diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java index bc92b006..e98b55d9 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParameters.java @@ -368,9 +368,17 @@ public Builder nonce(String val) { /** * Specifies the method that should be used to send the authentication result to your app. + * @deprecated ResponseMode.QUERY is deprecated. If you pass ResponseMode.QUERY, it will be automatically overridden to ResponseMode.FORM_POST. */ public Builder responseMode(ResponseMode val) { - this.responseMode = val; + // Override QUERY with FORM_POST as QUERY is deprecated + if (val == ResponseMode.QUERY) { + LOG.warn("ResponseMode.QUERY is deprecated and will be removed in a future release. " + + "Automatically overriding to ResponseMode.FORM_POST."); + this.responseMode = ResponseMode.FORM_POST; + } else { + this.responseMode = val; + } return self(); } diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java index 9f24d2e7..f6c43ce2 100644 --- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java +++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ResponseMode.java @@ -18,7 +18,9 @@ public enum ResponseMode { /** * Authorization result returned as query string in the redirect URL when redirecting back to the * client application. + * @deprecated Query response mode is no longer supported. Use FORM_POST instead. If provided, it will be automatically overridden to FORM_POST. */ + @Deprecated QUERY("query"), /** diff --git a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java index e7976478..034ffc0e 100644 --- a/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java +++ b/msal4j-sdk/src/test/java/com/microsoft/aad/msal4j/AuthorizationRequestUrlParametersTest.java @@ -98,12 +98,8 @@ void testBuilder_conflictingParameters() { } @Test - void testBuilder_optionalParameters() throws UnsupportedEncodingException { - Set clientCapabilities = new HashSet<>(); - clientCapabilities.add("llt"); - clientCapabilities.add("ssm"); - - PublicClientApplication app = PublicClientApplication.builder("client_id").clientCapabilities(clientCapabilities).build(); + void testBuilder_responseMode() throws UnsupportedEncodingException { + PublicClientApplication app = PublicClientApplication.builder("client_id").build(); String redirectUri = "http://localhost:8080"; Set scope = Collections.singleton("scope"); @@ -111,21 +107,26 @@ void testBuilder_optionalParameters() throws UnsupportedEncodingException { AuthorizationRequestUrlParameters parameters = AuthorizationRequestUrlParameters .builder(redirectUri, scope) - .extraScopesToConsent(new LinkedHashSet<>(Arrays.asList("extraScopeToConsent1", "extraScopeToConsent2"))) - .responseMode(ResponseMode.QUERY) - .codeChallenge("challenge") - .codeChallengeMethod("method") - .state("app_state") - .nonce("app_nonce") - .correlationId("corr_id") - .loginHint("hint") - .domainHint("domain_hint") - .claimsChallenge("{\"id_token\":{\"auth_time\":{\"essential\":true}},\"access_token\":{\"auth_time\":{\"essential\":true}}}") - .prompt(Prompt.SELECT_ACCOUNT) + .responseMode(ResponseMode.QUERY) // This should be overridden to FORM_POST .build(); + assertEquals(parameters.responseMode(), ResponseMode.FORM_POST); + assertEquals(parameters.redirectUri(), redirectUri); + assertEquals(parameters.scopes().size(), 4); + + assertNull(parameters.loginHint()); + assertNull(parameters.codeChallenge()); + assertNull(parameters.codeChallengeMethod()); + assertNull(parameters.correlationId()); + assertNull(parameters.nonce()); + assertNull(parameters.prompt()); + assertNull(parameters.state()); + URL authorizationUrl = app.getAuthorizationRequestUrl(parameters); + assertEquals(authorizationUrl.getHost(), "login.microsoftonline.com"); + assertEquals(authorizationUrl.getPath(), "/common/oauth2/v2.0/authorize"); + Map queryParameters = new HashMap<>(); String query = authorizationUrl.getQuery(); @@ -137,23 +138,10 @@ void testBuilder_optionalParameters() throws UnsupportedEncodingException { URLDecoder.decode(pair.substring(idx + 1), "UTF-8")); } - assertEquals(queryParameters.get("scope"), - "openid profile offline_access scope extraScopeToConsent1 extraScopeToConsent2"); + assertEquals(queryParameters.get("scope"), "openid profile offline_access scope"); assertEquals(queryParameters.get("response_type"), "code"); assertEquals(queryParameters.get("redirect_uri"), "http://localhost:8080"); assertEquals(queryParameters.get("client_id"), "client_id"); - assertEquals(queryParameters.get("prompt"), "select_account"); - assertEquals(queryParameters.get("response_mode"), "query"); - assertEquals(queryParameters.get("code_challenge"), "challenge"); - assertEquals(queryParameters.get("code_challenge_method"), "method"); - assertEquals(queryParameters.get("state"), "app_state"); - assertEquals(queryParameters.get("nonce"), "app_nonce"); - assertEquals(queryParameters.get("correlation_id"), "corr_id"); - assertEquals(queryParameters.get("login_hint"), "hint"); - assertEquals(queryParameters.get("domain_hint"), "domain_hint"); - assertEquals(queryParameters.get("claims"), "{\"access_token\":{\"auth_time\":{\"essential\":true},\"xms_cc\":{\"values\":[\"llt\",\"ssm\"]}},\"id_token\":{\"auth_time\":{\"essential\":true}}}"); - - // CCS routing - assertEquals(queryParameters.get(HttpHeaders.X_ANCHOR_MAILBOX), String.format(HttpHeaders.X_ANCHOR_MAILBOX_UPN_FORMAT, "hint")); + assertEquals(queryParameters.get("response_mode"), "form_post"); } }