Add tests for a CIAM user and reduce test code duplication (#603)

* Add tests for a CIAM user and reduce code duplication in several test files

* Revert changed method name

* Attempt to resolve credscan flag

* Resolve credscan issues

* Address code review comments

* Use default scope

Author: Avery-Dunn

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java

@@ -28,45 +28,52 @@ public void acquireTokenInteractive_ManagedUser(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
     }
 
     @Test()
     public void acquireTokenInteractive_ADFSv2019_OnPrem() {
         User user = labUserProvider.getOnPremAdfsUser(FederationProvider.ADFS_2019);
-        assertAcquireTokenADFS2019(user);
+        assertAcquireTokenCommon(user, TestConstants.ADFS_AUTHORITY, TestConstants.ADFS_SCOPE);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
     public void acquireTokenInteractive_ADFSv2019_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2019);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
     public void acquireTokenInteractive_ADFSv4_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_4);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
     public void acquireTokenInteractive_ADFSv3_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_3);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
     public void acquireTokenInteractive_ADFSv2_Federated(String environment) {
         cfg = new Config(environment);
 
         User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2);
-        assertAcquireTokenAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
+    }
+
+    @Test
+    public void acquireTokenInteractive_Ciam() {
+        User user = labUserProvider.getCiamUser();
+
+        assertAcquireTokenCommon(user, TestConstants.CIAM_AUTHORITY, TestConstants.GRAPH_DEFAULT_SCOPE);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -93,12 +100,12 @@ public void acquireTokenInteractive_ManagedUser_InstanceAware() {
         assertAcquireTokenInstanceAware(user);
     }
 
-    private void assertAcquireTokenAAD(User user) {
+    private void assertAcquireTokenCommon(User user, String authority, String scope) {
         PublicClientApplication pca;
         try {
             pca = PublicClientApplication.builder(
                     user.getAppId()).
-                    authority(cfg.organizationsAuthority()).
+                    authority(authority).
                     build();
         } catch (MalformedURLException ex) {
             throw new RuntimeException(ex.getMessage());
@@ -107,30 +114,9 @@ private void assertAcquireTokenAAD(User user) {
         IAuthenticationResult result = acquireTokenInteractive(
                 user,
                 pca,
-                cfg.graphDefaultScope());
+                scope);
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
-        Assert.assertEquals(user.getUpn(), result.account().username());
-    }
-
-    private void assertAcquireTokenADFS2019(User user) {
-        PublicClientApplication pca;
-        try {
-            pca = PublicClientApplication.builder(
-                    TestConstants.ADFS_APP_ID).
-                    authority(TestConstants.ADFS_AUTHORITY).
-                    build();
-        } catch (MalformedURLException ex) {
-            throw new RuntimeException(ex.getMessage());
-        }
-
-        IAuthenticationResult result = acquireTokenInteractive(user, pca, TestConstants.ADFS_SCOPE);
-
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
         Assert.assertEquals(user.getUpn(), result.account().username());
     }
 
@@ -147,9 +133,7 @@ private void assertAcquireTokenB2C(User user, String authority) {
         }
 
         IAuthenticationResult result = acquireTokenInteractive(user, pca, user.getAppId());
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
     }
 
     private void assertAcquireTokenInstanceAware(User user) {
@@ -165,9 +149,7 @@ private void assertAcquireTokenInstanceAware(User user) {
 
         IAuthenticationResult result = acquireTokenInteractive_instanceAware(user, pca, cfg.graphDefaultScope());
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
         Assert.assertEquals(user.getUpn(), result.account().username());
 
         //This test is using a client app with the login.microsoftonline.com config to get tokens for a login.microsoftonline.us user,
@@ -231,9 +213,7 @@ public void afterCacheAccess(ITokenCacheAccessContext iTokenCacheAccessContext)
                 build();
 
         IAuthenticationResult result = acquireTokenInteractive(user, publicCloudPca, TestConstants.USER_READ_SCOPE);
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
         Assert.assertEquals(user.getHomeUPN(), result.account().username());
 
         publicCloudPca.removeAccount(publicCloudPca.getAccounts().join().iterator().next()).join();
@@ -271,6 +251,12 @@ private IAuthenticationResult acquireTokenInteractive(
         return result;
     }
 
+    private void assertTokenResultNotNull(IAuthenticationResult result) {
+        Assert.assertNotNull(result);
+        Assert.assertNotNull(result.accessToken());
+        Assert.assertNotNull(result.idToken());
+    }
+
     private IAuthenticationResult acquireTokenInteractive_instanceAware(
             User user,
             PublicClientApplication pca,

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java

@@ -5,6 +5,7 @@
 
 import labapi.AppCredentialProvider;
 import labapi.AzureEnvironment;
+import labapi.LabUserProvider;
 import org.testng.Assert;
 import org.testng.annotations.BeforeClass;
 import org.testng.annotations.DataProvider;
@@ -24,16 +25,18 @@
 @Test
 public class ClientCredentialsIT {
     private IClientCertificate certificate;
+    private LabUserProvider labUserProvider;
 
     @BeforeClass
     void init() throws CertificateException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, IOException {
         certificate = CertificateHelper.getClientCertificate();
+        labUserProvider = LabUserProvider.getInstance();
     }
 
     @Test
     public void acquireTokenClientCredentials_ClientCertificate() throws Exception {
         String clientId = "2afb0add-2f32-4946-ac90-81a02aa4550e";
-        assertAcquireTokenCommon(clientId, certificate);
+        assertAcquireTokenCommon(clientId, certificate, TestConstants.MICROSOFT_AUTHORITY);
     }
 
     @Test
@@ -43,7 +46,7 @@ public void acquireTokenClientCredentials_ClientSecret() throws Exception {
         final String password = appProvider.getLabVaultPassword();
         IClientCredential credential = ClientCredentialFactory.createFromSecret(password);
 
-        assertAcquireTokenCommon(clientId, credential);
+        assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY);
     }
 
     @Test
@@ -54,7 +57,17 @@ public void acquireTokenClientCredentials_ClientAssertion() throws Exception {
 
         IClientCredential credential = ClientCredentialFactory.createFromClientAssertion(clientAssertion.assertion());
 
-        assertAcquireTokenCommon(clientId, credential);
+        assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY);
+    }
+
+    @Test
+    public void acquireTokenClientCredentials_ClientSecret_Ciam() throws Exception {
+        String clientId = labUserProvider.getCiamUser().getAppId();
+
+        AppCredentialProvider appProvider = new AppCredentialProvider(AzureEnvironment.CIAM);
+        IClientCredential credential = ClientCredentialFactory.createFromSecret(appProvider.getOboAppPassword());
+
+        assertAcquireTokenCommon(clientId, credential, TestConstants.CIAM_AUTHORITY);
     }
 
     @Test
@@ -70,7 +83,7 @@ public void acquireTokenClientCredentials_Callback() throws Exception {
 
         IClientCredential credential = ClientCredentialFactory.createFromCallback(callable);
 
-        assertAcquireTokenCommon(clientId, credential);
+        assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY);
 
         // Creates an invalid client assertion to build the application, but overrides it with a valid client assertion
         //  in the request parameters in order to make a successful token request
@@ -139,10 +152,10 @@ private ClientAssertion getClientAssertion(String clientId) {
                 true);
     }
 
-    private void assertAcquireTokenCommon(String clientId, IClientCredential credential) throws Exception {
+    private void assertAcquireTokenCommon(String clientId, IClientCredential credential, String authority) throws Exception {
         ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
                 clientId, credential).
-                authority(TestConstants.MICROSOFT_AUTHORITY).
+                authority(authority).
                 build();
 
         IAuthenticationResult result = cca.acquireToken(ClientCredentialParameters

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/DeviceCodeIT.java

@@ -113,6 +113,29 @@ public void DeviceCodeFlowMSATest() throws Exception {
         Assert.assertFalse(Strings.isNullOrEmpty(result.accessToken()));
     }
 
+    @Test
+    public void DeviceCodeFlowCiamTest() throws Exception {
+        User user = labUserProvider.getCiamUser();
+
+        PublicClientApplication pca = PublicClientApplication.builder(
+                user.getAppId()).
+                authority(TestConstants.CIAM_AUTHORITY).
+                build();
+
+        Consumer<DeviceCode> deviceCodeConsumer = (DeviceCode deviceCode) -> {
+            runAutomatedDeviceCodeFlow(deviceCode, user);
+        };
+
+        IAuthenticationResult result = pca.acquireToken(DeviceCodeFlowParameters
+                .builder(Collections.singleton(""),
+                        deviceCodeConsumer)
+                .build())
+                .get();
+
+        Assert.assertNotNull(result);
+        Assert.assertFalse(Strings.isNullOrEmpty(result.accessToken()));
+    }
+
     private void runAutomatedDeviceCodeFlow(DeviceCode deviceCode, User user) {
         boolean isRunningLocally = true;//!Strings.isNullOrEmpty(
         //System.getenv(TestConstants.LOCAL_FLAG_ENV_VAR));

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java

@@ -34,6 +34,8 @@ public class TestConstants {
 
     public final static String REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_EASTUS = "eastus.login.microsoft.com";
 
+    public final static String CIAM_AUTHORITY = MICROSOFT_AUTHORITY_HOST + "msidlabciam1.onmicrosoft.com";
+
     public final static String ARLINGTON_ORGANIZATIONS_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + "organizations/";
     public final static String ARLINGTON_TENANT_SPECIFIC_AUTHORITY = ARLINGTON_MICROSOFT_AUTHORITY_HOST + ARLINGTON_AUTHORITY_TENANT;
     public final static String ARLINGTON_GRAPH_DEFAULT_SCOPE = "https://graph.microsoft.us/.default";

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java

@@ -27,7 +27,7 @@ public void acquireTokenWithUsernamePassword_Managed(String environment) throws
 
         User user = labUserProvider.getDefaultUser(cfg.azureEnvironment);
 
-        assertAcquireTokenCommonAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -41,7 +41,7 @@ public void acquireTokenWithUsernamePassword_ADFSv2019_Federated(String environm
 
         User user = labUserProvider.getLabUser(query);
 
-        assertAcquireTokenCommonAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
     }
 
     @Test
@@ -52,7 +52,7 @@ public void acquireTokenWithUsernamePassword_ADFSv2019_OnPrem() throws Exception
 
         User user = labUserProvider.getLabUser(query);
 
-        assertAcquireTokenCommonADFS(user);
+        assertAcquireTokenCommon(user, TestConstants.ADFS_AUTHORITY, TestConstants.ADFS_SCOPE, TestConstants.ADFS_APP_ID);
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -66,7 +66,7 @@ public void acquireTokenWithUsernamePassword_ADFSv4(String environment) throws E
 
         User user = labUserProvider.getLabUser(query);
 
-        assertAcquireTokenCommonAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -80,7 +80,7 @@ public void acquireTokenWithUsernamePassword_ADFSv3(String environment) throws E
 
         User user = labUserProvider.getLabUser(query);
 
-        assertAcquireTokenCommonAAD(user);
+        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
     }
 
     @Test(dataProvider = "environments", dataProviderClass = EnvironmentsProvider.class)
@@ -97,6 +97,15 @@ public void acquireTokenWithUsernamePassword_ADFSv2(String environment) throws E
         assertAcquireTokenCommonAAD(user);
     }
 
+    @Test
+    public void acquireTokenWithUsernamePassword_Ciam() throws Exception {
+
+        User user = labUserProvider.getCiamUser();
+
+        assertAcquireTokenCommon(user, TestConstants.CIAM_AUTHORITY, TestConstants.GRAPH_DEFAULT_SCOPE,
+                user.getAppId());
+    }
+
     @Test
     public void acquireTokenWithUsernamePassword_AuthorityWithPort() throws Exception {
         User user = labUserProvider.getDefaultUser();
@@ -108,10 +117,6 @@ public void acquireTokenWithUsernamePassword_AuthorityWithPort() throws Exceptio
                 user.getAppId());
     }
 
-    private void assertAcquireTokenCommonADFS(User user) throws Exception {
-        assertAcquireTokenCommon(user, TestConstants.ADFS_AUTHORITY, TestConstants.ADFS_SCOPE,
-                TestConstants.ADFS_APP_ID);
-    }
 
     private void assertAcquireTokenCommonAAD(User user) throws Exception {
         assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(),
@@ -132,9 +137,7 @@ private void assertAcquireTokenCommon(User user, String authority, String scope,
                 .build())
                 .get();
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
         Assert.assertEquals(user.getUpn(), result.account().username());
     }
 
@@ -157,9 +160,7 @@ public void acquireTokenWithUsernamePassword_B2C_CustomAuthority() throws Except
                 .build())
                 .get();
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
 
         IAccount account = pca.getAccounts().join().iterator().next();
         SilentParameters.builder(Collections.singleton(TestConstants.B2C_READ_SCOPE), account);
@@ -169,9 +170,7 @@ public void acquireTokenWithUsernamePassword_B2C_CustomAuthority() throws Except
                         .build())
                 .get();
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
     }
 
     @Test
@@ -193,9 +192,7 @@ public void acquireTokenWithUsernamePassword_B2C_LoginMicrosoftOnline() throws E
                 .build())
                 .get();
 
-        Assert.assertNotNull(result);
-        Assert.assertNotNull(result.accessToken());
-        Assert.assertNotNull(result.idToken());
+        assertTokenResultNotNull(result);
 
         IAccount account = pca.getAccounts().join().iterator().next();
         SilentParameters.builder(Collections.singleton(TestConstants.B2C_READ_SCOPE), account);
@@ -205,6 +202,10 @@ public void acquireTokenWithUsernamePassword_B2C_LoginMicrosoftOnline() throws E
                         .build())
                 .get();
 
+        assertTokenResultNotNull(result);
+    }
+
+    private void assertTokenResultNotNull(IAuthenticationResult result) {
         Assert.assertNotNull(result);
         Assert.assertNotNull(result.accessToken());
         Assert.assertNotNull(result.idToken());