Examples with RefreshTokenRecord com.microsoft.identity.common.internal.dto.RefreshTokenRecord used on opensource projects

Example 6 with RefreshTokenRecord

use of com.microsoft.identity.common.internal.dto.RefreshTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class CacheKeyValueDelegate method generateCacheKey.

@SuppressWarnings("checkstyle:innerassignment")
@Override
public String generateCacheKey(Credential credential) {
    String cacheKey = HOME_ACCOUNT_ID + CACHE_VALUE_SEPARATOR + ENVIRONMENT + CACHE_VALUE_SEPARATOR + CREDENTIAL_TYPE + CACHE_VALUE_SEPARATOR + CLIENT_ID + CACHE_VALUE_SEPARATOR + REALM + CACHE_VALUE_SEPARATOR + TARGET;
    cacheKey = cacheKey.replace(HOME_ACCOUNT_ID, sanitizeNull(credential.getHomeAccountId()));
    cacheKey = cacheKey.replace(ENVIRONMENT, sanitizeNull(credential.getEnvironment()));
    cacheKey = cacheKey.replace(CREDENTIAL_TYPE, sanitizeNull(credential.getCredentialType()));
    RefreshTokenRecord rt;
    if ((credential instanceof RefreshTokenRecord) && !StringExtensions.isNullOrBlank((rt = (RefreshTokenRecord) credential).getFamilyId())) {
        String familyIdForCacheKey = rt.getFamilyId();
        if (familyIdForCacheKey.startsWith(FOCI_PREFIX)) {
            familyIdForCacheKey = familyIdForCacheKey.replace(FOCI_PREFIX, "");
        }
        cacheKey = cacheKey.replace(CLIENT_ID, familyIdForCacheKey);
    } else {
        cacheKey = cacheKey.replace(CLIENT_ID, sanitizeNull(credential.getClientId()));
    }
    if (credential instanceof AccessTokenRecord) {
        final AccessTokenRecord accessToken = (AccessTokenRecord) credential;
        cacheKey = cacheKey.replace(REALM, sanitizeNull(accessToken.getRealm()));
        cacheKey = cacheKey.replace(TARGET, sanitizeNull(accessToken.getTarget()));
        if (TokenRequest.TokenType.POP.equalsIgnoreCase(accessToken.getAccessTokenType())) {
            cacheKey += CACHE_VALUE_SEPARATOR + AUTH_SCHEME;
            cacheKey = cacheKey.replace(AUTH_SCHEME, sanitizeNull(accessToken.getAccessTokenType()));
        }
        if (!StringExtensions.isNullOrBlank(accessToken.getRequestedClaims())) {
            // The Requested Claims string has no guarantee it doesn't contain a delimiter, so we hash it
            cacheKey += CACHE_VALUE_SEPARATOR + REQUESTED_CLAIMS;
            String reqClaimsHash = String.valueOf(sanitizeNull(accessToken.getRequestedClaims()).hashCode());
            cacheKey = cacheKey.replace(REQUESTED_CLAIMS, sanitizeNull(reqClaimsHash));
        }
    } else if (credential instanceof RefreshTokenRecord) {
        final RefreshTokenRecord refreshToken = (RefreshTokenRecord) credential;
        cacheKey = cacheKey.replace(REALM, "");
        cacheKey = cacheKey.replace(TARGET, sanitizeNull(refreshToken.getTarget()));
    } else if (credential instanceof IdTokenRecord) {
        final IdTokenRecord idToken = (IdTokenRecord) credential;
        cacheKey = cacheKey.replace(REALM, sanitizeNull(idToken.getRealm()));
        cacheKey = cacheKey.replace(TARGET, "");
    } else if (credential instanceof PrimaryRefreshTokenRecord) {
        cacheKey = cacheKey.replace(REALM, "");
        cacheKey = cacheKey.replace(TARGET, "");
    }
    return cacheKey;
}

Example 7 with RefreshTokenRecord

use of com.microsoft.identity.common.internal.dto.RefreshTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MsalOAuth2TokenCache method setSingleSignOnState.

@Override
public void setSingleSignOnState(final GenericAccount account, final GenericRefreshToken refreshToken) throws ClientException {
    Logger.info(TAG + ":setSingleSignOnState", "Set SSO state called.");
    final AccountRecord accountDto = mAccountCredentialAdapter.asAccount(account);
    final RefreshTokenRecord rt = mAccountCredentialAdapter.asRefreshToken(refreshToken);
    final IdTokenRecord idToken = mAccountCredentialAdapter.asIdToken(account, refreshToken);
    validateCacheArtifacts(accountDto, null, rt, idToken);
    saveAccounts(accountDto);
    saveCredentialsInternal(idToken, rt);
    removeAllRefreshTokensExcept(accountDto, rt);
}

Example 8 with RefreshTokenRecord

use of com.microsoft.identity.common.internal.dto.RefreshTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MsalOAuth2TokenCache method getFamilyRefreshTokenForAccount.

/**
 * Load an FRTs from the cache which may be used by this account.
 *
 * @param account The account for which an FRT is sought.
 * @return A matching FRT credential, if exists. May be null.
 */
@Nullable
private RefreshTokenRecord getFamilyRefreshTokenForAccount(@NonNull final AccountRecord account) {
    final String methodName = ":getFamilyRefreshTokensForAccount";
    // Our eventual result - init to null, will assign if valid FRT is found
    RefreshTokenRecord result = null;
    // Look for an arbitrary RT matching the current user.
    // If we find one, check that it is FoCI, if it is, assume it works.
    final List<Credential> fallbackRts = mAccountCredentialCache.getCredentialsFilteredBy(account.getHomeAccountId(), account.getEnvironment(), CredentialType.RefreshToken, // wildcard (*)
    null, // wildcard (*) -- all FRTs are MRRTs by definition
    null, // wildcard (*) -- all FRTs are MRRTs by definition
    null, // not applicable
    null);
    if (!fallbackRts.isEmpty()) {
        Logger.verbose(TAG + methodName, "Inspecting fallback RTs for a FoCI match.");
        // they're either "all FoCI" or none are.
        for (final Credential rt : fallbackRts) {
            if (rt instanceof RefreshTokenRecord) {
                final RefreshTokenRecord refreshTokenRecord = (RefreshTokenRecord) rt;
                final boolean isFamilyRefreshToken = !StringExtensions.isNullOrBlank(refreshTokenRecord.getFamilyId());
                if (isFamilyRefreshToken) {
                    Logger.verbose(TAG + methodName, "Fallback RT found.");
                    result = refreshTokenRecord;
                    break;
                }
            }
        }
    }
    return result;
}

Example 9 with RefreshTokenRecord

use of com.microsoft.identity.common.internal.dto.RefreshTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MicrosoftFamilyOAuth2TokenCache method loadByFamilyId.

/**
 * Loads the tokens available for the supplied client criteria.
 *
 * @param clientId      The current client's id.
 * @param accountRecord The current account.
 * @return An ICacheRecord containing the account. If a matching refresh token is available
 * it is returned.
 */
public ICacheRecord loadByFamilyId(@Nullable final String clientId, @Nullable final String target, @NonNull final AccountRecord accountRecord, @Nullable final AbstractAuthenticationScheme authenticationScheme) {
    final String methodName = ":loadByFamilyId";
    final String familyId = "1";
    Logger.verbose(TAG + methodName, "ClientId[" + clientId + ", " + familyId + "]");
    // The following fields must match when querying for RTs:
    // - environment
    // - home_account_id
    // - credential_type == RT
    // 
    // The following fields do not matter when querying for RTs:
    // - clientId doesn't matter (FRT)
    // - target doesn't matter (FRT) (but we will inspect it when looking for an AT)
    // - realm doesn't matter (MRRT)
    RefreshTokenRecord rtToReturn = null;
    IdTokenRecord idTokenToReturn = null;
    IdTokenRecord v1IdTokenToReturn = null;
    AccessTokenRecord atRecordToReturn = null;
    final List<Credential> allCredentials = getAccountCredentialCache().getCredentials();
    // First, filter down to only the refresh tokens...
    for (final Credential credential : allCredentials) {
        if (credential instanceof RefreshTokenRecord) {
            final RefreshTokenRecord rtRecord = (RefreshTokenRecord) credential;
            if (familyId.equals(rtRecord.getFamilyId()) && accountRecord.getEnvironment().equals(rtRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(rtRecord.getHomeAccountId())) {
                rtToReturn = rtRecord;
                break;
            }
        }
    }
    // If there's a matching IdToken, pick that up too...
    for (final Credential credential : allCredentials) {
        if (credential instanceof IdTokenRecord) {
            final IdTokenRecord idTokenRecord = (IdTokenRecord) credential;
            if (null != clientId && clientId.equals(idTokenRecord.getClientId()) && accountRecord.getEnvironment().equals(idTokenRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(idTokenRecord.getHomeAccountId()) && accountRecord.getRealm().equals(idTokenRecord.getRealm())) {
                if (CredentialType.V1IdToken.name().equalsIgnoreCase(idTokenRecord.getCredentialType())) {
                    v1IdTokenToReturn = idTokenRecord;
                } else {
                    idTokenToReturn = idTokenRecord;
                }
            // Do not 'break' as there may still be more IdTokens to inspect
            }
        }
    }
    if (null != target && null != authenticationScheme) {
        for (final Credential credential : allCredentials) {
            if (credential instanceof AccessTokenRecord) {
                final AccessTokenRecord atRecord = (AccessTokenRecord) credential;
                if (null != clientId && clientId.equals(atRecord.getClientId()) && accountRecord.getEnvironment().equals(atRecord.getEnvironment()) && accountRecord.getHomeAccountId().equals(atRecord.getHomeAccountId()) && accountRecord.getRealm().equals(atRecord.getRealm()) && targetsIntersect(target, atRecord.getTarget(), true)) {
                    if (CredentialType.AccessToken.name().equalsIgnoreCase(atRecord.getCredentialType()) && BearerAuthenticationSchemeInternal.SCHEME_BEARER.equalsIgnoreCase(authenticationScheme.getName())) {
                        atRecordToReturn = atRecord;
                        break;
                    } else if (CredentialType.AccessToken_With_AuthScheme.name().equalsIgnoreCase(atRecord.getCredentialType()) && PopAuthenticationSchemeInternal.SCHEME_POP.equalsIgnoreCase(authenticationScheme.getName())) {
                        atRecordToReturn = atRecord;
                        break;
                    }
                }
            }
        }
    }
    final CacheRecord.CacheRecordBuilder result = CacheRecord.builder();
    result.mAccount(accountRecord);
    result.refreshToken(rtToReturn);
    result.accessToken(atRecordToReturn);
    result.v1IdToken(v1IdTokenToReturn);
    result.idToken(idTokenToReturn);
    return result.build();
}

Example 10 with RefreshTokenRecord

use of com.microsoft.identity.common.internal.dto.RefreshTokenRecord in project microsoft-authentication-library-common-for-android by AzureAD.

the class MicrosoftStsAccountCredentialAdapter method asRefreshToken.

@Override
public RefreshTokenRecord asRefreshToken(@NonNull final MicrosoftRefreshToken refreshTokenIn) {
    final RefreshTokenRecord refreshTokenOut = new RefreshTokenRecord();
    // Required fields
    refreshTokenOut.setHomeAccountId(refreshTokenIn.getHomeAccountId());
    refreshTokenOut.setEnvironment(refreshTokenIn.getEnvironment());
    refreshTokenOut.setCredentialType(CredentialType.RefreshToken.name());
    refreshTokenOut.setClientId(refreshTokenIn.getClientId());
    refreshTokenOut.setSecret(refreshTokenIn.getSecret());
    // Optional fields
    refreshTokenOut.setTarget(refreshTokenIn.getTarget());
    refreshTokenOut.setCachedAt(String.valueOf(TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis())));
    refreshTokenOut.setFamilyId(refreshTokenIn.getFamilyId());
    return refreshTokenOut;
}