AzureAD
diff --git a/‎README.md‎
Lines changed: 8 additions & 5 deletions b/‎README.md‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎changelog.txt‎
Lines changed: 10 additions & 0 deletions b/‎changelog.txt‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎pom.xml‎
Lines changed: 4 additions & 4 deletions b/‎pom.xml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java‎
Lines changed: 64 additions & 0 deletions b/‎src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java‎
Lines changed: 39 additions & 0 deletions b/‎src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java‎
Lines changed: 103 additions & 22 deletions b/‎src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java‎
Lines changed: 103 additions & 22 deletions
@@ -8,15 +8,15 @@ The Microsoft Authentication Library for Java (MSAL4J) enables applications to i
 
 Quick links:
 
-| [Getting Started](https://docs.microsoft.com/azure/active-directory/develop/quickstart-v2-java-webapp) | [Docs](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki) | [Samples](https://aka.ms/aaddevsamplesv2) | [Support](README.md#community-help-and-support)
-| --- | --- | --- | --- |
+| [Getting Started](https://docs.microsoft.com/azure/active-directory/develop/quickstart-v2-java-webapp) | [Docs](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki) | [Samples](https://aka.ms/aaddevsamplesv2) | [Support](README.md#community-help-and-support) | [Feedback](https://forms.office.com/r/6AhHwQp3pe)
+| --- | --- | --- | --- | --- |
 
 ## Install
 
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.9.1
+Current version - 1.10.0
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
 
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.9.1</version>
+    <version>1.10.0</version>
 </dependency>
 ```
 ### Gradle
 
 ```
-compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.9.1'
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.10.0'
 ```
 
 ## Usage
@@ -68,6 +68,9 @@ We leverage [Stack Overflow](http://stackoverflow.com/) to work with the communi
 
 We recommend you use the "msal" tag so we can see it! Here is the latest Q&A on Stack Overflow for MSAL: [http://stackoverflow.com/questions/tagged/msal](http://stackoverflow.com/questions/tagged/msal)
 
+## Submit Feedback
+We'd like your thoughts on this library. Please complete [this short survey.](https://forms.office.com/r/6AhHwQp3pe)
+
 ## Security Reporting
 
 If you find a security issue with our libraries or services please report it to [[email protected]](mailto:[email protected]) with as much detail as possible. Your submission may be eligible for a bounty through the [Microsoft Bounty](http://aka.ms/bugbounty) program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting [this page](https://technet.microsoft.com/security/dd252948) and subscribing to Security Advisory Alerts.
 
@@ -1,3 +1,13 @@
+Version 1.10.0
+=============
+- Instance aware support for interactive requests
+- Default cache lookup for on-behalf-of and client credential flows
+- Cross cloud accounts support
+- Using default security provider for client certificate creation
+- Upgrades the commons-io dependency 2.6 -> 2.7
+- Upgrades the oauth2-oidc-sdk dependency 8.23.1 -> 9.4
+- Upgrades the guava dependency 26.0 -> 29.0
+
 Version 1.9.1
 =============
 - Update com.fasterxml.jackson.core.jackson-databind to 2.12.1
 
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.microsoft.azure</groupId>
 	<artifactId>msal4j</artifactId>
-	<version>1.9.1</version>
+	<version>1.10.0</version>
 	<packaging>jar</packaging>
 	<name>msal4j</name>
 	<description>
@@ -36,7 +36,7 @@
         <dependency>
             <groupId>com.nimbusds</groupId>
             <artifactId>oauth2-oidc-sdk</artifactId>
-            <version>8.23.1</version>
+            <version>9.4</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
@@ -113,7 +113,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>26.0-jre</version>
+            <version>29.0-jre</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -125,7 +125,7 @@
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.6</version>
+            <version>2.7</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
 
@@ -3,6 +3,7 @@
 
 package com.microsoft.aad.msal4j;
 
+import labapi.AzureEnvironment;
 import labapi.B2CProvider;
 import labapi.FederationProvider;
 import labapi.User;
@@ -75,6 +76,14 @@ public void acquireTokenWithAuthorizationCode_B2C_Local(String environment){
         assertAcquireTokenB2C(user);
     }
 
+    @Test
+    public void acquireTokenInteractive_ManagedUser_InstanceAware(){
+        cfg = new Config(AzureEnvironment.AZURE);
+
+        User user = labUserProvider.getDefaultUser(AzureEnvironment.AZURE_US_GOVERNMENT);
+        assertAcquireTokenInstanceAware(user);
+    }
+
     private void assertAcquireTokenAAD(User user){
         PublicClientApplication pca;
         try {
@@ -134,6 +143,31 @@ private void assertAcquireTokenB2C(User user){
         Assert.assertNotNull(result.idToken());
     }
 
+    private void assertAcquireTokenInstanceAware(User user) {
+        PublicClientApplication pca;
+        try {
+            pca = PublicClientApplication.builder(
+                    user.getAppId()).
+                    authority(cfg.organizationsAuthority()).
+                    build();
+        } catch (MalformedURLException ex) {
+            throw new RuntimeException(ex.getMessage());
+        }
+
+        IAuthenticationResult result = acquireTokenInteractive_instanceAware(user, pca, cfg.graphDefaultScope());
+
+        Assert.assertNotNull(result);
+        Assert.assertNotNull(result.accessToken());
+        Assert.assertNotNull(result.idToken());
+        Assert.assertEquals(user.getUpn(), result.account().username());
+
+        //This test is using a client app with the login.microsoftonline.com config to get tokens for a login.microsoftonline.us user,
+        // so when using instance aware the result's environment will be for the user/account and not the client app
+        Assert.assertNotEquals(pca.authenticationAuthority.host, result.environment());
+        Assert.assertEquals(result.account().environment(), result.environment());
+        Assert.assertEquals(result.account().environment(), pca.getAccounts().join().iterator().next().environment());
+    }
+
     private IAuthenticationResult acquireTokenInteractive(
             User user,
             PublicClientApplication pca,
@@ -164,6 +198,36 @@ private IAuthenticationResult acquireTokenInteractive(
         return result;
     }
 
+    private IAuthenticationResult acquireTokenInteractive_instanceAware(
+            User user,
+            PublicClientApplication pca,
+            String scope){
+
+        IAuthenticationResult result;
+        try {
+            URI url = new URI("http://localhost:8080");
+
+            SystemBrowserOptions browserOptions =
+                    SystemBrowserOptions
+                            .builder()
+                            .openBrowserAction(new SeleniumOpenBrowserAction(user, pca))
+                            .build();
+
+            InteractiveRequestParameters parameters = InteractiveRequestParameters
+                    .builder(url)
+                    .scopes(Collections.singleton(scope))
+                    .systemBrowserOptions(browserOptions).instanceAware(true)
+                    .build();
+
+            result = pca.acquireToken(parameters).get();
+
+        } catch(Exception e){
+            LOG.error("Error acquiring token with authCode: " + e.getMessage());
+            throw new RuntimeException("Error acquiring token with authCode: " + e.getMessage());
+        }
+        return result;
+    }
+
     class SeleniumOpenBrowserAction implements OpenBrowserAction {
 
         private User user;
 
@@ -60,6 +60,45 @@ public void acquireTokenClientCredentials_ClientAssertion() throws Exception{
         assertAcquireTokenCommon(clientId, credential);
     }
 
+    @Test
+    public void acquireTokenClientCredentials_DefaultCacheLookup() throws Exception{
+        AppCredentialProvider appProvider = new AppCredentialProvider(AzureEnvironment.AZURE);
+        final String clientId = appProvider.getLabVaultAppId();
+        final String password = appProvider.getLabVaultPassword();
+        IClientCredential credential = ClientCredentialFactory.createFromSecret(password);
+
+        ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
+                clientId, credential).
+                authority(TestConstants.MICROSOFT_AUTHORITY).
+                build();
+
+        IAuthenticationResult result1 = cca.acquireToken(ClientCredentialParameters
+                .builder(Collections.singleton(KEYVAULT_DEFAULT_SCOPE))
+                .build())
+                .get();
+
+        Assert.assertNotNull(result1);
+        Assert.assertNotNull(result1.accessToken());
+
+        IAuthenticationResult result2 = cca.acquireToken(ClientCredentialParameters
+                .builder(Collections.singleton(KEYVAULT_DEFAULT_SCOPE))
+                .build())
+                .get();
+
+        Assert.assertEquals(result1.accessToken(), result2.accessToken());
+
+        IAuthenticationResult result3 = cca.acquireToken(ClientCredentialParameters
+                .builder(Collections.singleton(KEYVAULT_DEFAULT_SCOPE))
+                .skipCache(true)
+                .build())
+                .get();
+
+        Assert.assertNotNull(result3);
+        Assert.assertNotNull(result3.accessToken());
+        Assert.assertNotEquals(result2.accessToken(), result3.accessToken());
+    }
+
+
     private void assertAcquireTokenCommon(String clientId, IClientCredential credential) throws Exception{
         ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
                 clientId, credential).
 
@@ -11,35 +11,36 @@
 
 @Test
 public class OnBehalfOfIT {
-    private String accessToken;
 
     private Config cfg;
 
-    private void setUp() throws Exception{
-        LabUserProvider labUserProvider = LabUserProvider.getInstance();
-        User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
+    @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
+    public void acquireTokenWithOBO_Managed(String environment) throws Exception {
+        cfg = new Config(environment);
+        String accessToken = this.getAccessToken();
 
-        String clientId = cfg.appProvider.getAppId();
-        String apiReadScope = cfg.appProvider.getOboAppIdURI()  + "/user_impersonation";
+        final String clientId = cfg.appProvider.getOboAppId();
+        final String password = cfg.appProvider.getOboAppPassword();
 
-        PublicClientApplication pca = PublicClientApplication.builder(
-                clientId).
-                authority(cfg.tenantSpecificAuthority()).
-                build();
+        ConfidentialClientApplication cca =
+                ConfidentialClientApplication.builder(clientId, ClientCredentialFactory.createFromSecret(password)).
+                        authority(cfg.tenantSpecificAuthority()).
+                        build();
 
-        IAuthenticationResult result = pca.acquireToken(
-                UserNamePasswordParameters.builder(Collections.singleton(apiReadScope),
-                        user.getUpn(),
-                        user.getPassword().toCharArray()).build()).get();
+        IAuthenticationResult result =
+                cca.acquireToken(OnBehalfOfParameters.builder(
+                        Collections.singleton(cfg.graphDefaultScope()),
+                        new UserAssertion(accessToken)).build()).
+                        get();
 
-        accessToken = result.accessToken();
+        Assert.assertNotNull(result);
+        Assert.assertNotNull(result.accessToken());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
-    public void acquireTokenWithOBO_Managed(String environment) throws Exception {
+    public void acquireTokenWithOBO_testCache(String environment) throws Exception {
         cfg = new Config(environment);
-
-        setUp();
+        String accessToken = this.getAccessToken();
 
         final String clientId = cfg.appProvider.getOboAppId();
         final String password = cfg.appProvider.getOboAppPassword();
@@ -49,14 +50,94 @@ public void acquireTokenWithOBO_Managed(String environment) throws Exception {
                         authority(cfg.tenantSpecificAuthority()).
                         build();
 
-        IAuthenticationResult result =
+        IAuthenticationResult result1 =
+                cca.acquireToken(OnBehalfOfParameters.builder(
+                        Collections.singleton(TestConstants.USER_READ_SCOPE),
+                        new UserAssertion(accessToken)).build()).
+                        get();
+
+        Assert.assertNotNull(result1);
+        Assert.assertNotNull(result1.accessToken());
+
+        // Same scope and userAssertion, should return cached tokens
+        IAuthenticationResult result2 =
+                cca.acquireToken(OnBehalfOfParameters.builder(
+                        Collections.singleton(TestConstants.USER_READ_SCOPE),
+                        new UserAssertion(accessToken)).build()).
+                        get();
+
+        Assert.assertEquals(result1.accessToken(), result2.accessToken());
+
+        // Scope 2, should return new token
+        IAuthenticationResult result3 =
                 cca.acquireToken(OnBehalfOfParameters.builder(
                         Collections.singleton(cfg.graphDefaultScope()),
                         new UserAssertion(accessToken)).build()).
                         get();
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        Assert.assertNotNull(result3);
+        Assert.assertNotNull(result3.accessToken());
+        Assert.assertNotEquals(result2.accessToken(), result3.accessToken());
+
+        // Scope 2, should return cached token
+        IAuthenticationResult result4 =
+                cca.acquireToken(OnBehalfOfParameters.builder(
+                        Collections.singleton(cfg.graphDefaultScope()),
+                        new UserAssertion(accessToken)).build()).
+                        get();
+
+        Assert.assertEquals(result3.accessToken(), result4.accessToken());
+
+        // skipCache=true, should return new token
+        IAuthenticationResult result5 =
+                cca.acquireToken(
+                        OnBehalfOfParameters.builder(
+                        Collections.singleton(cfg.graphDefaultScope()),
+                        new UserAssertion(accessToken))
+                                .skipCache(true)
+                                .build()).
+                        get();
+
+        Assert.assertNotNull(result5);
+        Assert.assertNotNull(result5.accessToken());
+        Assert.assertNotEquals(result5.accessToken(), result4.accessToken());
+        Assert.assertNotEquals(result5.accessToken(), result2.accessToken());
+
+
+        String newAccessToken = this.getAccessToken();
+        // New new UserAssertion, should return new token
+        IAuthenticationResult result6 =
+                cca.acquireToken(
+                        OnBehalfOfParameters.builder(
+                                Collections.singleton(cfg.graphDefaultScope()),
+                                new UserAssertion(newAccessToken))
+                                .build()).
+                        get();
+
+        Assert.assertNotNull(result6);
+        Assert.assertNotNull(result6.accessToken());
+        Assert.assertNotEquals(result6.accessToken(), result5.accessToken());
+        Assert.assertNotEquals(result6.accessToken(), result4.accessToken());
+        Assert.assertNotEquals(result6.accessToken(), result2.accessToken());
+    }
+
+    private String getAccessToken() throws Exception {
+
+        LabUserProvider labUserProvider = LabUserProvider.getInstance();
+        User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
+
+        String clientId = cfg.appProvider.getAppId();
+        String apiReadScope = cfg.appProvider.getOboAppIdURI()  + "/user_impersonation";
+        PublicClientApplication pca = PublicClientApplication.builder(
+                clientId).
+                authority(cfg.tenantSpecificAuthority()).
+                build();
+
+        IAuthenticationResult result = pca.acquireToken(
+                UserNamePasswordParameters.builder(Collections.singleton(apiReadScope),
+                        user.getUpn(),
+                        user.getPassword().toCharArray()).build()).get();
+
+        return result.accessToken();
     }
 }