Merge branch 'dev' into pedroro/token-params-for-qr

AzureAD · Nov 30, 2023 · 0228bdb · 0228bdb
2 parents 97cb94d + 9735ed9
commit 0228bdb
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 109 deletions.
diff --git a/changelog b/changelog
@@ -1,6 +1,10 @@
 MSAL Wiki : https://github.com/AzureAD/microsoft-authentication-library-for-android/wiki
 vNext
 ----------
+
+Version 4.10.0
+----------
+- [PATCH] Update common @16.2.0
 - [PATCH] Fix NPE in SingleAccountPublicClientApplication.getPersistedCurrentAccount (#1933)
 - [PATCH] Updating JSON version (#1932)
 - [MINOR] Updating Moshi versions (#1926)

diff --git a/common b/common
diff --git a/msal/build.gradle b/msal/build.gradle
@@ -402,4 +402,4 @@ tasks.whenTaskAdded { task ->
 // This is used to generate the pom file for publishing to external maven in maven-release-jobs.yml
 tasks.withType(GenerateMavenPom).all {
     destination = layout.buildDirectory.file("poms/${project.name}-${project.version}.pom").get().asFile
-}
+}
diff --git a/msal/src/main/java/com/microsoft/identity/client/PublicClientApplicationConfiguration.java b/msal/src/main/java/com/microsoft/identity/client/PublicClientApplicationConfiguration.java
@@ -22,6 +22,29 @@
 //  THE SOFTWARE.
 package com.microsoft.identity.client;
 
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.ACCOUNT_MODE;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORITIES;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORIZATION_IN_CURRENT_TASK;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORIZATION_USER_AGENT;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.BROWSER_SAFE_LIST;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.CLIENT_CAPABILITIES;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.CLIENT_ID;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.ENVIRONMENT;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.HANDLE_TASKS_WITH_NULL_TASKAFFINITY;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.HTTP;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.LOGGING;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.MULTIPLE_CLOUDS_SUPPORTED;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.POWER_OPT_CHECK_FOR_NETWORK_REQUEST_ENABLED;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.PREFERRED_BROWSER;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.REDIRECT_URI;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.REQUIRED_BROKER_PROTOCOL_VERSION;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.TELEMETRY;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.USE_BROKER;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEBAUTHN_CAPABLE;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEB_VIEW_ZOOM_CONTROLS_ENABLED;
+import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEB_VIEW_ZOOM_ENABLED;
+import static com.microsoft.identity.client.exception.MsalClientException.APP_MANIFEST_VALIDATION_ERROR;
+
 import android.Manifest;
 import android.content.Context;
 import android.content.Intent;
@@ -44,16 +67,16 @@
 import com.microsoft.identity.client.exception.MsalClientException;
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
 import com.microsoft.identity.common.adal.internal.AuthenticationSettings;
+import com.microsoft.identity.common.internal.authorities.UnknownAudience;
+import com.microsoft.identity.common.internal.broker.PackageHelper;
+import com.microsoft.identity.common.internal.logging.Logger;
+import com.microsoft.identity.common.internal.telemetry.TelemetryConfiguration;
 import com.microsoft.identity.common.java.authorities.Authority;
 import com.microsoft.identity.common.java.authorities.AzureActiveDirectoryAuthority;
 import com.microsoft.identity.common.java.authorities.Environment;
-import com.microsoft.identity.common.internal.authorities.UnknownAudience;
 import com.microsoft.identity.common.java.authorities.UnknownAuthority;
-import com.microsoft.identity.common.internal.broker.PackageHelper;
 import com.microsoft.identity.common.java.configuration.LibraryConfiguration;
-import com.microsoft.identity.common.internal.logging.Logger;
 import com.microsoft.identity.common.java.providers.oauth2.OAuth2TokenCache;
-import com.microsoft.identity.common.internal.telemetry.TelemetryConfiguration;
 import com.microsoft.identity.common.java.ui.AuthorizationAgent;
 import com.microsoft.identity.common.java.ui.BrowserDescriptor;
 
@@ -63,29 +86,6 @@
 
 import javax.crypto.SecretKey;
 
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.ACCOUNT_MODE;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORITIES;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORIZATION_IN_CURRENT_TASK;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.AUTHORIZATION_USER_AGENT;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.BROWSER_SAFE_LIST;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.CLIENT_CAPABILITIES;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.CLIENT_ID;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.ENVIRONMENT;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.HANDLE_TASKS_WITH_NULL_TASKAFFINITY;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.HTTP;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.LOGGING;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.MULTIPLE_CLOUDS_SUPPORTED;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.POWER_OPT_CHECK_FOR_NETWORK_REQUEST_ENABLED;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.PREFERRED_BROWSER;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.REDIRECT_URI;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.REQUIRED_BROKER_PROTOCOL_VERSION;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.TELEMETRY;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.USE_BROKER;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEBAUTHN_CAPABLE;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEB_VIEW_ZOOM_CONTROLS_ENABLED;
-import static com.microsoft.identity.client.PublicClientApplicationConfiguration.SerializedNames.WEB_VIEW_ZOOM_ENABLED;
-import static com.microsoft.identity.client.exception.MsalClientException.APP_MANIFEST_VALIDATION_ERROR;
-
 public class PublicClientApplicationConfiguration {
     private static final String TAG = PublicClientApplicationConfiguration.class.getSimpleName();
 
@@ -761,7 +761,7 @@ private boolean isValidAuthenticatorRedirectUri() {
                 final String sha512_signingCertThumbprint = Base64.encodeToString(md_sha512.digest(), Base64.NO_WRAP);
 
                 if (AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_RELEASE_SIGNATURE_SHA512.equalsIgnoreCase(sha512_signingCertThumbprint)
-                    || AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_DEBUG_SIGNATURE_SHA512.equalsIgnoreCase(sha512_signingCertThumbprint)) {
+                        || AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_DEBUG_SIGNATURE_SHA512.equalsIgnoreCase(sha512_signingCertThumbprint)) {
 
                     // MSAL still uses SHA-1 format in redirect url.
                     final MessageDigest md_sha1 = MessageDigest.getInstance("SHA");

diff --git a/msal/versioning/version.properties b/msal/versioning/version.properties
@@ -1,3 +1,3 @@
 #Wed Aug 01 15:24:11 PDT 2018
-versionName=4.9.0
+versionName=4.10.0
 versionCode=0
diff --git a/.../com/microsoft/identity/client/msal/automationapp/testpass/broker/mwpj/TestCase2521768.kt b/.../com/microsoft/identity/client/msal/automationapp/testpass/broker/mwpj/TestCase2521768.kt
@@ -59,25 +59,25 @@ class TestCase2521768 : AbstractMsalBrokerTest() {
         // Make an interactive call with MSAL using the first account
         val msalSdk = MsalSdk()
         val authTestParamsForInteractiveRequest = MsalAuthTestParams.builder()
-                .activity(mActivity)
-                .loginHint(mLabAccount.username)
-                .scopes(listOf(*mScopes))
-                .promptParameter(Prompt.SELECT_ACCOUNT)
-                .msalConfigResourceId(configFileResourceId)
-                .build()
+            .activity(mActivity)
+            .loginHint(mLabAccount.username)
+            .scopes(listOf(*mScopes))
+            .promptParameter(Prompt.SELECT_ACCOUNT)
+            .msalConfigResourceId(configFileResourceId)
+            .build()
 
         val authResult = msalSdk.acquireTokenInteractive(
-                authTestParamsForInteractiveRequest,
-                {
-                    val promptHandlerParameters = MicrosoftStsPromptHandlerParameters.builder()
-                            .prompt(PromptParameter.SELECT_ACCOUNT)
-                            .loginHint(mLabAccount.username)
-                            .sessionExpected(false)
-                            .consentPageExpected(false)
-                            .build()
-                    MicrosoftStsPromptHandler(promptHandlerParameters).handlePrompt(mLabAccount.username, mLabAccount.password)
-                },
-                TokenRequestTimeout.MEDIUM
+            authTestParamsForInteractiveRequest,
+            {
+                val promptHandlerParameters = MicrosoftStsPromptHandlerParameters.builder()
+                    .prompt(PromptParameter.SELECT_ACCOUNT)
+                    .loginHint(mLabAccount.username)
+                    .sessionExpected(false)
+                    .consentPageExpected(false)
+                    .build()
+                MicrosoftStsPromptHandler(promptHandlerParameters).handlePrompt(mLabAccount.username, mLabAccount.password)
+            },
+            TokenRequestTimeout.MEDIUM
         )
         authResult.assertSuccess()
 
@@ -88,69 +88,32 @@ class TestCase2521768 : AbstractMsalBrokerTest() {
         // Verify that the operation was successful and there is no device id claim present.
         // First account uses BrokerLocalController because it doesn't have a PRT, and return AT from cache.
         val authTestParamsForSilentRequest = MsalAuthTestParams.builder()
-                .activity(mActivity)
-                .loginHint(mLabAccount.username)
-                .scopes(listOf(*mScopes))
-                .authority(authority)
-                .resource(mScopes[0])
-                .msalConfigResourceId(configFileResourceId)
-                .build()
+            .activity(mActivity)
+            .loginHint(mLabAccount.username)
+            .scopes(listOf(*mScopes))
+            .authority(authority)
+            .resource(mScopes[0])
+            .msalConfigResourceId(configFileResourceId)
+            .build()
         val authResult2 = msalSdk.acquireTokenSilent(authTestParamsForSilentRequest, TokenRequestTimeout.MEDIUM)
         authResult2.assertSuccess()
         val claims = JWTParserFactory.INSTANCE.jwtParser.parseJWT(authResult2.accessToken)
         Assert.assertFalse("Device id claim is present", claims.containsKey("deviceid"))
 
         // Start a silent token request for the first account with device id claims;
-        // Verify that the operation failed with error code AADSTS50187.
-        // Requires an interactive call because PkeyAuth is not triggered unless broker_msal version is 9.0 or higher
         val authTestParamsForSilentRequestWithDeviceIdClaim = MsalAuthTestParams.builder()
-                .activity(mActivity)
-                .loginHint(mLabAccount.username)
-                .scopes(listOf(*mScopes))
-                .claims(getDeviceIdClaimRequest())
-                .authority(authority)
-                .resource(mScopes[0])
-                .msalConfigResourceId(configFileResourceId)
-                .build()
+            .activity(mActivity)
+            .loginHint(mLabAccount.username)
+            .scopes(listOf(*mScopes))
+            .claims(getDeviceIdClaimRequest())
+            .authority(authority)
+            .resource(mScopes[0])
+            .msalConfigResourceId(configFileResourceId)
+            .build()
         val authResult3= msalSdk.acquireTokenSilent(authTestParamsForSilentRequestWithDeviceIdClaim, TokenRequestTimeout.MEDIUM)
-        authResult3.assertFailure()
-        Assert.assertNotNull(
-                "exception message is null" + authResult3.exception,
-                authResult3.exception.message
-        )
-        Assert.assertTrue(
-                "exception message is not as expected" + authResult3.exception.message,
-                authResult3.exception.message!!.contains("AADSTS50187")
-        )
-
-        // Make an interactive call with device id claim using the first account, and verify that the device id claim is present.
-
-        val authTestParamsForInteractiveRequestWithDeviceIdClaim = MsalAuthTestParams.builder()
-                .activity(mActivity)
-                .loginHint(mLabAccount.username)
-                .scopes(listOf(*mScopes))
-                .claims(getDeviceIdClaimRequest())
-                .promptParameter(Prompt.SELECT_ACCOUNT)
-                .msalConfigResourceId(configFileResourceId)
-                .build()
-
-        val authResult4 = msalSdk.acquireTokenInteractive(
-                authTestParamsForInteractiveRequestWithDeviceIdClaim,
-                {
-                    val promptHandlerParameters = MicrosoftStsPromptHandlerParameters.builder()
-                            .prompt(PromptParameter.WHEN_REQUIRED)
-                            .loginHint(mLabAccount.username)
-                            .consentPageExpected(false)
-                            .passwordPageExpected(false)
-                            .sessionExpected(true)
-                            .build()
-                    MicrosoftStsPromptHandler(promptHandlerParameters).handlePrompt(mLabAccount.username, mLabAccount.password)
-                },
-                TokenRequestTimeout.MEDIUM
-        )
-        authResult4.assertSuccess()
-        val claims2 = JWTParserFactory.INSTANCE.jwtParser.parseJWT(authResult4.accessToken)
-        Assert.assertTrue("Device id claim is present", claims2.containsKey("deviceid"))
+        authResult3.assertSuccess()
+        val claims3 = JWTParserFactory.INSTANCE.jwtParser.parseJWT(authResult3.accessToken)
+        Assert.assertTrue("Device id claim is missing", claims3.containsKey("deviceid"))
     }
 
     /**
@@ -182,8 +145,8 @@ class TestCase2521768 : AbstractMsalBrokerTest() {
 
     override fun getLabQuery(): LabQuery {
         return LabQuery.builder()
-                .userType(UserType.CLOUD)
-                .build()
+            .userType(UserType.CLOUD)
+            .build()
     }
 
     override fun getTempUserType(): TempUserType? {
@@ -194,12 +157,12 @@ class TestCase2521768 : AbstractMsalBrokerTest() {
     fun before() {
         mLabAccount2 = mLabClient.createTempAccount(TempUserType.BASIC)
         Assert.assertEquals(
-                "Lab accounts are not in the same tenant",
-                mLabAccount2.homeTenantId, mLabAccount.homeTenantId
+            "Lab accounts are not in the same tenant",
+            mLabAccount2.homeTenantId, mLabAccount.homeTenantId
         )
         Assert.assertNotEquals(
-                "Lab accounts are the same",
-                mLabAccount2.username, mLabAccount.username
+            "Lab accounts are the same",
+            mLabAccount2.username, mLabAccount.username
         )
         mBrokerHostApp = broker as BrokerHost
         mBrokerHostApp.enableMultipleWpj()
+3 −0		common/build.gradle
+1 −1		common/src/main/java/com/microsoft/identity/common/crypto/AndroidWrappedKeyLoader.java
+1 −6		common/src/main/java/com/microsoft/identity/common/internal/broker/AccountManagerBrokerAccount.java
+31 −12		common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerData.kt
+2 −2		common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerValidator.kt
+2 −2		common/src/main/java/com/microsoft/identity/common/internal/broker/PackageHelper.java
+0 −1		common/src/main/java/com/microsoft/identity/common/internal/net/cache/HttpCache.java
+1 −5		common/src/main/java/com/microsoft/identity/common/internal/ui/webview/WebViewUtil.java
+0 −2		common/src/main/java/com/microsoft/identity/common/internal/util/AndroidKeyStoreUtil.java
+0 −3		common4j/src/main/com/microsoft/identity/common/java/util/FileUtil.java
+0 −2		common4j/src/main/com/microsoft/identity/common/java/util/StringUtil.java
+8 −0		uiautomationutilities/src/main/java/com/microsoft/identity/client/ui/automation/app/MsalTestApp.java