Edge TB: changes related to GetToken, Fixes AB#3317102 (#2803)

### Summary

Broker PR: AzureAD/ad-accounts-for-android#3267

Changes related to WebApps getToken are done in this PR, and it also
notably contains refactoring (such as moving some files from broker to
common) and some additions to core classes such as AccountChooser and
AccountChooserActivity.

To optimize the number of IPCs and repeated code, the getToken operation
will be completed as follows:

1. Caller calls BrokerMsalController.ExecuteWebAppsRequest.
2. BrokerMsalController takes the request and calls the broker, which
will start the ExecuteWebAppsRequestOperation.
3. ExecuteWebAppsRequestOperation takes a peek at the method and
delegates to the correct sub operation.
4. For the WebAppsGetTokenSubOperation, determine if silent is possible.
Otherwise, force an interactive request and send an intent back to
BrokerMsalController.
5. If silent is possible, try a silent request. If a token is returned,
this will get formed into a response and sent back to
BrokerMsalController. If an exception is thrown, the operation
determines if an interactive request should be made. If true, an intent
is sent back. If false, the exception is formed into a response and sent
back to BrokerMsalController.
6. Back at BrokerMsalController, if a token response or error response
is received, this response string is returned as-is. If an intent is
received, BrokerMsalController will start the intent (you'll see some
refactoring with the existing acquireToken method to help reusing
logic).
7. AccountChooserActivity will handle the request and knows that it is
from a webapp. It will return either a token response or an error
response in the protocol format.
8. BrokerMsalController returns this response as-is.


[AB#3317102](https://identitydivision.visualstudio.com/Engineering/_workitems/edit/3317102)

Author: melissaahn

changelog.txt

@@ -8,6 +8,7 @@ vNext
 - [MINOR] Enable Broker Discovery by default in MSAL/Broker API (#2818)
 - [MINOR] Fix for SDL violation in device pop scenarios, Fixes AB#3284510 (#2744)
 - [MINOR] Adds Authentication Constants to be used for broker latency timestamp in response (#2831)
+- [MINOR] Add support for WebApps getToken API (#2803)
 
 Version 23.1.1
 -----------

common/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java

@@ -1379,22 +1379,37 @@ public static String computeMaxHostBrokerProtocol() {
         /**
          * String for broker webapps get contracts result.
          */
-        public static final String BROKER_WEBAPPS_GET_CONTRACTS_RESULT = "contracts";
+        public static final String BROKER_WEBAPPS_GET_CONTRACTS_RESULT = "web_apps_contracts";
 
         /**
-         * String for broker webapps error result.
+         * String for broker webapps request.
          */
-        public static final String BROKER_WEB_APPS_ERROR = "error";
+        public static final String BROKER_WEB_APPS_EXECUTE_REQUEST = "web_apps_execute_request";
 
         /**
-         * String for broker webapps request.
+         * String for broker webapps additional required params.
          */
-        public static final String BROKER_WEB_APPS_REQUEST = "request";
+        public static final String BROKER_WEB_APPS_ADDITIONAL_REQUIRED_PARAMS = "additional_required_params";
 
         /**
          * String for broker webapps response.
          */
-        public static final String BROKER_WEB_APPS_RESPONSE = "response";
+        public static final String BROKER_WEB_APPS_SUCCESSFUL_RESULT = "web_app_successful_result";
+
+        /**
+         * String for compressed broker webapps response.
+         */
+        public static final String BROKER_WEB_APPS_SUCCESSFUL_RESULT_COMPRESSED = "web_app_successful_result_compressed";
+
+        /**
+         * String for broker webapps interactive intent.
+         */
+        public static final String BROKER_WEB_APPS_INTERACTIVE_INTENT = "web_apps_interactive_intent";
+
+        /**
+         * String for broker webapps error result.
+         */
+        public static final String BROKER_WEB_APPS_ERROR_RESULT = "web_apps_error_result";
 
         /**
          * String for generate shr result.
@@ -2142,4 +2157,3 @@ public static final class SdkPlatformFields {
         public static final String VERSION = com.microsoft.identity.common.java.AuthenticationConstants.SdkPlatformFields.VERSION;
     }
 }
-

common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerRequest.java

@@ -84,6 +84,8 @@ private static final class SerializedNames {
         final static String SIGN_IN_WITH_GOOGLE_CREDENTIAL = "sign_in_with_google_credential";
 
         final static String TENANT_ID = "tenant_id";
+        final static String REQUEST_TYPE = "request_type";
+        final static String WEB_APPS_STATE = "web_apps_state";
     }
 
     /**
@@ -281,4 +283,15 @@ private static final class SerializedNames {
     @Nullable
     @SerializedName(SerializedNames.TENANT_ID)
     private String mTenantId;
+
+    @Nullable
+    @SerializedName(SerializedNames.REQUEST_TYPE)
+    private String mRequestType;
+
+    /**
+     * State for web apps requests. Make sure not to log this.
+     */
+    @Nullable
+    @SerializedName(SerializedNames.WEB_APPS_STATE)
+    private String mWebAppsState;
 }

common/src/main/java/com/microsoft/identity/common/internal/cache/WebAppsAccountIdRegistry.kt

@@ -50,6 +50,7 @@ class WebAppsAccountIdRegistry private constructor(
          * @param supplier The storage supplier.
          * @return A new instance of [WebAppsAccountIdRegistry].
          */
+        @JvmStatic
         fun create(supplier: IStorageSupplier): WebAppsAccountIdRegistry {
             val store = supplier.getEncryptedFileStore(WEBAPPS_ACCOUNT_ID_REGISTRY_STORAGE_KEY)
             return WebAppsAccountIdRegistry(store)

common/src/main/java/com/microsoft/identity/common/internal/controllers/BrokerMsalController.java

@@ -22,6 +22,7 @@
 //  THE SOFTWARE.
 package com.microsoft.identity.common.internal.controllers;
 
+import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_WEB_APPS_INTERACTIVE_INTENT;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.CLIENT_ADVERTISED_MAXIMUM_BP_VERSION_KEY;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.CLIENT_CONFIGURED_MINIMUM_BP_VERSION_KEY;
 import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.CLIENT_MAX_PROTOCOL_VERSION;
@@ -66,6 +67,7 @@
 import com.microsoft.identity.common.internal.broker.ipc.BrokerOperationBundle;
 import com.microsoft.identity.common.internal.broker.ipc.IIpcStrategy;
 import com.microsoft.identity.common.internal.broker.ipc.WebAppsAdditionalRequiredParameters;
+import com.microsoft.identity.common.internal.util.WebAppsUtil;
 import com.microsoft.identity.common.internal.cache.ActiveBrokerCacheUpdater;
 import com.microsoft.identity.common.internal.cache.ClientActiveBrokerCache;
 import com.microsoft.identity.common.internal.cache.HelloCache;
@@ -113,6 +115,7 @@
 import com.microsoft.identity.common.java.result.GenerateShrResult;
 import com.microsoft.identity.common.java.ui.PreferredAuthMethod;
 import com.microsoft.identity.common.java.util.BrokerProtocolVersionUtil;
+import com.microsoft.identity.common.java.util.ObjectMapper;
 import com.microsoft.identity.common.java.util.ResultFuture;
 import com.microsoft.identity.common.java.util.StringUtil;
 import com.microsoft.identity.common.java.util.ThreadUtils;
@@ -121,8 +124,6 @@
 import com.microsoft.identity.common.logging.Logger;
 import com.microsoft.identity.common.sharedwithoneauth.OneAuthSharedFunctions;
 
-import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
@@ -350,22 +351,53 @@ private String tryGetNegotiatedProtocolVersionFromHelloCache(
     @Override
     public AcquireTokenResult acquireToken(final @NonNull InteractiveTokenCommandParameters parameters)
             throws BaseException, InterruptedException, ExecutionException {
-        final String methodTag = TAG + ":acquireToken";
+        final AcquireTokenResult result;
+        try {
+            //Get the broker interactive parameters intent
+            final Intent interactiveRequestIntent = getBrokerAuthorizationIntent(parameters);
+            final Bundle resultBundle = acquireTokenInternal(parameters, interactiveRequestIntent);
+            final String negotiatedBrokerProtocolVersion = resultBundle.getString(NEGOTIATED_BP_VERSION_KEY);
+            // For MSA Accounts Broker doesn't save the accounts, instead it just passes the result along,
+            // MSAL needs to save this account locally for future token calls.
+            // parameters.getOAuth2TokenCache() will be non-null only in case of MSAL native
+            // If the request is from MSALCPP , OAuth2TokenCache will be null.
+            if (parameters.getOAuth2TokenCache() != null && !BrokerProtocolVersionUtil.canSupportMsaAccountsInBroker(negotiatedBrokerProtocolVersion)) {
+                saveMsaAccountToCache(resultBundle, (MsalOAuth2TokenCache) parameters.getOAuth2TokenCache());
+            }
+
+            verifyBrokerVersionIsSupported(resultBundle, parameters.getRequiredBrokerProtocolVersion());
+            result = mResultAdapter.getAcquireTokenResultFromResultBundle(resultBundle);
+        } catch (final BaseException | ExecutionException e) {
+            Telemetry.emit(
+                    new ApiEndEvent()
+                            .putException(e)
+                            .putApiId(TelemetryEventStrings.Api.BROKER_ACQUIRE_TOKEN_INTERACTIVE)
+            );
+            throw e;
+        }
 
+        Telemetry.emit(
+                new ApiEndEvent()
+                        .putResult(result)
+                        .putApiId(TelemetryEventStrings.Api.BROKER_ACQUIRE_TOKEN_INTERACTIVE)
+        );
+
+        return result;
+    }
+
+    @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
+    protected Bundle acquireTokenInternal(final @Nullable InteractiveTokenCommandParameters parameters, final @NonNull Intent interactiveRequestIntent) throws BaseException, InterruptedException, ExecutionException {
+        final String methodTag = TAG + ":acquireTokenInternal";
         Telemetry.emit(
                 new ApiStartEvent()
                         .putProperties(parameters)
                         .putApiId(TelemetryEventStrings.Api.BROKER_ACQUIRE_TOKEN_INTERACTIVE)
         );
-
-        //Create BrokerResultFuture to block on response from the broker... response will be return as an activity result
+        //Create BrokerResultFuture to block on response from the broker...
         //BrokerActivity will receive the result and ask the API dispatcher to complete the request
         //In completeAcquireToken below we will set the result on the future and unblock the flow.
         mBrokerResultFuture = new ResultFuture<>();
 
-        //Get the broker interactive parameters intent
-        final Intent interactiveRequestIntent = getBrokerAuthorizationIntent(parameters);
-
         Activity activity = null;
         if (parameters instanceof AndroidInteractiveTokenCommandParameters) {
             activity = ((AndroidInteractiveTokenCommandParameters) parameters).getActivity();
@@ -418,39 +450,10 @@ public void onReceive(@NonNull PropertyBag propertyBag) {
             // Start the BrokerActivity using our existing Activity
             activity.startActivity(brokerActivityIntent);
         }
-
-        final AcquireTokenResult result;
-        try {
-            //Wait to be notified of the result being returned... we could add a timeout here if we want to
-            final Bundle resultBundle = mBrokerResultFuture.get();
-
-            final String negotiatedBrokerProtocolVersion = interactiveRequestIntent.getStringExtra(NEGOTIATED_BP_VERSION_KEY);
-            // For MSA Accounts Broker doesn't save the accounts, instead it just passes the result along,
-            // MSAL needs to save this account locally for future token calls.
-            // parameters.getOAuth2TokenCache() will be non-null only in case of MSAL native
-            // If the request is from MSALCPP , OAuth2TokenCache will be null.
-            if (parameters.getOAuth2TokenCache() != null && !BrokerProtocolVersionUtil.canSupportMsaAccountsInBroker(negotiatedBrokerProtocolVersion)) {
-                saveMsaAccountToCache(resultBundle, (MsalOAuth2TokenCache) parameters.getOAuth2TokenCache());
-            }
-
-            verifyBrokerVersionIsSupported(resultBundle, parameters.getRequiredBrokerProtocolVersion());
-            result = mResultAdapter.getAcquireTokenResultFromResultBundle(resultBundle);
-        } catch (final BaseException | ExecutionException e) {
-            Telemetry.emit(
-                    new ApiEndEvent()
-                            .putException(e)
-                            .putApiId(TelemetryEventStrings.Api.BROKER_ACQUIRE_TOKEN_INTERACTIVE)
-            );
-            throw e;
-        }
-
-        Telemetry.emit(
-                new ApiEndEvent()
-                        .putResult(result)
-                        .putApiId(TelemetryEventStrings.Api.BROKER_ACQUIRE_TOKEN_INTERACTIVE)
-        );
-
-        return result;
+        //Wait to be notified of the result being returned... we could add a timeout here if we want to
+        final Bundle resultBundle = mBrokerResultFuture.get();
+        resultBundle.putString(NEGOTIATED_BP_VERSION_KEY, interactiveRequestIntent.getStringExtra(NEGOTIATED_BP_VERSION_KEY));
+        return resultBundle;
     }
 
     @Override
@@ -1425,60 +1428,85 @@ public void putValueInSuccessEvent(@NonNull final ApiEndEvent event,
     /**
      * Execute web app request in broker.
      *
-     * @param request request string
+     * @param request request string.
      * @param minBrokerProtocolVersion minimum broker protocol version the caller requires.
      * @param additionalRequiredParams additional required parameters for web app request.
      * @throws BaseException
      */
     public String executeWebAppRequest(@NonNull final String request,
                                        @NonNull final String minBrokerProtocolVersion,
                                        @NonNull final WebAppsAdditionalRequiredParameters additionalRequiredParams) throws BaseException {
-        return getBrokerOperationExecutor().execute(null,
-                new BrokerOperation<String>() {
-                    private String negotiatedBrokerProtocolVersion;
+        try {
+            return getBrokerOperationExecutor().execute(null,
+                    new BrokerOperation<String>() {
+                        private String negotiatedBrokerProtocolVersion;
 
-                    @Override
-                    public void performPrerequisites(@NonNull final IIpcStrategy strategy) throws BaseException {
-                        negotiatedBrokerProtocolVersion = hello(strategy, minBrokerProtocolVersion);
-                    }
+                        @Override
+                        public void performPrerequisites(@NonNull final IIpcStrategy strategy) throws BaseException {
+                            negotiatedBrokerProtocolVersion = hello(strategy, minBrokerProtocolVersion);
+                        }
 
-                    @NonNull
-                    @Override
-                    public BrokerOperationBundle getBundle() throws ClientException {
-                        return new BrokerOperationBundle(
-                                BrokerOperationBundle.Operation.BROKER_WEBAPPS_API_EXECUTE_WEB_APPS_REQUEST,
-                                mActiveBrokerPackageName,
-                                mRequestAdapter.getRequestBundleForExecuteWebAppRequest(request,negotiatedBrokerProtocolVersion, minBrokerProtocolVersion)
-                        );
-                    }
+                        @NonNull
+                        @Override
+                        public BrokerOperationBundle getBundle() throws ClientException {
+                            final String additionalParamsString =  ObjectMapper.serializeObjectToJsonString(additionalRequiredParams);
+                            return new BrokerOperationBundle(
+                                    BrokerOperationBundle.Operation.BROKER_WEBAPPS_API_EXECUTE_WEB_APPS_REQUEST,
+                                    mActiveBrokerPackageName,
+                                    mRequestAdapter.getRequestBundleForExecuteWebAppRequest(
+                                            request,
+                                            negotiatedBrokerProtocolVersion,
+                                            minBrokerProtocolVersion,
+                                            additionalParamsString
+                                    )
+                            );
+                        }
 
-                    @NonNull
-                    @Override
-                    public String extractResultBundle(@Nullable final Bundle resultBundle) throws BaseException {
-                        if (resultBundle == null) {
-                            throw mResultAdapter.getExceptionForEmptyResultBundle();
+                        @NonNull
+                        @Override
+                        public String extractResultBundle(@Nullable final Bundle resultBundle) throws BaseException {
+                            if (resultBundle == null) {
+                                throw mResultAdapter.getExceptionForEmptyResultBundle();
+                            }
+                            verifyBrokerVersionIsSupported(resultBundle, minBrokerProtocolVersion);
+                            if (resultBundle.containsKey(BROKER_WEB_APPS_INTERACTIVE_INTENT)) {
+                                final Intent interactiveIntent = resultBundle.getParcelable(BROKER_WEB_APPS_INTERACTIVE_INTENT);
+                                if (interactiveIntent != null) {
+                                    try {
+                                        final Bundle interactiveGetTokenBundle = acquireTokenInternal(null, interactiveIntent);
+                                        return mResultAdapter.getExecuteWebAppRequestResultFromBundle(interactiveGetTokenBundle);
+                                    } catch (final Throwable t) {
+                                        return WebAppsUtil.createErrorResponseString(t, "Error occurred during interactive request process");
+                                    }
+                                }
+                            }
+                            return mResultAdapter.getExecuteWebAppRequestResultFromBundle(resultBundle);
                         }
-                        verifyBrokerVersionIsSupported(resultBundle, minBrokerProtocolVersion);
-                        return mResultAdapter.getExecuteWebAppRequestResultFromBundle(resultBundle);
-                    }
 
-                    @NonNull
-                    @Override
-                    public String getMethodName() {
-                        return ":executeWebAppRequest";
-                    }
+                        @NonNull
+                        @Override
+                        public String getMethodName() {
+                            return ":executeWebAppRequest";
+                        }
 
-                    @Nullable
-                    @Override
-                    public String getTelemetryApiId() {
-                        return null;
-                    }
+                        @Nullable
+                        @Override
+                        public String getTelemetryApiId() {
+                            return null;
+                        }
 
-                    @Override
-                    public void putValueInSuccessEvent(@NonNull final ApiEndEvent event,
-                                                       @NonNull final String result) {
-                    }
-                });
+                        @Override
+                        public void putValueInSuccessEvent(@NonNull final ApiEndEvent event,
+                                                           @NonNull final String result) {
+                        }
+                    });
+        } catch (final UnsupportedBrokerException ex) {
+            // We want to throw this exception to keep it in line with the other APIs.
+            throw ex;
+        }
+        catch (final Exception ex) {
+            return WebAppsUtil.createErrorResponseString(ex, "Unexpected error occurred");
+        }
     }
 
     /**

common/src/main/java/com/microsoft/identity/common/internal/platform/AndroidPlatformUtil.java

@@ -50,6 +50,7 @@
 import com.microsoft.identity.common.java.commands.ICommand;
 import com.microsoft.identity.common.java.commands.InteractiveTokenCommand;
 import com.microsoft.identity.common.java.commands.parameters.InteractiveTokenCommandParameters;
+import com.microsoft.identity.common.java.exception.ArgumentException;
 import com.microsoft.identity.common.java.exception.ClientException;
 import com.microsoft.identity.common.java.exception.ErrorStrings;
 import com.microsoft.identity.common.java.flighting.CommonFlight;
@@ -161,6 +162,11 @@ public boolean isValidCallingApp(@NonNull String redirectUri, @NonNull String pa
         return isValidBrokerRedirect;
     }
 
+    @Override
+    public void isValidCallingAppForWebApps(int callingUid) throws ClientException, UnsupportedOperationException {
+        // This operation is not supported in non-broker contexts.
+        throw new UnsupportedOperationException("WebApp APIs are not functional in non-broker scenarios.");
+    }
     @Override
     @Nullable
     public String getEnrollmentId(@NonNull final String userId, @NonNull final String packageName) {
@@ -324,4 +330,8 @@ private boolean isValidHubRedirectURIForNAATests(String redirectUri) {
                 || redirectUri.equals("msauth://com.microsoft.teams/fcg80qvoM1YMKJZibjBwQcDfOno=")
                 || redirectUri.equals("https://login.microsoftonline.com/common/oauth2/nativeclient"));
     }
+
+    protected Context getContext() {
+        return mContext;
+    }
 }