[minor][Feature]: Introduce UFIC into API contract (#1670)

## PR Title Format

**Required Format:** `[Keyword1] [Keyword2]: Description`

- **Keyword1:** `major`, `minor`, or `patch` (case-insensitive)
- **Keyword2:** `feature`, `bugfix`, `engg`, or `tests`
(case-insensitive)

**Examples:**
- `[MAJOR] [Feature]: new API`
- `[minor] [bugfix]: fix crash`
- `[PATCH][tests]:add coverage`

## Proposed changes

Describe what this PR is trying to do.

## Type of change

- [X] Feature work
- [ ] Bug fix
- [ ] Documentation
- [ ] Engineering change
- [ ] Test
- [ ] Logging/Telemetry

## Risk

- [ ] High – Errors could cause MAJOR regression of many scenarios.
(Example: new large features or high level infrastructure changes)
- [ ] Medium – Errors could cause regression of 1 or more scenarios.
(Example: somewhat complex bug fixes, small new features)
- [X] Small – No issues are expected. (Example: Very small bug fixes,
string changes, or configuration settings changes)

## Additional information

---------

Co-authored-by: Maximus Agubuzo <maximusagubuzo@MacBook-Air-6.local>

Author: agubuzomaximus

IdentityCore/src/MSIDConstants.h

@@ -133,6 +133,7 @@ extern NSString * _Nonnull const MSID_APP_VER_KEY;
 extern NSString * _Nonnull const MSID_CCS_HINT_KEY;
 extern NSString * _Nonnull const MSID_WEBAUTH_IGNORE_SSO_KEY;
 extern NSString * _Nonnull const MSID_WEBAUTH_REFRESH_TOKEN_KEY;
+extern NSString * _Nonnull const MSID_USER_FEDERATED_IDENTITY_CREDENTIAL_KEY;
 
 extern NSString * _Nonnull const MSID_DEFAULT_FAMILY_ID;
 extern NSString * _Nonnull const MSID_ADAL_SDK_NAME;

IdentityCore/src/MSIDConstants.m

@@ -35,6 +35,7 @@
 NSString *const MSID_CCS_HINT_KEY                  = @"X-AnchorMailbox";
 NSString *const MSID_WEBAUTH_IGNORE_SSO_KEY        = @"x-ms-sso-Ignore-SSO";
 NSString *const MSID_WEBAUTH_REFRESH_TOKEN_KEY     = @"x-ms-sso-RefreshToken";
+NSString *const MSID_USER_FEDERATED_IDENTITY_CREDENTIAL_KEY     = @"x-ms-UserFederatedIdentityCredential";
 
 NSString *const MSID_DEFAULT_FAMILY_ID             = @"1";
 NSString *const MSID_ADAL_SDK_NAME                 = @"adal-objc";

IdentityCore/src/broker_operation/request/interactive_token_request/MSIDBrokerOperationInteractiveTokenRequest.m

@@ -55,6 +55,7 @@ + (instancetype)tokenRequestWithParameters:(MSIDInteractiveTokenRequestParameter
     request.promptType = parameters.promptType;
     request.extraQueryParameters = [parameters allAuthorizeRequestExtraParametersWithMetadata:NO];
     request.extraScopesToConsent = parameters.extraScopesToConsent;
+    request.userFederatedIdentityToken = parameters.userFederatedIdentityToken;
 
     return request;
 }
@@ -97,6 +98,11 @@ - (NSDictionary *)jsonDictionary
     json[MSID_BROKER_PROMPT_KEY] = promptString;
     json[MSID_BROKER_EXTRA_CONSENT_SCOPES_KEY] = self.extraScopesToConsent;
 
+    if (self.userFederatedIdentityToken)
+    {
+        json[MSID_USER_FEDERATED_IDENTITY_CREDENTIAL_KEY] = self.userFederatedIdentityToken;
+    }
+    
     return json;
 }
 

IdentityCore/src/broker_operation/request/token_request/MSIDBrokerOperationTokenRequest.h

@@ -47,6 +47,7 @@ NS_ASSUME_NONNULL_BEGIN
 @property (nonatomic) NSString *webPageUri;
 @property (nonatomic, nullable) NSString *accountHomeTenantId;
 @property (nonatomic, nullable) NSString *clientSku;
+@property (nonatomic, nullable) NSString *userFederatedIdentityToken;
 @property (nonatomic) BOOL skipValidateResultAccount;
 @property (nonatomic) BOOL forceRefresh;
 @property (nonatomic) BOOL ignoreScopeValidation;

IdentityCore/src/broker_operation/request/token_request/MSIDBrokerOperationTokenRequest.m

@@ -96,6 +96,8 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)json error:(NSError *__au
 
         _instanceAware = [json msidBoolObjectForKey:MSID_BROKER_INSTANCE_AWARE_KEY];
 
+        _userFederatedIdentityToken = [json msidStringObjectForKey:MSID_USER_FEDERATED_IDENTITY_CREDENTIAL_KEY];
+        
         NSString *enrollmentIdsStr = [json msidStringObjectForKey:MSID_BROKER_INTUNE_ENROLLMENT_IDS_KEY];
         if (enrollmentIdsStr)
         {
@@ -146,6 +148,7 @@ - (NSDictionary *)jsonDictionary
     json[@"web_page_uri"] = self.webPageUri;
     json[MSID_PROVIDER_TYPE_JSON_KEY] = MSIDProviderTypeToString(self.providerType);
     json[MSID_BROKER_EXTRA_OIDC_SCOPES_KEY] = self.oidcScope;
+    json[MSID_USER_FEDERATED_IDENTITY_CREDENTIAL_KEY] = self.userFederatedIdentityToken;
     json[MSID_BROKER_EXTRA_QUERY_PARAM_KEY] = [self.extraQueryParameters msidWWWFormURLEncode];
     json[MSID_BROKER_INSTANCE_AWARE_KEY] = [@(self.instanceAware) stringValue];
     json[MSID_BROKER_INTUNE_ENROLLMENT_IDS_KEY] = [self.enrollmentIds msidJSONSerializeWithContext:nil];

IdentityCore/src/controllers/broker/MSIDSSOExtensionInteractiveTokenRequestController.m

@@ -77,7 +77,6 @@ - (void)acquireToken:(MSIDRequestCompletionBlock)completionBlock
 
         completionBlock(result, error);
     };
-    
 
     [self acquireTokenWithRequest:request completionBlock:completionBlockWrapper];
 }

IdentityCore/src/oauth2/MSIDWebviewFactory.m

@@ -299,7 +299,7 @@ - (MSIDAuthorizeWebRequestConfiguration *)authorizeWebRequestConfigurationWithRe
 #if MSAL_JS_AUTOMATION
     configuration.clientAutomationScript = [[parameters allAuthorizeRequestExtraParametersWithMetadata:YES] objectForKey:@"script"];
 #endif
-
+    
     configuration.customHeaders = parameters.customWebviewHeaders;
     configuration.parentController = parameters.parentViewController;
     configuration.prefersEphemeralWebBrowserSession = parameters.prefersEphemeralWebBrowserSession;
@@ -308,6 +308,15 @@ - (MSIDAuthorizeWebRequestConfiguration *)authorizeWebRequestConfigurationWithRe
 #if TARGET_OS_IPHONE
     configuration.presentationType = parameters.presentationType;
 #endif
+    
+    if (!configuration.customHeaders[MSID_USER_FEDERATED_IDENTITY_CREDENTIAL_KEY])
+    {
+        NSMutableDictionary *mutableHeaders = configuration.customHeaders ? [configuration.customHeaders mutableCopy] : [NSMutableDictionary dictionary];
+        
+        mutableHeaders[MSID_USER_FEDERATED_IDENTITY_CREDENTIAL_KEY] = parameters.userFederatedIdentityToken;
+        
+        configuration.customHeaders = mutableHeaders;
+    }
 
     return configuration;
 }

IdentityCore/src/parameters/MSIDInteractiveTokenRequestParameters.h

@@ -37,6 +37,9 @@ NS_ASSUME_NONNULL_BEGIN
 @property (nonatomic) NSDictionary *extraAuthorizeURLQueryParameters;
 @property (nonatomic) BOOL enablePkce;
 @property (nonatomic) MSIDBrokerInvocationOptions *brokerInvocationOptions;
+@property (nullable, nonatomic) id<MSIDCustomHeaderProviding> crossDomainHeaderProvider;
+// Additional request parameter that will be utilized by OneAuth during internal automation testing. When available will be passed to web view to be consumed by ESTS as a form of MFA.
+@property (nonatomic, nullable) NSString *userFederatedIdentityToken;
 @property (nullable, nonatomic) id<MSIDCustomHeaderProviding> prtHeaderProvider;
 
 - (NSOrderedSet *)allAuthorizeRequestScopes;

IdentityCore/src/requests/MSIDInteractiveAuthorizationCodeRequest.m

@@ -216,6 +216,13 @@ - (void)handleWebReponseV2:(MSIDWebviewResponse *)response error:(NSError *)erro
         returnErrorBlock(localError);
         return;
     }
+    
+    if (self.requestParameters.userFederatedIdentityToken)
+    {
+        NSMutableDictionary *customHeaders = [_webViewConfiguration.customHeaders mutableCopy] ?: [NSMutableDictionary new];
+        customHeaders[@"x-ms-UserFederatedIdentityCredential"] = self.requestParameters.userFederatedIdentityToken;
+        self.webViewConfiguration.customHeaders = customHeaders;
+    }
 
     __typeof__(self) __weak weakSelf = self;
     [operation invokeWithRequestParameters:self.requestParameters