Identity adfs support aug 2020

eng/code-quality-reports/src/main/resources/spotbugs/spotbugs-exclude.xml

@@ -633,7 +633,6 @@
           name="com.azure.data.appconfiguration.credentials.ConfigurationClientCredentials$AuthorizationHeaderProvider"/>
       <Class name="com.azure.messaging.eventhubs.EventData$SystemProperties"/>
       <Class name="com.azure.messaging.eventhubs.implementation.ReactorSender$WeightedDeliveryTag"/>
-      <Class name="com.azure.identity.implementation.AuthorizationCodeListener"/>
     </Or>
     <Bug pattern="UPM_UNCALLED_PRIVATE_METHOD"/>
   </Match>

eng/versioning/external_dependencies.txt

@@ -151,7 +151,7 @@ com.microsoft.azure:azure-mgmt-resources;1.3.0
 com.microsoft.azure:azure-mgmt-search;1.24.1
 com.microsoft.azure:azure-mgmt-storage;1.3.0
 com.microsoft.azure:azure-storage;8.0.0
-com.microsoft.azure:msal4j;1.6.1
+com.microsoft.azure:msal4j;1.6.2
 com.microsoft.azure:msal4j-persistence-extension;1.0.0
 com.sun.activation:jakarta.activation;1.2.2
 io.opentelemetry:opentelemetry-api;0.6.0
@@ -245,7 +245,6 @@ org.eclipse.m2e:lifecycle-mapping;1.0.0
 org.jacoco:jacoco-maven-plugin;0.8.5
 org.jacoco:org.jacoco.agent;0.8.5
 org.mockito:mockito-core;3.3.3
-org.nanohttpd:nanohttpd;2.3.1
 org.revapi:revapi-java;0.20.0
 org.revapi:revapi-maven-plugin;0.11.2
 

sdk/eventhubs/microsoft-azure-eventhubs/pom.xml

@@ -76,7 +76,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.6.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.6.2</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
       <scope>test</scope>
     </dependency>
     <dependency>

sdk/identity/azure-identity/pom.xml

@@ -32,7 +32,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.6.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.6.2</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
     </dependency>
     <dependency>
       <groupId>com.microsoft.azure</groupId>
@@ -44,11 +44,6 @@
       <artifactId>oauth2-oidc-sdk</artifactId>
       <version>7.1.1</version> <!-- {x-version-update;com.nimbusds:oauth2-oidc-sdk;external_dependency} -->
     </dependency>
-    <dependency>
-      <groupId>org.nanohttpd</groupId>
-      <artifactId>nanohttpd</artifactId>
-      <version>2.3.1</version> <!-- {x-version-update;org.nanohttpd:nanohttpd;external_dependency} -->
-    </dependency>
 
     <dependency>
       <groupId>junit</groupId>
@@ -116,12 +111,11 @@
           <rules>
             <bannedDependencies>
               <includes>
-                <include>com.microsoft.azure:msal4j:[1.6.1]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
+                <include>com.microsoft.azure:msal4j:[1.6.2]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
                 <include>com.microsoft.azure:msal4j-persistence-extension:[1.0.0]</include> <!-- {x-include-update;com.microsoft.azure:msal4j-persistence-extension;external_dependency} -->
                 <include>com.nimbusds:oauth2-oidc-sdk:[7.1.1]</include> <!-- {x-include-update;com.nimbusds:oauth2-oidc-sdk;external_dependency} -->
                 <include>net.java.dev.jna:jna-platform:[5.4.0]</include> <!-- {x-include-update;net.java.dev.jna:jna-platform;external_dependency} -->
                 <include>org.linguafranca.pwdb:KeePassJava2:[2.1.4]</include> <!-- {x-include-update;org.linguafranca.pwdb:KeePassJava2;external_dependency} -->
-                <include>org.nanohttpd:nanohttpd:[2.3.1]</include> <!-- {x-include-update;org.nanohttpd:nanohttpd;external_dependency} -->
               </includes>
             </bannedDependencies>
           </rules>

sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java

@@ -33,6 +33,7 @@
 import com.microsoft.aad.msal4j.IAccount;
 import com.microsoft.aad.msal4j.IAuthenticationResult;
 import com.microsoft.aad.msal4j.IClientCredential;
+import com.microsoft.aad.msal4j.InteractiveRequestParameters;
 import com.microsoft.aad.msal4j.PublicClientApplication;
 import com.microsoft.aad.msal4j.RefreshTokenParameters;
 import com.microsoft.aad.msal4j.SilentParameters;
@@ -42,7 +43,6 @@
 import com.microsoft.aad.msal4jextensions.persistence.linux.KeyRingAccessException;
 import com.sun.jna.Platform;
 import reactor.core.publisher.Mono;
-import reactor.core.scheduler.Schedulers;
 
 import java.io.BufferedReader;
 import java.io.File;
@@ -76,7 +76,6 @@
 import java.util.Map;
 import java.util.Random;
 import java.util.Scanner;
-import java.util.UUID;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Consumer;
@@ -111,6 +110,7 @@ public class IdentityClient {
     private static final String DEFAULT_CONFIDENTIAL_KEYRING_ITEM_NAME = DEFAULT_CONFIDENTIAL_KEYCHAIN_ACCOUNT;
     private static final String DEFAULT_KEYRING_ATTR_NAME = "MsalClientID";
     private static final String DEFAULT_KEYRING_ATTR_VALUE = "Microsoft.Developer.IdentityService";
+    private static final String HTTP_LOCALHOST = "http://localhost";
     private final ClientLogger logger = new ClientLogger(IdentityClient.class);
 
     private final IdentityClientOptions options;
@@ -640,38 +640,20 @@ public Mono<MsalToken> authenticateWithAuthorizationCode(TokenRequestContext req
      * @return a Publisher that emits an AccessToken
      */
     public Mono<MsalToken> authenticateWithBrowserInteraction(TokenRequestContext request, int port) {
-        String authorityUrl = options.getAuthorityHost().replaceAll("/+$", "") + "/" + tenantId;
-        return AuthorizationCodeListener.create(port)
-            .flatMap(server -> {
-                URI redirectUri;
-                String browserUri;
-                try {
-                    redirectUri = new URI(String.format("http://localhost:%s", port));
-                    browserUri =
-                        String.format("%s/oauth2/v2.0/authorize?response_type=code&response_mode=query&prompt"
-                                + "=select_account&client_id=%s&redirect_uri=%s&state=%s&scope=%s",
-                            authorityUrl,
-                            clientId,
-                            redirectUri.toString(),
-                            UUID.randomUUID(),
-                            String.join(" ", request.getScopes()));
-                } catch (URISyntaxException e) {
-                    return server.dispose().then(Mono.error(e));
-                }
+        URI redirectUri;
+        try {
+            redirectUri = new URI(HTTP_LOCALHOST + ":" + port);
+        } catch (URISyntaxException e) {
+            return Mono.error(logger.logExceptionAsError(new RuntimeException(e)));
+        }
+        InteractiveRequestParameters parameters = InteractiveRequestParameters.builder(redirectUri)
+                                                     .scopes(new HashSet<>(request.getScopes()))
+                                                     .build();
+        Mono<IAuthenticationResult> acquireToken = publicClientApplicationAccessor.getValue()
+                               .flatMap(pc -> Mono.fromFuture(() -> pc.acquireToken(parameters)));
 
-                return server.listen()
-                    .mergeWith(Mono.<String>fromRunnable(() -> {
-                        try {
-                            openUrl(browserUri);
-                        } catch (IOException e) {
-                            throw logger.logExceptionAsError(new IllegalStateException(e));
-                        }
-                    }).subscribeOn(Schedulers.newSingle("browser")))
-                    .next()
-                    .flatMap(code -> authenticateWithAuthorizationCode(request, code, redirectUri))
-                    .onErrorResume(t -> server.dispose().then(Mono.error(t)))
-                    .flatMap(msalToken -> server.dispose().then(Mono.just(msalToken)));
-            });
+        return acquireToken.onErrorMap(t -> new ClientAuthenticationException(
+            "Failed to acquire token with Interactive Browser Authentication.", null, t)).map(MsalToken::new);
     }
 
     /**
@@ -821,7 +803,16 @@ public Mono<AccessToken> authenticateToIMDSEndpoint(TokenRequestContext request)
                         throw logger.logExceptionAsError(new RuntimeException(
                                 String.format("Could not connect to the url: %s.", url), exception));
                     }
-                    int responseCode = connection.getResponseCode();
+                    int responseCode;
+                    try {
+                        responseCode = connection.getResponseCode();
+                    } catch (Exception e) {
+                        throw logger.logExceptionAsError(
+                            new CredentialUnavailableException(
+                                "ManagedIdentityCredential authentication unavailable. "
+                                    + "Connection to IMDS endpoint cannot be established, "
+                                    + e.getMessage() + ".", e));
+                    }
                     if (responseCode == 410
                             || responseCode == 429
                             || responseCode == 404

sdk/identity/azure-identity/src/main/java/module-info.java

@@ -8,7 +8,6 @@
     requires msal4j.persistence.extension;
     requires com.sun.jna;
     requires com.sun.jna.platform;
-    requires nanohttpd;
     requires org.reactivestreams;
     requires org.linguafranca.pwdb.database;
     requires org.linguafranca.pwdb.kdbx;

sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/IdentityClientTests.java

@@ -16,6 +16,7 @@
 import com.microsoft.aad.msal4j.IClientCertificate;
 import com.microsoft.aad.msal4j.IClientCredential;
 import com.microsoft.aad.msal4j.IClientSecret;
+import com.microsoft.aad.msal4j.InteractiveRequestParameters;
 import com.microsoft.aad.msal4j.MsalServiceException;
 import com.microsoft.aad.msal4j.PublicClientApplication;
 import com.microsoft.aad.msal4j.SilentParameters;
@@ -29,7 +30,6 @@
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
-import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;
 
 import java.io.ByteArrayInputStream;
@@ -55,7 +55,7 @@
 
 @RunWith(PowerMockRunner.class)
 @PowerMockIgnore({"com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*"})
-@PrepareForTest({CertificateUtil.class, ClientCredentialFactory.class, AuthorizationCodeListener.class, Runtime.class, URL.class, ConfidentialClientApplication.class, ConfidentialClientApplication.Builder.class, PublicClientApplication.class, PublicClientApplication.Builder.class, IdentityClient.class})
+@PrepareForTest({CertificateUtil.class, ClientCredentialFactory.class, Runtime.class, URL.class, ConfidentialClientApplication.class, ConfidentialClientApplication.Builder.class, PublicClientApplication.class, PublicClientApplication.Builder.class, IdentityClient.class})
 public class IdentityClientTests {
 
     private static final String TENANT_ID = "contoso.com";
@@ -303,8 +303,7 @@ public void testBrowserAuthenicationCodeFlow() throws Exception {
         OffsetDateTime expiresOn = OffsetDateTime.now(ZoneOffset.UTC).plusHours(1);
 
         // mock
-        mockForAuthorizationCodeFlow(token, request, expiresOn);
-        mocForBrowserAuthenticationCodeFlow();
+        mocForBrowserAuthenticationCodeFlow(token, request, expiresOn);
 
         // test
         IdentityClientOptions options = new IdentityClientOptions();
@@ -470,12 +469,22 @@ private void mockForIMDSCodeFlow(String tokenJson) throws Exception {
         when(huc.getInputStream()).thenReturn(inputStream);
     }
 
-    private void mocForBrowserAuthenticationCodeFlow() throws Exception {
-        AuthorizationCodeListener authorizationCodeListener = PowerMockito.mock(AuthorizationCodeListener.class);
-        whenNew(AuthorizationCodeListener.class).withAnyArguments().thenReturn((authorizationCodeListener));
-        when(authorizationCodeListener.listen()).thenReturn(Mono.just("auth-Code"));
-        when(authorizationCodeListener.dispose()).thenReturn(Mono.empty());
-        when(authorizationCodeListener.dispose()).thenReturn(Mono.empty());
+    private void mocForBrowserAuthenticationCodeFlow(String token, TokenRequestContext request, OffsetDateTime expiresOn) throws Exception {
+        PublicClientApplication application = PowerMockito.mock(PublicClientApplication.class);
+        when(application.acquireToken(any(InteractiveRequestParameters.class)))
+            .thenAnswer(invocation -> {
+                InteractiveRequestParameters argument = (InteractiveRequestParameters) invocation.getArguments()[0];
+                if (argument.scopes().size() != 1 || request.getScopes().get(0).equals(argument.scopes().iterator().next())) {
+                    return TestUtils.getMockAuthenticationResult(token, expiresOn);
+                } else {
+                    throw new InvalidUseOfMatchersException(String.format("Argument %s does not match", (Object) argument));
+                }
+            });
+        PublicClientApplication.Builder builder = PowerMockito.mock(PublicClientApplication.Builder.class);
+        when(builder.build()).thenReturn(application);
+        when(builder.authority(any())).thenReturn(builder);
+        when(builder.httpClient(any())).thenReturn(builder);
+        whenNew(PublicClientApplication.Builder.class).withArguments(CLIENT_ID).thenReturn(builder);
     }
 
     private void mockForAuthorizationCodeFlow(String token1, TokenRequestContext request, OffsetDateTime expiresAt) throws Exception {

sdk/spring/azure-spring-boot-starter-active-directory/pom.xml

@@ -58,7 +58,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.6.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.6.2</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
     </dependency>
     <dependency>
       <groupId>com.nimbusds</groupId>
@@ -84,7 +84,7 @@
               <includes>
                 <include>com.microsoft.azure:azure-spring-boot:[2.4.0-beta.1]</include> <!-- {x-include-update;com.microsoft.azure:azure-spring-boot;current} --> -->
                 <include>com.fasterxml.jackson.core:jackson-databind:[2.11.2]</include> <!-- {x-include-update;com.fasterxml.jackson.core:jackson-databind;external_dependency} -->
-                <include>com.microsoft.azure:msal4j:[1.6.1]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
+                <include>com.microsoft.azure:msal4j:[1.6.2]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
                 <include>com.nimbusds:nimbus-jose-jwt:[7.9]</include> <!-- {x-include-update;com.nimbusds:nimbus-jose-jwt;external_dependency} -->
                 <include>org.springframework:spring-web:[5.2.8.RELEASE]</include> <!-- {x-include-update;org.springframework:spring-web;external_dependency} -->
                 <include>org.springframework.boot:spring-boot-starter:[2.3.3.RELEASE]</include> <!-- {x-include-update;org.springframework.boot:spring-boot-starter;external_dependency} -->

sdk/spring/azure-spring-boot/pom.xml

@@ -158,7 +158,7 @@
     <dependency>
       <groupId>com.microsoft.azure</groupId>
       <artifactId>msal4j</artifactId>
-      <version>1.6.1</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
+      <version>1.6.2</version> <!-- {x-version-update;com.microsoft.azure:msal4j;external_dependency} -->
       <optional>true</optional>
     </dependency>
 
@@ -264,7 +264,7 @@
               <includes>
                 <include>com.fasterxml.jackson.core:jackson-databind:[2.11.2]</include> <!-- {x-include-update;com.fasterxml.jackson.core:jackson-databind;external_dependency} -->
                 <include>net.minidev:json-smart:[2.3]</include> <!-- {x-include-update;net.minidev:json-smart;external_dependency} -->
-                <include>com.microsoft.azure:msal4j:[1.6.1]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
+                <include>com.microsoft.azure:msal4j:[1.6.2]</include> <!-- {x-include-update;com.microsoft.azure:msal4j;external_dependency} -->
                 <include>com.microsoft.azure:spring-data-cosmosdb:[2.3.0]</include> <!-- {x-include-update;com.microsoft.azure:spring-data-cosmosdb;external_dependency} -->
                 <include>com.microsoft.spring.data.gremlin:spring-data-gremlin:[2.3.0]</include> <!-- {x-include-update;com.microsoft.spring.data.gremlin:spring-data-gremlin;external_dependency} -->
                 <include>com.nimbusds:nimbus-jose-jwt:[7.9]</include> <!-- {x-include-update;com.nimbusds:nimbus-jose-jwt;external_dependency} -->