Update cache keys for MSI scenarios

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/AbstractApplicationBase.java

@@ -59,6 +59,10 @@ public abstract class AbstractApplicationBase implements IApplicationBase {
     @Getter
     private Integer readTimeoutForDefaultHttpClient;
 
+    @Accessors(fluent = true)
+    @Getter(AccessLevel.PACKAGE)
+    String tenant;
+
     //The following fields are set in only some applications and/or set internally by the library. To avoid excessive
     // type casting throughout the library they are defined here as package-private, but will not be part of this class's Builder
     @Accessors(fluent = true)

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ConfidentialClientApplication.java

@@ -87,6 +87,8 @@ private ConfidentialClientApplication(Builder builder) {
         log = LoggerFactory.getLogger(ConfidentialClientApplication.class);
 
         initClientAuthentication(builder.clientCredential);
+
+        this.tenant = this.authenticationAuthority.tenant;
     }
 
     private void initClientAuthentication(IClientCredential clientCredential) {

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/Constants.java

@@ -13,6 +13,7 @@ final class Constants {
 
     public static final String MANAGED_IDENTITY_CLIENT_ID = "client_id";
     public static final String MANAGED_IDENTITY_RESOURCE_ID = "mi_res_id";
+    public static final String MANAGED_IDENTITY_DEFAULT_TENTANT = "managed_identity";
 
     public static final String IDENTITY_ENDPOINT = "IDENTITY_ENDPOINT";
     public static final String IDENTITY_HEADER = "IDENTITY_HEADER";

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityApplication.java

@@ -24,9 +24,12 @@ public class ManagedIdentityApplication extends AbstractApplicationBase implemen
 
     private ManagedIdentityApplication(Builder builder) {
         super(builder);
-        this.managedIdentityId = builder.managedIdentityId;
+
         log = LoggerFactory.getLogger(ManagedIdentityApplication.class);
         super.tokenCache = sharedTokenCache;
+
+        this.managedIdentityId = builder.managedIdentityId;
+        this.tenant = Constants.MANAGED_IDENTITY_DEFAULT_TENTANT;
     }
 
     @Override

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/ManagedIdentityParameters.java

@@ -45,7 +45,7 @@ public Map<String, String> extraHttpHeaders() {
 
     @Override
     public String tenant() {
-        return "managed_identity";
+        return Constants.MANAGED_IDENTITY_DEFAULT_TENTANT;
     }
 
     @Override

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java

@@ -122,6 +122,7 @@ private PublicClientApplication(Builder builder) {
         log = LoggerFactory.getLogger(PublicClientApplication.class);
         this.clientAuthentication = new ClientAuthenticationPost(ClientAuthenticationMethod.NONE,
                 new ClientID(clientId()));
+        this.tenant = this.authenticationAuthority.tenant;
     }
 
     @Override

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenCache.java

@@ -252,7 +252,7 @@ private static AccessTokenCacheEntity createAccessTokenCacheEntity(TokenRequestE
         at.environment(environmentAlias);
         at.clientId(tokenRequestExecutor.getMsalRequest().application().clientId());
         at.secret(authenticationResult.accessToken());
-        at.realm(tokenRequestExecutor.requestAuthority.tenant());
+        at.realm(tokenRequestExecutor.tenant);
 
         String scopes = !StringHelper.isBlank(authenticationResult.scopes()) ? authenticationResult.scopes() :
                 tokenRequestExecutor.getMsalRequest().msalAuthorizationGrant().getScopes();
@@ -289,7 +289,7 @@ private static IdTokenCacheEntity createIdTokenCacheEntity(TokenRequestExecutor
         idToken.environment(environmentAlias);
         idToken.clientId(tokenRequestExecutor.getMsalRequest().application().clientId());
         idToken.secret(authenticationResult.idToken());
-        idToken.realm(tokenRequestExecutor.requestAuthority.tenant());
+        idToken.realm(tokenRequestExecutor.tenant);
 
         if (tokenRequestExecutor.getMsalRequest() instanceof OnBehalfOfRequest) {
             OnBehalfOfRequest onBehalfOfRequest = (OnBehalfOfRequest) tokenRequestExecutor.getMsalRequest();

msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/TokenRequestExecutor.java

@@ -23,13 +23,17 @@ class TokenRequestExecutor {
     Logger log = LoggerFactory.getLogger(TokenRequestExecutor.class);
 
     final Authority requestAuthority;
+    final String tenant;
     private final MsalRequest msalRequest;
     private final ServiceBundle serviceBundle;
 
     TokenRequestExecutor(Authority requestAuthority, MsalRequest msalRequest, ServiceBundle serviceBundle) {
         this.requestAuthority = requestAuthority;
         this.serviceBundle = serviceBundle;
         this.msalRequest = msalRequest;
+        this.tenant = msalRequest.requestContext().apiParameters().tenant() == null ?
+                msalRequest.application().tenant() :
+                msalRequest.requestContext().apiParameters().tenant() ;
     }
 
     AuthenticationResult executeTokenRequest() throws ParseException, IOException {