From 1d38ce2835d28d83313fde775a396cdb14c6bda8 Mon Sep 17 00:00:00 2001
From: "yadong.zhang" <yadong.zhang0415@gmail.com>
Date: Sun, 3 Dec 2023 20:18:39 +0800
Subject: [PATCH] =?UTF-8?q?:hankey:=20=E5=BE=AE=E8=BD=AF=E5=B9=B3=E5=8F=B0?=
 =?UTF-8?q?=E9=80=82=E9=85=8D=20AzureAD=EF=BC=88=E7=9B=AE=E5=89=8D?=
 =?UTF-8?q?=E6=94=B9=E5=90=8D=E4=B8=BA=20Microsoft=20Entra=20ID=EF=BC=89?=
 =?UTF-8?q?=E7=99=BB=E5=BD=95=E8=AE=A4=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/me/zhyd/oauth/config/AuthConfig.java |  5 +++++
 .../zhyd/oauth/config/AuthDefaultSource.java  | 18 +++++++--------
 .../request/AbstractAuthMicrosoftRequest.java | 22 ++++++++++++++-----
 3 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/src/main/java/me/zhyd/oauth/config/AuthConfig.java b/src/main/java/me/zhyd/oauth/config/AuthConfig.java
index 85aa25c..084649c 100644
--- a/src/main/java/me/zhyd/oauth/config/AuthConfig.java
+++ b/src/main/java/me/zhyd/oauth/config/AuthConfig.java
@@ -181,4 +181,9 @@ public class AuthConfig {
     public String getAuthServerId() {
         return StringUtils.isEmpty(authServerId) ? "default" : authServerId;
     }
+
+    /**
+     * Microsoft Entra ID（原微软 AAD）中的租户 ID
+     */
+    private String tenantId;
 }
diff --git a/src/main/java/me/zhyd/oauth/config/AuthDefaultSource.java b/src/main/java/me/zhyd/oauth/config/AuthDefaultSource.java
index e115bfc..35b835a 100644
--- a/src/main/java/me/zhyd/oauth/config/AuthDefaultSource.java
+++ b/src/main/java/me/zhyd/oauth/config/AuthDefaultSource.java
@@ -410,17 +410,17 @@ public enum AuthDefaultSource implements AuthSource {
     FACEBOOK {
         @Override
         public String authorize() {
-            return "https://www.facebook.com/v10.0/dialog/oauth";
+            return "https://www.facebook.com/v18.0/dialog/oauth";
         }
 
         @Override
         public String accessToken() {
-            return "https://graph.facebook.com/v10.0/oauth/access_token";
+            return "https://graph.facebook.com/v18.0/oauth/access_token";
         }
 
         @Override
         public String userInfo() {
-            return "https://graph.facebook.com/v10.0/me";
+            return "https://graph.facebook.com/v18.0/me";
         }
 
         @Override
@@ -492,12 +492,12 @@ public enum AuthDefaultSource implements AuthSource {
     MICROSOFT {
         @Override
         public String authorize() {
-            return "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+            return "https://login.microsoftonline.com/%s/oauth2/v2.0/authorize";
         }
 
         @Override
         public String accessToken() {
-            return "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+            return "https://login.microsoftonline.com/%s/oauth2/v2.0/token";
         }
 
         @Override
@@ -507,7 +507,7 @@ public enum AuthDefaultSource implements AuthSource {
 
         @Override
         public String refresh() {
-            return "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+            return "https://login.microsoftonline.com/%s/oauth2/v2.0/token";
         }
 
         @Override
@@ -521,12 +521,12 @@ public enum AuthDefaultSource implements AuthSource {
     MICROSOFT_CN {
         @Override
         public String authorize() {
-            return "https://login.partner.microsoftonline.cn/common/oauth2/v2.0/authorize";
+            return "https://login.partner.microsoftonline.cn/%s/oauth2/v2.0/authorize";
         }
 
         @Override
         public String accessToken() {
-            return "https://login.partner.microsoftonline.cn/common/oauth2/v2.0/token";
+            return "https://login.partner.microsoftonline.cn/%s/oauth2/v2.0/token";
         }
 
         @Override
@@ -536,7 +536,7 @@ public enum AuthDefaultSource implements AuthSource {
 
         @Override
         public String refresh() {
-            return "https://login.partner.microsoftonline.cn/common/oauth2/v2.0/token";
+            return "https://login.partner.microsoftonline.cn/%s/oauth2/v2.0/token";
         }
 
         @Override
diff --git a/src/main/java/me/zhyd/oauth/request/AbstractAuthMicrosoftRequest.java b/src/main/java/me/zhyd/oauth/request/AbstractAuthMicrosoftRequest.java
index 2195d5e..cfd25b1 100644
--- a/src/main/java/me/zhyd/oauth/request/AbstractAuthMicrosoftRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AbstractAuthMicrosoftRequest.java
@@ -16,6 +16,7 @@ import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.AuthScopeUtils;
 import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.StringUtils;
 import me.zhyd.oauth.utils.UrlBuilder;
 
 import java.util.Map;
@@ -126,9 +127,16 @@ public abstract class AbstractAuthMicrosoftRequest extends AuthDefaultRequest {
      */
     @Override
     public String authorize(String state) {
-        return UrlBuilder.fromBaseUrl(super.authorize(state))
+        // 兼容 Microsoft Entra ID 登录（原微软 AAD）
+        // @since 1.16.6
+        String tenantId = StringUtils.isEmpty(config.getTenantId()) ? "common" : config.getTenantId();
+        return UrlBuilder.fromBaseUrl(String.format(source.authorize(), tenantId))
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("state", getRealState(state))
             .queryParam("response_mode", "query")
-            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
+            .queryParam("scope", this.getScopes(" ", false, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
             .build();
     }
 
@@ -140,12 +148,13 @@ public abstract class AbstractAuthMicrosoftRequest extends AuthDefaultRequest {
      */
     @Override
     protected String accessTokenUrl(String code) {
-        return UrlBuilder.fromBaseUrl(source.accessToken())
+        String tenantId = StringUtils.isEmpty(config.getTenantId()) ? "common" : config.getTenantId();
+        return UrlBuilder.fromBaseUrl(String.format(source.accessToken(), tenantId))
             .queryParam("code", code)
             .queryParam("client_id", config.getClientId())
             .queryParam("client_secret", config.getClientSecret())
             .queryParam("grant_type", "authorization_code")
-            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
+            .queryParam("scope", this.getScopes(" ", false, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
             .queryParam("redirect_uri", config.getRedirectUri())
             .build();
     }
@@ -169,12 +178,13 @@ public abstract class AbstractAuthMicrosoftRequest extends AuthDefaultRequest {
      */
     @Override
     protected String refreshTokenUrl(String refreshToken) {
-        return UrlBuilder.fromBaseUrl(source.refresh())
+        String tenantId = StringUtils.isEmpty(config.getTenantId()) ? "common" : config.getTenantId();
+        return UrlBuilder.fromBaseUrl(String.format(source.refresh(), tenantId))
             .queryParam("client_id", config.getClientId())
             .queryParam("client_secret", config.getClientSecret())
             .queryParam("refresh_token", refreshToken)
             .queryParam("grant_type", "refresh_token")
-            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
+            .queryParam("scope", this.getScopes(" ", false, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
             .queryParam("redirect_uri", config.getRedirectUri())
             .build();
     }