Skip to content

Refactor client credential behavior to be per-request #986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Sep 12, 2025
Merged

Refactor client credential behavior to be per-request #986

merged 11 commits into from
Sep 12, 2025

Conversation

Avery-Dunn
Copy link
Contributor

@Avery-Dunn Avery-Dunn commented Sep 2, 2025
edited
Loading

Refactors behavior related to client credentials and also fixes the regression described in #984

Version 1.23.0 introduced a large refactor to remove usage of third-party dependencies, in particular those from com.nimbusds. Prior to 1.23.0 assertions created for ClientCertificate were given 10 minute expiry time and were only recreated if the old one expired, however the refresh behavior was lost during a refactor in PR #927

In addition, this PR fixes/improves assertion behavior to resolve the issues described in #879 and #977: when using the callback option for assertions the original design only called the callback when the ClientAssertion instance was first created, meaning an app-level assertion was only created once

This PR fixes that regression and refactors the behavior around client credentials to be more in line with other MSALs:

  • Remove locally cached credential fields from ConfidentialClientApplication, and move logic for creating assertion from ConfidentialClientApplication to ClientCertificate
  • Adjusts ClientAssertion and ClientCredentialFactory to properly call callbacks set at the app-level
  • Refactor certain methods in TokenRequestExecutor to use credential fields/methods directly, properly creates assertions when tenants are set at the request-level, and generally improve some complicated logic
  • Adjusts ClientAssertion and ClientCredentialFactory to properly call the app-level callback whenever the assertion is needed
  • Update and expand tests in ClientCertificateTest and ClientCredentialTest to cover the new behavior

@Avery-Dunn Avery-Dunn requested a review from a team as a code owner September 2, 2025 23:08
This was referenced Sep 2, 2025
Closed
Closed
bgavrilMS
bgavrilMS previously requested changes Sep 3, 2025
View reviewed changes
Copy link
Member

@bgavrilMS bgavrilMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

assertion should be at request level?

@Avery-Dunn Avery-Dunn changed the title Re-add behavior for refreshing assertions Refactor client credential behavior to be per-request Sep 4, 2025
@Avery-Dunn Avery-Dunn mentioned this pull request Sep 4, 2025
Merged
Avery-Dunn and others added 4 commits September 9, 2025 14:20
@Avery-Dunn @neha-bhargava
Update msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Authority.java
65dbd6c 
Co-authored-by: Neha Bhargava <[email protected]>
@Avery-Dunn
Merge branch 'avdunn/fix-assertion-refresh' into avdunn/improve-crede…
a36c921 
…ntials

# Conflicts:
#	msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/ClientCredentialTest.java
@Avery-Dunn
Merge remote-tracking branch 'origin/avdunn/improve-credentials' into…
dcf0369 
… avdunn/improve-credentials
@Avery-Dunn
Merge pull request #988 from AzureAD/avdunn/improve-credentials
cabae29 
Improve behavior related to assertions
gladjohn
gladjohn reviewed Sep 11, 2025
View reviewed changes
@Avery-Dunn Avery-Dunn dismissed bgavrilMS’s stale review September 12, 2025 16:42

Requested changes were implemented.

@Avery-Dunn Avery-Dunn merged commit 9c03bc3 into dev Sep 12, 2025
5 checks passed
@Avery-Dunn Avery-Dunn mentioned this pull request Sep 12, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bgavrilMS bgavrilMS bgavrilMS approved these changes

@gladjohn gladjohn gladjohn approved these changes

@sudoapt-getclean sudoapt-getclean Awaiting requested review from sudoapt-getclean

@neha-bhargava neha-bhargava Awaiting requested review from neha-bhargava

@trwalke trwalke Awaiting requested review from trwalke

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Avery-Dunn @bgavrilMS @sudoapt-getclean @trwalke @neha-bhargava @gladjohn