Fix Instance/Tenant Parsing for V2 Authority (#2954)

* Fix Tenant Parsing for V2 Authority * Consolidate line endings * Keep existing indexTenant check * Put back the comment * use 'is' syntax for null checking --------- Co-authored-by: jennyf19 <jeferrie@microsoft.com>
AzureAD · Jul 31, 2024 · 0fdfc96 · 0fdfc96
1 parent e9d8a5c
commit 0fdfc96
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 14 deletions.
diff --git a/src/Microsoft.Identity.Web.TokenAcquisition/MergedOptions.cs b/src/Microsoft.Identity.Web.TokenAcquisition/MergedOptions.cs
@@ -186,7 +186,7 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
 
             mergedOptions.SaveTokens |= microsoftIdentityOptions.SaveTokens;
 #if NET8_0_OR_GREATER
-            mergedOptions.TokenHandler ??= microsoftIdentityOptions.TokenHandler;
+            mergedOptions.TokenHandler ??= microsoftIdentityOptions.TokenHandler;
 #else
             mergedOptions.SecurityTokenValidator ??= microsoftIdentityOptions.SecurityTokenValidator;
 #endif
@@ -215,12 +215,12 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
             mergedOptions.TimeProvider = microsoftIdentityOptions.TimeProvider;
 #endif
 #if NET9_0_OR_GREATER
-            if (microsoftIdentityOptions.AdditionalAuthorizationParameters != null)
-            {
-                foreach (var parameter in microsoftIdentityOptions.AdditionalAuthorizationParameters)
-                {
-                    mergedOptions.AdditionalAuthorizationParameters.Add(parameter.Key, parameter.Value);
-                }
+            if (microsoftIdentityOptions.AdditionalAuthorizationParameters is not null)
+            {
+                foreach (var parameter in microsoftIdentityOptions.AdditionalAuthorizationParameters)
+                {
+                    mergedOptions.AdditionalAuthorizationParameters.Add(parameter.Key, parameter.Value);
+                }
             }
 #endif
             mergedOptions.TokenValidationParameters = microsoftIdentityOptions.TokenValidationParameters.Clone();
@@ -244,7 +244,7 @@ internal static void UpdateMergedOptionsFromMicrosoftIdentityOptions(MicrosoftId
             mergedOptions.AutomaticRefreshInterval = microsoftIdentityOptions.AutomaticRefreshInterval;
 #endif
 #endif
-            // Non ASP.NET Core specific
+            // Non ASP.NET Core specific
             if (string.IsNullOrEmpty(mergedOptions.Instance) && !string.IsNullOrEmpty(microsoftIdentityOptions.Instance))
             {
                 mergedOptions.Instance = microsoftIdentityOptions.Instance;
@@ -432,13 +432,18 @@ internal static void ParseAuthorityIfNecessary(MergedOptions mergedOptions)
         {
             if (string.IsNullOrEmpty(mergedOptions.TenantId) && string.IsNullOrEmpty(mergedOptions.Instance) && !string.IsNullOrEmpty(mergedOptions.Authority))
             {
-                string authority = mergedOptions.Authority!.TrimEnd('/');
-                int indexTenant = authority.LastIndexOf('/');
-                if (indexTenant >= 0)
-                {
+                const int StartingIndex = 8; // length of "https://"
+                ReadOnlySpan<char> authoritySpan = mergedOptions.Authority.AsSpan().TrimEnd('/');
+
+                int indexTenant = authoritySpan.Slice(StartingIndex).IndexOf('/') + StartingIndex;
+                if (indexTenant >= 0)
+                {
+                    int indexVersion = authoritySpan.Slice(indexTenant + 1).IndexOf('/') + indexTenant + 1;
+                    int indexEndOfTenant = indexVersion == -1 ? authoritySpan.Length : indexVersion;
+
                     // In CIAM and B2C, customers will use "authority", not Instance and TenantId
-                    mergedOptions.Instance = mergedOptions.PreserveAuthority ? mergedOptions.Authority : authority.Substring(0, indexTenant);
-                    mergedOptions.TenantId = mergedOptions.PreserveAuthority ? null : authority.Substring(indexTenant + 1);
+                    mergedOptions.Instance = mergedOptions.PreserveAuthority ? mergedOptions.Authority : authoritySpan.Slice(0, indexTenant).ToString();
+                    mergedOptions.TenantId = mergedOptions.PreserveAuthority ? null : authoritySpan.Slice(indexTenant + 1, indexEndOfTenant - indexTenant - 1).ToString();
                 }
             }
         }

diff --git a/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs b/tests/Microsoft.Identity.Web.Test/TokenAcquisitionAuthorityTests.cs
@@ -249,6 +249,22 @@ public void TestParseAuthorityIfNecessary_CIAM()
             Assert.Null(mergedOptions.TenantId);
         }
 
+        [Fact]
+        public void TestParseAuthorityIfNecessary_V2Authority()
+        {
+            MergedOptions mergedOptions = new()
+            {
+                Authority = TC.AuthorityWithTenantSpecifiedWithV2,
+                PreserveAuthority = false
+            };
+
+            MergedOptions.ParseAuthorityIfNecessary(mergedOptions);
+
+            Assert.Equal(TC.AuthorityWithTenantSpecifiedWithV2, mergedOptions.Authority);
+            Assert.Equal(TC.AadInstance, mergedOptions.Instance);
+            Assert.Equal(TC.TenantIdAsGuid, mergedOptions.TenantId);
+        }
+
         [Fact]
         public void MergeExtraQueryParametersTest()
         {