Search in sources :

Example 51 with AccessTokenRecord

use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MsalOAuth2TokenCache method load.

@Override
public ICacheRecord load(@NonNull final String clientId, @Nullable final String target, @NonNull final AccountRecord account, @NonNull final AbstractAuthenticationScheme authScheme) {
    Telemetry.emit(new CacheStartEvent());
    final boolean isMultiResourceCapable = MicrosoftAccount.AUTHORITY_TYPE_V1_V2.equals(account.getAuthorityType());
    // 'Preloading' our credentials to avoid repeated expensive cache hits
    final List<Credential> allCredentials = mAccountCredentialCache.getCredentials();
    // Load the AccessTokens
    final List<Credential> accessTokens = mAccountCredentialCache.getCredentialsFilteredBy(account.getHomeAccountId(), account.getEnvironment(), getAccessTokenCredentialTypeForAuthenticationScheme(authScheme), clientId, account.getRealm(), target, authScheme.getName(), allCredentials);
    // Load the RefreshTokens
    List<Credential> refreshTokens = mAccountCredentialCache.getCredentialsFilteredBy(account.getHomeAccountId(), account.getEnvironment(), CredentialType.RefreshToken, clientId, isMultiResourceCapable ? // wildcard (*)
    null : account.getRealm(), isMultiResourceCapable ? // wildcard (*)
    null : target, // not applicable
    null, allCredentials);
    if (refreshTokens.isEmpty()) {
        // If we didn't find an RT in the cache, this could be a "TSL-seed" or "dual-client stack"
        // scenario
        // 
        // Defining these terms:
        // TSL-seed: another 1P TSL integrated app has put a token into our cache so we can
        // pick it up
        // 
        // Dual-Client stack: two FoCI-enabled app registrations are sharing a single binary
        // and accordingly, can share RTs.
        // Examples for this might be TFL/TFW - which uses multiple client ids to enable
        // different scenarios depending on enterprise vs. consumer usage
        // Unlike the broker, where we check if an app is FoCI prior to making a network call
        // with an arbitrary FoCI RT we find in the cache, if we're in standalone mode and find
        // a FoCI RT in the cache, the current app must also be FoCI (!!!)
        // 
        // Making the assumption that the current client id can use any FoCI RT we find in the
        // cache is strictly contingent that app developers NOT mix FoCI/non-FoCI registrations
        // into same binary. If you do this, you'll get confusing errors that the RT used doesn't
        // match the client app registration. This assumption means we don't need to implement
        // "FoCI probing" and/or track FoCI app meta
        final Credential fallbackFrt = getFamilyRefreshTokenForAccount(account);
        if (null != fallbackFrt) {
            refreshTokens = new ArrayList<>();
            refreshTokens.add(fallbackFrt);
        }
    }
    // Load the IdTokens
    final List<Credential> idTokens = mAccountCredentialCache.getCredentialsFilteredBy(account.getHomeAccountId(), account.getEnvironment(), IdToken, clientId, account.getRealm(), // wildcard (*),
    null, // not applicable
    null, allCredentials);
    // Load the v1 IdTokens
    final List<Credential> v1IdTokens = mAccountCredentialCache.getCredentialsFilteredBy(account.getHomeAccountId(), account.getEnvironment(), CredentialType.V1IdToken, clientId, account.getRealm(), // wildcard (*)
    null, // not applicable
    null, allCredentials);
    final CacheRecord.CacheRecordBuilder result = CacheRecord.builder();
    result.account(account);
    result.accessToken(accessTokens.isEmpty() ? null : (AccessTokenRecord) accessTokens.get(0));
    result.refreshToken(refreshTokens.isEmpty() ? null : (RefreshTokenRecord) refreshTokens.get(0));
    result.idToken(idTokens.isEmpty() ? null : (IdTokenRecord) idTokens.get(0));
    result.v1IdToken(v1IdTokens.isEmpty() ? null : (IdTokenRecord) v1IdTokens.get(0));
    Telemetry.emit(new CacheEndEvent().putCacheRecordStatus(result.build()));
    return result.build();
}
Also used : IdTokenRecord(com.microsoft.identity.common.internal.dto.IdTokenRecord) Credential(com.microsoft.identity.common.internal.dto.Credential) CacheEndEvent(com.microsoft.identity.common.internal.telemetry.events.CacheEndEvent) RefreshTokenRecord(com.microsoft.identity.common.internal.dto.RefreshTokenRecord) AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord) CacheStartEvent(com.microsoft.identity.common.internal.telemetry.events.CacheStartEvent)

Example 52 with AccessTokenRecord

use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MicrosoftStsAccountCredentialAdapter method createAccessToken.

@Override
public AccessTokenRecord createAccessToken(final MicrosoftStsOAuth2Strategy strategy, final MicrosoftStsAuthorizationRequest request, final MicrosoftStsTokenResponse response) {
    try {
        final long cachedAt = getCachedAt();
        final long expiresOn = getExpiresOn(response);
        final ClientInfo clientInfo = new ClientInfo(response.getClientInfo());
        final AccessTokenRecord accessToken = new AccessTokenRecord();
        // Required fields
        accessToken.setCredentialType(getCredentialType(response.getTokenType()));
        accessToken.setHomeAccountId(SchemaUtil.getHomeAccountId(clientInfo));
        accessToken.setRealm(getRealm(strategy, response));
        accessToken.setEnvironment(strategy.getIssuerCacheIdentifierFromTokenEndpoint());
        accessToken.setClientId(request.getClientId());
        accessToken.setTarget(getTarget(request.getScope(), response.getScope()));
        // generated @ client side
        accessToken.setCachedAt(String.valueOf(cachedAt));
        accessToken.setExpiresOn(String.valueOf(expiresOn));
        accessToken.setSecret(response.getAccessToken());
        // Optional fields
        accessToken.setExtendedExpiresOn(getExtendedExpiresOn(response));
        accessToken.setAuthority(strategy.getAuthorityFromTokenEndpoint());
        accessToken.setAccessTokenType(response.getTokenType());
        // Use case insensitive match - ESTS will not capitalize scheme...
        if (SCHEME_POP.equalsIgnoreCase(response.getTokenType())) {
            accessToken.setKid(strategy.getDeviceAtPopThumbprint());
        }
        return accessToken;
    } catch (ServiceException e) {
        // TODO handle this properly
        throw new RuntimeException(e);
    }
}
Also used : ServiceException(com.microsoft.identity.common.exception.ServiceException) ClientInfo(com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.ClientInfo) AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord)

Example 53 with AccessTokenRecord

use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class AccessTokenTest method testShouldRefreshAfterExpiration.

@Test
public void testShouldRefreshAfterExpiration() {
    final AccessTokenRecord accessToken = new AccessTokenRecord();
    accessToken.setRefreshOn(getCurrentTimeStr());
    assertTrue(accessToken.shouldRefresh());
}
Also used : AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord) Test(org.junit.Test)

Example 54 with AccessTokenRecord

use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class AccessTokenTest method testShouldRefreshWhenNoPropertiesAreSet.

@Test
public void testShouldRefreshWhenNoPropertiesAreSet() {
    final AccessTokenRecord accessToken = new AccessTokenRecord();
    assertTrue(accessToken.shouldRefresh());
}
Also used : AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord) Test(org.junit.Test)

Example 55 with AccessTokenRecord

use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class AccessTokenTest method testShouldRefreshWhileStillValid.

@Test
public void testShouldRefreshWhileStillValid() {
    final AccessTokenRecord accessToken = new AccessTokenRecord();
    // 1/1/2050
    accessToken.setRefreshOn("2524608000");
    assertFalse(accessToken.shouldRefresh());
}
Also used : AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord) Test(org.junit.Test)

Aggregations

AccessTokenRecord (com.microsoft.identity.common.internal.dto.AccessTokenRecord)60 Test (org.junit.Test)52 Credential (com.microsoft.identity.common.internal.dto.Credential)29 RefreshTokenRecord (com.microsoft.identity.common.internal.dto.RefreshTokenRecord)29 PrimaryRefreshTokenRecord (com.microsoft.identity.common.internal.dto.PrimaryRefreshTokenRecord)25 AccountRecord (com.microsoft.identity.common.internal.dto.AccountRecord)11 IdTokenRecord (com.microsoft.identity.common.internal.dto.IdTokenRecord)9 JsonElement (com.google.gson.JsonElement)3 JsonPrimitive (com.google.gson.JsonPrimitive)3 HashMap (java.util.HashMap)3 JSONObject (org.json.JSONObject)3 ICacheRecord (com.microsoft.identity.common.internal.cache.ICacheRecord)2 ArrayList (java.util.ArrayList)2 JSONArray (org.json.JSONArray)2 Bundle (android.os.Bundle)1 NonNull (androidx.annotation.NonNull)1 JsonArray (com.google.gson.JsonArray)1 JsonObject (com.google.gson.JsonObject)1 ClientException (com.microsoft.identity.common.exception.ClientException)1 ServiceException (com.microsoft.identity.common.exception.ServiceException)1