Fix a serialization issue and add better assert in ut

src/Microsoft.Identity.Client/Cache/CacheSessionManager.cs

@@ -62,9 +62,24 @@ public MsalIdTokenCacheItem GetIdTokenCacheItem(MsalIdTokenCacheKey idTokenCache
             return TokenCacheInternal.GetIdTokenCacheItem(idTokenCacheKey, _requestParams.RequestContext);
         }
 
+        public Task<MsalRefreshTokenCacheItem> FindFamilyRefreshTokenAsync(string familyId)
+        {
+            if (String.IsNullOrEmpty(familyId))
+            {
+                throw new ArgumentNullException(nameof(familyId));
+            }
+
+            return TokenCacheInternal.FindRefreshTokenAsync(_requestParams, familyId);
+        }
+
         public Task<MsalRefreshTokenCacheItem> FindRefreshTokenAsync()
         {
             return TokenCacheInternal.FindRefreshTokenAsync(_requestParams);
         }
+
+        public Task<bool?> IsAppFociMemberAsync(string familyId)
+        {
+            return TokenCacheInternal.CheckAppIsFamilyMemberAsync(_requestParams, familyId);
+        }
     }
 }

src/Microsoft.Identity.Client/Cache/ICacheSessionManager.cs

@@ -41,5 +41,7 @@ internal interface ICacheSessionManager
         Tuple<MsalAccessTokenCacheItem, MsalIdTokenCacheItem> SaveTokenResponse(MsalTokenResponse tokenResponse);
         MsalIdTokenCacheItem GetIdTokenCacheItem(MsalIdTokenCacheKey idTokenCacheKey);
         Task<MsalRefreshTokenCacheItem> FindRefreshTokenAsync();
+        Task<MsalRefreshTokenCacheItem> FindFamilyRefreshTokenAsync(string familyId);
+        Task<bool?> IsAppFociMemberAsync(string familyId);
     }
 }

src/Microsoft.Identity.Client/Cache/ITokenCacheAccessor.cs

@@ -51,6 +51,8 @@ internal interface ITokenCacheAccessor
 
         MsalAccountCacheItem GetAccount(MsalAccountCacheKey accountKey);
 
+        MsalAppMetadataCacheItem GetAppMetadata(MsalAppMetadataCacheKey appMetadataKey);
+
         void DeleteAccessToken(MsalAccessTokenCacheKey cacheKey);
 
         void DeleteRefreshToken(MsalRefreshTokenCacheKey cacheKey);
@@ -66,13 +68,9 @@ internal interface ITokenCacheAccessor
         IEnumerable<MsalIdTokenCacheItem> GetAllIdTokens();
 
         IEnumerable<MsalAccountCacheItem> GetAllAccounts();
-
-        /// <remarks>
-        /// MSAL should not rely on this method except for serialization
-        /// </remarks>
+
         IEnumerable<MsalAppMetadataCacheItem> GetAllAppMetadata();
 
-        MsalAppMetadataCacheItem ReadAppMetadata(MsalAppMetadataCacheKey appMetadataKey);
 
 #if iOS
         void SetiOSKeychainSecurityGroup(string keychainSecurityGroup);

src/Microsoft.Identity.Client/Cache/Items/CacheSerializationContract.cs

@@ -108,6 +108,20 @@ internal static CacheSerializationContract FromJsonString(string json)
                 }
             }
 
+            // App Metadata
+            if (root.ContainsKey(StorageJsonValues.AppMetadata))
+            {
+                foreach (var token in root[StorageJsonValues.AppMetadata]
+                    .Values())
+                {
+                    if (token is JObject j)
+                    {
+                        var item = MsalAppMetadataCacheItem.FromJObject(j);
+                        contract.AppMetadata[item.GetKey().ToString()] = item;
+                    }
+                }
+            }
+
             return contract;
         }
 
@@ -158,6 +172,9 @@ internal string ToJsonString()
                 appMetadataRoot[kvp.Key] = kvp.Value.ToJObject();
             }
 
+            root[StorageJsonValues.AppMetadata] = appMetadataRoot;
+
+
             return root.ToString();
         }
     }

src/Microsoft.Identity.Client/Cache/Items/MsalAccountCacheItem.cs

@@ -41,22 +41,6 @@ internal MsalAccountCacheItem()
             AuthorityType = Cache.AuthorityType.MSSTS.ToString();
         }
 
-        internal MsalAccountCacheItem(string environment, MsalTokenResponse response)
-            : this()
-        {
-            var idToken = IdToken.Parse(response.IdToken);
-
-            Init(
-                environment,
-                idToken?.ObjectId,
-                response.ClientInfo,
-                idToken.Name,
-                idToken.PreferredUsername,
-                idToken.TenantId,
-                idToken.GivenName,
-                idToken.FamilyName);
-        }
-
         internal MsalAccountCacheItem(
             string environment,
             MsalTokenResponse response,
@@ -77,7 +61,7 @@ internal MsalAccountCacheItem(
                 idToken.FamilyName);
         }
 
-        internal MsalAccountCacheItem(
+        internal /* for test */ MsalAccountCacheItem(
             string environment,
             string localAccountId,
             string rawClientInfo,

src/Microsoft.Identity.Client/Cache/Items/MsalRefreshTokenCacheItem.cs

@@ -72,7 +72,7 @@ internal MsalRefreshTokenCacheItem(
 
         internal MsalRefreshTokenCacheKey GetKey()
         {
-            return new MsalRefreshTokenCacheKey(Environment, ClientId, HomeAccountId);
+            return new MsalRefreshTokenCacheKey(Environment, ClientId, HomeAccountId, FamilyId);
         }
 
         internal static MsalRefreshTokenCacheItem FromJsonString(string json)

src/Microsoft.Identity.Client/Cache/Keys/MsalAppMetadataCacheKey.cs

@@ -49,16 +49,17 @@ public MsalAppMetadataCacheKey(string clientId, string environment)
         /// <returns></returns>
         public override string ToString()
         {
-            return $"{StorageJsonValues.AppMetadata}{MsalCacheKeys.CacheKeyDelimiter}{_environment}{MsalCacheKeys.CacheKeyDelimiter}{_clientId}";
+            return ($"{StorageJsonKeys.AppMetadata}{MsalCacheKeys.CacheKeyDelimiter}" +
+                $"{_environment}{MsalCacheKeys.CacheKeyDelimiter}{_clientId}").ToLowerInvariant();
         }
 
         #region iOS
 
-        public string iOSService => $"{StorageJsonValues.AppMetadata}{MsalCacheKeys.CacheKeyDelimiter}{_clientId}";
+        public string iOSService => $"{StorageJsonValues.AppMetadata}{MsalCacheKeys.CacheKeyDelimiter}{_clientId}".ToLowerInvariant();
 
         public string iOSGeneric => "1";
 
-        public string iOSAccount => $"{_environment}";
+        public string iOSAccount => $"{_environment}".ToLowerInvariant();
 
         public int iOSType => (int)MsalCacheKeys.iOSCredentialAttrType.AppMetadata;
 

src/Microsoft.Identity.Client/Cache/Keys/MsalRefreshTokenCacheKey.cs

@@ -33,13 +33,25 @@ namespace Microsoft.Identity.Client.Cache.Keys
     /// An object representing the key of the token cache RT dictionary. The 
     /// format of the key is not important for this library, as long as it is unique.
     /// </summary>
-    internal class MsalRefreshTokenCacheKey : IiOSKey
+    /// <remarks>
+    /// Normal RTs are scoped by env, account_id and clientID
+    /// FRTs are scoped by env, account_id and familyID (clientID exists, but is irrelevant)
+    /// </remarks>
+    internal class MsalRefreshTokenCacheKey : IiOSKey //TODO bogavril: add a base class with FRT key?
     {
         private readonly string _environment;
         private readonly string _homeAccountId;
         private readonly string _clientId;
+        private readonly string _familyId;
 
-        internal MsalRefreshTokenCacheKey(string environment, string clientId, string userIdentifier)
+        /// <summary>
+        /// Constructor
+        /// </summary>
+        /// <param name="environment"></param>
+        /// <param name="clientId"></param>
+        /// <param name="userIdentifier"></param>
+        /// <param name="familyId">Can be null or empty, denoting a normal RT. A value signifies an FRT.</param>
+        internal MsalRefreshTokenCacheKey(string environment, string clientId, string userIdentifier, string familyId)
         {
             if (string.IsNullOrEmpty(environment))
             {
@@ -54,30 +66,71 @@ internal MsalRefreshTokenCacheKey(string environment, string clientId, string us
             _environment = environment;
             _homeAccountId = userIdentifier;
             _clientId = clientId;
+            _familyId = familyId;
         }
 
         public override string ToString()
         {
+            // FRT
+            if (!String.IsNullOrWhiteSpace(_familyId))
+            {
+                string d = MsalCacheKeys.CacheKeyDelimiter;
+                return $"{_homeAccountId}{d}{_environment}{d}{StorageJsonValues.CredentialTypeRefreshToken}{d}{_familyId}{d}{d}".ToLowerInvariant();
+
+            }
+
             return MsalCacheKeys.GetCredentialKey(
-                _homeAccountId,
-                _environment,
-                StorageJsonValues.CredentialTypeRefreshToken,
-                _clientId,
-                tenantId: null,
-                scopes: null);
+                   _homeAccountId,
+                   _environment,
+                   StorageJsonValues.CredentialTypeRefreshToken,
+                   _clientId,
+                   tenantId: null,
+                   scopes: null);
         }
 
         #region iOS
 
+        public string iOSAccount
+        {
+            get
+            {
+                return MsalCacheKeys.GetiOSAccountKey(_homeAccountId, _environment);
+            }
+        }
 
-        public string iOSAccount => MsalCacheKeys.GetiOSAccountKey(_homeAccountId, _environment);
+        public string iOSGeneric
+        {
+            get
+            {
+                // FRT
+                if (!String.IsNullOrWhiteSpace(_familyId))
+                {
+                    return $"{StorageJsonValues.CredentialTypeRefreshToken}{MsalCacheKeys.CacheKeyDelimiter}{_familyId}{MsalCacheKeys.CacheKeyDelimiter}".ToLowerInvariant();
+                }
 
-        public string iOSGeneric => MsalCacheKeys.GetiOSGenericKey(StorageJsonValues.CredentialTypeRefreshToken, _clientId, tenantId: null);
+                return MsalCacheKeys.GetiOSGenericKey(StorageJsonValues.CredentialTypeRefreshToken, _clientId, tenantId: null);
 
-        public string iOSService => MsalCacheKeys.GetiOSServiceKey(StorageJsonValues.CredentialTypeRefreshToken, _clientId, tenantId: null, scopes: null);
+            }
+        }
+
+        public string iOSService
+        {
+            get
+            {
+                // FRT
+                if (!String.IsNullOrWhiteSpace(_familyId))
+                {
+                    return $"{StorageJsonValues.CredentialTypeRefreshToken}{MsalCacheKeys.CacheKeyDelimiter}{_familyId}{MsalCacheKeys.CacheKeyDelimiter}{MsalCacheKeys.CacheKeyDelimiter}".ToLowerInvariant();
+                }
+
+                return MsalCacheKeys.GetiOSServiceKey(StorageJsonValues.CredentialTypeRefreshToken, _clientId, tenantId: null, scopes: null);
+            }
+        }
 
         public int iOSType => (int)MsalCacheKeys.iOSCredentialAttrType.RefreshToken;
 
+
+
         #endregion
     }
 }

src/Microsoft.Identity.Client/Cache/StorageJsonKeys.cs

@@ -50,6 +50,8 @@ internal static class StorageJsonKeys
         public const string ExtendedExpiresOn = "extended_expires_on";
         public const string ClientInfo = "client_info";
         public const string FamilyId = "family_id";
+        public const string AppMetadata = "appmetadata";
+
 
         // todo(cache): this needs to be added to the spec.  needed for OBO flow on .NET.
         public const string UserAssertionHash = "user_assertion_hash";
@@ -58,4 +60,4 @@ internal static class StorageJsonKeys
         // this is here for back compat
         public const string ExtendedExpiresOn_MsalCompat = "ext_expires_on";
     }
-}
+}

src/Microsoft.Identity.Client/Cache/StorageJsonValues.cs

@@ -39,6 +39,6 @@ internal static class StorageJsonValues
         public const string AccountRootKey = "Account";
         public const string CredentialTypeOther = "Other";
 
-        public const string AppMetadata = "appmetadata";
+        public const string AppMetadata = "AppMetadata";
     }
 }

src/Microsoft.Identity.Client/Platforms/Android/AndroidTokenCacheAccessor.cs

@@ -205,6 +205,11 @@ public IEnumerable<MsalAppMetadataCacheItem> GetAllAppMetadata()
         {
             throw new NotImplementedException();
         }
+
+        public MsalAppMetadataCacheItem GetAppMetadata(MsalAppMetadataCacheKey appMetadataKey)
+        {
+            throw new NotImplementedException();
+        }
         #endregion
     }
 }

src/Microsoft.Identity.Client/Platforms/iOS/iOSFeatureFlags.cs

@@ -33,7 +33,7 @@ internal class iOSFeatureFlags : IFeatureFlags
     {
         /// <summary>
         /// FOCI has not been tested on iOS
-        /// <summary>
+        /// </summary>
         public bool IsFociEnabled => false;
     }
 }

src/Microsoft.Identity.Client/Platforms/iOS/iOSTokenCacheAccessor.cs

@@ -345,6 +345,11 @@ public IEnumerable<MsalAppMetadataCacheItem> GetAllAppMetadata()
         {
             throw new NotImplementedException();
         }
+
+        public MsalAppMetadataCacheItem GetAppMetadata(MsalAppMetadataCacheKey appMetadataKey)
+        {
+            throw new NotImplementedException();
+        }
         #endregion
     }
 }

tests/Microsoft.Identity.Test.Unit.net45/AuthorityAliasesTests.cs

@@ -210,4 +210,4 @@ private void ValidateCacheEntitiesEnvironment(ITokenCacheInternal cache, string
             }
         }
     }
-}
+}

tests/Microsoft.Identity.Test.Unit.net45/CacheTests/CacheSerializationTests.cs

@@ -131,6 +131,11 @@ private ITokenCacheAccessor CreateTokenCacheAccessor()
                 accessor.SaveRefreshToken(item);
             }
 
+            // Create an FRT
+            var frt = CreateRefreshTokenItem();
+            frt.FamilyId = "1";
+            accessor.SaveRefreshToken(frt);
+
             for (int i = 1; i <= NumIdTokens; i++)
             {
                 var item = CreateIdTokenItem();
@@ -421,21 +426,31 @@ public void TestDictionarySerialization()
         #region JSON SERIALIZATION TESTS
 
         [TestMethod]
+        [DeploymentItem(@"Resources\ExpectedTokenCache.json")]
         public void TestJsonSerialization()
         {
+            string expectedJson = File.ReadAllText(ResourceHelper.GetTestResourceRelativePath("ExpectedTokenCache.json"));
             var accessor = CreateTokenCacheAccessor();
 
             var s1 = new TokenCacheJsonSerializer(accessor);
             byte[] bytes = s1.Serialize();
-            string json = new UTF8Encoding().GetString(bytes);
+            string actualJson = new UTF8Encoding().GetString(bytes);
+
+            Assert.IsTrue(JToken.DeepEquals(JObject.Parse(actualJson), JObject.Parse(expectedJson)));
 
             var otherAccessor = new InMemoryTokenCacheAccessor();
             var s2 = new TokenCacheJsonSerializer(otherAccessor);
             s2.Deserialize(bytes);
 
             AssertAccessorsAreEqual(accessor, otherAccessor);
+
+            // serialize again to detect errors that come from deserialization
+            byte[] bytes2 = s2.Serialize();
+            string actualJson2 = new UTF8Encoding().GetString(bytes2);
+            Assert.IsTrue(JToken.DeepEquals(JObject.Parse(actualJson2), JObject.Parse(expectedJson)));
         }
 
+
         #endregion // JSON SERIALIZATION TESTS
 
         [TestMethod]
@@ -653,7 +668,17 @@ private void AssertAccessTokenCacheItemsAreEqual(MsalAccessTokenCacheItem expect
         private void AssertRefreshTokenCacheItemsAreEqual(MsalRefreshTokenCacheItem expected, MsalRefreshTokenCacheItem actual)
         {
             AssertCredentialCacheItemBaseItemsAreEqual(expected, actual);
-            Assert.AreEqual(expected.FamilyId, actual.FamilyId);
+
+            if (string.IsNullOrEmpty(expected.FamilyId))
+            {
+                Assert.IsTrue(string.IsNullOrEmpty(actual.FamilyId));
+            }
+            else
+            {
+                Assert.AreEqual(expected.FamilyId, actual.FamilyId);
+            }
+
+
         }
 
         private void AssertIdTokenCacheItemsAreEqual(MsalIdTokenCacheItem expected, MsalIdTokenCacheItem actual)