AzureAD · ameyapat · Oct 15, 2024 · Sep 19, 2024 · Sep 19, 2024 · Sep 19, 2024
@@ -621,6 +621,7 @@
 		6078EB51226DA97200235498 /* MSIDTestCacheUtil.m in Sources */ = {isa = PBXBuildFile; fileRef = 6078EB4D226DA73600235498 /* MSIDTestCacheUtil.m */; };
 		607A788D23294D6F00A1F74D /* MSIDAccountMetadataCacheAccessorMock.m in Sources */ = {isa = PBXBuildFile; fileRef = 607A788C23294D6F00A1F74D /* MSIDAccountMetadataCacheAccessorMock.m */; };
 		607A788E23294D6F00A1F74D /* MSIDAccountMetadataCacheAccessorMock.m in Sources */ = {isa = PBXBuildFile; fileRef = 607A788C23294D6F00A1F74D /* MSIDAccountMetadataCacheAccessorMock.m */; };
+		607E6A8C2CAF04D700948365 /* MSIDCustomHeaderProviding.h in Headers */ = {isa = PBXBuildFile; fileRef = 607E6A8B2CAF04D700948365 /* MSIDCustomHeaderProviding.h */; };
 		6080B97A2384BD17009B1322 /* MSIDAccountMetadataCacheItem.m in Sources */ = {isa = PBXBuildFile; fileRef = 6080B9792384BD17009B1322 /* MSIDAccountMetadataCacheItem.m */; };
 		6080B97B2384BD17009B1322 /* MSIDAccountMetadataCacheItem.m in Sources */ = {isa = PBXBuildFile; fileRef = 6080B9792384BD17009B1322 /* MSIDAccountMetadataCacheItem.m */; };
 		6080B9A523886DD9009B1322 /* MSIDBrokerOperationGetDeviceInfoRequestTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 6080B9A423886DD9009B1322 /* MSIDBrokerOperationGetDeviceInfoRequestTests.m */; };
@@ -2455,6 +2456,7 @@
 		6078EB4D226DA73600235498 /* MSIDTestCacheUtil.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDTestCacheUtil.m; sourceTree = "<group>"; };
 		607A788B23294D2400A1F74D /* MSIDAccountMetadataCacheAccessorMock.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDAccountMetadataCacheAccessorMock.h; sourceTree = "<group>"; };
 		607A788C23294D6F00A1F74D /* MSIDAccountMetadataCacheAccessorMock.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDAccountMetadataCacheAccessorMock.m; sourceTree = "<group>"; };
+		607E6A8B2CAF04D700948365 /* MSIDCustomHeaderProviding.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDCustomHeaderProviding.h; sourceTree = "<group>"; };
 		6080B9782384BD01009B1322 /* MSIDAccountMetadataCacheItem.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDAccountMetadataCacheItem.h; sourceTree = "<group>"; };
 		6080B9792384BD17009B1322 /* MSIDAccountMetadataCacheItem.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDAccountMetadataCacheItem.m; sourceTree = "<group>"; };
 		6080B9A423886DD9009B1322 /* MSIDBrokerOperationGetDeviceInfoRequestTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDBrokerOperationGetDeviceInfoRequestTests.m; sourceTree = "<group>"; };
@@ -4088,6 +4090,14 @@
 			path = account_request;
 			sourceTree = "<group>";
 		};
+		607E6A872CAF03C400948365 /* customHeaderProviding */ = {
+			isa = PBXGroup;
+			children = (
+				607E6A8B2CAF04D700948365 /* MSIDCustomHeaderProviding.h */,
+			);
+			path = customHeaderProviding;
+			sourceTree = "<group>";
+		};
 		609E74BA228CA3C2005E3FED /* metadata */ = {
 			isa = PBXGroup;
 			children = (
@@ -4323,6 +4333,7 @@
 				6057EE8F20B5FDF8007976EB /* MSIDAADOAuthEmbeddedWebviewController.m */,
 				60B3856D20AB3CDC00D546D0 /* ui */,
 				96235FA0207D786A007EAB36 /* challangeHandlers */,
+				607E6A872CAF03C400948365 /* customHeaderProviding */,
 			);
 			path = embeddedWebview;
 			sourceTree = "<group>";
@@ -6076,6 +6087,7 @@
 				B26A0B8C2071B763006BD95A /* MSIDAADV1Oauth2Factory.h in Headers */,
 				B2C708B4219A620E00D917B8 /* MSIDBrokerCryptoProvider.h in Headers */,
 				B2CDB5791FE33A46003A4B5C /* MSIDAccount.h in Headers */,
+				607E6A8C2CAF04D700948365 /* MSIDCustomHeaderProviding.h in Headers */,
 				B2AF1D40218BD10A0080C1A0 /* MSIDRequestParameters.h in Headers */,
 				B2C7089721991D0000D917B8 /* MSIDAADV2BrokerResponse.h in Headers */,
 				E733EDEF25C0A49500ACB79A /* MSIDThumbprintCalculator.h in Headers */,
@@ -8108,6 +8120,7 @@
 				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
 				SWIFT_VERSION = 5.0;
 				TARGETED_DEVICE_FAMILY = "1,2,7";
+				XROS_DEPLOYMENT_TARGET = 1.2;
 			};
 			name = Debug;
 		};
@@ -8169,6 +8182,7 @@
 				SWIFT_VERSION = 5.0;
 				TARGETED_DEVICE_FAMILY = "1,2,7";
 				VALIDATE_PRODUCT = YES;
+				XROS_DEPLOYMENT_TARGET = 1.2;
 			};
 			name = Release;
 		};
@@ -8227,6 +8241,7 @@
 				SDKROOT = iphoneos;
 				SUPPORTED_PLATFORMS = "iphoneos iphonesimulator xros xrsimulator";
 				TARGETED_DEVICE_FAMILY = "1,2,7";
+				XROS_DEPLOYMENT_TARGET = 1.2;
 			};
 			name = Debug;
 		};
@@ -8279,6 +8294,7 @@
 				SUPPORTED_PLATFORMS = "iphoneos iphonesimulator xros xrsimulator";
 				TARGETED_DEVICE_FAMILY = "1,2,7";
 				VALIDATE_PRODUCT = YES;
+				XROS_DEPLOYMENT_TARGET = 1.2;
 			};
 			name = Release;
 		};

@@ -30,6 +30,15 @@ NS_ASSUME_NONNULL_BEGIN
 @interface MSIDBrokerOperationBrowserNativeMessageRequest : MSIDBrokerOperationRequest
 
 @property (nonatomic) NSDictionary *payloadJson;
+@property (nonatomic) NSString *parentProcessBundleIdentifier;
+@property (nonatomic) NSString *parentProcessTeamId;
+@property (nonatomic) NSString *parentProcessLocalizedName;
+
+@property (nonatomic, readonly) NSString *callerBundleIdentifier;
+@property (nonatomic, readonly) NSString *callerTeamIdentifier API_AVAILABLE(ios(14.0), macos(11.0)) API_UNAVAILABLE(watchos, tvos);
+@property (nonatomic, readonly) NSString *localizedCallerDisplayName API_AVAILABLE(ios(14.0), macos(11.0)) API_UNAVAILABLE(watchos, tvos);
+@property (nonatomic, readonly) NSString *localizedApplicationInfo API_AVAILABLE(ios(14.0), macos(11.0)) API_UNAVAILABLE(watchos, tvos);
+
 @property (nonatomic, readonly) NSString *method;
 
 @end

@@ -27,9 +27,13 @@
 #import "MSIDJsonSerializableTypes.h"
 #import "MSIDJsonSerializableFactory.h"
 #import "NSDictionary+MSIDExtensions.h"
+#import "MSIDBrowserNativeMessageRequest.h"
 
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_REQUEST_PAYLOAD_KEY = @"payload";
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_REQUEST_METHOD_KEY = @"method";
+NSString *const MSID_BROWSER_NATIVE_MESSAGE_REQUEST_PPTID_KEY = @"parent_process_teamId";
+NSString *const MSID_BROWSER_NATIVE_MESSAGE_REQUEST_PPBI_KEY = @"parent_process_bundle_identifier";
+NSString *const MSID_BROWSER_NATIVE_MESSAGE_REQUEST_PPLN_KEY = @"parent_process_localized_name";
 
 @implementation MSIDBrokerOperationBrowserNativeMessageRequest
 
@@ -50,6 +54,37 @@ + (NSString *)operation
     return MSID_JSON_TYPE_OPERATION_REQUEST_BROWSER_NATIVE_MESSAGE;
 }
 
+- (NSString *)callerBundleIdentifier
+{
+    return self.parentProcessBundleIdentifier ?: NSLocalizedString(@"N/A", nil);
+}
+
+- (NSString *)callerTeamIdentifier
+{
+    return self.parentProcessTeamId ?: NSLocalizedString(@"N/A", nil);
+}
+
+- (NSString *)localizedCallerDisplayName
+{
+    return self.parentProcessLocalizedName ?: NSLocalizedString(@"N/A", nil);
+}
+
+- (NSString *)localizedApplicationInfo
+{
+    NSString *method = self.payloadJson[MSID_BROWSER_NATIVE_MESSAGE_REQUEST_METHOD_KEY];
+    MSIDBrowserNativeMessageRequest *brokerOperationRequest = [MSIDJsonSerializableFactory createFromJSONDictionary:self.payloadJson
+                                                                          classType:method
+                                                                  assertKindOfClass:MSIDBrowserNativeMessageRequest.class
+                                                                              error:nil];
+
+    if (![NSString msidIsStringNilOrBlank:brokerOperationRequest.localizedApplicationInfo])
+    {
+        return brokerOperationRequest.localizedApplicationInfo;
+    }
+
+    return NSLocalizedString(@"N/A", nil);
+}
+
 #pragma mark - MSIDJsonSerializable
 
 - (instancetype)initWithJSONDictionary:(NSDictionary *)json error:(NSError *__autoreleasing*)error
@@ -81,6 +116,10 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)json error:(NSError *__au
 
             return nil;
         }
+
+        _parentProcessTeamId = [json msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_REQUEST_PPTID_KEY];
+        _parentProcessBundleIdentifier = [json msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_REQUEST_PPBI_KEY];
+        _parentProcessLocalizedName = [json msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_REQUEST_PPLN_KEY];
     }
 
     return self;
@@ -94,6 +133,10 @@ - (NSDictionary *)jsonDictionary
 
     json[MSID_BROWSER_NATIVE_MESSAGE_REQUEST_PAYLOAD_KEY] = [self.payloadJson msidJSONSerializeWithContext:nil];
 
+    json[MSID_BROWSER_NATIVE_MESSAGE_REQUEST_PPTID_KEY] = self.parentProcessTeamId;
+    json[MSID_BROWSER_NATIVE_MESSAGE_REQUEST_PPBI_KEY] = self.parentProcessBundleIdentifier;
+    json[MSID_BROWSER_NATIVE_MESSAGE_REQUEST_PPLN_KEY] = self.parentProcessLocalizedName;
+
     return json;
 }
 

@@ -58,6 +58,22 @@ + (NSString *)operation
     return @"GetToken";
 }
 
+#pragma mark - MSIDBrokerOperationRequest
+
+- (NSString *)localizedApplicationInfo
+{
+    // clientId && redirectUri are requered params and should be validated during init.
+    NSParameterAssert(self.clientId);
+    NSParameterAssert(self.redirectUri);
+    __auto_type clientId = self.clientId ?: @"";
+    __auto_type redirectUri = self.redirectUri ?: @"";
+
+    NSString *clientIdKey = NSLocalizedString(@"Client ID", nil);
+    NSString *redirectUriKey = NSLocalizedString(@"Redirect URI", nil);
+
+    return [NSString stringWithFormat:@"%@: %@ %@: %@", clientIdKey, clientId, redirectUriKey, redirectUri];
+}
+
 #pragma mark - MSIDJsonSerializable
 
 - (instancetype)initWithJSONDictionary:(NSDictionary *)json error:(NSError *__autoreleasing*)error

@@ -33,6 +33,8 @@ NS_ASSUME_NONNULL_BEGIN
 /// Url of the request sender.
 @property (nonatomic) NSURL *sender;
 
+@property (nonatomic, readonly) NSString *localizedApplicationInfo;
+
 @end
 
 NS_ASSUME_NONNULL_END
@@ -111,4 +111,9 @@
                                                                         context:(id<MSIDRequestContext>)context
                                                                           error:(NSError *__autoreleasing*)error;
 
+- (NSArray<MSIDPrimaryRefreshToken *> *)getPrimaryRefreshTokensForConfiguration:(MSIDConfiguration *)configuration
+                                                                        account:(MSIDAccountIdentifier *)accountIdentifier
+                                                                        context:(id<MSIDRequestContext>)context
+                                                                          error:(NSError *__autoreleasing*)error;
+
 @end
@@ -193,10 +193,19 @@ - (MSIDPrimaryRefreshToken *)getPrimaryRefreshTokenWithAccount:(MSIDAccountIdent
 - (NSArray<MSIDPrimaryRefreshToken *> *)getPrimaryRefreshTokensForConfiguration:(MSIDConfiguration *)configuration
                                                                         context:(id<MSIDRequestContext>)context
                                                                           error:(NSError *__autoreleasing*)error
+{
+    return [self getPrimaryRefreshTokensForConfiguration:configuration account:nil context:context error:error];
+}
+
+- (NSArray<MSIDPrimaryRefreshToken *> *)getPrimaryRefreshTokensForConfiguration:(MSIDConfiguration *)configuration
+                                                                        account:(MSIDAccountIdentifier *)accountIdentifier
+                                                                        context:(id<MSIDRequestContext>)context
+                                                                          error:(NSError *__autoreleasing*)error
 {
     MSIDDefaultCredentialCacheQuery *query = [MSIDDefaultCredentialCacheQuery new];
     query.environmentAliases = [configuration.authority defaultCacheEnvironmentAliases];
     query.credentialType = MSIDPrimaryRefreshTokenType;
+    query.homeAccountId = accountIdentifier.homeAccountId;
 
     NSArray<MSIDPrimaryRefreshToken *> *refreshTokens = (NSArray<MSIDPrimaryRefreshToken *> *)[self getTokensWithEnvironment:configuration.authority.environment cacheQuery:query context:context error:error];
     return refreshTokens;

@@ -27,6 +27,7 @@
 
 #import <Foundation/Foundation.h>
 #import "MSIDConstants.h"
+#import "MSIDCustomHeaderProviding.h"
 
 #if TARGET_OS_IPHONE
 #import <UIKit/UIKit.h>
@@ -45,6 +46,7 @@ NS_ASSUME_NONNULL_BEGIN
 
 // Embedded webview
 @property (nonatomic, readwrite) NSDictionary<NSString *, NSString *> *customHeaders;
+@property (nonatomic) id<MSIDCustomHeaderProviding> customHeaderProvider; // provide extra headers for subsequent requests rather than the intial request
 
 @property (nonatomic, weak) MSIDViewController *parentController;
 @property (nonatomic) BOOL prefersEphemeralWebBrowserSession;

@@ -29,6 +29,7 @@
 #import "MSIDTelemetryEventStrings.h"
 #import "MSIDTokenResult.h"
 #import "MSIDAccount.h"
+#import "MSIDAADRequestErrorHandler.h"
 #if TARGET_OS_IPHONE
 #import "MSIDBackgroundTaskManager.h"
 #endif
@@ -88,7 +89,7 @@ - (void)acquireToken:(nonnull MSIDRequestCompletionBlock)completionBlock
     MSIDRequestCompletionBlock completionBlockWrapper = ^(MSIDTokenResult * _Nullable result, NSError * _Nullable error)
     {
 #if TARGET_OS_IPHONE
-    [[MSIDBackgroundTaskManager sharedInstance] stopOperationWithType:MSIDBackgroundTaskTypeSilentRequest];
+        [[MSIDBackgroundTaskManager sharedInstance] stopOperationWithType:MSIDBackgroundTaskTypeSilentRequest];
 #endif
         MSID_LOG_WITH_CTX(MSIDLogLevelInfo, self.requestParameters, @"Silent flow finished. Result %@, error: %ld error domain: %@", _PII_NULLIFY(result), (long)error.code, error.domain);
         completionBlock(result, error);
@@ -114,7 +115,12 @@ - (void)acquireTokenWithRequest:(MSIDSilentTokenRequest *)request
     CONDITIONAL_START_EVENT(CONDITIONAL_SHARED_INSTANCE, self.requestParameters.telemetryRequestId, MSID_TELEMETRY_EVENT_API_EVENT);
     self.currentRequest = request;
     [request executeRequestWithCompletion:^(MSIDTokenResult *result, NSError *error)
-    {
+     {
+        if (error && [MSIDAADRequestErrorHandler shouldRetryNetworkingFailure:error.code]) {
+            completionBlock(result, error);
+            return;
+        }
+
         if (result || !self.fallbackController)
         {
 #if !EXCLUDE_FROM_MSALCPP
@@ -123,7 +129,7 @@ - (void)acquireTokenWithRequest:(MSIDSilentTokenRequest *)request
             [telemetryEvent setIsExtendedLifeTimeToken:result.extendedLifeTimeToken ? MSID_TELEMETRY_VALUE_YES : MSID_TELEMETRY_VALUE_NO];
             if (self.isLocalFallbackMode)
             {
-                 [telemetryEvent setSsoExtFallBackFlow:1];
+                [telemetryEvent setSsoExtFallBackFlow:1];
             }
 
             [self stopTelemetryEvent:telemetryEvent error:error];

@@ -27,6 +27,7 @@
 #import "MSIDSSOExtensionSignoutRequest.h"
 #import "MSIDInteractiveRequestParameters.h"
 #import "ASAuthorizationSingleSignOnProvider+MSIDExtensions.h"
+#import "MSIDMainThreadUtil.h"
 
 @interface MSIDSSOExtensionSignoutController()
 
@@ -86,11 +87,13 @@ - (void)executeRequestWithCompletion:(MSIDSignoutRequestCompletionBlock)completi
             return;
         }
 
+        [MSIDMainThreadUtil executeOnMainThreadIfNeeded:^{
 #if TARGET_OS_IPHONE
-        [self waitForSceneActivationAndCompleteSignout:completionBlock];
+            [self waitForSceneActivationAndCompleteSignout:completionBlock];
 #else
-        [super executeRequestWithCompletion:completionBlock];
+            [super executeRequestWithCompletion:completionBlock];
 #endif
+        }];
     }];
 }
 

@@ -26,4 +26,6 @@
 
 @interface MSIDAADRequestErrorHandler : NSObject <MSIDHttpRequestErrorHandling>
 
++ (BOOL)shouldRetryNetworkingFailure:(NSInteger)errorCode;
+
 @end
@@ -49,7 +49,7 @@ - (void)handleError:(NSError *)error
         if (shouldRetry && error)
         {
             // Networking errors (-1001, -1003. -1004. -1005. -1009)
-            shouldRetryNetworkingFailure = [self shouldRetryNetworkingFailure:error.code];
+            shouldRetryNetworkingFailure = [MSIDAADRequestErrorHandler shouldRetryNetworkingFailure:error.code];
             if (shouldRetryNetworkingFailure && error.code == NSURLErrorNotConnectedToInternet)
             {
                 // For handling the NSURLErrorNotConnectedToInternet error, retry the network request after a longer delay.
@@ -155,7 +155,7 @@ - (void)handleError:(NSError *)error
     if (completionBlock) completionBlock(nil, httpError);
 }
 
-- (BOOL)shouldRetryNetworkingFailure:(NSInteger)errorCode
++ (BOOL)shouldRetryNetworkingFailure:(NSInteger)errorCode
 {
     switch (errorCode) {
         case NSURLErrorTimedOut:

@@ -229,6 +229,7 @@ @implementation MSIDWebviewFactory
     result[MSID_OAUTH2_STATE] = state.msidBase64UrlEncode;
     [result addEntriesFromDictionary:[self metadataFromRequestParameters:parameters]];
     [result addEntriesFromDictionary:parameters.appRequestMetadata];
+    [result addEntriesFromDictionary:parameters.extraURLQueryParameters];
     return result;
 }
 
@@ -301,6 +302,7 @@ - (MSIDAuthorizeWebRequestConfiguration *)authorizeWebRequestConfigurationWithRe
     configuration.customHeaders = parameters.customWebviewHeaders;
     configuration.parentController = parameters.parentViewController;
     configuration.prefersEphemeralWebBrowserSession = parameters.prefersEphemeralWebBrowserSession;
+    configuration.customHeaderProvider = parameters.crossDomainHeaderProvider;
 
 #if TARGET_OS_IPHONE
     configuration.presentationType = parameters.presentationType;

@@ -129,6 +129,7 @@ @implementation MSIDAADWebviewFactory
 #endif
 
     embeddedWebviewController.externalDecidePolicyForBrowserAction = externalDecidePolicyForBrowserAction;
+    embeddedWebviewController.customHeaderProvider = configuration.customHeaderProvider;
 
     return embeddedWebviewController;
 }

@@ -22,6 +22,7 @@
 // THE SOFTWARE.
 
 #import "MSIDInteractiveRequestParameters.h"
+#import "MSIDCustomHeaderProviding.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -36,6 +37,7 @@ NS_ASSUME_NONNULL_BEGIN
 @property (nonatomic) NSDictionary *extraAuthorizeURLQueryParameters;
 @property (nonatomic) BOOL enablePkce;
 @property (nonatomic) MSIDBrokerInvocationOptions *brokerInvocationOptions;
+@property (nonatomic) id<MSIDCustomHeaderProviding> crossDomainHeaderProvider;
 
 - (NSOrderedSet *)allAuthorizeRequestScopes;
 - (NSDictionary *)allAuthorizeRequestExtraParameters DEPRECATED_MSG_ATTRIBUTE("Use -allAuthorizeRequestExtraParametersWithMetadata: instead");

@@ -80,8 +80,17 @@ + (void)sharedApplicationOpenURL:(NSURL*)url
 #if defined TARGET_OS_VISION && TARGET_OS_VISION
         [[self sharedApplication] openURL:url options:@{} completionHandler:nil];
 #else
-        [[self sharedApplication] performSelector:NSSelectorFromString(@"openURL:") withObject:url];
+        [self sharedApplicationOpenURL:url
+                               options:nil
+                     completionHandler:^(BOOL success)
+         {
+            if (!success)
+            {
+                MSID_LOG_WITH_CTX(MSIDLogLevelError, nil, @"Error when trying to open url: %@", [url msidPIINullifiedURL]);
+            }
+        }];
 #endif
+
     }];
 #pragma clang diagnostic pop
 }