[minor][Feature]: Add ecs flags to disable pop & claims in browser core. (#1673)

## PR Title Format

**Required Format:** `[Keyword1] [Keyword2]: Description`

- **Keyword1:** `major`, `minor`, or `patch` (case-insensitive)
- **Keyword2:** `feature`, `bugfix`, `engg`, or `tests`
(case-insensitive)

**Examples:**
- `[MAJOR] [Feature]: new API`
- `[minor] [bugfix]: fix crash`
- `[PATCH][tests]:add coverage`

## Proposed changes

Describe what this PR is trying to do.

## Type of change

- [ ] Feature work
- [ ] Bug fix
- [ ] Documentation
- [x] Engineering change
- [ ] Test
- [ ] Logging/Telemetry

## Risk

- [ ] High – Errors could cause MAJOR regression of many scenarios.
(Example: new large features or high level infrastructure changes)
- [ ] Medium – Errors could cause regression of 1 or more scenarios.
(Example: somewhat complex bug fixes, small new features)
- [x] Small – No issues are expected. (Example: Very small bug fixes,
string changes, or configuration settings changes)

## Additional information

Author: antrix1989

IdentityCore/src/MSIDConstants.h

@@ -243,8 +243,16 @@ extern NSString * _Nonnull const MSID_FLIGHT_IS_BART_SUPPORTED;
 extern NSString * _Nonnull const MSID_FLIGHT_SPINNER_FIX;
 
 extern NSString * _Nonnull const MSID_FLIGHT_ENABLE_QUERYING_STK;
+
+/// Owner: sedemche
 extern NSString * _Nonnull const MSID_FLIGHT_USE_AUTOLAYOUT_FOR_LOADING_INDICATOR;
 
+/// Owner: sedemche
+extern NSString * _Nonnull const MSID_FLIGHT_BROWSER_CORE_DISABLE_POP;
+
+/// Owner: sedemche
+extern NSString * _Nonnull const MSID_FLIGHT_BROWSER_CORE_DISABLE_CLAIMS;
+
 extern NSString * _Nonnull const MSID_DOMAIN_HINT_KEY;
 
 extern NSString * _Nonnull const MSID_FLIGHT_ENABLE_THREAD_STARVATION;

IdentityCore/src/MSIDConstants.m

@@ -101,6 +101,10 @@
 
 NSString *const MSID_FLIGHT_USE_AUTOLAYOUT_FOR_LOADING_INDICATOR = @"use_autolayout_for_loading_indicator";
 
+NSString *const MSID_FLIGHT_BROWSER_CORE_DISABLE_POP = @"browser_core_disable_pop";
+
+NSString *const MSID_FLIGHT_BROWSER_CORE_DISABLE_CLAIMS = @"browser_core_disable_claims";
+
 NSString *const MSID_DOMAIN_HINT_KEY  = @"domain_hint";
 
 // This is SsoExt flow only flight

IdentityCore/src/broker_operation/request/browser_native_message_request/MSIDBrowserNativeMessageGetTokenRequest.m

@@ -32,6 +32,7 @@
 #import "MSIDAuthenticationSchemePop.h"
 #import "MSIDAuthScheme.h"
 #import "MSIDClaimsRequest.h"
+#import "MSIDFlightManager.h"
 
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_CLIENT_ID_KEY = @"clientId";
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_AUTHORITY_KEY = @"authority";
@@ -178,36 +179,45 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)json error:(NSError *__au
     // It is optional param, if nil -- set it to 'true' by default.
     _canShowUI = canShowUIValue ? [requestJson msidBoolObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_CAN_SHOW_UI_KEY] : YES;
 
-    NSString *reqCnf = [requestJson msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_REQUEST_CONFIRMATION_KEY] ?: [_extraParameters msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_REQUEST_CONFIRMATION_KEY];
-    NSString *tokenType = [requestJson msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_TOKEN_TYPE_KEY] ?: [_extraParameters msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_TOKEN_TYPE_KEY];
-    tokenType = tokenType.capitalizedString;
+    BOOL disablePop = [MSIDFlightManager.sharedInstance boolForKey:MSID_FLIGHT_BROWSER_CORE_DISABLE_POP];
 
-    
-    if (MSIDAuthSchemeTypeFromString(tokenType) == MSIDAuthSchemePop)
+    if (!disablePop)
     {
-        NSMutableDictionary *schemeParams = [NSMutableDictionary new];
-        schemeParams[MSID_OAUTH2_TOKEN_TYPE] = tokenType;
-        schemeParams[MSID_OAUTH2_REQUEST_CONFIRMATION] = reqCnf;
+        NSString *reqCnf = [requestJson msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_REQUEST_CONFIRMATION_KEY] ?: [_extraParameters msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_REQUEST_CONFIRMATION_KEY];
+        NSString *tokenType = [requestJson msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_TOKEN_TYPE_KEY] ?: [_extraParameters msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_TOKEN_TYPE_KEY];
+        tokenType = tokenType.capitalizedString;
 
-        _authScheme = [[MSIDAuthenticationSchemePop alloc] initWithSchemeParameters:schemeParams];
+        if (MSIDAuthSchemeTypeFromString(tokenType) == MSIDAuthSchemePop)
+        {
+            NSMutableDictionary *schemeParams = [NSMutableDictionary new];
+            schemeParams[MSID_OAUTH2_TOKEN_TYPE] = tokenType;
+            schemeParams[MSID_OAUTH2_REQUEST_CONFIRMATION] = reqCnf;
+            
+            _authScheme = [[MSIDAuthenticationSchemePop alloc] initWithSchemeParameters:schemeParams];
+        }
     }
 
     if (!_authScheme)
     {
         _authScheme = [MSIDAuthenticationScheme new]; // Bearer by default.
     }
-
-    NSString *claims = [requestJson msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_CLAIMS_KEY] ?: [_extraParameters msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_CLAIMS_KEY];
 
-    if (claims)
+    BOOL disableClaims = [MSIDFlightManager.sharedInstance boolForKey:MSID_FLIGHT_BROWSER_CORE_DISABLE_CLAIMS];
+    
+    if (!disableClaims)
     {
-        NSDictionary *claimsJson = [claims msidJson];
+        NSString *claims = [requestJson msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_CLAIMS_KEY] ?: [_extraParameters msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_CLAIMS_KEY];
 
-        NSError *claimsError;
-        _claimsRequest = [[MSIDClaimsRequest alloc] initWithJSONDictionary:claimsJson error:&claimsError];
-        if (claimsError)
+        if (claims)
         {
-            MSID_LOG_WITH_CTX(MSIDLogLevelWarning, nil, @"Failed to create claims request. Claims: %@", MSID_PII_LOG_MASKABLE(claimsJson));
+            NSDictionary *claimsJson = [claims msidJson];
+            
+            NSError *claimsError;
+            _claimsRequest = [[MSIDClaimsRequest alloc] initWithJSONDictionary:claimsJson error:&claimsError];
+            if (claimsError)
+            {
+                MSID_LOG_WITH_CTX(MSIDLogLevelWarning, nil, @"Failed to create claims request. Claims: %@", MSID_PII_LOG_MASKABLE(claimsJson));
+            }
         }
     }