-
Notifications
You must be signed in to change notification settings - Fork 143
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add support for both current and legacy B2C authority formats (#594)
* Add support for both current and legacy B2C authority formats * Fix B2C format test
- Loading branch information
1 parent
d1cb3be
commit 92eace8
Showing
6 changed files
with
64 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -373,6 +373,18 @@ public T authority(String val) throws MalformedURLException { | |
return self(); | ||
} | ||
|
||
/** | ||
* Set URL of the authenticating B2C authority from which MSAL will acquire tokens | ||
* | ||
* Valid B2C authorities should look like: https://<something.b2clogin.com/<tenant>/<policy> | ||
* | ||
* MSAL Java also supports a legacy B2C authority format, which looks like: https://<host>/tfp/<tenant>/<policy> | ||
* | ||
* However, MSAL Java will eventually stop supporting the legacy format. See here for information on how to migrate to the new format: https://aka.ms/msal4j-b2c | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
Avery-Dunn
Author
Collaborator
|
||
* | ||
* @param val a boolean value for validateAuthority | ||
* @return instance of the Builder on which method was called | ||
*/ | ||
public T b2cAuthority(String val) throws MalformedURLException { | ||
authority = Authority.enforceTrailingSlash(val); | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -26,27 +26,42 @@ class B2CAuthority extends Authority { | |
} | ||
|
||
private void validatePathSegments(String[] segments) { | ||
if (segments.length < 3) { | ||
if (segments.length < 2) { | ||
throw new IllegalArgumentException( | ||
"B2C 'authority' Uri should have at least 3 segments in the path " + | ||
"(i.e. https://<host>/tfp/<tenant>/<policy>/...)"); | ||
"Valid B2C 'authority' URLs should follow either of these formats: https://<host>/<tenant>/<policy>/... or https://<host>/something/<tenant>/<policy>/..."); | ||
} | ||
} | ||
|
||
private void setAuthorityProperties() { | ||
String[] segments = canonicalAuthorityUrl.getPath().substring(1).split("/"); | ||
|
||
// In the early days of MSAL, the only way for the library to identify a B2C authority was whether or not the authority | ||
// had three segments in the path, and the first segment was 'tfp'. Valid B2C authorities looked like: https://<host>/tfp/<tenant>/<policy>/... | ||
// | ||
// More recent changes to B2C should ensure that any new B2C authorities have 'b2clogin.com' in the host of the URL, | ||
// so app developers shouldn't need to add 'tfp' and the first path segment should just be the tenant: https://<something>.b2clogin.com/<tenant>/<policy>/... | ||
// | ||
// However, legacy URLs using the old format must still be supported by these sorts of checks here and elsewhere, so for the near | ||
// future at least we must consider both formats as valid until we're either sure all customers are swapped, | ||
// or until we're comfortable with a potentially breaking change | ||
validatePathSegments(segments); | ||
|
||
policy = segments[2]; | ||
|
||
final String b2cAuthorityFormat = "https://%s/%s/%s/%s/"; | ||
this.authority = String.format( | ||
b2cAuthorityFormat, | ||
canonicalAuthorityUrl.getAuthority(), | ||
segments[0], | ||
segments[1], | ||
segments[2]); | ||
try { | ||
policy = segments[2]; | ||
this.authority = String.format( | ||
"https://%s/%s/%s/%s/", | ||
canonicalAuthorityUrl.getAuthority(), | ||
segments[0], | ||
segments[1], | ||
segments[2]); | ||
} catch (IndexOutOfBoundsException e){ | ||
policy = segments[1]; | ||
this.authority = String.format( | ||
"https://%s/%s/%s/", | ||
canonicalAuthorityUrl.getAuthority(), | ||
segments[0], | ||
segments[1]); | ||
} | ||
This comment has been minimized.
Sorry, something went wrong.
bpossolo
|
||
|
||
this.authorizationEndpoint = String.format(B2C_AUTHORIZATION_ENDPOINT_FORMAT, host, tenant, policy); | ||
this.tokenEndpoint = String.format(B2C_TOKEN_ENDPOINT_FORMAT, host, tenant, policy); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
this url doesn't work: https://aka.ms/msal4j-b2c