Current logic of matching credentials only compares requested claims when we specify requested claims.
So, if there are 2 accesss tokens in storage:
AT1 - with no requested claims specified
AT2 - with a specific requested claims RC2
And then we query the storage without specifying any claims, current logic returns both AT1 and AT2.
The proposed change overrides getCredentialsFilteredBy() adding an extra boolean mustMatchExactClaims. When this parameter is set, we match claims explicitly even when no claims are provided. In the case above, only AT1 will be returned.
We will call this new overloaded method from MSAL CPP so that the behavior of MSAL CPP is same across all platforms including Android.
Current logic of matching credentials only compares requested claims when we specify requested claims. So, if there are 2 accesss tokens in storage: AT1 - with no requested claims specified AT2 - with a specific requested claims RC2
And then we query the storage without specifying any claims, current logic returns both AT1 and AT2.
The proposed change overrides getCredentialsFilteredBy() adding an extra boolean mustMatchExactClaims. When this parameter is set, we match claims explicitly even when no claims are provided. In the case above, only AT1 will be returned. We will call this new overloaded method from MSAL CPP so that the behavior of MSAL CPP is same across all platforms including Android.