diff --git a/changelog b/changelog index c151a260b..9aae342df 100644 --- a/changelog +++ b/changelog @@ -1,6 +1,10 @@ MSAL Wiki : https://github.com/AzureAD/microsoft-authentication-library-for-android/wiki vNext ---------- + +Version 4.10.0 +---------- +- [PATCH] Update common @16.2.0 - [PATCH] Fix NPE in SingleAccountPublicClientApplication.getPersistedCurrentAccount (#1933) - [PATCH] Updating JSON version (#1932) - [MINOR] Updating Moshi versions (#1926) diff --git a/common b/common index 9a1b7affc..c04618486 160000 --- a/common +++ b/common @@ -1 +1 @@ -Subproject commit 9a1b7affca04468927e85168ce017c0c1951fc6e +Subproject commit c04618486ad399f28a9a026659045b5f08bdc973 diff --git a/msal/build.gradle b/msal/build.gradle index 8763f9aad..8573eaa08 100644 --- a/msal/build.gradle +++ b/msal/build.gradle @@ -402,4 +402,4 @@ tasks.whenTaskAdded { task -> // This is used to generate the pom file for publishing to external maven in maven-release-jobs.yml tasks.withType(GenerateMavenPom).all { destination = layout.buildDirectory.file("poms/${project.name}-${project.version}.pom").get().asFile -} \ No newline at end of file +} diff --git a/msal/src/main/java/com/microsoft/identity/client/PublicClientApplicationConfiguration.java b/msal/src/main/java/com/microsoft/identity/client/PublicClientApplicationConfiguration.java index cd741127c..b8ed6547f 100644 --- a/msal/src/main/java/com/microsoft/identity/client/PublicClientApplicationConfiguration.java +++ b/msal/src/main/java/com/microsoft/identity/client/PublicClientApplicationConfiguration.java @@ -22,6 +22,29 @@ // THE SOFTWARE. package com.microsoft.identity.client; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.ACCOUNT_MODE; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORITIES; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORIZATION_IN_CURRENT_TASK; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORIZATION_USER_AGENT; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.BROWSER_SAFE_LIST; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.CLIENT_CAPABILITIES; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.CLIENT_ID; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.ENVIRONMENT; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.HANDLE_TASKS_WITH_NULL_TASKAFFINITY; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.HTTP; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.LOGGING; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.MULTIPLE_CLOUDS_SUPPORTED; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.POWER_OPT_CHECK_FOR_NETWORK_REQUEST_ENABLED; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.PREFERRED_BROWSER; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.REDIRECT_URI; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.REQUIRED_BROKER_PROTOCOL_VERSION; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.TELEMETRY; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.USE_BROKER; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEBAUTHN_CAPABLE; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEB_VIEW_ZOOM_CONTROLS_ENABLED; +import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEB_VIEW_ZOOM_ENABLED; +import static com.microsoft.identity.client.exception.MsalClientException.APP_MANIFEST_VALIDATION_ERROR; + import android.Manifest; import android.content.Context; import android.content.Intent; @@ -44,16 +67,16 @@ import com.microsoft.identity.client.exception.MsalClientException; import com.microsoft.identity.common.adal.internal.AuthenticationConstants; import com.microsoft.identity.common.adal.internal.AuthenticationSettings; +import com.microsoft.identity.common.internal.authorities.UnknownAudience; +import com.microsoft.identity.common.internal.broker.PackageHelper; +import com.microsoft.identity.common.internal.logging.Logger; +import com.microsoft.identity.common.internal.telemetry.TelemetryConfiguration; import com.microsoft.identity.common.java.authorities.Authority; import com.microsoft.identity.common.java.authorities.AzureActiveDirectoryAuthority; import com.microsoft.identity.common.java.authorities.Environment; -import com.microsoft.identity.common.internal.authorities.UnknownAudience; import com.microsoft.identity.common.java.authorities.UnknownAuthority; -import com.microsoft.identity.common.internal.broker.PackageHelper; import com.microsoft.identity.common.java.configuration.LibraryConfiguration; -import com.microsoft.identity.common.internal.logging.Logger; import com.microsoft.identity.common.java.providers.oauth2.OAuth2TokenCache; -import com.microsoft.identity.common.internal.telemetry.TelemetryConfiguration; import com.microsoft.identity.common.java.ui.AuthorizationAgent; import com.microsoft.identity.common.java.ui.BrowserDescriptor; @@ -63,29 +86,6 @@ import javax.crypto.SecretKey; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.ACCOUNT_MODE; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORITIES; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORIZATION_IN_CURRENT_TASK; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORIZATION_USER_AGENT; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.BROWSER_SAFE_LIST; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.CLIENT_CAPABILITIES; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.CLIENT_ID; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.ENVIRONMENT; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.HANDLE_TASKS_WITH_NULL_TASKAFFINITY; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.HTTP; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.LOGGING; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.MULTIPLE_CLOUDS_SUPPORTED; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.POWER_OPT_CHECK_FOR_NETWORK_REQUEST_ENABLED; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.PREFERRED_BROWSER; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.REDIRECT_URI; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.REQUIRED_BROKER_PROTOCOL_VERSION; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.TELEMETRY; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.USE_BROKER; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEBAUTHN_CAPABLE; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEB_VIEW_ZOOM_CONTROLS_ENABLED; -import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEB_VIEW_ZOOM_ENABLED; -import static com.microsoft.identity.client.exception.MsalClientException.APP_MANIFEST_VALIDATION_ERROR; - public class PublicClientApplicationConfiguration { private static final String TAG = PublicClientApplicationConfiguration.class.getSimpleName(); @@ -761,7 +761,7 @@ private boolean isValidAuthenticatorRedirectUri() { final String sha512_signingCertThumbprint = Base64.encodeToString(md_sha512.digest(), Base64.NO_WRAP); if (AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_RELEASE_SIGNATURE_SHA512.equalsIgnoreCase(sha512_signingCertThumbprint) - || AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_DEBUG_SIGNATURE_SHA512.equalsIgnoreCase(sha512_signingCertThumbprint)) { + || AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_DEBUG_SIGNATURE_SHA512.equalsIgnoreCase(sha512_signingCertThumbprint)) { // MSAL still uses SHA-1 format in redirect url. final MessageDigest md_sha1 = MessageDigest.getInstance("SHA"); diff --git a/msal/versioning/version.properties b/msal/versioning/version.properties index 81eda03de..457ad4304 100644 --- a/msal/versioning/version.properties +++ b/msal/versioning/version.properties @@ -1,3 +1,3 @@ #Wed Aug 01 15:24:11 PDT 2018 -versionName=4.9.0 +versionName=4.10.0 versionCode=0 diff --git a/msalautomationapp/src/androidTest/java/com/microsoft/identity/client/msal/automationapp/testpass/broker/mwpj/TestCase2521768.kt b/msalautomationapp/src/androidTest/java/com/microsoft/identity/client/msal/automationapp/testpass/broker/mwpj/TestCase2521768.kt index e7fef99d6..43635284b 100644 --- a/msalautomationapp/src/androidTest/java/com/microsoft/identity/client/msal/automationapp/testpass/broker/mwpj/TestCase2521768.kt +++ b/msalautomationapp/src/androidTest/java/com/microsoft/identity/client/msal/automationapp/testpass/broker/mwpj/TestCase2521768.kt @@ -59,25 +59,25 @@ class TestCase2521768 : AbstractMsalBrokerTest() { // Make an interactive call with MSAL using the first account val msalSdk = MsalSdk() val authTestParamsForInteractiveRequest = MsalAuthTestParams.builder() - .activity(mActivity) - .loginHint(mLabAccount.username) - .scopes(listOf(*mScopes)) - .promptParameter(Prompt.SELECT_ACCOUNT) - .msalConfigResourceId(configFileResourceId) - .build() + .activity(mActivity) + .loginHint(mLabAccount.username) + .scopes(listOf(*mScopes)) + .promptParameter(Prompt.SELECT_ACCOUNT) + .msalConfigResourceId(configFileResourceId) + .build() val authResult = msalSdk.acquireTokenInteractive( - authTestParamsForInteractiveRequest, - { - val promptHandlerParameters = MicrosoftStsPromptHandlerParameters.builder() - .prompt(PromptParameter.SELECT_ACCOUNT) - .loginHint(mLabAccount.username) - .sessionExpected(false) - .consentPageExpected(false) - .build() - MicrosoftStsPromptHandler(promptHandlerParameters).handlePrompt(mLabAccount.username, mLabAccount.password) - }, - TokenRequestTimeout.MEDIUM + authTestParamsForInteractiveRequest, + { + val promptHandlerParameters = MicrosoftStsPromptHandlerParameters.builder() + .prompt(PromptParameter.SELECT_ACCOUNT) + .loginHint(mLabAccount.username) + .sessionExpected(false) + .consentPageExpected(false) + .build() + MicrosoftStsPromptHandler(promptHandlerParameters).handlePrompt(mLabAccount.username, mLabAccount.password) + }, + TokenRequestTimeout.MEDIUM ) authResult.assertSuccess() @@ -88,69 +88,32 @@ class TestCase2521768 : AbstractMsalBrokerTest() { // Verify that the operation was successful and there is no device id claim present. // First account uses BrokerLocalController because it doesn't have a PRT, and return AT from cache. val authTestParamsForSilentRequest = MsalAuthTestParams.builder() - .activity(mActivity) - .loginHint(mLabAccount.username) - .scopes(listOf(*mScopes)) - .authority(authority) - .resource(mScopes[0]) - .msalConfigResourceId(configFileResourceId) - .build() + .activity(mActivity) + .loginHint(mLabAccount.username) + .scopes(listOf(*mScopes)) + .authority(authority) + .resource(mScopes[0]) + .msalConfigResourceId(configFileResourceId) + .build() val authResult2 = msalSdk.acquireTokenSilent(authTestParamsForSilentRequest, TokenRequestTimeout.MEDIUM) authResult2.assertSuccess() val claims = JWTParserFactory.INSTANCE.jwtParser.parseJWT(authResult2.accessToken) Assert.assertFalse("Device id claim is present", claims.containsKey("deviceid")) // Start a silent token request for the first account with device id claims; - // Verify that the operation failed with error code AADSTS50187. - // Requires an interactive call because PkeyAuth is not triggered unless broker_msal version is 9.0 or higher val authTestParamsForSilentRequestWithDeviceIdClaim = MsalAuthTestParams.builder() - .activity(mActivity) - .loginHint(mLabAccount.username) - .scopes(listOf(*mScopes)) - .claims(getDeviceIdClaimRequest()) - .authority(authority) - .resource(mScopes[0]) - .msalConfigResourceId(configFileResourceId) - .build() + .activity(mActivity) + .loginHint(mLabAccount.username) + .scopes(listOf(*mScopes)) + .claims(getDeviceIdClaimRequest()) + .authority(authority) + .resource(mScopes[0]) + .msalConfigResourceId(configFileResourceId) + .build() val authResult3= msalSdk.acquireTokenSilent(authTestParamsForSilentRequestWithDeviceIdClaim, TokenRequestTimeout.MEDIUM) - authResult3.assertFailure() - Assert.assertNotNull( - "exception message is null" + authResult3.exception, - authResult3.exception.message - ) - Assert.assertTrue( - "exception message is not as expected" + authResult3.exception.message, - authResult3.exception.message!!.contains("AADSTS50187") - ) - - // Make an interactive call with device id claim using the first account, and verify that the device id claim is present. - - val authTestParamsForInteractiveRequestWithDeviceIdClaim = MsalAuthTestParams.builder() - .activity(mActivity) - .loginHint(mLabAccount.username) - .scopes(listOf(*mScopes)) - .claims(getDeviceIdClaimRequest()) - .promptParameter(Prompt.SELECT_ACCOUNT) - .msalConfigResourceId(configFileResourceId) - .build() - - val authResult4 = msalSdk.acquireTokenInteractive( - authTestParamsForInteractiveRequestWithDeviceIdClaim, - { - val promptHandlerParameters = MicrosoftStsPromptHandlerParameters.builder() - .prompt(PromptParameter.WHEN_REQUIRED) - .loginHint(mLabAccount.username) - .consentPageExpected(false) - .passwordPageExpected(false) - .sessionExpected(true) - .build() - MicrosoftStsPromptHandler(promptHandlerParameters).handlePrompt(mLabAccount.username, mLabAccount.password) - }, - TokenRequestTimeout.MEDIUM - ) - authResult4.assertSuccess() - val claims2 = JWTParserFactory.INSTANCE.jwtParser.parseJWT(authResult4.accessToken) - Assert.assertTrue("Device id claim is present", claims2.containsKey("deviceid")) + authResult3.assertSuccess() + val claims3 = JWTParserFactory.INSTANCE.jwtParser.parseJWT(authResult3.accessToken) + Assert.assertTrue("Device id claim is missing", claims3.containsKey("deviceid")) } /** @@ -182,8 +145,8 @@ class TestCase2521768 : AbstractMsalBrokerTest() { override fun getLabQuery(): LabQuery { return LabQuery.builder() - .userType(UserType.CLOUD) - .build() + .userType(UserType.CLOUD) + .build() } override fun getTempUserType(): TempUserType? { @@ -194,12 +157,12 @@ class TestCase2521768 : AbstractMsalBrokerTest() { fun before() { mLabAccount2 = mLabClient.createTempAccount(TempUserType.BASIC) Assert.assertEquals( - "Lab accounts are not in the same tenant", - mLabAccount2.homeTenantId, mLabAccount.homeTenantId + "Lab accounts are not in the same tenant", + mLabAccount2.homeTenantId, mLabAccount.homeTenantId ) Assert.assertNotEquals( - "Lab accounts are the same", - mLabAccount2.username, mLabAccount.username + "Lab accounts are the same", + mLabAccount2.username, mLabAccount.username ) mBrokerHostApp = broker as BrokerHost mBrokerHostApp.enableMultipleWpj()