Merge branch 'dev' of https://github.com/AzureAD/microsoft-authentication-library-for-java into nebharg/MSI

# Conflicts:
#	README.md
#	changelog.txt
#	msal4j-sdk/README.md
#	msal4j-sdk/bnd.bnd
#	msal4j-sdk/pom.xml
#	msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java
#	msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml
#	msal4j-sdk/src/samples/msal-obo-sample/pom.xml
#	msal4j-sdk/src/samples/msal-web-sample/pom.xml

Author: Avery-Dunn

README.md

@@ -16,7 +16,7 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.14.4-beta
+Current version - 1.14.3
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/main/msal4j-sdk/changelog.txt).
 
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.14.4-beta</version>
+    <version>1.14.3</version>
 </dependency>
 ```
 ### Gradle
 
 ```gradle
-implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.14.4-beta'
+implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.14.3'
 ```
 
 ## Usage

changelog.txt

@@ -1,3 +1,18 @@
+Version 1.14.3
+=============
+- Hotfix to update oauth2-oidc-sdk dependency (#781)
+
+Version 1.14.2
+=============
+- Correct IMDS endpoint used for region discovery (#762)
+- Improve performance of instance/region discovery (#763)
+
+Version 1.14.1
+=============
+- Remove key size requirements for certificates (#749)
+- Improve timeout behavior for futures (#756)
+- Reduce verbosity of certain info logs (#756)
+
 Version 1.14.4-beta
 =============
 - Beta support for MSI in Azure Arc (#730)

msal4j-brokers/pom.xml

@@ -50,7 +50,7 @@
         <dependency>
             <groupId>org.testng</groupId>
             <artifactId>testng</artifactId>
-            <version>7.1.0</version>
+            <version>7.5.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -61,7 +61,7 @@
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
-            <version>1.2.3</version>
+            <version>1.3.12</version>
             <scope>test</scope>
         </dependency>
         <dependency>

msal4j-sdk/README.md

@@ -16,7 +16,7 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.14.4-beta
+Current version - 1.14.3
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
 
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.14.4-beta</version>
+    <version>1.14.3</version>
 </dependency>
 ```
 ### Gradle
 
 ```gradle
-compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.14.4-beta'
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.14.3'
 ```
 
 ## Usage

msal4j-sdk/bnd.bnd

@@ -1,2 +1,2 @@
-Export-Package: com.microsoft.aad.msal4j;version="1.14.4-beta"
+Export-Package: com.microsoft.aad.msal4j;version="1.14.3"
 Automatic-Module-Name: com.microsoft.aad.msal4j

msal4j-sdk/pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.microsoft.azure</groupId>
 	<artifactId>msal4j</artifactId>
-	<version>1.14.4-beta</version>
+	<version>1.14.3</version>
 	<packaging>jar</packaging>
 	<name>msal4j</name>
 	<description>
@@ -36,12 +36,12 @@
         <dependency>
             <groupId>com.nimbusds</groupId>
             <artifactId>oauth2-oidc-sdk</artifactId>
-            <version>10.7.1</version>
+            <version>11.9.1</version>
         </dependency>
         <dependency>
             <groupId>net.minidev</groupId>
             <artifactId>json-smart</artifactId>
-            <version>2.4.10</version>
+            <version>2.5.0</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
@@ -137,7 +137,7 @@
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
-            <version>1.2.3</version>
+            <version>1.3.12</version>
             <scope>test</scope>
         </dependency>
         <dependency>

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java

@@ -29,7 +29,7 @@ class AadInstanceDiscoveryProvider {
 
     // For information of the current api-version refer: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service#versioning
     private static final String DEFAULT_API_VERSION = "2020-06-01";
-    private static final String IMDS_ENDPOINT = "https://169.254.169.254/metadata/instance/compute/location?" + DEFAULT_API_VERSION + "&format=text";
+    private static final String IMDS_ENDPOINT = "http://169.254.169.254/metadata/instance/compute/location?api-version=" + DEFAULT_API_VERSION + "&format=text";
 
     private static final int IMDS_TIMEOUT = 2;
     private static final TimeUnit IMDS_TIMEOUT_UNIT = TimeUnit.SECONDS;
@@ -64,44 +64,47 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl,
                                                            ServiceBundle serviceBundle) {
         String host = authorityUrl.getHost();
 
-        if (msalRequest.application() instanceof AbstractClientApplicationBase && shouldUseRegionalEndpoint(msalRequest)) {
-            //Server side telemetry requires the result from region discovery when any part of the region API is used
-            String detectedRegion = discoverRegion(msalRequest, serviceBundle);
-
-            if (((AbstractClientApplicationBase) msalRequest.application()).azureRegion() != null) {
-                host = getRegionalizedHost(authorityUrl.getHost(),
-                        ((AbstractClientApplicationBase) msalRequest.application()).azureRegion());
+        //If instanceDiscovery flag set to false, cache a basic instance metadata entry to skip future lookups
+        if (!msalRequest.application().instanceDiscovery()) {
+            if (cache.get(host) == null) {
+                log.debug("Instance discovery set to false, caching a default entry.");
+                cacheInstanceDiscoveryMetadata(host);
             }
+            return cache.get(host);
+        }
 
-            //If region autodetection is enabled and a specific region not already set,
-            // set the application's region to the discovered region so that future requests can skip the IMDS endpoint call
-            if (null == ((AbstractClientApplicationBase) msalRequest.application()).azureRegion()
-                    && ((AbstractClientApplicationBase) msalRequest.application()).autoDetectRegion()
-                    && null != detectedRegion) {
-                ((AbstractClientApplicationBase) msalRequest.application()).azureRegion = detectedRegion;
-            }
-            cacheRegionInstanceMetadata(authorityUrl.getHost(), ((AbstractClientApplicationBase) msalRequest.application()).azureRegion());
-            serviceBundle.getServerSideTelemetry().getCurrentRequest().regionOutcome(
-                    determineRegionOutcome(detectedRegion,
-                            ((AbstractClientApplicationBase) msalRequest.application()).azureRegion(),
-                            ((AbstractClientApplicationBase) msalRequest.application()).autoDetectRegion()));
+        //If a region was set by an app developer or previously found through autodetection, adjust the authority host to use it
+        if (shouldUseRegionalEndpoint(msalRequest) && msalRequest.application().azureRegion() != null) {
+            host = getRegionalizedHost(authorityUrl.getHost(), msalRequest.application().azureRegion());
         }
 
-        InstanceDiscoveryMetadataEntry result = cache.get(host);
+        //If there is no cached instance metadata, do instance discovery cache the result
+        if (cache.get(host) == null) {
+            log.debug("No cached instance metadata, will attempt instance discovery.");
 
-        if (result == null) {
-            if(msalRequest.application() instanceof AbstractClientApplicationBase &&
-                    ((AbstractClientApplicationBase) msalRequest.application()).instanceDiscovery()
-                    && !instanceDiscoveryFailed){
-                doInstanceDiscoveryAndCache(authorityUrl, validateAuthority, msalRequest, serviceBundle);
-            } else {
-                // instanceDiscovery flag is set to False. Do not perform instanceDiscovery.
-                return InstanceDiscoveryMetadataEntry.builder().
-                        preferredCache(host).
-                        preferredNetwork(host).
-                        aliases(Collections.singleton(host)).
-                        build();
+            if (shouldUseRegionalEndpoint(msalRequest)) {
+                log.debug("Region API used, will attempt to discover Azure region.");
+
+                //Server side telemetry requires the result from region discovery when any part of the region API is used
+                String detectedRegion = discoverRegion(msalRequest, serviceBundle);
+
+                //If region autodetection is enabled and a specific region was not already set, set the application's
+                // region to the discovered region so that future requests can skip the IMDS endpoint call
+                if (msalRequest.application().azureRegion() == null
+                        && msalRequest.application().autoDetectRegion()
+                        && detectedRegion != null) {
+                    log.debug(String.format("Region autodetection found %s, this region will be used for future calls.", detectedRegion));
+
+                    msalRequest.application().azureRegion = detectedRegion;
+                    host = getRegionalizedHost(authorityUrl.getHost(), msalRequest.application().azureRegion());
+                }
+
+                cacheRegionInstanceMetadata(authorityUrl.getHost(), host);
+                serviceBundle.getServerSideTelemetry().getCurrentRequest().regionOutcome(
+                        determineRegionOutcome(detectedRegion, msalRequest.application().azureRegion(), msalRequest.application().autoDetectRegion()));
             }
+
+            doInstanceDiscoveryAndCache(authorityUrl, validateAuthority, msalRequest, serviceBundle);
         }
 
         return cache.get(host);
@@ -132,7 +135,7 @@ static AadInstanceDiscoveryResponse parseInstanceDiscoveryMetadata(String instan
         return aadInstanceDiscoveryResponse;
     }
 
-    static void cacheInstanceDiscoveryMetadata(String host,
+    static void cacheInstanceDiscoveryResponse(String host,
                                                AadInstanceDiscoveryResponse aadInstanceDiscoveryResponse) {
 
         if (aadInstanceDiscoveryResponse != null && aadInstanceDiscoveryResponse.metadata() != null) {
@@ -142,6 +145,11 @@ static void cacheInstanceDiscoveryMetadata(String host,
                 }
             }
         }
+
+        cacheInstanceDiscoveryMetadata(host);
+    }
+
+    static void cacheInstanceDiscoveryMetadata(String host) {
         cache.putIfAbsent(host, InstanceDiscoveryMetadataEntry.builder().
                 preferredCache(host).
                 preferredNetwork(host).
@@ -171,14 +179,13 @@ private static boolean shouldUseRegionalEndpoint(MsalRequest msalRequest){
         return false;
     }
 
-    static void cacheRegionInstanceMetadata(String host, String region) {
+    static void cacheRegionInstanceMetadata(String originalHost, String regionalHost) {
 
         Set<String> aliases = new HashSet<>();
-        aliases.add(host);
-        String regionalHost = getRegionalizedHost(host, region);
+        aliases.add(originalHost);
 
         cache.putIfAbsent(regionalHost, InstanceDiscoveryMetadataEntry.builder().
-                preferredCache(host).
+                preferredCache(originalHost).
                 preferredNetwork(regionalHost).
                 aliases(aliases).
                 build());
@@ -236,12 +243,10 @@ static AadInstanceDiscoveryResponse sendInstanceDiscoveryRequest(URL authorityUr
                                                                              MsalRequest msalRequest,
                                                                              ServiceBundle serviceBundle) {
 
-        IHttpResponse httpResponse = null;
-
         String instanceDiscoveryRequestUrl = getInstanceDiscoveryEndpoint(authorityUrl) +
                 formInstanceDiscoveryParameters(authorityUrl);
 
-        httpResponse = executeRequest(instanceDiscoveryRequestUrl, msalRequest.headers().getReadonlyHeaderMap(), msalRequest, serviceBundle);
+        IHttpResponse httpResponse = executeRequest(instanceDiscoveryRequestUrl, msalRequest.headers().getReadonlyHeaderMap(), msalRequest, serviceBundle);
 
         AadInstanceDiscoveryResponse response = JsonHelper.convertJsonToObject(httpResponse.body(), AadInstanceDiscoveryResponse.class);
 
@@ -251,7 +256,8 @@ static AadInstanceDiscoveryResponse sendInstanceDiscoveryRequest(URL authorityUr
                 throw MsalServiceExceptionFactory.fromHttpResponse(httpResponse);
             }
             // instance discovery failed due to reasons other than an invalid authority, do not perform instance discovery again in this environment.
-            instanceDiscoveryFailed = true;
+            log.debug("Instance discovery failed due to an unknown error, no more instance discovery attempts will be made.");
+            cacheInstanceDiscoveryMetadata(authorityUrl.getHost());
         }
 
         return response;
@@ -302,7 +308,7 @@ static String discoverRegion(MsalRequest msalRequest, ServiceBundle serviceBundl
 
         //Check if the REGION_NAME environment variable has a value for the region
         if (System.getenv(REGION_NAME) != null) {
-            log.info("Region found in environment variable: " + System.getenv(REGION_NAME));
+            log.info(String.format("Region found in environment variable: %s",System.getenv(REGION_NAME)));
             currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_ENV_VARIABLE.telemetryValue);
 
             return System.getenv(REGION_NAME);
@@ -358,7 +364,7 @@ private static void doInstanceDiscoveryAndCache(URL authorityUrl,
             }
         }
 
-        cacheInstanceDiscoveryMetadata(authorityUrl.getHost(), aadInstanceDiscoveryResponse);
+        cacheInstanceDiscoveryResponse(authorityUrl.getHost(), aadInstanceDiscoveryResponse);
     }
 
     private static void validate(AadInstanceDiscoveryResponse aadInstanceDiscoveryResponse) {

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java

@@ -452,7 +452,7 @@ public T instanceDiscovery(boolean val) {
         );
 
         if (aadAadInstanceDiscoveryResponse != null) {
-            AadInstanceDiscoveryProvider.cacheInstanceDiscoveryMetadata(
+            AadInstanceDiscoveryProvider.cacheInstanceDiscoveryResponse(
                     authenticationAuthority.host,
                     aadAadInstanceDiscoveryResponse);
         }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccountsSupplier.java

@@ -26,9 +26,10 @@ public Set<IAccount> get() {
                     (clientApplication.clientId());
 
         } catch (Exception ex) {
-            clientApplication.log.error(
-                    LogHelper.createMessage("Execution of " + this.getClass() + " failed.",
-                            msalRequest.headers().getHeaderCorrelationIdValue()), ex);
+            clientApplication.log.warn(
+                    LogHelper.createMessage(
+                            String.format("Execution of %s failed: %s", this.getClass(), ex.getMessage()),
+                            msalRequest.headers().getHeaderCorrelationIdValue()));
 
             throw new CompletionException(ex);
         }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java

@@ -53,7 +53,10 @@ private AuthenticationResult acquireTokenWithDeviceCode(DeviceCode deviceCode,
 
         while (getCurrentSystemTimeInSeconds() < expirationTimeInSeconds) {
             if (deviceCodeFlowRequest.futureReference().get().isCancelled()) {
-                throw new InterruptedException("Acquire token Device Code Flow was interrupted");
+                throw new InterruptedException("Device code flow was cancelled before acquiring a token");
+            }
+            if (deviceCodeFlowRequest.futureReference().get().isCompletedExceptionally()) {
+                throw new InterruptedException("Device code flow had an exception before acquiring a token");
             }
             try {
                 return acquireTokenByAuthorisationGrantSupplier.execute();

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java

@@ -209,7 +209,7 @@ private AuthorizationResult getAuthorizationResultFromHttpListener() {
                 expirationTime = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()) + 1;
             }
 
-            while (result == null && !interactiveRequest.futureReference().get().isCancelled()) {
+            while (result == null && !interactiveRequest.futureReference().get().isDone()) {
                 if (TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()) > expirationTime) {
                     LOG.warn(String.format("Listener timed out after %S seconds, no authorization code was returned from the server during that time.", timeFromParameters));
                     break;

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java

@@ -116,7 +116,7 @@ AuthenticationResult execute() throws Exception {
             throw new MsalClientException(AuthenticationErrorMessage.NO_TOKEN_IN_CACHE, AuthenticationErrorCode.CACHE_MISS);
         }
 
-        log.info("Returning token from cache");
+        log.debug("Returning token from cache");
 
         return res;
     }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java

@@ -95,7 +95,11 @@ public IAuthenticationResult get() {
                         msalRequest.requestContext().correlationId(),
                         error);
 
-                logException(ex);
+                clientApplication.log.warn(
+                        LogHelper.createMessage(
+                                String.format("Execution of %s failed: %s", this.getClass(), ex.getMessage()),
+                                msalRequest.headers().getHeaderCorrelationIdValue()));
+
                 throw new CompletionException(ex);
             }
         }
@@ -135,26 +139,6 @@ private void logResult(AuthenticationResult result, HttpHeaders headers) {
         }
     }
 
-    private void logException(Exception ex) {
-
-        String logMessage = LogHelper.createMessage(
-                "Execution of " + this.getClass() + " failed.",
-                msalRequest.headers().getHeaderCorrelationIdValue());
-
-        if (ex instanceof MsalClientException) {
-            MsalClientException exception = (MsalClientException) ex;
-            if (exception.errorCode() != null && exception.errorCode().equalsIgnoreCase(AuthenticationErrorCode.CACHE_MISS)) {
-                clientApplication.log.debug(logMessage, ex);
-                return;
-            }
-        } else if (ex instanceof MsalAzureSDKException) {
-            clientApplication.log.debug(ex.getMessage(), ex);
-            return;
-        }
-
-        clientApplication.log.error(logMessage, ex);
-    }
-
     private ApiEvent initializeApiEvent(MsalRequest msalRequest) {
         ApiEvent apiEvent = new ApiEvent(clientApplication.logPii());
         msalRequest.requestContext().telemetryRequestId(