Merge pull request #69 from AzureAD/sagonzal/exposeHttp429

Sagonzal/exceptions

Author: sangonzal

src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscovery.java

@@ -66,8 +66,8 @@ private static String getInstanceDiscoveryEndpoint(String host) {
     }
 
     private static void validate(InstanceDiscoveryResponse instanceDiscoveryResponse) {
-        if (StringHelper.isBlank(instanceDiscoveryResponse.getTenantDiscoveryEndpoint())) {
-            throw new AuthenticationException(instanceDiscoveryResponse.getErrorDescription());
+        if (StringHelper.isBlank(instanceDiscoveryResponse.tenantDiscoveryEndpoint())) {
+            throw new MsalServiceException(instanceDiscoveryResponse);
         }
     }
 
@@ -97,8 +97,8 @@ private static void validate(InstanceDiscoveryResponse instanceDiscoveryResponse
     }
 
     private static void cacheInstanceDiscoveryMetadata(String host, InstanceDiscoveryResponse instanceDiscoveryResponse) {
-        if (instanceDiscoveryResponse.getMetadata() != null) {
-            for (InstanceDiscoveryMetadataEntry entry : instanceDiscoveryResponse.getMetadata()) {
+        if (instanceDiscoveryResponse.metadata() != null) {
+            for (InstanceDiscoveryMetadataEntry entry : instanceDiscoveryResponse.metadata()) {
                 for (String alias : entry.aliases) {
                     cache.put(alias, entry);
                 }

src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java

@@ -133,10 +133,14 @@ private AuthorizationGrant getAuthorizationGrantIntegrated(String userName) thro
             updatedGrant = getSAMLAuthorizationGrant(wsTrustResponse);
         }
         else if (userRealmResponse.isAccountManaged()) {
-            throw new AuthenticationException("Password is required for managed user");
+            throw new MsalClientException(
+                    "Password is required for managed user",
+                    AuthenticationErrorCode.PASSWORD_REQUIRED_FOR_MANAGED_USER);
         }
         else{
-            throw new AuthenticationException("Unknown User Type");
+            throw new MsalClientException(
+                    "User Realm request failed",
+                    AuthenticationErrorCode.USER_REALM_DISCOVERY_FAILED);
         }
 
         return updatedGrant;

src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java

@@ -57,15 +57,15 @@ private AuthenticationResult acquireTokenWithDeviceCode(DeviceCode deviceCode,
             }
             try {
                 return acquireTokenByAuthorisationGrantSupplier.execute();
-            } catch (AuthenticationException ex) {
+            } catch (MsalServiceException ex) {
                 if (ex.errorCode().equals(AUTHORIZATION_PENDING)) {
                     TimeUnit.SECONDS.sleep(deviceCode.interval());
                 } else {
                     throw ex;
                 }
             }
         }
-        throw new AuthenticationException("Expired Device code");
+        throw new MsalClientException("Expired Device code", AuthenticationErrorCode.CODE_EXPIRED);
     }
 
     private Long getCurrentSystemTimeInSeconds(){

src/main/java/com/microsoft/aad/msal4j/ApiEvent.java

@@ -75,7 +75,7 @@ public void setIsConfidentialClient(boolean isConfidentialClient){
         this.put(IS_CONFIDENTIAL_CLIENT_KEY, String.valueOf(isConfidentialClient).toLowerCase(Locale.ROOT));
     }
 
-    public void setApiErrorCode(AuthenticationErrorCode apiErrorCode){
-        this.put(API_ERROR_CODE_KEY, apiErrorCode.toString());
+    public void setApiErrorCode(String apiErrorCode){
+        this.put(API_ERROR_CODE_KEY, apiErrorCode);
     }
 }

src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java

@@ -3,20 +3,44 @@
 
 package com.microsoft.aad.msal4j;
 
-public enum AuthenticationErrorCode {
+public class AuthenticationErrorCode {
 
-    UNKNOWN ("unknown"),
-    AUTHORIZATION_PENDING ("authorization_pending"),
-    INTERACTION_REQUIRED ("interaction_required");
+    /**
+     * In the context of device code user has not yet authenticated via browser
+     */
+    public final static String AUTHORIZATION_PENDING = "authorization_pending";
 
-    private String errorCode;
+    /**
+     * In the context of device code, this error happens when the device code has expired before
+     * the user signed-in on another device (this is usually after 15 min)
+     */
+    public final static String CODE_EXPIRED = "code_expired";
 
-    AuthenticationErrorCode(String errorCode){
-        this.errorCode = errorCode;
-    }
+    /**
+     * Standard Oauth2 protocol error code. It indicates that the application needs to expose
+     * the UI to the user so that user does an interactive action in order to get a new token
+     */
+    public final static String INVALID_GRANT = "invalid_grant";
 
-    @Override
-    public String toString(){
-        return errorCode;
-    }
+    /**
+     * WS-Trust Endpoint not found in Metadata document
+     */
+    public final static String WSTRUST_ENDPOINT_NOT_FOUND_IN_METADATA_DOCUMENT = "wstrust_endpoint_not_found";
+
+    /**
+     * Password is required for managed user. Will typically happen when trying to do integrated windows authentication
+     * for managed users
+     */
+    public final static String PASSWORD_REQUIRED_FOR_MANAGED_USER = "password_required_for_managed_user";
+
+    /**
+     * User realm discovery failed
+     */
+    public final static String USER_REALM_DISCOVERY_FAILED = "user_realm_discovery_failed";
+
+    /**
+     * Unknown error occurred
+     */
+    public final static String UNKNOWN = "unknown";
 }
+

src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorMessage.java

@@ -11,7 +11,6 @@
 import java.net.URL;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Set;
 import java.util.concurrent.CompletionException;
 import java.util.function.Supplier;
 
@@ -66,9 +65,11 @@ public IAuthenticationResult get() {
                     }
                 }
             } catch(Exception ex) {
-                if (ex instanceof AuthenticationException) {
-                    apiEvent.setApiErrorCode(((AuthenticationException) ex).errorCode());
+
+                if (ex instanceof MsalServiceException) {
+                    apiEvent.setApiErrorCode(((MsalServiceException) ex).errorCode());
                 }
+
                 clientApplication.log.error(
                         LogHelper.createMessage(
                                 "Execution of " + this.getClass() + " failed.",

src/main/java/com/microsoft/aad/msal4j/AuthenticationException.java

@@ -70,7 +70,7 @@ static AuthorityType detectAuthorityType(URL authorityUrl) {
         final String path = authorityUrl.getPath().substring(1);
         if (StringHelper.isBlank(path)) {
             throw new IllegalArgumentException(
-                    AuthenticationErrorMessage.AUTHORITY_URI_INVALID_PATH);
+                    "authority Uri should have at least one segment in the path (i.e. https://<host>/<path>/...)");
         }
 
         final String firstPath = path.substring(0, path.indexOf("/"));
@@ -88,7 +88,7 @@ static AuthorityType detectAuthorityType(URL authorityUrl) {
     void validateAuthorityUrl() {
         if (!this.canonicalAuthorityUrl.getProtocol().equalsIgnoreCase("https")) {
             throw new IllegalArgumentException(
-                    AuthenticationErrorMessage.AUTHORITY_URI_INSECURE);
+                    "authority should use the 'https' scheme");
         }
 
         if (this.canonicalAuthorityUrl.toString().contains("#")) {