From ce6b9d6d84c11c00dfc75438e97247c3831d3178 Mon Sep 17 00:00:00 2001
From: SammyO <1315628+SammyO@users.noreply.github.com>
Date: Mon, 22 Jan 2024 15:00:25 +0000
Subject: [PATCH 1/4] Add support for flights build param, set in Authority and
 MicrosoftStsOAuth2Configuration

---
 common4j/build.gradle                         |  8 +++++
 .../common/java/authorities/Authority.java    | 31 ++++++++++++++++---
 .../java/authorities/CIAMAuthority.java       |  1 +
 .../AzureActiveDirectorySlice.java            |  6 ++++
 .../MicrosoftStsAuthorizationRequest.java     |  5 +++
 5 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/common4j/build.gradle b/common4j/build.gradle
index fb449f0c74..48a973fa88 100644
--- a/common4j/build.gradle
+++ b/common4j/build.gradle
@@ -157,6 +157,9 @@ def sliceParameter = "" // will be blank unless specified by developer
 def dcParameter = "" // will be blank unless specified by developer
 def useMockApiForNativeAuthParameter = false // will be false unless specified by developer
 def disableAcquireTokenSilentTimeoutParameter = false // will be false unless specified by developer
+// Expecting this param to be JSON format, i.e. {testFlight:true,testFlight2:false}
+// Can include multiple flights
+def localFlightsParameter = "" // will be blank unless specified by user
 
 if (project.hasProperty("slice")) {
     sliceParameter = slice
@@ -178,6 +181,10 @@ if (project.hasProperty("disableAcquireTokenSilentTimeout")) {
     disableAcquireTokenSilentTimeoutParameter = true
 }
 
+if (project.hasProperty("localFlights")) {
+    localFlightsParameter = localFlights
+}
+
 sourceSets {
     main {
         java.srcDirs = ['src/main', "$project.buildDir/generated/source/buildConfig/main"]
@@ -185,6 +192,7 @@ sourceSets {
         buildConfigField("String", "DC", "\"$dcParameter\"")
         buildConfigField("boolean", "USE_MOCK_API_FOR_NATIVE_AUTH_AUTHORITY", "${useMockApiForNativeAuthParameter}")
         buildConfigField("boolean", "DISABLE_ACQUIRE_TOKEN_SILENT_TIMEOUT", "${disableAcquireTokenSilentTimeoutParameter}")
+        buildConfigField("String", "FLIGHTS", "\"$localFlightsParameter\"")
     }
     test {
         java.srcDirs = ['src/test']
diff --git a/common4j/src/main/com/microsoft/identity/common/java/authorities/Authority.java b/common4j/src/main/com/microsoft/identity/common/java/authorities/Authority.java
index 3720e17e69..42dbf6fda9 100644
--- a/common4j/src/main/com/microsoft/identity/common/java/authorities/Authority.java
+++ b/common4j/src/main/com/microsoft/identity/common/java/authorities/Authority.java
@@ -27,13 +27,16 @@
 import com.microsoft.identity.common.java.WarningType;
 import com.microsoft.identity.common.java.exception.ClientException;
 import com.microsoft.identity.common.java.logging.Logger;
+import com.microsoft.identity.common.java.nativeauth.authorities.NativeAuthCIAMAuthority;
 import com.microsoft.identity.common.java.providers.microsoft.azureactivedirectory.AzureActiveDirectory;
 import com.microsoft.identity.common.java.providers.microsoft.azureactivedirectory.AzureActiveDirectorySlice;
 import com.microsoft.identity.common.java.providers.oauth2.OAuth2Strategy;
 import com.microsoft.identity.common.java.providers.oauth2.OAuth2StrategyParameters;
 import com.microsoft.identity.common.java.util.CommonURIBuilder;
+import com.microsoft.identity.common.java.util.JsonUtil;
 import com.microsoft.identity.common.java.util.StringUtil;
-import com.microsoft.identity.common.java.nativeauth.authorities.NativeAuthCIAMAuthority;
+
+import org.json.JSONException;
 
 import java.io.IOException;
 import java.net.MalformedURLException;
@@ -43,6 +46,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Locale;
+import java.util.Map;
 
 import edu.umd.cs.findbugs.annotations.Nullable;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
@@ -111,10 +115,29 @@ public void setDefault(Boolean isDefault) {
             justification="Somehow, spotbugs thinks that BuildConfig.SLICE and BuildConfig.DC are the same values.")
     public Authority() {
         // setting slice directly here in constructor if slice provided as command line param
-        if (!StringUtil.isNullOrEmpty(BuildConfig.SLICE) || !StringUtil.isNullOrEmpty(BuildConfig.DC)) {
+        if (!StringUtil.isNullOrEmpty(BuildConfig.SLICE) || !StringUtil.isNullOrEmpty(BuildConfig.DC)
+                || !StringUtil.isNullOrEmpty(BuildConfig.FLIGHTS)) {
             final AzureActiveDirectorySlice slice = new AzureActiveDirectorySlice();
-            slice.setSlice(BuildConfig.SLICE);
-            slice.setDataCenter(BuildConfig.DC);
+
+            if (!StringUtil.isNullOrEmpty(BuildConfig.SLICE) || !StringUtil.isNullOrEmpty(BuildConfig.DC)) {
+                slice.setSlice(BuildConfig.SLICE);
+                slice.setDataCenter(BuildConfig.DC);
+            }
+
+            final String localFlightsFromBuild = BuildConfig.FLIGHTS;
+            if (!StringUtil.isNullOrEmpty(localFlightsFromBuild)) {
+                try {
+                    Map<String, String> localFlights = JsonUtil.extractJsonObjectIntoMap(localFlightsFromBuild);
+                    for (Map.Entry<String, String> entry : localFlights.entrySet()) {
+                        slice.getFlightParameters().put(entry.getKey(), entry.getValue());
+                    }
+                } catch (JSONException e) {
+                    Logger.error(
+                            TAG,
+                            "Unable to set flight parameters",
+                            e);
+                }
+            }
             mSlice = slice;
         }
     }
diff --git a/common4j/src/main/com/microsoft/identity/common/java/authorities/CIAMAuthority.java b/common4j/src/main/com/microsoft/identity/common/java/authorities/CIAMAuthority.java
index 426de245b5..712a9ea797 100644
--- a/common4j/src/main/com/microsoft/identity/common/java/authorities/CIAMAuthority.java
+++ b/common4j/src/main/com/microsoft/identity/common/java/authorities/CIAMAuthority.java
@@ -71,6 +71,7 @@ private MicrosoftStsOAuth2Configuration createOAuth2Configuration() {
             final AzureActiveDirectorySlice slice = new AzureActiveDirectorySlice();
             slice.setSlice(mSlice.getSlice());
             slice.setDataCenter(mSlice.getDataCenter());
+            slice.setFlightParameters(mSlice.getFlightParameters());
             config.setSlice(slice);
         }
 
diff --git a/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/azureactivedirectory/AzureActiveDirectorySlice.java b/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/azureactivedirectory/AzureActiveDirectorySlice.java
index 2bc148964f..4ea881cda2 100644
--- a/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/azureactivedirectory/AzureActiveDirectorySlice.java
+++ b/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/azureactivedirectory/AzureActiveDirectorySlice.java
@@ -24,6 +24,9 @@
 
 import com.google.gson.annotations.SerializedName;
 
+import java.util.HashMap;
+import java.util.Map;
+
 import lombok.AllArgsConstructor;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
@@ -41,10 +44,13 @@ public class AzureActiveDirectorySlice {
 
     public final static String SLICE_PARAMETER = "slice";
     public final static String DC_PARAMETER = "dc";
+    public final static String FLIGHT_PARAMETER = "flight";
 
     @SerializedName(SLICE_PARAMETER)
     private String mSlice;
 
     @SerializedName(DC_PARAMETER)
     private String mDataCenter;
+
+    private Map<String, String> mFlightParameters = new HashMap<>();
 }
diff --git a/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsAuthorizationRequest.java b/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsAuthorizationRequest.java
index 293df8c85d..b457c88b8b 100644
--- a/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsAuthorizationRequest.java
+++ b/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsAuthorizationRequest.java
@@ -263,6 +263,11 @@ public URI getAuthorizationRequestAsHttpRequest() throws ClientException {
             if (!StringUtil.isNullOrEmpty(mSlice.getDataCenter())) {
                 builder.addParameterIfAbsent(AzureActiveDirectorySlice.DC_PARAMETER, mSlice.getDataCenter());
             }
+            if (mSlice.getFlightParameters() != null && !mSlice.getFlightParameters().isEmpty()) {
+                for (Map.Entry<String, String> entry : mSlice.getFlightParameters().entrySet()) {
+                    builder.addParameterIfAbsent(entry.getKey(), entry.getValue());
+                }
+            }
         }
 
         // If login_hint is provided, block the user from switching user during login.

From 71904b3247c13110d723b8a94f16badf1b0ca56e Mon Sep 17 00:00:00 2001
From: SammyO <1315628+SammyO@users.noreply.github.com>
Date: Mon, 22 Jan 2024 15:11:49 +0000
Subject: [PATCH 2/4] Add flight parameters to token request

---
 .../common/java/providers/oauth2/OAuth2Strategy.java        | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/common4j/src/main/com/microsoft/identity/common/java/providers/oauth2/OAuth2Strategy.java b/common4j/src/main/com/microsoft/identity/common/java/providers/oauth2/OAuth2Strategy.java
index d17a5d28b9..d113dacfa0 100644
--- a/common4j/src/main/com/microsoft/identity/common/java/providers/oauth2/OAuth2Strategy.java
+++ b/common4j/src/main/com/microsoft/identity/common/java/providers/oauth2/OAuth2Strategy.java
@@ -284,6 +284,12 @@ protected final void setTokenEndpoint(final String tokenEndpoint) throws ClientE
                     if (!StringUtil.isNullOrEmpty(slice.getDataCenter())) {
                         commonUriBuilder.setParameter(AzureActiveDirectorySlice.DC_PARAMETER, slice.getDataCenter());
                     }
+                    if (slice.getFlightParameters() != null && !slice.getFlightParameters().isEmpty()) {
+                        for (Map.Entry<String, String> entry : slice.getFlightParameters().entrySet()) {
+                            commonUriBuilder.setParameter(entry.getKey(), entry.getValue());
+                        }
+                    }
+
                     mTokenEndpoint = commonUriBuilder.build().toString();
                 } catch (final URISyntaxException e) {
                     throw new ClientException(ClientException.MALFORMED_URL, e.getMessage(), e);

From cdde054d971d43f789f018717b5ba1f246963dcf Mon Sep 17 00:00:00 2001
From: SammyO <1315628+SammyO@users.noreply.github.com>
Date: Mon, 22 Jan 2024 16:15:14 +0000
Subject: [PATCH 3/4] Add support for DC param to OpenID query

---
 .../microsoftsts/MicrosoftStsOAuth2Strategy.java       | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsOAuth2Strategy.java b/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsOAuth2Strategy.java
index 9a3326aba0..4a6511a055 100644
--- a/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsOAuth2Strategy.java
+++ b/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsOAuth2Strategy.java
@@ -62,6 +62,7 @@
 import com.microsoft.identity.common.java.providers.microsoft.MicrosoftTokenErrorResponse;
 import com.microsoft.identity.common.java.providers.microsoft.azureactivedirectory.AzureActiveDirectory;
 import com.microsoft.identity.common.java.providers.microsoft.azureactivedirectory.AzureActiveDirectoryCloud;
+import com.microsoft.identity.common.java.providers.microsoft.azureactivedirectory.AzureActiveDirectorySlice;
 import com.microsoft.identity.common.java.providers.microsoft.azureactivedirectory.ClientInfo;
 import com.microsoft.identity.common.java.providers.oauth2.AuthorizationResult;
 import com.microsoft.identity.common.java.providers.oauth2.AuthorizationResultFactory;
@@ -139,8 +140,13 @@ public MicrosoftStsOAuth2Strategy(@NonNull final MicrosoftStsOAuth2Configuration
                                       @NonNull final OAuth2StrategyParameters parameters) throws ClientException {
         super(config, parameters);
         setTokenEndpoint(config.getTokenEndpoint().toString());
-        if (parameters.isUsingOpenIdConfiguration()){
-            loadOpenIdProviderConfiguration();
+        if (parameters.isUsingOpenIdConfiguration()) {
+            if (config.getSlice() != null && config.getSlice().getDataCenter() != null) {
+                String extraParams = AzureActiveDirectorySlice.DC_PARAMETER + config.getSlice().getDataCenter();
+                loadOpenIdProviderConfiguration(extraParams);
+            } else {
+                loadOpenIdProviderConfiguration();
+            }
         }
     }
 

From 16c993246fcf43c207e155bccdbde76428a91abe Mon Sep 17 00:00:00 2001
From: SammyO <1315628+SammyO@users.noreply.github.com>
Date: Wed, 31 Jan 2024 17:40:38 +0000
Subject: [PATCH 4/4] Fix using extraParams in OpenID config call

---
 .../microsoft/microsoftsts/MicrosoftStsOAuth2Strategy.java      | 2 +-
 .../providers/oauth2/OpenIdProviderConfigurationClient.java     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsOAuth2Strategy.java b/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsOAuth2Strategy.java
index 4a6511a055..8693500c56 100644
--- a/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsOAuth2Strategy.java
+++ b/common4j/src/main/com/microsoft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsOAuth2Strategy.java
@@ -142,7 +142,7 @@ public MicrosoftStsOAuth2Strategy(@NonNull final MicrosoftStsOAuth2Configuration
         setTokenEndpoint(config.getTokenEndpoint().toString());
         if (parameters.isUsingOpenIdConfiguration()) {
             if (config.getSlice() != null && config.getSlice().getDataCenter() != null) {
-                String extraParams = AzureActiveDirectorySlice.DC_PARAMETER + config.getSlice().getDataCenter();
+                String extraParams = AzureActiveDirectorySlice.DC_PARAMETER + "=" + config.getSlice().getDataCenter();
                 loadOpenIdProviderConfiguration(extraParams);
             } else {
                 loadOpenIdProviderConfiguration();
diff --git a/common4j/src/main/com/microsoft/identity/common/java/providers/oauth2/OpenIdProviderConfigurationClient.java b/common4j/src/main/com/microsoft/identity/common/java/providers/oauth2/OpenIdProviderConfigurationClient.java
index 80ce139b21..3ceab91e6f 100644
--- a/common4j/src/main/com/microsoft/identity/common/java/providers/oauth2/OpenIdProviderConfigurationClient.java
+++ b/common4j/src/main/com/microsoft/identity/common/java/providers/oauth2/OpenIdProviderConfigurationClient.java
@@ -143,7 +143,7 @@ private synchronized OpenIdProviderConfiguration loadOpenIdProviderConfiguration
         try {
             final String uriString;
             if (extraParams != null) {
-                uriString = sanitize(tenantedAuthorityString) + WELL_KNOWN_CONFIG_PATH + extraParams;
+                uriString = sanitize(tenantedAuthorityString) + WELL_KNOWN_CONFIG_PATH + "?" + extraParams;
             } else {
                 uriString = sanitize(tenantedAuthorityString) + WELL_KNOWN_CONFIG_PATH;
             }