@@ -76,10 +76,17 @@ - (BOOL)saveTokensWithConfiguration:(MSIDConfiguration *)configuration
7676{
7777 MSID_LOG_VERBOSE (context, @" (Default accessor) Saving multi resource refresh token" );
7878
79+ // Save access token
7980 BOOL result = [self saveAccessTokenWithConfiguration: configuration response: response context: context error: error];
8081
8182 if (!result) return result;
8283
84+ // Save ID token
85+ result = [self saveIDTokenWithConfiguration: configuration response: response context: context error: error];
86+
87+ if (!result) return result;
88+
89+ // Save SSO state (refresh token and account)
8390 return [self saveSSOStateWithConfiguration: configuration response: response context: context error: error];
8491}
8592
@@ -110,28 +117,11 @@ - (BOOL)saveSSOStateWithConfiguration:(MSIDConfiguration *)configuration
110117
111118 MSID_LOG_VERBOSE (context, @" (Legacy accessor) Saving SSO state" );
112119
113- BOOL result = [self saveIDTokenWithConfiguration: configuration response: response context: context error: error];
114- result &= [self saveRefreshTokenWithConfiguration: configuration response: response context: context error: error];
115- result &= [self saveAccountWithConfiguration: configuration response: response context: context error: error];
120+ BOOL result = [self saveRefreshTokenWithConfiguration: configuration response: response context: context error: error];
116121
117- if (!result)
118- {
119- return NO ;
120- }
122+ if (!result) return NO ;
121123
122- for (id <MSIDCacheAccessor> accessor in _otherAccessors)
123- {
124- if (![accessor saveSSOStateWithConfiguration: configuration
125- response: response
126- context: context
127- error: error])
128- {
129- MSID_LOG_WARN (context, @" Failed to save SSO state in other accessor: %@ " , accessor.class );
130- MSID_LOG_WARN_PII (context, @" Failed to save SSO state in other accessor: %@ , error %@ " , accessor.class , *error);
131- }
132- }
133-
134- return YES ;
124+ return [self saveAccountWithConfiguration: configuration response: response context: context error: error];
135125}
136126
137127- (MSIDRefreshToken *)getRefreshTokenWithAccount : (MSIDAccountIdentifier *)account
@@ -794,51 +784,60 @@ - (MSIDBaseToken *)getRefreshTokenByLegacyUserId:(NSString *)legacyUserId
794784 context : (id <MSIDRequestContext>)context
795785 error : (NSError **)error
796786{
787+ MSID_LOG_VERBOSE (context, @" (Default accessor) Looking for token with authority %@ , clientId %@ " , authority, clientId);
788+ MSID_LOG_VERBOSE_PII (context, @" (Default accessor) Looking for token with authority %@ , clientId %@ , legacy userId %@ " , authority, clientId, legacyUserId);
789+
797790 MSIDTelemetryCacheEvent *event = [MSIDTelemetry startCacheEventWithName: MSID_TELEMETRY_EVENT_TOKEN_CACHE_LOOKUP context: context];
798791
799792 NSArray <NSString *> *aliases = [_factory defaultCacheAliasesForEnvironment: authority.msidHostWithPortIfNecessary];
800793
801- for (NSString *alias in aliases)
794+ NSString *clientIdForQueries = clientId;
795+
796+ if (familyId)
802797 {
803- MSID_LOG_VERBOSE (context, @" (Default accessor) Looking for token with alias %@ , clientId %@ " , alias, clientId);
804- MSID_LOG_VERBOSE_PII (context, @" (Default accessor) Looking for token with alias %@ , clientId %@ , legacy userId %@ " , alias, clientId, legacyUserId);
798+ // If family ID is provided, we don't need to lookup by a specific client ID
799+ clientIdForQueries = nil ;
800+ }
805801
806- MSIDDefaultCredentialCacheQuery *idTokensQuery = [MSIDDefaultCredentialCacheQuery new ];
807- idTokensQuery.environment = alias ;
808- idTokensQuery.clientId = clientId ;
809- idTokensQuery.credentialType = MSIDIDTokenType;
802+ MSIDDefaultCredentialCacheQuery *idTokensQuery = [MSIDDefaultCredentialCacheQuery new ];
803+ idTokensQuery.environmentAliases = aliases ;
804+ idTokensQuery.clientId = clientIdForQueries ;
805+ idTokensQuery.credentialType = MSIDIDTokenType;
810806
811- NSArray <MSIDCredentialCacheItem *> *matchedIdTokens = [_accountCredentialCache getCredentialsWithQuery: idTokensQuery
812- legacyUserId: legacyUserId
813- context: context
814- error: error];
807+ NSArray <MSIDCredentialCacheItem *> *matchedIdTokens = [_accountCredentialCache getCredentialsWithQuery: idTokensQuery
808+ legacyUserId: legacyUserId
809+ context: context
810+ error: error];
815811
816- if ([matchedIdTokens count ])
817- {
818- NSString *homeAccountId = matchedIdTokens[0 ].homeAccountId ;
812+ if ([matchedIdTokens count ])
813+ {
814+ MSIDCredentialCacheItem *matchedIdToken = matchedIdTokens[0 ];
815+ NSString *homeAccountId = matchedIdToken.homeAccountId ;
819816
820- MSIDDefaultCredentialCacheQuery *rtQuery = [MSIDDefaultCredentialCacheQuery new ];
821- rtQuery.homeAccountId = homeAccountId;
822- rtQuery.environment = alias;
823- rtQuery.clientId = clientId;
824- rtQuery.familyId = familyId;
825- rtQuery.credentialType = MSIDRefreshTokenType;
817+ MSID_LOG_VERBOSE (context, @" (Default accessor] Found Match with environment %@ , realm %@ , client %@ " , matchedIdToken.environment , matchedIdToken.realm , matchedIdToken.clientId );
818+ MSID_LOG_VERBOSE_PII (context, @" (Default accessor] Found Match with environment %@ , realm %@ , client %@ , home account ID %@ " , matchedIdToken.environment , matchedIdToken.realm , matchedIdToken.clientId , matchedIdToken.homeAccountId );
826819
827- NSArray <MSIDCredentialCacheItem *> *rtCacheItems = [_accountCredentialCache getCredentialsWithQuery: rtQuery
828- legacyUserId: nil
829- context: context
830- error: error];
820+ MSIDDefaultCredentialCacheQuery *rtQuery = [MSIDDefaultCredentialCacheQuery new ];
821+ rtQuery.homeAccountId = homeAccountId;
822+ rtQuery.environmentAliases = aliases;
823+ rtQuery.clientId = clientIdForQueries;
824+ rtQuery.familyId = familyId;
825+ rtQuery.credentialType = MSIDRefreshTokenType;
831826
832- if ([rtCacheItems count ])
833- {
834- MSID_LOG_VERBOSE (context, @" (Default accessor) Found %lu refresh tokens" , (unsigned long )[rtCacheItems count ]);
835- MSIDCredentialCacheItem *resultItem = rtCacheItems[0 ];
836- MSIDBaseToken *resultToken = [resultItem tokenWithType: MSIDRefreshTokenType];
837- resultToken.storageAuthority = resultToken.authority ;
838- resultToken.authority = authority;
839- [MSIDTelemetry stopCacheEvent: event withItem: resultToken success: YES context: context];
840- return resultToken;
841- }
827+ NSArray <MSIDCredentialCacheItem *> *rtCacheItems = [_accountCredentialCache getCredentialsWithQuery: rtQuery
828+ legacyUserId: nil
829+ context: context
830+ error: error];
831+
832+ if ([rtCacheItems count ])
833+ {
834+ MSID_LOG_VERBOSE (context, @" (Default accessor) Found %lu refresh tokens" , (unsigned long )[rtCacheItems count ]);
835+ MSIDCredentialCacheItem *resultItem = rtCacheItems[0 ];
836+ MSIDBaseToken *resultToken = [resultItem tokenWithType: MSIDRefreshTokenType];
837+ resultToken.storageAuthority = resultToken.authority ;
838+ resultToken.authority = authority;
839+ [MSIDTelemetry stopCacheEvent: event withItem: resultToken success: YES context: context];
840+ return resultToken;
842841 }
843842 }
844843
0 commit comments