Release 1.11.1 (#461)

* Allow empty set for scopes. Remove empty string if included in scopes for silent request

* Trim scopes

* Minor code formatting applied to most files (#417)

* Initial commit

* Remove info flagged by automated build step (#440)

* Remove info flagged by automated build step

* Remove unneeded references and test for old Azure Germany cloud

* Issue #437 fix - Drop validation on subject and issuer values

* Fixed tests

* Created new app to fix failing tests

* Moving tests to an existing file

* Adding copyright line

* Adding comments

* Bump version numbers for 1.11.1 release (#460)

Co-authored-by: Santiago Gonzalez <[email protected]>
Co-authored-by: Santiago Gonzalez <[email protected]>
Co-authored-by: siddhijain <[email protected]>
Co-authored-by: siddhijain <[email protected]>

Author: 4 people

README.md

@@ -16,7 +16,7 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.11.0
+Current version - 1.11.1
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
 
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.11.0</version>
+    <version>1.11.1</version>
 </dependency>
 ```
 ### Gradle
 
 ```
-compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.11.0'
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.11.1'
 ```
 
 ## Usage

changelog.txt

@@ -1,3 +1,8 @@
+Version 1.11.1
+=============
+- Updated Azure Key Vault dependencies to fix error in transitive dependency
+- Fixed issue where client assertion validation fails due to mismatched subject and issuer
+
 Version 1.11.0
 =============
 - Adds ability to override authority in AcquireToken calls

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.microsoft.azure</groupId>
 	<artifactId>msal4j</artifactId>
-	<version>1.11.0</version>
+	<version>1.11.1</version>
 	<packaging>jar</packaging>
 	<name>msal4j</name>
 	<description>
@@ -99,11 +99,16 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>com.microsoft.azure</groupId>
-            <artifactId>azure-keyvault</artifactId>
-            <version>1.2.1</version>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-identity</artifactId>
+            <version>1.4.2</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.azure</groupId>
+            <artifactId>azure-security-keyvault-secrets</artifactId>
+            <version>4.3.5</version>
+        </dependency>
         <dependency>
             <groupId>org.seleniumhq.selenium</groupId>
             <artifactId>selenium-java</artifactId>

src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java

@@ -24,75 +24,75 @@ public class AcquireTokenInteractiveIT extends SeleniumTest {
     private Config cfg;
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
-    public void acquireTokenInteractive_ManagedUser(String environment){
+    public void acquireTokenInteractive_ManagedUser(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
         assertAcquireTokenAAD(user);
     }
 
     @Test()
-    public void acquireTokenInteractive_ADFSv2019_OnPrem(){
+    public void acquireTokenInteractive_ADFSv2019_OnPrem() {
         User user = labUserProvider.getOnPremAdfsUser(FederationProvider.ADFS_2019);
         assertAcquireTokenADFS2019(user);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
-    public void acquireTokenInteractive_ADFSv2019_Federated(String environment){
+    public void acquireTokenInteractive_ADFSv2019_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2019);
         assertAcquireTokenAAD(user);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
-    public void acquireTokenInteractive_ADFSv4_Federated(String environment){
+    public void acquireTokenInteractive_ADFSv4_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_4);
         assertAcquireTokenAAD(user);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
-    public void acquireTokenInteractive_ADFSv3_Federated(String environment){
+    public void acquireTokenInteractive_ADFSv3_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_3);
         assertAcquireTokenAAD(user);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
-    public void acquireTokenInteractive_ADFSv2_Federated(String environment){
+    public void acquireTokenInteractive_ADFSv2_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2);
         assertAcquireTokenAAD(user);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
-    public void acquireTokenWithAuthorizationCode_B2C_Local(String environment){
+    public void acquireTokenWithAuthorizationCode_B2C_Local(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getB2cUser(cfg.azureEnvironment, B2CProvider.LOCAL);
         assertAcquireTokenB2C(user);
     }
 
     @Test
-    public void acquireTokenInteractive_ManagedUser_InstanceAware(){
+    public void acquireTokenInteractive_ManagedUser_InstanceAware() {
         cfg = new Config(AzureEnvironment.AZURE);
 
         User user = labUserProvider.getDefaultUser(AzureEnvironment.AZURE_US_GOVERNMENT);
         assertAcquireTokenInstanceAware(user);
     }
 
-    private void assertAcquireTokenAAD(User user){
+    private void assertAcquireTokenAAD(User user) {
         PublicClientApplication pca;
         try {
             pca = PublicClientApplication.builder(
                     user.getAppId()).
                     authority(cfg.organizationsAuthority()).
                     build();
-        } catch(MalformedURLException ex){
+        } catch (MalformedURLException ex) {
             throw new RuntimeException(ex.getMessage());
         }
 
@@ -107,14 +107,14 @@ private void assertAcquireTokenAAD(User user){
         Assert.assertEquals(user.getUpn(), result.account().username());
     }
 
-    private void assertAcquireTokenADFS2019(User user){
+    private void assertAcquireTokenADFS2019(User user) {
         PublicClientApplication pca;
         try {
             pca = PublicClientApplication.builder(
                     TestConstants.ADFS_APP_ID).
                     authority(TestConstants.ADFS_AUTHORITY).
                     build();
-        } catch(MalformedURLException ex){
+        } catch (MalformedURLException ex) {
             throw new RuntimeException(ex.getMessage());
         }
 
@@ -126,15 +126,15 @@ private void assertAcquireTokenADFS2019(User user){
         Assert.assertEquals(user.getUpn(), result.account().username());
     }
 
-    private void assertAcquireTokenB2C(User user){
+    private void assertAcquireTokenB2C(User user) {
 
         PublicClientApplication pca;
         try {
             pca = PublicClientApplication.builder(
                     user.getAppId()).
                     b2cAuthority(TestConstants.B2C_AUTHORITY_SIGN_IN).
                     build();
-        } catch(MalformedURLException ex){
+        } catch (MalformedURLException ex) {
             throw new RuntimeException(ex.getMessage());
         }
 
@@ -189,10 +189,12 @@ public void acquireTokensInHomeAndGuestClouds(String homeCloud, String homeCloud
 
         ITokenCacheAccessAspect persistenceAspect = new ITokenCacheAccessAspect() {
             String data;
+
             @Override
             public void beforeCacheAccess(ITokenCacheAccessContext iTokenCacheAccessContext) {
                 iTokenCacheAccessContext.tokenCache().deserialize(data);
             }
+
             @Override
             public void afterCacheAccess(ITokenCacheAccessContext iTokenCacheAccessContext) {
                 data = iTokenCacheAccessContext.tokenCache().serialize();
@@ -218,7 +220,7 @@ public void afterCacheAccess(ITokenCacheAccessContext iTokenCacheAccessContext)
     private IAuthenticationResult acquireTokenInteractive(
             User user,
             PublicClientApplication pca,
-            String scope){
+            String scope) {
 
         IAuthenticationResult result;
         try {
@@ -238,7 +240,7 @@ private IAuthenticationResult acquireTokenInteractive(
 
             result = pca.acquireToken(parameters).get();
 
-        } catch(Exception e){
+        } catch (Exception e) {
             LOG.error("Error acquiring token with authCode: " + e.getMessage());
             throw new RuntimeException("Error acquiring token with authCode: " + e.getMessage());
         }
@@ -248,7 +250,7 @@ private IAuthenticationResult acquireTokenInteractive(
     private IAuthenticationResult acquireTokenInteractive_instanceAware(
             User user,
             PublicClientApplication pca,
-            String scope){
+            String scope) {
 
         IAuthenticationResult result;
         try {
@@ -268,7 +270,7 @@ private IAuthenticationResult acquireTokenInteractive_instanceAware(
 
             result = pca.acquireToken(parameters).get();
 
-        } catch(Exception e){
+        } catch (Exception e) {
             LOG.error("Error acquiring token with authCode: " + e.getMessage());
             throw new RuntimeException("Error acquiring token with authCode: " + e.getMessage());
         }
@@ -280,12 +282,12 @@ class SeleniumOpenBrowserAction implements OpenBrowserAction {
         private User user;
         private PublicClientApplication pca;
 
-        SeleniumOpenBrowserAction(User user, PublicClientApplication pca){
+        SeleniumOpenBrowserAction(User user, PublicClientApplication pca) {
             this.user = user;
             this.pca = pca;
         }
 
-        public void openBrowser(URL url){
+        public void openBrowser(URL url) {
             seleniumDriver.navigate().to(url);
             runSeleniumAutomatedLogin(user, pca);
         }

src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java

@@ -11,6 +11,7 @@
 import java.net.MalformedURLException;
 import java.util.Collections;
 import java.util.Date;
+import java.util.HashSet;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
 
@@ -22,7 +23,7 @@ public class AcquireTokenSilentIT {
     private Config cfg;
 
     @BeforeClass
-    public void setUp(){
+    public void setUp() {
         labUserProvider = LabUserProvider.getInstance();
     }
 
@@ -109,13 +110,13 @@ public void acquireTokenSilent_MultipleAccountsInCache_UseCorrectAccount(String
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
-    public void acquireTokenSilent_ADFS2019(String environment) throws Exception{
+    public void acquireTokenSilent_ADFS2019(String environment) throws Exception {
         cfg = new Config(environment);
 
         UserQueryParameters query = new UserQueryParameters();
         query.parameters.put(UserQueryParameters.AZURE_ENVIRONMENT, cfg.azureEnvironment);
-        query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER,  FederationProvider.ADFS_2019);
-        query.parameters.put(UserQueryParameters.USER_TYPE,  UserType.FEDERATED);
+        query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER, FederationProvider.ADFS_2019);
+        query.parameters.put(UserQueryParameters.USER_TYPE, UserType.FEDERATED);
 
         User user = labUserProvider.getLabUser(query);
 
@@ -140,7 +141,7 @@ public void acquireTokenSilent_ADFS2019(String environment) throws Exception{
 
     // Commented out due to unclear B2C behavior causing occasional errors
     //@Test
-    public void acquireTokenSilent_B2C() throws Exception{
+    public void acquireTokenSilent_B2C() throws Exception {
         UserQueryParameters query = new UserQueryParameters();
         query.parameters.put(UserQueryParameters.USER_TYPE, UserType.B2C);
         query.parameters.put(UserQueryParameters.B2C_PROVIDER, B2CProvider.LOCAL);
@@ -162,7 +163,6 @@ public void acquireTokenSilent_B2C() throws Exception{
     }
 
 
-
     @Test
     public void acquireTokenSilent_usingCommonAuthority_returnCachedAt() throws Exception {
         acquireTokenSilent_returnCachedTokens(cfg.organizationsAuthority());
@@ -174,7 +174,7 @@ public void acquireTokenSilent_usingTenantSpecificAuthority_returnCachedAt() thr
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
-    public void acquireTokenSilent_ConfidentialClient_acquireTokenSilent(String environment) throws Exception{
+    public void acquireTokenSilent_ConfidentialClient_acquireTokenSilent(String environment) throws Exception {
         cfg = new Config(environment);
 
         IConfidentialClientApplication cca = getConfidentialClientApplications();
@@ -221,7 +221,7 @@ public void acquireTokenSilent_ConfidentialClient_acquireTokenSilentDifferentSco
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
-    public void acquireTokenSilent_WithRefreshOn(String environment) throws Exception{
+    public void acquireTokenSilent_WithRefreshOn(String environment) throws Exception {
         cfg = new Config(environment);
 
         User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
@@ -295,7 +295,56 @@ public void acquireTokenSilent_TenantAsParameter(String environment) throws Exce
         assertTokensAreNotEqual(result, resultWithTenantParam);
     }
 
-    private IConfidentialClientApplication getConfidentialClientApplications() throws Exception{
+    @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
+    public void acquireTokenSilent_emptyStringScope(String environment) throws Exception {
+        cfg = new Config(environment);
+        User user = labUserProvider.getDefaultUser(environment);
+
+        PublicClientApplication pca = PublicClientApplication.builder(
+                user.getAppId()).
+                authority(cfg.organizationsAuthority()).
+                build();
+
+        String emptyScope = StringHelper.EMPTY_STRING;
+        IAuthenticationResult result = acquireTokenUsernamePassword(user, pca, emptyScope);
+        assertResultNotNull(result);
+
+        IAccount account = pca.getAccounts().join().iterator().next();
+        IAuthenticationResult silentResult = acquireTokenSilently(pca, account, emptyScope, false);
+        assertResultNotNull(silentResult);
+        Assert.assertEquals(result.accessToken(), silentResult.accessToken());
+    }
+
+    @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
+    public void acquireTokenSilent_emptyScopeSet(String environment) throws Exception {
+        cfg = new Config(environment);
+        User user = labUserProvider.getDefaultUser(environment);
+
+        Set<String> scopes = new HashSet<>();
+        PublicClientApplication pca = PublicClientApplication.builder(
+                user.getAppId()).
+                authority(cfg.organizationsAuthority()).
+                build();
+
+        IAuthenticationResult result = pca.acquireToken(UserNamePasswordParameters.
+                builder(scopes,
+                        user.getUpn(),
+                        user.getPassword().toCharArray())
+                .build())
+                .get();
+        assertResultNotNull(result);
+
+        IAccount account = pca.getAccounts().join().iterator().next();
+        IAuthenticationResult silentResult = pca.acquireTokenSilently(SilentParameters.
+                builder(scopes, account)
+                .build())
+                .get();
+
+        assertResultNotNull(silentResult);
+        Assert.assertEquals(result.accessToken(), silentResult.accessToken());
+    }
+
+    private IConfidentialClientApplication getConfidentialClientApplications() throws Exception {
         String clientId = cfg.appProvider.getOboAppId();
         String password = cfg.appProvider.getOboAppPassword();
 
@@ -304,8 +353,8 @@ private IConfidentialClientApplication getConfidentialClientApplications() throw
         return ConfidentialClientApplication.builder(
                 clientId, credential).
                 //authority(MICROSOFT_AUTHORITY)
-                authority(cfg.tenantSpecificAuthority()).
-                build();
+                        authority(cfg.tenantSpecificAuthority()).
+                        build();
     }
 
     private void acquireTokenSilent_returnCachedTokens(String authority) throws Exception {