Fix main branch issues (#641)

* Add README

* plugins for GPG signing

* more plugins to fix failing tests

* add azure-pipelines to build

* Add a source file

* change class modifier for javadocs

* Removing developer tag

* library version update to fix security vulnerability

* Updated jackson-databind version

* Updated versions for hotfix release.

* expose instanceDiscovery flag

* updated comments

* updated b2c authority url for tests

* address PR comments + more tests

* missed update for regional endpoint

* separated b2c and adfs tests

* Revert unintentional commit

* Revert unintentional commit

* Fix Issue 572

* Fixed failing test

* update regional endpoints

* Updating release numbers for beta release

* update versions for release

* remove unintentional commit

* Add IBroker implementation for MSALRuntime (#563)

* Add IBroker implementation for MSALRuntime

* Remove dll used during testing

* Integrate broker steps to relevant flows in PublicClientApplication

* Add logic to cancel MsalRuntimeFutures

* Expand javadocs and exception handling

* Address code review comments

* Simplify future chaining, address code review comments

* Reorganize future chaining, fix testing issues

* Adjust how broker availability is checked

* Create automated test

* Adjust startup logic

* Correct version number for interop

* Correct broker versioning

* Move broker tests to MSAL Java package

* Remove usage of msal4j-brokers from msal4j

* Add missing SLFJ dependency

* Use newest msal4j

* Bump javamsalruntime version number

* Revert "Add IBroker implementation for MSALRuntime (#563)" (#588)

This reverts commit aacb439.

* regional endpoint change to always use login.microsoft.com

* Add support for both current and legacy B2C authority formats (#594)

* Add support for both current and legacy B2C authority formats

* Fix B2C format test

* add 2 seconds timeout while calling IMDS

* Fix failing tests

* Fix failing tests

* delete commented out code

* Use the dedicated admin consent endpoint instead of a query parameter (#599)

* updated versions for release

* update condition to throw exception

* added test for invalid authority

* Add tests for a CIAM user and reduce test code duplication (#603)

* Add tests for a CIAM user and reduce code duplication in several test files

* Revert changed method name

* Attempt to resolve credscan flag

* Resolve credscan issues

* Address code review comments

* Use default scope

* expose extraQueryParameters

* expose extraQueryParameters

* ExtraQueryParameters tests

* retrigger the tests

* Updated an existing test case to check added parameters

* Replace exception with warning

* version updates for release

* update json-smart version

* Updated json-smart version 

Updated json-smart version to a 'bug-free' version

* version updates for release

* Initial commit

* add CIAM authority file

* revert authority validation changes

* Fix failing tests

* Fix failing tests

* remove commented out line

* remove unnecessary code

* update exception message for device code flow

* add refresh_in logic

* resolve build issues + address PR comments

* update tests

* updated org-json version to resolve Dependabot alert

* Better redirect URI error handling and dependency upgrade (#633)

* Better error handling for redirect URIs

* Update oauth2-oidc-sdk dependency

* Address review comments

Co-authored-by: Bogdan Gavril <bogavril@microsoft.com>

---------

Co-authored-by: Bogdan Gavril <bogavril@microsoft.com>

* Version updates for 1.13.8 release (#634)

* Version updates for 1.13.8 release

* Update changelog.txt

* Point to MSAL Java reference docs onboarded to Microsoft Learn

* Get main branch in sync with dev branch

* Manually resolve differences between main and dev branches

* Manually resolve differences between main and dev branches

---------

Co-authored-by: siddhijain <siddhijain@microsoft.com>
Co-authored-by: Bogdan Gavril <bogavril@microsoft.com>
Co-authored-by: Dickson Mwendia <64727760+Dickson-Mwendia@users.noreply.github.com>

.github/workflows/codeql.yml

@@ -21,15 +21,15 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       # Override language selection by uncommenting this and choosing your languages
       # with:
       #   languages: go, javascript, csharp, python, cpp, java
 
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below).
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -43,4 +43,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

README.md

@@ -2,7 +2,7 @@
 
 `main` branch    | `dev` branch    | Reference Docs
 --------------------|-----------------|---------------
-[![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=main)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762) | [![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=dev)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762)| [![Javadocs](http://javadoc.io/badge/com.microsoft.azure/msal4j.svg)](http://javadoc.io/doc/com.microsoft.azure/msal4j)
+[![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=main)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762) | [![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=dev)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762)| [MSAL Java reference](https://learn.microsoft.com/en-us/java/api/com.microsoft.aad.msal4j?view=msal-java-latest)
 
 The Microsoft Authentication Library for Java (MSAL4J) enables applications to integrate with the [Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/). It allows you to sign in users or apps with Microsoft identities (Azure AD, Microsoft accounts and Azure AD B2C accounts) and obtain tokens to call Microsoft APIs such as [Microsoft Graph](https://graph.microsoft.io/) or your own APIs registered with the Microsoft identity platform. It is built using industry standard OAuth2 and OpenID Connect protocols.
 
@@ -16,25 +16,25 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.13.2
+Current version - 1.13.8
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
 
-You can get the msal4j package through Maven or Gradle.
+You can get the com.microsoft.aad.msal4j package through Maven or Gradle.
 
 ### Maven
 Find [the latest package in the Maven repository](https://mvnrepository.com/artifact/com.microsoft.azure/msal4j).
 ```xml
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.13.2</version>
+    <version>1.13.8</version>
 </dependency>
 ```
 ### Gradle
 
 ```gradle
-implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.13.2'
+implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.13.8'
 ```
 
 ## Usage

.gitignore → msal4j-brokers/.gitignore

@@ -20,7 +20,7 @@
 *.rar
 
 # Intellij
-.idea/
+../.idea/
 
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*

msal4j-brokers/README.md

@@ -0,0 +1,15 @@
+#Microsoft Authentication Library Brokers
+### Maven
+Find [the latest package in the Maven repository](https://mvnrepository.com/artifact/com.microsoft.azure/msal4j-brokers).
+```xml
+<dependency>
+    <groupId>com.microsoft.azure</groupId>
+    <artifactId>msal4j-brokers</artifactId>
+    <version>0.0.1</version>
+</dependency>
+```
+### Gradle
+
+```gradle
+implementation group: 'com.microsoft.azure', name: 'msal4j-brokers', version: '0.0.1'
+```

msal4j-brokers/pom.xml

@@ -0,0 +1,131 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.microsoft.azure</groupId>
+    <artifactId>msal4j-brokers</artifactId>
+    <version>0.0.1</version>
+    <packaging>jar</packaging>
+    <name>msal4j-brokers</name>
+    <description>
+        Microsoft Authentication Library for Java - Brokers helps you integrate with the broker
+        on windows machine to secure Access tokens and refresh tokens.
+    </description>
+    <url>https://github.com/AzureAD/microsoft-authentication-library-for-java</url>
+    <licenses>
+        <license>
+            <name>MIT License</name>
+        </license>
+    </licenses>
+    <inceptionYear>2022</inceptionYear>
+    <scm>
+        <url>https://github.com/AzureAD/microsoft-authentication-library-for-java</url>
+    </scm>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+    <dependencies>
+        <!-- https://mvnrepository.com/artifact/com.microsoft.azure/msal4j -->
+        <dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>msal4j</artifactId>
+            <version>1.13.2</version>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.6</version>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+
+    <!-- force https -->
+    <repositories>
+        <repository>
+            <id>central</id>
+            <url>https://repo1.maven.org/maven2</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </repository>
+    </repositories>
+    <pluginRepositories>
+        <pluginRepository>
+            <id>central</id>
+            <url>https://repo1.maven.org/maven2</url>
+            <snapshots>
+                <enabled>false</enabled>
+            </snapshots>
+        </pluginRepository>
+    </pluginRepositories>
+    <build>
+        <sourceDirectory>${project.build.directory}/delombok</sourceDirectory>
+        <plugins>
+            <plugin>
+                <groupId>org.projectlombok</groupId>
+                <artifactId>lombok-maven-plugin</artifactId>
+                <version>1.18.2.0</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>delombok</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <sourceDirectory>src/main/java</sourceDirectory>
+                    <outputDirectory>${project.build.directory}/delombok</outputDirectory>
+                    <addOutputDirectory>false</addOutputDirectory>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <version>2.10</version>
+                <configuration>
+                    <argLine>-noverify</argLine>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <version>3.1.0</version>
+                <configuration>
+                    <sourcepath>${project.build.directory}/delombok</sourcepath>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>attach-javadocs</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <version>2.2.1</version>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <goals>
+                            <goal>jar</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.7.0</version>
+                <configuration>
+                    <source>8</source>
+                    <target>8</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

msal4j-brokers/src/main/java/com/microsoft/aad/msal4jbrokers/MSALRuntimeBroker.java

@@ -0,0 +1,31 @@
+package com.microsoft.aad.msal4jbrokers;
+
+import com.microsoft.aad.msal4j.*;
+import lombok.extern.slf4j.Slf4j;
+
+import java.util.concurrent.CompletableFuture;
+
+@Slf4j
+public class MSALRuntimeBroker implements IBroker {
+
+    @Override
+    public IAuthenticationResult acquireToken(PublicClientApplication application, SilentParameters requestParameters) {
+        log.debug("Should not call this API if msal runtime init failed");
+        throw new MsalClientException("Broker implementation missing", "missing_broker");
+    }
+
+    @Override
+    public IAuthenticationResult acquireToken(PublicClientApplication application, InteractiveRequestParameters requestParameters) {
+        throw new MsalClientException("Broker implementation missing", "missing_broker");
+    }
+
+    @Override
+    public IAuthenticationResult acquireToken(PublicClientApplication application, UserNamePasswordParameters requestParameters) {
+        throw new MsalClientException("Broker implementation missing", "missing_broker");
+    }
+
+    @Override
+    public CompletableFuture removeAccount(IAccount account) {
+        throw new MsalClientException("Broker implementation missing", "missing_broker");
+    }
+}

msal4j-sdk/.gitignore

@@ -0,0 +1,29 @@
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# Intellij
+../.idea/
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+
+# Lombok
+target/*

msal4j-sdk/README.md

@@ -0,0 +1,80 @@
+# Microsoft Authentication Library (MSAL) for Java
+
+`main` branch    | `dev` branch    | Reference Docs
+--------------------|-----------------|---------------
+[![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=main)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762) | [![Build status](https://identitydivision.visualstudio.com/IDDP/_apis/build/status/CI/Java/MSAL%20Java%20CI%20Build?branchName=dev)](https://identitydivision.visualstudio.com/IDDP/_build/latest?definitionId=762)| [![Javadocs](http://javadoc.io/badge/com.microsoft.azure/com.microsoft.aad.msal4j.svg)](http://javadoc.io/doc/com.microsoft.azure/com.microsoft.aad.msal4j)
+
+The Microsoft Authentication Library for Java (MSAL4J) enables applications to integrate with the [Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/). It allows you to sign in users or apps with Microsoft identities (Azure AD, Microsoft accounts and Azure AD B2C accounts) and obtain tokens to call Microsoft APIs such as [Microsoft Graph](https://graph.microsoft.io/) or your own APIs registered with the Microsoft identity platform. It is built using industry standard OAuth2 and OpenID Connect protocols.
+
+Quick links:
+
+| [Getting Started](https://docs.microsoft.com/en-us/azure/active-directory/develop/web-app-quickstart?pivots=devlang-java) | [Home](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki) | [Samples](https://github.com/Azure-Samples/ms-identity-msal-java-samples) | [Support](README.md#community-help-and-support) | [Feedback](https://forms.office.com/r/6AhHwQp3pe)
+| --- | --- | --- | --- | --- |
+
+## Install
+
+The library supports the following Java environments:
+- Java 8 (or higher)
+
+Current version - 1.13.8
+
+You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
+
+You can get the com.microsoft.aad.msal4j package through Maven or Gradle.
+
+### Maven
+Find [the latest package in the Maven repository](https://mvnrepository.com/artifact/com.microsoft.azure/com.microsoft.aad.msal4j).
+```xml
+<dependency>
+    <groupId>com.microsoft.azure</groupId>
+    <artifactId>msal4j</artifactId>
+    <version>1.13.8</version>
+</dependency>
+```
+### Gradle
+
+```gradle
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.13.8'
+```
+
+## Usage
+
+MSAL4J supports multiple [application types and authentication scenarios](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
+
+Refer the [Wiki](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki) pages for more details on the usage of MSAL Java and the supported scenarios.
+
+## Migrating from ADAL
+If your application is using ADAL for Java (ADAL4J), we recommend you to update to use MSAL4J. No new feature work will be done in ADAL4J.
+
+See the [ADAL to MSAL migration](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Migrate-to-MSAL-Java) guide.
+
+## Roadmap
+
+You can follow the latest updates and plans for MSAL Java in the [Roadmap](https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki#roadmap) published on our Wiki.
+
+## Contribution
+
+This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
+When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
+This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
+
+## Samples and Documentation
+
+We provide a [full suite of sample applications](https://aka.ms/aaddevsamplesv2) and [documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/) to help you get started with learning the Microsoft identity platform.
+
+## Community Help and Support
+
+We leverage [Stack Overflow](http://stackoverflow.com/) to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browser existing issues to see if someone has had your question before.
+
+We recommend you use the "msal" tag so we can see it! Here is the latest Q&A on Stack Overflow for MSAL: [http://stackoverflow.com/questions/tagged/msal](http://stackoverflow.com/questions/tagged/msal)
+
+## Submit Feedback
+We'd like your thoughts on this library. Please complete [this short survey.](https://forms.office.com/r/6AhHwQp3pe)
+
+## Security Reporting
+
+If you find a security issue with our libraries or services please report it to [secure@microsoft.com](mailto:secure@microsoft.com) with as much detail as possible. Your submission may be eligible for a bounty through the [Microsoft Bounty](http://aka.ms/bugbounty) program. Please do not post security issues to GitHub Issues or any other public site. We will contact you shortly upon receiving the information. We encourage you to get notifications of when security incidents occur by visiting [this page](https://technet.microsoft.com/security/dd252948) and subscribing to Security Advisory Alerts.
+
+## We Value and Adhere to the Microsoft Open Source Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.

msal4j-sdk/bnd.bnd

@@ -0,0 +1,2 @@
+Export-Package: com.microsoft.aad.msal4j;version="1.13.8"
+Automatic-Module-Name: com.microsoft.aad.msal4j