AzureAD · fadidurah · Feb 23, 2025 · Feb 3, 2025 · Feb 11, 2025 · Feb 12, 2025
@@ -0,0 +1,151 @@
+//  Copyright (c) Microsoft Corporation.
+//  All rights reserved.
+//
+//  This code is licensed under the MIT License.
+//
+//  Permission is hereby granted, free of charge, to any person obtaining a copy
+//  of this software and associated documentation files(the "Software"), to deal
+//  in the Software without restriction, including without limitation the rights
+//  to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+//  copies of the Software, and to permit persons to whom the Software is
+//  furnished to do so, subject to the following conditions :
+//
+//  The above copyright notice and this permission notice shall be included in
+//  all copies or substantial portions of the Software.
+//
+//  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+//  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+//  FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
+//  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+//  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+//  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+//  THE SOFTWARE.
+package com.microsoft.identity.client.msal.automationapp.testpass.broker.crosscloud;
+
+import android.text.TextUtils;
+
+import androidx.annotation.NonNull;
+
+import com.microsoft.identity.client.Prompt;
+import com.microsoft.identity.client.msal.automationapp.sdk.MsalAuthResult;
+import com.microsoft.identity.client.msal.automationapp.sdk.MsalAuthTestParams;
+import com.microsoft.identity.client.msal.automationapp.sdk.MsalSdk;
+import com.microsoft.identity.client.msal.automationapp.testpass.broker.AbstractGuestAccountMsalBrokerUiTest;
+import com.microsoft.identity.client.ui.automation.TestContext;
+import com.microsoft.identity.client.ui.automation.TokenRequestTimeout;
+import com.microsoft.identity.client.ui.automation.annotations.RunOnAPI29Minus;
+import com.microsoft.identity.client.ui.automation.annotations.RetryOnFailure;
+import com.microsoft.identity.client.ui.automation.constants.GlobalConstants;
+import com.microsoft.identity.client.ui.automation.interaction.OnInteractionRequired;
+import com.microsoft.identity.client.ui.automation.interaction.PromptHandlerParameters;
+import com.microsoft.identity.client.ui.automation.interaction.PromptParameter;
+import com.microsoft.identity.client.ui.automation.interaction.microsoftsts.AadPromptHandler;
+import com.microsoft.identity.labapi.utilities.client.LabQuery;
+import com.microsoft.identity.labapi.utilities.constants.AzureEnvironment;
+import com.microsoft.identity.labapi.utilities.constants.GuestHomeAzureEnvironment;
+import com.microsoft.identity.labapi.utilities.constants.GuestHomedIn;
+import com.microsoft.identity.labapi.utilities.constants.UserType;
+
+import org.json.JSONObject;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.concurrent.TimeUnit;
+
+// [Joined] Guest Support: Interactive and Silent Auth with MSAL Test app (Authenticator or Company Portal)
+// https://identitydivision.visualstudio.com/Engineering/_workitems/edit/1400731/
+@RetryOnFailure(retryCount = 2)
+@RunWith(Parameterized.class)
+@RunOnAPI29Minus("Keep me signed in")
+public class TestCase1400731 extends AbstractGuestAccountMsalBrokerUiTest {
+
+    private final GuestHomeAzureEnvironment mGuestHomeAzureEnvironment;
+
+    public TestCase1400731(final String name, final @NonNull GuestHomeAzureEnvironment guestHomeAzureEnvironment) {
+        mGuestHomeAzureEnvironment = guestHomeAzureEnvironment;
+    }
+
+    @Parameterized.Parameters(name = "{0}")
+    public static Collection guestHomeAzureEnvironment() {
+        return Arrays.asList(new Object[][]{
+                {"AZURE_US_GOV", GuestHomeAzureEnvironment.AZURE_US_GOVERNMENT},
+                {"AZURE_CHINA_CLOUD", GuestHomeAzureEnvironment.AZURE_CHINA_CLOUD},
+        });
+    }
+
+    /**
+     * Tests Acquiring token for Cross cloud Guest account with broker.
+     */
+    @Test
+    public void test_1420494() throws Throwable {
+        final String userName = mGuestUser.getHomeUpn();
+        final String password = mLabClient.getPasswordForGuestUser(mGuestUser);
+
+        //perform device registration
+        mBroker.performDeviceRegistration(userName, password);
+
+        // Handler for Interactive auth call
+        final OnInteractionRequired interactionHandler = () -> {
+            final PromptHandlerParameters promptHandlerParameters =
+                    PromptHandlerParameters.builder()
+                            .prompt(PromptParameter.SELECT_ACCOUNT)
+                            .loginHint(userName)
+                            .staySignedInPageExpected(GlobalConstants.IS_STAY_SIGN_IN_PAGE_EXPECTED)
+                            .broker(mBroker)
+                            .build();
+            final AadPromptHandler promptHandler = new AadPromptHandler(promptHandlerParameters);
+            promptHandler.handlePrompt(userName, password);
+        };
+
+        final MsalAuthTestParams acquireTokenAuthParams = MsalAuthTestParams.builder()
+                .activity(mActivity)
+                .loginHint(userName)
+                .scopes(Arrays.asList(getScopes()))
+                .promptParameter(Prompt.SELECT_ACCOUNT)
+                .authority(getAuthority())
+                .msalConfigResourceId(getConfigFileResourceId())
+                .build();
+
+        final MsalSdk msalSdk = new MsalSdk();
+        // Acquire token interactively
+        final MsalAuthResult acquireTokenResult = msalSdk.acquireTokenInteractive(acquireTokenAuthParams, interactionHandler, TokenRequestTimeout.SHORT);
+
+        Assert.assertFalse("Verify accessToken is not empty", TextUtils.isEmpty(acquireTokenResult.getAccessToken()));
+
+        // change the time on the device (without resetting to automatic time zone)
+        TestContext.getTestContext().getTestDevice().getSettings().forwardDeviceTimeForOneDay();
+
+        // Acquire token silently
+        MsalAuthResult acquireTokenSilentResult = msalSdk.acquireTokenSilent(acquireTokenAuthParams, TokenRequestTimeout.SHORT);
+        Assert.assertFalse("AccessToken is empty", TextUtils.isEmpty(acquireTokenSilentResult.getAccessToken()));
+
+        Assert.assertNotEquals("Silent request does not return a new access token", acquireTokenSilentResult.getAccessToken(), acquireTokenResult.getAccessToken());
+
+        final JSONObject profileObject = getProfileObjectFromMSGraph(acquireTokenSilentResult.getAccessToken());
+        Assert.assertEquals(userName, profileObject.get("mail"));
+    }
+
+    @Override
+    public LabQuery getLabQuery() {
+        return LabQuery.builder()
+                .userType(UserType.GUEST)
+                .guestHomeAzureEnvironment(mGuestHomeAzureEnvironment)
+                .guestHomedIn(GuestHomedIn.HOST_AZURE_AD)
+                .azureEnvironment(AzureEnvironment.AZURE_CLOUD)
+                .build();
+    }
+
+    @Override
+    public String[] getScopes() {
+        return new String[]{"User.read"};
+    }
+
+    @Override
+    public String getAuthority() {
+        return "https://login.microsoftonline.com/" + mGuestUser.getGuestLabTenants().get(0);
+    }
+}
@@ -0,0 +1,232 @@
+//  Copyright (c) Microsoft Corporation.
+//  All rights reserved.
+//
+//  This code is licensed under the MIT License.
+//
+//  Permission is hereby granted, free of charge, to any person obtaining a copy
+//  of this software and associated documentation files(the "Software"), to deal
+//  in the Software without restriction, including without limitation the rights
+//  to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+//  copies of the Software, and to permit persons to whom the Software is
+//  furnished to do so, subject to the following conditions :
+//
+//  The above copyright notice and this permission notice shall be included in
+//  all copies or substantial portions of the Software.
+//
+//  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+//  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+//  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+//  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+//  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+//  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+//  THE SOFTWARE.
+package com.microsoft.identity.client.msal.automationapp.testpass.broker.foci;
+
+import androidx.test.uiautomator.UiObject;
+
+import com.microsoft.identity.client.msal.automationapp.R;
+import com.microsoft.identity.client.msal.automationapp.testpass.broker.AbstractMsalBrokerTest;
+import com.microsoft.identity.client.ui.automation.annotations.LongUIAutomationTest;
+import com.microsoft.identity.client.ui.automation.annotations.RetryOnFailure;
+import com.microsoft.identity.client.ui.automation.annotations.SupportedBrokers;
+import com.microsoft.identity.client.ui.automation.app.AzureSampleApp;
+import com.microsoft.identity.client.ui.automation.app.OutlookApp;
+import com.microsoft.identity.client.ui.automation.app.WordApp;
+import com.microsoft.identity.client.ui.automation.broker.BrokerMicrosoftAuthenticator;
+import com.microsoft.identity.client.ui.automation.logging.Logger;
+import com.microsoft.identity.client.ui.automation.installer.LocalApkInstaller;
+import com.microsoft.identity.client.ui.automation.interaction.FirstPartyAppPromptHandlerParameters;
+import com.microsoft.identity.client.ui.automation.interaction.PromptParameter;
+import com.microsoft.identity.client.ui.automation.utils.CommonUtils;
+import com.microsoft.identity.client.ui.automation.utils.UiAutomatorUtils;
+import com.microsoft.identity.common.java.util.ThreadUtils;
+import com.microsoft.identity.labapi.utilities.client.ILabAccount;
+import com.microsoft.identity.labapi.utilities.client.LabQuery;
+import com.microsoft.identity.labapi.utilities.constants.AzureEnvironment;
+import com.microsoft.identity.labapi.utilities.constants.FederationProvider;
+import com.microsoft.identity.labapi.utilities.constants.TempUserType;
+import com.microsoft.identity.labapi.utilities.constants.UserType;
+import com.microsoft.identity.labapi.utilities.exception.LabApiException;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.concurrent.TimeUnit;
+
+// [Non-joined][FoCl] FoCl (Multi-users) with Outlook and Word
+// https://identitydivision.visualstudio.com/DevEx/_workitems/edit/833544
+@SupportedBrokers(brokers = {BrokerMicrosoftAuthenticator.class})
+@RetryOnFailure
+@LongUIAutomationTest
+public class TestCase833544 extends AbstractMsalBrokerTest {
+
+    @Test
+    public void test_833544() throws LabApiException {
+        final String username = mLabAccount.getUsername();
+        final String password = mLabAccount.getPassword();
+
+        final OutlookApp outlook = new OutlookApp(new LocalApkInstaller());
+
+        outlook.install();
+        outlook.launch();
+        outlook.handleFirstRun();
+
+        final FirstPartyAppPromptHandlerParameters promptHandlerParameters = FirstPartyAppPromptHandlerParameters.builder()
+                .prompt(PromptParameter.SELECT_ACCOUNT)
+                .loginHint(username)
+                .broker(mBroker)
+                .registerPageExpected(false)
+                .enrollPageExpected(false)
+                .consentPageExpected(false)
+                .speedBumpExpected(false)
+                .sessionExpected(false)
+                .expectingLoginPageAccountPicker(false)
+                .expectingBrokerAccountChooserActivity(false)
+                .build();
+
+        // add first account to Outlook
+        outlook.addFirstAccount(username, password, promptHandlerParameters);
+        outlook.onAccountAdded();
+        outlook.confirmAccount(username);
+
+        final WordApp wordApp = new WordApp(new LocalApkInstaller());
+
+        // open word
+        wordApp.install();
+        wordApp.launch();
+        wordApp.handleFirstRun();
+
+        // Word auto signs the user into with the account that was in Outlook
+        // Sometimes, it might take a bit longer to see this UI page in word app
+        final UiObject fileFetchScreen = UiAutomatorUtils.obtainUiObjectWithText("Fetching your files", TimeUnit.SECONDS.toMillis(45));
+        Assert.assertTrue(fileFetchScreen.exists());
+
+        // Make sure the account exists in Word
+        wordApp.confirmAccount(username);
+
+        // Steps from 833519
+        // Make sure a Non-FOCI app (Azure sample in this case) can't see the account
+        AzureSampleApp azureSample = new AzureSampleApp();
+        azureSample.install();
+        azureSample.launch();
+
+        // sign in silently into Azure Sample App, should see account picker and not get signed in
+        azureSample.signInSilentlyWithSingleAccountFragment(mBrowser, mBroker, false);
+
+        // Confirm that the account picker did show up
+        final UiObject accountPicker = UiAutomatorUtils.obtainUiObjectWithResourceId(CommonUtils.getResourceId(mBroker.getPackageName(), "account_chooser_listView"));
+        Assert.assertTrue(accountPicker.exists());
+
+        // Confirm that no account is logged in to AzureSampleApp
+        azureSample.forceStop();
+        azureSample.launch();
+        azureSample.confirmSignedIn("None");
+
+        // fetch another account from lab - someone from a different tenant
+        final LabQuery queryForAdfsV3Account = LabQuery.builder()
+                .userType(UserType.FEDERATED)
+                .federationProvider(FederationProvider.ADFS_V3)
+                .build();
+
+        final ILabAccount labAccountAdfsV3 = mLabClient.getLabAccount(queryForAdfsV3Account);
+
+        final String usernameV3 = labAccountAdfsV3.getUsername();
+        final String passwordV3 = labAccountAdfsV3.getPassword();
+
+        // relaunch Outlook
+        outlook.forceStop();
+        outlook.launch();
+
+        final FirstPartyAppPromptHandlerParameters outlookPromptParameters =
+                FirstPartyAppPromptHandlerParameters.builder()
+                        .expectingNonZeroAccountsInTSL(true)
+                        .prompt(PromptParameter.SELECT_ACCOUNT)
+                        .broker(mBroker)
+                        .consentPageExpected(false)
+                        .enrollPageExpected(false)
+                        .registerPageExpected(false)
+                        .isFederated(true)
+                        .expectingBrokerAccountChooserActivity(true)
+                        .expectingLoginPageAccountPicker(false)
+                        .howWouldYouLikeToSignInExpected(true)
+                        .loginHint(usernameV3)
+                        .sessionExpected(false)
+                        .speedBumpExpected(false)
+                        .build();
+
+        // add another account in Outlook
+        outlook.addAnotherAccount(usernameV3, passwordV3, outlookPromptParameters);
+
+        // Relaunching word right after outlook sign in is pressed leads to issues, sometimes the user is not signed in
+        ThreadUtils.sleepSafely(5000, "Sleep failed", "Interrupted");
+
+        // relaunch Word app
+        wordApp.forceStop();
+        wordApp.launch();
+
+        // We used to check for a flag to expect what new, which occasionally appears in our testing based on word version
+        // Let's just ignore any AssertionErrors that get thrown here, we don't know what to expect before hand anyway
+        try {
+            // Word shows a Whats New Dialog when the app is launched NEXT TIME after adding first account
+            final UiObject whatsNewDialog = UiAutomatorUtils.obtainUiObjectWithResourceId(
+                    "com.microsoft.office.word:id/WhatsNewDialogTitleTextView"
+            );
+
+            Assert.assertTrue(whatsNewDialog.exists());
+
+            // Click the close btn to close this dialog
+            UiAutomatorUtils.handleButtonClick("android:id/button2");
+        } catch (AssertionError e){
+            Logger.i(TestCase833544.class.getSimpleName(), "What's New Page did not appear: " + e.getMessage());
+        }
+
+        final FirstPartyAppPromptHandlerParameters wordPromptParameters =
+                FirstPartyAppPromptHandlerParameters.builder()
+                        .expectingNonZeroAccountsInTSL(true)
+                        .prompt(PromptParameter.SELECT_ACCOUNT)
+                        .broker(mBroker)
+                        .consentPageExpected(false)
+                        .enrollPageExpected(false)
+                        .registerPageExpected(false)
+                        .isFederated(true)
+                        .expectingBrokerAccountChooserActivity(true)
+                        .expectingLoginPageAccountPicker(false)
+                        .loginHint(usernameV3)
+                        .sessionExpected(true)
+                        .speedBumpExpected(false)
+                        .build();
+
+        // add another account in Word
+        wordApp.addAnotherAccount(usernameV3, passwordV3, wordPromptParameters);
+
+        // make sure this other account is in Word
+        wordApp.confirmAccount(usernameV3);
+    }
+
+    @Override
+    public LabQuery getLabQuery() {
+        return LabQuery.builder()
+                .azureEnvironment(AzureEnvironment.AZURE_CLOUD)
+                .build();
+    }
+
+    @Override
+    public TempUserType getTempUserType() {
+        return null;
+    }
+
+    @Override
+    public String[] getScopes() {
+        return new String[]{"User.read"};
+    }
+
+    @Override
+    public String getAuthority() {
+        return mApplication.getConfiguration().getDefaultAuthority().toString();
+    }
+
+    @Override
+    public int getConfigFileResourceId() {
+        return R.raw.msal_config_default;
+    }
+}
+2 −0		changelog.txt
+0 −34		common/src/main/java/com/microsoft/identity/common/internal/msafederation/IMsaFederatedCredentialCallback.kt
+1 −1		common/src/main/java/com/microsoft/identity/common/internal/msafederation/MsaFederatedSignInProviderFactory.kt
+2 −2		common/src/main/java/com/microsoft/identity/common/internal/msafederation/MsaFederationConstants.kt
+7 −9		common/src/main/java/com/microsoft/identity/common/internal/msafederation/google/GoogleSignInProvider.kt
+0 −34		...ain/java/com/microsoft/identity/common/internal/msafederation/google/ISignInWithGoogleCredentialCallback.kt
+14 −7		common/src/main/java/com/microsoft/identity/common/internal/msafederation/google/SignInWithGoogleApi.kt
+13 −3		common/src/main/java/com/microsoft/identity/common/internal/msafederation/google/SignInWithGoogleParameters.kt
+8 −9		common/src/test/java/com/microsoft/identity/common/internal/msafederation/google/GoogleSignInProviderTest.kt
+4 −2		common/src/test/java/com/microsoft/identity/common/internal/msafederation/google/MockGoogleSignInProvider.kt
+36 −23		common/src/test/java/com/microsoft/identity/common/internal/msafederation/google/SignInWithGoogleApiTest.kt
+12 −1		...src/test/java/com/microsoft/identity/common/internal/msafederation/google/SignInWithGoogleParametersTest.kt