Merge pull request #1473 from AzureAD/sedemche/duna_cba

Support DUNA protocol for CBA flow

Author: antrix1989

IdentityCore/IdentityCore.xcodeproj/project.pbxproj

@@ -171,4 +171,10 @@ typedef NS_ENUM(NSInteger, MSIDPlatformSequenceIndex)
     MSIDPlatformSequenceIndexLast = MSIDPlatformSequenceIndexBrowserCore,
 };
 
+extern NSString * _Nonnull const MSID_BROWSER_RESPONSE_SWITCH_BROWSER;
+extern NSString * _Nonnull const MSID_BROWSER_RESPONSE_SWITCH_BROWSER_RESUME;
+
+extern NSString * _Nonnull const MSID_FLIGHT_USE_V2_WEB_RESPONSE_FACTORY;
+extern NSString * _Nonnull const MSID_FLIGHT_SUPPORT_DUNA_CBA;
+
 #define METHODANDLINE   [NSString stringWithFormat:@"%s [Line %d]", __PRETTY_FUNCTION__, __LINE__]

IdentityCore/src/MSIDConstants.h

@@ -73,4 +73,11 @@
 
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_ACCOUNT_ID_KEY = @"accountId";
 
+NSString *const MSID_BROWSER_RESPONSE_SWITCH_BROWSER = @"switch_browser";
+NSString *const MSID_BROWSER_RESPONSE_SWITCH_BROWSER_RESUME = @"switch_browser_resume";
+
+NSString *const MSID_FLIGHT_USE_V2_WEB_RESPONSE_FACTORY = @"use_v2_web_response_factory";
+NSString *const MSID_FLIGHT_SUPPORT_DUNA_CBA = @"support_duna_cba";
+
+
 #define METHODANDLINE   [NSString stringWithFormat:@"%s [Line %d]", __PRETTY_FUNCTION__, __LINE__]

IdentityCore/src/MSIDConstants.m

@@ -1,3 +1,4 @@
+//
 // Copyright (c) Microsoft Corporation.
 // All rights reserved.
 //
@@ -19,29 +20,25 @@
 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
+// THE SOFTWARE.  
+
 
-#ifndef MSIDCertAuthHandler_iOS_h
-#define MSIDCertAuthHandler_iOS_h
+#import <Foundation/Foundation.h>
 
-#import "MSIDCertAuthHandler.h"
+NS_ASSUME_NONNULL_BEGIN
 
-@interface MSIDCertAuthHandler (iOS)
+@protocol MSIDFlightManagerInterface <NSObject>
 
-#if TARGET_OS_IPHONE && !MSID_EXCLUDE_SYSTEMWV
+- (BOOL)boolForKey:(NSString *)flightKey;
 
-+ (void)setRedirectUriPrefix:(NSString *)prefix
-                   forScheme:(NSString *)scheme;
+@end
 
-+ (void)setUseAuthSession:(BOOL)useAuthSession;
-+ (void)setUseLastRequestURL:(BOOL)useLastRequestURL;
+@interface MSIDFlightManager : NSObject <MSIDFlightManagerInterface>
 
-// These are for cert auth challenge for iOS
-+ (void)setCustomActivities:(NSArray<UIActivity *> *)activities;
-+ (BOOL)completeCertAuthChallenge:(NSURL *)endUrl;
-+ (BOOL)isCertAuthInProgress;
+@property (nonatomic) id<MSIDFlightManagerInterface> flightProvider;
 
-#endif
++ (instancetype)sharedInstance;
 
 @end
-#endif /* MSIDCertAuthHandler_mac_h */
+
+NS_ASSUME_NONNULL_END

…geHandlers/ios/MSIDCertAuthHandler+iOS.h IdentityCore/src/MSIDFlightManager.hIdentityCore/src/webview/embeddedWebview/challangeHandlers/ios/MSIDCertAuthHandler+iOS.h renamed to IdentityCore/src/MSIDFlightManager.h IdentityCore/src/webview/embeddedWebview/challangeHandlers/ios/MSIDCertAuthHandler+iOS.h renamed to IdentityCore/src/MSIDFlightManager.h

@@ -0,0 +1,50 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+
+#import "MSIDFlightManager.h"
+
+@implementation MSIDFlightManager
+
++ (instancetype)sharedInstance
+{
+    static MSIDFlightManager *sharedInstance = nil;
+    static dispatch_once_t onceToken;
+    dispatch_once(&onceToken, ^{
+        sharedInstance = [[self.class alloc] init];
+    });
+    
+    return sharedInstance;
+}
+
+#pragma mark - MSIDFlightManagerInterface
+
+- (BOOL)boolForKey:(nonnull NSString *)flightKey 
+{
+    if (self.flightProvider) { return [self.flightProvider boolForKey:flightKey]; }
+    
+    return NO;
+}
+
+@end

IdentityCore/src/MSIDFlightManager.m

@@ -58,10 +58,11 @@ - (MSIDWebviewResponse *)responseWithResultURL:(NSURL *)url
                                          error:(NSError *__autoreleasing*)error
 {
     return [factory oAuthResponseWithURL:url
-                       requestState:self.state
-                 ignoreInvalidState:self.ignoreInvalidState
-                            context:context
-                              error:error];
+                            requestState:self.state
+                      ignoreInvalidState:self.ignoreInvalidState
+                          endRedirectUri:self.endRedirectUrl
+                                 context:context
+                                   error:error];
 }
 
 @end

IdentityCore/src/configuration/webview/MSIDAuthorizeWebRequestConfiguration.m

@@ -74,6 +74,7 @@
 - (MSIDWebviewResponse *)oAuthResponseWithURL:(NSURL *)url
                                  requestState:(NSString *)requestState
                            ignoreInvalidState:(BOOL)ignoreInvalidState
+                               endRedirectUri:(NSString *)endRedirectUri
                                       context:(id<MSIDRequestContext>)context
                                         error:(NSError *__autoreleasing*)error;
 

IdentityCore/src/oauth2/MSIDWebviewFactory.h

@@ -242,6 +242,7 @@ @implementation MSIDWebviewFactory
 - (MSIDWebviewResponse *)oAuthResponseWithURL:(NSURL *)url
                             requestState:(NSString *)requestState
                       ignoreInvalidState:(BOOL)ignoreInvalidState
+                               endRedirectUri:(NSString *)endRedirectUri
                                  context:(id<MSIDRequestContext>)context
                                    error:(NSError *__autoreleasing*)error
 {

IdentityCore/src/oauth2/MSIDWebviewFactory.m

@@ -38,6 +38,9 @@
 #import "MSIDSignoutWebRequestConfiguration.h"
 #import "NSURL+MSIDAADUtils.h"
 #import "MSIDInteractiveTokenRequestParameters.h"
+#import "MSIDSwitchBrowserResponse.h"
+#import "MSIDSwitchBrowserResumeResponse.h"
+#import "MSIDFlightManager.h"
 
 #if !EXCLUDE_FROM_MSALCPP
 #import "MSIDJITTroubleshootingResponse.h"
@@ -73,14 +76,22 @@ @implementation MSIDAADWebviewFactory
     {
         [result addEntriesFromDictionary:
          @{
-           MSID_OAUTH2_CORRELATION_ID_REQUEST : @"true",
-           MSID_OAUTH2_CORRELATION_ID_REQUEST_VALUE : [parameters.correlationId UUIDString]
-           }];
+            MSID_OAUTH2_CORRELATION_ID_REQUEST : @"true",
+            MSID_OAUTH2_CORRELATION_ID_REQUEST_VALUE : [parameters.correlationId UUIDString]
+        }];
     }
 
     result[@"haschrome"] = @"1";
     [result addEntriesFromDictionary:MSIDDeviceId.deviceId];
 
+#if TARGET_OS_IPHONE
+    if ([MSIDFlightManager.sharedInstance boolForKey:MSID_FLIGHT_SUPPORT_DUNA_CBA])
+    {
+        // Let server know that we support new cba flow
+        result[MSID_BROWSER_RESPONSE_SWITCH_BROWSER] = @"1";
+    }
+#endif
+    
     return result;
 }
 
@@ -139,6 +150,7 @@ @implementation MSIDAADWebviewFactory
 - (MSIDWebviewResponse *)oAuthResponseWithURL:(NSURL *)url
                                  requestState:(NSString *)requestState
                            ignoreInvalidState:(BOOL)ignoreInvalidState
+                               endRedirectUri:(NSString *)endRedirectUri
                                       context:(id<MSIDRequestContext>)context
                                         error:(NSError *__autoreleasing*)error
 {
@@ -190,7 +202,22 @@ - (MSIDWebviewResponse *)oAuthResponseWithURL:(NSURL *)url
                                                                                             error:nil];
     if (browserResponse) return browserResponse;
 
-    // Try to create AAD Auth response
+    if ([MSIDFlightManager.sharedInstance boolForKey:MSID_FLIGHT_SUPPORT_DUNA_CBA])
+    {
+        MSIDSwitchBrowserResponse *switchBrowserResponse = [[MSIDSwitchBrowserResponse alloc] initWithURL:url
+                                                                                              redirectUri:endRedirectUri
+                                                                                                  context:context
+                                                                                                    error:nil];
+        if (switchBrowserResponse) return switchBrowserResponse;
+        
+        MSIDSwitchBrowserResumeResponse *switchBrowserResumeResponse = [[MSIDSwitchBrowserResumeResponse alloc] initWithURL:url
+                                                                                                                redirectUri:endRedirectUri
+                                                                                                                    context:context
+                                                                                                                      error:nil];
+        if (switchBrowserResumeResponse) return switchBrowserResumeResponse;
+    }
+    
+    // Try to create AAD Auth response or Error response (all other reponses don't handle errors).
     MSIDWebAADAuthCodeResponse *response = [[MSIDWebAADAuthCodeResponse alloc] initWithURL:url
                                                                               requestState:requestState
                                                                         ignoreInvalidState:ignoreInvalidState