Merge pull request #266 from AzureAD/pesomka/extra_scopes

Pesomka/extra scopes

Author: SomkaPe

src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java

@@ -10,13 +10,7 @@
 
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeSet;
+import java.util.*;
 
 /**
  * Parameters for {@link AbstractClientApplicationBase#getAuthorizationRequestUrl(AuthorizationRequestUrlParameters)}
@@ -62,9 +56,15 @@ private AuthorizationRequestUrlParameters(Builder builder){
         requestParameters.put("redirect_uri", Collections.singletonList(this.redirectUri));
         this.scopes = builder.scopes;
 
-        Set<String> scopesParam = new TreeSet<>(builder.scopes);
         String[] commonScopes = AbstractMsalAuthorizationGrant.COMMON_SCOPES_PARAM.split(" ");
-        scopesParam.addAll(Arrays.asList(commonScopes));
+
+        Set<String> scopesParam = new LinkedHashSet<>(Arrays.asList(commonScopes));
+
+        scopesParam.addAll(builder.scopes);
+
+        if(builder.extraScopesToConsent != null) {
+            scopesParam.addAll(builder.extraScopesToConsent);
+        }
 
         this.scopes = scopesParam;
         requestParameters.put("scope", Collections.singletonList(String.join(" ", scopesParam)));
@@ -151,6 +151,7 @@ public static class Builder {
 
         private String redirectUri;
         private Set<String> scopes;
+        private Set<String> extraScopesToConsent;
         private Set<String> claims;
         private String claimsChallenge;
         private String codeChallenge;
@@ -188,6 +189,15 @@ public Builder scopes(Set<String> val){
             return self();
         }
 
+        /**
+         * Scopes that you can request the end user to consent upfront,
+         * in addition to scopes which the application is requesting access to.
+         */
+        public Builder extraScopesToConsent(Set<String> val){
+            this.extraScopesToConsent = val;
+            return self();
+        }
+
         /**
          * In cases where Azure AD tenant admin has enabled conditional access policies, and the
          * policy has not been met,{@link MsalServiceException} will contain claims that need be

src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java

@@ -9,11 +9,7 @@
 import java.io.UnsupportedEncodingException;
 import java.net.URL;
 import java.net.URLDecoder;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-import java.util.HashSet;
+import java.util.*;
 
 public class AuthorizationRequestUrlParametersTest {
 
@@ -57,7 +53,7 @@ public void testBuilder_onlyRequiredParameters() throws UnsupportedEncodingExcep
                     URLDecoder.decode(pair.substring(idx+1), "UTF-8"));
         }
 
-        Assert.assertEquals(queryParameters.get("scope"), "offline_access openid profile scope");
+        Assert.assertEquals(queryParameters.get("scope"), "openid profile offline_access scope");
         Assert.assertEquals(queryParameters.get("response_type"), "code");
         Assert.assertEquals(queryParameters.get("redirect_uri"), "http://localhost:8080");
         Assert.assertEquals(queryParameters.get("client_id"), "client_id");
@@ -89,6 +85,7 @@ public void testBuilder_optionalParameters() throws UnsupportedEncodingException
         AuthorizationRequestUrlParameters parameters =
                 AuthorizationRequestUrlParameters
                         .builder(redirectUri, scope)
+                        .extraScopesToConsent(new LinkedHashSet<>(Arrays.asList("extraScopeToConsent1", "extraScopeToConsent2")))
                         .responseMode(ResponseMode.QUERY)
                         .codeChallenge("challenge")
                         .codeChallengeMethod("method")
@@ -114,7 +111,8 @@ public void testBuilder_optionalParameters() throws UnsupportedEncodingException
                     URLDecoder.decode(pair.substring(idx+1), "UTF-8"));
         }
 
-        Assert.assertEquals(queryParameters.get("scope"), "offline_access openid profile scope");
+        Assert.assertEquals(queryParameters.get("scope"),
+                "openid profile offline_access scope extraScopeToConsent1 extraScopeToConsent2");
         Assert.assertEquals(queryParameters.get("response_type"), "code");
         Assert.assertEquals(queryParameters.get("redirect_uri"), "http://localhost:8080");
         Assert.assertEquals(queryParameters.get("client_id"), "client_id");