HNeukermans · c-robison · Mar 10, 2017 · Mar 10, 2017 · Mar 10, 2017 · Mar 10, 2017
diff --git a/src/aad.redirect.processor.spec.ts b/src/aad.redirect.processor.spec.ts
@@ -1,6 +1,6 @@
 import { QueryStringDeserializer } from './query.string.deserializer';
 import { UserDecoder } from './user.decoder';
-import { LocalStorage } from './local.storage';
+import { SessionStorage } from './local.storage';
 import { Constants } from './constants';
 import { AadProductionTokenSample, AadProductionRedirectHash, AadProductionUserProfileSample } from './scenario/a.production.aad.response';
 import { AadRedirectProcessor } from './aad.redirect.processor';
@@ -9,7 +9,7 @@ describe('AadRedirectProcessor', () => {
     'use strict';
 
     beforeEach(() => {
-        this.localStorage = new LocalStorage();
+        this.localStorage = new SessionStorage();
         this.window = <Window>{ location: { hash: '' } };
         this.window.location.assign = function () { };
         this.userDecoder = new UserDecoder();

diff --git a/src/aad.redirect.processor.ts b/src/aad.redirect.processor.ts
@@ -8,17 +8,24 @@ export class AadRedirectProcessor {
     constructor(private queryStringDeserializer: QueryStringDeserializer, private userDecoder: UserDecoder, private storage: Storage, private window: Window) {
     }
 
-    public process(): boolean {
+    public process(): string {
 
         let deserializedHash = this.queryStringDeserializer.deserialize(this.window.location.hash);
         let aadRedirect = new AadRedirectUrl(deserializedHash);
         if (aadRedirect.isAadRedirect()) {
-            let userProfile = this.userDecoder.decode(aadRedirect.idToken || aadRedirect.accesToken);
-            this.storage.setItem(Constants.STORAGE.IDTOKEN, aadRedirect.idToken || '');
-            this.storage.setItem(Constants.STORAGE.ACCESSTOKEN, aadRedirect.accesToken || '');
-            this.window.location.assign(this.storage.getItem(Constants.STORAGE.LOGIN_REQUEST));
+            if (aadRedirect.state === this.storage.getItem(Constants.STORAGE.STATE_LOGIN)) {
+                let userProfile = this.userDecoder.decode(aadRedirect.idToken);
+                if (userProfile.nonce === this.storage.getItem(Constants.STORAGE.NONCE_IDTOKEN)) {
+                    this.storage.setItem(Constants.STORAGE.IDTOKEN, aadRedirect.idToken || '');
+                    this.storage.setItem(Constants.STORAGE.ACCESSTOKEN, aadRedirect.accessToken || '');
+                    // TODO take expiresin and create timestamp for expiration.
+                    this.storage.setItem(Constants.STORAGE.EXPIRATION_KEY, aadRedirect.expiresIn);
+                    this.storage.setItem(Constants.STORAGE.SCOPE, aadRedirect.scope);
+                    this.window.location.assign(this.storage.getItem(Constants.STORAGE.LOGIN_REQUEST));
+                    return(this.storage.getItem(Constants.STORAGE.POST_LOGIN));
+                }
+            }
         }
-
-        return aadRedirect.isAadRedirect();
+        return;
     }
 }
diff --git a/src/aad.redirect.url.ts b/src/aad.redirect.url.ts
@@ -12,15 +12,23 @@ export class AadRedirectUrl {
         return this.object[Constants.EXPIRES_IN];
     }
 
-    get accesToken() {
+    get accessToken() {
         return this.object[Constants.ACCESS_TOKEN];
     }
 
     get sessionState() {
         return this.object[Constants.SESSION_STATE];
     }
 
-    public isAadRedirect() {
+    get state() {
+        return this.object[Constants.STATE];
+    }
+
+    get scope() {
+        return this.object[Constants.SCOPE];
+    }
+
+    public isAadRedirect(): boolean {
         return (
             this.object.hasOwnProperty(Constants.ERROR_DESCRIPTION) ||
             this.object.hasOwnProperty(Constants.ACCESS_TOKEN) ||

diff --git a/src/aad.url.builder.spec.ts b/src/aad.url.builder.spec.ts
@@ -59,6 +59,7 @@ describe('AadUrlBuilder', () => {
             responseType: 'id_token',
             clientId: new GuidGenerator().generate(),
             redirectUri: 'http://ng2a-hneu-web-ui.azurewebsites.net/',
+            scope: 'openid',
             state: new GuidGenerator().generate(),
             clientRequestId: new GuidGenerator().generate(),
             libVersion: '1.0.0'

diff --git a/src/aad.url.builder.ts b/src/aad.url.builder.ts
@@ -8,6 +8,7 @@ export class AadUrlBuilder {
     private clientId: string;
     private resource: string;
     private redirectUri: string;
+    private scope: string;
     private state: string;
     private slice: string;
     private clientRequestId: string;
@@ -33,6 +34,7 @@ export class AadUrlBuilder {
         this.clientId = options.clientId;
         this.responseType = options.responseType || this.responseType;
         this.redirectUri = options.redirectUri || this.redirectUri;
+        this.scope = options.scope;
         this.state = options.state;
         this.slice = options.slice || this.slice;
         this.clientRequestId = options.clientRequestId || this.clientRequestId;
@@ -43,7 +45,7 @@ export class AadUrlBuilder {
 
     public build() {
 
-        var urlNavigate = AadUrlBuilder.MicrosoftLoginUrl + this.tenant + '/oauth2/authorize';
+        var urlNavigate = AadUrlBuilder.MicrosoftLoginUrl + this.tenant + '/oauth2/v2.0/authorize';
         urlNavigate = urlNavigate + this.serialize() + this.addLibMetadata();
         urlNavigate = urlNavigate + '&nonce=' + encodeURIComponent(this.nonce);
         return urlNavigate;
@@ -59,6 +61,7 @@ export class AadUrlBuilder {
         }
 
         str.push('redirect_uri=' + encodeURIComponent(this.redirectUri));
+        str.push('scope=' + encodeURIComponent(this.scope));
         str.push('state=' + encodeURIComponent(this.state));
 
         if (this.slice) {

diff --git a/src/aad.url.config.ts b/src/aad.url.config.ts
@@ -5,6 +5,7 @@ export interface AadUrlConfig {
     clientId: string;
     responseType?: string;
     redirectUri?: string;
+    scope: string;
     state: string;
     slice?: string;
     clientRequestId?: string;

diff --git a/src/adal.config.ts b/src/adal.config.ts
@@ -1,10 +1,16 @@
 export class AdalConfig {
     public resource: string;
-    constructor(public clientId: string,
-        public tenant: string,
-        public redirectUri: string,
-        public postLogoutRedirectUrl?: string,
-        public responseType?: string,
-        public extraQueryParameter?: string) {
+    constructor(public tenant: string,
+                public clientId: string,
+                public responseType: string,
+                public redirectUri: string,
+                public scope: string,
+                public response_mode?: string,
+                public state?: string,
+                public nonce?: string,
+                public prompt?: string,
+                public login_hint?: string,
+                public domain_hint?: string,
+                public postLogoutRedirectUrl?: string) {
     };
 }
diff --git a/src/authentication.context.spec.ts b/src/authentication.context.spec.ts
@@ -1,6 +1,6 @@
 /// <reference path="./../node_modules/@types/jasmine/index.d.ts" />
 import { AuthenticationContext } from './authentication.context';
-import { LocalStorage } from './local.storage';
+import { SessionStorage } from './local.storage';
 import { Navigator } from './navigator';
 import { AadUrlBuilder } from './aad.url.builder';
 import { AadLogoutUrlBuilder } from './aad.logout.url.builder';
@@ -16,7 +16,7 @@ describe('AuthenticationContext', () => {
 
     beforeEach(() => {
         this.config = ATenantConfig;
-        this.localStorage = new LocalStorage();
+        this.localStorage = new SessionStorage();
         this.navigator = new Navigator();
         this.guidGenerator = new GuidGenerator();
         this.aadUrlBuilder = new AadUrlBuilder(this.guidGenerator);

diff --git a/src/authentication.context.ts b/src/authentication.context.ts
@@ -60,10 +60,12 @@ export class AuthenticationContext {
         this.loginInProgress = true;
     }
 
-    public getUser(): User {
-        let idtoken = this.storage.getItem(Constants.STORAGE.IDTOKEN) || this.storage.getItem(Constants.STORAGE.ACCESSTOKEN);
+    public getUser(token?: string): User {
+        if (token == null) {
+            token = this.storage.getItem(Constants.STORAGE.IDTOKEN) || this.storage.getItem(Constants.STORAGE.ACCESSTOKEN);
+        }
         try {
-            let user = this.userDecoder.decode(idtoken);
+            let user = this.userDecoder.decode(token);
             return user;
         } catch (error) {
             if (console && console.debug) console.debug('getUser() returns null on catched error. Details >> ' + error.toString());

diff --git a/src/authentication.spec.ts b/src/authentication.spec.ts
@@ -1,7 +1,7 @@
 /// <reference path="./../node_modules/@types/jasmine/index.d.ts" />
 import { AuthenticationContext } from './authentication.context';
 import { Authentication } from './authentication';
-import { LocalStorage } from './local.storage';
+import { SessionStorage } from './local.storage';
 import { AdalConfig } from './adal.config';
 import { Navigator } from './navigator';
 import { AadUrlBuilder } from './aad.url.builder';

diff --git a/src/authentication.ts b/src/authentication.ts
@@ -1,5 +1,5 @@
 import { AuthenticationContext } from './authentication.context';
-import { LocalStorage } from './local.storage';
+import { SessionStorage } from './local.storage';
 import { Navigator } from './navigator';
 import { AadUrlBuilder } from './aad.url.builder';
 import { GuidGenerator } from './guid.generator';
@@ -18,11 +18,9 @@ export class Authentication {
 
     public static getContext(configuration: AdalConfig): AuthenticationContext {
 
-        console.log('getContext...');
-
         let context = new AuthenticationContext(
             configuration,
-            new LocalStorage(),
+            new SessionStorage(),
             new Navigator(),
             new GuidGenerator(),
             new AadUrlBuilder(new GuidGenerator()),
@@ -37,7 +35,7 @@ export class Authentication {
         let p = new AadRedirectProcessor(
             new QueryStringDeserializer(),
             new UserDecoder(),
-            new LocalStorage(),
+            new SessionStorage(),
             window);
         return p;
     }

diff --git a/src/constants.ts b/src/constants.ts
@@ -4,6 +4,8 @@ export const Constants = {
     ID_TOKEN: 'id_token',
     ERROR_DESCRIPTION: 'error_description',
     SESSION_STATE: 'session_state',
+    STATE: 'state',
+    SCOPE: 'scope',
     STORAGE: {
         TOKEN_KEYS: 'adal.token.keys',
         ACCESS_TOKEN_KEY: 'adal.access.token.key',
@@ -19,7 +21,9 @@ export const Constants = {
         ERROR_DESCRIPTION: 'adal.error.description',
         LOGIN_REQUEST: 'adal.login.request',
         LOGIN_ERROR: 'adal.login.error',
-        RENEW_STATUS: 'adal.token.renew.status'
+        RENEW_STATUS: 'adal.token.renew.status',
+        SCOPE: 'adal.scope',
+        POST_LOGIN: 'adal.post.login'
     },
     RESOURCE_DELIMETER: '|',
     LOADFRAME_TIMEOUT: '6000',

diff --git a/src/local.storage.ts b/src/local.storage.ts
@@ -1,10 +1,10 @@
 import { Storage } from './storage';
-export class LocalStorage implements Storage {
+export class SessionStorage implements Storage {
     public setItem(key: string, value: string): void {
-        localStorage.setItem(key, value);
+        sessionStorage.setItem(key, value);
     }
 
     public getItem(key: string): string {
-        return localStorage.getItem(key);
+        return sessionStorage.getItem(key);
     }
 }
diff --git a/src/scenario/a.production.adal.config.ts b/src/scenario/a.production.adal.config.ts
@@ -1,7 +1,7 @@
 import { AdalConfig } from '../adal.config';
 
-export const ATenantConfig = new AdalConfig('61bdbb45-4004-48e3-4444-e4f1740661c8', 'unittest.onmicrosoft.com', 'http://localhost/login', 'http://localhost/logout');
-export const ATenantConfig_AcessToken = new AdalConfig('0113255e-cecc-4ad1-b101-08822ea5d0da', 'friden.onmicrosoft.com', 'http://localhost:4200', '', 'token', 'resource=https://friden.sharepoint.com');
+export const ATenantConfig = new AdalConfig('unittest.onmicrosoft.com', '61bdbb45-4004-48e3-4444-e4f1740661c8', 'http://localhost/login', 'id_token', 'openid', 'fragment', '', '', 'http://localhost/logout');
+export const ATenantConfig_AcessToken = new AdalConfig('friden.onmicrosoft.com', '0113255e-cecc-4ad1-b101-08822ea5d0da', 'http://localhost:4200', 'token', 'openid', 'fragment', '', 'resource=https://friden.sharepoint.com');
 
 export const ATenantUrl = 'https://login.microsoftonline.com/unittest.onmicrosoft.com/oauth2/authorize?response_type=id_token&' +
     'client_id=61bdbb45-4004-48e3-4444-e4f1740661c8&redirect_uri=http%3A%2F%2Flocalhost&state=xxx&client-request-id=xxx&x-client-SKU=Js&x-client-Ver=1.0.0&nonce=xxx';

diff --git a/src/user.ts b/src/user.ts
@@ -12,6 +12,7 @@ export interface User {
     nonce?: string;
     oid?: string;
     platf?: string;
+    profile?: any;
     sub?: string;
     tid?: string;
     unique_name: string;