Instance Discovery 2.x

lib/msal-browser/src/app/PublicClientApplication.ts

@@ -12,7 +12,7 @@ import {
     Authority,
     AuthorityFactory,
     InteractionRequiredAuthError,
-    B2cAuthority,
+    TrustedAuthority,
     AuthorizationUrlRequest,
     PersistentCacheKeys,
     IdToken,
@@ -100,13 +100,9 @@ export class PublicClientApplication {
         this.browserStorage = new BrowserStorage(this.config.auth.clientId, this.config.cache);
 
         // Initialize default authority instance
-        B2cAuthority.setKnownAuthorities(this.config.auth.knownAuthorities);
+        TrustedAuthority.setTrustedAuthoritiesFromConfig(this.config.auth.knownAuthorities, this.config.auth.instanceMetadata);
 
-        this.defaultAuthorityPromise = AuthorityFactory.createDiscoveredInstance(
-            this.config.auth.authority,
-            this.networkClient,
-            true
-        );
+        this.defaultAuthorityPromise = AuthorityFactory.createDiscoveredInstance(this.config.auth.authority, this.networkClient, true);
 
         // Check for hash and save response promise
         this.tokenExchangePromise = this.handleRedirectResponse();
@@ -218,7 +214,7 @@ export class PublicClientApplication {
         const interactionHandler = new RedirectHandler(authClient, this.browserStorage);
         if (!StringUtils.isEmpty(responseHash)) {
             // Hash contains known properties - handle and return in callback
-            return interactionHandler.handleCodeResponse(responseHash, this.browserCrypto);
+            return interactionHandler.handleCodeResponse(responseHash, this.networkClient, this.browserCrypto);
         }
 
         // There is no hash - assume we are in clean state and clear any current request data.
@@ -330,7 +326,7 @@ export class PublicClientApplication {
         // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
         const hash = await interactionHandler.monitorWindowForHash(popupWindow, this.config.system.windowHashTimeout, navigateUrl);
         // Handle response from hash string.
-        return await interactionHandler.handleCodeResponse(hash);
+        return await interactionHandler.handleCodeResponse(hash, this.networkClient);
     }
 
     // #endregion
@@ -453,7 +449,7 @@ export class PublicClientApplication {
             // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
             const hash = await silentHandler.monitorFrameForHash(msalFrame, this.config.system.iframeHashTimeout, navigateUrl);
             // Handle response from hash string.
-            return await silentHandler.handleCodeResponse(hash);
+            return await silentHandler.handleCodeResponse(hash, this.networkClient);
         } catch (e) {
             throw e;
         }
@@ -576,8 +572,10 @@ export class PublicClientApplication {
      * @param authorityUri 
      */
     private async getClientConfiguration(authorityUri?: string): Promise<ClientConfiguration> {
-        const discoveredAuthority = authorityUri ? await AuthorityFactory.createDiscoveredInstance(authorityUri, this.config.system.networkClient) 
-            : await this.defaultAuthorityPromise;
+        const defaultAuthority = await this.defaultAuthorityPromise;
+        const shouldCreateAuthority = !!authorityUri && authorityUri !== defaultAuthority.canonicalAuthority;
+        const discoveredAuthority = shouldCreateAuthority ? await AuthorityFactory.createDiscoveredInstance(authorityUri, this.config.system.networkClient) 
+            : defaultAuthority;
         return {
             authOptions: {
                 clientId: this.config.auth.clientId,

lib/msal-browser/src/config/Configuration.ts

@@ -2,7 +2,7 @@
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
  */
-import { SystemOptions, LoggerOptions, INetworkModule, LogLevel, DEFAULT_SYSTEM_OPTIONS, Constants } from "@azure/msal-common";
+import { SystemOptions, LoggerOptions, INetworkModule, LogLevel, DEFAULT_SYSTEM_OPTIONS, Constants, IInstanceDiscoveryMetadata } from "@azure/msal-common";
 import { BrowserUtils } from "../utils/BrowserUtils";
 import { BrowserConstants } from "../utils/BrowserConstants";
 
@@ -14,6 +14,7 @@ export type BrowserAuthOptions = {
     clientId: string;
     authority?: string;
     knownAuthorities?: Array<string>;
+    instanceMetadata?: Array<IInstanceDiscoveryMetadata>;
     redirectUri?: string | (() => string);
     postLogoutRedirectUri?: string | (() => string);
     navigateToLoginRequestUrl?: boolean;
@@ -67,6 +68,7 @@ const DEFAULT_AUTH_OPTIONS: BrowserAuthOptions = {
     clientId: "",
     authority: `${Constants.DEFAULT_AUTHORITY}/`,
     knownAuthorities: [],
+    instanceMetadata: [],
     redirectUri: () => BrowserUtils.getCurrentUri(),
     postLogoutRedirectUri: () => BrowserUtils.getCurrentUri(),
     navigateToLoginRequestUrl: true

lib/msal-browser/src/interaction_handler/InteractionHandler.ts

@@ -2,7 +2,7 @@
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
  */
-import { StringUtils, AuthorizationCodeRequest, CacheSchemaType, AuthenticationResult, AuthorizationCodeClient } from "@azure/msal-common";
+import { StringUtils, AuthorizationCodeRequest, CacheSchemaType, AuthenticationResult, AuthorizationCodeClient, AuthorizationCodePayload, AuthorityFactory, INetworkModule } from "@azure/msal-common";
 import { BrowserStorage } from "../cache/BrowserStorage";
 import { BrowserAuthError } from "../error/BrowserAuthError";
 import { TemporaryCacheKeys } from "../utils/BrowserConstants";
@@ -31,7 +31,7 @@ export abstract class InteractionHandler {
      * Function to handle response parameters from hash.
      * @param locationHash
      */
-    async handleCodeResponse(locationHash: string): Promise<AuthenticationResult> {
+    async handleCodeResponse(locationHash: string, networkModule: INetworkModule): Promise<AuthenticationResult> {
         // Check that location hash isn't empty.
         if (StringUtils.isEmpty(locationHash)) {
             throw BrowserAuthError.createEmptyHashError(locationHash);
@@ -43,13 +43,23 @@ export abstract class InteractionHandler {
         const cachedNonce = this.browserStorage.getItem(this.browserStorage.generateCacheKey(cachedNonceKey), CacheSchemaType.TEMPORARY) as string;
 
         // Handle code response.
-        const authCode = this.authModule.handleFragmentResponse(locationHash, requestState);
+        const authCodeResponse: AuthorizationCodePayload = this.authModule.handleFragmentResponse(locationHash, requestState);
 
         // Assign code to request
-        this.authCodeRequest.code = authCode;
+        this.authCodeRequest.code = authCodeResponse.code;
+        if (authCodeResponse.cloud_graph_host_name) {
+            const cloudInstanceAuthorityUri = `https://${authCodeResponse.cloud_instance_host_name}/common/`;
+            if (cloudInstanceAuthorityUri !== this.browserStorage.getCachedAuthority()) {
+                const cloudInstanceAuthority = await AuthorityFactory.createDiscoveredInstance(this.authCodeRequest.authority, networkModule, true);
+                this.authModule.updateAuthority(cloudInstanceAuthority);
+            }
+        }
+
+        authCodeResponse.nonce = cachedNonce;
+        authCodeResponse.state = requestState;
 
         // Acquire token with retrieved code.
-        const tokenResponse = await this.authModule.acquireToken(this.authCodeRequest, cachedNonce, requestState);
+        const tokenResponse = await this.authModule.acquireToken(this.authCodeRequest, authCodeResponse);
         this.browserStorage.cleanRequest();
         return tokenResponse;
     }

lib/msal-browser/src/interaction_handler/RedirectHandler.ts

@@ -2,7 +2,7 @@
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
  */
-import { StringUtils, AuthorizationCodeRequest, ICrypto, CacheSchemaType, AuthenticationResult } from "@azure/msal-common";
+import { StringUtils, AuthorizationCodeRequest, ICrypto, CacheSchemaType, AuthenticationResult, INetworkModule, AuthorityFactory, AuthorizationCodePayload } from "@azure/msal-common";
 import { InteractionHandler } from "./InteractionHandler";
 import { BrowserAuthError } from "../error/BrowserAuthError";
 import { BrowserConstants, TemporaryCacheKeys } from "../utils/BrowserConstants";
@@ -46,7 +46,7 @@ export class RedirectHandler extends InteractionHandler {
      * Handle authorization code response in the window.
      * @param hash
      */
-    async handleCodeResponse(locationHash: string, browserCrypto?: ICrypto): Promise<AuthenticationResult> {
+    async handleCodeResponse(locationHash: string, networkModule: INetworkModule, browserCrypto?: ICrypto): Promise<AuthenticationResult> {
         // Check that location hash isn't empty.
         if (StringUtils.isEmpty(locationHash)) {
             throw BrowserAuthError.createEmptyHashError(locationHash);
@@ -62,14 +62,26 @@ export class RedirectHandler extends InteractionHandler {
         this.authCodeRequest = this.browserStorage.getCachedRequest(requestState, browserCrypto);
 
         // Handle code response.
-        const authCode = this.authModule.handleFragmentResponse(locationHash, requestState);
-        this.authCodeRequest.code = authCode;
+        const authCodeResponse: AuthorizationCodePayload = this.authModule.handleFragmentResponse(locationHash, requestState);
+
+        // Assign code to request
+        this.authCodeRequest.code = authCodeResponse.code;
+        if (authCodeResponse.cloud_graph_host_name) {
+            const cloudInstanceAuthorityUri = `https://${authCodeResponse.cloud_instance_host_name}/common/`;
+            if (cloudInstanceAuthorityUri !== this.browserStorage.getCachedAuthority()) {
+                const cloudInstanceAuthority = await AuthorityFactory.createDiscoveredInstance(this.authCodeRequest.authority, networkModule, true);
+                this.authModule.updateAuthority(cloudInstanceAuthority);
+            }
+        }
+
+        authCodeResponse.nonce = cachedNonce;
+        authCodeResponse.state = requestState;
 
         // Hash was processed successfully - remove from cache
         this.browserStorage.removeItem(this.browserStorage.generateCacheKey(TemporaryCacheKeys.URL_HASH));
 
         // Acquire token with retrieved code.
-        const tokenResponse = await this.authModule.acquireToken(this.authCodeRequest, cachedNonce, requestState);
+        const tokenResponse = await this.authModule.acquireToken(this.authCodeRequest, authCodeResponse);
         this.browserStorage.cleanRequest();
         return tokenResponse;
     }