Fixing issue where the redirect URI is checked incorrectly when perfo… (

#1326) * Fixing issue where the redirect URI is checked incorrectly when performing the silent authentication broker flow. * Refactoring check for redirect URI. * Refactoring
AzureAD · Oct 16, 2018 · 5fd5dcc · 5fd5dcc
1 parent 939a5eb
commit 5fd5dcc
Showing 1 changed file with 17 additions and 5 deletions.
diff --git a/adal/src/Microsoft.IdentityModel.Clients.ActiveDirectory/Platforms/android/BrokerProxy.cs b/adal/src/Microsoft.IdentityModel.Clients.ActiveDirectory/Platforms/android/BrokerProxy.cs
@@ -415,12 +415,8 @@ private Bundle GetBrokerOptions(AuthenticationRequest request)
             brokerOptions.PutInt("json", 1);
             brokerOptions.PutString(BrokerConstants.AccountResource,
                 request.Resource);
-            string computedRedirectUri = GetRedirectUriForBroker();
 
-            if (!string.Equals(computedRedirectUri, request.RedirectUri, StringComparison.OrdinalIgnoreCase))
-            {
-                throw new AdalException(AdalError.BrokerRedirectUriIncorrectFormat, string.Format(CultureInfo.CurrentCulture, AdalErrorMessage.BrokerRedirectUriIncorrectFormat, computedRedirectUri));
-            }
+            ValidateBrokerRedirectURI(request);
 
             brokerOptions.PutString(BrokerConstants.AccountRedirect, request.RedirectUri);
             brokerOptions.PutString(BrokerConstants.AccountClientIdKey,
@@ -454,6 +450,22 @@ private Bundle GetBrokerOptions(AuthenticationRequest request)
             return brokerOptions;
         }
 
+        private void ValidateBrokerRedirectURI(AuthenticationRequest request)
+        {
+            //During the silent broker flow, the redirect URI will be null.
+            if (string.IsNullOrEmpty(request.RedirectUri))
+            {
+                return;
+            }
+
+            string computedRedirectUri = GetRedirectUriForBroker();
+
+            if (!string.Equals(computedRedirectUri, request.RedirectUri, StringComparison.OrdinalIgnoreCase))
+            {
+                throw new AdalException(AdalError.BrokerRedirectUriIncorrectFormat, string.Format(CultureInfo.CurrentCulture, AdalErrorMessage.BrokerRedirectUriIncorrectFormat, computedRedirectUri));
+            }
+        }
+
         private bool CheckAccount(AccountManager am, string username, string uniqueId)
         {
             AuthenticatorDescription[] authenticators = am.GetAuthenticatorTypes();