AzureAD
diff --git a/‎changelog‎
Lines changed: 8 additions & 1 deletion b/‎changelog‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎common‎ b/‎common‎
diff --git a/‎msal/build.gradle‎
Lines changed: 2 additions & 2 deletions b/‎msal/build.gradle‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎msal/src/androidTest/java/com/microsoft/identity/client/PublicClientApplicationTest.java‎
Lines changed: 86 additions & 45 deletions b/‎msal/src/androidTest/java/com/microsoft/identity/client/PublicClientApplicationTest.java‎
Lines changed: 86 additions & 45 deletions
diff --git a/‎msal/src/androidTest/res/raw/test_msal_config_multiple_account.json‎
Lines changed: 1 addition & 1 deletion b/‎msal/src/androidTest/res/raw/test_msal_config_multiple_account.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎msal/src/androidTest/res/raw/test_pcaconfig_empty_clientid.json‎
Lines changed: 16 additions & 0 deletions b/‎msal/src/androidTest/res/raw/test_pcaconfig_empty_clientid.json‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎msal/src/androidTest/res/raw/test_pcaconfig_empty_redirect.json‎
Lines changed: 16 additions & 0 deletions b/‎msal/src/androidTest/res/raw/test_pcaconfig_empty_redirect.json‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎msal/src/main/java/com/microsoft/identity/client/AccountAdapter.java‎
Lines changed: 1 addition & 0 deletions b/‎msal/src/main/java/com/microsoft/identity/client/AccountAdapter.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎msal/src/main/java/com/microsoft/identity/client/PublicClientApplicationConfiguration.java‎
Lines changed: 30 additions & 6 deletions b/‎msal/src/main/java/com/microsoft/identity/client/PublicClientApplicationConfiguration.java‎
Lines changed: 30 additions & 6 deletions
diff --git a/‎msal/src/main/java/com/microsoft/identity/client/helper/BrokerHelperActivity.java‎
Lines changed: 1 addition & 1 deletion b/‎msal/src/main/java/com/microsoft/identity/client/helper/BrokerHelperActivity.java‎
Lines changed: 1 addition & 1 deletion
@@ -1,8 +1,15 @@
 MSAL Wiki : https://github.com/AzureAD/microsoft-authentication-library-for-android/wiki
+Version 2.0.10
+----------
+- [PATCH] Add extra '/' in the example intent filter (#1323)
+- [PATCH] Better PublicClientApplicationConfiguration validation to fail when empty string is passed (#1324)
+- [PATCH] Improve redirect_uri validation of PCA manifest (#1327)
+- Picks up [email protected]
 
 Version 2.0.8
 ----------
-- [MINOR] Changes to Broker Validation to allow setting whether to trust debug brokers (prod brokers are always trusted).
+- [MINOR] Changes to Broker Validation to allow setting whether to trust debug brokers (prod brokers are always trusted) (#1274)
+- Picks up [email protected]
 
 Version 2.0.6
 ----------
 
@@ -274,9 +274,9 @@ dependencies {
         transitive = false
     }
 
-    snapshotApi(group: 'com.microsoft.identity', name: 'common', version: '3.1.2', changing: true)
+    snapshotApi(group: 'com.microsoft.identity', name: 'common', version: '3.3.1', changing: true)
 
-    distApi("com.microsoft.identity:common:3.1.2") {
+    distApi("com.microsoft.identity:common:3.3.1") {
         transitive = false
     }
 }
 
@@ -106,6 +106,29 @@ public void tearDown() {
         AndroidTestUtil.removeAllTokens(mAppContext);
     }
 
+    @Test(expected = IllegalArgumentException.class)
+    public void testConfigValidationFailsOnEmptyRedirect() throws MsalException, InterruptedException {
+        final Context context = new PublicClientApplicationTest.MockContext(mAppContext);
+        mockPackageManagerWithDefaultFlag(context);
+        mockHasCustomTabRedirect(context);
+
+        final IMultipleAccountPublicClientApplication app = PublicClientApplication.createMultipleAccountPublicClientApplication(
+                context,
+                R.raw.test_pcaconfig_empty_redirect
+        );
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testConfigValidationFailsOnEmptyClientId() throws MsalException, InterruptedException {
+        final Context context = new PublicClientApplicationTest.MockContext(mAppContext);
+        mockPackageManagerWithDefaultFlag(context);
+        mockHasCustomTabRedirect(context);
+
+        final IMultipleAccountPublicClientApplication app = PublicClientApplication.createMultipleAccountPublicClientApplication(
+                context,
+                R.raw.test_pcaconfig_empty_clientid
+        );
+    }
 
     @Test
     public void testSingleAccountConstructor() {
@@ -114,7 +137,10 @@ public void testSingleAccountConstructor() {
         mockHasCustomTabRedirect(context);
 
         try {
-            ISingleAccountPublicClientApplication app = PublicClientApplication.createSingleAccountPublicClientApplication(context, R.raw.test_msal_config_single_account);
+            final ISingleAccountPublicClientApplication app = PublicClientApplication.createSingleAccountPublicClientApplication(
+                    context,
+                    R.raw.test_msal_config_single_account
+            );
             Assert.assertTrue(app instanceof ISingleAccountPublicClientApplication);
         } catch (InterruptedException e) {
             e.printStackTrace();
@@ -130,7 +156,10 @@ public void testMultipleAccountConstructor() {
         mockHasCustomTabRedirect(context);
 
         try {
-            IMultipleAccountPublicClientApplication app = PublicClientApplication.createMultipleAccountPublicClientApplication(context, R.raw.test_msal_config_multiple_account);
+            final IMultipleAccountPublicClientApplication app = PublicClientApplication.createMultipleAccountPublicClientApplication(
+                    context,
+                    R.raw.test_msal_config_multiple_account
+            );
             Assert.assertTrue(app instanceof IMultipleAccountPublicClientApplication);
         } catch (InterruptedException e) {
             e.printStackTrace();
@@ -145,17 +174,20 @@ public void testMultipleAccountAsyncConstructor() {
         mockPackageManagerWithDefaultFlag(context);
         mockHasCustomTabRedirect(context);
 
-        PublicClientApplication.createMultipleAccountPublicClientApplication(context, R.raw.test_msal_config_multiple_account, new PublicClientApplication.IMultipleAccountApplicationCreatedListener() {
-            @Override
-            public void onCreated(IMultipleAccountPublicClientApplication application) {
-                Assert.assertTrue(application instanceof IMultipleAccountPublicClientApplication);
-            }
-
-            @Override
-            public void onError(MsalException exception) {
-                Assert.assertTrue(false);
-            }
-        });
+        PublicClientApplication.createMultipleAccountPublicClientApplication(
+                context,
+                R.raw.test_msal_config_multiple_account,
+                new PublicClientApplication.IMultipleAccountApplicationCreatedListener() {
+                    @Override
+                    public void onCreated(IMultipleAccountPublicClientApplication application) {
+                        Assert.assertTrue(application instanceof IMultipleAccountPublicClientApplication);
+                    }
+
+                    @Override
+                    public void onError(MsalException exception) {
+                        Assert.assertTrue(false);
+                    }
+                });
     }
 
     @Test
@@ -164,17 +196,20 @@ public void testFailingMultipleAccountAsyncConstructor() {
         mockPackageManagerWithDefaultFlag(context);
         mockHasCustomTabRedirect(context);
 
-        PublicClientApplication.createMultipleAccountPublicClientApplication(context, R.raw.test_msal_config_single_account, new PublicClientApplication.IMultipleAccountApplicationCreatedListener() {
-            @Override
-            public void onCreated(IMultipleAccountPublicClientApplication application) {
-                Assert.assertTrue(false);
-            }
-
-            @Override
-            public void onError(MsalException exception) {
-                Assert.assertTrue("Expecting error.", true);
-            }
-        });
+        PublicClientApplication.createMultipleAccountPublicClientApplication(
+                context,
+                R.raw.test_msal_config_single_account,
+                new PublicClientApplication.IMultipleAccountApplicationCreatedListener() {
+                    @Override
+                    public void onCreated(IMultipleAccountPublicClientApplication application) {
+                        Assert.assertTrue(false);
+                    }
+
+                    @Override
+                    public void onError(MsalException exception) {
+                        Assert.assertTrue("Expecting error.", true);
+                    }
+                });
     }
 
     @Test
@@ -183,16 +218,19 @@ public void testSingleAccountAsyncConstructor() {
         mockPackageManagerWithDefaultFlag(context);
         mockHasCustomTabRedirect(context);
 
-        PublicClientApplication.createSingleAccountPublicClientApplication(context, R.raw.test_msal_config_single_account, new PublicClientApplication.ISingleAccountApplicationCreatedListener() {
-            @Override
-            public void onCreated(ISingleAccountPublicClientApplication application) {
-                Assert.assertTrue(application instanceof ISingleAccountPublicClientApplication);
-            }
-
-            @Override
-            public void onError(MsalException exception) {
-            }
-        });
+        PublicClientApplication.createSingleAccountPublicClientApplication(
+                context,
+                R.raw.test_msal_config_single_account,
+                new PublicClientApplication.ISingleAccountApplicationCreatedListener() {
+                    @Override
+                    public void onCreated(ISingleAccountPublicClientApplication application) {
+                        Assert.assertTrue(application instanceof ISingleAccountPublicClientApplication);
+                    }
+
+                    @Override
+                    public void onError(MsalException exception) {
+                    }
+                });
     }
 
     @Test
@@ -201,17 +239,20 @@ public void testFailingSingleAccountAsyncConstructor() {
         mockPackageManagerWithDefaultFlag(context);
         mockHasCustomTabRedirect(context);
 
-        PublicClientApplication.createSingleAccountPublicClientApplication(context, R.raw.test_msal_config_multiple_account, new PublicClientApplication.ISingleAccountApplicationCreatedListener() {
-            @Override
-            public void onCreated(ISingleAccountPublicClientApplication application) {
-                Assert.assertTrue(false);
-            }
-
-            @Override
-            public void onError(MsalException exception) {
-                Assert.assertTrue("Expecting error.", true);
-            }
-        });
+        PublicClientApplication.createSingleAccountPublicClientApplication(
+                context,
+                R.raw.test_msal_config_multiple_account,
+                new PublicClientApplication.ISingleAccountApplicationCreatedListener() {
+                    @Override
+                    public void onCreated(ISingleAccountPublicClientApplication application) {
+                        Assert.assertTrue(false);
+                    }
+
+                    @Override
+                    public void onError(MsalException exception) {
+                        Assert.assertTrue("Expecting error.", true);
+                    }
+                });
     }
 
     /**
 
@@ -13,4 +13,4 @@
       }
     }
   ]
-}
+}
@@ -0,0 +1,16 @@
+{
+  "client_id" : "",
+  "authorization_user_agent" : "DEFAULT",
+  "redirect_uri" : "msauth://com.microsoft.identity.client.sample.local/1wIqXSqBj7w%2Bh11ZifsnqwgyKrY%3D",
+  "multiple_clouds_supported":true,
+  "broker_redirect_uri_registered": true,
+  "account_mode": "MULTIPLE",
+  "authorities" : [
+    {
+      "type": "AAD",
+      "audience": {
+        "type": "AzureADandPersonalMicrosoftAccount"
+      }
+    }
+  ]
+}
@@ -0,0 +1,16 @@
+{
+  "client_id" : "4b0db8c2-9f26-4417-8bde-3f0e3656f8e0",
+  "authorization_user_agent" : "DEFAULT",
+  "redirect_uri" : "",
+  "multiple_clouds_supported":true,
+  "broker_redirect_uri_registered": true,
+  "account_mode": "MULTIPLE",
+  "authorities" : [
+    {
+      "type": "AAD",
+      "audience": {
+        "type": "AzureADandPersonalMicrosoftAccount"
+      }
+    }
+  ]
+}
@@ -265,6 +265,7 @@ private static void appendChildren(@NonNull final List<IAccount> rootAccounts,
                             null,
                             getIdToken(guestRecord)
                     );
+                    profile.setEnvironment(guestRecord.getAccount().getEnvironment());
                     tenantProfiles.put(guestRecord.getAccount().getRealm(), profile);
                 }
             }
 
@@ -27,6 +27,7 @@
 import android.content.pm.PackageManager;
 import android.content.pm.Signature;
 import android.net.Uri;
+import android.text.TextUtils;
 import android.util.Base64;
 
 import androidx.annotation.NonNull;
@@ -73,11 +74,13 @@
 import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.USE_BROKER;
 import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEB_VIEW_ZOOM_CONTROLS_ENABLED;
 import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEB_VIEW_ZOOM_ENABLED;
+import static com.microsoft.identity.client.exception.MsalClientException.APP_MANIFEST_VALIDATION_ERROR;
 
 public class PublicClientApplicationConfiguration {
     private static final String TAG = PublicClientApplicationConfiguration.class.getSimpleName();
 
     private static final String BROKER_REDIRECT_URI_SCHEME_AND_SEPARATOR = "msauth://";
+    public static final String INVALID_REDIRECT_MSG = "Invalid, null, or malformed redirect_uri supplied";
 
     public static final class SerializedNames {
         static final String CLIENT_ID = "client_id";
@@ -438,7 +441,7 @@ void mergeConfiguration(PublicClientApplicationConfiguration config) {
     }
 
     void validateConfiguration() {
-        nullConfigurationCheck(REDIRECT_URI, mRedirectUri);
+        validateRedirectUri(mRedirectUri);
         nullConfigurationCheck(CLIENT_ID, mClientId);
         checkDefaultAuthoritySpecified();
 
@@ -465,6 +468,27 @@ void validateConfiguration() {
         }
     }
 
+    private void validateRedirectUri(@NonNull final String redirectUri) {
+        final boolean isInvalid = TextUtils.isEmpty(redirectUri) || !hasSchemeAndAuthority(redirectUri);
+
+        if (isInvalid) {
+            throw new IllegalArgumentException(INVALID_REDIRECT_MSG);
+        }
+    }
+
+    private boolean hasSchemeAndAuthority(@NonNull final String redirectUri) {
+        try {
+            final Uri parsedRedirectUri = Uri.parse(redirectUri);
+            final boolean hasScheme = !TextUtils.isEmpty(parsedRedirectUri.getScheme());
+            final boolean hasAuthority = !TextUtils.isEmpty(parsedRedirectUri.getAuthority());
+            return hasScheme && hasAuthority;
+        } catch (final NullPointerException e) {
+            Logger.errorPII(TAG, INVALID_REDIRECT_MSG, e);
+        }
+
+        return false;
+    }
+
     private void validateAzureActiveDirectoryAuthority(@NonNull final AzureActiveDirectoryAuthority azureActiveDirectoryAuthority) {
         if (null != azureActiveDirectoryAuthority.mAudience
                 && azureActiveDirectoryAuthority.mAudience instanceof UnknownAudience) {
@@ -474,8 +498,8 @@ private void validateAzureActiveDirectoryAuthority(@NonNull final AzureActiveDir
         }
     }
 
-    private void nullConfigurationCheck(String configKey, String configValue) {
-        if (configValue == null) {
+    private static void nullConfigurationCheck(String configKey, String configValue) {
+        if (TextUtils.isEmpty(configValue)) {
             throw new IllegalArgumentException(configKey + " cannot be null.  Invalid configuration.");
         }
     }
@@ -529,7 +553,7 @@ public void checkIntentFilterAddedToAppManifestForBrokerFlow() throws MsalClient
                 && !hasCustomTabRedirectActivity) {
             final Uri redirectUri = Uri.parse(mRedirectUri);
             throw new MsalClientException(
-                    MsalClientException.APP_MANIFEST_VALIDATION_ERROR,
+                    APP_MANIFEST_VALIDATION_ERROR,
                     "Intent filter for: " +
                             BrowserTabActivity.class.getSimpleName() +
                             " is missing. " +
@@ -555,8 +579,8 @@ public void checkIntentFilterAddedToAppManifestForBrokerFlow() throws MsalClient
             // This means that the app is still using the legacy local-only MSAL Redirect uri (already removed from the new portal).
             // If this is the case, we can assume that the user doesn't need Broker support.
             Logger.warn(TAG, "The app is still using legacy MSAL redirect uri. Switch to MSAL local auth."
-                + "  For brokered auth, the redirect URI is expected to conform to 'msauth://<authority>/.*' where the authority in "
-                + "that uri is the package name of the app. This package name is listed as 'applicationId' in the build.gradle file.");
+                    + "  For brokered auth, the redirect URI is expected to conform to 'msauth://<authority>/.*' where the authority in "
+                    + "that uri is the package name of the app. This package name is listed as 'applicationId' in the build.gradle file.");
             mUseBroker = false;
             return;
         }
 
@@ -29,7 +29,7 @@ public class BrokerHelperActivity extends Activity {
             "        <category android:name=\"android.intent.category.BROWSABLE\" />\n" +
             "        <data\n" +
             "            android:host=\"%s\"\n" +
-            "            android:path=\"%s\"\n" +
+            "            android:path=\"/%s\"\n" +
             "            android:scheme=\"msauth\" />\n" +
             "    </intent-filter>\n" +
             "</activity>";
Original file line number	Diff line number	Diff line change
`@@ -274,9 +274,9 @@ dependencies {`
`274`	`274`	`transitive = false`
`275`	`275`	`}`
`276`	`276`
`277`		`- snapshotApi(group: 'com.microsoft.identity', name: 'common', version: '3.1.2', changing: true)`
	`277`	`+ snapshotApi(group: 'com.microsoft.identity', name: 'common', version: '3.3.1', changing: true)`
`278`	`278`
`279`		`- distApi("com.microsoft.identity:common:3.1.2") {`
	`279`	`+ distApi("com.microsoft.identity:common:3.3.1") {`
`280`	`280`	`transitive = false`
`281`	`281`	`}`
`282`	`282`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,4 +13,4 @@`
`13`	`13`	`}`
`14`	`14`	`}`
`15`	`15`	`]`
`16`		`-}`
	`16`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -265,6 +265,7 @@ private static void appendChildren(@NonNull final List<IAccount> rootAccounts,`
`265`	`265`	`null,`
`266`	`266`	`getIdToken(guestRecord)`
`267`	`267`	`);`
	`268`	`+ profile.setEnvironment(guestRecord.getAccount().getEnvironment());`
`268`	`269`	`tenantProfiles.put(guestRecord.getAccount().getRealm(), profile);`
`269`	`270`	`}`
`270`	`271`	`}`