From b7ed700d1f0d1d4ba941eb918766b537242f02e8 Mon Sep 17 00:00:00 2001
From: Avery-Dunn <avdunn@microsoft.com>
Date: Thu, 23 Feb 2023 11:09:06 -0800
Subject: [PATCH] Use the dedicated admin consent endpoint instead of a query
 parameter

---
 .../msal4j/AuthorizationRequestUrlParameters.java    | 12 +++++++++++-
 .../main/java/com/microsoft/aad/msal4j/Prompt.java   |  8 --------
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java
index 48045b1e..c52c0eb6 100644
--- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java
@@ -34,6 +34,9 @@ public class AuthorizationRequestUrlParameters {
     private String correlationId;
     private boolean instanceAware;
 
+    //Unlike other prompts (which are sent as query parameters), admin consent has its own endpoint format
+    private static final String ADMIN_CONSENT_ENDPOINT = "https://login.microsoftonline.com/{tenant}/adminconsent";
+
     Map<String, List<String>> requestParameters = new HashMap<>();
 
     public static Builder builder(String redirectUri,
@@ -155,7 +158,14 @@ URL createAuthorizationURL(Authority authority,
                                Map<String, List<String>> requestParameters) {
         URL authorizationRequestUrl;
         try {
-            String authorizationCodeEndpoint = authority.authorizationEndpoint();
+            String authorizationCodeEndpoint;
+            if (prompt == Prompt.ADMIN_CONSENT) {
+                authorizationCodeEndpoint = ADMIN_CONSENT_ENDPOINT
+                        .replace("{tenant}", authority.tenant);
+            } else {
+                authorizationCodeEndpoint = authority.authorizationEndpoint();
+            }
+
             String uriString = authorizationCodeEndpoint + "?" +
                     URLUtils.serializeParameters(requestParameters);
 
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java
index 1c5efd7b..7670f3da 100644
--- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java
@@ -25,14 +25,6 @@ public enum Prompt {
      */
     CONSENT("consent"),
 
-    /**
-     * An administrator should be prompted to consent on behalf of all users in their organization.
-     * <p>
-     * Deprecated, instead use Prompt.ADMIN_CONSENT
-     */
-    @Deprecated
-    ADMING_CONSENT("admin_consent"),
-
     /**
      * An administrator should be prompted to consent on behalf of all users in their organization.
      */