using tenant from request for caching (#86)

Author: SomkaPe

src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenSilentIT.java

@@ -171,4 +171,50 @@ private IPublicClientApplication getPublicClientApplicationWithTokensInCache()
                 .get();
         return pca;
     }
+
+    @Test
+    private void acquireTokenSilent_usingCommonAuthority_returnCachedAt() throws Exception {
+        acquireTokenSilent_returnCachedTokens(TestConstants.ORGANIZATIONS_AUTHORITY);
+    }
+
+    @Test
+    private void acquireTokenSilent_usingTenantSpecificAuthority_returnCachedAt() throws Exception {
+        LabResponse labResponse = labUserProvider.getDefaultUser(
+                NationalCloud.AZURE_CLOUD,
+                false);
+        String tenantSpecificAuthority = TestConstants.MICROSOFT_AUTHORITY_HOST + labResponse.getUser().getTenantId();
+
+        acquireTokenSilent_returnCachedTokens(tenantSpecificAuthority);
+    }
+
+    void acquireTokenSilent_returnCachedTokens(String authority) throws Exception {
+
+        LabResponse labResponse = labUserProvider.getDefaultUser(
+                NationalCloud.AZURE_CLOUD,
+                false);
+        String password = labUserProvider.getUserPassword(labResponse.getUser());
+
+        PublicClientApplication pca = new PublicClientApplication.Builder(
+                labResponse.getAppId()).
+                authority(authority).
+                build();
+
+        IAuthenticationResult interactiveAuthResult = pca.acquireToken(UserNamePasswordParameters.
+                builder(Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE),
+                        labResponse.getUser().getUpn(),
+                        password.toCharArray())
+                .build())
+                .get();
+
+        Assert.assertNotNull(interactiveAuthResult);
+
+        IAuthenticationResult silentAuthResult = pca.acquireTokenSilently(
+                SilentParameters.builder(
+                        Collections.singleton(TestConstants.GRAPH_DEFAULT_SCOPE), interactiveAuthResult.account())
+                        .build())
+                .get();
+
+        Assert.assertNotNull(silentAuthResult);
+        Assert.assertEquals(interactiveAuthResult.accessToken(), silentAuthResult.accessToken());
+    }
 }

src/main/java/com/microsoft/aad/msal4j/AccountCacheEntity.java

@@ -59,18 +59,18 @@ String getKey() {
         return String.join(Constants.CACHE_KEY_SEPARATOR, keyParts).toLowerCase();
     }
 
-    static AccountCacheEntity create(String clientInfoStr, String environment, IdToken idToken, String policy) {
+    static AccountCacheEntity create(String clientInfoStr, Authority requestAuthority, IdToken idToken, String policy) {
 
         AccountCacheEntity account = new AccountCacheEntity();
         account.authorityType(MSSTS_ACCOUNT_TYPE);
         account.clientInfoStr = clientInfoStr;
         account.homeAccountId(policy != null ?
                 account.clientInfo().toAccountIdentifier() + Constants.CACHE_KEY_SEPARATOR + policy :
                 account.clientInfo().toAccountIdentifier());
-        account.environment(environment);
+        account.environment(requestAuthority.host());
+        account.realm(requestAuthority.tenant());
 
         if (idToken != null) {
-            account.realm(idToken.tenantIdentifier);
             String localAccountId = !StringHelper.isBlank(idToken.objectIdentifier)
                     ? idToken.objectIdentifier : idToken.subject;
             account.localAccountId(localAccountId);
@@ -81,8 +81,8 @@ static AccountCacheEntity create(String clientInfoStr, String environment, IdTok
         return account;
     }
 
-    static AccountCacheEntity create(String clientInfoStr, String environment, IdToken idToken){
-        return create(clientInfoStr, environment, idToken, null);
+    static AccountCacheEntity create(String clientInfoStr, Authority requestAuthority, IdToken idToken){
+        return create(clientInfoStr, requestAuthority, idToken, null);
     }
 
     IAccount toAccount(){

src/main/java/com/microsoft/aad/msal4j/TokenCache.java

@@ -240,13 +240,7 @@ static private AccessTokenCacheEntity createAccessTokenCacheEntity(TokenRequest
         at.environment(environmentAlias);
         at.clientId(tokenRequest.getMsalRequest().application().clientId());
         at.secret(authenticationResult.accessToken());
-
-        IdToken idTokenObj = authenticationResult.idTokenObject();
-        if (idTokenObj != null) {
-            at.realm(idTokenObj.tenantIdentifier);
-        } else {
-            at.realm(tokenRequest.requestAuthority.tenant());
-        }
+        at.realm(tokenRequest.requestAuthority.tenant());
 
         String scopes = !StringHelper.isBlank(authenticationResult.scopes()) ? authenticationResult.scopes() :
                 tokenRequest.getMsalRequest().msalAuthorizationGrant().getScopes();
@@ -275,11 +269,7 @@ static private IdTokenCacheEntity createIdTokenCacheEntity(TokenRequest tokenReq
         idToken.environment(environmentAlias);
         idToken.clientId(tokenRequest.getMsalRequest().application().clientId());
         idToken.secret(authenticationResult.idToken());
-
-        IdToken idTokenObj = authenticationResult.idTokenObject();
-        if (idTokenObj != null) {
-            idToken.realm(idTokenObj.tenantIdentifier);
-        }
+        idToken.realm(tokenRequest.requestAuthority.tenant());
 
         return idToken;
     }

src/main/java/com/microsoft/aad/msal4j/TokenRequest.java

@@ -80,13 +80,13 @@ AuthenticationResult executeOauthRequestAndProcessResponse()
 
                             accountCacheEntity = AccountCacheEntity.create(
                                     response.getClientInfo(),
-                                    requestAuthority.host(),
+                                    requestAuthority,
                                     idToken,
                                     authority.policy);
                         } else {
                             accountCacheEntity = AccountCacheEntity.create(
                                     response.getClientInfo(),
-                                    requestAuthority.host(),
+                                    requestAuthority,
                                     idToken);
                         }
                     }

src/test/resources/AAD_cache_data/account_cache_entity.json

@@ -3,7 +3,7 @@
   "home_account_id": "9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
   "username": "[email protected]",
   "environment": "login.microsoftonline.com",
-  "realm": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
+  "realm": "common",
   "authority_type": "MSSTS",
   "name": "Cloud IDLAB Basic User",
   "client_info": "eyJ1aWQiOiI5ZjQ4ODBkOC04MGJhLTRjNDAtOTdiYy1mN2EyM2M3MDMwODQiLCJ1dGlkIjoiZjY0NWFkOTItZTM4ZC00ZDFhLWI1MTAtZDFiMDlhNzRhOGNhIn0"

src/test/resources/AAD_cache_data/account_cache_entity_key.txt

@@ -1 +1 @@
-9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca-login.microsoftonline.com-f645ad92-e38d-4d1a-b510-d1b09a74a8ca
+9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca-login.microsoftonline.com-common

src/test/resources/AAD_cache_data/at_cache_entity.json

@@ -4,7 +4,7 @@
   "extended_expires_on": "<extended_expires_on>",
   "credential_type": "AccessToken",
   "environment": "login.microsoftonline.com",
-  "realm": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
+  "realm": "common",
   "expires_on": "<expires_on>",
   "cached_at": "<cached_at>",
   "client_id": "b6c69a37-df96-4db0-9088-2ab96e1d8215",

src/test/resources/AAD_cache_data/at_cache_entity_key.txt

@@ -1 +1 @@
-9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca-login.microsoftonline.com-accesstoken-b6c69a37-df96-4db0-9088-2ab96e1d8215-f645ad92-e38d-4d1a-b510-d1b09a74a8ca-calendars.read openid profile tasks.read user.read email
+9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca-login.microsoftonline.com-accesstoken-b6c69a37-df96-4db0-9088-2ab96e1d8215-common-calendars.read openid profile tasks.read user.read email

src/test/resources/AAD_cache_data/id_token_cache_entity.json

@@ -3,6 +3,6 @@
   "credential_type": "IdToken",
   "environment": "login.microsoftonline.com",
   "home_account_id": "9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
-  "realm": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca",
+  "realm": "common",
   "client_id": "b6c69a37-df96-4db0-9088-2ab96e1d8215"
 }

src/test/resources/AAD_cache_data/id_token_cache_entity_key.txt

@@ -1 +1 @@
-9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca-login.microsoftonline.com-idtoken-b6c69a37-df96-4db0-9088-2ab96e1d8215-f645ad92-e38d-4d1a-b510-d1b09a74a8ca-
+9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca-login.microsoftonline.com-idtoken-b6c69a37-df96-4db0-9088-2ab96e1d8215-common-