Add support for OneBox Environment, Fixes AB#3113751

changelog.txt

@@ -7,6 +7,7 @@ vNext
 - [MINOR] Add Child Spans for Interactive Span (#2516)
 - [MINOR] For MSAL CPP flows, match exact claims when deleting AT with intersecting scopes (#2548)
 - [MINOR] Replace Deprecated Keystore API for Android 28+ (#2558)
+- [MINOR] Add support for OneBox Environment (#2559)
 
 Version 18.2.2
 ----------

common4j/build.gradle

@@ -150,6 +150,7 @@ def dcParameter = "" // will be blank unless specified by developer
 def useMockApiForNativeAuthParameter = false // will be false unless specified by developer
 def mockApiUrlParameter = "" // will be blank unless specified by developer
 def disableAcquireTokenSilentTimeoutParameter = false // will be false unless specified by developer
+def allowOneboxAuthorities = false // will be false unless specified by developer
 
 if (project.hasProperty("slice")) {
     sliceParameter = slice
@@ -175,6 +176,10 @@ if (project.hasProperty("disableAcquireTokenSilentTimeout")) {
     disableAcquireTokenSilentTimeoutParameter = true
 }
 
+if (project.hasProperty("allowOneboxAuthorities")) {
+    allowOneboxAuthorities = true
+}
+
 sourceSets {
     main {
         java.srcDirs = ['src/main', "$project.buildDir/generated/source/buildConfig/main"]
@@ -183,6 +188,7 @@ sourceSets {
         buildConfigField("boolean", "USE_MOCK_API_FOR_NATIVE_AUTH_AUTHORITY", "${useMockApiForNativeAuthParameter}")
         buildConfigField("String", "MOCK_API_URL", "\"$mockApiUrlParameter\"")
         buildConfigField("boolean", "DISABLE_ACQUIRE_TOKEN_SILENT_TIMEOUT", "${disableAcquireTokenSilentTimeoutParameter}")
+        buildConfigField("boolean", "ALLOW_ONEBOX_AUTHORITIES", "${allowOneboxAuthorities}")
     }
     test {
         java.srcDirs = ['src/test']

common4j/src/main/com/microsoft/identity/common/java/authorities/Authority.java

@@ -250,10 +250,17 @@ private static boolean authorityIsKnownFromConfiguration(@NonNull final String a
         return null != getEquivalentConfiguredAuthority(authorityStr);
     }
 
-    private static Authority createAadAuthority(@NonNull final CommonURIBuilder authorityCommonUriBuilder,
+    private static Authority createAadAuthority(@NonNull final CommonURIBuilder uriBuilder,
                                                 @NonNull final List<String> pathSegments) {
+        final String cloudUrl;
+        if (uriBuilder.getPort() != -1) {
+            cloudUrl = uriBuilder.getScheme() + "://" + uriBuilder.getHost() + ":" + uriBuilder.getPort();
+        } else {
+            cloudUrl = uriBuilder.getScheme() + "://" + uriBuilder.getHost();
+        }
+
         AzureActiveDirectoryAudience audience = AzureActiveDirectoryAudience.getAzureActiveDirectoryAudience(
-                authorityCommonUriBuilder.getScheme() + "://" + authorityCommonUriBuilder.getHost(),
+                cloudUrl,
                 pathSegments.get(0)
         );
 
@@ -344,6 +351,10 @@ public static boolean isKnownAuthority(Authority authority) {
             return false;
         }
 
+        if (BuildConfig.ALLOW_ONEBOX_AUTHORITIES) {
+            return true; // onebox authorities are always considered to be known.
+        }
+
         //Check if authority was added to configuration
         for (final Authority currentAuthority : knownAuthorities) {
             if (currentAuthority.mAuthorityUrlString != null &&

common4j/src/main/com/microsoft/identity/common/java/authorities/AuthorityDeserializer.java

@@ -61,7 +61,13 @@ public Authority deserialize(JsonElement json, Type typeOfT, JsonDeserialization
                     if (aadAuthority != null && aadAuthority.mAuthorityUrlString != null) {
                         try {
                             final CommonURIBuilder uri = new CommonURIBuilder(URI.create(aadAuthority.mAuthorityUrlString));
-                            final String cloudUrl = uri.getScheme() + "://" + uri.getHost();
+                            final String cloudUrl;
+                            if (uri.getPort() != -1) {
+                                cloudUrl = uri.getScheme() + "://" + uri.getHost() + ":" + uri.getPort();
+                            } else {
+                                cloudUrl = uri.getScheme() + "://" + uri.getHost();
+                            }
+
                             final String tenant = uri.getLastPathSegment();
                             if (!StringUtil.isNullOrEmpty(tenant)) {
                                 aadAuthority.mAudience = AzureActiveDirectoryAudience.getAzureActiveDirectoryAudience(cloudUrl, tenant);

common4j/src/main/com/microsoft/identity/common/java/authorities/Environment.java

@@ -24,5 +24,6 @@
 
 public enum Environment {
     PreProduction,
-    Production
+    Production,
+    OneBox // local ests setup
 }

common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/azureactivedirectory/AzureActiveDirectory.java

@@ -178,6 +178,8 @@ public static synchronized void initializeCloudMetadata(@NonNull final String au
     public static synchronized String getDefaultCloudUrl() {
         if (sEnvironment == Environment.PreProduction) {
             return AzureActiveDirectoryEnvironment.PREPRODUCTION_CLOUD_URL;
+        } else if (sEnvironment == Environment.OneBox) {
+            return AzureActiveDirectoryEnvironment.ONEBOX_CLOUD_URL;
         } else {
             return AzureActiveDirectoryEnvironment.PRODUCTION_CLOUD_URL;
         }

common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/azureactivedirectory/AzureActiveDirectoryEnvironment.java

@@ -3,4 +3,5 @@
 public class AzureActiveDirectoryEnvironment {
     public static final String PRODUCTION_CLOUD_URL = "https://login.microsoftonline.com"; //Prod
     public static final String PREPRODUCTION_CLOUD_URL = "https://login.windows-ppe.net"; //PPE
+    public static final String ONEBOX_CLOUD_URL = "https://zurich.test.dnsdemo1.test:8478"; // Local ESTS Deployment
 }