readd pop stuff and bring over relevant files from MS identity web that are now internal until this moves into MS identity web

Author: jennyf19

4.-Console-app-calls-web-API-with-PoP/Desktop-App-calls-Web-API-using-PoP.sln

@@ -12,7 +12,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
 		README.md = README.md
 	EndProjectSection
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Identity.Web.Future", "..\Microsoft.Identity.Web\Microsoft.Identity.Web.Future.csproj", "{F29C8FF6-5725-4C26-B0B4-682FCF218E6D}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Identity.Web.Future", "Microsoft.Identity.Web.Future\Microsoft.Identity.Web.Future.csproj", "{CBA23165-BA0B-469A-B3A4-3299989AAECD}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -28,10 +28,10 @@ Global
 		{443FB1A8-4F29-4D18-A4EB-23C3D764580C}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{443FB1A8-4F29-4D18-A4EB-23C3D764580C}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{443FB1A8-4F29-4D18-A4EB-23C3D764580C}.Release|Any CPU.Build.0 = Release|Any CPU
-		{F29C8FF6-5725-4C26-B0B4-682FCF218E6D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{F29C8FF6-5725-4C26-B0B4-682FCF218E6D}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{F29C8FF6-5725-4C26-B0B4-682FCF218E6D}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{F29C8FF6-5725-4C26-B0B4-682FCF218E6D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{CBA23165-BA0B-469A-B3A4-3299989AAECD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{CBA23165-BA0B-469A-B3A4-3299989AAECD}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{CBA23165-BA0B-469A-B3A4-3299989AAECD}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{CBA23165-BA0B-469A-B3A4-3299989AAECD}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

…ntity.Web/Resource/AadIssuerValidator.cs …dentity.Web.Future/AadIssuerValidator.csMicrosoft.Identity.Web/Resource/AadIssuerValidator.cs renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/AadIssuerValidator.cs Microsoft.Identity.Web/Resource/AadIssuerValidator.cs renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/AadIssuerValidator.cs

@@ -9,14 +9,14 @@
 using Microsoft.IdentityModel.JsonWebTokens;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Tokens;
-using Microsoft.Identity.Web.InstanceDiscovery;
+using Microsoft.Identity.Web.Future;
 
-namespace Microsoft.Identity.Web.Resource
+namespace Microsoft.Identity.Future
 {
     /// <summary>
     /// Generic class that validates token issuer from the provided Azure AD authority. Use the <see cref="AadIssuerValidatorFactory"/> to create instances of this class.
     /// </summary>
-    public class AadIssuerValidator
+    internal class AadIssuerValidator
     {
         private const string AzureADIssuerMetadataUrl = "https://login.microsoftonline.com/common/discovery/instance?authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize&api-version=1.1";
         private const string FallbackAuthority = "https://login.microsoftonline.com/";
@@ -71,6 +71,7 @@ public static AadIssuerValidator GetIssuerValidator(string aadAuthority)
                 var aliases = issuerMetadata.Metadata
                     .Where(m => m.Aliases.Any(a => string.Equals(a, authority, StringComparison.OrdinalIgnoreCase)))
                     .SelectMany(m => m.Aliases)
+                    .Append(authority) // For b2c scenarios, the alias will be the authorityHost itself
                     .Distinct();
                 s_issuerValidators[authority] = new AadIssuerValidator(aliases);
                 return s_issuerValidators[authority];
@@ -94,7 +95,7 @@ public static AadIssuerValidator GetIssuerValidator(string aadAuthority)
         /// <exception cref="SecurityTokenInvalidIssuerException">if the issuer </exception>
         public string Validate(string actualIssuer, SecurityToken securityToken, TokenValidationParameters validationParameters)
         {
-            if (String.IsNullOrEmpty(actualIssuer))
+            if (string.IsNullOrEmpty(actualIssuer))
                 throw new ArgumentNullException(nameof(actualIssuer));
 
             if (securityToken == null)
@@ -159,21 +160,43 @@ private static bool IsValidTidInLocalPath(string tenantId, Uri uri)
         /// <remarks>Only <see cref="JwtSecurityToken"/> and <see cref="JsonWebToken"/> are acceptable types.</remarks>
         private static string GetTenantIdFromToken(SecurityToken securityToken)
         {
+            string tid = "tid";
             if (securityToken is JwtSecurityToken jwtSecurityToken)
             {
-                if (jwtSecurityToken.Payload.TryGetValue(ClaimConstants.Tid, out object tenantId))
+                if (jwtSecurityToken.Payload.TryGetValue(tid, out object tenantId))
                     return tenantId as string;
+
+                // Since B2C doesn't have TID as default, get it from issuer
+                return GetTenantIdFromIss(jwtSecurityToken.Issuer);
             }
 
-            // brentsch - todo, TryGetPayloadValue is available in 5.5.0
             if (securityToken is JsonWebToken jsonWebToken)
             {
-                var tid = jsonWebToken.GetPayloadValue<string>(ClaimConstants.Tid);
-                if (tid != null)
-                    return tid;
+                jsonWebToken.TryGetPayloadValue(tid, out string tid2);
+                if (tid2 != null)
+                    return tid2;
+
+                // Since B2C doesn't have TID as default, get it from issuer
+                return GetTenantIdFromIss(jsonWebToken.Issuer);
+            }
+
+            return string.Empty;
+        }
+
+        // The AAD iss claims contains the tenantId in its value. The uri is {domain}/{tid}/v2.0
+        private static string GetTenantIdFromIss(string iss)
+        {
+            if (string.IsNullOrEmpty(iss))
+                return string.Empty;
+
+            var uri = new Uri(iss);
+
+            if (uri.Segments.Length > 1)
+            {
+                return uri.Segments[1].TrimEnd('/');
             }
 
             return string.Empty;
         }
     }
-}
+}

…iscovery/IssuerConfigurationRetriever.cs …b.Future/IssuerConfigurationRetriever.csMicrosoft.Identity.Web/InstanceDiscovery/IssuerConfigurationRetriever.cs renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/IssuerConfigurationRetriever.cs Microsoft.Identity.Web/InstanceDiscovery/IssuerConfigurationRetriever.cs renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/IssuerConfigurationRetriever.cs

@@ -7,7 +7,7 @@
 using Microsoft.IdentityModel.Protocols;
 using Newtonsoft.Json;
 
-namespace Microsoft.Identity.Web.InstanceDiscovery
+namespace Microsoft.Identity.Web.Future
 {
     /// <summary>
     /// An implementation of IConfigurationRetriever geared towards Azure AD issuers metadata />

….Web/InstanceDiscovery/IssuerMetadata.cs …ft.Identity.Web.Future/IssuerMetadata.csMicrosoft.Identity.Web/InstanceDiscovery/IssuerMetadata.cs renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/IssuerMetadata.cs Microsoft.Identity.Web/InstanceDiscovery/IssuerMetadata.cs renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/IssuerMetadata.cs

@@ -4,7 +4,7 @@
 using System.Collections.Generic;
 using Newtonsoft.Json;
 
-namespace Microsoft.Identity.Web.InstanceDiscovery
+namespace Microsoft.Identity.Web.Future
 {
     /// <summary>
     /// Model class to hold information parsed from the Azure AD issuer endpoint

…entity.Web/InstanceDiscovery/Metadata.cs …icrosoft.Identity.Web.Future/Metadata.csMicrosoft.Identity.Web/InstanceDiscovery/Metadata.cs renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/Metadata.cs Microsoft.Identity.Web/InstanceDiscovery/Metadata.cs renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/Metadata.cs

@@ -4,7 +4,7 @@
 using System.Collections.Generic;
 using Newtonsoft.Json;
 
-namespace Microsoft.Identity.Web.InstanceDiscovery
+namespace Microsoft.Identity.Web.Future
 {
     /// <summary>
     /// Model child class to hold alias information parsed from the Azure AD issuer endpoint.

…Web/Microsoft.Identity.Web.Future.csproj …ure/Microsoft.Identity.Web.Future.csprojMicrosoft.Identity.Web/Microsoft.Identity.Web.Future.csproj renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/Microsoft.Identity.Web.Future.csproj Microsoft.Identity.Web/Microsoft.Identity.Web.Future.csproj renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/Microsoft.Identity.Web.Future.csproj

@@ -2,7 +2,7 @@
   <PropertyGroup>
 
     <!--This should be passed from the VSTS build-->
-    <ClientSemVer Condition="'$(ClientSemVer)' == ''">1.0.0-localbuild</ClientSemVer>
+    <ClientSemVer Condition="'$(ClientSemVer)' == ''">1.0.0-preview</ClientSemVer>
     <!--This will generate AssemblyVersion, AssemblyFileVersion and AssemblyInformationVersion-->
     <Version>$(ClientSemVer)</Version>
 
@@ -26,34 +26,6 @@
     <SymbolPackageFormat>snupkg</SymbolPackageFormat>
   </PropertyGroup>
 
-  <ItemGroup>
-    <Compile Remove="InstanceDiscovery\**" />
-    <Compile Remove="Resource\**" />
-    <Compile Remove="TokenCacheProviders\**" />
-    <EmbeddedResource Remove="InstanceDiscovery\**" />
-    <EmbeddedResource Remove="Resource\**" />
-    <EmbeddedResource Remove="TokenCacheProviders\**" />
-    <None Remove="InstanceDiscovery\**" />
-    <None Remove="Resource\**" />
-    <None Remove="TokenCacheProviders\**" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <Compile Remove="AccountExtensions.cs" />
-    <Compile Remove="AuthorizeForScopesAttribute.cs" />
-    <Compile Remove="ClaimConstants.cs" />
-    <Compile Remove="ClaimsPrincipalExtensions.cs" />
-    <Compile Remove="ClaimsPrincipalFactory.cs" />
-    <Compile Remove="Extensions.cs" />
-    <Compile Remove="HttpContextExtensions.cs" />
-    <Compile Remove="InternalsVisibleTo.cs" />
-    <Compile Remove="ITokenAcquisition.cs" />
-    <Compile Remove="OidcConstants.cs" />
-    <Compile Remove="ServiceCollectionExtensions.cs" />
-    <Compile Remove="TokenAcquisition.cs" />
-    <Compile Remove="WebAppServiceCollectionExtensions.cs" />
-  </ItemGroup>
-
   <ItemGroup>
     <None Remove="NuGet.Config" />
     <None Remove="README.md" />
@@ -79,10 +51,6 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="3.1.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureADB2C.UI" Version="3.1.0" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="3.1.3" />
-    <PackageReference Include="Microsoft.Identity.Client" Version="4.11.0" />
     <PackageReference Include="Microsoft.Identity.Web" Version="0.1.0-preview" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.SignedHttpRequest" Version="6.5.0" />
     <PackageReference Include="System.Collections" Version="4.3.0" />

4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/Microsoft.Identity.Web.Future.sln

@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29911.84
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Microsoft.Identity.Web.Future", "Microsoft.Identity.Web.Future.csproj", "{11CCC8C7-5E85-457D-ADD4-AA03E40A9AAC}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{11CCC8C7-5E85-457D-ADD4-AA03E40A9AAC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{11CCC8C7-5E85-457D-ADD4-AA03E40A9AAC}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{11CCC8C7-5E85-457D-ADD4-AA03E40A9AAC}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{11CCC8C7-5E85-457D-ADD4-AA03E40A9AAC}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {E7B6C459-1C2D-49FB-9B76-E94D243D586A}
+	EndGlobalSection
+EndGlobal

…ntity.Web/Microsoft.Identity.Web.ruleset …eb.Future/Microsoft.Identity.Web.rulesetMicrosoft.Identity.Web/Microsoft.Identity.Web.ruleset renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/Microsoft.Identity.Web.ruleset Microsoft.Identity.Web/Microsoft.Identity.Web.ruleset renamed to 4.-Console-app-calls-web-API-with-PoP/Microsoft.Identity.Web.Future/Microsoft.Identity.Web.ruleset

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <packageSources>
+    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
+  </packageSources>
+</configuration>