AzureAD
diff --git a/‎IdentityCore/IdentityCore.xcodeproj/project.pbxproj‎
Lines changed: 34 additions & 8 deletions b/‎IdentityCore/IdentityCore.xcodeproj/project.pbxproj‎
Lines changed: 34 additions & 8 deletions
diff --git a/‎IdentityCore/src/MSIDError.h‎
Lines changed: 3 additions & 0 deletions b/‎IdentityCore/src/MSIDError.h‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎IdentityCore/src/MSIDError.m‎
Lines changed: 3 additions & 0 deletions b/‎IdentityCore/src/MSIDError.m‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎IdentityCore/src/controllers/MSIDRequestControllerFactory.m‎
Lines changed: 54 additions & 4 deletions b/‎IdentityCore/src/controllers/MSIDRequestControllerFactory.m‎
Lines changed: 54 additions & 4 deletions
diff --git a/‎IdentityCore/src/controllers/MSIDSilentController.m‎
Lines changed: 2 additions & 2 deletions b/‎IdentityCore/src/controllers/MSIDSilentController.m‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎IdentityCore/src/controllers/broker/mac/MSIDXpcInteractiveTokenRequestController.h‎
Lines changed: 41 additions & 0 deletions b/‎IdentityCore/src/controllers/broker/mac/MSIDXpcInteractiveTokenRequestController.h‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎IdentityCore/src/controllers/broker/mac/MSIDXpcInteractiveTokenRequestController.m‎
Lines changed: 125 additions & 0 deletions b/‎IdentityCore/src/controllers/broker/mac/MSIDXpcInteractiveTokenRequestController.m‎
Lines changed: 125 additions & 0 deletions
diff --git a/‎IdentityCore/src/controllers/broker/mac/MSIDXpcSilentTokenRequestController.m‎
Lines changed: 2 additions & 1 deletion b/‎IdentityCore/src/controllers/broker/mac/MSIDXpcSilentTokenRequestController.m‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎IdentityCore/src/requests/broker/MSIDSSOExtensionInteractiveTokenRequest.h‎
Lines changed: 2 additions & 2 deletions b/‎IdentityCore/src/requests/broker/MSIDSSOExtensionInteractiveTokenRequest.h‎
Lines changed: 2 additions & 2 deletions
@@ -364,6 +364,9 @@ typedef NS_ENUM(NSInteger, MSIDErrorCode)
     // App state while failed to open broker error
     MSIDErrorBrokerAppIsInactive = -51902,
     MSIDErrorBrokerAppIsInBackground = -51903,
+    
+    // Broker Xpc internal error
+    MSIDErrorBrokerXpcUnexpectedError = -52001,
 
 };
 
 
@@ -447,6 +447,9 @@ void MSIDFillAndLogError(NSError **error, MSIDErrorCode errorCode, NSString *err
             return @"MSIDErrorBrokerAppIsInactive";
         case MSIDErrorBrokerAppIsInBackground:
             return @"MSIDErrorBrokerAppIsInBackground";
+            // Broker Xpc internal error
+        case MSIDErrorBrokerXpcUnexpectedError:
+            return @"MSIDErrorBrokerXpcUnexpectedError";
     }
 
     return [NSString stringWithFormat:@"Unknown: %@", @(errorCode)];
 
@@ -37,6 +37,7 @@
 #import "MSIDSignoutController.h"
 #if TARGET_OS_OSX
 #import "MSIDXpcSilentTokenRequestController.h"
+#import "MSIDXpcInteractiveTokenRequestController.h"
 #endif
 
 @implementation MSIDRequestControllerFactory
@@ -328,15 +329,47 @@ @implementation MSIDRequestControllerFactory
     return nil;
 }
 #else
+
 + (nullable id<MSIDRequestControlling>)brokerController:(nonnull MSIDInteractiveTokenRequestParameters *)parameters
                                    tokenRequestProvider:(nonnull id<MSIDTokenRequestProviding>)tokenRequestProvider
                                      fallbackController:(nullable id<MSIDRequestControlling>)fallbackController
                                                   error:(NSError * _Nullable __autoreleasing * _Nullable)error
 {
-    return [self ssoExtensionInteractiveController:parameters
-                              tokenRequestProvider:tokenRequestProvider
-                                fallbackController:fallbackController
-                                             error:error];
+    id<MSIDRequestControlling> xpcController = nil;
+    
+    // By default the xpc flow is disable, and should fallback to previous flow in else condition
+    if (parameters.xpcMode != MSIDXpcModeDisable)
+    {
+        xpcController = [self xpcInteractiveController:parameters
+                                  tokenRequestProvider:tokenRequestProvider
+                                    fallbackController:fallbackController
+                                                 error:error];
+        if (parameters.xpcMode == MSIDXpcModeBackup || parameters.xpcMode == MSIDXpcModeFull)
+        {
+            id<MSIDRequestControlling> ssoExtensionController = [self ssoExtensionInteractiveController:parameters
+                                                                                   tokenRequestProvider:tokenRequestProvider
+                                                                                     fallbackController:xpcController?:fallbackController
+                                                                                                  error:error];
+            if (parameters.xpcMode == MSIDXpcModeFull && !ssoExtensionController)
+            {
+                return xpcController;
+            }
+            
+            return ssoExtensionController;
+        }
+        else
+        {
+            // Development only: MSIDXpcModeOverride
+            return xpcController;
+        }
+    }
+    else
+    {
+        return [self ssoExtensionInteractiveController:parameters
+                                  tokenRequestProvider:tokenRequestProvider
+                                    fallbackController:fallbackController
+                                                 error:error];
+    }
 }
 #endif
 
@@ -356,6 +389,23 @@ @implementation MSIDRequestControllerFactory
     return nil;
 }
 
+#if TARGET_OS_OSX
++ (nullable id<MSIDRequestControlling>)xpcInteractiveController:(nonnull MSIDInteractiveTokenRequestParameters *)parameters
+                                           tokenRequestProvider:(nonnull id<MSIDTokenRequestProviding>)tokenRequestProvider
+                                             fallbackController:(nullable id<MSIDRequestControlling>)fallbackController
+                                                          error:(NSError * _Nullable __autoreleasing * _Nullable)error
+{
+    if ([MSIDXpcInteractiveTokenRequestController canPerformRequest])
+    {
+        return [[MSIDXpcInteractiveTokenRequestController alloc] initWithInteractiveRequestParameters:parameters
+                                                                                 tokenRequestProvider:tokenRequestProvider
+                                                                                   fallbackController:fallbackController
+                                                                                                error:error];
+    }
+    
+    return nil;
+}
+#endif
 
 + (nullable id<MSIDRequestControlling>)localInteractiveController:(nonnull MSIDInteractiveTokenRequestParameters *)parameters
                                              tokenRequestProvider:(nonnull id<MSIDTokenRequestProviding>)tokenRequestProvider
 
@@ -143,8 +143,8 @@ - (void)acquireTokenWithRequest:(MSIDSilentTokenRequest *)request
         self.currentRequest = nil;
         MSIDRequestCompletionBlock completionBlockWrapper = ^(MSIDTokenResult *fallResult, NSError *fallError)
         {
-            // We don't have any meaningful information from fallback controller (edge case of SSO error) so we use the local controller result earlier
-            if (!fallResult && (fallError.code == MSIDErrorSSOExtensionUnexpectedError))
+            // We don't have any meaningful information from fallback controller (edge case of SSO/Xpc error) so we use the local controller result earlier
+            if (!fallResult && (fallError.code == MSIDErrorSSOExtensionUnexpectedError || fallError.code == MSIDErrorBrokerXpcUnexpectedError))
             {
                 completionBlock(result, error);
             }
 
@@ -0,0 +1,41 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+
+#import "MSIDLocalInteractiveController.h"
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface MSIDXpcInteractiveTokenRequestController : MSIDLocalInteractiveController
+
+- (nullable instancetype)initWithInteractiveRequestParameters:(nonnull MSIDInteractiveTokenRequestParameters *)parameters
+                                         tokenRequestProvider:(nonnull id<MSIDTokenRequestProviding>)tokenRequestProvider
+                                           fallbackController:(nullable id<MSIDRequestControlling>)fallbackController
+                                                        error:(NSError * _Nullable __autoreleasing * _Nullable)error NS_DESIGNATED_INITIALIZER;
+
++ (BOOL)canPerformRequest;
+
+@end
+
+NS_ASSUME_NONNULL_END
@@ -0,0 +1,125 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+
+#import "MSIDXpcInteractiveTokenRequestController.h"
+#import "MSIDLocalInteractiveController+Internal.h"
+#import "MSIDXpcSingleSignOnProvider.h"
+#import "MSIDLogger+Internal.h"
+#import "MSIDThrottlingService.h"
+#import "MSIDInteractiveTokenRequest+Internal.h"
+#import "MSIDInteractiveTokenRequestParameters.h"
+#import "MSIDXpcProviderCache.h"
+
+@implementation MSIDXpcInteractiveTokenRequestController
+
+- (instancetype)initWithInteractiveRequestParameters:(MSIDInteractiveTokenRequestParameters *)parameters
+                                tokenRequestProvider:(id<MSIDTokenRequestProviding>)tokenRequestProvider
+                                  fallbackController:(id<MSIDRequestControlling>)fallbackController
+                                               error:(NSError *__autoreleasing*)error
+{
+    self = [super initWithInteractiveRequestParameters:parameters
+                                  tokenRequestProvider:tokenRequestProvider
+                                                 error:error];
+    if (self)
+    {
+        _fallbackController = fallbackController;
+    }
+    
+    return self;
+}
+
+#pragma mark - MSIDRequestControlling
+
+- (void)acquireToken:(MSIDRequestCompletionBlock)completionBlock
+{
+    MSID_LOG_WITH_CTX(MSIDLogLevelInfo, self.requestParameters, @"Beginning interactive broker Xpc service flow.");
+    MSIDInteractiveTokenRequest *request = [self.tokenRequestProvider interactiveXpcTokenRequestWithParameters:self.interactiveRequestParamaters];
+    
+    MSIDRequestCompletionBlock completionBlockWrapper = ^(MSIDTokenResult *result, NSError *error)
+    {
+        MSID_LOG_WITH_CTX(MSIDLogLevelInfo, self.requestParameters, @"Interactive Broker Xpc flow finished. Result %@, error: %ld error domain: %@", _PII_NULLIFY(result), (long)error.code, error.domain);
+        if (!error)
+        {
+            /**
+             Throttling service: when an interactive token succeed, we update the last refresh time of the throttling service
+             */
+            [MSIDThrottlingService updateLastRefreshTimeDatasource:request.extendedTokenCache context:self.interactiveRequestParamaters error:nil];
+           
+        }
+        else if ([self shouldFallback:error])
+        {
+            MSID_LOG_WITH_CTX(MSIDLogLevelInfo, self.requestParameters, @"Falling back to local controller.");
+            
+            [self.fallbackController acquireToken:completionBlock];
+            return;
+        }
+        
+        completionBlock(result, error);
+    };
+    
+    [self acquireTokenWithRequest:request completionBlock:completionBlockWrapper];
+}
+
++ (BOOL)canPerformRequest
+{
+    if (@available(macOS 13, *)) {
+        return [MSIDXpcSingleSignOnProvider canPerformRequest:MSIDXpcProviderCache.sharedInstance];
+    } else {
+        return NO;
+    }
+}
+
+#pragma mark - Private
+
+- (BOOL)shouldFallback:(NSError *)error
+{
+    MSID_LOG_WITH_CTX(MSIDLogLevelInfo, self.requestParameters, @"Looking if we should fallback to fallback controller, error: %ld error domain: %@.", (long)error.code, error.domain);
+    
+    if (!self.fallbackController)
+    {
+        MSID_LOG_WITH_CTX(MSIDLogLevelInfo, self.requestParameters, @"fallback controller is nil, Xpc service controller should fallback: NO");
+        return NO;
+    }
+    
+    // If it is MSIDErrorDomain and Broker Xpc returns unexpected error, we should fall back to local controler and unblock user
+    if (![error.domain isEqualToString:ASAuthorizationErrorDomain] && ![error.domain isEqualToString:MSIDErrorDomain]) return NO;
+    
+    BOOL shouldFallback = NO;
+    switch (error.code)
+    {
+        // TODO: 3236668 define XPC error code that should fallback
+        case ASAuthorizationErrorNotHandled:
+        case ASAuthorizationErrorUnknown:
+        case ASAuthorizationErrorFailed:
+        case MSIDErrorBrokerXpcUnexpectedError:
+            shouldFallback = YES;
+    }
+    
+    MSID_LOG_WITH_CTX(MSIDLogLevelInfo, self.requestParameters, @"SSO extension controller should fallback: %@", shouldFallback ? @"YES" : @"NO");
+    
+    return shouldFallback;
+}
+
+@end
@@ -46,7 +46,8 @@ - (void)acquireToken:(MSIDRequestCompletionBlock)completionBlock
 
 + (BOOL)canPerformRequest
 {
-    if (@available(macOS 13, *)) {
+    if (@available(macOS 13, *))
+    {
         return [MSIDXpcSingleSignOnProvider canPerformRequest:MSIDXpcProviderCache.sharedInstance];
     }
     else
 
@@ -21,12 +21,12 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 
-#import "MSIDInteractiveTokenRequest.h"
+#import "MSIDSSORemoteInteractiveTokenRequest.h"
 #import "MSIDProviderType.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
-@interface MSIDSSOExtensionInteractiveTokenRequest : MSIDInteractiveTokenRequest
+@interface MSIDSSOExtensionInteractiveTokenRequest : MSIDSSORemoteInteractiveTokenRequest
 
 @end
Original file line number	Diff line number	Diff line change
`@@ -447,6 +447,9 @@ void MSIDFillAndLogError(NSError *error, MSIDErrorCode errorCode, NSString err`
`447`	`447`	`return @"MSIDErrorBrokerAppIsInactive";`
`448`	`448`	`case MSIDErrorBrokerAppIsInBackground:`
`449`	`449`	`return @"MSIDErrorBrokerAppIsInBackground";`
	`450`	`+ // Broker Xpc internal error`
	`451`	`+ case MSIDErrorBrokerXpcUnexpectedError:`
	`452`	`+ return @"MSIDErrorBrokerXpcUnexpectedError";`
`450`	`453`	`}`
`451`	`454`
`452`	`455`	`return [NSString stringWithFormat:@"Unknown: %@", @(errorCode)];`
Original file line number	Diff line number	Diff line change
`@@ -143,8 +143,8 @@ - (void)acquireTokenWithRequest:(MSIDSilentTokenRequest *)request`
`143`	`143`	`self.currentRequest = nil;`
`144`	`144`	`MSIDRequestCompletionBlock completionBlockWrapper = ^(MSIDTokenResult fallResult, NSError fallError)`
`145`	`145`	`{`
`146`		`- // We don't have any meaningful information from fallback controller (edge case of SSO error) so we use the local controller result earlier`
`147`		`- if (!fallResult && (fallError.code == MSIDErrorSSOExtensionUnexpectedError))`
	`146`	`+ // We don't have any meaningful information from fallback controller (edge case of SSO/Xpc error) so we use the local controller result earlier`
	`147`	`+ if (!fallResult && (fallError.code == MSIDErrorSSOExtensionUnexpectedError \|\| fallError.code == MSIDErrorBrokerXpcUnexpectedError))`
`148`	`148`	`{`
`149`	`149`	`completionBlock(result, error);`
`150`	`150`	`}`
Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,8 @@ - (void)acquireToken:(MSIDRequestCompletionBlock)completionBlock`
`46`	`46`
`47`	`47`	`+ (BOOL)canPerformRequest`
`48`	`48`	`{`
`49`		`- if (@available(macOS 13, *)) {`
	`49`	`+ if (@available(macOS 13, *))`
	`50`	`+ {`
`50`	`51`	`return [MSIDXpcSingleSignOnProvider canPerformRequest:MSIDXpcProviderCache.sharedInstance];`
`51`	`52`	`}`
`52`	`53`	`else`