1.8.1 release (#327)

* Exception Improvements (#254)

* Add null checks for MsalException error code references

* Better exception handling for invalid tokens

* Better exception handling for invalid tokens

* Sync with changes to Azure-Samples/ms-identity-java-desktop (#259)

* extra scopes for consent during authorizaion

* typo

* minor

* HTTPClient default timeouts (#264)

* Add default timeouts for DefaultHttpClient

* Handle 'stay signed in' confirmation page in DeviceCodeIT tests

* Small best-practices changes

* append extra scopes as suffix

* 1.6.2 release (#268)

* fixing integ test

* Tenant Profiles (#263)

* Classes for tenant profile functionality

* Implement tenant profile feature

* Tests for tenant profile feature

* Simplify tenant profile class structure

* 1.6.2 release

* Classes for tenant profile redesign

* Tests for tenant profile redesign

* Adjust sample cached ID tokens to have realistic headers

* Redesign how Tenant Pofiles are added to Accounts

* New error code for JWT parse exceptions

* Add claims and tenant profiles fields to Account

* Remove annotation excluding realm field from comparisons

* Use more generic token

* Remove ID token claims field from Account

* Minor changes for clarity

* Adjust tests for tenant profile design refactor

* Refactor tenant profile structure

* Minor fixes

* Minor fixes

* Minor fixes

* Simplify tenant profile class

Co-authored-by: SomkaPe <[email protected]>

* Improve HTTP client timeouts (#275)

* 1.6.2 release (#269)

* 1.6.2 release

* Make DefaultHttpClient timeouts settable

* Refactor timeout names

Co-authored-by: SomkaPe <[email protected]>

* Bewaters certchain (#276)

* Support for certificate chain

* 1.7.0 release (#277)

* Update DefaultHttpClient.java

* Fixed parsing ClientInfo: on some accounts, the server response contained characters that are incorrect for Base64 encoding, but acceptable for Base64URL (#282)

* sendX5c api (#285)

* refactoring (#287)

* refactoring

* refactoring

* refactoring

* Add AcquireTokenSilent tests for B2C and ADFS2019, refactor duplicate code in tests (#293)

* Add public constants for cloud endpoints (#298)

* Add public constants for cloud endpoints

* Add license header

* Added javadocs

* Removed unneeded test

* Make IAccount serializable (#297)

* Make IAccount objects serializable

* Make AuthenticationResult objects not serializable

* Add tenant profile/id claims to auth result (#300)

* Add tenant profile/id claims to auth result

* Minor fix

* treat null password as default one - empty string (#304)

* treat null password as default one - empty string

* Support for refresh_in (#305)

* Support for refresh_in

* Tests for refresh_in

* Add extra null check

* Add test for refreshOn cache persistence

* refresh on is optional field (#312)

* refresh on optional field

* 1.8.0 Release (#313)

1.8.0 release

* Fix spelling mistake in Prompt.java

* Remove use of Nimbus Oauth2 SDK's CommonContentTypes (#322)

* Remove use of Nimbus Oauth2 SDK's CommonContentTypes

* Add enum for HTTP content-type constants

* Remove use of javax.mail.internet.ContentType

* Support for claims request parameter (#315)

* ClaimsRequest classes

* Support for claims request parameter

* Tests for claims request

* Use Jackson library for JSON processing

* Change access level of userinfo and access_token claims

* Better merge tests

* Remove ability to set claims in userinfo field

* Refactor claims field naming

* 1.8.1 release (#326)

* Version number updates for 1.8.1 release

* Minor rewording

Co-authored-by: SomkaPe <[email protected]>
Co-authored-by: Roman Nosachev <[email protected]>
Co-authored-by: Santiago Gonzalez <[email protected]>
Co-authored-by: Santiago Gonzalez <[email protected]>

Author: 5 people

README.md

@@ -16,7 +16,7 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.8.0
+Current version - 1.8.1
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
 
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.8.0</version>
+    <version>1.8.1</version>
 </dependency>
 ```
 ### Gradle
 
 ```
-compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.8.0'
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.8.1'
 ```
 
 ## Usage

changelog.txt

@@ -1,3 +1,8 @@
+Version 1.8.1
+=============
+- New ClaimsRequest class to allow ID token claims to be requested as part of any token request
+- Remove use of nimbusds.oauth2.sdk CommonContentTypes
+
 Version 1.8.0
 =============
 - ITenantProfile added to IAuthenticationResult for easier access to ID token claims

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.microsoft.azure</groupId>
 	<artifactId>msal4j</artifactId>
-	<version>1.8.0</version>
+	<version>1.8.1</version>
 	<packaging>jar</packaging>
 	<name>msal4j</name>
 	<description>

src/main/java/com/microsoft/aad/msal4j/AbstractMsalAuthorizationGrant.java

@@ -34,4 +34,10 @@ abstract class AbstractMsalAuthorizationGrant {
     String getScopes() {
         return scopes;
     }
+
+    ClaimsRequest claims;
+
+    ClaimsRequest getClaims() {
+        return claims;
+    }
 }

src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java

@@ -48,7 +48,7 @@ AuthenticationResult execute() throws Exception {
                     (IntegratedWindowsAuthorizationGrant) authGrant;
             msalRequest.msalAuthorizationGrant =
                     new OAuthAuthorizationGrant(getAuthorizationGrantIntegrated(
-                            integratedAuthGrant.getUserName()), integratedAuthGrant.getScopes());
+                            integratedAuthGrant.getUserName()), integratedAuthGrant.getScopes(), integratedAuthGrant.getClaims());
         }
 
         if (requestAuthority == null) {

src/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java

@@ -149,6 +149,7 @@ private AuthenticationResult acquireTokenWithAuthorizationCode(AuthorizationResu
                 .builder(authorizationResult.code(), interactiveRequest.interactiveRequestParameters().redirectUri())
                 .scopes(interactiveRequest.interactiveRequestParameters().scopes())
                 .codeVerifier(interactiveRequest.verifier())
+                .claims(interactiveRequest.interactiveRequestParameters().claims())
                 .build();
 
         AuthorizationCodeRequest authCodeRequest = new AuthorizationCodeRequest(

src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeParameters.java

@@ -41,6 +41,11 @@ public class AuthorizationCodeParameters implements IApiParameters {
      */
     private Set<String> scopes;
 
+    /**
+     * Claims to be requested through the OIDC claims request parameter, allowing requests for standard and custom claims
+     */
+    private ClaimsRequest claims;
+
     /**
      * Code verifier used for PKCE. For more details, see https://tools.ietf.org/html/rfc7636
      */

src/main/java/com/microsoft/aad/msal4j/AuthorizationCodeRequest.java

@@ -30,6 +30,6 @@ private static AbstractMsalAuthorizationGrant createMsalGrant(AuthorizationCodeP
                     new AuthorizationCode(parameters.authorizationCode()),parameters.redirectUri());
         }
 
-        return new OAuthAuthorizationGrant(authorizationGrant, parameters.scopes());
+        return new OAuthAuthorizationGrant(authorizationGrant, parameters.scopes(), parameters.claims());
     }
 }

src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java

@@ -81,6 +81,15 @@ private AuthorizationRequestUrlParameters(Builder builder){
             requestParameters.put("claims", Collections.singletonList(builder.claimsChallenge));
         }
 
+        if(builder.claimsRequest != null){
+            String claimsRequest = builder.claimsRequest.formatAsJSONString();
+            //If there are other claims (such as part of a claims challenge), merge them with this claims request.
+            if (requestParameters.get("claims") != null) {
+                claimsRequest = JsonHelper.mergeJSONString(claimsRequest, requestParameters.get("claims").get(0));
+            }
+            requestParameters.put("claims", Collections.singletonList(claimsRequest));
+        }
+
         if(builder.codeChallenge != null){
             this.codeChallenge = builder.codeChallenge;
             requestParameters.put("code_challenge", Collections.singletonList(builder.codeChallenge));
@@ -154,6 +163,7 @@ public static class Builder {
         private Set<String> extraScopesToConsent;
         private Set<String> claims;
         private String claimsChallenge;
+        private ClaimsRequest claimsRequest;
         private String codeChallenge;
         private String codeChallengeMethod;
         private String state;
@@ -202,22 +212,17 @@ public Builder extraScopesToConsent(Set<String> val){
          * In cases where Azure AD tenant admin has enabled conditional access policies, and the
          * policy has not been met,{@link MsalServiceException} will contain claims that need be
          * consented to.
-         *
-         * Deprecated in favor of {@link #claimsChallenge(String)}
          */
-        @Deprecated
-        public Builder claims(Set<String> val){
-            this.claims = val;
+        public Builder claimsChallenge(String val){
+            this.claimsChallenge = val;
             return self();
         }
 
         /**
-         * In cases where Azure AD tenant admin has enabled conditional access policies, and the
-         * policy has not been met,{@link MsalServiceException} will contain claims that need be
-         * consented to.
+         * Claims to be requested through the OIDC claims request parameter, allowing requests for standard and custom claims
          */
-        public Builder claimsChallenge(String val){
-            this.claimsChallenge = val;
+        public Builder claims(ClaimsRequest val){
+            this.claimsRequest = val;
             return self();
         }
 

src/main/java/com/microsoft/aad/msal4j/ClaimsRequest.java

@@ -0,0 +1,78 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package com.microsoft.aad.msal4j;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import lombok.Getter;
+import lombok.Setter;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Represents the claims request parameter as an object
+ *
+ * @see <a href="https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter">https://openid.net/specs/openid-connect-core-1_0-final.html#ClaimsParameter</a>
+ */
+public class ClaimsRequest {
+
+    @Getter
+    @Setter
+    List<RequestedClaim> idTokenRequestedClaims = new ArrayList<>();
+
+    List<RequestedClaim> userInfoRequestedClaims = new ArrayList<>();
+    List<RequestedClaim> accessTokenRequestedClaims = new ArrayList<>();
+
+    /**
+     * Inserts a claim into the list of claims to be added to the "id_token" section of an OIDC claims request
+     *
+     * @param claim the name of the claim to be requested
+     * @param requestedClaimAdditionalInfo additional information about the claim being requested
+     */
+    public void requestClaimInIdToken(String claim, RequestedClaimAdditionalInfo requestedClaimAdditionalInfo) {
+        idTokenRequestedClaims.add(new RequestedClaim(claim, requestedClaimAdditionalInfo));
+    }
+
+    /**
+     * Inserts a claim into the list of claims to be added to the "access_token" section of an OIDC claims request
+     *
+     * @param claim the name of the claim to be requested
+     * @param requestedClaimAdditionalInfo additional information about the claim being requested
+     */
+    protected void requestClaimInAccessToken(String claim, RequestedClaimAdditionalInfo requestedClaimAdditionalInfo) {
+        accessTokenRequestedClaims.add(new RequestedClaim(claim, requestedClaimAdditionalInfo));
+    }
+
+    /**
+     * Converts the ClaimsRequest object to a JSON-formatted String which follows the specification for the OIDC claims request parameter
+     *
+     * @return a String following JSON formatting
+     */
+    public String formatAsJSONString() {
+        ObjectMapper mapper = new ObjectMapper();
+        ObjectNode rootNode = mapper.createObjectNode();
+
+        if (!idTokenRequestedClaims.isEmpty()) {
+            rootNode.set("id_token", convertClaimsToObjectNode(idTokenRequestedClaims));
+        }
+        if (!userInfoRequestedClaims.isEmpty()) {
+            rootNode.set("userinfo", convertClaimsToObjectNode(userInfoRequestedClaims));
+        }
+        if (!accessTokenRequestedClaims.isEmpty()) {
+            rootNode.set("access_token", convertClaimsToObjectNode(accessTokenRequestedClaims));
+        }
+
+        return mapper.valueToTree(rootNode).toString();
+    }
+
+    private ObjectNode convertClaimsToObjectNode(List<RequestedClaim> claims) {
+        ObjectMapper mapper = new ObjectMapper();
+        ObjectNode claimsNode = mapper.createObjectNode();
+
+        for (RequestedClaim claim: claims) {
+            claimsNode.setAll((ObjectNode) mapper.valueToTree(claim));
+        }
+        return claimsNode;
+    }
+}