Merge remote-tracking branch 'origin/dev' into melissaahn/ExtraTokenBodyParameters

dev

Author: melissaahn

.github/workflows/gradle-versions-watcher.yml

@@ -0,0 +1,32 @@
+name: Notify on versions.gradle changes
+
+on:
+  push:
+    paths:
+      - 'gradle/versions.gradle'
+    branches:
+      - dev
+      - 'release/**'
+  pull_request:
+    paths:
+      - 'gradle/versions.gradle'
+    branches:
+      - dev
+      - 'release/**'
+
+permissions:
+  pull-requests: write
+
+jobs:
+  notify:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Log changes
+        run: |
+          echo "Changes detected in the 'gradle/versions.gradle' file."
+
+      - name: Comment on PR
+        if: github.event_name == 'pull_request'
+        uses: mshick/add-pr-comment@v2
+        with:
+          message: "⚠️ **Warning:** Changes detected in the 'versions.gradle' file! ⚠️\n\nPlease refer to [this document](https://dev.azure.com/IdentityDivision/IdentityWiki/_wiki/wikis/IdentityWiki.wiki/82085/Adding-or-Updating-Gradle-Dependencies) for more details."

.github/workflows/validate-pr-ab-id.yml

@@ -33,9 +33,16 @@ jobs:
   # Extracts the AB ID from the pull_request body using regex and store the result using outputs 
       - name: Get AB ID from comment
         id: get
+        env:
+          PR_BODY: ${{ github.event.pull_request.body }}
         run: |
-          result=$(echo "${{ github.event.pull_request.body }}" | grep -oP '(?<=#)\d+')
-          echo "id=${result}" >> "$GITHUB_OUTPUT"
+          # Sanitize PR body by removing backticks to prevent command substitution
+          clean=$(printf "%s" "$PR_BODY" | tr -d '`')
+      
+          # Extract AB ID (AB#1234567) - takes first match if multiple exist
+          result=$(printf "%s" "$clean" | grep -oP '(?<=AB#)\d+' | head -n 1)
+      
+          echo "id=$result" >> "$GITHUB_OUTPUT"
 
   # Get Pull request ID
   get_pr_id:

LabApiUtilities/build.gradle

@@ -15,8 +15,8 @@ plugins {
 
 apply from: '../versioning/version_tasks.gradle'
 
-project.ext.vstsUsername = System.getenv("ENV_VSTS_MVN_ANDROIDCOMMON_USERNAME") != null ? System.getenv("ENV_VSTS_MVN_ANDROIDCOMMON_USERNAME") : project.findProperty("vstsUsername")
-project.ext.vstsPassword = System.getenv("ENV_VSTS_MVN_ANDROIDCOMMON_ACCESSTOKEN") != null ? System.getenv("ENV_VSTS_MVN_ANDROIDCOMMON_ACCESSTOKEN") : project.findProperty("vstsMavenAccessToken")
+project.ext.vstsUsername = System.getenv("ENV_VSTS_MVN_CRED_USERNAME") != null ? System.getenv("ENV_VSTS_MVN_CRED_USERNAME") : project.findProperty("vstsUsername")
+project.ext.vstsMavenAccessToken = System.getenv("ENV_VSTS_MVN_CRED_ACCESSTOKEN") != null ? System.getenv("ENV_VSTS_MVN_CRED_ACCESSTOKEN") : project.findProperty("vstsMavenAccessToken")
 
 version = getAppVersionName()
 
@@ -117,15 +117,15 @@ publishing {
             url "https://identitydivision.pkgs.visualstudio.com/_packaging/AndroidADAL/maven/v1"
             credentials {
                 username project.ext.vstsUsername
-                password project.ext.vstsPassword
+                password project.ext.vstsMavenAccessToken
             }
         }
         maven {
             name "vsts-maven-android"
             url 'https://identitydivision.pkgs.visualstudio.com/IDDP/_packaging/Android/maven/v1'
             credentials {
                 username project.vstsUsername
-                password project.vstsPassword
+                password project.vstsMavenAccessToken
             }
         }
     }

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/authentication/LabApiAuthenticationClient.java

@@ -51,7 +51,6 @@ public class LabApiAuthenticationClient implements IAccessTokenSupplier {
     private final static int ATTEMPT_RETRY_WAIT = 3;
     private final String mLabCredential;
     private final String mLabCertPassword;
-    private final String defaultScope = LabConstants.DEFAULT_LAB_SCOPE;
     private final String mClientId;
 
     public LabApiAuthenticationClient(@NonNull final String labSecret) {
@@ -124,7 +123,7 @@ private String getAccessTokenInternal(final String customScope) throws LabApiExc
         if (customScope != null) {
             authScope = customScope;
         } else {
-            authScope = defaultScope;
+            authScope = LabConstants.DEFAULT_LAB_SCOPE;
         }
 
         final IConfidentialAuthClient confidentialAuthClient = new Msal4jAuthClient();

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/ILabAccount.java

@@ -58,6 +58,13 @@ public interface ILabAccount {
      */
     String getHomeTenantId();
 
+    /**
+     * Get the object id in home tenant.
+     *
+     * @return a String representing the account's object id in home tenant
+     */
+    String getHomeObjectId();
+
     /**
      * A client id that can be used alongside this account to get a token.
      *

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/LabAccount.java

@@ -52,6 +52,9 @@ public class LabAccount implements ILabAccount {
     @NonNull
     private final String mHomeTenantId;
 
+    @NonNull
+    private final String mHomeObjectId;
+
     // nullable
     // dependency for Nullable annotation not currently added to LabApiUtilities
     private final ConfigInfo mConfigInfo;

LabApiUtilities/src/main/com/microsoft/identity/labapi/utilities/client/LabClient.java

@@ -144,6 +144,7 @@ private ILabAccount getLabAccountObject(@NonNull final ConfigInfo configInfo) th
                 .password(password)
                 .userType(UserType.fromName(configInfo.getUserInfo().getUserType()))
                 .homeTenantId(configInfo.getUserInfo().getHomeTenantID())
+                .homeObjectId(configInfo.getUserInfo().getHomeObjectId())
                 .configInfo(configInfo)
                 .build();
     }
@@ -252,6 +253,7 @@ private ILabAccount createTempAccountInternal(@NonNull final TempUserType tempUs
                 // all temp users created by Lab Api are currently cloud users
                 .userType(UserType.CLOUD)
                 .homeTenantId(tempUser.getTenantId())
+                .homeObjectId(tempUser.getObjectId())
                 .build();
     }
 

LabApiUtilities/src/test/com/microsoft/identity/labapi/utilities/client/LabClientTest.java

@@ -33,7 +33,6 @@
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
 
@@ -73,12 +72,7 @@ public void canFetchCloudAccount() {
 
         try {
             final ILabAccount labAccount = mLabClient.getLabAccount(query);
-            Assert.assertNotNull(labAccount);
-            Assert.assertNotNull(labAccount.getUsername());
-            Assert.assertNotNull(labAccount.getPassword());
-            Assert.assertNotNull(labAccount.getUserType());
-            Assert.assertTrue(labAccount.getUsername().toLowerCase().contains("msidlab4"));
-            Assert.assertEquals(UserType.CLOUD, labAccount.getUserType());
+            assertLabAccount(labAccount, UserType.CLOUD, "msidlab4");
         } catch (final LabApiException e) {
             throw new AssertionError(e);
         }
@@ -92,12 +86,7 @@ public void canFetchMSAAccount() {
 
         try {
             final ILabAccount labAccount = mLabClient.getLabAccount(query);
-            Assert.assertNotNull(labAccount);
-            Assert.assertNotNull(labAccount.getUsername());
-            Assert.assertNotNull(labAccount.getPassword());
-            Assert.assertNotNull(labAccount.getUserType());
-            Assert.assertTrue(labAccount.getUsername().toLowerCase().contains("outlook"));
-            Assert.assertEquals(UserType.MSA, labAccount.getUserType());
+            assertLabAccount(labAccount, UserType.MSA, "outlook");
         } catch (final LabApiException e) {
             throw new AssertionError(e);
         }
@@ -111,12 +100,7 @@ public void canFetchGuestAccount() {
 
         try {
             final ILabAccount labAccount = mLabClient.getLabAccount(query);
-            Assert.assertNotNull(labAccount);
-            Assert.assertNotNull(labAccount.getUsername());
-            Assert.assertNotNull(labAccount.getPassword());
-            Assert.assertNotNull(labAccount.getUserType());
-            Assert.assertTrue(labAccount.getUsername().toLowerCase().contains("msidlab4"));
-            Assert.assertEquals(UserType.GUEST, labAccount.getUserType());
+            assertLabAccount(labAccount, UserType.GUEST, "msidlab4");
         } catch (final LabApiException e) {
             throw new AssertionError(e);
         }
@@ -130,12 +114,7 @@ public void canFetchFederatedAccount() {
 
         try {
             final ILabAccount labAccount = mLabClient.getLabAccount(query);
-            Assert.assertNotNull(labAccount);
-            Assert.assertNotNull(labAccount.getUsername());
-            Assert.assertNotNull(labAccount.getPassword());
-            Assert.assertNotNull(labAccount.getUserType());
-            Assert.assertTrue(labAccount.getUsername().toLowerCase().contains("msidlab4"));
-            Assert.assertEquals(UserType.FEDERATED, labAccount.getUserType());
+            assertLabAccount(labAccount, UserType.FEDERATED, "msidlab4");
         } catch (final LabApiException e) {
             throw new AssertionError(e);
         }
@@ -145,12 +124,7 @@ public void canFetchFederatedAccount() {
     public void canCreateBasicTempUser() {
         try {
             final ILabAccount labAccount = mLabClient.createTempAccount(TempUserType.BASIC);
-            Assert.assertNotNull(labAccount);
-            Assert.assertNotNull(labAccount.getUsername());
-            Assert.assertNotNull(labAccount.getPassword());
-            Assert.assertNotNull(labAccount.getUserType());
-            Assert.assertTrue(labAccount.getUsername().toLowerCase().contains("msidlab4"));
-            Assert.assertEquals(UserType.CLOUD, labAccount.getUserType());
+            assertLabAccount(labAccount, UserType.CLOUD, "msidlab4");
         } catch (final LabApiException e) {
             throw new AssertionError(e);
         }
@@ -160,11 +134,7 @@ public void canCreateBasicTempUser() {
     public void canCreateMAMCATempUser() {
         try {
             final ILabAccount labAccount = mLabClient.createTempAccount(TempUserType.MAM_CA);
-            Assert.assertNotNull(labAccount);
-            Assert.assertNotNull(labAccount.getUsername());
-            Assert.assertNotNull(labAccount.getPassword());
-            Assert.assertNotNull(labAccount.getUserType());
-            Assert.assertTrue(labAccount.getUsername().toLowerCase().contains("msidlab4"));
+            assertLabAccount(labAccount, UserType.CLOUD, "msidlab4");
         } catch (final LabApiException e) {
             throw new AssertionError(e);
         }
@@ -203,4 +173,22 @@ public void canDisablePolicy() {
         }
     }
 
+
+    // Helper to assert common properties of a lab account
+    private void assertLabAccount(final ILabAccount labAccount,
+                                  final UserType expectedUserType,
+                                  final String expectedUsernameContains) {
+        Assert.assertNotNull(labAccount);
+        Assert.assertNotNull(labAccount.getUsername());
+        Assert.assertNotNull(labAccount.getPassword());
+        Assert.assertNotNull(labAccount.getUserType());
+        if (expectedUsernameContains != null) {
+            Assert.assertTrue(labAccount.getUsername().toLowerCase().contains(expectedUsernameContains));
+        }
+        if (expectedUserType != null) {
+            Assert.assertEquals(expectedUserType, labAccount.getUserType());
+        }
+        Assert.assertNotNull(labAccount.getHomeObjectId());
+        Assert.assertNotNull(labAccount.getHomeTenantId());
+    }
 }

azure-pipelines/continuous-delivery/common-cd.yml

@@ -1,6 +1,5 @@
 # File: azure-pipelines/continuous-delivery/common-cd.yml
 # Description: Assemble & publish latest keyvault, labapi, labapiutilities, testutil release to internal vsts feed
-# Variable: 'ENV_VSTS_MVN_ANDROIDCOMMON_USERNAME' was defined in the Variables tab
 # Variable: 'customVersion' overrides the version number of the published libraries
 
 name: 0.0.$(Date:yyyyMMdd)$(Rev:.r) # $(Build.BuildNumber) = name

azure-pipelines/pull-request-validation/build-consumers.yml

@@ -1,6 +1,5 @@
 # File: azure-pipelines\pull-request-validation\build-consumers.yml
 # Description: Test new common in ADAL / MSAL / Broker (assembleLocal and testLocalDebugUnitTest)
-# Variable: 'ENV_VSTS_MVN_ANDROIDADACCOUNTS_USERNAME' was defined in the Variables tab
 # https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate
 # Variable: 'commonBranchName' common branch to be used when running the pipeline manually
 # Variable: 'skipConsumerValidationLabel' PR label used to skip the checks in this pipeline
@@ -36,11 +35,6 @@ resources:
     name: AzureAD/ad-accounts-for-android
     ref: dev
     endpoint: ANDROID_GITHUB
-  - repository: adal
-    type: github
-    name: AzureAD/azure-activedirectory-library-for-android
-    ref: dev
-    endpoint: ANDROID_GITHUB
 
 stages:
 - stage: getLabel
@@ -121,6 +115,10 @@ stages:
           git status
           git rev-parse HEAD
         workingDirectory: $(Agent.BuildDirectory)/s/common
+    - bash: |
+        echo "##vso[task.setvariable variable=ENV_VSTS_MVN_CRED_USERNAME]VSTS"
+        echo "##vso[task.setvariable variable=ENV_VSTS_MVN_CRED_ACCESSTOKEN]$(System.AccessToken)"
+      displayName: 'Set VSTS Fields in Environment'
     - task: Gradle@3
       displayName: Assemble msal
       inputs:
@@ -154,6 +152,10 @@ stages:
       clean: true
       submodules: recursive
       persistCredentials: True
+    - bash: |
+        echo "##vso[task.setvariable variable=ENV_VSTS_MVN_CRED_USERNAME]VSTS"
+        echo "##vso[task.setvariable variable=ENV_VSTS_MVN_CRED_ACCESSTOKEN]$(System.AccessToken)"
+      displayName: 'Set VSTS Fields in Environment'
     - template: ../templates/steps/automation-cert.yml
     - task: CmdLine@2
       displayName: Checkout common submodule $(commonBranch)
@@ -195,6 +197,10 @@ stages:
         clean: true
         submodules: recursive
         persistCredentials: True
+      - bash: |
+          echo "##vso[task.setvariable variable=ENV_VSTS_MVN_CRED_USERNAME]VSTS"
+          echo "##vso[task.setvariable variable=ENV_VSTS_MVN_CRED_ACCESSTOKEN]$(System.AccessToken)"
+        displayName: 'Set VSTS Fields in Environment'
       - task: AzureKeyVault@2
         displayName: 'Get Key vault LabAuth'
         inputs:
@@ -208,11 +214,6 @@ stages:
         inputs:
           targetType: inline
           script: java -version
-      - task: CmdLine@1
-        displayName: Set MVN Access Token in Environment
-        inputs:
-          filename: echo
-          arguments: '##vso[task.setvariable variable=ENV_VSTS_MVN_ANDROIDADACCOUNTS_ACCESSTOKEN]$(System.AccessToken)'
       - task: CmdLine@1
         displayName: Set Office MVN Access Token in Environment
         inputs:
@@ -257,40 +258,3 @@ stages:
           testResultsFormat: 'JUnit'
           testResultsFiles: '**/TEST-*.xml'
           searchFolder: 'LinuxBroker'
-  # adal
-  - job: adalValidation
-    displayName: ADAL
-    dependsOn:
-      - setupBranch
-    variables:
-      commonBranch: $[ dependencies.setupBranch.outputs['setvarStep.commonBranch'] ]  # map in the variable
-    condition: and( succeeded(), not(contains(variables['prLabels'], variables['skipConsumerValidationLabel'])) )
-    steps:
-    - checkout: adal
-      displayName: Checkout adal repository
-      clean: true
-      submodules: recursive
-      persistCredentials: True
-    - task: CmdLine@2
-      displayName: Checkout common submodule $(commonBranch)
-      inputs:
-        script: |
-          git fetch
-          git checkout $(commonBranch)
-          git pull
-          git status
-          git rev-parse HEAD
-        workingDirectory: $(Agent.BuildDirectory)/s/common
-    - template: ../templates/steps/automation-cert.yml
-    - task: Gradle@3
-      displayName: Assemble adal
-      inputs:
-        tasks: clean adal:assembleLocal
-        jdkArchitecture: x64
-        jdkVersionOption: "1.17"
-    - task: Gradle@3
-      displayName: Run adal Unit tests
-      inputs:
-        tasks: adal:testLocalDebugUnitTest -Plabtest -ProbolectricSdkVersion=${{variables.robolectricSdkVersion}} -PlabSecret=$(LabVaultAppCert)
-        jdkArchitecture: x64
-        jdkVersionOption: "1.17"