support of STS throttling instructions + caching of InteractionRequiredException… (#201)

support of server side throttling instructions + caching of InteractionRequiredException responses

Author: SomkaPe

src/integrationtest/java/com.microsoft.aad.msal4j/ApacheHttpClientAdapter.java

@@ -84,7 +84,7 @@ private IHttpResponse buildMsalResponseFromApacheResponse(CloseableHttpResponse
         for(Header header: apacheResponse.getAllHeaders()){
             headers.put(header.getName(), Collections.singletonList(header.getValue()));
         }
-        ((HttpResponse) httpResponse).headers(headers);
+        ((HttpResponse) httpResponse).addHeaders(headers);
 
         String responseBody = EntityUtils.toString(apacheResponse.getEntity(), "UTF-8");
         ((HttpResponse) httpResponse).body(responseBody);

src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java

@@ -218,7 +218,7 @@ private IAuthenticationResult acquireTokenInteractiveB2C(ConfidentialClientAppli
 
     private String acquireAuthorizationCodeAutomated(
             User user,
-            ClientApplicationBase app){
+            AbstractClientApplicationBase app){
 
         BlockingQueue<AuthorizationResult> authorizationCodeQueue = new LinkedBlockingQueue<>();
 
@@ -256,7 +256,7 @@ private String acquireAuthorizationCodeAutomated(
         }
         return result.code();
     }
-    private String buildAuthenticationCodeURL(ClientApplicationBase app) {
+    private String buildAuthenticationCodeURL(AbstractClientApplicationBase app) {
         String scope;
 
         AuthorityType authorityType= app.authenticationAuthority.authorityType;

src/integrationtest/java/com.microsoft.aad.msal4j/OkHttpClientAdapter.java

@@ -76,7 +76,7 @@ private IHttpResponse buildMsalResponseFromOkResponse(Response okHttpResponse) t
 
         Headers headers = okHttpResponse.headers();
         if(headers != null){
-            ((HttpResponse) httpResponse).headers(headers.toMultimap());
+            ((HttpResponse) httpResponse).addHeaders(headers.toMultimap());
         }
         return httpResponse;
     }

src/integrationtest/java/com.microsoft.aad.msal4j/SeleniumTest.java

@@ -36,7 +36,7 @@ public void startUpBrowser(){
         seleniumDriver = SeleniumExtensions.createDefaultWebDriver();
     }
 
-    void runSeleniumAutomatedLogin(User user, ClientApplicationBase app) {
+    void runSeleniumAutomatedLogin(User user, AbstractClientApplicationBase app) {
         AuthorityType authorityType = app.authenticationAuthority.authorityType;
         if(authorityType == AuthorityType.B2C){
             switch(user.getB2cProvider().toLowerCase()){

src/main/java/com/microsoft/aad/msal4j/ClientApplicationBase.java renamed to src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java

@@ -28,7 +28,7 @@
  * Abstract class containing common methods and properties to both {@link PublicClientApplication}
  * and {@link ConfidentialClientApplication}.
  */
-abstract class ClientApplicationBase implements IClientApplicationBase {
+abstract class AbstractClientApplicationBase implements IClientApplicationBase {
 
     protected Logger log;
     protected Authority authenticationAuthority;
@@ -92,7 +92,7 @@ public CompletableFuture<IAuthenticationResult> acquireToken(AuthorizationCodePa
         AuthorizationCodeRequest authorizationCodeRequest = new AuthorizationCodeRequest(
                 parameters,
                 this,
-                createRequestContext(PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE));
+                createRequestContext(PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE, parameters));
 
         return this.executeRequest(authorizationCodeRequest);
     }
@@ -105,7 +105,7 @@ public CompletableFuture<IAuthenticationResult> acquireToken(RefreshTokenParamet
         RefreshTokenRequest refreshTokenRequest = new RefreshTokenRequest(
                 parameters,
                 this,
-                createRequestContext(PublicApi.ACQUIRE_TOKEN_BY_REFRESH_TOKEN));
+                createRequestContext(PublicApi.ACQUIRE_TOKEN_BY_REFRESH_TOKEN, parameters));
 
         return executeRequest(refreshTokenRequest);
     }
@@ -132,7 +132,7 @@ public CompletableFuture<IAuthenticationResult> acquireTokenSilently(SilentParam
         SilentRequest silentRequest = new SilentRequest(
                 parameters,
                 this,
-                createRequestContext(PublicApi.ACQUIRE_TOKEN_SILENTLY));
+                createRequestContext(PublicApi.ACQUIRE_TOKEN_SILENTLY, parameters));
 
         return executeRequest(silentRequest);
     }
@@ -141,7 +141,7 @@ public CompletableFuture<IAuthenticationResult> acquireTokenSilently(SilentParam
     public CompletableFuture<Set<IAccount>> getAccounts() {
         MsalRequest msalRequest =
                 new MsalRequest(this, null,
-                        createRequestContext(PublicApi.GET_ACCOUNTS)){};
+                        createRequestContext(PublicApi.GET_ACCOUNTS, null)){};
 
         AccountsSupplier supplier = new AccountsSupplier(this, msalRequest);
 
@@ -154,7 +154,7 @@ public CompletableFuture<Set<IAccount>> getAccounts() {
     @Override
     public CompletableFuture removeAccount(IAccount account) {
         MsalRequest msalRequest = new MsalRequest(this, null,
-                        createRequestContext(PublicApi.REMOVE_ACCOUNTS)){};
+                        createRequestContext(PublicApi.REMOVE_ACCOUNTS, null)){};
 
         RemoveAccountRunnable runnable = new RemoveAccountRunnable(msalRequest, account);
 
@@ -231,8 +231,8 @@ private AuthenticationResultSupplier getAuthenticationResultSupplier(MsalRequest
         return supplier;
     }
 
-    RequestContext createRequestContext(PublicApi publicApi) {
-        return new RequestContext(this, publicApi);
+    RequestContext createRequestContext(PublicApi publicApi, IApiParameters apiParameters) {
+        return new RequestContext(this, publicApi, apiParameters);
     }
 
     ServiceBundle getServiceBundle() {
@@ -285,7 +285,7 @@ public Builder(String clientId) {
         /**
          * Set URL of the authenticating authority or security token service (STS) from which MSAL
          * will acquire security tokens.
-         * The default value is {@link ClientApplicationBase#DEFAULT_AUTHORITY}
+         * The default value is {@link AbstractClientApplicationBase#DEFAULT_AUTHORITY}
          *
          * @param val a string value of authority
          * @return instance of the Builder on which method was called
@@ -330,7 +330,7 @@ public T b2cAuthority(String val) throws MalformedURLException{
          * Set a boolean value telling the application if the authority needs to be verified
          * against a list of known authorities. Authority is only validated when:
          * 1 - It is an Azure Active Directory authority (not B2C or ADFS)
-         * 2 - Instance discovery metadata is not set via {@link ClientApplicationBase#aadAadInstanceDiscoveryResponse}
+         * 2 - Instance discovery metadata is not set via {@link AbstractClientApplicationBase#aadAadInstanceDiscoveryResponse}
          *
          * The default value is true.
          *
@@ -486,7 +486,7 @@ public T setTokenCacheAccessAspect(ITokenCacheAccessAspect val) {
          * Sets instance discovery response data which will be used for determining tenant discovery
          * endpoint and authority aliases.
          *
-         * Note that authority validation is not done even if {@link ClientApplicationBase#validateAuthority}
+         * Note that authority validation is not done even if {@link AbstractClientApplicationBase#validateAuthority}
          * is set to true.
          *
          * For more information, see
@@ -513,10 +513,10 @@ private static Authority createDefaultAADAuthority() {
             return authority;
         }
 
-        abstract ClientApplicationBase build();
+        abstract AbstractClientApplicationBase build();
     }
 
-    ClientApplicationBase(Builder<?> builder) {
+    AbstractClientApplicationBase(Builder<?> builder) {
         clientId = builder.clientId;
         authority = builder.authority;
         validateAuthority = builder.validateAuthority;

src/main/java/com/microsoft/aad/msal4j/AccountsSupplier.java

@@ -10,10 +10,10 @@
 
 class AccountsSupplier implements Supplier<Set<IAccount>> {
 
-    ClientApplicationBase clientApplication;
+    AbstractClientApplicationBase clientApplication;
     MsalRequest msalRequest;
 
-    AccountsSupplier(ClientApplicationBase clientApplication, MsalRequest msalRequest) {
+    AccountsSupplier(AbstractClientApplicationBase clientApplication, MsalRequest msalRequest) {
 
         this.clientApplication = clientApplication;
         this.msalRequest = msalRequest;

src/main/java/com/microsoft/aad/msal4j/AcquireTokenByAuthorizationGrantSupplier.java

@@ -18,7 +18,7 @@ class AcquireTokenByAuthorizationGrantSupplier extends AuthenticationResultSuppl
     private Authority requestAuthority;
     private MsalRequest msalRequest;
 
-    AcquireTokenByAuthorizationGrantSupplier(ClientApplicationBase clientApplication,
+    AcquireTokenByAuthorizationGrantSupplier(AbstractClientApplicationBase clientApplication,
                                              MsalRequest msalRequest,
                                              Authority authority) {
         super(clientApplication, msalRequest);
@@ -28,6 +28,16 @@ class AcquireTokenByAuthorizationGrantSupplier extends AuthenticationResultSuppl
 
     AuthenticationResult execute() throws Exception {
         AbstractMsalAuthorizationGrant authGrant = msalRequest.msalAuthorizationGrant();
+
+        if (IsUiRequiredCacheSupported()) {
+            MsalInteractionRequiredException cachedEx =
+                    InteractionRequiredCache.getCachedInteractionRequiredException(
+                            ((RefreshTokenRequest) msalRequest).getFullThumbprint());
+            if (cachedEx != null) {
+                throw cachedEx;
+            }
+        }
+
         if (authGrant instanceof OAuthAuthorizationGrant) {
             msalRequest.msalAuthorizationGrant =
                     processPasswordGrant((OAuthAuthorizationGrant) authGrant);
@@ -41,15 +51,27 @@ AuthenticationResult execute() throws Exception {
                             integratedAuthGrant.getUserName()), integratedAuthGrant.getScopes());
         }
 
-        if(requestAuthority == null){
+        if (requestAuthority == null) {
             requestAuthority = clientApplication.authenticationAuthority;
         }
 
-        if(requestAuthority.authorityType == AuthorityType.AAD){
+        if (requestAuthority.authorityType == AuthorityType.AAD) {
             requestAuthority = getAuthorityWithPrefNetworkHost(requestAuthority.authority());
         }
 
-        return clientApplication.acquireTokenCommon(msalRequest, requestAuthority);
+        try {
+            return clientApplication.acquireTokenCommon(msalRequest, requestAuthority);
+        } catch (MsalInteractionRequiredException ex) {
+            if (IsUiRequiredCacheSupported()) {
+                InteractionRequiredCache.set(((RefreshTokenRequest) msalRequest).getFullThumbprint(), ex);
+            }
+            throw ex;
+        }
+    }
+
+    private boolean IsUiRequiredCacheSupported() {
+        return msalRequest instanceof RefreshTokenRequest &&
+                clientApplication instanceof PublicClientApplication;
     }
 
     private OAuthAuthorizationGrant processPasswordGrant(
@@ -59,7 +81,7 @@ private OAuthAuthorizationGrant processPasswordGrant(
             return authGrant;
         }
 
-        if(msalRequest.application().authenticationAuthority.authorityType != AuthorityType.AAD){
+        if (msalRequest.application().authenticationAuthority.authorityType != AuthorityType.AAD) {
             return authGrant;
         }
 
@@ -131,13 +153,11 @@ private AuthorizationGrant getAuthorizationGrantIntegrated(String userName) thro
                     this.clientApplication.logPii());
 
             updatedGrant = getSAMLAuthorizationGrant(wsTrustResponse);
-        }
-        else if (userRealmResponse.isAccountManaged()) {
+        } else if (userRealmResponse.isAccountManaged()) {
             throw new MsalClientException(
                     "Password is required for managed user",
                     AuthenticationErrorCode.PASSWORD_REQUIRED_FOR_MANAGED_USER);
-        }
-        else{
+        } else {
             throw new MsalClientException(
                     "User Realm request failed",
                     AuthenticationErrorCode.USER_REALM_DISCOVERY_FAILED);

src/main/java/com/microsoft/aad/msal4j/AcquireTokenByInteractiveFlowSupplier.java

@@ -154,7 +154,7 @@ private AuthenticationResult acquireTokenWithAuthorizationCode(AuthorizationResu
         AuthorizationCodeRequest authCodeRequest = new AuthorizationCodeRequest(
                 parameters,
                 clientApplication,
-                clientApplication.createRequestContext(PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE));
+                clientApplication.createRequestContext(PublicApi.ACQUIRE_TOKEN_BY_AUTHORIZATION_CODE, parameters));
 
         AcquireTokenByAuthorizationGrantSupplier acquireTokenByAuthorizationGrantSupplier =
             new AcquireTokenByAuthorizationGrantSupplier(

src/main/java/com/microsoft/aad/msal4j/AcquireTokenSilentSupplier.java

@@ -7,7 +7,7 @@ class AcquireTokenSilentSupplier extends AuthenticationResultSupplier {
 
     private SilentRequest silentRequest;
 
-    AcquireTokenSilentSupplier(ClientApplicationBase clientApplication, SilentRequest silentRequest) {
+    AcquireTokenSilentSupplier(AbstractClientApplicationBase clientApplication, SilentRequest silentRequest) {
         super(clientApplication, silentRequest);
 
         this.silentRequest = silentRequest;
@@ -40,12 +40,12 @@ AuthenticationResult execute() throws Exception {
             }
 
             if (silentRequest.parameters().forceRefresh() || StringHelper.isBlank(res.accessToken())) {
-
                 if (!StringHelper.isBlank(res.refreshToken())) {
                     RefreshTokenRequest refreshTokenRequest = new RefreshTokenRequest(
                             RefreshTokenParameters.builder(silentRequest.parameters().scopes(), res.refreshToken()).build(),
                             silentRequest.application(),
-                            silentRequest.requestContext());
+                            silentRequest.requestContext(),
+                            silentRequest);
 
                     AcquireTokenByAuthorizationGrantSupplier acquireTokenByAuthorisationGrantSupplier =
                             new AcquireTokenByAuthorizationGrantSupplier(clientApplication, refreshTokenRequest, requestAuthority);

src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java

@@ -90,4 +90,9 @@ public class AuthenticationErrorCode {
      * https://aka.ms/msal4j-interactive-request
      */
     public final static String DESKTOP_BROWSER_NOT_SUPPORTED = "desktop_browser_not_supported";
+
+    /**
+     * Request was throttled according to instructions from STS.
+     */
+    public final static String THROTTLED_REQUEST = "throttled_request";
 }