Search in sources :

Example 1 with AbstractAuthenticationScheme

use of com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme in project microsoft-authentication-library-common-for-android by AzureAD.

the class MsalBrokerRequestAdapter method getAuthenticationScheme.

@NonNull
private static AbstractAuthenticationScheme getAuthenticationScheme(@NonNull final Context context, @NonNull final BrokerRequest request) {
    final AbstractAuthenticationScheme requestScheme = request.getAuthenticationScheme();
    if (null == requestScheme) {
        // Default assumes the scheme is Bearer
        return new BearerAuthenticationSchemeInternal();
    } else {
        if (requestScheme instanceof PopAuthenticationSchemeInternal) {
            final IClockSkewManager clockSkewManager = new ClockSkewManager(context);
            ((PopAuthenticationSchemeInternal) requestScheme).setClockSkewManager(clockSkewManager);
        }
        return requestScheme;
    }
}
Also used : AbstractAuthenticationScheme(com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme) BearerAuthenticationSchemeInternal(com.microsoft.identity.common.internal.authscheme.BearerAuthenticationSchemeInternal) IClockSkewManager(com.microsoft.identity.common.internal.util.IClockSkewManager) IClockSkewManager(com.microsoft.identity.common.internal.util.IClockSkewManager) ClockSkewManager(com.microsoft.identity.common.internal.util.ClockSkewManager) PopAuthenticationSchemeInternal(com.microsoft.identity.common.internal.authscheme.PopAuthenticationSchemeInternal) NonNull(androidx.annotation.NonNull)

Example 2 with AbstractAuthenticationScheme

use of com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme in project microsoft-authentication-library-common-for-android by AzureAD.

the class LocalMSALController method acquireTokenSilent.

@Override
public AcquireTokenResult acquireTokenSilent(@NonNull final SilentTokenCommandParameters parameters) throws IOException, ClientException, ArgumentException, ServiceException {
    final String methodName = ":acquireTokenSilent";
    Logger.verbose(TAG + methodName, "Acquiring token silently...");
    Telemetry.emit(new ApiStartEvent().putProperties(parameters).putApiId(TelemetryEventStrings.Api.LOCAL_ACQUIRE_TOKEN_SILENT));
    final AcquireTokenResult acquireTokenSilentResult = new AcquireTokenResult();
    // Validate MSAL Parameters
    parameters.validate();
    // Add default scopes
    final Set<String> mergedScopes = addDefaultScopes(parameters);
    final SilentTokenCommandParameters parametersWithScopes = parameters.toBuilder().scopes(mergedScopes).build();
    @SuppressWarnings(WarningType.rawtype_warning) final OAuth2TokenCache tokenCache = parametersWithScopes.getOAuth2TokenCache();
    final AccountRecord targetAccount = getCachedAccountRecord(parametersWithScopes);
    // Build up params for Strategy construction
    final AbstractAuthenticationScheme authScheme = parametersWithScopes.getAuthenticationScheme();
    final OAuth2StrategyParameters strategyParameters = new OAuth2StrategyParameters();
    strategyParameters.setContext(parametersWithScopes.getAndroidApplicationContext());
    @SuppressWarnings(WarningType.rawtype_warning) final OAuth2Strategy strategy = parametersWithScopes.getAuthority().createOAuth2Strategy(strategyParameters);
    // Suppressing unchecked warning of converting List<ICacheRecord> to List due to generic type not provided for tokenCache
    @SuppressWarnings(WarningType.unchecked_warning) final List<ICacheRecord> cacheRecords = tokenCache.loadWithAggregatedAccountData(parametersWithScopes.getClientId(), TextUtils.join(" ", parametersWithScopes.getScopes()), targetAccount, authScheme);
    // The first element is the 'fully-loaded' CacheRecord which may contain the AccountRecord,
    // AccessTokenRecord, RefreshTokenRecord, and IdTokenRecord... (if all of those artifacts exist)
    // subsequent CacheRecords represent other profiles (projections) of this principal in
    // other tenants. Those tokens will be 'sparse', meaning that their AT/RT will not be loaded
    final ICacheRecord fullCacheRecord = cacheRecords.get(0);
    if (accessTokenIsNull(fullCacheRecord) || refreshTokenIsNull(fullCacheRecord) || parametersWithScopes.isForceRefresh() || !isRequestAuthorityRealmSameAsATRealm(parametersWithScopes.getAuthority(), fullCacheRecord.getAccessToken()) || !strategy.validateCachedResult(authScheme, fullCacheRecord)) {
        if (!refreshTokenIsNull(fullCacheRecord)) {
            // No AT found, but the RT checks out, so we'll use it
            Logger.verbose(TAG + methodName, "No access token found, but RT is available.");
            renewAccessToken(parametersWithScopes, acquireTokenSilentResult, tokenCache, strategy, fullCacheRecord);
        } else {
            // TODO need the refactor, should just throw the ui required exception, rather than
            // wrap the exception later in the exception wrapper.
            final ClientException exception = new ClientException(ErrorStrings.NO_TOKENS_FOUND, "No refresh token was found. ");
            Telemetry.emit(new ApiEndEvent().putException(exception).putApiId(TelemetryEventStrings.Api.LOCAL_ACQUIRE_TOKEN_SILENT));
            throw exception;
        }
    } else if (fullCacheRecord.getAccessToken().isExpired()) {
        Logger.warn(TAG + methodName, "Access token is expired. Removing from cache...");
        // Remove the expired token
        tokenCache.removeCredential(fullCacheRecord.getAccessToken());
        Logger.verbose(TAG + methodName, "Renewing access token...");
        // Request a new AT
        renewAccessToken(parametersWithScopes, acquireTokenSilentResult, tokenCache, strategy, fullCacheRecord);
    } else {
        Logger.verbose(TAG + methodName, "Returning silent result");
        // the result checks out, return that....
        acquireTokenSilentResult.setLocalAuthenticationResult(new LocalAuthenticationResult(finalizeCacheRecordForResult(fullCacheRecord, parametersWithScopes.getAuthenticationScheme()), cacheRecords, SdkType.MSAL, true));
    }
    Telemetry.emit(new ApiEndEvent().putResult(acquireTokenSilentResult).putApiId(TelemetryEventStrings.Api.LOCAL_ACQUIRE_TOKEN_SILENT));
    return acquireTokenSilentResult;
}
Also used : AcquireTokenResult(com.microsoft.identity.common.internal.result.AcquireTokenResult) SilentTokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.SilentTokenCommandParameters) ICacheRecord(com.microsoft.identity.common.internal.cache.ICacheRecord) OAuth2StrategyParameters(com.microsoft.identity.common.internal.providers.oauth2.OAuth2StrategyParameters) OAuth2Strategy(com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy) AbstractAuthenticationScheme(com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme) OAuth2TokenCache(com.microsoft.identity.common.internal.providers.oauth2.OAuth2TokenCache) ApiEndEvent(com.microsoft.identity.common.internal.telemetry.events.ApiEndEvent) ApiStartEvent(com.microsoft.identity.common.internal.telemetry.events.ApiStartEvent) AccountRecord(com.microsoft.identity.common.internal.dto.AccountRecord) ClientException(com.microsoft.identity.common.exception.ClientException) LocalAuthenticationResult(com.microsoft.identity.common.internal.result.LocalAuthenticationResult)

Example 3 with AbstractAuthenticationScheme

use of com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme in project microsoft-authentication-library-common-for-android by AzureAD.

the class ApiStartEvent method putProperties.

public ApiStartEvent putProperties(@Nullable final CommandParameters parameters) {
    if (parameters == null) {
        return this;
    }
    if (parameters.getSdkType() != null) {
        put(Key.SDK_NAME, parameters.getSdkType().name());
    }
    put(Key.SDK_VERSION, parameters.getSdkVersion());
    // Pii
    put(Key.REDIRECT_URI, parameters.getRedirectUri());
    // Pii
    put(Key.CLIENT_ID, parameters.getClientId());
    put(Key.BROKER_PROTOCOL_VERSION, String.valueOf(parameters.getRequiredBrokerProtocolVersion()));
    if (parameters instanceof TokenCommandParameters) {
        final TokenCommandParameters tokenCommandParameters = (TokenCommandParameters) parameters;
        final Authority authority = tokenCommandParameters.getAuthority();
        if (authority != null) {
            if (authority.getAuthorityURL() != null) {
                // Pii
                put(Key.AUTHORITY, authority.getAuthorityURL().getAuthority());
            }
            put(Key.AUTHORITY_TYPE, authority.getAuthorityTypeString());
        }
        put(Key.CLAIM_REQUEST, StringUtil.isEmpty(tokenCommandParameters.getClaimsRequestJson()) ? Value.FALSE : Value.TRUE);
        if (tokenCommandParameters.getScopes() != null) {
            put(Key.SCOPE_SIZE, String.valueOf(tokenCommandParameters.getScopes().size()));
            // Pii
            put(Key.SCOPE, tokenCommandParameters.getScopes().toString());
        }
        final AbstractAuthenticationScheme authScheme = tokenCommandParameters.getAuthenticationScheme();
        if (null != authScheme) {
            put(Key.AUTHENTICATION_SCHEME, authScheme.getName());
        }
    }
    if (parameters instanceof InteractiveTokenCommandParameters) {
        final InteractiveTokenCommandParameters atOperationParameters = (InteractiveTokenCommandParameters) parameters;
        if (atOperationParameters.getAuthorizationAgent() != null) {
            put(Key.USER_AGENT, atOperationParameters.getAuthorizationAgent().name());
        }
        put(// Pii
        Key.LOGIN_HINT, atOperationParameters.getLoginHint());
        if (atOperationParameters.getExtraQueryStringParameters() != null) {
            put(// Pii
            Key.REQUEST_QUERY_PARAMS, String.valueOf(atOperationParameters.getExtraQueryStringParameters().size()));
        }
        if (atOperationParameters.getPrompt() != null) {
            put(Key.PROMPT_BEHAVIOR, atOperationParameters.getPrompt().toString());
        }
    }
    if (parameters instanceof SilentTokenCommandParameters) {
        final SilentTokenCommandParameters silentParameters = (SilentTokenCommandParameters) parameters;
        if (silentParameters.getAccount() != null) {
            // Pii
            put(Key.USER_ID, silentParameters.getAccount().getHomeAccountId());
        }
        put(Key.IS_FORCE_REFRESH, String.valueOf(silentParameters.isForceRefresh()));
    }
    if (parameters instanceof BrokerInteractiveTokenCommandParameters) {
    // TODO when integrate the telemetry with broker.
    }
    if (parameters instanceof BrokerSilentTokenCommandParameters) {
    // TODO when integrate the telemetry with broker.
    }
    return this;
}
Also used : AbstractAuthenticationScheme(com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme) SilentTokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.SilentTokenCommandParameters) BrokerSilentTokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.BrokerSilentTokenCommandParameters) BrokerSilentTokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.BrokerSilentTokenCommandParameters) InteractiveTokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.InteractiveTokenCommandParameters) BrokerInteractiveTokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.BrokerInteractiveTokenCommandParameters) SilentTokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.SilentTokenCommandParameters) TokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.TokenCommandParameters) BrokerSilentTokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.BrokerSilentTokenCommandParameters) Authority(com.microsoft.identity.common.internal.authorities.Authority) InteractiveTokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.InteractiveTokenCommandParameters) BrokerInteractiveTokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.BrokerInteractiveTokenCommandParameters) BrokerInteractiveTokenCommandParameters(com.microsoft.identity.common.internal.commands.parameters.BrokerInteractiveTokenCommandParameters)

Aggregations

AbstractAuthenticationScheme (com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme)3 SilentTokenCommandParameters (com.microsoft.identity.common.internal.commands.parameters.SilentTokenCommandParameters)2 NonNull (androidx.annotation.NonNull)1 ClientException (com.microsoft.identity.common.exception.ClientException)1 Authority (com.microsoft.identity.common.internal.authorities.Authority)1 BearerAuthenticationSchemeInternal (com.microsoft.identity.common.internal.authscheme.BearerAuthenticationSchemeInternal)1 PopAuthenticationSchemeInternal (com.microsoft.identity.common.internal.authscheme.PopAuthenticationSchemeInternal)1 ICacheRecord (com.microsoft.identity.common.internal.cache.ICacheRecord)1 BrokerInteractiveTokenCommandParameters (com.microsoft.identity.common.internal.commands.parameters.BrokerInteractiveTokenCommandParameters)1 BrokerSilentTokenCommandParameters (com.microsoft.identity.common.internal.commands.parameters.BrokerSilentTokenCommandParameters)1 InteractiveTokenCommandParameters (com.microsoft.identity.common.internal.commands.parameters.InteractiveTokenCommandParameters)1 TokenCommandParameters (com.microsoft.identity.common.internal.commands.parameters.TokenCommandParameters)1 AccountRecord (com.microsoft.identity.common.internal.dto.AccountRecord)1 OAuth2Strategy (com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy)1 OAuth2StrategyParameters (com.microsoft.identity.common.internal.providers.oauth2.OAuth2StrategyParameters)1 OAuth2TokenCache (com.microsoft.identity.common.internal.providers.oauth2.OAuth2TokenCache)1 AcquireTokenResult (com.microsoft.identity.common.internal.result.AcquireTokenResult)1 LocalAuthenticationResult (com.microsoft.identity.common.internal.result.LocalAuthenticationResult)1 ApiEndEvent (com.microsoft.identity.common.internal.telemetry.events.ApiEndEvent)1 ApiStartEvent (com.microsoft.identity.common.internal.telemetry.events.ApiStartEvent)1