Merge branch 'dev' into fix_issue

Author: weijjia

README.md

@@ -29,7 +29,6 @@ var AuthenticationContext = require('adal-node').AuthenticationContext;
 
 var clientId = 'yourClientIdHere';
 var clientSecret = 'yourAADIssuedClientSecretHere'
-var redirectUri = 'yourRedirectUriHere';
 var authorityHostUrl = 'https://login.windows.net';
 var tenant = 'myTenant';
 var authorityUrl = authorityHostUrl + '/' + tenant;
@@ -40,8 +39,8 @@ var templateAuthzUrl = 'https://login.windows.net/' +
                         '/oauth2/authorize?response_type=code&client_id=' +
                         clientId + 
                         '&redirect_uri=' + 
-                        redirectUri + '
-                        &state=<state>&resource=' + 
+                        redirectUri + 
+                        '&state=<state>&resource=' + 
                         resource;
 
 function createAuthorizationUrl(state) {

changelog.txt

@@ -1,3 +1,13 @@
+Version 0.1.18
+--------------
+Release Date: 5 Feb 2016
+    * Add oid in IDTokenMap to expose for returned user info. 
+
+Version 0.1.17
+--------------
+Release Date: 8 Oct 2015
+    * Add support for cross tenant refresh token
+
 Version 0.1.16
 --------------
 Release Date: 3 Sep 2015

lib/authentication-context.js

@@ -400,7 +400,9 @@ AuthenticationContext.prototype.acquireUserCode = function(resource, clientId, l
 };
 
 /**
- * Gets a new access token using via a device code. 
+ * Gets a new access token using via a device code.
+ * @note This method doesn't look up the cache, it only stores the returned token into cache. To look up cache before making a new request, 
+ *       please use acquireToken.  
  * @param  {string}   clientId                            The OAuth client id of the calling application.
  * @param  {object}   userCodeInfo                        Contains device_code, retry interval, and expire time for the request for get the token. 
  * @param  {AcquireTokenCallback}   callback              The callback function.
@@ -418,7 +420,7 @@ AuthenticationContext.prototype.acquireTokenWithDeviceCode = function(resource,
     var self = this;
     this._acquireToken(callback, function() {
         var tokenRequest = new TokenRequest(this._callContext, this, clientId, resource, null);
-        self._tokenRequestWithUserCode[userCodeInfo[constants.OAuth2.DeviceCodeResponseParameters.DEVICE_CODE]] = tokenRequest;
+        self._tokenRequestWithUserCode[userCodeInfo[constants.UserCodeResponseFields.DEVICE_CODE]] = tokenRequest;
         tokenRequest.getTokenWithDeviceCode(userCodeInfo, callback); 
     })
 };
@@ -438,15 +440,15 @@ AuthenticationContext.prototype.cancelRequestToGetTokenWithDeviceCode = function
        return;
     }
 
-    if (!this._tokenRequestWithUserCode || !this._tokenRequestWithUserCode[userCodeInfo[constants.OAuth2.DeviceCodeResponseParameters.DEVICE_CODE]]) {
+    if (!this._tokenRequestWithUserCode || !this._tokenRequestWithUserCode[userCodeInfo[constants.UserCodeResponseFields.DEVICE_CODE]]) {
        callback(new Error('No acquireTokenWithDeviceCodeRequest existed to be cancelled')); 
        return;
     }
 
-    var tokenRequestToBeCancelled = this._tokenRequestWithUserCode[userCodeInfo[constants.OAuth2.DeviceCodeResponseParameters.DEVICE_CODE]];
+    var tokenRequestToBeCancelled = this._tokenRequestWithUserCode[userCodeInfo[constants.UserCodeResponseFields.DEVICE_CODE]];
     tokenRequestToBeCancelled.cancelTokenRequestWithDeviceCode();
 
-    delete this._tokenRequestWithUserCode[constants.OAuth2.DeviceCodeResponseParameters.DEVICE_CODE];
+    delete this._tokenRequestWithUserCode[constants.UserCodeResponseFields.DEVICE_CODE];
 };
 
 var exports = {

lib/cache-driver.js

@@ -137,10 +137,6 @@ function CacheDriver(callContext, authority, resource, clientId, cache, refreshF
  * @param  {QueryCallback} callback
  */
 CacheDriver.prototype._find = function(query, callback) {
-  var authorityQuery = {};
-  authorityQuery[METADATA_AUTHORITY] = this._authority;
-
-  _.extend(query, authorityQuery);
   this._cache.find(query, callback);
 };
 
@@ -171,10 +167,11 @@ CacheDriver.prototype._getPotentialEntries = function(query, callback) {
 
 /**
  * Finds all multi resource refresh tokens in the cache.
+ * Refresh token is bound to userId, clientId. 
  * @param  {QueryCallback} callback
  */
 CacheDriver.prototype._findMRRTTokensForUser = function(user, callback) {
-  this._find({ isMRRT : true, userId : user }, callback);
+  this._find({ isMRRT : true, userId : user, _clientId : this._clientId}, callback);
 };
 
 /**
@@ -201,13 +198,12 @@ CacheDriver.prototype._loadSingleEntryFromCache = function(query, callback) {
     }
 
     var returnVal;
-    var isResourceSpecific;
+    var isResourceTenantSpecific;
 
     if (potentialEntries && 0 < potentialEntries.length) {
-      var resourceSpecificEntries;
-      resourceSpecificEntries = _.where(potentialEntries, { resource : self._resource });
+      var resourceTenantSpecificEntries = _.where(potentialEntries, { resource : self._resource, _authority : self._authority });
 
-      if (!resourceSpecificEntries || 0 === resourceSpecificEntries.length) {
+      if (!resourceTenantSpecificEntries || 0 === resourceTenantSpecificEntries.length) {
         self._log.verbose('No resource specific cache entries found.');
 
         // There are no resource specific entries.  Find an MRRT token.
@@ -219,10 +215,10 @@ CacheDriver.prototype._loadSingleEntryFromCache = function(query, callback) {
           self._log.verbose('No MRRT tokens found.');
         }
 
-      } else if (resourceSpecificEntries.length === 1) {
+      } else if (resourceTenantSpecificEntries.length === 1) {
         self._log.verbose('Resource specific token found.');
-        returnVal = resourceSpecificEntries[0];
-        isResourceSpecific = true;
+        returnVal = resourceTenantSpecificEntries[0];
+        isResourceTenantSpecific = true;
       }else {
         callback(self._log.createError('More than one token matches the criteria.  The result is ambiguous.'));
         return;
@@ -231,7 +227,7 @@ CacheDriver.prototype._loadSingleEntryFromCache = function(query, callback) {
     if (returnVal) {
       self._log.verbose('Returning token from cache lookup, ' + createTokenIdMessage(returnVal));
     }
-    callback(null, returnVal, isResourceSpecific);
+    callback(null, returnVal, isResourceTenantSpecific);
   });
 };
 
@@ -247,6 +243,11 @@ CacheDriver.prototype._loadSingleEntryFromCache = function(query, callback) {
 CacheDriver.prototype._createEntryFromRefresh = function(entry, refreshResponse) {
   var newEntry = _.clone(entry);
   newEntry = _.extend(newEntry, refreshResponse);
+
+  if (entry.isMRRT && this._authority !== entry[METADATA_AUTHORITY]) {
+    newEntry[METADATA_AUTHORITY] = this._authority;
+  }
+
   this._log.verbose('Created new cache entry from refresh response.');
   return newEntry;
 };
@@ -348,7 +349,7 @@ CacheDriver.prototype.find = function(query, callback) {
   var self = this;
   query = query || {};
   this._log.verbose('finding with query:' + JSON.stringify(query));
-  this._loadSingleEntryFromCache(query, function(err, entry, isResourceSpecific) {
+  this._loadSingleEntryFromCache(query, function(err, entry, isResourceTenantSpecific) {
     if (err) {
       callback(err);
       return;
@@ -359,7 +360,7 @@ CacheDriver.prototype.find = function(query, callback) {
       return;
     }
 
-    self._refreshEntryIfNecessary(entry, isResourceSpecific, function(err, newEntry) {
+    self._refreshEntryIfNecessary(entry, isResourceTenantSpecific, function(err, newEntry) {
       callback(err, newEntry);
       return;
     });

lib/constants.js

@@ -85,7 +85,8 @@ var Constants = {
         'tid' : 'tenantId',
         'given_name' : 'givenName',
         'family_name' : 'familyName',
-        'idp' : 'identityProvider'
+        'idp' : 'identityProvider',
+        'oid': 'oid'
       }
     },
 
@@ -103,14 +104,14 @@ var Constants = {
     },
 
     UserCodeResponseFields : {
-        USER_CODE : 'user_code', 
-        DEVICE_CODE: 'device_code', 
-        VERIFICATION_URL: 'verification_url',
-        EXPIRES_IN: 'expires_in', 
+        USER_CODE : 'userCode', 
+        DEVICE_CODE: 'deviceCode', 
+        VERIFICATION_URL: 'verificationUrl',
+        EXPIRES_IN: 'expiresIn', 
         INTERVAL: 'interval', 
         MESSAGE: 'message', 
         ERROR: 'error', 
-        ERROR_DESCRIPTION: 'error_description'
+        ERROR_DESCRIPTION: 'errorDescription'
     },
 
     IdTokenFields : {

lib/oauth2client.js

@@ -87,19 +87,21 @@ OAuth2Client.prototype._createTokenUrl = function () {
   var tokenUrl = url.parse(this._tokenEndpoint);
 
   var parameters = {};
-  parameters.slice = 'testslice';
   parameters[OAuth2Parameters.AAD_API_VERSION] = '1.0';
 
   tokenUrl.search = querystring.stringify(parameters);
-
   return tokenUrl;
 };
 
+/**
+ * Constructs the user code info request url. 
+ * @private 
+ * @return {URL}
+ */
 OAuth2Client.prototype._createDeviceCodeUrl = function () {
    var deviceCodeUrl = url.parse(this._deviceCodeEndpoint);
 
    var parameters = {};
-   parameters.slice = 'testslice';
    parameters[OAuth2Parameters.AAD_API_VERSION] = '1.0';
 
    deviceCodeUrl.search = querystring.stringify(parameters);
@@ -125,8 +127,8 @@ OAuth2Client.prototype._parseOptionalInts = function (obj, keys) {
 };
 
 /**
- * Cracks a JWS encoded JWT into it's three parts.
- * @param  {string} jwtToken The token to crack.
+ * Parses a JWS encoded JWT into it's three parts.
+ * @param  {string} jwtToken The token to parse.
  * @return {object}          The three JWS parts, header, JWSPayload, and JWSSig, or undefined.
  */
 OAuth2Client.prototype._crackJwt = function(jwtToken) {
@@ -433,7 +435,7 @@ OAuth2Client.prototype._createPostOption = function (postUrl, urlEncodedRequestF
     var postOptions = util.createRequestOptions(
         this,
     {
-            'url' : postUrl,
+            'url' : url.format(postUrl),
             body : urlEncodedRequestForm,
             headers: {
                 'Content-Type': 'application/x-www-form-urlencoded'

lib/token-request.js

@@ -36,7 +36,7 @@ var OAuth2Scope = constants.OAuth2.Scope;
 var Saml = constants.Saml;
 var AccountType = constants.UserRealm.AccountType;
 var WSTrustVersion = constants.WSTrustVersion;
-var DeviceCodeResponseParameters = constants.OAuth2.DeviceCodeResponseParameters;
+var DeviceCodeResponseParameters = constants.UserCodeResponseFields;
 
 /**
  * Constructs a new TokenRequest object.
@@ -163,6 +163,18 @@ TokenRequest.prototype._getTokenWithCacheWrapper = function(callback, getTokenFu
   });
 };
 
+/**
+ * Store token into cache. 
+ * @param {object} tokenResponse Token response to be added into the cache. 
+ */
+TokenRequest.prototype._addTokenIntoCache = function(tokenResponse, callback) {
+    this._cacheDriver = this._createCacheDriver();
+    this._log.verbose('Storing retrieved token into cache');
+    this._cacheDriver.add(tokenResponse, function(err) {
+      callback(err, tokenResponse);
+    });
+};
+
 /**
  * Adds an OAuth parameter to the paramters object if the parameter is
  * not null or undefined.
@@ -555,9 +567,10 @@ TokenRequest.prototype.getTokenWithCertificate = function(certificate, thumbprin
 
 TokenRequest.prototype.getTokenWithDeviceCode = function(userCodeInfo, callback) {
    this._log.info('Getting a token via device code');
+   var self = this;
 
    var oauthParameters = this._createOAuthParameters(OAuth2GrantType.DEVICE_CODE);
-   oauthParameters[OAuth2Parameters.CODE] = userCodeInfo[OAuth2Parameters.DEVICE_CODE];
+   oauthParameters[OAuth2Parameters.CODE] = userCodeInfo[DeviceCodeResponseParameters.DEVICE_CODE];
 
    var interval = userCodeInfo[DeviceCodeResponseParameters.INTERVAL];
    var expires_in = userCodeInfo[DeviceCodeResponseParameters.EXPIRES_IN];
@@ -566,8 +579,14 @@ TokenRequest.prototype.getTokenWithDeviceCode = function(userCodeInfo, callback)
      callback(new Error('invalid refresh interval'));
    }
 
-   this._getTokenWithCacheWrapper(callback, function(getTokenCompleteCallback) {
-        this._oauthGetTokenByPolling(oauthParameters, interval, expires_in, getTokenCompleteCallback);
+   this._oauthGetTokenByPolling(oauthParameters, interval, expires_in, function(err, tokenResponse) {
+     if (err) {
+       self._log.verbose('Token polling request returend with err.');
+       callback(err, tokenResponse);
+     }
+     else {
+       self._addTokenIntoCache(tokenResponse, callback);
+     }
    });
 };
 

lib/util.js

@@ -34,8 +34,8 @@ var ADAL_VERSION;
  */
 
 function loadAdalVersion() {
-  var packagePath = __dirname + '/../package.json';
-  var packageJson = JSON.parse(fs.readFileSync(packagePath));
+  var packageData = fs.readFileSync(__dirname + '/../package.json');
+  var packageJson = JSON.parse(packageData);
   ADAL_VERSION = packageJson.version;
 }
 

package.json

@@ -15,16 +15,16 @@
     "type": "git",
     "url": "https://github.com/AzureAD/azure-activedirectory-library-for-nodejs.git"
   },
-  "version": "0.1.16",
+  "version": "0.1.18",
   "description": "Windows Azure Active Directory Client Library for node",
   "keywords": [ "node", "azure", "AAD", "adal", "adfs", "oauth" ],
   "main": "./lib/adal.js",
   "engines": { "node": ">= 0.6.15" },
   "dependencies": {
     "date-utils": "*",
     "jws": "3.x.x",
-    "node-uuid": "1.4.1",
-    "request": ">= 2.9.203",
+    "node-uuid": "1.4.7",
+    "request": ">= 2.52.0",
     "underscore": ">= 1.3.1",
     "xmldom": ">= 0.1.x",
     "xpath.js": "~1.0.5", 

sample/device-code-sample.js

@@ -24,6 +24,7 @@ var fs = require('fs');
 var adal = require('../lib/adal.js');
 var async = require('async');
 var url = require('url');
+var MemoryCache = require('../lib/memory-cache');
 
 var AuthenticationContext = adal.AuthenticationContext;
 
@@ -67,20 +68,23 @@ if (parametersFile) {
 
 if (!parametersFile) {
     sampleParameters = {
-        tenant : '',
-        authorityHostUrl : '',
-        clientId : ''
+        tenant : 'convergeTest.onmicrosoft.com',
+        authorityHostUrl : 'https://login.microsoftonline.com',
+        clientId : '',
+        anothertenant: ''
     };
 }
 
 var authorityUrl = sampleParameters.authorityHostUrl + '/' + sampleParameters.tenant;
 
 var resource = '00000002-0000-0000-c000-000000000000';
+var userId = '';
 
 //turnOnLogging();
 
-var context = new AuthenticationContext(authorityUrl);
+var cache = new MemoryCache();
 
+var context = new AuthenticationContext(authorityUrl, null, cache);
 context.acquireUserCode(resource, sampleParameters.clientId, 'es-mx', function (err, response) {
     if (err) {
         console.log('well that didn\'t work: ' + err.stack);
@@ -93,8 +97,20 @@ context.acquireUserCode(resource, sampleParameters.clientId, 'es-mx', function (
                 console.log(err);
             }
             else {
-                console.log(tokenResponse);
+                authorityUrl = sampleParameters.authorityHostUrl + '/' + sampleParameters.anothertenant;
+                
+                var context2 = new AuthenticationContext(authorityUrl, null, cache);
+                context2.acquireToken(resource, userId, sampleParameters.clientId, function (err, tokenResponse) {
+                    if (err) {
+                        console.log('error happens when acquiring token with device code');
+                        console.log(err);
+                    }
+                    else {
+                        console.log(tokenResponse);
+                    }
+                });
             }
         });
     }
 });
+

sample/website-sample.js

@@ -90,7 +90,7 @@ app.get('/login', function(req, res) {
 
   res.send('\
 <head>\
-  <title>FooBar</title>\
+  <title>test</title>\
 </head>\
 <body>\
   <a href="./auth">Login</a>\