Merge pull request #942 from AzureAD/avdunn/nimbus-map

Represent query parameters with Map<String, String>

Author: Avery-Dunn

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java

@@ -7,7 +7,6 @@
 import java.net.MalformedURLException;
 import java.net.Proxy;
 import java.net.URL;
-import java.util.Collections;
 import java.util.Set;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutorService;
@@ -134,22 +133,22 @@ public URL getAuthorizationRequestUrl(AuthorizationRequestUrlParameters paramete
 
         validateNotNull("parameters", parameters);
 
-        parameters.requestParameters.put("client_id", Collections.singletonList(this.clientId));
+        parameters.requestParameters.put("client_id", this.clientId);
 
         //If the client application has any client capabilities set, they must be merged into the claims parameter
         if (this.clientCapabilities != null) {
             if (parameters.requestParameters.containsKey("claims")) {
-                String claims = String.valueOf(parameters.requestParameters.get("claims").get(0));
+                String claims = String.valueOf(parameters.requestParameters.get("claims"));
                 String mergedClaimsCapabilities = JsonHelper.mergeJSONString(claims, this.clientCapabilities);
-                parameters.requestParameters.put("claims", Collections.singletonList(mergedClaimsCapabilities));
+                parameters.requestParameters.put("claims", mergedClaimsCapabilities);
             } else {
-                parameters.requestParameters.put("claims", Collections.singletonList(this.clientCapabilities));
+                parameters.requestParameters.put("claims", this.clientCapabilities);
             }
         }
 
         return parameters.createAuthorizationURL(
                 this.authenticationAuthority,
-                parameters.requestParameters());
+                parameters.requestParameters);
     }
 
     @Override

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java

@@ -20,7 +20,7 @@ abstract class AbstractMsalAuthorizationGrant {
      *
      * @return A map contains the HTTP parameters
      */
-    abstract Map<String, List<String>> toParameters();
+    abstract Map<String, String> toParameters();
 
     static final String SCOPE_PARAM_NAME = "scope";
     static final String SCOPES_DELIMITER = " ";

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java

@@ -3,8 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.nimbusds.jose.util.Base64URL;
-
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
@@ -101,24 +99,22 @@ private void processPasswordGrant(OAuthAuthorizationGrant authGrant) throws Exce
         }
     }
 
-    private Map<String, List<String>> getSAMLAuthGrantParameters(WSTrustResponse response) {
-        Map<String, List<String>> params = new LinkedHashMap<>();
+    private Map<String, String> getSAMLAuthGrantParameters(WSTrustResponse response) {
+        Map<String, String> params = new LinkedHashMap<>();
 
         if (response.isTokenSaml2()) {
-            params.put(GrantConstants.GRANT_TYPE_PARAMETER, Collections.singletonList(GrantConstants.SAML_2_BEARER));
+            params.put(GrantConstants.GRANT_TYPE_PARAMETER, GrantConstants.SAML_2_BEARER);
         } else {
-            params.put(GrantConstants.GRANT_TYPE_PARAMETER, Collections.singletonList(GrantConstants.SAML_1_1_BEARER));
+            params.put(GrantConstants.GRANT_TYPE_PARAMETER, GrantConstants.SAML_1_1_BEARER);
         }
 
-        params.put(GrantConstants.ASSERTION_PARAMETER, Collections.singletonList(new Base64URL(
-                Base64.getEncoder().encodeToString(response.getToken()
-                        .getBytes(StandardCharsets.UTF_8))).toString()));
+        params.put(GrantConstants.ASSERTION_PARAMETER, Base64.getUrlEncoder().encodeToString(response.getToken().getBytes(StandardCharsets.UTF_8)));
 
         return params;
     }
 
-    private Map<String, List<String>> getAuthorizationGrantIntegrated(String userName) throws Exception {
-        Map<String, List<String>> params;
+    private Map<String, String> getAuthorizationGrantIntegrated(String userName) throws Exception {
+        Map<String, String> params;
 
         String userRealmEndpoint = this.clientApplication.authenticationAuthority.
                 getUserRealmEndpoint(URLEncoder.encode(userName, StandardCharsets.UTF_8.name()));

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AppServiceManagedIdentitySource.java

@@ -31,8 +31,8 @@ public void createManagedIdentityRequest(String resource) {
         managedIdentityRequest.headers.put(SECRET_HEADER_NAME, identityHeader);
 
         managedIdentityRequest.queryParameters = new HashMap<>();
-        managedIdentityRequest.queryParameters.put("api-version", Collections.singletonList(APP_SERVICE_MSI_API_VERSION));
-        managedIdentityRequest.queryParameters.put("resource", Collections.singletonList(resource));
+        managedIdentityRequest.queryParameters.put("api-version", APP_SERVICE_MSI_API_VERSION);
+        managedIdentityRequest.queryParameters.put("resource", resource);
 
         if (this.idType != null && !StringHelper.isNullOrBlank(this.userAssignedId)) {
             LOG.info("[Managed Identity] Adding user assigned ID to the request for App Service Managed Identity.");

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java

@@ -17,17 +17,17 @@ class AuthorizationCodeRequest extends MsalRequest {
     }
 
     private static AbstractMsalAuthorizationGrant createMsalGrant(AuthorizationCodeParameters parameters) {
-        Map<String, List<String>> params = new LinkedHashMap<>();
+        Map<String, String> params = new LinkedHashMap<>();
 
-        params.put(GrantConstants.GRANT_TYPE_PARAMETER, Collections.singletonList(GrantConstants.AUTHORIZATION_CODE));
-        params.put("code", Collections.singletonList(parameters.authorizationCode()));
+        params.put(GrantConstants.GRANT_TYPE_PARAMETER, GrantConstants.AUTHORIZATION_CODE);
+        params.put("code", parameters.authorizationCode());
 
         if (parameters.redirectUri() != null) {
-            params.put("redirect_uri", Collections.singletonList(parameters.redirectUri().toString()));
+            params.put("redirect_uri", parameters.redirectUri().toString());
         }
 
         if (parameters.codeVerifier() != null) {
-            params.put("code_verifier", Collections.singletonList(parameters.codeVerifier()));
+            params.put("code_verifier", parameters.codeVerifier());
         }
 
         return new OAuthAuthorizationGrant(params, parameters.scopes(), parameters.claims());

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java

@@ -3,7 +3,6 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.nimbusds.oauth2.sdk.util.URLUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -36,7 +35,7 @@ public class AuthorizationRequestUrlParameters {
 
     Map<String, String> extraQueryParameters;
 
-    Map<String, List<String>> requestParameters = new HashMap<>();
+    Map<String, String> requestParameters = new HashMap<>();
 
     Logger log = LoggerFactory.getLogger(AuthorizationRequestUrlParameters.class);
 
@@ -58,7 +57,7 @@ private static Builder builder() {
     private AuthorizationRequestUrlParameters(Builder builder) {
         //required parameters
         this.redirectUri = builder.redirectUri;
-        requestParameters.put("redirect_uri", Collections.singletonList(this.redirectUri));
+        requestParameters.put("redirect_uri", this.redirectUri);
         this.scopes = builder.scopes;
 
         Set<String> scopesParam = new LinkedHashSet<>(AbstractMsalAuthorizationGrant.COMMON_SCOPES);
@@ -70,86 +69,86 @@ private AuthorizationRequestUrlParameters(Builder builder) {
         }
 
         this.scopes = scopesParam;
-        requestParameters.put("scope", Collections.singletonList(String.join(" ", scopesParam)));
-        requestParameters.put("response_type", Collections.singletonList("code"));
+        requestParameters.put("scope", String.join(" ", scopesParam));
+        requestParameters.put("response_type", "code");
 
         // Optional parameters
         if (builder.claims != null) {
             String claimsParam = String.join(" ", builder.claims);
-            requestParameters.put("claims", Collections.singletonList(claimsParam));
+            requestParameters.put("claims", claimsParam);
         }
 
         if (builder.claimsChallenge != null && builder.claimsChallenge.trim().length() > 0) {
             JsonHelper.validateJsonFormat(builder.claimsChallenge);
-            requestParameters.put("claims", Collections.singletonList(builder.claimsChallenge));
+            requestParameters.put("claims", builder.claimsChallenge);
         }
 
         if (builder.claimsRequest != null) {
             String claimsRequest = builder.claimsRequest.formatAsJSONString();
             //If there are other claims (such as part of a claims challenge), merge them with this claims request.
             if (requestParameters.get("claims") != null) {
-                claimsRequest = JsonHelper.mergeJSONString(claimsRequest, requestParameters.get("claims").get(0));
+                claimsRequest = JsonHelper.mergeJSONString(claimsRequest, requestParameters.get("claims"));
             }
-            requestParameters.put("claims", Collections.singletonList(claimsRequest));
+            requestParameters.put("claims", claimsRequest);
         }
 
         if (builder.codeChallenge != null) {
             this.codeChallenge = builder.codeChallenge;
-            requestParameters.put("code_challenge", Collections.singletonList(builder.codeChallenge));
+            requestParameters.put("code_challenge", builder.codeChallenge);
         }
 
         if (builder.codeChallengeMethod != null) {
             this.codeChallengeMethod = builder.codeChallengeMethod;
-            requestParameters.put("code_challenge_method", Collections.singletonList(builder.codeChallengeMethod));
+            requestParameters.put("code_challenge_method", builder.codeChallengeMethod);
         }
 
         if (builder.state != null) {
             this.state = builder.state;
-            requestParameters.put("state", Collections.singletonList(builder.state));
+            requestParameters.put("state", builder.state);
         }
 
         if (builder.nonce != null) {
             this.nonce = builder.nonce;
-            requestParameters.put("nonce", Collections.singletonList(builder.nonce));
+            requestParameters.put("nonce", builder.nonce);
         }
 
         if (builder.responseMode != null) {
             this.responseMode = builder.responseMode;
-            requestParameters.put("response_mode", Collections.singletonList(
-                    builder.responseMode.toString()));
+            requestParameters.put("response_mode",
+                    builder.responseMode.toString());
         } else {
             this.responseMode = ResponseMode.FORM_POST;
-            requestParameters.put("response_mode", Collections.singletonList(
-                    ResponseMode.FORM_POST.toString()));
+            requestParameters.put("response_mode",
+                    ResponseMode.FORM_POST.toString());
         }
 
         if (builder.loginHint != null) {
             this.loginHint = loginHint();
-            requestParameters.put("login_hint", Collections.singletonList(builder.loginHint));
+            requestParameters.put("login_hint", builder.loginHint);
 
             // For CCS routing
-            requestParameters.put(HttpHeaders.X_ANCHOR_MAILBOX, Collections.singletonList(
-                    String.format(HttpHeaders.X_ANCHOR_MAILBOX_UPN_FORMAT, builder.loginHint)));
+            requestParameters.put(HttpHeaders.X_ANCHOR_MAILBOX,
+                    String.format(HttpHeaders.X_ANCHOR_MAILBOX_UPN_FORMAT, builder.loginHint));
         }
 
         if (builder.domainHint != null) {
             this.domainHint = domainHint();
-            requestParameters.put("domain_hint", Collections.singletonList(builder.domainHint));
+            requestParameters.put("domain_hint", builder.domainHint);
         }
 
         if (builder.prompt != null) {
             this.prompt = builder.prompt;
-            requestParameters.put("prompt", Collections.singletonList(builder.prompt.toString()));
+            requestParameters.put("prompt", builder.prompt.toString());
         }
 
         if (builder.correlationId != null) {
             this.correlationId = builder.correlationId;
-            requestParameters.put("correlation_id", Collections.singletonList(builder.correlationId));
+            requestParameters.put("correlation_id", builder.correlationId);
         }
 
         if (builder.instanceAware) {
             this.instanceAware = builder.instanceAware;
-            requestParameters.put("instance_aware", Collections.singletonList(String.valueOf(instanceAware)));
+            requestParameters.put("instance_aware", String.valueOf(instanceAware));
         }
 
         if(null != builder.extraQueryParameters && !builder.extraQueryParameters.isEmpty()){
@@ -160,13 +159,13 @@ private AuthorizationRequestUrlParameters(Builder builder) {
                 if(requestParameters.containsKey(key)){
                     log.warn("A query parameter {} has been provided with values multiple times.", key);
                 }
-                requestParameters.put(key, Collections.singletonList(value));
+                requestParameters.put(key, value);
             }
         }
     }
 
     URL createAuthorizationURL(Authority authority,
-                               Map<String, List<String>> requestParameters) {
+                               Map<String, String> requestParameters) {
         URL authorizationRequestUrl;
         try {
             String authorizationCodeEndpoint;
@@ -178,7 +177,7 @@ URL createAuthorizationURL(Authority authority,
             }
 
             String uriString = authorizationCodeEndpoint + "?" +
-                    URLUtils.serializeParameters(requestParameters);
+                    StringHelper.serializeQueryParameters(requestParameters);
 
             authorizationRequestUrl = new URL(uriString);
         } catch (MalformedURLException ex) {
@@ -240,7 +239,7 @@ public Map<String, String> extraQueryParameters() {
     }
 
     public Map<String, List<String>> requestParameters() {
-        return this.requestParameters;
+        return StringHelper.convertToMultiValueMap(this.requestParameters);
     }
 
     public Logger log() {

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AzureArcManagedIdentitySource.java

@@ -83,8 +83,8 @@ public void createManagedIdentityRequest(String resource)
         managedIdentityRequest.headers.put("Metadata", "true");
 
         managedIdentityRequest.queryParameters = new HashMap<>();
-        managedIdentityRequest.queryParameters.put("api-version", Collections.singletonList(ARC_API_VERSION));
-        managedIdentityRequest.queryParameters.put("resource", Collections.singletonList(resource));
+        managedIdentityRequest.queryParameters.put("api-version", ARC_API_VERSION);
+        managedIdentityRequest.queryParameters.put("resource", resource);
     }
 
     @Override

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ClientCredentialRequest.java

@@ -28,9 +28,9 @@ class ClientCredentialRequest extends MsalRequest {
     }
 
     private static OAuthAuthorizationGrant createMsalGrant(ClientCredentialParameters parameters) {
-        Map<String, List<String>> params = new LinkedHashMap<>();
+        Map<String, String> params = new LinkedHashMap<>();
 
-        params.put(GrantConstants.GRANT_TYPE_PARAMETER, Collections.singletonList(GrantConstants.CLIENT_CREDENTIALS));
+        params.put(GrantConstants.GRANT_TYPE_PARAMETER, GrantConstants.CLIENT_CREDENTIALS);
 
         return new OAuthAuthorizationGrant(params, parameters.scopes(), parameters.claims());
     }

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/CloudShellManagedIdentitySource.java

@@ -27,7 +27,7 @@ public void createManagedIdentityRequest(String resource) {
         managedIdentityRequest.headers.put("Metadata", "true");
 
         managedIdentityRequest.queryParameters = new HashMap<>();
-        managedIdentityRequest.queryParameters.put("resource", Collections.singletonList(resource));
+        managedIdentityRequest.queryParameters.put("resource", resource);
     }
 
     private CloudShellManagedIdentitySource(MsalRequest msalRequest, ServiceBundle serviceBundle, URI msiEndpoint)

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/DeviceCodeFlowRequest.java

@@ -3,12 +3,9 @@
 
 package com.microsoft.aad.msal4j;
 
-import com.nimbusds.oauth2.sdk.util.URLUtils;
-
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
-import java.util.List;
 import java.util.Map;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.atomic.AtomicReference;
@@ -55,28 +52,28 @@ DeviceCode acquireDeviceCode(String url,
     }
 
     void createAuthenticationGrant(DeviceCode deviceCode) {
-        final Map<String, List<String>> params = new LinkedHashMap<>();
+        final Map<String, String> params = new LinkedHashMap<>();
 
-        params.put(GrantConstants.GRANT_TYPE_PARAMETER, Collections.singletonList(GrantConstants.DEVICE_CODE));
-        params.put("device_code", Collections.singletonList(deviceCode.deviceCode()));
+        params.put(GrantConstants.GRANT_TYPE_PARAMETER, GrantConstants.DEVICE_CODE);
+        params.put("device_code", deviceCode.deviceCode());
 
         if (parameters.claims() != null) {
-            params.put("claims", Collections.singletonList(parameters.claims().formatAsJSONString()));
+            params.put("claims", parameters.claims().formatAsJSONString());
         }
 
         msalAuthorizationGrant = new OAuthAuthorizationGrant(params, Collections.singleton(deviceCode.scopes()), parameters.claims());
     }
 
     private String createQueryParams(String clientId) {
-        Map<String, List<String>> queryParameters = new HashMap<>();
-        queryParameters.put("client_id", Collections.singletonList(clientId));
+        Map<String, String> queryParameters = new HashMap<>();
+        queryParameters.put("client_id", clientId);
 
         String scopesParam = String.join(AbstractMsalAuthorizationGrant.SCOPES_DELIMITER, AbstractMsalAuthorizationGrant.COMMON_SCOPES) +
                 AbstractMsalAuthorizationGrant.SCOPES_DELIMITER + scopesStr;
 
-        queryParameters.put("scope", Collections.singletonList(scopesParam));
+        queryParameters.put("scope", scopesParam);
 
-        return URLUtils.serializeParameters(queryParameters);
+        return StringHelper.serializeQueryParameters(queryParameters);
     }
 
     private Map<String, String> appendToHeaders(Map<String, String> clientDataHeaders) {