Better redirect URI error handling and dependency upgrade (#633)

* Better error handling for redirect URIs

* Update oauth2-oidc-sdk dependency

* Address review comments

Co-authored-by: Bogdan Gavril <[email protected]>

---------

Co-authored-by: Bogdan Gavril <[email protected]>

Author: Avery-Dunn

msal4j-sdk/pom.xml

@@ -36,7 +36,7 @@
         <dependency>
             <groupId>com.nimbusds</groupId>
             <artifactId>oauth2-oidc-sdk</artifactId>
-            <version>9.35</version>
+            <version>10.7.1</version>
         </dependency>
         <dependency>
             <groupId>net.minidev</groupId>

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/InteractiveRequest.java

@@ -10,6 +10,7 @@
 import java.net.InetAddress;
 import java.net.URI;
 import java.net.URL;
+import java.net.UnknownHostException;
 import java.security.SecureRandom;
 import java.util.Base64;
 import java.util.UUID;
@@ -55,24 +56,31 @@ URL authorizationUrl() {
     }
 
     private void validateRedirectUrl(URI redirectUri) {
+        String host = redirectUri.getHost();
+        String scheme = redirectUri.getScheme();
+        InetAddress address;
+
+        //Validate URI scheme. Only http is valid, as determined by the HttpListener created in AcquireTokenByInteractiveFlowSupplier.startHttpListener()
+        if (scheme == null || !scheme.equals("http")) {
+            throw new MsalClientException(String.format(
+                    "Only http://localhost or http://localhost:port is supported for the redirect URI of an interactive request using a browser, but \"%s\" was found. For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request", scheme),
+                    AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
+        }
+
+        //Ensure that the given redirect URI has a known address
         try {
-            if (!InetAddress.getByName(redirectUri.getHost()).isLoopbackAddress()) {
-                throw new MsalClientException(String.format(
-                        "Only loopback redirect uri is supported, but %s was found " +
-                                "Configure http://localhost or http://localhost:port both during app registration" +
-                                "and when you create the create the InteractiveRequestParameters object", redirectUri.getHost()),
-                        AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
-            }
-
-            if (!redirectUri.getScheme().equals("http")) {
-                throw new MsalClientException(String.format(
-                        "Only http uri scheme is supported but %s was found. Configure http://localhost" +
-                                "or http://localhost:port both during app registration and when you create" +
-                                " the create the InteractiveRequestParameters object", redirectUri.toString()),
-                        AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
-            }
-        } catch (Exception exception) {
-            throw new MsalClientException(exception);
+            address = InetAddress.getByName(host);
+        } catch (UnknownHostException e) {
+            throw new MsalClientException(String.format(
+                    "Unknown host exception for host \"%s\". For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request", host),
+                    AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
+        }
+
+        //Ensure that the redirect URI is considered a loopback address
+        if (address == null || !address.isLoopbackAddress()) {
+            throw new MsalClientException(
+                    "Only loopback redirect URI is supported for interactive requests. For more information about redirect URI formats, see https://aka.ms/msal4j-interactive-request",
+                    AuthenticationErrorCode.LOOPBACK_REDIRECT_URI);
         }
     }