Fixed rerendering options set and force refresh with token cache

Author: Chase R. Crawford (Tek)

src/msal-capacitor-plugin/ios/Plugin/Plugin.swift

@@ -7,14 +7,19 @@ import LocalAuthentication
 public class MsalPlugin: CAPPlugin {
 
     typealias AccountCompletion = (MSALAccount?) -> Void
+    
+    var msalInitializationCount = Int()
 
     var msalAccount: MSALAccount?
     var msalResults: MSALResult?
     var msalClient: MSALPublicClientApplication?
+    // Struct Initialization Default is False, setting this in setOptions resulted in error due to reset of options when a rerender occurrs
+    //
     var msalAuthenticated = Bool()
     var msalUseBiometrics = Bool()
     var msalPopupScopes: [String]?
     var msalHasOptions = Bool()
+    
     var msalLocalAuthContext = LAContext()
 
     var dateFormatter = DateFormatter()
@@ -29,16 +34,23 @@ public class MsalPlugin: CAPPlugin {
 
     @objc func setOptions(_ call: CAPPluginCall) {
         do {
-            // Step 01: Validate all Options have been passed from  Plugin bridge
+            // 1. Sometimes Javascripts Apps cause re-renders resulting in options being set again
+            // This protects from options being set again
+            if (call.getBool("guardForRerenders") == true) != nil && self.msalHasOptions == true {
+                return
+            }
+            
+            // 2. Validate all Options have been passed from  Plugin bridge
             guard let authorityUri = call.getString("authority") else { return }
             guard let clientId = call.getString("clientId") else {return }
             guard let redirectUri  = call.getString("redirectUri") else {return }
             guard let authorityUrl = URL(string: authorityUri ) else {return }
 
-            // Step 02: If made it this point, then set & create Configuraitons, Authority, & Public Client 
+            // 3. If made it this point, then set & create Configuraitons, Authority, & Public Client
             let clientAuthority = try MSALAADAuthority(url: authorityUrl)
             let clientConfiguration = MSALPublicClientApplicationConfig(clientId: clientId, redirectUri: redirectUri, authority: clientAuthority)
 
+            // 4. Set iOS Options
             if let isoOptions = call.getObject("iosOptions") {
                 if isoOptions["enableBiometrics"] == nil {
                     self.msalUseBiometrics = false
@@ -72,7 +84,6 @@ public class MsalPlugin: CAPPlugin {
             self.msalClient = try MSALPublicClientApplication(configuration: clientConfiguration)
             self.msalPopupScopes = call.getArray("scopes", String.self)
             self.msalHasOptions = true
-            self.msalAuthenticated = false
 
             // Step 04: Need to resolve void and send response back to the bridge
             call.resolve()
@@ -84,18 +95,16 @@ public class MsalPlugin: CAPPlugin {
         }
     }
 
-    /*
-     
-    */
+    
     @objc func acquireAccessTokenForUser(_ call: CAPPluginCall) {
-        // Step 01: Check if Options have been set
+        // 1. Check if Options have been set
         if self.msalHasOptions == false {
             call.reject("AcquireAccessTokenForUser Error: MSAL Plugin Options have not been set yet. Please run 'setOptions'")
             return
         }
 
         if self.msalAuthenticated == true {
-            // 1.
+            // 2.
             let msalParameters = MSALParameters()
             msalParameters.completionBlockQueue = DispatchQueue.main
 
@@ -105,17 +114,21 @@ public class MsalPlugin: CAPPlugin {
                 }
             })
 
-            // 2. Validate and set scopes where passed through options
+            // 3. Validate and set scopes where passed through options
             guard let tokenScopes = call.getArray("scopes", String.self) else {
                 call.reject("AcquireAccessToken Error: No Scopes were provided")
                 return
             }
 
-            // 3. Set Silent Token Parameters
+            // 4. Set Silent Token Parameters
             let parameters = MSALSilentTokenParameters(scopes: tokenScopes, account: self.msalAccount!)
-            parameters.forceRefresh = true
 
-            // 4. Begin acquireing Access Token for OBO Flow and other Open ID Connect Prtocols
+            if ((call.getBool("forceRefresh") == true) != nil) {
+                parameters.forceRefresh = true
+            }
+
+            
+            // 5. Begin acquireing Access Token for OBO Flow and other Open ID Connect Prtocols
             self.msalClient?.acquireTokenSilent(with: parameters, completionBlock: { (response, error) in
                 if let error = error {
                     call.error("AcquireAccessToken Error: Unable to Acquire Access Token", error, [

src/msal-capacitor-plugin/package.json

@@ -2,7 +2,7 @@
   "name": "@assimalign/msal-capacitor-plugin",
   "version": "1.0.4",
   "description": "A custom Capacitor Plugin for MSAL targeting Web and IOS Platforms",
-  "main": "dist/plugin.js",
+  "main": "dist/index.js",
   "module": "dist/esm/index.js",
   "types": "dist/esm/index.d.ts",
   "scripts": {

src/msal-capacitor-plugin/rollup.config.js

@@ -2,15 +2,22 @@ import nodeResolve from '@rollup/plugin-node-resolve';
 
 export default {
   input: 'dist/esm/index.js',
-  output: {
-    file: 'dist/plugin.js',
-    format: 'iife',
-    name: 'capacitorPlugin', // TODO: change this
-    globals: {
-      '@capacitor/core': 'capacitorExports',
+  output: [
+    {
+      file: 'dist/plugin.js',
+      format: 'iife',
+      name: 'capacitorPlugin', // TODO: change this
+      globals: {
+        '@capacitor/core': 'capacitorExports',
+      },
+      sourcemap: true
     },
-    sourcemap: true,
-  },
+    {
+      file: 'dist/index.js',
+      format: 'cjs',
+      sourcemap: true
+    }
+  ],
   plugins: [
     nodeResolve({
       // allowlist of dependencies to bundle in

src/msal-capacitor-plugin/src/definitions.ts

@@ -28,6 +28,7 @@ export interface IMsalPluginOptions {
   webOptions?: IMsalWebPluginOptions;
   iosOptions?: IMsalIosPluginOptions;
   androidOptions?: IMsalAndroidPluginOptions;
+  guardForRerenders?: boolean;
 }
 
 export interface IMsalPlugin {
@@ -37,5 +38,5 @@ export interface IMsalPlugin {
   logout(): Promise<void>;
   acquireUserRoles(): Promise<{results: string[]}>;
   acquireAuthenticationResult(): Promise<{results: AuthenticationResult | null}>;
-  acquireAccessTokenForUser(request?: {scopes: string[]}): Promise<{results: string}>;
+  acquireAccessTokenForUser(request?: {scopes: string[], forceRefresh?:boolean}): Promise<{results: string}>;
 }

src/msal-capacitor-plugin/src/web.ts

@@ -25,6 +25,11 @@ export class MsalPluginWeb extends WebPlugin implements IMsalPlugin {
     return new Promise((resolve, reject)=> {
       try {
         if(options) {
+
+          if(options.guardForRerenders === true) {
+            return
+          }
+          
           this.msalClient = new PublicClientApplication({
             auth: {
               clientId: options.clientId,
@@ -135,13 +140,14 @@ export class MsalPluginWeb extends WebPlugin implements IMsalPlugin {
     })
   }
 
-  async acquireAccessTokenForUser(request: {scopes: string[]}): Promise<{results: string}> {
+  async acquireAccessTokenForUser(request: {scopes: string[], forceRefresh?: boolean}): Promise<{results: string}> {
     return new Promise(async (resolve, reject)=>{
       if(this.msalClient){
         try {
           let token = await this.msalClient.acquireTokenSilent({
             scopes: request.scopes,
-            account: this.msalResults?.account ?? undefined
+            account: this.msalResults?.account ?? undefined, 
+            forceRefresh: request.forceRefresh
           });
           resolve({
             results: token.accessToken