parse user provided authority queries into options.ExtraqueryParamete…

…rs + tests
AzureAD · May 17, 2024 · f5c1335 · f5c1335
1 parent bb4ccbb
commit f5c1335
Show file tree

Hide file tree

Showing 5 changed files with 247 additions and 98 deletions.
diff --git a/changelog.md b/changelog.md
@@ -5,9 +5,6 @@ Pending Next Release
 - `GraphAuthenticationProvider` checks that the `RequestInformation.URI` is a Graph URI before appending the authorization header, resolving [#2710](https://github.com/AzureAD/microsoft-identity-web/issues/2710). See PR [#2818](https://github.com/AzureAD/microsoft-identity-web/pull/2818) for details.
 - `TokenAcquisition` processes the error code `AADSTS1000502 (The provided certificate is not within its specified validity window)`. See PR [#2840](https://github.com/AzureAD/microsoft-identity-web/pull/2840) for details.
 
-### New features
-- Respect and propagate the query portion when present in the `Authority`, resolving [#2697](https://github.com/AzureAD/microsoft-identity-web/issues/2697). See PR [#2826](https://github.com/AzureAD/microsoft-identity-web/pull/2826) for details.
-
 3.0.0-preview1
 =========
 ### Breaking changes

diff --git a/src/Microsoft.Identity.Web/AuthorityHelpers.cs b/src/Microsoft.Identity.Web/AuthorityHelpers.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Web;
 using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.Identity.Web
@@ -14,28 +15,25 @@ internal static string BuildAuthority(MicrosoftIdentityOptions options)
             Uri baseUri = new Uri(options.Instance);
             var domain = options.Domain;
             var tenantId = options.TenantId;
-            QueryString queryParams = options.ExtraQueryParameters == null ? QueryString.Empty : QueryString.Create(options.ExtraQueryParameters as IEnumerable<KeyValuePair<string, string?>>);
 
             if (options.IsB2C)
             {
                 var userFlow = options.DefaultUserFlow;
-                return new Uri(baseUri, new PathString($"{baseUri.PathAndQuery}{domain}/{userFlow}/v2.0").Add(queryParams)).ToString();
+                return new Uri(baseUri, new PathString($"{baseUri.PathAndQuery}{domain}/{userFlow}/v2.0")).ToString();
             }
 
-            return new Uri(baseUri, new PathString($"{baseUri.PathAndQuery}{tenantId}/v2.0").Add(queryParams)).ToString();
+            return new Uri(baseUri, new PathString($"{baseUri.PathAndQuery}{tenantId}/v2.0")).ToString();
         }
 
         internal static string EnsureAuthorityIsV2(string authority)
         {
-            int index = authority.LastIndexOf("?", StringComparison.Ordinal);
-            var authorityWithoutQuery = index > 0 ? authority[..index] : authority;
-            authorityWithoutQuery = authorityWithoutQuery.Trim().TrimEnd('/');
-
-            if (!authorityWithoutQuery.EndsWith("v2.0", StringComparison.Ordinal))
-                authorityWithoutQuery += "/v2.0";
+            authority = authority.Trim().TrimEnd('/');
+            if (!authority.EndsWith("v2.0", StringComparison.Ordinal))
+            {
+                authority += "/v2.0";
+            }
 
-            var query = index > 0 ? authority[index..] : string.Empty;
-            return authorityWithoutQuery + query;
+            return authority;
         }
 
         internal static string? BuildCiamAuthorityIfNeeded(string authority, out bool preserveAuthority)
@@ -55,5 +53,27 @@ internal static string EnsureAuthorityIsV2(string authority)
             preserveAuthority = true;
             return authority;
         }
+
+        internal static void AddAuthorityQueryToOptions(MicrosoftIdentityOptions options)
+        {
+            if (!string.IsNullOrEmpty(options.Authority))
+            {
+                int queryIndex = options.Authority.IndexOf('?', StringComparison.Ordinal);
+                if (queryIndex > -1)
+                {
+                    options.ExtraQueryParameters ??= new Dictionary<string, string>();
+                    var queryParams = HttpUtility.ParseQueryString(options.Authority[queryIndex..].TrimStart('?'));
+                    for (int i = 0; i < queryParams.Count; i++)
+                    {
+                        var key = queryParams.GetKey(i);
+                        var value = queryParams.Get(i);
+                        if (key != null && key != null)
+#pragma warning disable CS8601 // queryParams is not null. ParseQueryString returns a non-null NameValueCollection with non-null values.
+                            options.ExtraQueryParameters[key] = value;
+#pragma warning restore CS8601 // queryParams is not null. ParseQueryString returns a non-null NameValueCollection with non-null values.
+                    }
+                }
+            }
+        }
     }
 }
diff --git a/...t.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs b/...t.Identity.Web/WebApiExtensions/MicrosoftIdentityWebApiAuthenticationBuilderExtensions.cs
@@ -178,6 +178,7 @@ private static void AddMicrosoftIdentityWebApiImplementation(
                     {
                         mergedOptions.Authority = AuthorityHelpers.BuildCiamAuthorityIfNeeded(mergedOptions.Authority, out bool preserveAuthority);
                         mergedOptions.PreserveAuthority = preserveAuthority;
+                        AuthorityHelpers.AddAuthorityQueryToOptions(mergedOptions);
                         options.Authority = mergedOptions.Authority;
                     }