Merge pull request #978 from AzureAD/avdunn/merge-conflicts

Sync dependency removal branch with latest dev branch

Author: Avery-Dunn

RELEASES.md

@@ -0,0 +1,41 @@
+# Microsoft Identity SDK Versioning and Servicing FAQ
+
+We have adopted the semantic versioning flow that is industry standard for OSS projects. It gives the maximum amount of control on what risk you take with what versions.
+
+## Semantic Versioning and API stability promises
+
+Microsoft Authentication Libraries are independent open source libraries that are used by  both internal and external Microsoft partners. As with the rest of Microsoft, we have moved to a rapid iteration model where bugs are fixed daily and new versions are produced as required. To communicate these frequent changes to external partners and customers, we follow the practices of other open source libraries and use semantic versioning for all our public Microsoft Authentication SDK libraries. This allows us to support our downstream partners which will lock on certain versions for stability purposes, as well as providing for the distribution over NuGet, CocoaPods, and Maven.
+
+The semantics are: MAJOR.MINOR.PATCH (example 1.1.5)
+
+We will update our code distributions to use the latest PATCH semantic version number in order to make sure our customers and partners get the latest bug fixes. Downstream partner needs to pull the latest PATCH version. Most partners should try lock on the latest MINOR version number in their builds and accept any updates in the PATCH number.
+
+Example:
+Using Maven, this ensures all 1.1.0 to 1.1.x updates are included when building your code, but not 1.2. 
+
+```
+<dependency>
+    <groupId>com.microsoft.azure</groupId>
+    <artifactId>msal4j</artifactId>
+    <version>[1.1.0,1.2.0)</version>
+</dependency>
+```
+
+| Version |                                                                                                                                                                                                                                                             Description                                                                                                                                                                                                                                                              |
+|:-------:|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|
+| x.x.x   | PATCH version number. Incrementing these numbers is for bug fixes and updates but do not introduce new features. This is used for close partners who build on our platform release (ex. Microsoft Entra Fabric, Office, etc.). In addition, Cocoapods, NuGet, and Maven use this number to deliver the latest release to customers. This will update frequently (sometimes within the same day). There are no new features, and no regressions or API surface changes. Code will continue to work unless affected by a particular code fix. |
+| x.x     |                                                          MINOR version numbers. These are for new feature additions that do not impact existing features or introduce regressions. They are purely additive, but may require testing to ensure nothing is impacted. All x.x.x bug fixes will also roll up in to this number. There is no regressions or API surface changes. Code will continue to work unless affected by a particular code fix or needs this new feature.                                                          |
+| x       |                                                   MAJOR version numbers. This should be considered a new, supported version of Microsoft Authentication SDK and begins the Azure one year support cycle anew. Major new features are introduced and API changes can occur. This should only be used after a large amount of testing and used only if those features are needed. We will continue to service MAJOR version numbers with bug fixes up to the one year support cycle.                                                   |
+
+## Serviceability
+
+When we release a new MINOR version, the previous MINOR versions shipped within one year MAY still accept bug report and receive patches. MINOR versions more than one year old will not receive any support. If you suspect there is an issue in a 1+ year old version that you are using, please upgrade to latest MINOR version and retry, before you send out a bug report.
+
+When we release a new MAJOR version, we will continue to apply bug fixes to the existing features in the previous MAJOR version for up to the 1-year support cycle for Azure.
+
+## Microsoft Authentication SDKs and Microsoft Entra
+
+Microsoft Authentication SDKs major versions will maintain backwards compatibility with Microsoft Entra web services through the support period. This means that the API surface area defined in a MAJOR version will continue to work for at least 1 year after release.
+
+We will respond to bugs quickly from our partners and customers submitted through GitHub and through our private alias ([email protected]) for security issues and update the PATCH version number. We will also submit a change summary for each PATCH number.
+Occasionally, there will be security bugs or breaking bugs from our partners that will require an immediate fix and an update to all partners and customers. When this occurs, we will do an emergency roll up to a PATCH version number and update all our distribution methods to the latest.

changelog.txt

@@ -4,6 +4,19 @@ Version 1.30.0-beta
 - Replace com.nimbusds dependencies with implementations of OAuth behavior (#926, #927, #928, #941, #945)
 - Replace com.fasterxml.jackson with com.azure.json for JSON behavior (#947, #948)
 
+Version 1.22.0
+=============
+- Validate issuer from OIDC endpoint when using the oidcAuthority() API (#970)
+- Bump oauth2-oidc-sdk dependency to avoid CVE-2025-53864 (#975)
+
+Version 1.21.0
+=============
+- Add support for claims, client capabilities, and token revocation in Service Fabric scenarios (#929, #943)
+- Improve retry logic for HTTP requests, and add API to disable retries (#960, #963, #964)
+- Support multiple date formats in Managed identity scenarios (#956)
+- Fix query parameter issue in IMDS scenarios (#954)
+- Update dependencies used in tests to avoid CVE warnings (#962)
+
  1.20.1
 =============
 - Fix Base64URL decoding bug (#938)

msal4j-sdk/pom.xml

@@ -30,6 +30,12 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <skip.unit.tests>false</skip.unit.tests>
+        <skip.integration.tests>false</skip.integration.tests>
+
+        <!-- Test category control properties. -->
+        <!-- Disable test categories by setting to 'true' in the mvn command (i.e., mvn verify -Dadfs.disabled=true)-->
+        <adfs.disabled>false</adfs.disabled>
     </properties>
 
     <dependencies>
@@ -57,40 +63,34 @@
             <version>1.6.2</version>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-text</artifactId>
-            <version>1.10.0</version>
-            <scope>test</scope>
-        </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-api</artifactId>
-            <version>5.9.2</version>
+            <version>5.13.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-params</artifactId>
-            <version>5.8.1</version>
+            <version>5.13.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter-engine</artifactId>
-            <version>5.9.2</version>
+            <version>5.13.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-inline</artifactId>
-            <version>4.7.0</version>
+            <version>4.11.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-junit-jupiter</artifactId>
-            <version>4.7.0</version>
+            <version>4.11.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -102,19 +102,13 @@
         <dependency>
             <groupId>org.skyscreamer</groupId>
             <artifactId>jsonassert</artifactId>
-            <version>1.5.0</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
-            <version>4.5.13</version>
+            <version>1.5.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>com.azure</groupId>
             <artifactId>azure-security-keyvault-secrets</artifactId>
-            <version>4.3.5</version>
+            <version>4.9.4</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -124,15 +118,9 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>com.google.guava</groupId>
-            <artifactId>guava</artifactId>
-            <version>32.1.1-jre</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>ch.qos.logback</groupId>
-            <artifactId>logback-classic</artifactId>
-            <version>1.3.12</version>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
+            <version>1.13.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -189,7 +177,9 @@
                 <executions>
                     <execution>
                         <id>check</id>
-                        <goals><goal>check</goal></goals>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
                     </execution>
                 </executions>
             </plugin>
@@ -214,9 +204,9 @@
                 <version>3.5.2</version>
                 <configuration>
                     <argLine>@{argLine} -noverify</argLine>
+                    <skipTests>${skip.unit.tests}</skipTests>
                 </configuration>
             </plugin>
-
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
@@ -291,6 +281,12 @@
                         </goals>
                     </execution>
                 </executions>
+                <configuration>
+                    <skipTests>${skip.integration.tests}</skipTests>
+                    <systemPropertyVariables>
+                        <adfs.disabled>${adfs.disabled}</adfs.disabled>
+                    </systemPropertyVariables>
+                </configuration>
             </plugin>
             <plugin>
                 <groupId>biz.aQute.bnd</groupId>
@@ -323,6 +319,10 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <version>3.1.2</version>
+            </plugin>
         </plugins>
     </build>
 </project>

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java

@@ -7,6 +7,7 @@
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.junit.jupiter.api.Test;
@@ -56,13 +57,15 @@ void acquireTokenInteractive_ManagedUser(String environment) {
     }
 
     @Test()
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void acquireTokenInteractive_ADFSv2019_OnPrem() {
         User user = labUserProvider.getOnPremAdfsUser(FederationProvider.ADFS_2019);
         assertAcquireTokenCommon(user, TestConstants.ADFS_AUTHORITY, TestConstants.ADFS_SCOPE);
     }
 
     @ParameterizedTest
     @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void acquireTokenInteractive_ADFSv2019_Federated(String environment) {
         cfg = new Config(environment);
 
@@ -72,6 +75,7 @@ void acquireTokenInteractive_ADFSv2019_Federated(String environment) {
 
     @ParameterizedTest
     @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void acquireTokenInteractive_ADFSv4_Federated(String environment) {
         cfg = new Config(environment);
 

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java

@@ -6,6 +6,7 @@
 import labapi.*;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.junit.jupiter.api.BeforeAll;
@@ -100,6 +101,7 @@ void acquireTokenSilent_ForceRefresh(String environment) throws Exception {
 
     @ParameterizedTest
     @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void acquireTokenSilent_MultipleAccountsInCache_UseCorrectAccount(String environment) throws Exception {
         cfg = new Config(environment);
 
@@ -123,6 +125,7 @@ void acquireTokenSilent_MultipleAccountsInCache_UseCorrectAccount(String environ
 
     @ParameterizedTest
     @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void acquireTokenSilent_ADFS2019(String environment) throws Exception {
         cfg = new Config(environment);
 

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java

@@ -7,6 +7,7 @@
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.junit.jupiter.api.Test;
@@ -56,13 +57,15 @@ public void acquireTokenWithAuthorizationCode_ManagedUser(String environment) {
     }
 
     @Test
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     public void acquireTokenWithAuthorizationCode_ADFSv2019_OnPrem() {
         User user = labUserProvider.getOnPremAdfsUser(FederationProvider.ADFS_2019);
         assertAcquireTokenADFS2019(user);
     }
 
     @ParameterizedTest
     @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     public void acquireTokenWithAuthorizationCode_ADFSv2019_Federated(String environment) {
         cfg = new Config(environment);
 
@@ -72,6 +75,7 @@ public void acquireTokenWithAuthorizationCode_ADFSv2019_Federated(String environ
 
     @ParameterizedTest
     @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     public void acquireTokenWithAuthorizationCode_ADFSv4_Federated(String environment) {
         cfg = new Config(environment);
 

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java

@@ -12,6 +12,7 @@
 import org.slf4j.LoggerFactory;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.junit.jupiter.api.BeforeAll;
@@ -54,6 +55,7 @@ void DeviceCodeFlowADTest(String environment) throws Exception {
     }
 
     @Test()
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void DeviceCodeFlowADFSv2019Test() throws Exception {
 
         User user = labUserProvider.getOnPremAdfsUser(FederationProvider.ADFS_2019);

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TokenCacheIT.java

@@ -7,6 +7,7 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -59,6 +60,7 @@ void singleAccountInCache_RemoveAccountTest() throws Exception {
     }
 
     @Test
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void twoAccountsInCache_RemoveAccountTest() throws Exception {
 
         User managedUser = labUserProvider.getDefaultUser();
@@ -108,6 +110,7 @@ void twoAccountsInCache_RemoveAccountTest() throws Exception {
     }
 
     @Test
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void twoAccountsInCache_SameUserDifferentTenants_RemoveAccountTest() throws Exception {
 
         UserQueryParameters query = new UserQueryParameters();
@@ -172,6 +175,7 @@ void twoAccountsInCache_SameUserDifferentTenants_RemoveAccountTest() throws Exce
     }
 
     @Test
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void retrieveAccounts_ADFSOnPrem() throws Exception {
         UserQueryParameters query = new UserQueryParameters();
         query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER, FederationProvider.ADFS_2019);

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java

@@ -6,11 +6,11 @@
 import labapi.*;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.junit.jupiter.api.BeforeAll;
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNotNull;
 
 import java.util.Collections;
 import java.util.HashMap;
@@ -39,6 +39,7 @@ void acquireTokenWithUsernamePassword_Managed(String environment) throws Excepti
 
     @ParameterizedTest
     @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void acquireTokenWithUsernamePassword_ADFSv2019_Federated(String environment) throws Exception {
         cfg = new Config(environment);
 
@@ -53,6 +54,7 @@ void acquireTokenWithUsernamePassword_ADFSv2019_Federated(String environment) th
     }
 
     @Test
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void acquireTokenWithUsernamePassword_ADFSv2019_OnPrem() throws Exception {
         UserQueryParameters query = new UserQueryParameters();
         query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER, FederationProvider.ADFS_2019);
@@ -65,6 +67,7 @@ void acquireTokenWithUsernamePassword_ADFSv2019_OnPrem() throws Exception {
 
     @ParameterizedTest
     @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
+    @DisabledIfSystemProperty(named = "adfs.disabled", matches = "true")
     void acquireTokenWithUsernamePassword_ADFSv4(String environment) throws Exception {
         cfg = new Config(environment);