Search in sources :

Example 6 with IdTokenRecord

use of com.microsoft.identity.common.internal.dto.IdTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MicrosoftFamilyOAuth2TokenCache method loadByFamilyId.

/**
 * Loads the tokens available for the supplied client criteria.
 *
 * @param clientId      The current client's id.
 * @param accountRecord The current account.
 * @return An ICacheRecord containing the account. If a matching refresh token is available
 * it is returned.
 */
public ICacheRecord loadByFamilyId(@Nullable final String clientId, @Nullable final String target, @NonNull final AccountRecord accountRecord, @Nullable final AbstractAuthenticationScheme authenticationScheme) {
    final String methodName = ":loadByFamilyId";
    final String familyId = "1";
    Logger.verbose(TAG + methodName, "ClientId[" + clientId + ", " + familyId + "]");
    // The following fields must match when querying for RTs:
    // - environment
    // - home_account_id
    // - credential_type == RT
    // 
    // The following fields do not matter when querying for RTs:
    // - clientId doesn't matter (FRT)
    // - target doesn't matter (FRT) (but we will inspect it when looking for an AT)
    // - realm doesn't matter (MRRT)
    RefreshTokenRecord rtToReturn = null;
    IdTokenRecord idTokenToReturn = null;
    IdTokenRecord v1IdTokenToReturn = null;
    AccessTokenRecord atRecordToReturn = null;
    final List<Credential> allCredentials = getAccountCredentialCache().getCredentials();
    // First, filter down to only the refresh tokens...
    for (final Credential credential : allCredentials) {
        if (credential instanceof RefreshTokenRecord) {
            final RefreshTokenRecord rtRecord = (RefreshTokenRecord) credential;
            if (familyId.equals(rtRecord.getFamilyId()) && accountRecord.getEnvironment().equals(rtRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(rtRecord.getHomeAccountId())) {
                rtToReturn = rtRecord;
                break;
            }
        }
    }
    // If there's a matching IdToken, pick that up too...
    for (final Credential credential : allCredentials) {
        if (credential instanceof IdTokenRecord) {
            final IdTokenRecord idTokenRecord = (IdTokenRecord) credential;
            if (null != clientId && clientId.equals(idTokenRecord.getClientId()) && accountRecord.getEnvironment().equals(idTokenRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(idTokenRecord.getHomeAccountId()) && accountRecord.getRealm().equals(idTokenRecord.getRealm())) {
                if (CredentialType.V1IdToken.name().equalsIgnoreCase(idTokenRecord.getCredentialType())) {
                    v1IdTokenToReturn = idTokenRecord;
                } else {
                    idTokenToReturn = idTokenRecord;
                }
            // Do not 'break' as there may still be more IdTokens to inspect
            }
        }
    }
    if (null != target && null != authenticationScheme) {
        for (final Credential credential : allCredentials) {
            if (credential instanceof AccessTokenRecord) {
                final AccessTokenRecord atRecord = (AccessTokenRecord) credential;
                if (null != clientId && clientId.equals(atRecord.getClientId()) && accountRecord.getEnvironment().equals(atRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(atRecord.getHomeAccountId()) && accountRecord.getRealm().equals(atRecord.getRealm()) && targetsIntersect(target, atRecord.getTarget(), true)) {
                    if (CredentialType.AccessToken.name().equalsIgnoreCase(atRecord.getCredentialType()) && BearerAuthenticationSchemeInternal.SCHEME_BEARER.equalsIgnoreCase(authenticationScheme.getName())) {
                        atRecordToReturn = atRecord;
                        break;
                    } else if (CredentialType.AccessToken_With_AuthScheme.name().equalsIgnoreCase(atRecord.getCredentialType()) && PopAuthenticationSchemeInternal.SCHEME_POP.equalsIgnoreCase(authenticationScheme.getName())) {
                        atRecordToReturn = atRecord;
                        break;
                    }
                }
            }
        }
    }
    final CacheRecord.CacheRecordBuilder result = CacheRecord.builder();
    result.mAccount(accountRecord);
    result.refreshToken(rtToReturn);
    result.accessToken(atRecordToReturn);
    result.v1IdToken(v1IdTokenToReturn);
    result.idToken(idTokenToReturn);
    return result.build();
}
Also used : IdTokenRecord(com.microsoft.identity.common.internal.dto.IdTokenRecord) Credential(com.microsoft.identity.common.internal.dto.Credential) RefreshTokenRecord(com.microsoft.identity.common.internal.dto.RefreshTokenRecord) AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord)

Example 7 with IdTokenRecord

use of com.microsoft.identity.common.internal.dto.IdTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MicrosoftStsAccountCredentialAdapter method asIdToken.

@Override
public IdTokenRecord asIdToken(MicrosoftAccount msAccount, MicrosoftRefreshToken refreshToken) {
    final long cachedAt = getCachedAt();
    IDToken msIdToken = msAccount.getIDToken();
    final IdTokenRecord idToken = new IdTokenRecord();
    // Required fields
    idToken.setHomeAccountId(refreshToken.getHomeAccountId());
    idToken.setEnvironment(refreshToken.getEnvironment());
    idToken.setRealm(msAccount.getRealm());
    idToken.setCredentialType(CredentialType.IdToken.name());
    idToken.setClientId(refreshToken.getClientId());
    idToken.setSecret(msIdToken.getRawIDToken());
    idToken.setCachedAt(String.valueOf(cachedAt));
    // Optional fields
    idToken.setAuthority(SchemaUtil.getAuthority(msIdToken));
    return idToken;
}
Also used : IdTokenRecord(com.microsoft.identity.common.internal.dto.IdTokenRecord) IDToken(com.microsoft.identity.common.internal.providers.oauth2.IDToken)

Example 8 with IdTokenRecord

use of com.microsoft.identity.common.internal.dto.IdTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MsalOAuth2TokenCache method save.

@Override
public ICacheRecord save(@NonNull final GenericOAuth2Strategy oAuth2Strategy, @NonNull final GenericAuthorizationRequest request, @NonNull final GenericTokenResponse response) throws ClientException {
    // Create the Account
    final AccountRecord accountToSave = mAccountCredentialAdapter.createAccount(oAuth2Strategy, request, response);
    // Create the AccessToken
    final AccessTokenRecord accessTokenToSave = mAccountCredentialAdapter.createAccessToken(oAuth2Strategy, request, response);
    // Create the RefreshToken
    final RefreshTokenRecord refreshTokenToSave = mAccountCredentialAdapter.createRefreshToken(oAuth2Strategy, request, response);
    // Create the IdToken
    final IdTokenRecord idTokenToSave = mAccountCredentialAdapter.createIdToken(oAuth2Strategy, request, response);
    // Check that everything we're about to save is schema-compliant...
    validateCacheArtifacts(accountToSave, accessTokenToSave, refreshTokenToSave, idTokenToSave);
    // Save the Account and Credentials...
    saveAccounts(accountToSave);
    saveCredentialsInternal(accessTokenToSave, refreshTokenToSave, idTokenToSave);
    // Remove old refresh tokens (except for the one we just saved) if it's MRRT or FRT
    removeAllRefreshTokensExcept(accountToSave, refreshTokenToSave);
    final CacheRecord.CacheRecordBuilder result = CacheRecord.builder();
    result.account(accountToSave);
    result.accessToken(accessTokenToSave);
    result.refreshToken(refreshTokenToSave);
    setToCacheRecord(result, idTokenToSave);
    return result.build();
}
Also used : IdTokenRecord(com.microsoft.identity.common.internal.dto.IdTokenRecord) AccountRecord(com.microsoft.identity.common.internal.dto.AccountRecord) RefreshTokenRecord(com.microsoft.identity.common.internal.dto.RefreshTokenRecord) AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord)

Example 9 with IdTokenRecord

use of com.microsoft.identity.common.internal.dto.IdTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class AbstractAccountCredentialCache method getCredentialsFilteredByInternal.

protected List<Credential> getCredentialsFilteredByInternal(@Nullable final String homeAccountId, @Nullable final String environment, @Nullable final CredentialType credentialType, @Nullable final String clientId, @Nullable final String realm, @Nullable final String target, @Nullable final String authScheme, @Nullable final String requestedClaims, @NonNull final List<Credential> allCredentials) {
    final boolean mustMatchOnEnvironment = !StringExtensions.isNullOrBlank(environment);
    final boolean mustMatchOnHomeAccountId = !StringExtensions.isNullOrBlank(homeAccountId);
    final boolean mustMatchOnRealm = !StringExtensions.isNullOrBlank(realm);
    final boolean mustMatchOnTarget = !StringExtensions.isNullOrBlank(target);
    final boolean mustMatchOnClientId = !StringExtensions.isNullOrBlank(clientId);
    final boolean mustMatchOnCredentialType = null != credentialType;
    final boolean mustMatchOnAuthScheme = mustMatchOnCredentialType && !StringExtensions.isNullOrBlank(authScheme) && credentialType == CredentialType.AccessToken_With_AuthScheme;
    final boolean mustMatchOnRequestedClaims = !StringExtensions.isNullOrBlank(requestedClaims);
    Logger.verbose(TAG, "Credential lookup filtered by home_account_id? [" + mustMatchOnHomeAccountId + "]" + NEW_LINE + "Credential lookup filtered by realm? [" + mustMatchOnRealm + "]" + NEW_LINE + "Credential lookup filtered by target? [" + mustMatchOnTarget + "]" + NEW_LINE + "Credential lookup filtered by clientId? [" + mustMatchOnClientId + "]" + NEW_LINE + "Credential lookup filtered by credential type? [" + mustMatchOnCredentialType + "]" + NEW_LINE + "Credential lookup filtered by auth scheme? [" + mustMatchOnAuthScheme + "]" + NEW_LINE + "Credential lookup filtered by requested claims? [" + mustMatchOnRequestedClaims + "]");
    final List<Credential> matchingCredentials = new ArrayList<>();
    for (final Credential credential : allCredentials) {
        boolean matches = true;
        if (mustMatchOnHomeAccountId) {
            matches = equalsIgnoreCaseTrimBoth(homeAccountId, credential.getHomeAccountId());
        }
        if (mustMatchOnEnvironment) {
            matches = matches && equalsIgnoreCaseTrimBoth(environment, credential.getEnvironment());
        }
        if (mustMatchOnCredentialType) {
            matches = matches && equalsIgnoreCaseTrimBoth(credentialType.name(), credential.getCredentialType());
        }
        if (mustMatchOnClientId) {
            matches = matches && equalsIgnoreCaseTrimBoth(clientId, credential.getClientId());
        }
        if (mustMatchOnRealm && credential instanceof AccessTokenRecord) {
            final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
            matches = matches && equalsIgnoreCaseTrimBoth(realm, accessToken.getRealm());
        }
        if (mustMatchOnRealm && credential instanceof IdTokenRecord) {
            final IdTokenRecord idToken = (IdTokenRecord) credential;
            matches = matches && equalsIgnoreCaseTrimBoth(realm, idToken.getRealm());
        }
        if (mustMatchOnTarget) {
            if (credential instanceof AccessTokenRecord) {
                final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
                matches = matches && targetsIntersect(target, accessToken.getTarget(), true);
            } else if (credential instanceof RefreshTokenRecord) {
                final RefreshTokenRecord refreshToken = (RefreshTokenRecord) credential;
                matches = matches && targetsIntersect(target, refreshToken.getTarget(), true);
            } else {
                Logger.verbose(TAG, "Query specified target-match, but no target to match.");
            }
        }
        if (mustMatchOnAuthScheme && credential instanceof AccessTokenRecord) {
            final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
            String atType = accessToken.getAccessTokenType();
            if (null != atType) {
                atType = atType.trim();
            }
            matches = matches && authScheme.equalsIgnoreCase(atType);
        }
        if (mustMatchOnRequestedClaims) {
            if (credential instanceof AccessTokenRecord) {
                final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
                matches = matches && equalsIgnoreCaseTrimBoth(requestedClaims, accessToken.getRequestedClaims());
            } else {
                Logger.verbose(TAG, "Query specified requested_claims-match, but attempted to match with non-AT credential type.");
            }
        }
        if (matches) {
            matchingCredentials.add(credential);
        }
    }
    return matchingCredentials;
}
Also used : IdTokenRecord(com.microsoft.identity.common.internal.dto.IdTokenRecord) Credential(com.microsoft.identity.common.internal.dto.Credential) ArrayList(java.util.ArrayList) PrimaryRefreshTokenRecord(com.microsoft.identity.common.internal.dto.PrimaryRefreshTokenRecord) RefreshTokenRecord(com.microsoft.identity.common.internal.dto.RefreshTokenRecord) AccessTokenRecord(com.microsoft.identity.common.internal.dto.AccessTokenRecord)

Example 10 with IdTokenRecord

use of com.microsoft.identity.common.internal.dto.IdTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class SharedPreferencesAccountCredentialCacheTest method noValueForCacheKeyIdToken.

@Test
public void noValueForCacheKeyIdToken() {
    assertEquals(0, mSharedPreferencesAccountCredentialCache.getCredentials().size());
    final IdTokenRecord idToken = (IdTokenRecord) mSharedPreferencesAccountCredentialCache.getCredential(CACHE_VALUE_SEPARATOR + CredentialType.IdToken.name().toLowerCase() + CACHE_VALUE_SEPARATOR);
    assertNull(idToken);
}
Also used : IdTokenRecord(com.microsoft.identity.common.internal.dto.IdTokenRecord) Test(org.junit.Test)

Aggregations

IdTokenRecord (com.microsoft.identity.common.internal.dto.IdTokenRecord)31 Test (org.junit.Test)17 AccountRecord (com.microsoft.identity.common.internal.dto.AccountRecord)10 AccessTokenRecord (com.microsoft.identity.common.internal.dto.AccessTokenRecord)9 RefreshTokenRecord (com.microsoft.identity.common.internal.dto.RefreshTokenRecord)9 Credential (com.microsoft.identity.common.internal.dto.Credential)7 PrimaryRefreshTokenRecord (com.microsoft.identity.common.internal.dto.PrimaryRefreshTokenRecord)4 ArrayList (java.util.ArrayList)4 JsonElement (com.google.gson.JsonElement)3 JsonPrimitive (com.google.gson.JsonPrimitive)3 ICacheRecord (com.microsoft.identity.common.internal.cache.ICacheRecord)3 HashMap (java.util.HashMap)3 JSONObject (org.json.JSONObject)3 ClientInfo (com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.ClientInfo)2 JSONArray (org.json.JSONArray)2 Nullable (androidx.annotation.Nullable)1 JsonArray (com.google.gson.JsonArray)1 JsonObject (com.google.gson.JsonObject)1 StorageHelper (com.microsoft.identity.common.adal.internal.cache.StorageHelper)1 ServiceException (com.microsoft.identity.common.exception.ServiceException)1