Merge pull request #936 from AzureAD/release/1.1.3

Release MSAL 1.1.3

Author: oldalton

CHANGELOG.md

@@ -1,3 +1,16 @@
+## [1.1.3] - 2020-05-22
+
+### Added
+* Support client side telemetry in ESTS requests (#930)
+
+### Fixed
+* Add logging for enrollment id mismatch for access tokens (#932)
+* Protect legacy macOS cache when MSAL writes into ADAL cache (common core #729)
+* Fix NTLM crash when window is not key (common core #724)
+* Fixed authority validation for developer known authorities (#913)
+* Pass prompt=login for signed out accounts (#919)
+* Don't require URL scheme registration in Info.plist for app extensions (#914)
+
 ## [1.1.2] - 2020-04-17
 
 ### Added

CODEOWNERS

@@ -1,7 +1,7 @@
 # These owners will be the default owners for everything in the repo.
 # Unless a later match takes precedence, these users will be requested
 # for review whenever someone opens a pull request.
-*       @AzureAD/AppleIdentity
+*       @AzureAD/AppleIdentityTeam
 # For more details about inheritance patterns, or to assign different
 # owners for individual file extensions, see:
 # https://help.github.com/articles/about-codeowners/

MSAL.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "MSAL"
-  s.version      = "1.1.2"
+  s.version      = "1.1.3"
   s.summary      = "Microsoft Authentication Library (MSAL) Preview for iOS"
 
   s.description  = <<-DESC

MSAL/IdentityCore

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.1.2</string>
+	<string>1.1.3</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSPrincipalClass</key>

MSAL/resources/ios/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.1.2</string>
+	<string>1.1.3</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>

MSAL/resources/mac/Info.plist

@@ -28,6 +28,8 @@
 #import "MSALDeviceInformation.h"
 #import "MSALDeviceInformation+Internal.h"
 #import "MSIDDeviceInfo.h"
+#import <AuthenticationServices/AuthenticationServices.h>
+#import "ASAuthorizationSingleSignOnProvider+MSIDExtensions.h"
 
 NSString *const MSAL_DEVICE_INFORMATION_SSO_EXTENSION_FULL_MODE_KEY = @"isSSOExtensionInFullMode";
 
@@ -44,6 +46,15 @@ - (instancetype)initWithMSIDDeviceInfo:(MSIDDeviceInfo *)deviceInfo
     {
         _deviceMode = [self msalDeviceModeFromMSIDMode:deviceInfo.deviceMode];
 
+        if (@available(iOS 13.0, macOS 10.15, *))
+        {
+            _hasAADSSOExtension = [[ASAuthorizationSingleSignOnProvider msidSharedProvider] canPerformAuthorization];
+        }
+        else
+        {
+            _hasAADSSOExtension = NO;
+        }
+        
         _extraDeviceInformation = [NSMutableDictionary new];
         [self initExtraDeviceInformation:deviceInfo];
     }

MSAL/src/MSALDeviceInformation.m

@@ -102,6 +102,7 @@
 #import "MSALSignoutParameters.h"
 #import "MSALPublicClientApplication+SingleAccount.h"
 #import "MSALDeviceInfoProvider.h"
+#import "MSIDCurrentRequestTelemetry.h"
 
 @interface MSALPublicClientApplication()
 {
@@ -750,8 +751,9 @@ - (void)acquireTokenSilentWithParameters:(MSALSilentTokenParameters *)parameters
     }
 
     BOOL shouldValidate = _validateAuthority;
+    BOOL isDeveloperKnownAuthority = [self shouldExcludeValidationForAuthority:requestAuthority];
 
-    if (shouldValidate && [self shouldExcludeValidationForAuthority:requestAuthority])
+    if (shouldValidate && isDeveloperKnownAuthority)
     {
         shouldValidate = NO;
     }
@@ -776,6 +778,8 @@ - (void)acquireTokenSilentWithParameters:(MSALSilentTokenParameters *)parameters
         return;
     }
 
+    requestAuthority.isDeveloperKnown = isDeveloperKnownAuthority;
+    
     NSError *msidError = nil;
 
     MSIDRequestType requestType = [self requestType];
@@ -810,6 +814,10 @@ - (void)acquireTokenSilentWithParameters:(MSALSilentTokenParameters *)parameters
     msidParams.providedAuthority = providedAuthority;
     msidParams.instanceAware = self.internalConfig.multipleCloudsSupported;
     msidParams.keychainAccessGroup = self.internalConfig.cacheConfig.keychainSharingGroup;
+    msidParams.currentRequestTelemetry = [MSIDCurrentRequestTelemetry new];
+    msidParams.currentRequestTelemetry.schemaVersion = 2;
+    msidParams.currentRequestTelemetry.apiId = [msidParams.telemetryApiId integerValue];
+    msidParams.currentRequestTelemetry.forceRefresh = parameters.forceRefresh; 
 
     MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, msidParams,
                  @"-[MSALPublicClientApplication acquireTokenSilentForScopes:%@\n"
@@ -830,19 +838,15 @@ - (void)acquireTokenSilentWithParameters:(MSALSilentTokenParameters *)parameters
                  parameters.claimsRequest);
 
     // Return early if account is in signed out state
-    MSALAccountsProvider *accountsProvider = [[MSALAccountsProvider alloc] initWithTokenCache:self.tokenCache
-                                                                         accountMetadataCache:self.accountMetadataCache
-                                                                                     clientId:self.internalConfig.clientId
-                                                                      externalAccountProvider:self.externalAccountHandler];
     NSError *signInStateError;
-    MSIDAccountMetadataState signInState = [accountsProvider signInStateForHomeAccountId:msidParams.accountIdentifier.homeAccountId
-                                                                                 context:msidParams
-                                                                                   error:&signInStateError];
+    MSIDAccountMetadataState signInState = [self accountStateForParameters:msidParams error:&signInStateError];
 
-    if (signInStateError) {
+    if (signInStateError)
+    {
         block(nil, signInStateError, msidParams);
         return;
     }
+    
     if (signInState == MSIDAccountMetadataStateSignedOut)
     {
         NSError *interactionError = MSIDCreateError(MSIDErrorDomain, MSIDErrorInteractionRequired, @"Account is signed out, user interaction is required.", nil, nil, nil, msidParams.correlationId, nil, YES);
@@ -888,6 +892,25 @@ - (void)acquireTokenSilentWithParameters:(MSALSilentTokenParameters *)parameters
     }];
 }
 
+- (MSIDAccountMetadataState)accountStateForParameters:(MSIDRequestParameters *)msidParams error:(NSError **)signInStateError
+{
+    if (!msidParams.accountIdentifier.homeAccountId)
+    {
+        return MSIDAccountMetadataStateUnknown;
+    }
+    
+    MSALAccountsProvider *accountsProvider = [[MSALAccountsProvider alloc] initWithTokenCache:self.tokenCache
+                                                                         accountMetadataCache:self.accountMetadataCache
+                                                                                     clientId:self.internalConfig.clientId
+                                                                      externalAccountProvider:self.externalAccountHandler];
+
+    MSIDAccountMetadataState signInState = [accountsProvider signInStateForHomeAccountId:msidParams.accountIdentifier.homeAccountId
+                                                                                 context:msidParams
+                                                                                   error:signInStateError];
+    
+    return signInState;
+}
+
 - (void)acquireTokenSilentForScopes:(NSArray<NSString *> *)scopes
                             account:(MSALAccount *)account
                     completionBlock:(MSALCompletionBlock)completionBlock
@@ -1014,6 +1037,8 @@ - (void)acquireTokenWithParameters:(MSALInteractiveTokenParameters *)parameters
         return;
     }
 
+    requestAuthority.isDeveloperKnown = [self shouldExcludeValidationForAuthority:requestAuthority];
+    
     NSError *msidError = nil;
 
     MSIDBrokerInvocationOptions *brokerOptions = nil;
@@ -1095,6 +1120,17 @@ - (void)acquireTokenWithParameters:(MSALInteractiveTokenParameters *)parameters
     msidParams.claimsRequest = parameters.claimsRequest.msidClaimsRequest;
     msidParams.providedAuthority = requestAuthority;
     msidParams.shouldValidateResultAccount = YES;
+    msidParams.currentRequestTelemetry = [MSIDCurrentRequestTelemetry new];
+    msidParams.currentRequestTelemetry.schemaVersion = 2;
+    msidParams.currentRequestTelemetry.apiId = [msidParams.telemetryApiId integerValue];
+    msidParams.currentRequestTelemetry.forceRefresh = NO;
+    
+    MSIDAccountMetadataState signInState = [self accountStateForParameters:msidParams error:nil];
+    
+    if (signInState == MSIDAccountMetadataStateSignedOut && msidParams.promptType != MSIDPromptTypeConsent)
+    {
+        msidParams.promptType = MSIDPromptTypeLogin;
+    }
 
     MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, msidParams,
                           @"-[MSALPublicClientApplication acquireTokenWithParameters:%@\n"
@@ -1395,9 +1431,6 @@ - (BOOL)shouldExcludeValidationForAuthority:(MSIDAuthority *)authority
         for (MSALAuthority *knownAuthority in self.internalConfig.knownAuthorities)
         {
             if ([authority isKindOfClass:knownAuthority.msidAuthority.class]
-                // Treat  AAD authorities differently, since they should always succeed validation
-                // Therefore, even if they are added to known authorities, still do validation
-                && ![authority isKindOfClass:[MSIDAADAuthority class]]
                 && [knownAuthority.url isEqual:authority.url])
             {
                 return YES;
@@ -1419,11 +1452,8 @@ + (NSOrderedSet *)defaultOIDCScopes
 
 - (MSIDRequestType)requestType
 {
-    MSIDRequestType requestType = MSIDRequestLocalType;
-        
-#if TARGET_OS_IPHONE
-    requestType = MSIDRequestBrokeredType;
-    
+    MSIDRequestType requestType = MSIDRequestBrokeredType;
+            
     if (MSALGlobalConfig.brokerAvailability == MSALBrokeredAvailabilityNone)
     {
         requestType = MSIDRequestLocalType;
@@ -1432,7 +1462,6 @@ - (MSIDRequestType)requestType
     {
         requestType = MSIDRequestLocalType;
     }
-#endif
 
     return requestType;
 }

MSAL/src/MSALPublicClientApplication.m

@@ -27,7 +27,7 @@
 
 #define MSAL_VER_HIGH       1
 #define MSAL_VER_LOW        1
-#define MSAL_VER_PATCH      2
+#define MSAL_VER_PATCH      3
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

MSAL/src/MSAL_Internal.h

@@ -32,9 +32,10 @@
 
 @implementation MSALGlobalConfig
 
+static MSALBrokeredAvailability s_brokerAvailability = MSALBrokeredAvailabilityAuto;
+
 #if TARGET_OS_IPHONE
 static MSALWebviewType s_webviewType = MSALWebviewTypeDefault;
-static MSALBrokeredAvailability s_brokerAvailability = MSALBrokeredAvailabilityAuto;
 #else
 static MSALWebviewType s_webviewType = MSALWebviewTypeWKWebView;
 #endif
@@ -58,10 +59,8 @@ + (instancetype)sharedInstance
 + (MSALHTTPConfig *)httpConfig { return MSALGlobalConfig.sharedInstance.httpConfig; }
 + (MSALTelemetryConfig *)telemetryConfig { return MSALGlobalConfig.sharedInstance.telemetryConfig; }
 + (MSALLoggerConfig *)loggerConfig { return MSALGlobalConfig.sharedInstance.loggerConfig; }
-#if TARGET_OS_IPHONE
 + (MSALBrokeredAvailability)brokerAvailability { return s_brokerAvailability; }
 + (void)setBrokerAvailability:(MSALBrokeredAvailability)brokerAvailability { s_brokerAvailability = brokerAvailability; }
-#endif
 + (MSALWebviewType)defaultWebviewType { return s_webviewType; }
 + (void)setDefaultWebviewType:(MSALWebviewType)defaultWebviewType { s_webviewType = defaultWebviewType; }