use of com.microsoft.identity.common.internal.dto.IdTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.
the class MicrosoftFamilyOAuth2TokenCache method loadByFamilyId.
/**
* Loads the tokens available for the supplied client criteria.
*
* @param clientId The current client's id.
* @param accountRecord The current account.
* @return An ICacheRecord containing the account. If a matching refresh token is available
* it is returned.
*/
public ICacheRecord loadByFamilyId(@Nullable final String clientId, @Nullable final String target, @NonNull final AccountRecord accountRecord, @Nullable final AbstractAuthenticationScheme authenticationScheme) {
final String methodName = ":loadByFamilyId";
final String familyId = "1";
Logger.verbose(TAG + methodName, "ClientId[" + clientId + ", " + familyId + "]");
// The following fields must match when querying for RTs:
// - environment
// - home_account_id
// - credential_type == RT
//
// The following fields do not matter when querying for RTs:
// - clientId doesn't matter (FRT)
// - target doesn't matter (FRT) (but we will inspect it when looking for an AT)
// - realm doesn't matter (MRRT)
RefreshTokenRecord rtToReturn = null;
IdTokenRecord idTokenToReturn = null;
IdTokenRecord v1IdTokenToReturn = null;
AccessTokenRecord atRecordToReturn = null;
final List<Credential> allCredentials = getAccountCredentialCache().getCredentials();
// First, filter down to only the refresh tokens...
for (final Credential credential : allCredentials) {
if (credential instanceof RefreshTokenRecord) {
final RefreshTokenRecord rtRecord = (RefreshTokenRecord) credential;
if (familyId.equals(rtRecord.getFamilyId()) && accountRecord.getEnvironment().equals(rtRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(rtRecord.getHomeAccountId())) {
rtToReturn = rtRecord;
break;
}
}
}
// If there's a matching IdToken, pick that up too...
for (final Credential credential : allCredentials) {
if (credential instanceof IdTokenRecord) {
final IdTokenRecord idTokenRecord = (IdTokenRecord) credential;
if (null != clientId && clientId.equals(idTokenRecord.getClientId()) && accountRecord.getEnvironment().equals(idTokenRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(idTokenRecord.getHomeAccountId()) && accountRecord.getRealm().equals(idTokenRecord.getRealm())) {
if (CredentialType.V1IdToken.name().equalsIgnoreCase(idTokenRecord.getCredentialType())) {
v1IdTokenToReturn = idTokenRecord;
} else {
idTokenToReturn = idTokenRecord;
}
// Do not 'break' as there may still be more IdTokens to inspect
}
}
}
if (null != target && null != authenticationScheme) {
for (final Credential credential : allCredentials) {
if (credential instanceof AccessTokenRecord) {
final AccessTokenRecord atRecord = (AccessTokenRecord) credential;
if (null != clientId && clientId.equals(atRecord.getClientId()) && accountRecord.getEnvironment().equals(atRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(atRecord.getHomeAccountId()) && accountRecord.getRealm().equals(atRecord.getRealm()) && targetsIntersect(target, atRecord.getTarget(), true)) {
if (CredentialType.AccessToken.name().equalsIgnoreCase(atRecord.getCredentialType()) && BearerAuthenticationSchemeInternal.SCHEME_BEARER.equalsIgnoreCase(authenticationScheme.getName())) {
atRecordToReturn = atRecord;
break;
} else if (CredentialType.AccessToken_With_AuthScheme.name().equalsIgnoreCase(atRecord.getCredentialType()) && PopAuthenticationSchemeInternal.SCHEME_POP.equalsIgnoreCase(authenticationScheme.getName())) {
atRecordToReturn = atRecord;
break;
}
}
}
}
}
final CacheRecord.CacheRecordBuilder result = CacheRecord.builder();
result.mAccount(accountRecord);
result.refreshToken(rtToReturn);
result.accessToken(atRecordToReturn);
result.v1IdToken(v1IdTokenToReturn);
result.idToken(idTokenToReturn);
return result.build();
}
use of com.microsoft.identity.common.internal.dto.IdTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.
the class MicrosoftStsAccountCredentialAdapter method asIdToken.
@Override
public IdTokenRecord asIdToken(MicrosoftAccount msAccount, MicrosoftRefreshToken refreshToken) {
final long cachedAt = getCachedAt();
IDToken msIdToken = msAccount.getIDToken();
final IdTokenRecord idToken = new IdTokenRecord();
// Required fields
idToken.setHomeAccountId(refreshToken.getHomeAccountId());
idToken.setEnvironment(refreshToken.getEnvironment());
idToken.setRealm(msAccount.getRealm());
idToken.setCredentialType(CredentialType.IdToken.name());
idToken.setClientId(refreshToken.getClientId());
idToken.setSecret(msIdToken.getRawIDToken());
idToken.setCachedAt(String.valueOf(cachedAt));
// Optional fields
idToken.setAuthority(SchemaUtil.getAuthority(msIdToken));
return idToken;
}
use of com.microsoft.identity.common.internal.dto.IdTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.
the class MsalOAuth2TokenCache method save.
@Override
public ICacheRecord save(@NonNull final GenericOAuth2Strategy oAuth2Strategy, @NonNull final GenericAuthorizationRequest request, @NonNull final GenericTokenResponse response) throws ClientException {
// Create the Account
final AccountRecord accountToSave = mAccountCredentialAdapter.createAccount(oAuth2Strategy, request, response);
// Create the AccessToken
final AccessTokenRecord accessTokenToSave = mAccountCredentialAdapter.createAccessToken(oAuth2Strategy, request, response);
// Create the RefreshToken
final RefreshTokenRecord refreshTokenToSave = mAccountCredentialAdapter.createRefreshToken(oAuth2Strategy, request, response);
// Create the IdToken
final IdTokenRecord idTokenToSave = mAccountCredentialAdapter.createIdToken(oAuth2Strategy, request, response);
// Check that everything we're about to save is schema-compliant...
validateCacheArtifacts(accountToSave, accessTokenToSave, refreshTokenToSave, idTokenToSave);
// Save the Account and Credentials...
saveAccounts(accountToSave);
saveCredentialsInternal(accessTokenToSave, refreshTokenToSave, idTokenToSave);
// Remove old refresh tokens (except for the one we just saved) if it's MRRT or FRT
removeAllRefreshTokensExcept(accountToSave, refreshTokenToSave);
final CacheRecord.CacheRecordBuilder result = CacheRecord.builder();
result.account(accountToSave);
result.accessToken(accessTokenToSave);
result.refreshToken(refreshTokenToSave);
setToCacheRecord(result, idTokenToSave);
return result.build();
}
use of com.microsoft.identity.common.internal.dto.IdTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.
the class AbstractAccountCredentialCache method getCredentialsFilteredByInternal.
protected List<Credential> getCredentialsFilteredByInternal(@Nullable final String homeAccountId, @Nullable final String environment, @Nullable final CredentialType credentialType, @Nullable final String clientId, @Nullable final String realm, @Nullable final String target, @Nullable final String authScheme, @Nullable final String requestedClaims, @NonNull final List<Credential> allCredentials) {
final boolean mustMatchOnEnvironment = !StringExtensions.isNullOrBlank(environment);
final boolean mustMatchOnHomeAccountId = !StringExtensions.isNullOrBlank(homeAccountId);
final boolean mustMatchOnRealm = !StringExtensions.isNullOrBlank(realm);
final boolean mustMatchOnTarget = !StringExtensions.isNullOrBlank(target);
final boolean mustMatchOnClientId = !StringExtensions.isNullOrBlank(clientId);
final boolean mustMatchOnCredentialType = null != credentialType;
final boolean mustMatchOnAuthScheme = mustMatchOnCredentialType && !StringExtensions.isNullOrBlank(authScheme) && credentialType == CredentialType.AccessToken_With_AuthScheme;
final boolean mustMatchOnRequestedClaims = !StringExtensions.isNullOrBlank(requestedClaims);
Logger.verbose(TAG, "Credential lookup filtered by home_account_id? [" + mustMatchOnHomeAccountId + "]" + NEW_LINE + "Credential lookup filtered by realm? [" + mustMatchOnRealm + "]" + NEW_LINE + "Credential lookup filtered by target? [" + mustMatchOnTarget + "]" + NEW_LINE + "Credential lookup filtered by clientId? [" + mustMatchOnClientId + "]" + NEW_LINE + "Credential lookup filtered by credential type? [" + mustMatchOnCredentialType + "]" + NEW_LINE + "Credential lookup filtered by auth scheme? [" + mustMatchOnAuthScheme + "]" + NEW_LINE + "Credential lookup filtered by requested claims? [" + mustMatchOnRequestedClaims + "]");
final List<Credential> matchingCredentials = new ArrayList<>();
for (final Credential credential : allCredentials) {
boolean matches = true;
if (mustMatchOnHomeAccountId) {
matches = equalsIgnoreCaseTrimBoth(homeAccountId, credential.getHomeAccountId());
}
if (mustMatchOnEnvironment) {
matches = matches && equalsIgnoreCaseTrimBoth(environment, credential.getEnvironment());
}
if (mustMatchOnCredentialType) {
matches = matches && equalsIgnoreCaseTrimBoth(credentialType.name(), credential.getCredentialType());
}
if (mustMatchOnClientId) {
matches = matches && equalsIgnoreCaseTrimBoth(clientId, credential.getClientId());
}
if (mustMatchOnRealm && credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
matches = matches && equalsIgnoreCaseTrimBoth(realm, accessToken.getRealm());
}
if (mustMatchOnRealm && credential instanceof IdTokenRecord) {
final IdTokenRecord idToken = (IdTokenRecord) credential;
matches = matches && equalsIgnoreCaseTrimBoth(realm, idToken.getRealm());
}
if (mustMatchOnTarget) {
if (credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
matches = matches && targetsIntersect(target, accessToken.getTarget(), true);
} else if (credential instanceof RefreshTokenRecord) {
final RefreshTokenRecord refreshToken = (RefreshTokenRecord) credential;
matches = matches && targetsIntersect(target, refreshToken.getTarget(), true);
} else {
Logger.verbose(TAG, "Query specified target-match, but no target to match.");
}
}
if (mustMatchOnAuthScheme && credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
String atType = accessToken.getAccessTokenType();
if (null != atType) {
atType = atType.trim();
}
matches = matches && authScheme.equalsIgnoreCase(atType);
}
if (mustMatchOnRequestedClaims) {
if (credential instanceof AccessTokenRecord) {
final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
matches = matches && equalsIgnoreCaseTrimBoth(requestedClaims, accessToken.getRequestedClaims());
} else {
Logger.verbose(TAG, "Query specified requested_claims-match, but attempted to match with non-AT credential type.");
}
}
if (matches) {
matchingCredentials.add(credential);
}
}
return matchingCredentials;
}
use of com.microsoft.identity.common.internal.dto.IdTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.
the class SharedPreferencesAccountCredentialCacheTest method noValueForCacheKeyIdToken.
@Test
public void noValueForCacheKeyIdToken() {
assertEquals(0, mSharedPreferencesAccountCredentialCache.getCredentials().size());
final IdTokenRecord idToken = (IdTokenRecord) mSharedPreferencesAccountCredentialCache.getCredential(CACHE_VALUE_SEPARATOR + CredentialType.IdToken.name().toLowerCase() + CACHE_VALUE_SEPARATOR);
assertNull(idToken);
}
Aggregations