Search code examples
c#unit-testing.net-coremoqazure-ad-msal

How to mock (MOQ) IConfidentialClientApplication which has sealed setup AbstractAcquireTokenParameterBuilder?

I'm getting the following exception when trying to setup the moq for an IConfidentialClientApplication:

System.NotSupportedException : Unsupported expression: ... => ....ExecuteAsync() Non-overridable members (here: AbstractAcquireTokenParameterBuilder.ExecuteAsync) may not be used in setup / verification expressions.

private Mock<IConfidentialClientApplication> _appMock = new Mock<IConfidentialClientApplication>();

[Fact]
public async Task GetAccessTokenResultAsync_WithGoodSetup_ReturnsToken()
{
    // Leverages MSAL AuthenticationResult constructor meant for mocks in test
    var authentication = CreateAuthenticationResult();

    // EXCEPTION THROWN HERE
    _appMock.Setup(_ => _.AcquireTokenForClient(It.IsAny<string[]>()).ExecuteAsync())
        .ReturnsAsync(authentication);

    ... rest of test ...
}

An AcquireTokenForClientParameterBuilder is returned by _.AcquireTokenForClient; "a builder enabling you to add optional parameters before executing the token request". This is a sealed class, so I can't easily mock this tricky object.

For those curious, CreateAuthenticationResult() is a method that invokes a signature from Microsoft.Identity.Client.AuthenticationResult that was specifically added in by Microsoft for stubbing an AuthenticationResult, as it cannot be mocked since it too is a sealed class.

https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/682

Solution

  • Seeing that AcquireTokenForClientParameterBuilder is provided through an external library, you obviously aren't able to modify it to be more testable. Given that, I'd suggest abstracting that code behind your own interface (kind of applying the Adapter pattern for testing purposes).

    Take the following service/test as an example of how you'd currently be using the IConfidentialClientApplication and trying to mock it (which results in the same error you're seeing):

    public class MyService
{
    private readonly IConfidentialClientApplication _confidentialClientApplication;

    public MyService(IConfidentialClientApplication confidentialClientApplication)
    {
        _confidentialClientApplication = confidentialClientApplication;
    }

    public async Task<string> GetAccessToken(IEnumerable<string> scopes)
    {
        AcquireTokenForClientParameterBuilder tokenBuilder = _confidentialClientApplication.AcquireTokenForClient(scopes);
        AuthenticationResult token = await tokenBuilder.ExecuteAsync();
        return token.AccessToken;
    }
}

public class UnitTest1
{
    [Fact]
    public async Task Test1()
    {
        Mock<IConfidentialClientApplication> _appMock = new Mock<IConfidentialClientApplication>();
        AuthenticationResult authentication = CreateAuthenticationResult("myToken");
        _appMock
            .Setup(_ => _.AcquireTokenForClient(It.IsAny<string[]>()).ExecuteAsync())
            .ReturnsAsync(authentication);

        var myService = new MyService(_appMock.Object);
        string accessToken = await myService.GetAccessToken(new string[] { });

        Assert.Equal("myToken", accessToken);
    }

    private AuthenticationResult CreateAuthenticationResult(string accessToken) => 
        new AuthenticationResult(accessToken, true, null, DateTimeOffset.Now, DateTimeOffset.Now, string.Empty, null, null, null, Guid.Empty);
}

    By introducing a separate interface your code can the simply depend on that, putting you in control of how it will be used/tested:

    public interface IIdentityClientAdapter
{
    Task<string> GetAccessToken(IEnumerable<string> scopes);
}

public class IdentityClientAdapter : IIdentityClientAdapter
{
    private readonly IConfidentialClientApplication _confidentialClientApplication;

    public IdentityClientAdapter(IConfidentialClientApplication confidentialClientApplication)
    {
        _confidentialClientApplication = confidentialClientApplication;
    }

    public async Task<string> GetAccessToken(IEnumerable<string> scopes)
    {
        AcquireTokenForClientParameterBuilder tokenBuilder = _confidentialClientApplication.AcquireTokenForClient(scopes);
        AuthenticationResult token = await tokenBuilder.ExecuteAsync();
        return token.AccessToken;
    }
}

public class MyService
{
    private readonly IIdentityClientAdapter _identityClientAdapter;

    public MyService(IIdentityClientAdapter identityClientAdapter)
    {
        _identityClientAdapter = identityClientAdapter;
    }

    public async Task<string> GetAccessToken(IEnumerable<string> scopes)
    {
        return await _identityClientAdapter.GetAccessToken(scopes);
    }
}

public class UnitTest1
{
    [Fact]
    public async Task Test1()
    {
        Mock<IIdentityClientAdapter> _appMock = new Mock<IIdentityClientAdapter>();
        _appMock
            .Setup(_ => _.GetAccessToken(It.IsAny<string[]>()))
            .ReturnsAsync("myToken");

        var myService = new MyService(_appMock.Object);
        string accessToken = await myService.GetAccessToken(new string[] { });

        Assert.Equal("myToken", accessToken);
    }
}

    This example is obviously trivialized, but should still apply. The interface would just need to be fit to your needs.