Change default behavior to false

ameyapat · ameyapat · commit 23bada3664e7 · 2025-10-06T09:45:19.000-07:00
diff --git a/IdentityCore/src/MSIDConstants.h b/IdentityCore/src/MSIDConstants.h
@@ -230,6 +230,6 @@ extern NSString * _Nonnull const MSID_FLIGHT_IGNORE_COOKIES_IN_DUNA_RESUME;
  */
 extern NSString * _Nonnull const MSID_FLIGHT_DISABLE_REMOVE_ACCOUNT_ARTIFACTS;
 
-extern NSString * _Nonnull const MSID_FLIGHT_DISABLE_QUERYING_STK;
+extern NSString * _Nonnull const MSID_FLIGHT_ENABLE_QUERYING_STK;
 
 #define METHODANDLINE   [NSString stringWithFormat:@"%s [Line %d]", __PRETTY_FUNCTION__, __LINE__]
diff --git a/IdentityCore/src/MSIDConstants.m b/IdentityCore/src/MSIDConstants.m
@@ -94,7 +94,7 @@
 // Making the flight string short to avoid legacy broker url size limit
 NSString *const MSID_FLIGHT_DISABLE_REMOVE_ACCOUNT_ARTIFACTS = @"disable_rm_metadata";
 
-NSString *const MSID_FLIGHT_DISABLE_QUERYING_STK = @"disable_querying_stk";
+NSString *const MSID_FLIGHT_ENABLE_QUERYING_STK = @"enable_querying_stk";
 
 
 #define METHODANDLINE   [NSString stringWithFormat:@"%s [Line %d]", __PRETTY_FUNCTION__, __LINE__]
diff --git a/IdentityCore/src/workplacejoin/MSIDWorkPlaceJoinUtilBase.m b/IdentityCore/src/workplacejoin/MSIDWorkPlaceJoinUtilBase.m
@@ -383,13 +383,16 @@ + (MSIDWPJKeyPairWithCert *)getWPJKeysWithTenantId:(__unused NSString *)tenantId
         defaultKeys.keyChainVersion = MSIDWPJKeychainAccessGroupV2;
         MSID_LOG_WITH_CTX(MSIDLogLevelInfo, context, @"Returning EC private device key from default registration.");
 #if TARGET_OS_IPHONE
-        bool isQueryingDisabledViaFlight = [MSIDFlightManager.sharedInstance boolForKey:MSID_FLIGHT_DISABLE_QUERYING_STK];
-        // Query the session transport key only for iOS.
-        // 1P apps use transport key to decrypt ECDH JWE responses when redeeming bound regular refresh tokens
-        id keyType = privateKeyAttributes[(__bridge id)kSecAttrKeyType];
-        if (!isQueryingDisabledViaFlight && keyType && [keyType isEqual: (__bridge id)kSecAttrKeyTypeECSECPrimeRandom])
+        bool isQueryingEnabledViaFlight = [MSIDFlightManager.sharedInstance boolForKey:MSID_FLIGHT_ENABLE_QUERYING_STK];
+        if (isQueryingEnabledViaFlight)
         {
-            [defaultKeys initializePrivateTransportKeyRef:[self getSessionTransportKeyRefFromSecureEnclaveForTenantId:tenantId context:context]];
+            // Query the session transport key only for iOS.
+            // 1P apps use transport key to decrypt ECDH JWE responses when redeeming bound regular refresh tokens
+            id keyType = privateKeyAttributes[(__bridge id)kSecAttrKeyType];
+            if (keyType && [keyType isEqual: (__bridge id)kSecAttrKeyTypeECSECPrimeRandom])
+            {
+                [defaultKeys initializePrivateTransportKeyRef:[self getSessionTransportKeyRefFromSecureEnclaveForTenantId:tenantId context:context]];
+            }
         }
 #endif
         return defaultKeys;
