in src/PowerShell/Commands/TestPartnerSecurityRequirement.cs [44:102]
protected override void ProcessRecord()
{
string result = "pass";
PartnerAccount account = new PartnerAccount
{
Tenant = "organizations",
Type = AccountType.User
};
PartnerEnvironment environment = PartnerEnvironment.PublicEnvironments[Environment];
if (UseDeviceAuthentication.IsPresent)
{
account.SetProperty("UseDeviceAuth", "true");
}
else
{
account.SetProperty("UseAuthCode", "true");
}
account.SetProperty(PartnerAccountPropertyType.ApplicationId, PowerShellApplicationId);
Scheduler.RunTask(async () =>
{
AuthenticationResult authResult = await PartnerSession.Instance.AuthenticationFactory.AuthenticateAsync(
account,
environment,
new[] { $"{environment.PartnerCenterEndpoint}/user_impersonation" },
Message,
CancellationToken).ConfigureAwait(false);
JsonWebToken jwt = new JsonWebToken(authResult.AccessToken);
WriteDebug("Checking if the access token contains the MFA claim...");
/*
* Obtain the authentication method reference (AMR) claim. This claim contains the methods used
* during authenitcation. See https://tools.ietf.org/html/rfc8176 for more information.
*/
if (jwt.TryGetClaim("amr", out Claim claim))
{
if (!claim.Value.Contains("mfa"))
{
WriteWarning("Unable to determine if the account authenticated using MFA. See https://aka.ms/partnercenterps-psr-warning for more information.");
result = "fail";
}
}
else
{
WriteWarning("Unable to find the AMR claim, which means the ability to verify the MFA challenge happened will not be possible. See https://aka.ms/partnercenterps-psr-warning for more information.");
result = "fail";
}
WriteObject(result);
});
}