Merge release 1.3.3 to main (#2165)

* Update msal-release-ado-trigger.yml for Azure Pipelines

* Update msal-release-ado-trigger.yml for Azure Pipelines

* Update msal-release-ado-trigger.yml for Azure Pipelines

* Update msal-release-ado-trigger.yml for Azure Pipelines

* Update msal-release-ado-trigger.yml for Azure Pipelines

* Update msal-release-ado-trigger.yml for Azure Pipelines

* Delete spm-framework.yml

* Update from dev

* remove test

* Reintroduce Minimum OS Version Requirements to Readme

Reintroducing minimum version indicators that were [mistakenly?] removed in #2080

* So support ssh-cert flow through broker (Update submodule only) (#2134)

* cc update

* Update submodule

* Update submodule

* ID Token should be updated when Access Token is refreshed/acquired silently (#2141)

* Changed refresh token to update account and tokens on UserAccountResult

* Unit tests

* Swiftlint

* Updated code comment

* PR Comments

* Update automation.yml for Azure Pipelines

* Update automation.yml for Azure Pipelines

* Update automation.yml for Azure Pipelines

* This PR removes the ADAL keyvault and client secret (#2150)

* Update submodule

* Update yml file

* Revert conf file from testings

* Update msal submodule (#2160)

* Update core.

* Bump version.

* modified:   CHANGELOG.md

* modified:   IdentityCore

---------

Co-authored-by: Ameya Patil <[email protected]>
Co-authored-by: Ameya <>
Co-authored-by: Antonio Alwan <[email protected]>
Co-authored-by: Hieu Nguyen <[email protected]>
Co-authored-by: Ameya Patil <[email protected]>
Co-authored-by: Hieu Nguyen <[email protected]>
Co-authored-by: Brian Melton-Grace <[email protected]>
Co-authored-by: Kai <[email protected]>
Co-authored-by: Silviu Petrescu <[email protected]>
Co-authored-by: Swasti Gupta <[email protected]>

Author: 8 people

CHANGELOG.md

@@ -1,3 +1,7 @@
+## [1.3.3]
+* Update common core submodule.
+* Automation improvements.
+
 ## [1.3.2]
 * Add forceRefresh param to ignore AT in cache and request a new AT.
 

MSAL.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "MSAL"
-  s.version      = "1.3.2"
+  s.version      = "1.3.3"
   s.summary      = "Microsoft Authentication Library (MSAL) for iOS"
   s.description  = <<-DESC
                    The MSAL library for iOS gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Microsoft Azure B2C for those using our hosted identity management service.

MSAL/IdentityCore

@@ -761,7 +761,6 @@
 		B2C17B0A1FC8DB2E0070A514 /* MSIDVersion.m in Sources */ = {isa = PBXBuildFile; fileRef = B2C17B091FC8DB2E0070A514 /* MSIDVersion.m */; };
 		B2C17B0B1FC8DB2E0070A514 /* MSIDVersion.m in Sources */ = {isa = PBXBuildFile; fileRef = B2C17B091FC8DB2E0070A514 /* MSIDVersion.m */; };
 		B2D0A38321C708CF0071E0DA /* MSALADFSv4FederatedTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B21F9DE72120E85100B1B40C /* MSALADFSv4FederatedTests.m */; };
-		B2D0A38821C709C30071E0DA /* MSALShibUITests.m in Sources */ = {isa = PBXBuildFile; fileRef = B21F9DEE2120F0E800B1B40C /* MSALShibUITests.m */; };
 		B2D0A38A21C70AF50071E0DA /* MSALPingUITests.m in Sources */ = {isa = PBXBuildFile; fileRef = B21F9DEC2120EB3E00B1B40C /* MSALPingUITests.m */; };
 		B2D0A38E21C71B8C0071E0DA /* MSALGuestUserTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B21F9DF02120F5CE00B1B40C /* MSALGuestUserTests.m */; };
 		B2D0A38F21C71D900071E0DA /* MSALCacheRemovalTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B2C232AA2122A6A5008092C1 /* MSALCacheRemovalTests.m */; };
@@ -5555,7 +5554,6 @@
 				B2A1C33F21C7038D00DDAE8E /* MSALADFSv3FederatedTests.m in Sources */,
 				B2F4572A211C0B4800818910 /* MSALBaseAADUITest.m in Sources */,
 				B282255C23EF811F0007DFE4 /* MSALB2CInteractiveTests.m in Sources */,
-				B2D0A38821C709C30071E0DA /* MSALShibUITests.m in Sources */,
 				B2BB73732112C32C000EA4C5 /* MSALAADBasicInteractiveTests.m in Sources */,
 				B2D0A38E21C71B8C0071E0DA /* MSALGuestUserTests.m in Sources */,
 				B2D0A39221C72C740071E0DA /* MSALMSABasicInteractiveTests.m in Sources */,

MSAL/MSAL.xcodeproj/project.pbxproj

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.3.2</string>
+	<string>1.3.3</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSPrincipalClass</key>

MSAL/resources/ios/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.3.2</string>
+	<string>1.3.3</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>

MSAL/resources/mac/Info.plist

@@ -27,7 +27,7 @@
 
 #define MSAL_VER_HIGH       1
 #define MSAL_VER_LOW        3
-#define MSAL_VER_PATCH      2
+#define MSAL_VER_PATCH      3
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

MSAL/src/MSAL_Internal.h

@@ -83,7 +83,9 @@ final class MSALNativeAuthCredentialsController: MSALNativeAuthTokenController,
         return nil
     }
 
-    func refreshToken(context: MSALNativeAuthRequestContext, authTokens: MSALNativeAuthTokens) async -> RefreshTokenCredentialControllerResponse {
+    func refreshToken(context: MSALNativeAuthRequestContext,
+                      authTokens: MSALNativeAuthTokens,
+                      userAccountResult: MSALNativeAuthUserAccountResult) async -> RefreshTokenCredentialControllerResponse {
         MSALLogger.log(level: .verbose, context: context, format: "Refresh started")
         let telemetryEvent = makeAndStartTelemetryEvent(id: .telemetryApiIdRefreshToken, context: context)
         let scopes = authTokens.accessToken.scopes.array as? [String] ?? []
@@ -104,7 +106,8 @@ final class MSALNativeAuthCredentialsController: MSALNativeAuthTokenController,
             response,
             scopes: scopes,
             context: context,
-            telemetryEvent: telemetryEvent
+            telemetryEvent: telemetryEvent,
+            userAccountResult: userAccountResult
         )
     }
 
@@ -147,7 +150,8 @@ final class MSALNativeAuthCredentialsController: MSALNativeAuthTokenController,
         _ response: MSALNativeAuthTokenValidatedResponse,
         scopes: [String],
         context: MSALNativeAuthRequestContext,
-        telemetryEvent: MSIDTelemetryAPIEvent?
+        telemetryEvent: MSIDTelemetryAPIEvent?,
+        userAccountResult: MSALNativeAuthUserAccountResult
     ) -> RefreshTokenCredentialControllerResponse {
         let config = factory.makeMSIDConfiguration(scopes: scopes)
         switch response {
@@ -156,7 +160,8 @@ final class MSALNativeAuthCredentialsController: MSALNativeAuthTokenController,
                 tokenResponse: tokenResponse,
                 telemetryEvent: telemetryEvent,
                 context: context,
-                config: config
+                config: config,
+                userAccountResult: userAccountResult
             )
         case .error(let errorType):
             let error = errorType.convertToRetrieveAccessTokenError(correlationId: context.correlationId())
@@ -173,21 +178,23 @@ final class MSALNativeAuthCredentialsController: MSALNativeAuthTokenController,
         tokenResponse: MSIDTokenResponse,
         telemetryEvent: MSIDTelemetryAPIEvent?,
         context: MSALNativeAuthRequestContext,
-        config: MSIDConfiguration
+        config: MSIDConfiguration,
+        userAccountResult: MSALNativeAuthUserAccountResult
     ) -> RefreshTokenCredentialControllerResponse {
         do {
             let tokenResult = try cacheTokenResponse(tokenResponse, context: context, msidConfiguration: config)
-            MSALLogger.log(
-                level: .verbose,
-                context: context,
-                format: "Refresh Token completed successfully")
-            // TODO: Handle tokenResult.refreshToken as? MSIDRefreshToken in a safer way
-            return .init(
-                .success(MSALNativeAuthTokenResult(authTokens: MSALNativeAuthTokens(
-                    accessToken: tokenResult.accessToken,
-                    refreshToken: tokenResult.refreshToken as? MSIDRefreshToken,
-                    rawIdToken: tokenResult.rawIdToken
-                ))),
+            let account =  factory.makeAccount(tokenResult: tokenResult, context: context)
+            guard let authTokens = factory.makeAuthTokens(tokenResult: tokenResult, context: context) else {
+                let error = RetrieveAccessTokenError(type: .generalError, correlationId: context.correlationId())
+                MSALLogger.log(
+                    level: .error,
+                    context: context,
+                    format: "Auth Tokens could not be created")
+                stopTelemetryEvent(telemetryEvent, context: context, error: error)
+                return .init(.failure(error), correlationId: context.correlationId())
+            }
+            userAccountResult.refreshData(authTokens: authTokens, account: account)
+            return .init(.success(MSALNativeAuthTokenResult(authTokens: authTokens)),
                 correlationId: context.correlationId(),
                 telemetryUpdate: { [weak self] result in
                 telemetryEvent?.setUserInformation(tokenResult.account)

MSAL/src/native_auth/controllers/credentials/MSALNativeAuthCredentialsController.swift

@@ -29,5 +29,7 @@ protocol MSALNativeAuthCredentialsControlling {
     MSALNativeAuthControllerTelemetryWrapper<Result<MSALNativeAuthTokenResult, RetrieveAccessTokenError>>
 
     func retrieveUserAccountResult(context: MSALNativeAuthRequestContext) -> MSALNativeAuthUserAccountResult?
-    func refreshToken(context: MSALNativeAuthRequestContext, authTokens: MSALNativeAuthTokens) async -> RefreshTokenCredentialControllerResponse
+    func refreshToken(context: MSALNativeAuthRequestContext,
+                      authTokens: MSALNativeAuthTokens,
+                      userAccountResult: MSALNativeAuthUserAccountResult) async -> RefreshTokenCredentialControllerResponse
 }

MSAL/src/native_auth/controllers/credentials/MSALNativeAuthCredentialsControlling.swift

@@ -28,6 +28,10 @@ protocol MSALNativeAuthResultBuildable {
 
     var config: MSALNativeAuthConfiguration {get}
 
+    func makeAccount(tokenResult: MSIDTokenResult, context: MSIDRequestContext) -> MSALAccount
+
+    func makeAuthTokens(tokenResult: MSIDTokenResult, context: MSIDRequestContext) -> MSALNativeAuthTokens?
+
     func makeUserAccountResult(tokenResult: MSIDTokenResult, context: MSIDRequestContext) -> MSALNativeAuthUserAccountResult?
 
     func makeUserAccountResult(account: MSALAccount, authTokens: MSALNativeAuthTokens) -> MSALNativeAuthUserAccountResult?
@@ -45,42 +49,50 @@ final class MSALNativeAuthResultFactory: MSALNativeAuthResultBuildable {
         self.cacheAccessor = cacheAccessor
     }
 
-    func makeUserAccountResult(tokenResult: MSIDTokenResult, context: MSIDRequestContext) -> MSALNativeAuthUserAccountResult? {
+    func makeAccount(tokenResult: MSIDTokenResult, context: MSIDRequestContext) -> MSALAccount {
         var jsonDictionary: [AnyHashable: Any]?
         do {
             let claims = try MSIDIdTokenClaims.init(rawIdToken: tokenResult.rawIdToken)
             jsonDictionary = claims.jsonDictionary()
             if jsonDictionary == nil {
                 MSALLogger.log(
-                    level: .error,
+                    level: .warning,
                     context: context,
                     format: "Initialising account without claims")
             }
         } catch {
             MSALLogger.log(
-                level: .error,
+                level: .warning,
                 context: context,
                 format: "Claims for account could not be created - \(error)" )
         }
-        guard let account = MSALAccount.init(msidAccount: tokenResult.account,
-                                             createTenantProfile: false,
-                                             accountClaims: jsonDictionary) else {
+        return MSALAccount.init(msidAccount: tokenResult.account,
+                                createTenantProfile: false,
+                                accountClaims: jsonDictionary)
+    }
+
+    func makeAuthTokens(tokenResult: MSIDTokenResult, context: MSIDRequestContext) -> MSALNativeAuthTokens? {
+        guard let refreshToken = tokenResult.refreshToken as? MSIDRefreshToken else {
             MSALLogger.log(
                 level: .error,
                 context: context,
-                format: "Account could not be created")
+                format: "Refresh token invalid, account result could not be created")
             return nil
         }
-        guard let refreshToken = tokenResult.refreshToken as? MSIDRefreshToken else {
+        return MSALNativeAuthTokens(accessToken: tokenResult.accessToken,
+                                              refreshToken: refreshToken,
+                                              rawIdToken: tokenResult.rawIdToken)
+    }
+
+    func makeUserAccountResult(tokenResult: MSIDTokenResult, context: MSIDRequestContext) -> MSALNativeAuthUserAccountResult? {
+        let account =  makeAccount(tokenResult: tokenResult, context: context)
+        guard let authTokens = makeAuthTokens(tokenResult: tokenResult, context: context) else {
             MSALLogger.log(
                 level: .error,
                 context: context,
-                format: "Refresh token invalid, account result could not be created")
+                format: "Auth Tokens could not be created")
             return nil
         }
-        let authTokens = MSALNativeAuthTokens(accessToken: tokenResult.accessToken,
-                                              refreshToken: refreshToken,
-                                              rawIdToken: tokenResult.rawIdToken)
         return .init(account: account, authTokens: authTokens, configuration: config, cacheAccessor: cacheAccessor)
     }