Merge pull request #2618 from AzureAD/release/2.0.0

Merge Release/2.0.0 back to dev

Author: fidelianawar

CHANGELOG.md

@@ -1,11 +1,12 @@
-## [TBD]
+## [2.0.0]
 * Use a single family refresh token (#2550)
 * Removed deprecated APIs, including legacy initializers, account management methods and token acquisition methods, and the MSALTelemetry interface (#2577)
 * Enforced requirement for a valid ParentViewController (with a window) in interactive token requests (#2590)
 * Removed deprecated methods from native auth public interface (#2588)
 * Removed the deprecated MSALLogger interface and implementation class (#2591)
 * Enforced a valid broker-capable redirect URI format for AAD scenarios (#2592)
 * Merged the MSALAccount (MultiTenantAccount) category into the MSALAccount protocol and removed the MSALAccount+MultiTenantAccount.h (#2594)
+* Added [MSAL 2.x Migration Guide](docs/MSAL_2x_Migration_Guide.md) to assist developers in upgrading from MSAL 1.x to 2.x. (#2614)
 
 ## [1.9.0]
 * Add feature flags provider to be controlled from broker (#2540)

MSAL.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "MSAL"
-  s.version      = "1.9.0"
+  s.version      = "2.0.0"
   s.summary      = "Microsoft Authentication Library (MSAL) for iOS"
   s.description  = <<-DESC
                    The MSAL library for iOS gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Microsoft Azure B2C for those using our hosted identity management service.

MSAL/IdentityCore

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.9.0</string>
+	<string>2.0.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSPrincipalClass</key>

MSAL/resources/ios/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.9.0</string>
+	<string>2.0.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>

MSAL/resources/mac/Info.plist

@@ -25,8 +25,8 @@
 //
 //------------------------------------------------------------------------------
 
-#define MSAL_VER_HIGH       1
-#define MSAL_VER_LOW        9
+#define MSAL_VER_HIGH       2
+#define MSAL_VER_LOW        0
 #define MSAL_VER_PATCH      0
 
 #define STR_HELPER(x) #x

MSAL/src/MSAL_Internal.h

@@ -277,11 +277,19 @@ final class MSALNativeAuthJITController: MSALNativeAuthBaseController, MSALNativ
                                                          telemetryId: .telemetryApiISignInAfterJIT,
                                                          context: context)
             switch response.result {
-            case .success(let account):
+            case .completed(let account):
                 return .init(.completed(account), correlationId: context.correlationId(), telemetryUpdate: { [weak self] result in
                     self?.stopTelemetryEvent(signInEvent, context: context, delegateDispatcherResult: result)
                 })
-            case .failure(let error):
+            case .jitAuthMethodsSelectionRequired(_, _):
+                return .init(.error(error: .init(type: .generalError,
+                                                 message: "Unexpected result received when trying to signIn: strong authentication method registration required.",
+                                                 correlationId: context.correlationId(),
+                                                 errorCodes: [],
+                                                 errorUri: nil),
+                                    newState: nil),
+                             correlationId: context.correlationId())
+            case .error(let error):
                 return .init(.error(error: .init(type: .generalError,
                                                  message: error.errorDescription,
                                                  correlationId: error.correlationId,

MSAL/src/native_auth/controllers/jit/MSALNativeAuthJITController.swift

@@ -46,3 +46,9 @@ enum SignInVerifyCodeResult {
     case completed(MSALNativeAuthUserAccountResult)
     case error(error: VerifyCodeError, newState: SignInCodeRequiredState?)
 }
+
+enum SignInAfterPreviousFlowResult {
+    case completed(MSALNativeAuthUserAccountResult)
+    case jitAuthMethodsSelectionRequired(authMethods: [MSALAuthMethod], newState: RegisterStrongAuthState)
+    case error(error: MSALNativeAuthError)
+}

MSAL/src/native_auth/controllers/responses/SignInResults.swift

@@ -128,7 +128,7 @@ final class MSALNativeAuthSignInController: MSALNativeAuthTokenController, MSALN
                                      format: "SignIn after previous flow not available because continuationToken is nil")
             let error = SignInAfterSignUpError(message: MSALNativeAuthErrorMessage.signInNotAvailable, correlationId: context.correlationId())
             stopTelemetryEvent(telemetryInfo, error: error)
-            return .init(.failure(error), correlationId: context.correlationId())
+            return .init(.error(error: error), correlationId: context.correlationId())
         }
         let scopes = joinScopes(scopes)
         guard let request = createTokenRequest(
@@ -141,7 +141,7 @@ final class MSALNativeAuthSignInController: MSALNativeAuthTokenController, MSALN
         ) else {
             let error = SignInAfterSignUpError(correlationId: context.correlationId())
             stopTelemetryEvent(telemetryInfo, error: error)
-            return .init(.failure(error), correlationId: context.correlationId())
+            return .init(.error(error: error), correlationId: context.correlationId())
         }
         let response = await performAndValidateTokenRequest(request, context: context)
         let result = await handleTokenResponse(response,
@@ -150,56 +150,30 @@ final class MSALNativeAuthSignInController: MSALNativeAuthTokenController, MSALN
                                                telemetryInfo: telemetryInfo)
         switch result {
         case .success(let accountResult):
-        return .init(.success(accountResult), correlationId: context.correlationId(), telemetryUpdate: { [weak self] result in
+            return .init(.completed(accountResult), correlationId: context.correlationId(), telemetryUpdate: { [weak self] result in
                             self?.stopTelemetryEvent(telemetryInfo.event, context: context, delegateDispatcherResult: result)
                         })
         case .awaitingMFA(_):
             let error = SignInAfterSignUpError(correlationId: context.correlationId())
             MSALNativeAuthLogger.log(level: .error, context: context, format: "SignIn: received unexpected MFA required API result")
             self.stopTelemetryEvent(telemetryInfo.event, context: context, error: error)
-            return .init(.failure(error), correlationId: context.correlationId())
+            return .init(.error(error: error), correlationId: context.correlationId())
         case .jitAuthMethodsSelectionRequired(let authMethods, let jitRequiredState):
             MSALNativeAuthLogger.log(level: .info, context: context, format: "JIT required after sing in after previous flow")
-            let jitController = createJITController()
-            guard let authMethod = authMethods.first else {
-                let error = SignInAfterSignUpError(correlationId: context.correlationId())
-                MSALNativeAuthLogger.log(level: .error, context: context, format: "JIT required, did not receive any default methods")
-                self.stopTelemetryEvent(telemetryInfo.event, context: context, error: error)
-                return .init(.failure(error), correlationId: context.correlationId())
-            }
-            let jitChallengeResponse = await jitController.requestJITChallenge(
-                continuationToken: jitRequiredState.continuationToken,
-                authMethod: authMethod,
-                verificationContact: nil,
-                context: context)
-            switch jitChallengeResponse.result {
-            case .completed(let accountResult):
-                return .init(.success(accountResult), correlationId: context.correlationId(), telemetryUpdate: { [weak self] result in
+            return .init(
+                .jitAuthMethodsSelectionRequired(authMethods: authMethods, newState: jitRequiredState),
+                correlationId: context.correlationId(),
+                telemetryUpdate: { [weak self] result in
                     self?.stopTelemetryEvent(telemetryInfo.event, context: context, delegateDispatcherResult: result)
                 })
-            case .verificationRequired(_, _, _, _):
-                let error = SignInAfterSignUpError(correlationId: context.correlationId())
-                MSALNativeAuthLogger.log(level: .error,
-                                  context: context,
-                                  format: "Request JIT challenge, received verification required on SignInAfterPreviousFlow")
-                self.stopTelemetryEvent(telemetryInfo.event, context: context, error: error)
-                return .init(.failure(error), correlationId: context.correlationId())
-            case .error(let apiError, _):
-                let error = SignInAfterSignUpError(correlationId: context.correlationId())
-                MSALNativeAuthLogger.logPII(level: .error,
-                                  context: context,
-                                  format: "Request JIT challenge, received invalid response \(MSALLogMask.maskPII(apiError.errorDescription))")
-                self.stopTelemetryEvent(telemetryInfo.event, context: context, error: error)
-                return .init(.failure(error), correlationId: context.correlationId())
-            }
         case .error(let error):
             let error = SignInAfterSignUpError(
                         message: error.errorDescription,
                         correlationId: error.correlationId,
                         errorCodes: error.errorCodes,
                         errorUri: error.errorUri
                     )
-                    return .init(.failure(error), correlationId: context.correlationId())
+                    return .init(.error(error: error), correlationId: context.correlationId())
         }
     }
 

MSAL/src/native_auth/controllers/sign_in/MSALNativeAuthSignInController.swift

@@ -28,7 +28,7 @@ protocol MSALNativeAuthSignInControlling {
 
     typealias SignInControllerResponse = MSALNativeAuthControllerTelemetryWrapper<SignInStartResult>
     typealias SignInAfterPreviousFlowControllerResponse =
-        MSALNativeAuthControllerTelemetryWrapper<Result<MSALNativeAuthUserAccountResult, MSALNativeAuthError>>
+        MSALNativeAuthControllerTelemetryWrapper<SignInAfterPreviousFlowResult>
     typealias SignInSubmitCodeControllerResponse = MSALNativeAuthControllerTelemetryWrapper<SignInVerifyCodeResult>
     typealias SignInSubmitPasswordControllerResponse = MSALNativeAuthControllerTelemetryWrapper<SignInPasswordRequiredResult>
     typealias SignInResendCodeControllerResponse = MSALNativeAuthControllerTelemetryWrapper<SignInResendCodeResult>