Merge pull request #510 from AzureAD/SJAIN/obo-service-principal

siddhijain · web-flow · commit 1e65e2eb1b4d · 2022-05-25T10:17:09.000-05:00
changes for obo flow to work with Service Principal
diff --git a/src/main/java/com/microsoft/aad/msal4j/TokenCache.java b/src/main/java/com/microsoft/aad/msal4j/TokenCache.java
@@ -207,8 +207,10 @@ void saveTokens(TokenRequestExecutor tokenRequestExecutor, AuthenticationResult
                     idTokens.put(idTokenEntity.getKey(), idTokenEntity);
 
                     AccountCacheEntity accountCacheEntity = authenticationResult.accountCacheEntity();
-                    accountCacheEntity.environment(environment);
-                    accounts.put(accountCacheEntity.getKey(), accountCacheEntity);
+                    if(accountCacheEntity!=null) {
+                        accountCacheEntity.environment(environment);
+                        accounts.put(accountCacheEntity.getKey(), accountCacheEntity);
+                    }
                 }
             } finally {
                 lock.writeLock().unlock();
@@ -533,6 +535,18 @@ private Optional<IdTokenCacheEntity> getIdTokenCacheEntity(
         ).findAny();
     }
 
+    private Optional<RefreshTokenCacheEntity> getRefreshTokenCacheEntity(
+            String clientId,
+            Set<String> environmentAliases,
+            String userAssertionHash) {
+        return refreshTokens.values().stream().filter(
+                refreshToken ->
+                        userAssertionHashMatches(refreshToken, userAssertionHash) &&
+                                environmentAliases.contains(refreshToken.environment) &&
+                                refreshToken.clientId.equals(clientId)
+        ).findAny();
+    }
+
     private Optional<RefreshTokenCacheEntity> getRefreshTokenCacheEntity(
             IAccount account,
             String clientId,
@@ -683,6 +697,11 @@ AuthenticationResult getCachedAuthenticationResult(
                         getIdTokenCacheEntity(authority, clientId, environmentAliases, userAssertionHash);
 
                 idTokenCacheEntity.ifPresent(tokenCacheEntity -> builder.idToken(tokenCacheEntity.secret));
+
+                Optional<RefreshTokenCacheEntity> rtCacheEntity = getRefreshTokenCacheEntity(clientId, environmentAliases, userAssertionHash);
+
+                rtCacheEntity.ifPresent(refreshTokenCacheEntity ->
+                        builder.refreshToken(refreshTokenCacheEntity.secret));
             } finally {
                 lock.readLock().unlock();
             }
