PR feedback

Author: Santiago Gonzalez

README.md

@@ -48,10 +48,7 @@ To run this sample, you'll need:
 
 To successfully use this sample, you need a working installation of [Java](https://openjdk.java.net/install/) and [Maven](https://maven.apache.org/).
 
-### Step 2:  Clone or download this repository your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory**.
-                                                 Change your portal session to the desired Azure AD tenant.
-                                              1. In the portal menu, select the **Azure Active Directory** service, and then select **App registrations**.
-
+### Step 2:  Clone or download this repository 
 
 From your shell or command line:
 
@@ -69,7 +66,7 @@ As a first step you'll need to:
 
 1. Sign in to the [Azure portal](https://portal.azure.com) using either a work or school account or a personal Microsoft account.
 1. If your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then switch directory. Change your portal session to the desired Azure AD tenant.
-In the portal menu, select the Azure Active Directory service, and then select App registrations.
+1. In the portal menu, select the Azure Active Directory service, and then select App registrations.
 > In the next steps, you might need the tenant name (or directory name) or the tenant ID (or directory ID). These are presented in the **Properties** of the Azure Active Directory window respectively as *Name* and *Directory ID*
 
 #### Register the Web Api app (Java-webapi)

msal-obo-sample/pom.xml

@@ -19,7 +19,7 @@
         <dependency>
             <groupId>com.microsoft.azure</groupId>
             <artifactId>msal4j</artifactId>
-            <version>1.9.1</version>
+            <version>1.10.0</version>
         </dependency>
         <dependency>
             <groupId>org.json</groupId>

msal-obo-sample/src/main/java/com/microsoft/azure/msalobosample/OboAuthProvider.java

@@ -7,9 +7,7 @@
 import com.microsoft.aad.msal4j.ClientCredentialFactory;
 import com.microsoft.aad.msal4j.ConfidentialClientApplication;
 import com.microsoft.aad.msal4j.IAuthenticationResult;
-import com.microsoft.aad.msal4j.MsalException;
 import com.microsoft.aad.msal4j.OnBehalfOfParameters;
-import com.microsoft.aad.msal4j.SilentParameters;
 import com.microsoft.aad.msal4j.UserAssertion;
 import com.microsoft.graph.authentication.BaseAuthenticationProvider;
 import org.jetbrains.annotations.NotNull;
@@ -51,11 +49,11 @@ public CompletableFuture<String> getAuthorizationTokenAsync(@Nonnull URL url) {
 
         // Gets incoming access token and generates cache key. The cache key will be used to store
         // the tokens for the incoming request.
-        String authToken = this.getAuthToken();
+        String authToken = this.getAccessTokenFromRequest();
         String cacheKey = Hashing.sha256().hashString(authToken, StandardCharsets.UTF_8).toString();
 
         IAuthenticationResult authResult;
-        ConfidentialClientApplication application = null;
+        ConfidentialClientApplication application;
         try {
             application = ConfidentialClientApplication
                     .builder(clientId, ClientCredentialFactory.createFromSecret(secret))
@@ -67,21 +65,15 @@ public CompletableFuture<String> getAuthorizationTokenAsync(@Nonnull URL url) {
                 application.tokenCache().deserialize(cachedTokens);
             }
 
-            SilentParameters silentParameters =
-                    SilentParameters.builder(Collections.singleton(scope))
+            OnBehalfOfParameters parameters =
+                    OnBehalfOfParameters.builder(Collections.singleton(scope),
+                            new UserAssertion(authToken))
                             .build();
-            authResult = application.acquireTokenSilently(silentParameters).join();
+            authResult = application.acquireToken(parameters).join();
+
         } catch (Exception ex) {
-            if (ex.getCause() instanceof MsalException) {
-                OnBehalfOfParameters parameters =
-                        OnBehalfOfParameters.builder(Collections.singleton(scope),
-                                new UserAssertion(authToken))
-                                .build();
-                authResult = application.acquireToken(parameters).join();
-            } else {
-                throw new AuthException(String.format("Error acquiring token from AAD: %s", ex.getMessage()),
-                        ex.getCause());
-            }
+            throw new AuthException(String.format("Error acquiring token from AAD: %s", ex.getMessage()),
+                    ex.getCause());
         }
 
         cacheManager.getCache("tokens").put(cacheKey, application.tokenCache().serialize());
@@ -93,7 +85,7 @@ public CompletableFuture<String> getAuthorizationTokenAsync(@Nonnull URL url) {
      * be exchanged for an access token to access Microsoft Graph, on behalf of the user that is
      * signed in the web application.
      */
-    private String getAuthToken() {
+    private String getAccessTokenFromRequest() {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 
         String res = null;

msal-web-sample/pom.xml

@@ -19,7 +19,7 @@
 		<dependency>
 			<groupId>com.microsoft.azure</groupId>
 			<artifactId>msal4j</artifactId>
-			<version>1.9.1</version>
+			<version>1.10.0</version>
 		</dependency>
 		<dependency>
 			<groupId>com.nimbusds</groupId>

msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthFilter.java

@@ -74,7 +74,7 @@ public void doFilterInternal(HttpServletRequest httpRequest, HttpServletResponse
                 // Attempt to refresh tokens and session
                 IAuthenticationResult result = authHelper.getAuthResultBySilentFlow(
                         httpRequest,
-                        authHelper.getApiDefaultScope());
+                        authHelper.getOboDefaultScope());
                 authHelper.setSessionPrincipal(httpRequest, result);
             }
         } catch (MsalException msalException) {

msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthHelper.java

@@ -29,7 +29,7 @@ class AuthHelper {
     private String clientSecret;
     private String authority;
     private String redirectUri;
-    private String apiDefaultScope;
+    private String oboDefaultScope;
     private String logoutRedirectUrl;
 
     @Autowired
@@ -41,7 +41,7 @@ public void init() {
         authority = configuration.getAuthority();
         clientSecret = configuration.getSecretKey();
         redirectUri = configuration.getRedirectUri();
-        apiDefaultScope = configuration.getApiDefaultScope();
+        oboDefaultScope = configuration.getOboDefaultScope();
         logoutRedirectUrl = configuration.getLogoutRedirectUri();
     }
 
@@ -115,7 +115,7 @@ String getRedirectUrl(String state, String nonce) {
         AuthorizationRequestUrlParameters parameters =
                 AuthorizationRequestUrlParameters
                         .builder(redirectUri,
-                                new HashSet<>(Arrays.asList(apiDefaultScope)))
+                                new HashSet<>(Arrays.asList(oboDefaultScope)))
                         .responseMode(ResponseMode.FORM_POST)
                         .prompt(Prompt.SELECT_ACCOUNT)
                         .state(state)
@@ -166,8 +166,8 @@ static boolean containsAuthenticationCode(HttpServletRequest httpRequest) {
         return isPostRequest && (containsErrorData || containsCode || containIdToken);
     }
 
-    public String getApiDefaultScope() {
-        return apiDefaultScope;
+    public String getOboDefaultScope() {
+        return oboDefaultScope;
     }
 
     public String getLogoutRedirectUrl() {

msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/AuthPageController.java

@@ -43,20 +43,29 @@ public ModelAndView securePage(HttpServletRequest httpRequest) throws ParseExcep
     }
 
     @RequestMapping("/msal4jsample/sign_out")
-    public void signOut(HttpServletRequest httpRequest, HttpServletResponse response) throws IOException {
+    public void signOut(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws IOException {
         httpRequest.getSession().invalidate();
 
-        response.sendRedirect(AuthHelper.END_SESSION_ENDPOINT +
+        httpResponse.sendRedirect(AuthHelper.END_SESSION_ENDPOINT +
                 "?post_logout_redirect_uri=" + URLEncoder.encode(authHelper.getLogoutRedirectUrl(), "UTF-8"));
     }
 
     @RequestMapping("/obo_api")
-    public ModelAndView callOboApi(HttpServletRequest httpRequest) throws Exception {
-        ModelAndView mav = new ModelAndView("auth_page");
-        setAccountInfo(mav, httpRequest);
+    public ModelAndView callOboApi(HttpServletRequest httpRequest, HttpServletResponse httpResponse) throws Exception {
 
-        IAuthenticationResult result = authHelper.getAuthResultBySilentFlow(httpRequest, authHelper.configuration.apiDefaultScope);
-        String oboApiCallResult = callOboService(result.accessToken());
+        ModelAndView mav = new ModelAndView("auth_page");
+        String oboApiCallResult = null;
+        try {
+            setAccountInfo(mav, httpRequest);
+
+            IAuthenticationResult result = authHelper.getAuthResultBySilentFlow(httpRequest, authHelper.configuration.oboDefaultScope);
+            oboApiCallResult = callOboService(result.accessToken());
+        } catch (Exception ex) {
+            authHelper.removePrincipalFromSession(httpRequest);
+            httpResponse.setStatus(500);
+            httpRequest.setAttribute("error", ex.getMessage());
+            httpRequest.getRequestDispatcher("/error").forward(httpRequest, httpResponse);
+        }
 
         mav.addObject("obo_api_call_res", oboApiCallResult);
         return mav;

msal-web-sample/src/main/java/com/microsoft/azure/msalwebsample/BasicConfiguration.java

@@ -14,7 +14,7 @@ class BasicConfiguration {
     String redirectUri;
     String logoutRedirectUri;
     String secretKey;
-    String apiDefaultScope;
+    String oboDefaultScope;
 
     public String getClientId() {
         return clientId;
@@ -39,8 +39,8 @@ public String getSecretKey() {
         return secretKey;
     }
 
-    public String getApiDefaultScope() {
-        return apiDefaultScope;
+    public String getOboDefaultScope() {
+        return oboDefaultScope;
     }
 
     public void setClientId(String clientId) {
@@ -59,8 +59,8 @@ public void setSecretKey(String secretKey) {
         this.secretKey = secretKey;
     }
 
-    public void setApiDefaultScope(String apiDefaultScope) {
-        this.apiDefaultScope = apiDefaultScope;
+    public void setOboDefaultScope(String oboDefaultScope) {
+        this.oboDefaultScope = oboDefaultScope;
     }
 
     public void setLogoutRedirectUri(String logoutRedirectUri) {

msal-web-sample/src/main/resources/application.properties

@@ -6,7 +6,7 @@ aad.redirectUri=http://localhost:8080/msal4jsample/secure/aad
 aad.logoutRedirectUri=http://localhost:8080
 
 # AAD scopes
-aad.apiDefaultScope=Enter_the_Api_Scope_Here
+aad.oboDefaultScope=Enter_the_Api_Scope_Here
 
 # Change the port to 8443 if running HTTPS. Also update port in the redirect/logoutRedirectUri above
 server.port=8080