Webview interaction and system webview

IdentityCore/IdentityCore.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>IDEDidComputeMac32BitWarning</key>
+	<true/>
+</dict>
+</plist>

IdentityCore/src/MSIDError.h

@@ -68,11 +68,53 @@ typedef NS_ENUM(NSInteger, MSIDErrorCode)
     MSIDErrorInvalidRequest = -51014,
     MSIDErrorInvalidClient = -51015,
     MSIDErrorInvalidGrant = -51016,
-    MSIDErrorInvalidParameter = -51017,
+    MSIDErrorInvalidScope = -51017,
+    MSIDErrorInvalidParameter = -51018,
+
+    /*!
+     The user or application failed to authenticate in the interactive flow.
+     Inspect MSALOAuthErrorKey and MSALErrorDescriptionKey in the userInfo
+     dictionary for more detailed information about the specific error.
+     */
+    MSIDErrorAuthorizationFailed = -52020,
+
+    /*!
+     The state returned by the server does not match the state that was sent to
+     the server at the beginning of the authorization attempt.
+     */
+    MSIDErrorInvalidState = -52501,
+    /*!
+     Interaction required errors occur because of a wide variety of errors
+     returned by the authentication service.
+     */
+    MSIDErrorMismatchedUser             = -52101,
+    MSIDErrorNoAuthorizationResponse    = -52102,
+    MSIDErrorBadAuthorizationResponse   = -52103,
+
+
+    MSIDErrorUserCancel = -51019,
+    /*!
+     The authentication request was cancelled programmatically.
+     */
+    MSIDErrorSessionCanceled = -51020,
+    /*!
+     An interactive authentication session is already running with the
+     SafariViewController visible. Another authentication session can not be
+     launched yet.
+     */
+    MSIDErrorInteractiveSessionAlreadyRunning = -51021,
+    /*!
+     An interactive authentication session failed to start.
+     */
+    MSIDErrorInteractiveSessionStartFailure = -51022,
+
     MSIDErrorUnsupportedFunctionality = -51018,
+
     MSIDErrorCodeFirst = MSIDErrorInternal,
     MSIDErrorCodeLast = MSIDErrorUnsupportedFunctionality
 };
 
 extern NSError *MSIDCreateError(NSString *domain, NSInteger code, NSString *errorDescription, NSString *oauthError, NSString *subError, NSError *underlyingError, NSUUID *correlationId, NSDictionary *additionalUserInfo);
 
+extern MSIDErrorCode MSIDErrorCodeForOAuthError(NSString *oauthError, MSIDErrorCode defaultCode);
+

IdentityCore/src/MSIDError.m

@@ -48,4 +48,24 @@
     return [NSError errorWithDomain:domain code:code userInfo:userInfo];
 }
 
-
+MSIDErrorCode MSIDErrorCodeForOAuthError(NSString *oauthError, MSIDErrorCode defaultCode)
+{
+    if (oauthError && [oauthError caseInsensitiveCompare:@"invalid_request"] == NSOrderedSame)
+    {
+        return MSIDErrorInvalidRequest;
+    }
+    if (oauthError && [oauthError caseInsensitiveCompare:@"invalid_client"] == NSOrderedSame)
+    {
+        return MSIDErrorInvalidClient;
+    }
+    if (oauthError && [oauthError caseInsensitiveCompare:@"invalid_scope"] == NSOrderedSame)
+    {
+        return MSIDErrorInvalidScope;
+    }
+    if (oauthError && [oauthError caseInsensitiveCompare:@"invalid_grant"] == NSOrderedSame)
+    {
+        return MSIDErrorInvalidGrant;
+    }
+
+    return defaultCode;
+}

IdentityCore/src/MSIDOAuth2Constants.h

@@ -27,11 +27,14 @@ extern NSString *const MSID_OAUTH2_AUTHORIZATION_CODE;
 extern NSString *const MSID_OAUTH2_AUTHORIZATION_URI;
 extern NSString *const MSID_OAUTH2_AUTHORITY;
 extern NSString *const MSID_OAUTH2_AUTHORIZE_SUFFIX;
+extern NSString *const MSID_OAUTH2_V2_AUTHORIZE_SUFFIX;
 extern NSString *const MSID_OAUTH2_BEARER;
 extern NSString *const MSID_OAUTH2_CLIENT_ID;
+extern NSString *const MSID_OAUTH2_CLAIMS;
 extern NSString *const MSID_OAUTH2_CODE;
 extern NSString *const MSID_OAUTH2_ERROR;
 extern NSString *const MSID_OAUTH2_ERROR_DESCRIPTION;
+extern NSString *const MSID_OAUTH2_ERROR_SUBCODE;
 extern NSString *const MSID_OAUTH2_EXPIRES_IN;
 extern NSString *const MSID_OAUTH2_GRANT_TYPE;
 extern NSString *const MSID_OAUTH2_REDIRECT_URI;
@@ -53,6 +56,8 @@ extern NSString *const MSID_OAUTH2_CORRELATION_ID_REQUEST_VALUE;
 extern NSString *const MSID_OAUTH2_SAML11_BEARER_VALUE;
 extern NSString *const MSID_OAUTH2_SAML2_BEARER_VALUE;
 extern NSString *const MSID_OAUTH2_SCOPE_OPENID_VALUE;
+extern NSString *const MSID_OAUTH2_SCOPE_OFFLINE_ACCESS_VALUE;
+extern NSString *const MSID_OAUTH2_SCOPE_PROFILE_VALUE;
 extern NSString *const MSID_OAUTH2_ASSERTION;
 extern NSString *const MSID_OAUTH2_CLIENT_TELEMETRY;
 extern NSString *const MSID_OAUTH2_PROMPT;
@@ -61,6 +66,7 @@ extern NSString *const MSID_OAUTH2_PROMPT_NONE;
 extern NSString *const MSID_OAUTH2_EXPIRES_ON;
 extern NSString *const MSID_OAUTH2_EXT_EXPIRES_IN;
 extern NSString *const MSID_FAMILY_ID;
+extern NSString *const MSID_AUTH_CLOUD_INSTANCE_HOST_NAME;
 
 // Used for PKCE support
 extern NSString *const MSID_OAUTH2_CODE_CHALLENGE;

IdentityCore/src/MSIDOAuth2Constants.m

@@ -26,14 +26,17 @@
 NSString *const MSID_OAUTH2_ACCESS_TOKEN       = @"access_token";
 NSString *const MSID_OAUTH2_AUTHORIZATION      = @"authorization";
 NSString *const MSID_OAUTH2_AUTHORIZE_SUFFIX   = @"/oauth2/authorize";
+NSString *const MSID_OAUTH2_V2_AUTHORIZE_SUFFIX   = @"/oauth2/v2.0/authorize";
 NSString *const MSID_OAUTH2_AUTHORITY           = @"authority";
 NSString *const MSID_OAUTH2_AUTHORIZATION_CODE = @"authorization_code";
 NSString *const MSID_OAUTH2_AUTHORIZATION_URI  = @"authorization_uri";
 NSString *const MSID_OAUTH2_BEARER             = @"Bearer";
 NSString *const MSID_OAUTH2_CLIENT_ID          = @"client_id";
+NSString *const MSID_OAUTH2_CLAIMS             = @"claims";
 NSString *const MSID_OAUTH2_CODE               = @"code";
 NSString *const MSID_OAUTH2_ERROR              = @"error";
 NSString *const MSID_OAUTH2_ERROR_DESCRIPTION  = @"error_description";
+NSString *const MSID_OAUTH2_ERROR_SUBCODE      = @"error_subcode";
 NSString *const MSID_OAUTH2_EXPIRES_IN         = @"expires_in";
 NSString *const MSID_OAUTH2_GRANT_TYPE         = @"grant_type";
 NSString *const MSID_OAUTH2_REDIRECT_URI       = @"redirect_uri";
@@ -56,6 +59,8 @@
 NSString *const MSID_OAUTH2_SAML11_BEARER_VALUE = @"urn:ietf:params:oauth:grant-type:saml1_1-bearer";
 NSString *const MSID_OAUTH2_SAML2_BEARER_VALUE = @"urn:ietf:params:oauth:grant-type:saml2-bearer";
 NSString *const MSID_OAUTH2_SCOPE_OPENID_VALUE = @"openid";
+NSString *const MSID_OAUTH2_SCOPE_PROFILE_VALUE = @"profile";
+NSString *const MSID_OAUTH2_SCOPE_OFFLINE_ACCESS_VALUE = @"offline_access";
 NSString *const MSID_OAUTH2_CLIENT_TELEMETRY    = @"x-ms-clitelem";
 NSString *const MSID_OAUTH2_PROMPT              = @"prompt";
 NSString *const MSID_OAUTH2_PROMPT_NONE         = @"none";
@@ -78,6 +83,8 @@
 NSString *const MSID_OAUTH2_ADDITIONAL_SERVER_INFO       = @"additional_server_info";
 NSString *const MSID_OAUTH2_ENVIRONMENT                  = @"environment";
 
+NSString *const MSID_AUTH_CLOUD_INSTANCE_HOST_NAME       = @"cloud_instance_host_name";
+
 NSString *const MSID_CREDENTIAL_TYPE_CACHE_KEY           = @"credential_type";
 NSString *const MSID_ENVIRONMENT_CACHE_KEY               = @"environment";
 NSString *const MSID_REALM_CACHE_KEY                     = @"realm";

IdentityCore/src/cache/accessor/MSIDLegacyTokenCacheAccessor.m

@@ -27,7 +27,6 @@
 #import "MSIDTelemetryEventStrings.h"
 #import "MSIDTelemetryCacheEvent.h"
 #import "MSIDLegacyTokenCacheKey.h"
-#import "MSIDConfiguration.h"
 #import "MSIDTokenResponse.h"
 #import "NSDate+MSIDExtensions.h"
 #import "MSIDAuthority.h"

IdentityCore/src/configuration/MSIDConfiguration.h

@@ -26,6 +26,7 @@
 
 @interface MSIDConfiguration : NSObject <NSCopying>
 
+// Commonly used or needed properties
 @property (readwrite) NSURL *authority;
 @property (readwrite) NSString *redirectUri;
 @property (readwrite) NSString *clientId;
@@ -39,18 +40,4 @@
                          clientId:(NSString *)clientId
                            target:(NSString *)target;
 
-- (instancetype)initWithAuthority:(NSURL *)authority
-                      redirectUri:(NSString *)redirectUri
-                         clientId:(NSString *)clientId
-                           target:(NSString *)target
-                    correlationId:(NSUUID *)correlationId;
-
-// Optional configurations
-@property (readwrite) NSString *loginHint;
-@property (readwrite) NSUUID *correlationId;
-
-@property (readwrite) MSIDNetworkConfiguration *networkConfig;
-
-@property (readwrite) NSDictionary<NSString *, NSString *> *sliceParameters;
-
 @end

IdentityCore/src/configuration/MSIDConfiguration.m

@@ -23,6 +23,7 @@
 
 #import "MSIDConfiguration.h"
 #import "NSOrderedSet+MSIDExtensions.h"
+#import "MSIDPkce.h"
 
 @implementation MSIDConfiguration
 
@@ -33,27 +34,15 @@ - (instancetype)copyWithZone:(NSZone*)zone
     configuration.redirectUri = [_redirectUri copyWithZone:zone];
     configuration.target = [_target copyWithZone:zone];
     configuration.clientId = [_clientId copyWithZone:zone];
-    configuration.correlationId = [_correlationId copyWithZone:zone];
-    configuration.loginHint = [_loginHint copyWithZone:zone];
-    configuration.sliceParameters = [_sliceParameters copyWithZone:zone];
-    configuration.networkConfig = [_networkConfig copyWithZone:zone];
 
     return configuration;
 }
 
-- (instancetype)initWithAuthority:(NSURL *)authority
-                      redirectUri:(NSString *)redirectUri
-                         clientId:(NSString *)clientId
-                           target:(NSString *)target
-{
-    return [[MSIDConfiguration alloc] initWithAuthority:authority redirectUri:redirectUri clientId:clientId target:target correlationId:nil];
-}
 
 - (instancetype)initWithAuthority:(NSURL *)authority
                       redirectUri:(NSString *)redirectUri
                          clientId:(NSString *)clientId
                            target:(NSString *)target
-                    correlationId:(NSUUID *)correlationId
 {
     self = [super init];
 
@@ -63,7 +52,6 @@ - (instancetype)initWithAuthority:(NSURL *)authority
         _redirectUri = redirectUri;
         _clientId = clientId;
         _target = target;
-        _correlationId = correlationId;
     }
 
     return self;

IdentityCore/src/configuration/MSIDNetworkConfiguration.h

@@ -24,11 +24,9 @@
 #import <Foundation/Foundation.h>
 
 
-@interface MSIDNetworkConfiguration : NSObject <NSCopying>
+@interface MSIDNetworkConfiguration : NSObject
 
-@property (readwrite) NSTimeInterval timeout;
-@property (readwrite) int retryCount;
-
-- (instancetype)initWithTimeout:(NSTimeInterval)timeout retryCount:(int)retryCount;
+@property (class, nonatomic, readwrite) NSTimeInterval timeout;
+@property (class, nonatomic, readwrite) NSInteger retryCount;
 
 @end

IdentityCore/src/configuration/MSIDNetworkConfiguration.m

@@ -23,41 +23,28 @@
 
 #import "MSIDNetworkConfiguration.h"
 
-static NSTimeInterval const s_defaultTimeout = 30;
-static int const s_defaultRetryCount = 2;
+static NSTimeInterval s_timeout = 30;
+static NSInteger s_retryCount = 2;
 
 @implementation MSIDNetworkConfiguration
 
-- (instancetype)init
++ (void)setTimeout:(NSTimeInterval)timeout
 {
-    self = [super init];
-    if (self)
-    {
-        _timeout = s_defaultTimeout;
-        _retryCount = s_defaultRetryCount;
-    }
-    return self;
+    s_timeout = timeout;
 }
-
-- (instancetype)initWithTimeout:(NSTimeInterval)timeout retryCount:(int)retryCount
++ (NSTimeInterval)timeout
 {
-    self = [super init];
-    if (self)
-    {
-        _timeout = timeout;
-        _retryCount = retryCount;
-    }
-    return self;
+    return s_timeout;
 }
 
-- (instancetype)copyWithZone:(NSZone*)zone
++(void)setRetryCount:(NSInteger)retryCount
 {
-    MSIDNetworkConfiguration *configuration = [[MSIDNetworkConfiguration allocWithZone:zone] init];
-    configuration.timeout = _timeout;
-    configuration.retryCount = _retryCount;
-
-    return configuration;
+    s_retryCount = retryCount;
 }
 
++ (NSInteger)retryCount
+{
+    return s_retryCount;
+}
 
 @end

IdentityCore/src/configuration/webview/MSIDWebviewConfiguration.h

@@ -26,26 +26,47 @@
 //------------------------------------------------------------------------------
 
 #import <Foundation/Foundation.h>
-#import "MSIDConfiguration.h"
 
 @class MSIDPkce;
-@class MSIDClientInfo;
 
-@interface MSIDWebviewConfiguration : MSIDConfiguration
+@interface MSIDWebviewConfiguration : NSObject
 
 // Common
+@property (readwrite) NSURL *authorizationEndpoint;
+@property (readwrite) NSString *redirectUri;
+@property (readwrite) NSString *clientId;
+@property (readwrite) NSString *resource;
+@property (readwrite) NSOrderedSet<NSString *> *scopes;
+@property (readwrite) NSUUID *correlationId;
 
 @property (readwrite) NSDictionary<NSString *, NSString *> *extraQueryParameters;
+@property (readwrite) NSDictionary<NSString *, NSString *> *sliceParameters;
 @property (readwrite) NSString *promptBehavior;
 @property (readwrite) NSString *claims;
 
-// Is this only for V2?
-@property (readwrite) NSString *requestState;
+// State verifier: Recommended verifier for state value of the response.
+//  Set to YES to stop if verifying state fails
+@property (readonly) BOOL verifyState;
 
-@property (readwrite) MSIDPkce *pkce;
-@property (readwrite) MSIDClientInfo *clientInfo;
+// PKCE Support
+@property (readonly) MSIDPkce *pkce;
+
+// User information
+@property (readwrite) NSString *loginHint;
+@property (readwrite) NSString *utid;
+@property (readwrite) NSString *uid;
 
 // Priority start URL
 @property (readwrite) NSURL *explicitStartURL;
 
+- (instancetype)initWithAuthorizationEndpoint:(NSURL *)authorizationEndpoint
+                                  redirectUri:(NSString *)redirectUri
+                                     clientId:(NSString *)clientId
+                                     resource:(NSString *)resource
+                                       scopes:(NSOrderedSet<NSString *> *)scopes
+                                correlationId:(NSUUID *)correlationId
+                                  verifyState:(BOOL)verifyState
+                                   enablePkce:(BOOL)enablePkce;
+
+
 @end

IdentityCore/src/configuration/webview/MSIDWebviewConfiguration.m

@@ -26,7 +26,36 @@
 //------------------------------------------------------------------------------
 
 #import "MSIDWebviewConfiguration.h"
+#import "MSIDPkce.h"
 
 @implementation MSIDWebviewConfiguration
 
+- (instancetype)initWithAuthorizationEndpoint:(NSURL *)authorizationEndpoint
+                                  redirectUri:(NSString *)redirectUri
+                                     clientId:(NSString *)clientId
+                                     resource:(NSString *)resource
+                                       scopes:(NSOrderedSet<NSString *> *)scopes
+                                correlationId:(NSUUID *)correlationId
+                                  verifyState:(BOOL)verifyState
+                                   enablePkce:(BOOL)enablePkce
+
+{
+    self = [super init];
+    if (self)
+    {
+        _authorizationEndpoint = authorizationEndpoint;
+        _redirectUri = redirectUri;
+        _clientId = clientId;
+        _resource = resource;
+        _scopes = scopes;
+        _correlationId = correlationId;
+        _verifyState = verifyState;
+
+        if (enablePkce)
+        {
+            _pkce = [MSIDPkce new];
+        }
+    }
+    return self;
+}
 @end