AzureAD
diff --git a/‎IdentityCore/IdentityCore.xcodeproj/project.pbxproj‎
Lines changed: 38 additions & 8 deletions b/‎IdentityCore/IdentityCore.xcodeproj/project.pbxproj‎
Lines changed: 38 additions & 8 deletions
diff --git a/‎IdentityCore/src/MSIDConstants.h‎
Lines changed: 15 additions & 4 deletions b/‎IdentityCore/src/MSIDConstants.h‎
Lines changed: 15 additions & 4 deletions
diff --git a/‎IdentityCore/src/MSIDConstants.m‎
Lines changed: 4 additions & 1 deletion b/‎IdentityCore/src/MSIDConstants.m‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎IdentityCore/src/MSIDError.h‎
Lines changed: 3 additions & 0 deletions b/‎IdentityCore/src/MSIDError.h‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎IdentityCore/src/MSIDError.m‎
Lines changed: 3 additions & 0 deletions b/‎IdentityCore/src/MSIDError.m‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎IdentityCore/src/MSIDOAuth2Constants.h‎
Lines changed: 1 addition & 0 deletions b/‎IdentityCore/src/MSIDOAuth2Constants.h‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎IdentityCore/src/MSIDOAuth2Constants.m‎
Lines changed: 1 addition & 0 deletions b/‎IdentityCore/src/MSIDOAuth2Constants.m‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎IdentityCore/src/cache/metadata/MSIDAccountMetadataCacheAccessor.h‎
Lines changed: 5 additions & 0 deletions b/‎IdentityCore/src/cache/metadata/MSIDAccountMetadataCacheAccessor.h‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎IdentityCore/src/controllers/MSIDRequestControllerFactory.m‎
Lines changed: 58 additions & 8 deletions b/‎IdentityCore/src/controllers/MSIDRequestControllerFactory.m‎
Lines changed: 58 additions & 8 deletions
diff --git a/‎IdentityCore/src/controllers/MSIDSilentController.m‎
Lines changed: 2 additions & 2 deletions b/‎IdentityCore/src/controllers/MSIDSilentController.m‎
Lines changed: 2 additions & 2 deletions
@@ -95,10 +95,10 @@ typedef NS_ENUM(NSInteger, MSIDHeaderType)
 
 typedef NS_ENUM(NSUInteger, MSIDXpcMode)
 {
-    MSIDXpcModeDisable = 0, // Broker Xpc service call is disabled
-    MSIDXpcModeBackup,// Broker Xpc service call is only used as a backup service when SsoExtension service failed. If SsoExtenion is not available on the device (canPerformRequest returns false), Broker Xpc service call will be disabled
-    MSIDXpcModeFull, // Broker Xpc service call is used as a backup call when SsoExtension service failed. If SsoExtenion is not available on the device, Xpc service call will be the primary auth service
-    MSIDXpcModeOverride // Development only: Broker Xpc service is used as main Sso service, and ignored SsoExtension service completely. This option will be ignored in production and will be treated same as MSIDXpcModeDisable
+    MSIDXpcModeDisabled = 0, // Broker Xpc service call is disabled
+    MSIDXpcModeSSOExtCompanion,// Broker Xpc service call is only used as a backup service when SsoExtension service failed. If SsoExtension is not available on the device (canPerformRequest returns false), Broker Xpc service call will be disabled
+    MSIDXpcModeSSOExtBackup, // Broker Xpc service call is used as a backup call when SsoExtension service failed. If SsoExtension is not available on the device, Xpc service call will be the primary auth service
+    MSIDXpcModePrimary // Development only: Broker Xpc service is used as main Sso service, and ignored SsoExtension service completely. This option will be ignored in production and will be treated same as MSIDXpcModeDisable
 };
 
 typedef void (^MSIDRequestCompletionBlock)(MSIDTokenResult * _Nullable result, NSError * _Nullable error);
@@ -215,4 +215,15 @@ extern NSString * _Nonnull const MSID_FLIGHT_USE_V2_WEB_RESPONSE_FACTORY;
 extern NSString * _Nonnull const MSID_FLIGHT_SUPPORT_DUNA_CBA;
 extern NSString * _Nonnull const MSID_FLIGHT_CLIENT_SFRT_STATUS;
 
+/**
+ * Flight to indicate if remove account artifacts should be disabled
+ * Owner: Antonio
+ * Link: N/A - No ECS flag created as this is a disable flight to be created on demand
+ * Created Date: N/A
+ * Status: Not started
+ * Fully Allocated: Not Started
+ * WorkItem: 3168316
+ */
+extern NSString * _Nonnull const MSID_FLIGHT_DISABLE_REMOVE_ACCOUNT_ARTIFACTS;
+
 #define METHODANDLINE   [NSString stringWithFormat:@"%s [Line %d]", __PRETTY_FUNCTION__, __LINE__]
@@ -85,7 +85,10 @@
 
 NSString *const MSID_FLIGHT_USE_V2_WEB_RESPONSE_FACTORY = @"use_v2_web_response_factory";
 NSString *const MSID_FLIGHT_SUPPORT_DUNA_CBA = @"support_duna_cba_v2";
-NSString *const MSID_FLIGHT_CLIENT_SFRT_STATUS = @"sfrt_status";
+NSString *const MSID_FLIGHT_CLIENT_SFRT_STATUS = @"sfrt_v2";
+
+// Making the flight string short to avoid legacy broker url size limit
+NSString *const MSID_FLIGHT_DISABLE_REMOVE_ACCOUNT_ARTIFACTS = @"disable_rm_metadata";
 
 
 #define METHODANDLINE   [NSString stringWithFormat:@"%s [Line %d]", __PRETTY_FUNCTION__, __LINE__]
@@ -364,6 +364,9 @@ typedef NS_ENUM(NSInteger, MSIDErrorCode)
     // App state while failed to open broker error
     MSIDErrorBrokerAppIsInactive = -51902,
     MSIDErrorBrokerAppIsInBackground = -51903,
+    
+    // Broker Xpc internal error
+    MSIDErrorBrokerXpcUnexpectedError = -52001,
 
 };
 
 
@@ -447,6 +447,9 @@ void MSIDFillAndLogError(NSError **error, MSIDErrorCode errorCode, NSString *err
             return @"MSIDErrorBrokerAppIsInactive";
         case MSIDErrorBrokerAppIsInBackground:
             return @"MSIDErrorBrokerAppIsInBackground";
+            // Broker Xpc internal error
+        case MSIDErrorBrokerXpcUnexpectedError:
+            return @"MSIDErrorBrokerXpcUnexpectedError";
     }
 
     return [NSString stringWithFormat:@"Unknown: %@", @(errorCode)];
 
@@ -170,6 +170,7 @@ extern NSString *const MSID_PREFERRED_USERNAME_MISSING;
 
 extern NSString *const MSIDServerErrorClientMismatch;
 extern NSString *const MSIDServerErrorBadToken;
+extern NSString *const MSIDServerErrorUserAccountDeleted;
 
 extern NSString *const MSID_CCS_REQUEST_ID_KEY;
 extern NSString *const MSID_CCS_REQUEST_ID_RESPONSE;
 
@@ -170,6 +170,7 @@
 
 NSString *const MSIDServerErrorClientMismatch            = @"client_mismatch";
 NSString *const MSIDServerErrorBadToken                  = @"bad_token";
+NSString *const MSIDServerErrorUserAccountDeleted        = @"user_account_deleted";
 
 NSString *const MSID_CCS_REQUEST_ID_KEY                  = @"x-ms-ccs-requestid";
 NSString *const MSID_CCS_REQUEST_ID_RESPONSE             = @"ccs-requestid";
 
@@ -77,4 +77,9 @@
 - (MSIDAccountMetadataCacheItem *)retrieveAccountMetadataCacheItemForClientId:(NSString *)clientId
                                                                       context:(id<MSIDRequestContext>)context
                                                                         error:(NSError *__autoreleasing*)error;
+
+- (BOOL)removeAccountMetadataForHomeAccountId:(NSString *)homeAccountId
+                                      context:(id<MSIDRequestContext>)context
+                                        error:(NSError *__autoreleasing*)error;
+
 @end
@@ -37,6 +37,7 @@
 #import "MSIDSignoutController.h"
 #if TARGET_OS_OSX
 #import "MSIDXpcSilentTokenRequestController.h"
+#import "MSIDXpcInteractiveTokenRequestController.h"
 #endif
 
 @implementation MSIDRequestControllerFactory
@@ -47,7 +48,7 @@ @implementation MSIDRequestControllerFactory
                                                 tokenRequestProvider:(id<MSIDTokenRequestProviding>)tokenRequestProvider
                                                                error:(NSError *__autoreleasing*)error
 {
-    if (parameters.xpcMode == MSIDXpcModeDisable)
+    if (parameters.xpcMode == MSIDXpcModeDisabled)
     {
         return [self SilentControllerWithoutXpcForParameters:parameters
                                                 forceRefresh:forceRefresh
@@ -164,14 +165,14 @@ @implementation MSIDRequestControllerFactory
 
         MSIDSilentController *xpcController = nil;
 #if TARGET_OS_OSX
-        if (parameters.xpcMode != MSIDXpcModeDisable && [MSIDXpcSilentTokenRequestController canPerformRequest])
+        if (parameters.xpcMode != MSIDXpcModeDisabled && [MSIDXpcSilentTokenRequestController canPerformRequest])
         {
             xpcController = [[MSIDXpcSilentTokenRequestController alloc] initWithRequestParameters:parameters
                                                                                            forceRefresh:forceRefresh
                                                                                    tokenRequestProvider:tokenRequestProvider
                                                                           fallbackInteractiveController:fallbackController
                                                                                                   error:error];
-            if (parameters.xpcMode == MSIDXpcModeFull || parameters.xpcMode == MSIDXpcModeOverride)
+            if (parameters.xpcMode == MSIDXpcModeSSOExtBackup || parameters.xpcMode == MSIDXpcModePrimary)
             {
                 // If in Xpc full mode, the XPCController will work as a isolated controller when SsoExtension cannotPerformRequest
                 fallbackController = xpcController;
@@ -180,7 +181,7 @@ @implementation MSIDRequestControllerFactory
         }
 #endif
 
-        BOOL shouldSkipSsoExtension = parameters.xpcMode == MSIDXpcModeOverride;
+        BOOL shouldSkipSsoExtension = parameters.xpcMode == MSIDXpcModePrimary;
 
         if (!shouldSkipSsoExtension && [MSIDSSOExtensionSilentTokenRequestController canPerformRequest])
         {
@@ -328,15 +329,47 @@ @implementation MSIDRequestControllerFactory
     return nil;
 }
 #else
+
 + (nullable id<MSIDRequestControlling>)brokerController:(nonnull MSIDInteractiveTokenRequestParameters *)parameters
                                    tokenRequestProvider:(nonnull id<MSIDTokenRequestProviding>)tokenRequestProvider
                                      fallbackController:(nullable id<MSIDRequestControlling>)fallbackController
                                                   error:(NSError * _Nullable __autoreleasing * _Nullable)error
 {
-    return [self ssoExtensionInteractiveController:parameters
-                              tokenRequestProvider:tokenRequestProvider
-                                fallbackController:fallbackController
-                                             error:error];
+    id<MSIDRequestControlling> xpcController = nil;
+    
+    // By default the xpc flow is disable, and should fallback to previous flow in else condition
+    if (parameters.xpcMode != MSIDXpcModeDisabled)
+    {
+        xpcController = [self xpcInteractiveController:parameters
+                                  tokenRequestProvider:tokenRequestProvider
+                                    fallbackController:fallbackController
+                                                 error:error];
+        if (parameters.xpcMode == MSIDXpcModeSSOExtCompanion || parameters.xpcMode == MSIDXpcModeSSOExtBackup)
+        {
+            id<MSIDRequestControlling> ssoExtensionController = [self ssoExtensionInteractiveController:parameters
+                                                                                   tokenRequestProvider:tokenRequestProvider
+                                                                                     fallbackController:xpcController?:fallbackController
+                                                                                                  error:error];
+            if (parameters.xpcMode == MSIDXpcModeSSOExtBackup && !ssoExtensionController)
+            {
+                return xpcController;
+            }
+            
+            return ssoExtensionController;
+        }
+        else
+        {
+            // Development only: MSIDXpcModePrimary
+            return xpcController;
+        }
+    }
+    else
+    {
+        return [self ssoExtensionInteractiveController:parameters
+                                  tokenRequestProvider:tokenRequestProvider
+                                    fallbackController:fallbackController
+                                                 error:error];
+    }
 }
 #endif
 
@@ -356,6 +389,23 @@ @implementation MSIDRequestControllerFactory
     return nil;
 }
 
+#if TARGET_OS_OSX
++ (nullable id<MSIDRequestControlling>)xpcInteractiveController:(nonnull MSIDInteractiveTokenRequestParameters *)parameters
+                                           tokenRequestProvider:(nonnull id<MSIDTokenRequestProviding>)tokenRequestProvider
+                                             fallbackController:(nullable id<MSIDRequestControlling>)fallbackController
+                                                          error:(NSError * _Nullable __autoreleasing * _Nullable)error
+{
+    if ([MSIDXpcInteractiveTokenRequestController canPerformRequest])
+    {
+        return [[MSIDXpcInteractiveTokenRequestController alloc] initWithInteractiveRequestParameters:parameters
+                                                                                 tokenRequestProvider:tokenRequestProvider
+                                                                                   fallbackController:fallbackController
+                                                                                                error:error];
+    }
+    
+    return nil;
+}
+#endif
 
 + (nullable id<MSIDRequestControlling>)localInteractiveController:(nonnull MSIDInteractiveTokenRequestParameters *)parameters
                                              tokenRequestProvider:(nonnull id<MSIDTokenRequestProviding>)tokenRequestProvider
 
@@ -143,8 +143,8 @@ - (void)acquireTokenWithRequest:(MSIDSilentTokenRequest *)request
         self.currentRequest = nil;
         MSIDRequestCompletionBlock completionBlockWrapper = ^(MSIDTokenResult *fallResult, NSError *fallError)
         {
-            // We don't have any meaningful information from fallback controller (edge case of SSO error) so we use the local controller result earlier
-            if (!fallResult && (fallError.code == MSIDErrorSSOExtensionUnexpectedError))
+            // We don't have any meaningful information from fallback controller (edge case of SSO/Xpc error) so we use the local controller result earlier
+            if (!fallResult && (fallError.code == MSIDErrorSSOExtensionUnexpectedError || fallError.code == MSIDErrorBrokerXpcUnexpectedError))
             {
                 completionBlock(result, error);
             }
Original file line number	Diff line number	Diff line change
`@@ -447,6 +447,9 @@ void MSIDFillAndLogError(NSError *error, MSIDErrorCode errorCode, NSString err`
`447`	`447`	`return @"MSIDErrorBrokerAppIsInactive";`
`448`	`448`	`case MSIDErrorBrokerAppIsInBackground:`
`449`	`449`	`return @"MSIDErrorBrokerAppIsInBackground";`
	`450`	`+ // Broker Xpc internal error`
	`451`	`+ case MSIDErrorBrokerXpcUnexpectedError:`
	`452`	`+ return @"MSIDErrorBrokerXpcUnexpectedError";`
`450`	`453`	`}`
`451`	`454`
`452`	`455`	`return [NSString stringWithFormat:@"Unknown: %@", @(errorCode)];`
Original file line number	Diff line number	Diff line change
`@@ -143,8 +143,8 @@ - (void)acquireTokenWithRequest:(MSIDSilentTokenRequest *)request`
`143`	`143`	`self.currentRequest = nil;`
`144`	`144`	`MSIDRequestCompletionBlock completionBlockWrapper = ^(MSIDTokenResult fallResult, NSError fallError)`
`145`	`145`	`{`
`146`		`- // We don't have any meaningful information from fallback controller (edge case of SSO error) so we use the local controller result earlier`
`147`		`- if (!fallResult && (fallError.code == MSIDErrorSSOExtensionUnexpectedError))`
	`146`	`+ // We don't have any meaningful information from fallback controller (edge case of SSO/Xpc error) so we use the local controller result earlier`
	`147`	`+ if (!fallResult && (fallError.code == MSIDErrorSSOExtensionUnexpectedError \|\| fallError.code == MSIDErrorBrokerXpcUnexpectedError))`
`148`	`148`	`{`
`149`	`149`	`completionBlock(result, error);`
`150`	`150`	`}`