Skip to content

Bound RT #2 - Request Bound Refresh Token #3505

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 95 commits into from
Feb 2, 2022
Merged

Bound RT #2 - Request Bound Refresh Token #3505

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
95 commits
Select commit Hold shift + click to select a range
4ba7234
Merge branch 'dev' of github.com:AzureAD/microsoft-authentication-lib…
hectormmg Apr 7, 2021
4faeced
Merge branch 'dev' of github.com:AzureAD/microsoft-authentication-lib…
hectormmg Apr 8, 2021
9e95250
Merge branch 'dev' of github.com:AzureAD/microsoft-authentication-lib…
hectormmg Apr 9, 2021
1ec67f3
Merge branch 'dev' of github.com:AzureAD/microsoft-authentication-lib…
hectormmg Apr 16, 2021
40bcdce
Merge branch 'dev' of github.com:AzureAD/microsoft-authentication-lib…
hectormmg Apr 16, 2021
75ede54
Add KeyManager class
hectormmg Apr 16, 2021
09ac0e7
Add STK JWK to BaseAuthRequest
hectormmg Apr 16, 2021
b8f8be0
Add STK generation logic to common and browser
hectormmg Apr 16, 2021
1072952
Update PublicClientApplication tests to mock out STK generation from …
hectormmg Apr 19, 2021
c4c209d
Undo msal-node-samples changes
hectormmg Apr 19, 2021
a80561c
Move generateCnf from PopTokenGenerator to KeyManager
hectormmg Apr 19, 2021
da24851
Refactor crypto key generation to use different key generation algori…
hectormmg Apr 20, 2021
1f95780
Merge branch 'dev' of github.com:AzureAD/microsoft-authentication-lib…
hectormmg Apr 20, 2021
f12b309
Merge branch 'dev' of github.com:AzureAD/microsoft-authentication-lib…
hectormmg Apr 21, 2021
62288ce
Merge branch 'dev' into bound-rt-stk
hectormmg Apr 21, 2021
20d70ab
Add missing API from Crypto Interface to msal-node
hectormmg Apr 21, 2021
fbfbe3e
Fix linter issues
hectormmg Apr 21, 2021
4062716
Merge branch 'dev' into bound-rt-stk
hectormmg Apr 22, 2021
5e4d6cc
Merge branch 'dev' into bound-rt-stk
hectormmg Apr 22, 2021
898f21c
Merge branch 'dev' into bound-rt-stk
hectormmg Apr 26, 2021
5b3c3c1
Merge branch 'dev' into bound-rt-stk
hectormmg Apr 30, 2021
0bfad76
Fix merge conflicts
hectormmg May 6, 2021
212eb0b
Merge branch 'bound-rt-stk' of github.com:AzureAD/microsoft-authentic…
hectormmg May 6, 2021
47bfe59
Update from dev
hectormmg May 14, 2021
2bf2ef2
Merge branch 'dev' into bound-rt-stk
hectormmg Jun 2, 2021
8d90c0e
Merge branch 'dev' into bound-rt-stk
hectormmg Jun 2, 2021
8df91eb
Add rtPop msal-browser sample
hectormmg Apr 21, 2021
d557d11
Add stk_jwk to /authorize call in AuthorizationCodeClient to initiate…
hectormmg Apr 21, 2021
afb5cea
Add STK JWK to /token request to obtain bound rt response
hectormmg Apr 21, 2021
82241e0
Add stkJwk to AuthorizationCodeClient tests
hectormmg Jun 2, 2021
be824f6
Merge branch 'dev' into bound-rt-stk
hectormmg Jun 10, 2021
6eab32a
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Jun 10, 2021
a2a8479
Update mock crypto interface in tests
hectormmg Jun 10, 2021
623ee37
Merge branch 'dev' into bound-rt-stk
hectormmg Jun 14, 2021
93fb293
Merge branch 'dev' into bound-rt-stk
hectormmg Jun 22, 2021
22cc522
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Jun 22, 2021
c285237
Merge branch 'dev' into bound-rt-stk
hectormmg Aug 3, 2021
f68caff
Fix merge conflicts
hectormmg Aug 3, 2021
80acc79
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Aug 3, 2021
4d1d627
Cleanup tests
hectormmg Aug 4, 2021
9aa503b
Refactor Cryptographic constants out of BrowserConstants and CryptoOps
hectormmg Aug 4, 2021
027e333
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Aug 4, 2021
b98766e
Fix generatePublicKeyThumbprint stubs and expected values on tests
hectormmg Aug 4, 2021
1a63a9a
Merge branch 'dev' into bound-rt-stk
hectormmg Aug 9, 2021
1f7b0a1
Fix tests after merge
hectormmg Aug 9, 2021
04c6850
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Aug 9, 2021
f761151
Merge branch 'dev' into bound-rt-stk
hectormmg Aug 16, 2021
4c896a6
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Aug 16, 2021
232f8a5
Merge branch 'dev' into bound-rt-stk
hectormmg Aug 31, 2021
2f90fa1
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Aug 31, 2021
7b2cc56
Merge branch 'dev' into bound-rt-stk
hectormmg Oct 5, 2021
80ac691
Add feature flag to make RT Binding opt-in
hectormmg Oct 5, 2021
94f0451
Add error handling to STK generation step
hectormmg Oct 5, 2021
4b21ac3
Merge branch 'dev' into bound-rt-stk
hectormmg Oct 5, 2021
7ca16e8
Refactor crypto enum names
hectormmg Oct 5, 2021
5aa9009
Add error handling for crypto key generation
hectormmg Oct 5, 2021
93d5145
Put KeyManager instance in BaseClient instead of AuthCode and Refresh…
hectormmg Oct 5, 2021
90e19c5
Fix import in BaseClient
hectormmg Oct 5, 2021
38ca687
Extend KeyManager tests
hectormmg Oct 5, 2021
5030726
Increase test coverage
hectormmg Oct 5, 2021
25685e3
Merge branch 'dev' into bound-rt-stk
hectormmg Oct 5, 2021
13d12a7
Update lib/msal-browser/src/utils/CryptoConstants.ts
hectormmg Oct 5, 2021
b177c12
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Oct 5, 2021
a9ee76e
Fix merge conflicts
hectormmg Oct 5, 2021
bfb6d4b
Add boundRT sample
hectormmg Oct 5, 2021
c364a75
Undo unnecessary method position change
hectormmg Oct 5, 2021
a4d4c62
Add initial e2e tests for RT PoP
hectormmg Oct 5, 2021
75a91ec
Merge branch 'dev' into bound-rt-stk
hectormmg Oct 5, 2021
ead8a5a
Revert to headless false for boundRT e2e test
hectormmg Oct 5, 2021
60c6f12
Update lib/msal-common/test/client/RefreshTokenClient.spec.ts
hectormmg Oct 5, 2021
86288dc
Fix incorrect typing and checks for private key on getPublicKeyThumbp…
hectormmg Oct 5, 2021
d23e4a3
Refactor cryptographic constants to have more consistent casing
hectormmg Oct 6, 2021
75c2c90
Merge branch 'dev' into bound-rt-stk
hectormmg Oct 12, 2021
d617cf0
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Oct 12, 2021
290a57b
Merge branch 'dev' into bound-rt-stk
hectormmg Oct 18, 2021
d5bd1e8
Merge branch 'dev' into bound-rt-stk
hectormmg Oct 19, 2021
cf95445
Merge branch 'dev' into bound-rt-stk
hectormmg Oct 21, 2021
8f19635
Merge branch 'dev' into bound-rt-stk
hectormmg Oct 21, 2021
ec5c2f6
Fix CryptoOps tests around getPublicKeyThumbprint
hectormmg Oct 21, 2021
138acc4
Move refreshTokenBinding feature flag to system config
hectormmg Oct 21, 2021
d820157
Update browser client config to move refreshTokenBinding flag to syst…
hectormmg Oct 21, 2021
f6f428e
Rename KeyManager to CryptoKeyManager for more specificity
hectormmg Oct 21, 2021
d766458
Merge branch 'dev' into bound-rt-stk
hectormmg Nov 1, 2021
a4e2ae5
Update BrowserAuthError to remove keyId from error message and avoid Pii
hectormmg Nov 1, 2021
3062774
Update lib/msal-browser/src/config/Configuration.ts
hectormmg Nov 1, 2021
2f4c583
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Nov 1, 2021
89d13f4
Update sample and fix merge bugs
hectormmg Nov 1, 2021
eef976e
Merge branch 'dev' into bound-rt-stk
hectormmg Nov 3, 2021
43c624c
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Nov 3, 2021
c78a250
Merge branch 'dev' into bound-rt-stk
hectormmg Nov 16, 2021
4f32920
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Nov 16, 2021
44e74cd
Merge branch 'dev' into bound-rt-stk
hectormmg Dec 6, 2021
227fb36
Merge branch 'bound-rt-stk' into bound-rt/acquire-bound-rt
hectormmg Dec 6, 2021
7cadde1
Merge branch 'refresh-token-binding' into bound-rt/acquire-bound-rt
hectormmg Jan 28, 2022
589d04a
Remove CryptoKeyManager class
hectormmg Jan 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/msal-browser/test/utils/StringConstants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -243,7 +243,7 @@ export const ALTERNATE_OPENID_CONFIG_RESPONSE = {
}
};

export const testNavUrl = `https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=${encodeURIComponent(`${TEST_CONFIG.MSAL_CLIENT_ID}`)}&scope=user.read%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Flocalhost%3A8081%2Findex.html&client-request-id=${encodeURIComponent(`${RANDOM_TEST_GUID}`)}&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=${version}&x-client-OS=&x-client-CPU=&client_info=1&code_challenge=JsjesZmxJwehdhNY9kvyr0QOeSMEvryY_EHZo3BKrqg&code_challenge_method=S256&nonce=${encodeURIComponent(`${RANDOM_TEST_GUID}`)}&state=${encodeURIComponent(`${TEST_STATE_VALUES.TEST_STATE_REDIRECT}`)}`;
export const testNavUrl = `https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=${encodeURIComponent(`${TEST_CONFIG.MSAL_CLIENT_ID}`)}&scope=user.read%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Flocalhost%3A8081%2Findex.html&client-request-id=${encodeURIComponent(`${RANDOM_TEST_GUID}`)}&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=${version}&x-client-OS=&x-client-CPU=&client_info=1&code_challenge=JsjesZmxJwehdhNY9kvyr0QOeSMEvryY_EHZo3BKrqg&code_challenge_method=S256&nonce=${encodeURIComponent(`${RANDOM_TEST_GUID}`)}&state=${encodeURIComponent(`${TEST_STATE_VALUES.TEST_STATE_REDIRECT}`)}&stk_jwk=${TEST_POP_VALUES.ENCODED_STK_JWK_THUMBPRINT}`;

export const testNavUrlNoRequest = `https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=${encodeURIComponent(`${TEST_CONFIG.MSAL_CLIENT_ID}`)}&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Flocalhost%3A8081%2Findex.html&client-request-id=${encodeURIComponent(`${RANDOM_TEST_GUID}`)}&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=${version}&x-client-OS=&x-client-CPU=&client_info=1&code_challenge=JsjesZmxJwehdhNY9kvyr0QOeSMEvryY_EHZo3BKrqg&code_challenge_method=S256&nonce=${encodeURIComponent(`${RANDOM_TEST_GUID}`)}&state=`;

Expand Down
9 changes: 9 additions & 0 deletions lib/msal-common/src/client/AuthorizationCodeClient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,11 @@ export class AuthorizationCodeClient extends BaseClient {
}
}

if (request.stkJwk) {
const stkJwk = await this.popTokenGenerator.retrieveAsymmetricPublicKey(request.stkJwk);
parameterBuilder.addStkJwk(stkJwk);
}

const correlationId = request.correlationId || this.config.cryptoInterface.createNewGuid();
parameterBuilder.addCorrelationId(correlationId);

Expand Down Expand Up @@ -401,6 +406,10 @@ export class AuthorizationCodeClient extends BaseClient {
parameterBuilder.addExtraQueryParameters(request.extraQueryParameters);
}

if (request.stkJwk) {
parameterBuilder.addStkJwkThumbprint(request.stkJwk);
}

return parameterBuilder.createQueryString();
}

Expand Down
6 changes: 5 additions & 1 deletion lib/msal-common/src/crypto/PopTokenGenerator.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,15 @@ import { ClientAuthError } from "../error/ClientAuthError";
* - sw: software storage
* - uhw: hardware storage
*/
type ReqCnf = {
export type ReqCnf = {
kid: string;
xms_ksl: KeyLocation;
};

export type StkJwkThumbprint = {
kid: string;
};

enum KeyLocation {
SoftwareStorage = "sw",
HardwareStorage = "uhw"
Expand Down
25 changes: 25 additions & 0 deletions lib/msal-common/src/request/RequestParameterBuilder.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import { LibraryInfo } from "../config/ClientConfiguration";
import { StringUtils } from "../utils/StringUtils";
import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManager";
import { ClientInfo } from "../account/ClientInfo";
import { StkJwkThumbprint } from "../crypto/PopTokenGenerator";

export class RequestParameterBuilder {

Expand Down Expand Up @@ -383,6 +384,30 @@ export class RequestParameterBuilder {
this.parameters.set(AADServerParamKeys.X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
}

/**
* Add stk_jwk thumbprint to query params
* @param stkJwkKid
*/
addStkJwkThumbprint(stkJwkKid: string): void {
if(!StringUtils.isEmpty(stkJwkKid)) {
const stkJwkThumbprint: StkJwkThumbprint = {
kid: stkJwkKid
};

this.parameters.set(AADServerParamKeys.STK_JWK, encodeURIComponent(JSON.stringify(stkJwkThumbprint)));
}
}

/**
* Add stk_jwk public key to query params
* @param stkJwk
*/
addStkJwk(stkJwk: string): void {
if(!StringUtils.isEmpty(stkJwk)) {
this.parameters.set(AADServerParamKeys.STK_JWK, encodeURIComponent(stkJwk));
}
}

/**
* Utility to create a URL from the params map
*/
Expand Down
1 change: 1 addition & 0 deletions lib/msal-common/src/utils/Constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,7 @@ export enum AADServerParamKeys {
CLIENT_ASSERTION_TYPE = "client_assertion_type",
TOKEN_TYPE = "token_type",
REQ_CNF = "req_cnf",
STK_JWK = "stk_jwk",
OBO_ASSERTION = "assertion",
REQUESTED_TOKEN_USE = "requested_token_use",
ON_BEHALF_OF = "on_behalf_of",
Expand Down
67 changes: 47 additions & 20 deletions lib/msal-common/test/client/AuthorizationCodeClient.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,8 @@ describe("AuthorizationCodeClient unit tests", () => {
codeChallenge: TEST_CONFIG.TEST_CHALLENGE,
codeChallengeMethod: Constants.S256_CODE_CHALLENGE_METHOD,
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER
authenticationScheme: AuthenticationScheme.BEARER,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(Constants.DEFAULT_AUTHORITY)).toBe(true);
Expand All @@ -75,6 +76,7 @@ describe("AuthorizationCodeClient unit tests", () => {
expect(loginUrl.includes(`${AADServerParamKeys.RESPONSE_MODE}=${encodeURIComponent(ResponseMode.QUERY)}`)).toBe(true);
expect(loginUrl.includes(`${AADServerParamKeys.CODE_CHALLENGE}=${encodeURIComponent(TEST_CONFIG.TEST_CHALLENGE)}`)).toBe(true);
expect(loginUrl.includes(`${AADServerParamKeys.CODE_CHALLENGE_METHOD}=${encodeURIComponent(Constants.S256_CODE_CHALLENGE_METHOD)}`)).toBe(true);
expect(loginUrl.includes(`${AADServerParamKeys.STK_JWK}=${encodeURIComponent(TEST_POP_VALUES.DECODED_STK_JWK_THUMBPRINT)}`)).toBe(true);
});

it("Creates an authorization url passing in optional parameters", async () => {
Expand All @@ -98,7 +100,8 @@ describe("AuthorizationCodeClient unit tests", () => {
claims: TEST_CONFIG.CLAIMS,
nonce: TEST_CONFIG.NONCE,
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER
authenticationScheme: AuthenticationScheme.BEARER,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(TEST_CONFIG.validAuthority)).toBe(true);
Expand All @@ -116,6 +119,7 @@ describe("AuthorizationCodeClient unit tests", () => {
expect(loginUrl.includes(`${SSOTypes.LOGIN_HINT}=${encodeURIComponent(TEST_CONFIG.LOGIN_HINT)}`)).toBe(true);
expect(loginUrl.includes(`${SSOTypes.DOMAIN_HINT}=${encodeURIComponent(TEST_CONFIG.DOMAIN_HINT)}`)).toBe(true);
expect(loginUrl.includes(`${AADServerParamKeys.CLAIMS}=${encodeURIComponent(TEST_CONFIG.CLAIMS)}`)).toBe(true);
expect(loginUrl.includes(`${AADServerParamKeys.STK_JWK}=${encodeURIComponent(TEST_POP_VALUES.DECODED_STK_JWK_THUMBPRINT)}`)).toBe(true);
});

it("Adds CCS entry if loginHint is provided", async () => {
Expand Down Expand Up @@ -193,7 +197,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl).toEqual(expect.not.arrayContaining([`${SSOTypes.LOGIN_HINT}=`]));
Expand All @@ -216,7 +221,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(`${SSOTypes.LOGIN_HINT}=${encodeURIComponent(TEST_CONFIG.LOGIN_HINT)}`)).toBe(true);
Expand All @@ -238,7 +244,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(`${SSOTypes.LOGIN_HINT}=`)).toBe(false);
Expand All @@ -260,7 +267,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(`${SSOTypes.LOGIN_HINT}=${encodeURIComponent(TEST_CONFIG.LOGIN_HINT)}`)).toBe(true);
Expand Down Expand Up @@ -299,7 +307,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(`${SSOTypes.SID}=${encodeURIComponent(testTokenClaims.sid)}`)).toBe(true);
Expand Down Expand Up @@ -336,7 +345,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(`${SSOTypes.SID}=`)).toBe(false);
Expand Down Expand Up @@ -371,7 +381,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(`${SSOTypes.LOGIN_HINT}=${encodeURIComponent(TEST_CONFIG.LOGIN_HINT)}`)).toBe(true);
Expand All @@ -392,7 +403,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(`${SSOTypes.LOGIN_HINT}=${encodeURIComponent(TEST_ACCOUNT_INFO.username)}`)).toBe(true);
Expand All @@ -415,7 +427,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(`${SSOTypes.LOGIN_HINT}=`)).toBe(false);
Expand All @@ -437,7 +450,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(`${SSOTypes.LOGIN_HINT}=`)).toBe(false);
Expand All @@ -459,7 +473,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};
const loginUrl = await client.getAuthCodeUrl(authCodeUrlRequest);
expect(loginUrl.includes(`${SSOTypes.LOGIN_HINT}=`)).toBe(false);
Expand All @@ -483,7 +498,8 @@ describe("AuthorizationCodeClient unit tests", () => {
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority,
responseMode: ResponseMode.FRAGMENT
responseMode: ResponseMode.FRAGMENT,
stkJwk: TEST_POP_VALUES.KID
};

const loginUrl = await client.getAuthCodeUrl(loginRequest);
Expand Down Expand Up @@ -611,7 +627,8 @@ describe("AuthorizationCodeClient unit tests", () => {
code: "",
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
authority: TEST_CONFIG.validAuthority
authority: TEST_CONFIG.validAuthority,
stkJwk: TEST_POP_VALUES.KID
};
// @ts-ignore
await expect(client.acquireToken(codeRequest, null)).rejects.toMatchObject(ClientAuthError.createTokenRequestCannotBeMadeError());
Expand Down Expand Up @@ -875,7 +892,8 @@ describe("AuthorizationCodeClient unit tests", () => {
codeVerifier: TEST_CONFIG.TEST_VERIFIER,
claims: TEST_CONFIG.CLAIMS,
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER
authenticationScheme: AuthenticationScheme.BEARER,
stkJwk: TEST_POP_VALUES.KID
};

await client.acquireToken(authCodeRequest, {
Expand Down Expand Up @@ -951,7 +969,8 @@ describe("AuthorizationCodeClient unit tests", () => {
codeVerifier: TEST_CONFIG.TEST_VERIFIER,
claims: TEST_CONFIG.CLAIMS,
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER
authenticationScheme: AuthenticationScheme.BEARER,
stkJwk: TEST_POP_VALUES.KID
};

const authenticationResult = await client.acquireToken(authCodeRequest, {
Expand Down Expand Up @@ -989,6 +1008,8 @@ describe("AuthorizationCodeClient unit tests", () => {
expect(returnVal.includes(`${AADServerParamKeys.X_CLIENT_CPU}=${TEST_CONFIG.TEST_CPU}`)
).toBe(true);
expect(returnVal.includes(`${AADServerParamKeys.X_MS_LIB_CAPABILITY}=${ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE}`)).toBe(true);
expect(returnVal.includes(`${AADServerParamKeys.STK_JWK}=${TEST_POP_VALUES.ENCODED_STK_JWK_THUMBPRINT}`)
).toBe(true);
});

it("Adds tokenQueryParameters to the /token request", () => {
Expand All @@ -1009,6 +1030,7 @@ describe("AuthorizationCodeClient unit tests", () => {
claims: TEST_CONFIG.CLAIMS,
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER,
stkJwk: TEST_POP_VALUES.KID,
tokenQueryParameters: {
testParam: "testValue"
}
Expand Down Expand Up @@ -1189,7 +1211,8 @@ describe("AuthorizationCodeClient unit tests", () => {
resourceRequestMethod: "POST",
resourceRequestUri: TEST_URIS.TEST_RESOURCE_ENDPT_WITH_PARAMS,
claims: TEST_CONFIG.CLAIMS,
correlationId: RANDOM_TEST_GUID
correlationId: RANDOM_TEST_GUID,
stkJwk: TEST_POP_VALUES.KID
};

const authenticationResult = await client.acquireToken(authCodeRequest, {
Expand All @@ -1213,6 +1236,8 @@ describe("AuthorizationCodeClient unit tests", () => {
expect(returnVal.includes(`${AADServerParamKeys.TOKEN_TYPE}=${AuthenticationScheme.POP}`)).toBe(true);
expect(returnVal.includes(`${AADServerParamKeys.REQ_CNF}=${encodeURIComponent(TEST_POP_VALUES.ENCODED_REQ_CNF)}`)).toBe(true);
expect(returnVal.includes(`${AADServerParamKeys.CLAIMS}=${encodeURIComponent(TEST_CONFIG.CLAIMS)}`)).toBe(true);
expect(returnVal.includes(`${AADServerParamKeys.STK_JWK}=${TEST_POP_VALUES.ENCODED_STK_JWK_THUMBPRINT}`)).toBe(true);

});

it("Sends the required parameters when a SSH certificate is requested", async () => {
Expand Down Expand Up @@ -1488,7 +1513,8 @@ describe("AuthorizationCodeClient unit tests", () => {
codeVerifier: TEST_CONFIG.TEST_VERIFIER,
claims: TEST_CONFIG.CLAIMS,
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER
authenticationScheme: AuthenticationScheme.BEARER,
stkJwk: TEST_POP_VALUES.KID
};

const authenticationResult = await client.acquireToken(authCodeRequest, {
Expand Down Expand Up @@ -1570,7 +1596,8 @@ describe("AuthorizationCodeClient unit tests", () => {
codeVerifier: TEST_CONFIG.TEST_VERIFIER,
claims: TEST_CONFIG.CLAIMS,
correlationId: RANDOM_TEST_GUID,
authenticationScheme: AuthenticationScheme.BEARER
authenticationScheme: AuthenticationScheme.BEARER,
stkJwk: TEST_POP_VALUES.KID
};

const authenticationResult = await client.acquireToken(authCodeRequest, {
Expand Down
2 changes: 1 addition & 1 deletion lib/msal-node/src/crypto/CryptoProvider.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,6 @@ export class CryptoProvider implements ICrypto {
* @param keyThumbprint
*/
getAsymmetricPublicKey(): Promise<string> {
throw new Error("Method not implemented");
throw new Error("Method not implemented.");
}
}
Loading