Release 1.1.16 (#1273)

* the ui testing was excuted twice, and remove one (#1245)

* Fixed README.md typo

* update common lib

* update msal

* When creating a hotfix branch, a automation should be triggered as well (#1259)

* update latest common lib

* update common core

* Update MSAL to use common lib with throttling feature (#1258)

throttling feature

* update msal use common core dev (#1265)

* Dummy change to trigger Travis CI

* Minor logging improvements

* Update identitycore

* Create release branch.

* Update release branch (#1274)

* Remove check if access_token is not returned for id_token only scenarios

* Changed properties that depended on accessToken to nullable

* update common lib

* Updated common core

* Updated submodule

* Addressed comments

* Updated submodule

* Return empty access token in MSALResult

* update change log

* Return empty authorization header when access token is empty

* Updated UT

* Updated changelog

* Update common core

* Updated changelog

* Update changelog.

Co-authored-by: Tatsuro Shibamura <[email protected]>
Co-authored-by: Olga Dalton <[email protected]>
Co-authored-by: HieuNguyen <[email protected]>
Co-authored-by: Hieu Nguyen <[email protected]>

* Update release branch (#1277)

* Update common core.

* Trigger new build.

Co-authored-by: kaisong1990 <[email protected]>
Co-authored-by: Garrison Locke <[email protected]>
Co-authored-by: Olga Dalton <[email protected]>
Co-authored-by: HieuNguyen <[email protected]>
Co-authored-by: Hieu Nguyen <[email protected]>
Co-authored-by: Jason Zeng <[email protected]>
Co-authored-by: Tatsuro Shibamura <[email protected]>

Author: 7 people

CHANGELOG.md

@@ -1,12 +1,17 @@
+## [1.1.16] - 2021-03-19
+* Support empty or nil access token in MSAL token response (#1256)
+* Implement throttling. 
+
 ## [1.1.15] - 2021-02-19
 * Mask EUII in logs (#1206)
-* Fixes to ADO release pipeline (#1236)
+* Fixes to ADO release pipeline. (#1236)
+* Fixed required attributes in SHR of AT Pop. (#1267)
 
 ## [1.1.14] - 2021-01-19
 * Removed identity core classes from public api (#1158).
 * Fixed possible deadlock caused by thread explosion (#1175)
 * Added pipeline configuration to generate framework for SPM & automate MSAL release (#1194)
-* Extend iOS background tasks to silent and interactive requests.
+* Extend iOS background tasks to silent and interactive requests
 * Change order of FRT/MRRT lookup for silent token refreshes
 
 ## [1.1.13] - 2020-12-04

MSAL.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "MSAL"
-  s.version      = "1.1.15"
+  s.version      = "1.1.16"
   s.summary      = "Microsoft Authentication Library (MSAL) Preview for iOS"
   s.description  = <<-DESC
                    The MSAL library preview for iOS gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Microsoft Azure B2C for those using our hosted identity management service.

MSAL/IdentityCore

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.1.15</string>
+	<string>1.1.16</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSPrincipalClass</key>

MSAL/resources/ios/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.1.15</string>
+	<string>1.1.16</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>

MSAL/resources/mac/Info.plist

@@ -55,6 +55,11 @@ @implementation MSALResult
 
 - (NSString *)authorizationHeader
 {
+    if ([NSString msidIsStringNilOrBlank:self.accessToken])
+    {
+        return @"";
+    }
+    
     return [self.authScheme getAuthorizationHeader:self.accessToken];
 }
 
@@ -134,21 +139,29 @@ + (MSALResult *)resultWithMSIDTokenResult:(MSIDTokenResult *)tokenResult
         account.accountClaims = claims.jsonDictionary;
     }
 
-    NSString *accessToken = [authScheme getClientAccessToken:tokenResult.accessToken popManager:popManager error:error];
-    if (!accessToken)
+    NSString *resultAccessToken = @"";
+    NSArray *resultScopes = @[];
+    
+    if (![NSString msidIsStringNilOrBlank:tokenResult.accessToken.accessToken])
     {
-        return nil;
+        MSID_LOG_WITH_CTX(MSIDLogLevelInfo, nil, @"Parsing result access token");
+        resultAccessToken = [authScheme getClientAccessToken:tokenResult.accessToken popManager:popManager error:error];
+        resultScopes = [tokenResult.accessToken.scopes array];
     }
-    
-    return [self resultWithAccessToken:accessToken
+    else
+    {
+        MSID_LOG_WITH_CTX(MSIDLogLevelInfo, nil, @"Access token missing in token result. Continuing without it");
+    }
+        
+    return [self resultWithAccessToken:resultAccessToken
                              expiresOn:tokenResult.accessToken.expiresOn
                isExtendedLifetimeToken:tokenResult.extendedLifeTimeToken
                               tenantId:tenantProfile.tenantId
                          tenantProfile:tenantProfile
                                account:account
                                idToken:tokenResult.rawIdToken
                               uniqueId:tenantProfile.identifier
-                                scopes:[tokenResult.accessToken.scopes array]
+                                scopes:resultScopes
                              authority:authority
                          correlationId:tokenResult.correlationId
                             authScheme:authScheme];

MSAL/src/MSALResult.m

@@ -27,7 +27,7 @@
 
 #define MSAL_VER_HIGH       1
 #define MSAL_VER_LOW        1
-#define MSAL_VER_PATCH      15
+#define MSAL_VER_PATCH      16
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

MSAL/src/MSAL_Internal.h

@@ -39,14 +39,17 @@
 
 #pragma mark - Token response
 
-/** The Access Token requested. */
+/**
+ The Access Token requested.
+ Note that if access token is not returned in token response, this property will be returned as an empty string.
+ */
 @property (readonly, nonnull) NSString *accessToken;
 
 /**
     The time that the access token returned in the Token property ceases to be valid.
     This value is calculated based on current UTC time measured locally and the value expiresIn returned from the service
  */
-@property (readonly, nonnull) NSDate *expiresOn;
+@property (readonly, nullable) NSDate *expiresOn;
 
 /**
     Some access tokens have extended lifetime when server is in an unavailable state.

MSAL/src/public/MSALResult.h

@@ -192,6 +192,18 @@ - (void)testMSALResultWithTokenResult_whenValidTokenResult_shouldReturnCorrectAt
     XCTAssertEqualObjects(result.account.identifier, @"uid.tenant_id");
     XCTAssertNil(result.account.tenantProfiles);
     XCTAssertEqualObjects(tokenResult.correlationId.UUIDString, @"00000000-0000-0000-0000-000000000001");
+    XCTAssertEqualObjects(result.accessToken, @"access_token");
+    XCTAssertEqualObjects(result.authorizationHeader, @"Bearer access_token");
+    
+    MSIDAccessToken *emptyAccessToken = nil;
+    tokenResult.accessToken = emptyAccessToken;
+    error = nil;
+    result = [MSALResult resultWithMSIDTokenResult:tokenResult authority:msalAuthority authScheme:[MSALAuthenticationSchemeBearer new] popManager:nil error:&error];
+    
+    XCTAssertEqualObjects(result.accessToken, @"");
+    XCTAssertEqualObjects(result.authorizationHeader, @"");
+    XCTAssertNotNil(result);
+    XCTAssertNil(error);
 }
 
 - (void)testMSALResultWithTokenResult_whenValidTokenResult_shouldReturnCorrectAttributes_PopFlow
@@ -218,6 +230,7 @@ - (void)testMSALResultWithTokenResult_whenValidTokenResult_shouldReturnCorrectAt
     MSALResult *result = [MSALResult resultWithMSIDTokenResult:tokenResult authority:msalAuthority authScheme:[self generateAuthSchemePopInstance] popManager:[MSALDevicePopManagerUtil test_initWithValidCacheConfig] error:&error];
 
     XCTAssertNotNil(result);
+    XCTAssertNil(error);
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
     XCTAssertEqualObjects(result.tenantId, claims.realm);
@@ -232,7 +245,19 @@ - (void)testMSALResultWithTokenResult_whenValidTokenResult_shouldReturnCorrectAt
     XCTAssertNotNil(result.account);
     XCTAssertEqualObjects(result.account.identifier, @"uid.tenant_id");
     XCTAssertNil(result.account.tenantProfiles);
+    XCTAssertNotNil(result.accessToken);
+    XCTAssertTrue([result.authorizationHeader hasPrefix:@"Pop "]);
     XCTAssertEqualObjects(tokenResult.correlationId.UUIDString, @"00000000-0000-0000-0000-000000000001");
+    
+    MSIDAccessToken *emptyAccessToken = nil;
+    tokenResult.accessToken = emptyAccessToken;
+    error = nil;
+    result = [MSALResult resultWithMSIDTokenResult:tokenResult authority:msalAuthority authScheme:[self generateAuthSchemePopInstance] popManager:[MSALDevicePopManagerUtil test_initWithValidCacheConfig] error:&error];
+    
+    XCTAssertEqualObjects(result.accessToken, @"");
+    XCTAssertEqualObjects(result.authorizationHeader, @"");
+    XCTAssertNotNil(result);
+    XCTAssertNil(error);
 }
 
 - (MSALAuthenticationSchemePop *) generateAuthSchemePopInstance

MSAL/test/unit/MSALResultTests.m

@@ -545,7 +545,7 @@ To signout account from your app, call MSAL's signout API. You can also optional
 ```swift
 let account = .... /* account retrieved above */
 
-let signoutParameters = MSALSignoutParameters(webviewParameters: self.webViewParamaters!)
+let signoutParameters = MSALSignoutParameters(webviewParameters: self.webViewParameters!)
 signoutParameters.signoutFromBrowser = false
             
 application.signout(with: account, signoutParameters: signoutParameters, completionBlock: {(success, error) in