1.6.2 release (#269)

* 1.6.2 release

Author: SomkaPe

README.md

@@ -16,7 +16,7 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.6.1
+Current version - 1.6.2
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
 
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.6.1</version>
+    <version>1.6.2</version>
 </dependency>
 ```
 ### Gradle
 
 ```
-compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.6.1'
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.6.2'
 ```
 
 ## Usage

changelog.txt

@@ -1,3 +1,10 @@
+Version 1.6.2
+=============
+- Fix for "NullPointerException during accessing B2C authority aliases"
+- Adding extraScopesToConsent parameter to AuthorizationRequestUrlParameters builder.
+  Can be used to request the end user to consent upfront,
+  in addition to scopes which the application is requesting access to.
+
 Version 1.6.1
 =============
 - Compatibility with json-smart [1.3.1 - 2.3]

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.microsoft.azure</groupId>
 	<artifactId>msal4j</artifactId>
-	<version>1.6.1</version>
+	<version>1.6.2</version>
 	<packaging>jar</packaging>
 	<name>msal4j</name>
 	<description>
@@ -55,7 +55,6 @@
             <version>2.10.1</version>
         </dependency>
 
-
         <!-- test dependencies -->
         <dependency>
             <groupId>org.apache.commons</groupId>

src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java

@@ -46,7 +46,7 @@ public void DeviceCodeFlowADTest(String environment) throws Exception {
         build();
 
         Consumer<DeviceCode> deviceCodeConsumer = (DeviceCode deviceCode) -> {
-            runAutomatedDeviceCodeFlow(deviceCode, user);
+            runAutomatedDeviceCodeFlow(deviceCode, user, environment);
         };
 
         IAuthenticationResult result = pca.acquireToken(DeviceCodeFlowParameters
@@ -70,7 +70,7 @@ public void DeviceCodeFlowADFSv2019Test(String environment) throws Exception {
                 build();
 
         Consumer<DeviceCode> deviceCodeConsumer = (DeviceCode deviceCode) -> {
-            runAutomatedDeviceCodeFlow(deviceCode, user);
+            runAutomatedDeviceCodeFlow(deviceCode, user, environment);
         };
 
         IAuthenticationResult result = pca.acquireToken(DeviceCodeFlowParameters
@@ -83,7 +83,7 @@ public void DeviceCodeFlowADFSv2019Test(String environment) throws Exception {
         Assert.assertFalse(Strings.isNullOrEmpty(result.accessToken()));
     }
 
-    private void runAutomatedDeviceCodeFlow(DeviceCode deviceCode, User user){
+    private void runAutomatedDeviceCodeFlow(DeviceCode deviceCode, User user, String environment){
         boolean isRunningLocally = true;//!Strings.isNullOrEmpty(
                 //System.getenv(TestConstants.LOCAL_FLAG_ENV_VAR));
 
@@ -123,6 +123,15 @@ private void runAutomatedDeviceCodeFlow(DeviceCode deviceCode, User user){
             } else {
                 SeleniumExtensions.performADLogin(seleniumDriver, user);
             }
+
+            if (environment.equals(AzureEnvironment.AZURE) && !isADFS2019) {
+                //Login flow for azurecloud environment has an extra "Stay signed in?" page after authentication
+                continueBtn = SeleniumExtensions.waitForElementToBeVisibleAndEnable(
+                        seleniumDriver,
+                        new By.ById(continueButtonId));
+                continueBtn.click();
+            }
+
         } catch(Exception e){
             if(!isRunningLocally){
                 SeleniumExtensions.takeScreenShot(seleniumDriver);

src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java

@@ -149,6 +149,18 @@ public void acquireTokenWithUsernamePassword_B2C_CustomAuthority() throws Except
         Assert.assertNotNull(result);
         Assert.assertNotNull(result.accessToken());
         Assert.assertNotNull(result.idToken());
+
+        IAccount account = pca.getAccounts().join().iterator().next();
+        SilentParameters.builder(Collections.singleton(TestConstants.B2C_READ_SCOPE), account);
+
+        result = pca.acquireTokenSilently(
+                SilentParameters.builder(Collections.singleton(TestConstants.B2C_READ_SCOPE), account)
+                .build())
+                .get();
+
+        Assert.assertNotNull(result);
+        Assert.assertNotNull(result.accessToken());
+        Assert.assertNotNull(result.idToken());
     }
 
     @Test
@@ -173,5 +185,17 @@ public void acquireTokenWithUsernamePassword_B2C_LoginMicrosoftOnline() throws E
         Assert.assertNotNull(result);
         Assert.assertNotNull(result.accessToken());
         Assert.assertNotNull(result.idToken());
+
+        IAccount account = pca.getAccounts().join().iterator().next();
+        SilentParameters.builder(Collections.singleton(TestConstants.B2C_READ_SCOPE), account);
+
+        result = pca.acquireTokenSilently(
+                SilentParameters.builder(Collections.singleton(TestConstants.B2C_READ_SCOPE), account)
+                        .build())
+                .get();
+
+        Assert.assertNotNull(result);
+        Assert.assertNotNull(result.accessToken());
+        Assert.assertNotNull(result.idToken());
     }
 }

src/main/java/com/microsoft/aad/msal4j/AadInstanceDiscoveryProvider.java

@@ -74,7 +74,7 @@ static AadInstanceDiscoveryResponse parseInstanceDiscoveryMetadata(String instan
     static void cacheInstanceDiscoveryMetadata(String host,
                                                AadInstanceDiscoveryResponse aadInstanceDiscoveryResponse) {
 
-        if (aadInstanceDiscoveryResponse.metadata() != null) {
+        if (aadInstanceDiscoveryResponse != null && aadInstanceDiscoveryResponse.metadata() != null) {
             for (InstanceDiscoveryMetadataEntry entry : aadInstanceDiscoveryResponse.metadata()) {
                 for (String alias: entry.aliases()) {
                     cache.put(alias, entry);
@@ -83,7 +83,9 @@ static void cacheInstanceDiscoveryMetadata(String host,
         }
         cache.putIfAbsent(host, InstanceDiscoveryMetadataEntry.builder().
                 preferredCache(host).
-                preferredNetwork(host).build());
+                preferredNetwork(host).
+                aliases(Collections.singleton(host)).
+                build());
     }
 
     private static String getAuthorizeEndpoint(String host, String tenant) {
@@ -127,11 +129,14 @@ private static void doInstanceDiscoveryAndCache(URL authorityUrl,
                                                     MsalRequest msalRequest,
                                                     ServiceBundle serviceBundle) {
 
-        AadInstanceDiscoveryResponse aadInstanceDiscoveryResponse =
-                sendInstanceDiscoveryRequest(authorityUrl, msalRequest, serviceBundle);
+        AadInstanceDiscoveryResponse aadInstanceDiscoveryResponse = null;
 
-        if (validateAuthority) {
-            validate(aadInstanceDiscoveryResponse);
+        if(msalRequest.application().authenticationAuthority.authorityType.equals(AuthorityType.AAD)) {
+            aadInstanceDiscoveryResponse = sendInstanceDiscoveryRequest(authorityUrl, msalRequest, serviceBundle);
+
+            if (validateAuthority) {
+                validate(aadInstanceDiscoveryResponse);
+            }
         }
 
         cacheInstanceDiscoveryMetadata(authorityUrl.getAuthority(), aadInstanceDiscoveryResponse);

src/main/java/com/microsoft/aad/msal4j/AcquireTokenByDeviceCodeFlowSupplier.java

@@ -58,7 +58,7 @@ private AuthenticationResult acquireTokenWithDeviceCode(DeviceCode deviceCode,
             try {
                 return acquireTokenByAuthorisationGrantSupplier.execute();
             } catch (MsalServiceException ex) {
-                if (ex.errorCode().equals(AUTHORIZATION_PENDING)) {
+                if (ex.errorCode() != null && ex.errorCode().equals(AUTHORIZATION_PENDING)) {
                     TimeUnit.SECONDS.sleep(deviceCode.interval());
                 } else {
                     throw ex;

src/main/java/com/microsoft/aad/msal4j/AuthenticationResultSupplier.java

@@ -71,11 +71,11 @@ public IAuthenticationResult get() {
                 String error = StringHelper.EMPTY_STRING;
                 if (ex instanceof MsalException) {
                     MsalException exception = ((MsalException) ex);
-                    if(exception.errorCode() != null){
+                    if (exception.errorCode() != null){
                         apiEvent.setApiErrorCode(exception.errorCode());
                     }
                 } else {
-                    if(ex.getCause() != null){
+                    if (ex.getCause() != null){
                         error = ex.getCause().toString();
                     }
                 }
@@ -136,7 +136,7 @@ private void logException(Exception ex) {
 
          if (ex instanceof MsalClientException) {
              MsalClientException exception = (MsalClientException) ex;
-             if (exception.errorCode().equalsIgnoreCase(AuthenticationErrorCode.CACHE_MISS)) {
+             if (exception.errorCode() != null && exception.errorCode().equalsIgnoreCase(AuthenticationErrorCode.CACHE_MISS)) {
                  clientApplication.log.debug(logMessage, ex);
                  return;
              }

src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java

@@ -10,13 +10,7 @@
 
 import java.net.MalformedURLException;
 import java.net.URL;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeSet;
+import java.util.*;
 
 /**
  * Parameters for {@link AbstractClientApplicationBase#getAuthorizationRequestUrl(AuthorizationRequestUrlParameters)}
@@ -62,9 +56,15 @@ private AuthorizationRequestUrlParameters(Builder builder){
         requestParameters.put("redirect_uri", Collections.singletonList(this.redirectUri));
         this.scopes = builder.scopes;
 
-        Set<String> scopesParam = new TreeSet<>(builder.scopes);
         String[] commonScopes = AbstractMsalAuthorizationGrant.COMMON_SCOPES_PARAM.split(" ");
-        scopesParam.addAll(Arrays.asList(commonScopes));
+
+        Set<String> scopesParam = new LinkedHashSet<>(Arrays.asList(commonScopes));
+
+        scopesParam.addAll(builder.scopes);
+
+        if(builder.extraScopesToConsent != null) {
+            scopesParam.addAll(builder.extraScopesToConsent);
+        }
 
         this.scopes = scopesParam;
         requestParameters.put("scope", Collections.singletonList(String.join(" ", scopesParam)));
@@ -151,6 +151,7 @@ public static class Builder {
 
         private String redirectUri;
         private Set<String> scopes;
+        private Set<String> extraScopesToConsent;
         private Set<String> claims;
         private String claimsChallenge;
         private String codeChallenge;
@@ -188,6 +189,15 @@ public Builder scopes(Set<String> val){
             return self();
         }
 
+        /**
+         * Scopes that you can request the end user to consent upfront,
+         * in addition to scopes which the application is requesting access to.
+         */
+        public Builder extraScopesToConsent(Set<String> val){
+            this.extraScopesToConsent = val;
+            return self();
+        }
+
         /**
          * In cases where Azure AD tenant admin has enabled conditional access policies, and the
          * policy has not been met,{@link MsalServiceException} will contain claims that need be

src/main/java/com/microsoft/aad/msal4j/DefaultHttpClient.java

@@ -15,6 +15,8 @@ class DefaultHttpClient implements IHttpClient {
 
     private final Proxy proxy;
     private final SSLSocketFactory sslSocketFactory;
+    public int DEFAULTCONNECTIONTIMEOUT = 3000;
+    public int DEFAULTREADTIMEOUT = 5000;
 
     DefaultHttpClient(Proxy proxy, SSLSocketFactory sslSocketFactory){
         this.proxy = proxy;
@@ -76,6 +78,9 @@ private HttpsURLConnection openConnection(final URL finalURL)
             connection.setSSLSocketFactory(sslSocketFactory);
         }
 
+        connection.setConnectTimeout(DEFAULTCONNECTIONTIMEOUT);
+        connection.setReadTimeout(DEFAULTREADTIMEOUT);
+
         return connection;
     }