use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.
the class MicrosoftFamilyOAuth2TokenCache method loadByFamilyId.
/**
* Loads the tokens available for the supplied client criteria.
*
* @param clientId The current client's id.
* @param accountRecord The current account.
* @return An ICacheRecord containing the account. If a matching refresh token is available
* it is returned.
*/
public ICacheRecord loadByFamilyId(@Nullable final String clientId, @Nullable final String target, @NonNull final AccountRecord accountRecord, @Nullable final AbstractAuthenticationScheme authenticationScheme) {
final String methodName = ":loadByFamilyId";
final String familyId = "1";
Logger.verbose(TAG + methodName, "ClientId[" + clientId + ", " + familyId + "]");
// The following fields must match when querying for RTs:
// - environment
// - home_account_id
// - credential_type == RT
//
// The following fields do not matter when querying for RTs:
// - clientId doesn't matter (FRT)
// - target doesn't matter (FRT) (but we will inspect it when looking for an AT)
// - realm doesn't matter (MRRT)
RefreshTokenRecord rtToReturn = null;
IdTokenRecord idTokenToReturn = null;
IdTokenRecord v1IdTokenToReturn = null;
AccessTokenRecord atRecordToReturn = null;
final List<Credential> allCredentials = getAccountCredentialCache().getCredentials();
// First, filter down to only the refresh tokens...
for (final Credential credential : allCredentials) {
if (credential instanceof RefreshTokenRecord) {
final RefreshTokenRecord rtRecord = (RefreshTokenRecord) credential;
if (familyId.equals(rtRecord.getFamilyId()) && accountRecord.getEnvironment().equals(rtRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(rtRecord.getHomeAccountId())) {
rtToReturn = rtRecord;
break;
}
}
}
// If there's a matching IdToken, pick that up too...
for (final Credential credential : allCredentials) {
if (credential instanceof IdTokenRecord) {
final IdTokenRecord idTokenRecord = (IdTokenRecord) credential;
if (null != clientId && clientId.equals(idTokenRecord.getClientId()) && accountRecord.getEnvironment().equals(idTokenRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(idTokenRecord.getHomeAccountId()) && accountRecord.getRealm().equals(idTokenRecord.getRealm())) {
if (CredentialType.V1IdToken.name().equalsIgnoreCase(idTokenRecord.getCredentialType())) {
v1IdTokenToReturn = idTokenRecord;
} else {
idTokenToReturn = idTokenRecord;
}
// Do not 'break' as there may still be more IdTokens to inspect
}
}
}
if (null != target && null != authenticationScheme) {
for (final Credential credential : allCredentials) {
if (credential instanceof AccessTokenRecord) {
final AccessTokenRecord atRecord = (AccessTokenRecord) credential;
if (null != clientId && clientId.equals(atRecord.getClientId()) && accountRecord.getEnvironment().equals(atRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(atRecord.getHomeAccountId()) && accountRecord.getRealm().equals(atRecord.getRealm()) && targetsIntersect(target, atRecord.getTarget(), true)) {
if (CredentialType.AccessToken.name().equalsIgnoreCase(atRecord.getCredentialType()) && BearerAuthenticationSchemeInternal.SCHEME_BEARER.equalsIgnoreCase(authenticationScheme.getName())) {
atRecordToReturn = atRecord;
break;
} else if (CredentialType.AccessToken_With_AuthScheme.name().equalsIgnoreCase(atRecord.getCredentialType()) && PopAuthenticationSchemeInternal.SCHEME_POP.equalsIgnoreCase(authenticationScheme.getName())) {
atRecordToReturn = atRecord;
break;
}
}
}
}
}
final CacheRecord.CacheRecordBuilder result = CacheRecord.builder();
result.mAccount(accountRecord);
result.refreshToken(rtToReturn);
result.accessToken(atRecordToReturn);
result.v1IdToken(v1IdTokenToReturn);
result.idToken(idTokenToReturn);
return result.build();
}
use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.
the class MsalCppOAuth2TokenCache method saveCredentials.
/**
* @param accountRecord : AccountRecord associated with the input credentials, can be null.
* @param credentials : list of Credential which can include AccessTokenRecord, IdTokenRecord and RefreshTokenRecord.
* @throws ClientException : If the supplied Account or Credential are null or schema invalid.
*/
public synchronized void saveCredentials(@Nullable final AccountRecord accountRecord, @NonNull final Credential... credentials) throws ClientException {
if (credentials == null || credentials.length == 0) {
throw new ClientException("Credential array passed in is null or empty");
}
RefreshTokenRecord refreshTokenRecord = null;
for (final Credential credential : credentials) {
if (credential instanceof RefreshTokenRecord) {
refreshTokenRecord = (RefreshTokenRecord) credential;
}
if (credential instanceof AccessTokenRecord && !isAccessTokenSchemaCompliant((AccessTokenRecord) credential)) {
throw new ClientException(CREDENTIAL_IS_SCHEMA_NONCOMPLIANT, "AT is missing a required property.");
}
}
if (accountRecord != null && refreshTokenRecord != null) {
// MSAL C++ writes credentials first and then the account.
// For a new account, this will not be true as the accountRecord will be null.
// For existing accounts, we would remove the old refresh token if present.
removeRefreshTokenIfNeeded(accountRecord, refreshTokenRecord);
}
saveCredentialsInternal(credentials);
}
use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.
the class MsalOAuth2TokenCache method save.
@Override
public ICacheRecord save(@NonNull final GenericOAuth2Strategy oAuth2Strategy, @NonNull final GenericAuthorizationRequest request, @NonNull final GenericTokenResponse response) throws ClientException {
// Create the Account
final AccountRecord accountToSave = mAccountCredentialAdapter.createAccount(oAuth2Strategy, request, response);
// Create the AccessToken
final AccessTokenRecord accessTokenToSave = mAccountCredentialAdapter.createAccessToken(oAuth2Strategy, request, response);
// Create the RefreshToken
final RefreshTokenRecord refreshTokenToSave = mAccountCredentialAdapter.createRefreshToken(oAuth2Strategy, request, response);
// Create the IdToken
final IdTokenRecord idTokenToSave = mAccountCredentialAdapter.createIdToken(oAuth2Strategy, request, response);
// Check that everything we're about to save is schema-compliant...
validateCacheArtifacts(accountToSave, accessTokenToSave, refreshTokenToSave, idTokenToSave);
// Save the Account and Credentials...
saveAccounts(accountToSave);
saveCredentialsInternal(accessTokenToSave, refreshTokenToSave, idTokenToSave);
// Remove old refresh tokens (except for the one we just saved) if it's MRRT or FRT
removeAllRefreshTokensExcept(accountToSave, refreshTokenToSave);
final CacheRecord.CacheRecordBuilder result = CacheRecord.builder();
result.account(accountToSave);
result.accessToken(accessTokenToSave);
result.refreshToken(refreshTokenToSave);
setToCacheRecord(result, idTokenToSave);
return result.build();
}
use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.
the class AbstractAccountCredentialCache method getCredentialsFilteredByInternal.
protected List<Credential> getCredentialsFilteredByInternal(@Nullable final String homeAccountId, @Nullable final String environment, @Nullable final CredentialType credentialType, @Nullable final String clientId, @Nullable final String realm, @Nullable final String target, @Nullable final String authScheme, @Nullable final String requestedClaims, @NonNull final List<Credential> allCredentials) {
final boolean mustMatchOnEnvironment = !StringExtensions.isNullOrBlank(environment);
final boolean mustMatchOnHomeAccountId = !StringExtensions.isNullOrBlank(homeAccountId);
final boolean mustMatchOnRealm = !StringExtensions.isNullOrBlank(realm);
final boolean mustMatchOnTarget = !StringExtensions.isNullOrBlank(target);
final boolean mustMatchOnClientId = !StringExtensions.isNullOrBlank(clientId);
final boolean mustMatchOnCredentialType = null != credentialType;
final boolean mustMatchOnAuthScheme = mustMatchOnCredentialType && !StringExtensions.isNullOrBlank(authScheme) && credentialType == CredentialType.AccessToken_With_AuthScheme;
final boolean mustMatchOnRequestedClaims = !StringExtensions.isNullOrBlank(requestedClaims);
Logger.verbose(TAG, "Credential lookup filtered by home_account_id? [" + mustMatchOnHomeAccountId + "]" + NEW_LINE + "Credential lookup filtered by realm? [" + mustMatchOnRealm + "]" + NEW_LINE + "Credential lookup filtered by target? [" + mustMatchOnTarget + "]" + NEW_LINE + "Credential lookup filtered by clientId? [" + mustMatchOnClientId + "]" + NEW_LINE + "Credential lookup filtered by credential type? [" + mustMatchOnCredentialType + "]" + NEW_LINE + "Credential lookup filtered by auth scheme? [" + mustMatchOnAuthScheme + "]" + NEW_LINE + "Credential lookup filtered by requested claims? [" + mustMatchOnRequestedClaims + "]");
final List<Credential> matchingCredentials = new ArrayList<>();
for (final Credential credential : allCredentials) {
boolean matches = true;
if (mustMatchOnHomeAccountId) {
matches = equalsIgnoreCaseTrimBoth(homeAccountId, credential.getHomeAccountId());
}
if (mustMatchOnEnvironment) {
matches = matches && equalsIgnoreCaseTrimBoth(environment, credential.getEnvironment());
}
if (mustMatchOnCredentialType) {
matches = matches && equalsIgnoreCaseTrimBoth(credentialType.name(), credential.getCredentialType());
}
if (mustMatchOnClientId) {
matches = matches && equalsIgnoreCaseTrimBoth(clientId, credential.getClientId());
}
if (mustMatchOnRealm && credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
matches = matches && equalsIgnoreCaseTrimBoth(realm, accessToken.getRealm());
}
if (mustMatchOnRealm && credential instanceof IdTokenRecord) {
final IdTokenRecord idToken = (IdTokenRecord) credential;
matches = matches && equalsIgnoreCaseTrimBoth(realm, idToken.getRealm());
}
if (mustMatchOnTarget) {
if (credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
matches = matches && targetsIntersect(target, accessToken.getTarget(), true);
} else if (credential instanceof RefreshTokenRecord) {
final RefreshTokenRecord refreshToken = (RefreshTokenRecord) credential;
matches = matches && targetsIntersect(target, refreshToken.getTarget(), true);
} else {
Logger.verbose(TAG, "Query specified target-match, but no target to match.");
}
}
if (mustMatchOnAuthScheme && credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
String atType = accessToken.getAccessTokenType();
if (null != atType) {
atType = atType.trim();
}
matches = matches && authScheme.equalsIgnoreCase(atType);
}
if (mustMatchOnRequestedClaims) {
if (credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
matches = matches && equalsIgnoreCaseTrimBoth(requestedClaims, accessToken.getRequestedClaims());
} else {
Logger.verbose(TAG, "Query specified requested_claims-match, but attempted to match with non-AT credential type.");
}
}
if (matches) {
matchingCredentials.add(credential);
}
}
return matchingCredentials;
}
use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.
the class SharedPreferencesAccountCredentialCacheTest method getCredentialsNoClientId.
@Test
public void getCredentialsNoClientId() {
// Save an AccessToken into the cache
final AccessTokenRecord accessToken = new AccessTokenRecord();
accessToken.setCredentialType(CredentialType.AccessToken.name());
accessToken.setHomeAccountId(HOME_ACCOUNT_ID);
accessToken.setRealm(REALM);
accessToken.setEnvironment(ENVIRONMENT);
accessToken.setClientId(CLIENT_ID);
accessToken.setTarget(TARGET);
accessToken.setCachedAt(CACHED_AT);
accessToken.setExpiresOn(EXPIRES_ON);
accessToken.setSecret(SECRET);
mSharedPreferencesAccountCredentialCache.saveCredential(accessToken);
// Save a RefreshToken into the cache
final RefreshTokenRecord refreshToken = new RefreshTokenRecord();
refreshToken.setCredentialType(CredentialType.RefreshToken.name());
refreshToken.setEnvironment(ENVIRONMENT);
refreshToken.setHomeAccountId(HOME_ACCOUNT_ID);
refreshToken.setClientId(CLIENT_ID + "2");
refreshToken.setSecret(SECRET);
refreshToken.setTarget(TARGET);
mSharedPreferencesAccountCredentialCache.saveCredential(refreshToken);
final List<Credential> credentials = mSharedPreferencesAccountCredentialCache.getCredentialsFilteredBy(HOME_ACCOUNT_ID, ENVIRONMENT, null, null, REALM, TARGET, BEARER_AUTHENTICATION_SCHEME.getName());
assertEquals(2, credentials.size());
}
Aggregations