Pass optional tenant override to internal silent call #886
Conversation
| assertResultNotNull(resultOrganizations); | ||
| assertResultNotNull(resultOrganizationsCached); | ||
|
|
||
| assertNotEquals(resultNoOverride.accessToken(), resultOrganizations.accessToken()); |
There was a problem hiding this comment.
nit: you really should get that improvement of exposing a fromCache flag in the auth result going. This string comparison is not great. ESTS-R for example caches tokens.
msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/OnBehalfOfIT.java
Outdated
Show resolved
Hide resolved
msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OnBehalfOfTests.java
Outdated
Show resolved
Hide resolved
| class OnBehalfOfTests { | ||
|
|
||
| private String getSuccessfulResponse(String accessToken) { | ||
| return "{\"access_token\":\""+accessToken+"\",\"expires_in\": \""+ 60*60*1000 +"\",\"token_type\":" + |
There was a problem hiding this comment.
You also need to add a client_info, that is part of all user token protocols.
There was a problem hiding this comment.
In the latest commit this has been moved to TestHelper, and now has client_info, access/id/refresh tokens, etc.
msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/OnBehalfOfTests.java
Outdated
Show resolved
Hide resolved
| @@ -26,6 +26,7 @@ AuthenticationResult execute() throws Exception { | |||
| SilentParameters parameters = SilentParameters | |||
| .builder(this.clientCredentialRequest.parameters.scopes()) | |||
| .claims(this.clientCredentialRequest.parameters.claims()) | |||
| .tenant(this.clientCredentialRequest.parameters.tenant()) | |||
There was a problem hiding this comment.
Added tests in the latest commit, essentially just a copy/paste of the OBO tests but use the type of Parameters that would go through this code.
| .httpClient(httpClientMock) | ||
| .build(); | ||
|
|
||
| when(httpClientMock.send(any(HttpRequest.class))).thenReturn(expectedResponse(200, getSuccessfulResponse("appTenantToken"))); |
There was a problem hiding this comment.
You should only return that response once, not all the time, i.e. assert that only 1 call to the token endpoint is made.
There was a problem hiding this comment.
It might be more clear in the latest commit since I refactored some of the code, but the verify(httpClientMock, times(1)).send(any()); later on was verifying exactly that.
The 'send' method is essentially the final step which sends the request to the endpoint, and 'httpClientMock' was passed into the confidential client app so that mocked HTTP client is getting used for all HTTP calls in the test. So, verifying the number of times 'send' was called is just a quick way of counting the number of calls to the token endpoint.
| //Signed JWT which should be enough to pass the parsing/validation in the library, useful if a unit test needs an | ||
| // assertion but that is not the focus of the test | ||
| static String signedAssertion = generateToken(); | ||
| private static final String successfulResponseFormat = "{\"access_token\":\"%s\",\"id_token\":\"%s\",\"refresh_token\":\"%s\"," + |
There was a problem hiding this comment.
nit: successfulUserTokenResponseFormat
Fixes an issue described in #881. Essentially, there is an API at the request level which overrides the tenant set at the application level.
However, in some confidential flows we internally make a silent call with a new SilentParameters object which did not receive the tenant that may have been set with that API.
This PR fixes the two places where that API wasn't getting properly passed to that internal silent call, adds a new test for that behavior, and makes a few unrelated fixes/improvements to some integration tests.