From 1d5eeba94140fecb3d8f7b90c8dbaf3a5c96a1a3 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 10 Oct 2022 12:36:45 -0500 Subject: [PATCH 01/65] Add README --- msal4j-brokers/README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 msal4j-brokers/README.md diff --git a/msal4j-brokers/README.md b/msal4j-brokers/README.md new file mode 100644 index 00000000..b3db7afc --- /dev/null +++ b/msal4j-brokers/README.md @@ -0,0 +1,15 @@ +#Microsoft Authentication Library Brokers +### Maven +Find [the latest package in the Maven repository](https://mvnrepository.com/artifact/com.microsoft.azure/msal4j-brokers). +```xml + + com.microsoft.azure + msal4j-brokers + 0.0.1 + +``` +### Gradle + +```gradle +implementation group: 'com.microsoft.azure', name: 'msal4j-brokers', version: '0.0.1' +``` \ No newline at end of file From afc64b0eb85051b85c2978e7d51fb4d50448ee35 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 10 Oct 2022 16:46:59 -0500 Subject: [PATCH 02/65] plugins for GPG signing --- msal4j-brokers/pom.xml | 39 ++++++++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/msal4j-brokers/pom.xml b/msal4j-brokers/pom.xml index 5365e49e..b5903fef 100644 --- a/msal4j-brokers/pom.xml +++ b/msal4j-brokers/pom.xml @@ -14,11 +14,40 @@ msal4j 1.13.1 - - net.java.dev.jna - jna-platform - 5.12.1 - + + + + org.apache.maven.plugins + maven-javadoc-plugin + 3.1.0 + + ${project.build.directory}/delombok + + + + attach-javadocs + + jar + + + + + + org.apache.maven.plugins + maven-source-plugin + 2.2.1 + + + attach-sources + + jar + + + + + + + \ No newline at end of file From f3fce3a5396bbd14b7b585bf471f8776626a62f6 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 10 Oct 2022 21:15:39 -0500 Subject: [PATCH 03/65] more plugins to fix failing tests --- msal4j-brokers/pom.xml | 127 +++++++++++++++++++++++++++++++---------- 1 file changed, 97 insertions(+), 30 deletions(-) diff --git a/msal4j-brokers/pom.xml b/msal4j-brokers/pom.xml index b5903fef..ffa9e7d5 100644 --- a/msal4j-brokers/pom.xml +++ b/msal4j-brokers/pom.xml @@ -3,10 +3,23 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 - jar com.microsoft.azure msal4j-brokers 0.0.1 + jar + + Microsoft Authentication Library for Java - Brokers helps you integrate with the broker + on windows machine to secure Access tokens and refresh tokens. + + + + MIT License + + + 2022 + + UTF-8 + @@ -16,37 +29,91 @@ + + + + central + https://repo1.maven.org/maven2 + + false + + + + + + central + https://repo1.maven.org/maven2 + + false + + + + ${project.build.directory}/delombok - - org.apache.maven.plugins - maven-javadoc-plugin - 3.1.0 - - ${project.build.directory}/delombok - - - - attach-javadocs - - jar - - - - - - org.apache.maven.plugins - maven-source-plugin - 2.2.1 - - - attach-sources - - jar - - - - + + org.projectlombok + lombok-maven-plugin + 1.18.2.0 + + + + delombok + + + + + src/main/java + ${project.build.directory}/delombok + false + + + + org.apache.maven.plugins + maven-surefire-plugin + 2.10 + + -noverify + + + + org.apache.maven.plugins + maven-javadoc-plugin + 3.1.0 + + ${project.build.directory}/delombok + + + + attach-javadocs + + jar + + + + + + org.apache.maven.plugins + maven-source-plugin + 2.2.1 + + + attach-sources + + jar + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.7.0 + + 8 + 8 + + From f068b350dea98c229c8ccff3dc2d2f9b2f0fc481 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 10 Oct 2022 22:52:53 -0500 Subject: [PATCH 04/65] add azure-pipelines to build --- msal4j-brokers/pom.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/msal4j-brokers/pom.xml b/msal4j-brokers/pom.xml index ffa9e7d5..d10d607e 100644 --- a/msal4j-brokers/pom.xml +++ b/msal4j-brokers/pom.xml @@ -7,16 +7,27 @@ msal4j-brokers 0.0.1 jar + msal4j-brokers Microsoft Authentication Library for Java - Brokers helps you integrate with the broker on windows machine to secure Access tokens and refresh tokens. + https://github.com/AzureAD/microsoft-authentication-library-for-java + + + msopentech + Microsoft Open Technologies, Inc. + + MIT License 2022 + + https://github.com/AzureAD/microsoft-authentication-library-for-java + UTF-8 From 79b8c968b4614a22c667339ca1376ceb14d95aad Mon Sep 17 00:00:00 2001 From: siddhijain Date: Tue, 11 Oct 2022 09:55:23 -0500 Subject: [PATCH 05/65] Add a source file --- msal4j-brokers/.gitignore | 29 +++++++++++++++++ msal4j-brokers/pom.xml | 18 +++++++---- .../aad/msal4jbrokers/MSALRuntimeBroker.java | 31 +++++++++++++++++++ 3 files changed, 72 insertions(+), 6 deletions(-) create mode 100644 msal4j-brokers/.gitignore create mode 100644 msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java diff --git a/msal4j-brokers/.gitignore b/msal4j-brokers/.gitignore new file mode 100644 index 00000000..8a97050b --- /dev/null +++ b/msal4j-brokers/.gitignore @@ -0,0 +1,29 @@ +# Compiled class file +*.class + +# Log file +*.log + +# BlueJ files +*.ctxt + +# Mobile Tools for Java (J2ME) +.mtj.tmp/ + +# Package Files # +*.jar +*.war +*.nar +*.ear +*.zip +*.tar.gz +*.rar + +# Intellij +../.idea/ + +# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml +hs_err_pid* + +# Lombok +target/* \ No newline at end of file diff --git a/msal4j-brokers/pom.xml b/msal4j-brokers/pom.xml index d10d607e..675b32e1 100644 --- a/msal4j-brokers/pom.xml +++ b/msal4j-brokers/pom.xml @@ -32,12 +32,18 @@ UTF-8 - - - com.microsoft.azure - msal4j - 1.13.1 - + + + com.microsoft.azure + msal4j + 1.13.2 + + + org.projectlombok + lombok + 1.18.6 + provided + diff --git a/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java new file mode 100644 index 00000000..dbf21f77 --- /dev/null +++ b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java @@ -0,0 +1,31 @@ +package com.microsoft.aad.msal4jbrokers; + +import com.microsoft.aad.msal4j.*; +import lombok.extern.slf4j.Slf4j; + +import java.util.concurrent.CompletableFuture; + +@Slf4j +class MSALRuntimeBroker implements IBroker { + + @Override + public IAuthenticationResult acquireToken(PublicClientApplication application, SilentParameters requestParameters) { + log.debug("Should not call this API if msal runtime init failed"); + throw new MsalClientException("Broker implementation missing", "missing_broker"); + } + + @Override + public IAuthenticationResult acquireToken(PublicClientApplication application, InteractiveRequestParameters requestParameters) { + throw new MsalClientException("Broker implementation missing", "missing_broker"); + } + + @Override + public IAuthenticationResult acquireToken(PublicClientApplication application, UserNamePasswordParameters requestParameters) { + throw new MsalClientException("Broker implementation missing", "missing_broker"); + } + + @Override + public CompletableFuture removeAccount(IAccount account) { + throw new MsalClientException("Broker implementation missing", "missing_broker"); + } +} From a546a42b230cad5cbb4170a583f8d1ebc9d497fe Mon Sep 17 00:00:00 2001 From: siddhijain Date: Tue, 11 Oct 2022 10:12:02 -0500 Subject: [PATCH 06/65] change class modifier for javadocs --- .../java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java index dbf21f77..598b83ac 100644 --- a/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java +++ b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java @@ -6,7 +6,7 @@ import java.util.concurrent.CompletableFuture; @Slf4j -class MSALRuntimeBroker implements IBroker { +public class MSALRuntimeBroker implements IBroker { @Override public IAuthenticationResult acquireToken(PublicClientApplication application, SilentParameters requestParameters) { From ffa025656620e2bb4a58c87415f84c07d4b44246 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Thu, 13 Oct 2022 17:03:22 -0500 Subject: [PATCH 07/65] Removing developer tag --- msal4j-brokers/pom.xml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/msal4j-brokers/pom.xml b/msal4j-brokers/pom.xml index 675b32e1..060d756e 100644 --- a/msal4j-brokers/pom.xml +++ b/msal4j-brokers/pom.xml @@ -13,12 +13,6 @@ on windows machine to secure Access tokens and refresh tokens. https://github.com/AzureAD/microsoft-authentication-library-for-java - - - msopentech - Microsoft Open Technologies, Inc. - - MIT License From aa1af3169df0cdf1898c879b7f7fa4b46fda46c0 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Thu, 13 Oct 2022 20:13:49 -0500 Subject: [PATCH 08/65] library version update to fix security vulnerability --- msal4j-sdk/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index c132e784..0dc7dabb 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -64,7 +64,7 @@ org.apache.commons commons-text - 1.7 + 1.10.0 test From a6026965e01bface78af0577c8046b064f553f9e Mon Sep 17 00:00:00 2001 From: siddhijain Date: Fri, 28 Oct 2022 11:27:10 -0500 Subject: [PATCH 09/65] Updated jackson-databind version --- msal4j-sdk/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index 0dc7dabb..204be5e6 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -57,7 +57,7 @@ com.fasterxml.jackson.core jackson-databind - 2.14.0-rc1 + 2.13.4.2 From 96d298063b220403c412af63369952cdeac45600 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Fri, 28 Oct 2022 16:07:06 -0500 Subject: [PATCH 10/65] Updated versions for hotfix release. --- msal4j-sdk/README.md | 8 ++++---- msal4j-sdk/changelog.txt | 4 ++++ msal4j-sdk/pom.xml | 2 +- msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml | 4 ++-- msal4j-sdk/src/samples/msal-obo-sample/pom.xml | 4 ++-- msal4j-sdk/src/samples/msal-web-sample/pom.xml | 4 ++-- 6 files changed, 15 insertions(+), 11 deletions(-) diff --git a/msal4j-sdk/README.md b/msal4j-sdk/README.md index 38ed3b9e..3764f4f0 100644 --- a/msal4j-sdk/README.md +++ b/msal4j-sdk/README.md @@ -16,7 +16,7 @@ Quick links: The library supports the following Java environments: - Java 8 (or higher) -Current version - 1.13.2 +Current version - 1.13.3 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt). @@ -27,14 +27,14 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti ```xml com.microsoft.azure - com.microsoft.aad.msal4j - 1.13.2 + msal4j + 1.13.3 ``` ### Gradle ```gradle -compile group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.13.2' +compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.3' ``` ## Usage diff --git a/msal4j-sdk/changelog.txt b/msal4j-sdk/changelog.txt index 4844551b..1485c046 100644 --- a/msal4j-sdk/changelog.txt +++ b/msal4j-sdk/changelog.txt @@ -1,3 +1,7 @@ +Version 1.13.3 +============= +- Update jackson-databind version to be in compatible with Azure-SDKs + Version 1.13.2 ============= - Add IBroker interface diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index 204be5e6..df950e77 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.microsoft.azure msal4j - 1.13.2 + 1.13.3 jar msal4j diff --git a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml index 193a6067..5e722171 100644 --- a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml @@ -22,8 +22,8 @@ com.microsoft.azure - com.microsoft.aad.msal4j - 1.13.2 + msal4j + 1.13.3 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml index 916abe0c..4d4108f2 100644 --- a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml @@ -22,8 +22,8 @@ com.microsoft.azure - com.microsoft.aad.msal4j - 1.13.2 + msal4j + 1.13.3 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-web-sample/pom.xml index 080dff63..bedd8fb6 100644 --- a/msal4j-sdk/src/samples/msal-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-web-sample/pom.xml @@ -22,8 +22,8 @@ com.microsoft.azure - com.microsoft.aad.msal4j - 1.13.2 + msal4j + 1.13.3 com.nimbusds From c4a4b3bfa83bd74bb0032001e5d78b9df79cd29a Mon Sep 17 00:00:00 2001 From: siddhijain Date: Wed, 23 Nov 2022 12:29:55 -0600 Subject: [PATCH 11/65] expose instanceDiscovery flag --- .../msal4j/AadInstanceDiscoveryProvider.java | 42 +++--- .../msal4j/AbstractClientApplicationBase.java | 30 ++++ .../InstanceDiscoveryMetadataEntry.java | 1 + .../aad/msal4j/AadInstanceDiscoveryTest.java | 135 ++++++++++++++++++ 4 files changed, 191 insertions(+), 17 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index 11b2628b..cab57f34 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -18,22 +18,22 @@ class AadInstanceDiscoveryProvider { - private final static String DEFAULT_TRUSTED_HOST = "login.microsoftonline.com"; - private final static String AUTHORIZE_ENDPOINT_TEMPLATE = "https://{host}/{tenant}/oauth2/v2.0/authorize"; - private final static String INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = "https://{host}:{port}/common/discovery/instance"; - private final static String INSTANCE_DISCOVERY_REQUEST_PARAMETERS_TEMPLATE = "?api-version=1.1&authorization_endpoint={authorizeEndpoint}"; - private final static String HOST_TEMPLATE_WITH_REGION = "{region}.r.{host}"; - private final static String SOVEREIGN_HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; - private final static String REGION_NAME = "REGION_NAME"; - private final static int PORT_NOT_SET = -1; + private static final String DEFAULT_TRUSTED_HOST = "login.microsoftonline.com"; + private static final String AUTHORIZE_ENDPOINT_TEMPLATE = "https://{host}/{tenant}/oauth2/v2.0/authorize"; + private static final String INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = "https://{host}:{port}/common/discovery/instance"; + private static final String INSTANCE_DISCOVERY_REQUEST_PARAMETERS_TEMPLATE = "?api-version=1.1&authorization_endpoint={authorizeEndpoint}"; + private static final String HOST_TEMPLATE_WITH_REGION = "{region}.r.{host}"; + private static final String SOVEREIGN_HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; + private static final String REGION_NAME = "REGION_NAME"; + private static final int PORT_NOT_SET = -1; // For information of the current api-version refer: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service#versioning - private final static String DEFAULT_API_VERSION = "2020-06-01"; - private final static String IMDS_ENDPOINT = "https://169.254.169.254/metadata/instance/compute/location?" + DEFAULT_API_VERSION + "&format=text"; + private static final String DEFAULT_API_VERSION = "2020-06-01"; + private static final String IMDS_ENDPOINT = "https://169.254.169.254/metadata/instance/compute/location?" + DEFAULT_API_VERSION + "&format=text"; - final static TreeSet TRUSTED_HOSTS_SET = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); - final static TreeSet TRUSTED_SOVEREIGN_HOSTS_SET = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); + static final TreeSet TRUSTED_HOSTS_SET = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); + static final TreeSet TRUSTED_SOVEREIGN_HOSTS_SET = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); - private final static Logger log = LoggerFactory.getLogger(HttpHelper.class); + private static final Logger log = LoggerFactory.getLogger(AadInstanceDiscoveryProvider.class); static ConcurrentHashMap cache = new ConcurrentHashMap<>(); @@ -67,10 +67,9 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl, //If region autodetection is enabled and a specific region not already set, // set the application's region to the discovered region so that future requests can skip the IMDS endpoint call - if (msalRequest.application().azureRegion() == null && msalRequest.application().autoDetectRegion()) { - if (detectedRegion != null) { + if (msalRequest.application().azureRegion() == null && msalRequest.application().autoDetectRegion() + && null != detectedRegion) { msalRequest.application().azureRegion = detectedRegion; - } } cacheRegionInstanceMetadata(authorityUrl.getHost(), msalRequest.application().azureRegion()); serviceBundle.getServerSideTelemetry().getCurrentRequest().regionOutcome( @@ -80,7 +79,16 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl, InstanceDiscoveryMetadataEntry result = cache.get(host); if (result == null) { - doInstanceDiscoveryAndCache(authorityUrl, validateAuthority, msalRequest, serviceBundle); + if(msalRequest.application().instanceDiscovery()){ + doInstanceDiscoveryAndCache(authorityUrl, validateAuthority, msalRequest, serviceBundle); + } else { + // instanceDiscovery flag is set to False. Do no perform instanceDiscovery. + cache.putIfAbsent(host, InstanceDiscoveryMetadataEntry.builder(). + preferredCache(host). + preferredNetwork(host). + aliases(Collections.singleton(host)). + build()); + } } return cache.get(host); diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java index 862a3ce8..9edded2b 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java @@ -104,6 +104,10 @@ public abstract class AbstractClientApplicationBase implements IClientApplicatio @Getter protected String azureRegion; + @Accessors(fluent = true) + @Getter + private boolean instanceDiscovery; + @Override public CompletableFuture acquireToken(AuthorizationCodeParameters parameters) { @@ -325,6 +329,7 @@ public abstract static class Builder> { private String azureRegion; private Integer connectTimeoutForDefaultHttpClient; private Integer readTimeoutForDefaultHttpClient; + private boolean instanceDiscovery = true; /** * Constructor to create instance of Builder of client application @@ -643,6 +648,30 @@ public T azureRegion(String val) { return self(); } + /** Historically, MSAL would connect to a central endpoint located at + ``https://login.microsoftonline.com`` to acquire some metadata, especially when using an unfamiliar authority. + This behavior is known as Instance Discovery. + This parameter defaults to true, which enables the Instance Discovery. + If you know some authorities which you allow MSAL to operate with as-is, + without involving any Instance Discovery, the recommended pattern is:: + knownAuthorities = frozenset([ # Treat your known authorities as const + "https://contoso.com/adfs", "https://login.azs/foo"]) + ... + authority = "https://contoso.com/adfs" # Assuming your app will use this + app1 = PublicClientApplication( + "client_id", + authority=authority, + # Conditionally disable Instance Discovery for known authorities + instance_discovery=authority not in known_authorities, + ) + If you do not know some authorities beforehand, + yet still want MSAL to accept any authority that you will provide, + you can use a ``False`` to unconditionally disable Instance Discovery. */ + public T instanceDiscovery(boolean val) { + instanceDiscovery = val; + return self(); + } + abstract AbstractClientApplicationBase build(); } @@ -671,6 +700,7 @@ public T azureRegion(String val) { clientCapabilities = builder.clientCapabilities; autoDetectRegion = builder.autoDetectRegion; azureRegion = builder.azureRegion; + instanceDiscovery = builder.instanceDiscovery; if (aadAadInstanceDiscoveryResponse != null) { AadInstanceDiscoveryProvider.cacheInstanceDiscoveryMetadata( diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java index 369d5f8f..df0ef415 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java @@ -11,6 +11,7 @@ @Accessors(fluent = true) @Getter(AccessLevel.PACKAGE) +@Setter @Builder @NoArgsConstructor @AllArgsConstructor diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java index 61ac5608..e5337b18 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java @@ -8,10 +8,12 @@ import org.powermock.modules.testng.PowerMockTestCase; import org.testng.Assert; import org.testng.annotations.BeforeMethod; +import org.testng.annotations.DataProvider; import org.testng.annotations.Test; import java.net.URI; import java.net.URL; +import java.util.Collections; @PrepareForTest(AadInstanceDiscoveryProvider.class) public class AadInstanceDiscoveryTest extends PowerMockTestCase { @@ -186,4 +188,137 @@ public void aadInstanceDiscoveryTest_AutoDetectRegion_NoRegionDetected() throws Assert.assertTrue(entry.aliases().contains("login.microsoft.com")); Assert.assertTrue(entry.aliases().contains("sts.windows.net")); } + + @DataProvider(name = "aadClouds") + private static Object[][] getAadClouds(){ + return new Object[][] {{"https://login.microsoftonline.com/common"} , // #Known to Microsoft + {"https://private.cloud/foo"}//Private Cloud + }; + } + + @DataProvider(name = "b2cAdfsClouds") + private static Object[][] getNonAadClouds(){ + return new Object[][] {{"https://contoso.com/adfs"}//ADFS +// {"https://login.b2clogin.com/contoso/b2c_policy"},//B2C + }; + } + + /** + * when instance_discovery flag is set to true (by default), an instance_discovery is performed for authorityType = AAD and + * hence, an exception is thrown while making a call to getMetaDataEntry() if instanceDiscoveryResponse is not mocked. + */ + @Test( dataProvider = "aadClouds", + expectedExceptions = StringIndexOutOfBoundsException.class) + public void aad_instance_discovery_true(String authority) throws Exception { + + PublicClientApplication app = PublicClientApplication.builder("client_id") + .authority(authority) + .build(); + + AuthorizationCodeParameters parameters = AuthorizationCodeParameters.builder( + "code", new URI("http://my.redirect.com")) + .scopes(Collections.singleton("scope")).build(); + + MsalRequest msalRequest = new AuthorizationCodeRequest( + parameters, + app, + new RequestContext(app, PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE, parameters)); + + URL authorityURL = new URL(authority); + + AadInstanceDiscoveryProvider.getMetadataEntry( + authorityURL, + false, + msalRequest, + app.getServiceBundle()); + + } + + /** + * when instance_discovery flag is set to true (by default), an instance_discovery is NOT performed for b2c. + */ + @Test( dataProvider = "b2cAdfsClouds") + public void b2c_adfs_instance_discovery_true(String authority) throws Exception { + + PublicClientApplication app = PublicClientApplication.builder("client_id") + .authority(authority) + .build(); + + AuthorizationCodeParameters parameters = AuthorizationCodeParameters.builder( + "code", new URI("http://my.redirect.com")) + .scopes(Collections.singleton("scope")).build(); + + MsalRequest msalRequest = new AuthorizationCodeRequest( + parameters, + app, + new RequestContext(app, PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE, parameters)); + + URL authorityURL = new URL(authority); + + AadInstanceDiscoveryProvider.getMetadataEntry( + authorityURL, + false, + msalRequest, + app.getServiceBundle()); + } + + @Test (dataProvider = "aadClouds") + /** + * when instance_discovery flag is set to false, instance_discovery is not performed and hence, + * no exception is thrown while making a call to getMetaDataEntry() even when instanceDiscoveryResponse is not mocked. + */ + public void aad_instance_discovery_false(String authority) throws Exception{ + + PublicClientApplication app = PublicClientApplication.builder("client_id") + .authority(authority) + .instanceDiscovery(false) + .build(); + + AuthorizationCodeParameters parameters = AuthorizationCodeParameters.builder( + "code", new URI("http://my.redirect.com")) + .scopes(Collections.singleton("scope")).build(); + + MsalRequest msalRequest = new AuthorizationCodeRequest( + parameters, + app, + new RequestContext(app, PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE, parameters)); + + URL authorityURL = new URL(authority); + + AadInstanceDiscoveryProvider.getMetadataEntry( + authorityURL, + false, + msalRequest, + app.getServiceBundle()); + } + + @Test (dataProvider = "b2cAdfsClouds") + /** + * when instance_discovery flag is set to true, instance_discovery is not performed and hence, + * no exception is thrown while making a call to getMetaDataEntry() even when instanceDiscoveryResponse is not mocked. + */ + public void b2c_adfs_instance_discovery_false(String authority) throws Exception{ + + PublicClientApplication app = PublicClientApplication.builder("client_id") + .authority(authority) + .instanceDiscovery(false) + .build(); + + AuthorizationCodeParameters parameters = AuthorizationCodeParameters.builder( + "code", new URI("http://my.redirect.com")) + .scopes(Collections.singleton("scope")).build(); + + MsalRequest msalRequest = new AuthorizationCodeRequest( + parameters, + app, + new RequestContext(app, PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE, parameters)); + + URL authorityURL = new URL(authority); + + AadInstanceDiscoveryProvider.getMetadataEntry( + authorityURL, + false, + msalRequest, + app.getServiceBundle()); + } } From aa5e51414075aa41bd9a3649564b6cd3f1ee9eb1 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Wed, 23 Nov 2022 21:45:17 -0600 Subject: [PATCH 12/65] updated comments --- .../aad/msal4j/AadInstanceDiscoveryProvider.java | 2 +- .../aad/msal4j/AbstractClientApplicationBase.java | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index cab57f34..a8772a18 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -82,7 +82,7 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl, if(msalRequest.application().instanceDiscovery()){ doInstanceDiscoveryAndCache(authorityUrl, validateAuthority, msalRequest, serviceBundle); } else { - // instanceDiscovery flag is set to False. Do no perform instanceDiscovery. + // instanceDiscovery flag is set to False. Do not perform instanceDiscovery. cache.putIfAbsent(host, InstanceDiscoveryMetadataEntry.builder(). preferredCache(host). preferredNetwork(host). diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java index 9edded2b..b1b7ba6b 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java @@ -652,18 +652,6 @@ public T azureRegion(String val) { ``https://login.microsoftonline.com`` to acquire some metadata, especially when using an unfamiliar authority. This behavior is known as Instance Discovery. This parameter defaults to true, which enables the Instance Discovery. - If you know some authorities which you allow MSAL to operate with as-is, - without involving any Instance Discovery, the recommended pattern is:: - knownAuthorities = frozenset([ # Treat your known authorities as const - "https://contoso.com/adfs", "https://login.azs/foo"]) - ... - authority = "https://contoso.com/adfs" # Assuming your app will use this - app1 = PublicClientApplication( - "client_id", - authority=authority, - # Conditionally disable Instance Discovery for known authorities - instance_discovery=authority not in known_authorities, - ) If you do not know some authorities beforehand, yet still want MSAL to accept any authority that you will provide, you can use a ``False`` to unconditionally disable Instance Discovery. */ From b3f07e86337f9aabd397a33af463364e209b7593 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 28 Nov 2022 16:42:05 -0600 Subject: [PATCH 13/65] updated b2c authority url for tests --- .../java/com.microsoft.aad.msal4j/TestConstants.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java index 950109dc..649cbcfa 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java @@ -45,7 +45,7 @@ public class TestConstants { public final static String B2C_AUTHORITY_SIGN_IN = B2C_AUTHORITY + B2C_SIGN_IN_POLICY; public final static String B2C_AUTHORITY_ROPC = B2C_AUTHORITY + B2C_ROPC_POLICY; public final static String B2C_READ_SCOPE = "https://msidlabb2c.onmicrosoft.com/msidlabb2capi/read"; - public final static String B2C_MICROSOFTLOGIN_AUTHORITY = "https://login.microsoftonline.com/tfp/msidlabb2c.onmicrosoft.com/"; + public final static String B2C_MICROSOFTLOGIN_AUTHORITY = "https://msidlabb2c.b2clogin.com/tfp/msidlabb2c.onmicrosoft.com/"; public final static String B2C_MICROSOFTLOGIN_ROPC = B2C_MICROSOFTLOGIN_AUTHORITY + B2C_ROPC_POLICY; public final static String LOCALHOST = "http://localhost:"; From dd629bf9c4655c9a71cce9d6b398d0a81130ac60 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Fri, 2 Dec 2022 10:20:05 -0600 Subject: [PATCH 14/65] address PR comments + more tests --- .../InstanceDiscoveryTest.java | 191 ++++++++++++++++++ .../msal4j/AadInstanceDiscoveryProvider.java | 6 +- .../aad/msal4j/AadInstanceDiscoveryTest.java | 138 +------------ 3 files changed, 197 insertions(+), 138 deletions(-) create mode 100644 msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java new file mode 100644 index 00000000..ea7f5f21 --- /dev/null +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java @@ -0,0 +1,191 @@ +package com.microsoft.aad.msal4j; + +import org.easymock.Capture; +import org.easymock.EasyMock; +import org.powermock.api.easymock.PowerMock; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.testng.Assert; +import org.testng.IObjectFactory; +import org.testng.annotations.DataProvider; +import org.testng.annotations.ObjectFactory; +import org.testng.annotations.Test; + +import java.net.URI; +import java.util.Collections; +import java.util.Date; +import java.util.concurrent.CompletableFuture; + +@PrepareForTest({HttpHelper.class, PublicClientApplication.class}) +public class InstanceDiscoveryTest { + + private PublicClientApplication app; + + @ObjectFactory + public IObjectFactory getObjectFactory() { + return new org.powermock.modules.testng.PowerMockObjectFactory(); + } + + @DataProvider(name = "aadClouds") + private static Object[][] getAadClouds(){ + return new Object[][] {{"https://login.microsoftonline.com/common"} , // #Known to Microsoft + {"https://private.cloud/foo"}//Private Cloud + }; + } + + @DataProvider(name = "b2cAdfsClouds") + private static Object[][] getNonAadClouds(){ + return new Object[][] {{"https://contoso.com/adfs"},//ADFS +// {"https://login.b2clogin.com/contoso/b2c_policy"}//B2C + }; + } + + /** + * when instance_discovery flag is set to true (by default), an instance_discovery is performed for authorityType = AAD + */ + @Test( dataProvider = "aadClouds") + public void aadInstanceDiscoveryTrue(String authority) throws Exception{ + app = PowerMock.createPartialMock(PublicClientApplication.class, + new String[]{"acquireTokenCommon"}, + PublicClientApplication.builder(TestConfiguration.AAD_CLIENT_ID) + .authority(authority) + .instanceDiscovery(true)); + + Capture capturedMsalRequest = Capture.newInstance(); + + PowerMock.expectPrivate(app, "acquireTokenCommon", + EasyMock.capture(capturedMsalRequest), EasyMock.isA(AADAuthority.class)).andReturn( + AuthenticationResult.builder(). + accessToken("accessToken"). + expiresOn(new Date().getTime() + 100). + refreshToken("refreshToken"). + idToken("idToken").environment("environment").build()); + + PowerMock.mockStatic(HttpHelper.class); + + HttpResponse instanceDiscoveryResponse = new HttpResponse(); + instanceDiscoveryResponse.statusCode(200); + instanceDiscoveryResponse.body(TestConfiguration.INSTANCE_DISCOVERY_RESPONSE); + + Capture capturedHttpRequest = Capture.newInstance(); + + EasyMock.expect( + HttpHelper.executeHttpRequest( + EasyMock.capture(capturedHttpRequest), + EasyMock.isA(RequestContext.class), + EasyMock.isA(ServiceBundle.class))) + .andReturn(instanceDiscoveryResponse); + + PowerMock.replay(HttpHelper.class, HttpResponse.class); + + CompletableFuture completableFuture = app.acquireToken( + AuthorizationCodeParameters.builder + ("auth_code", + new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI)) + .scopes(Collections.singleton("default-scope")) + .build()); + + completableFuture.get(); + Assert.assertEquals(capturedHttpRequest.getValues().size(),1); + + } + + /** + * when instance_discovery flag is set to true (by default), an instance_discovery is NOT performed for b2c. + */ + @Test( dataProvider = "b2cAdfsClouds") + public void b2cAdfsInstanceDiscoveryTrue(String authority) throws Exception{ + app = PowerMock.createPartialMock(PublicClientApplication.class, + new String[]{"acquireTokenCommon"}, + PublicClientApplication.builder(TestConstants.ADFS_APP_ID) + .authority(authority) + .instanceDiscovery(true)); + + Capture capturedMsalRequest = Capture.newInstance(); + + PowerMock.expectPrivate(app, "acquireTokenCommon", + EasyMock.capture(capturedMsalRequest), EasyMock.isA(AADAuthority.class)).andReturn( + AuthenticationResult.builder(). + accessToken("accessToken"). + expiresOn(new Date().getTime() + 100). + refreshToken("refreshToken"). + idToken("idToken").environment("environment").build()); + + PowerMock.mockStatic(HttpHelper.class); + + HttpResponse instanceDiscoveryResponse = new HttpResponse(); + instanceDiscoveryResponse.statusCode(200); + instanceDiscoveryResponse.body(TestConfiguration.INSTANCE_DISCOVERY_RESPONSE); + + Capture capturedHttpRequest = Capture.newInstance(); + + EasyMock.expect( + HttpHelper.executeHttpRequest( + EasyMock.capture(capturedHttpRequest), + EasyMock.isA(RequestContext.class), + EasyMock.isA(ServiceBundle.class))) + .andReturn(instanceDiscoveryResponse); + + PowerMock.replay(HttpHelper.class, HttpResponse.class); + + CompletableFuture completableFuture = app.acquireToken( + AuthorizationCodeParameters.builder + ("auth_code", + new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI)) + .scopes(Collections.singleton("default-scope")) + .build()); + + completableFuture.get(); + Assert.assertEquals(capturedHttpRequest.getValues().size(),0); + + } + + /** + * when instance_discovery flag is set to false, instance_discovery is not performed + */ + @Test (dataProvider = "aadClouds") + public void aadInstanceDiscoveryFalse(String authority) throws Exception { + + app = PowerMock.createPartialMock(PublicClientApplication.class, + new String[]{"acquireTokenCommon"}, + PublicClientApplication.builder(TestConfiguration.AAD_CLIENT_ID) + .authority(authority) + .instanceDiscovery(false)); + + Capture capturedMsalRequest = Capture.newInstance(); + + PowerMock.expectPrivate(app, "acquireTokenCommon", + EasyMock.capture(capturedMsalRequest), EasyMock.isA(AADAuthority.class)).andReturn( + AuthenticationResult.builder(). + accessToken("accessToken"). + expiresOn(new Date().getTime() + 100). + refreshToken("refreshToken"). + idToken("idToken").environment("environment").build()); + + PowerMock.mockStatic(HttpHelper.class); + + HttpResponse instanceDiscoveryResponse = new HttpResponse(); + instanceDiscoveryResponse.statusCode(200); + instanceDiscoveryResponse.body(TestConfiguration.INSTANCE_DISCOVERY_RESPONSE); + + Capture capturedHttpRequest = Capture.newInstance(); + + EasyMock.expect( + HttpHelper.executeHttpRequest( + EasyMock.capture(capturedHttpRequest), + EasyMock.isA(RequestContext.class), + EasyMock.isA(ServiceBundle.class))) + .andReturn(instanceDiscoveryResponse); + + PowerMock.replay(HttpHelper.class, HttpResponse.class); + + CompletableFuture completableFuture = app.acquireToken( + AuthorizationCodeParameters.builder + ("auth_code", + new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI)) + .scopes(Collections.singleton("default-scope")) + .build()); + + completableFuture.get(); + Assert.assertEquals(capturedHttpRequest.getValues().size(),0); + } +} diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index a8772a18..08987a76 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -67,7 +67,7 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl, //If region autodetection is enabled and a specific region not already set, // set the application's region to the discovered region so that future requests can skip the IMDS endpoint call - if (msalRequest.application().azureRegion() == null && msalRequest.application().autoDetectRegion() + if (null == msalRequest.application().azureRegion() && msalRequest.application().autoDetectRegion() && null != detectedRegion) { msalRequest.application().azureRegion = detectedRegion; } @@ -83,11 +83,11 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl, doInstanceDiscoveryAndCache(authorityUrl, validateAuthority, msalRequest, serviceBundle); } else { // instanceDiscovery flag is set to False. Do not perform instanceDiscovery. - cache.putIfAbsent(host, InstanceDiscoveryMetadataEntry.builder(). + return InstanceDiscoveryMetadataEntry.builder(). preferredCache(host). preferredNetwork(host). aliases(Collections.singleton(host)). - build()); + build(); } } diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java index e5337b18..d51065b9 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java @@ -4,18 +4,18 @@ package com.microsoft.aad.msal4j; import org.powermock.api.easymock.PowerMock; +import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.testng.PowerMockTestCase; import org.testng.Assert; import org.testng.annotations.BeforeMethod; -import org.testng.annotations.DataProvider; import org.testng.annotations.Test; import java.net.URI; import java.net.URL; -import java.util.Collections; -@PrepareForTest(AadInstanceDiscoveryProvider.class) +@PowerMockIgnore({"javax.net.ssl.*"}) +@PrepareForTest({AadInstanceDiscoveryProvider.class}) public class AadInstanceDiscoveryTest extends PowerMockTestCase { @BeforeMethod @@ -189,136 +189,4 @@ public void aadInstanceDiscoveryTest_AutoDetectRegion_NoRegionDetected() throws Assert.assertTrue(entry.aliases().contains("sts.windows.net")); } - @DataProvider(name = "aadClouds") - private static Object[][] getAadClouds(){ - return new Object[][] {{"https://login.microsoftonline.com/common"} , // #Known to Microsoft - {"https://private.cloud/foo"}//Private Cloud - }; - } - - @DataProvider(name = "b2cAdfsClouds") - private static Object[][] getNonAadClouds(){ - return new Object[][] {{"https://contoso.com/adfs"}//ADFS -// {"https://login.b2clogin.com/contoso/b2c_policy"},//B2C - }; - } - - /** - * when instance_discovery flag is set to true (by default), an instance_discovery is performed for authorityType = AAD and - * hence, an exception is thrown while making a call to getMetaDataEntry() if instanceDiscoveryResponse is not mocked. - */ - @Test( dataProvider = "aadClouds", - expectedExceptions = StringIndexOutOfBoundsException.class) - public void aad_instance_discovery_true(String authority) throws Exception { - - PublicClientApplication app = PublicClientApplication.builder("client_id") - .authority(authority) - .build(); - - AuthorizationCodeParameters parameters = AuthorizationCodeParameters.builder( - "code", new URI("http://my.redirect.com")) - .scopes(Collections.singleton("scope")).build(); - - MsalRequest msalRequest = new AuthorizationCodeRequest( - parameters, - app, - new RequestContext(app, PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE, parameters)); - - URL authorityURL = new URL(authority); - - AadInstanceDiscoveryProvider.getMetadataEntry( - authorityURL, - false, - msalRequest, - app.getServiceBundle()); - - } - - /** - * when instance_discovery flag is set to true (by default), an instance_discovery is NOT performed for b2c. - */ - @Test( dataProvider = "b2cAdfsClouds") - public void b2c_adfs_instance_discovery_true(String authority) throws Exception { - - PublicClientApplication app = PublicClientApplication.builder("client_id") - .authority(authority) - .build(); - - AuthorizationCodeParameters parameters = AuthorizationCodeParameters.builder( - "code", new URI("http://my.redirect.com")) - .scopes(Collections.singleton("scope")).build(); - - MsalRequest msalRequest = new AuthorizationCodeRequest( - parameters, - app, - new RequestContext(app, PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE, parameters)); - - URL authorityURL = new URL(authority); - - AadInstanceDiscoveryProvider.getMetadataEntry( - authorityURL, - false, - msalRequest, - app.getServiceBundle()); - } - - @Test (dataProvider = "aadClouds") - /** - * when instance_discovery flag is set to false, instance_discovery is not performed and hence, - * no exception is thrown while making a call to getMetaDataEntry() even when instanceDiscoveryResponse is not mocked. - */ - public void aad_instance_discovery_false(String authority) throws Exception{ - - PublicClientApplication app = PublicClientApplication.builder("client_id") - .authority(authority) - .instanceDiscovery(false) - .build(); - - AuthorizationCodeParameters parameters = AuthorizationCodeParameters.builder( - "code", new URI("http://my.redirect.com")) - .scopes(Collections.singleton("scope")).build(); - - MsalRequest msalRequest = new AuthorizationCodeRequest( - parameters, - app, - new RequestContext(app, PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE, parameters)); - - URL authorityURL = new URL(authority); - - AadInstanceDiscoveryProvider.getMetadataEntry( - authorityURL, - false, - msalRequest, - app.getServiceBundle()); - } - - @Test (dataProvider = "b2cAdfsClouds") - /** - * when instance_discovery flag is set to true, instance_discovery is not performed and hence, - * no exception is thrown while making a call to getMetaDataEntry() even when instanceDiscoveryResponse is not mocked. - */ - public void b2c_adfs_instance_discovery_false(String authority) throws Exception{ - - PublicClientApplication app = PublicClientApplication.builder("client_id") - .authority(authority) - .instanceDiscovery(false) - .build(); - - AuthorizationCodeParameters parameters = AuthorizationCodeParameters.builder( - "code", new URI("http://my.redirect.com")) - .scopes(Collections.singleton("scope")).build(); - - MsalRequest msalRequest = new AuthorizationCodeRequest( - parameters, - app, - new RequestContext(app, PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE, parameters)); - - URL authorityURL = new URL(authority); - - AadInstanceDiscoveryProvider.getMetadataEntry( - authorityURL, - false, - msalRequest, - app.getServiceBundle()); - } } From 568c0d49e6c0cc54c4ab397469ce58865ebe811f Mon Sep 17 00:00:00 2001 From: siddhijain Date: Fri, 2 Dec 2022 10:26:14 -0600 Subject: [PATCH 15/65] missed update for regional endpoint --- .../com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index 08987a76..de5cfdb7 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -22,7 +22,7 @@ class AadInstanceDiscoveryProvider { private static final String AUTHORIZE_ENDPOINT_TEMPLATE = "https://{host}/{tenant}/oauth2/v2.0/authorize"; private static final String INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = "https://{host}:{port}/common/discovery/instance"; private static final String INSTANCE_DISCOVERY_REQUEST_PARAMETERS_TEMPLATE = "?api-version=1.1&authorization_endpoint={authorizeEndpoint}"; - private static final String HOST_TEMPLATE_WITH_REGION = "{region}.r.{host}"; + private static final String HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; private static final String SOVEREIGN_HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; private static final String REGION_NAME = "REGION_NAME"; private static final int PORT_NOT_SET = -1; From b5cad22d7b6f440ad8620c38d35b23b3f687443f Mon Sep 17 00:00:00 2001 From: siddhijain Date: Fri, 2 Dec 2022 12:18:37 -0600 Subject: [PATCH 16/65] separated b2c and adfs tests --- .../InstanceDiscoveryTest.java | 84 ++++++++++++++----- .../aad/msal4j/AadInstanceDiscoveryTest.java | 3 - 2 files changed, 64 insertions(+), 23 deletions(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java index ea7f5f21..57bc8fb3 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java @@ -32,13 +32,6 @@ private static Object[][] getAadClouds(){ }; } - @DataProvider(name = "b2cAdfsClouds") - private static Object[][] getNonAadClouds(){ - return new Object[][] {{"https://contoso.com/adfs"},//ADFS -// {"https://login.b2clogin.com/contoso/b2c_policy"}//B2C - }; - } - /** * when instance_discovery flag is set to true (by default), an instance_discovery is performed for authorityType = AAD */ @@ -47,8 +40,7 @@ public void aadInstanceDiscoveryTrue(String authority) throws Exception{ app = PowerMock.createPartialMock(PublicClientApplication.class, new String[]{"acquireTokenCommon"}, PublicClientApplication.builder(TestConfiguration.AAD_CLIENT_ID) - .authority(authority) - .instanceDiscovery(true)); + .authority(authority)); Capture capturedMsalRequest = Capture.newInstance(); @@ -90,14 +82,64 @@ public void aadInstanceDiscoveryTrue(String authority) throws Exception{ } /** - * when instance_discovery flag is set to true (by default), an instance_discovery is NOT performed for b2c. + * when instance_discovery flag is set to false, instance_discovery is not performed */ - @Test( dataProvider = "b2cAdfsClouds") - public void b2cAdfsInstanceDiscoveryTrue(String authority) throws Exception{ + @Test (dataProvider = "aadClouds") + public void aadInstanceDiscoveryFalse(String authority) throws Exception { + app = PowerMock.createPartialMock(PublicClientApplication.class, new String[]{"acquireTokenCommon"}, - PublicClientApplication.builder(TestConstants.ADFS_APP_ID) + PublicClientApplication.builder(TestConfiguration.AAD_CLIENT_ID) .authority(authority) + .instanceDiscovery(false)); + + Capture capturedMsalRequest = Capture.newInstance(); + + PowerMock.expectPrivate(app, "acquireTokenCommon", + EasyMock.capture(capturedMsalRequest), EasyMock.isA(AADAuthority.class)).andReturn( + AuthenticationResult.builder(). + accessToken("accessToken"). + expiresOn(new Date().getTime() + 100). + refreshToken("refreshToken"). + idToken("idToken").environment("environment").build()); + + PowerMock.mockStatic(HttpHelper.class); + + HttpResponse instanceDiscoveryResponse = new HttpResponse(); + instanceDiscoveryResponse.statusCode(200); + instanceDiscoveryResponse.body(TestConfiguration.INSTANCE_DISCOVERY_RESPONSE); + + Capture capturedHttpRequest = Capture.newInstance(); + + EasyMock.expect( + HttpHelper.executeHttpRequest( + EasyMock.capture(capturedHttpRequest), + EasyMock.isA(RequestContext.class), + EasyMock.isA(ServiceBundle.class))) + .andReturn(instanceDiscoveryResponse); + + PowerMock.replay(HttpHelper.class, HttpResponse.class); + + CompletableFuture completableFuture = app.acquireToken( + AuthorizationCodeParameters.builder + ("auth_code", + new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI)) + .scopes(Collections.singleton("default-scope")) + .build()); + + completableFuture.get(); + Assert.assertEquals(capturedHttpRequest.getValues().size(),0); + } + + /** + * when instance_discovery flag is set to true (by default), an instance_discovery is NOT performed for adfs. + */ + @Test + public void adfsInstanceDiscoveryTrue() throws Exception{ + app = PowerMock.createPartialMock(PublicClientApplication.class, + new String[]{"acquireTokenCommon"}, + PublicClientApplication.builder(TestConstants.ADFS_APP_ID) + .authority("https://contoso.com/adfs") .instanceDiscovery(true)); Capture capturedMsalRequest = Capture.newInstance(); @@ -140,16 +182,15 @@ public void b2cAdfsInstanceDiscoveryTrue(String authority) throws Exception{ } /** - * when instance_discovery flag is set to false, instance_discovery is not performed + * when instance_discovery flag is set to true (by default), an instance_discovery is NOT performed for b2c. */ - @Test (dataProvider = "aadClouds") - public void aadInstanceDiscoveryFalse(String authority) throws Exception { - + @Test + public void b2cInstanceDiscoveryTrue() throws Exception{ app = PowerMock.createPartialMock(PublicClientApplication.class, new String[]{"acquireTokenCommon"}, - PublicClientApplication.builder(TestConfiguration.AAD_CLIENT_ID) - .authority(authority) - .instanceDiscovery(false)); + PublicClientApplication.builder(TestConstants.ADFS_APP_ID) + .b2cAuthority(TestConstants.B2C_MICROSOFTLOGIN_ROPC) + .instanceDiscovery(true)); Capture capturedMsalRequest = Capture.newInstance(); @@ -187,5 +228,8 @@ public void aadInstanceDiscoveryFalse(String authority) throws Exception { completableFuture.get(); Assert.assertEquals(capturedHttpRequest.getValues().size(),0); + } + + } diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java index d51065b9..982543f6 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java @@ -4,7 +4,6 @@ package com.microsoft.aad.msal4j; import org.powermock.api.easymock.PowerMock; -import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.testng.PowerMockTestCase; import org.testng.Assert; @@ -14,7 +13,6 @@ import java.net.URI; import java.net.URL; -@PowerMockIgnore({"javax.net.ssl.*"}) @PrepareForTest({AadInstanceDiscoveryProvider.class}) public class AadInstanceDiscoveryTest extends PowerMockTestCase { @@ -188,5 +186,4 @@ public void aadInstanceDiscoveryTest_AutoDetectRegion_NoRegionDetected() throws Assert.assertTrue(entry.aliases().contains("login.microsoft.com")); Assert.assertTrue(entry.aliases().contains("sts.windows.net")); } - } From afa5133610cffccdca37c4b9f9433b6e23024fec Mon Sep 17 00:00:00 2001 From: siddhijain Date: Fri, 2 Dec 2022 12:20:23 -0600 Subject: [PATCH 17/65] Revert unintentional commit --- .../microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java | 1 - .../java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java index df0ef415..369d5f8f 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java @@ -11,7 +11,6 @@ @Accessors(fluent = true) @Getter(AccessLevel.PACKAGE) -@Setter @Builder @NoArgsConstructor @AllArgsConstructor diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java index 982543f6..61ac5608 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java @@ -13,7 +13,7 @@ import java.net.URI; import java.net.URL; -@PrepareForTest({AadInstanceDiscoveryProvider.class}) +@PrepareForTest(AadInstanceDiscoveryProvider.class) public class AadInstanceDiscoveryTest extends PowerMockTestCase { @BeforeMethod From 3bf60f281b9e413814037b0ce74c4f6348d3ae2f Mon Sep 17 00:00:00 2001 From: siddhijain Date: Fri, 2 Dec 2022 13:39:52 -0600 Subject: [PATCH 18/65] Revert unintentional commit --- .../com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index de5cfdb7..08987a76 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -22,7 +22,7 @@ class AadInstanceDiscoveryProvider { private static final String AUTHORIZE_ENDPOINT_TEMPLATE = "https://{host}/{tenant}/oauth2/v2.0/authorize"; private static final String INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = "https://{host}:{port}/common/discovery/instance"; private static final String INSTANCE_DISCOVERY_REQUEST_PARAMETERS_TEMPLATE = "?api-version=1.1&authorization_endpoint={authorizeEndpoint}"; - private static final String HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; + private static final String HOST_TEMPLATE_WITH_REGION = "{region}.r.{host}"; private static final String SOVEREIGN_HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; private static final String REGION_NAME = "REGION_NAME"; private static final int PORT_NOT_SET = -1; From 9126042b2638b597c3a609f13d11ade300362d9b Mon Sep 17 00:00:00 2001 From: siddhijain Date: Sat, 3 Dec 2022 16:00:33 -0600 Subject: [PATCH 19/65] Fix Issue 572 --- msal4j-sdk/bnd.bnd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal4j-sdk/bnd.bnd b/msal4j-sdk/bnd.bnd index e5483c84..5c83f272 100644 --- a/msal4j-sdk/bnd.bnd +++ b/msal4j-sdk/bnd.bnd @@ -1,2 +1,2 @@ -Export-Package: com.microsoft.aad.com.microsoft.aad.msal4j +Export-Package: com.microsoft.aad.msal4j;version="1.13.3" Automatic-Module-Name: com.microsoft.aad.msal4j From 2c79780a07108c1df052dc65b04ecffde76455f9 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Sat, 3 Dec 2022 16:20:04 -0600 Subject: [PATCH 20/65] Fixed failing test --- .../java/com.microsoft.aad.msal4j/TestConstants.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java index 950109dc..649cbcfa 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java @@ -45,7 +45,7 @@ public class TestConstants { public final static String B2C_AUTHORITY_SIGN_IN = B2C_AUTHORITY + B2C_SIGN_IN_POLICY; public final static String B2C_AUTHORITY_ROPC = B2C_AUTHORITY + B2C_ROPC_POLICY; public final static String B2C_READ_SCOPE = "https://msidlabb2c.onmicrosoft.com/msidlabb2capi/read"; - public final static String B2C_MICROSOFTLOGIN_AUTHORITY = "https://login.microsoftonline.com/tfp/msidlabb2c.onmicrosoft.com/"; + public final static String B2C_MICROSOFTLOGIN_AUTHORITY = "https://msidlabb2c.b2clogin.com/tfp/msidlabb2c.onmicrosoft.com/"; public final static String B2C_MICROSOFTLOGIN_ROPC = B2C_MICROSOFTLOGIN_AUTHORITY + B2C_ROPC_POLICY; public final static String LOCALHOST = "http://localhost:"; From 70bd856e90a3b1e7a7c4eee68300eedf874dc77a Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 5 Dec 2022 13:11:48 -0600 Subject: [PATCH 21/65] update regional endpoints --- .../java/com.microsoft.aad.msal4j/ClientCredentialsIT.java | 2 +- .../java/com.microsoft.aad.msal4j/TestConstants.java | 4 ++-- .../microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java index 6e12baeb..8c1f5256 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java @@ -172,7 +172,7 @@ private void assertAcquireTokenCommon_withRegion(String clientId, IClientCredent ConfidentialClientApplication ccaRegion = ConfidentialClientApplication.builder( clientId, credential). - authority(TestConstants.MICROSOFT_AUTHORITY).azureRegion("westus"). + authority("https://login.microsoft.com/microsoft.onmicrosoft.com").azureRegion("westus"). build(); //Ensure behavior when region not specified diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java index 950109dc..97e65f16 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java @@ -30,7 +30,7 @@ public class TestConstants { public final static String COMMON_AUTHORITY_WITH_PORT = MICROSOFT_AUTHORITY_HOST_WITH_PORT + "msidlab4.onmicrosoft.com"; public final static String MICROSOFT_AUTHORITY = MICROSOFT_AUTHORITY_HOST + "microsoft.onmicrosoft.com"; public final static String TENANT_SPECIFIC_AUTHORITY = MICROSOFT_AUTHORITY_HOST + MICROSOFT_AUTHORITY_TENANT; - public final static String REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_WESTUS = "westus.r." + MICROSOFT_AUTHORITY_BASIC_HOST; + public final static String REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_WESTUS = "westus.login.microsoft.com"; public final static String ARLINGTON_ORGANIZATIONS_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + "organizations/"; public final static String ARLINGTON_COMMON_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + "common/"; @@ -45,7 +45,7 @@ public class TestConstants { public final static String B2C_AUTHORITY_SIGN_IN = B2C_AUTHORITY + B2C_SIGN_IN_POLICY; public final static String B2C_AUTHORITY_ROPC = B2C_AUTHORITY + B2C_ROPC_POLICY; public final static String B2C_READ_SCOPE = "https://msidlabb2c.onmicrosoft.com/msidlabb2capi/read"; - public final static String B2C_MICROSOFTLOGIN_AUTHORITY = "https://login.microsoftonline.com/tfp/msidlabb2c.onmicrosoft.com/"; + public final static String B2C_MICROSOFTLOGIN_AUTHORITY = "https://msidlabb2c.b2clogin.com/tfp/msidlabb2c.onmicrosoft.com/"; public final static String B2C_MICROSOFTLOGIN_ROPC = B2C_MICROSOFTLOGIN_AUTHORITY + B2C_ROPC_POLICY; public final static String LOCALHOST = "http://localhost:"; diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index 11b2628b..6d756ea7 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -22,7 +22,7 @@ class AadInstanceDiscoveryProvider { private final static String AUTHORIZE_ENDPOINT_TEMPLATE = "https://{host}/{tenant}/oauth2/v2.0/authorize"; private final static String INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = "https://{host}:{port}/common/discovery/instance"; private final static String INSTANCE_DISCOVERY_REQUEST_PARAMETERS_TEMPLATE = "?api-version=1.1&authorization_endpoint={authorizeEndpoint}"; - private final static String HOST_TEMPLATE_WITH_REGION = "{region}.r.{host}"; + private final static String HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; private final static String SOVEREIGN_HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; private final static String REGION_NAME = "REGION_NAME"; private final static int PORT_NOT_SET = -1; From b9cef637bc9c626bad13d4419f45d3834d9ec4c5 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 5 Dec 2022 16:13:27 -0600 Subject: [PATCH 22/65] Updating release numbers for beta release --- msal4j-sdk/README.md | 6 +++--- msal4j-sdk/bnd.bnd | 2 +- msal4j-sdk/changelog.txt | 4 ++++ msal4j-sdk/pom.xml | 2 +- msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-obo-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-web-sample/pom.xml | 2 +- 7 files changed, 12 insertions(+), 8 deletions(-) diff --git a/msal4j-sdk/README.md b/msal4j-sdk/README.md index 3764f4f0..8f89d3bb 100644 --- a/msal4j-sdk/README.md +++ b/msal4j-sdk/README.md @@ -16,7 +16,7 @@ Quick links: The library supports the following Java environments: - Java 8 (or higher) -Current version - 1.13.3 +Current version - 1.0.0-beta.1 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt). @@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti com.microsoft.azure msal4j - 1.13.3 + 1.0.0-beta.1 ``` ### Gradle ```gradle -compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.3' +compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.0.0-beta.1' ``` ## Usage diff --git a/msal4j-sdk/bnd.bnd b/msal4j-sdk/bnd.bnd index e5483c84..c42e5c03 100644 --- a/msal4j-sdk/bnd.bnd +++ b/msal4j-sdk/bnd.bnd @@ -1,2 +1,2 @@ -Export-Package: com.microsoft.aad.com.microsoft.aad.msal4j +Export-Package: com.microsoft.aad.msal4j Automatic-Module-Name: com.microsoft.aad.msal4j diff --git a/msal4j-sdk/changelog.txt b/msal4j-sdk/changelog.txt index 1485c046..49695c89 100644 --- a/msal4j-sdk/changelog.txt +++ b/msal4j-sdk/changelog.txt @@ -1,3 +1,7 @@ +Version 1.0.0-beta.1 +============= +- Expose instance discovery flag to perform instance discovery. + Version 1.13.3 ============= - Update jackson-databind version to be in compatible with Azure-SDKs diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index df950e77..8864375f 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.microsoft.azure msal4j - 1.13.3 + 1.0.0-beta.1 jar msal4j diff --git a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml index 5e722171..ea19deb6 100644 --- a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.3 + 1.0.0-beta.1 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml index 4d4108f2..a67252f0 100644 --- a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.3 + 1.0.0-beta.1. com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-web-sample/pom.xml index bedd8fb6..6dd65e31 100644 --- a/msal4j-sdk/src/samples/msal-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.3 + 1.0.0-beta.1 com.nimbusds From 548286d1bff569f057cf5cc2779668b2ecfd6f47 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Tue, 17 Jan 2023 16:02:19 -0600 Subject: [PATCH 23/65] update versions for release --- msal4j-sdk/README.md | 6 +++--- msal4j-sdk/bnd.bnd | 2 +- msal4j-sdk/changelog.txt | 5 +++++ msal4j-sdk/pom.xml | 6 ++++-- msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-obo-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-web-sample/pom.xml | 2 +- 7 files changed, 16 insertions(+), 9 deletions(-) diff --git a/msal4j-sdk/README.md b/msal4j-sdk/README.md index 3764f4f0..1e24a762 100644 --- a/msal4j-sdk/README.md +++ b/msal4j-sdk/README.md @@ -16,7 +16,7 @@ Quick links: The library supports the following Java environments: - Java 8 (or higher) -Current version - 1.13.3 +Current version - 1.13.4 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt). @@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti com.microsoft.azure msal4j - 1.13.3 + 1.13.4 ``` ### Gradle ```gradle -compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.3' +compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.4' ``` ## Usage diff --git a/msal4j-sdk/bnd.bnd b/msal4j-sdk/bnd.bnd index 5c83f272..b3f81aae 100644 --- a/msal4j-sdk/bnd.bnd +++ b/msal4j-sdk/bnd.bnd @@ -1,2 +1,2 @@ -Export-Package: com.microsoft.aad.msal4j;version="1.13.3" +Export-Package: com.microsoft.aad.msal4j;version="1.13.4" Automatic-Module-Name: com.microsoft.aad.msal4j diff --git a/msal4j-sdk/changelog.txt b/msal4j-sdk/changelog.txt index 1485c046..3a07cb25 100644 --- a/msal4j-sdk/changelog.txt +++ b/msal4j-sdk/changelog.txt @@ -1,3 +1,8 @@ +Version 1.13.4 +============= +- regional endpoint updates +- fixed manifest + Version 1.13.3 ============= - Update jackson-databind version to be in compatible with Azure-SDKs diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index df950e77..c294f35e 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.microsoft.azure msal4j - 1.13.3 + 1.13.4 jar msal4j @@ -240,6 +240,8 @@ 8 8 + 11 + 11 @@ -288,4 +290,4 @@ - \ No newline at end of file + diff --git a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml index 5e722171..3bc00e86 100644 --- a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.3 + 1.13.4 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml index 4d4108f2..38374034 100644 --- a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.3 + 1.13.4 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-web-sample/pom.xml index bedd8fb6..29cb2b44 100644 --- a/msal4j-sdk/src/samples/msal-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.3 + 1.13.4 com.nimbusds From ea0190eb6ae3c85550f031c99372aa4ccc5fee0f Mon Sep 17 00:00:00 2001 From: siddhijain Date: Tue, 17 Jan 2023 17:05:25 -0600 Subject: [PATCH 24/65] remove unintentional commit --- msal4j-sdk/pom.xml | 2 -- 1 file changed, 2 deletions(-) diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index c294f35e..a7b4fde5 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -240,8 +240,6 @@ 8 8 - 11 - 11 From aacb4395227dff6d3aef3223889d5e1e56323371 Mon Sep 17 00:00:00 2001 From: Avery-Dunn <62066438+Avery-Dunn@users.noreply.github.com> Date: Tue, 31 Jan 2023 13:39:51 -0800 Subject: [PATCH 25/65] Add IBroker implementation for MSALRuntime (#563) * Add IBroker implementation for MSALRuntime * Remove dll used during testing * Integrate broker steps to relevant flows in PublicClientApplication * Add logic to cancel MsalRuntimeFutures * Expand javadocs and exception handling * Address code review comments * Simplify future chaining, address code review comments * Reorganize future chaining, fix testing issues * Adjust how broker availability is checked * Create automated test * Adjust startup logic * Correct version number for interop * Correct broker versioning * Move broker tests to MSAL Java package * Remove usage of msal4j-brokers from msal4j * Add missing SLFJ dependency * Use newest msal4j * Bump javamsalruntime version number --- msal4j-brokers/pom.xml | 28 ++- .../aad/msal4jbrokers/MSALRuntimeBroker.java | 31 --- .../aad/msal4jbrokers/MsalRuntimeBroker.java | 179 ++++++++++++++++++ .../aad/msal4j/AuthenticationErrorCode.java | 15 +- .../com/microsoft/aad/msal4j/IBroker.java | 68 ++++--- .../msal4j/InteractiveRequestParameters.java | 12 ++ .../aad/msal4j/PublicClientApplication.java | 71 ++++++- 7 files changed, 339 insertions(+), 65 deletions(-) delete mode 100644 msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java create mode 100644 msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MsalRuntimeBroker.java diff --git a/msal4j-brokers/pom.xml b/msal4j-brokers/pom.xml index 060d756e..4e2140ce 100644 --- a/msal4j-brokers/pom.xml +++ b/msal4j-brokers/pom.xml @@ -5,7 +5,7 @@ 4.0.0 com.microsoft.azure msal4j-brokers - 0.0.1 + 1.0.0-beta jar msal4j-brokers @@ -26,11 +26,15 @@ UTF-8 - com.microsoft.azure msal4j - 1.13.2 + 1.13.4 + + + com.microsoft.azure + javamsalruntime + 0.13.4 org.projectlombok @@ -38,6 +42,23 @@ 1.18.6 provided + + org.testng + testng + 7.1.0 + test + + + org.slf4j + slf4j-api + 1.7.36 + + + ch.qos.logback + logback-classic + 1.2.3 + test + @@ -60,7 +81,6 @@ - ${project.build.directory}/delombok org.projectlombok diff --git a/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java deleted file mode 100644 index 598b83ac..00000000 --- a/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java +++ /dev/null @@ -1,31 +0,0 @@ -package com.microsoft.aad.msal4jbrokers; - -import com.microsoft.aad.msal4j.*; -import lombok.extern.slf4j.Slf4j; - -import java.util.concurrent.CompletableFuture; - -@Slf4j -public class MSALRuntimeBroker implements IBroker { - - @Override - public IAuthenticationResult acquireToken(PublicClientApplication application, SilentParameters requestParameters) { - log.debug("Should not call this API if msal runtime init failed"); - throw new MsalClientException("Broker implementation missing", "missing_broker"); - } - - @Override - public IAuthenticationResult acquireToken(PublicClientApplication application, InteractiveRequestParameters requestParameters) { - throw new MsalClientException("Broker implementation missing", "missing_broker"); - } - - @Override - public IAuthenticationResult acquireToken(PublicClientApplication application, UserNamePasswordParameters requestParameters) { - throw new MsalClientException("Broker implementation missing", "missing_broker"); - } - - @Override - public CompletableFuture removeAccount(IAccount account) { - throw new MsalClientException("Broker implementation missing", "missing_broker"); - } -} diff --git a/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MsalRuntimeBroker.java b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MsalRuntimeBroker.java new file mode 100644 index 00000000..68000997 --- /dev/null +++ b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MsalRuntimeBroker.java @@ -0,0 +1,179 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.microsoft.aad.msal4jbrokers; + +import com.microsoft.aad.msal4j.IAuthenticationResult; +import com.microsoft.aad.msal4j.IBroker; +import com.microsoft.aad.msal4j.InteractiveRequestParameters; +import com.microsoft.aad.msal4j.PublicClientApplication; +import com.microsoft.aad.msal4j.SilentParameters; +import com.microsoft.aad.msal4j.UserNamePasswordParameters; +import com.microsoft.aad.msal4j.MsalClientException; +import com.microsoft.aad.msal4j.AuthenticationErrorCode; +import com.microsoft.aad.msal4j.IAccount; +import com.microsoft.azure.javamsalruntime.Account; +import com.microsoft.azure.javamsalruntime.AuthParameters; +import com.microsoft.azure.javamsalruntime.AuthResult; +import com.microsoft.azure.javamsalruntime.MsalInteropException; +import com.microsoft.azure.javamsalruntime.MsalRuntimeInterop; +import com.microsoft.azure.javamsalruntime.ReadAccountResult; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.ExecutionException; + +public class MsalRuntimeBroker implements IBroker { + private static final Logger LOG = LoggerFactory.getLogger(MsalRuntimeBroker.class); + + private static MsalRuntimeInterop interop; + + static { + try { + //MsalRuntimeInterop performs various initialization steps in a similar static block, + // so when an MsalRuntimeBroker is created this will cause the interop layer to initialize + interop = new MsalRuntimeInterop(); + } catch (MsalInteropException e) { + throw new MsalClientException(String.format("Could not initialize MSALRuntime: %s", e.getErrorMessage()), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); + } + } + + @Override + public CompletableFuture acquireToken(PublicClientApplication application, SilentParameters parameters) { + Account accountResult = null; + + //If request has an account ID, MSALRuntime likely has data cached for that account that we can retrieve + if (parameters.account() != null) { + try { + accountResult = ((ReadAccountResult) interop.readAccountById(parameters.account().homeAccountId(), application.correlationId()).get()).getAccount(); + } catch (InterruptedException | ExecutionException ex) { + throw new MsalClientException(String.format("MSALRuntime async operation interrupted when waiting for result: %s", ex.getMessage()), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); + } + } + + try { + AuthParameters authParameters = new AuthParameters + .AuthParametersBuilder(application.clientId(), + application.authority(), + String.join(" ", parameters.scopes())) + .build(); + + if (accountResult == null) { + return interop.signInSilently(authParameters, application.correlationId()) + .thenCompose(acctResult -> interop.acquireTokenSilently(authParameters, application.correlationId(), ((AuthResult) acctResult).getAccount())) + .thenApply(authResult -> parseBrokerAuthResult( + application.authority(), + ((AuthResult) authResult).getIdToken(), + ((AuthResult) authResult).getAccessToken(), + ((AuthResult) authResult).getAccount().getAccountId(), + ((AuthResult) authResult).getAccount().getClientInfo(), + ((AuthResult) authResult).getAccessTokenExpirationTime())); + } else { + return interop.acquireTokenSilently(authParameters, application.correlationId(), accountResult) + .thenApply(authResult -> parseBrokerAuthResult(application.authority(), + ((AuthResult) authResult).getIdToken(), + ((AuthResult) authResult).getAccessToken(), + ((AuthResult) authResult).getAccount().getAccountId(), + ((AuthResult) authResult).getAccount().getClientInfo(), + ((AuthResult) authResult).getAccessTokenExpirationTime()) + + ); + } + } catch (MsalInteropException interopException) { + throw new MsalClientException(interopException.getErrorMessage(), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); + } + } + + @Override + public CompletableFuture acquireToken(PublicClientApplication application, InteractiveRequestParameters parameters) { + try { + AuthParameters authParameters = new AuthParameters + .AuthParametersBuilder(application.clientId(), + application.authority(), + String.join(" ", parameters.scopes())) + .build(); + + return interop.signInInteractively(parameters.windowHandle(), authParameters, application.correlationId(), parameters.loginHint()) + .thenCompose(acctResult -> interop.acquireTokenInteractively(parameters.windowHandle(), authParameters, application.correlationId(), ((AuthResult) acctResult).getAccount())) + .thenApply(authResult -> parseBrokerAuthResult( + application.authority(), + ((AuthResult) authResult).getIdToken(), + ((AuthResult) authResult).getAccessToken(), + ((AuthResult) authResult).getAccount().getAccountId(), + ((AuthResult) authResult).getAccount().getClientInfo(), + ((AuthResult) authResult).getAccessTokenExpirationTime()) + ); + } catch (MsalInteropException interopException) { + throw new MsalClientException(interopException.getErrorMessage(), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); + } + } + + /** + * @deprecated + */ + @Deprecated + @Override + public CompletableFuture acquireToken(PublicClientApplication application, UserNamePasswordParameters parameters) { + try { + AuthParameters authParameters = + new AuthParameters + .AuthParametersBuilder(application.clientId(), + application.authority(), + String.join(" ", parameters.scopes())) + .build(); + + authParameters.setUsernamePassword(parameters.username(), new String(parameters.password())); + + return interop.signInSilently(authParameters, application.correlationId()) + .thenCompose(acctResult -> interop.acquireTokenSilently(authParameters, application.correlationId(), ((AuthResult) acctResult).getAccount())) + .thenApply(authResult -> parseBrokerAuthResult( + application.authority(), + ((AuthResult) authResult).getIdToken(), + ((AuthResult) authResult).getAccessToken(), + ((AuthResult) authResult).getAccount().getAccountId(), + ((AuthResult) authResult).getAccount().getClientInfo(), + ((AuthResult) authResult).getAccessTokenExpirationTime())); + } catch (MsalInteropException interopException) { + throw new MsalClientException(interopException.getErrorMessage(), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); + } + } + + @Override + public void removeAccount(PublicClientApplication application, IAccount msalJavaAccount) { + try { + Account msalRuntimeAccount = ((ReadAccountResult) interop.readAccountById(msalJavaAccount.homeAccountId(), application.correlationId()).get()).getAccount(); + + if (msalRuntimeAccount != null) { + interop.signOutSilently(application.clientId(), application.correlationId(), msalRuntimeAccount); + } + } catch (MsalInteropException interopException) { + throw new MsalClientException(interopException.getErrorMessage(), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); + } catch (InterruptedException | ExecutionException ex) { + throw new MsalClientException(String.format("MSALRuntime async operation interrupted when waiting for result: %s", ex.getMessage()), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); + } + } + + /** + * Calls MSALRuntime's startup API. If MSALRuntime started successfully, we can assume that the broker is available for use. + * + * If an exception is thrown when trying to start MSALRuntime, we assume that we cannot use the broker and will not make any more attempts to do so. + * + * @return boolean representing whether or not MSALRuntime started successfully + */ + @Override + public boolean isBrokerAvailable() { + try { + interop.startupMsalRuntime(); + + LOG.info("MSALRuntime started successfully. MSAL Java will use MSALRuntime in all supported broker flows."); + + return true; + } catch (MsalInteropException e) { + LOG.warn("Exception thrown when trying to start MSALRuntime: {}", e.getErrorMessage()); + LOG.warn("MSALRuntime could not be started. MSAL Java will fall back to non-broker flows."); + + return false; + } + } +} diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java index 78f5260c..1ea0232e 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java @@ -115,9 +115,22 @@ public class AuthenticationErrorCode { * A JWT parsing failure, indicating the JWT provided to MSAL is of invalid format. */ public final static String INVALID_JWT = "invalid_jwt"; + /** * Indicates that a Broker implementation is missing from the device, such as when an app developer * does not include one of our broker packages as a dependency in their project, or otherwise cannot - * be accessed by MSAL Java*/ + * be accessed by MSAL Java + */ public final static String MISSING_BROKER = "missing_broker"; + + /** + * Indicates an error from the MSAL Java/MSALRuntime interop layer used by the Java Brokers package, + * and will generally just be forwarding an error message from the interop layer or MSALRuntime itself + */ + public final static String MSALRUNTIME_INTEROP_ERROR = "interop_package_error"; + + /** + * Indicates an error in the MSAL Java Brokers package + */ + public final static String MSALJAVA_BROKERS_ERROR = "brokers_package_error"; } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java index 919a8092..69906319 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java @@ -3,58 +3,80 @@ package com.microsoft.aad.msal4j; -import java.util.Set; +import com.nimbusds.jwt.JWTParser; + +import java.net.URL; import java.util.concurrent.CompletableFuture; /** * Used to define the basic set of methods that all Brokers must implement * - * All methods are so they can be referenced by MSAL Java without an implementation, and by default simply throw an - * exception saying that a broker implementation is missing + * All methods are marked as default so they can be referenced by MSAL Java without an implementation, + * and most will simply throw an exception if not overridden by an IBroker implementation */ public interface IBroker { - /** - * checks if a IBroker implementation exists - */ - - default boolean isAvailable(){ - return false; - } /** * Acquire a token silently, i.e. without direct user interaction * * This may be accomplished by returning tokens from a token cache, using cached refresh tokens to get new tokens, * or via any authentication flow where a user is not prompted to enter credentials - * - * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request - * @return IBroker implementations will return an AuthenticationResult object */ - default IAuthenticationResult acquireToken(PublicClientApplication application, SilentParameters requestParameters) { + default CompletableFuture acquireToken(PublicClientApplication application, SilentParameters requestParameters) { throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); } /** * Acquire a token interactively, by prompting users to enter their credentials in some way - * - * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request - * @return IBroker implementations will return an AuthenticationResult object */ - default IAuthenticationResult acquireToken(PublicClientApplication application, InteractiveRequestParameters requestParameters) { + default CompletableFuture acquireToken(PublicClientApplication application, InteractiveRequestParameters parameters) { throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); } /** * Acquire a token silently, i.e. without direct user interaction, using username/password authentication - * - * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request - * @return IBroker implementations will return an AuthenticationResult object */ - default IAuthenticationResult acquireToken(PublicClientApplication application, UserNamePasswordParameters requestParameters) { + default CompletableFuture acquireToken(PublicClientApplication application, UserNamePasswordParameters parameters) { throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); } - default CompletableFuture removeAccount(IAccount account) { + default void removeAccount(PublicClientApplication application, IAccount account) throws MsalClientException { throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); } + + default boolean isBrokerAvailable() { + throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); + } + + /** + * MSAL Java's AuthenticationResult requires several package-private classes that a broker implementation can't access, + * so this helper method can be used to create AuthenticationResults from within the MSAL Java package + */ + default IAuthenticationResult parseBrokerAuthResult(String authority, String idToken, String accessToken, + String accountId, String clientInfo, + long accessTokenExpirationTime) { + + AuthenticationResult.AuthenticationResultBuilder builder = AuthenticationResult.builder(); + + try { + if (idToken != null) { + builder.idToken(idToken); + if (accountId!= null) { + String idTokenJson = + JWTParser.parse(idToken).getParsedParts()[1].decodeToString(); + //TODO: need to figure out if 'policy' field is relevant for brokers + builder.accountCacheEntity(AccountCacheEntity.create(clientInfo, + Authority.createAuthority(new URL(authority)), JsonHelper.convertJsonToObject(idTokenJson, + IdToken.class), null)); + } + } + if (accessToken != null) { + builder.accessToken(accessToken); + builder.expiresOn(accessTokenExpirationTime); + } + } catch (Exception e) { + throw new MsalClientException(String.format("Exception when converting broker result to MSAL Java AuthenticationResult: %s", e.getMessage()), AuthenticationErrorCode.MSALJAVA_BROKERS_ERROR); + } + return builder.build(); + } } \ No newline at end of file diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java index acdb638a..a41d1832 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java @@ -100,6 +100,18 @@ public class InteractiveRequestParameters implements IAcquireTokenParameters { */ private boolean instanceAware; + /** + * The parent window handle used to open UI elements with the correct parent + * + * + * For browser scenarios and Windows console applications, this value should not need to be set + * + * For Windows console applications, MSAL Java will attempt to discover the console's window handle if this parameter is not set + * + * For scenarios where MSAL Java is responsible for opening UI elements (such as when using MSALRuntime), this parameter is required and an exception will be thrown if not set + */ + private long windowHandle; + private static InteractiveRequestParametersBuilder builder() { return new InteractiveRequestParametersBuilder(); } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java index a7f18dda..11b19604 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java @@ -8,6 +8,7 @@ import com.nimbusds.oauth2.sdk.id.ClientID; import org.slf4j.LoggerFactory; +import java.net.MalformedURLException; import java.util.concurrent.CompletableFuture; import java.util.concurrent.atomic.AtomicReference; @@ -23,6 +24,8 @@ public class PublicClientApplication extends AbstractClientApplicationBase implements IPublicClientApplication { private final ClientAuthenticationPost clientAuthentication; + private IBroker broker; + private boolean brokerEnabled; @Override public CompletableFuture acquireToken(UserNamePasswordParameters parameters) { @@ -35,12 +38,20 @@ public CompletableFuture acquireToken(UserNamePasswordPar parameters, UserIdentifier.fromUpn(parameters.username())); - UserNamePasswordRequest userNamePasswordRequest = - new UserNamePasswordRequest(parameters, - this, - context); + CompletableFuture future; - return this.executeRequest(userNamePasswordRequest); + if (brokerEnabled) { + future = broker.acquireToken(this, parameters); + } else { + UserNamePasswordRequest userNamePasswordRequest = + new UserNamePasswordRequest(parameters, + this, + context); + + future = this.executeRequest(userNamePasswordRequest); + } + + return future; } @Override @@ -112,17 +123,49 @@ public CompletableFuture acquireToken(InteractiveRequestP this, context); - CompletableFuture future = executeRequest(interactiveRequest); + CompletableFuture future; + + if (brokerEnabled) { + future = broker.acquireToken(this, parameters); + } else { + future = executeRequest(interactiveRequest); + } + futureReference.set(future); + return future; } + @Override + public CompletableFuture acquireTokenSilently(SilentParameters parameters) throws MalformedURLException { + CompletableFuture future; + + if (brokerEnabled) { + future = broker.acquireToken(this, parameters); + } else { + future = super.acquireTokenSilently(parameters); + } + + return future; + } + + @Override + public CompletableFuture removeAccount(IAccount account) { + if (brokerEnabled) { + broker.removeAccount(this, account); + } + + return super.removeAccount(account); + } + private PublicClientApplication(Builder builder) { super(builder); validateNotBlank("clientId", clientId()); log = LoggerFactory.getLogger(PublicClientApplication.class); this.clientAuthentication = new ClientAuthenticationPost(ClientAuthenticationMethod.NONE, new ClientID(clientId())); + this.broker = builder.broker; + this.brokerEnabled = builder.brokerEnabled; } @Override @@ -146,6 +189,22 @@ private Builder(String clientId) { super(clientId); } + private IBroker broker = null; + private boolean brokerEnabled = false; + + /** + * Implementation of IBroker that will be used to retrieve tokens + *

+ * Setting this will cause MSAL Java to use the given broker implementation to retrieve tokens from a broker (such as WAM/MSALRuntime) in flows that support it + */ + public PublicClientApplication.Builder broker(IBroker val) { + this.broker = val; + + this.brokerEnabled = this.broker.isBrokerAvailable(); + + return self(); + } + @Override public PublicClientApplication build() { From 0f57bc5be5d5215b0ab642925c463bf508a05693 Mon Sep 17 00:00:00 2001 From: Avery-Dunn <62066438+Avery-Dunn@users.noreply.github.com> Date: Tue, 31 Jan 2023 14:03:51 -0800 Subject: [PATCH 26/65] Revert "Add IBroker implementation for MSALRuntime (#563)" (#588) This reverts commit aacb4395227dff6d3aef3223889d5e1e56323371. --- msal4j-brokers/pom.xml | 28 +-- .../aad/msal4jbrokers/MSALRuntimeBroker.java | 31 +++ .../aad/msal4jbrokers/MsalRuntimeBroker.java | 179 ------------------ .../aad/msal4j/AuthenticationErrorCode.java | 15 +- .../com/microsoft/aad/msal4j/IBroker.java | 68 +++---- .../msal4j/InteractiveRequestParameters.java | 12 -- .../aad/msal4j/PublicClientApplication.java | 71 +------ 7 files changed, 65 insertions(+), 339 deletions(-) create mode 100644 msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java delete mode 100644 msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MsalRuntimeBroker.java diff --git a/msal4j-brokers/pom.xml b/msal4j-brokers/pom.xml index 4e2140ce..060d756e 100644 --- a/msal4j-brokers/pom.xml +++ b/msal4j-brokers/pom.xml @@ -5,7 +5,7 @@ 4.0.0 com.microsoft.azure msal4j-brokers - 1.0.0-beta + 0.0.1 jar msal4j-brokers @@ -26,15 +26,11 @@ UTF-8 + com.microsoft.azure msal4j - 1.13.4 - - - com.microsoft.azure - javamsalruntime - 0.13.4 + 1.13.2 org.projectlombok @@ -42,23 +38,6 @@ 1.18.6 provided - - org.testng - testng - 7.1.0 - test - - - org.slf4j - slf4j-api - 1.7.36 - - - ch.qos.logback - logback-classic - 1.2.3 - test - @@ -81,6 +60,7 @@ + ${project.build.directory}/delombok org.projectlombok diff --git a/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java new file mode 100644 index 00000000..598b83ac --- /dev/null +++ b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java @@ -0,0 +1,31 @@ +package com.microsoft.aad.msal4jbrokers; + +import com.microsoft.aad.msal4j.*; +import lombok.extern.slf4j.Slf4j; + +import java.util.concurrent.CompletableFuture; + +@Slf4j +public class MSALRuntimeBroker implements IBroker { + + @Override + public IAuthenticationResult acquireToken(PublicClientApplication application, SilentParameters requestParameters) { + log.debug("Should not call this API if msal runtime init failed"); + throw new MsalClientException("Broker implementation missing", "missing_broker"); + } + + @Override + public IAuthenticationResult acquireToken(PublicClientApplication application, InteractiveRequestParameters requestParameters) { + throw new MsalClientException("Broker implementation missing", "missing_broker"); + } + + @Override + public IAuthenticationResult acquireToken(PublicClientApplication application, UserNamePasswordParameters requestParameters) { + throw new MsalClientException("Broker implementation missing", "missing_broker"); + } + + @Override + public CompletableFuture removeAccount(IAccount account) { + throw new MsalClientException("Broker implementation missing", "missing_broker"); + } +} diff --git a/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MsalRuntimeBroker.java b/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MsalRuntimeBroker.java deleted file mode 100644 index 68000997..00000000 --- a/msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MsalRuntimeBroker.java +++ /dev/null @@ -1,179 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.aad.msal4jbrokers; - -import com.microsoft.aad.msal4j.IAuthenticationResult; -import com.microsoft.aad.msal4j.IBroker; -import com.microsoft.aad.msal4j.InteractiveRequestParameters; -import com.microsoft.aad.msal4j.PublicClientApplication; -import com.microsoft.aad.msal4j.SilentParameters; -import com.microsoft.aad.msal4j.UserNamePasswordParameters; -import com.microsoft.aad.msal4j.MsalClientException; -import com.microsoft.aad.msal4j.AuthenticationErrorCode; -import com.microsoft.aad.msal4j.IAccount; -import com.microsoft.azure.javamsalruntime.Account; -import com.microsoft.azure.javamsalruntime.AuthParameters; -import com.microsoft.azure.javamsalruntime.AuthResult; -import com.microsoft.azure.javamsalruntime.MsalInteropException; -import com.microsoft.azure.javamsalruntime.MsalRuntimeInterop; -import com.microsoft.azure.javamsalruntime.ReadAccountResult; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.util.concurrent.CompletableFuture; -import java.util.concurrent.ExecutionException; - -public class MsalRuntimeBroker implements IBroker { - private static final Logger LOG = LoggerFactory.getLogger(MsalRuntimeBroker.class); - - private static MsalRuntimeInterop interop; - - static { - try { - //MsalRuntimeInterop performs various initialization steps in a similar static block, - // so when an MsalRuntimeBroker is created this will cause the interop layer to initialize - interop = new MsalRuntimeInterop(); - } catch (MsalInteropException e) { - throw new MsalClientException(String.format("Could not initialize MSALRuntime: %s", e.getErrorMessage()), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); - } - } - - @Override - public CompletableFuture acquireToken(PublicClientApplication application, SilentParameters parameters) { - Account accountResult = null; - - //If request has an account ID, MSALRuntime likely has data cached for that account that we can retrieve - if (parameters.account() != null) { - try { - accountResult = ((ReadAccountResult) interop.readAccountById(parameters.account().homeAccountId(), application.correlationId()).get()).getAccount(); - } catch (InterruptedException | ExecutionException ex) { - throw new MsalClientException(String.format("MSALRuntime async operation interrupted when waiting for result: %s", ex.getMessage()), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); - } - } - - try { - AuthParameters authParameters = new AuthParameters - .AuthParametersBuilder(application.clientId(), - application.authority(), - String.join(" ", parameters.scopes())) - .build(); - - if (accountResult == null) { - return interop.signInSilently(authParameters, application.correlationId()) - .thenCompose(acctResult -> interop.acquireTokenSilently(authParameters, application.correlationId(), ((AuthResult) acctResult).getAccount())) - .thenApply(authResult -> parseBrokerAuthResult( - application.authority(), - ((AuthResult) authResult).getIdToken(), - ((AuthResult) authResult).getAccessToken(), - ((AuthResult) authResult).getAccount().getAccountId(), - ((AuthResult) authResult).getAccount().getClientInfo(), - ((AuthResult) authResult).getAccessTokenExpirationTime())); - } else { - return interop.acquireTokenSilently(authParameters, application.correlationId(), accountResult) - .thenApply(authResult -> parseBrokerAuthResult(application.authority(), - ((AuthResult) authResult).getIdToken(), - ((AuthResult) authResult).getAccessToken(), - ((AuthResult) authResult).getAccount().getAccountId(), - ((AuthResult) authResult).getAccount().getClientInfo(), - ((AuthResult) authResult).getAccessTokenExpirationTime()) - - ); - } - } catch (MsalInteropException interopException) { - throw new MsalClientException(interopException.getErrorMessage(), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); - } - } - - @Override - public CompletableFuture acquireToken(PublicClientApplication application, InteractiveRequestParameters parameters) { - try { - AuthParameters authParameters = new AuthParameters - .AuthParametersBuilder(application.clientId(), - application.authority(), - String.join(" ", parameters.scopes())) - .build(); - - return interop.signInInteractively(parameters.windowHandle(), authParameters, application.correlationId(), parameters.loginHint()) - .thenCompose(acctResult -> interop.acquireTokenInteractively(parameters.windowHandle(), authParameters, application.correlationId(), ((AuthResult) acctResult).getAccount())) - .thenApply(authResult -> parseBrokerAuthResult( - application.authority(), - ((AuthResult) authResult).getIdToken(), - ((AuthResult) authResult).getAccessToken(), - ((AuthResult) authResult).getAccount().getAccountId(), - ((AuthResult) authResult).getAccount().getClientInfo(), - ((AuthResult) authResult).getAccessTokenExpirationTime()) - ); - } catch (MsalInteropException interopException) { - throw new MsalClientException(interopException.getErrorMessage(), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); - } - } - - /** - * @deprecated - */ - @Deprecated - @Override - public CompletableFuture acquireToken(PublicClientApplication application, UserNamePasswordParameters parameters) { - try { - AuthParameters authParameters = - new AuthParameters - .AuthParametersBuilder(application.clientId(), - application.authority(), - String.join(" ", parameters.scopes())) - .build(); - - authParameters.setUsernamePassword(parameters.username(), new String(parameters.password())); - - return interop.signInSilently(authParameters, application.correlationId()) - .thenCompose(acctResult -> interop.acquireTokenSilently(authParameters, application.correlationId(), ((AuthResult) acctResult).getAccount())) - .thenApply(authResult -> parseBrokerAuthResult( - application.authority(), - ((AuthResult) authResult).getIdToken(), - ((AuthResult) authResult).getAccessToken(), - ((AuthResult) authResult).getAccount().getAccountId(), - ((AuthResult) authResult).getAccount().getClientInfo(), - ((AuthResult) authResult).getAccessTokenExpirationTime())); - } catch (MsalInteropException interopException) { - throw new MsalClientException(interopException.getErrorMessage(), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); - } - } - - @Override - public void removeAccount(PublicClientApplication application, IAccount msalJavaAccount) { - try { - Account msalRuntimeAccount = ((ReadAccountResult) interop.readAccountById(msalJavaAccount.homeAccountId(), application.correlationId()).get()).getAccount(); - - if (msalRuntimeAccount != null) { - interop.signOutSilently(application.clientId(), application.correlationId(), msalRuntimeAccount); - } - } catch (MsalInteropException interopException) { - throw new MsalClientException(interopException.getErrorMessage(), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); - } catch (InterruptedException | ExecutionException ex) { - throw new MsalClientException(String.format("MSALRuntime async operation interrupted when waiting for result: %s", ex.getMessage()), AuthenticationErrorCode.MSALRUNTIME_INTEROP_ERROR); - } - } - - /** - * Calls MSALRuntime's startup API. If MSALRuntime started successfully, we can assume that the broker is available for use. - * - * If an exception is thrown when trying to start MSALRuntime, we assume that we cannot use the broker and will not make any more attempts to do so. - * - * @return boolean representing whether or not MSALRuntime started successfully - */ - @Override - public boolean isBrokerAvailable() { - try { - interop.startupMsalRuntime(); - - LOG.info("MSALRuntime started successfully. MSAL Java will use MSALRuntime in all supported broker flows."); - - return true; - } catch (MsalInteropException e) { - LOG.warn("Exception thrown when trying to start MSALRuntime: {}", e.getErrorMessage()); - LOG.warn("MSALRuntime could not be started. MSAL Java will fall back to non-broker flows."); - - return false; - } - } -} diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java index 1ea0232e..78f5260c 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java @@ -115,22 +115,9 @@ public class AuthenticationErrorCode { * A JWT parsing failure, indicating the JWT provided to MSAL is of invalid format. */ public final static String INVALID_JWT = "invalid_jwt"; - /** * Indicates that a Broker implementation is missing from the device, such as when an app developer * does not include one of our broker packages as a dependency in their project, or otherwise cannot - * be accessed by MSAL Java - */ + * be accessed by MSAL Java*/ public final static String MISSING_BROKER = "missing_broker"; - - /** - * Indicates an error from the MSAL Java/MSALRuntime interop layer used by the Java Brokers package, - * and will generally just be forwarding an error message from the interop layer or MSALRuntime itself - */ - public final static String MSALRUNTIME_INTEROP_ERROR = "interop_package_error"; - - /** - * Indicates an error in the MSAL Java Brokers package - */ - public final static String MSALJAVA_BROKERS_ERROR = "brokers_package_error"; } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java index 69906319..919a8092 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java @@ -3,80 +3,58 @@ package com.microsoft.aad.msal4j; -import com.nimbusds.jwt.JWTParser; - -import java.net.URL; +import java.util.Set; import java.util.concurrent.CompletableFuture; /** * Used to define the basic set of methods that all Brokers must implement * - * All methods are marked as default so they can be referenced by MSAL Java without an implementation, - * and most will simply throw an exception if not overridden by an IBroker implementation + * All methods are so they can be referenced by MSAL Java without an implementation, and by default simply throw an + * exception saying that a broker implementation is missing */ public interface IBroker { + /** + * checks if a IBroker implementation exists + */ + + default boolean isAvailable(){ + return false; + } /** * Acquire a token silently, i.e. without direct user interaction * * This may be accomplished by returning tokens from a token cache, using cached refresh tokens to get new tokens, * or via any authentication flow where a user is not prompted to enter credentials + * + * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request + * @return IBroker implementations will return an AuthenticationResult object */ - default CompletableFuture acquireToken(PublicClientApplication application, SilentParameters requestParameters) { + default IAuthenticationResult acquireToken(PublicClientApplication application, SilentParameters requestParameters) { throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); } /** * Acquire a token interactively, by prompting users to enter their credentials in some way + * + * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request + * @return IBroker implementations will return an AuthenticationResult object */ - default CompletableFuture acquireToken(PublicClientApplication application, InteractiveRequestParameters parameters) { + default IAuthenticationResult acquireToken(PublicClientApplication application, InteractiveRequestParameters requestParameters) { throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); } /** * Acquire a token silently, i.e. without direct user interaction, using username/password authentication + * + * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request + * @return IBroker implementations will return an AuthenticationResult object */ - default CompletableFuture acquireToken(PublicClientApplication application, UserNamePasswordParameters parameters) { + default IAuthenticationResult acquireToken(PublicClientApplication application, UserNamePasswordParameters requestParameters) { throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); } - default void removeAccount(PublicClientApplication application, IAccount account) throws MsalClientException { + default CompletableFuture removeAccount(IAccount account) { throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); } - - default boolean isBrokerAvailable() { - throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); - } - - /** - * MSAL Java's AuthenticationResult requires several package-private classes that a broker implementation can't access, - * so this helper method can be used to create AuthenticationResults from within the MSAL Java package - */ - default IAuthenticationResult parseBrokerAuthResult(String authority, String idToken, String accessToken, - String accountId, String clientInfo, - long accessTokenExpirationTime) { - - AuthenticationResult.AuthenticationResultBuilder builder = AuthenticationResult.builder(); - - try { - if (idToken != null) { - builder.idToken(idToken); - if (accountId!= null) { - String idTokenJson = - JWTParser.parse(idToken).getParsedParts()[1].decodeToString(); - //TODO: need to figure out if 'policy' field is relevant for brokers - builder.accountCacheEntity(AccountCacheEntity.create(clientInfo, - Authority.createAuthority(new URL(authority)), JsonHelper.convertJsonToObject(idTokenJson, - IdToken.class), null)); - } - } - if (accessToken != null) { - builder.accessToken(accessToken); - builder.expiresOn(accessTokenExpirationTime); - } - } catch (Exception e) { - throw new MsalClientException(String.format("Exception when converting broker result to MSAL Java AuthenticationResult: %s", e.getMessage()), AuthenticationErrorCode.MSALJAVA_BROKERS_ERROR); - } - return builder.build(); - } } \ No newline at end of file diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java index a41d1832..acdb638a 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java @@ -100,18 +100,6 @@ public class InteractiveRequestParameters implements IAcquireTokenParameters { */ private boolean instanceAware; - /** - * The parent window handle used to open UI elements with the correct parent - * - * - * For browser scenarios and Windows console applications, this value should not need to be set - * - * For Windows console applications, MSAL Java will attempt to discover the console's window handle if this parameter is not set - * - * For scenarios where MSAL Java is responsible for opening UI elements (such as when using MSALRuntime), this parameter is required and an exception will be thrown if not set - */ - private long windowHandle; - private static InteractiveRequestParametersBuilder builder() { return new InteractiveRequestParametersBuilder(); } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java index 11b19604..a7f18dda 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java @@ -8,7 +8,6 @@ import com.nimbusds.oauth2.sdk.id.ClientID; import org.slf4j.LoggerFactory; -import java.net.MalformedURLException; import java.util.concurrent.CompletableFuture; import java.util.concurrent.atomic.AtomicReference; @@ -24,8 +23,6 @@ public class PublicClientApplication extends AbstractClientApplicationBase implements IPublicClientApplication { private final ClientAuthenticationPost clientAuthentication; - private IBroker broker; - private boolean brokerEnabled; @Override public CompletableFuture acquireToken(UserNamePasswordParameters parameters) { @@ -38,20 +35,12 @@ public CompletableFuture acquireToken(UserNamePasswordPar parameters, UserIdentifier.fromUpn(parameters.username())); - CompletableFuture future; - - if (brokerEnabled) { - future = broker.acquireToken(this, parameters); - } else { - UserNamePasswordRequest userNamePasswordRequest = - new UserNamePasswordRequest(parameters, - this, - context); - - future = this.executeRequest(userNamePasswordRequest); - } + UserNamePasswordRequest userNamePasswordRequest = + new UserNamePasswordRequest(parameters, + this, + context); - return future; + return this.executeRequest(userNamePasswordRequest); } @Override @@ -123,49 +112,17 @@ public CompletableFuture acquireToken(InteractiveRequestP this, context); - CompletableFuture future; - - if (brokerEnabled) { - future = broker.acquireToken(this, parameters); - } else { - future = executeRequest(interactiveRequest); - } - + CompletableFuture future = executeRequest(interactiveRequest); futureReference.set(future); - return future; } - @Override - public CompletableFuture acquireTokenSilently(SilentParameters parameters) throws MalformedURLException { - CompletableFuture future; - - if (brokerEnabled) { - future = broker.acquireToken(this, parameters); - } else { - future = super.acquireTokenSilently(parameters); - } - - return future; - } - - @Override - public CompletableFuture removeAccount(IAccount account) { - if (brokerEnabled) { - broker.removeAccount(this, account); - } - - return super.removeAccount(account); - } - private PublicClientApplication(Builder builder) { super(builder); validateNotBlank("clientId", clientId()); log = LoggerFactory.getLogger(PublicClientApplication.class); this.clientAuthentication = new ClientAuthenticationPost(ClientAuthenticationMethod.NONE, new ClientID(clientId())); - this.broker = builder.broker; - this.brokerEnabled = builder.brokerEnabled; } @Override @@ -189,22 +146,6 @@ private Builder(String clientId) { super(clientId); } - private IBroker broker = null; - private boolean brokerEnabled = false; - - /** - * Implementation of IBroker that will be used to retrieve tokens - *

- * Setting this will cause MSAL Java to use the given broker implementation to retrieve tokens from a broker (such as WAM/MSALRuntime) in flows that support it - */ - public PublicClientApplication.Builder broker(IBroker val) { - this.broker = val; - - this.brokerEnabled = this.broker.isBrokerAvailable(); - - return self(); - } - @Override public PublicClientApplication build() { From b8e6a7019d35f3341eaa656130f451fcb622e97f Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 13 Feb 2023 12:58:58 -0600 Subject: [PATCH 27/65] regional endpoint change to always use login.microsoft.com --- .../aad/msal4j/AadInstanceDiscoveryProvider.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index 72c61451..c548fb73 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -22,7 +22,7 @@ class AadInstanceDiscoveryProvider { private final static String AUTHORIZE_ENDPOINT_TEMPLATE = "https://{host}/{tenant}/oauth2/v2.0/authorize"; private final static String INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = "https://{host}:{port}/common/discovery/instance"; private final static String INSTANCE_DISCOVERY_REQUEST_PARAMETERS_TEMPLATE = "?api-version=1.1&authorization_endpoint={authorizeEndpoint}"; - private final static String HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; + private final static String HOST_TEMPLATE_WITH_REGION = "{region}.login.microsoft.com"; private final static String SOVEREIGN_HOST_TEMPLATE_WITH_REGION = "{region}.{host}"; private final static String REGION_NAME = "REGION_NAME"; private final static int PORT_NOT_SET = -1; @@ -47,7 +47,9 @@ class AadInstanceDiscoveryProvider { TRUSTED_HOSTS_SET.addAll(Arrays.asList( "login.windows.net", - "login.microsoftonline.com")); + "login.microsoftonline.com", + "login.microsoft.com", + "sts.windows.net")); TRUSTED_HOSTS_SET.addAll(TRUSTED_SOVEREIGN_HOSTS_SET); } @@ -187,8 +189,7 @@ private static String getRegionalizedHost(String host, String region) { // whereas sovereign cloud endpoints and any non-Microsoft authorities are assumed to follow another template if (TRUSTED_HOSTS_SET.contains(host) && !TRUSTED_SOVEREIGN_HOSTS_SET.contains(host)){ regionalizedHost = HOST_TEMPLATE_WITH_REGION. - replace("{region}", region). - replace("{host}", host); + replace("{region}", region); } else { regionalizedHost = SOVEREIGN_HOST_TEMPLATE_WITH_REGION. From 92eace85aeb72b2fbc29534343561e850d8ba5c8 Mon Sep 17 00:00:00 2001 From: Avery-Dunn <62066438+Avery-Dunn@users.noreply.github.com> Date: Thu, 16 Feb 2023 09:05:26 -0800 Subject: [PATCH 28/65] Add support for both current and legacy B2C authority formats (#594) * Add support for both current and legacy B2C authority formats * Fix B2C format test --- .../AcquireTokenInteractiveIT.java | 14 +++++-- .../TestConstants.java | 4 +- .../msal4j/AbstractClientApplicationBase.java | 12 ++++++ .../com/microsoft/aad/msal4j/Authority.java | 14 +++++-- .../microsoft/aad/msal4j/B2CAuthority.java | 39 +++++++++++++------ .../microsoft/aad/msal4j/AuthorityTest.java | 4 +- 6 files changed, 64 insertions(+), 23 deletions(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java index b50e2fdb..79466c5f 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java @@ -74,7 +74,15 @@ public void acquireTokenWithAuthorizationCode_B2C_Local(String environment) { cfg = new Config(environment); User user = labUserProvider.getB2cUser(cfg.azureEnvironment, B2CProvider.LOCAL); - assertAcquireTokenB2C(user); + assertAcquireTokenB2C(user, TestConstants.B2C_AUTHORITY); + } + + @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class) + public void acquireTokenWithAuthorizationCode_B2C_LegacyFormat(String environment) { + cfg = new Config(environment); + + User user = labUserProvider.getB2cUser(cfg.azureEnvironment, B2CProvider.LOCAL); + assertAcquireTokenB2C(user, TestConstants.B2C_AUTHORITY_LEGACY_FORMAT); } @Test @@ -126,13 +134,13 @@ private void assertAcquireTokenADFS2019(User user) { Assert.assertEquals(user.getUpn(), result.account().username()); } - private void assertAcquireTokenB2C(User user) { + private void assertAcquireTokenB2C(User user, String authority) { PublicClientApplication pca; try { pca = PublicClientApplication.builder( user.getAppId()). - b2cAuthority(TestConstants.B2C_AUTHORITY_SIGN_IN). + b2cAuthority(authority + TestConstants.B2C_SIGN_IN_POLICY). build(); } catch (MalformedURLException ex) { throw new RuntimeException(ex.getMessage()); diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java index 97e65f16..bd81b076 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java @@ -38,8 +38,8 @@ public class TestConstants { public final static String ARLINGTON_GRAPH_DEFAULT_SCOPE = "https://graph.microsoft.us/.default"; - public final static String B2C_AUTHORITY = "https://msidlabb2c.b2clogin.com/tfp/msidlabb2c.onmicrosoft.com/"; - public final static String B2C_AUTHORITY_URL = "https://msidlabb2c.b2clogin.com/msidlabb2c.onmicrosoft.com/"; + public final static String B2C_AUTHORITY = "https://msidlabb2c.b2clogin.com/msidlabb2c.onmicrosoft.com/"; + public final static String B2C_AUTHORITY_LEGACY_FORMAT = "https://msidlabb2c.b2clogin.com/tfp/msidlabb2c.onmicrosoft.com/"; public final static String B2C_ROPC_POLICY = "B2C_1_ROPC_Auth"; public final static String B2C_SIGN_IN_POLICY = "B2C_1_SignInPolicy"; public final static String B2C_AUTHORITY_SIGN_IN = B2C_AUTHORITY + B2C_SIGN_IN_POLICY; diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java index b1b7ba6b..0bcd0077 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java @@ -373,6 +373,18 @@ public T authority(String val) throws MalformedURLException { return self(); } + /** + * Set URL of the authenticating B2C authority from which MSAL will acquire tokens + * + * Valid B2C authorities should look like: https://<something.b2clogin.com/<tenant>/<policy> + * + * MSAL Java also supports a legacy B2C authority format, which looks like: https://<host>/tfp/<tenant>/<policy> + * + * However, MSAL Java will eventually stop supporting the legacy format. See here for information on how to migrate to the new format: https://aka.ms/msal4j-b2c + * + * @param val a boolean value for validateAuthority + * @return instance of the Builder on which method was called + */ public T b2cAuthority(String val) throws MalformedURLException { authority = Authority.enforceTrailingSlash(val); diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java index 0a15a355..dea2281b 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java @@ -20,6 +20,7 @@ abstract class Authority { private static final String ADFS_PATH_SEGMENT = "adfs"; private static final String B2C_PATH_SEGMENT = "tfp"; + private static final String B2C_HOST_SEGMENT = "b2clogin.com"; private final static String USER_REALM_ENDPOINT = "common/userrealm"; private final static String userRealmEndpointFormat = "https://%s/" + USER_REALM_ENDPOINT + "/%s?api-version=1.0"; @@ -79,9 +80,10 @@ static AuthorityType detectAuthorityType(URL authorityUrl) { "authority Uri should have at least one segment in the path (i.e. https:////...)"); } + final String host = authorityUrl.getHost(); final String firstPath = path.substring(0, path.indexOf("/")); - if (isB2CAuthority(firstPath)) { + if (isB2CAuthority(host, firstPath)) { return AuthorityType.B2C; } else if (isAdfsAuthority(firstPath)) { return AuthorityType.ADFS; @@ -131,7 +133,11 @@ static void validateAuthority(URL authorityUrl) { static String getTenant(URL authorityUrl, AuthorityType authorityType) { String[] segments = authorityUrl.getPath().substring(1).split("/"); if (authorityType == AuthorityType.B2C) { - return segments[1]; + if (segments.length < 3){ + return segments[0]; + } else { + return segments[1]; + } } return segments[0]; } @@ -144,8 +150,8 @@ private static boolean isAdfsAuthority(final String firstPath) { return firstPath.compareToIgnoreCase(ADFS_PATH_SEGMENT) == 0; } - private static boolean isB2CAuthority(final String firstPath) { - return firstPath.compareToIgnoreCase(B2C_PATH_SEGMENT) == 0; + private static boolean isB2CAuthority(final String host, final String firstPath) { + return host.contains(B2C_HOST_SEGMENT) || firstPath.compareToIgnoreCase(B2C_PATH_SEGMENT) == 0; } String deviceCodeEndpoint() { diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java index bc94f7bf..3d15c846 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java @@ -26,27 +26,42 @@ class B2CAuthority extends Authority { } private void validatePathSegments(String[] segments) { - if (segments.length < 3) { + if (segments.length < 2) { throw new IllegalArgumentException( - "B2C 'authority' Uri should have at least 3 segments in the path " + - "(i.e. https:///tfp///...)"); + "Valid B2C 'authority' URLs should follow either of these formats: https://///... or https:///something///..."); } } private void setAuthorityProperties() { String[] segments = canonicalAuthorityUrl.getPath().substring(1).split("/"); + // In the early days of MSAL, the only way for the library to identify a B2C authority was whether or not the authority + // had three segments in the path, and the first segment was 'tfp'. Valid B2C authorities looked like: https:///tfp///... + // + // More recent changes to B2C should ensure that any new B2C authorities have 'b2clogin.com' in the host of the URL, + // so app developers shouldn't need to add 'tfp' and the first path segment should just be the tenant: https://.b2clogin.com///... + // + // However, legacy URLs using the old format must still be supported by these sorts of checks here and elsewhere, so for the near + // future at least we must consider both formats as valid until we're either sure all customers are swapped, + // or until we're comfortable with a potentially breaking change validatePathSegments(segments); - policy = segments[2]; - - final String b2cAuthorityFormat = "https://%s/%s/%s/%s/"; - this.authority = String.format( - b2cAuthorityFormat, - canonicalAuthorityUrl.getAuthority(), - segments[0], - segments[1], - segments[2]); + try { + policy = segments[2]; + this.authority = String.format( + "https://%s/%s/%s/%s/", + canonicalAuthorityUrl.getAuthority(), + segments[0], + segments[1], + segments[2]); + } catch (IndexOutOfBoundsException e){ + policy = segments[1]; + this.authority = String.format( + "https://%s/%s/%s/", + canonicalAuthorityUrl.getAuthority(), + segments[0], + segments[1]); + } this.authorizationEndpoint = String.format(B2C_AUTHORIZATION_ENDPOINT_FORMAT, host, tenant, policy); this.tokenEndpoint = String.format(B2C_TOKEN_ENDPOINT_FORMAT, host, tenant, policy); diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java index 0db1b159..ea5a99a8 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java @@ -36,9 +36,9 @@ public void testDetectAuthorityType_B2C() throws Exception { @Test(expectedExceptions = IllegalArgumentException.class, expectedExceptionsMessageRegExp = - "B2C 'authority' Uri should have at least 3 segments in the path \\(i.e. https:///tfp///...\\)") + "Valid B2C 'authority' URLs should follow either of these formats.*") public void testB2CAuthorityConstructor_NotEnoughSegments() throws MalformedURLException { - new B2CAuthority(new URL("https://something.com/tfp/somethingelse/")); + new B2CAuthority(new URL("https://something.com/somethingelse/")); } @Test(expectedExceptions = IllegalArgumentException.class, expectedExceptionsMessageRegExp = "authority should use the 'https' scheme") From 6d850b1d1a5761523bea74c323ee6d139ab57e64 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Tue, 21 Feb 2023 13:48:30 -0600 Subject: [PATCH 29/65] add 2 seconds timeout while calling IMDS --- .../ClientCredentialsIT.java | 20 ++++--- .../TestConstants.java | 10 +--- .../msal4j/AadInstanceDiscoveryProvider.java | 58 +++++++++++++------ 3 files changed, 56 insertions(+), 32 deletions(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java index 8c1f5256..1e9b9ceb 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java @@ -7,6 +7,7 @@ import labapi.AzureEnvironment; import org.testng.Assert; import org.testng.annotations.BeforeClass; +import org.testng.annotations.DataProvider; import org.testng.annotations.Test; import java.io.IOException; @@ -118,13 +119,18 @@ public void acquireTokenClientCredentials_DefaultCacheLookup() throws Exception Assert.assertNotEquals(result2.accessToken(), result3.accessToken()); } - @Test - public void acquireTokenClientCredentials_Regional() throws Exception { + @DataProvider(name = "regionWithAuthority") + public static Object[][] createData() { + return new Object[][]{{"westus", TestConstants.REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_WESTUS}, + {"eastus", TestConstants.REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_EASTUS}}; + } + + @Test(dataProvider = "regionWithAuthority") + public void acquireTokenClientCredentials_Regional(String[] regionWithAuthority) throws Exception { String clientId = "2afb0add-2f32-4946-ac90-81a02aa4550e"; - assertAcquireTokenCommon_withRegion(clientId, certificate); + assertAcquireTokenCommon_withRegion(clientId, certificate, regionWithAuthority[0], regionWithAuthority[1]); } - private ClientAssertion getClientAssertion(String clientId) { return JwtHelper.buildJwt( clientId, @@ -164,7 +170,7 @@ private void assertAcquireTokenCommon_withParameters(String clientId, IClientCre Assert.assertNotNull(result.accessToken()); } - private void assertAcquireTokenCommon_withRegion(String clientId, IClientCredential credential) throws Exception { + private void assertAcquireTokenCommon_withRegion(String clientId, IClientCredential credential, String region, String regionalAuthority) throws Exception { ConfidentialClientApplication ccaNoRegion = ConfidentialClientApplication.builder( clientId, credential). authority(TestConstants.MICROSOFT_AUTHORITY). @@ -172,7 +178,7 @@ private void assertAcquireTokenCommon_withRegion(String clientId, IClientCredent ConfidentialClientApplication ccaRegion = ConfidentialClientApplication.builder( clientId, credential). - authority("https://login.microsoft.com/microsoft.onmicrosoft.com").azureRegion("westus"). + authority("https://login.microsoft.com/microsoft.onmicrosoft.com").azureRegion(region). build(); //Ensure behavior when region not specified @@ -193,7 +199,7 @@ private void assertAcquireTokenCommon_withRegion(String clientId, IClientCredent Assert.assertNotNull(resultRegion); Assert.assertNotNull(resultRegion.accessToken()); - Assert.assertEquals(resultRegion.environment(), TestConstants.REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_WESTUS); + Assert.assertEquals(resultRegion.environment(), regionalAuthority); IAuthenticationResult resultRegionCached = ccaRegion.acquireToken(ClientCredentialParameters .builder(Collections.singleton(KEYVAULT_DEFAULT_SCOPE)) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java index 97e65f16..1bcbd981 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java @@ -32,14 +32,14 @@ public class TestConstants { public final static String TENANT_SPECIFIC_AUTHORITY = MICROSOFT_AUTHORITY_HOST + MICROSOFT_AUTHORITY_TENANT; public final static String REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_WESTUS = "westus.login.microsoft.com"; + public final static String REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_EASTUS = "eastus.login.microsoft.com"; + public final static String ARLINGTON_ORGANIZATIONS_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + "organizations/"; - public final static String ARLINGTON_COMMON_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + "common/"; public final static String ARLINGTON_TENANT_SPECIFIC_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + ARLINGTON_AUTHORITY_TENANT; public final static String ARLINGTON_GRAPH_DEFAULT_SCOPE = "https://graph.microsoft.us/.default"; public final static String B2C_AUTHORITY = "https://msidlabb2c.b2clogin.com/tfp/msidlabb2c.onmicrosoft.com/"; - public final static String B2C_AUTHORITY_URL = "https://msidlabb2c.b2clogin.com/msidlabb2c.onmicrosoft.com/"; public final static String B2C_ROPC_POLICY = "B2C_1_ROPC_Auth"; public final static String B2C_SIGN_IN_POLICY = "B2C_1_SignInPolicy"; public final static String B2C_AUTHORITY_SIGN_IN = B2C_AUTHORITY + B2C_SIGN_IN_POLICY; @@ -49,7 +49,6 @@ public class TestConstants { public final static String B2C_MICROSOFTLOGIN_ROPC = B2C_MICROSOFTLOGIN_AUTHORITY + B2C_ROPC_POLICY; public final static String LOCALHOST = "http://localhost:"; - public final static String LOCAL_FLAG_ENV_VAR = "MSAL_JAVA_RUN_LOCAL"; public final static String ADFS_AUTHORITY = "https://fs.msidlab8.com/adfs/"; public final static String ADFS_SCOPE = USER_READ_SCOPE; @@ -57,11 +56,6 @@ public class TestConstants { public final static String CLAIMS = "{\"id_token\":{\"auth_time\":{\"essential\":true}}}"; public final static Set CLIENT_CAPABILITIES_EMPTY = new HashSet<>(Collections.emptySet()); - public final static Set CLIENT_CAPABILITIES_LLT = new HashSet<>(Collections.singletonList("llt")); - - // cross cloud b2b settings - public final static String AUTHORITY_ARLINGTON = "https://login.microsoftonline.us/" + ARLINGTON_AUTHORITY_TENANT; - public final static String AUTHORITY_MOONCAKE = "https://login.chinacloudapi.cn/mncmsidlab1.partner.onmschina.cn"; public final static String AUTHORITY_PUBLIC_TENANT_SPECIFIC = "https://login.microsoftonline.com/" + MICROSOFT_AUTHORITY_TENANT; public final static String DEFAULT_ACCESS_TOKEN = "defaultAccessToken"; diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index c548fb73..aa5e1e89 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -14,7 +14,7 @@ import java.util.TreeSet; import java.util.Map; import java.util.HashMap; -import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.*; class AadInstanceDiscoveryProvider { @@ -60,23 +60,21 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl, ServiceBundle serviceBundle) { String host = authorityUrl.getHost(); - if (shouldUseRegionalEndpoint(msalRequest)) { - //Server side telemetry requires the result from region discovery when any part of the region API is used - String detectedRegion = discoverRegion(msalRequest, serviceBundle); + ExecutorService executor = Executors.newSingleThreadExecutor(); - if (msalRequest.application().azureRegion() != null) { - host = getRegionalizedHost(authorityUrl.getHost(), msalRequest.application().azureRegion()); - } + Future future = executor.submit(() -> performRegionalDiscovery(authorityUrl, msalRequest, serviceBundle)); - //If region autodetection is enabled and a specific region not already set, - // set the application's region to the discovered region so that future requests can skip the IMDS endpoint call - if (null == msalRequest.application().azureRegion() && msalRequest.application().autoDetectRegion() - && null != detectedRegion) { - msalRequest.application().azureRegion = detectedRegion; - } - cacheRegionInstanceMetadata(authorityUrl.getHost(), msalRequest.application().azureRegion()); - serviceBundle.getServerSideTelemetry().getCurrentRequest().regionOutcome( - determineRegionOutcome(detectedRegion, msalRequest.application().azureRegion(), msalRequest.application().autoDetectRegion())); + try { + log.info("Starting call to IMDS endpoint."); + host = future.get(2, TimeUnit.SECONDS); + } catch (TimeoutException ex) { + log.info("Cancelled call to IMDS endpoint after waiting for 2 seconds"); + future.cancel(true); + } catch (Exception ex) { + // handle other exceptions + log.info("Exception while calling IMDS endpoint" + ex.getMessage()); + } finally { + executor.shutdownNow(); } InstanceDiscoveryMetadataEntry result = cache.get(host); @@ -97,6 +95,32 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl, return cache.get(host); } + private static String performRegionalDiscovery(URL authorityUrl, MsalRequest msalRequest, ServiceBundle serviceBundle){ + + String host = authorityUrl.getHost(); + + if (shouldUseRegionalEndpoint(msalRequest)) { + //Server side telemetry requires the result from region discovery when any part of the region API is used + String detectedRegion = discoverRegion(msalRequest, serviceBundle); + + if (msalRequest.application().azureRegion() != null) { + host = getRegionalizedHost(authorityUrl.getHost(), msalRequest.application().azureRegion()); + } + + //If region autodetection is enabled and a specific region not already set, + // set the application's region to the discovered region so that future requests can skip the IMDS endpoint call + if (null == msalRequest.application().azureRegion() && msalRequest.application().autoDetectRegion() + && null != detectedRegion) { + msalRequest.application().azureRegion = detectedRegion; + } + cacheRegionInstanceMetadata(authorityUrl.getHost(), msalRequest.application().azureRegion()); + serviceBundle.getServerSideTelemetry().getCurrentRequest().regionOutcome( + determineRegionOutcome(detectedRegion, msalRequest.application().azureRegion(), msalRequest.application().autoDetectRegion())); + } + + return host; + } + static Set getAliases(String host) { if (cache.containsKey(host)) { return cache.get(host).aliases(); @@ -299,7 +323,7 @@ private static String discoverRegion(MsalRequest msalRequest, ServiceBundle serv //If call to IMDS endpoint was successful, return region from response body if (httpResponse.statusCode() == HttpHelper.HTTP_STATUS_200 && !httpResponse.body().isEmpty()) { - log.info("Region retrieved from IMDS endpoint: " + httpResponse.body()); + log.info(String.format("Region retrieved from IMDS endpoint: %s", httpResponse.body())); currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_IMDS.telemetryValue); return httpResponse.body(); From 9a286ab9d4e6fb5e009b50c69bf87e56d0cc559e Mon Sep 17 00:00:00 2001 From: siddhijain Date: Tue, 21 Feb 2023 22:14:29 -0600 Subject: [PATCH 30/65] Fix failing tests --- .../aad/msal4j/AadInstanceDiscoveryProvider.java | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index aa5e1e89..ade8a784 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -31,6 +31,8 @@ class AadInstanceDiscoveryProvider { private static final String DEFAULT_API_VERSION = "2020-06-01"; private static final String IMDS_ENDPOINT = "https://169.254.169.254/metadata/instance/compute/location?" + DEFAULT_API_VERSION + "&format=text"; + private static final int IMDS_TIMEOUT = 2; + private static final TimeUnit IMDS_TIMEOUT_UNIT = TimeUnit.SECONDS; static final TreeSet TRUSTED_HOSTS_SET = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); static final TreeSet TRUSTED_SOVEREIGN_HOSTS_SET = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); @@ -66,13 +68,19 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl, try { log.info("Starting call to IMDS endpoint."); - host = future.get(2, TimeUnit.SECONDS); + host = future.get(IMDS_TIMEOUT, IMDS_TIMEOUT_UNIT); } catch (TimeoutException ex) { log.info("Cancelled call to IMDS endpoint after waiting for 2 seconds"); future.cancel(true); + if (msalRequest.application().azureRegion() != null) { + host = getRegionalizedHost(authorityUrl.getHost(), msalRequest.application().azureRegion()); + } } catch (Exception ex) { // handle other exceptions log.info("Exception while calling IMDS endpoint" + ex.getMessage()); + if (msalRequest.application().azureRegion() != null) { + host = getRegionalizedHost(authorityUrl.getHost(), msalRequest.application().azureRegion()); + } } finally { executor.shutdownNow(); } @@ -113,7 +121,7 @@ private static String performRegionalDiscovery(URL authorityUrl, MsalRequest msa && null != detectedRegion) { msalRequest.application().azureRegion = detectedRegion; } - cacheRegionInstanceMetadata(authorityUrl.getHost(), msalRequest.application().azureRegion()); + cacheRegionInstanceMetadata(host, authorityUrl.getHost()); serviceBundle.getServerSideTelemetry().getCurrentRequest().regionOutcome( determineRegionOutcome(detectedRegion, msalRequest.application().azureRegion(), msalRequest.application().autoDetectRegion())); } @@ -184,11 +192,10 @@ private static boolean shouldUseRegionalEndpoint(MsalRequest msalRequest){ return false; } - static void cacheRegionInstanceMetadata(String host, String region) { + static void cacheRegionInstanceMetadata(String regionalHost, String host) { Set aliases = new HashSet<>(); aliases.add(host); - String regionalHost = getRegionalizedHost(host, region); cache.putIfAbsent(regionalHost, InstanceDiscoveryMetadataEntry.builder(). preferredCache(host). From 8c26f4ccaaa6d302d64e1d927344c4edefbfcb05 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Wed, 22 Feb 2023 13:13:36 -0600 Subject: [PATCH 31/65] Fix failing tests --- .../msal4j/AadInstanceDiscoveryProvider.java | 113 +++++++++--------- 1 file changed, 59 insertions(+), 54 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index ade8a784..6722787b 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -62,27 +62,23 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl, ServiceBundle serviceBundle) { String host = authorityUrl.getHost(); - ExecutorService executor = Executors.newSingleThreadExecutor(); - - Future future = executor.submit(() -> performRegionalDiscovery(authorityUrl, msalRequest, serviceBundle)); + if (shouldUseRegionalEndpoint(msalRequest)) { + //Server side telemetry requires the result from region discovery when any part of the region API is used + String detectedRegion = discoverRegion(msalRequest, serviceBundle); - try { - log.info("Starting call to IMDS endpoint."); - host = future.get(IMDS_TIMEOUT, IMDS_TIMEOUT_UNIT); - } catch (TimeoutException ex) { - log.info("Cancelled call to IMDS endpoint after waiting for 2 seconds"); - future.cancel(true); if (msalRequest.application().azureRegion() != null) { host = getRegionalizedHost(authorityUrl.getHost(), msalRequest.application().azureRegion()); } - } catch (Exception ex) { - // handle other exceptions - log.info("Exception while calling IMDS endpoint" + ex.getMessage()); - if (msalRequest.application().azureRegion() != null) { - host = getRegionalizedHost(authorityUrl.getHost(), msalRequest.application().azureRegion()); + + //If region autodetection is enabled and a specific region not already set, + // set the application's region to the discovered region so that future requests can skip the IMDS endpoint call + if (null == msalRequest.application().azureRegion() && msalRequest.application().autoDetectRegion() + && null != detectedRegion) { + msalRequest.application().azureRegion = detectedRegion; } - } finally { - executor.shutdownNow(); + cacheRegionInstanceMetadata(authorityUrl.getHost(), msalRequest.application().azureRegion()); + serviceBundle.getServerSideTelemetry().getCurrentRequest().regionOutcome( + determineRegionOutcome(detectedRegion, msalRequest.application().azureRegion(), msalRequest.application().autoDetectRegion())); } InstanceDiscoveryMetadataEntry result = cache.get(host); @@ -103,32 +99,6 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl, return cache.get(host); } - private static String performRegionalDiscovery(URL authorityUrl, MsalRequest msalRequest, ServiceBundle serviceBundle){ - - String host = authorityUrl.getHost(); - - if (shouldUseRegionalEndpoint(msalRequest)) { - //Server side telemetry requires the result from region discovery when any part of the region API is used - String detectedRegion = discoverRegion(msalRequest, serviceBundle); - - if (msalRequest.application().azureRegion() != null) { - host = getRegionalizedHost(authorityUrl.getHost(), msalRequest.application().azureRegion()); - } - - //If region autodetection is enabled and a specific region not already set, - // set the application's region to the discovered region so that future requests can skip the IMDS endpoint call - if (null == msalRequest.application().azureRegion() && msalRequest.application().autoDetectRegion() - && null != detectedRegion) { - msalRequest.application().azureRegion = detectedRegion; - } - cacheRegionInstanceMetadata(host, authorityUrl.getHost()); - serviceBundle.getServerSideTelemetry().getCurrentRequest().regionOutcome( - determineRegionOutcome(detectedRegion, msalRequest.application().azureRegion(), msalRequest.application().autoDetectRegion())); - } - - return host; - } - static Set getAliases(String host) { if (cache.containsKey(host)) { return cache.get(host).aliases(); @@ -192,10 +162,11 @@ private static boolean shouldUseRegionalEndpoint(MsalRequest msalRequest){ return false; } - static void cacheRegionInstanceMetadata(String regionalHost, String host) { + static void cacheRegionInstanceMetadata(String host, String region) { Set aliases = new HashSet<>(); aliases.add(host); + String regionalHost = getRegionalizedHost(host, region); cache.putIfAbsent(regionalHost, InstanceDiscoveryMetadataEntry.builder(). preferredCache(host). @@ -322,12 +293,44 @@ private static String discoverRegion(MsalRequest msalRequest, ServiceBundle serv return System.getenv(REGION_NAME); } - try { - //Check the IMDS endpoint to retrieve current region (will only work if application is running in an Azure VM) - Map headers = new HashMap<>(); - headers.put("Metadata", "true"); - IHttpResponse httpResponse = executeRequest(IMDS_ENDPOINT, headers, msalRequest, serviceBundle); +// try { +// //Check the IMDS endpoint to retrieve current region (will only work if application is running in an Azure VM) +// Map headers = new HashMap<>(); +// headers.put("Metadata", "true"); +// IHttpResponse httpResponse = executeRequest(IMDS_ENDPOINT, headers, msalRequest, serviceBundle); +// +// //If call to IMDS endpoint was successful, return region from response body +// if (httpResponse.statusCode() == HttpHelper.HTTP_STATUS_200 && !httpResponse.body().isEmpty()) { +// log.info(String.format("Region retrieved from IMDS endpoint: %s", httpResponse.body())); +// currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_IMDS.telemetryValue); +// +// return httpResponse.body(); +// } +// +// log.warn(String.format("Call to local IMDS failed with status code: %s, or response was empty", httpResponse.statusCode())); +// currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_FAILED_AUTODETECT.telemetryValue); +// +// return null; +// } catch (Exception e) { +// //IMDS call failed, cannot find region +// //The IMDS endpoint is only available from within an Azure environment, so the most common cause of this +// // exception will likely be java.net.SocketException: Network is unreachable: connect +// log.warn(String.format("Exception during call to local IMDS endpoint: %s", e.getMessage())); +// currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_FAILED_AUTODETECT.telemetryValue); +// +// return null; +// } + + //Check the IMDS endpoint to retrieve current region (will only work if application is running in an Azure VM) + Map headers = new HashMap<>(); + headers.put("Metadata", "true"); + + ExecutorService executor = Executors.newSingleThreadExecutor(); + Future future = executor.submit(() -> executeRequest(IMDS_ENDPOINT, headers, msalRequest, serviceBundle)); + try { + log.info("Starting call to IMDS endpoint."); + IHttpResponse httpResponse = future.get(IMDS_TIMEOUT, IMDS_TIMEOUT_UNIT); //If call to IMDS endpoint was successful, return region from response body if (httpResponse.statusCode() == HttpHelper.HTTP_STATUS_200 && !httpResponse.body().isEmpty()) { log.info(String.format("Region retrieved from IMDS endpoint: %s", httpResponse.body())); @@ -335,20 +338,22 @@ private static String discoverRegion(MsalRequest msalRequest, ServiceBundle serv return httpResponse.body(); } - log.warn(String.format("Call to local IMDS failed with status code: %s, or response was empty", httpResponse.statusCode())); currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_FAILED_AUTODETECT.telemetryValue); - - return null; - } catch (Exception e) { + } catch (Exception ex) { + // handle other exceptions //IMDS call failed, cannot find region //The IMDS endpoint is only available from within an Azure environment, so the most common cause of this // exception will likely be java.net.SocketException: Network is unreachable: connect - log.warn(String.format("Exception during call to local IMDS endpoint: %s", e.getMessage())); + log.warn(String.format("Exception during call to local IMDS endpoint: %s", ex.getMessage())); currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_FAILED_AUTODETECT.telemetryValue); + future.cancel(true); - return null; + } finally { + executor.shutdownNow(); } + + return null; } private static void doInstanceDiscoveryAndCache(URL authorityUrl, From d6ac699e15ddc34d33e191b6025f296beced55ae Mon Sep 17 00:00:00 2001 From: siddhijain Date: Wed, 22 Feb 2023 13:22:10 -0600 Subject: [PATCH 32/65] delete commented out code --- .../msal4j/AadInstanceDiscoveryProvider.java | 28 ------------------- 1 file changed, 28 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index 6722787b..b4d61b27 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -293,34 +293,6 @@ private static String discoverRegion(MsalRequest msalRequest, ServiceBundle serv return System.getenv(REGION_NAME); } -// try { -// //Check the IMDS endpoint to retrieve current region (will only work if application is running in an Azure VM) -// Map headers = new HashMap<>(); -// headers.put("Metadata", "true"); -// IHttpResponse httpResponse = executeRequest(IMDS_ENDPOINT, headers, msalRequest, serviceBundle); -// -// //If call to IMDS endpoint was successful, return region from response body -// if (httpResponse.statusCode() == HttpHelper.HTTP_STATUS_200 && !httpResponse.body().isEmpty()) { -// log.info(String.format("Region retrieved from IMDS endpoint: %s", httpResponse.body())); -// currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_IMDS.telemetryValue); -// -// return httpResponse.body(); -// } -// -// log.warn(String.format("Call to local IMDS failed with status code: %s, or response was empty", httpResponse.statusCode())); -// currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_FAILED_AUTODETECT.telemetryValue); -// -// return null; -// } catch (Exception e) { -// //IMDS call failed, cannot find region -// //The IMDS endpoint is only available from within an Azure environment, so the most common cause of this -// // exception will likely be java.net.SocketException: Network is unreachable: connect -// log.warn(String.format("Exception during call to local IMDS endpoint: %s", e.getMessage())); -// currentRequest.regionSource(RegionTelemetry.REGION_SOURCE_FAILED_AUTODETECT.telemetryValue); -// -// return null; -// } - //Check the IMDS endpoint to retrieve current region (will only work if application is running in an Azure VM) Map headers = new HashMap<>(); headers.put("Metadata", "true"); From 68a99726a097123a7c2bfc3078cb1d9ddc70af70 Mon Sep 17 00:00:00 2001 From: Avery-Dunn <62066438+Avery-Dunn@users.noreply.github.com> Date: Thu, 23 Feb 2023 11:54:07 -0800 Subject: [PATCH 33/65] Use the dedicated admin consent endpoint instead of a query parameter (#599) --- .../msal4j/AuthorizationRequestUrlParameters.java | 12 +++++++++++- .../main/java/com/microsoft/aad/msal4j/Prompt.java | 8 -------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java index 48045b1e..c52c0eb6 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java @@ -34,6 +34,9 @@ public class AuthorizationRequestUrlParameters { private String correlationId; private boolean instanceAware; + //Unlike other prompts (which are sent as query parameters), admin consent has its own endpoint format + private static final String ADMIN_CONSENT_ENDPOINT = "https://login.microsoftonline.com/{tenant}/adminconsent"; + Map> requestParameters = new HashMap<>(); public static Builder builder(String redirectUri, @@ -155,7 +158,14 @@ URL createAuthorizationURL(Authority authority, Map> requestParameters) { URL authorizationRequestUrl; try { - String authorizationCodeEndpoint = authority.authorizationEndpoint(); + String authorizationCodeEndpoint; + if (prompt == Prompt.ADMIN_CONSENT) { + authorizationCodeEndpoint = ADMIN_CONSENT_ENDPOINT + .replace("{tenant}", authority.tenant); + } else { + authorizationCodeEndpoint = authority.authorizationEndpoint(); + } + String uriString = authorizationCodeEndpoint + "?" + URLUtils.serializeParameters(requestParameters); diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java index 1c5efd7b..7670f3da 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java @@ -25,14 +25,6 @@ public enum Prompt { */ CONSENT("consent"), - /** - * An administrator should be prompted to consent on behalf of all users in their organization. - *

- * Deprecated, instead use Prompt.ADMIN_CONSENT - */ - @Deprecated - ADMING_CONSENT("admin_consent"), - /** * An administrator should be prompted to consent on behalf of all users in their organization. */ From 5ce95b6339e4e043b711428639fb011c3e46b436 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Thu, 23 Feb 2023 15:20:04 -0600 Subject: [PATCH 34/65] updated versions for release --- msal4j-sdk/README.md | 6 +++--- msal4j-sdk/bnd.bnd | 2 +- msal4j-sdk/changelog.txt | 7 +++++++ msal4j-sdk/pom.xml | 2 +- msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-obo-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-web-sample/pom.xml | 2 +- 7 files changed, 15 insertions(+), 8 deletions(-) diff --git a/msal4j-sdk/README.md b/msal4j-sdk/README.md index 1e24a762..020c49f3 100644 --- a/msal4j-sdk/README.md +++ b/msal4j-sdk/README.md @@ -16,7 +16,7 @@ Quick links: The library supports the following Java environments: - Java 8 (or higher) -Current version - 1.13.4 +Current version - 1.13.5 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt). @@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti com.microsoft.azure msal4j - 1.13.4 + 1.13.5 ``` ### Gradle ```gradle -compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.4' +compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.5' ``` ## Usage diff --git a/msal4j-sdk/bnd.bnd b/msal4j-sdk/bnd.bnd index b3f81aae..e6238bc3 100644 --- a/msal4j-sdk/bnd.bnd +++ b/msal4j-sdk/bnd.bnd @@ -1,2 +1,2 @@ -Export-Package: com.microsoft.aad.msal4j;version="1.13.4" +Export-Package: com.microsoft.aad.msal4j;version="1.13.5" Automatic-Module-Name: com.microsoft.aad.msal4j diff --git a/msal4j-sdk/changelog.txt b/msal4j-sdk/changelog.txt index 442411d4..0a999672 100644 --- a/msal4j-sdk/changelog.txt +++ b/msal4j-sdk/changelog.txt @@ -1,3 +1,10 @@ +Version 1.13.5 +============= +- fixed url for admin consent. +- added 2s timeout to IMDS endpoint call. +- fixed url for regional endpoint calls. +- added support for current and legacy B2c authority formats. + Version 1.13.4 ============= - regional endpoint updates diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index a7b4fde5..92d25e82 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.microsoft.azure msal4j - 1.13.4 + 1.13.5 jar msal4j diff --git a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml index 3bc00e86..d9bd76d9 100644 --- a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.4 + 1.13.5 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml index 38374034..ef209273 100644 --- a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.4 + 1.13.5 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-web-sample/pom.xml index 29cb2b44..c77a2056 100644 --- a/msal4j-sdk/src/samples/msal-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.4 + 1.13.5 com.nimbusds From 12ca83641b0f1165787b85ec5206812cbcb8c55b Mon Sep 17 00:00:00 2001 From: siddhijain Date: Tue, 7 Mar 2023 17:08:01 -0600 Subject: [PATCH 35/65] update condition to throw exception --- .../aad/msal4j/AadInstanceDiscoveryProvider.java | 11 +++++++++-- .../java/com/microsoft/aad/msal4j/HttpHelper.java | 3 +++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index b4d61b27..1519c98f 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -38,6 +38,8 @@ class AadInstanceDiscoveryProvider { private static final Logger log = LoggerFactory.getLogger(AadInstanceDiscoveryProvider.class); + //flag to check if instance discovery has failed + private static boolean instanceDiscoveryFailed = false; static ConcurrentHashMap cache = new ConcurrentHashMap<>(); static { @@ -84,7 +86,7 @@ static InstanceDiscoveryMetadataEntry getMetadataEntry(URL authorityUrl, InstanceDiscoveryMetadataEntry result = cache.get(host); if (result == null) { - if(msalRequest.application().instanceDiscovery()){ + if(msalRequest.application().instanceDiscovery() && !instanceDiscoveryFailed){ doInstanceDiscoveryAndCache(authorityUrl, validateAuthority, msalRequest, serviceBundle); } else { // instanceDiscovery flag is set to False. Do not perform instanceDiscovery. @@ -235,7 +237,12 @@ private static AadInstanceDiscoveryResponse sendInstanceDiscoveryRequest(URL aut httpResponse = executeRequest(instanceDiscoveryRequestUrl, msalRequest.headers().getReadonlyHeaderMap(), msalRequest, serviceBundle); if (httpResponse.statusCode() != HttpHelper.HTTP_STATUS_200) { - throw MsalServiceExceptionFactory.fromHttpResponse(httpResponse); + if(httpResponse.statusCode() == HttpHelper.HTTP_STATUS_400 && httpResponse.body().equals("invalid_instance")){ + // instance discovery failed due to an invalid authority, throw an exception. + throw MsalServiceExceptionFactory.fromHttpResponse(httpResponse); + } + // instance discovery failed due to reasons other than an invalid authority, do not perform instance discovery again in this environment. + instanceDiscoveryFailed = true; } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java index 2c088fd5..cc6b4e7d 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java @@ -22,6 +22,9 @@ class HttpHelper { public static final int RETRY_DELAY_MS = 1000; public static final int HTTP_STATUS_200 = 200; + + public static final int HTTP_STATUS_400 = 400; + public static final int HTTP_STATUS_429 = 429; public static final int HTTP_STATUS_500 = 500; From cf814eb0f30967aae90dd462374c60237ad63423 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Thu, 9 Mar 2023 11:55:59 -0600 Subject: [PATCH 36/65] added test for invalid authority --- .../InvalidAuthorityIT.java | 26 +++++++++++++++++++ .../msal4j/AadInstanceDiscoveryProvider.java | 7 ++--- 2 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java new file mode 100644 index 00000000..07be1538 --- /dev/null +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java @@ -0,0 +1,26 @@ +package com.microsoft.aad.msal4j; + +import org.testng.annotations.Test; + +import java.net.URI; +import java.util.Collections; +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.ExecutionException; + +public class InvalidAuthorityIT extends SeleniumTest{ + + @Test(expectedExceptions = ExecutionException.class, expectedExceptionsMessageRegExp = ".*?invalid instance.*?") + public void acquireTokenWithAuthorizationCode_InvalidAuthority() throws Exception{ + PublicClientApplication app; + app = PublicClientApplication.builder( + TestConfiguration.AAD_CLIENT_ID) + .authority("https://dummy.microsoft.com/common") //invalid authority, request fails at instance discovery + .build(); + + CompletableFuture future = app.acquireToken( + AuthorizationCodeParameters.builder("auth_code", new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI)) + .scopes(Collections.singleton("default-scope")) + .authorizationCode("auth_code").redirectUri(new URI(TestConfiguration.AAD_DEFAULT_REDIRECT_URI)).build()); + future.get(); + } +} diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java index 1519c98f..a66094e9 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java @@ -236,8 +236,10 @@ private static AadInstanceDiscoveryResponse sendInstanceDiscoveryRequest(URL aut httpResponse = executeRequest(instanceDiscoveryRequestUrl, msalRequest.headers().getReadonlyHeaderMap(), msalRequest, serviceBundle); + AadInstanceDiscoveryResponse response = JsonHelper.convertJsonToObject(httpResponse.body(), AadInstanceDiscoveryResponse.class); + if (httpResponse.statusCode() != HttpHelper.HTTP_STATUS_200) { - if(httpResponse.statusCode() == HttpHelper.HTTP_STATUS_400 && httpResponse.body().equals("invalid_instance")){ + if(httpResponse.statusCode() == HttpHelper.HTTP_STATUS_400 && response.error().equals("invalid_instance")){ // instance discovery failed due to an invalid authority, throw an exception. throw MsalServiceExceptionFactory.fromHttpResponse(httpResponse); } @@ -245,8 +247,7 @@ private static AadInstanceDiscoveryResponse sendInstanceDiscoveryRequest(URL aut instanceDiscoveryFailed = true; } - - return JsonHelper.convertJsonToObject(httpResponse.body(), AadInstanceDiscoveryResponse.class); + return response; } private static int determineRegionOutcome(String detectedRegion, String providedRegion, boolean autoDetect) { From ed7df000be9d31d00e53ab04d2c2e55c12e5672c Mon Sep 17 00:00:00 2001 From: Avery-Dunn <62066438+Avery-Dunn@users.noreply.github.com> Date: Thu, 9 Mar 2023 14:37:35 -0800 Subject: [PATCH 37/65] Add tests for a CIAM user and reduce test code duplication (#603) * Add tests for a CIAM user and reduce code duplication in several test files * Revert changed method name * Attempt to resolve credscan flag * Resolve credscan issues * Address code review comments * Use default scope --- .../AcquireTokenInteractiveIT.java | 66 ++++++++----------- .../ClientCredentialsIT.java | 25 +++++-- .../DeviceCodeIT.java | 23 +++++++ .../TestConstants.java | 2 + .../UsernamePasswordIT.java | 43 ++++++------ .../java/labapi/AppCredentialProvider.java | 7 +- .../java/labapi/AzureEnvironment.java | 1 + .../java/labapi/FederationProvider.java | 1 + .../java/labapi/LabConstants.java | 1 + .../java/labapi/LabUserProvider.java | 10 +++ .../java/labapi/UserQueryParameters.java | 1 + 11 files changed, 111 insertions(+), 69 deletions(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java index 79466c5f..c9257379 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java @@ -28,13 +28,13 @@ public void acquireTokenInteractive_ManagedUser(String environment) { cfg = new Config(environment); User user = labUserProvider.getDefaultUser(cfg.azureEnvironment); - assertAcquireTokenAAD(user); + assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope()); } @Test() public void acquireTokenInteractive_ADFSv2019_OnPrem() { User user = labUserProvider.getOnPremAdfsUser(FederationProvider.ADFS_2019); - assertAcquireTokenADFS2019(user); + assertAcquireTokenCommon(user, TestConstants.ADFS_AUTHORITY, TestConstants.ADFS_SCOPE); } @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class) @@ -42,7 +42,7 @@ public void acquireTokenInteractive_ADFSv2019_Federated(String environment) { cfg = new Config(environment); User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2019); - assertAcquireTokenAAD(user); + assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope()); } @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class) @@ -50,7 +50,7 @@ public void acquireTokenInteractive_ADFSv4_Federated(String environment) { cfg = new Config(environment); User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_4); - assertAcquireTokenAAD(user); + assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope()); } @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class) @@ -58,7 +58,7 @@ public void acquireTokenInteractive_ADFSv3_Federated(String environment) { cfg = new Config(environment); User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_3); - assertAcquireTokenAAD(user); + assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope()); } @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class) @@ -66,7 +66,14 @@ public void acquireTokenInteractive_ADFSv2_Federated(String environment) { cfg = new Config(environment); User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2); - assertAcquireTokenAAD(user); + assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope()); + } + + @Test + public void acquireTokenInteractive_Ciam() { + User user = labUserProvider.getCiamUser(); + + assertAcquireTokenCommon(user, TestConstants.CIAM_AUTHORITY, TestConstants.GRAPH_DEFAULT_SCOPE); } @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class) @@ -93,12 +100,12 @@ public void acquireTokenInteractive_ManagedUser_InstanceAware() { assertAcquireTokenInstanceAware(user); } - private void assertAcquireTokenAAD(User user) { + private void assertAcquireTokenCommon(User user, String authority, String scope) { PublicClientApplication pca; try { pca = PublicClientApplication.builder( user.getAppId()). - authority(cfg.organizationsAuthority()). + authority(authority). build(); } catch (MalformedURLException ex) { throw new RuntimeException(ex.getMessage()); @@ -107,30 +114,9 @@ private void assertAcquireTokenAAD(User user) { IAuthenticationResult result = acquireTokenInteractive( user, pca, - cfg.graphDefaultScope()); + scope); - Assert.assertNotNull(result); - Assert.assertNotNull(result.accessToken()); - Assert.assertNotNull(result.idToken()); - Assert.assertEquals(user.getUpn(), result.account().username()); - } - - private void assertAcquireTokenADFS2019(User user) { - PublicClientApplication pca; - try { - pca = PublicClientApplication.builder( - TestConstants.ADFS_APP_ID). - authority(TestConstants.ADFS_AUTHORITY). - build(); - } catch (MalformedURLException ex) { - throw new RuntimeException(ex.getMessage()); - } - - IAuthenticationResult result = acquireTokenInteractive(user, pca, TestConstants.ADFS_SCOPE); - - Assert.assertNotNull(result); - Assert.assertNotNull(result.accessToken()); - Assert.assertNotNull(result.idToken()); + assertTokenResultNotNull(result); Assert.assertEquals(user.getUpn(), result.account().username()); } @@ -147,9 +133,7 @@ private void assertAcquireTokenB2C(User user, String authority) { } IAuthenticationResult result = acquireTokenInteractive(user, pca, user.getAppId()); - Assert.assertNotNull(result); - Assert.assertNotNull(result.accessToken()); - Assert.assertNotNull(result.idToken()); + assertTokenResultNotNull(result); } private void assertAcquireTokenInstanceAware(User user) { @@ -165,9 +149,7 @@ private void assertAcquireTokenInstanceAware(User user) { IAuthenticationResult result = acquireTokenInteractive_instanceAware(user, pca, cfg.graphDefaultScope()); - Assert.assertNotNull(result); - Assert.assertNotNull(result.accessToken()); - Assert.assertNotNull(result.idToken()); + assertTokenResultNotNull(result); Assert.assertEquals(user.getUpn(), result.account().username()); //This test is using a client app with the login.microsoftonline.com config to get tokens for a login.microsoftonline.us user, @@ -231,9 +213,7 @@ public void afterCacheAccess(ITokenCacheAccessContext iTokenCacheAccessContext) build(); IAuthenticationResult result = acquireTokenInteractive(user, publicCloudPca, TestConstants.USER_READ_SCOPE); - Assert.assertNotNull(result); - Assert.assertNotNull(result.accessToken()); - Assert.assertNotNull(result.idToken()); + assertTokenResultNotNull(result); Assert.assertEquals(user.getHomeUPN(), result.account().username()); publicCloudPca.removeAccount(publicCloudPca.getAccounts().join().iterator().next()).join(); @@ -271,6 +251,12 @@ private IAuthenticationResult acquireTokenInteractive( return result; } + private void assertTokenResultNotNull(IAuthenticationResult result) { + Assert.assertNotNull(result); + Assert.assertNotNull(result.accessToken()); + Assert.assertNotNull(result.idToken()); + } + private IAuthenticationResult acquireTokenInteractive_instanceAware( User user, PublicClientApplication pca, diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java index 1e9b9ceb..19838d8c 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java @@ -5,6 +5,7 @@ import labapi.AppCredentialProvider; import labapi.AzureEnvironment; +import labapi.LabUserProvider; import org.testng.Assert; import org.testng.annotations.BeforeClass; import org.testng.annotations.DataProvider; @@ -24,16 +25,18 @@ @Test public class ClientCredentialsIT { private IClientCertificate certificate; + private LabUserProvider labUserProvider; @BeforeClass void init() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, IOException { certificate = CertificateHelper.getClientCertificate(); + labUserProvider = LabUserProvider.getInstance(); } @Test public void acquireTokenClientCredentials_ClientCertificate() throws Exception { String clientId = "2afb0add-2f32-4946-ac90-81a02aa4550e"; - assertAcquireTokenCommon(clientId, certificate); + assertAcquireTokenCommon(clientId, certificate, TestConstants.MICROSOFT_AUTHORITY); } @Test @@ -43,7 +46,7 @@ public void acquireTokenClientCredentials_ClientSecret() throws Exception { final String password = appProvider.getLabVaultPassword(); IClientCredential credential = ClientCredentialFactory.createFromSecret(password); - assertAcquireTokenCommon(clientId, credential); + assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY); } @Test @@ -54,7 +57,17 @@ public void acquireTokenClientCredentials_ClientAssertion() throws Exception { IClientCredential credential = ClientCredentialFactory.createFromClientAssertion(clientAssertion.assertion()); - assertAcquireTokenCommon(clientId, credential); + assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY); + } + + @Test + public void acquireTokenClientCredentials_ClientSecret_Ciam() throws Exception { + String clientId = labUserProvider.getCiamUser().getAppId(); + + AppCredentialProvider appProvider = new AppCredentialProvider(AzureEnvironment.CIAM); + IClientCredential credential = ClientCredentialFactory.createFromSecret(appProvider.getOboAppPassword()); + + assertAcquireTokenCommon(clientId, credential, TestConstants.CIAM_AUTHORITY); } @Test @@ -70,7 +83,7 @@ public void acquireTokenClientCredentials_Callback() throws Exception { IClientCredential credential = ClientCredentialFactory.createFromCallback(callable); - assertAcquireTokenCommon(clientId, credential); + assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY); // Creates an invalid client assertion to build the application, but overrides it with a valid client assertion // in the request parameters in order to make a successful token request @@ -139,10 +152,10 @@ private ClientAssertion getClientAssertion(String clientId) { true); } - private void assertAcquireTokenCommon(String clientId, IClientCredential credential) throws Exception { + private void assertAcquireTokenCommon(String clientId, IClientCredential credential, String authority) throws Exception { ConfidentialClientApplication cca = ConfidentialClientApplication.builder( clientId, credential). - authority(TestConstants.MICROSOFT_AUTHORITY). + authority(authority). build(); IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java index aa23ffd3..a7ab3a48 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java @@ -113,6 +113,29 @@ public void DeviceCodeFlowMSATest() throws Exception { Assert.assertFalse(Strings.isNullOrEmpty(result.accessToken())); } + @Test + public void DeviceCodeFlowCiamTest() throws Exception { + User user = labUserProvider.getCiamUser(); + + PublicClientApplication pca = PublicClientApplication.builder( + user.getAppId()). + authority(TestConstants.CIAM_AUTHORITY). + build(); + + Consumer deviceCodeConsumer = (DeviceCode deviceCode) -> { + runAutomatedDeviceCodeFlow(deviceCode, user); + }; + + IAuthenticationResult result = pca.acquireToken(DeviceCodeFlowParameters + .builder(Collections.singleton(""), + deviceCodeConsumer) + .build()) + .get(); + + Assert.assertNotNull(result); + Assert.assertFalse(Strings.isNullOrEmpty(result.accessToken())); + } + private void runAutomatedDeviceCodeFlow(DeviceCode deviceCode, User user) { boolean isRunningLocally = true;//!Strings.isNullOrEmpty( //System.getenv(TestConstants.LOCAL_FLAG_ENV_VAR)); diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java index b9603d52..e76cb60c 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java @@ -34,6 +34,8 @@ public class TestConstants { public final static String REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_EASTUS = "eastus.login.microsoft.com"; + public final static String CIAM_AUTHORITY = MICROSOFT_AUTHORITY_HOST + "msidlabciam1.onmicrosoft.com"; + public final static String ARLINGTON_ORGANIZATIONS_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + "organizations/"; public final static String ARLINGTON_TENANT_SPECIFIC_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + ARLINGTON_AUTHORITY_TENANT; public final static String ARLINGTON_GRAPH_DEFAULT_SCOPE = "https://graph.microsoft.us/.default"; diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java index 498166aa..cade6134 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java @@ -27,7 +27,7 @@ public void acquireTokenWithUsernamePassword_Managed(String environment) throws User user = labUserProvider.getDefaultUser(cfg.azureEnvironment); - assertAcquireTokenCommonAAD(user); + assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId()); } @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class) @@ -41,7 +41,7 @@ public void acquireTokenWithUsernamePassword_ADFSv2019_Federated(String environm User user = labUserProvider.getLabUser(query); - assertAcquireTokenCommonAAD(user); + assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId()); } @Test @@ -52,7 +52,7 @@ public void acquireTokenWithUsernamePassword_ADFSv2019_OnPrem() throws Exception User user = labUserProvider.getLabUser(query); - assertAcquireTokenCommonADFS(user); + assertAcquireTokenCommon(user, TestConstants.ADFS_AUTHORITY, TestConstants.ADFS_SCOPE, TestConstants.ADFS_APP_ID); } @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class) @@ -66,7 +66,7 @@ public void acquireTokenWithUsernamePassword_ADFSv4(String environment) throws E User user = labUserProvider.getLabUser(query); - assertAcquireTokenCommonAAD(user); + assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId()); } @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class) @@ -80,7 +80,7 @@ public void acquireTokenWithUsernamePassword_ADFSv3(String environment) throws E User user = labUserProvider.getLabUser(query); - assertAcquireTokenCommonAAD(user); + assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId()); } @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class) @@ -97,6 +97,15 @@ public void acquireTokenWithUsernamePassword_ADFSv2(String environment) throws E assertAcquireTokenCommonAAD(user); } + @Test + public void acquireTokenWithUsernamePassword_Ciam() throws Exception { + + User user = labUserProvider.getCiamUser(); + + assertAcquireTokenCommon(user, TestConstants.CIAM_AUTHORITY, TestConstants.GRAPH_DEFAULT_SCOPE, + user.getAppId()); + } + @Test public void acquireTokenWithUsernamePassword_AuthorityWithPort() throws Exception { User user = labUserProvider.getDefaultUser(); @@ -108,10 +117,6 @@ public void acquireTokenWithUsernamePassword_AuthorityWithPort() throws Exceptio user.getAppId()); } - private void assertAcquireTokenCommonADFS(User user) throws Exception { - assertAcquireTokenCommon(user, TestConstants.ADFS_AUTHORITY, TestConstants.ADFS_SCOPE, - TestConstants.ADFS_APP_ID); - } private void assertAcquireTokenCommonAAD(User user) throws Exception { assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), @@ -132,9 +137,7 @@ private void assertAcquireTokenCommon(User user, String authority, String scope, .build()) .get(); - Assert.assertNotNull(result); - Assert.assertNotNull(result.accessToken()); - Assert.assertNotNull(result.idToken()); + assertTokenResultNotNull(result); Assert.assertEquals(user.getUpn(), result.account().username()); } @@ -157,9 +160,7 @@ public void acquireTokenWithUsernamePassword_B2C_CustomAuthority() throws Except .build()) .get(); - Assert.assertNotNull(result); - Assert.assertNotNull(result.accessToken()); - Assert.assertNotNull(result.idToken()); + assertTokenResultNotNull(result); IAccount account = pca.getAccounts().join().iterator().next(); SilentParameters.builder(Collections.singleton(TestConstants.B2C_READ_SCOPE), account); @@ -169,9 +170,7 @@ public void acquireTokenWithUsernamePassword_B2C_CustomAuthority() throws Except .build()) .get(); - Assert.assertNotNull(result); - Assert.assertNotNull(result.accessToken()); - Assert.assertNotNull(result.idToken()); + assertTokenResultNotNull(result); } @Test @@ -193,9 +192,7 @@ public void acquireTokenWithUsernamePassword_B2C_LoginMicrosoftOnline() throws E .build()) .get(); - Assert.assertNotNull(result); - Assert.assertNotNull(result.accessToken()); - Assert.assertNotNull(result.idToken()); + assertTokenResultNotNull(result); IAccount account = pca.getAccounts().join().iterator().next(); SilentParameters.builder(Collections.singleton(TestConstants.B2C_READ_SCOPE), account); @@ -205,6 +202,10 @@ public void acquireTokenWithUsernamePassword_B2C_LoginMicrosoftOnline() throws E .build()) .get(); + assertTokenResultNotNull(result); + } + + private void assertTokenResultNotNull(IAuthenticationResult result) { Assert.assertNotNull(result); Assert.assertNotNull(result.accessToken()); Assert.assertNotNull(result.idToken()); diff --git a/msal4j-sdk/src/integrationtest/java/labapi/AppCredentialProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/AppCredentialProvider.java index af949eec..2a458449 100644 --- a/msal4j-sdk/src/integrationtest/java/labapi/AppCredentialProvider.java +++ b/msal4j-sdk/src/integrationtest/java/labapi/AppCredentialProvider.java @@ -35,8 +35,11 @@ public AppCredentialProvider(String azureEnvironment) { oboClientId = LabConstants.ARLINGTON_OBO_APP_ID; oboAppIdURI = "https://arlmsidlab1.us/IDLABS_APP_Confidential_Client"; - oboPassword = keyVaultSecretsProvider. - getSecret(LabService.getApp(oboClientId).clientSecret); + oboPassword = keyVaultSecretsProvider.getSecret(LabService.getApp(oboClientId).clientSecret); + break; + case AzureEnvironment.CIAM: + oboPassword = keyVaultSecretsProvider.getSecret(LabConstants.CIAM_KEY_VAULT_SECRET_KEY); + break; default: throw new UnsupportedOperationException("Azure Environment - " + azureEnvironment + " unsupported"); diff --git a/msal4j-sdk/src/integrationtest/java/labapi/AzureEnvironment.java b/msal4j-sdk/src/integrationtest/java/labapi/AzureEnvironment.java index 3b1dbb7f..6faa0e54 100644 --- a/msal4j-sdk/src/integrationtest/java/labapi/AzureEnvironment.java +++ b/msal4j-sdk/src/integrationtest/java/labapi/AzureEnvironment.java @@ -10,4 +10,5 @@ public class AzureEnvironment { public static final String AZURE = "azurecloud"; public static final String AZURE_PPE = "azureppe"; public static final String AZURE_US_GOVERNMENT = "azureusgovernment"; + public static final String CIAM = "ciam"; } diff --git a/msal4j-sdk/src/integrationtest/java/labapi/FederationProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/FederationProvider.java index e586fe5b..39291622 100644 --- a/msal4j-sdk/src/integrationtest/java/labapi/FederationProvider.java +++ b/msal4j-sdk/src/integrationtest/java/labapi/FederationProvider.java @@ -12,6 +12,7 @@ public class FederationProvider { public static final String ADFS_2019 = "adfsv2019"; public static final String PING = "ping"; public static final String SHIBBOLETH = "shibboleth"; + public static final String CIAM = "ciam"; } diff --git a/msal4j-sdk/src/integrationtest/java/labapi/LabConstants.java b/msal4j-sdk/src/integrationtest/java/labapi/LabConstants.java index ba3ddf81..569acafd 100644 --- a/msal4j-sdk/src/integrationtest/java/labapi/LabConstants.java +++ b/msal4j-sdk/src/integrationtest/java/labapi/LabConstants.java @@ -14,6 +14,7 @@ public class LabConstants { public final static String USER_MSA_USERNAME_URL = "https://msidlabs.vault.azure.net/secrets/MSA-MSIDLAB4-UserName"; public final static String USER_MSA_PASSWORD_URL = "https://msidlabs.vault.azure.net/secrets/MSA-MSIDLAB4-Password"; public final static String OBO_APP_PASSWORD_URL = "https://msidlabs.vault.azure.net/secrets/TodoListServiceV2-OBO"; + public final static String CIAM_KEY_VAULT_SECRET_KEY = "https://msidlabs.vault.azure.net/secrets/MSIDLABCIAM1-cc"; public final static String ARLINGTON_APP_ID = "cb7faed4-b8c0-49ee-b421-f5ed16894c83"; public final static String ARLINGTON_OBO_APP_ID = "c0555d2d-02f2-4838-802e-3463422e571d"; diff --git a/msal4j-sdk/src/integrationtest/java/labapi/LabUserProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/LabUserProvider.java index c169d8a7..68eca889 100644 --- a/msal4j-sdk/src/integrationtest/java/labapi/LabUserProvider.java +++ b/msal4j-sdk/src/integrationtest/java/labapi/LabUserProvider.java @@ -105,6 +105,16 @@ public User getUserByGuestHomeAzureEnvironments(String guestEnvironment, String return getLabUser(query); } + public User getCiamUser() { + + UserQueryParameters query = new UserQueryParameters(); + query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER, FederationProvider.CIAM); + query.parameters.put(UserQueryParameters.SIGN_IN_AUDIENCE, "azureadmyorg"); + query.parameters.put(UserQueryParameters.PUBLIC_CLIENT, "no"); + + return getLabUser(query); + } + public User getLabUser(UserQueryParameters userQuery) { if (userCache.containsKey(userQuery)) { return userCache.get(userQuery); diff --git a/msal4j-sdk/src/integrationtest/java/labapi/UserQueryParameters.java b/msal4j-sdk/src/integrationtest/java/labapi/UserQueryParameters.java index 56243152..b25c46cb 100644 --- a/msal4j-sdk/src/integrationtest/java/labapi/UserQueryParameters.java +++ b/msal4j-sdk/src/integrationtest/java/labapi/UserQueryParameters.java @@ -22,6 +22,7 @@ public class UserQueryParameters { public static final String HOME_AZURE_ENVIRONMENT = "guesthomeazureenvironment"; public static final String GUEST_HOME_DIN = "guesthomedin"; public static final String SIGN_IN_AUDIENCE = "signInAudience"; + public static final String PUBLIC_CLIENT = "publicClient"; public Map parameters = new HashMap<>(); } From 3bfa0427df7e60b5b2cd3fa65543479f14f5c64c Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 13 Mar 2023 13:53:52 -0500 Subject: [PATCH 38/65] expose extraQueryParameters --- .../com.microsoft.aad.msal4j/TokenCacheIT.java | 6 ++++++ .../aad/msal4j/AuthorizationCodeParameters.java | 5 +++++ .../AuthorizationRequestUrlParameters.java | 11 +++++++++++ .../aad/msal4j/ClientCredentialParameters.java | 5 +++++ .../aad/msal4j/DeviceCodeFlowParameters.java | 5 +++++ ...ntegratedWindowsAuthenticationParameters.java | 5 +++++ .../microsoft/aad/msal4j/InteractiveRequest.java | 16 +++++++++++++++- .../aad/msal4j/InteractiveRequestParameters.java | 5 +++++ .../aad/msal4j/OnBehalfOfParameters.java | 5 +++++ .../aad/msal4j/RefreshTokenParameters.java | 5 +++++ .../microsoft/aad/msal4j/SilentParameters.java | 5 +++++ .../aad/msal4j/TokenRequestExecutor.java | 9 +++++++++ .../aad/msal4j/UserNamePasswordParameters.java | 5 +++++ 13 files changed, 86 insertions(+), 1 deletion(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java index 66bd6f90..70da5288 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java @@ -9,6 +9,8 @@ import org.testng.annotations.Test; import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import java.util.Set; public class TokenCacheIT { @@ -32,10 +34,14 @@ public void singleAccountInCache_RemoveAccountTest() throws Exception { // Check that cache is empty Assert.assertEquals(pca.getAccounts().join().size(), 0); + Map extraQueryParameters = new HashMap<>(); + extraQueryParameters.put("test", "test"); + pca.acquireToken(UserNamePasswordParameters. builder(Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE), user.getUpn(), user.getPassword().toCharArray()) + .extraQueryParameters(extraQueryParameters) .build()) .get(); diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java index 85d2fc3c..73a1b0c3 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java @@ -57,6 +57,11 @@ public class AuthorizationCodeParameters implements IAcquireTokenParameters { */ private Map extraHttpHeaders; + /** + * Adds additional query parameters to the token request + */ + private Map extraQueryParameters; + /** * Overrides the tenant value in the authority URL for this request */ diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java index c52c0eb6..f0dd998b 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java @@ -37,6 +37,8 @@ public class AuthorizationRequestUrlParameters { //Unlike other prompts (which are sent as query parameters), admin consent has its own endpoint format private static final String ADMIN_CONSENT_ENDPOINT = "https://login.microsoftonline.com/{tenant}/adminconsent"; + Map extraQueryParameters; + Map> requestParameters = new HashMap<>(); public static Builder builder(String redirectUri, @@ -152,6 +154,7 @@ private AuthorizationRequestUrlParameters(Builder builder) { this.instanceAware = builder.instanceAware; requestParameters.put("instance_aware", Collections.singletonList(String.valueOf(instanceAware))); } + } URL createAuthorizationURL(Authority authority, @@ -166,6 +169,14 @@ URL createAuthorizationURL(Authority authority, authorizationCodeEndpoint = authority.authorizationEndpoint(); } + if(null != extraQueryParameters && !extraQueryParameters.isEmpty()){ + for(Map.Entry entry: extraQueryParameters.entrySet()){ + String key = entry.getKey(); + String value = entry.getValue(); + requestParameters.put(key, Collections.singletonList(value)); + } + } + String uriString = authorizationCodeEndpoint + "?" + URLUtils.serializeParameters(requestParameters); diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java index 367516c0..440c5e08 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java @@ -44,6 +44,11 @@ public class ClientCredentialParameters implements IAcquireTokenParameters { */ private Map extraHttpHeaders; + /** + * Adds additional query parameters to the token request + */ + private Map extraQueryParameters; + /** * Overrides the tenant value in the authority URL for this request */ diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java index daede3d7..63f9c8e3 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java @@ -49,6 +49,11 @@ public class DeviceCodeFlowParameters implements IAcquireTokenParameters { */ private Map extraHttpHeaders; + /** + * Adds additional query parameters to the token request + */ + private Map extraQueryParameters; + /** * Overrides the tenant value in the authority URL for this request */ diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java index bd245fd3..cee5865d 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java @@ -46,6 +46,11 @@ public class IntegratedWindowsAuthenticationParameters implements IAcquireTokenP */ private Map extraHttpHeaders; + /** + * Adds additional parameters to the token request + */ + private Map extraQueryParameters; + /** * Overrides the tenant value in the authority URL for this request */ diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java index 2c024bb9..094830c2 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java @@ -12,6 +12,8 @@ import java.net.URL; import java.security.SecureRandom; import java.util.Base64; +import java.util.Collections; +import java.util.Map; import java.util.UUID; import java.util.concurrent.CompletableFuture; import java.util.concurrent.atomic.AtomicReference; @@ -90,8 +92,20 @@ private URL createAuthorizationUrl() { .instanceAware(interactiveRequestParameters.instanceAware()); addPkceAndState(authorizationRequestUrlBuilder); + AuthorizationRequestUrlParameters authorizationRequestUrlParameters = + authorizationRequestUrlBuilder.build(); + + if(null != interactiveRequestParameters.extraQueryParameters() && !interactiveRequestParameters.extraQueryParameters().isEmpty()){ + Map extraQueryParameters = interactiveRequestParameters.extraQueryParameters(); + for(Map.Entry entry: extraQueryParameters.entrySet()){ + String key = entry.getKey(); + String value = entry.getValue(); + authorizationRequestUrlParameters.requestParameters.put(key, Collections.singletonList(value)); + } + } + return publicClientApplication.getAuthorizationRequestUrl( - authorizationRequestUrlBuilder.build()); + authorizationRequestUrlParameters); } private void addPkceAndState(AuthorizationRequestUrlParameters.Builder builder) { diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java index acdb638a..33e89eab 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java @@ -80,6 +80,11 @@ public class InteractiveRequestParameters implements IAcquireTokenParameters { */ private Map extraHttpHeaders; + /** + * Adds additional query parameters to the token request + */ + private Map extraQueryParameters; + /** * Overrides the tenant value in the authority URL for this request */ diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java index 633b41dc..1c929bc4 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java @@ -46,6 +46,11 @@ public class OnBehalfOfParameters implements IAcquireTokenParameters { */ private Map extraHttpHeaders; + /** + * Adds additional parameters to the token request + */ + private Map extraQueryParameters; + /** * Overrides the tenant value in the authority URL for this request */ diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java index 5a9750b0..862462a4 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java @@ -48,6 +48,11 @@ public class RefreshTokenParameters implements IAcquireTokenParameters { */ private Map extraHttpHeaders; + /** + * Adds additional parameters to the token request + */ + private Map extraQueryParameters; + /** * Overrides the tenant value in the authority URL for this request */ diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java index 8778a07b..429c5dbb 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java @@ -54,6 +54,11 @@ public class SilentParameters implements IAcquireTokenParameters { */ private Map extraHttpHeaders; + /** + * Adds additional query parameters to the token request + */ + private Map extraQueryParameters; + /** * Overrides the tenant value in the authority URL for this request */ diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java index a8ab5194..35414e29 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java @@ -67,6 +67,15 @@ OAuthHttpRequest createOauthHttpRequest() throws SerializeException, MalformedUR params.put("claims", Collections.singletonList(claimsRequest)); } + if(msalRequest.requestContext().apiParameters().extraQueryParameters() != null ){ + for(String key: msalRequest.requestContext().apiParameters().extraQueryParameters().keySet()){ + if(params.containsKey(key)){ + throw new MsalClientException("Conflicting keys",""); + } + params.put(key, Collections.singletonList(msalRequest.requestContext().apiParameters().extraQueryParameters().get(key))); + } + } + oauthHttpRequest.setQuery(URLUtils.serializeParameters(params)); if (msalRequest.application().clientAuthentication() != null) { diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java index b7f70f55..cc4dab0c 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java @@ -53,6 +53,11 @@ public class UserNamePasswordParameters implements IAcquireTokenParameters { */ private Map extraHttpHeaders; + /** + * Adds additional query parameters to the token request + */ + private Map extraQueryParameters; + /** * Overrides the tenant value in the authority URL for this request */ From 82a91552bc2ae73f2070cdb784afa347076928d9 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 13 Mar 2023 17:01:36 -0500 Subject: [PATCH 39/65] expose extraQueryParameters --- .../java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java index d226ed3f..f79219f9 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java @@ -16,4 +16,6 @@ interface IAcquireTokenParameters { Map extraHttpHeaders(); String tenant(); + + Map extraQueryParameters(); } From 974cc558aed201673a0c81c0a651b9b411ae018c Mon Sep 17 00:00:00 2001 From: siddhijain Date: Wed, 15 Mar 2023 16:30:47 -0500 Subject: [PATCH 40/65] ExtraQueryParameters tests --- .../AcquireTokenSilentIT.java | 14 +++++---- .../AuthorizationCodeIT.java | 1 + .../AuthorizationRequestUrlParameters.java | 30 ++++++++++++++----- .../aad/msal4j/InteractiveRequest.java | 14 ++------- .../aad/msal4j/TokenRequestExecutor.java | 2 +- ...AuthorizationRequestUrlParametersTest.java | 23 ++++++++++++++ 6 files changed, 58 insertions(+), 26 deletions(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java index 070ee6b2..56d5f7d5 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java @@ -9,10 +9,7 @@ import org.testng.annotations.Test; import java.net.MalformedURLException; -import java.util.Collections; -import java.util.Date; -import java.util.HashSet; -import java.util.Set; +import java.util.*; import java.util.concurrent.ExecutionException; import static com.microsoft.aad.msal4j.TestConstants.KEYVAULT_DEFAULT_SCOPE; @@ -178,9 +175,12 @@ public void acquireTokenSilent_ConfidentialClient_acquireTokenSilent(String envi cfg = new Config(environment); IConfidentialClientApplication cca = getConfidentialClientApplications(); - + //test that adding extra query parameters does not break the flow + Map extraParameters = new HashMap<>(); + extraParameters.put("test","test"); IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters .builder(Collections.singleton(cfg.graphDefaultScope())) + .extraQueryParameters(extraParameters) .build()) .get(); @@ -191,6 +191,7 @@ public void acquireTokenSilent_ConfidentialClient_acquireTokenSilent(String envi result = cca.acquireTokenSilently(SilentParameters .builder(Collections.singleton(cfg.graphDefaultScope())) + .extraQueryParameters(extraParameters) .build()) .get(); @@ -401,10 +402,13 @@ private IAuthenticationResult acquireTokenSilently(IPublicClientApplication pca, } private IAuthenticationResult acquireTokenUsernamePassword(User user, IPublicClientApplication pca, String scope) throws InterruptedException, ExecutionException { + Map map = new HashMap<>(); + map.put("test","test"); return pca.acquireToken(UserNamePasswordParameters. builder(Collections.singleton(scope), user.getUpn(), user.getPassword().toCharArray()) + .extraQueryParameters(map) .build()) .get(); } diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java index 80058c8e..26bbe6d3 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java @@ -229,6 +229,7 @@ private IAuthenticationResult acquireTokenInteractiveB2C(ConfidentialClientAppli result = cca.acquireToken(AuthorizationCodeParameters .builder(authCode, new URI(TestConstants.LOCALHOST + httpListener.port())) .scopes(Collections.singleton(TestConstants.B2C_LAB_SCOPE)) + .extraQueryParameters(new HashMap<>()) .build()) .get(); } catch (Exception e) { diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java index f0dd998b..de2fcf05 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java @@ -155,6 +155,18 @@ private AuthorizationRequestUrlParameters(Builder builder) { requestParameters.put("instance_aware", Collections.singletonList(String.valueOf(instanceAware))); } + if(null != builder.extraQueryParameters && !builder.extraQueryParameters.isEmpty()){ + this.extraQueryParameters = builder.extraQueryParameters; + for(Map.Entry entry: this.extraQueryParameters.entrySet()){ + String key = entry.getKey(); + String value = entry.getValue(); + if(requestParameters.containsKey(key)){ + throw new MsalClientException("Conflicting parameters", "400 - Bad Request"); + } + requestParameters.put(key, Collections.singletonList(value)); + } + } + } URL createAuthorizationURL(Authority authority, @@ -169,14 +181,6 @@ URL createAuthorizationURL(Authority authority, authorizationCodeEndpoint = authority.authorizationEndpoint(); } - if(null != extraQueryParameters && !extraQueryParameters.isEmpty()){ - for(Map.Entry entry: extraQueryParameters.entrySet()){ - String key = entry.getKey(); - String value = entry.getValue(); - requestParameters.put(key, Collections.singletonList(value)); - } - } - String uriString = authorizationCodeEndpoint + "?" + URLUtils.serializeParameters(requestParameters); @@ -205,6 +209,7 @@ public static class Builder { private Prompt prompt; private String correlationId; private boolean instanceAware; + private Map extraQueryParameters; public AuthorizationRequestUrlParameters build() { return new AuthorizationRequestUrlParameters(this); @@ -351,5 +356,14 @@ public Builder instanceAware(boolean val) { this.instanceAware = val; return self(); } + + /** + * Query parameters that you can add to the request, + * in addition to the list of parameters already provided. + */ + public Builder extraQueryParameters(Map val) { + this.extraQueryParameters = val; + return self(); + } } } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java index 094830c2..93a6b462 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java @@ -12,8 +12,6 @@ import java.net.URL; import java.security.SecureRandom; import java.util.Base64; -import java.util.Collections; -import java.util.Map; import java.util.UUID; import java.util.concurrent.CompletableFuture; import java.util.concurrent.atomic.AtomicReference; @@ -89,21 +87,13 @@ private URL createAuthorizationUrl() { .loginHint(interactiveRequestParameters.loginHint()) .domainHint(interactiveRequestParameters.domainHint()) .correlationId(publicClientApplication.correlationId()) - .instanceAware(interactiveRequestParameters.instanceAware()); + .instanceAware(interactiveRequestParameters.instanceAware()) + .extraQueryParameters(interactiveRequestParameters.extraQueryParameters()); addPkceAndState(authorizationRequestUrlBuilder); AuthorizationRequestUrlParameters authorizationRequestUrlParameters = authorizationRequestUrlBuilder.build(); - if(null != interactiveRequestParameters.extraQueryParameters() && !interactiveRequestParameters.extraQueryParameters().isEmpty()){ - Map extraQueryParameters = interactiveRequestParameters.extraQueryParameters(); - for(Map.Entry entry: extraQueryParameters.entrySet()){ - String key = entry.getKey(); - String value = entry.getValue(); - authorizationRequestUrlParameters.requestParameters.put(key, Collections.singletonList(value)); - } - } - return publicClientApplication.getAuthorizationRequestUrl( authorizationRequestUrlParameters); } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java index 35414e29..8b20e9fe 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java @@ -70,7 +70,7 @@ OAuthHttpRequest createOauthHttpRequest() throws SerializeException, MalformedUR if(msalRequest.requestContext().apiParameters().extraQueryParameters() != null ){ for(String key: msalRequest.requestContext().apiParameters().extraQueryParameters().keySet()){ if(params.containsKey(key)){ - throw new MsalClientException("Conflicting keys",""); + throw new MsalClientException("Conflicting parameters","400 - Bad Request"); } params.put(key, Collections.singletonList(msalRequest.requestContext().apiParameters().extraQueryParameters().get(key))); } diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java index 589bb339..81dc9a9e 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java @@ -20,14 +20,20 @@ public void testBuilder_onlyRequiredParameters() throws UnsupportedEncodingExcep String redirectUri = "http://localhost:8080"; Set scope = Collections.singleton("scope"); + Map extraParameters = new HashMap<>(); + extraParameters.put("id_token_hint", "test"); + extraParameters.put("another_param", "some_value"); + AuthorizationRequestUrlParameters parameters = AuthorizationRequestUrlParameters .builder(redirectUri, scope) + .extraQueryParameters(extraParameters) .build(); Assert.assertEquals(parameters.responseMode(), ResponseMode.FORM_POST); Assert.assertEquals(parameters.redirectUri(), redirectUri); Assert.assertEquals(parameters.scopes().size(), 4); + Assert.assertEquals(parameters.extraQueryParameters.size(), 2); Assert.assertNull(parameters.loginHint()); Assert.assertNull(parameters.codeChallenge()); @@ -58,6 +64,7 @@ public void testBuilder_onlyRequiredParameters() throws UnsupportedEncodingExcep Assert.assertEquals(queryParameters.get("redirect_uri"), "http://localhost:8080"); Assert.assertEquals(queryParameters.get("client_id"), "client_id"); Assert.assertEquals(queryParameters.get("response_mode"), "form_post"); + Assert.assertEquals(queryParameters.get("id_token_hint"),"test"); } @Test(expectedExceptions = IllegalArgumentException.class) @@ -71,6 +78,22 @@ public void testBuilder_invalidRequiredParameters() { .build(); } + @Test(expectedExceptions = MsalClientException.class, expectedExceptionsMessageRegExp = "Conflicting parameters") + public void testBuilder_conflictingParameters() { + PublicClientApplication app = PublicClientApplication.builder("client_id").build(); + + String redirectUri = "http://localhost:8080"; + Set scope = Collections.singleton("scope"); + + Map extraParameters = new HashMap<>(); + extraParameters.put("scope", "scope"); + + AuthorizationRequestUrlParameters + .builder(redirectUri, scope) + .extraQueryParameters(extraParameters) + .build(); + } + @Test public void testBuilder_optionalParameters() throws UnsupportedEncodingException { Set clientCapabilities = new HashSet<>(); From 34c3b015ba7afa36e99770d2294e1352281f6bff Mon Sep 17 00:00:00 2001 From: siddhijain Date: Thu, 16 Mar 2023 15:24:25 -0500 Subject: [PATCH 41/65] retrigger the tests --- .../microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java | 1 - 1 file changed, 1 deletion(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java index de2fcf05..ea09f64e 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java @@ -166,7 +166,6 @@ private AuthorizationRequestUrlParameters(Builder builder) { requestParameters.put(key, Collections.singletonList(value)); } } - } URL createAuthorizationURL(Authority authority, From e6daa314e01f284a98974ee82a8d3b3d8c112907 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Tue, 21 Mar 2023 22:17:53 -0500 Subject: [PATCH 42/65] Updated an existing test case to check added parameters --- .../ConfidentialClientApplicationUnitT.java | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java index cef021f7..66d35c27 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java @@ -31,7 +31,6 @@ import java.util.*; import java.util.concurrent.CompletableFuture; import java.util.concurrent.Future; -import java.util.function.Function; import static com.microsoft.aad.msal4j.TestConstants.KEYVAULT_DEFAULT_SCOPE; import static org.easymock.EasyMock.*; @@ -261,6 +260,8 @@ public void testClientAssertion_acquireToken() throws Exception{ Assert.assertTrue(body.contains("client_assertion_type=" + URLEncoder.encode(JWTAuthentication.CLIENT_ASSERTION_TYPE, "utf-8"))); Assert.assertTrue(body.contains("scope=" + URLEncoder.encode("openid profile offline_access " + scope, "utf-8"))); Assert.assertTrue(body.contains("client_id=" + TestConfiguration.AAD_CLIENT_ID)); + Assert.assertTrue(body.contains("test=test")); + Assert.assertTrue(body.contains("id_token_hint=token_hint_value")); } private ServiceBundle mockedServiceBundle(IHttpClient httpClientMock) { @@ -274,7 +275,15 @@ private ServiceBundle mockedServiceBundle(IHttpClient httpClientMock) { private ClientCredentialRequest getClientCredentialRequest(ConfidentialClientApplication app, String scope) { Set scopes = new HashSet<>(); scopes.add(scope); - ClientCredentialParameters clientCredentials = ClientCredentialParameters.builder(scopes).tenant(IdToken.TENANT_IDENTIFIER).build(); + + Map extraQueryParameters = new HashMap<>(); + extraQueryParameters.put("id_token_hint", "token_hint_value"); + extraQueryParameters.put("test", "test"); + + ClientCredentialParameters clientCredentials = ClientCredentialParameters.builder(scopes) + .tenant(IdToken.TENANT_IDENTIFIER) + .extraQueryParameters(extraQueryParameters) + .build(); RequestContext requestContext = new RequestContext( app, PublicApi.ACQUIRE_TOKEN_FOR_CLIENT, From 6106d521e6760bd5cf17a7b32f410e9e125fd4f1 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Tue, 21 Mar 2023 23:01:22 -0500 Subject: [PATCH 43/65] Replace exception with warning --- .../aad/msal4j/AuthorizationRequestUrlParameters.java | 6 +++++- .../java/com/microsoft/aad/msal4j/TokenRequestExecutor.java | 4 ++-- .../aad/msal4j/AuthorizationRequestUrlParametersTest.java | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java index ea09f64e..da1feccc 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java @@ -7,6 +7,8 @@ import lombok.Getter; import lombok.NonNull; import lombok.experimental.Accessors; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import java.net.MalformedURLException; import java.net.URL; @@ -41,6 +43,8 @@ public class AuthorizationRequestUrlParameters { Map> requestParameters = new HashMap<>(); + Logger log = LoggerFactory.getLogger(AuthorizationRequestUrlParameters.class); + public static Builder builder(String redirectUri, Set scopes) { @@ -161,7 +165,7 @@ private AuthorizationRequestUrlParameters(Builder builder) { String key = entry.getKey(); String value = entry.getValue(); if(requestParameters.containsKey(key)){ - throw new MsalClientException("Conflicting parameters", "400 - Bad Request"); + log.warn("A query parameter {} has been provided with values multiple times.", key); } requestParameters.put(key, Collections.singletonList(value)); } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java index 8b20e9fe..50805df2 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java @@ -34,7 +34,7 @@ class TokenRequestExecutor { AuthenticationResult executeTokenRequest() throws ParseException, IOException { - log.debug("Sending token request to: " + requestAuthority.canonicalAuthorityUrl()); + log.debug("Sending token request to: {}", requestAuthority.canonicalAuthorityUrl()); OAuthHttpRequest oAuthHttpRequest = createOauthHttpRequest(); HTTPResponse oauthHttpResponse = oAuthHttpRequest.send(); return createAuthenticationResultFromOauthHttpResponse(oauthHttpResponse); @@ -70,7 +70,7 @@ OAuthHttpRequest createOauthHttpRequest() throws SerializeException, MalformedUR if(msalRequest.requestContext().apiParameters().extraQueryParameters() != null ){ for(String key: msalRequest.requestContext().apiParameters().extraQueryParameters().keySet()){ if(params.containsKey(key)){ - throw new MsalClientException("Conflicting parameters","400 - Bad Request"); + log.warn("A query parameter {} has been provided with values multiple times.", key); } params.put(key, Collections.singletonList(msalRequest.requestContext().apiParameters().extraQueryParameters().get(key))); } diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java index 81dc9a9e..66dd4f3a 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java @@ -78,7 +78,7 @@ public void testBuilder_invalidRequiredParameters() { .build(); } - @Test(expectedExceptions = MsalClientException.class, expectedExceptionsMessageRegExp = "Conflicting parameters") + @Test public void testBuilder_conflictingParameters() { PublicClientApplication app = PublicClientApplication.builder("client_id").build(); From 50249de3f1dd86da8b2e25e25442232e1bbe3178 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Thu, 23 Mar 2023 13:32:14 -0500 Subject: [PATCH 44/65] version updates for release --- msal4j-sdk/README.md | 6 +++--- msal4j-sdk/bnd.bnd | 2 +- msal4j-sdk/changelog.txt | 6 ++++++ msal4j-sdk/pom.xml | 2 +- msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-obo-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-web-sample/pom.xml | 2 +- 7 files changed, 14 insertions(+), 8 deletions(-) diff --git a/msal4j-sdk/README.md b/msal4j-sdk/README.md index 020c49f3..80e703e6 100644 --- a/msal4j-sdk/README.md +++ b/msal4j-sdk/README.md @@ -16,7 +16,7 @@ Quick links: The library supports the following Java environments: - Java 8 (or higher) -Current version - 1.13.5 +Current version - 1.13.6 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt). @@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti com.microsoft.azure msal4j - 1.13.5 + 1.13.6 ``` ### Gradle ```gradle -compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.5' +compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.6' ``` ## Usage diff --git a/msal4j-sdk/bnd.bnd b/msal4j-sdk/bnd.bnd index e6238bc3..1bb281cf 100644 --- a/msal4j-sdk/bnd.bnd +++ b/msal4j-sdk/bnd.bnd @@ -1,2 +1,2 @@ -Export-Package: com.microsoft.aad.msal4j;version="1.13.5" +Export-Package: com.microsoft.aad.msal4j;version="1.13.6" Automatic-Module-Name: com.microsoft.aad.msal4j diff --git a/msal4j-sdk/changelog.txt b/msal4j-sdk/changelog.txt index 0a999672..b9c1b222 100644 --- a/msal4j-sdk/changelog.txt +++ b/msal4j-sdk/changelog.txt @@ -1,3 +1,9 @@ +Version 1.13.6 +============= +- Added ExtraQueryParameters API. +- added tests for a CIAM user. +- updated condition to throw exception only for an invalid authority while performing instance discovery. + Version 1.13.5 ============= - fixed url for admin consent. diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index 92d25e82..c82b2869 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.microsoft.azure msal4j - 1.13.5 + 1.13.6 jar msal4j diff --git a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml index d9bd76d9..1144042d 100644 --- a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.5 + 1.13.6 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml index ef209273..20b1dbd1 100644 --- a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.5 + 1.13.6 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-web-sample/pom.xml index c77a2056..993dc540 100644 --- a/msal4j-sdk/src/samples/msal-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.5 + 1.13.6 com.nimbusds From fa63cadac9ad8e399f591d49b52000b96fed7a35 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Fri, 24 Mar 2023 12:55:39 -0500 Subject: [PATCH 45/65] update json-smart version --- msal4j-sdk/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index c82b2869..81e4293b 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -41,7 +41,7 @@ net.minidev json-smart - 2.4.8 + 2.4.9 org.slf4j From bc993943908a9ad859c470ce7f90132b8f0f43e5 Mon Sep 17 00:00:00 2001 From: Siddhi Date: Mon, 27 Mar 2023 10:36:00 -0500 Subject: [PATCH 46/65] Updated json-smart version Updated json-smart version to a 'bug-free' version --- msal4j-sdk/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index 81e4293b..a1f3bcfc 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -41,7 +41,7 @@ net.minidev json-smart - 2.4.9 + 2.4.10 org.slf4j From 34b2d83ac5c1fcd0340e8885bfda2daa43f59ec7 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 27 Mar 2023 17:37:05 -0500 Subject: [PATCH 47/65] version updates for release --- msal4j-sdk/README.md | 6 +++--- msal4j-sdk/bnd.bnd | 2 +- msal4j-sdk/changelog.txt | 4 ++++ msal4j-sdk/pom.xml | 2 +- msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-obo-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-web-sample/pom.xml | 2 +- 7 files changed, 12 insertions(+), 8 deletions(-) diff --git a/msal4j-sdk/README.md b/msal4j-sdk/README.md index 80e703e6..a757a24a 100644 --- a/msal4j-sdk/README.md +++ b/msal4j-sdk/README.md @@ -16,7 +16,7 @@ Quick links: The library supports the following Java environments: - Java 8 (or higher) -Current version - 1.13.6 +Current version - 1.13.7 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt). @@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti com.microsoft.azure msal4j - 1.13.6 + 1.13.7 ``` ### Gradle ```gradle -compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.6' +compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.7' ``` ## Usage diff --git a/msal4j-sdk/bnd.bnd b/msal4j-sdk/bnd.bnd index 1bb281cf..19957b7c 100644 --- a/msal4j-sdk/bnd.bnd +++ b/msal4j-sdk/bnd.bnd @@ -1,2 +1,2 @@ -Export-Package: com.microsoft.aad.msal4j;version="1.13.6" +Export-Package: com.microsoft.aad.msal4j;version="1.13.7" Automatic-Module-Name: com.microsoft.aad.msal4j diff --git a/msal4j-sdk/changelog.txt b/msal4j-sdk/changelog.txt index b9c1b222..7e0db649 100644 --- a/msal4j-sdk/changelog.txt +++ b/msal4j-sdk/changelog.txt @@ -1,3 +1,7 @@ +Version 1.13.7 +============= +- Update json-smart library version to a secured one. + Version 1.13.6 ============= - Added ExtraQueryParameters API. diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index c82b2869..95fb8589 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.microsoft.azure msal4j - 1.13.6 + 1.13.7 jar msal4j diff --git a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml index 1144042d..abcad221 100644 --- a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.6 + 1.13.7 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml index 20b1dbd1..289199f0 100644 --- a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.6 + 1.13.7 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-web-sample/pom.xml index 993dc540..bbb72c10 100644 --- a/msal4j-sdk/src/samples/msal-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.6 + 1.13.7 com.nimbusds From 7866c0e55a581a21fb9476cd5ead215bf3c543cb Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 10 Apr 2023 11:28:05 -0500 Subject: [PATCH 48/65] Initial commit --- .../TestConstants.java | 5 ++- .../UsernamePasswordIT.java | 22 ++++++++++-- .../msal4j/AbstractClientApplicationBase.java | 3 ++ .../com/microsoft/aad/msal4j/Authority.java | 35 ++++++++++++------- .../microsoft/aad/msal4j/AuthorityType.java | 2 +- .../microsoft/aad/msal4j/AuthorityTest.java | 26 ++++++++++++++ .../aad/msal4j/TestConfiguration.java | 4 +++ 7 files changed, 81 insertions(+), 16 deletions(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java index e76cb60c..d11fcdf8 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java @@ -34,7 +34,10 @@ public class TestConstants { public final static String REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_EASTUS = "eastus.login.microsoft.com"; - public final static String CIAM_AUTHORITY = MICROSOFT_AUTHORITY_HOST + "msidlabciam1.onmicrosoft.com"; +// public final static String CIAM_AUTHORITY = MICROSOFT_AUTHORITY_HOST + "msidlabciam1.onmicrosoft.com"; + public final static String CIAM_AUTHORITY = "https://msidlabciam1.ciamlogin.com/" + "msidlabciam1.onmicrosoft.com"; + + public final static String CIAM_TEST_AUTHORITY = "https://contoso0781.ciamlogin.com/6babcaad-604b-40ac-a9d7-9fd97c0b779f/v2.0/.well-known/openid-configuration?dc=ESTS-PUB-EUS-AZ1-FD000-TEST1&ciamhost=true"; public final static String ARLINGTON_ORGANIZATIONS_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + "organizations/"; public final static String ARLINGTON_TENANT_SPECIFIC_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + ARLINGTON_AUTHORITY_TENANT; diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java index cade6134..8b9c9fe0 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java @@ -9,6 +9,8 @@ import org.testng.annotations.Test; import java.util.Collections; +import java.util.HashMap; +import java.util.Map; @Test() public class UsernamePasswordIT { @@ -100,10 +102,24 @@ public void acquireTokenWithUsernamePassword_ADFSv2(String environment) throws E @Test public void acquireTokenWithUsernamePassword_Ciam() throws Exception { + Map extraQueryParameters = new HashMap<>(); + extraQueryParameters.put("dc","ESTS-PUB-EUS-AZ1-FD000-TEST1"); + User user = labUserProvider.getCiamUser(); + PublicClientApplication pca = PublicClientApplication.builder(user.getAppId()) + .authority("https://" + user.getLabName() + ".ciamlogin.com/") + .build(); - assertAcquireTokenCommon(user, TestConstants.CIAM_AUTHORITY, TestConstants.GRAPH_DEFAULT_SCOPE, - user.getAppId()); + + IAuthenticationResult result = pca.acquireToken(UserNamePasswordParameters. + builder(Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE), + user.getUpn(), + user.getPassword().toCharArray()) + .extraQueryParameters(extraQueryParameters) + .build()) + .get(); + + Assert.assertNotNull(result.accessToken()); } @Test @@ -125,6 +141,7 @@ private void assertAcquireTokenCommonAAD(User user) throws Exception { private void assertAcquireTokenCommon(User user, String authority, String scope, String appId) throws Exception { + PublicClientApplication pca = PublicClientApplication.builder( appId). authority(authority). @@ -135,6 +152,7 @@ private void assertAcquireTokenCommon(User user, String authority, String scope, user.getUpn(), user.getPassword().toCharArray()) .build()) + .get(); assertTokenResultNotNull(result); diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java index 0bcd0077..8eff75ba 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java @@ -366,6 +366,9 @@ public T authority(String val) throws MalformedURLException { case ADFS: authenticationAuthority = new ADFSAuthority(authorityURL); break; + case CIAM: + authenticationAuthority = new CIAMAuthority(authorityURL); + break; default: throw new IllegalArgumentException("Unsupported authority type."); } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java index dea2281b..dae8223e 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java @@ -54,7 +54,7 @@ private void setCommonAuthorityProperties() { this.host = canonicalAuthorityUrl.getAuthority().toLowerCase(); } - static Authority createAuthority(URL authorityUrl) { + static Authority createAuthority(URL authorityUrl) throws MalformedURLException{ validateAuthority(authorityUrl); AuthorityType authorityType = detectAuthorityType(authorityUrl); @@ -64,6 +64,8 @@ static Authority createAuthority(URL authorityUrl) { return new B2CAuthority(authorityUrl); } else if (authorityType == AuthorityType.ADFS) { return new ADFSAuthority(authorityUrl); + } else if(authorityType == AuthorityType.CIAM){ + return new CIAMAuthority(authorityUrl); } else { throw new IllegalArgumentException("Unsupported Authority Type"); } @@ -76,6 +78,9 @@ static AuthorityType detectAuthorityType(URL authorityUrl) { final String path = authorityUrl.getPath().substring(1); if (StringHelper.isBlank(path)) { + if(isCiamAuthority(authorityUrl.getHost())){ + return AuthorityType.CIAM; + } throw new IllegalArgumentException( "authority Uri should have at least one segment in the path (i.e. https:////...)"); } @@ -87,7 +92,9 @@ static AuthorityType detectAuthorityType(URL authorityUrl) { return AuthorityType.B2C; } else if (isAdfsAuthority(firstPath)) { return AuthorityType.ADFS; - } else { + } else if(isCiamAuthority(host)){ + return AuthorityType.CIAM; + } else{ return AuthorityType.AAD; } } @@ -103,10 +110,10 @@ static void validateAuthority(URL authorityUrl) { "authority is invalid format (contains fragment)"); } - if (!StringHelper.isBlank(authorityUrl.getQuery())) { - throw new IllegalArgumentException( - "authority cannot contain query parameters"); - } +// if (!StringHelper.isBlank(authorityUrl.getQuery())) { +// throw new IllegalArgumentException( +// "authority cannot contain query parameters"); +// } final String path = authorityUrl.getPath(); @@ -122,12 +129,12 @@ static void validateAuthority(URL authorityUrl) { IllegalArgumentExceptionMessages.AUTHORITY_URI_MISSING_PATH_SEGMENT); } - for (String segment : segments) { - if (StringHelper.isBlank(segment)) { - throw new IllegalArgumentException( - IllegalArgumentExceptionMessages.AUTHORITY_URI_EMPTY_PATH_SEGMENT); - } - } +// for (String segment : segments) { +// if (StringHelper.isBlank(segment)) { +// throw new IllegalArgumentException( +// IllegalArgumentExceptionMessages.AUTHORITY_URI_EMPTY_PATH_SEGMENT); +// } +// } } static String getTenant(URL authorityUrl, AuthorityType authorityType) { @@ -154,6 +161,10 @@ private static boolean isB2CAuthority(final String host, final String firstPath) return host.contains(B2C_HOST_SEGMENT) || firstPath.compareToIgnoreCase(B2C_PATH_SEGMENT) == 0; } + private static boolean isCiamAuthority(final String host){ + return host.endsWith(CIAMAuthority.CIAM_HOST_SEGMENT); + } + String deviceCodeEndpoint() { return deviceCodeEndpoint; } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java index aa442d74..f686f2f2 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java @@ -4,5 +4,5 @@ package com.microsoft.aad.msal4j; enum AuthorityType { - AAD, ADFS, B2C + AAD, ADFS, B2C, CIAM } diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java index ea5a99a8..cd0a8bf4 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java @@ -34,6 +34,32 @@ public void testDetectAuthorityType_B2C() throws Exception { Assert.assertEquals(Authority.detectAuthorityType(url), AuthorityType.B2C); } + @DataProvider(name = "ciamAuthorities") + public static Object[][] createCiamAuthorityData() throws MalformedURLException { + return new Object[][]{{new URL("https://msidlabciam1.ciamlogin.com/")}, + {new URL("https://msidlabciam1.ciamlogin.com/d57fb3d4-4b5a-4144-9328-9c1f7d58179d/")}, + {new URL("https://msidlabciam1.ciamlogin.com/msidlabciam1.onmicrosoft.com/")}, + {new URL("https://msidlabciam1.ciamlogin.com/aDomain/")}}; + } + + @Test(dataProvider = "ciamAuthorities") + public void testDetectAuthorityType_CIAM(URL authority) throws Exception { + Assert.assertEquals(Authority.detectAuthorityType(authority), AuthorityType.CIAM); + } + + @DataProvider(name = "validCiamAuthoritiesAndTransformedAuthority") + public static Object[][] createCiamAndTransformedAuthorityData() throws MalformedURLException { + return new Object[][]{{new URL("https://msidlabciam1.ciamlogin.com/"),new URL("https://msidlabciam1.ciamlogin.com/msidlabciam1.onmicrosoft.com/")}, + {new URL("https://msidlabciam1.ciamlogin.com/d57fb3d4-4b5a-4144-9328-9c1f7d58179d"),new URL("https://msidlabciam1.ciamlogin.com/d57fb3d4-4b5a-4144-9328-9c1f7d58179d")}, + {new URL("https://msidlabciam1.ciamlogin.com/msidlabciam1.onmicrosoft.com"),new URL("https://msidlabciam1.ciamlogin.com/msidlabciam1.onmicrosoft.com")}, + {new URL("https://msidlabciam1.ciamlogin.com/aDomain"),new URL("https://msidlabciam1.ciamlogin.com/aDomain")}}; + } + + @Test(dataProvider = "validCiamAuthoritiesAndTransformedAuthority") + public void testCiamAuthorityTransformation(URL authority, URL transformedAuthority) throws Exception{ + Assert.assertEquals(CIAMAuthority.transformAuthority(authority), transformedAuthority); + } + @Test(expectedExceptions = IllegalArgumentException.class, expectedExceptionsMessageRegExp = "Valid B2C 'authority' URLs should follow either of these formats.*") diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java index f3a4d810..e6e8e345 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java @@ -36,6 +36,10 @@ public final class TestConfiguration { public final static String B2C_AUTHORITY_CUSTOM_PORT = "https://login.microsoftonline.in:444/tfp/tenant/policy"; public final static String B2C_AUTHORITY_CUSTOM_PORT_TAIL_SLASH = "https://login.microsoftonline.in:444/tfp/tenant/policy/"; + public final static String CIAM_TENANT_NAME = "tenantName."; + public final static String CIAM_HOST_NAME = "ciamlogin.com"; + public final static String CIAM_AUTHORITY_ENDPOINT = "https://" + CIAM_TENANT_NAME + CIAM_HOST_NAME; + public static String INSTANCE_DISCOVERY_RESPONSE = "{" + "\"tenant_discovery_endpoint\":\"https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-appConfiguration\"," + "\"api-version\":\"1.1\"," + From a9d2ff74deb38ffd44bf029f13a34b883b677981 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 10 Apr 2023 12:10:18 -0500 Subject: [PATCH 49/65] add CIAM authority file --- .../microsoft/aad/msal4j/CIAMAuthority.java | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java new file mode 100644 index 00000000..8891046e --- /dev/null +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java @@ -0,0 +1,66 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.microsoft.aad.msal4j; + +import java.net.MalformedURLException; +import java.net.URL; + +public class CIAMAuthority extends Authority{ + + public static final String CIAM_HOST_SEGMENT = ".ciamlogin.com"; + + static final String AUTHORIZATION_ENDPOINT = "oauth2/v2.0/authorize"; + static final String TOKEN_ENDPOINT = "oauth2/v2.0/token"; + static final String DEVICE_CODE_ENDPOINT = "oauth2/v2.0/devicecode"; + + private static final String CIAM_AUTHORITY_FORMAT = "https://%s/%s/"; + private static final String DEVICE_CODE_ENDPOINT_FORMAT = CIAM_AUTHORITY_FORMAT + DEVICE_CODE_ENDPOINT; + + private static final String CIAM_AUTHORIZATION_ENDPOINT_FORMAT = CIAM_AUTHORITY_FORMAT + AUTHORIZATION_ENDPOINT; + private static final String CIAM_TOKEN_ENDPOINT_FORMAT = CIAM_AUTHORITY_FORMAT + TOKEN_ENDPOINT; + + CIAMAuthority(URL authorityUrl) throws MalformedURLException { + super(transformAuthority(authorityUrl), AuthorityType.CIAM); + setAuthorityProperties(); + this.authority = String.format(CIAM_AUTHORITY_FORMAT,host,tenant); + } + + protected static URL transformAuthority(URL originalAuthority) throws MalformedURLException { + URL fullAuthorityUrl = getFullAuthorityUrlFromAuthorityWithoutPath(originalAuthority); + String host = fullAuthorityUrl.getHost() + fullAuthorityUrl.getPath(); + String transformedAuthority = fullAuthorityUrl.toString(); + if(fullAuthorityUrl.getPath().equals("/")){ + int ciamHostIndex = host.indexOf(CIAMAuthority.CIAM_HOST_SEGMENT); + String tenant = host.substring(0 , ciamHostIndex); + transformedAuthority = fullAuthorityUrl + tenant + ".onmicrosoft.com/"; + } + return new URL(transformedAuthority); + } + + private void setAuthorityProperties() { + this.authorizationEndpoint = String.format(CIAM_AUTHORIZATION_ENDPOINT_FORMAT, host, tenant); + this.tokenEndpoint = String.format(CIAM_TOKEN_ENDPOINT_FORMAT, host, tenant); + this.deviceCodeEndpoint = String.format(DEVICE_CODE_ENDPOINT_FORMAT, host, tenant); + this.selfSignedJwtAudience = this.tokenEndpoint; + } + + /** This method takes a CIAM authority string of format "tenant.ciamlogin.com" or "https://tenant.ciamlogin.com" + and converts it into a full authority url with a path segment of format "/tenant.onmicrosoft.com" + * @param authorityURL authority to be transformed + * @return full CIAM authority with path + */ + public static URL getFullAuthorityUrlFromAuthorityWithoutPath(URL authorityURL) throws MalformedURLException { + String authority = authorityURL.toString(); + // Remove "https://" if it was included as part of the authority + if (authority.startsWith("https://")){ + authority = authority.substring(8); + } + if (authority.endsWith("/")){ + authority = authority.substring(0, authority.length() - 1); + } + // Split environment to isolate the tenant + final String tenant = authority.split("\\.")[0]; + return new URL("https://" + authority + "/" + tenant + ".onmicrosoft.com"); + } +} From 8737dcf3cca1a6f6d1e39ccc5799cb654dd54d08 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 10 Apr 2023 13:55:33 -0500 Subject: [PATCH 50/65] revert authority validation changes --- .../com/microsoft/aad/msal4j/Authority.java | 34 ++++++++++--------- .../microsoft/aad/msal4j/CIAMAuthority.java | 12 +++---- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java index dae8223e..a0d710e2 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java @@ -55,20 +55,22 @@ private void setCommonAuthorityProperties() { } static Authority createAuthority(URL authorityUrl) throws MalformedURLException{ - validateAuthority(authorityUrl); - +// validateAuthority(authorityUrl); + Authority createdAuthority; AuthorityType authorityType = detectAuthorityType(authorityUrl); if (authorityType == AuthorityType.AAD) { - return new AADAuthority(authorityUrl); + createdAuthority = new AADAuthority(authorityUrl); } else if (authorityType == AuthorityType.B2C) { - return new B2CAuthority(authorityUrl); + createdAuthority = new B2CAuthority(authorityUrl); } else if (authorityType == AuthorityType.ADFS) { - return new ADFSAuthority(authorityUrl); + createdAuthority = new ADFSAuthority(authorityUrl); } else if(authorityType == AuthorityType.CIAM){ - return new CIAMAuthority(authorityUrl); + createdAuthority = new CIAMAuthority(authorityUrl); } else { throw new IllegalArgumentException("Unsupported Authority Type"); } + validateAuthority(createdAuthority.canonicalAuthorityUrl()); + return createdAuthority; } static AuthorityType detectAuthorityType(URL authorityUrl) { @@ -110,10 +112,10 @@ static void validateAuthority(URL authorityUrl) { "authority is invalid format (contains fragment)"); } -// if (!StringHelper.isBlank(authorityUrl.getQuery())) { -// throw new IllegalArgumentException( -// "authority cannot contain query parameters"); -// } + if (!StringHelper.isBlank(authorityUrl.getQuery())) { + throw new IllegalArgumentException( + "authority cannot contain query parameters"); + } final String path = authorityUrl.getPath(); @@ -129,12 +131,12 @@ static void validateAuthority(URL authorityUrl) { IllegalArgumentExceptionMessages.AUTHORITY_URI_MISSING_PATH_SEGMENT); } -// for (String segment : segments) { -// if (StringHelper.isBlank(segment)) { -// throw new IllegalArgumentException( -// IllegalArgumentExceptionMessages.AUTHORITY_URI_EMPTY_PATH_SEGMENT); -// } -// } + for (String segment : segments) { + if (StringHelper.isBlank(segment)) { + throw new IllegalArgumentException( + IllegalArgumentExceptionMessages.AUTHORITY_URI_EMPTY_PATH_SEGMENT); + } + } } static String getTenant(URL authorityUrl, AuthorityType authorityType) { diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java index 8891046e..d42dd93f 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java @@ -27,13 +27,13 @@ public class CIAMAuthority extends Authority{ } protected static URL transformAuthority(URL originalAuthority) throws MalformedURLException { - URL fullAuthorityUrl = getFullAuthorityUrlFromAuthorityWithoutPath(originalAuthority); - String host = fullAuthorityUrl.getHost() + fullAuthorityUrl.getPath(); - String transformedAuthority = fullAuthorityUrl.toString(); - if(fullAuthorityUrl.getPath().equals("/")){ +// URL fullAuthorityUrl = getFullAuthorityUrlFromAuthorityWithoutPath(originalAuthority); + String host = originalAuthority.getHost() + originalAuthority.getPath(); + String transformedAuthority = originalAuthority.toString(); + if(originalAuthority.getPath().equals("/")){ int ciamHostIndex = host.indexOf(CIAMAuthority.CIAM_HOST_SEGMENT); String tenant = host.substring(0 , ciamHostIndex); - transformedAuthority = fullAuthorityUrl + tenant + ".onmicrosoft.com/"; + transformedAuthority = originalAuthority + tenant + ".onmicrosoft.com/"; } return new URL(transformedAuthority); } @@ -61,6 +61,6 @@ public static URL getFullAuthorityUrlFromAuthorityWithoutPath(URL authorityURL) } // Split environment to isolate the tenant final String tenant = authority.split("\\.")[0]; - return new URL("https://" + authority + "/" + tenant + ".onmicrosoft.com"); + return new URL("https://" + authority + "/" + tenant + ".onmicrosoft.com/"); } } From 883d2fb23bdb4d8856a5e5a7f779016431dfa7da Mon Sep 17 00:00:00 2001 From: siddhijain Date: Mon, 10 Apr 2023 21:45:42 -0500 Subject: [PATCH 51/65] Fix failing tests --- .../AcquireTokenInteractiveIT.java | 41 ++++++++++++++++++- .../ClientCredentialsIT.java | 23 ++++++++++- .../DeviceCodeIT.java | 2 +- .../msal4j/AbstractClientApplicationBase.java | 4 +- .../aad/msal4j/PublicClientApplication.java | 5 +-- .../aad/msal4j/DeviceCodeFlowTest.java | 2 +- .../aad/msal4j/TestConfiguration.java | 4 -- 7 files changed, 69 insertions(+), 12 deletions(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java index c9257379..71bb1cdf 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java @@ -16,6 +16,8 @@ import java.net.URI; import java.net.URL; import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import java.util.concurrent.ExecutionException; public class AcquireTokenInteractiveIT extends SeleniumTest { @@ -73,7 +75,44 @@ public void acquireTokenInteractive_ADFSv2_Federated(String environment) { public void acquireTokenInteractive_Ciam() { User user = labUserProvider.getCiamUser(); - assertAcquireTokenCommon(user, TestConstants.CIAM_AUTHORITY, TestConstants.GRAPH_DEFAULT_SCOPE); + Map extraQueryParameters = new HashMap<>(); + extraQueryParameters.put("dc","ESTS-PUB-EUS-AZ1-FD000-TEST1"); + + PublicClientApplication pca; + try { + pca = PublicClientApplication.builder( + user.getAppId()). + authority("https://" + user.getLabName() + ".ciamlogin.com/") + .build(); + } catch (MalformedURLException ex) { + throw new RuntimeException(ex.getMessage()); + } + + IAuthenticationResult result; + try { + URI url = new URI("http://localhost:8080"); + + SystemBrowserOptions browserOptions = + SystemBrowserOptions + .builder() + .openBrowserAction(new SeleniumOpenBrowserAction(user, pca)) + .build(); + + InteractiveRequestParameters parameters = InteractiveRequestParameters + .builder(url) + .scopes(Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE)) + .extraQueryParameters(extraQueryParameters) + .build(); + + result = pca.acquireToken(parameters).get(); + + } catch (Exception e) { + LOG.error("Error acquiring token with authCode: " + e.getMessage()); + throw new RuntimeException("Error acquiring token with authCode: " + e.getMessage()); + } + + assertTokenResultNotNull(result); + Assert.assertEquals(user.getUpn(), result.account().username()); } @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java index 19838d8c..e5c5d157 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java @@ -6,6 +6,7 @@ import labapi.AppCredentialProvider; import labapi.AzureEnvironment; import labapi.LabUserProvider; +import labapi.User; import org.testng.Assert; import org.testng.annotations.BeforeClass; import org.testng.annotations.DataProvider; @@ -18,6 +19,8 @@ import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import java.util.concurrent.Callable; import static com.microsoft.aad.msal4j.TestConstants.KEYVAULT_DEFAULT_SCOPE; @@ -62,11 +65,29 @@ public void acquireTokenClientCredentials_ClientAssertion() throws Exception { @Test public void acquireTokenClientCredentials_ClientSecret_Ciam() throws Exception { - String clientId = labUserProvider.getCiamUser().getAppId(); + + User user = labUserProvider.getCiamUser(); + String clientId = user.getAppId(); + + Map extraQueryParameters = new HashMap<>(); + extraQueryParameters.put("dc","ESTS-PUB-EUS-AZ1-FD000-TEST1"); AppCredentialProvider appProvider = new AppCredentialProvider(AzureEnvironment.CIAM); IClientCredential credential = ClientCredentialFactory.createFromSecret(appProvider.getOboAppPassword()); + ConfidentialClientApplication cca = ConfidentialClientApplication.builder( + clientId, credential). + authority("https://" + user.getLabName() + ".ciamlogin.com/"). + build(); + + IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters + .builder(Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE)) + .extraQueryParameters(extraQueryParameters) + .build()) + .get(); + + Assert.assertNotNull(result); + Assert.assertNotNull(result.accessToken()); assertAcquireTokenCommon(clientId, credential, TestConstants.CIAM_AUTHORITY); } diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java index a7ab3a48..5e39199d 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java @@ -119,7 +119,7 @@ public void DeviceCodeFlowCiamTest() throws Exception { PublicClientApplication pca = PublicClientApplication.builder( user.getAppId()). - authority(TestConstants.CIAM_AUTHORITY). + authority("https://" + user.getLabName() + ".ciamlogin.com/"). build(); Consumer deviceCodeConsumer = (DeviceCode deviceCode) -> { diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java index 8eff75ba..37ee24d5 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java @@ -357,7 +357,7 @@ public T authority(String val) throws MalformedURLException { authority = Authority.enforceTrailingSlash(val); URL authorityURL = new URL(authority); - Authority.validateAuthority(authorityURL); + switch (Authority.detectAuthorityType(authorityURL)) { case AAD: @@ -373,6 +373,8 @@ public T authority(String val) throws MalformedURLException { throw new IllegalArgumentException("Unsupported authority type."); } + Authority.validateAuthority(authenticationAuthority.canonicalAuthorityUrl()); + return self(); } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java index a7f18dda..81d30451 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java @@ -66,10 +66,9 @@ public CompletableFuture acquireToken(IntegratedWindowsAu @Override public CompletableFuture acquireToken(DeviceCodeFlowParameters parameters) { - if (!(AuthorityType.AAD.equals(authenticationAuthority.authorityType()) || - AuthorityType.ADFS.equals(authenticationAuthority.authorityType()))) { + if (AuthorityType.B2C.equals(authenticationAuthority.authorityType())) { throw new IllegalArgumentException( - "Invalid authority type. Device Flow is only supported by AAD and ADFS authorities"); + "Invalid authority type. Device Flow is only supported by AAD, ADFS and CIAM authorities"); } validateNotNull("parameters", parameters); diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java index 80f9955a..024bbd81 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java @@ -145,7 +145,7 @@ public void deviceCodeFlowTest() throws Exception { } @Test(expectedExceptions = IllegalArgumentException.class, - expectedExceptionsMessageRegExp = "Invalid authority type. Device Flow is only supported by AAD and ADFS authorities") + expectedExceptionsMessageRegExp = "Invalid authority type. Device Flow is only supported by AAD, ADFS and CIAM authorities") public void executeAcquireDeviceCode_B2CAuthorityUsed_IllegalArgumentExceptionThrown() throws Exception { diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java index e6e8e345..f3a4d810 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java @@ -36,10 +36,6 @@ public final class TestConfiguration { public final static String B2C_AUTHORITY_CUSTOM_PORT = "https://login.microsoftonline.in:444/tfp/tenant/policy"; public final static String B2C_AUTHORITY_CUSTOM_PORT_TAIL_SLASH = "https://login.microsoftonline.in:444/tfp/tenant/policy/"; - public final static String CIAM_TENANT_NAME = "tenantName."; - public final static String CIAM_HOST_NAME = "ciamlogin.com"; - public final static String CIAM_AUTHORITY_ENDPOINT = "https://" + CIAM_TENANT_NAME + CIAM_HOST_NAME; - public static String INSTANCE_DISCOVERY_RESPONSE = "{" + "\"tenant_discovery_endpoint\":\"https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-appConfiguration\"," + "\"api-version\":\"1.1\"," + From 90adcfa362950ae8c043b857006545a78bf20436 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Tue, 11 Apr 2023 14:58:32 -0500 Subject: [PATCH 52/65] Fix failing tests --- .../AcquireTokenInteractiveIT.java | 6 ++---- .../java/com.microsoft.aad.msal4j/DeviceCodeIT.java | 6 ++---- .../java/com.microsoft.aad.msal4j/SeleniumTest.java | 4 +++- .../java/infrastructure/SeleniumExtensions.java | 9 ++++++--- 4 files changed, 13 insertions(+), 12 deletions(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java index 71bb1cdf..edce1e88 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java @@ -3,10 +3,7 @@ package com.microsoft.aad.msal4j; -import labapi.AzureEnvironment; -import labapi.B2CProvider; -import labapi.FederationProvider; -import labapi.User; +import labapi.*; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.testng.Assert; @@ -102,6 +99,7 @@ public void acquireTokenInteractive_Ciam() { .builder(url) .scopes(Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE)) .extraQueryParameters(extraQueryParameters) + .systemBrowserOptions(browserOptions) .build(); result = pca.acquireToken(parameters).get(); diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java index 5e39199d..4b1d10d1 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java @@ -43,9 +43,7 @@ public void DeviceCodeFlowADTest(String environment) throws Exception { authority(cfg.tenantSpecificAuthority()). build(); - Consumer deviceCodeConsumer = (DeviceCode deviceCode) -> { - runAutomatedDeviceCodeFlow(deviceCode, user); - }; + Consumer deviceCodeConsumer = (DeviceCode deviceCode) -> runAutomatedDeviceCodeFlow(deviceCode, user); IAuthenticationResult result = pca.acquireToken(DeviceCodeFlowParameters .builder(Collections.singleton(cfg.graphDefaultScope()), @@ -174,7 +172,7 @@ private void runAutomatedDeviceCodeFlow(DeviceCode deviceCode, User user) { if (isADFS2019) { SeleniumExtensions.performADFS2019Login(seleniumDriver, user); } else { - SeleniumExtensions.performADLogin(seleniumDriver, user); + SeleniumExtensions.performADOrCiamLogin(seleniumDriver, user); } } catch (Exception e) { if (!isRunningLocally) { diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java index 62306e12..ccb218b1 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java @@ -51,9 +51,11 @@ void runSeleniumAutomatedLogin(User user, AbstractClientApplicationBase app) { break; } } else if (authorityType == AuthorityType.AAD) { - SeleniumExtensions.performADLogin(seleniumDriver, user); + SeleniumExtensions.performADOrCiamLogin(seleniumDriver, user); } else if (authorityType == AuthorityType.ADFS) { SeleniumExtensions.performADFS2019Login(seleniumDriver, user); + } else if (authorityType == AuthorityType.CIAM) { + SeleniumExtensions.performADOrCiamLogin(seleniumDriver, user); } } } diff --git a/msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumExtensions.java b/msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumExtensions.java index f7084c01..c40784b5 100644 --- a/msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumExtensions.java +++ b/msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumExtensions.java @@ -65,8 +65,8 @@ public static WebElement waitForElementToBeVisibleAndEnable(WebDriver driver, By return waitForElementToBeVisibleAndEnable(driver, by, DEFAULT_TIMEOUT_IN_SEC); } - public static void performADLogin(WebDriver driver, User user) { - LOG.info("PerformADLogin"); + public static void performADOrCiamLogin(WebDriver driver, User user) { + LOG.info("performADOrCiamLogin"); UserInformationFields fields = new UserInformationFields(user); @@ -76,7 +76,7 @@ public static void performADLogin(WebDriver driver, User user) { LOG.info("Loggin in ... Clicking after username"); driver.findElement(new By.ById(fields.getAadSignInButtonId())).click(); - if (user.getFederationProvider() == FederationProvider.ADFS_2 && + if (user.getFederationProvider().equals(FederationProvider.ADFS_2) && !user.getLabName().equals(LabConstants.ARLINGTON_LAB_NAME)) { LOG.info("Loggin in ... ADFS-V2 - Entering the username in ADFSv2 form"); @@ -96,6 +96,7 @@ public static void performADLogin(WebDriver driver, User user) { checkAuthenticationCompletePage(driver); return; } catch (TimeoutException ex) { + LOG.error(ex.getMessage()); } LOG.info("Checking optional questions"); @@ -107,6 +108,7 @@ public static void performADLogin(WebDriver driver, User user) { LOG.info("Are you trying to sign in to ... ? click Continue"); } catch (TimeoutException ex) { + LOG.error(ex.getMessage()); } try { @@ -115,6 +117,7 @@ public static void performADLogin(WebDriver driver, User user) { click(); LOG.info("Stay signed in? click NO"); } catch (TimeoutException ex) { + LOG.error(ex.getMessage()); } } From 7d107798174e37bb460805a5b9415294cafcf7b0 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Thu, 13 Apr 2023 11:26:47 -0500 Subject: [PATCH 53/65] remove commented out line --- msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java | 1 - 1 file changed, 1 deletion(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java index a0d710e2..5644db45 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java @@ -55,7 +55,6 @@ private void setCommonAuthorityProperties() { } static Authority createAuthority(URL authorityUrl) throws MalformedURLException{ -// validateAuthority(authorityUrl); Authority createdAuthority; AuthorityType authorityType = detectAuthorityType(authorityUrl); if (authorityType == AuthorityType.AAD) { From 56ec57db7d262452398c059cee17234f00a347d4 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Thu, 13 Apr 2023 11:42:55 -0500 Subject: [PATCH 54/65] remove unnecessary code --- .../microsoft/aad/msal4j/CIAMAuthority.java | 25 ++++--------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java index d42dd93f..5d4795a6 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java @@ -26,8 +26,12 @@ public class CIAMAuthority extends Authority{ this.authority = String.format(CIAM_AUTHORITY_FORMAT,host,tenant); } + /** This method takes a CIAM authority string of format "tenant.ciamlogin.com" or "https://tenant.ciamlogin.com" + and converts it into a full authority url with a path segment of format "/tenant.onmicrosoft.com" + * @param originalAuthority authority to be transformed + * @return full CIAM authority with path + */ protected static URL transformAuthority(URL originalAuthority) throws MalformedURLException { -// URL fullAuthorityUrl = getFullAuthorityUrlFromAuthorityWithoutPath(originalAuthority); String host = originalAuthority.getHost() + originalAuthority.getPath(); String transformedAuthority = originalAuthority.toString(); if(originalAuthority.getPath().equals("/")){ @@ -44,23 +48,4 @@ private void setAuthorityProperties() { this.deviceCodeEndpoint = String.format(DEVICE_CODE_ENDPOINT_FORMAT, host, tenant); this.selfSignedJwtAudience = this.tokenEndpoint; } - - /** This method takes a CIAM authority string of format "tenant.ciamlogin.com" or "https://tenant.ciamlogin.com" - and converts it into a full authority url with a path segment of format "/tenant.onmicrosoft.com" - * @param authorityURL authority to be transformed - * @return full CIAM authority with path - */ - public static URL getFullAuthorityUrlFromAuthorityWithoutPath(URL authorityURL) throws MalformedURLException { - String authority = authorityURL.toString(); - // Remove "https://" if it was included as part of the authority - if (authority.startsWith("https://")){ - authority = authority.substring(8); - } - if (authority.endsWith("/")){ - authority = authority.substring(0, authority.length() - 1); - } - // Split environment to isolate the tenant - final String tenant = authority.split("\\.")[0]; - return new URL("https://" + authority + "/" + tenant + ".onmicrosoft.com/"); - } } From 9d4e1ddbb3441d15d2df5d107737d7eeb1330922 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Thu, 13 Apr 2023 12:59:58 -0500 Subject: [PATCH 55/65] update exception message for device code flow --- .../java/com/microsoft/aad/msal4j/PublicClientApplication.java | 2 +- .../test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java index 81d30451..80fa1c31 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java @@ -68,7 +68,7 @@ public CompletableFuture acquireToken(DeviceCodeFlowParam if (AuthorityType.B2C.equals(authenticationAuthority.authorityType())) { throw new IllegalArgumentException( - "Invalid authority type. Device Flow is only supported by AAD, ADFS and CIAM authorities"); + "Invalid authority type. Device Flow is not supported by B2C authority."); } validateNotNull("parameters", parameters); diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java index 024bbd81..1ac60c59 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java @@ -145,7 +145,7 @@ public void deviceCodeFlowTest() throws Exception { } @Test(expectedExceptions = IllegalArgumentException.class, - expectedExceptionsMessageRegExp = "Invalid authority type. Device Flow is only supported by AAD, ADFS and CIAM authorities") + expectedExceptionsMessageRegExp = "Invalid authority type. Device Flow is not supported by B2C authority.") public void executeAcquireDeviceCode_B2CAuthorityUsed_IllegalArgumentExceptionThrown() throws Exception { From f4189d9a4dcaa05cec2429b7ef55959dcee3c078 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Thu, 13 Apr 2023 20:53:02 -0500 Subject: [PATCH 56/65] add refresh_in logic --- .../aad/msal4j/AcquireTokenByAppProviderSupplier.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java index 1afa2d7d..6ee9f11b 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java @@ -35,6 +35,13 @@ private static void validateTokenProviderResult(TokenProviderResult tokenProvide if (null == tokenProviderResult.getTenantId() || tokenProviderResult.getTenantId().isEmpty()) { handleInvalidExternalValueError(tokenProviderResult.getTenantId()); } + + if (0 == tokenProviderResult.getRefreshInSeconds()){ + long expireInSeconds = tokenProviderResult.getExpiresInSeconds(); + if(expireInSeconds >= TWO_HOURS){ + tokenProviderResult.setRefreshInSeconds(expireInSeconds/2); + } + } } private static void handleInvalidExternalValueError(String nameOfValue) { From 98ef236a8afbcc8cdc77bbb48b3c93ccac7067f3 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Fri, 14 Apr 2023 10:38:54 -0500 Subject: [PATCH 57/65] resolve build issues + address PR comments --- .../aad/msal4j/AcquireTokenByAppProviderSupplier.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java index 6ee9f11b..4966f0de 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java @@ -11,6 +11,8 @@ */ class AcquireTokenByAppProviderSupplier extends AuthenticationResultSupplier { + private static final int TWO_HOURS = 2*3600; + private AppTokenProviderParameters appTokenProviderParameters; private ClientCredentialRequest clientCredentialRequest; @@ -23,7 +25,7 @@ class AcquireTokenByAppProviderSupplier extends AuthenticationResultSupplier { this.appTokenProviderParameters = appTokenProviderParameters; } - private static void validateTokenProviderResult(TokenProviderResult tokenProviderResult) { + private static void validateAndUpdateTokenProviderResult(TokenProviderResult tokenProviderResult) { if (null == tokenProviderResult.getAccessToken() || tokenProviderResult.getAccessToken().isEmpty()) { handleInvalidExternalValueError(tokenProviderResult.getAccessToken()); } @@ -77,7 +79,7 @@ public AuthenticationResult fetchTokenUsingAppTokenProvider(AppTokenProviderPara throw new MsalAzureSDKException(ex); } - validateTokenProviderResult(tokenProviderResult); + validateAndUpdateTokenProviderResult(tokenProviderResult); return AuthenticationResult.builder() .accessToken(tokenProviderResult.getAccessToken()) From db6fad5c9b42c78ae04c31a79da631f83c01d221 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Fri, 14 Apr 2023 12:48:13 -0500 Subject: [PATCH 58/65] update tests --- .../ConfidentialClientApplicationUnitT.java | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java index 66d35c27..5624c60c 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java @@ -318,6 +318,7 @@ public void validateAppTokenProviderAsync() throws Exception{ IClientCredential iClientCredential = ClientCredentialFactory.createFromClientAssertion( clientAssertion.assertion()); + Long refreshInSeconds = new Date().getTime() / 1000 + + 800000; //builds client with AppTokenProvider ConfidentialClientApplication cca = ConfidentialClientApplication. builder(TestConfiguration.AAD_CLIENT_ID, iClientCredential) @@ -325,7 +326,7 @@ public void validateAppTokenProviderAsync() throws Exception{ Assert.assertNotNull(parameters.scopes); Assert.assertNotNull(parameters.correlationId); Assert.assertNotNull(parameters.tenantId); - return getAppTokenProviderResult("/default"); + return getAppTokenProviderResult("/default", refreshInSeconds); }) .build(); @@ -338,6 +339,10 @@ public void validateAppTokenProviderAsync() throws Exception{ Assert.assertNotNull(result1.accessToken()); Assert.assertEquals(cca.tokenCache.accessTokens.size(), 1); + //check that refreshOn is set correctly when provided by an app developer + Assert.assertNotNull(cca.tokenCache.accessTokens.values().iterator().next().refreshOn()); + Assert.assertEquals(cca.tokenCache.accessTokens.values().iterator().next().refreshOn(), refreshInSeconds.toString()); + System.out.println(cca.tokenCache.accessTokens.values().iterator().next().refreshOn()); //Acquire token from cache @@ -356,7 +361,7 @@ public void validateAppTokenProviderAsync() throws Exception{ Assert.assertNotNull(parameters.scopes); Assert.assertNotNull(parameters.correlationId); Assert.assertNotNull(parameters.tenantId); - return getAppTokenProviderResult("/newScope"); + return getAppTokenProviderResult("/newScope", 0L); }) .build(); @@ -369,17 +374,20 @@ public void validateAppTokenProviderAsync() throws Exception{ Assert.assertNotEquals(result2.accessToken(), result3.accessToken()); Assert.assertEquals(cca.tokenCache.accessTokens.size(), 1); - + //check that refreshOn is set correctly when a value is not provided by an app developer + Assert.assertNotNull(cca.tokenCache.accessTokens.values().iterator().next().refreshOn()); + System.out.println(cca.tokenCache.accessTokens.values().iterator().next().refreshOn()); } - private CompletableFuture getAppTokenProviderResult(String differentScopesForAt) + private CompletableFuture getAppTokenProviderResult(String differentScopesForAt, + long refreshInSeconds) { long currTimestampSec = new Date().getTime() / 1000; TokenProviderResult token = new TokenProviderResult(); token.setAccessToken(TestConstants.DEFAULT_ACCESS_TOKEN + differentScopesForAt); //Used to indicate that there is a new access token for a different set of scopes token.setTenantId("tenantId"); token.setExpiresInSeconds(currTimestampSec + 1000000); - token.setRefreshInSeconds(currTimestampSec + 800000); + token.setRefreshInSeconds(refreshInSeconds); return CompletableFuture.completedFuture(token); } From 7fc84fcaedc0b778f4d12e0a0b3fa7861d742972 Mon Sep 17 00:00:00 2001 From: siddhijain Date: Sun, 16 Apr 2023 11:01:38 -0500 Subject: [PATCH 59/65] updated org-json version to resolve Dependabot alert --- msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-obo-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-web-sample/pom.xml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml index abcad221..008cf88d 100644 --- a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml @@ -33,7 +33,7 @@ org.json json - 20180130 + 20230227 diff --git a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml index 289199f0..bd959b22 100644 --- a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml @@ -33,7 +33,7 @@ org.json json - 20180130 + 20230227 org.projectlombok diff --git a/msal4j-sdk/src/samples/msal-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-web-sample/pom.xml index bbb72c10..5591e999 100644 --- a/msal4j-sdk/src/samples/msal-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-web-sample/pom.xml @@ -33,7 +33,7 @@ org.json json - 20180130 + 20230227 org.apache.commons From 03556836ee418c9e875a33efdac3759fede10ac3 Mon Sep 17 00:00:00 2001 From: Avery-Dunn <62066438+Avery-Dunn@users.noreply.github.com> Date: Mon, 17 Apr 2023 09:34:40 -0700 Subject: [PATCH 60/65] Better redirect URI error handling and dependency upgrade (#633) * Better error handling for redirect URIs * Update oauth2-oidc-sdk dependency * Address review comments Co-authored-by: Bogdan Gavril --------- Co-authored-by: Bogdan Gavril --- msal4j-sdk/pom.xml | 2 +- .../aad/msal4j/InteractiveRequest.java | 42 +++++++++++-------- 2 files changed, 26 insertions(+), 18 deletions(-) diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index fd646630..d7d6342c 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -36,7 +36,7 @@ com.nimbusds oauth2-oidc-sdk - 9.35 + 10.7.1 net.minidev diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java index 93a6b462..36149e2e 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java @@ -10,6 +10,7 @@ import java.net.InetAddress; import java.net.URI; import java.net.URL; +import java.net.UnknownHostException; import java.security.SecureRandom; import java.util.Base64; import java.util.UUID; @@ -55,24 +56,31 @@ URL authorizationUrl() { } private void validateRedirectUrl(URI redirectUri) { + String host = redirectUri.getHost(); + String scheme = redirectUri.getScheme(); + InetAddress address; + + //Validate URI scheme. Only http is valid, as determined by the HttpListener created in AcquireTokenByInteractiveFlowSupplier.startHttpListener() + if (scheme == null || !scheme.equals("http")) { + throw new MsalClientException(String.format( + "Only http://localhost or http://localhost:port is supported for the redirect URI of an interactive request using a browser, but \"%s\" was found. For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request", scheme), + AuthenticationErrorCode.LOOPBACK_REDIRECT_URI); + } + + //Ensure that the given redirect URI has a known address try { - if (!InetAddress.getByName(redirectUri.getHost()).isLoopbackAddress()) { - throw new MsalClientException(String.format( - "Only loopback redirect uri is supported, but %s was found " + - "Configure http://localhost or http://localhost:port both during app registration" + - "and when you create the create the InteractiveRequestParameters object", redirectUri.getHost()), - AuthenticationErrorCode.LOOPBACK_REDIRECT_URI); - } - - if (!redirectUri.getScheme().equals("http")) { - throw new MsalClientException(String.format( - "Only http uri scheme is supported but %s was found. Configure http://localhost" + - "or http://localhost:port both during app registration and when you create" + - " the create the InteractiveRequestParameters object", redirectUri.toString()), - AuthenticationErrorCode.LOOPBACK_REDIRECT_URI); - } - } catch (Exception exception) { - throw new MsalClientException(exception); + address = InetAddress.getByName(host); + } catch (UnknownHostException e) { + throw new MsalClientException(String.format( + "Unknown host exception for host \"%s\". For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request", host), + AuthenticationErrorCode.LOOPBACK_REDIRECT_URI); + } + + //Ensure that the redirect URI is considered a loopback address + if (address == null || !address.isLoopbackAddress()) { + throw new MsalClientException( + "Only loopback redirect URI is supported for interactive requests. For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request", + AuthenticationErrorCode.LOOPBACK_REDIRECT_URI); } } From 54c14b2b265c828880a29e7ea507756834025d09 Mon Sep 17 00:00:00 2001 From: Avery-Dunn <62066438+Avery-Dunn@users.noreply.github.com> Date: Mon, 17 Apr 2023 10:43:28 -0700 Subject: [PATCH 61/65] Version updates for 1.13.8 release (#634) * Version updates for 1.13.8 release * Update changelog.txt --- README.md | 6 +++--- msal4j-sdk/README.md | 6 +++--- msal4j-sdk/bnd.bnd | 2 +- msal4j-sdk/changelog.txt | 7 +++++++ msal4j-sdk/pom.xml | 2 +- msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-obo-sample/pom.xml | 2 +- msal4j-sdk/src/samples/msal-web-sample/pom.xml | 2 +- 8 files changed, 18 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index fbdee417..2ee5b410 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Quick links: The library supports the following Java environments: - Java 8 (or higher) -Current version - 1.13.2 +Current version - 1.13.8 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt). @@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti com.microsoft.azure msal4j - 1.13.2 + 1.13.8 ``` ### Gradle ```gradle -implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.13.2' +implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.13.8' ``` ## Usage diff --git a/msal4j-sdk/README.md b/msal4j-sdk/README.md index a757a24a..e1f75061 100644 --- a/msal4j-sdk/README.md +++ b/msal4j-sdk/README.md @@ -16,7 +16,7 @@ Quick links: The library supports the following Java environments: - Java 8 (or higher) -Current version - 1.13.7 +Current version - 1.13.8 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt). @@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti com.microsoft.azure msal4j - 1.13.7 + 1.13.8 ``` ### Gradle ```gradle -compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.7' +compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.8' ``` ## Usage diff --git a/msal4j-sdk/bnd.bnd b/msal4j-sdk/bnd.bnd index 19957b7c..d7cdd81e 100644 --- a/msal4j-sdk/bnd.bnd +++ b/msal4j-sdk/bnd.bnd @@ -1,2 +1,2 @@ -Export-Package: com.microsoft.aad.msal4j;version="1.13.7" +Export-Package: com.microsoft.aad.msal4j;version="1.13.8" Automatic-Module-Name: com.microsoft.aad.msal4j diff --git a/msal4j-sdk/changelog.txt b/msal4j-sdk/changelog.txt index 7e0db649..647918fd 100644 --- a/msal4j-sdk/changelog.txt +++ b/msal4j-sdk/changelog.txt @@ -1,3 +1,10 @@ +Version 1.13.8 +============= +- Added support for CIAM authority +- Added refresh_in logic for managed identity flow +- Better exception handling in interactive flow +- Updated vulnerable dependency versions + Version 1.13.7 ============= - Update json-smart library version to a secured one. diff --git a/msal4j-sdk/pom.xml b/msal4j-sdk/pom.xml index d7d6342c..6ae70964 100644 --- a/msal4j-sdk/pom.xml +++ b/msal4j-sdk/pom.xml @@ -3,7 +3,7 @@ 4.0.0 com.microsoft.azure msal4j - 1.13.7 + 1.13.8 jar msal4j diff --git a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml index 008cf88d..44fb595f 100644 --- a/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.7 + 1.13.8 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml index bd959b22..83de76a6 100644 --- a/msal4j-sdk/src/samples/msal-obo-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.7 + 1.13.8 com.nimbusds diff --git a/msal4j-sdk/src/samples/msal-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-web-sample/pom.xml index 5591e999..4c5eb86e 100644 --- a/msal4j-sdk/src/samples/msal-web-sample/pom.xml +++ b/msal4j-sdk/src/samples/msal-web-sample/pom.xml @@ -23,7 +23,7 @@ com.microsoft.azure msal4j - 1.13.7 + 1.13.8 com.nimbusds From 27fa7a1ccb95f164231879263b79f52b4462739e Mon Sep 17 00:00:00 2001 From: Dickson Mwendia <64727760+Dickson-Mwendia@users.noreply.github.com> Date: Thu, 20 Apr 2023 19:37:53 +0300 Subject: [PATCH 62/65] Point to MSAL Java reference docs onboarded to Microsoft Learn --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2ee5b410..102b4dac 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ `main` branch | `dev` branch | Reference Docs --------------------|-----------------|--------------- -[![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=main)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762) | [![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=dev)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762)| [![Javadocs](http://javadoc.io/badge/com.microsoft.azure/com.microsoft.aad.msal4j.svg)](http://javadoc.io/doc/com.microsoft.azure/com.microsoft.aad.msal4j) +[![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=main)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762) | [![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=dev)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762)| [MSAL Java reference](https://learn.microsoft.com/en-us/java/api/com.microsoft.aad.msal4j?view=msal-java-latest) The Microsoft Authentication Library for Java (MSAL4J) enables applications to integrate with the [Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/). It allows you to sign in users or apps with Microsoft identities (Azure AD, Microsoft accounts and Azure AD B2C accounts) and obtain tokens to call Microsoft APIs such as [Microsoft Graph](https://graph.microsoft.io/) or your own APIs registered with the Microsoft identity platform. It is built using industry standard OAuth2 and OpenID Connect protocols. From 585a56c112a5c720b7c16da6da5ed2cff7f9240e Mon Sep 17 00:00:00 2001 From: Avery-Dunn Date: Tue, 2 May 2023 09:04:48 -0700 Subject: [PATCH 63/65] Get main branch in sync with dev branch --- .gitignore => msal4j-sdk/.gitignore | 2 +- changelog.txt => msal4j-sdk/changelog.txt | 0 contributing.md => msal4j-sdk/contributing.md | 0 .../com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java | 0 .../java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java | 0 .../java/com.microsoft.aad.msal4j/ApacheHttpClientAdapter.java | 0 .../java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java | 0 .../java/com.microsoft.aad.msal4j/AzureEnvironmentIT.java | 0 .../java/com.microsoft.aad.msal4j/CachePersistenceIT.java | 0 .../java/com.microsoft.aad.msal4j/CertificateHelper.java | 0 .../java/com.microsoft.aad.msal4j/ClientCredentialsIT.java | 0 .../ConfidentialClientApplicationUnitT.java | 0 .../integrationtest/java/com.microsoft.aad.msal4j/Config.java | 0 .../java/com.microsoft.aad.msal4j/DeviceCodeIT.java | 0 .../java/com.microsoft.aad.msal4j/EnvironmentsProvider.java | 0 .../java/com.microsoft.aad.msal4j/HttpClientIT.java | 0 .../java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java | 0 .../java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java | 0 .../com.microsoft.aad.msal4j/OAuthRequestValidationUnitT.java | 0 .../java/com.microsoft.aad.msal4j/OkHttpClientAdapter.java | 0 .../java/com.microsoft.aad.msal4j/OnBehalfOfIT.java | 0 .../java/com.microsoft.aad.msal4j/RefreshTokenIT.java | 0 .../java/com.microsoft.aad.msal4j/SeleniumTest.java | 0 .../java/com.microsoft.aad.msal4j/TestConstants.java | 0 .../java/com.microsoft.aad.msal4j/TokenCacheIT.java | 0 .../java/com.microsoft.aad.msal4j/UsernamePasswordIT.java | 0 .../integrationtest/java/infrastructure/SeleniumConstants.java | 0 .../integrationtest/java/infrastructure/SeleniumExtensions.java | 0 .../java/infrastructure/UserInformationFields.java | 0 {src => msal4j-sdk/src}/integrationtest/java/labapi/App.java | 0 .../src}/integrationtest/java/labapi/AppCredentialProvider.java | 0 .../src}/integrationtest/java/labapi/AzureEnvironment.java | 0 .../src}/integrationtest/java/labapi/B2CProvider.java | 0 .../src}/integrationtest/java/labapi/FederationProvider.java | 0 .../src}/integrationtest/java/labapi/HttpClientHelper.java | 0 .../integrationtest/java/labapi/KeyVaultSecretsProvider.java | 0 {src => msal4j-sdk/src}/integrationtest/java/labapi/Lab.java | 0 .../src}/integrationtest/java/labapi/LabConstants.java | 0 .../src}/integrationtest/java/labapi/LabService.java | 0 .../src}/integrationtest/java/labapi/LabUserProvider.java | 0 {src => msal4j-sdk/src}/integrationtest/java/labapi/User.java | 0 .../src}/integrationtest/java/labapi/UserQueryParameters.java | 0 .../src}/integrationtest/java/labapi/UserSecret.java | 0 .../src}/integrationtest/java/labapi/UserType.java | 0 .../src}/integrationtest/resources/logback-test.xml | 0 .../src}/main/java/com/microsoft/aad/msal4j/AADAuthority.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/ADFSAuthority.java | 0 .../com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java | 0 .../com/microsoft/aad/msal4j/AadInstanceDiscoveryResponse.java | 0 .../com/microsoft/aad/msal4j/AbstractClientApplicationBase.java | 0 .../microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java | 0 .../java/com/microsoft/aad/msal4j/AccessTokenCacheEntity.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/Account.java | 0 .../main/java/com/microsoft/aad/msal4j/AccountCacheEntity.java | 0 .../main/java/com/microsoft/aad/msal4j/AccountsSupplier.java | 0 .../microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java | 0 .../aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java | 0 .../aad/msal4j/AcquireTokenByClientCredentialSupplier.java | 0 .../aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java | 0 .../aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java | 0 .../microsoft/aad/msal4j/AcquireTokenByOnBehalfOfSupplier.java | 0 .../com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/ApiEvent.java | 0 .../java/com/microsoft/aad/msal4j/AppMetadataCacheEntity.java | 0 .../com/microsoft/aad/msal4j/AppTokenProviderParameters.java | 0 .../java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java | 0 .../com/microsoft/aad/msal4j/AuthenticationErrorMessage.java | 0 .../java/com/microsoft/aad/msal4j/AuthenticationResult.java | 0 .../com/microsoft/aad/msal4j/AuthenticationResultSupplier.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/Authority.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/AuthorityType.java | 0 .../com/microsoft/aad/msal4j/AuthorizationCodeParameters.java | 0 .../java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java | 0 .../microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java | 0 .../com/microsoft/aad/msal4j/AuthorizationResponseHandler.java | 0 .../main/java/com/microsoft/aad/msal4j/AuthorizationResult.java | 0 .../main/java/com/microsoft/aad/msal4j/AzureCloudEndpoint.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/B2CAuthority.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/BindingPolicy.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/CacheTelemetry.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java | 0 .../main/java/com/microsoft/aad/msal4j/ClientAssertion.java | 0 .../java/com/microsoft/aad/msal4j/ClientAuthenticationPost.java | 0 .../main/java/com/microsoft/aad/msal4j/ClientCertificate.java | 0 .../java/com/microsoft/aad/msal4j/ClientCredentialFactory.java | 0 .../com/microsoft/aad/msal4j/ClientCredentialParameters.java | 0 .../java/com/microsoft/aad/msal4j/ClientCredentialRequest.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/ClientInfo.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/ClientSecret.java | 0 .../com/microsoft/aad/msal4j/ConfidentialClientApplication.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/Constants.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/Credential.java | 0 .../main/java/com/microsoft/aad/msal4j/CredentialTypeEnum.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/CurrentRequest.java | 0 .../java/com/microsoft/aad/msal4j/CustomJWTAuthentication.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/DefaultEvent.java | 0 .../main/java/com/microsoft/aad/msal4j/DefaultHttpClient.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/DeviceCode.java | 0 .../com/microsoft/aad/msal4j/DeviceCodeAuthorizationGrant.java | 0 .../java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java | 0 .../java/com/microsoft/aad/msal4j/DeviceCodeFlowRequest.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/ErrorResponse.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/Event.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/EventKey.java | 0 .../main/java/com/microsoft/aad/msal4j/HTTPContentType.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/HttpEvent.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/HttpHeaders.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/HttpHelper.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/HttpListener.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/HttpMethod.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/HttpRequest.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/HttpResponse.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/HttpUtils.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/IAccount.java | 0 .../java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java | 0 .../java/com/microsoft/aad/msal4j/IAuthenticationResult.java | 0 .../java/com/microsoft/aad/msal4j/IClientApplicationBase.java | 0 .../main/java/com/microsoft/aad/msal4j/IClientAssertion.java | 0 .../main/java/com/microsoft/aad/msal4j/IClientCertificate.java | 0 .../main/java/com/microsoft/aad/msal4j/IClientCredential.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/IClientSecret.java | 0 .../microsoft/aad/msal4j/IConfidentialClientApplication.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/IHttpClient.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/IHttpResponse.java | 0 .../java/com/microsoft/aad/msal4j/IPublicClientApplication.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/ITelemetry.java | 0 .../main/java/com/microsoft/aad/msal4j/ITelemetryManager.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/ITenantProfile.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/ITokenCache.java | 0 .../java/com/microsoft/aad/msal4j/ITokenCacheAccessAspect.java | 0 .../java/com/microsoft/aad/msal4j/ITokenCacheAccessContext.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/IUserAssertion.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/IdToken.java | 0 .../main/java/com/microsoft/aad/msal4j/IdTokenCacheEntity.java | 0 .../microsoft/aad/msal4j/IllegalArgumentExceptionMessages.java | 0 .../microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java | 0 .../aad/msal4j/IntegratedWindowsAuthenticationParameters.java | 0 .../aad/msal4j/IntegratedWindowsAuthenticationRequest.java | 0 .../aad/msal4j/IntegratedWindowsAuthorizationGrant.java | 0 .../java/com/microsoft/aad/msal4j/InteractionRequiredCache.java | 0 .../aad/msal4j/InteractionRequiredExceptionReason.java | 0 .../main/java/com/microsoft/aad/msal4j/InteractiveRequest.java | 0 .../com/microsoft/aad/msal4j/InteractiveRequestParameters.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/JsonHelper.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/JwtHelper.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/LogHelper.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/MexParser.java | 0 .../main/java/com/microsoft/aad/msal4j/MsalClientException.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/MsalException.java | 0 .../microsoft/aad/msal4j/MsalInteractionRequiredException.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/MsalRequest.java | 0 .../java/com/microsoft/aad/msal4j/MsalServiceException.java | 0 .../com/microsoft/aad/msal4j/MsalServiceExceptionFactory.java | 0 .../java/com/microsoft/aad/msal4j/MsalThrottlingException.java | 0 .../java/com/microsoft/aad/msal4j/NamespaceContextImpl.java | 0 .../java/com/microsoft/aad/msal4j/OAuthAuthorizationGrant.java | 0 .../main/java/com/microsoft/aad/msal4j/OAuthHttpRequest.java | 0 .../java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java | 0 .../main/java/com/microsoft/aad/msal4j/OnBehalfOfRequest.java | 0 .../main/java/com/microsoft/aad/msal4j/OpenBrowserAction.java | 0 .../java/com/microsoft/aad/msal4j/ParameterValidationUtils.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/Prompt.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/PublicApi.java | 0 .../java/com/microsoft/aad/msal4j/PublicClientApplication.java | 0 .../java/com/microsoft/aad/msal4j/RefreshTokenCacheEntity.java | 0 .../java/com/microsoft/aad/msal4j/RefreshTokenParameters.java | 0 .../main/java/com/microsoft/aad/msal4j/RefreshTokenRequest.java | 0 .../main/java/com/microsoft/aad/msal4j/RegionTelemetry.java | 0 .../java/com/microsoft/aad/msal4j/RemoveAccountRunnable.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/RequestContext.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/RequestedClaim.java | 0 .../com/microsoft/aad/msal4j/RequestedClaimAdditionalInfo.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/ResponseMode.java | 0 .../main/java/com/microsoft/aad/msal4j/SAML11BearerGrant.java | 0 .../com/microsoft/aad/msal4j/SafeDocumentBuilderFactory.java | 0 .../main/java/com/microsoft/aad/msal4j/ServerSideTelemetry.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/ServiceBundle.java | 0 .../main/java/com/microsoft/aad/msal4j/SilentParameters.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/SilentRequest.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/StringHelper.java | 0 .../java/com/microsoft/aad/msal4j/SystemBrowserOptions.java | 0 .../main/java/com/microsoft/aad/msal4j/TelemetryConstants.java | 0 .../main/java/com/microsoft/aad/msal4j/TelemetryHelper.java | 0 .../main/java/com/microsoft/aad/msal4j/TelemetryManager.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/TenantProfile.java | 0 .../main/java/com/microsoft/aad/msal4j/ThrottlingCache.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/TokenCache.java | 0 .../java/com/microsoft/aad/msal4j/TokenCacheAccessContext.java | 0 .../main/java/com/microsoft/aad/msal4j/TokenProviderResult.java | 0 .../java/com/microsoft/aad/msal4j/TokenRequestExecutor.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/TokenResponse.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/UserAssertion.java | 0 .../java/com/microsoft/aad/msal4j/UserDiscoveryRequest.java | 0 .../java/com/microsoft/aad/msal4j/UserDiscoveryResponse.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/UserIdentifier.java | 0 .../com/microsoft/aad/msal4j/UserNamePasswordParameters.java | 0 .../java/com/microsoft/aad/msal4j/UserNamePasswordRequest.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/WSTrustRequest.java | 0 .../main/java/com/microsoft/aad/msal4j/WSTrustResponse.java | 0 .../src}/main/java/com/microsoft/aad/msal4j/WSTrustVersion.java | 0 .../java/com/microsoft/aad/msal4j/XmsClientTelemetryInfo.java | 0 {src => msal4j-sdk/src}/samples/cache/TokenCacheAspect.java | 0 {src => msal4j-sdk/src}/samples/cache/sample_cache.json | 0 .../src}/samples/confidential-client/ClientCredentialGrant.java | 0 {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/pom.xml | 0 .../main/java/com/microsoft/azure/msalwebsample/AuthFilter.java | 0 .../main/java/com/microsoft/azure/msalwebsample/AuthHelper.java | 0 .../com/microsoft/azure/msalwebsample/AuthPageController.java | 0 .../com/microsoft/azure/msalwebsample/BasicConfiguration.java | 0 .../java/com/microsoft/azure/msalwebsample/CookieHelper.java | 0 .../microsoft/azure/msalwebsample/ErrorHandlerController.java | 0 .../com/microsoft/azure/msalwebsample/HttpClientHelper.java | 0 .../azure/msalwebsample/MsalB2CWebSampleApplication.java | 0 .../main/java/com/microsoft/azure/msalwebsample/StateData.java | 0 .../src/main/resources/application.properties | 0 .../src/main/resources/templates/auth_page.html | 0 .../msal-b2c-web-sample/src/main/resources/templates/error.html | 0 .../msal-b2c-web-sample/src/main/resources/templates/index.html | 0 {src => msal4j-sdk/src}/samples/msal-obo-sample/pom.xml | 0 .../java/com/microsoft/azure/msalobosample/ApiController.java | 0 .../java/com/microsoft/azure/msalobosample/CachingConfig.java | 0 .../java/com/microsoft/azure/msalobosample/MsalAuthHelper.java | 0 .../microsoft/azure/msalobosample/MsalOboSampleApplication.java | 0 .../azure/msalobosample/SecurityResourceServerConfig.java | 0 .../msal-obo-sample/src/main/resources/application.properties | 0 {src => msal4j-sdk/src}/samples/msal-web-sample/pom.xml | 0 .../main/java/com/microsoft/azure/msalwebsample/AuthFilter.java | 0 .../main/java/com/microsoft/azure/msalwebsample/AuthHelper.java | 0 .../com/microsoft/azure/msalwebsample/AuthPageController.java | 0 .../com/microsoft/azure/msalwebsample/BasicConfiguration.java | 0 .../java/com/microsoft/azure/msalwebsample/CookieHelper.java | 0 .../microsoft/azure/msalwebsample/ErrorHandlerController.java | 0 .../com/microsoft/azure/msalwebsample/HttpClientHelper.java | 0 .../main/java/com/microsoft/azure/msalwebsample/JSONHelper.java | 0 .../microsoft/azure/msalwebsample/MsalWebSampleApplication.java | 0 .../main/java/com/microsoft/azure/msalwebsample/StateData.java | 0 .../src/main/java/com/microsoft/azure/msalwebsample/User.java | 0 .../msal-web-sample/src/main/resources/application.properties | 0 .../msal-web-sample/src/main/resources/templates/auth_page.html | 0 .../msal-web-sample/src/main/resources/templates/error.html | 0 .../msal-web-sample/src/main/resources/templates/index.html | 0 .../src}/samples/public-client/DeviceCodeFlow.java | 0 .../public-client/IntegratedWindowsAuthenticationFlow.java | 0 .../src}/samples/public-client/InteractiveFlow.java | 0 .../src}/samples/public-client/InteractiveFlowB2C.java | 0 .../src}/samples/public-client/UsernamePasswordFlow.java | 0 .../src}/samples/public-client/application.properties | 0 {src => msal4j-sdk/src}/samples/spring-security-web-app/pom.xml | 0 .../microsoft/azure/springsecuritywebapp/AppConfiguration.java | 0 .../azure/springsecuritywebapp/SecurePageController.java | 0 .../springsecuritywebapp/SpringSecurityWebAppApplication.java | 0 .../src/main/resources/application.properties | 0 .../src/main/resources/templates/index.html | 0 .../src/main/resources/templates/secure_page.html | 0 .../java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java | 0 .../test/java/com/microsoft/aad/msal4j/AbstractMsalTests.java | 0 .../src}/test/java/com/microsoft/aad/msal4j/AccountTest.java | 0 .../java/com/microsoft/aad/msal4j/AcquireTokenSilentlyTest.java | 0 .../java/com/microsoft/aad/msal4j/AssertionCredentialTest.java | 0 .../src}/test/java/com/microsoft/aad/msal4j/AuthorityTest.java | 0 .../aad/msal4j/AuthorizationRequestUrlParametersTest.java | 0 .../test/java/com/microsoft/aad/msal4j/CacheFormatTests.java | 0 .../src}/test/java/com/microsoft/aad/msal4j/ClaimsTest.java | 0 .../java/com/microsoft/aad/msal4j/ClientCertificateTest.java | 0 .../test/java/com/microsoft/aad/msal4j/ClientSecretTest.java | 0 .../java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java | 0 .../test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java | 0 .../src}/test/java/com/microsoft/aad/msal4j/HttpHeaderTest.java | 0 .../src}/test/java/com/microsoft/aad/msal4j/HttpUtilsTest.java | 0 .../src}/test/java/com/microsoft/aad/msal4j/MexParserTest.java | 0 .../microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java | 0 .../com/microsoft/aad/msal4j/OAuthRequestValidationTest.java | 0 .../java/com/microsoft/aad/msal4j/OauthHttpRequestTest.java | 0 .../com/microsoft/aad/msal4j/PublicClientApplicationTest.java | 0 .../java/com/microsoft/aad/msal4j/RequestThrottlingTest.java | 0 .../java/com/microsoft/aad/msal4j/ServerTelemetryTests.java | 0 .../src}/test/java/com/microsoft/aad/msal4j/TelemetryTests.java | 0 .../test/java/com/microsoft/aad/msal4j/TestConfiguration.java | 0 .../src}/test/java/com/microsoft/aad/msal4j/TestHelper.java | 0 .../java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java | 0 .../test/java/com/microsoft/aad/msal4j/TokenResponseTest.java | 0 .../test/java/com/microsoft/aad/msal4j/UIRequiredCacheTest.java | 0 .../test/java/com/microsoft/aad/msal4j/WSTrustRequestTest.java | 0 .../test/java/com/microsoft/aad/msal4j/WSTrustResponseTest.java | 0 .../test/resources/AAD_cache_data/account_cache_entity.json | 0 .../test/resources/AAD_cache_data/account_cache_entity_key.txt | 0 .../src}/test/resources/AAD_cache_data/at_cache_entity.json | 0 .../src}/test/resources/AAD_cache_data/at_cache_entity_key.txt | 0 .../test/resources/AAD_cache_data/id_token_cache_entity.json | 0 .../test/resources/AAD_cache_data/id_token_cache_entity_key.txt | 0 .../src}/test/resources/AAD_cache_data/rt_cache_entity.json | 0 .../src}/test/resources/AAD_cache_data/rt_cache_entity_key.txt | 0 .../src}/test/resources/AAD_cache_data/token_response.json | 0 .../test/resources/AAD_cache_data/token_response_id_token.json | 0 .../test/resources/Foci_cache_data/account_cache_entity.json | 0 .../test/resources/Foci_cache_data/account_cache_entity_key.txt | 0 .../resources/Foci_cache_data/app_metadata_cache_entity.json | 0 .../resources/Foci_cache_data/app_metadata_cache_entity_key.txt | 0 .../src}/test/resources/Foci_cache_data/at_cache_entity.json | 0 .../src}/test/resources/Foci_cache_data/at_cache_entity_key.txt | 0 .../test/resources/Foci_cache_data/id_token_cache_entity.json | 0 .../resources/Foci_cache_data/id_token_cache_entity_key.txt | 0 .../src}/test/resources/Foci_cache_data/rt_cache_entity.json | 0 .../src}/test/resources/Foci_cache_data/rt_cache_entity_key.txt | 0 .../src}/test/resources/Foci_cache_data/token_response.json | 0 .../test/resources/Foci_cache_data/token_response_id_token.json | 0 .../test/resources/MSA_cache_data/account_cache_entity.json | 0 .../test/resources/MSA_cache_data/account_cache_entity_key.txt | 0 .../src}/test/resources/MSA_cache_data/at_cache_entity.json | 0 .../src}/test/resources/MSA_cache_data/at_cache_entity_key.txt | 0 .../test/resources/MSA_cache_data/id_token_cache_entity.json | 0 .../test/resources/MSA_cache_data/id_token_cache_entity_key.txt | 0 .../src}/test/resources/MSA_cache_data/rt_cache_entity.json | 0 .../src}/test/resources/MSA_cache_data/rt_cache_entity_key.txt | 0 .../src}/test/resources/MSA_cache_data/token_response.json | 0 .../test/resources/MSA_cache_data/token_response_id_token.json | 0 .../test/resources/cache_data/multi-cloud-account-cache.json | 0 .../test/resources/cache_data/multi-tenant-account-cache.json | 0 .../test/resources/cache_data/remove-account-test-cache.json | 0 .../src}/test/resources/cache_data/serialized_cache.json | 0 .../aad_instance_discovery_response_invalid_json.json | 0 .../aad_instance_discovery_response_valid.json | 0 {src => msal4j-sdk/src}/test/resources/mex-2005-response.xml | 0 .../src}/test/resources/mex-response-integrated.xml | 0 {src => msal4j-sdk/src}/test/resources/mex-response.xml | 0 {src => msal4j-sdk/src}/test/resources/token-error.xml | 0 {src => msal4j-sdk/src}/test/resources/token.xml | 0 328 files changed, 1 insertion(+), 1 deletion(-) rename .gitignore => msal4j-sdk/.gitignore (96%) rename changelog.txt => msal4j-sdk/changelog.txt (100%) rename contributing.md => msal4j-sdk/contributing.md (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/ApacheHttpClientAdapter.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/AzureEnvironmentIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/CachePersistenceIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/CertificateHelper.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/Config.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/EnvironmentsProvider.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/HttpClientIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/OAuthRequestValidationUnitT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/OkHttpClientAdapter.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/RefreshTokenIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/infrastructure/SeleniumConstants.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/infrastructure/SeleniumExtensions.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/infrastructure/UserInformationFields.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/App.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/AppCredentialProvider.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/AzureEnvironment.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/B2CProvider.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/FederationProvider.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/HttpClientHelper.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/KeyVaultSecretsProvider.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/Lab.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/LabConstants.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/LabService.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/LabUserProvider.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/User.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/UserQueryParameters.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/UserSecret.java (100%) rename {src => msal4j-sdk/src}/integrationtest/java/labapi/UserType.java (100%) rename {src => msal4j-sdk/src}/integrationtest/resources/logback-test.xml (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AADAuthority.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ADFSAuthority.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryResponse.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AccessTokenCacheEntity.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/Account.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AccountCacheEntity.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AccountsSupplier.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AcquireTokenByClientCredentialSupplier.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AcquireTokenByOnBehalfOfSupplier.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ApiEvent.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AppMetadataCacheEntity.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AppTokenProviderParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AuthenticationErrorMessage.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AuthenticationResult.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/Authority.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AuthorityType.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AuthorizationResponseHandler.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AuthorizationResult.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/AzureCloudEndpoint.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/B2CAuthority.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/BindingPolicy.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/CacheTelemetry.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ClientAssertion.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ClientAuthenticationPost.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ClientCertificate.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ClientCredentialFactory.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ClientCredentialRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ClientInfo.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ClientSecret.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/Constants.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/Credential.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/CredentialTypeEnum.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/CurrentRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/CustomJWTAuthentication.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/DefaultEvent.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/DefaultHttpClient.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/DeviceCode.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/DeviceCodeAuthorizationGrant.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ErrorResponse.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/Event.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/EventKey.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/HTTPContentType.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/HttpEvent.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/HttpHeaders.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/HttpHelper.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/HttpListener.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/HttpMethod.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/HttpRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/HttpResponse.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/HttpUtils.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IAccount.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IAuthenticationResult.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IClientApplicationBase.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IClientAssertion.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IClientCertificate.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IClientCredential.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IClientSecret.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IConfidentialClientApplication.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IHttpClient.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IHttpResponse.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ITelemetry.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ITelemetryManager.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ITenantProfile.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ITokenCache.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessAspect.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessContext.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IUserAssertion.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IdToken.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IdTokenCacheEntity.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IllegalArgumentExceptionMessages.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthorizationGrant.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/InteractionRequiredCache.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/InteractionRequiredExceptionReason.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/JsonHelper.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/JwtHelper.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/LogHelper.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/MexParser.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/MsalClientException.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/MsalException.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/MsalInteractionRequiredException.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/MsalRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/MsalServiceException.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/MsalServiceExceptionFactory.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/MsalThrottlingException.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/NamespaceContextImpl.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/OAuthAuthorizationGrant.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/OAuthHttpRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/OnBehalfOfRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/OpenBrowserAction.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ParameterValidationUtils.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/Prompt.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/PublicApi.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/RefreshTokenCacheEntity.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/RefreshTokenRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/RegionTelemetry.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/RemoveAccountRunnable.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/RequestContext.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/RequestedClaim.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/RequestedClaimAdditionalInfo.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ResponseMode.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/SAML11BearerGrant.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/SafeDocumentBuilderFactory.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ServerSideTelemetry.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ServiceBundle.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/SilentParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/SilentRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/StringHelper.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/SystemBrowserOptions.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/TelemetryConstants.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/TelemetryHelper.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/TelemetryManager.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/TenantProfile.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/ThrottlingCache.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/TokenCache.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/TokenCacheAccessContext.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/TokenProviderResult.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/TokenResponse.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/UserAssertion.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/UserDiscoveryRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/UserDiscoveryResponse.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/UserIdentifier.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/UserNamePasswordRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/WSTrustRequest.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/WSTrustResponse.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/WSTrustVersion.java (100%) rename {src => msal4j-sdk/src}/main/java/com/microsoft/aad/msal4j/XmsClientTelemetryInfo.java (100%) rename {src => msal4j-sdk/src}/samples/cache/TokenCacheAspect.java (100%) rename {src => msal4j-sdk/src}/samples/cache/sample_cache.json (100%) rename {src => msal4j-sdk/src}/samples/confidential-client/ClientCredentialGrant.java (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/pom.xml (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalB2CWebSampleApplication.java (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/resources/application.properties (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/resources/templates/auth_page.html (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/resources/templates/error.html (100%) rename {src => msal4j-sdk/src}/samples/msal-b2c-web-sample/src/main/resources/templates/index.html (100%) rename {src => msal4j-sdk/src}/samples/msal-obo-sample/pom.xml (100%) rename {src => msal4j-sdk/src}/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/ApiController.java (100%) rename {src => msal4j-sdk/src}/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/CachingConfig.java (100%) rename {src => msal4j-sdk/src}/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalAuthHelper.java (100%) rename {src => msal4j-sdk/src}/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalOboSampleApplication.java (100%) rename {src => msal4j-sdk/src}/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/SecurityResourceServerConfig.java (100%) rename {src => msal4j-sdk/src}/samples/msal-obo-sample/src/main/resources/application.properties (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/pom.xml (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/JSONHelper.java (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalWebSampleApplication.java (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/User.java (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/resources/application.properties (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/resources/templates/auth_page.html (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/resources/templates/error.html (100%) rename {src => msal4j-sdk/src}/samples/msal-web-sample/src/main/resources/templates/index.html (100%) rename {src => msal4j-sdk/src}/samples/public-client/DeviceCodeFlow.java (100%) rename {src => msal4j-sdk/src}/samples/public-client/IntegratedWindowsAuthenticationFlow.java (100%) rename {src => msal4j-sdk/src}/samples/public-client/InteractiveFlow.java (100%) rename {src => msal4j-sdk/src}/samples/public-client/InteractiveFlowB2C.java (100%) rename {src => msal4j-sdk/src}/samples/public-client/UsernamePasswordFlow.java (100%) rename {src => msal4j-sdk/src}/samples/public-client/application.properties (100%) rename {src => msal4j-sdk/src}/samples/spring-security-web-app/pom.xml (100%) rename {src => msal4j-sdk/src}/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/AppConfiguration.java (100%) rename {src => msal4j-sdk/src}/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SecurePageController.java (100%) rename {src => msal4j-sdk/src}/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SpringSecurityWebAppApplication.java (100%) rename {src => msal4j-sdk/src}/samples/spring-security-web-app/src/main/resources/application.properties (100%) rename {src => msal4j-sdk/src}/samples/spring-security-web-app/src/main/resources/templates/index.html (100%) rename {src => msal4j-sdk/src}/samples/spring-security-web-app/src/main/resources/templates/secure_page.html (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/AbstractMsalTests.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/AccountTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/AcquireTokenSilentlyTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/AssertionCredentialTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/AuthorityTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/ClaimsTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/ClientSecretTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/HttpHeaderTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/HttpUtilsTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/MexParserTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/OAuthRequestValidationTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/OauthHttpRequestTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/PublicClientApplicationTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/RequestThrottlingTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/ServerTelemetryTests.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/TelemetryTests.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/TestConfiguration.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/TestHelper.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/TokenResponseTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/UIRequiredCacheTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/WSTrustRequestTest.java (100%) rename {src => msal4j-sdk/src}/test/java/com/microsoft/aad/msal4j/WSTrustResponseTest.java (100%) rename {src => msal4j-sdk/src}/test/resources/AAD_cache_data/account_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/AAD_cache_data/account_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/AAD_cache_data/at_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/AAD_cache_data/at_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/AAD_cache_data/id_token_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/AAD_cache_data/id_token_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/AAD_cache_data/rt_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/AAD_cache_data/rt_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/AAD_cache_data/token_response.json (100%) rename {src => msal4j-sdk/src}/test/resources/AAD_cache_data/token_response_id_token.json (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/account_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/account_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/app_metadata_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/app_metadata_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/at_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/at_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/id_token_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/id_token_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/rt_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/rt_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/token_response.json (100%) rename {src => msal4j-sdk/src}/test/resources/Foci_cache_data/token_response_id_token.json (100%) rename {src => msal4j-sdk/src}/test/resources/MSA_cache_data/account_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/MSA_cache_data/account_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/MSA_cache_data/at_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/MSA_cache_data/at_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/MSA_cache_data/id_token_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/MSA_cache_data/id_token_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/MSA_cache_data/rt_cache_entity.json (100%) rename {src => msal4j-sdk/src}/test/resources/MSA_cache_data/rt_cache_entity_key.txt (100%) rename {src => msal4j-sdk/src}/test/resources/MSA_cache_data/token_response.json (100%) rename {src => msal4j-sdk/src}/test/resources/MSA_cache_data/token_response_id_token.json (100%) rename {src => msal4j-sdk/src}/test/resources/cache_data/multi-cloud-account-cache.json (100%) rename {src => msal4j-sdk/src}/test/resources/cache_data/multi-tenant-account-cache.json (100%) rename {src => msal4j-sdk/src}/test/resources/cache_data/remove-account-test-cache.json (100%) rename {src => msal4j-sdk/src}/test/resources/cache_data/serialized_cache.json (100%) rename {src => msal4j-sdk/src}/test/resources/instance_discovery_data/aad_instance_discovery_response_invalid_json.json (100%) rename {src => msal4j-sdk/src}/test/resources/instance_discovery_data/aad_instance_discovery_response_valid.json (100%) rename {src => msal4j-sdk/src}/test/resources/mex-2005-response.xml (100%) rename {src => msal4j-sdk/src}/test/resources/mex-response-integrated.xml (100%) rename {src => msal4j-sdk/src}/test/resources/mex-response.xml (100%) rename {src => msal4j-sdk/src}/test/resources/token-error.xml (100%) rename {src => msal4j-sdk/src}/test/resources/token.xml (100%) diff --git a/.gitignore b/msal4j-sdk/.gitignore similarity index 96% rename from .gitignore rename to msal4j-sdk/.gitignore index aab120e4..8a97050b 100644 --- a/.gitignore +++ b/msal4j-sdk/.gitignore @@ -20,7 +20,7 @@ *.rar # Intellij -.idea/ +../.idea/ # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml hs_err_pid* diff --git a/changelog.txt b/msal4j-sdk/changelog.txt similarity index 100% rename from changelog.txt rename to msal4j-sdk/changelog.txt diff --git a/contributing.md b/msal4j-sdk/contributing.md similarity index 100% rename from contributing.md rename to msal4j-sdk/contributing.md diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/ApacheHttpClientAdapter.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ApacheHttpClientAdapter.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/ApacheHttpClientAdapter.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ApacheHttpClientAdapter.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/AzureEnvironmentIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AzureEnvironmentIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/AzureEnvironmentIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AzureEnvironmentIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/CachePersistenceIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/CachePersistenceIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/CachePersistenceIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/CachePersistenceIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/CertificateHelper.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/CertificateHelper.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/CertificateHelper.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/CertificateHelper.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ConfidentialClientApplicationUnitT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/Config.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/Config.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/Config.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/Config.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/EnvironmentsProvider.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/EnvironmentsProvider.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/EnvironmentsProvider.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/EnvironmentsProvider.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/HttpClientIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/HttpClientIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/HttpClientIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/HttpClientIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InstanceDiscoveryTest.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/InvalidAuthorityIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/OAuthRequestValidationUnitT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OAuthRequestValidationUnitT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/OAuthRequestValidationUnitT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OAuthRequestValidationUnitT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/OkHttpClientAdapter.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OkHttpClientAdapter.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/OkHttpClientAdapter.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OkHttpClientAdapter.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/RefreshTokenIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/RefreshTokenIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/RefreshTokenIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/RefreshTokenIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java diff --git a/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java similarity index 100% rename from src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java rename to msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java diff --git a/src/integrationtest/java/infrastructure/SeleniumConstants.java b/msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumConstants.java similarity index 100% rename from src/integrationtest/java/infrastructure/SeleniumConstants.java rename to msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumConstants.java diff --git a/src/integrationtest/java/infrastructure/SeleniumExtensions.java b/msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumExtensions.java similarity index 100% rename from src/integrationtest/java/infrastructure/SeleniumExtensions.java rename to msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumExtensions.java diff --git a/src/integrationtest/java/infrastructure/UserInformationFields.java b/msal4j-sdk/src/integrationtest/java/infrastructure/UserInformationFields.java similarity index 100% rename from src/integrationtest/java/infrastructure/UserInformationFields.java rename to msal4j-sdk/src/integrationtest/java/infrastructure/UserInformationFields.java diff --git a/src/integrationtest/java/labapi/App.java b/msal4j-sdk/src/integrationtest/java/labapi/App.java similarity index 100% rename from src/integrationtest/java/labapi/App.java rename to msal4j-sdk/src/integrationtest/java/labapi/App.java diff --git a/src/integrationtest/java/labapi/AppCredentialProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/AppCredentialProvider.java similarity index 100% rename from src/integrationtest/java/labapi/AppCredentialProvider.java rename to msal4j-sdk/src/integrationtest/java/labapi/AppCredentialProvider.java diff --git a/src/integrationtest/java/labapi/AzureEnvironment.java b/msal4j-sdk/src/integrationtest/java/labapi/AzureEnvironment.java similarity index 100% rename from src/integrationtest/java/labapi/AzureEnvironment.java rename to msal4j-sdk/src/integrationtest/java/labapi/AzureEnvironment.java diff --git a/src/integrationtest/java/labapi/B2CProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/B2CProvider.java similarity index 100% rename from src/integrationtest/java/labapi/B2CProvider.java rename to msal4j-sdk/src/integrationtest/java/labapi/B2CProvider.java diff --git a/src/integrationtest/java/labapi/FederationProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/FederationProvider.java similarity index 100% rename from src/integrationtest/java/labapi/FederationProvider.java rename to msal4j-sdk/src/integrationtest/java/labapi/FederationProvider.java diff --git a/src/integrationtest/java/labapi/HttpClientHelper.java b/msal4j-sdk/src/integrationtest/java/labapi/HttpClientHelper.java similarity index 100% rename from src/integrationtest/java/labapi/HttpClientHelper.java rename to msal4j-sdk/src/integrationtest/java/labapi/HttpClientHelper.java diff --git a/src/integrationtest/java/labapi/KeyVaultSecretsProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/KeyVaultSecretsProvider.java similarity index 100% rename from src/integrationtest/java/labapi/KeyVaultSecretsProvider.java rename to msal4j-sdk/src/integrationtest/java/labapi/KeyVaultSecretsProvider.java diff --git a/src/integrationtest/java/labapi/Lab.java b/msal4j-sdk/src/integrationtest/java/labapi/Lab.java similarity index 100% rename from src/integrationtest/java/labapi/Lab.java rename to msal4j-sdk/src/integrationtest/java/labapi/Lab.java diff --git a/src/integrationtest/java/labapi/LabConstants.java b/msal4j-sdk/src/integrationtest/java/labapi/LabConstants.java similarity index 100% rename from src/integrationtest/java/labapi/LabConstants.java rename to msal4j-sdk/src/integrationtest/java/labapi/LabConstants.java diff --git a/src/integrationtest/java/labapi/LabService.java b/msal4j-sdk/src/integrationtest/java/labapi/LabService.java similarity index 100% rename from src/integrationtest/java/labapi/LabService.java rename to msal4j-sdk/src/integrationtest/java/labapi/LabService.java diff --git a/src/integrationtest/java/labapi/LabUserProvider.java b/msal4j-sdk/src/integrationtest/java/labapi/LabUserProvider.java similarity index 100% rename from src/integrationtest/java/labapi/LabUserProvider.java rename to msal4j-sdk/src/integrationtest/java/labapi/LabUserProvider.java diff --git a/src/integrationtest/java/labapi/User.java b/msal4j-sdk/src/integrationtest/java/labapi/User.java similarity index 100% rename from src/integrationtest/java/labapi/User.java rename to msal4j-sdk/src/integrationtest/java/labapi/User.java diff --git a/src/integrationtest/java/labapi/UserQueryParameters.java b/msal4j-sdk/src/integrationtest/java/labapi/UserQueryParameters.java similarity index 100% rename from src/integrationtest/java/labapi/UserQueryParameters.java rename to msal4j-sdk/src/integrationtest/java/labapi/UserQueryParameters.java diff --git a/src/integrationtest/java/labapi/UserSecret.java b/msal4j-sdk/src/integrationtest/java/labapi/UserSecret.java similarity index 100% rename from src/integrationtest/java/labapi/UserSecret.java rename to msal4j-sdk/src/integrationtest/java/labapi/UserSecret.java diff --git a/src/integrationtest/java/labapi/UserType.java b/msal4j-sdk/src/integrationtest/java/labapi/UserType.java similarity index 100% rename from src/integrationtest/java/labapi/UserType.java rename to msal4j-sdk/src/integrationtest/java/labapi/UserType.java diff --git a/src/integrationtest/resources/logback-test.xml b/msal4j-sdk/src/integrationtest/resources/logback-test.xml similarity index 100% rename from src/integrationtest/resources/logback-test.xml rename to msal4j-sdk/src/integrationtest/resources/logback-test.xml diff --git a/src/main/java/com/microsoft/aad/msal4j/AADAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AADAuthority.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AADAuthority.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AADAuthority.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ADFSAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ADFSAuthority.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ADFSAuthority.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ADFSAuthority.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryResponse.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryResponse.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryResponse.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AccessTokenCacheEntity.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccessTokenCacheEntity.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AccessTokenCacheEntity.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccessTokenCacheEntity.java diff --git a/src/main/java/com/microsoft/aad/msal4j/Account.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Account.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/Account.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Account.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AccountCacheEntity.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccountCacheEntity.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AccountCacheEntity.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccountCacheEntity.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AccountsSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccountsSupplier.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AccountsSupplier.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AccountsSupplier.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByClientCredentialSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByClientCredentialSupplier.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByClientCredentialSupplier.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByClientCredentialSupplier.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByOnBehalfOfSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByOnBehalfOfSupplier.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenByOnBehalfOfSupplier.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByOnBehalfOfSupplier.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ApiEvent.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ApiEvent.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ApiEvent.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ApiEvent.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AppMetadataCacheEntity.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppMetadataCacheEntity.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AppMetadataCacheEntity.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppMetadataCacheEntity.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AppTokenProviderParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppTokenProviderParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AppTokenProviderParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppTokenProviderParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorMessage.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorMessage.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorMessage.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorMessage.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthenticationResult.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResult.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AuthenticationResult.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResult.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java diff --git a/src/main/java/com/microsoft/aad/msal4j/Authority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/Authority.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AuthorityType.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorityType.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorizationResponseHandler.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationResponseHandler.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AuthorizationResponseHandler.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationResponseHandler.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AuthorizationResult.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationResult.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AuthorizationResult.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationResult.java diff --git a/src/main/java/com/microsoft/aad/msal4j/AzureCloudEndpoint.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AzureCloudEndpoint.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/AzureCloudEndpoint.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AzureCloudEndpoint.java diff --git a/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/B2CAuthority.java diff --git a/src/main/java/com/microsoft/aad/msal4j/BindingPolicy.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/BindingPolicy.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/BindingPolicy.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/BindingPolicy.java diff --git a/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CIAMAuthority.java diff --git a/src/main/java/com/microsoft/aad/msal4j/CacheTelemetry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CacheTelemetry.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/CacheTelemetry.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CacheTelemetry.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientAssertion.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientAssertion.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ClientAssertion.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientAssertion.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientAuthenticationPost.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientAuthenticationPost.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ClientAuthenticationPost.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientAuthenticationPost.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientCredentialFactory.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialFactory.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ClientCredentialFactory.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialFactory.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientCredentialRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ClientCredentialRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientInfo.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientInfo.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ClientInfo.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientInfo.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ClientSecret.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientSecret.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ClientSecret.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientSecret.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java diff --git a/src/main/java/com/microsoft/aad/msal4j/Constants.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Constants.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/Constants.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Constants.java diff --git a/src/main/java/com/microsoft/aad/msal4j/Credential.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Credential.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/Credential.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Credential.java diff --git a/src/main/java/com/microsoft/aad/msal4j/CredentialTypeEnum.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CredentialTypeEnum.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/CredentialTypeEnum.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CredentialTypeEnum.java diff --git a/src/main/java/com/microsoft/aad/msal4j/CurrentRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CurrentRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/CurrentRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CurrentRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/CustomJWTAuthentication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CustomJWTAuthentication.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/CustomJWTAuthentication.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CustomJWTAuthentication.java diff --git a/src/main/java/com/microsoft/aad/msal4j/DefaultEvent.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DefaultEvent.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/DefaultEvent.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DefaultEvent.java diff --git a/src/main/java/com/microsoft/aad/msal4j/DefaultHttpClient.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DefaultHttpClient.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/DefaultHttpClient.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DefaultHttpClient.java diff --git a/src/main/java/com/microsoft/aad/msal4j/DeviceCode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCode.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/DeviceCode.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCode.java diff --git a/src/main/java/com/microsoft/aad/msal4j/DeviceCodeAuthorizationGrant.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeAuthorizationGrant.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/DeviceCodeAuthorizationGrant.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeAuthorizationGrant.java diff --git a/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ErrorResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ErrorResponse.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ErrorResponse.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ErrorResponse.java diff --git a/src/main/java/com/microsoft/aad/msal4j/Event.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Event.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/Event.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Event.java diff --git a/src/main/java/com/microsoft/aad/msal4j/EventKey.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/EventKey.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/EventKey.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/EventKey.java diff --git a/src/main/java/com/microsoft/aad/msal4j/HTTPContentType.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HTTPContentType.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/HTTPContentType.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HTTPContentType.java diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpEvent.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpEvent.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/HttpEvent.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpEvent.java diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpHeaders.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHeaders.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/HttpHeaders.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHeaders.java diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/HttpHelper.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpHelper.java diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpListener.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpListener.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/HttpListener.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpListener.java diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpMethod.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpMethod.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/HttpMethod.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpMethod.java diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/HttpRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpResponse.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/HttpResponse.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpResponse.java diff --git a/src/main/java/com/microsoft/aad/msal4j/HttpUtils.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpUtils.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/HttpUtils.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/HttpUtils.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IAccount.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAccount.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IAccount.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAccount.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAcquireTokenParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IAuthenticationResult.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAuthenticationResult.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IAuthenticationResult.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IAuthenticationResult.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IClientApplicationBase.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientApplicationBase.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IClientApplicationBase.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientApplicationBase.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IClientAssertion.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientAssertion.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IClientAssertion.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientAssertion.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IClientCertificate.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientCertificate.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IClientCertificate.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientCertificate.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IClientCredential.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientCredential.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IClientCredential.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientCredential.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IClientSecret.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientSecret.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IClientSecret.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IClientSecret.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IConfidentialClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IConfidentialClientApplication.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IConfidentialClientApplication.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IConfidentialClientApplication.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IHttpClient.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IHttpClient.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IHttpClient.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IHttpClient.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IHttpResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IHttpResponse.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IHttpResponse.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IHttpResponse.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ITelemetry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITelemetry.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ITelemetry.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITelemetry.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ITelemetryManager.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITelemetryManager.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ITelemetryManager.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITelemetryManager.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ITenantProfile.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITenantProfile.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ITenantProfile.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITenantProfile.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ITokenCache.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCache.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ITokenCache.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCache.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessAspect.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessAspect.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessAspect.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessAspect.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessContext.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessContext.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessContext.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ITokenCacheAccessContext.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IUserAssertion.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IUserAssertion.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IUserAssertion.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IUserAssertion.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IdToken.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IdToken.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IdToken.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IdToken.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IdTokenCacheEntity.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IdTokenCacheEntity.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IdTokenCacheEntity.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IdTokenCacheEntity.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IllegalArgumentExceptionMessages.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IllegalArgumentExceptionMessages.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IllegalArgumentExceptionMessages.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IllegalArgumentExceptionMessages.java diff --git a/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InstanceDiscoveryMetadataEntry.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthenticationRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthorizationGrant.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthorizationGrant.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthorizationGrant.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IntegratedWindowsAuthorizationGrant.java diff --git a/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredCache.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredCache.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/InteractionRequiredCache.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredCache.java diff --git a/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredExceptionReason.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredExceptionReason.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/InteractionRequiredExceptionReason.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractionRequiredExceptionReason.java diff --git a/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequestParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/JsonHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JsonHelper.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/JsonHelper.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JsonHelper.java diff --git a/src/main/java/com/microsoft/aad/msal4j/JwtHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JwtHelper.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/JwtHelper.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/JwtHelper.java diff --git a/src/main/java/com/microsoft/aad/msal4j/LogHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/LogHelper.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/LogHelper.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/LogHelper.java diff --git a/src/main/java/com/microsoft/aad/msal4j/MexParser.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MexParser.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/MexParser.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MexParser.java diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalClientException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalClientException.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/MsalClientException.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalClientException.java diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalException.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/MsalException.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalException.java diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalInteractionRequiredException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalInteractionRequiredException.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/MsalInteractionRequiredException.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalInteractionRequiredException.java diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/MsalRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalServiceException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalServiceException.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/MsalServiceException.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalServiceException.java diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalServiceExceptionFactory.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalServiceExceptionFactory.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/MsalServiceExceptionFactory.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalServiceExceptionFactory.java diff --git a/src/main/java/com/microsoft/aad/msal4j/MsalThrottlingException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalThrottlingException.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/MsalThrottlingException.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalThrottlingException.java diff --git a/src/main/java/com/microsoft/aad/msal4j/NamespaceContextImpl.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/NamespaceContextImpl.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/NamespaceContextImpl.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/NamespaceContextImpl.java diff --git a/src/main/java/com/microsoft/aad/msal4j/OAuthAuthorizationGrant.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OAuthAuthorizationGrant.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/OAuthAuthorizationGrant.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OAuthAuthorizationGrant.java diff --git a/src/main/java/com/microsoft/aad/msal4j/OAuthHttpRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OAuthHttpRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/OAuthHttpRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OAuthHttpRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/OnBehalfOfRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OnBehalfOfRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/OpenBrowserAction.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OpenBrowserAction.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/OpenBrowserAction.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/OpenBrowserAction.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ParameterValidationUtils.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ParameterValidationUtils.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ParameterValidationUtils.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ParameterValidationUtils.java diff --git a/src/main/java/com/microsoft/aad/msal4j/Prompt.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/Prompt.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Prompt.java diff --git a/src/main/java/com/microsoft/aad/msal4j/PublicApi.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicApi.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/PublicApi.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicApi.java diff --git a/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java diff --git a/src/main/java/com/microsoft/aad/msal4j/RefreshTokenCacheEntity.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenCacheEntity.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/RefreshTokenCacheEntity.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenCacheEntity.java diff --git a/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/RefreshTokenRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/RefreshTokenRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RefreshTokenRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/RegionTelemetry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RegionTelemetry.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/RegionTelemetry.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RegionTelemetry.java diff --git a/src/main/java/com/microsoft/aad/msal4j/RemoveAccountRunnable.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RemoveAccountRunnable.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/RemoveAccountRunnable.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RemoveAccountRunnable.java diff --git a/src/main/java/com/microsoft/aad/msal4j/RequestContext.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestContext.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/RequestContext.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestContext.java diff --git a/src/main/java/com/microsoft/aad/msal4j/RequestedClaim.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestedClaim.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/RequestedClaim.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestedClaim.java diff --git a/src/main/java/com/microsoft/aad/msal4j/RequestedClaimAdditionalInfo.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestedClaimAdditionalInfo.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/RequestedClaimAdditionalInfo.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/RequestedClaimAdditionalInfo.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ResponseMode.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java diff --git a/src/main/java/com/microsoft/aad/msal4j/SAML11BearerGrant.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SAML11BearerGrant.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/SAML11BearerGrant.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SAML11BearerGrant.java diff --git a/src/main/java/com/microsoft/aad/msal4j/SafeDocumentBuilderFactory.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SafeDocumentBuilderFactory.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/SafeDocumentBuilderFactory.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SafeDocumentBuilderFactory.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ServerSideTelemetry.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ServerSideTelemetry.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ServerSideTelemetry.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ServerSideTelemetry.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ServiceBundle.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ServiceBundle.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ServiceBundle.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ServiceBundle.java diff --git a/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/SilentParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/SilentRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/SilentRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SilentRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/StringHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/StringHelper.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/StringHelper.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/StringHelper.java diff --git a/src/main/java/com/microsoft/aad/msal4j/SystemBrowserOptions.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SystemBrowserOptions.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/SystemBrowserOptions.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/SystemBrowserOptions.java diff --git a/src/main/java/com/microsoft/aad/msal4j/TelemetryConstants.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryConstants.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/TelemetryConstants.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryConstants.java diff --git a/src/main/java/com/microsoft/aad/msal4j/TelemetryHelper.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryHelper.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/TelemetryHelper.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryHelper.java diff --git a/src/main/java/com/microsoft/aad/msal4j/TelemetryManager.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryManager.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/TelemetryManager.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TelemetryManager.java diff --git a/src/main/java/com/microsoft/aad/msal4j/TenantProfile.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TenantProfile.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/TenantProfile.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TenantProfile.java diff --git a/src/main/java/com/microsoft/aad/msal4j/ThrottlingCache.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ThrottlingCache.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/ThrottlingCache.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ThrottlingCache.java diff --git a/src/main/java/com/microsoft/aad/msal4j/TokenCache.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenCache.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/TokenCache.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenCache.java diff --git a/src/main/java/com/microsoft/aad/msal4j/TokenCacheAccessContext.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenCacheAccessContext.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/TokenCacheAccessContext.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenCacheAccessContext.java diff --git a/src/main/java/com/microsoft/aad/msal4j/TokenProviderResult.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenProviderResult.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/TokenProviderResult.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenProviderResult.java diff --git a/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java diff --git a/src/main/java/com/microsoft/aad/msal4j/TokenResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenResponse.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/TokenResponse.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenResponse.java diff --git a/src/main/java/com/microsoft/aad/msal4j/UserAssertion.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserAssertion.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/UserAssertion.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserAssertion.java diff --git a/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/UserDiscoveryRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryResponse.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/UserDiscoveryResponse.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserDiscoveryResponse.java diff --git a/src/main/java/com/microsoft/aad/msal4j/UserIdentifier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserIdentifier.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/UserIdentifier.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserIdentifier.java diff --git a/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java diff --git a/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/UserNamePasswordRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/WSTrustRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustRequest.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/WSTrustRequest.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustRequest.java diff --git a/src/main/java/com/microsoft/aad/msal4j/WSTrustResponse.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustResponse.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/WSTrustResponse.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustResponse.java diff --git a/src/main/java/com/microsoft/aad/msal4j/WSTrustVersion.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustVersion.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/WSTrustVersion.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/WSTrustVersion.java diff --git a/src/main/java/com/microsoft/aad/msal4j/XmsClientTelemetryInfo.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/XmsClientTelemetryInfo.java similarity index 100% rename from src/main/java/com/microsoft/aad/msal4j/XmsClientTelemetryInfo.java rename to msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/XmsClientTelemetryInfo.java diff --git a/src/samples/cache/TokenCacheAspect.java b/msal4j-sdk/src/samples/cache/TokenCacheAspect.java similarity index 100% rename from src/samples/cache/TokenCacheAspect.java rename to msal4j-sdk/src/samples/cache/TokenCacheAspect.java diff --git a/src/samples/cache/sample_cache.json b/msal4j-sdk/src/samples/cache/sample_cache.json similarity index 100% rename from src/samples/cache/sample_cache.json rename to msal4j-sdk/src/samples/cache/sample_cache.json diff --git a/src/samples/confidential-client/ClientCredentialGrant.java b/msal4j-sdk/src/samples/confidential-client/ClientCredentialGrant.java similarity index 100% rename from src/samples/confidential-client/ClientCredentialGrant.java rename to msal4j-sdk/src/samples/confidential-client/ClientCredentialGrant.java diff --git a/src/samples/msal-b2c-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml similarity index 100% rename from src/samples/msal-b2c-web-sample/pom.xml rename to msal4j-sdk/src/samples/msal-b2c-web-sample/pom.xml diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalB2CWebSampleApplication.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalB2CWebSampleApplication.java similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalB2CWebSampleApplication.java rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalB2CWebSampleApplication.java diff --git a/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java diff --git a/src/samples/msal-b2c-web-sample/src/main/resources/application.properties b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/application.properties similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/resources/application.properties rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/application.properties diff --git a/src/samples/msal-b2c-web-sample/src/main/resources/templates/auth_page.html b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/auth_page.html similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/resources/templates/auth_page.html rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/auth_page.html diff --git a/src/samples/msal-b2c-web-sample/src/main/resources/templates/error.html b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/error.html similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/resources/templates/error.html rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/error.html diff --git a/src/samples/msal-b2c-web-sample/src/main/resources/templates/index.html b/msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/index.html similarity index 100% rename from src/samples/msal-b2c-web-sample/src/main/resources/templates/index.html rename to msal4j-sdk/src/samples/msal-b2c-web-sample/src/main/resources/templates/index.html diff --git a/src/samples/msal-obo-sample/pom.xml b/msal4j-sdk/src/samples/msal-obo-sample/pom.xml similarity index 100% rename from src/samples/msal-obo-sample/pom.xml rename to msal4j-sdk/src/samples/msal-obo-sample/pom.xml diff --git a/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/ApiController.java b/msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/ApiController.java similarity index 100% rename from src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/ApiController.java rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/ApiController.java diff --git a/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/CachingConfig.java b/msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/CachingConfig.java similarity index 100% rename from src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/CachingConfig.java rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/CachingConfig.java diff --git a/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalAuthHelper.java b/msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalAuthHelper.java similarity index 100% rename from src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalAuthHelper.java rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalAuthHelper.java diff --git a/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalOboSampleApplication.java b/msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalOboSampleApplication.java similarity index 100% rename from src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalOboSampleApplication.java rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/MsalOboSampleApplication.java diff --git a/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/SecurityResourceServerConfig.java b/msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/SecurityResourceServerConfig.java similarity index 100% rename from src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/SecurityResourceServerConfig.java rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/SecurityResourceServerConfig.java diff --git a/src/samples/msal-obo-sample/src/main/resources/application.properties b/msal4j-sdk/src/samples/msal-obo-sample/src/main/resources/application.properties similarity index 100% rename from src/samples/msal-obo-sample/src/main/resources/application.properties rename to msal4j-sdk/src/samples/msal-obo-sample/src/main/resources/application.properties diff --git a/src/samples/msal-web-sample/pom.xml b/msal4j-sdk/src/samples/msal-web-sample/pom.xml similarity index 100% rename from src/samples/msal-web-sample/pom.xml rename to msal4j-sdk/src/samples/msal-web-sample/pom.xml diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java similarity index 100% rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java similarity index 100% rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java similarity index 100% rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java similarity index 100% rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java similarity index 100% rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java similarity index 100% rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/ErrorHandlerController.java diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java similarity index 100% rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/HttpClientHelper.java diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/JSONHelper.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/JSONHelper.java similarity index 100% rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/JSONHelper.java rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/JSONHelper.java diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalWebSampleApplication.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalWebSampleApplication.java similarity index 100% rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalWebSampleApplication.java rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/MsalWebSampleApplication.java diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java similarity index 100% rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/StateData.java diff --git a/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/User.java b/msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/User.java similarity index 100% rename from src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/User.java rename to msal4j-sdk/src/samples/msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/User.java diff --git a/src/samples/msal-web-sample/src/main/resources/application.properties b/msal4j-sdk/src/samples/msal-web-sample/src/main/resources/application.properties similarity index 100% rename from src/samples/msal-web-sample/src/main/resources/application.properties rename to msal4j-sdk/src/samples/msal-web-sample/src/main/resources/application.properties diff --git a/src/samples/msal-web-sample/src/main/resources/templates/auth_page.html b/msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/auth_page.html similarity index 100% rename from src/samples/msal-web-sample/src/main/resources/templates/auth_page.html rename to msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/auth_page.html diff --git a/src/samples/msal-web-sample/src/main/resources/templates/error.html b/msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/error.html similarity index 100% rename from src/samples/msal-web-sample/src/main/resources/templates/error.html rename to msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/error.html diff --git a/src/samples/msal-web-sample/src/main/resources/templates/index.html b/msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/index.html similarity index 100% rename from src/samples/msal-web-sample/src/main/resources/templates/index.html rename to msal4j-sdk/src/samples/msal-web-sample/src/main/resources/templates/index.html diff --git a/src/samples/public-client/DeviceCodeFlow.java b/msal4j-sdk/src/samples/public-client/DeviceCodeFlow.java similarity index 100% rename from src/samples/public-client/DeviceCodeFlow.java rename to msal4j-sdk/src/samples/public-client/DeviceCodeFlow.java diff --git a/src/samples/public-client/IntegratedWindowsAuthenticationFlow.java b/msal4j-sdk/src/samples/public-client/IntegratedWindowsAuthenticationFlow.java similarity index 100% rename from src/samples/public-client/IntegratedWindowsAuthenticationFlow.java rename to msal4j-sdk/src/samples/public-client/IntegratedWindowsAuthenticationFlow.java diff --git a/src/samples/public-client/InteractiveFlow.java b/msal4j-sdk/src/samples/public-client/InteractiveFlow.java similarity index 100% rename from src/samples/public-client/InteractiveFlow.java rename to msal4j-sdk/src/samples/public-client/InteractiveFlow.java diff --git a/src/samples/public-client/InteractiveFlowB2C.java b/msal4j-sdk/src/samples/public-client/InteractiveFlowB2C.java similarity index 100% rename from src/samples/public-client/InteractiveFlowB2C.java rename to msal4j-sdk/src/samples/public-client/InteractiveFlowB2C.java diff --git a/src/samples/public-client/UsernamePasswordFlow.java b/msal4j-sdk/src/samples/public-client/UsernamePasswordFlow.java similarity index 100% rename from src/samples/public-client/UsernamePasswordFlow.java rename to msal4j-sdk/src/samples/public-client/UsernamePasswordFlow.java diff --git a/src/samples/public-client/application.properties b/msal4j-sdk/src/samples/public-client/application.properties similarity index 100% rename from src/samples/public-client/application.properties rename to msal4j-sdk/src/samples/public-client/application.properties diff --git a/src/samples/spring-security-web-app/pom.xml b/msal4j-sdk/src/samples/spring-security-web-app/pom.xml similarity index 100% rename from src/samples/spring-security-web-app/pom.xml rename to msal4j-sdk/src/samples/spring-security-web-app/pom.xml diff --git a/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/AppConfiguration.java b/msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/AppConfiguration.java similarity index 100% rename from src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/AppConfiguration.java rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/AppConfiguration.java diff --git a/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SecurePageController.java b/msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SecurePageController.java similarity index 100% rename from src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SecurePageController.java rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SecurePageController.java diff --git a/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SpringSecurityWebAppApplication.java b/msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SpringSecurityWebAppApplication.java similarity index 100% rename from src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SpringSecurityWebAppApplication.java rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/java/com/microsoft/azure/springsecuritywebapp/SpringSecurityWebAppApplication.java diff --git a/src/samples/spring-security-web-app/src/main/resources/application.properties b/msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/application.properties similarity index 100% rename from src/samples/spring-security-web-app/src/main/resources/application.properties rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/application.properties diff --git a/src/samples/spring-security-web-app/src/main/resources/templates/index.html b/msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/templates/index.html similarity index 100% rename from src/samples/spring-security-web-app/src/main/resources/templates/index.html rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/templates/index.html diff --git a/src/samples/spring-security-web-app/src/main/resources/templates/secure_page.html b/msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/templates/secure_page.html similarity index 100% rename from src/samples/spring-security-web-app/src/main/resources/templates/secure_page.html rename to msal4j-sdk/src/samples/spring-security-web-app/src/main/resources/templates/secure_page.html diff --git a/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/AbstractMsalTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AbstractMsalTests.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/AbstractMsalTests.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AbstractMsalTests.java diff --git a/src/test/java/com/microsoft/aad/msal4j/AccountTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AccountTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/AccountTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AccountTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/AcquireTokenSilentlyTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AcquireTokenSilentlyTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/AcquireTokenSilentlyTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AcquireTokenSilentlyTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/AssertionCredentialTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AssertionCredentialTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/AssertionCredentialTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AssertionCredentialTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorityTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java diff --git a/src/test/java/com/microsoft/aad/msal4j/ClaimsTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClaimsTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/ClaimsTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClaimsTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificateTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/ClientSecretTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientSecretTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/ClientSecretTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientSecretTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/HttpHeaderTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/HttpHeaderTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/HttpHeaderTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/HttpHeaderTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/HttpUtilsTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/HttpUtilsTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/HttpUtilsTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/HttpUtilsTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/MexParserTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MexParserTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/MexParserTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MexParserTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/OAuthRequestValidationTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OAuthRequestValidationTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/OAuthRequestValidationTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OAuthRequestValidationTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/OauthHttpRequestTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OauthHttpRequestTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/OauthHttpRequestTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OauthHttpRequestTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/PublicClientApplicationTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/PublicClientApplicationTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/PublicClientApplicationTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/PublicClientApplicationTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/RequestThrottlingTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/RequestThrottlingTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/RequestThrottlingTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/RequestThrottlingTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/ServerTelemetryTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ServerTelemetryTests.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/ServerTelemetryTests.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ServerTelemetryTests.java diff --git a/src/test/java/com/microsoft/aad/msal4j/TelemetryTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TelemetryTests.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/TelemetryTests.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TelemetryTests.java diff --git a/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestConfiguration.java diff --git a/src/test/java/com/microsoft/aad/msal4j/TestHelper.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestHelper.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/TestHelper.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TestHelper.java diff --git a/src/test/java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TokenRequestExecutorTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/TokenResponseTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TokenResponseTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/TokenResponseTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/TokenResponseTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/UIRequiredCacheTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/UIRequiredCacheTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/UIRequiredCacheTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/UIRequiredCacheTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/WSTrustRequestTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/WSTrustRequestTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/WSTrustRequestTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/WSTrustRequestTest.java diff --git a/src/test/java/com/microsoft/aad/msal4j/WSTrustResponseTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/WSTrustResponseTest.java similarity index 100% rename from src/test/java/com/microsoft/aad/msal4j/WSTrustResponseTest.java rename to msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/WSTrustResponseTest.java diff --git a/src/test/resources/AAD_cache_data/account_cache_entity.json b/msal4j-sdk/src/test/resources/AAD_cache_data/account_cache_entity.json similarity index 100% rename from src/test/resources/AAD_cache_data/account_cache_entity.json rename to msal4j-sdk/src/test/resources/AAD_cache_data/account_cache_entity.json diff --git a/src/test/resources/AAD_cache_data/account_cache_entity_key.txt b/msal4j-sdk/src/test/resources/AAD_cache_data/account_cache_entity_key.txt similarity index 100% rename from src/test/resources/AAD_cache_data/account_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/AAD_cache_data/account_cache_entity_key.txt diff --git a/src/test/resources/AAD_cache_data/at_cache_entity.json b/msal4j-sdk/src/test/resources/AAD_cache_data/at_cache_entity.json similarity index 100% rename from src/test/resources/AAD_cache_data/at_cache_entity.json rename to msal4j-sdk/src/test/resources/AAD_cache_data/at_cache_entity.json diff --git a/src/test/resources/AAD_cache_data/at_cache_entity_key.txt b/msal4j-sdk/src/test/resources/AAD_cache_data/at_cache_entity_key.txt similarity index 100% rename from src/test/resources/AAD_cache_data/at_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/AAD_cache_data/at_cache_entity_key.txt diff --git a/src/test/resources/AAD_cache_data/id_token_cache_entity.json b/msal4j-sdk/src/test/resources/AAD_cache_data/id_token_cache_entity.json similarity index 100% rename from src/test/resources/AAD_cache_data/id_token_cache_entity.json rename to msal4j-sdk/src/test/resources/AAD_cache_data/id_token_cache_entity.json diff --git a/src/test/resources/AAD_cache_data/id_token_cache_entity_key.txt b/msal4j-sdk/src/test/resources/AAD_cache_data/id_token_cache_entity_key.txt similarity index 100% rename from src/test/resources/AAD_cache_data/id_token_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/AAD_cache_data/id_token_cache_entity_key.txt diff --git a/src/test/resources/AAD_cache_data/rt_cache_entity.json b/msal4j-sdk/src/test/resources/AAD_cache_data/rt_cache_entity.json similarity index 100% rename from src/test/resources/AAD_cache_data/rt_cache_entity.json rename to msal4j-sdk/src/test/resources/AAD_cache_data/rt_cache_entity.json diff --git a/src/test/resources/AAD_cache_data/rt_cache_entity_key.txt b/msal4j-sdk/src/test/resources/AAD_cache_data/rt_cache_entity_key.txt similarity index 100% rename from src/test/resources/AAD_cache_data/rt_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/AAD_cache_data/rt_cache_entity_key.txt diff --git a/src/test/resources/AAD_cache_data/token_response.json b/msal4j-sdk/src/test/resources/AAD_cache_data/token_response.json similarity index 100% rename from src/test/resources/AAD_cache_data/token_response.json rename to msal4j-sdk/src/test/resources/AAD_cache_data/token_response.json diff --git a/src/test/resources/AAD_cache_data/token_response_id_token.json b/msal4j-sdk/src/test/resources/AAD_cache_data/token_response_id_token.json similarity index 100% rename from src/test/resources/AAD_cache_data/token_response_id_token.json rename to msal4j-sdk/src/test/resources/AAD_cache_data/token_response_id_token.json diff --git a/src/test/resources/Foci_cache_data/account_cache_entity.json b/msal4j-sdk/src/test/resources/Foci_cache_data/account_cache_entity.json similarity index 100% rename from src/test/resources/Foci_cache_data/account_cache_entity.json rename to msal4j-sdk/src/test/resources/Foci_cache_data/account_cache_entity.json diff --git a/src/test/resources/Foci_cache_data/account_cache_entity_key.txt b/msal4j-sdk/src/test/resources/Foci_cache_data/account_cache_entity_key.txt similarity index 100% rename from src/test/resources/Foci_cache_data/account_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/Foci_cache_data/account_cache_entity_key.txt diff --git a/src/test/resources/Foci_cache_data/app_metadata_cache_entity.json b/msal4j-sdk/src/test/resources/Foci_cache_data/app_metadata_cache_entity.json similarity index 100% rename from src/test/resources/Foci_cache_data/app_metadata_cache_entity.json rename to msal4j-sdk/src/test/resources/Foci_cache_data/app_metadata_cache_entity.json diff --git a/src/test/resources/Foci_cache_data/app_metadata_cache_entity_key.txt b/msal4j-sdk/src/test/resources/Foci_cache_data/app_metadata_cache_entity_key.txt similarity index 100% rename from src/test/resources/Foci_cache_data/app_metadata_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/Foci_cache_data/app_metadata_cache_entity_key.txt diff --git a/src/test/resources/Foci_cache_data/at_cache_entity.json b/msal4j-sdk/src/test/resources/Foci_cache_data/at_cache_entity.json similarity index 100% rename from src/test/resources/Foci_cache_data/at_cache_entity.json rename to msal4j-sdk/src/test/resources/Foci_cache_data/at_cache_entity.json diff --git a/src/test/resources/Foci_cache_data/at_cache_entity_key.txt b/msal4j-sdk/src/test/resources/Foci_cache_data/at_cache_entity_key.txt similarity index 100% rename from src/test/resources/Foci_cache_data/at_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/Foci_cache_data/at_cache_entity_key.txt diff --git a/src/test/resources/Foci_cache_data/id_token_cache_entity.json b/msal4j-sdk/src/test/resources/Foci_cache_data/id_token_cache_entity.json similarity index 100% rename from src/test/resources/Foci_cache_data/id_token_cache_entity.json rename to msal4j-sdk/src/test/resources/Foci_cache_data/id_token_cache_entity.json diff --git a/src/test/resources/Foci_cache_data/id_token_cache_entity_key.txt b/msal4j-sdk/src/test/resources/Foci_cache_data/id_token_cache_entity_key.txt similarity index 100% rename from src/test/resources/Foci_cache_data/id_token_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/Foci_cache_data/id_token_cache_entity_key.txt diff --git a/src/test/resources/Foci_cache_data/rt_cache_entity.json b/msal4j-sdk/src/test/resources/Foci_cache_data/rt_cache_entity.json similarity index 100% rename from src/test/resources/Foci_cache_data/rt_cache_entity.json rename to msal4j-sdk/src/test/resources/Foci_cache_data/rt_cache_entity.json diff --git a/src/test/resources/Foci_cache_data/rt_cache_entity_key.txt b/msal4j-sdk/src/test/resources/Foci_cache_data/rt_cache_entity_key.txt similarity index 100% rename from src/test/resources/Foci_cache_data/rt_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/Foci_cache_data/rt_cache_entity_key.txt diff --git a/src/test/resources/Foci_cache_data/token_response.json b/msal4j-sdk/src/test/resources/Foci_cache_data/token_response.json similarity index 100% rename from src/test/resources/Foci_cache_data/token_response.json rename to msal4j-sdk/src/test/resources/Foci_cache_data/token_response.json diff --git a/src/test/resources/Foci_cache_data/token_response_id_token.json b/msal4j-sdk/src/test/resources/Foci_cache_data/token_response_id_token.json similarity index 100% rename from src/test/resources/Foci_cache_data/token_response_id_token.json rename to msal4j-sdk/src/test/resources/Foci_cache_data/token_response_id_token.json diff --git a/src/test/resources/MSA_cache_data/account_cache_entity.json b/msal4j-sdk/src/test/resources/MSA_cache_data/account_cache_entity.json similarity index 100% rename from src/test/resources/MSA_cache_data/account_cache_entity.json rename to msal4j-sdk/src/test/resources/MSA_cache_data/account_cache_entity.json diff --git a/src/test/resources/MSA_cache_data/account_cache_entity_key.txt b/msal4j-sdk/src/test/resources/MSA_cache_data/account_cache_entity_key.txt similarity index 100% rename from src/test/resources/MSA_cache_data/account_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/MSA_cache_data/account_cache_entity_key.txt diff --git a/src/test/resources/MSA_cache_data/at_cache_entity.json b/msal4j-sdk/src/test/resources/MSA_cache_data/at_cache_entity.json similarity index 100% rename from src/test/resources/MSA_cache_data/at_cache_entity.json rename to msal4j-sdk/src/test/resources/MSA_cache_data/at_cache_entity.json diff --git a/src/test/resources/MSA_cache_data/at_cache_entity_key.txt b/msal4j-sdk/src/test/resources/MSA_cache_data/at_cache_entity_key.txt similarity index 100% rename from src/test/resources/MSA_cache_data/at_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/MSA_cache_data/at_cache_entity_key.txt diff --git a/src/test/resources/MSA_cache_data/id_token_cache_entity.json b/msal4j-sdk/src/test/resources/MSA_cache_data/id_token_cache_entity.json similarity index 100% rename from src/test/resources/MSA_cache_data/id_token_cache_entity.json rename to msal4j-sdk/src/test/resources/MSA_cache_data/id_token_cache_entity.json diff --git a/src/test/resources/MSA_cache_data/id_token_cache_entity_key.txt b/msal4j-sdk/src/test/resources/MSA_cache_data/id_token_cache_entity_key.txt similarity index 100% rename from src/test/resources/MSA_cache_data/id_token_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/MSA_cache_data/id_token_cache_entity_key.txt diff --git a/src/test/resources/MSA_cache_data/rt_cache_entity.json b/msal4j-sdk/src/test/resources/MSA_cache_data/rt_cache_entity.json similarity index 100% rename from src/test/resources/MSA_cache_data/rt_cache_entity.json rename to msal4j-sdk/src/test/resources/MSA_cache_data/rt_cache_entity.json diff --git a/src/test/resources/MSA_cache_data/rt_cache_entity_key.txt b/msal4j-sdk/src/test/resources/MSA_cache_data/rt_cache_entity_key.txt similarity index 100% rename from src/test/resources/MSA_cache_data/rt_cache_entity_key.txt rename to msal4j-sdk/src/test/resources/MSA_cache_data/rt_cache_entity_key.txt diff --git a/src/test/resources/MSA_cache_data/token_response.json b/msal4j-sdk/src/test/resources/MSA_cache_data/token_response.json similarity index 100% rename from src/test/resources/MSA_cache_data/token_response.json rename to msal4j-sdk/src/test/resources/MSA_cache_data/token_response.json diff --git a/src/test/resources/MSA_cache_data/token_response_id_token.json b/msal4j-sdk/src/test/resources/MSA_cache_data/token_response_id_token.json similarity index 100% rename from src/test/resources/MSA_cache_data/token_response_id_token.json rename to msal4j-sdk/src/test/resources/MSA_cache_data/token_response_id_token.json diff --git a/src/test/resources/cache_data/multi-cloud-account-cache.json b/msal4j-sdk/src/test/resources/cache_data/multi-cloud-account-cache.json similarity index 100% rename from src/test/resources/cache_data/multi-cloud-account-cache.json rename to msal4j-sdk/src/test/resources/cache_data/multi-cloud-account-cache.json diff --git a/src/test/resources/cache_data/multi-tenant-account-cache.json b/msal4j-sdk/src/test/resources/cache_data/multi-tenant-account-cache.json similarity index 100% rename from src/test/resources/cache_data/multi-tenant-account-cache.json rename to msal4j-sdk/src/test/resources/cache_data/multi-tenant-account-cache.json diff --git a/src/test/resources/cache_data/remove-account-test-cache.json b/msal4j-sdk/src/test/resources/cache_data/remove-account-test-cache.json similarity index 100% rename from src/test/resources/cache_data/remove-account-test-cache.json rename to msal4j-sdk/src/test/resources/cache_data/remove-account-test-cache.json diff --git a/src/test/resources/cache_data/serialized_cache.json b/msal4j-sdk/src/test/resources/cache_data/serialized_cache.json similarity index 100% rename from src/test/resources/cache_data/serialized_cache.json rename to msal4j-sdk/src/test/resources/cache_data/serialized_cache.json diff --git a/src/test/resources/instance_discovery_data/aad_instance_discovery_response_invalid_json.json b/msal4j-sdk/src/test/resources/instance_discovery_data/aad_instance_discovery_response_invalid_json.json similarity index 100% rename from src/test/resources/instance_discovery_data/aad_instance_discovery_response_invalid_json.json rename to msal4j-sdk/src/test/resources/instance_discovery_data/aad_instance_discovery_response_invalid_json.json diff --git a/src/test/resources/instance_discovery_data/aad_instance_discovery_response_valid.json b/msal4j-sdk/src/test/resources/instance_discovery_data/aad_instance_discovery_response_valid.json similarity index 100% rename from src/test/resources/instance_discovery_data/aad_instance_discovery_response_valid.json rename to msal4j-sdk/src/test/resources/instance_discovery_data/aad_instance_discovery_response_valid.json diff --git a/src/test/resources/mex-2005-response.xml b/msal4j-sdk/src/test/resources/mex-2005-response.xml similarity index 100% rename from src/test/resources/mex-2005-response.xml rename to msal4j-sdk/src/test/resources/mex-2005-response.xml diff --git a/src/test/resources/mex-response-integrated.xml b/msal4j-sdk/src/test/resources/mex-response-integrated.xml similarity index 100% rename from src/test/resources/mex-response-integrated.xml rename to msal4j-sdk/src/test/resources/mex-response-integrated.xml diff --git a/src/test/resources/mex-response.xml b/msal4j-sdk/src/test/resources/mex-response.xml similarity index 100% rename from src/test/resources/mex-response.xml rename to msal4j-sdk/src/test/resources/mex-response.xml diff --git a/src/test/resources/token-error.xml b/msal4j-sdk/src/test/resources/token-error.xml similarity index 100% rename from src/test/resources/token-error.xml rename to msal4j-sdk/src/test/resources/token-error.xml diff --git a/src/test/resources/token.xml b/msal4j-sdk/src/test/resources/token.xml similarity index 100% rename from src/test/resources/token.xml rename to msal4j-sdk/src/test/resources/token.xml From f393991374ea627d28f02e1298a4f8a61f13c9f2 Mon Sep 17 00:00:00 2001 From: Avery-Dunn Date: Tue, 2 May 2023 09:19:47 -0700 Subject: [PATCH 64/65] Manually resolve differences between main and dev branches --- .github/workflows/codeql.yml | 6 +- .../AcquireTokenInteractiveIT.java | 4 +- .../AcquireTokenByAppProviderSupplier.java | 14 +++- .../aad/msal4j/AuthenticationErrorCode.java | 6 ++ .../msal4j/AuthenticationResultSupplier.java | 21 +++--- .../aad/msal4j/ClientCertificate.java | 41 +++++++--- .../com/microsoft/aad/msal4j/IBroker.java | 60 +++++++++++++++ .../aad/msal4j/MsalAzureSDKException.java | 14 ++++ .../aad/msal4j/CacheFormatTests.java | 5 -- .../msal4j/ClientCertificatePkcs12Test.java | 75 +++++++++++++++++++ .../aad/msal4j/DefaultHttpClientTest.java | 1 - .../aad/msal4j/DeviceCodeFlowTest.java | 18 ++--- .../MsalOauthAuthorizatonGrantTest.java | 2 - 13 files changed, 217 insertions(+), 50 deletions(-) create mode 100644 msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java create mode 100644 msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalAzureSDKException.java create mode 100644 msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificatePkcs12Test.java diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index aabab068..4dfaa38a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -21,7 +21,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 # Override language selection by uncommenting this and choosing your languages # with: # languages: go, javascript, csharp, python, cpp, java @@ -29,7 +29,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -43,4 +43,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java index 26fa95e1..edce1e88 100644 --- a/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java +++ b/msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java @@ -206,12 +206,12 @@ private void assertAcquireTokenInstanceAware(User user) { Assert.assertEquals(result.account().environment(), cachedResult.environment()); } - @Test + //@Test public void acquireTokensInHomeAndGuestClouds_ArlingtonAccount() throws MalformedURLException, ExecutionException, InterruptedException { acquireTokensInHomeAndGuestClouds(AzureEnvironment.AZURE_US_GOVERNMENT); } - @Test + //@Test public void acquireTokensInHomeAndGuestClouds_MooncakeAccount() throws MalformedURLException, ExecutionException, InterruptedException { acquireTokensInHomeAndGuestClouds(AzureEnvironment.AZURE_CHINA); } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java index 47c09b1a..dcef3ec7 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java @@ -6,6 +6,9 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.ExecutionException; +/** Disclaimer - This class is meant to be used by the Azure SDK team only. + * Any other teams are discouraged from using this class to prevent any side effects. + */ class AcquireTokenByAppProviderSupplier extends AuthenticationResultSupplier { private static final int TWO_HOURS = 2*3600; @@ -65,9 +68,15 @@ AuthenticationResult execute() throws Exception { public AuthenticationResult fetchTokenUsingAppTokenProvider(AppTokenProviderParameters appTokenProviderParameters) throws ExecutionException, InterruptedException { - CompletableFuture completableFuture = this.clientCredentialRequest.appTokenProvider.apply(appTokenProviderParameters); + TokenProviderResult tokenProviderResult; + try{ - TokenProviderResult tokenProviderResult = completableFuture.get(); + CompletableFuture completableFuture = this.clientCredentialRequest.appTokenProvider.apply(appTokenProviderParameters); + tokenProviderResult = completableFuture.get(); + + } catch (Exception ex){ + throw new MsalAzureSDKException(ex); + } validateAndUpdateTokenProviderResult(tokenProviderResult); @@ -78,6 +87,5 @@ public AuthenticationResult fetchTokenUsingAppTokenProvider(AppTokenProviderPara .expiresOn(tokenProviderResult.getExpiresInSeconds()) .refreshOn(tokenProviderResult.getRefreshInSeconds()) .build(); - } } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java index 8db6d69a..06dcc39e 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java @@ -115,4 +115,10 @@ public class AuthenticationErrorCode { * A JWT parsing failure, indicating the JWT provided to MSAL is of invalid format. */ public final static String INVALID_JWT = "invalid_jwt"; + + /** + * Indicates that a Broker implementation is missing from the device, such as when an app developer + * does not include one of our broker packages as a dependency in their project, or otherwise cannot + * be accessed by MSAL Java*/ + public final static String MISSING_BROKER = "missing_broker"; } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java index 07ab4e8d..c7770620 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java @@ -4,16 +4,14 @@ package com.microsoft.aad.msal4j; -import java.nio.charset.StandardCharsets; import java.net.MalformedURLException; -import java.util.Base64; - -import java.io.UnsupportedEncodingException; import java.net.URI; import java.net.URISyntaxException; import java.net.URL; +import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.util.Base64; import java.util.concurrent.CompletionException; import java.util.function.Supplier; @@ -114,8 +112,8 @@ private void logResult(AuthenticationResult result, HttpHeaders headers) { .refreshToken()); if (clientApplication.logPii()) { clientApplication.log.debug(LogHelper.createMessage(String.format( - "Access Token with hash '%s' and Refresh Token with hash '%s' returned", - accessTokenHash, refreshTokenHash), + "Access Token with hash '%s' and Refresh Token with hash '%s' returned", + accessTokenHash, refreshTokenHash), headers.getHeaderCorrelationIdValue())); } else { clientApplication.log.debug( @@ -126,7 +124,7 @@ private void logResult(AuthenticationResult result, HttpHeaders headers) { } else { if (clientApplication.logPii()) { clientApplication.log.debug(LogHelper.createMessage(String.format( - "Access Token with hash '%s' returned", accessTokenHash), + "Access Token with hash '%s' returned", accessTokenHash), headers.getHeaderCorrelationIdValue())); } else { clientApplication.log.debug(LogHelper.createMessage( @@ -149,6 +147,9 @@ private void logException(Exception ex) { clientApplication.log.debug(logMessage, ex); return; } + } else if (ex instanceof MsalAzureSDKException) { + clientApplication.log.debug(ex.getMessage(), ex); + return; } clientApplication.log.error(logMessage, ex); @@ -163,11 +164,7 @@ private ApiEvent initializeApiEvent(MsalRequest msalRequest) { apiEvent.setRequestId(msalRequest.requestContext().telemetryRequestId()); apiEvent.setWasSuccessful(false); - if (clientApplication instanceof ConfidentialClientApplication) { - apiEvent.setIsConfidentialClient(true); - } else { - apiEvent.setIsConfidentialClient(false); - } + apiEvent.setIsConfidentialClient(clientApplication instanceof ConfidentialClientApplication); try { Authority authenticationAuthority = clientApplication.authenticationAuthority; diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java index 536b9765..10cd3f93 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCertificate.java @@ -3,6 +3,9 @@ package com.microsoft.aad.msal4j; +import lombok.Getter; +import lombok.experimental.Accessors; + import java.io.IOException; import java.io.InputStream; import java.lang.reflect.InvocationTargetException; @@ -19,10 +22,11 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPrivateKey; -import java.util.*; - -import lombok.Getter; -import lombok.experimental.Accessors; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.Enumeration; +import java.util.List; final class ClientCertificate implements IClientCertificate { @@ -97,14 +101,7 @@ static ClientCertificate create(InputStream pkcs12Certificate, String password) final KeyStore keystore = KeyStore.getInstance("PKCS12"); keystore.load(pkcs12Certificate, password.toCharArray()); - final Enumeration aliases = keystore.aliases(); - if (!aliases.hasMoreElements()) { - throw new IllegalArgumentException("certificate not loaded from input stream"); - } - String alias = aliases.nextElement(); - if (aliases.hasMoreElements()) { - throw new IllegalArgumentException("more than one certificate alias found in input stream"); - } + String alias = getPrivateKeyAlias(keystore); ArrayList publicKeyCertificateChain = new ArrayList<>(); PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, password.toCharArray()); @@ -123,6 +120,26 @@ static ClientCertificate create(InputStream pkcs12Certificate, String password) return new ClientCertificate(privateKey, publicKeyCertificateChain); } + static String getPrivateKeyAlias(KeyStore keystore) throws KeyStoreException { + String alias = null; + final Enumeration aliases = keystore.aliases(); + while (aliases.hasMoreElements()) { + String currentAlias = aliases.nextElement(); + if (keystore.entryInstanceOf(currentAlias, KeyStore.PrivateKeyEntry.class)) { + if (alias != null) { + throw new IllegalArgumentException("more than one certificate alias found in input stream"); + } + alias = currentAlias; + } + } + + if (alias == null) { + throw new IllegalArgumentException("certificate not loaded from input stream"); + } + + return alias; + } + static ClientCertificate create(final PrivateKey key, final X509Certificate publicKeyCertificate) { return new ClientCertificate(key, Arrays.asList(publicKeyCertificate)); } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java new file mode 100644 index 00000000..919a8092 --- /dev/null +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IBroker.java @@ -0,0 +1,60 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.microsoft.aad.msal4j; + +import java.util.Set; +import java.util.concurrent.CompletableFuture; + +/** + * Used to define the basic set of methods that all Brokers must implement + * + * All methods are so they can be referenced by MSAL Java without an implementation, and by default simply throw an + * exception saying that a broker implementation is missing + */ +public interface IBroker { + + /** + * checks if a IBroker implementation exists + */ + + default boolean isAvailable(){ + return false; + } + /** + * Acquire a token silently, i.e. without direct user interaction + * + * This may be accomplished by returning tokens from a token cache, using cached refresh tokens to get new tokens, + * or via any authentication flow where a user is not prompted to enter credentials + * + * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request + * @return IBroker implementations will return an AuthenticationResult object + */ + default IAuthenticationResult acquireToken(PublicClientApplication application, SilentParameters requestParameters) { + throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); + } + + /** + * Acquire a token interactively, by prompting users to enter their credentials in some way + * + * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request + * @return IBroker implementations will return an AuthenticationResult object + */ + default IAuthenticationResult acquireToken(PublicClientApplication application, InteractiveRequestParameters requestParameters) { + throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); + } + + /** + * Acquire a token silently, i.e. without direct user interaction, using username/password authentication + * + * @param requestParameters MsalRequest object which contains everything needed for the broker implementation to make a request + * @return IBroker implementations will return an AuthenticationResult object + */ + default IAuthenticationResult acquireToken(PublicClientApplication application, UserNamePasswordParameters requestParameters) { + throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); + } + + default CompletableFuture removeAccount(IAccount account) { + throw new MsalClientException("Broker implementation missing", AuthenticationErrorCode.MISSING_BROKER); + } +} \ No newline at end of file diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalAzureSDKException.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalAzureSDKException.java new file mode 100644 index 00000000..0157d696 --- /dev/null +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/MsalAzureSDKException.java @@ -0,0 +1,14 @@ +package com.microsoft.aad.msal4j; + +/** + * Exception type thrown when Azure SDK returns an error response. + */ +public class MsalAzureSDKException extends MsalException{ + public MsalAzureSDKException(Throwable throwable) { + super(throwable); + } + + public MsalAzureSDKException(String message, String errorCode) { + super(message, errorCode); + } +} \ No newline at end of file diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java index af09cb91..6714b82b 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/CacheFormatTests.java @@ -3,8 +3,6 @@ package com.microsoft.aad.msal4j; -import com.fasterxml.jackson.databind.DeserializationFeature; -import com.fasterxml.jackson.databind.ObjectMapper; import com.nimbusds.oauth2.sdk.ParseException; import com.nimbusds.oauth2.sdk.http.HTTPResponse; import com.nimbusds.oauth2.sdk.util.JSONObjectUtils; @@ -26,9 +24,6 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Paths; -import java.sql.Time; -import java.time.Duration; -import java.time.Instant; import java.util.*; import static com.microsoft.aad.msal4j.Constants.POINT_DELIMITER; diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificatePkcs12Test.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificatePkcs12Test.java new file mode 100644 index 00000000..112a8f11 --- /dev/null +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCertificatePkcs12Test.java @@ -0,0 +1,75 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +package com.microsoft.aad.msal4j; + +import org.easymock.EasyMock; +import org.testng.annotations.BeforeMethod; +import org.testng.annotations.Test; + +import java.security.KeyStore; +import java.security.KeyStoreSpi; +import java.util.Arrays; +import java.util.Collections; + +import static org.testng.AssertJUnit.assertEquals; + +@Test +public class ClientCertificatePkcs12Test extends AbstractMsalTests { + + private KeyStoreSpi keyStoreSpi; + private KeyStore keystore; + + @BeforeMethod + public void setUp() throws Exception { + keyStoreSpi = EasyMock.createMock(KeyStoreSpi.class); + keystore = new KeyStore(keyStoreSpi, null, "PKCS12") {}; + keystore.load(null); + } + + @Test(expectedExceptions = IllegalArgumentException.class, expectedExceptionsMessageRegExp = "certificate not loaded from input stream") + public void testNoEntries() throws Exception { + EasyMock.expect(keyStoreSpi.engineAliases()) + .andReturn(Collections.enumeration(Collections.emptyList())).times(1); + EasyMock.replay(keyStoreSpi); + + ClientCertificate.getPrivateKeyAlias(keystore); + } + + @Test(expectedExceptions = IllegalArgumentException.class, expectedExceptionsMessageRegExp = "certificate not loaded from input stream") + public void testNoPrivateKey() throws Exception { + EasyMock.expect(keyStoreSpi.engineAliases()) + .andReturn(Collections.enumeration(Arrays.asList("CA_cert1", "CA_cert2"))).times(1); + EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("CA_cert1", KeyStore.PrivateKeyEntry.class)).andReturn(false).times(1); + EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("CA_cert2", KeyStore.PrivateKeyEntry.class)).andReturn(false).times(1); + EasyMock.replay(keyStoreSpi); + + ClientCertificate.getPrivateKeyAlias(keystore); + } + + @Test(expectedExceptions = IllegalArgumentException.class, expectedExceptionsMessageRegExp = "more than one certificate alias found in input stream") + public void testMultiplePrivateKeyAliases() throws Exception { + EasyMock.expect(keyStoreSpi.engineAliases()) + .andReturn(Collections.enumeration(Arrays.asList("private_key1", "private_key2", "CA_cert"))).times(1); + EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("private_key1", KeyStore.PrivateKeyEntry.class)).andReturn(true).times(1); + EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("private_key2", KeyStore.PrivateKeyEntry.class)).andReturn(true).times(1); + EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("CA_cert", KeyStore.PrivateKeyEntry.class)).andReturn(false).times(1); + EasyMock.replay(keyStoreSpi); + + ClientCertificate.getPrivateKeyAlias(keystore); + } + + @Test + public void testMultipleEntriesButOnlyOnePrivateKey() throws Exception { + EasyMock.expect(keyStoreSpi.engineAliases()) + .andReturn(Collections.enumeration(Arrays.asList("CA_cert1", "private_key", "CA_cert2"))).times(1); + EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("CA_cert1", KeyStore.PrivateKeyEntry.class)).andReturn(false).times(1); + EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("private_key", KeyStore.PrivateKeyEntry.class)).andReturn(true).times(1); + EasyMock.expect(keyStoreSpi.engineEntryInstanceOf("CA_cert2", KeyStore.PrivateKeyEntry.class)).andReturn(false).times(1); + EasyMock.replay(keyStoreSpi); + + String privateKeyAlias = ClientCertificate.getPrivateKeyAlias(keystore); + assertEquals("private_key", privateKeyAlias); + } + +} \ No newline at end of file diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java index 6328df36..12ea22eb 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DefaultHttpClientTest.java @@ -9,7 +9,6 @@ import org.powermock.core.classloader.annotations.PrepareForTest; import org.powermock.modules.testng.PowerMockTestCase; import org.testng.Assert; -import org.testng.annotations.BeforeMethod; import org.testng.annotations.Test; import javax.net.ssl.HttpsURLConnection; diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java index c8e8f442..1ac60c59 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/DeviceCodeFlowTest.java @@ -24,8 +24,6 @@ import java.util.concurrent.atomic.AtomicReference; import java.util.function.Consumer; -import static com.microsoft.aad.msal4j.TestConfiguration.*; - @Test(groups = {"checkin"}) @PrepareForTest({HttpHelper.class, PublicClientApplication.class}) @@ -76,7 +74,7 @@ public void deviceCodeFlowTest() throws Exception { HttpResponse instanceDiscoveryResponse = new HttpResponse(); instanceDiscoveryResponse.statusCode(200); - instanceDiscoveryResponse.body(INSTANCE_DISCOVERY_RESPONSE); + instanceDiscoveryResponse.body(TestConfiguration.INSTANCE_DISCOVERY_RESPONSE); EasyMock.expect( HttpHelper.executeHttpRequest( @@ -121,19 +119,19 @@ public void deviceCodeFlowTest() throws Exception { PowerMock.replay(app); IAuthenticationResult authResult = app.acquireToken( - DeviceCodeFlowParameters.builder(Collections.singleton(AAD_RESOURCE_ID), deviceCodeConsumer) + DeviceCodeFlowParameters.builder(Collections.singleton(TestConfiguration.AAD_RESOURCE_ID), deviceCodeConsumer) .build()) .get(); // validate HTTP GET request used to get device code URL url = capturedHttpRequest.getValue().url(); - Assert.assertEquals(url.getAuthority(), AAD_PREFERRED_NETWORK_ENV_ALIAS); + Assert.assertEquals(url.getAuthority(), TestConfiguration.AAD_PREFERRED_NETWORK_ENV_ALIAS); Assert.assertEquals(url.getPath(), - "/" + AAD_TENANT_NAME + "/" + AADAuthority.DEVICE_CODE_ENDPOINT); + "/" + TestConfiguration.AAD_TENANT_NAME + "/" + AADAuthority.DEVICE_CODE_ENDPOINT); String expectedScope = URLEncoder.encode(AbstractMsalAuthorizationGrant.COMMON_SCOPES_PARAM + - AbstractMsalAuthorizationGrant.SCOPES_DELIMITER + AAD_RESOURCE_ID, "UTF-8"); - String expectedBody = String.format("scope=%s&client_id=%s", expectedScope, AAD_CLIENT_ID); + AbstractMsalAuthorizationGrant.SCOPES_DELIMITER + TestConfiguration.AAD_RESOURCE_ID, "UTF-8"); + String expectedBody = String.format("scope=%s&client_id=%s", expectedScope, TestConfiguration.AAD_CLIENT_ID); String body = capturedHttpRequest.getValue().body(); Assert.assertEquals(body, expectedBody); @@ -157,7 +155,7 @@ public void executeAcquireDeviceCode_B2CAuthorityUsed_IllegalArgumentExceptionTh app.acquireToken (DeviceCodeFlowParameters - .builder(Collections.singleton(AAD_RESOURCE_ID), (DeviceCode deviceCode) -> { + .builder(Collections.singleton(TestConfiguration.AAD_RESOURCE_ID), (DeviceCode deviceCode) -> { }) .build()); } @@ -175,7 +173,7 @@ public void executeAcquireDeviceCode_AuthenticaionPendingErrorReturned_Authentic }; app = PublicClientApplication.builder("client_id") - .authority(AAD_TENANT_ENDPOINT) + .authority(TestConfiguration.AAD_TENANT_ENDPOINT) .validateAuthority(false) .correlationId("corr_id") .build(); diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java index dd8433a9..e465b409 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/MsalOauthAuthorizatonGrantTest.java @@ -11,8 +11,6 @@ import java.net.URI; import java.net.URISyntaxException; import java.util.HashMap; -import java.util.List; -import java.util.Map; /** * From 2806b758c0b43ddaf99561b850eed95b3b3c7866 Mon Sep 17 00:00:00 2001 From: Avery-Dunn Date: Tue, 2 May 2023 09:22:05 -0700 Subject: [PATCH 65/65] Manually resolve differences between main and dev branches --- .../microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java | 1 - .../java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java | 1 - 2 files changed, 2 deletions(-) diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java index dcef3ec7..e63fb37d 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAppProviderSupplier.java @@ -70,7 +70,6 @@ public AuthenticationResult fetchTokenUsingAppTokenProvider(AppTokenProviderPara TokenProviderResult tokenProviderResult; try{ - CompletableFuture completableFuture = this.clientCredentialRequest.appTokenProvider.apply(appTokenProviderParameters); tokenProviderResult = completableFuture.get(); diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java index 06dcc39e..78f5260c 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java @@ -115,7 +115,6 @@ public class AuthenticationErrorCode { * A JWT parsing failure, indicating the JWT provided to MSAL is of invalid format. */ public final static String INVALID_JWT = "invalid_jwt"; - /** * Indicates that a Broker implementation is missing from the device, such as when an app developer * does not include one of our broker packages as a dependency in their project, or otherwise cannot