Fixes emulating Entra auth for SPA apps (#1193)

waldekmastykarz · web-flow · commit df4de7daa035 · 2025-05-19T08:05:12.000-07:00
diff --git a/dev-proxy-plugins/Mocks/EntraMockResponsePlugin.cs b/dev-proxy-plugins/Mocks/EntraMockResponsePlugin.cs
@@ -39,6 +39,7 @@ public class EntraMockResponsePlugin(IPluginEvents pluginEvents, IProxyContext c
 
     public override string Name => nameof(EntraMockResponsePlugin);
 
+    // Running on POST requests with a body
     protected override void ProcessMockResponse(ref byte[] body, IList<MockResponseHeader> headers, ProxyRequestArgs e, MockResponse? matchingResponse)
     {
         base.ProcessMockResponse(ref body, headers, e, matchingResponse);
@@ -47,7 +48,7 @@ protected override void ProcessMockResponse(ref byte[] body, IList<MockResponseH
         var changed = false;
 
         StoreLastNonce(e);
-        UpdateMsalState(ref bodyString, e, ref changed);
+        UpdateMsalStateInBody(ref bodyString, e, ref changed);
         UpdateIdToken(ref bodyString, e, ref changed);
         UpdateDevProxyKeyId(ref bodyString, ref changed);
         UpdateDevProxyCertificateChain(ref bodyString, ref changed);
@@ -58,6 +59,15 @@ protected override void ProcessMockResponse(ref byte[] body, IList<MockResponseH
         }
     }
 
+    // Running on GET requests without a body
+    protected override void ProcessMockResponse(ref string? body, IList<MockResponseHeader> headers, ProxyRequestArgs e, MockResponse? matchingResponse)
+    {
+        base.ProcessMockResponse(ref body, headers, e, matchingResponse);
+
+        StoreLastNonce(e);
+        UpdateMsalStateInHeaders(headers, e);
+    }
+
     private void UpdateDevProxyCertificateChain(ref string bodyString, ref bool changed)
     {
         if (!bodyString.Contains("@dynamic.devProxyCertificateChain"))
@@ -127,7 +137,22 @@ private static string PadBase64(string base64)
         return base64 + padding;
     }
 
-    private void UpdateMsalState(ref string body, ProxyRequestArgs e, ref bool changed)
+    private static void UpdateMsalStateInHeaders(IList<MockResponseHeader> headers, ProxyRequestArgs e)
+    {
+        var locationHeader = headers.FirstOrDefault(h => h.Name.Equals("Location", StringComparison.OrdinalIgnoreCase));
+
+        if (locationHeader is null ||
+            !e.Session.HttpClient.Request.RequestUri.Query.Contains("state="))
+        {
+            return;
+        }
+
+        var queryString = HttpUtility.ParseQueryString(e.Session.HttpClient.Request.RequestUri.Query);
+        var msalState = queryString["state"];
+        locationHeader.Value = locationHeader.Value.Replace("state=@dynamic", $"state={msalState}");
+    }
+
+    private static void UpdateMsalStateInBody(ref string body, ProxyRequestArgs e, ref bool changed)
     {
         if (!body.Contains("state=@dynamic") ||
           !e.Session.HttpClient.Request.RequestUri.Query.Contains("state="))
