Pass token source and update tests

neha-bhargava · neha-bhargava · commit a6e0fd4eabf6 · 2025-04-02T17:48:45.000-07:00
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByManagedIdentitySupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByManagedIdentitySupplier.java
@@ -98,6 +98,7 @@ private AuthenticationResult createFromManagedIdentityResponse(ManagedIdentityRe
         long expiresOn = Long.parseLong(managedIdentityResponse.expiresOn);
         long refreshOn = calculateRefreshOn(expiresOn);
         AuthenticationResultMetadata metadata = AuthenticationResultMetadata.builder()
+                .tokenSource(TokenSource.IDENTITY_PROVIDER)
                 .refreshOn(refreshOn)
                 .build();
 
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java
@@ -43,36 +43,37 @@ AuthenticationResult execute() throws Exception {
                     requestAuthority,
                     silentRequest.parameters().scopes(),
                     clientApplication.clientId());
+        }
 
-            if (res == null) {
-                throw new MsalClientException(AuthenticationErrorMessage.NO_TOKEN_IN_CACHE, AuthenticationErrorCode.CACHE_MISS);
-            }
+        if (res == null) {
+            throw new MsalClientException(AuthenticationErrorMessage.NO_TOKEN_IN_CACHE, AuthenticationErrorCode.CACHE_MISS);
+        }
 
-            //Some cached tokens were found, but this metadata will be overwritten if token needs to be refreshed
-            res.metadata().tokenSource(TokenSource.CACHE);
+        //Some cached tokens were found, but this metadata will be overwritten if token needs to be refreshed
+        res.metadata().tokenSource(TokenSource.CACHE);
 
-            if (!StringHelper.isBlank(res.accessToken())) {
-                clientApplication.serviceBundle().getServerSideTelemetry().incrementSilentSuccessfulCount();
-            }
+        if (!StringHelper.isBlank(res.accessToken())) {
+            clientApplication.serviceBundle().getServerSideTelemetry().incrementSilentSuccessfulCount();
+        }
+
+        shouldRefresh = shouldRefresh(silentRequest.parameters(), res);
 
-            shouldRefresh = shouldRefresh(silentRequest.parameters(), res);
-
-            if (shouldRefresh) {
-                if (!StringHelper.isBlank(res.refreshToken())) {
-                    //There are certain scenarios where the cached authority may differ from the client app's authority,
-                    // such as when a request is instance aware. Unless overridden by SilentParameters.authorityUrl, the
-                    // cached authority should be used in the token refresh request
-                    if (silentRequest.parameters().authorityUrl() == null && !res.account().environment().equals(requestAuthority.host)) {
-                        requestAuthority = Authority.createAuthority(new URL(requestAuthority.authority().replace(requestAuthority.host(),
-                                res.account().environment())));
-                    }
-
-                    res = makeRefreshRequest(res, requestAuthority, clientApplication.serviceBundle().getServerSideTelemetry().getCurrentRequest().cacheInfo());
-                } else {
-                    res = null;
+        if (shouldRefresh) {
+            if (!StringHelper.isBlank(res.refreshToken())) {
+                //There are certain scenarios where the cached authority may differ from the client app's authority,
+                // such as when a request is instance aware. Unless overridden by SilentParameters.authorityUrl, the
+                // cached authority should be used in the token refresh request
+                if (silentRequest.parameters().authorityUrl() == null && !res.account().environment().equals(requestAuthority.host)) {
+                    requestAuthority = Authority.createAuthority(new URL(requestAuthority.authority().replace(requestAuthority.host(),
+                            res.account().environment())));
                 }
+
+                res = makeRefreshRequest(res, requestAuthority, clientApplication.serviceBundle().getServerSideTelemetry().getCurrentRequest().cacheInfo());
+            } else {
+                res = null;
             }
         }
+
         if (res == null || StringHelper.isBlank(res.accessToken())) {
             throw new MsalClientException(AuthenticationErrorMessage.NO_TOKEN_IN_CACHE, AuthenticationErrorCode.CACHE_MISS);
         }
diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ManagedIdentityTests.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ManagedIdentityTests.java
@@ -191,15 +191,14 @@ void managedIdentityTest_SystemAssigned_SuccessfulResponse(ManagedIdentitySource
                         .build()).get();
 
         assertNotNull(result.accessToken());
-
-        String accessToken = result.accessToken();
+        assertEquals(TokenSource.IDENTITY_PROVIDER, result.metadata().tokenSource());
 
         result = miApp.acquireTokenForManagedIdentity(
                 ManagedIdentityParameters.builder(resource)
                         .build()).get();
 
         assertNotNull(result.accessToken());
-        assertEquals(accessToken, result.accessToken());
+        assertEquals(TokenSource.CACHE, result.metadata().tokenSource());
         verify(httpClientMock, times(1)).send(any());
     }
 
@@ -228,6 +227,7 @@ void managedIdentityTest_UserAssigned_SuccessfulResponse(ManagedIdentitySourceTy
                         .build()).get();
 
         assertNotNull(result.accessToken());
+        assertEquals(TokenSource.IDENTITY_PROVIDER, result.metadata().tokenSource());
         verify(httpClientMock, times(1)).send(any());
     }
 
@@ -253,6 +253,7 @@ void managedIdentityTest_RefreshOnHalfOfExpiresOn() throws Exception {
         long timestampSeconds = (System.currentTimeMillis() / 1000);
 
         assertNotNull(result.accessToken());
+        assertEquals(TokenSource.IDENTITY_PROVIDER, result.metadata().tokenSource());
         assertEquals((result.expiresOn() - timestampSeconds)/2, result.refreshOn() - timestampSeconds);
 
         verify(httpClientMock, times(1)).send(any());
@@ -320,12 +321,14 @@ void managedIdentityTest_DifferentScopes_RequestsNewToken(ManagedIdentitySourceT
                         .build()).get();
 
         assertNotNull(result.accessToken());
+        assertEquals(TokenSource.IDENTITY_PROVIDER, result.metadata().tokenSource());
 
         result = miApp.acquireTokenForManagedIdentity(
                 ManagedIdentityParameters.builder(anotherResource)
                         .build()).get();
 
         assertNotNull(result.accessToken());
+        assertEquals(TokenSource.IDENTITY_PROVIDER, result.metadata().tokenSource());
         verify(httpClientMock, times(2)).send(any());
         // TODO: Assert token source to check the token source is IDP and not Cache.
     }
@@ -565,12 +568,14 @@ void managedIdentity_SharedCache(ManagedIdentitySourceType source, String endpoi
                         .build()).get();
 
         assertNotNull(resultMiApp1.accessToken());
+        assertEquals(TokenSource.IDENTITY_PROVIDER, resultMiApp1.metadata().tokenSource());
 
         IAuthenticationResult resultMiApp2 = miApp2.acquireTokenForManagedIdentity(
                 ManagedIdentityParameters.builder(resource)
                         .build()).get();
 
         assertNotNull(resultMiApp2.accessToken());
+        assertEquals(TokenSource.CACHE, resultMiApp2.metadata().tokenSource());
 
         //acquireTokenForManagedIdentity does a cache lookup by default, and all ManagedIdentityApplication's share a cache,
         // so calling acquireTokenForManagedIdentity with the same parameters in two different ManagedIdentityApplications
