Skip to content

Client Capabilities Support#226

Merged
Avery-Dunn merged 19 commits intodevfrom
avdunn/claims-and-capabilities
May 26, 2020
Merged

Client Capabilities Support#226
Avery-Dunn merged 19 commits intodevfrom
avdunn/claims-and-capabilities

Conversation

@Avery-Dunn
Copy link
Copy Markdown
Contributor

@Avery-Dunn Avery-Dunn commented Apr 30, 2020

Added support for client capabilities, as per #197

Main functionality is to create a new parameter that can be set as part of an authorization request, and this new parameter is merged into the existing claims parameter.

See AzureAD/microsoft-authentication-library-for-dotnet#1641 for a related implementation in the .NET library

@Avery-Dunn Avery-Dunn added Enhancement A request or suggestion to improve some aspect of the library SDK-Consistency Items that deal with consistency between all MSALs labels Apr 30, 2020
@Avery-Dunn Avery-Dunn linked an issue Apr 30, 2020 that may be closed by this pull request
[Feature Request] Client capabilities support #197
Closed
sangonzal
sangonzal reviewed May 4, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@sangonzal sangonzal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good.

src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java
Assert.assertNotNull(result.accessToken());
Assert.assertNotNull(result.idToken());
Assert.assertEquals(user.getUpn(), result.account().username());
}
Copy link
Copy Markdown
Contributor

@sangonzal sangonzal May 4, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you should be able to assert that the id token that gets returned has the claims that you requested.

@henrik-me henrik-me requested a review from bgavrilMS May 7, 2020 05:02
@bgavrilMS
Copy link
Copy Markdown
Member

bgavrilMS commented May 7, 2020

Although slightly off-topic, I encountered the following issue while implementing this on .NET - it looks like there is an expectation that if the user configures claims, then the token cache is bypassed (AcquireTokenSilent will behave as if ForceRefres=true). But if they configure only client capabilities, then the token cache is not bypassed. I believe this is how Android team also implemented this.

bgavrilMS
bgavrilMS previously requested changes May 7, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@bgavrilMS bgavrilMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Send claims to /token endpoint as well
If claims are configured, token cache must be bypassed. If client capabilities are configured, it should not.

@SomkaPe
Copy link
Copy Markdown
Contributor

SomkaPe commented May 11, 2020
edited
Loading

@bgavrilMS Not sure about sending claims to token endpoint - according to spec https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
it is an optional parameter for Authorization Request

Not sure about bypassing cache when "claims" is used - i would imagine that most of applications use claims parameter always or not use it at all.
So, applications configured with "claims" will never reuse AT ? Sounds wrong

bgavrilMS
bgavrilMS reviewed May 15, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@bgavrilMS bgavrilMS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we ironed out all the details. I'm afraid I don't have time to do review this in detail though, so removing my review so as not to block the PR>

sangonzal
sangonzal suggested changes May 20, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@sangonzal sangonzal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requirements have changed multiple times during the life of the this PR, so if it would be helpful lets schedule a meeting between you, @SomkaPe, and I so we can clearly define the requirements.

SomkaPe
SomkaPe reviewed May 20, 2020
View reviewed changes
Avery-Dunn added 3 commits May 21, 2020 12:10
@Avery-Dunn
Disable claims/capabilities test
122789f
@Avery-Dunn
Merge branch 'dev' of https://github.com/AzureAD/microsoft-authentica…
2091cb8 
…tion-library-for-java into avdunn/claims-and-capabilities

� Conflicts:
�	src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java
�	src/main/java/com/microsoft/aad/msal4j/AbstractClientApplicationBase.java
�	src/main/java/com/microsoft/aad/msal4j/AuthenticationErrorCode.java
@Avery-Dunn
Fix merge conflict
a297942
SomkaPe
SomkaPe reviewed May 22, 2020
View reviewed changes
@Avery-Dunn Avery-Dunn dismissed bgavrilMS’s stale review May 26, 2020 14:59

These changes are covered under another set of requested changes

@Avery-Dunn Avery-Dunn requested a review from sangonzal May 26, 2020 15:48
sangonzal
sangonzal approved these changes May 26, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@sangonzal sangonzal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@Avery-Dunn Avery-Dunn merged commit 2fd7db4 into dev May 26, 2020
@Avery-Dunn Avery-Dunn deleted the avdunn/claims-and-capabilities branch October 13, 2020 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bgavrilMS bgavrilMS bgavrilMS left review comments

@henrik-me henrik-me Awaiting requested review from henrik-me

+2 more reviewers

@SomkaPe SomkaPe SomkaPe approved these changes

@sangonzal sangonzal sangonzal approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Enhancement A request or suggestion to improve some aspect of the library SDK-Consistency Items that deal with consistency between all MSALs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Feature Request] Client capabilities support

4 participants

@Avery-Dunn @bgavrilMS @SomkaPe @sangonzal