Add mac broker support and a mac sample app (#5051)

Support dotnet mac broker flow for UI based app

---------

Co-authored-by: Feng Gao <[email protected]>
Co-authored-by: Gladwin Johnson <[email protected]>

Author: 3 people

LibsAndSamples.sln

@@ -182,6 +182,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "test", "tests\devapps\WAM\N
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ManagedIdentityTokenRevocation", "tests\devapps\Managed Identity apps\ManagedIdentityTokenRevocation\ManagedIdentityTokenRevocation.csproj", "{DA9C3258-DEF6-7794-9762-20CF7B826839}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MacMauiAppWithBroker", "tests\devapps\MacMauiAppWithBroker\MacMauiAppWithBroker.csproj", "{AEF6BB00-931F-4638-955D-24D735625C34}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug + MobileApps|Any CPU = Debug + MobileApps|Any CPU
@@ -1778,6 +1780,48 @@ Global
 		{DA9C3258-DEF6-7794-9762-20CF7B826839}.Release|x64.Build.0 = Release|Any CPU
 		{DA9C3258-DEF6-7794-9762-20CF7B826839}.Release|x86.ActiveCfg = Release|Any CPU
 		{DA9C3258-DEF6-7794-9762-20CF7B826839}.Release|x86.Build.0 = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|Any CPU.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|Any CPU.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|ARM.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|ARM.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|ARM64.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|ARM64.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|iPhone.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|iPhone.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|iPhoneSimulator.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|x64.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|x64.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|x86.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug + MobileApps|x86.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|ARM.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|ARM.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|ARM64.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|ARM64.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|iPhone.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|iPhone.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|iPhoneSimulator.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|iPhoneSimulator.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|x64.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Debug|x86.Build.0 = Debug|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|Any CPU.Build.0 = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|ARM.ActiveCfg = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|ARM.Build.0 = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|ARM64.ActiveCfg = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|ARM64.Build.0 = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|iPhone.ActiveCfg = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|iPhone.Build.0 = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|iPhoneSimulator.ActiveCfg = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|iPhoneSimulator.Build.0 = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|x64.ActiveCfg = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|x64.Build.0 = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|x86.ActiveCfg = Release|Any CPU
+		{AEF6BB00-931F-4638-955D-24D735625C34}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -1831,6 +1875,7 @@ Global
 		{87679336-95BE-47E4-B42B-8F6860A0B215} = {1A37FD75-94E9-4D6F-953A-0DABBD7B49E9}
 		{43BCA8C7-E9F4-4067-9F54-C2127B82B5E8} = {5FAAD966-36B8-4C19-A5FA-5410DD53063D}
 		{DA9C3258-DEF6-7794-9762-20CF7B826839} = {BCAEE9AE-8D3E-4C77-A2E4-134E1552D5F8}
+		{AEF6BB00-931F-4638-955D-24D735625C34} = {34BE693E-3496-45A4-B1D2-D3A0E068EEDB}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {020399A9-DC27-4B82-9CAA-EF488665AC27}

src/client/Microsoft.Identity.Client.Broker/BrokerExtension.cs

@@ -71,21 +71,21 @@ public static PublicClientApplicationBuilder WithSsoPolicy(this PublicClientAppl
 
         private static void AddRuntimeSupport(PublicClientApplicationBuilder builder)
         {
-            if (DesktopOsHelper.IsWin10OrServerEquivalent() || DesktopOsHelper.IsLinux())
+            if (DesktopOsHelper.IsWin10OrServerEquivalent() || DesktopOsHelper.IsLinux() || DesktopOsHelper.IsMac())
             {
                  builder.Config.BrokerCreatorFunc =
                      (uiParent, appConfig, logger) =>
                      {
                          logger.Info("[Runtime] Broker supported OS.");
                          return new RuntimeBroker(uiParent, appConfig, logger);
                      };
-            } 
+            }
             else
             {
                 builder.Config.BrokerCreatorFunc =
                    (uiParent, appConfig, logger) =>
                    {
-                       logger.Info("[RuntimeBroker] Not a Windows 10 or Server equivalent machine. Runtime broker or SsoPolicy support is not available.");
+                       logger.Warning($"[RuntimeBroker] Not available on the current platform.");
                        return new NullBroker(logger);
                    };
             }

src/client/Microsoft.Identity.Client.Broker/RuntimeBroker.cs

@@ -27,7 +27,7 @@ internal class RuntimeBroker : IBroker
         private readonly ILoggerAdapter _logger;
         private readonly IntPtr _parentHandle = IntPtr.Zero;
         internal const string ErrorMessageSuffix = " For more details see https://aka.ms/msal-net-wam";
-        private readonly BrokerOptions _wamOptions;
+        private readonly BrokerOptions _brokerOptions;
         private static Exception s_initException;
 
         // Linux broker's username password flow is via interactive calls
@@ -108,10 +108,25 @@ public RuntimeBroker(
                 s_lazyCore.Value.EnablePii(_logger.PiiLoggingEnabled);
             }
 
-            _parentHandle = GetParentWindow(uiParent);
+            // We need to set parent window handle for MSALRuntime on Windows.
+            // On Windows, WAM UI correctly parented will prevent issues like WAM UI being hidden by terminal app.
+            // The solution will be different on different platforms.
+            if (DesktopOsHelper.IsWindows())
+            {
+                _parentHandle = GetParentWindow(uiParent);
+            }
+            else
+            {
+                // TODO:ADO 3055958 Parent window handle support on mac
+                // Without setting parent window on macOS, the mac broker UI will show up in the middle
+                // of the screen, and keep in the foreground until UI dismissed.
+                // Technically, macOS broker only accept an objc pointer as window handle, currently we
+                // do not know how to get such kind of pointer in MAUI. The solution is still unclear.
+                _parentHandle = (IntPtr)1;
+            }
 
             // Broker options cannot be null
-            _wamOptions = appConfig.BrokerOptions;
+            _brokerOptions = appConfig.BrokerOptions;
         }
 
         private void LogEventRaised(NativeInterop.Core sender, LogEventArgs args)
@@ -138,7 +153,7 @@ public async Task<MsalTokenResponse> AcquireTokenInteractiveAsync(
             Debug.Assert(s_lazyCore.Value != null, "Should not call this API if MSAL runtime init failed");
 
             //need to provide a handle
-            if (_parentHandle == IntPtr.Zero)
+            if (DesktopOsHelper.IsWindows() && _parentHandle == IntPtr.Zero)
             {
                 throw new MsalClientException(
                     "window_handle_required",
@@ -161,7 +176,7 @@ public async Task<MsalTokenResponse> AcquireTokenInteractiveAsync(
             {
                 using (var authParams = WamAdapters.GetCommonAuthParameters(
                     authenticationRequestParameters,
-                    _wamOptions,
+                    _brokerOptions,
                     _logger))
                 {
                     using (var readAccountResult = await s_lazyCore.Value.ReadAccountByIdAsync(
@@ -216,7 +231,7 @@ private async Task<MsalTokenResponse> SignInInteractivelyAsync(
 
             using (var authParams = WamAdapters.GetCommonAuthParameters(
                 authenticationRequestParameters,
-                _wamOptions,
+                _brokerOptions,
                 _logger))
             {
                 //Login Hint
@@ -250,7 +265,7 @@ private async Task<MsalTokenResponse> AcquireTokenInteractiveDefaultUserAsync(
 
             using (var authParams = WamAdapters.GetCommonAuthParameters(
                 authenticationRequestParameters,
-                _wamOptions,
+                _brokerOptions,
                 _logger))
             {
                 using (NativeInterop.AuthResult result = await s_lazyCore.Value.SignInAsync(
@@ -291,7 +306,7 @@ public async Task<MsalTokenResponse> AcquireTokenSilentAsync(
 
             using (var authParams = WamAdapters.GetCommonAuthParameters(
                 authenticationRequestParameters,
-                _wamOptions,
+                _brokerOptions,
                 _logger))
             {
                 using (var readAccountResult = await s_lazyCore.Value.ReadAccountByIdAsync(
@@ -354,7 +369,7 @@ public async Task<MsalTokenResponse> AcquireTokenSilentDefaultUserAsync(
 
             using (var authParams = WamAdapters.GetCommonAuthParameters(
                 authenticationRequestParameters,
-                _wamOptions,
+                _brokerOptions,
                 _logger))
             {
                 using (NativeInterop.AuthResult result = await s_lazyCore.Value.SignInSilentlyAsync(
@@ -399,7 +414,7 @@ public async Task<MsalTokenResponse> AcquireTokenByUsernamePasswordAsync(
 
             using (AuthParameters authParams = WamAdapters.GetCommonAuthParameters(
                 authenticationRequestParameters,
-                _wamOptions,
+                _brokerOptions,
                 _logger))
             {
                 authParams.Properties["MSALRuntime_Username"] = acquireTokenByUsernamePasswordParameters.Username;
@@ -499,7 +514,7 @@ public async Task<IReadOnlyList<IAccount>> GetAccountsAsync(
             ICacheSessionManager cacheSessionManager,
             IInstanceDiscoveryManager instanceDiscoveryManager)
         {
-            if (!_wamOptions.ListOperatingSystemAccounts)
+            if (!_brokerOptions.ListOperatingSystemAccounts)
             {
                 _logger.Info("[RuntimeBroker] ListWindowsWorkAndSchoolAccounts option was not enabled.");
                 return Array.Empty<IAccount>();
@@ -608,7 +623,7 @@ public void HandleInstallUrl(string appLink)
 
         public bool IsBrokerInstalledAndInvokable(AuthorityType authorityType)
         {
-            if (!DesktopOsHelper.IsWin10OrServerEquivalent() && !DesktopOsHelper.IsLinux())
+            if (!DesktopOsHelper.IsWin10OrServerEquivalent() && !DesktopOsHelper.IsLinux() && !DesktopOsHelper.IsMac())
             {
                 _logger?.Warning("[RuntimeBroker] Not a supported operating system. WAM broker is not available. ");
                 return false;

src/client/Microsoft.Identity.Client/ApiConfig/BrokerOptions.cs

@@ -33,6 +33,10 @@ public enum OperatingSystems
             /// Use broker on Linux
             /// </summary>
             Linux = 0b_0000_0010,  // 2
+            /// <summary>
+            /// Use broker on OSX
+            /// </summary>
+            OSX = 0b_0000_0100,  // 4
         }
 
         /// <summary>
@@ -75,9 +79,9 @@ internal static BrokerOptions CreateFromWindowsOptions(WindowsBrokerOptions winO
         public bool MsaPassthrough { get; set; } = false;
 
         /// <summary>
-        /// Currently only supported on Windows and Linux
+        /// Currently supported on Windows, Linux and macOS
         /// Allows the Windows broker to list Work and School accounts as part of the <see cref="ClientApplicationBase.GetAccountsAsync()"/>
-        /// Linux broker will discover accounts as part of the <see cref="ClientApplicationBase.GetAccountsAsync()"/>
+        /// Linux and macOS broker will discover accounts as part of the <see cref="ClientApplicationBase.GetAccountsAsync()"/>
         /// </summary>        
         public bool ListOperatingSystemAccounts { get; set; }
 
@@ -90,6 +94,11 @@ internal bool IsBrokerEnabledOnCurrentOs()
                 return true;
             }
 
+            if (EnabledOn.HasFlag(OperatingSystems.OSX) && DesktopOsHelper.IsMac())
+            {
+                return true;
+            }
+
             return false;
         }
     }

src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/DesktopOsHelper.cs

@@ -47,14 +47,15 @@ public static bool IsLinux()
 
         public static bool IsMac()
         {
-#if MAC
-            return true;
+#if __MOBILE__
+            return false;
 #elif NETFRAMEWORK
             return Environment.OSVersion.Platform == PlatformID.MacOSX;
-#elif !__MOBILE__ 
-            return RuntimeInformation.IsOSPlatform(OSPlatform.OSX);
+#elif NET8_0_OR_GREATER
+            string OSDescription = RuntimeInformation.OSDescription;
+            return OSDescription.Contains("Darwin", StringComparison.OrdinalIgnoreCase);
 #else
-            return false;
+            return RuntimeInformation.IsOSPlatform(OSPlatform.OSX);
 #endif
         }
 

src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt

@@ -0,0 +1 @@
+Microsoft.Identity.Client.BrokerOptions.OperatingSystems.OSX = 4 -> Microsoft.Identity.Client.BrokerOptions.OperatingSystems

src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt

@@ -0,0 +1 @@
+Microsoft.Identity.Client.BrokerOptions.OperatingSystems.OSX = 4 -> Microsoft.Identity.Client.BrokerOptions.OperatingSystems

src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt

@@ -0,0 +1 @@
+Microsoft.Identity.Client.BrokerOptions.OperatingSystems.OSX = 4 -> Microsoft.Identity.Client.BrokerOptions.OperatingSystems

src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt

@@ -0,0 +1 @@
+Microsoft.Identity.Client.BrokerOptions.OperatingSystems.OSX = 4 -> Microsoft.Identity.Client.BrokerOptions.OperatingSystems

src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt

@@ -0,0 +1 @@
+Microsoft.Identity.Client.BrokerOptions.OperatingSystems.OSX = 4 -> Microsoft.Identity.Client.BrokerOptions.OperatingSystems