AzureAD
diff --git a/‎README.md
Lines changed: 5 additions & 5 deletions b/‎README.md
Lines changed: 5 additions & 5 deletions
diff --git a/‎msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MsalRuntimeBroker.java
Lines changed: 94 additions & 37 deletions b/‎msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MsalRuntimeBroker.java
Lines changed: 94 additions & 37 deletions
diff --git a/‎msal4j-brokers/src/test/java/infrastructure/SeleniumConstants.java
Lines changed: 21 additions & 0 deletions b/‎msal4j-brokers/src/test/java/infrastructure/SeleniumConstants.java
Lines changed: 21 additions & 0 deletions
@@ -2,7 +2,7 @@
 
 `main` branch    | `dev` branch    | Reference Docs
 --------------------|-----------------|---------------
-[![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=main)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762) | [![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=dev)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762)| [![Javadocs](http://javadoc.io/badge/com.microsoft.azure/com.microsoft.aad.msal4j.svg)](http://javadoc.io/doc/com.microsoft.azure/com.microsoft.aad.msal4j)
+[![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=main)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762) | [![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=dev)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762)| [MSAL Java reference](https://learn.microsoft.com/en-us/java/api/com.microsoft.aad.msal4j?view=msal-java-latest)
 
 The Microsoft Authentication Library for Java (MSAL4J) enables applications to integrate with the [Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/). It allows you to sign in users or apps with Microsoft identities (Azure AD, Microsoft accounts and Azure AD B2C accounts) and obtain tokens to call Microsoft APIs such as [Microsoft Graph](https://graph.microsoft.io/) or your own APIs registered with the Microsoft identity platform. It is built using industry standard OAuth2 and OpenID Connect protocols.
 
@@ -16,9 +16,9 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.13.2
+Current version - 1.13.8
 
-You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
+You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/main/msal4j-sdk/changelog.txt).
 
 You can get the com.microsoft.aad.msal4j package through Maven or Gradle.
 
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.13.2</version>
+    <version>1.13.8</version>
 </dependency>
 ```
 ### Gradle
 
 ```gradle
-implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.13.2'
+implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.13.8'
 ```
 
 ## Usage
 
@@ -3,15 +3,7 @@
 
 package com.microsoft.aad.msal4jbrokers;
 
-import com.microsoft.aad.msal4j.IAuthenticationResult;
-import com.microsoft.aad.msal4j.IBroker;
-import com.microsoft.aad.msal4j.InteractiveRequestParameters;
-import com.microsoft.aad.msal4j.PublicClientApplication;
-import com.microsoft.aad.msal4j.SilentParameters;
-import com.microsoft.aad.msal4j.UserNamePasswordParameters;
-import com.microsoft.aad.msal4j.MsalClientException;
-import com.microsoft.aad.msal4j.AuthenticationErrorCode;
-import com.microsoft.aad.msal4j.IAccount;
+import com.microsoft.aad.msal4j.*;
 import com.microsoft.azure.javamsalruntime.Account;
 import com.microsoft.azure.javamsalruntime.AuthParameters;
 import com.microsoft.azure.javamsalruntime.AuthResult;
@@ -28,6 +20,7 @@ public class MsalRuntimeBroker implements IBroker {
     private static final Logger LOG = LoggerFactory.getLogger(MsalRuntimeBroker.class);
 
     private static MsalRuntimeInterop interop;
+    private static Boolean brokerAvailable;
 
     static {
         try {
@@ -53,11 +46,20 @@ public CompletableFuture<IAuthenticationResult> acquireToken(PublicClientApplica
         }
 
         try {
-            AuthParameters authParameters = new AuthParameters
-                    .AuthParametersBuilder(application.clientId(),
+            AuthParameters.AuthParametersBuilder authParamsBuilder = new AuthParameters.
+                    AuthParametersBuilder(application.clientId(),
                     application.authority(),
                     String.join(" ", parameters.scopes()))
-                    .build();
+                    .additionalParameters(parameters.extraQueryParameters());
+
+            //If POP auth scheme configured, set parameters to get MSALRuntime to return POP tokens
+            if (parameters.proofOfPossession() != null) {
+                authParamsBuilder.popParameters(parameters.proofOfPossession().getHttpMethod().methodName,
+                        parameters.proofOfPossession().getUri(),
+                        parameters.proofOfPossession().getNonce());
+            }
+
+            AuthParameters authParameters = authParamsBuilder.build();
 
             if (accountResult == null) {
                 return interop.signInSilently(authParameters, application.correlationId())
@@ -68,17 +70,17 @@ public CompletableFuture<IAuthenticationResult> acquireToken(PublicClientApplica
                                 ((AuthResult) authResult).getAccessToken(),
                                 ((AuthResult) authResult).getAccount().getAccountId(),
                                 ((AuthResult) authResult).getAccount().getClientInfo(),
-                                ((AuthResult) authResult).getAccessTokenExpirationTime()));
+                                ((AuthResult) authResult).getAccessTokenExpirationTime(),
+                                ((AuthResult) authResult).isPopAuthorization()));
             } else {
                 return interop.acquireTokenSilently(authParameters, application.correlationId(), accountResult)
                         .thenApply(authResult -> parseBrokerAuthResult(application.authority(),
                                 ((AuthResult) authResult).getIdToken(),
                                 ((AuthResult) authResult).getAccessToken(),
                                 ((AuthResult) authResult).getAccount().getAccountId(),
                                 ((AuthResult) authResult).getAccount().getClientInfo(),
-                                ((AuthResult) authResult).getAccessTokenExpirationTime())
-
-                        );
+                                ((AuthResult) authResult).getAccessTokenExpirationTime(),
+                                ((AuthResult) authResult).isPopAuthorization()));
             }
         } catch (MsalInteropException interopException) {
             throw new MsalClientException(interopException.getErrorMessage(), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR);
@@ -88,11 +90,21 @@ public CompletableFuture<IAuthenticationResult> acquireToken(PublicClientApplica
     @Override
     public CompletableFuture<IAuthenticationResult> acquireToken(PublicClientApplication application, InteractiveRequestParameters parameters) {
         try {
-            AuthParameters authParameters = new AuthParameters
-                    .AuthParametersBuilder(application.clientId(),
+            AuthParameters.AuthParametersBuilder authParamsBuilder = new AuthParameters.
+                    AuthParametersBuilder(application.clientId(),
                     application.authority(),
                     String.join(" ", parameters.scopes()))
-                    .build();
+                    .redirectUri(parameters.redirectUri().toString())
+                    .additionalParameters(parameters.extraQueryParameters());
+
+            //If POP auth scheme configured, set parameters to get MSALRuntime to return POP tokens
+            if (parameters.proofOfPossession() != null) {
+                authParamsBuilder.popParameters(parameters.proofOfPossession().getHttpMethod().methodName,
+                        parameters.proofOfPossession().getUri(),
+                        parameters.proofOfPossession().getNonce());
+            }
+            
+            AuthParameters authParameters = authParamsBuilder.build();
 
             return interop.signInInteractively(parameters.windowHandle(), authParameters, application.correlationId(), parameters.loginHint())
                     .thenCompose(acctResult -> interop.acquireTokenInteractively(parameters.windowHandle(), authParameters, application.correlationId(), ((AuthResult) acctResult).getAccount()))
@@ -102,8 +114,8 @@ public CompletableFuture<IAuthenticationResult> acquireToken(PublicClientApplica
                             ((AuthResult) authResult).getAccessToken(),
                             ((AuthResult) authResult).getAccount().getAccountId(),
                             ((AuthResult) authResult).getAccount().getClientInfo(),
-                            ((AuthResult) authResult).getAccessTokenExpirationTime())
-                    );
+                            ((AuthResult) authResult).getAccessTokenExpirationTime(),
+                            ((AuthResult) authResult).isPopAuthorization()));
         } catch (MsalInteropException interopException) {
             throw new MsalClientException(interopException.getErrorMessage(), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR);
         }
@@ -116,14 +128,20 @@ public CompletableFuture<IAuthenticationResult> acquireToken(PublicClientApplica
     @Override
     public CompletableFuture<IAuthenticationResult> acquireToken(PublicClientApplication application, UserNamePasswordParameters parameters) {
         try {
-            AuthParameters authParameters =
-                     new AuthParameters
-                             .AuthParametersBuilder(application.clientId(),
-                             application.authority(),
-                             String.join(" ", parameters.scopes()))
-                             .build();
+            AuthParameters.AuthParametersBuilder authParamsBuilder = new AuthParameters.
+                    AuthParametersBuilder(application.clientId(),
+                    application.authority(),
+                    String.join(" ", parameters.scopes()))
+                    .additionalParameters(parameters.extraQueryParameters());
+
+            //If POP auth scheme configured, set parameters to get MSALRuntime to return POP tokens
+            if (parameters.proofOfPossession() != null) {
+                authParamsBuilder.popParameters(parameters.proofOfPossession().getHttpMethod().methodName,
+                        parameters.proofOfPossession().getUri(),
+                        parameters.proofOfPossession().getNonce());
+            }
 
-            authParameters.setUsernamePassword(parameters.username(), new String(parameters.password()));
+            AuthParameters authParameters = authParamsBuilder.build();
 
             return interop.signInSilently(authParameters, application.correlationId())
                     .thenCompose(acctResult -> interop.acquireTokenSilently(authParameters, application.correlationId(), ((AuthResult) acctResult).getAccount()))
@@ -133,7 +151,8 @@ public CompletableFuture<IAuthenticationResult> acquireToken(PublicClientApplica
                             ((AuthResult) authResult).getAccessToken(),
                             ((AuthResult) authResult).getAccount().getAccountId(),
                             ((AuthResult) authResult).getAccount().getClientInfo(),
-                            ((AuthResult) authResult).getAccessTokenExpirationTime()));
+                            ((AuthResult) authResult).getAccessTokenExpirationTime(),
+                            ((AuthResult) authResult).isPopAuthorization()));
         } catch (MsalInteropException interopException) {
             throw new MsalClientException(interopException.getErrorMessage(), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR);
         }
@@ -163,17 +182,55 @@ public void removeAccount(PublicClientApplication application, IAccount msalJava
      */
     @Override
     public boolean isBrokerAvailable() {
-        try {
-            interop.startupMsalRuntime();
+        //brokerAvailable is only set after the first attempt to call MSALRuntime's startup API
+        if (brokerAvailable == null) {
+            try {
+                interop.startupMsalRuntime();
 
-            LOG.info("MSALRuntime started successfully. MSAL Java will use MSALRuntime in all supported broker flows.");
+                LOG.info("MSALRuntime started successfully. MSAL Java will use MSALRuntime in all supported broker flows.");
 
-            return true;
-        } catch (MsalInteropException e) {
-            LOG.warn("Exception thrown when trying to start MSALRuntime: {}", e.getErrorMessage());
-            LOG.warn("MSALRuntime could not be started. MSAL Java will fall back to non-broker flows.");
+                brokerAvailable = true;
+            } catch (MsalInteropException e) {
+                LOG.warn("Exception thrown when trying to start MSALRuntime: {}", e.getErrorMessage());
+                LOG.warn("MSALRuntime could not be started. MSAL Java will fall back to non-broker flows.");
 
-            return false;
+                brokerAvailable = false;
+            }
+        }
+
+        return brokerAvailable;
+    }
+
+    /**
+     * Toggles whether or not detailed MSALRuntime logs will appear in MSAL Java's normal logging framework.
+     *
+     * If enabled, you will see logs directly from MSALRuntime, containing verbose information relating to telemetry, API calls,successful/failed requests, and more.
+     * These logs will appear alongside MSAL Java's logs (with a message indicating they came from MSALRuntime), and will follow the same log level as MSAL Java's logs (info/debug/error/etc.).
+     *
+     * If disabled (default), MSAL Java will still produce some logs related to MSALRuntime, particularly in error messages, but will be much less verbose.
+     *
+     * @param enableLogging true to enable MSALRuntime logs, false to disable it
+     */
+    public void enableBrokerLogging(boolean enableLogging) {
+        try {
+            MsalRuntimeInterop.enableLogging(enableLogging);
+        } catch (Exception ex) {
+            throw new MsalClientException(String.format("Error occurred when calling MSALRuntime logging API: %s", ex.getMessage()), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR);
+        }
+    }
+
+    /**
+     * If enabled, Personal Identifiable Information (PII) can appear in logs and error messages produced by MSALRuntime.
+     *
+     * If disabled (default), PII will not be shown, and you will simply see "(PII)" or similar notes in places where PII data would have appeared.
+     *
+     * @param enablePII true to allow PII to appear in logs and error messages, false to disallow it
+     */
+    public void enableBrokerPIILogging(boolean enablePII) {
+        try {
+            MsalRuntimeInterop.enableLoggingPii(enablePII);
+        } catch (Exception ex) {
+            throw new MsalClientException(String.format("Error occurred when calling MSALRuntime PII logging API: %s", ex.getMessage()), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR);
         }
     }
 }
@@ -0,0 +1,21 @@
+//----------------------------------------------------------------------
+//
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+//
+//------------------------------------------------------------------------------
+
+package infrastructure;
+
+public class SeleniumConstants {
+    final static String WEB_UPN_INPUT_ID = "i0116";
+    final static String WEB_PASSWORD_ID = "i0118";
+    final static String WEB_SUBMIT_ID = "idSIButton9";
+
+    // Stay signed in?
+    final static String STAY_SIGN_IN_NO_BUTTON_ID = "idBtn_Back";
+
+    // Are you trying to sign in to ...
+    //Only continue if you downloaded the app from a store or website that you trust.
+    final static String ARE_YOU_TRYING_TO_SIGN_IN_TO = "idSIButton9";
+}