Merge pull request #2190 from AzureAD/broker-request-popup

Broker #3: Popup requests from embedded application

Author: Prithvi Kanherkar

lib/msal-browser/src/app/PublicClientApplication.ts

@@ -8,10 +8,9 @@ import { DEFAULT_REQUEST } from "../utils/BrowserConstants";
 import { IPublicClientApplication } from "./IPublicClientApplication";
 import { RedirectRequest } from "../request/RedirectRequest";
 import { PopupRequest } from "../request/PopupRequest";
-import { BrokerManager } from "../broker/BrokerManager";
-import { BrokerClient } from "../broker/BrokerClient";
 import { ClientApplication } from "./ClientApplication";
-import { version } from "../../package.json";
+import { BrokerClientApplication } from "../broker/BrokerClientApplication";
+import { EmbeddedClientApplication } from "../broker/EmbeddedClientApplication";
 
 /**
  * The PublicClientApplication class is the object exposed by the library to perform authentication and authorization functions in Single Page Applications
@@ -20,8 +19,8 @@ import { version } from "../../package.json";
 export class PublicClientApplication extends ClientApplication implements IPublicClientApplication {
 
     // Broker Objects
-    private embeddedApp: BrokerClient;
-    private broker: BrokerManager;
+    protected embeddedApp: EmbeddedClientApplication;
+    protected broker: BrokerClientApplication;
 
     /**
      * @constructor
@@ -49,15 +48,20 @@ export class PublicClientApplication extends ClientApplication implements IPubli
         this.initializeBrokering();
     }
 
+    /**
+     * 
+     */
     private initializeBrokering(): void {
         if (this.config.system.brokerOptions.actAsBroker) {
-            this.broker = new BrokerManager(this.config.system.brokerOptions, this.logger, version);
-            this.logger.verbose("Acting as Broker");
-            this.broker.listenForMessage();
+            this.broker = new BrokerClientApplication(this.config);
         } else if (this.config.system.brokerOptions.allowBrokering) {
-            this.embeddedApp = new BrokerClient(this.config.system.brokerOptions, this.logger, this.config.auth.clientId,  version);
+            this.embeddedApp = new EmbeddedClientApplication(this.config, this.logger, this.browserStorage);
             this.logger.verbose("Acting as child");
-            this.embeddedApp.initiateHandshake();
+            try {
+                this.embeddedApp.initiateHandshake();
+            } catch (e) {
+                this.logger.error(`Broker handshake failed: ${e}`);
+            }
         }
     }
 
@@ -85,7 +89,7 @@ export class PublicClientApplication extends ClientApplication implements IPubli
      */
     async acquireTokenRedirect(request: RedirectRequest): Promise<void> {
         // Check for brokered request
-        if (this.embeddedApp && this.embeddedApp.brokeringEnabled) {
+        if (this.embeddedApp && this.embeddedApp.brokerConnectionEstablished) {
             return this.embeddedApp.sendRedirectRequest(request);
         }
         return super.acquireTokenRedirect(request);
@@ -113,7 +117,7 @@ export class PublicClientApplication extends ClientApplication implements IPubli
      * @returns {Promise.<AuthenticationResult>} - a promise that is fulfilled when this function has completed, or rejected if an error was raised. Returns the {@link AuthResponse} object
      */
     acquireTokenPopup(request: PopupRequest): Promise<AuthenticationResult> {
-        if (this.embeddedApp && this.embeddedApp.brokeringEnabled) {
+        if (this.embeddedApp && this.embeddedApp.brokerConnectionEstablished) {
             return this.embeddedApp.sendPopupRequest(request);
         }
         return super.acquireTokenPopup(request);

lib/msal-browser/src/broker/BrokerAuthRequest.ts

@@ -9,7 +9,7 @@ export class BrokerAuthRequest extends BrokerMessage {
     public request: RedirectRequest | PopupRequest;
 
     constructor(embeddedClientId: string, interactionType: InteractionType, request: RedirectRequest | PopupRequest) {
-        super("BrokerAuthRequest");
+        super(BrokerMessageType.AUTH_REQUEST);
         this.embeddedClientId = embeddedClientId;
         this.interactionType = interactionType;
         this.request = request;

lib/msal-browser/src/broker/BrokerAuthResult.ts

@@ -0,0 +1,30 @@
+import { BrokerMessage } from "./BrokerMessage";
+import { BrokerAuthenticationResult } from "@azure/msal-common";
+import { InteractionType, BrokerMessageType } from "../utils/BrowserConstants";
+
+export class BrokerAuthResult extends BrokerMessage {
+    public interactionType: InteractionType;
+    public result: BrokerAuthenticationResult;
+    public error: Error;
+
+    constructor(interactionType: InteractionType, authResult: BrokerAuthenticationResult, authError?: Error) {
+        super(BrokerMessageType.AUTH_RESULT);
+        this.interactionType = interactionType;
+        this.result = authResult;
+        this.error = authError;
+    }
+
+    static validate(message: MessageEvent): BrokerAuthResult | null {
+        if (message.data &&
+            message.data.messageType === BrokerMessageType.AUTH_RESULT &&
+            message.data.interactionType &&
+            (message.data.result || message.data.error)) {
+
+            // TODO: verify version compat
+
+            return new BrokerAuthResult(message.data.interactionType, message.data.result);
+        }
+
+        return null;
+    }
+}

lib/msal-browser/src/broker/BrokerClientApplication.ts

@@ -0,0 +1,125 @@
+/*
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+import { version } from "../../package.json";
+import { BrokerAuthenticationResult, ServerTelemetryManager, AuthorizationCodeClient, BrokerAuthorizationCodeClient } from "@azure/msal-common";
+import { BrokerMessage } from "./BrokerMessage";
+import { BrokerMessageType, InteractionType } from "../utils/BrowserConstants";
+import { Configuration } from "../config/Configuration";
+import { BrokerHandshakeRequest } from "./BrokerHandshakeRequest";
+import { BrokerHandshakeResponse } from "./BrokerHandshakeResponse";
+import { BrokerAuthRequest } from "./BrokerAuthRequest";
+import { BrokerRedirectResponse } from "./BrokerRedirectResponse";
+import { RedirectRequest } from "../request/RedirectRequest";
+import { BrokerAuthResult } from "./BrokerAuthResult";
+import { ClientApplication } from "../app/ClientApplication";
+import { PopupRequest } from "../request/PopupRequest";
+
+/**
+ * Broker Application class to manage brokered requests.
+ */
+export class BrokerClientApplication extends ClientApplication {
+
+    constructor(configuration: Configuration) {
+        super(configuration);
+        this.logger.verbose("Acting as Broker");
+        this.listenForBrokerMessage();
+    }
+
+    /**
+     * 
+     */
+    private listenForBrokerMessage(): void {
+        window.addEventListener("message", this.handleBrokerMessage.bind(this));
+    }
+
+    /**
+     * 
+     * @param message 
+     */
+    private async handleBrokerMessage(message: MessageEvent): Promise<void> {
+        // Check that message is a BrokerHandshakeRequest
+        const clientMessage = BrokerMessage.validateMessage(message);
+        if (clientMessage) {
+            switch (clientMessage.data.messageType) {
+                case BrokerMessageType.HANDSHAKE_REQUEST:
+                    this.logger.verbose("Broker handshake request received");
+                    return await this.handleBrokerHandshake(clientMessage);
+                case BrokerMessageType.AUTH_REQUEST:
+                    this.logger.verbose("Broker auth request received");
+                    return await this.handleBrokerAuthRequest(clientMessage);
+                default:
+                    return;
+            }
+        }
+    }
+
+    /* eslint-disable */
+    /**
+     * Handle a broker handshake request from a child.
+     * @param clientMessage 
+     */
+    private async handleBrokerHandshake(clientMessage: MessageEvent): Promise<void> {
+        const validMessage = BrokerHandshakeRequest.validate(clientMessage);
+        this.logger.verbose(`Broker handshake validated: ${validMessage}`);
+        const brokerHandshakeResponse = new BrokerHandshakeResponse(version);
+
+        // @ts-ignore
+        clientMessage.source.postMessage(brokerHandshakeResponse, clientMessage.origin);
+        this.logger.info(`Sending handshake response: ${brokerHandshakeResponse}`);
+    }
+
+    /**
+     * Handle a brokered auth request from the child.
+     * @param clientMessage 
+     */
+    private async handleBrokerAuthRequest(clientMessage: MessageEvent): Promise<void> {
+        const validMessage = BrokerAuthRequest.validate(clientMessage);
+        if (validMessage) {
+            this.logger.verbose(`Broker auth request validated: ${validMessage}`);
+            switch (validMessage.interactionType) {
+                case InteractionType.REDIRECT:
+                    return this.brokeredRedirectRequest(validMessage, clientMessage.ports[0]);
+                case InteractionType.POPUP:
+                    return this.brokeredPopupRequest(validMessage, clientMessage.ports[0]);
+                default:
+                    return;
+            }
+        }
+    }
+
+    private async brokeredRedirectRequest(validMessage: BrokerAuthRequest, clientPort: MessagePort): Promise<void> {
+        const brokerRedirectResp = new BrokerRedirectResponse();
+        // @ts-ignore
+        clientPort.postMessage(brokerRedirectResp);
+        this.logger.info(`Sending redirect response: ${brokerRedirectResp}`);
+
+        // Call loginRedirect
+        this.acquireTokenRedirect(validMessage.request as RedirectRequest);
+    }
+
+    private async brokeredPopupRequest(validMessage: BrokerAuthRequest, clientPort: MessagePort): Promise<void> {
+        try {
+            const response: BrokerAuthenticationResult = (await this.acquireTokenPopup(validMessage.request as PopupRequest)) as BrokerAuthenticationResult;
+            const brokerAuthResponse: BrokerAuthResult = new BrokerAuthResult(InteractionType.POPUP, response);
+            this.logger.info(`Sending auth response: ${brokerAuthResponse}`);
+            clientPort.postMessage(brokerAuthResponse);
+        } catch (err) {
+            const brokerAuthResponse = new BrokerAuthResult(InteractionType.POPUP, null, err);
+            this.logger.info(`Found auth error: ${err}`);
+            clientPort.postMessage(brokerAuthResponse);
+        }
+    }
+
+    /**
+     * Creates an Broker Authorization Code Client with the given authority, or the default authority.
+     * @param authorityUrl 
+     */
+    protected async createAuthCodeClient(serverTelemetryManager: ServerTelemetryManager, authorityUrl?: string): Promise<AuthorizationCodeClient> {
+        // Create auth module.
+        const clientConfig = await this.getClientConfiguration(serverTelemetryManager, authorityUrl);
+        
+        return new BrokerAuthorizationCodeClient(clientConfig);
+    }
+}

lib/msal-browser/src/broker/BrokerManager.ts

@@ -16,10 +16,15 @@ export abstract class BrokerMessage {
 
     static validateMessage(message: MessageEvent): MessageEvent|null {
         if (message.data && message.data.messageType) {
-            if (message.data.messageType in BrokerMessageType) {
-                return message;
-            } else {
-                throw(BrowserAuthError.createInvalidBrokerMessageError());
+            switch(message.data.messageType) {
+                case BrokerMessageType.HANDSHAKE_REQUEST:
+                case BrokerMessageType.HANDSHAKE_RESPONSE:
+                case BrokerMessageType.AUTH_REQUEST:
+                case BrokerMessageType.AUTH_RESULT:
+                case BrokerMessageType.REDIRECT_RESPONSE:
+                    return message;
+                default:
+                    return null;
             }
         } else {
             return null;