Merge pull request #69 from AzureAD/sagonzal/exposeHttp429

Sagonzal/exceptions

Author: sangonzal

src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscovery.java

@@ -66,8 +66,8 @@ private static String getInstanceDiscoveryEndpoint(String host) {
     }
 
     private static void validate(InstanceDiscoveryResponse instanceDiscoveryResponse) {
-        if (StringHelper.isBlank(instanceDiscoveryResponse.getTenantDiscoveryEndpoint())) {
-            throw new AuthenticationException(instanceDiscoveryResponse.getErrorDescription());
+        if (StringHelper.isBlank(instanceDiscoveryResponse.tenantDiscoveryEndpoint())) {
+            throw new MsalServiceException(instanceDiscoveryResponse);
         }
     }
 
@@ -97,8 +97,8 @@ private static void validate(InstanceDiscoveryResponse instanceDiscoveryResponse
     }
 
     private static void cacheInstanceDiscoveryMetadata(String host, InstanceDiscoveryResponse instanceDiscoveryResponse) {
-        if (instanceDiscoveryResponse.getMetadata() != null) {
-            for (InstanceDiscoveryMetadataEntry entry : instanceDiscoveryResponse.getMetadata()) {
+        if (instanceDiscoveryResponse.metadata() != null) {
+            for (InstanceDiscoveryMetadataEntry entry : instanceDiscoveryResponse.metadata()) {
                 for (String alias : entry.aliases) {
                     cache.put(alias, entry);
                 }

src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java

@@ -133,10 +133,14 @@ private AuthorizationGrant getAuthorizationGrantIntegrated(String userName) thro
             updatedGrant = getSAMLAuthorizationGrant(wsTrustResponse);
         }
         else if (userRealmResponse.isAccountManaged()) {
-            throw new AuthenticationException("Password is required for managed user");
+            throw new MsalClientException(
+                    "Password is required for managed user",
+                    AuthenticationErrorCode.PASSWORD_REQUIRED_FOR_MANAGED_USER);
         }
         else{
-            throw new AuthenticationException("Unknown User Type");
+            throw new MsalClientException(
+                    "User Realm request failed",
+                    AuthenticationErrorCode.USER_REALM_DISCOVERY_FAILED);
         }
 
         return updatedGrant;

src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java

@@ -57,15 +57,15 @@ private AuthenticationResult acquireTokenWithDeviceCode(DeviceCode deviceCode,
             }
             try {
                 return acquireTokenByAuthorisationGrantSupplier.execute();
-            } catch (AuthenticationException ex) {
+            } catch (MsalServiceException ex) {
                 if (ex.errorCode().equals(AUTHORIZATION_PENDING)) {
                     TimeUnit.SECONDS.sleep(deviceCode.interval());
                 } else {
                     throw ex;
                 }
             }
         }
-        throw new AuthenticationException("Expired Device code");
+        throw new MsalClientException("Expired Device code", AuthenticationErrorCode.CODE_EXPIRED);
     }
 
     private Long getCurrentSystemTimeInSeconds(){

src/main/java/com/microsoft/aad/msal4j/ApiEvent.java

@@ -75,7 +75,7 @@ public void setIsConfidentialClient(boolean isConfidentialClient){
         this.put(IS_CONFIDENTIAL_CLIENT_KEY, String.valueOf(isConfidentialClient).toLowerCase(Locale.ROOT));
     }
 
-    public void setApiErrorCode(AuthenticationErrorCode apiErrorCode){
-        this.put(API_ERROR_CODE_KEY, apiErrorCode.toString());
+    public void setApiErrorCode(String apiErrorCode){
+        this.put(API_ERROR_CODE_KEY, apiErrorCode);
     }
 }

src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java

@@ -3,20 +3,44 @@
 
 package com.microsoft.aad.msal4j;
 
-public enum AuthenticationErrorCode {
+public class AuthenticationErrorCode {
 
-    UNKNOWN ("unknown"),
-    AUTHORIZATION_PENDING ("authorization_pending"),
-    INTERACTION_REQUIRED ("interaction_required");
+    /**
+     * In the context of device code user has not yet authenticated via browser
+     */
+    public final static String AUTHORIZATION_PENDING = "authorization_pending";
 
-    private String errorCode;
+    /**
+     * In the context of device code, this error happens when the device code has expired before
+     * the user signed-in on another device (this is usually after 15 min)
+     */
+    public final static String CODE_EXPIRED = "code_expired";
 
-    AuthenticationErrorCode(String errorCode){
-        this.errorCode = errorCode;
-    }
+    /**
+     * Standard Oauth2 protocol error code. It indicates that the application needs to expose
+     * the UI to the user so that user does an interactive action in order to get a new token
+     */
+    public final static String INVALID_GRANT = "invalid_grant";
 
-    @Override
-    public String toString(){
-        return errorCode;
-    }
+    /**
+     * WS-Trust Endpoint not found in Metadata document
+     */
+    public final static String WSTRUST_ENDPOINT_NOT_FOUND_IN_METADATA_DOCUMENT = "wstrust_endpoint_not_found";
+
+    /**
+     * Password is required for managed user. Will typically happen when trying to do integrated windows authentication
+     * for managed users
+     */
+    public final static String PASSWORD_REQUIRED_FOR_MANAGED_USER = "password_required_for_managed_user";
+
+    /**
+     * User realm discovery failed
+     */
+    public final static String USER_REALM_DISCOVERY_FAILED = "user_realm_discovery_failed";
+
+    /**
+     * Unknown error occurred
+     */
+    public final static String UNKNOWN = "unknown";
 }
+

src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorMessage.java

@@ -11,7 +11,6 @@
 import java.net.URL;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Set;
 import java.util.concurrent.CompletionException;
 import java.util.function.Supplier;
 
@@ -66,9 +65,11 @@ public IAuthenticationResult get() {
                     }
                 }
             } catch(Exception ex) {
-                if (ex instanceof AuthenticationException) {
-                    apiEvent.setApiErrorCode(((AuthenticationException) ex).errorCode());
+
+                if (ex instanceof MsalServiceException) {
+                    apiEvent.setApiErrorCode(((MsalServiceException) ex).errorCode());
                 }
+
                 clientApplication.log.error(
                         LogHelper.createMessage(
                                 "Execution of " + this.getClass() + " failed.",

src/main/java/com/microsoft/aad/msal4j/AuthenticationException.java

@@ -70,7 +70,7 @@ static AuthorityType detectAuthorityType(URL authorityUrl) {
         final String path = authorityUrl.getPath().substring(1);
         if (StringHelper.isBlank(path)) {
             throw new IllegalArgumentException(
-                    AuthenticationErrorMessage.AUTHORITY_URI_INVALID_PATH);
+                    "authority Uri should have at least one segment in the path (i.e. https://<host>/<path>/...)");
         }
 
         final String firstPath = path.substring(0, path.indexOf("/"));
@@ -88,7 +88,7 @@ static AuthorityType detectAuthorityType(URL authorityUrl) {
     void validateAuthorityUrl() {
         if (!this.canonicalAuthorityUrl.getProtocol().equalsIgnoreCase("https")) {
             throw new IllegalArgumentException(
-                    AuthenticationErrorMessage.AUTHORITY_URI_INSECURE);
+                    "authority should use the 'https' scheme");
         }
 
         if (this.canonicalAuthorityUrl.toString().contains("#")) {

src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java

@@ -387,7 +387,7 @@ private static Authority createDefaultAADAuthority() {
             try {
                 authority = new AADAuthority(new URL(DEFAULT_AUTHORITY));
             } catch(Exception e){
-                throw new AuthenticationException(e);
+                throw new MsalClientException(e);
             }
             return authority;
         }

src/main/java/com/microsoft/aad/msal4j/Authority.java

@@ -87,7 +87,7 @@ private ClientAuthentication createClientAuthFromClientAssertion(
             map.put("client_assertion", Collections.singletonList(clientAssertion.assertion()));
             return PrivateKeyJWT.parse(map);
         } catch (final ParseException e) {
-            throw new AuthenticationException(e);
+            throw new MsalClientException(e);
         }
     }
 

src/main/java/com/microsoft/aad/msal4j/ClaimsChallengeException.java

@@ -0,0 +1,42 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j;
+
+import com.google.gson.annotations.SerializedName;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.experimental.Accessors;
+
+@Accessors(fluent = true)
+@Getter
+@Setter
+class ErrorResponse {
+
+    private Integer statusCode;
+    private String statusMessage;
+
+    @SerializedName("error")
+    protected String error;
+
+    @SerializedName("error_description")
+    protected String errorDescription;
+
+    @SerializedName("error_codes")
+    protected long[] errorCodes;
+
+    @SerializedName("suberror")
+    protected String subError;
+
+    @SerializedName("trace_id")
+    protected String traceId;
+
+    @SerializedName("timestamp")
+    protected String timestamp;
+
+    @SerializedName("correlation_id")
+    protected String correlation_id;
+
+    @SerializedName("claims")
+    private String claims;
+}

src/main/java/com/microsoft/aad/msal4j/ClientApplicationBase.java

@@ -148,7 +148,7 @@ static void verifyReturnedCorrelationId(Logger log,
     }
 
     static String readResponseFromConnection(final HttpsURLConnection conn, HttpEvent httpEvent)
-            throws AuthenticationException, IOException {
+            throws MsalServiceException, IOException {
         InputStream is = null;
         try {
             int responseCode = conn.getResponseCode();
@@ -160,8 +160,8 @@ static String readResponseFromConnection(final HttpsURLConnection conn, HttpEven
                 if (is != null) {
                     msg = msg + ", Error details : " + inputStreamToString(is);
                 }
-                httpEvent.setOauthErrorCode(AuthenticationErrorCode.UNKNOWN.toString());
-                throw new AuthenticationException(msg);
+                httpEvent.setOauthErrorCode(AuthenticationErrorCode.UNKNOWN);
+                throw new MsalServiceException(msg, AuthenticationErrorCode.UNKNOWN);
             }
 
             is = conn.getInputStream();

src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java

@@ -35,10 +35,9 @@ public interface IPublicClientApplication extends IClientApplicationBase {
      * End-user should be instructed to use another device to connect to the authorization server to approve the access request.
      * Since the client cannot receive incoming requests, it polls the authorization server repeatedly
      * until the end-user completes the approval process.
-     *
      * @param parameters instance of {@link DeviceCodeFlowParameters}
      * @return {@link CompletableFuture} containing an {@link IAuthenticationResult}
-     * @throws AuthenticationException thrown if authorization is pending or another error occurred.
+     * @throws MsalException thrown if authorization is pending or another error occurred.
      *                                 If the errorCode of the exception is AuthenticationErrorCode.AUTHORIZATION_PENDING,
      *                                 the call needs to be retried until the AccessToken is returned.
      *                                 DeviceCode.interval - The minimum amount of time in seconds that the client