Merge from 'dev' conflicts:

- MSAL/IdentityCore

Author: juan-arias

MSAL/IdentityCore

@@ -53,12 +53,10 @@ class MSALNativeAuthTokenController: MSALNativeAuthBaseController {
 
     func performAndValidateTokenRequest(
         _ request: MSIDHttpRequest,
-        config: MSIDConfiguration,
         context: MSALNativeAuthRequestContext) async -> MSALNativeAuthTokenValidatedResponse {
             let ciamTokenResponse: Result<MSIDCIAMTokenResponse, Error> = await performTokenRequest(request, context: context)
             return responseValidator.validate(
                 context: context,
-                msidConfiguration: config,
                 result: ciamTokenResponse
             )
         }
@@ -76,7 +74,7 @@ class MSALNativeAuthTokenController: MSALNativeAuthBaseController {
     func createTokenRequest(
         username: String? = nil,
         password: String? = nil,
-        scopes: [String],
+        scopes: [String]? = nil,
         continuationToken: String? = nil,
         oobCode: String? = nil,
         grantType: MSALNativeAuthGrantType,
@@ -89,7 +87,7 @@ class MSALNativeAuthTokenController: MSALNativeAuthBaseController {
                     username: username,
                     continuationToken: continuationToken,
                     grantType: grantType,
-                    scope: scopes.joinScopes(),
+                    scope: scopes?.joinScopes(),
                     password: password,
                     oobCode: oobCode,
                     includeChallengeType: includeChallengeType,

MSAL/MSAL.xcodeproj/project.pbxproj

@@ -25,6 +25,7 @@
 protocol MSALNativeAuthControllerBuildable {
     func makeSignUpController(cacheAccessor: MSALNativeAuthCacheInterface) -> MSALNativeAuthSignUpControlling
     func makeSignInController(cacheAccessor: MSALNativeAuthCacheInterface) -> MSALNativeAuthSignInControlling
+    func makeJITController(cacheAccessor: MSALNativeAuthCacheInterface) -> MSALNativeAuthJITControlling
     func makeResetPasswordController(cacheAccessor: MSALNativeAuthCacheInterface) -> MSALNativeAuthResetPasswordControlling
     func makeCredentialsController(cacheAccessor: MSALNativeAuthCacheInterface) -> MSALNativeAuthCredentialsControlling
 }
@@ -44,6 +45,10 @@ final class MSALNativeAuthControllerFactory: MSALNativeAuthControllerBuildable {
         return MSALNativeAuthSignInController(config: config, cacheAccessor: cacheAccessor)
     }
 
+    func makeJITController(cacheAccessor: MSALNativeAuthCacheInterface) -> MSALNativeAuthJITControlling {
+        return MSALNativeAuthJITController(config: config, cacheAccessor: cacheAccessor)
+    }
+
     func makeResetPasswordController(cacheAccessor: MSALNativeAuthCacheInterface) -> MSALNativeAuthResetPasswordControlling {
         return MSALNativeAuthResetPasswordController(config: config, cacheAccessor: cacheAccessor)
     }

MSAL/src/native_auth/controllers/MSALNativeAuthTokenController.swift

@@ -0,0 +1,50 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+import Foundation
+
+protocol MSALNativeAuthJITControlling {
+    typealias JITGetJITAuthMethodsControllerResponse = MSALNativeAuthControllerTelemetryWrapper<JITRequestGetAuthMethodsResult>
+    typealias JITRequestChallengeControllerResponse = MSALNativeAuthControllerTelemetryWrapper<JITRequestChallengeResult>
+    typealias JITSubmitChallengeControllerResponse = MSALNativeAuthControllerTelemetryWrapper<JITSubmitChallengeResult>
+
+    func getJITAuthMethods(
+        continuationToken: String,
+        context: MSALNativeAuthRequestContext
+    ) async -> JITGetJITAuthMethodsControllerResponse
+
+    func requestJITChallenge(
+        continuationToken: String,
+        authMethod: MSALAuthMethod,
+        verificationContact: String?,
+        context: MSALNativeAuthRequestContext
+    ) async -> JITRequestChallengeControllerResponse
+
+    func submitJITChallenge(
+        challenge: String?,
+        continuationToken: String,
+        grantType: MSALNativeAuthGrantType,
+        context: MSALNativeAuthRequestContext
+    ) async -> JITSubmitChallengeControllerResponse
+}

MSAL/src/native_auth/controllers/factories/MSALNativeAuthControllerFactory.swift

@@ -0,0 +1,44 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+import Foundation
+
+enum JITRequestGetAuthMethodsResult {
+    case selectionRequired(authMethods: [MSALAuthMethod], newState: RegisterStrongAuthState)
+    case error(error: MSALNativeAuthJITIntrospectValidatedErrorType)
+}
+
+enum JITRequestChallengeResult {
+    case verificationRequired(sentTo: String,
+                              channelTargetType: MSALNativeAuthChannelType,
+                              codeLength: Int,
+                              newState: RegisterStrongAuthVerificationRequiredState)
+    case completed(MSALNativeAuthUserAccountResult)
+    case error(error: RegisterStrongAuthChallengeError, newState: RegisterStrongAuthState?)
+}
+
+enum JITSubmitChallengeResult {
+    case completed(MSALNativeAuthUserAccountResult)
+    case error(error: RegisterStrongAuthSubmitChallengeError, newState: RegisterStrongAuthVerificationRequiredState?)
+}

MSAL/src/native_auth/controllers/jit/MSALNativeAuthJITController.swift

@@ -29,6 +29,7 @@ enum SignInStartResult {
     case codeRequired(newState: SignInCodeRequiredState, sentTo: String, channelTargetType: MSALNativeAuthChannelType, codeLength: Int)
     case passwordRequired(newState: SignInPasswordRequiredState)
     case awaitingMFA(newState: AwaitingMFAState)
+    case jitAuthMethodsSelectionRequired(authMethods: [MSALAuthMethod], newState: RegisterStrongAuthState)
     case error(SignInStartError)
 }
 
@@ -37,6 +38,7 @@ typealias SignInResendCodeResult = CodeRequiredGenericResult<SignInCodeRequiredS
 enum SignInPasswordRequiredResult {
     case completed(MSALNativeAuthUserAccountResult)
     case awaitingMFA(newState: AwaitingMFAState)
+    case jitAuthMethodsSelectionRequired(authMethods: [MSALAuthMethod], newState: RegisterStrongAuthState)
     case error(error: PasswordRequiredError, newState: SignInPasswordRequiredState?)
 }