Plugin XPC related UI into MSAL Mac Sample app and update commonCore (#2571)

kaisong1990 · Kai Song · Kai Song · web-flow · commit 13eccf36097a · 2025-05-16T13:04:33.000-07:00
* Support XPC mode and add MSAL Mac test app inot the xpc app group

* Update commoncore

* update commot core

* add xpc support in sample app

* Update submodule

* Update property name

* Update storyboard and new options for testing app

* move UI from bg from test app

* Update interactive flow and assign XPC mode value

* Update commoncore

* Update change log and commoncore

* Update MSAL xpc mode naming

* switch companion and backup in xpc mode

* Update commoncore

---------

Co-authored-by: Kai Song &lt;kai@Kais-MacBook-Pro.local&gt;
Co-authored-by: Kai Song &lt;kai@mac.lan&gt;
Co-authored-by: kai &lt;kasong@microsoft.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## TBD
+* Integrate Broker XPC service into Mac Sample app
+
 ## [2.0.0]
 * Use a single family refresh token (#2550)
 * Removed deprecated APIs, including legacy initializers, account management methods and token acquisition methods, and the MSALTelemetry interface (#2577)
diff --git a/MSAL/IdentityCore b/MSAL/IdentityCore
@@ -1 +1 @@
-Subproject commit bc0e612d60ab0a4a6eaa330ca6edadec070ee499
+Subproject commit b612b0e929aab7b41cd4b941e8d0d14a0bde676c
diff --git a/MSAL/MSAL.xcodeproj/project.pbxproj b/MSAL/MSAL.xcodeproj/project.pbxproj
@@ -5959,7 +5959,6 @@
 					};
 					1E614BD922558D8300EBF62F = {
 						CreatedOnToolsVersion = 10.1;
-						DevelopmentTeam = UBF8T346G9;
 						SystemCapabilities = {
 							com.apple.Keychain = {
 								enabled = 0;
@@ -8011,12 +8010,13 @@
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_ENTITLEMENTS = test/app/mac/MSALMacTestApp.entitlements;
-				CODE_SIGN_IDENTITY = "Mac Developer";
+				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
 				COPY_PHASE_STRIP = NO;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				DEVELOPMENT_TEAM = UBF8T346G9;
+				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu11;
@@ -8084,12 +8084,13 @@
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_ENTITLEMENTS = test/app/mac/MSALMacTestApp.entitlements;
-				CODE_SIGN_IDENTITY = "Mac Developer";
+				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
 				COPY_PHASE_STRIP = NO;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				DEVELOPMENT_TEAM = UBF8T346G9;
+				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_NS_ASSERTIONS = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu11;
diff --git a/MSAL/MSAL.xcodeproj/xcshareddata/xcschemes/MSAL (Mac Framework).xcscheme b/MSAL/MSAL.xcodeproj/xcshareddata/xcschemes/MSAL (Mac Framework).xcscheme
@@ -26,7 +26,8 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES">
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      codeCoverageEnabled = "YES">
       <MacroExpansion>
          <BuildableReference
             BuildableIdentifier = "primary"
diff --git a/MSAL/src/MSALPublicClientApplication.m b/MSAL/src/MSALPublicClientApplication.m
@@ -718,6 +718,16 @@ - (void)acquireTokenSilentWithParameters:(MSALSilentTokenParameters *)parameters
     msidParams.validateAuthority = shouldValidate;
     msidParams.extendedLifetimeEnabled = self.internalConfig.extendedLifetimeEnabled;
     msidParams.clientCapabilities = self.internalConfig.clientApplicationCapabilities;
+#if TARGET_OS_OSX && DEBUG
+    msidParams.xpcMode = (NSUInteger)parameters.msalXpcMode;
+#elif TARGET_OS_OSX
+    if (parameters.msalXpcMode == MSALXpcModePrimary)
+    {
+        parameters.msalXpcMode = MSALXpcModeDisabled;
+    }
+    
+    msidParams.xpcMode = (NSUInteger)parameters.msalXpcMode;
+#endif
         
     // Extra parameters to be added to the /token endpoint.
     msidParams.extraTokenRequestParameters = self.internalConfig.extraQueryParameters.extraTokenURLParameters;
@@ -1064,6 +1074,16 @@ - (void)acquireTokenWithParameters:(MSALInteractiveTokenParameters *)parameters
     msidParams.currentRequestTelemetry.schemaVersion = HTTP_REQUEST_TELEMETRY_SCHEMA_VERSION;
     msidParams.currentRequestTelemetry.apiId = [msidParams.telemetryApiId integerValue];
     msidParams.currentRequestTelemetry.tokenCacheRefreshType = TokenCacheRefreshTypeNoCacheLookupInvolved;
+#if TARGET_OS_OSX && DEBUG
+    msidParams.xpcMode = (NSUInteger)parameters.msalXpcMode;
+#elif TARGET_OS_OSX
+    if (parameters.msalXpcMode == MSALXpcModePrimary)
+    {
+        parameters.msalXpcMode = MSALXpcModeDisabled;
+    }
+    
+    msidParams.xpcMode = (NSUInteger)parameters.msalXpcMode;
+#endif
     
 #if TARGET_OS_OSX
     msidParams.clientSku = MSID_CLIENT_SKU_MSAL_OSX;
diff --git a/MSAL/src/public/MSALDefinitions.h b/MSAL/src/public/MSALDefinitions.h
@@ -194,6 +194,37 @@ typedef NS_ENUM(NSUInteger, MSALPreferredAuthMethod)
     MSALPreferredAuthMethodNone
 };
 
+#if TARGET_OS_OSX
+
+/**
+ Preferred Xpc mode for MSAL requests. Can be configured by developers MSAL integration
+ */
+typedef NS_ENUM(NSUInteger, MSALXpcMode)
+{
+    /*
+        Broker Xpc service call is disabled
+    */
+    MSALXpcModeDisabled,
+    /*
+        Broker Xpc service call is only used as a backup service when SsoExtension service failed.
+        If SsoExtenion is not available on the device (canPerformRequest returns false), Broker Xpc service call will be disabled
+    */
+    MSALXpcModeSSOExtCompanion,
+    /*
+        Broker Xpc service call is used as a backup call when SsoExtension service failed.
+        If SsoExtenion is not available on the device, Xpc service call will be the primary auth service
+    */
+    MSALXpcModeSSOExtBackup,
+    
+    /*
+        Development only: Broker Xpc service is used as main Sso service, and ignored SsoExtension service completely.
+        This option will be ignored if used in production and will be treated same as MSALXpcModeDisable
+    */
+    MSALXpcModePrimary
+};
+
+#endif
+
 /**
     The block that gets invoked after MSAL has finished getting a token silently or interactively.
     @param result       Represents information returned to the application after a successful interactive or silent token acquisition. See `MSALResult` for more information.
diff --git a/MSAL/src/public/MSALTokenParameters.h b/MSAL/src/public/MSALTokenParameters.h
@@ -87,6 +87,16 @@ NS_ASSUME_NONNULL_BEGIN
  */
 @property (nonatomic, nullable) id<MSALAuthenticationSchemeProtocol> authenticationScheme;
 
+#if TARGET_OS_OSX
+
+/**
+ Broker Xpc service mode defined by developer. This service can be used a backup service on top of today's Entra ID SingleSignOn extension or an isolated service if tenant has no Entra ID SingleSignOn extension deployed
+ */
+
+@property (nonatomic) MSALXpcMode msalXpcMode;
+
+#endif
+
 #pragma mark - Creating MSALTokenParameters
 
 /**
diff --git a/MSAL/test/app/mac/Base.lproj/Main.storyboard b/MSAL/test/app/mac/Base.lproj/Main.storyboard
diff --git a/MSAL/test/app/mac/MSALAcquireTokenViewController.m b/MSAL/test/app/mac/MSALAcquireTokenViewController.m
diff --git a/MSAL/test/app/mac/MSALMacTestApp.entitlements b/MSAL/test/app/mac/MSALMacTestApp.entitlements
