From f89d125a5de3231b7856330ac6ddf39ecfcfe625 Mon Sep 17 00:00:00 2001
From: Danilo Raspa <daniloraspa@microsoft.com>
Date: Thu, 25 Sep 2025 17:51:40 +0100
Subject: [PATCH 1/2] handle new controller response auth method blocked and
 add new results

---
 common                                        |  2 +-
 .../nativeauth/statemachine/errors/Error.kt   |  6 ++++++
 .../statemachine/errors/MFAErrors.kt          |  3 +++
 .../statemachine/states/MFAStates.kt          | 20 +++++++++++++++++--
 4 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/common b/common
index b89a1d996..302f711c2 160000
--- a/common
+++ b/common
@@ -1 +1 @@
-Subproject commit b89a1d9961e5ac1176fcaad9a254cf074470d16c
+Subproject commit 302f711c2dadc1103a1b04bd792029b962896d37
diff --git a/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/errors/Error.kt b/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/errors/Error.kt
index 91c5456af..eb7abfd75 100644
--- a/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/errors/Error.kt
+++ b/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/errors/Error.kt
@@ -86,6 +86,12 @@ internal class ErrorTypes {
          */
         const val VERIFICATION_CONTACT_BLOCKED = "verification_contact_blocked"
 
+        /*
+         * The AUTH_METHOD_BLOCKED value indicates that the server blocked the strong authentication method.
+         * Try contacting customer support to seek assistance.
+         */
+        const val AUTH_METHOD_BLOCKED = "auth_method_blocked"
+
         /*
          * The INVALID_STATE value indicates a misconfigured or expired state, or an internal error
          * in state transitions. If this occurs, the flow should be restarted.
diff --git a/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/errors/MFAErrors.kt b/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/errors/MFAErrors.kt
index 27ffe9b2b..c398c5853 100644
--- a/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/errors/MFAErrors.kt
+++ b/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/errors/MFAErrors.kt
@@ -24,6 +24,9 @@ class MFARequestChallengeError(
     val subError: String? = null,
     override var exception: Exception? = null
 ): MFARequiredResult, BrowserRequiredError, Error(errorType = errorType, error = error, errorMessage= errorMessage, correlationId = correlationId, errorCodes = errorCodes, exception = exception)
+{
+    fun isAuthMethodBlocked(): Boolean = this.errorType == ErrorTypes.AUTH_METHOD_BLOCKED
+}
 
 /**
  * MFA submit challenge error. The user should use the utility methods of this class
diff --git a/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/states/MFAStates.kt b/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/states/MFAStates.kt
index d4f840167..71e21736b 100644
--- a/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/states/MFAStates.kt
+++ b/msal/src/main/java/com/microsoft/identity/nativeauth/statemachine/states/MFAStates.kt
@@ -94,7 +94,7 @@ class AwaitingMFAState(
     }
 
     /**
-     * Requests a challenge to be sent to the user's default authentication method; Kotlin coroutines variant.
+     * Requests a challenge to be sent to the authentication method; Kotlin coroutines variant.
      *
      * <strong><u>Warning: this API is experimental. It may be changed in the future without notice. Do not use in production applications.</u></strong>
      * @return The result of the request challenge action.
@@ -165,6 +165,14 @@ class AwaitingMFAState(
                             correlationId = result.correlationId
                         )
                     }
+                    is MFACommandResult.BlockedAuthMethod -> {
+                        MFARequestChallengeError(
+                            errorType = ErrorTypes.AUTH_METHOD_BLOCKED,
+                            error = result.error,
+                            errorMessage = result.errorDescription,
+                            correlationId = result.correlationId
+                        )
+                    }
                 }
             } catch (e: Exception) {
                 MFARequestChallengeError(
@@ -245,7 +253,7 @@ class MFARequiredState(
     }
 
     /**
-     * Requests a challenge to be sent to the user's default authentication method; Kotlin coroutines variant.
+     * Requests a challenge to be sent to authentication method; Kotlin coroutines variant.
      *
      * <strong><u>Warning: this API is experimental. It may be changed in the future without notice. Do not use in production applications.</u></strong>
      * @param authMethod [com.microsoft.identity.nativeauth.AuthMethod] the authentication method used for the challenge operation.
@@ -318,6 +326,14 @@ class MFARequiredState(
                             correlationId = result.correlationId
                         )
                     }
+                    is MFACommandResult.BlockedAuthMethod -> {
+                        MFARequestChallengeError(
+                            errorType = ErrorTypes.AUTH_METHOD_BLOCKED,
+                            error = result.error,
+                            errorMessage = result.errorDescription,
+                            correlationId = result.correlationId
+                        )
+                    }
                 }
             } catch (e: Exception) {
                 MFARequestChallengeError(

From 65915127df0ce94c162e28f409a3482d511094d8 Mon Sep 17 00:00:00 2001
From: Danilo Raspa <daniloraspa@microsoft.com>
Date: Fri, 26 Sep 2025 11:39:54 +0100
Subject: [PATCH 2/2] point to common dev

---
 common | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common b/common
index 302f711c2..4bfba984b 160000
--- a/common
+++ b/common
@@ -1 +1 @@
-Subproject commit 302f711c2dadc1103a1b04bd792029b962896d37
+Subproject commit 4bfba984b59c300adb1c43a837ae8101fa4b77da