AzureAD · unpluggedk · Jun 26, 2018 · Jun 18, 2018 · Jun 18, 2018 · Jun 22, 2018
@@ -134,7 +134,6 @@
 		6035CD8D207EA67300369E69 /* MSIDTelemetryIntegrationTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 6035CD8B207EA67300369E69 /* MSIDTelemetryIntegrationTests.m */; };
 		6057EE9020B5FDF8007976EB /* MSIDAADOAuthEmbeddedWebviewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 6057EE8F20B5FDF8007976EB /* MSIDAADOAuthEmbeddedWebviewController.m */; };
 		6057EE9120B5FDF8007976EB /* MSIDAADOAuthEmbeddedWebviewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 6057EE8F20B5FDF8007976EB /* MSIDAADOAuthEmbeddedWebviewController.m */; };
-		606830052098ACED00CCA6AB /* MSIDNegotiateHandler.m in Sources */ = {isa = PBXBuildFile; fileRef = 606830042098ACED00CCA6AB /* MSIDNegotiateHandler.m */; };
 		606830062098ACED00CCA6AB /* MSIDNegotiateHandler.m in Sources */ = {isa = PBXBuildFile; fileRef = 606830042098ACED00CCA6AB /* MSIDNegotiateHandler.m */; };
 		6068300A2098C9D300CCA6AB /* MSIDCredentialCollectionController.m in Sources */ = {isa = PBXBuildFile; fileRef = 606830092098C9D300CCA6AB /* MSIDCredentialCollectionController.m */; };
 		606830102098E94100CCA6AB /* MSIDCertificateChooser.m in Sources */ = {isa = PBXBuildFile; fileRef = 6068300F2098E94100CCA6AB /* MSIDCertificateChooser.m */; };
@@ -149,7 +148,6 @@
 		60BF06042051F9A200DE7C1C /* MSIDTelemetryTestDispatcher.m in Sources */ = {isa = PBXBuildFile; fileRef = 60BF06032051F9A200DE7C1C /* MSIDTelemetryTestDispatcher.m */; };
 		60BF06052051F9A200DE7C1C /* MSIDTelemetryTestDispatcher.m in Sources */ = {isa = PBXBuildFile; fileRef = 60BF06032051F9A200DE7C1C /* MSIDTelemetryTestDispatcher.m */; };
 		60D6ED0220D9BB02002FCBBB /* SecurityInterface.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 9623FF4220A396F700A989B7 /* SecurityInterface.framework */; };
-		60D6ED0420D9BB50002FCBBB /* GSS.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 60D6ED0320D9BB4F002FCBBB /* GSS.framework */; };
 		60D6ED0620D9BB5A002FCBBB /* WebKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 60D6ED0520D9BB5A002FCBBB /* WebKit.framework */; };
 		60D6ED0820D9BB6A002FCBBB /* UIKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 60D6ED0720D9BB6A002FCBBB /* UIKit.framework */; };
 		60D6ED0A20D9BB79002FCBBB /* SafariServices.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 60D6ED0920D9BB79002FCBBB /* SafariServices.framework */; };
@@ -1175,7 +1173,6 @@
 				60D6ED0A20D9BB79002FCBBB /* SafariServices.framework in Frameworks */,
 				60D6ED0820D9BB6A002FCBBB /* UIKit.framework in Frameworks */,
 				60D6ED0620D9BB5A002FCBBB /* WebKit.framework in Frameworks */,
-				60D6ED0420D9BB50002FCBBB /* GSS.framework in Frameworks */,
 				96285D6320D872AA004CA4BD /* libIdentityCore.a in Frameworks */,
 				96285D6120D8721E004CA4BD /* libIdentityTest.a in Frameworks */,
 			);
@@ -3037,7 +3034,6 @@
 				B29A36C020B1289D00427B63 /* MSIDAccountIdentifier.m in Sources */,
 				96A3E9B9208941D700BE5262 /* MSIDSystemWebviewController.m in Sources */,
 				D61AFAB51FD8B6C600DABBE5 /* MSIDConstants.m in Sources */,
-				606830052098ACED00CCA6AB /* MSIDNegotiateHandler.m in Sources */,
 				238E19CD2086FC87004DF483 /* MSIDUrlRequestSerializer.m in Sources */,
 				96F21B0520A4FB27002B87C3 /* MSIDAppExtensionUtil.m in Sources */,
 				238E19DE2086FE28004DF483 /* MSIDTokenRequest.m in Sources */,
@@ -3584,13 +3580,18 @@
 			isa = XCBuildConfiguration;
 			baseConfigurationReference = D6CF4E931FC3626A00CD70C5 /* identitycore__debug.xcconfig */;
 			buildSettings = {
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"$(inherited)",
+					"$(MSID_SYSTEMWV)",
+				);
 			};
 			name = Debug;
 		};
 		D68FB48F1FBA698A005308BB /* Release */ = {
 			isa = XCBuildConfiguration;
 			baseConfigurationReference = D6CF4E9C1FC3626B00CD70C5 /* identitycore__release.xcconfig */;
 			buildSettings = {
+				GCC_PREPROCESSOR_DEFINITIONS = "$(MSID_SYSTEMWV)";
 			};
 			name = Release;
 		};

@@ -26,9 +26,8 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      language = ""
-      shouldUseLaunchSchemeArgsEnv = "YES"
-      codeCoverageEnabled = "YES">
+      codeCoverageEnabled = "YES"
+      shouldUseLaunchSchemeArgsEnv = "YES">
       <Testables>
          <TestableReference
             skipped = "NO">
@@ -57,7 +56,6 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      language = ""
       launchStyle = "0"
       useCustomWorkingDirectory = "NO"
       ignoresPersistentStateOnLaunch = "NO"

@@ -41,81 +41,99 @@ extern NSString *MSIDKeychainErrorDomain;
 
 typedef NS_ENUM(NSInteger, MSIDErrorCode)
 {
-    MSIDErrorInternal = -51000,
-    MSIDErrorInvalidInternalParameter = -51001,
-
-    MSIDErrorInvalidDeveloperParameter = -51002,
-    MSIDErrorAmbiguousAuthority     = -51003,
-    MSIDErrorInteractionRequired    = -51004,
-
-    MSIDErrorCacheMultipleUsers     = -51005,
-
     /*!
-     MSID encounted an error when trying to store or retrieve items from
-     keychain. Inspect NSUnderlyingError from the userInfo dictionary for
-     more information about the specific error. Keychain error codes are
-     documented in Apple's <Security/SecBase.h> header file
+     ====================================================
+     General Errors (510xx, 511xx) - MSIDErrorDomain
+     ====================================================
      */
-    MSIDErrorTokenCacheItemFailure  = -51006,
-    MSIDErrorWrapperCacheFailure    = -51007,
-    MSIDErrorCacheBadFormat         = -51008,
-    MSIDErrorCacheVersionMismatch   = -51009,
+    // General internal errors that do not fall into one of the specific type
+    // of an error described below.
+    MSIDErrorInternal = -51100,
 
-    MSIDErrorServerInvalidResponse = -51010,
-    MSIDErrorDeveloperAuthorityValidation = -51011,
-    MSIDErrorServerRefreshTokenRejected = -51012,
-    MSIDErrorServerOauth = -51013,
-    MSIDErrorInvalidRequest = -51014,
-    MSIDErrorInvalidClient = -51015,
-    MSIDErrorInvalidGrant = -51016,
-    MSIDErrorInvalidScope = -51017,
-    MSIDErrorInvalidParameter = -51018,
-    MSIDErrorUserCancel = -51019,
-    /*!
-     The authentication request was cancelled programmatically.
-     */
-    MSIDErrorSessionCanceled = -51020,
+    // Parameter errors
+    MSIDErrorInvalidInternalParameter   = -51111,
+    MSIDErrorInvalidDeveloperParameter  = -51112,
+
+    // Unsupported functionality
+    MSIDErrorUnsupportedFunctionality   = -51199,
+
     /*!
-     An interactive authentication session is already running with the
-     SafariViewController visible. Another authentication session can not be
-     launched yet.
+    =========================================================
+     Cache Errors   (512xx) - MSIDErrorDomain
+    =========================================================
      */
-    MSIDErrorInteractiveSessionAlreadyRunning = -51021,
+
+    // Multiple users found in cache when one was intended
+    MSIDErrorCacheMultipleUsers     = -51201,
+    MSIDErrorCacheBadFormat         = -51302,
+
     /*!
-     An interactive authentication session failed to start.
+     =========================================================
+     Server errors  (514xx) - MSIDOAuthErrorDomain
+     =========================================================
      */
-    MSIDErrorInteractiveSessionStartFailure = -51022,
+    // Interaction Required
+    MSIDErrorInteractionRequired        = -51411,
 
-    MSIDErrorNoMainViewController = -51023,
-    MSIDServerNonHttpsRedirect = -51024,
+    // Server returned a response indicating an OAuth error
+    MSIDErrorServerOauth                = -51421,
+    // Server returned an invalid response
+    MSIDErrorServerInvalidResponse      = -51422,
+    // Server returned a refresh token reject response
+    MSIDErrorServerRefreshTokenRejected = -51423,
+    // Other specific server response errors
 
-    MSIDErrorUnsupportedFunctionality = -51025,
+    MSIDErrorServerInvalidRequest       = -51431,
+    MSIDErrorServerInvalidClient        = -51432,
+    MSIDErrorServerInvalidGrant         = -51433,
+    MSIDErrorServerInvalidScope         = -51434,
+
+    // State verification has failed
+    MSIDErrorServerInvalidState         = -51441,
+
+    // Redirect to non HTTPS detected
+    MSIDErrorServerNonHttpsRedirect     = -51451,
 
     /*!
-     The user or application failed to authenticate in the interactive flow.
-     Inspect MSALOAuthErrorKey and MSALErrorDescriptionKey in the userInfo
-     dictionary for more detailed information about the specific error.
+     =========================================================
+     Authority Validation  (515xx) - MSIDErrorDomain
+     =========================================================
      */
-    MSIDErrorAuthorizationFailed = -52020,
+    // Authority validation response failure
+    MSIDErrorAuthorityValidation  = -51500,
 
     /*!
-     Interaction required errors occur because of a wide variety of errors
-     returned by the authentication service.
+     =========================================================
+     Interactive flow errors    (516xx) - MSIDOAuthErrorDomain
+     =========================================================
      */
-    MSIDErrorMismatchedUser             = -52101,
-    MSIDErrorNoAuthorizationResponse    = -52102,
-    MSIDErrorBadAuthorizationResponse   = -52103,
 
+    // The user or application failed to authenticate in the interactive flow.
+    // Inspect MSALOAuthErrorKey and MSALErrorDescriptionKey in the userInfo
+    // dictionary for more detailed information about the specific error.
+    MSIDErrorAuthorizationFailed        = -51600,
+
+    // User has cancelled the interactive flow.
+    MSIDErrorUserCancel                 = -51611,
+
+    // The interactive flow was cancelled programmatically.
+    MSIDErrorSessionCanceledProgramatically = -51612,
+
+    // Interactive authentication session failed to start.
+    MSIDErrorInteractiveSessionStartFailure = -51621,
     /*!
-     The state returned by the server does not match the state that was sent to
-     the server at the beginning of the authorization attempt.
+     An interactive authentication session is already running.
+     Another authentication session can not be launched yet.
      */
-    MSIDErrorInvalidState = -52501,
+    MSIDErrorInteractiveSessionAlreadyRunning = -51622,
 
-    MSIDErrorCodeFirst = MSIDErrorInternal,
-    MSIDErrorCodeLast = MSIDErrorInvalidState
+    // Embedded webview has failed to find a view controller to display web contents
+    MSIDErrorNoMainViewController = - 51631,
 };
 
 extern NSError *MSIDCreateError(NSString *domain, NSInteger code, NSString *errorDescription, NSString *oauthError, NSString *subError, NSError *underlyingError, NSUUID *correlationId, NSDictionary *additionalUserInfo);
 
 extern MSIDErrorCode MSIDErrorCodeForOAuthError(NSString *oauthError, MSIDErrorCode defaultCode);
+
+extern NSDictionary<NSString *, NSArray *> *MSIDErrorDomainsAndCodes(void);
+
@@ -52,20 +52,58 @@ MSIDErrorCode MSIDErrorCodeForOAuthError(NSString *oauthError, MSIDErrorCode def
 {
     if (oauthError && [oauthError caseInsensitiveCompare:@"invalid_request"] == NSOrderedSame)
     {
-        return MSIDErrorInvalidRequest;
+        return MSIDErrorServerInvalidRequest;
     }
     if (oauthError && [oauthError caseInsensitiveCompare:@"invalid_client"] == NSOrderedSame)
     {
-        return MSIDErrorInvalidClient;
+        return MSIDErrorServerInvalidClient;
     }
     if (oauthError && [oauthError caseInsensitiveCompare:@"invalid_scope"] == NSOrderedSame)
     {
-        return MSIDErrorInvalidScope;
+        return MSIDErrorServerInvalidScope;
     }
     if (oauthError && [oauthError caseInsensitiveCompare:@"invalid_grant"] == NSOrderedSame)
     {
-        return MSIDErrorInvalidGrant;
+        return MSIDErrorServerInvalidGrant;
     }
 
     return defaultCode;
 }
+
+NSDictionary* MSIDErrorDomainsAndCodes()
+{
+    return @{ MSIDErrorDomain : @[// General Errors
+                      @(MSIDErrorInternal),
+                      @(MSIDErrorInvalidInternalParameter),
+                      @(MSIDErrorInvalidDeveloperParameter),
+                      @(MSIDErrorUnsupportedFunctionality),
+
+                      // Cache Errors
+                      @(MSIDErrorCacheMultipleUsers),
+                      @(MSIDErrorCacheBadFormat),
+
+                      // Authority Validation Errors
+                      @(MSIDErrorAuthorityValidation),
+
+                      // Interactive flow errors
+                      @(MSIDErrorAuthorizationFailed),
+                      @(MSIDErrorUserCancel),
+                      @(MSIDErrorSessionCanceledProgramatically),
+                      @(MSIDErrorInteractiveSessionStartFailure),
+                      @(MSIDErrorInteractiveSessionAlreadyRunning),
+                      @(MSIDErrorNoMainViewController)
+                      ],
+              MSIDOAuthErrorDomain : @[// Server Errors
+                      @(MSIDErrorInteractionRequired),
+                      @(MSIDErrorServerOauth),
+                      @(MSIDErrorServerInvalidResponse),
+                      @(MSIDErrorServerRefreshTokenRejected),
+                      @(MSIDErrorServerInvalidRequest),
+                      @(MSIDErrorServerInvalidClient),
+                      @(MSIDErrorServerInvalidGrant),
+                      @(MSIDErrorServerInvalidScope),
+                      @(MSIDErrorServerInvalidState),
+                      @(MSIDErrorServerNonHttpsRedirect)
+                      ]
+              };
+}
@@ -101,7 +101,7 @@ - (MSIDAccountType)accountType
 
 - (MSIDErrorCode)oauthErrorCode
 {
-    return MSIDErrorCodeForOAuthError(self.error, MSIDErrorInteractionRequired);
+    return MSIDErrorCodeForOAuthError(self.error, MSIDErrorServerOauth);
 }
 
 - (NSDictionary *)additionalServerInfo

@@ -34,7 +34,7 @@
 // Webviews creation
 - (MSIDWebviewSession *)embeddedWebviewSessionFromConfiguration:(MSIDWebviewConfiguration *)configuration customWebview:(WKWebView *)webview context:(id<MSIDRequestContext>)context;
 
-#if TARGET_OS_IPHONE
+#if TARGET_OS_IPHONE && !MSID_EXCLUDE_SYSTEMWV
 - (MSIDWebviewSession *)systemWebviewSessionFromConfiguration:(MSIDWebviewConfiguration *)configuration context:(id<MSIDRequestContext>)context;
 #endif
 

@@ -55,7 +55,7 @@ - (MSIDWebviewSession *)embeddedWebviewSessionFromConfiguration:(MSIDWebviewConf
     return session;
 }
 
-#if TARGET_OS_IPHONE
+#if TARGET_OS_IPHONE && !MSID_EXCLUDE_SYSTEMWV
 - (MSIDWebviewSession *)systemWebviewSessionFromConfiguration:(MSIDWebviewConfiguration *)configuration context:(id<MSIDRequestContext>)context
 {
     NSString *state = [self generateStateValue];
@@ -180,7 +180,7 @@ - (BOOL)verifyRequestState:(NSString *)requestState
         if (error)
         {
             *error = MSIDCreateError(MSIDOAuthErrorDomain,
-                                     MSIDErrorInvalidState,
+                                     MSIDErrorServerInvalidState,
                                      [NSString stringWithFormat:@"Missing or invalid state returned state: %@", stateReceived],
                                      nil, nil, nil, nil, nil);
         }

@@ -51,17 +51,18 @@ typedef void (^MSIDWebviewAuthCompletionHandler)(MSIDWebviewResponse *response,
                                                  context:(id<MSIDRequestContext>)context
                                        completionHandler:(MSIDWebviewAuthCompletionHandler)completionHandler;
 
-#if TARGET_OS_IPHONE
+#if TARGET_OS_IPHONE && !MSID_EXCLUDE_SYSTEMWV
 + (void)startSystemWebviewWebviewAuthWithConfiguration:(MSIDWebviewConfiguration *)configuration
                                          oauth2Factory:(MSIDOauth2Factory *)oauth2Factory
                                                context:(id<MSIDRequestContext>)context
                                      completionHandler:(MSIDWebviewAuthCompletionHandler)completionHandler;
 #endif
 
+
 + (BOOL)setCurrentSession:(MSIDWebviewSession *)session;
 + (void)cancelCurrentSession;
 
-#if TARGET_OS_IPHONE
+#if TARGET_OS_IPHONE && !MSID_EXCLUDE_SYSTEMWV
 // This is for system webview auth session on iOS 10 - Thus, a SafariViewController
 + (BOOL)handleURLResponseForSystemWebviewController:(NSURL *)url;
 #endif

@@ -63,7 +63,7 @@ + (void)startEmbeddedWebviewWebviewAuthWithConfiguration:(MSIDWebviewConfigurati
     [self startSession:session context:context completionHandler:completionHandler];
 }
 
-#if TARGET_OS_IPHONE
+#if TARGET_OS_IPHONE && !MSID_EXCLUDE_SYSTEMWV
 + (void)startSystemWebviewWebviewAuthWithConfiguration:(MSIDWebviewConfiguration *)configuration
                                          oauth2Factory:(MSIDOauth2Factory *)oauth2Factory
                                                context:(id<MSIDRequestContext>)context
@@ -83,7 +83,7 @@ + (void)startSession:(MSIDWebviewSession *)session
     // check session nil
     if (!session)
     {
-        NSError *error = MSIDCreateError(MSIDErrorDomain, MSIDErrorInvalidRequest, @"Interactive session failed to create.", nil, nil, nil, context.correlationId, nil);
+        NSError *error = MSIDCreateError(MSIDErrorDomain, MSIDErrorInternal, @"Interactive session failed to create.", nil, nil, nil, context.correlationId, nil);
         completionHandler(nil, error);
         return;
     }
@@ -169,9 +169,9 @@ + (void)cancelCurrentSession
     }
 }
 
+#if TARGET_OS_IPHONE && !MSID_EXCLUDE_SYSTEMWV
 + (BOOL)handleURLResponseForSystemWebviewController:(NSURL *)url;
 {
-#if TARGET_OS_IPHONE
     @synchronized([MSIDWebviewAuthorization class])
     {
         if (s_currentSession &&
@@ -180,9 +180,8 @@ + (BOOL)handleURLResponseForSystemWebviewController:(NSURL *)url;
             return [((MSIDSystemWebviewController *)s_currentSession.webviewController) handleURLResponseForSafariViewController:url];
         }
     }
-#endif
     return NO;
 }
-
+#endif
 
 @end