Merge branch 'dev' of https://github.com/AzureAD/microsoft-authentica…

…tion-library-for-js into msal-core-adfs
AzureAD · tnorling · Aug 24, 2020 · May 15, 2020 · May 15, 2020 · May 27, 2020
commit 167ca678af6cd7ac9cd9876b2ac36c4169bceda9
diff --git a/lib/msal-browser/src/app/PublicClientApplication.ts b/lib/msal-browser/src/app/PublicClientApplication.ts
@@ -4,21 +4,26 @@
  */
 import {
     Account,
-    AuthenticationParameters,
-    Authority,
-    AuthorityFactory, ClientAuthError,
-    INetworkModule,
-    PromptValue,
-    ServerError,
     SPAClient,
-    StringUtils,
-    TemporaryCacheKeys,
-    TokenRenewParameters,
+    INetworkModule,
     TokenResponse,
     UrlString,
-    AuthorityType,
+    TokenRenewParameters,
+    StringUtils,
+    PromptValue,
+    ServerError,
+    Authority,
+    AuthorityFactory,
+    InteractionRequiredAuthError,
     B2cAuthority,
-    InteractionRequiredAuthError
+    AuthorizationUrlRequest,
+    PersistentCacheKeys,
+    IdToken,
+    ProtocolUtils,
+    AuthorizationCodeRequest,
+    Constants,
+    ClientAuthError,
+    AuthorityType
 } from "@azure/msal-common";
 import { buildConfiguration, Configuration } from "../config/Configuration";
 import { BrowserStorage } from "../cache/BrowserStorage";

diff --git a/lib/msal-browser/test/client/PublicClientApplication.spec.ts b/lib/msal-browser/test/client/PublicClientApplication.spec.ts
@@ -6,39 +6,10 @@ chai.use(chaiAsPromised);
 const expect = chai.expect;
 import sinon from "sinon";
 import { PublicClientApplication } from "../../src/app/PublicClientApplication";
-import {
-    TEST_CONFIG,
-    TEST_URIS,
-    TEST_HASHES,
-    TEST_TOKENS,
-    TEST_DATA_CLIENT_INFO,
-    TEST_TOKEN_LIFETIMES,
-    RANDOM_TEST_GUID,
-    DEFAULT_OPENID_CONFIG_RESPONSE,
-    testNavUrl,
-    testLogoutUrl
-} from "../utils/StringConstants";
-import {
-    AuthError,
-    ServerError,
-    AuthResponse,
-    LogLevel,
-    Constants,
-    TemporaryCacheKeys,
-    TokenResponse,
-    Account,
-    TokenExchangeParameters,
-    IdTokenClaims,
-    SPAClient,
-    PromptValue,
-    AuthenticationParameters, ClientAuthError, ClientAuthErrorMessage
-} from "@azure/msal-common";
+import { TEST_CONFIG, TEST_URIS, TEST_HASHES, TEST_TOKENS, TEST_DATA_CLIENT_INFO, TEST_TOKEN_LIFETIMES, RANDOM_TEST_GUID, DEFAULT_OPENID_CONFIG_RESPONSE, testNavUrl, testLogoutUrl } from "../utils/StringConstants";
+import { AuthError, ServerError, LogLevel, Constants, TokenResponse, Account, IdTokenClaims, SPAClient, PromptValue, AuthenticationResult, AuthorizationCodeRequest, AuthorizationUrlRequest, IdToken, PersistentCacheKeys, TokenRenewParameters, ClientAuthErrorMessage } from "@azure/msal-common";
 import { AuthCallback } from "../../src/types/AuthCallback";
-import {
-    BrowserConfigurationAuthErrorMessage,
-    BrowserConfigurationAuthError
-} from "../../src/error/BrowserConfigurationAuthError";
-import sinon from "sinon";
+import { BrowserConfigurationAuthErrorMessage, BrowserConfigurationAuthError } from "../../src/error/BrowserConfigurationAuthError";
 import { BrowserUtils } from "../../src/utils/BrowserUtils";
 import { BrowserConstants, TemporaryCacheKeys } from "../../src/utils/BrowserConstants";
 import { Base64Encode } from "../../src/encode/Base64Encode";

diff --git a/lib/msal-common/src/client/SPAClient.ts b/lib/msal-common/src/client/SPAClient.ts
@@ -20,6 +20,11 @@ import { StringUtils } from "../utils/StringUtils";
 import { UrlString } from "../url/UrlString";
 import { Account } from "../account/Account";
 import { buildClientInfo } from "../account/ClientInfo";
+import { B2cAuthority } from "../authority/B2cAuthority";
+import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest";
+import { RequestParameterBuilder } from "../server/RequestParameterBuilder";
+import { AuthorizationCodeRequest } from "../request/AuthorizationCodeRequest";
+import { RefreshTokenRequest } from "../request/RefreshTokenRequest";
 import { AuthorityType } from "../authority/AuthorityType";
 
 /**
@@ -145,52 +150,10 @@ export class SPAClient extends BaseClient {
      * also use the handleFragmentResponse() API to pass the codeResponse to this function afterwards.
      * @param codeResponse
      */
-    async acquireToken(codeResponse: CodeResponse): Promise<TokenResponse> {
-        try {
-            // If no code response is given, we cannot acquire a token.
-            if (!codeResponse || StringUtils.isEmpty(codeResponse.code)) {
-                throw ClientAuthError.createTokenRequestCannotBeMadeError();
-            }
-
-            // Get request from cache
-            const tokenRequest: TokenExchangeParameters = this.getCachedRequest(codeResponse.userRequestState);
-
-            // Initialize authority or use default, and perform discovery endpoint check.
-            const acquireTokenAuthority = (tokenRequest && tokenRequest.authority) ? AuthorityFactory.createInstance(tokenRequest.authority, this.networkClient) : this.defaultAuthority;
-
-            // This is temporary. Remove when ADFS is supported for browser
-            if(acquireTokenAuthority.authorityType == AuthorityType.Adfs){
-                throw ClientAuthError.createInvalidAuthorityTypeError(acquireTokenAuthority.canonicalAuthority);
-            }
-
-            if (!acquireTokenAuthority.discoveryComplete()) {
-                try {
-                    await acquireTokenAuthority.resolveEndpointsAsync();
-                } catch (e) {
-                    throw ClientAuthError.createEndpointDiscoveryIncompleteError(e);
-                }
-            }
-
-            // Get token endpoint.
-            const { tokenEndpoint } = acquireTokenAuthority;
-            // Initialize request parameters.
-            const tokenReqParams = new ServerTokenRequestParameters(
-                this.config.authOptions.clientId,
-                tokenRequest,
-                codeResponse,
-                this.getRedirectUri(),
-                this.cryptoUtils
-            );
-
-            // User helper to retrieve token response.
-            // Need to await function call before return to catch any thrown errors.
-            // if errors are thrown asynchronously in return statement, they are caught by caller of this function instead.
-            return await this.getTokenResponse(tokenEndpoint, tokenReqParams, tokenRequest, codeResponse);
-        } catch (e) {
-            // Reset cache items and set account to null before re-throwing.
-            this.spaCacheManager.resetTempCacheItems(codeResponse && codeResponse.userRequestState);
-            this.account = null;
-            throw e;
+    async acquireToken(codeRequest: AuthorizationCodeRequest, userState: string, cachedNonce: string): Promise<TokenResponse> {
+        // If no code response is given, we cannot acquire a token.
+        if (!codeRequest || StringUtils.isEmpty(codeRequest.code)) {
+            throw ClientAuthError.createTokenRequestCannotBeMadeError();
         }
 
         // Initialize authority or use default, and perform discovery endpoint check.
@@ -269,21 +232,26 @@ export class SPAClient extends BaseClient {
             }
         }
 
-            // Initialize authority or use default, and perform discovery endpoint check.
-            const acquireTokenAuthority = request.authority ? AuthorityFactory.createInstance(request.authority, this.networkClient) : this.defaultAuthority;
-
-            // This is temporary. Remove when ADFS is supported for browser
-            if(acquireTokenAuthority.authorityType == AuthorityType.Adfs){
-                throw ClientAuthError.createInvalidAuthorityTypeError(acquireTokenAuthority.canonicalAuthority);
-            }
-
-            if (!acquireTokenAuthority.discoveryComplete()) {
-                try {
-                    await acquireTokenAuthority.resolveEndpointsAsync();
-                } catch (e) {
-                    throw ClientAuthError.createEndpointDiscoveryIncompleteError(e);
-                }
-            }
+        // Get current cached tokens
+        const cachedTokenItem = this.getCachedTokens(requestScopes, acquireTokenAuthority.canonicalAuthority, account && account.homeAccountIdentifier);
+        const expirationSec = Number(cachedTokenItem.value.expiresOnSec);
+        const offsetCurrentTimeSec = TimeUtils.nowSeconds() + this.config.systemOptions.tokenRenewalOffsetSeconds;
+        // Check if refresh is forced, or if tokens are expired. If neither are true, return a token response with the found token entry.
+        if (!forceRefresh && expirationSec && expirationSec > offsetCurrentTimeSec) {
+            const cachedScopes = ScopeSet.fromString(cachedTokenItem.key.scopes, this.config.authOptions.clientId, true);
+            const defaultTokenResponse: TokenResponse = {
+                uniqueId: "",
+                tenantId: "",
+                scopes: cachedScopes.asArray(),
+                tokenType: cachedTokenItem.value.tokenType,
+                idToken: "",
+                idTokenClaims: null,
+                accessToken: cachedTokenItem.value.accessToken,
+                refreshToken: cachedTokenItem.value.refreshToken,
+                expiresOn: new Date(expirationSec * 1000),
+                account: account,
+                userRequestState: ""
+            };
 
             // Only populate id token if it exists in cache item.
             return StringUtils.isEmpty(cachedTokenItem.value.idToken) ? defaultTokenResponse :

@@ -11,7 +11,7 @@ import { UrlUtils } from "../utils/UrlUtils";
 import TelemetryManager from "../telemetry/TelemetryManager";
 import HttpEvent from "../telemetry/HttpEvent";
 import { TrustedAuthority } from "./TrustedAuthority";
-import { Constants } from '../utils/Constants';
+import { Constants, NetworkRequestType } from "../utils/Constants";
 
 /**
  * @hidden

@@ -43,7 +43,7 @@ export class Constants {
     static get renewToken(): string { return "RENEW_TOKEN"; }
     static get unknown(): string { return "UNKNOWN"; }
 
-    static get ADFS(): string { return "adfs"};
+    static get ADFS(): string { return "adfs"; };
 
     static get homeAccountIdentifier(): string { return "homeAccountIdentifier"; }