Examples with AzureActiveDirectoryAuthority com.microsoft.identity.common.internal.authorities.AzureActiveDirectoryAuthority used on opensource projects

Example 1 with AzureActiveDirectoryAuthority

use of com.microsoft.identity.common.internal.authorities.AzureActiveDirectoryAuthority in project microsoft-authentication-library-common-for-android by AzureAD.

the class AdalBrokerRequestAdapter method brokerInteractiveParametersFromActivity.

@Override
public BrokerInteractiveTokenCommandParameters brokerInteractiveParametersFromActivity(@NonNull final Activity callingActivity) {
    final String methodName = "brokerInteractiveParametersFromActivity";
    Logger.verbose(TAG + methodName, "Constructing BrokerAcquireTokenOperationParameters from activity ");
    final Intent intent = callingActivity.getIntent();
    final int callingAppUid = intent.getIntExtra(AuthenticationConstants.Broker.CALLER_INFO_UID, 0);
    // There are two constants that need to be checked for the presence of the caller pkg name:
    // 1. CALLER_INFO_PACKAGE
    // 2. APP_PACKAGE_NAME
    // 
    // But wait! There are also versions of the ADAL library (Android) that did not send this value
    // in those cases, we simply 'lie' and say that the request came from **current** execution
    // context. This will not always be correct. We'll set a flag here to signal when the param
    // is used.
    final boolean callerPackageNameProvided = packageNameWasProvidedInBundle(intent.getExtras());
    String redirectUri;
    // If the caller package name was provided, compute their redirect
    if (callerPackageNameProvided) {
        // V1 Broker would compute the redirect_uri for the calling package, rather than
        // 'trust' the provided value -- this had the unfortunate consequence of allowing
        // callers to pass non-URL-encoded signature hashes into the library despite the documentation
        // prescribing otherwise. The ADAL.NET implementation unfortunately RELIES on this behavior,
        // forcing customers to use non-encoded values in order to pass validation check inside of
        // ADAL.NET. In order to not regress this experience, the redirect URI must now be computed
        // meaning that the ACCOUNT_REDIRECT parameter is basically ignored.
        redirectUri = BrokerValidator.getBrokerRedirectUri(callingActivity, getPackageNameFromBundle(intent.getExtras(), callingActivity.getApplicationContext()));
    } else {
        // The caller's package name was not provided, so we cannot compute the redirect for them.
        // In this case, use the provided value...
        redirectUri = intent.getStringExtra(AuthenticationConstants.Broker.ACCOUNT_REDIRECT);
    }
    final List<Pair<String, String>> extraQP = getExtraQueryParamAsList(intent.getStringExtra(AuthenticationConstants.Broker.ACCOUNT_EXTRA_QUERY_PARAM));
    final AzureActiveDirectoryAuthority authority = getRequestAuthorityWithExtraQP(intent.getStringExtra(AuthenticationConstants.Broker.ACCOUNT_AUTHORITY), extraQP);
    // We need to explicitly add tenant id as organizations if we want similar behavior from V2 endpoint
    if (AzureActiveDirectoryAudience.ALL.equalsIgnoreCase(authority.getAudience().getTenantId())) {
        authority.getAudience().setTenantId(AzureActiveDirectoryAudience.ORGANIZATIONS);
    }
    final String resource = intent.getStringExtra(AuthenticationConstants.Broker.ACCOUNT_RESOURCE);
    final Set<String> scopes = new HashSet<>();
    scopes.add(TokenCacheItemMigrationAdapter.getScopeFromResource(resource));
    String correlationIdString = intent.getStringExtra(AuthenticationConstants.Broker.ACCOUNT_CORRELATIONID);
    if (TextUtils.isEmpty(correlationIdString)) {
        Logger.info(TAG, "Correlation id not set by Adal, creating a new one");
        UUID correlationId = UUID.randomUUID();
        correlationIdString = correlationId.toString();
    }
    final BrokerInteractiveTokenCommandParameters commandParameters = BrokerInteractiveTokenCommandParameters.builder().authenticationScheme(new BearerAuthenticationSchemeInternal()).activity(callingActivity).androidApplicationContext(callingActivity.getApplicationContext()).sdkType(SdkType.ADAL).sdkVersion(intent.getStringExtra(AuthenticationConstants.Broker.ADAL_VERSION_KEY)).callerUid(callingAppUid).callerPackageName(getPackageNameFromBundle(intent.getExtras(), callingActivity.getApplicationContext())).callerAppVersion(intent.getStringExtra(AuthenticationConstants.AAD.APP_VERSION)).extraQueryStringParameters(extraQP).authority(authority).scopes(scopes).clientId(intent.getStringExtra(AuthenticationConstants.Broker.ACCOUNT_CLIENTID_KEY)).redirectUri(redirectUri).loginHint(intent.getStringExtra(AuthenticationConstants.Broker.ACCOUNT_NAME)).correlationId(correlationIdString).claimsRequestJson(intent.getStringExtra(AuthenticationConstants.Broker.ACCOUNT_CLAIMS)).prompt(OpenIdConnectPromptParameter._fromPromptBehavior(intent.getStringExtra(AuthenticationConstants.Broker.ACCOUNT_PROMPT))).authorizationAgent(AuthorizationAgent.WEBVIEW).build();
    return commandParameters;
}

Example 2 with AzureActiveDirectoryAuthority

use of com.microsoft.identity.common.internal.authorities.AzureActiveDirectoryAuthority in project microsoft-authentication-library-common-for-android by AzureAD.

the class AdalBrokerRequestAdapter method getRequestAuthorityWithExtraQP.

/**
 * TODO : Refactor to remove this code and move the logic to better place
 */
public static AzureActiveDirectoryAuthority getRequestAuthorityWithExtraQP(final String authority, final List<Pair<String, String>> extraQP) {
    final AzureActiveDirectoryAuthority requestAuthority = (AzureActiveDirectoryAuthority) Authority.getAuthorityFromAuthorityUrl(authority);
    if (extraQP != null) {
        AzureActiveDirectorySlice slice = new AzureActiveDirectorySlice();
        Iterator<Pair<String, String>> itr = extraQP.iterator();
        Pair<String, String> parameter;
        while (itr.hasNext() && (parameter = itr.next()) != null) {
            if (StringUtil.isEmpty(parameter.first)) {
                Logger.warn(TAG, "The extra query parameter.first is empty.");
            } else if (MicrosoftAuthorizationRequest.INSTANCE_AWARE.equalsIgnoreCase(parameter.first)) {
                Logger.info(TAG, "Set the extra query parameter mMultipleCloudAware" + " for MicrosoftStsAuthorizationRequest.");
                Logger.infoPII(TAG, "Set the mMultipleCloudAware to " + (parameter.second == null ? "null" : parameter.second));
                requestAuthority.mMultipleCloudsSupported = null != parameter.second && Boolean.TRUE.toString().equalsIgnoreCase(parameter.second);
                itr.remove();
            } else if (AzureActiveDirectorySlice.SLICE_PARAMETER.equalsIgnoreCase(parameter.first)) {
                slice.setSlice(parameter.second);
                itr.remove();
            } else if (AzureActiveDirectorySlice.DC_PARAMETER.equalsIgnoreCase(parameter.first)) {
                slice.setDataCenter(parameter.second);
                itr.remove();
            }
        }
        Logger.verbose(TAG, "Set the extra query parameter mSlice" + " for MicrosoftStsAuthorizationRequest.");
        Logger.verbosePII(TAG, "Set the mSlice to " + slice.toString());
        requestAuthority.mSlice = slice;
    }
    return requestAuthority;
}

Example 3 with AzureActiveDirectoryAuthority

use of com.microsoft.identity.common.internal.authorities.AzureActiveDirectoryAuthority in project microsoft-authentication-library-common-for-android by AzureAD.

the class MsalBrokerRequestAdapter method brokerSilentParametersFromBundle.

@Override
public BrokerSilentTokenCommandParameters brokerSilentParametersFromBundle(@NonNull final Bundle bundle, @NonNull final Context context, @NonNull final Account account) {
    Logger.info(TAG, "Constructing BrokerAcquireTokenSilentOperationParameters from result bundle");
    final BrokerRequest brokerRequest = brokerRequestFromBundle(bundle);
    if (brokerRequest == null) {
        Logger.error(TAG, "Broker Result is null, returning empty parameters, " + "validation is expected to fail", null);
        return BrokerSilentTokenCommandParameters.builder().build();
    }
    int callingAppUid = bundle.getInt(CALLER_INFO_UID);
    final Authority authority = Authority.getAuthorityFromAuthorityUrl(brokerRequest.getAuthority());
    if (authority instanceof AzureActiveDirectoryAuthority) {
        ((AzureActiveDirectoryAuthority) authority).setMultipleCloudsSupported(brokerRequest.isMultipleCloudsSupported());
    }
    String correlationIdString = brokerRequest.getCorrelationId();
    if (TextUtils.isEmpty(correlationIdString)) {
        UUID correlationId = UUID.randomUUID();
        correlationIdString = correlationId.toString();
    }
    final String negotiatedBrokerProtocolVersion = bundle.getString(NEGOTIATED_BP_VERSION_KEY);
    List<Pair<String, String>> extraOptions = QueryParamsAdapter._fromJson(brokerRequest.getExtraOptions());
    final BrokerSilentTokenCommandParameters commandParameters = BrokerSilentTokenCommandParameters.builder().authenticationScheme(getAuthenticationScheme(context, brokerRequest)).androidApplicationContext(context).accountManagerAccount(account).sdkType(brokerRequest.getSdkType() == null ? SdkType.MSAL : brokerRequest.getSdkType()).sdkVersion(brokerRequest.getMsalVersion()).callerUid(callingAppUid).applicationName(brokerRequest.getApplicationName()).applicationVersion(brokerRequest.getApplicationVersion()).callerPackageName(brokerRequest.getApplicationName()).callerAppVersion(brokerRequest.getApplicationVersion()).authority(authority).correlationId(correlationIdString).scopes(getScopesAsSet(brokerRequest.getScope())).redirectUri(brokerRequest.getRedirect()).extraOptions(extraOptions).clientId(brokerRequest.getClientId()).forceRefresh(brokerRequest.isForceRefresh()).claimsRequestJson(brokerRequest.getClaims()).loginHint(brokerRequest.getUserName()).homeAccountId(brokerRequest.getHomeAccountId()).localAccountId(brokerRequest.getLocalAccountId()).negotiatedBrokerProtocolVersion(negotiatedBrokerProtocolVersion).powerOptCheckEnabled(brokerRequest.isPowerOptCheckEnabled()).build();
    // Set Global environment variable for instance discovery if present
    if (!TextUtils.isEmpty(brokerRequest.getEnvironment())) {
        AzureActiveDirectory.setEnvironment(Environment.valueOf(brokerRequest.getEnvironment()));
    }
    return commandParameters;
}

Example 4 with AzureActiveDirectoryAuthority

use of com.microsoft.identity.common.internal.authorities.AzureActiveDirectoryAuthority in project microsoft-authentication-library-common-for-android by AzureAD.

the class BaseController method initializeAuthorizationRequestBuilder.

/**
 * Pre-filled ALL the fields in AuthorizationRequest.Builder
 */
// Suppressing rawtype warnings due to the generic type Builder
@SuppressWarnings(WarningType.rawtype_warning)
protected final AuthorizationRequest.Builder initializeAuthorizationRequestBuilder(@NonNull final AuthorizationRequest.Builder builder, @NonNull final TokenCommandParameters parameters) {
    UUID correlationId = null;
    try {
        correlationId = UUID.fromString(DiagnosticContext.getRequestContext().get(DiagnosticContext.CORRELATION_ID));
    } catch (IllegalArgumentException ex) {
        Logger.error(TAG, "correlation id from diagnostic context is not a UUID", ex);
    }
    builder.setClientId(parameters.getClientId()).setRedirectUri(parameters.getRedirectUri()).setCorrelationId(correlationId);
    final Set<String> scopes = parameters.getScopes();
    if (parameters instanceof InteractiveTokenCommandParameters) {
        InteractiveTokenCommandParameters interactiveTokenCommandParameters = (InteractiveTokenCommandParameters) parameters;
        // Set the multipleCloudAware and slice fields.
        if (interactiveTokenCommandParameters.getAuthority() instanceof AzureActiveDirectoryAuthority) {
            final AzureActiveDirectoryAuthority requestAuthority = (AzureActiveDirectoryAuthority) interactiveTokenCommandParameters.getAuthority();
            ((MicrosoftAuthorizationRequest.Builder) builder).setAuthority(requestAuthority.getAuthorityURL()).setMultipleCloudAware(requestAuthority.mMultipleCloudsSupported).setSlice(requestAuthority.mSlice);
        }
        if (builder instanceof MicrosoftStsAuthorizationRequest.Builder) {
            ((MicrosoftStsAuthorizationRequest.Builder) builder).setTokenScope(TextUtils.join(" ", parameters.getScopes()));
        }
        if (interactiveTokenCommandParameters.getExtraScopesToConsent() != null) {
            scopes.addAll(interactiveTokenCommandParameters.getExtraScopesToConsent());
        }
        final HashMap<String, String> completeRequestHeaders = new HashMap<>();
        if (interactiveTokenCommandParameters.getRequestHeaders() != null) {
            completeRequestHeaders.putAll(interactiveTokenCommandParameters.getRequestHeaders());
        }
        completeRequestHeaders.put(AuthenticationConstants.AAD.APP_PACKAGE_NAME, parameters.getApplicationName());
        completeRequestHeaders.put(AuthenticationConstants.AAD.APP_VERSION, parameters.getApplicationVersion());
        // Add additional fields to the AuthorizationRequest.Builder to support interactive
        setBuilderProperties(builder, parameters, interactiveTokenCommandParameters, completeRequestHeaders);
        // We don't want to show the SELECT_ACCOUNT page if login_hint is set.
        if (!StringExtensions.isNullOrBlank(interactiveTokenCommandParameters.getLoginHint()) && interactiveTokenCommandParameters.getPrompt() == OpenIdConnectPromptParameter.SELECT_ACCOUNT) {
            builder.setPrompt(null);
        }
    }
    builder.setScope(TextUtils.join(" ", scopes));
    return builder;
}

Example 5 with AzureActiveDirectoryAuthority

use of com.microsoft.identity.common.internal.authorities.AzureActiveDirectoryAuthority in project microsoft-authentication-library-common-for-android by AzureAD.

the class MsalBrokerRequestAdapter method brokerInteractiveParametersFromActivity.

@Override
public BrokerInteractiveTokenCommandParameters brokerInteractiveParametersFromActivity(@NonNull final Activity callingActivity) {
    Logger.info(TAG, "Constructing BrokerAcquireTokenOperationParameters from calling activity");
    final Intent intent = callingActivity.getIntent();
    final BrokerRequest brokerRequest = brokerRequestFromBundle(intent.getExtras());
    if (brokerRequest == null) {
        Logger.error(TAG, "Broker Result is null, returning empty parameters, " + "validation is expected to fail", null);
        return BrokerInteractiveTokenCommandParameters.builder().build();
    }
    int callingAppUid = intent.getIntExtra(CALLER_INFO_UID, 0);
    List<Pair<String, String>> extraQP = QueryParamsAdapter._fromJson(brokerRequest.getExtraQueryStringParameter());
    List<Pair<String, String>> extraOptions = QueryParamsAdapter._fromJson(brokerRequest.getExtraOptions());
    ;
    final AzureActiveDirectoryAuthority authority = AdalBrokerRequestAdapter.getRequestAuthorityWithExtraQP(brokerRequest.getAuthority(), extraQP);
    if (authority != null) {
        authority.setMultipleCloudsSupported(brokerRequest.isMultipleCloudsSupported());
    }
    String correlationIdString = brokerRequest.getCorrelationId();
    if (TextUtils.isEmpty(correlationIdString)) {
        UUID correlationId = UUID.randomUUID();
        correlationIdString = correlationId.toString();
    }
    final String negotiatedBrokerProtocolVersion = intent.getStringExtra(NEGOTIATED_BP_VERSION_KEY);
    Logger.info(TAG, "Authorization agent passed in by MSAL: " + brokerRequest.getAuthorizationAgent());
    @SuppressWarnings("rawtypes") final BrokerInteractiveTokenCommandParameters.BrokerInteractiveTokenCommandParametersBuilder commandParametersBuilder = BrokerInteractiveTokenCommandParameters.builder().authenticationScheme(getAuthenticationScheme(callingActivity, brokerRequest)).activity(callingActivity).androidApplicationContext(callingActivity.getApplicationContext()).sdkType(brokerRequest.getSdkType() == null ? SdkType.MSAL : brokerRequest.getSdkType()).sdkVersion(brokerRequest.getMsalVersion()).callerUid(callingAppUid).applicationName(brokerRequest.getApplicationName()).applicationVersion(brokerRequest.getApplicationVersion()).callerPackageName(brokerRequest.getApplicationName()).callerAppVersion(brokerRequest.getApplicationVersion()).extraQueryStringParameters(extraQP).authority(authority).extraOptions(extraOptions).scopes(getScopesAsSet(brokerRequest.getScope())).clientId(brokerRequest.getClientId()).redirectUri(brokerRequest.getRedirect()).loginHint(brokerRequest.getUserName()).correlationId(correlationIdString).claimsRequestJson(brokerRequest.getClaims()).prompt(brokerRequest.getPrompt() != null ? OpenIdConnectPromptParameter.valueOf(brokerRequest.getPrompt()) : OpenIdConnectPromptParameter.UNSET).negotiatedBrokerProtocolVersion(negotiatedBrokerProtocolVersion).powerOptCheckEnabled(brokerRequest.isPowerOptCheckEnabled());
    if (AuthorizationAgent.BROWSER.name().equalsIgnoreCase(brokerRequest.getAuthorizationAgent()) && isCallingPackageIntune(brokerRequest.getApplicationName())) {
        // TODO : Remove this whenever we enable System Browser support in Broker for apps.
        Logger.info(TAG, "Setting Authorization Agent to Browser for Intune app");
        buildCommandParameterBuilder(commandParametersBuilder);
    } else {
        commandParametersBuilder.authorizationAgent(AuthorizationAgent.WEBVIEW);
    }
    // Set Global environment variable for instance discovery if present
    if (!TextUtils.isEmpty(brokerRequest.getEnvironment())) {
        AzureActiveDirectory.setEnvironment(Environment.valueOf(brokerRequest.getEnvironment()));
    }
    return commandParametersBuilder.build();
}