used defined browsers for duna flow

Author: p3dr0rv

common/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java

@@ -534,7 +534,7 @@ public static final class AAD {
     }
 
     /**
-     * Represents the constants value for the DUNA flow.
+     * Represents the constants value for the SwitchBrowser protocol.
      */
     @NoArgsConstructor(access = AccessLevel.PRIVATE)
     public static final class SWITCH_BROWSER {

common/src/main/java/com/microsoft/identity/common/components/AndroidPlatformComponentsFactory.java

@@ -35,6 +35,7 @@
 import com.microsoft.identity.common.internal.platform.AndroidPlatformUtil;
 import com.microsoft.identity.common.internal.providers.oauth2.AndroidTaskStateGenerator;
 import com.microsoft.identity.common.internal.ui.AndroidAuthorizationStrategyFactory;
+import com.microsoft.identity.common.internal.ui.browser.BrowserSelector;
 import com.microsoft.identity.common.java.WarningType;
 import com.microsoft.identity.common.java.interfaces.IPlatformComponents;
 import com.microsoft.identity.common.java.interfaces.PlatformComponents;
@@ -127,7 +128,8 @@ public static void fillBuilderWithBasicImplementations(
                 .storageSupplier(new AndroidStorageSupplier(context,
                         new AndroidAuthSdkStorageEncryptionManager(context)))
                 .platformUtil(new AndroidPlatformUtil(context, activity))
-                .httpClientWrapper(new DefaultHttpClientWrapper());
+                .httpClientWrapper(new DefaultHttpClientWrapper())
+                .browserSelector(new BrowserSelector(context));
 
         if (activity != null){
             builder.authorizationStrategyFactory(

common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerRequest.java

@@ -34,7 +34,6 @@
 import com.microsoft.identity.common.java.ui.PreferredAuthMethod;
 
 import java.io.Serializable;
-import java.util.List;
 
 import lombok.Builder;
 import lombok.Getter;
@@ -80,7 +79,6 @@ private static final class SerializedNames {
         final static String PREFERRED_AUTH_METHOD = "preferred_auth_method";
         final static String ACCOUNT_TRANSFER_TOKEN = "account_transfer_token";
         final static String SUPPRESS_ACCOUNT_PICKER = "suppress_account_picker";
-        final static String BROWSER_SAFE_LIST = "browser_safe_list";
     }
 
     /**
@@ -187,6 +185,7 @@ private static final class SerializedNames {
     /**
      * Boolean if set, will try to refresh the token instead of using it from cache.
      */
+    @Nullable
     @SerializedName(SerializedNames.FORCE_REFRESH)
     private boolean mForceRefresh;
 
@@ -228,6 +227,7 @@ private static final class SerializedNames {
     /**
      * Boolean indicated whether app supports multiple clouds.
      */
+    @NonNull
     @SerializedName(SerializedNames.MULTIPLE_CLOUDS_SUPPORTED)
     private boolean mMultipleCloudsSupported;
 
@@ -239,6 +239,7 @@ private static final class SerializedNames {
     @SerializedName(SerializedNames.AUTHENTICATION_SCHEME)
     private AbstractAuthenticationScheme mAuthenticationScheme;
 
+    @Nullable
     @SerializedName(SerializedNames.POWER_OPT_CHECK_ENABLED)
     private boolean mPowerOptCheckEnabled;
 
@@ -265,10 +266,4 @@ private static final class SerializedNames {
      */
     @SerializedName(SerializedNames.SUPPRESS_ACCOUNT_PICKER)
     private boolean mSuppressAccountPicker;
-
-    /**
-     * List of browsers that are safe to use for the request.
-     */
-    @SerializedName(SerializedNames.BROWSER_SAFE_LIST)
-    private List<BrowserDescriptor> mBrowserSafeList;
 }

common/src/main/java/com/microsoft/identity/common/internal/controllers/LocalMSALController.java

@@ -22,6 +22,7 @@
 //  THE SOFTWARE.
 package com.microsoft.identity.common.internal.controllers;
 
+import android.content.pm.PackageManager;
 import android.text.TextUtils;
 
 import androidx.annotation.NonNull;
@@ -31,10 +32,12 @@
 import com.microsoft.identity.common.internal.telemetry.Telemetry;
 import com.microsoft.identity.common.internal.telemetry.events.ApiEndEvent;
 import com.microsoft.identity.common.internal.telemetry.events.ApiStartEvent;
+import com.microsoft.identity.common.internal.ui.browser.BrowserSelector;
 import com.microsoft.identity.common.java.WarningType;
 import com.microsoft.identity.common.java.authorities.Authority;
 import com.microsoft.identity.common.java.authscheme.AbstractAuthenticationScheme;
 import com.microsoft.identity.common.java.authscheme.IPoPAuthenticationSchemeParams;
+import com.microsoft.identity.common.java.browser.Browser;
 import com.microsoft.identity.common.java.cache.ICacheRecord;
 import com.microsoft.identity.common.java.commands.parameters.CommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.DeviceCodeFlowCommandParameters;
@@ -226,7 +229,13 @@ private AuthorizationResult performAuthorizationRequest(@NonNull final OAuth2Str
                 .getPlatformUtil()
                 .throwIfNetworkNotAvailable(parameters.isPowerOptCheckEnabled());
 
-        mAuthorizationStrategy = parameters.getPlatformComponents().getAuthorizationStrategyFactory().getAuthorizationStrategy(parameters);
+        final Browser browser = parameters.getPlatformComponents().getBrowserSelector().select(
+                parameters.getBrowserSafeList(),
+                parameters.getPreferredBrowser()
+        );
+        mAuthorizationStrategy = parameters.getPlatformComponents()
+                .getAuthorizationStrategyFactory()
+                .getAuthorizationStrategy(parameters.getAuthorizationAgent(),browser, false);
         mAuthorizationRequest = getAuthorizationRequest(strategy, parameters);
 
         // Suppressing unchecked warnings due to casting of AuthorizationRequest to GenericAuthorizationRequest and AuthorizationStrategy to GenericAuthorizationStrategy in the arguments of call to requestAuthorization method

common/src/main/java/com/microsoft/identity/common/internal/platform/AndroidPlatformUtil.java

@@ -60,6 +60,7 @@
 import java.security.NoSuchAlgorithmException;
 import java.util.AbstractMap;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -102,6 +103,36 @@ public List<BrowserDescriptor> getBrowserSafeListForBroker() {
         return browserDescriptors;
     }
 
+    /**
+     * Return a list of BrowserDescriptors that are considered safe for the Switch to browser flow.
+     */
+    @Override
+    public List<BrowserDescriptor> getBrowserSafeListForSwitchBrowser() {
+        List<BrowserDescriptor> browserDescriptors = new ArrayList<>();
+        // Chrome
+        final HashSet<String> chromeSignatureHashes = new HashSet<>();
+        chromeSignatureHashes.add("7fmduHKTdHHrlMvldlEqAIlSfii1tl35bxj1OXN5Ve8c4lU6URVu4xtSHc3BVZxS6WWJnxMDhIfQN0N0K2NDJg==");
+        final BrowserDescriptor chrome = new BrowserDescriptor(
+                "com.android.chrome",
+                chromeSignatureHashes,
+                null,
+                null
+        );
+        // Edge
+        final HashSet<String> edgeSignatureHashes = new HashSet<>();
+        chromeSignatureHashes.add("Ivy-Rk6ztai_IudfbyUrSHugzRqAtHWslFvHT0PTvLMsEKLUIgv7ZZbVxygWy_M5mOPpfjZrd3vOx3t-cA6fVQ==");
+        final BrowserDescriptor edge = new BrowserDescriptor(
+                "com.microsoft.emmx",
+                chromeSignatureHashes,
+                null,
+                null
+        );
+        // Add browsers
+        browserDescriptors.add(chrome);
+        browserDescriptors.add(edge);
+        return browserDescriptors;
+    }
+
     @Nullable
     @Override
     public String getInstalledCompanyPortalVersion() {

common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/AuthorizationActivityFactory.java

@@ -112,7 +112,7 @@ public static Intent getAuthorizationActivityIntent(final Context context,
         if (ProcessUtil.isBrokerProcess(context)) {
             intent = new Intent(context, BrokerAuthorizationActivity.class);
             intent.setFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK | Intent.FLAG_ACTIVITY_NEW_TASK);
-            // In the case of a DUNA flow, we need to transition from the browser to the WebView.
+            // In the case of a SwitchBrowser protocol, we need to transition from the browser to the WebView.
             // These flags ensure that we have a new task stack that allows for this transition.
         } else if (libraryConfig.isAuthorizationInCurrentTask() && !authorizationAgent.equals(AuthorizationAgent.WEBVIEW)) {
         // We exclude the case when the authorization agent is already selected as WEBVIEW because of confusion

common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/WebViewAuthorizationFragment.java

@@ -468,7 +468,7 @@ public ActivityResultLauncher<LegacyFido2ApiObject> getFidoLauncher() {
     public boolean launchWebBrowserIntent(@NonNull final Uri uri) {
         final String methodTag = TAG + ":launchWebBrowserIntent";
         if (mAuthIntent != null) {
-            Logger.info(methodTag, "Launching web browser intent for DUNA flow.");
+            Logger.info(methodTag, "Launching web browser intent for SwitchBrowserProtocol.");
             mAuthIntent.setData(uri);
             startActivity(mAuthIntent);
             return true;

common/src/main/java/com/microsoft/identity/common/internal/request/MsalBrokerRequestAdapter.java

@@ -132,7 +132,6 @@ public BrokerRequest brokerRequestFromAcquireTokenParameters(@NonNull final Inte
                 .preferredAuthMethod(parameters.getPreferredAuthMethod())
                 .accountTransferToken(parameters.getAccountTransferToken())
                 .suppressAccountPicker(parameters.isSuppressBrokerAccountPicker())
-                .browserSafeList(parameters.getBrowserSafeList())
                 .build();
 
         return brokerRequest;

common/src/main/java/com/microsoft/identity/common/internal/ui/AndroidAuthorizationStrategyFactory.java

@@ -29,15 +29,11 @@
 import androidx.annotation.Nullable;
 import androidx.fragment.app.Fragment;
 
-import com.microsoft.identity.common.internal.ui.browser.Browser;
+import com.microsoft.identity.common.java.browser.Browser;
 import com.microsoft.identity.common.internal.ui.browser.DefaultBrowserAuthorizationStrategy;
 import com.microsoft.identity.common.java.WarningType;
-import com.microsoft.identity.common.java.exception.ErrorStrings;
-import com.microsoft.identity.common.java.commands.parameters.BrokerInteractiveTokenCommandParameters;
-import com.microsoft.identity.common.java.commands.parameters.InteractiveTokenCommandParameters;
 import com.microsoft.identity.common.java.configuration.LibraryConfiguration;
 import com.microsoft.identity.common.java.providers.oauth2.IAuthorizationStrategy;
-import com.microsoft.identity.common.internal.ui.browser.BrowserSelector;
 import com.microsoft.identity.common.internal.ui.webview.EmbeddedWebViewAuthorizationStrategy;
 import com.microsoft.identity.common.java.ui.AuthorizationAgent;
 import com.microsoft.identity.common.logging.Logger;
@@ -51,7 +47,7 @@
 @SuppressWarnings(WarningType.rawtype_warning)
 @Builder
 @Accessors(prefix = "m")
-public class AndroidAuthorizationStrategyFactory implements IAuthorizationStrategyFactory{
+public class AndroidAuthorizationStrategyFactory implements IAuthorizationStrategyFactory<IAuthorizationStrategy>{
     private static final String TAG = AndroidAuthorizationStrategyFactory.class.getSimpleName();
 
     private final Context mContext;
@@ -61,36 +57,28 @@ public class AndroidAuthorizationStrategyFactory implements IAuthorizationStrate
     /**
      * Get the authorization strategy.
      *
-     * @param parameters The parameters for the command.
+     * @param authorizationAgent The authorization agent provided by the caller.
+     * @param browser The browser to use for authorization.
+     * @param isBrowserRequest True if the request is from browser.
+     *
      * @return The authorization strategy.
      */
     @Override
+    @NonNull
     public IAuthorizationStrategy getAuthorizationStrategy(
-            @NonNull final InteractiveTokenCommandParameters parameters) {
+            @NonNull final AuthorizationAgent authorizationAgent,
+            @Nullable final Browser browser,
+            final boolean isBrowserRequest) {
         final String methodTag = TAG + ":getAuthorizationStrategy";
 
-        Browser browser;
-        try {
-             browser = BrowserSelector.select(
-                    mContext,
-                    parameters.getBrowserSafeList(),
-                    parameters.getPreferredBrowser());
-        } catch (final Throwable throwable) {
-            Logger.warn(methodTag, ErrorStrings.NO_AVAILABLE_BROWSER_FOUND);
-            browser = null;
-        }
-
         // Use embedded webView if no browser available or authorization agent is webView
-        if (parameters.getAuthorizationAgent() == AuthorizationAgent.WEBVIEW || browser == null) {
+        if (authorizationAgent== AuthorizationAgent.WEBVIEW || browser == null) {
             Logger.info(methodTag, "Use webView for authorization.");
             return getGenericAuthorizationStrategy(browser);
         }
 
         Logger.info(methodTag, "Use browser for authorization.");
-        return getBrowserAuthorizationStrategy(
-                browser,
-                (parameters instanceof BrokerInteractiveTokenCommandParameters));
-
+        return getBrowserAuthorizationStrategy(browser, isBrowserRequest);
     }
 
     /**

common/src/main/java/com/microsoft/identity/common/internal/ui/CurrentTaskBrowserAuthorizationStrategy.java

@@ -30,7 +30,7 @@
 import androidx.annotation.Nullable;
 import androidx.fragment.app.Fragment;
 
-import com.microsoft.identity.common.internal.ui.browser.Browser;
+import com.microsoft.identity.common.java.browser.Browser;
 import com.microsoft.identity.common.internal.ui.browser.BrowserAuthorizationStrategy;
 import com.microsoft.identity.common.java.WarningType;
 import com.microsoft.identity.common.java.providers.oauth2.AuthorizationRequest;