367-
};
13681369

1369-
await addInOptions.InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync(builder, tokenAcquisitionOptions, eventArgs).ConfigureAwait(false);
1370-
}
1370+
AddFmiPathForSignedAssertionIfNeeded(tokenAcquisitionOptions, builder);
13711371

1372-
AddFmiPathForSignedAssertionIfNeeded(tokenAcquisitionOptions, builder);
1372+
var dict = MergeExtraQueryParameters(mergedOptions, tokenAcquisitionOptions);
1373+
if (dict != null)
1374+
{
1375+
const string assertionConstant = "assertion";
1376+
const string subAssertionConstant = "sub_assertion";
13731377

1374-
var dict = MergeExtraQueryParameters(mergedOptions, tokenAcquisitionOptions);
1375-
if (dict != null)
1378+
// Special case when the OBO inbound token is composite (for instance PFT)
1379+
if (dict.ContainsKey(assertionConstant) && dict.ContainsKey(subAssertionConstant))
13761380
{
1377-
const string assertionConstant = "assertion";
1378-
const string subAssertionConstant = "sub_assertion";
1379-
1380-
// Special case when the OBO inbound token is composite (for instance PFT)
1381-
if (dict.ContainsKey(assertionConstant) && dict.ContainsKey(subAssertionConstant))
1382-
{
1383-
string assertion = dict[assertionConstant].value;
1384-
string subAssertion = dict[subAssertionConstant].value;
1381+
string assertion = dict[assertionConstant].value;
1382+
string subAssertion = dict[subAssertionConstant].value;
13851383

1386-
// Check assertion and sub_assertion passed from merging extra query parameters to ensure they do not contain unsupported character(s).
1387-
CheckAssertionsForInjectionAttempt(assertion, subAssertion);
1384+
// Check assertion and sub_assertion passed from merging extra query parameters to ensure they do not contain unsupported character(s).
1385+
CheckAssertionsForInjectionAttempt(assertion, subAssertion);
13881386

1389-
builder.OnBeforeTokenRequest((data) =>
1390-
{
1391-
// Replace the assertion and adds sub_assertion with the values from the extra query parameters
1392-
data.BodyParameters[assertionConstant] = assertion;
1393-
data.BodyParameters.Add(subAssertionConstant, subAssertion);
1394-
return Task.CompletedTask;
1395-
});
1396-
1397-
// Remove the assertion and sub_assertion from the extra query parameters
1398-
// as they are already handled as body parameters.
1399-
dict.Remove(assertionConstant);
1400-
dict.Remove(subAssertionConstant);
1401-
}
1402-
1403-
builder.WithExtraQueryParameters(dict);
1404-
}
1405-
if (tokenAcquisitionOptions.ExtraHeadersParameters != null)
1406-
{
1407-
builder.WithExtraHttpHeaders(tokenAcquisitionOptions.ExtraHeadersParameters);
1408-
}
1409-
if (tokenAcquisitionOptions.CorrelationId != null)
1410-
{
1411-
builder.WithCorrelationId(tokenAcquisitionOptions.CorrelationId.Value);
1412-
}
1413-
builder.WithForceRefresh(tokenAcquisitionOptions.ForceRefresh);
1414-
builder.WithClaims(tokenAcquisitionOptions.Claims);
1415-
var clientClaims = GetClientClaimsIfExist(tokenAcquisitionOptions);
1416-
if (clientClaims != null)
1417-
{
1418-
builder.WithExtraClientAssertionClaims(clientClaims);
1419-
}
1420-
if (tokenAcquisitionOptions.PoPConfiguration != null)
1421-
{
1422-
builder.WithSignedHttpRequestProofOfPossession(tokenAcquisitionOptions.PoPConfiguration);
1387+
builder.OnBeforeTokenRequest((data) =>
1388+
{
1389+
// Replace the assertion and adds sub_assertion with the values from the extra query parameters
1390+
data.BodyParameters[assertionConstant] = assertion;
1391+
data.BodyParameters.Add(subAssertionConstant, subAssertion);
1392+
return Task.CompletedTask;
1393+
});
1394+
1395+
// Remove the assertion and sub_assertion from the extra query parameters
1396+
// as they are already handled as body parameters.
1397+
dict.Remove(assertionConstant);
1398+
dict.Remove(subAssertionConstant);
14231399
}
1424-
}
14251400

1426-
return await builder.ExecuteAsync(tokenAcquisitionOptions != null ? tokenAcquisitionOptions.CancellationToken : CancellationToken.None)
1427-
.ConfigureAwait(false);
1401+
builder.WithExtraQueryParameters(dict);
1402+
}
1403+
if (tokenAcquisitionOptions.ExtraHeadersParameters != null)
1404+
{
1405+
builder.WithExtraHttpHeaders(tokenAcquisitionOptions.ExtraHeadersParameters);
1406+
}
1407+
if (tokenAcquisitionOptions.CorrelationId != null)
1408+
{
1409+
builder.WithCorrelationId(tokenAcquisitionOptions.CorrelationId.Value);
1410+
}
1411+
builder.WithForceRefresh(tokenAcquisitionOptions.ForceRefresh);
1412+
builder.WithClaims(tokenAcquisitionOptions.Claims);
1413+
var clientClaims = GetClientClaimsIfExist(tokenAcquisitionOptions);
1414+
if (clientClaims != null)
1415+
{
1416+
builder.WithExtraClientAssertionClaims(clientClaims);
1417+
}
1418+
if (tokenAcquisitionOptions.PoPConfiguration != null)
1419+
{
1420+
builder.WithSignedHttpRequestProofOfPossession(tokenAcquisitionOptions.PoPConfiguration);
1421+
}
14281422
}
14291423

1430-
return null;
1431-
}
1432-
catch (MsalUiRequiredException)
1433-
{
1434-
// MsalUiRequiredException is already logged by MSAL. Re-logging here would produce duplicates.
1435-
throw;
1424+
return await builder.ExecuteAsync(tokenAcquisitionOptions != null ? tokenAcquisitionOptions.CancellationToken : CancellationToken.None)
1425+
.ConfigureAwait(false);
14361426
}
1427+
1428+
return null;
14371429
}
14381430

14391431
/// <summary>

0 commit comments

Comments
 (0)