Throw error on empty scopes

AzureAD · May 13, 2024 · 443b48e · 443b48e
1 parent 5f601a0
commit 443b48e
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 29 deletions.
diff --git a/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/states/AccountState.kt b/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/states/AccountState.kt
@@ -39,7 +39,6 @@ import com.microsoft.identity.common.internal.controllers.LocalMSALController
 import com.microsoft.identity.common.java.AuthenticationConstants
 import com.microsoft.identity.common.java.commands.CommandCallback
 import com.microsoft.identity.common.java.commands.SilentTokenCommand
-import com.microsoft.identity.common.java.controllers.BaseController
 import com.microsoft.identity.common.java.controllers.CommandDispatcher
 import com.microsoft.identity.common.java.controllers.ExceptionAdapter
 import com.microsoft.identity.common.java.dto.AccountRecord
@@ -204,7 +203,6 @@ class AccountState private constructor(
      * @throws [MsalClientException] If the the account doesn't exist in the cache.
      * @throws [ServiceException] If the refresh token doesn't exist in the cache/is expired, or the refreshing fails.
      */
-    @Deprecated("Use the getAccessToken(forceRefresh: Boolean = false, scopes: List<String>, callback: GetAccessTokenCallback) method")
     fun getAccessToken(forceRefresh: Boolean = false, callback: GetAccessTokenCallback) {
         LogSession.logMethodCall(
             tag = TAG,
@@ -229,7 +227,6 @@ class AccountState private constructor(
      *
      * @return [com.microsoft.identity.nativeauth.statemachine.results.GetAccessTokenResult] The result of the getAccessToken action
      */
-    @Deprecated("Use the getAccessToken(forceRefresh: Boolean = false, scopes: List<String>) method")
     suspend fun getAccessToken(forceRefresh: Boolean = false): GetAccessTokenResult {
         return getAccessTokenInternal(forceRefresh, AuthenticationConstants.DEFAULT_SCOPES.toList());
     }
@@ -244,8 +241,10 @@ class AccountState private constructor(
      * @return [com.microsoft.identity.nativeauth.statemachine.results.GetAccessTokenResult] The result of the getAccessToken action
      */
     suspend fun getAccessToken(forceRefresh: Boolean = false, scopes: List<String>): GetAccessTokenResult {
-        return getAccessTokenInternal(forceRefresh,
-            if (!scopes.isEmpty()) scopes else AuthenticationConstants.DEFAULT_SCOPES.toList() )
+        if (scopes.isEmpty()) {
+            throw MsalClientException(MsalClientException.INVALID_PARAMETER)
+        }
+        return getAccessTokenInternal(forceRefresh, scopes)
     }
 
     /**

diff --git a/...est/java/com/microsoft/identity/nativeauth/NativeAuthPublicClientApplicationKotlinTest.kt b/...est/java/com/microsoft/identity/nativeauth/NativeAuthPublicClientApplicationKotlinTest.kt
@@ -653,14 +653,13 @@ class NativeAuthPublicClientApplicationKotlinTest : PublicClientApplicationAbstr
 
         assertEquals(accessToken, accessTokenTwo)
 
-        val accessTokenResultThree = (getAccountResult as GetAccountResult.AccountFound).resultValue.getAccessToken(false, emptyList())
-        assertTrue(accessTokenResultThree is GetAccessTokenResult.Complete)
-
-        val accessTokenThree = (accessTokenResultThree as GetAccessTokenResult.Complete).resultValue.accessToken
-        assertNotNull(accessTokenThree)
-
-        assertEquals(accessTokenTwo, accessTokenThree)
-        assertEquals(accessToken, accessTokenThree)
+        try {
+            var accessTokenState = (getAccountResult as GetAccountResult.AccountFound).resultValue.getAccessToken(false, emptyList())
+        } catch (exception: MsalClientException) {
+            assertEquals(MsalClientException.INVALID_PARAMETER, exception.errorCode)
+            return@runTest
+        }
+        fail()
     }
 
     /**
@@ -732,13 +731,7 @@ class NativeAuthPublicClientApplicationKotlinTest : PublicClientApplicationAbstr
         val signOutResult = accountState.signOut()
         assertTrue(signOutResult is SignOutResult.Complete)
 
-        var accessTokenState = accountState.getAccessToken(false, ArrayList<String>(AuthenticationConstants.DEFAULT_SCOPES))
-        assertTrue(accessTokenState is GetAccessTokenError)
-        assertTrue((accessTokenState as GetAccessTokenError).isNoAccountFound())
-
-
-        accessTokenState = accountState.getAccessToken(false, Arrays.asList(
-            AuthenticationConstants.OAuth2Scopes.EMAIL_SCOPE))
+        val accessTokenState = accountState.getAccessToken(false, ArrayList<String>(AuthenticationConstants.DEFAULT_SCOPES))
         assertTrue(accessTokenState is GetAccessTokenError)
         assertTrue((accessTokenState as GetAccessTokenError).isNoAccountFound())
     }
@@ -775,15 +768,13 @@ class NativeAuthPublicClientApplicationKotlinTest : PublicClientApplicationAbstr
         val signOutResult = accountState.signOut()
         assertTrue(signOutResult is SignOutResult.Complete)
 
-        var accessTokenState = accountState.getAccessToken(false, emptyList())
-        assertTrue(accessTokenState is GetAccessTokenError)
-        assertTrue((accessTokenState as GetAccessTokenError).isNoAccountFound())
-
-
-        accessTokenState = accountState.getAccessToken(false, Arrays.asList(
-            AuthenticationConstants.OAuth2Scopes.EMAIL_SCOPE))
-        assertTrue(accessTokenState is GetAccessTokenError)
-        assertTrue((accessTokenState as GetAccessTokenError).isNoAccountFound())
+        try {
+            var accessTokenState = accountState.getAccessToken(false, emptyList())
+        } catch (exception: MsalClientException) {
+            assertEquals(MsalClientException.INVALID_PARAMETER, exception.errorCode)
+            return@runTest
+        }
+        fail()
     }
 
     /**