Search in sources :

Example 11 with AccessTokenRecord

use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MicrosoftFamilyOAuth2TokenCache method loadByFamilyId.

/**
 * Loads the tokens available for the supplied client criteria.
 *
 * @param clientId      The current client's id.
 * @param accountRecord The current account.
 * @return An ICacheRecord containing the account. If a matching refresh token is available
 * it is returned.
 */
public ICacheRecord loadByFamilyId(@Nullable final String clientId, @Nullable final String target, @NonNull final AccountRecord accountRecord, @Nullable final AbstractAuthenticationScheme authenticationScheme) {
    final String methodName = ":loadByFamilyId";
    final String familyId = "1";
    Logger.verbose(TAG + methodName, "ClientId[" + clientId + ", " + familyId + "]");
    // The following fields must match when querying for RTs:
    // - environment
    // - home_account_id
    // - credential_type == RT
    // 
    // The following fields do not matter when querying for RTs:
    // - clientId doesn't matter (FRT)
    // - target doesn't matter (FRT) (but we will inspect it when looking for an AT)
    // - realm doesn't matter (MRRT)
    RefreshTokenRecord rtToReturn = null;
    IdTokenRecord idTokenToReturn = null;
    IdTokenRecord v1IdTokenToReturn = null;
    AccessTokenRecord atRecordToReturn = null;
    final List<Credential> allCredentials = getAccountCredentialCache().getCredentials();
    // First, filter down to only the refresh tokens...
    for (final Credential credential : allCredentials) {
        if (credential instanceof RefreshTokenRecord) {
            final RefreshTokenRecord rtRecord = (RefreshTokenRecord) credential;
            if (familyId.equals(rtRecord.getFamilyId()) && accountRecord.getEnvironment().equals(rtRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(rtRecord.getHomeAccountId())) {
                rtToReturn = rtRecord;
                break;
            }
        }
    }
    // If there's a matching IdToken, pick that up too...
    for (final Credential credential : allCredentials) {
        if (credential instanceof IdTokenRecord) {
            final IdTokenRecord idTokenRecord = (IdTokenRecord) credential;
            if (null != clientId && clientId.equals(idTokenRecord.getClientId()) && accountRecord.getEnvironment().equals(idTokenRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(idTokenRecord.getHomeAccountId()) && accountRecord.getRealm().equals(idTokenRecord.getRealm())) {
                if (CredentialType.V1IdToken.name().equalsIgnoreCase(idTokenRecord.getCredentialType())) {
                    v1IdTokenToReturn = idTokenRecord;
                } else {
                    idTokenToReturn = idTokenRecord;
                }
            // Do not 'break' as there may still be more IdTokens to inspect
            }
        }
    }
    if (null != target && null != authenticationScheme) {
        for (final Credential credential : allCredentials) {
            if (credential instanceof AccessTokenRecord) {
                final AccessTokenRecord atRecord = (AccessTokenRecord) credential;
                if (null != clientId && clientId.equals(atRecord.getClientId()) && accountRecord.getEnvironment().equals(atRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(atRecord.getHomeAccountId()) && accountRecord.getRealm().equals(atRecord.getRealm()) && targetsIntersect(target, atRecord.getTarget(), true)) {
                    if (CredentialType.AccessToken.name().equalsIgnoreCase(atRecord.getCredentialType()) && BearerAuthenticationSchemeInternal.SCHEME_BEARER.equalsIgnoreCase(authenticationScheme.getName())) {
                        atRecordToReturn = atRecord;
                        break;
                    } else if (CredentialType.AccessToken_With_AuthScheme.name().equalsIgnoreCase(atRecord.getCredentialType()) && PopAuthenticationSchemeInternal.SCHEME_POP.equalsIgnoreCase(authenticationScheme.getName())) {
                        atRecordToReturn = atRecord;
                        break;
                    }
                }
            }
        }
    }
    final CacheRecord.CacheRecordBuilder result = CacheRecord.builder();
    result.mAccount(accountRecord);
    result.refreshToken(rtToReturn);
    result.accessToken(atRecordToReturn);
    result.v1IdToken(v1IdTokenToReturn);
    result.idToken(idTokenToReturn);
    return result.build();
}
Also used : IdTokenRecord(com.microsoft.identity.common.internal.dto.IdTokenRecord) Credential(com.microsoft.identity.common.internal.dto.Credential) RefreshTokenRecord(com.microsoft.identity.common.internal.dto.RefreshTokenRecord) AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord)

Example 12 with AccessTokenRecord

use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MsalCppOAuth2TokenCache method saveCredentials.

/**
 * @param accountRecord : AccountRecord associated with the input credentials, can be null.
 * @param credentials   : list of Credential which can include AccessTokenRecord, IdTokenRecord and RefreshTokenRecord.
 * @throws ClientException : If the supplied Account or Credential are null or schema invalid.
 */
public synchronized void saveCredentials(@Nullable final AccountRecord accountRecord, @NonNull final Credential... credentials) throws ClientException {
    if (credentials == null || credentials.length == 0) {
        throw new ClientException("Credential array passed in is null or empty");
    }
    RefreshTokenRecord refreshTokenRecord = null;
    for (final Credential credential : credentials) {
        if (credential instanceof RefreshTokenRecord) {
            refreshTokenRecord = (RefreshTokenRecord) credential;
        }
        if (credential instanceof AccessTokenRecord && !isAccessTokenSchemaCompliant((AccessTokenRecord) credential)) {
            throw new ClientException(CREDENTIAL_IS_SCHEMA_NONCOMPLIANT, "AT is missing a required property.");
        }
    }
    if (accountRecord != null && refreshTokenRecord != null) {
        // MSAL C++ writes credentials first and then the account.
        // For a new account, this will not be true as the accountRecord will be null.
        // For existing accounts, we would remove the old refresh token if present.
        removeRefreshTokenIfNeeded(accountRecord, refreshTokenRecord);
    }
    saveCredentialsInternal(credentials);
}
Also used : Credential(com.microsoft.identity.common.internal.dto.Credential) RefreshTokenRecord(com.microsoft.identity.common.internal.dto.RefreshTokenRecord) ClientException(com.microsoft.identity.common.exception.ClientException) AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord)

Example 13 with AccessTokenRecord

use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MsalOAuth2TokenCache method save.

@Override
public ICacheRecord save(@NonNull final GenericOAuth2Strategy oAuth2Strategy, @NonNull final GenericAuthorizationRequest request, @NonNull final GenericTokenResponse response) throws ClientException {
    // Create the Account
    final AccountRecord accountToSave = mAccountCredentialAdapter.createAccount(oAuth2Strategy, request, response);
    // Create the AccessToken
    final AccessTokenRecord accessTokenToSave = mAccountCredentialAdapter.createAccessToken(oAuth2Strategy, request, response);
    // Create the RefreshToken
    final RefreshTokenRecord refreshTokenToSave = mAccountCredentialAdapter.createRefreshToken(oAuth2Strategy, request, response);
    // Create the IdToken
    final IdTokenRecord idTokenToSave = mAccountCredentialAdapter.createIdToken(oAuth2Strategy, request, response);
    // Check that everything we're about to save is schema-compliant...
    validateCacheArtifacts(accountToSave, accessTokenToSave, refreshTokenToSave, idTokenToSave);
    // Save the Account and Credentials...
    saveAccounts(accountToSave);
    saveCredentialsInternal(accessTokenToSave, refreshTokenToSave, idTokenToSave);
    // Remove old refresh tokens (except for the one we just saved) if it's MRRT or FRT
    removeAllRefreshTokensExcept(accountToSave, refreshTokenToSave);
    final CacheRecord.CacheRecordBuilder result = CacheRecord.builder();
    result.account(accountToSave);
    result.accessToken(accessTokenToSave);
    result.refreshToken(refreshTokenToSave);
    setToCacheRecord(result, idTokenToSave);
    return result.build();
}
Also used : IdTokenRecord(com.microsoft.identity.common.internal.dto.IdTokenRecord) AccountRecord(com.microsoft.identity.common.internal.dto.AccountRecord) RefreshTokenRecord(com.microsoft.identity.common.internal.dto.RefreshTokenRecord) AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord)

Example 14 with AccessTokenRecord

use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class AbstractAccountCredentialCache method getCredentialsFilteredByInternal.

protected List<Credential> getCredentialsFilteredByInternal(@Nullable final String homeAccountId, @Nullable final String environment, @Nullable final CredentialType credentialType, @Nullable final String clientId, @Nullable final String realm, @Nullable final String target, @Nullable final String authScheme, @Nullable final String requestedClaims, @NonNull final List<Credential> allCredentials) {
    final boolean mustMatchOnEnvironment = !StringExtensions.isNullOrBlank(environment);
    final boolean mustMatchOnHomeAccountId = !StringExtensions.isNullOrBlank(homeAccountId);
    final boolean mustMatchOnRealm = !StringExtensions.isNullOrBlank(realm);
    final boolean mustMatchOnTarget = !StringExtensions.isNullOrBlank(target);
    final boolean mustMatchOnClientId = !StringExtensions.isNullOrBlank(clientId);
    final boolean mustMatchOnCredentialType = null != credentialType;
    final boolean mustMatchOnAuthScheme = mustMatchOnCredentialType && !StringExtensions.isNullOrBlank(authScheme) && credentialType == CredentialType.AccessToken_With_AuthScheme;
    final boolean mustMatchOnRequestedClaims = !StringExtensions.isNullOrBlank(requestedClaims);
    Logger.verbose(TAG, "Credential lookup filtered by home_account_id? [" + mustMatchOnHomeAccountId + "]" + NEW_LINE + "Credential lookup filtered by realm? [" + mustMatchOnRealm + "]" + NEW_LINE + "Credential lookup filtered by target? [" + mustMatchOnTarget + "]" + NEW_LINE + "Credential lookup filtered by clientId? [" + mustMatchOnClientId + "]" + NEW_LINE + "Credential lookup filtered by credential type? [" + mustMatchOnCredentialType + "]" + NEW_LINE + "Credential lookup filtered by auth scheme? [" + mustMatchOnAuthScheme + "]" + NEW_LINE + "Credential lookup filtered by requested claims? [" + mustMatchOnRequestedClaims + "]");
    final List<Credential> matchingCredentials = new ArrayList<>();
    for (final Credential credential : allCredentials) {
        boolean matches = true;
        if (mustMatchOnHomeAccountId) {
            matches = equalsIgnoreCaseTrimBoth(homeAccountId, credential.getHomeAccountId());
        }
        if (mustMatchOnEnvironment) {
            matches = matches && equalsIgnoreCaseTrimBoth(environment, credential.getEnvironment());
        }
        if (mustMatchOnCredentialType) {
            matches = matches && equalsIgnoreCaseTrimBoth(credentialType.name(), credential.getCredentialType());
        }
        if (mustMatchOnClientId) {
            matches = matches && equalsIgnoreCaseTrimBoth(clientId, credential.getClientId());
        }
        if (mustMatchOnRealm && credential instanceof AccessTokenRecord) {
            final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
            matches = matches && equalsIgnoreCaseTrimBoth(realm, accessToken.getRealm());
        }
        if (mustMatchOnRealm && credential instanceof IdTokenRecord) {
            final IdTokenRecord idToken = (IdTokenRecord) credential;
            matches = matches && equalsIgnoreCaseTrimBoth(realm, idToken.getRealm());
        }
        if (mustMatchOnTarget) {
            if (credential instanceof AccessTokenRecord) {
                final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
                matches = matches && targetsIntersect(target, accessToken.getTarget(), true);
            } else if (credential instanceof RefreshTokenRecord) {
                final RefreshTokenRecord refreshToken = (RefreshTokenRecord) credential;
                matches = matches && targetsIntersect(target, refreshToken.getTarget(), true);
            } else {
                Logger.verbose(TAG, "Query specified target-match, but no target to match.");
            }
        }
        if (mustMatchOnAuthScheme && credential instanceof AccessTokenRecord) {
            final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
            String atType = accessToken.getAccessTokenType();
            if (null != atType) {
                atType = atType.trim();
            }
            matches = matches && authScheme.equalsIgnoreCase(atType);
        }
        if (mustMatchOnRequestedClaims) {
            if (credential instanceof AccessTokenRecord) {
                final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
                matches = matches && equalsIgnoreCaseTrimBoth(requestedClaims, accessToken.getRequestedClaims());
            } else {
                Logger.verbose(TAG, "Query specified requested_claims-match, but attempted to match with non-AT credential type.");
            }
        }
        if (matches) {
            matchingCredentials.add(credential);
        }
    }
    return matchingCredentials;
}
Also used : IdTokenRecord(com.microsoft.identity.common.internal.dto.IdTokenRecord) Credential(com.microsoft.identity.common.internal.dto.Credential) ArrayList(java.util.ArrayList) PrimaryRefreshTokenRecord(com.microsoft.identity.common.internal.dto.PrimaryRefreshTokenRecord) RefreshTokenRecord(com.microsoft.identity.common.internal.dto.RefreshTokenRecord) AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord)

Example 15 with AccessTokenRecord

use of com.microsoft.identity.common.internal.dto.AccessTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class SharedPreferencesAccountCredentialCacheTest method getCredentialsNoClientId.

@Test
public void getCredentialsNoClientId() {
    // Save an AccessToken into the cache
    final AccessTokenRecord accessToken = new AccessTokenRecord();
    accessToken.setCredentialType(CredentialType.AccessToken.name());
    accessToken.setHomeAccountId(HOME_ACCOUNT_ID);
    accessToken.setRealm(REALM);
    accessToken.setEnvironment(ENVIRONMENT);
    accessToken.setClientId(CLIENT_ID);
    accessToken.setTarget(TARGET);
    accessToken.setCachedAt(CACHED_AT);
    accessToken.setExpiresOn(EXPIRES_ON);
    accessToken.setSecret(SECRET);
    mSharedPreferencesAccountCredentialCache.saveCredential(accessToken);
    // Save a RefreshToken into the cache
    final RefreshTokenRecord refreshToken = new RefreshTokenRecord();
    refreshToken.setCredentialType(CredentialType.RefreshToken.name());
    refreshToken.setEnvironment(ENVIRONMENT);
    refreshToken.setHomeAccountId(HOME_ACCOUNT_ID);
    refreshToken.setClientId(CLIENT_ID + "2");
    refreshToken.setSecret(SECRET);
    refreshToken.setTarget(TARGET);
    mSharedPreferencesAccountCredentialCache.saveCredential(refreshToken);
    final List<Credential> credentials = mSharedPreferencesAccountCredentialCache.getCredentialsFilteredBy(HOME_ACCOUNT_ID, ENVIRONMENT, null, null, REALM, TARGET, BEARER_AUTHENTICATION_SCHEME.getName());
    assertEquals(2, credentials.size());
}
Also used : Credential(com.microsoft.identity.common.internal.dto.Credential) PrimaryRefreshTokenRecord(com.microsoft.identity.common.internal.dto.PrimaryRefreshTokenRecord) RefreshTokenRecord(com.microsoft.identity.common.internal.dto.RefreshTokenRecord) AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord) Test(org.junit.Test)

Aggregations

AccessTokenRecord (com.microsoft.identity.common.internal.dto.AccessTokenRecord)60 Test (org.junit.Test)52 Credential (com.microsoft.identity.common.internal.dto.Credential)29 RefreshTokenRecord (com.microsoft.identity.common.internal.dto.RefreshTokenRecord)29 PrimaryRefreshTokenRecord (com.microsoft.identity.common.internal.dto.PrimaryRefreshTokenRecord)25 AccountRecord (com.microsoft.identity.common.internal.dto.AccountRecord)11 IdTokenRecord (com.microsoft.identity.common.internal.dto.IdTokenRecord)9 JsonElement (com.google.gson.JsonElement)3 JsonPrimitive (com.google.gson.JsonPrimitive)3 HashMap (java.util.HashMap)3 JSONObject (org.json.JSONObject)3 ICacheRecord (com.microsoft.identity.common.internal.cache.ICacheRecord)2 ArrayList (java.util.ArrayList)2 JSONArray (org.json.JSONArray)2 Bundle (android.os.Bundle)1 NonNull (androidx.annotation.NonNull)1 JsonArray (com.google.gson.JsonArray)1 JsonObject (com.google.gson.JsonObject)1 ClientException (com.microsoft.identity.common.exception.ClientException)1 ServiceException (com.microsoft.identity.common.exception.ServiceException)1