Porting nonce acquisition code from broker

Author: ameyapat

IdentityCore/IdentityCore.xcodeproj/project.pbxproj

@@ -736,6 +736,14 @@
 		728D9E4628245DD7001D990F /* MSIDTestSecureEnclaveKeyPairGenerator.m in Sources */ = {isa = PBXBuildFile; fileRef = 728D9E4528245DD7001D990F /* MSIDTestSecureEnclaveKeyPairGenerator.m */; };
 		728D9E4728245DD7001D990F /* MSIDTestSecureEnclaveKeyPairGenerator.m in Sources */ = {isa = PBXBuildFile; fileRef = 728D9E4528245DD7001D990F /* MSIDTestSecureEnclaveKeyPairGenerator.m */; };
 		728D9E492824A323001D990F /* MSIDPkeyAuthHelperTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 23CA0C5E220A68D400768729 /* MSIDPkeyAuthHelperTests.m */; };
+		729357E82DD810CA0001D03C /* MSIDNonceTokenRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = 729357E72DD810C70001D03C /* MSIDNonceTokenRequest.h */; };
+		729357EA2DD810D00001D03C /* MSIDNonceTokenRequest.m in Sources */ = {isa = PBXBuildFile; fileRef = 729357E92DD810CD0001D03C /* MSIDNonceTokenRequest.m */; };
+		729357EB2DD810D00001D03C /* MSIDNonceTokenRequest.m in Sources */ = {isa = PBXBuildFile; fileRef = 729357E92DD810CD0001D03C /* MSIDNonceTokenRequest.m */; };
+		729357ED2DDBCBA60001D03C /* MSIDNonceTokenRequestMock.h in Headers */ = {isa = PBXBuildFile; fileRef = 729357EC2DDBCB930001D03C /* MSIDNonceTokenRequestMock.h */; };
+		729357EF2DDBCBAE0001D03C /* MSIDNonceTokenRequestMock.m in Sources */ = {isa = PBXBuildFile; fileRef = 729357EE2DDBCBAB0001D03C /* MSIDNonceTokenRequestMock.m */; };
+		729357F02DDBCBAE0001D03C /* MSIDNonceTokenRequestMock.m in Sources */ = {isa = PBXBuildFile; fileRef = 729357EE2DDBCBAB0001D03C /* MSIDNonceTokenRequestMock.m */; };
+		729357F32DDBD3F80001D03C /* MSIDNonceTokenRequestTest.m in Sources */ = {isa = PBXBuildFile; fileRef = 729357F22DDBD3F60001D03C /* MSIDNonceTokenRequestTest.m */; };
+		729357F42DDBD3F80001D03C /* MSIDNonceTokenRequestTest.m in Sources */ = {isa = PBXBuildFile; fileRef = 729357F22DDBD3F60001D03C /* MSIDNonceTokenRequestTest.m */; };
 		740340B92460E5C400DFCF27 /* MSIDCurrentRequestTelemetrySerializedItem.h in Headers */ = {isa = PBXBuildFile; fileRef = 740340B72460E5C400DFCF27 /* MSIDCurrentRequestTelemetrySerializedItem.h */; };
 		740340BA2460E5C400DFCF27 /* MSIDCurrentRequestTelemetrySerializedItem.m in Sources */ = {isa = PBXBuildFile; fileRef = 740340B82460E5C400DFCF27 /* MSIDCurrentRequestTelemetrySerializedItem.m */; };
 		740340BB2460E5C400DFCF27 /* MSIDCurrentRequestTelemetrySerializedItem.m in Sources */ = {isa = PBXBuildFile; fileRef = 740340B82460E5C400DFCF27 /* MSIDCurrentRequestTelemetrySerializedItem.m */; };
@@ -2629,6 +2637,11 @@
 		728209D32702AE9300B5F018 /* MSIDBackgroundTaskManagerTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDBackgroundTaskManagerTests.m; sourceTree = "<group>"; };
 		728D9E4528245DD7001D990F /* MSIDTestSecureEnclaveKeyPairGenerator.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDTestSecureEnclaveKeyPairGenerator.m; sourceTree = "<group>"; };
 		728D9E4828247D4C001D990F /* MSIDTestSecureEnclaveKeyPairGenerator.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDTestSecureEnclaveKeyPairGenerator.h; sourceTree = "<group>"; };
+		729357E72DD810C70001D03C /* MSIDNonceTokenRequest.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDNonceTokenRequest.h; sourceTree = "<group>"; };
+		729357E92DD810CD0001D03C /* MSIDNonceTokenRequest.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDNonceTokenRequest.m; sourceTree = "<group>"; };
+		729357EC2DDBCB930001D03C /* MSIDNonceTokenRequestMock.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDNonceTokenRequestMock.h; sourceTree = "<group>"; };
+		729357EE2DDBCBAB0001D03C /* MSIDNonceTokenRequestMock.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDNonceTokenRequestMock.m; sourceTree = "<group>"; };
+		729357F22DDBD3F60001D03C /* MSIDNonceTokenRequestTest.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDNonceTokenRequestTest.m; sourceTree = "<group>"; };
 		740340B72460E5C400DFCF27 /* MSIDCurrentRequestTelemetrySerializedItem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDCurrentRequestTelemetrySerializedItem.h; sourceTree = "<group>"; };
 		740340B82460E5C400DFCF27 /* MSIDCurrentRequestTelemetrySerializedItem.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDCurrentRequestTelemetrySerializedItem.m; sourceTree = "<group>"; };
 		74043F7C245CC84B00D3E7C1 /* MSIDCurrentRequestTelemetryTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDCurrentRequestTelemetryTests.m; sourceTree = "<group>"; };
@@ -3749,6 +3762,8 @@
 		23642AB32187D88C00F97009 /* mocks */ = {
 			isa = PBXGroup;
 			children = (
+				729357EE2DDBCBAB0001D03C /* MSIDNonceTokenRequestMock.m */,
+				729357EC2DDBCB930001D03C /* MSIDNonceTokenRequestMock.h */,
 				23FB5C32225585E6002BF1EB /* MSIDClaimsRequestMock.h */,
 				23FB5C33225585E6002BF1EB /* MSIDClaimsRequestMock.m */,
 				23642AB52187D88C00F97009 /* MSIDAuthorityMock.h */,
@@ -5056,6 +5071,8 @@
 		B2AF1D29218BCDEF0080C1A0 /* requests */ = {
 			isa = PBXGroup;
 			children = (
+				729357E92DD810CD0001D03C /* MSIDNonceTokenRequest.m */,
+				729357E72DD810C70001D03C /* MSIDNonceTokenRequest.h */,
 				B2C708A0219A55CB00D917B8 /* sdk */,
 				B2C7087F2198DE0000D917B8 /* broker */,
 				B28D90BC218FE9FA00E230D6 /* result */,
@@ -5662,6 +5679,7 @@
 		D6DA89731FBA6A4E004C56C7 /* tests */ = {
 			isa = PBXGroup;
 			children = (
+				729357F22DDBD3F60001D03C /* MSIDNonceTokenRequestTest.m */,
 				A0410E4F25E88B5E004D80FD /* MSIDThrottlingMetaDataTest.m */,
 				A0410E1925E87E1A004D80FD /* MSIDThrottlingModelNonRecoverableServerError.m */,
 				A0410E0725E81C5D004D80FD /* MSIDThrottlingModel429Test.m */,
@@ -6121,6 +6139,7 @@
 				B251CC202040F6C6005E0179 /* MSIDDefaultCredentialCacheKey.h in Headers */,
 				B286B9C02389DE38007833AD /* MSIDPrimaryRefreshToken.h in Headers */,
 				9686480420C7711400EF7E73 /* MSIDAADV1WebviewFactory.h in Headers */,
+				729357E82DD810CA0001D03C /* MSIDNonceTokenRequest.h in Headers */,
 				58BC23BC271F6B9D008A77BE /* MSIDSSOExtensionGetDataBaseRequest.h in Headers */,
 				580E254A271A0236003D1795 /* MSIDBrokerOperationGetSsoCookiesResponse.h in Headers */,
 				B286B9A72389DD2E007833AD /* MSIDAADOAuthEmbeddedWebviewController.h in Headers */,
@@ -6426,6 +6445,7 @@
 				2A366B7B2D9EF78600774DD4 /* MSIDXpcProviderCacheMock.h in Headers */,
 				B4C8501829E79E250055B0D3 /* MSIDTestURLSessionUploadTask.h in Headers */,
 				D626FFF91FBD200A00EE4487 /* MSIDTestURLSession.h in Headers */,
+				729357ED2DDBCBA60001D03C /* MSIDNonceTokenRequestMock.h in Headers */,
 				B2E4A07224DDE56A007CE642 /* MSIDTestCacheAccessorHelper.h in Headers */,
 				B245C2F92106ABDC00CD5A52 /* MSIDTestIdTokenUtil.h in Headers */,
 				1E0B145024CF5ADD00825143 /* MSIDAssymetricKeyPair+Test.h in Headers */,
@@ -7014,6 +7034,7 @@
 				B286B9F12389F866007833AD /* MSIDWebviewFactoryTests.m in Sources */,
 				B252913B2096698100E78695 /* MSIDAADIdTokenClaimsFactoryTests.m in Sources */,
 				B2BE923121A0EFB100F5AB8C /* MSIDDefaultTokenRequestProviderTests.m in Sources */,
+				729357F42DDBD3F80001D03C /* MSIDNonceTokenRequestTest.m in Sources */,
 				23FB5C20225516FB002BF1EB /* MSIDClaimsRequestTests.m in Sources */,
 				656E666129BD81B000368F0A /* MSIDAADEndpointProviderTests.m in Sources */,
 				1E65C47B2177DC8B00694293 /* MSIDAppMetadataCacheKeyTests.m in Sources */,
@@ -7254,6 +7275,7 @@
 				B2C7089421991CED00D917B8 /* MSIDAADV1BrokerResponse.m in Sources */,
 				B229841629A9C2930005F83D /* MSIDExternalSSOContext.m in Sources */,
 				B2C07483246B70F70008D701 /* MSIDAssymetricKeyPair.m in Sources */,
+				729357EB2DD810D00001D03C /* MSIDNonceTokenRequest.m in Sources */,
 				B266903F243706DB00FB0117 /* MSIDBrokerBrowserOperationResponse.m in Sources */,
 				B2AF1D3A218BCF140080C1A0 /* MSIDRequestControllerFactory.m in Sources */,
 				B28BDAC1221F7F230055FFE6 /* MSIDCBAWebAADAuthResponse.m in Sources */,
@@ -7720,6 +7742,7 @@
 				B280800B204CD81400944D89 /* MSIDLegacyCacheKeyTests.m in Sources */,
 				B210F44F1FDDF5D2005A8F76 /* MSIDClientInfoTests.m in Sources */,
 				9668B6F82148796A0039AB0A /* MSIDDataExtensionsTests.m in Sources */,
+				729357F32DDBD3F80001D03C /* MSIDNonceTokenRequestTest.m in Sources */,
 				B2936F7D20ABF9570050C585 /* MSIDLegacyRefreshTokenTests.m in Sources */,
 				B253BD7A20487C8A00D07F31 /* MSIDLegacyTokenCacheIntegrationTests.m in Sources */,
 				B2544EEC21684B2B00B4C108 /* MSIDCacheSchemaValidationTests.m in Sources */,
@@ -7789,6 +7812,7 @@
 				B2BE925421A24B8200F5AB8C /* MSIDTestTokenRequestProvider.m in Sources */,
 				23FB5C3A225588D0002BF1EB /* MSIDClaimsRequestMock.m in Sources */,
 				B217861A23A57EDC00839CE8 /* MSIDAuthorizationControllerMock.m in Sources */,
+				729357EF2DDBCBAE0001D03C /* MSIDNonceTokenRequestMock.m in Sources */,
 				B2BE926921A25F8300F5AB8C /* MSIDTestBrokerResponseHandler.m in Sources */,
 				583BFCB624D908980035B901 /* MSIDTestBundle.m in Sources */,
 				58D1514324A6888D001DD18A /* MSIDHttpRequest+OverrideCacheSave.m in Sources */,
@@ -7846,6 +7870,7 @@
 				B2E4A06E24DDE559007CE642 /* MSIDTestContext.m in Sources */,
 				B245C2FB2106ABDC00CD5A52 /* MSIDTestIdTokenUtil.m in Sources */,
 				B2E4A07124DDE568007CE642 /* MSIDTestCacheAccessorHelper.m in Sources */,
+				729357F02DDBCBAE0001D03C /* MSIDNonceTokenRequestMock.m in Sources */,
 				B233F8BC219CE03F00DC90E3 /* MSIDTestURLResponse+Util.m in Sources */,
 				B2968CA922F67B4C005AFC33 /* MSIDTestLocalInteractiveController.m in Sources */,
 				B2BE923D21A0FD2B00F5AB8C /* MSIDTestSwizzle.m in Sources */,
@@ -8046,6 +8071,7 @@
 				23BDA67A1FCE693800FE14BE /* MSIDKeychainUtil.m in Sources */,
 				23AB37EA235151E5003A6E6C /* ASAuthorizationSingleSignOnProvider+MSIDExtensions.m in Sources */,
 				B2AF1D4B218BD12E0080C1A0 /* MSIDInteractiveRequestParameters.m in Sources */,
+				729357EA2DD810D00001D03C /* MSIDNonceTokenRequest.m in Sources */,
 				B2C707FE2192530E00D917B8 /* MSIDDefaultSilentTokenRequest.m in Sources */,
 				23B5DF77234030B2002C530F /* MSIDRequestParameters+Broker.m in Sources */,
 				23B37D1B20C9ECFB0018722F /* MSIDCache.m in Sources */,

IdentityCore/src/requests/MSIDNonceTokenRequest.h

@@ -0,0 +1,53 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+@class MSIDRequestParameters;
+const static NSUInteger kMSIDNonceLifetimeInSeconds = 180;
+
+@interface MSIDCachedNonce : NSObject
+
+@property (nonatomic, readonly, nonnull) NSString *nonce;
+@property (nonatomic, readonly, nonnull) NSDate *cachedDate;
+
+- (_Nonnull instancetype)init NS_UNAVAILABLE;
++ (_Nonnull instancetype)new NS_UNAVAILABLE;
+- (_Nonnull instancetype)initWithNonce:(nonnull NSString *)nonce;
+
+@end
+
+typedef void (^MSIDNonceRequestCompletion)(NSString * _Nullable resultNonce, NSError * _Nullable error);
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface MSIDNonceTokenRequest : NSObject
+
+@property (nonatomic, readonly, nonnull) MSIDRequestParameters *requestParameters;
+
+- (nullable instancetype)initWithRequestParameters:(nonnull MSIDRequestParameters *)parameters;
+
+- (void)executeRequestWithCompletion:(nonnull MSIDNonceRequestCompletion)completionBlock;
+
+@end
+
+NS_ASSUME_NONNULL_END

IdentityCore/src/requests/MSIDNonceTokenRequest.m

@@ -0,0 +1,207 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+#import "MSIDNonceTokenRequest.h"
+#import "MSIDRequestParameters.h"
+#import "MSIDAuthority.h"
+#import "MSIDOpenIdProviderMetadata.h"
+#import "MSIDAccountIdentifier.h"
+#import "MSIDHttpRequest.h"
+#import "MSIDAADRequestConfigurator.h"
+
+@implementation MSIDNonceTokenRequest
+
+- (nullable instancetype)initWithRequestParameters:(nonnull MSIDRequestParameters *)parameters
+{
+    self = [super init];
+    
+    if (self)
+    {
+        _requestParameters = parameters;
+    }
+    
+    return self;
+}
+
+- (void)executeRequestWithCompletion:(nonnull MSIDNonceRequestCompletion)completionBlock
+{
+    MSIDCachedNonce *cachedNonce = [self.class getCachedNonceForKey:_requestParameters.authority.environment];
+    if (cachedNonce)
+    {
+        completionBlock(cachedNonce.nonce, nil);
+        return;
+    }
+
+    if (_requestParameters.authority.metadata.tokenEndpoint)
+    {
+        [self executeNetworkRequestWithCompletion:completionBlock];
+        return;
+    }
+    
+    [_requestParameters.authority resolveAndValidate:YES
+                                   userPrincipalName:_requestParameters.accountIdentifier.displayableId
+                                             context:_requestParameters
+                                     completionBlock:^(NSURL __unused *openIdConfigurationEndpoint, BOOL __unused validated, NSError *error)
+    {
+        if (error)
+        {
+            completionBlock(nil, error);
+            return;
+        }
+        
+        [self->_requestParameters.authority loadOpenIdMetadataWithContext:self->_requestParameters
+                                                    completionBlock:^(__unused MSIDOpenIdProviderMetadata *metadata, NSError *openIdError)
+         {
+             
+             if (openIdError)
+             {
+                 completionBlock(nil, openIdError);
+                 return;
+             }
+             
+             [self executeNetworkRequestWithCompletion:completionBlock];
+         }];
+    }];
+}
+
+- (void)executeNetworkRequestWithCompletion:(nonnull MSIDNonceRequestCompletion)completionBlock
+{
+    MSIDHttpRequest *nonceRequest = [self configureNonceNetworkRequestForEndpoint:self.requestParameters.tokenEndpoint context:self.requestParameters];
+    [nonceRequest sendWithBlock:^(NSDictionary *response, NSError *error) {
+        
+        if (error)
+        {
+            if (completionBlock) completionBlock(nil, error);
+            return;
+        }
+        
+        if (![response isKindOfClass:[NSDictionary class]])
+        {
+            MSID_LOG_WITH_CTX(MSIDLogLevelError, self.requestParameters, @"Unexpected nonce response received");
+            NSError *nwError = MSIDCreateError(MSIDErrorDomain, MSIDErrorServerInvalidResponse, @"Unexpected nonce response", nil, nil, nil, nil, nil, YES);
+            if (completionBlock) completionBlock(nil, nwError);
+            return;
+        }
+        
+        NSString *nonce = [response msidStringObjectForKey:@"Nonce"];
+        
+        if ([NSString msidIsStringNilOrBlank:nonce])
+        {
+            MSID_LOG_WITH_CTX(MSIDLogLevelError, self.requestParameters, @"Didn't receive valid nonce in response");
+            NSError *nwError = MSIDCreateError(MSIDErrorDomain, MSIDErrorServerInvalidResponse, @"Didn't receive valid nonce in response", nil, nil, nil, nil, nil, YES);
+            if (completionBlock) completionBlock(nil, nwError);
+            return;
+        }
+        
+        [self.class cacheNonceForKey:self.requestParameters.authority.environment nonce:nonce];
+        if (completionBlock)
+        {
+            completionBlock(nonce, nil);
+        }
+    }];
+}
+
+- (MSIDHttpRequest *)configureNonceNetworkRequestForEndpoint:(NSURL *)endpoint context:(id<MSIDRequestContext>)context
+{
+    if (!endpoint)
+    {
+        MSID_LOG_WITH_CTX(MSIDLogLevelError, context, @"No endpoint provided to get nonce from!");
+        NSParameterAssert(endpoint);
+        return nil;
+    }
+    
+    MSIDHttpRequest *request = [[MSIDHttpRequest alloc] init];
+    NSMutableURLRequest *urlRequest = [NSMutableURLRequest new];
+    urlRequest.URL = endpoint;
+    urlRequest.HTTPMethod = @"POST";
+    request.urlRequest = urlRequest;
+    
+    __auto_type requestConfigurator = [MSIDAADRequestConfigurator new];
+    [requestConfigurator configure:request];
+    
+    NSMutableDictionary *parameters = [NSMutableDictionary new];
+    
+    parameters[MSID_OAUTH2_GRANT_TYPE] = @"srv_challenge";
+    [parameters addEntriesFromDictionary:parameters];
+    request.parameters = parameters;
+    request.urlRequest = urlRequest;
+    return request;
+}
+
+
+#pragma mark - Cache
+
++ (MSIDCache *)nonceCache
+{
+    static MSIDCache *k_nonceCache;
+    static dispatch_once_t once_token;
+    dispatch_once(&once_token, ^{
+        k_nonceCache = [MSIDCache new];
+    });
+    
+    return k_nonceCache;
+}
+
++ (nullable MSIDCachedNonce *)getCachedNonceForKey:(NSString *)key
+{
+    MSIDCache *cache = [self.class nonceCache];
+    MSIDCachedNonce *cachedNonce = [cache objectForKey:key];
+    if (cachedNonce)
+    {
+        NSTimeInterval ti = [[NSDate date] timeIntervalSinceDate:cachedNonce.cachedDate];
+        if (ti > 0 && ti < kMSIDNonceLifetimeInSeconds)
+        {
+            return cachedNonce;
+        }
+    }
+    
+    return nil;
+}
+
++ (BOOL)cacheNonceForKey:(NSString *)key nonce:(NSString *)nonce
+{
+    if (!nonce || !key)
+    {
+        return NO;
+    }
+    
+    MSIDCachedNonce *cachedNonce = [[MSIDCachedNonce alloc] initWithNonce:nonce];
+    [self.class.nonceCache setObject:cachedNonce forKey:key];
+    return YES;
+}
+@end
+
+@implementation MSIDCachedNonce
+
+- (instancetype)initWithNonce:(NSString *)nonce
+{
+    self = [super init];
+    if (self)
+    {
+        _nonce = nonce;
+        _cachedDate = [NSDate date];
+    }
+    return self;
+}
+@end