Web Apps account id registry, Fixes AB#3406762 (#2787)

melissaahn · web-flow · commit 0b88339c6e3a · 2025-10-22T17:26:53.000-07:00
[AB#3406762](https://identitydivision.visualstudio.com/Engineering/_workitems/edit/3406762) ### Summary The WebAppsAccountIdRegistry maps account ids to sets of client ids. This class is created for the purpose of the Edge TB APIs work, where it will be used for the getToken operation (silent case where we want to check that the user has signed into this webapp before) and the SignOut operation (to remember which web apps we need to sign out of). Broker PR for the SignOut operation using this registry will follow.
diff --git a/changelog.txt b/changelog.txt
@@ -12,6 +12,7 @@ vNext
 - [MINOR] Added error handling when webcp redirects have browser protocol #2767
 - [PATCH] Fix for app link redirect from CCT due to forced browser preference (#2775)
 - [MINOR] getAllSsoTokens method for Edge (#2774)
+- [MINOR] WebApps AccountId Registry (#2787)
 
 Version 22.1.3
 ----------
diff --git a/common/src/main/java/com/microsoft/identity/common/internal/cache/WebAppsAccountIdRegistry.kt b/common/src/main/java/com/microsoft/identity/common/internal/cache/WebAppsAccountIdRegistry.kt
@@ -0,0 +1,187 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.cache
+
+import com.microsoft.identity.common.java.cache.IMultiTypeNameValueStorage
+import com.microsoft.identity.common.java.interfaces.IStorageSupplier
+import com.microsoft.identity.common.java.util.ObjectMapper
+import com.microsoft.identity.common.logging.Logger
+import java.util.concurrent.locks.ReentrantReadWriteLock
+import kotlin.concurrent.read
+import kotlin.concurrent.write
+
+/**
+ * A registry that maps home account IDs to sets of web app client IDs.
+ *
+ * This is used to track which web applications are associated with which accounts,
+ * enabling coordinated sign-out and management of web app sessions.
+ */
+class WebAppsAccountIdRegistry private constructor(
+    private val storage: IMultiTypeNameValueStorage
+){
+    companion object {
+        private val TAG = WebAppsAccountIdRegistry::class.java.simpleName
+        private const val WEBAPPS_ACCOUNT_ID_REGISTRY_STORAGE_KEY = "WebAppsAccountIdRegistryStorageKey"
+        private val rwLock = ReentrantReadWriteLock()
+
+        /**
+         * Factory method to create an instance of [WebAppsAccountIdRegistry].
+         *
+         * @param supplier The storage supplier.
+         * @return A new instance of [WebAppsAccountIdRegistry].
+         */
+        fun create(supplier: IStorageSupplier): WebAppsAccountIdRegistry {
+            val store = supplier.getEncryptedFileStore(WEBAPPS_ACCOUNT_ID_REGISTRY_STORAGE_KEY)
+            return WebAppsAccountIdRegistry(store)
+        }
+    }
+
+    /**
+     * Deserialize a JSON string into a set of client IDs.
+     *
+     * @param raw The JSON string to deserialize.
+     * @return A mutable set of client IDs.
+     */
+    private fun deserializeSet(raw: String?): MutableSet<String> {
+        if (raw.isNullOrBlank()) return mutableSetOf()
+        return try {
+            ObjectMapper.deserializeJsonStringToObject(raw, Array<String>::class.java).toMutableSet()
+        } catch (e: Exception) {
+            Logger.warn(TAG, "Failed to deserialize set: ${e.message}")
+            mutableSetOf()
+        }
+    }
+
+    /**
+     * Serialize the set of client IDs to a JSON string.
+     *
+     * @param set The set of client IDs to serialize.
+     * @return The JSON string representation of the set.
+     */
+    private fun serializeSet(set: Set<String>): String {
+        return ObjectMapper.serializeObjectToJsonString(set)
+    }
+
+    /**
+     * Load the account entry from storage.
+     *
+     * @param homeAccountId The home account ID to load.
+     * @return A set of client IDs associated with the given account ID. Or an empty set if none exist.
+     */
+    private fun loadClientIdsForAccount(homeAccountId: String): MutableSet<String>{
+        return deserializeSet(storage.getString(homeAccountId))
+    }
+
+    /**
+     * Save the account entry to storage.
+     *
+     * @param homeAccountId The home account ID.
+     * @param set The set of client IDs to associate with the account ID.
+     */
+    private fun saveAccount(homeAccountId: String, set: Set<String>) {
+        storage.putString(homeAccountId, serializeSet(set))
+    }
+
+
+    /**
+     * Remove the account entry from storage.
+     *
+     * @param homeAccountId The account ID to remove.
+     */
+    private fun removeAccountStorage(homeAccountId: String) {
+        try {
+            storage.remove(homeAccountId)
+        } catch (e: Exception) {
+            storage.putString(homeAccountId, null)
+        }
+    }
+
+    /**
+     * Add a client ID to the set associated with the given account ID.
+     *
+     * @param homeAccountId The account ID.
+     * @param clientId The client ID to add.
+     */
+    fun addClient(homeAccountId: String, clientId: String) {
+        rwLock.write {
+            val set = loadClientIdsForAccount(homeAccountId)
+            if (set.add(clientId)) {
+                saveAccount(homeAccountId, set)
+            }
+        }
+    }
+    /**
+     * Remove a client ID from the set associated with the given account ID.
+     * If the set becomes empty after removal, the account ID is also removed from the registry.
+     *
+     * @param homeAccountId The account ID.
+     * @param clientId The client ID to remove.
+     */
+    fun removeClient(homeAccountId: String, clientId: String) {
+        rwLock.write {
+            val set = loadClientIdsForAccount(homeAccountId)
+            if (!set.remove(clientId)) return
+            if (set.isEmpty()) {
+                removeAccountStorage(homeAccountId)
+            } else {
+                saveAccount(homeAccountId, set)
+            }
+        }
+    }
+
+    /** Get the set of client IDs associated with the given account ID.
+     *
+     * @param homeAccountId The account ID.
+     * @return A set of client IDs associated with the account ID, or an empty set if none exist.
+     */
+    fun getClients(homeAccountId: String): Set<String> {
+        return rwLock.read {
+            loadClientIdsForAccount(homeAccountId).toSet()
+        }
+    }
+
+    /** Check if the registry contains the given client ID for the specified account ID.
+     *
+     * @param homeAccountId The account ID.
+     * @param clientId The client ID to check for.
+     * @return True if the client ID is associated with the account ID, false otherwise.
+     */
+    fun contains(homeAccountId: String, clientId: String): Boolean {
+        return rwLock.read {
+            loadClientIdsForAccount(homeAccountId).contains(clientId)
+        }
+    }
+
+    /**
+     * Remove the given account ID and all its associated client IDs from the registry.
+     *
+     * @param homeAccountId The account ID to remove.
+     */
+    fun removeAccount(homeAccountId: String) {
+        rwLock.write {
+            val set = loadClientIdsForAccount(homeAccountId)
+            if (set.isEmpty()) return
+            removeAccountStorage(homeAccountId)
+        }
+    }
+}
diff --git a/common/src/test/java/com/microsoft/identity/common/internal/cache/WebAppsAccountIdRegistryTest.kt b/common/src/test/java/com/microsoft/identity/common/internal/cache/WebAppsAccountIdRegistryTest.kt
@@ -0,0 +1,145 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.cache
+
+import com.microsoft.identity.common.components.InMemoryStorageSupplier
+import org.junit.Assert
+import org.junit.Test
+
+class WebAppsAccountIdRegistryTest {
+    private val accountId1 = "11111111-1111-1111-1111-111111111111.aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
+    private val accountId2 = "22222222-2222-2222-2222-222222222222.bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb"
+    private val accountId3 = "33333333-3333-3333-3333-333333333333.cccccccc-cccc-cccc-cccc-cccccccccccc"
+
+    private val clientId1 = "99999999-1111-4444-8888-121212121212"
+    private val clientId2 = "aaaaaaaa-2222-5555-9999-131313131313"
+    private val clientId3 = "bbbbbbbb-3333-6666-aaaa-141414141414"
+
+    @Test
+    fun testAddClient_veryBasicTest() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        Assert.assertEquals(1, registry.getClients(accountId1).size)
+    }
+
+    @Test
+    fun testRemoveClient_veryBasicTest() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        registry.addClient(accountId1, clientId2)
+        Assert.assertEquals(2, registry.getClients(accountId1).size)
+        registry.removeClient(accountId1, clientId1)
+        Assert.assertEquals(1, registry.getClients(accountId1).size)
+    }
+
+    @Test
+    fun testRemoveClient_accountEntryCleanedUp() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        registry.removeClient(accountId1, clientId1)
+        Assert.assertEquals(0, registry.getClients(accountId1).size)
+    }
+
+    @Test
+    fun testManyCombinedAddAndRemove() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        registry.addClient(accountId1, clientId2)
+        registry.addClient(accountId2, clientId1)
+        registry.addClient(accountId2, clientId3)
+        registry.addClient(accountId3, clientId1)
+        Assert.assertEquals(2, registry.getClients(accountId1).size)
+        Assert.assertEquals(2, registry.getClients(accountId2).size)
+        Assert.assertEquals(1, registry.getClients(accountId3).size)
+
+        registry.removeClient(accountId1, clientId1)
+        Assert.assertEquals(1, registry.getClients(accountId1).size)
+
+        registry.removeClient(accountId1, clientId2)
+        Assert.assertEquals(0, registry.getClients(accountId1).size)
+
+        registry.removeClient(accountId2, clientId3)
+        Assert.assertEquals(1, registry.getClients(accountId2).size)
+
+        registry.removeClient(accountId2, clientId1)
+        Assert.assertEquals(0, registry.getClients(accountId2).size)
+
+        registry.removeClient(accountId3, clientId1)
+        Assert.assertEquals(0, registry.getClients(accountId3).size)
+    }
+
+    @Test
+    fun testAddClient_addSameClient() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        registry.addClient(accountId1, clientId1)
+        Assert.assertEquals(1, registry.getClients(accountId1).size)
+    }
+
+    @Test
+    fun testRemoveAccount_removeAccount() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        registry.addClient(accountId1, clientId2)
+        registry.addClient(accountId2, clientId1)
+        registry.removeAccount(accountId1)
+        Assert.assertEquals(0, registry.getClients(accountId1).size)
+        Assert.assertEquals(1, registry.getClients(accountId2).size)
+    }
+
+    @Test
+    fun testContains_containsClientId() {
+        val registry = createRegistry()
+        registry.addClient(accountId1, clientId1)
+        Assert.assertTrue(registry.contains(accountId1, clientId1))
+        Assert.assertFalse(registry.contains(accountId1, clientId2))
+        Assert.assertFalse(registry.contains(accountId2, clientId1))
+    }
+
+    @Test
+    fun testPersistenceAcrossInstances() {
+        val storageSupplier = InMemoryStorageSupplier()
+        val registry1 = WebAppsAccountIdRegistry.create(storageSupplier)
+        registry1.addClient(accountId1, clientId1)
+        registry1.addClient(accountId1, clientId2)
+        registry1.addClient(accountId2, clientId1)
+
+        val registry2 = WebAppsAccountIdRegistry.create(storageSupplier)
+        Assert.assertEquals(2, registry2.getClients(accountId1).size)
+        Assert.assertEquals(1, registry2.getClients(accountId2).size)
+
+        registry2.removeClient(accountId1, clientId1)
+        Assert.assertEquals(1, registry2.getClients(accountId1).size)
+
+        val registry3 = WebAppsAccountIdRegistry.create(storageSupplier)
+        Assert.assertEquals(1, registry3.getClients(accountId1).size)
+        Assert.assertEquals(1, registry3.getClients(accountId2).size)
+
+        registry3.removeAccount(accountId2)
+        Assert.assertEquals(0, registry3.getClients(accountId2).size)
+    }
+
+    private fun createRegistry(): WebAppsAccountIdRegistry {
+        return WebAppsAccountIdRegistry.create(InMemoryStorageSupplier())
+    }
+}
