diff --git a/msal4j-persistence-extension/target/test-classes/log4j.properties b/msal4j-persistence-extension/target/test-classes/log4j.properties new file mode 100644 index 00000000..b59c17fa --- /dev/null +++ b/msal4j-persistence-extension/target/test-classes/log4j.properties @@ -0,0 +1,10 @@ +# This file is located under the Maven/Gradle build output directory: +# msal4j-persistence-extension/target/test-classes/log4j.properties +# It should not be tracked in version control and should be removed +# from the repository, with the entire `target/` directory ignored +# via .gitignore (or equivalent). +# +# The contents below were removed to prevent this accidental artifact +# from affecting runtime logging configuration. Do not add any active +# Log4j configuration here; instead, place it under src/test/resources +# or src/main/resources as appropriate. \ No newline at end of file diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java index bc92b006..b9c8b5d8 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java @@ -113,9 +113,18 @@ private AuthorizationRequestUrlParameters(Builder builder) { } if (builder.responseMode != null) { - this.responseMode = builder.responseMode; - requestParameters.put("response_mode", - builder.responseMode.toString()); + // Override QUERY with FORM_POST as QUERY is deprecated + if (builder.responseMode == ResponseMode.QUERY) { + LOG.warn("ResponseMode.QUERY is deprecated and will be removed in a future release. " + + "Automatically overriding to ResponseMode.FORM_POST."); + this.responseMode = ResponseMode.FORM_POST; + requestParameters.put("response_mode", + ResponseMode.FORM_POST.toString()); + } else { + this.responseMode = builder.responseMode; + requestParameters.put("response_mode", + builder.responseMode.toString()); + } } else { this.responseMode = ResponseMode.FORM_POST; requestParameters.put("response_mode", @@ -368,6 +377,7 @@ public Builder nonce(String val) { /** * Specifies the method that should be used to send the authentication result to your app. + * @deprecated ResponseMode.QUERY is deprecated. If you pass ResponseMode.QUERY, it will be automatically overridden to ResponseMode.FORM_POST. */ public Builder responseMode(ResponseMode val) { this.responseMode = val; diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java index 9f24d2e7..f6c43ce2 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java @@ -18,7 +18,9 @@ public enum ResponseMode { /** * Authorization result returned as query string in the redirect URL when redirecting back to the * client application. + * @deprecated Query response mode is no longer supported. Use FORM_POST instead. If provided, it will be automatically overridden to FORM_POST. */ + @Deprecated QUERY("query"), /** diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java index e7976478..d629eabe 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java @@ -98,32 +98,23 @@ void testBuilder_conflictingParameters() { } @Test - void testBuilder_optionalParameters() throws UnsupportedEncodingException { - Set clientCapabilities = new HashSet<>(); - clientCapabilities.add("llt"); - clientCapabilities.add("ssm"); - - PublicClientApplication app = PublicClientApplication.builder("client_id").clientCapabilities(clientCapabilities).build(); + void testBuilder_queryResponseModeIsOverriddenToFormPost() throws UnsupportedEncodingException { + PublicClientApplication app = PublicClientApplication.builder("client_id").build(); String redirectUri = "http://localhost:8080"; Set scope = Collections.singleton("scope"); + // Test that when QUERY is passed (deprecated), it's overridden to FORM_POST AuthorizationRequestUrlParameters parameters = AuthorizationRequestUrlParameters .builder(redirectUri, scope) - .extraScopesToConsent(new LinkedHashSet<>(Arrays.asList("extraScopeToConsent1", "extraScopeToConsent2"))) - .responseMode(ResponseMode.QUERY) - .codeChallenge("challenge") - .codeChallengeMethod("method") - .state("app_state") - .nonce("app_nonce") - .correlationId("corr_id") - .loginHint("hint") - .domainHint("domain_hint") - .claimsChallenge("{\"id_token\":{\"auth_time\":{\"essential\":true}},\"access_token\":{\"auth_time\":{\"essential\":true}}}") - .prompt(Prompt.SELECT_ACCOUNT) + .responseMode(ResponseMode.QUERY) // Deprecated - should be overridden .build(); + // Verify that the responseMode is overridden to FORM_POST + assertEquals(ResponseMode.FORM_POST, parameters.responseMode(), + "ResponseMode.QUERY should be overridden to ResponseMode.FORM_POST"); + URL authorizationUrl = app.getAuthorizationRequestUrl(parameters); Map queryParameters = new HashMap<>(); @@ -137,23 +128,8 @@ void testBuilder_optionalParameters() throws UnsupportedEncodingException { URLDecoder.decode(pair.substring(idx + 1), "UTF-8")); } - assertEquals(queryParameters.get("scope"), - "openid profile offline_access scope extraScopeToConsent1 extraScopeToConsent2"); - assertEquals(queryParameters.get("response_type"), "code"); - assertEquals(queryParameters.get("redirect_uri"), "http://localhost:8080"); - assertEquals(queryParameters.get("client_id"), "client_id"); - assertEquals(queryParameters.get("prompt"), "select_account"); - assertEquals(queryParameters.get("response_mode"), "query"); - assertEquals(queryParameters.get("code_challenge"), "challenge"); - assertEquals(queryParameters.get("code_challenge_method"), "method"); - assertEquals(queryParameters.get("state"), "app_state"); - assertEquals(queryParameters.get("nonce"), "app_nonce"); - assertEquals(queryParameters.get("correlation_id"), "corr_id"); - assertEquals(queryParameters.get("login_hint"), "hint"); - assertEquals(queryParameters.get("domain_hint"), "domain_hint"); - assertEquals(queryParameters.get("claims"), "{\"access_token\":{\"auth_time\":{\"essential\":true},\"xms_cc\":{\"values\":[\"llt\",\"ssm\"]}},\"id_token\":{\"auth_time\":{\"essential\":true}}}"); - - // CCS routing - assertEquals(queryParameters.get(HttpHeaders.X_ANCHOR_MAILBOX), String.format(HttpHeaders.X_ANCHOR_MAILBOX_UPN_FORMAT, "hint")); + // Verify that the actual response_mode parameter is "form_post", not "query" + assertEquals("form_post", queryParameters.get("response_mode"), + "response_mode query parameter should be 'form_post' even when QUERY was specified"); } }