Add String-to-ClaimsRequest helper method (#344)

* 1.8.1 release (#327)

* Exception Improvements (#254)

* Add null checks for MsalException error code references

* Better exception handling for invalid tokens

* Better exception handling for invalid tokens

* Sync with changes to Azure-Samples/ms-identity-java-desktop (#259)

* extra scopes for consent during authorizaion

* typo

* minor

* HTTPClient default timeouts (#264)

* Add default timeouts for DefaultHttpClient

* Handle 'stay signed in' confirmation page in DeviceCodeIT tests

* Small best-practices changes

* append extra scopes as suffix

* 1.6.2 release (#268)

* fixing integ test

* Tenant Profiles (#263)

* Classes for tenant profile functionality

* Implement tenant profile feature

* Tests for tenant profile feature

* Simplify tenant profile class structure

* 1.6.2 release

* Classes for tenant profile redesign

* Tests for tenant profile redesign

* Adjust sample cached ID tokens to have realistic headers

* Redesign how Tenant Pofiles are added to Accounts

* New error code for JWT parse exceptions

* Add claims and tenant profiles fields to Account

* Remove annotation excluding realm field from comparisons

* Use more generic token

* Remove ID token claims field from Account

* Minor changes for clarity

* Adjust tests for tenant profile design refactor

* Refactor tenant profile structure

* Minor fixes

* Minor fixes

* Minor fixes

* Simplify tenant profile class

Co-authored-by: SomkaPe <[email protected]>

* Improve HTTP client timeouts (#275)

* 1.6.2 release (#269)

* 1.6.2 release

* Make DefaultHttpClient timeouts settable

* Refactor timeout names

Co-authored-by: SomkaPe <[email protected]>

* Bewaters certchain (#276)

* Support for certificate chain

* 1.7.0 release (#277)

* Update DefaultHttpClient.java

* Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282)

* sendX5c api (#285)

* refactoring (#287)

* refactoring

* refactoring

* refactoring

* Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293)

* Add public constants for cloud endpoints (#298)

* Add public constants for cloud endpoints

* Add license header

* Added javadocs

* Removed unneeded test

* Make IAccount serializable (#297)

* Make IAccount objects serializable

* Make AuthenticationResult objects not serializable

* Add tenant profile/id claims to auth result (#300)

* Add tenant profile/id claims to auth result

* Minor fix

* treat null password as default one - empty string (#304)

* treat null password as default one - empty string

* Support for refresh_in (#305)

* Support for refresh_in

* Tests for refresh_in

* Add extra null check

* Add test for refreshOn cache persistence

* refresh on is optional field (#312)

* refresh on optional field

* 1.8.0 Release (#313)

1.8.0 release

* Fix spelling mistake in Prompt.java

* Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322)

* Remove use of Nimbus Oauth2 SDK's CommonContentTypes

* Add enum for HTTP content-type constants

* Remove use of javax.mail.internet.ContentType

* Support for claims request parameter (#315)

* ClaimsRequest classes

* Support for claims request parameter

* Tests for claims request

* Use Jackson library for JSON processing

* Change access level of userinfo and access_token claims

* Better merge tests

* Remove ability to set claims in userinfo field

* Refactor claims field naming

* 1.8.1 release (#326)

* Version number updates for 1.8.1 release

* Minor rewording

Co-authored-by: SomkaPe <[email protected]>
Co-authored-by: Roman Nosachev <[email protected]>
Co-authored-by: Santiago Gonzalez <[email protected]>
Co-authored-by: Santiago Gonzalez <[email protected]>

* Add helper method to create a ClaimsRequest from a string

Co-authored-by: SomkaPe <[email protected]>
Co-authored-by: Roman Nosachev <[email protected]>
Co-authored-by: Santiago Gonzalez <[email protected]>
Co-authored-by: Santiago Gonzalez <[email protected]>

Author: 5 people

src/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java

@@ -3,10 +3,16 @@
 
 package com.microsoft.aad.msal4j;
 
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.ObjectReader;
 import com.fasterxml.jackson.databind.node.ObjectNode;
 import lombok.Getter;
 import lombok.Setter;
+
+import java.util.Iterator;
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -34,6 +40,16 @@ public void requestClaimInIdToken(String claim, RequestedClaimAdditionalInfo req
         idTokenRequestedClaims.add(new RequestedClaim(claim, requestedClaimAdditionalInfo));
     }
 
+    /**
+     * Inserts a claim into the list of claims to be added to the "userinfo" section of an OIDC claims request
+     *
+     * @param claim the name of the claim to be requested
+     * @param requestedClaimAdditionalInfo additional information about the claim being requested
+     */
+    protected void requestClaimInUserInfo(String claim, RequestedClaimAdditionalInfo requestedClaimAdditionalInfo) {
+        userInfoRequestedClaims.add(new RequestedClaim(claim, requestedClaimAdditionalInfo));
+    }
+
     /**
      * Inserts a claim into the list of claims to be added to the "access_token" section of an OIDC claims request
      *
@@ -70,9 +86,62 @@ private ObjectNode convertClaimsToObjectNode(List<RequestedClaim> claims) {
         ObjectMapper mapper = new ObjectMapper();
         ObjectNode claimsNode = mapper.createObjectNode();
 
-        for (RequestedClaim claim: claims) {
+        for (RequestedClaim claim : claims) {
             claimsNode.setAll((ObjectNode) mapper.valueToTree(claim));
         }
         return claimsNode;
     }
+
+    /**
+     * Creates an instance of ClaimsRequest from a JSON-formatted String which follows the specification for the OIDC claims request parameter
+     *
+     * @param claims a String following JSON formatting
+     * @return a ClaimsRequest instance
+     */
+    public static ClaimsRequest formatAsClaimsRequest(String claims) {
+        try {
+            ClaimsRequest cr = new ClaimsRequest();
+
+            ObjectMapper mapper = new ObjectMapper();
+            ObjectReader reader = mapper.readerFor(new TypeReference<List<String>>() {});
+
+            JsonNode jsonClaims = mapper.readTree(claims);
+
+            addClaimsFromJsonNode(jsonClaims.get("id_token"), "id_token", cr, reader);
+            addClaimsFromJsonNode(jsonClaims.get("userinfo"), "userinfo", cr, reader);
+            addClaimsFromJsonNode(jsonClaims.get("access_token"), "access_token", cr, reader);
+
+            return cr;
+        } catch (IOException e) {
+            throw new MsalClientException("Could not convert string to ClaimsRequest: " + e.getMessage(), AuthenticationErrorCode.INVALID_JSON);
+        }
+    }
+
+    private static void addClaimsFromJsonNode(JsonNode claims, String group, ClaimsRequest cr, ObjectReader reader) throws IOException {
+        Iterator<String> claimsIterator;
+
+        if (claims != null) {
+            claimsIterator = claims.fieldNames();
+            while (claimsIterator.hasNext()) {
+                String claim = claimsIterator.next();
+                Boolean essential = null;
+                String value = null;
+                List<String> values = null;
+                RequestedClaimAdditionalInfo claimInfo = null;
+
+                if (claims.get(claim).has("essential")) essential = claims.get(claim).get("essential").asBoolean();
+                if (claims.get(claim).has("value")) value = claims.get(claim).get("value").textValue();
+                if (claims.get(claim).has("values")) values = reader.readValue(claims.get(claim).get("values"));
+
+                //'null' is a valid value for RequestedClaimAdditionalInfo, so only initialize it if one of the parameters is not null
+                if (essential != null || value != null || values != null) {
+                    claimInfo = new RequestedClaimAdditionalInfo(essential == null ? false : essential, value, values);
+                }
+
+                if (group.equals("id_token")) cr.requestClaimInIdToken(claim, claimInfo);
+                if (group.equals("userinfo")) cr.requestClaimInUserInfo(claim, claimInfo);
+                if (group.equals("access_token")) cr.requestClaimInAccessToken(claim, claimInfo);
+            }
+        }
+    }
 }

src/test/java/com/microsoft/aad/msal4j/ClaimsTest.java

@@ -71,4 +71,11 @@ public void testClaimsRequest_MergeWithClientCapabilitiesAndClaimsChallenge() th
         Assert.assertEquals(mergedClaimsAndChallenge, TestConfiguration.MERGED_CLAIMS_AND_CHALLENGE);
         Assert.assertEquals(mergedAll, TestConfiguration.MERGED_CLAIMS_CAPABILITIES_AND_CHALLENGE);
     }
+
+    @Test
+    public void testClaimsRequest_StringToClaimsRequest() {
+        ClaimsRequest cr = ClaimsRequest.formatAsClaimsRequest(TestConfiguration.CLAIMS_CHALLENGE);
+
+        Assert.assertEquals(cr.formatAsJSONString(), TestConfiguration.CLAIMS_CHALLENGE);
+    }
 }