use of com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme in project microsoft-authentication-library-common-for-android by AzureAD.
the class MsalBrokerRequestAdapter method getAuthenticationScheme.
@NonNull
private static AbstractAuthenticationScheme getAuthenticationScheme(@NonNull final Context context, @NonNull final BrokerRequest request) {
final AbstractAuthenticationScheme requestScheme = request.getAuthenticationScheme();
if (null == requestScheme) {
// Default assumes the scheme is Bearer
return new BearerAuthenticationSchemeInternal();
} else {
if (requestScheme instanceof PopAuthenticationSchemeInternal) {
final IClockSkewManager clockSkewManager = new ClockSkewManager(context);
((PopAuthenticationSchemeInternal) requestScheme).setClockSkewManager(clockSkewManager);
}
return requestScheme;
}
}
use of com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme in project microsoft-authentication-library-common-for-android by AzureAD.
the class LocalMSALController method acquireTokenSilent.
@Override
public AcquireTokenResult acquireTokenSilent(@NonNull final SilentTokenCommandParameters parameters) throws IOException, ClientException, ArgumentException, ServiceException {
final String methodName = ":acquireTokenSilent";
Logger.verbose(TAG + methodName, "Acquiring token silently...");
Telemetry.emit(new ApiStartEvent().putProperties(parameters).putApiId(TelemetryEventStrings.Api.LOCAL_ACQUIRE_TOKEN_SILENT));
final AcquireTokenResult acquireTokenSilentResult = new AcquireTokenResult();
// Validate MSAL Parameters
parameters.validate();
// Add default scopes
final Set<String> mergedScopes = addDefaultScopes(parameters);
final SilentTokenCommandParameters parametersWithScopes = parameters.toBuilder().scopes(mergedScopes).build();
@SuppressWarnings(WarningType.rawtype_warning) final OAuth2TokenCache tokenCache = parametersWithScopes.getOAuth2TokenCache();
final AccountRecord targetAccount = getCachedAccountRecord(parametersWithScopes);
// Build up params for Strategy construction
final AbstractAuthenticationScheme authScheme = parametersWithScopes.getAuthenticationScheme();
final OAuth2StrategyParameters strategyParameters = new OAuth2StrategyParameters();
strategyParameters.setContext(parametersWithScopes.getAndroidApplicationContext());
@SuppressWarnings(WarningType.rawtype_warning) final OAuth2Strategy strategy = parametersWithScopes.getAuthority().createOAuth2Strategy(strategyParameters);
// Suppressing unchecked warning of converting List<ICacheRecord> to List due to generic type not provided for tokenCache
@SuppressWarnings(WarningType.unchecked_warning) final List<ICacheRecord> cacheRecords = tokenCache.loadWithAggregatedAccountData(parametersWithScopes.getClientId(), TextUtils.join(" ", parametersWithScopes.getScopes()), targetAccount, authScheme);
// The first element is the 'fully-loaded' CacheRecord which may contain the AccountRecord,
// AccessTokenRecord, RefreshTokenRecord, and IdTokenRecord... (if all of those artifacts exist)
// subsequent CacheRecords represent other profiles (projections) of this principal in
// other tenants. Those tokens will be 'sparse', meaning that their AT/RT will not be loaded
final ICacheRecord fullCacheRecord = cacheRecords.get(0);
if (accessTokenIsNull(fullCacheRecord) || refreshTokenIsNull(fullCacheRecord) || parametersWithScopes.isForceRefresh() || !isRequestAuthorityRealmSameAsATRealm(parametersWithScopes.getAuthority(), fullCacheRecord.getAccessToken()) || !strategy.validateCachedResult(authScheme, fullCacheRecord)) {
if (!refreshTokenIsNull(fullCacheRecord)) {
// No AT found, but the RT checks out, so we'll use it
Logger.verbose(TAG + methodName, "No access token found, but RT is available.");
renewAccessToken(parametersWithScopes, acquireTokenSilentResult, tokenCache, strategy, fullCacheRecord);
} else {
// TODO need the refactor, should just throw the ui required exception, rather than
// wrap the exception later in the exception wrapper.
final ClientException exception = new ClientException(ErrorStrings.NO_TOKENS_FOUND, "No refresh token was found. ");
Telemetry.emit(new ApiEndEvent().putException(exception).putApiId(TelemetryEventStrings.Api.LOCAL_ACQUIRE_TOKEN_SILENT));
throw exception;
}
} else if (fullCacheRecord.getAccessToken().isExpired()) {
Logger.warn(TAG + methodName, "Access token is expired. Removing from cache...");
// Remove the expired token
tokenCache.removeCredential(fullCacheRecord.getAccessToken());
Logger.verbose(TAG + methodName, "Renewing access token...");
// Request a new AT
renewAccessToken(parametersWithScopes, acquireTokenSilentResult, tokenCache, strategy, fullCacheRecord);
} else {
Logger.verbose(TAG + methodName, "Returning silent result");
// the result checks out, return that....
acquireTokenSilentResult.setLocalAuthenticationResult(new LocalAuthenticationResult(finalizeCacheRecordForResult(fullCacheRecord, parametersWithScopes.getAuthenticationScheme()), cacheRecords, SdkType.MSAL, true));
}
Telemetry.emit(new ApiEndEvent().putResult(acquireTokenSilentResult).putApiId(TelemetryEventStrings.Api.LOCAL_ACQUIRE_TOKEN_SILENT));
return acquireTokenSilentResult;
}
use of com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme in project microsoft-authentication-library-common-for-android by AzureAD.
the class ApiStartEvent method putProperties.
public ApiStartEvent putProperties(@Nullable final CommandParameters parameters) {
if (parameters == null) {
return this;
}
if (parameters.getSdkType() != null) {
put(Key.SDK_NAME, parameters.getSdkType().name());
}
put(Key.SDK_VERSION, parameters.getSdkVersion());
// Pii
put(Key.REDIRECT_URI, parameters.getRedirectUri());
// Pii
put(Key.CLIENT_ID, parameters.getClientId());
put(Key.BROKER_PROTOCOL_VERSION, String.valueOf(parameters.getRequiredBrokerProtocolVersion()));
if (parameters instanceof TokenCommandParameters) {
final TokenCommandParameters tokenCommandParameters = (TokenCommandParameters) parameters;
final Authority authority = tokenCommandParameters.getAuthority();
if (authority != null) {
if (authority.getAuthorityURL() != null) {
// Pii
put(Key.AUTHORITY, authority.getAuthorityURL().getAuthority());
}
put(Key.AUTHORITY_TYPE, authority.getAuthorityTypeString());
}
put(Key.CLAIM_REQUEST, StringUtil.isEmpty(tokenCommandParameters.getClaimsRequestJson()) ? Value.FALSE : Value.TRUE);
if (tokenCommandParameters.getScopes() != null) {
put(Key.SCOPE_SIZE, String.valueOf(tokenCommandParameters.getScopes().size()));
// Pii
put(Key.SCOPE, tokenCommandParameters.getScopes().toString());
}
final AbstractAuthenticationScheme authScheme = tokenCommandParameters.getAuthenticationScheme();
if (null != authScheme) {
put(Key.AUTHENTICATION_SCHEME, authScheme.getName());
}
}
if (parameters instanceof InteractiveTokenCommandParameters) {
final InteractiveTokenCommandParameters atOperationParameters = (InteractiveTokenCommandParameters) parameters;
if (atOperationParameters.getAuthorizationAgent() != null) {
put(Key.USER_AGENT, atOperationParameters.getAuthorizationAgent().name());
}
put(// Pii
Key.LOGIN_HINT, atOperationParameters.getLoginHint());
if (atOperationParameters.getExtraQueryStringParameters() != null) {
put(// Pii
Key.REQUEST_QUERY_PARAMS, String.valueOf(atOperationParameters.getExtraQueryStringParameters().size()));
}
if (atOperationParameters.getPrompt() != null) {
put(Key.PROMPT_BEHAVIOR, atOperationParameters.getPrompt().toString());
}
}
if (parameters instanceof SilentTokenCommandParameters) {
final SilentTokenCommandParameters silentParameters = (SilentTokenCommandParameters) parameters;
if (silentParameters.getAccount() != null) {
// Pii
put(Key.USER_ID, silentParameters.getAccount().getHomeAccountId());
}
put(Key.IS_FORCE_REFRESH, String.valueOf(silentParameters.isForceRefresh()));
}
if (parameters instanceof BrokerInteractiveTokenCommandParameters) {
// TODO when integrate the telemetry with broker.
}
if (parameters instanceof BrokerSilentTokenCommandParameters) {
// TODO when integrate the telemetry with broker.
}
return this;
}
Aggregations