Merge pull request #1563 from AzureAD/sedemche/sign_out_corr_id

Parse sign out correlation id

Author: antrix1989

IdentityCore/src/broker_operation/request/browser_native_message_request/MSIDBrowserNativeMessageGetTokenRequest.m

@@ -30,7 +30,6 @@
 #import "MSIDConstants.h"
 #import "MSIDPromptType_Internal.h"
 
-NSString *const MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY = @"correlationId";
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_CLIENT_ID_KEY = @"clientId";
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_AUTHORITY_KEY = @"authority";
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_SCOPE_KEY = @"scope";
@@ -160,7 +159,13 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)json error:(NSError *__au
 
     if (![requestJson msidAssertType:NSString.class ofKey:MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY required:NO error:error]) return nil;
     NSString *uuidString = requestJson[MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY];
-    _correlationId = uuidString ? [[NSUUID alloc] initWithUUIDString:uuidString] : [NSUUID UUID];
+    _correlationId = [[NSUUID alloc] initWithUUIDString:uuidString];
+    if (!_correlationId)
+    {
+        _correlationId = [NSUUID UUID];
+        MSID_LOG_WITH_CTX_PII(MSIDLogLevelWarning, nil, @"CorrelationID is invalid or not in UUID format: %@. Use new correlationId: %@", uuidString, _correlationId);
+    }
+    
     _platformSequence = [requestJson msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_PLATFORM_SEQUENCE_KEY];
 
     id canShowUIValue = requestJson[MSID_BROWSER_NATIVE_MESSAGE_CAN_SHOW_UI_KEY];

IdentityCore/src/broker_operation/request/browser_native_message_request/MSIDBrowserNativeMessageRequest.h

@@ -38,3 +38,7 @@ NS_ASSUME_NONNULL_BEGIN
 @end
 
 NS_ASSUME_NONNULL_END
+
+extern NSString * _Nonnull const MSID_BROWSER_NATIVE_MESSAGE_SENDER_KEY;
+extern NSString * _Nonnull const MSID_BROWSER_NATIVE_MESSAGE_METHOD_KEY;
+extern NSString * _Nonnull const MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY;

IdentityCore/src/broker_operation/request/browser_native_message_request/MSIDBrowserNativeMessageRequest.m

@@ -28,6 +28,7 @@
 
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_SENDER_KEY = @"sender";
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_METHOD_KEY = @"method";
+NSString *const MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY = @"correlationId";
 
 @implementation MSIDBrowserNativeMessageRequest
 

IdentityCore/src/broker_operation/request/browser_native_message_request/MSIDBrowserNativeMessageSignOutRequest.m

@@ -44,7 +44,7 @@ - (NSString *)description
 {
     __auto_type parentDescription = [super description];
 
-    return [NSString stringWithFormat:@"%@ accountId: (homeAccountId: %@ displayableId: %@)", parentDescription, MSID_PII_LOG_TRACKABLE(self.accountId.homeAccountId), MSID_PII_LOG_EMAIL(self.accountId.displayableId)];
+    return [NSString stringWithFormat:@"%@ accountId: (homeAccountId: %@ displayableId: %@), correlationId: %@", parentDescription, MSID_PII_LOG_TRACKABLE(self.accountId.homeAccountId), MSID_PII_LOG_EMAIL(self.accountId.displayableId), self.correlationId.UUIDString];
 }
 
 #pragma mark - MSIDJsonSerializable
@@ -59,6 +59,16 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)json error:(NSError *__au
 
     _accountId = [[MSIDAccountIdentifier alloc] initWithDisplayableId:nil homeAccountId:homeAccountId];
 
+    // Parse correlationId from JSON - optional field
+    if (![json msidAssertType:NSString.class ofKey:MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY required:NO error:error]) return nil;
+    NSString *uuidString = [json msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY];
+    _correlationId = [[NSUUID alloc] initWithUUIDString:uuidString];
+    if (!_correlationId)
+    {
+        _correlationId = [NSUUID UUID];
+        MSID_LOG_WITH_CTX_PII(MSIDLogLevelWarning, nil, @"CorrelationID is invalid or not in UUID format: %@. Use new correlationId: %@", uuidString, _correlationId);
+    }
+    
     return self;
 }
 

IdentityCore/tests/MSIDBrowserNativeMessageGetTokenRequestTests.m

@@ -126,6 +126,30 @@ - (void)testInitWithJSONDictionary_whenJsonValidAndRequiredOnlyFieldsProvided_sh
     XCTAssertNotNil(request.correlationId.UUIDString);
 }
 
+- (void)testInitWithJSONDictionary_whenCorrelationIdProvidedInWrongFormat_shouldGenerateCorrelationId
+{
+    __auto_type json = @{
+        @"sender": @"https://login.microsoft.com",
+        @"request": @{
+            @"clientId": @"29a788ca-7bcf-4732-b23c-c8d294347e5b",
+            @"scope": @"user.read openid profile offline_access",
+            @"redirectUri": @"https://login.microsoft.com",
+            @"correlationId": @"abc",
+        }
+    };
+    
+    NSError *error;
+    __auto_type request = [[MSIDBrowserNativeMessageGetTokenRequest alloc] initWithJSONDictionary:json error:&error];
+    
+    XCTAssertNil(error);
+    XCTAssertNotNil(request);
+    XCTAssertEqualObjects(@"29a788ca-7bcf-4732-b23c-c8d294347e5b", request.clientId);
+    XCTAssertEqualObjects(@"user.read openid profile offline_access", request.scopes);
+    XCTAssertEqualObjects(@"https://login.microsoft.com", request.redirectUri);
+    XCTAssertTrue(request.canShowUI);
+    XCTAssertNotNil(request.correlationId.UUIDString);
+}
+
 - (void)testInitWithJSONDictionary_whenAuthorityInvalid_shouldFail
 {
     __auto_type json = @{

IdentityCore/tests/MSIDBrowserNativeMessageSignOutRequestTests.m

@@ -54,6 +54,7 @@ - (void)testInitWithJSONDictionary_whenAccountIdIsValid_shouldInit
     XCTAssertEqualObjects(@"https://login.microsoft.com", request.sender.absoluteString);
     XCTAssertEqualObjects(@"uid", request.accountId.uid);
     XCTAssertEqualObjects(@"utid", request.accountId.utid);
+    XCTAssertNotNil(request.correlationId); // Should generate a UUID if not provided
 }
 
 - (void)testInitWithJSONDictionary_whenAccountIdIsInvalid_shouldFail
@@ -72,4 +73,64 @@ - (void)testInitWithJSONDictionary_whenAccountIdIsInvalid_shouldFail
     XCTAssertEqualObjects(error.userInfo[MSIDErrorDescriptionKey], @"account Id is invalid.");
 }
 
+- (void)testInitWithJSONDictionary_whenCorrelationIdProvided_shouldUseProvidedCorrelationId
+{
+    __auto_type json = @{
+        @"method": @"SignOut",
+        @"accountId": @"uid.utid",
+        @"correlationId": @"2e34a931-fc34-442a-a248-a044e42d3027",
+        @"sender": @"https://localhost:8000"
+    };
+    
+    NSError *error;
+    __auto_type request = [[MSIDBrowserNativeMessageSignOutRequest alloc] initWithJSONDictionary:json error:&error];
+    
+    XCTAssertNil(error);
+    XCTAssertNotNil(request);
+    XCTAssertEqualObjects(@"https://localhost:8000", request.sender.absoluteString);
+    XCTAssertEqualObjects(@"uid", request.accountId.uid);
+    XCTAssertEqualObjects(@"utid", request.accountId.utid);
+    XCTAssertEqualObjects(@"2E34A931-FC34-442A-A248-A044E42D3027", request.correlationId.UUIDString);
+}
+
+- (void)testInitWithJSONDictionary_whenCorrelationIdNotProvided_shouldGenerateCorrelationId
+{
+    __auto_type json = @{
+        @"method": @"SignOut",
+        @"accountId": @"uid.utid",
+        @"sender": @"https://localhost:8000"
+    };
+    
+    NSError *error;
+    __auto_type request = [[MSIDBrowserNativeMessageSignOutRequest alloc] initWithJSONDictionary:json error:&error];
+    
+    XCTAssertNil(error);
+    XCTAssertNotNil(request);
+    XCTAssertEqualObjects(@"https://localhost:8000", request.sender.absoluteString);
+    XCTAssertEqualObjects(@"uid", request.accountId.uid);
+    XCTAssertEqualObjects(@"utid", request.accountId.utid);
+    XCTAssertNotNil(request.correlationId);
+    XCTAssertNotNil(request.correlationId.UUIDString);
+}
+
+- (void)testInitWithJSONDictionary_whenCorrelationIdProvidedInWrongFormat_shouldGenerateCorrelationId
+{
+    __auto_type json = @{
+        @"method": @"SignOut",
+        @"accountId": @"uid.utid",
+        @"correlationId": @"abc",
+        @"sender": @"https://localhost:8000"
+    };
+    
+    NSError *error;
+    __auto_type request = [[MSIDBrowserNativeMessageSignOutRequest alloc] initWithJSONDictionary:json error:&error];
+    
+    XCTAssertNil(error);
+    XCTAssertNotNil(request);
+    XCTAssertEqualObjects(@"https://localhost:8000", request.sender.absoluteString);
+    XCTAssertEqualObjects(@"uid", request.accountId.uid);
+    XCTAssertEqualObjects(@"utid", request.accountId.utid);
+    XCTAssertNotNil(request.correlationId.UUIDString);
+}
+
 @end

changelog.txt

@@ -2,6 +2,7 @@ TBD
 * Query and populate ECC STK in Workplacejoin information for iOS (#1555)
 * Return MATS blob for GetToken api response #1551 
 * Introduce a class and cache item class to represent bound refresh tokens (#1548)
+* Parse sign out correlation id #1563
 
 Version 1.14.0
 * Added state validation to DUNA flow (#1543)