Merge pull request #2766 from AzureAD/release/2.6.0

Release 2.6.0

Author: ameyapat

CHANGELOG.md

@@ -1,3 +1,6 @@
+## [2.6.0]
+* Support domain_hint param #2759
+
 ## [2.5.1]
 * Allow duna external idp on MacOs
 

MSAL/IdentityCore

@@ -1039,15 +1039,17 @@ - (void)acquireTokenWithParameters:(MSALInteractiveTokenParameters *)parameters
 
     // Extra parameters to be added to the /authorize endpoint.
     msidParams.extraAuthorizeURLQueryParameters = self.internalConfig.extraQueryParameters.extraAuthorizeURLQueryParameters;
+    NSMutableDictionary *extraAuthorizeURLQueryParameters = [msidParams.extraAuthorizeURLQueryParameters mutableCopy];
 
     // Setup QR+PIN accelerated experience if configured
     if (parameters.preferredAuthMethod == MSALPreferredAuthMethodQRPIN)
     {
-        NSMutableDictionary *extraAuthorizeURLQueryParameters = [msidParams.extraAuthorizeURLQueryParameters mutableCopy];
         [extraAuthorizeURLQueryParameters setObject:MSID_PREFERRED_AUTH_METHOD_QR_PIN forKey:MSID_PREFERRED_AUTH_METHOD_KEY];
-        msidParams.extraAuthorizeURLQueryParameters = extraAuthorizeURLQueryParameters;
     }
 
+    extraAuthorizeURLQueryParameters[MSID_DOMAIN_HINT_KEY] = parameters.domainHint;
+    msidParams.extraAuthorizeURLQueryParameters = extraAuthorizeURLQueryParameters;
+    
     // Extra parameters to be added to the /token endpoint.
     msidParams.extraTokenRequestParameters = self.internalConfig.extraQueryParameters.extraTokenURLParameters;
 

MSAL/src/MSALPublicClientApplication.m

@@ -26,7 +26,6 @@ extension RegisterStrongAuthBaseState {
     func requestChallengeInternal(authMethod: MSALAuthMethod,
                                   verificationContact: String) async -> MSALNativeAuthJITControlling.JITRequestChallengeControllerResponse {
         let context = MSALNativeAuthRequestContext(correlationId: correlationId)
-        MSALNativeAuthLogger.log(level: .warning, context: context, format: MSALNativeAuthLogMessage.privatePreviewLog)
         MSALNativeAuthLogger.log(level: .info, context: context, format: "RegisterStrongAuth, Request Challenge")
         if !inputValidator.isInputValid(verificationContact) {
             MSALNativeAuthLogger.log(level: .error, context: context, format: "RegisterStrongAuth, Request Challenge - invalid verification contact")
@@ -49,7 +48,6 @@ extension RegisterStrongAuthVerificationRequiredState {
 
     func submitChallengeInternal(challenge: String) async -> MSALNativeAuthJITControlling.JITSubmitChallengeControllerResponse {
         let context = MSALNativeAuthRequestContext(correlationId: correlationId)
-        MSALNativeAuthLogger.log(level: .warning, context: context, format: MSALNativeAuthLogMessage.privatePreviewLog)
         MSALNativeAuthLogger.log(level: .info, context: context, format: "RegisterStrongAuth, Submit Challenge")
         guard inputValidator.isInputValid(challenge) else {
             MSALNativeAuthLogger.log(level: .error, context: context, format: "RegisterStrongAuth, invalid challenge")

MSAL/src/native_auth/public/state_machine/state/JITStates+Internal.swift

@@ -66,7 +66,6 @@ public class RegisterStrongAuthBaseState: MSALNativeAuthBaseState {
 public class RegisterStrongAuthState: RegisterStrongAuthBaseState {
 
     /// Requests the server to send the challenge to the default authentication method.
-    /// - Warning: ⚠️  this API is experimental. It may be changed in the future without notice. Do not use in production applications.
     /// - Parameters:
     ///  - parameters: Parameters used to challenge an authentication method
     ///  - delegate: Delegate that receives callbacks for the operation.
@@ -90,7 +89,6 @@ public class RegisterStrongAuthVerificationRequiredState: RegisterStrongAuthBase
     }
 
     /// Submits the challenge to verify the authentication method selected.
-    /// - Warning: ⚠️  this API is experimental. It may be changed in the future without notice. Do not use in production applications.
     /// - Parameters:
     ///  - challenge: Verification challenge that the user supplies.
     ///  - delegate: Delegate that receives callbacks for the operation.
@@ -108,7 +106,6 @@ public class RegisterStrongAuthVerificationRequiredState: RegisterStrongAuthBase
     }
 
     /// Requests the server to send the challenge to the default authentication method.
-    /// - Warning: ⚠️  this API is experimental. It may be changed in the future without notice. Do not use in production applications.
     /// - Parameters:
     ///  - parameters: Parameters used to challenge an authentication method
     ///  - delegate: Delegate that receives callbacks for the operation.

MSAL/src/native_auth/public/state_machine/state/JITStates.swift

@@ -27,7 +27,6 @@ import Foundation
 extension MFABaseState {
     func requestChallengeInternal(authMethod: MSALAuthMethod) async -> MSALNativeAuthMFAControlling.MFARequestChallengeControllerResponse {
         let context = MSALNativeAuthRequestContext(correlationId: correlationId)
-        MSALNativeAuthLogger.log(level: .warning, context: context, format: MSALNativeAuthLogMessage.privatePreviewLog)
         MSALNativeAuthLogger.log(level: .info, context: context, format: "MFA, request challenge")
         return await controller.requestChallenge(
             continuationToken: continuationToken,
@@ -42,7 +41,6 @@ extension MFABaseState {
 extension MFARequiredState {
     func submitChallengeInternal(challenge: String) async -> MSALNativeAuthMFAControlling.MFASubmitChallengeControllerResponse {
         let context = MSALNativeAuthRequestContext(correlationId: correlationId)
-        MSALNativeAuthLogger.log(level: .warning, context: context, format: MSALNativeAuthLogMessage.privatePreviewLog)
         MSALNativeAuthLogger.log(level: .info, context: context, format: "MFA, submit challenge")
         guard inputValidator.isInputValid(challenge) else {
             MSALNativeAuthLogger.log(level: .error, context: context, format: "MFA, invalid challenge")

MSAL/src/native_auth/public/state_machine/state/MFAStates+Internal.swift

@@ -73,7 +73,6 @@ import Foundation
 public class AwaitingMFAState: MFABaseState {
 
     /// Requests the server to send the challenge to the default authentication method.
-    /// - Warning: ⚠️  this API is experimental. It may be changed in the future without notice. Do not use in production applications.
     /// - Parameter authMethod: The authentication method you want to use for sending the challenge
     /// - Parameter delegate: Delegate that receives callbacks for the operation.
     public func requestChallenge(authMethod: MSALAuthMethod, delegate: MFARequestChallengeDelegate) {
@@ -104,7 +103,6 @@ public class MFARequiredState: MFABaseState {
     }
 
     /// Requests the server to send the challenge to the specified auth method or the default one.
-    /// - Warning: ⚠️  this API is experimental. It may be changed in the future without notice. Do not use in production applications.
     /// - Parameters:
     ///   - authMethod: The authentication method you want to use for sending the challenge
     ///   - delegate: Delegate that receives callbacks for the operation.
@@ -113,7 +111,6 @@ public class MFARequiredState: MFABaseState {
     }
 
     /// Submits the MFA challenge to the server for verification.
-    /// - Warning: ⚠️  this API is experimental. It may be changed in the future without notice. Do not use in production applications.
     /// - Parameters:
     ///   - challenge: Verification challenge that the user supplies.
     ///   - delegate: Delegate that receives callbacks for the operation.

MSAL/src/native_auth/public/state_machine/state/MFAStates.swift

@@ -56,6 +56,12 @@ NS_ASSUME_NONNULL_BEGIN
  */
 @property (nonatomic, nullable) NSString *loginHint;
 
+/**
+ The domain hint can be used to skip directly to the sign in page of the specified identity provider,
+ instead of having the user make a selection among the list of available identity providers.
+ */
+@property (nonatomic, nullable) NSString *domainHint;
+
 /**
  Permissions you want the account to consent to in the same
  authentication flow, but won't be included in the returned

MSAL/src/public/MSALInteractiveTokenParameters.h

@@ -62,6 +62,7 @@
 #import "MSIDMetadataCache.h"
 #import "MSIDAccountMetadataCacheItem.h"
 #import "MSIDAccountMetadataCacheKey.h"
+#import "MSIDBoundRefreshToken.h"
 
 #define BAD_REFRESH_TOKEN @"bad-refresh-token"
 #define APP_METADATA @"App-Metadata"
@@ -166,6 +167,7 @@ - (void)deleteToken:(MSIDBaseToken *)token
         {
             case MSIDFamilyRefreshTokenType:
             case MSIDRefreshTokenType:
+            case MSIDBoundRefreshTokenType:
             {
                 if ([token isKindOfClass:[MSIDLegacyRefreshToken class]])
                 {
@@ -485,6 +487,20 @@ - (UITableViewCell *)tableView:(UITableView *)tableView cellForRowAtIndexPath:(N
                 }
                 break;
             }
+            case MSIDBoundRefreshTokenType:
+            {
+                MSIDBoundRefreshToken *bart = (MSIDBoundRefreshToken *) token;
+                
+                cell.textLabel.text = [NSString stringWithFormat:@"BoundRefreshToken : %@, FamilyId : %@", bart.clientId, bart.familyId ? bart.familyId : @"0"];
+                cell.detailTextLabel.text = [NSString stringWithFormat:@"Client_Id: %@", bart.clientId];
+                
+                if ([bart.refreshToken isEqualToString:BAD_REFRESH_TOKEN])
+                {
+                    cell.textLabel.textColor = [UIColor orangeColor];
+                    cell.detailTextLabel.text = [NSString stringWithFormat:@"Client_Id : %@", bart.clientId];
+                }
+                break;
+            }
             case MSIDAccessTokenType:
             {
                 MSIDAccessToken *accessToken = (MSIDAccessToken *) token;
@@ -589,6 +605,7 @@ - (UISwipeActionsConfiguration *)tableView:(__unused UITableView *)tableView tra
         {
             case MSIDFamilyRefreshTokenType:
             case MSIDRefreshTokenType:
+            case MSIDBoundRefreshTokenType:
             {
                 if ([token isKindOfClass:[MSIDLegacyRefreshToken class]])
                 {

MSAL/test/app/ios/MSALTestAppCacheViewController.m

@@ -34,6 +34,7 @@
 #import "MSIDWorkPlaceJoinUtil.h"
 #import "MSALPublicClientApplicationConfig.h"
 #import "MSALCacheConfig.h"
+#import "MSIDBartFeatureUtil.h"
 
 static NSArray* s_profileRows = nil;
 static NSArray* s_deviceRows = nil;
@@ -82,6 +83,7 @@ @implementation MSALTestAppSettingsViewController
 
     NSArray* _profileRows;
     NSArray* _deviceRows;
+    NSArray* _bartSettingsRows;
 }
 
 - (id)init
@@ -171,6 +173,27 @@ - (void)viewWillAppear:(BOOL)animated
                      [MSALTestAppSettingsRow rowWithTitle:@"Device_Info - Device Id" value:^NSString *{ return aadDeviceIdentifier; }],
                      [MSALTestAppSettingsRow rowWithTitle:@"Device_Info - Tenant Id" value:^NSString *{ return tenantIdentifier; }]];
 
+    MSALTestAppSettingsRow* toggleRow = [MSALTestAppSettingsRow rowWithTitle:@"Request bound app refresh tokens?"];
+    toggleRow.valueBlock = ^NSString *{
+        // You can replace this with actual toggle state logic
+        BOOL isEnabled = [[MSIDBartFeatureUtil sharedInstance] isBartFeatureEnabled];
+        return isEnabled ? @"YES" : @"NO";
+    };
+    __weak typeof(self) weakSelf = self;
+    toggleRow.action = ^{
+        typeof(self) strongSelf = weakSelf;
+        if (!strongSelf) return;
+        
+        // Toggle the setting
+        BOOL currentState = [[MSIDBartFeatureUtil sharedInstance] isBartFeatureEnabled];
+        [[MSIDBartFeatureUtil sharedInstance] setBartSupportInAppCache:!currentState];
+        [strongSelf->_tableView reloadData];
+    };
+    
+    _bartSettingsRows = @[
+        toggleRow
+    ];
+    
     self.navigationController.navigationBarHidden = YES;
 
     [_tableView reloadData];
@@ -184,14 +207,16 @@ - (NSInteger)tableView:(UITableView *)tableView numberOfRowsInSection:(NSInteger
         return _profileRows.count;
     if (section == 1)
         return _deviceRows.count;
+    if (section == 2)
+        return _bartSettingsRows.count;
 
     return 0;
 }
 
 - (NSInteger)numberOfSectionsInTableView:(UITableView *)tableView
 {
     (void)tableView;
-    return 2;
+    return 3;
 }
 
 - (nullable NSString *)tableView:(UITableView *)tableView titleForHeaderInSection:(NSInteger)section
@@ -201,6 +226,8 @@ - (nullable NSString *)tableView:(UITableView *)tableView titleForHeaderInSectio
         return @"Authentication Settings";
     if (section == 1)
         return @"Device State";
+    if (section == 2)
+        return @"Bound App Refresh Token Settings";
 
     return nil;
 }
@@ -221,6 +248,11 @@ - (MSALTestAppSettingsRow*)rowForIndexPath:(NSIndexPath *)indexPath
         return _deviceRows[row];
     }
 
+    if (section == 2)
+    {
+        return _bartSettingsRows[row];
+    }
+    
     return nil;
 }