Edge TB: Expose WebApps APIs, Fixes AB#3409879 (#2793)

### Summary:

In this PR, we:
- Expose the WebApp APIs via BrokerMsalController. OneAuth is already
using this class to call similar Edge APIs.
- getSupportedWebAppContracts(String minBrokerProtocolVersion): this
method is called by OneAuth to make sure that the broker can handle the
request.
- executeWebAppRequest(String Request, String minBrokerProtocolVersion):
this method handles requests for GetToken, GetCookies, and SignOut.
- Implement the bundle helper methods for creating the bundle and
extracting the results from the result bundle.
- Adds the bundle keys to AuthenticationConstants, where both common and
broker can access them.

Related broker PR:
AzureAD/ad-accounts-for-android#3256


[AB#3409879](https://identitydivision.visualstudio.com/Engineering/_workitems/edit/3409879/)

Author: melissaahn

changelog.txt

@@ -5,6 +5,9 @@ vNext
 - [MINOR] Add OTel Benchmarker (#2786)
 - [MINOR] WebApps AccountId Registry (#2787)
 - [MINOR] Take flight value for whether to show webcp flow in weview or not in brokerless scenarios. (#2784)
+- [MINOR] getAllSsoTokens method for Edge (#2774)
+- [MINOR] WebApps AccountId Registry (#2787)
+- [MINOR] Expose WebApps APIs (#2793)
 - [MINOR] Add domainHint support to authorization request (#2792)
 
 Version 23.0.2
@@ -20,7 +23,6 @@ Version 23.0.2
 - [MINOR] SDK now handles SMS as strong authentication method #2766
 - [MINOR] Added error handling when webcp redirects have browser protocol #2767
 - [PATCH] Fix for app link redirect from CCT due to forced browser preference (#2775)
-- [MINOR] getAllSsoTokens method for Edge (#2774)
 
 Version 22.1.3
 ----------

common/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java

@@ -1376,6 +1376,26 @@ public static String computeMaxHostBrokerProtocol() {
          */
         public static final String BROKER_GENERATE_ALL_SSO_TOKENS_RESULT = "broker_generate_all_sso_tokens";
 
+        /**
+         * String for broker webapps get contracts result.
+         */
+        public static final String BROKER_WEBAPPS_GET_CONTRACTS_RESULT = "contracts";
+
+        /**
+         * String for broker webapps error result.
+         */
+        public static final String BROKER_WEB_APPS_ERROR = "error";
+
+        /**
+         * String for broker webapps request.
+         */
+        public static final String BROKER_WEB_APPS_REQUEST = "request";
+
+        /**
+         * String for broker webapps response.
+         */
+        public static final String BROKER_WEB_APPS_RESPONSE = "response";
+
         /**
          * String for generate shr result.
          */

common/src/main/java/com/microsoft/identity/common/internal/controllers/BrokerMsalController.java

@@ -1365,6 +1365,119 @@ public void putValueInSuccessEvent(@NonNull final ApiEndEvent event,
         });
     }
 
+    /**
+     * Get supported web app contracts from broker.
+     *
+     * @param minBrokerProtocolVersion minimum broker protocol version the caller requires.
+     * @throws BaseException
+     */
+    public String getSupportedWebAppContracts(@NonNull final String minBrokerProtocolVersion) throws BaseException {
+        return getBrokerOperationExecutor().execute(null,
+                new BrokerOperation<String>() {
+                    private String negotiatedBrokerProtocolVersion;
+
+                    @Override
+                    public void performPrerequisites(@NonNull final IIpcStrategy strategy) throws BaseException {
+                        negotiatedBrokerProtocolVersion = hello(strategy, minBrokerProtocolVersion);
+                    }
+
+                    @NonNull
+                    @Override
+                    public BrokerOperationBundle getBundle() throws ClientException {
+                        return new BrokerOperationBundle(
+                                BrokerOperationBundle.Operation.BROKER_WEBAPPS_API_GET_SUPPORTED_WEB_APPS_CONTRACTS,
+                                mActiveBrokerPackageName,
+                                mRequestAdapter.getRequestBundleForGetSupportedWebAppContracts(negotiatedBrokerProtocolVersion, minBrokerProtocolVersion)
+                        );
+                    }
+
+                    @NonNull
+                    @Override
+                    public String extractResultBundle(
+                            @Nullable final Bundle resultBundle) throws BaseException {
+                        if (resultBundle == null) {
+                            throw mResultAdapter.getExceptionForEmptyResultBundle();
+                        }
+                        verifyBrokerVersionIsSupported(resultBundle, minBrokerProtocolVersion);
+                        return mResultAdapter.getSupportedWebAppsContractFromBundle(resultBundle);
+                    }
+
+                    @NonNull
+                    @Override
+                    public String getMethodName() {
+                        return ":getSupportedWebAppContracts";
+                    }
+
+                    @Nullable
+                    @Override
+                    public String getTelemetryApiId() {
+                        return null;
+                    }
+
+                    @Override
+                    public void putValueInSuccessEvent(@NonNull final ApiEndEvent event,
+                                                       @NonNull final String result) {
+                    }
+                });
+    }
+
+    /**
+     * Execute web app request in broker.
+     *
+     * @param request request string
+     * @param minBrokerProtocolVersion minimum broker protocol version the caller requires.
+     * @throws BaseException
+     */
+    public String executeWebAppRequest(@NonNull final String request,
+                                       @NonNull final String minBrokerProtocolVersion) throws BaseException {
+        return getBrokerOperationExecutor().execute(null,
+                new BrokerOperation<String>() {
+                    private String negotiatedBrokerProtocolVersion;
+
+                    @Override
+                    public void performPrerequisites(@NonNull final IIpcStrategy strategy) throws BaseException {
+                        negotiatedBrokerProtocolVersion = hello(strategy, minBrokerProtocolVersion);
+                    }
+
+                    @NonNull
+                    @Override
+                    public BrokerOperationBundle getBundle() throws ClientException {
+                        return new BrokerOperationBundle(
+                                BrokerOperationBundle.Operation.BROKER_WEBAPPS_API_EXECUTE_WEB_APPS_REQUEST,
+                                mActiveBrokerPackageName,
+                                mRequestAdapter.getRequestBundleForExecuteWebAppRequest(request,negotiatedBrokerProtocolVersion, minBrokerProtocolVersion)
+                        );
+                    }
+
+                    @NonNull
+                    @Override
+                    public String extractResultBundle(@Nullable final Bundle resultBundle) throws BaseException {
+                        if (resultBundle == null) {
+                            throw mResultAdapter.getExceptionForEmptyResultBundle();
+                        }
+                        verifyBrokerVersionIsSupported(resultBundle, minBrokerProtocolVersion);
+                        return mResultAdapter.getExecuteWebAppRequestResultFromBundle(resultBundle);
+                    }
+
+                    @NonNull
+                    @Override
+                    public String getMethodName() {
+                        return ":executeWebAppRequest";
+                    }
+
+                    @Nullable
+                    @Override
+                    public String getTelemetryApiId() {
+                        return null;
+                    }
+
+                    @Override
+                    public void putValueInSuccessEvent(@NonNull final ApiEndEvent event,
+                                                       @NonNull final String result) {
+                    }
+                });
+    }
+
     /**
      * Checks if the account returns is a MSA Account and sets single on state in cache
      */

common/src/main/java/com/microsoft/identity/common/internal/request/MsalBrokerRequestAdapter.java

@@ -29,6 +29,7 @@
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.AUTH_SCHEME_PARAMS_POP;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_REQUEST_V2;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_REQUEST_V2_COMPRESSED;
+import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_WEB_APPS_REQUEST;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.CALLER_INFO_UID;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.CAN_FOCI_APPS_CONSTRUCT_ACCOUNTS_FROM_PRT_ID_TOKEN_KEY;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.CLIENT_ADVERTISED_MAXIMUM_BP_VERSION_KEY;
@@ -580,6 +581,37 @@ public Bundle getRequestBundleForAadDeviceIdRequest(
         );
     }
 
+    /**
+     * Method to construct a request bundle for broker getSupportedWebAppContracts request.
+     *
+     * @return request Bundle
+     */
+    public @NonNull Bundle getRequestBundleForGetSupportedWebAppContracts(@NonNull final String negotiatedBrokerProtocolVersion,
+                                                                          @NonNull final String requiredBrokerProtocolVersion) {
+        final Bundle requestBundle = new Bundle();
+        requestBundle.putString(AuthenticationConstants.Broker.NEGOTIATED_BP_VERSION_KEY, negotiatedBrokerProtocolVersion);
+        addRequiredBrokerProtocolVersionToRequestBundle(requestBundle, requiredBrokerProtocolVersion);
+        return requestBundle;
+    }
+
+    /**
+     * Method to construct a request bundle for broker executeWebAppRequest request.
+     *
+     * @param request                      input request
+     * @param negotiatedBrokerProtocolVersion protocol version returned by broker hello.
+     * @param requiredBrokerProtocolVersion protocol version required by the client.
+     * @return request Bundle
+     */
+    public Bundle getRequestBundleForExecuteWebAppRequest(@NonNull final String request,
+                                                          @NonNull final String negotiatedBrokerProtocolVersion,
+                                                          @NonNull final String requiredBrokerProtocolVersion) {
+        final Bundle bundle = new Bundle();
+        bundle.putString(AuthenticationConstants.Broker.NEGOTIATED_BP_VERSION_KEY, negotiatedBrokerProtocolVersion);
+        bundle.putString(BROKER_WEB_APPS_REQUEST, request);
+        addRequiredBrokerProtocolVersionToRequestBundle(bundle, requiredBrokerProtocolVersion);
+        return bundle;
+    }
+
     private boolean getMultipleCloudsSupported(@NonNull final TokenCommandParameters parameters) {
         if (parameters.getAuthority() instanceof AzureActiveDirectoryAuthority) {
             final AzureActiveDirectoryAuthority authority = (AzureActiveDirectoryAuthority) parameters.getAuthority();

common/src/main/java/com/microsoft/identity/common/internal/result/MsalBrokerResultAdapter.java

@@ -31,6 +31,9 @@
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_GENERATE_SSO_TOKEN_RESULT;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_PACKAGE_NAME;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_RESULT_V2_COMPRESSED;
+import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_WEBAPPS_GET_CONTRACTS_RESULT;
+import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_WEB_APPS_ERROR;
+import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_WEB_APPS_RESPONSE;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.HELLO_ERROR_CODE;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.HELLO_ERROR_MESSAGE;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.NEGOTIATED_BP_VERSION_KEY;
@@ -115,7 +118,7 @@ public class MsalBrokerResultAdapter implements IBrokerResultAdapter {
     public static final Gson GSON = new Gson();
 
     private static final String DCF_NOT_SUPPORTED_ERROR = "deviceCodeFlowAuthRequest() not supported in BrokerMsalController";
-
+    private static final String WEBAPPS_ENTRY_IS_NULL_ERROR = "WebApps entry in the bundle is null";
     interface IBooleanCallback {
         boolean getResult();
     }
@@ -1044,4 +1047,38 @@ public AadDeviceIdRecord aadDeviceIdRecordFromBundle(@NonNull final Bundle resul
         }
         return aadDeviceIdRecord;
     }
+
+    /**
+     * Gets the supported web apps contract string from the result bundle.
+     * @param resultBundle The result bundle from the broker.
+     */
+    @NonNull
+    public String getSupportedWebAppsContractFromBundle(@NonNull final Bundle resultBundle) throws ClientException {
+        final String result = resultBundle.getString(BROKER_WEBAPPS_GET_CONTRACTS_RESULT);
+        if (result == null) {
+            throw new ClientException(INVALID_BROKER_BUNDLE, WEBAPPS_ENTRY_IS_NULL_ERROR + " for " + BROKER_WEBAPPS_GET_CONTRACTS_RESULT);
+        }
+        return result;
+    }
+
+    /**
+     * Gets the execute web app request result string from the result bundle.
+     * @param resultBundle The result bundle from the broker.
+     */
+    @NonNull
+    public String getExecuteWebAppRequestResultFromBundle(@NonNull final Bundle resultBundle) throws ClientException {
+        // Expect either success payload or error fields reused from BrokerResult
+        if (resultBundle.containsKey(BROKER_WEB_APPS_ERROR)) {
+            final String result = resultBundle.getString(BROKER_WEB_APPS_ERROR);
+            if (result == null) {
+                throw new ClientException(INVALID_BROKER_BUNDLE, WEBAPPS_ENTRY_IS_NULL_ERROR + " for " + BROKER_WEB_APPS_ERROR);
+            }
+            return result;
+        }
+        final String result = resultBundle.getString(BROKER_WEB_APPS_RESPONSE);
+        if (result == null) {
+            throw new ClientException(INVALID_BROKER_BUNDLE, WEBAPPS_ENTRY_IS_NULL_ERROR + " for " + BROKER_WEB_APPS_RESPONSE);
+        }
+        return result;
+    }
 }

common4j/src/main/com/microsoft/identity/common/java/exception/ErrorStrings.java

@@ -470,6 +470,11 @@ private ErrorStrings() {
      */
     public static final String ACTIVITY_NOT_FOUND = "activity_not_found";
 
+    /**
+     * All web app sign out attempts failed.
+     */
+    public static final String ALL_WEBAPP_SIGN_OUTS_FAILED = "all_webapp_sign_outs_failed";
+
     /**
      * A generic error code used when no other error code is applicable.
      */