Merge pull request #1661 from AzureAD/shahzaibj/fix-ropc

Fix accidental code change that disabled PoP for auth code grant flow
AzureAD · Dec 28, 2021 · 84a018e · 84a018e
2 parents e607576 + 1f50c3f
commit 84a018e
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 11 deletions.
diff --git a/changelog.txt b/changelog.txt
@@ -64,6 +64,7 @@ V.Next
 - [PATCH] Support SSO token api (#1543)
 - [MINOR] Add flighting parameters to commmandParameters (#1562)
 - [MINOR] Hook telemetry to LocalAuthenticationResult and BaseException (#1636)
+- [PATCH] Fix accidental code change that disabled PoP for auth code grant flow (#1661)
 
 Version 3.6.3
 ----------

diff --git a/...oft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsOAuth2Strategy.java b/...oft/identity/common/java/providers/microsoft/microsoftsts/MicrosoftStsOAuth2Strategy.java
@@ -381,7 +381,26 @@ public MicrosoftStsTokenRequest createTokenRequest(@NonNull final MicrosoftStsAu
         }
 
         if (PopAuthenticationSchemeInternal.SCHEME_POP.equals(authScheme.getName())) {
-            throw new UnsupportedOperationException("MSAL Android supports ROPC on Bearer flows only for testing purposes.");
+            // Add a token_type
+            tokenRequest.setTokenType(TokenRequest.TokenType.POP);
+
+            final IDevicePopManager devicePopManager =
+                    mStrategyParameters.getPlatformComponents().getDefaultDevicePopManager();
+
+            // Generate keys if they don't already exist...
+            if (!devicePopManager.asymmetricKeyExists()) {
+                final String thumbprint = devicePopManager.generateAsymmetricKey();
+
+                Logger.verbosePII(
+                        TAG,
+                        "Generated new PoP asymmetric key with thumbprint: "
+                                + thumbprint
+                );
+            }
+
+            final String reqCnf = devicePopManager.getRequestConfirmation();
+            // Set the req_cnf
+            tokenRequest.setRequestConfirmation(reqCnf);
         }
 
         return tokenRequest;
@@ -453,16 +472,7 @@ public MicrosoftStsTokenRequest createRopcTokenRequest(@NonNull final RopcTokenC
         setTokenRequestCorrelationId(request);
 
         if (PopAuthenticationSchemeInternal.SCHEME_POP.equals(parameters.getAuthenticationScheme().getName())) {
-            request.setTokenType(TokenRequest.TokenType.POP);
-
-            final IDevicePopManager devicePopManager =
-                    mStrategyParameters.getPlatformComponents().getDefaultDevicePopManager();
-
-            if (!devicePopManager.asymmetricKeyExists()) {
-                devicePopManager.generateAsymmetricKey();
-            }
-
-            request.setRequestConfirmation(devicePopManager.getRequestConfirmation());
+            throw new UnsupportedOperationException("MSAL Android supports ROPC on Bearer flows only for testing purposes.");
         }
 
         return request;