AzureAD · Avery-Dunn · Jul 10, 2023 · Jul 10, 2023
@@ -124,6 +124,50 @@ void acquireTokenInteractive_ManagedUser_InstanceAware() {
         assertAcquireTokenInstanceAware(user);
     }
 
+    @Test
+    void acquireTokenInteractive_Ciam() {
+        User user = labUserProvider.getCiamUser();
+
+        Map<String, String> extraQueryParameters = new HashMap<>();
+
+        PublicClientApplication pca;
+        try {
+            pca = PublicClientApplication.builder(
+                            user.getAppId()).
+                    authority("https://" + user.getLabName() + ".ciamlogin.com/")
+                    .build();
+        } catch (MalformedURLException ex) {
+            throw new RuntimeException(ex.getMessage());
+        }
+
+        IAuthenticationResult result;
+        try {
+            URI url = new URI("http://localhost:8080");
+
+            SystemBrowserOptions browserOptions =
+                    SystemBrowserOptions
+                            .builder()
+                            .openBrowserAction(new SeleniumOpenBrowserAction(user, pca))
+                            .build();
+
+            InteractiveRequestParameters parameters = InteractiveRequestParameters
+                    .builder(url)
+                    .scopes(Collections.singleton(TestConstants.USER_READ_SCOPE))
+                    .extraQueryParameters(extraQueryParameters)
+                    .systemBrowserOptions(browserOptions)
+                    .build();
+
+            result = pca.acquireToken(parameters).get();
+
+        } catch (Exception e) {
+            LOG.error("Error acquiring token with authCode: " + e.getMessage());
+            throw new RuntimeException("Error acquiring token with authCode: " + e.getMessage());
+        }
+
+        assertTokenResultNotNull(result);
+        assertEquals(user.getUpn(), result.account().username());
+    }
+
     private void assertAcquireTokenCommon(User user, String authority, String scope) {
         PublicClientApplication pca;
         try {

@@ -6,6 +6,7 @@
 import labapi.AppCredentialProvider;
 import labapi.AzureEnvironment;
 import labapi.LabUserProvider;
+import labapi.User;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
 import org.junit.jupiter.api.BeforeAll;
@@ -64,6 +65,29 @@ void acquireTokenClientCredentials_ClientAssertion() throws Exception {
         assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY);
     }
 
+    @Test
+    void acquireTokenClientCredentials_ClientSecret_Ciam() throws Exception {
+
+        User user = labUserProvider.getCiamUser();
+        String clientId = user.getAppId();
+
+        AppCredentialProvider appProvider = new AppCredentialProvider(AzureEnvironment.CIAM);
+        IClientCredential credential = ClientCredentialFactory.createFromSecret(appProvider.getOboAppPassword());
+
+        ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
+                        clientId, credential).
+                authority("https://" + user.getLabName() + ".ciamlogin.com/").
+                build();
+
+        IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters
+                        .builder(Collections.singleton(TestConstants.DEFAULT_SCOPE))
+                        .build())
+                .get();
+
+        assertNotNull(result);
+        assertNotNull(result.accessToken());
+    }
+
     @Test
     void acquireTokenClientCredentials_Callback() throws Exception {
         String clientId = "2afb0add-2f32-4946-ac90-81a02aa4550e";
@@ -132,6 +156,7 @@ void acquireTokenClientCredentials_Regional() throws Exception {
 
         assertAcquireTokenCommon_withRegion(clientId, certificate, "westus", TestConstants.REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_WESTUS);
     }
+
     private ClientAssertion getClientAssertion(String clientId) {
         return JwtHelper.buildJwt(
                 clientId,

@@ -13,6 +13,7 @@ public class TestConstants {
     public final static String MSIDLAB_VAULT_URL = "https://msidlabs.vault.azure.net/";
     public final static String GRAPH_DEFAULT_SCOPE = "https://graph.windows.net/.default";
     public final static String USER_READ_SCOPE = "user.read";
+    public final static String DEFAULT_SCOPE = ".default";
     public final static String B2C_LAB_SCOPE = "https://msidlabb2c.onmicrosoft.com/msaapp/user_impersonation";
     public final static String B2C_CONFIDENTIAL_CLIENT_APP_SECRETID = "MSIDLABB2C-MSAapp-AppSecret";
     public final static String B2C_CONFIDENTIAL_CLIENT_LAB_APP_ID = "MSIDLABB2C-MSAapp-AppID";

@@ -119,6 +119,27 @@ void acquireTokenWithUsernamePassword_AuthorityWithPort() throws Exception {
                 user.getAppId());
     }
 
+    @Test
+    void acquireTokenWithUsernamePassword_Ciam() throws Exception {
+
+        Map<String, String> extraQueryParameters = new HashMap<>();
+
+        User user = labUserProvider.getCiamUser();
+        PublicClientApplication pca = PublicClientApplication.builder(user.getAppId())
+                .authority("https://" + user.getLabName() + ".ciamlogin.com/")
+                .build();
+
+
+        IAuthenticationResult result = pca.acquireToken(UserNamePasswordParameters.
+                        builder(Collections.singleton(TestConstants.USER_READ_SCOPE),
+                                user.getUpn(),
+                                user.getPassword().toCharArray())
+                        .extraQueryParameters(extraQueryParameters)
+                        .build())
+                .get();
+
+        assertNotNull(result.accessToken());
+    }
 
     private void assertAcquireTokenCommonAAD(User user) throws Exception {
         assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(),

@@ -14,7 +14,7 @@ public class LabConstants {
     public final static String USER_MSA_USERNAME_URL = "https://msidlabs.vault.azure.net/secrets/MSA-MSIDLAB4-UserName";
     public final static String USER_MSA_PASSWORD_URL = "https://msidlabs.vault.azure.net/secrets/MSA-MSIDLAB4-Password";
     public final static String OBO_APP_PASSWORD_URL = "https://msidlabs.vault.azure.net/secrets/TodoListServiceV2-OBO";
-    public final static String CIAM_KEY_VAULT_SECRET_KEY = "https://msidlabs.vault.azure.net/secrets/MSIDLABCIAM1-cc";
+    public final static String CIAM_KEY_VAULT_SECRET_KEY = "https://msidlabs.vault.azure.net/secrets/MSIDLABCIAM2-cc";
 
     public final static String ARLINGTON_APP_ID = "cb7faed4-b8c0-49ee-b421-f5ed16894c83";
     public final static String ARLINGTON_OBO_APP_ID = "c0555d2d-02f2-4838-802e-3463422e571d";