1.8.0 release (#314)

* Exception Improvements (#254)

* Add null checks for MsalException error code references

* Better exception handling for invalid tokens

* Better exception handling for invalid tokens

* Sync with changes to Azure-Samples/ms-identity-java-desktop (#259)

* extra scopes for consent during authorizaion

* typo

* minor

* HTTPClient default timeouts (#264)

* Add default timeouts for DefaultHttpClient

* Handle 'stay signed in' confirmation page in DeviceCodeIT tests

* Small best-practices changes

* append extra scopes as suffix

* 1.6.2 release (#268)

* fixing integ test

* Tenant Profiles (#263)

* Classes for tenant profile functionality

* Implement tenant profile feature

* Tests for tenant profile feature

* Simplify tenant profile class structure

* 1.6.2 release

* Classes for tenant profile redesign

* Tests for tenant profile redesign

* Adjust sample cached ID tokens to have realistic headers

* Redesign how Tenant Pofiles are added to Accounts

* New error code for JWT parse exceptions

* Add claims and tenant profiles fields to Account

* Remove annotation excluding realm field from comparisons

* Use more generic token

* Remove ID token claims field from Account

* Minor changes for clarity

* Adjust tests for tenant profile design refactor

* Refactor tenant profile structure

* Minor fixes

* Minor fixes

* Minor fixes

* Simplify tenant profile class

Co-authored-by: SomkaPe <[email protected]>

* Improve HTTP client timeouts (#275)

* 1.6.2 release (#269)

* 1.6.2 release

* Make DefaultHttpClient timeouts settable

* Refactor timeout names

Co-authored-by: SomkaPe <[email protected]>

* Bewaters certchain (#276)

* Support for certificate chain

* 1.7.0 release (#277)

* Update DefaultHttpClient.java

* Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282)

* sendX5c api (#285)

* refactoring (#287)

* refactoring

* refactoring

* refactoring

* Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293)

* Add public constants for cloud endpoints (#298)

* Add public constants for cloud endpoints

* Add license header

* Added javadocs

* Removed unneeded test

* Make IAccount serializable (#297)

* Make IAccount objects serializable

* Make AuthenticationResult objects not serializable

* Add tenant profile/id claims to auth result (#300)

* Add tenant profile/id claims to auth result

* Minor fix

* treat null password as default one - empty string (#304)

* treat null password as default one - empty string

* Support for refresh_in (#305)

* Support for refresh_in

* Tests for refresh_in

* Add extra null check

* Add test for refreshOn cache persistence

* refresh on is optional field (#312)

* refresh on optional field

* 1.8.0 Release (#313)

1.8.0 release

Co-authored-by: Avery-Dunn <[email protected]>
Co-authored-by: Roman Nosachev <[email protected]>

Author: 3 people

README.md

@@ -16,7 +16,7 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.7.1
+Current version - 1.8.0
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
 
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.7.1</version>
+    <version>1.8.0</version>
 </dependency>
 ```
 ### Gradle
 
 ```
-compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.7.1'
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.8.0'
 ```
 
 ## Usage

changelog.txt

@@ -1,3 +1,10 @@
+Version 1.8.0
+=============
+- ITenantProfile added to IAuthenticationResult for easier access to ID token claims
+- IAccount is now serializable
+- Support for refresh_in field in token response
+- New utility class, AzureCloudEndpoint, for national cloud endpoint URLs
+
 Version 1.7.1
 =============
 - sendX5c API added to IConfidentialClientApplication to specify if the x5c claim

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.microsoft.azure</groupId>
 	<artifactId>msal4j</artifactId>
-	<version>1.7.1</version>
+	<version>1.8.0</version>
 	<packaging>jar</packaging>
 	<name>msal4j</name>
 	<description>

src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java

@@ -8,7 +8,9 @@
 import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;
 
+import java.net.MalformedURLException;
 import java.util.Collections;
+import java.util.Date;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
 
@@ -33,15 +35,8 @@ public void acquireTokenSilent_OrganizationAuthority_TokenRefreshed(String envir
         IPublicClientApplication pca = getPublicClientApplicationWithTokensInCache();
 
         IAccount account = pca.getAccounts().join().iterator().next();
-        SilentParameters parameters =  SilentParameters.builder(
-                Collections.singleton(cfg.graphDefaultScope()),
-                account).build();
-
-        IAuthenticationResult result =  pca.acquireTokenSilently(parameters).get();
-
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        IAuthenticationResult result = acquireTokenSilently(pca, account, cfg.graphDefaultScope(), false);
+        assertResultNotNull(result);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -58,22 +53,12 @@ public void acquireTokenSilent_LabAuthority_TokenNotRefreshed(String environment
                 authority(cfg.organizationsAuthority()).
                 build();
 
-        IAuthenticationResult result =  pca.acquireToken(UserNamePasswordParameters.
-                builder(Collections.singleton(cfg.graphDefaultScope()),
-                        user.getUpn(),
-                        user.getPassword().toCharArray())
-                .build())
-                .get();
+        IAuthenticationResult result = acquireTokenUsernamePassword(user, pca, cfg.graphDefaultScope());
 
         IAccount account = pca.getAccounts().join().iterator().next();
-        SilentParameters parameters =  SilentParameters.builder(
-                Collections.singleton(cfg.graphDefaultScope()), account).
-                build();
-
-        IAuthenticationResult acquireSilentResult =  pca.acquireTokenSilently(parameters).get();
+        IAuthenticationResult acquireSilentResult = acquireTokenSilently(pca, account, cfg.graphDefaultScope(), false);
+        assertResultNotNull(result);
 
-        Assert.assertNotNull(acquireSilentResult.accessToken());
-        Assert.assertNotNull(result.idToken());
         // Check that access and id tokens are coming from cache
         Assert.assertEquals(result.accessToken(), acquireSilentResult.accessToken());
         Assert.assertEquals(result.idToken(), acquireSilentResult.idToken());
@@ -90,27 +75,15 @@ public void acquireTokenSilent_ForceRefresh(String environment) throws Exception
                 authority(cfg.organizationsAuthority()).
                 build();
 
-        IAuthenticationResult result =  pca.acquireToken(UserNamePasswordParameters.
-                builder(Collections.singleton(cfg.graphDefaultScope()),
-                        user.getUpn(),
-                        user.getPassword().toCharArray())
-                .build())
-                .get();
+        IAuthenticationResult result = acquireTokenUsernamePassword(user, pca, cfg.graphDefaultScope());
+        assertResultNotNull(result);
 
         IAccount account = pca.getAccounts().join().iterator().next();
-        SilentParameters parameters =  SilentParameters.builder(
-                Collections.singleton(cfg.graphDefaultScope()), account).
-                forceRefresh(true).
-                build();
-
-        IAuthenticationResult resultAfterRefresh =  pca.acquireTokenSilently(parameters).get();
+        IAuthenticationResult resultAfterRefresh = acquireTokenSilently(pca, account, cfg.graphDefaultScope(), true);
+        assertResultNotNull(resultAfterRefresh);
 
-        Assert.assertNotNull(resultAfterRefresh);
-        Assert.assertNotNull(resultAfterRefresh.accessToken());
-        Assert.assertNotNull(resultAfterRefresh.idToken());
         // Check that new refresh and id tokens are being returned
-        Assert.assertNotEquals(result.accessToken(), resultAfterRefresh.accessToken());
-        Assert.assertNotEquals(result.idToken(), resultAfterRefresh.idToken());
+        assertResultRefreshed(result, resultAfterRefresh);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -123,31 +96,73 @@ public void acquireTokenSilent_MultipleAccountsInCache_UseCorrectAccount(String
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_4);
 
         // acquire token for different account
-        pca.acquireToken(UserNamePasswordParameters.
-                builder(Collections.singleton(cfg.graphDefaultScope()),
-                        user.getUpn(),
-                        user.getPassword().toCharArray())
-                .build())
-                .get();
+        acquireTokenUsernamePassword(user, pca, cfg.graphDefaultScope());
 
         Set<IAccount> accounts = pca.getAccounts().join();
         IAccount account = accounts.stream().filter(
                 x -> x.username().equalsIgnoreCase(
                         user.getUpn())).findFirst().orElse(null);
 
-        SilentParameters parameters =  SilentParameters.builder(
-                Collections.singleton(cfg.graphDefaultScope()), account).
-                forceRefresh(true).
+        IAuthenticationResult result = acquireTokenSilently(pca, account, cfg.graphDefaultScope(), false);
+        assertResultNotNull(result);
+        Assert.assertEquals(result.account().username(), user.getUpn());
+    }
+
+    @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
+    public void acquireTokenSilent_ADFS2019(String environment) throws Exception{
+        cfg = new Config(environment);
+
+        UserQueryParameters query = new UserQueryParameters();
+        query.parameters.put(UserQueryParameters.AZURE_ENVIRONMENT, cfg.azureEnvironment);
+        query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER,  FederationProvider.ADFS_2019);
+        query.parameters.put(UserQueryParameters.USER_TYPE,  UserType.FEDERATED);
+
+        User user = labUserProvider.getLabUser(query);
+
+        PublicClientApplication pca = PublicClientApplication.builder(
+                user.getAppId()).
+                authority(cfg.organizationsAuthority()).
                 build();
 
-        IAuthenticationResult result =  pca.acquireTokenSilently(parameters).get();
+        IAuthenticationResult result = acquireTokenUsernamePassword(user, pca, cfg.graphDefaultScope());
+        assertResultNotNull(result);
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
-        Assert.assertEquals(result.account().username(), user.getUpn());
+        IAccount account = pca.getAccounts().join().iterator().next();
+        IAuthenticationResult acquireSilentResult = acquireTokenSilently(pca, account, TestConstants.ADFS_SCOPE, false);
+        assertResultNotNull(acquireSilentResult);
+
+        account = pca.getAccounts().join().iterator().next();
+        IAuthenticationResult resultAfterRefresh = acquireTokenSilently(pca, account, TestConstants.ADFS_SCOPE, true);
+        assertResultNotNull(resultAfterRefresh);
+
+        assertResultRefreshed(result, resultAfterRefresh);
+    }
+
+    // Commented out due to unclear B2C behavior causing occasional errors
+    //@Test
+    public void acquireTokenSilent_B2C() throws Exception{
+        UserQueryParameters query = new UserQueryParameters();
+        query.parameters.put(UserQueryParameters.USER_TYPE, UserType.B2C);
+        query.parameters.put(UserQueryParameters.B2C_PROVIDER, B2CProvider.LOCAL);
+        User user = labUserProvider.getLabUser(query);
+
+        PublicClientApplication pca = PublicClientApplication.builder(
+                user.getAppId()).
+                b2cAuthority(TestConstants.B2C_AUTHORITY_ROPC).
+                build();
+
+        IAuthenticationResult result = acquireTokenUsernamePassword(user, pca, TestConstants.B2C_READ_SCOPE);
+        assertResultNotNull(result);
+
+        IAccount account = pca.getAccounts().join().iterator().next();
+        IAuthenticationResult resultAfterRefresh = acquireTokenSilently(pca, account, TestConstants.B2C_READ_SCOPE, true);
+        assertResultNotNull(resultAfterRefresh);
+
+        assertResultRefreshed(result, resultAfterRefresh);
     }
 
+
+
     @Test
     public void acquireTokenSilent_usingCommonAuthority_returnCachedAt() throws Exception {
         acquireTokenSilent_returnCachedTokens(cfg.organizationsAuthority());
@@ -205,6 +220,50 @@ public void acquireTokenSilent_ConfidentialClient_acquireTokenSilentDifferentSco
                 .get();
     }
 
+    @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
+    public void acquireTokenSilent_WithRefreshOn(String environment) throws Exception{
+        cfg = new Config(environment);
+
+        User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
+
+        PublicClientApplication pca = PublicClientApplication.builder(
+                user.getAppId()).
+                authority(cfg.organizationsAuthority()).
+                build();
+
+        IAuthenticationResult resultOriginal = acquireTokenUsernamePassword(user, pca, cfg.graphDefaultScope());
+        assertResultNotNull(resultOriginal);
+
+        IAuthenticationResult resultSilent = acquireTokenSilently(pca, resultOriginal.account(), cfg.graphDefaultScope(), false);
+        Assert.assertNotNull(resultSilent);
+        assertTokensAreEqual(resultOriginal, resultSilent);
+
+        //When this test was made, token responses did not contain the refresh_in field needed for an end-to-end test.
+        //In order to test silent flow behavior as though the service returned refresh_in, we manually change a cached
+        // token's refreshOn value from 0 (default if refresh_in missing) to a minute before/after the current time
+        String key = pca.tokenCache.accessTokens.keySet().iterator().next();
+        AccessTokenCacheEntity token = pca.tokenCache.accessTokens.get(key);
+        long currTimestampSec = new Date().getTime() / 1000;
+
+        token.refreshOn(Long.toString(currTimestampSec + 60));
+        pca.tokenCache.accessTokens.put(key, token);
+
+        IAuthenticationResult resultSilentWithRefreshOn = acquireTokenSilently(pca, resultOriginal.account(), cfg.graphDefaultScope(), false);
+        //Current time is before refreshOn, so token should not have been refreshed
+        Assert.assertNotNull(resultSilentWithRefreshOn);
+        Assert.assertEquals(pca.tokenCache.accessTokens.get(key).refreshOn(), Long.toString(currTimestampSec + 60));
+        assertTokensAreEqual(resultSilent, resultSilentWithRefreshOn);
+
+        token = pca.tokenCache.accessTokens.get(key);
+        token.refreshOn(Long.toString(currTimestampSec - 60));
+        pca.tokenCache.accessTokens.put(key, token);
+
+        resultSilentWithRefreshOn = acquireTokenSilently(pca, resultOriginal.account(), cfg.graphDefaultScope(), false);
+        //Current time is after refreshOn, so token should be refreshed
+        Assert.assertNotNull(resultSilentWithRefreshOn);
+        assertResultRefreshed(resultSilent, resultSilentWithRefreshOn);
+    }
+
     private IConfidentialClientApplication getConfidentialClientApplications() throws Exception{
         String clientId = cfg.appProvider.getOboAppId();
         String password = cfg.appProvider.getOboAppPassword();
@@ -226,12 +285,7 @@ private void acquireTokenSilent_returnCachedTokens(String authority) throws Exce
                 authority(authority).
                 build();
 
-        IAuthenticationResult interactiveAuthResult = pca.acquireToken(UserNamePasswordParameters.
-                builder(Collections.singleton(cfg.graphDefaultScope()),
-                        user.getUpn(),
-                        user.getPassword().toCharArray())
-                .build())
-                .get();
+        IAuthenticationResult interactiveAuthResult = acquireTokenUsernamePassword(user, pca, cfg.graphDefaultScope());
 
         Assert.assertNotNull(interactiveAuthResult);
 
@@ -254,12 +308,40 @@ private IPublicClientApplication getPublicClientApplicationWithTokensInCache()
                 authority(cfg.organizationsAuthority()).
                 build();
 
-        pca.acquireToken(
-                UserNamePasswordParameters.builder(
-                        Collections.singleton(cfg.graphDefaultScope()),
+        acquireTokenUsernamePassword(user, pca, cfg.graphDefaultScope());
+        return pca;
+    }
+
+    private IAuthenticationResult acquireTokenSilently(IPublicClientApplication pca, IAccount account, String scope, Boolean forceRefresh) throws InterruptedException, ExecutionException, MalformedURLException {
+        return pca.acquireTokenSilently(SilentParameters.
+                builder(Collections.singleton(scope), account).
+                forceRefresh(forceRefresh).
+                build())
+                .get();
+    }
+
+    private IAuthenticationResult acquireTokenUsernamePassword(User user, IPublicClientApplication pca, String scope) throws InterruptedException, ExecutionException {
+        return pca.acquireToken(UserNamePasswordParameters.
+                builder(Collections.singleton(scope),
                         user.getUpn(),
                         user.getPassword().toCharArray())
-                        .build()).get();
-        return pca;
+                .build())
+                .get();
+    }
+
+    private void assertResultNotNull(IAuthenticationResult result) {
+        Assert.assertNotNull(result);
+        Assert.assertNotNull(result.accessToken());
+        Assert.assertNotNull(result.idToken());
+    }
+
+    private void assertResultRefreshed(IAuthenticationResult result, IAuthenticationResult resultAfterRefresh) {
+        Assert.assertNotEquals(result.accessToken(), resultAfterRefresh.accessToken());
+        Assert.assertNotEquals(result.idToken(), resultAfterRefresh.idToken());
+    }
+
+    private void assertTokensAreEqual(IAuthenticationResult result, IAuthenticationResult resultAfterRefresh) {
+        Assert.assertEquals(result.accessToken(), resultAfterRefresh.accessToken());
+        Assert.assertEquals(result.idToken(), resultAfterRefresh.idToken());
     }
 }

src/integrationtest/java/com.microsoft.aad.msal4j/CachePersistenceIT.java

@@ -2,11 +2,14 @@
 // Licensed under the MIT License.
 package com.microsoft.aad.msal4j;
 
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.PlainJWT;
 import org.testng.Assert;
 import org.testng.annotations.Test;
 
 import java.io.IOException;
 import java.net.URISyntaxException;
+import java.util.Collections;
 
 public class CachePersistenceIT {
 
@@ -32,6 +35,16 @@ public void afterCacheAccess(ITokenCacheAccessContext iTokenCacheAccessContext)
     public void cacheDeserializationSerializationTest() throws IOException, URISyntaxException {
         String dataToInitCache = TestHelper.readResource(this.getClass(), "/cache_data/serialized_cache.json");
 
+        String ID_TOKEN_PLACEHOLDER = "<idToken_placeholder>";
+        JWTClaimsSet claimsSet = new JWTClaimsSet.Builder()
+                .audience(Collections.singletonList("jwtAudience"))
+                .issuer("issuer")
+                .subject("subject")
+                .build();
+        PlainJWT jwt = new PlainJWT(claimsSet);
+
+        dataToInitCache = dataToInitCache.replace(ID_TOKEN_PLACEHOLDER, jwt.serialize());
+
         ITokenCacheAccessAspect persistenceAspect = new TokenPersistence(dataToInitCache);
 
         PublicClientApplication app = PublicClientApplication.builder("my_client_id")

src/main/java/com/microsoft/aad/msal4j/AccessTokenCacheEntity.java

@@ -34,6 +34,9 @@ class AccessTokenCacheEntity extends Credential {
     @JsonProperty("extended_expires_on")
     private String extExpiresOn;
 
+    @JsonProperty("refresh_on")
+    private String refreshOn;
+
     String getKey() {
         List<String> keyParts = new ArrayList<>();