Merge pull request #1580 from AzureAD/josephpab/tenantFlighting

josephpab · web-flow · commit 0362b64d8532 · 2025-09-26T11:59:54.000-07:00
Added filter based flighting and lock some DUNA flags by tenant id
diff --git a/IdentityCore/IdentityCore.xcodeproj/project.pbxproj b/IdentityCore/IdentityCore.xcodeproj/project.pbxproj
@@ -560,6 +560,12 @@
 		2A59B4452D7A0CB500304FB1 /* MSIDXpcInteractiveTokenRequestController.m in Sources */ = {isa = PBXBuildFile; fileRef = 2A59B4422D7A0CB500304FB1 /* MSIDXpcInteractiveTokenRequestController.m */; };
 		2AADDAC72DADB84D00CB7740 /* MSIDSSOXpcSilentTokenRequest.m in Sources */ = {isa = PBXBuildFile; fileRef = 2AADDAC62DADB84D00CB7740 /* MSIDSSOXpcSilentTokenRequest.m */; };
 		2AADDAC82DADB84D00CB7740 /* MSIDSSOXpcSilentTokenRequest.h in Headers */ = {isa = PBXBuildFile; fileRef = 2AADDAC52DADB84D00CB7740 /* MSIDSSOXpcSilentTokenRequest.h */; };
+		4B6D22262E831B0B00546EC8 /* MSIDFlightManagerQueryKeyDelegate.h in Headers */ = {isa = PBXBuildFile; fileRef = 4B6D22252E831AEA00546EC8 /* MSIDFlightManagerQueryKeyDelegate.h */; };
+		4B6D222C2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.h in Headers */ = {isa = PBXBuildFile; fileRef = 4B6D222A2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.h */; };
+		4B6D222D2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.m in Sources */ = {isa = PBXBuildFile; fileRef = 4B6D222B2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.m */; };
+		4B6D222E2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.m in Sources */ = {isa = PBXBuildFile; fileRef = 4B6D222B2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.m */; };
+		4BADFA5E2E85D7FC00E8C26F /* MSIDFlightManagerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4BADFA5D2E85D7EC00E8C26F /* MSIDFlightManagerTests.swift */; };
+		4BADFA5F2E85D7FC00E8C26F /* MSIDFlightManagerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 4BADFA5D2E85D7EC00E8C26F /* MSIDFlightManagerTests.swift */; };
 		580E25402719FD10003D1795 /* MSIDPrtHeader.h in Headers */ = {isa = PBXBuildFile; fileRef = 580E253E2719FD10003D1795 /* MSIDPrtHeader.h */; };
 		580E25412719FD10003D1795 /* MSIDPrtHeader.m in Sources */ = {isa = PBXBuildFile; fileRef = 580E253F2719FD10003D1795 /* MSIDPrtHeader.m */; };
 		580E25422719FD10003D1795 /* MSIDPrtHeader.m in Sources */ = {isa = PBXBuildFile; fileRef = 580E253F2719FD10003D1795 /* MSIDPrtHeader.m */; };
@@ -2500,6 +2506,10 @@
 		2A59B4422D7A0CB500304FB1 /* MSIDXpcInteractiveTokenRequestController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDXpcInteractiveTokenRequestController.m; sourceTree = "<group>"; };
 		2AADDAC52DADB84D00CB7740 /* MSIDSSOXpcSilentTokenRequest.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDSSOXpcSilentTokenRequest.h; sourceTree = "<group>"; };
 		2AADDAC62DADB84D00CB7740 /* MSIDSSOXpcSilentTokenRequest.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDSSOXpcSilentTokenRequest.m; sourceTree = "<group>"; };
+		4B6D22252E831AEA00546EC8 /* MSIDFlightManagerQueryKeyDelegate.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDFlightManagerQueryKeyDelegate.h; sourceTree = "<group>"; };
+		4B6D222A2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDFlightManagerQueryKeyType.h; sourceTree = "<group>"; };
+		4B6D222B2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDFlightManagerQueryKeyType.m; sourceTree = "<group>"; };
+		4BADFA5D2E85D7EC00E8C26F /* MSIDFlightManagerTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MSIDFlightManagerTests.swift; sourceTree = "<group>"; };
 		51E364572863C0F300A97F82 /* MSIDTelemetryConditionalCompile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MSIDTelemetryConditionalCompile.h; sourceTree = "<group>"; };
 		580E253E2719FD10003D1795 /* MSIDPrtHeader.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDPrtHeader.h; sourceTree = "<group>"; };
 		580E253F2719FD10003D1795 /* MSIDPrtHeader.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDPrtHeader.m; sourceTree = "<group>"; };
@@ -5735,6 +5745,9 @@
 				728209CB26FE951900B5F018 /* MSIDJwtAlgorithm.h */,
 				237F8F2C2D5166FE0095F164 /* MSIDFlightManager.h */,
 				237F8F2D2D5166FE0095F164 /* MSIDFlightManager.m */,
+				4B6D222A2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.h */,
+				4B6D222B2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.m */,
+				4B6D22252E831AEA00546EC8 /* MSIDFlightManagerQueryKeyDelegate.h */,
 				B48FC02E2D726A48007B80DB /* MSIDBrokerFlightProvider.h */,
 				B48FC0302D726A64007B80DB /* MSIDBrokerFlightProvider.m */,
 			);
@@ -5744,6 +5757,7 @@
 		D6DA89731FBA6A4E004C56C7 /* tests */ = {
 			isa = PBXGroup;
 			children = (
+				4BADFA5D2E85D7EC00E8C26F /* MSIDFlightManagerTests.swift */,
 				2318D7882E12B8E800A5A46E /* MSIDBrokerOperationBrowserNativeMessageMATSReportTests.m */,
 				72C764F82E09CFA400043AB1 /* MSIDBoundRefreshTokenTests.m */,
 				720B5B572DD58A6A00318FE5 /* MSIDJWECryptoTests.m */,
@@ -6328,6 +6342,7 @@
 				B2E2A923239221A000BA2EA3 /* MSIDBrokerOperationSignoutFromDeviceRequest.h in Headers */,
 				B2C708B3219A620B00D917B8 /* MSIDBrokerKeyProvider.h in Headers */,
 				23B39ABC209BD47D000AA905 /* MSIDB2CAuthorityResolver.h in Headers */,
+				4B6D22262E831B0B00546EC8 /* MSIDFlightManagerQueryKeyDelegate.h in Headers */,
 				B443EFF62AD62BB900782168 /* MSIDPasskeyCredential.h in Headers */,
 				B286B99D2389DCA6007833AD /* MSIDSSOExtensionTokenRequestDelegate.h in Headers */,
 				B210F4551FDDFA7B005A8F76 /* MSIDBrokerResponse.h in Headers */,
@@ -6390,6 +6405,7 @@
 				74F04D4D246CB5B100094017 /* MSIDCurrentRequestTelemetrySerializedItem+Internal.h in Headers */,
 				238E19DD2086FE28004DF483 /* MSIDAADAuthorizationCodeRequest.h in Headers */,
 				B227037622A4C29800030ADC /* MSIDExtendedTokenCacheDataSource.h in Headers */,
+				4B6D222C2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.h in Headers */,
 				B251CC49204105A7005E0179 /* MSIDIdToken.h in Headers */,
 				B2F671EC2467AB4500649855 /* MSIDInteractiveRequestControlling.h in Headers */,
 				B443F0002AD6327700782168 /* MSIDBrokerOperationPasskeyCredentialRequest.h in Headers */,
@@ -7228,6 +7244,7 @@
 				B281B338226BBB1C009619AB /* MSIDOAuthRequestConfiguratorTests.m in Sources */,
 				A08D0A4824A8841400C9193D /* MSIDAuthenticationSchemeTest.m in Sources */,
 				B2808001204CB29900944D89 /* MSIDAADTokenResponseTests.m in Sources */,
+				4BADFA5F2E85D7FC00E8C26F /* MSIDFlightManagerTests.swift in Sources */,
 				60BE05F5239E580300CDA662 /* MSIDAccountMetadataCacheItemTests.m in Sources */,
 				B28BBD3F221267B200F51723 /* MSIDLegacyTokenResponseValidatorTests.m in Sources */,
 				E75DD02525D5E474007664A6 /* MSIDThrottlingServiceIntegrationTests.m in Sources */,
@@ -7630,6 +7647,7 @@
 				2318D7872E11763C00A5A46E /* MSIDBrokerOperationBrowserNativeMessageMATSReport.m in Sources */,
 				2A59B42E2D776F3400304FB1 /* MSIDXpcConfiguration.m in Sources */,
 				6057EE9120B5FDF8007976EB /* MSIDAADOAuthEmbeddedWebviewController.m in Sources */,
+				4B6D222D2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.m in Sources */,
 				238E19DF2086FE28004DF483 /* MSIDTokenRequest.m in Sources */,
 				B2CDB5741FE2F4DF003A4B5C /* NSOrderedSet+MSIDExtensions.m in Sources */,
 				1E74094A24197E9200133EF7 /* NSDictionary+MSIDLogging.m in Sources */,
@@ -7845,6 +7863,7 @@
 				B2DD5BB2204789FB0084313F /* MSIDIdTokenTests.m in Sources */,
 				232C657721376755002A41FE /* MSIDDRSDiscoveryResponseSerializerTests.m in Sources */,
 				239FE69A236A594500D846AC /* MSIDJsonSerializableFactoryTests.m in Sources */,
+				4BADFA5E2E85D7FC00E8C26F /* MSIDFlightManagerTests.swift in Sources */,
 				580E254F271A1815003D1795 /* MSIDBrokerOperationGetSsoCookiesResponseTests.m in Sources */,
 				B279835B20D33A0A0051167F /* MSIDIdTokenClaimsTests.m in Sources */,
 				B86FA7D72383757E00E5195A /* MSIDMacLegacyCachePersistenceHandlerTests.m in Sources */,
@@ -8083,6 +8102,7 @@
 				8878C62E29DCA0E2002F5F4B /* MSIDCIAMTokenResponse.m in Sources */,
 				1E00D282248F27ED006E4BAE /* MSIDAuthScheme.m in Sources */,
 				600D19AE20964CC00004CD43 /* MSIDRegistrationInformation.m in Sources */,
+				4B6D222E2E8342C200546EC8 /* MSIDFlightManagerQueryKeyType.m in Sources */,
 				B2C07482246B70F70008D701 /* MSIDAssymetricKeyPair.m in Sources */,
 				B227035F22A367A000030ADC /* MSIDMaskedHashableLogParameter.m in Sources */,
 				B2C7B3B4213C681F009FFCC1 /* MSIDErrorConverter.m in Sources */,
diff --git a/IdentityCore/src/MSIDFlightManager.h b/IdentityCore/src/MSIDFlightManager.h
@@ -24,6 +24,7 @@
 
 
 #import <Foundation/Foundation.h>
+#import "MSIDFlightManagerQueryKeyDelegate.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -38,8 +39,11 @@ NS_ASSUME_NONNULL_BEGIN
 @interface MSIDFlightManager : NSObject <MSIDFlightManagerInterface>
 
 @property (nonatomic, nullable) id<MSIDFlightManagerInterface> flightProvider;
+@property (nonatomic, nullable) id<MSIDFlightManagerQueryKeyDelegate> queryKeyFlightProvider;
 
 + (instancetype)sharedInstance;
++ (instancetype)sharedInstanceByQueryKey:(NSString *)queryKey
+                                 keyType:(MSIDFlightManagerQueryKeyType)keyType;
 
 @end
 
diff --git a/IdentityCore/src/MSIDFlightManager.m b/IdentityCore/src/MSIDFlightManager.m
@@ -45,6 +45,56 @@ + (instancetype)sharedInstance
     return sharedInstance;
 }
 
++ (instancetype)sharedInstanceByQueryKey:(NSString *)queryKey
+                                 keyType:(MSIDFlightManagerQueryKeyType)keyType
+{
+    if ([NSString msidIsStringNilOrBlank:queryKey])
+    {
+        // Use shared flight manager if queryKey is nil or empty
+        return [MSIDFlightManager sharedInstance];
+    }
+    
+    static NSMutableDictionary<NSString *, MSIDFlightManager *> *instancesByQueryKey = nil;
+    static dispatch_once_t onceToken;
+    static dispatch_queue_t synchronizationQueue;
+    
+    dispatch_once(&onceToken, ^{
+        instancesByQueryKey = [NSMutableDictionary new];
+        synchronizationQueue = dispatch_queue_create("com.microsoft.msidflightmanager.querykey", DISPATCH_QUEUE_CONCURRENT);
+    });
+    
+    __block MSIDFlightManager *instance = nil;
+    
+    // First, try to read the instance concurrently
+    dispatch_sync(synchronizationQueue, ^{
+        instance = instancesByQueryKey[queryKey];
+    });
+    
+    if (!instance)
+    {
+        // If not found, create and insert with a barrier write
+        dispatch_barrier_sync(synchronizationQueue, ^{
+            instance = instancesByQueryKey[queryKey];
+            if (!instance)
+            {
+                instance = [[self.class alloc] initInternal];
+                
+                id<MSIDFlightManagerInterface> flightProvider = [[MSIDFlightManager sharedInstance].queryKeyFlightProvider
+                                                                 flightProviderForQueryKey:queryKey
+                                                                 keyType:keyType];
+                if (flightProvider)
+                {
+                    instance.flightProvider = flightProvider;
+                }
+                
+                instancesByQueryKey[queryKey] = instance;
+            }
+        });
+    }
+    
+    return instance;
+}
+
 - (instancetype)initInternal
 {
     self = [super init];
diff --git a/IdentityCore/src/MSIDFlightManagerQueryKeyDelegate.h b/IdentityCore/src/MSIDFlightManagerQueryKeyDelegate.h
@@ -0,0 +1,35 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#import <Foundation/Foundation.h>
+#import "MSIDFlightManagerQueryKeyType.h"
+
+@protocol MSIDFlightManagerInterface;
+
+@protocol MSIDFlightManagerQueryKeyDelegate <NSObject>
+
+- (nullable id<MSIDFlightManagerInterface>)flightProviderForQueryKey:(nonnull NSString *)queryKey
+                                                             keyType:(nonnull MSIDFlightManagerQueryKeyType)keyType;
+
+@end
diff --git a/IdentityCore/src/MSIDFlightManagerQueryKeyType.h b/IdentityCore/src/MSIDFlightManagerQueryKeyType.h
@@ -0,0 +1,38 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#import <Foundation/Foundation.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+typedef NSString * MSIDFlightManagerQueryKeyType NS_STRING_ENUM;
+
+extern MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeTenantId;
+extern MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeAppBundleId;
+extern MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeEcsRegion;
+extern MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeUpn;
+extern MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeUserId;
+extern MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeVersionNumber;
+
+NS_ASSUME_NONNULL_END
diff --git a/IdentityCore/src/MSIDFlightManagerQueryKeyType.m b/IdentityCore/src/MSIDFlightManagerQueryKeyType.m
@@ -0,0 +1,32 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+#import "MSIDFlightManagerQueryKeyType.h"
+
+MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeTenantId = @"tenantId";
+MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeAppBundleId = @"appBundleId";
+MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeEcsRegion = @"ecsRegion";
+MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeUpn = @"upn";
+MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeUserId = @"userId";
+MSIDFlightManagerQueryKeyType const MSIDFlightManagerQueryKeyTypeVersionNumber = @"version_number";
diff --git a/IdentityCore/src/oauth2/aad_base/MSIDAADWebviewFactory.m b/IdentityCore/src/oauth2/aad_base/MSIDAADWebviewFactory.m
@@ -41,13 +41,42 @@
 #import "MSIDSwitchBrowserResponse.h"
 #import "MSIDSwitchBrowserResumeResponse.h"
 #import "MSIDFlightManager.h"
+#import "MSIDAccountIdentifier.h"
 
 #if !EXCLUDE_FROM_MSALCPP
 #import "MSIDJITTroubleshootingResponse.h"
 #endif
 
 @implementation MSIDAADWebviewFactory
 
+#pragma mark - Private Methods
+
+- (BOOL)isDUNASupportedForTenantId:(NSString *)tenantId
+{
+    BOOL allowDUNAGlobal = [[MSIDFlightManager sharedInstance] boolForKey:MSID_FLIGHT_SUPPORT_DUNA_CBA];
+    
+    if (allowDUNAGlobal)
+    {
+        return YES;
+    }
+    
+    BOOL allowDUNAByTenant = NO;
+    MSIDFlightManager *flightManager;
+    
+    if (![NSString msidIsStringNilOrBlank:tenantId])
+    {
+        flightManager = [MSIDFlightManager sharedInstanceByQueryKey:tenantId keyType:MSIDFlightManagerQueryKeyTypeTenantId];
+    }
+    if (flightManager)
+    {
+        allowDUNAByTenant = [flightManager boolForKey:MSID_FLIGHT_SUPPORT_DUNA_CBA];
+    }
+    
+    return allowDUNAByTenant;
+}
+
+#pragma mark - Public Methods
+
 - (NSMutableDictionary<NSString *, NSString *> *)authorizationParametersFromRequestParameters:(MSIDInteractiveTokenRequestParameters *)parameters
                                                                                          pkce:(MSIDPkce *)pkce
                                                                                  requestState:(NSString *)state
@@ -83,9 +112,10 @@ @implementation MSIDAADWebviewFactory
     
     result[@"haschrome"] = @"1";
     [result addEntriesFromDictionary:MSIDDeviceId.deviceId];
-    
+        
 #if TARGET_OS_IPHONE
-    if ([MSIDFlightManager.sharedInstance boolForKey:MSID_FLIGHT_SUPPORT_DUNA_CBA])
+    NSString *tenantId = parameters.accountIdentifier.utid;
+    if ([self isDUNASupportedForTenantId:tenantId])
     {
         // Let server know that we support new cba flow
         result[MSID_BROWSER_RESPONSE_SWITCH_BROWSER] = @"1";
@@ -202,7 +232,9 @@ - (MSIDWebviewResponse *)oAuthResponseWithURL:(NSURL *)url
                                                                                             error:nil];
     if (browserResponse) return browserResponse;
     
-    if ([MSIDFlightManager.sharedInstance boolForKey:MSID_FLIGHT_SUPPORT_DUNA_CBA])
+    NSString *tenantId = wpjResponse.clientInfo.utid;
+    
+    if ([self isDUNASupportedForTenantId:tenantId])
     {
         MSIDSwitchBrowserResponse *switchBrowserResponse = [[MSIDSwitchBrowserResponse alloc] initWithURL:url
                                                                                               redirectUri:endRedirectUri
diff --git a/IdentityCore/tests/MSIDFlightManagerTests.swift b/IdentityCore/tests/MSIDFlightManagerTests.swift
