Merge branch 'dev' into ameyapat/msid-jwe-decryptor

* dev:
  Add showHeadsUp param.
  Align protocol nullable/nonnull with xpc service
  remove a line that coule causing crash when XPC service refuse to take connections
  check corr_id in correct format.
  modified:   changelog.txt
  nit
  Add correlationId field to SignOut API in BrowserCore flow
  Initial plan

Author: ameyapat

IdentityCore/src/broker_operation/request/browser_native_message_request/MSIDBrowserNativeMessageGetTokenRequest.m

@@ -30,7 +30,6 @@
 #import "MSIDConstants.h"
 #import "MSIDPromptType_Internal.h"
 
-NSString *const MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY = @"correlationId";
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_CLIENT_ID_KEY = @"clientId";
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_AUTHORITY_KEY = @"authority";
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_SCOPE_KEY = @"scope";
@@ -160,7 +159,13 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)json error:(NSError *__au
 
     if (![requestJson msidAssertType:NSString.class ofKey:MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY required:NO error:error]) return nil;
     NSString *uuidString = requestJson[MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY];
-    _correlationId = uuidString ? [[NSUUID alloc] initWithUUIDString:uuidString] : [NSUUID UUID];
+    _correlationId = [[NSUUID alloc] initWithUUIDString:uuidString];
+    if (!_correlationId)
+    {
+        _correlationId = [NSUUID UUID];
+        MSID_LOG_WITH_CTX_PII(MSIDLogLevelWarning, nil, @"CorrelationID is invalid or not in UUID format: %@. Use new correlationId: %@", uuidString, _correlationId);
+    }
+    
     _platformSequence = [requestJson msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_PLATFORM_SEQUENCE_KEY];
 
     id canShowUIValue = requestJson[MSID_BROWSER_NATIVE_MESSAGE_CAN_SHOW_UI_KEY];

IdentityCore/src/broker_operation/request/browser_native_message_request/MSIDBrowserNativeMessageRequest.h

@@ -38,3 +38,7 @@ NS_ASSUME_NONNULL_BEGIN
 @end
 
 NS_ASSUME_NONNULL_END
+
+extern NSString * _Nonnull const MSID_BROWSER_NATIVE_MESSAGE_SENDER_KEY;
+extern NSString * _Nonnull const MSID_BROWSER_NATIVE_MESSAGE_METHOD_KEY;
+extern NSString * _Nonnull const MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY;

IdentityCore/src/broker_operation/request/browser_native_message_request/MSIDBrowserNativeMessageRequest.m

@@ -28,6 +28,7 @@
 
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_SENDER_KEY = @"sender";
 NSString *const MSID_BROWSER_NATIVE_MESSAGE_METHOD_KEY = @"method";
+NSString *const MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY = @"correlationId";
 
 @implementation MSIDBrowserNativeMessageRequest
 

IdentityCore/src/broker_operation/request/browser_native_message_request/MSIDBrowserNativeMessageSignOutRequest.m

@@ -44,7 +44,7 @@ - (NSString *)description
 {
     __auto_type parentDescription = [super description];
 
-    return [NSString stringWithFormat:@"%@ accountId: (homeAccountId: %@ displayableId: %@)", parentDescription, MSID_PII_LOG_TRACKABLE(self.accountId.homeAccountId), MSID_PII_LOG_EMAIL(self.accountId.displayableId)];
+    return [NSString stringWithFormat:@"%@ accountId: (homeAccountId: %@ displayableId: %@), correlationId: %@", parentDescription, MSID_PII_LOG_TRACKABLE(self.accountId.homeAccountId), MSID_PII_LOG_EMAIL(self.accountId.displayableId), self.correlationId.UUIDString];
 }
 
 #pragma mark - MSIDJsonSerializable
@@ -59,6 +59,16 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)json error:(NSError *__au
 
     _accountId = [[MSIDAccountIdentifier alloc] initWithDisplayableId:nil homeAccountId:homeAccountId];
 
+    // Parse correlationId from JSON - optional field
+    if (![json msidAssertType:NSString.class ofKey:MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY required:NO error:error]) return nil;
+    NSString *uuidString = [json msidStringObjectForKey:MSID_BROWSER_NATIVE_MESSAGE_CORRELATION_KEY];
+    _correlationId = [[NSUUID alloc] initWithUUIDString:uuidString];
+    if (!_correlationId)
+    {
+        _correlationId = [NSUUID UUID];
+        MSID_LOG_WITH_CTX_PII(MSIDLogLevelWarning, nil, @"CorrelationID is invalid or not in UUID format: %@. Use new correlationId: %@", uuidString, _correlationId);
+    }
+    
     return self;
 }
 

IdentityCore/src/broker_operation/request/token_request/MSIDBrokerOperationTokenRequest.h

@@ -51,6 +51,7 @@ NS_ASSUME_NONNULL_BEGIN
 @property (nonatomic) BOOL forceRefresh;
 @property (nonatomic) BOOL ignoreScopeValidation;
 @property (nonatomic) BOOL bypassRedirectURIValidation;
+@property (nonatomic) BOOL showHeadsUp;
 
 + (BOOL)fillRequest:(MSIDBrokerOperationTokenRequest *)request
      withParameters:(MSIDRequestParameters *)parameters

IdentityCore/src/broker_operation/request/token_request/MSIDBrokerOperationTokenRequest.m

@@ -69,6 +69,7 @@ + (BOOL)fillRequest:(MSIDBrokerOperationTokenRequest *)request
     request.allowAnyExtraURLQueryParameters = parameters.allowAnyExtraURLQueryParameters;
     request.ignoreScopeValidation = parameters.ignoreScopeValidation;
     request.bypassRedirectURIValidation = parameters.bypassRedirectURIValidation;
+    request.showHeadsUp = parameters.showHeadsUp;
     return YES;
 }
 

IdentityCore/src/parameters/MSIDRequestParameters.h

@@ -64,6 +64,8 @@
 // - When set by the MSAL app: brokered flows are disabled, and MSAL falls back to local auth flows.
 @property (nonatomic) BOOL bypassRedirectURIValidation;
 
+@property (nonatomic) BOOL showHeadsUp;
+
 // Telemetry metadata
 @property (nonatomic) NSString *platformSequence;
 

IdentityCore/src/util/mac/MSIDXpcSingleSignOnProvider.m

@@ -70,7 +70,7 @@ @protocol MSIDXpcBrokerInstanceProtocol <NSObject>
 
 - (void)handleXpcWithRequestParams:(NSDictionary *)passedInParams
                    parentViewFrame:(NSRect)frame
-                   completionBlock:(void (^)(NSDictionary<NSString *,id> * _Nonnull, NSDate * _Nonnull, NSString * _Nonnull, NSError * _Nullable))blockName;
+                   completionBlock:(void (^)(NSDictionary<NSString *,id> * _Nullable, NSDate * _Nonnull, NSString * _Nonnull, NSError * _Nullable))blockName;
 
 - (void)canPerformWithMetadata:(NSDictionary *)passedInParams
                completionBlock:(void (^)(BOOL))blockName;
@@ -115,7 +115,7 @@ - (void)handleRequestParam:(NSDictionary *)requestParam
             return;
         }
 
-        [xpcService handleXpcWithRequestParams:requestParam parentViewFrame:frame completionBlock:^(NSDictionary<NSString *,id> * _Nonnull replyParam, NSDate * _Nonnull __unused xpcStartDate, NSString * _Nonnull __unused processId, NSError * _Nonnull callbackError) {
+        [xpcService handleXpcWithRequestParams:requestParam parentViewFrame:frame completionBlock:^(NSDictionary<NSString *,id> * _Nullable replyParam, NSDate * _Nonnull __unused xpcStartDate, NSString * _Nonnull __unused processId, NSError * _Nullable callbackError) {
             [directConnection suspend];
             [directConnection invalidate];
 
@@ -415,8 +415,6 @@ - (void)getXpcService:(id<MSIDXpcProviderCaching>)xpcProviderCache withContinueB
             continueBlock(nil, nil, xpcError);
             return;
         }
-        
-        if (continueBlock) continueBlock(nil, nil, xpcError);
     }];
 
     id<MSIDXpcBrokerDispatcherProtocol> parentXpcService = [connection remoteObjectProxyWithErrorHandler:^(NSError * _Nonnull error) {

IdentityCore/tests/MSIDBrowserNativeMessageGetTokenRequestTests.m

@@ -126,6 +126,30 @@ - (void)testInitWithJSONDictionary_whenJsonValidAndRequiredOnlyFieldsProvided_sh
     XCTAssertNotNil(request.correlationId.UUIDString);
 }
 
+- (void)testInitWithJSONDictionary_whenCorrelationIdProvidedInWrongFormat_shouldGenerateCorrelationId
+{
+    __auto_type json = @{
+        @"sender": @"https://login.microsoft.com",
+        @"request": @{
+            @"clientId": @"29a788ca-7bcf-4732-b23c-c8d294347e5b",
+            @"scope": @"user.read openid profile offline_access",
+            @"redirectUri": @"https://login.microsoft.com",
+            @"correlationId": @"abc",
+        }
+    };
+    
+    NSError *error;
+    __auto_type request = [[MSIDBrowserNativeMessageGetTokenRequest alloc] initWithJSONDictionary:json error:&error];
+    
+    XCTAssertNil(error);
+    XCTAssertNotNil(request);
+    XCTAssertEqualObjects(@"29a788ca-7bcf-4732-b23c-c8d294347e5b", request.clientId);
+    XCTAssertEqualObjects(@"user.read openid profile offline_access", request.scopes);
+    XCTAssertEqualObjects(@"https://login.microsoft.com", request.redirectUri);
+    XCTAssertTrue(request.canShowUI);
+    XCTAssertNotNil(request.correlationId.UUIDString);
+}
+
 - (void)testInitWithJSONDictionary_whenAuthorityInvalid_shouldFail
 {
     __auto_type json = @{

IdentityCore/tests/MSIDBrowserNativeMessageSignOutRequestTests.m

@@ -54,6 +54,7 @@ - (void)testInitWithJSONDictionary_whenAccountIdIsValid_shouldInit
     XCTAssertEqualObjects(@"https://login.microsoft.com", request.sender.absoluteString);
     XCTAssertEqualObjects(@"uid", request.accountId.uid);
     XCTAssertEqualObjects(@"utid", request.accountId.utid);
+    XCTAssertNotNil(request.correlationId); // Should generate a UUID if not provided
 }
 
 - (void)testInitWithJSONDictionary_whenAccountIdIsInvalid_shouldFail
@@ -72,4 +73,64 @@ - (void)testInitWithJSONDictionary_whenAccountIdIsInvalid_shouldFail
     XCTAssertEqualObjects(error.userInfo[MSIDErrorDescriptionKey], @"account Id is invalid.");
 }
 
+- (void)testInitWithJSONDictionary_whenCorrelationIdProvided_shouldUseProvidedCorrelationId
+{
+    __auto_type json = @{
+        @"method": @"SignOut",
+        @"accountId": @"uid.utid",
+        @"correlationId": @"2e34a931-fc34-442a-a248-a044e42d3027",
+        @"sender": @"https://localhost:8000"
+    };
+    
+    NSError *error;
+    __auto_type request = [[MSIDBrowserNativeMessageSignOutRequest alloc] initWithJSONDictionary:json error:&error];
+    
+    XCTAssertNil(error);
+    XCTAssertNotNil(request);
+    XCTAssertEqualObjects(@"https://localhost:8000", request.sender.absoluteString);
+    XCTAssertEqualObjects(@"uid", request.accountId.uid);
+    XCTAssertEqualObjects(@"utid", request.accountId.utid);
+    XCTAssertEqualObjects(@"2E34A931-FC34-442A-A248-A044E42D3027", request.correlationId.UUIDString);
+}
+
+- (void)testInitWithJSONDictionary_whenCorrelationIdNotProvided_shouldGenerateCorrelationId
+{
+    __auto_type json = @{
+        @"method": @"SignOut",
+        @"accountId": @"uid.utid",
+        @"sender": @"https://localhost:8000"
+    };
+    
+    NSError *error;
+    __auto_type request = [[MSIDBrowserNativeMessageSignOutRequest alloc] initWithJSONDictionary:json error:&error];
+    
+    XCTAssertNil(error);
+    XCTAssertNotNil(request);
+    XCTAssertEqualObjects(@"https://localhost:8000", request.sender.absoluteString);
+    XCTAssertEqualObjects(@"uid", request.accountId.uid);
+    XCTAssertEqualObjects(@"utid", request.accountId.utid);
+    XCTAssertNotNil(request.correlationId);
+    XCTAssertNotNil(request.correlationId.UUIDString);
+}
+
+- (void)testInitWithJSONDictionary_whenCorrelationIdProvidedInWrongFormat_shouldGenerateCorrelationId
+{
+    __auto_type json = @{
+        @"method": @"SignOut",
+        @"accountId": @"uid.utid",
+        @"correlationId": @"abc",
+        @"sender": @"https://localhost:8000"
+    };
+    
+    NSError *error;
+    __auto_type request = [[MSIDBrowserNativeMessageSignOutRequest alloc] initWithJSONDictionary:json error:&error];
+    
+    XCTAssertNil(error);
+    XCTAssertNotNil(request);
+    XCTAssertEqualObjects(@"https://localhost:8000", request.sender.absoluteString);
+    XCTAssertEqualObjects(@"uid", request.accountId.uid);
+    XCTAssertEqualObjects(@"utid", request.accountId.utid);
+    XCTAssertNotNil(request.correlationId.UUIDString);
+}
+
 @end