Skip to content

Commit 75f2237

Browse files
authored
Merge pull request #206 from AzureAD/jak/webview-fixes
PKeyAuth handling and scopes handling fix
2 parents b991a98 + 6a098db commit 75f2237

File tree

5 files changed

+67
-17
lines changed

5 files changed

+67
-17
lines changed

IdentityCore/src/oauth2/aad_base/MSIDAADWebviewFactory.m

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -38,16 +38,6 @@ @implementation MSIDAADWebviewFactory
3838
NSMutableDictionary<NSString *, NSString *> *parameters = [super authorizationParametersFromConfiguration:configuration
3939
requestState:state];
4040

41-
NSMutableOrderedSet<NSString *> *allScopes = parameters[MSID_OAUTH2_SCOPE].scopeSet.mutableCopy;
42-
43-
if (!allScopes)
44-
{
45-
allScopes = [NSMutableOrderedSet new];
46-
}
47-
48-
[allScopes addObject:MSID_OAUTH2_SCOPE_OPENID_VALUE];
49-
50-
parameters[MSID_OAUTH2_SCOPE] = allScopes.msidToString;
5141
parameters[MSID_OAUTH2_PROMPT] = configuration.promptBehavior;
5242

5343
if (configuration.correlationId)

IdentityCore/src/oauth2/aad_v2/MSIDAADV2WebviewFactory.m

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,12 @@ @implementation MSIDAADV2WebviewFactory
3535
requestState:state];
3636

3737
NSMutableOrderedSet<NSString *> *allScopes = parameters[MSID_OAUTH2_SCOPE].scopeSet.mutableCopy;
38+
if (!allScopes)
39+
{
40+
allScopes = [NSMutableOrderedSet new];
41+
}
42+
43+
[allScopes addObject:MSID_OAUTH2_SCOPE_OPENID_VALUE];
3844
[allScopes addObject:MSID_OAUTH2_SCOPE_OFFLINE_ACCESS_VALUE];
3945
[allScopes addObject:MSID_OAUTH2_SCOPE_PROFILE_VALUE];
4046

IdentityCore/src/webview/embeddedWebview/challangeHandlers/MSIDPKeyAuthHandler.m

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@
2929
#import "MSIDError.h"
3030
#import "MSIDDeviceId.h"
3131
#import "MSIDConstants.h"
32+
#import "NSDictionary+MSIDExtensions.h"
3233

3334
@implementation MSIDPKeyAuthHandler
3435

@@ -68,11 +69,16 @@ + (BOOL)handleChallenge:(NSString *)challengeUrl
6869

6970
// Attach client version to response url
7071
NSURLComponents *responseUrlComp = [[NSURLComponents alloc] initWithURL:[NSURL URLWithString:submitUrl] resolvingAgainstBaseURL:NO];
71-
NSMutableArray *queryItems = responseUrlComp.queryItems ? [responseUrlComp.queryItems mutableCopy] : [NSMutableArray new];
72-
[queryItems addObject:[[NSURLQueryItem alloc] initWithName:MSID_VERSION_KEY value:MSIDDeviceId.deviceId[MSID_VERSION_KEY]]];
73-
responseUrlComp.queryItems = queryItems;
72+
NSMutableDictionary *queryDict = [NSMutableDictionary new];
7473

75-
NSMutableURLRequest *responseReq = [[NSMutableURLRequest alloc]initWithURL:responseUrlComp.URL];
74+
for (NSURLQueryItem *item in responseUrlComp.queryItems)
75+
{
76+
[queryDict setValue:item.value forKey:item.name];
77+
}
78+
[queryDict setValue:MSIDDeviceId.deviceId[MSID_VERSION_KEY] forKey:MSID_VERSION_KEY];
79+
responseUrlComp.percentEncodedQuery = [queryDict msidURLFormEncode];
80+
81+
NSMutableURLRequest *responseReq = [[NSMutableURLRequest alloc] initWithURL:responseUrlComp.URL];
7682
[responseReq setValue:kMSIDPKeyAuthHeaderVersion forHTTPHeaderField:kMSIDPKeyAuthHeader];
7783
[responseReq setValue:authHeader forHTTPHeaderField:MSID_OAUTH2_AUTHORIZATION];
7884
completionHandler(responseReq, nil);

IdentityCore/tests/MSIDAADV1WebviewFactoryTests.m

Lines changed: 48 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,6 @@ - (void)testAuthorizationParametersFromConfiguration_withValidParams_shouldConta
8787
@"client-request-id" : correlationId.UUIDString,
8888
@"login_hint" : @"fakeuser@contoso.com",
8989
@"state" : requestState.msidBase64UrlEncode,
90-
@"scope" : @"openid",
9190
@"prompt" : @"login",
9291
@"haschrome" : @"1"
9392
}];
@@ -98,5 +97,53 @@ - (void)testAuthorizationParametersFromConfiguration_withValidParams_shouldConta
9897
XCTAssertTrue([expectedQPs compareAndPrintDiff:params]);
9998
}
10099

100+
- (void)testAuthorizationParametersFromConfiguration_withValidParamsWithScopes_shouldContainAADV1ConfigurationWithScopes
101+
{
102+
__block NSUUID *correlationId = [NSUUID new];
103+
104+
MSIDWebviewConfiguration *config = [[MSIDWebviewConfiguration alloc] initWithAuthorizationEndpoint:[NSURL URLWithString:DEFAULT_TEST_AUTHORIZATION_ENDPOINT]
105+
redirectUri:DEFAULT_TEST_REDIRECT_URI
106+
clientId:DEFAULT_TEST_CLIENT_ID
107+
resource:DEFAULT_TEST_RESOURCE
108+
scopes:[NSOrderedSet orderedSetWithObjects:@"scope1", nil]
109+
correlationId:correlationId
110+
enablePkce:NO];
111+
112+
config.extraQueryParameters = @{ @"eqp1" : @"val1", @"eqp2" : @"val2" };
113+
config.promptBehavior = @"login";
114+
config.claims = @"claims";
115+
config.sliceParameters = DEFAULT_TEST_SLICE_PARAMS_DICT;
116+
config.loginHint = @"fakeuser@contoso.com";
117+
118+
NSString *requestState = @"state";
119+
120+
MSIDAADV1WebviewFactory *factory = [MSIDAADV1WebviewFactory new];
121+
122+
NSDictionary *params = [factory authorizationParametersFromConfiguration:config requestState:requestState];
123+
124+
NSMutableDictionary *expectedQPs = [NSMutableDictionary dictionaryWithDictionary:
125+
@{
126+
@"client_id" : DEFAULT_TEST_CLIENT_ID,
127+
@"redirect_uri" : DEFAULT_TEST_REDIRECT_URI,
128+
@"resource" : DEFAULT_TEST_RESOURCE,
129+
@"response_type" : @"code",
130+
@"eqp1" : @"val1",
131+
@"eqp2" : @"val2",
132+
@"claims" : @"claims",
133+
@"return-client-request-id" : @"true",
134+
@"client-request-id" : correlationId.UUIDString,
135+
@"login_hint" : @"fakeuser@contoso.com",
136+
@"state" : requestState.msidBase64UrlEncode,
137+
@"prompt" : @"login",
138+
@"haschrome" : @"1",
139+
@"scope" : @"scope1"
140+
}];
141+
142+
[expectedQPs addEntriesFromDictionary:[MSIDDeviceId deviceId]];
143+
[expectedQPs addEntriesFromDictionary:DEFAULT_TEST_SLICE_PARAMS_DICT];
144+
145+
XCTAssertTrue([expectedQPs compareAndPrintDiff:params]);
146+
}
147+
101148

102149
@end

IdentityCore/tests/MSIDAADWebviewFactoryTests.m

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,10 +81,11 @@ - (void)testAuthorizationParametersFromConfiguration_withValidParams_shouldConta
8181
@"client-request-id" : correlationId.UUIDString,
8282
@"login_hint" : @"fakeuser@contoso.com",
8383
@"state" : requestState.msidBase64UrlEncode,
84-
@"scope" : @"scope1 openid",
8584
@"prompt" : @"login",
8685
@"slice": @"myslice",
87-
@"haschrome" : @"1"
86+
@"haschrome" : @"1",
87+
@"scope" : @"scope1"
88+
8889
}];
8990
[expectedQPs addEntriesFromDictionary:[MSIDDeviceId deviceId]];
9091
[expectedQPs addEntriesFromDictionary:DEFAULT_TEST_SLICE_PARAMS_DICT];

0 commit comments

Comments
 (0)