Add customClaims parameter to signIn after signUp/PasswordReset and GetAccessToken (#2566)

* Add claims request to parameters class

* pass claims request to silent token retriever param

* Send claims request json to token endpoint also for signIn after sspr and signUp

* add new test for signIn after signUp

* Add new test for signInAfterResetPassword

* add new test for signIncontroller for signIn with continuation token. Check claims Request

* check that claims request is assigned to silent token parameters object

* fix lint warning

* split comments in multiple lines

Author: nilo-ms

MSAL/MSAL.xcodeproj/project.pbxproj

@@ -301,6 +301,10 @@
 		28A600A82C78BDD200455666 /* MFARequiredStateTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 28A600A72C78BDD200455666 /* MFARequiredStateTests.swift */; };
 		28A600AA2C78E09F00455666 /* MSALNativeAuthMFAControllerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 28A600A92C78E09F00455666 /* MSALNativeAuthMFAControllerTests.swift */; };
 		28ABE1762C5D213700F5275D /* MSALNativeAuthSignInIntrospectIntegrationTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 28ABE1752C5D213700F5275D /* MSALNativeAuthSignInIntrospectIntegrationTests.swift */; };
+		28AF42FA2D96C15A009D1065 /* SignInAfterSignUpStateTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 28AF42F92D96C14F009D1065 /* SignInAfterSignUpStateTests.swift */; };
+		28AF42FB2D96C15A009D1065 /* SignInAfterSignUpStateTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 28AF42F92D96C14F009D1065 /* SignInAfterSignUpStateTests.swift */; };
+		28AF42FD2D96CBCF009D1065 /* SignInAfterResetPasswordTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 28AF42FC2D96CBC2009D1065 /* SignInAfterResetPasswordTests.swift */; };
+		28AF42FE2D96CBCF009D1065 /* SignInAfterResetPasswordTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 28AF42FC2D96CBC2009D1065 /* SignInAfterResetPasswordTests.swift */; };
 		28B28B832C6F46E50030D5C5 /* MFAStates.swift in Sources */ = {isa = PBXBuildFile; fileRef = 28B28B822C6F46E50030D5C5 /* MFAStates.swift */; };
 		28B28B8C2C6F4B570030D5C5 /* MFADelegates.swift in Sources */ = {isa = PBXBuildFile; fileRef = 28B28B8B2C6F4B570030D5C5 /* MFADelegates.swift */; };
 		28B28B922C6F611F0030D5C5 /* MSALAuthMethod.swift in Sources */ = {isa = PBXBuildFile; fileRef = 28B28B912C6F611F0030D5C5 /* MSALAuthMethod.swift */; };
@@ -2061,6 +2065,8 @@
 		28A600A72C78BDD200455666 /* MFARequiredStateTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MFARequiredStateTests.swift; sourceTree = "<group>"; };
 		28A600A92C78E09F00455666 /* MSALNativeAuthMFAControllerTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MSALNativeAuthMFAControllerTests.swift; sourceTree = "<group>"; };
 		28ABE1752C5D213700F5275D /* MSALNativeAuthSignInIntrospectIntegrationTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MSALNativeAuthSignInIntrospectIntegrationTests.swift; sourceTree = "<group>"; };
+		28AF42F92D96C14F009D1065 /* SignInAfterSignUpStateTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SignInAfterSignUpStateTests.swift; sourceTree = "<group>"; };
+		28AF42FC2D96CBC2009D1065 /* SignInAfterResetPasswordTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SignInAfterResetPasswordTests.swift; sourceTree = "<group>"; };
 		28B28B822C6F46E50030D5C5 /* MFAStates.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MFAStates.swift; sourceTree = "<group>"; };
 		28B28B8B2C6F4B570030D5C5 /* MFADelegates.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MFADelegates.swift; sourceTree = "<group>"; };
 		28B28B912C6F611F0030D5C5 /* MSALAuthMethod.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MSALAuthMethod.swift; sourceTree = "<group>"; };
@@ -4574,6 +4580,8 @@
 		E20C21822A7A6C7300E31598 /* sign_in */ = {
 			isa = PBXGroup;
 			children = (
+				28AF42FC2D96CBC2009D1065 /* SignInAfterResetPasswordTests.swift */,
+				28AF42F92D96C14F009D1065 /* SignInAfterSignUpStateTests.swift */,
 				E20C21832A7A6CA400E31598 /* SignInCodeRequiredStateTests.swift */,
 				E20C218A2A7A805800E31598 /* SignInPasswordRequiredStateTests.swift */,
 			);
@@ -7168,6 +7176,7 @@
 				DECC1FB329531032006D9FB1 /* MSALLogMaskTests.m in Sources */,
 				B2ADD76E22C08B6A0093FD43 /* MSALLegacySharedAccountTestUtil.m in Sources */,
 				58B81F7124AC5D7200E8799E /* MSALTestCacheTokenResponse.m in Sources */,
+				28AF42FA2D96C15A009D1065 /* SignInAfterSignUpStateTests.swift in Sources */,
 				DE0D659729C1DCCF005798B1 /* MSALNativeAuthTokenRequestParametersTest.swift in Sources */,
 				E25BC099299555C000588549 /* MSALNativeAuthTelemetryTestDispatcher.swift in Sources */,
 				E25BC0832995429D00588549 /* MSALNativeAuthCacheMocks.swift in Sources */,
@@ -7192,6 +7201,7 @@
 				E22427EC2B0662050006C55E /* SignUpPasswordRequiredDelegateDispatcherTests.swift in Sources */,
 				DE5738BC2A8F79A800D9120D /* MSALNativeAuthResetPasswordPollCompletionResponseErrorTests.swift in Sources */,
 				E22427FA2B0670600006C55E /* SignInVerifyCodeDelegateDispatcherTests.swift in Sources */,
+				28AF42FE2D96CBCF009D1065 /* SignInAfterResetPasswordTests.swift in Sources */,
 				E2EBD62A2A1BB7700049467A /* MSALNativeAuthSignUpResponseValidatorMock.swift in Sources */,
 				E25BC0852995430B00588549 /* MSALNativeAuthFactoriesMocks.swift in Sources */,
 				28A600962C78843C00455666 /* MFASendChallengeDelegateDispatcherTests.swift in Sources */,
@@ -7303,6 +7313,7 @@
 				A0274CBF24B432B100BD198D /* MSALAuthSchemeTests.m in Sources */,
 				DE8DC4F92C6621E700534E8F /* MSALNativeAuthResetPasswordControllerTests.swift in Sources */,
 				DE8DC5352C6621FD00534E8F /* SignUpCodeSentStateTests.swift in Sources */,
+				28AF42FD2D96CBCF009D1065 /* SignInAfterResetPasswordTests.swift in Sources */,
 				D69ADB401E516F9B00952049 /* MSALTestURLSessionDataTask.m in Sources */,
 				DE8DC5162C6621EF00534E8F /* SignInPasswordStartDelegateDispatcherTests.swift in Sources */,
 				6525115A29CD84A000D3B876 /* MSALPublicClientApplicationTests.m in Sources */,
@@ -7399,6 +7410,7 @@
 				2364C74C1FB3E5CC00835428 /* XCTestCase+HelperMethods.m in Sources */,
 				DE8DC54C2C66220D00534E8F /* MSALNativeAuthESTSApiErrorDescriptionsTests.swift in Sources */,
 				DE8DC4F72C6621E400534E8F /* MSALNativeAuthTestCase.swift in Sources */,
+				28AF42FB2D96C15A009D1065 /* SignInAfterSignUpStateTests.swift in Sources */,
 				DE8DC51A2C6621F100534E8F /* SignUpPasswordRequiredDelegateDispatcherTests.swift in Sources */,
 				DE8DC55B2C66221700534E8F /* MSALNativeAuthResetPasswordContinueRequestParametersTest.swift in Sources */,
 				DE8DC54D2C66220D00534E8F /* MSALNativeAuthSubErrorCodeTests.swift in Sources */,

MSAL/src/native_auth/controllers/sign_in/MSALNativeAuthSignInController.swift

@@ -102,6 +102,7 @@ final class MSALNativeAuthSignInController: MSALNativeAuthTokenController, MSALN
         username: String,
         continuationToken: String?,
         scopes: [String]?,
+        claimsRequestJson: String?,
         telemetryId: MSALNativeAuthTelemetryApiId,
         context: MSALNativeAuthRequestContext
     ) async -> SignInAfterPreviousFlowControllerResponse {
@@ -117,13 +118,12 @@ final class MSALNativeAuthSignInController: MSALNativeAuthTokenController, MSALN
             return .init(.failure(error), correlationId: context.correlationId())
         }
         let scopes = joinScopes(scopes)
-        // currently, we don't support claimsRequest in signIn after signUp/SSPR
         guard let request = createTokenRequest(
             username: username,
             scopes: scopes,
             continuationToken: continuationToken,
             grantType: .continuationToken,
-            claimsRequestJson: nil,
+            claimsRequestJson: claimsRequestJson,
             context: context
         ) else {
             let error = SignInAfterSignUpError(correlationId: context.correlationId())
@@ -133,12 +133,11 @@ final class MSALNativeAuthSignInController: MSALNativeAuthTokenController, MSALN
         let config = factory.makeMSIDConfiguration(scopes: scopes)
         let response = await performAndValidateTokenRequest(request, config: config, context: context)
 
-        // currently, we don't handle claimsRequest in signIn with continuation token
         return await withCheckedContinuation { continuation in
             handleTokenResponse(
                 response,
                 scopes: scopes,
-                claimsRequestJson: nil,
+                claimsRequestJson: claimsRequestJson,
                 telemetryInfo: telemetryInfo,
                 onSuccess: { accountResult in
                     continuation.resume(
@@ -434,7 +433,13 @@ final class MSALNativeAuthSignInController: MSALNativeAuthTokenController, MSALN
         let event = makeAndStartTelemetryEvent(id: .telemetryApiIdMFAGetAuthMethods, context: context)
         let result = await performAndValidateIntrospectRequest(continuationToken: continuationToken, context: context)
         let telemetryInfo = TelemetryInfo(event: event, context: context)
-        return handleIntrospectResponse(result, scopes: scopes, telemetryInfo: telemetryInfo, continuationToken: continuationToken, claimsRequestJson: claimsRequestJson)
+        return handleIntrospectResponse(
+            result,
+            scopes: scopes,
+            telemetryInfo: telemetryInfo,
+            continuationToken: continuationToken,
+            claimsRequestJson: claimsRequestJson
+        )
     }
 
     func submitChallenge(

MSAL/src/native_auth/controllers/sign_in/MSALNativeAuthSignInControlling.swift

@@ -39,6 +39,7 @@ protocol MSALNativeAuthSignInControlling {
         username: String,
         continuationToken: String?,
         scopes: [String]?,
+        claimsRequestJson: String?,
         telemetryId: MSALNativeAuthTelemetryApiId,
         context: MSALNativeAuthRequestContext
     ) async -> SignInAfterPreviousFlowControllerResponse

MSAL/src/native_auth/public/MSALNativeAuthUserAccountResult+Internal.swift

@@ -28,13 +28,15 @@ extension MSALNativeAuthUserAccountResult {
 
     func getAccessTokenInternal(forceRefresh: Bool,
                                 scopes: [String],
+                                claimsRequest: MSALClaimsRequest?,
                                 correlationId: UUID?,
                                 delegate: CredentialsDelegate) {
 
         let params = MSALSilentTokenParameters(scopes: scopes, account: account)
         let context = MSALNativeAuthRequestContext(correlationId: correlationId)
         params.forceRefresh = forceRefresh
         params.correlationId = correlationId
+        params.claimsRequest = claimsRequest
 
         let challengeTypes = MSALNativeAuthPublicClientApplication.convertChallengeTypes(configuration.challengeTypes)
         let authority = try? MSALCIAMAuthority(url: configuration.authority.url)

MSAL/src/native_auth/public/MSALNativeAuthUserAccountResult.swift

@@ -90,8 +90,9 @@ import Foundation
             format: "Retrieving access token with parameters started."
         )
 
-        getAccessTokenInternal(forceRefresh: parameters.forceRefresh ?? false,
+        getAccessTokenInternal(forceRefresh: parameters.forceRefresh,
                                scopes: parameters.scopes ?? [],
+                               claimsRequest: parameters.claimsRequest,
                                correlationId: parameters.correlationId,
                                delegate: delegate)
     }
@@ -112,6 +113,7 @@ import Foundation
 
         getAccessTokenInternal(forceRefresh: forceRefresh,
                                scopes: [],
+                               claimsRequest: nil,
                                correlationId: correlationId,
                                delegate: delegate)
     }
@@ -145,6 +147,7 @@ import Foundation
 
         getAccessTokenInternal(forceRefresh: forceRefresh,
                                scopes: scopes,
+                               claimsRequest: nil,
                                correlationId: correlationId,
                                delegate: delegate)
     }

MSAL/src/native_auth/public/parameters/MSALNativeAuthGetAccessTokenParameters.swift

@@ -33,6 +33,9 @@ public class MSALNativeAuthGetAccessTokenParameters: NSObject {
     /// Not all scopes are guaranteed to be included in the access token returned.
     public var scopes: [String]?
 
+    /// The claims parameter that needs to be sent to the service.
+    public var claimsRequest: MSALClaimsRequest?
+
     /// UUID to correlate this request with the server for debugging.
     public var correlationId: UUID?
 }

MSAL/src/native_auth/public/parameters/MSALNativeAuthSignInAfterResetPasswordParameters .swift

@@ -29,4 +29,7 @@ public class MSALNativeAuthSignInAfterResetPasswordParameters: NSObject {
     /// Permissions you want included in the access token received.
     /// Not all scopes are guaranteed to be included in the access token returned.
     public var scopes: [String]?
+
+    /// The claims parameter that needs to be sent to the service.
+    public var claimsRequest: MSALClaimsRequest?
 }

MSAL/src/native_auth/public/parameters/MSALNativeAuthSignInAfterSignUpParameters.swift

@@ -29,4 +29,7 @@ public class MSALNativeAuthSignInAfterSignUpParameters: NSObject {
     /// Permissions you want included in the access token received.
     /// Not all scopes are guaranteed to be included in the access token returned.
     public var scopes: [String]?
+
+    /// The claims parameter that needs to be sent to the service.
+    public var claimsRequest: MSALClaimsRequest?
 }

MSAL/src/native_auth/public/state_machine/delegate/ResetPasswordDelegates.swift

@@ -56,7 +56,8 @@ public protocol ResetPasswordVerifyCodeDelegate {
     @MainActor func onResetPasswordVerifyCodeError(error: VerifyCodeError, newState: ResetPasswordCodeRequiredState?)
 
     /// Notifies the delegate that a password is required from the user to continue.
-    /// - Note: If a flow requires this optional method and it is not implemented, then ``onResetPasswordVerifyCodeError(error:newState:)`` will be called.
+    /// - Note: If a flow requires this optional method and it is not implemented,
+    ///         then ``onResetPasswordVerifyCodeError(error:newState:)`` will be called.
     /// - Parameter newState: An object representing the new state of the flow with follow on methods.
     @MainActor @objc optional func onPasswordRequired(newState: ResetPasswordRequiredState)
 }
@@ -71,7 +72,8 @@ public protocol ResetPasswordResendCodeDelegate {
     @MainActor func onResetPasswordResendCodeError(error: ResendCodeError, newState: ResetPasswordCodeRequiredState?)
 
     /// Notifies the delegate that a verification code is required from the user to continue.
-    /// - Note: If a flow requires this optional method and it is not implemented, then ``onResetPasswordResendCodeError(error:newState:)`` will be called.
+    /// - Note: If a flow requires this optional method and it is not implemented,
+    ///         then ``onResetPasswordResendCodeError(error:newState:)`` will be called.
     /// - Parameters:
     ///   - newState: An object representing the new state of the flow with follow on methods.
     ///   - sentTo: The email/phone number that the code was sent to.
@@ -95,7 +97,8 @@ public protocol ResetPasswordRequiredDelegate {
     @MainActor func onResetPasswordRequiredError(error: PasswordRequiredError, newState: ResetPasswordRequiredState?)
 
     /// Notifies the delegate that the reset password operation completed successfully.
-    /// - Note: If a flow requires this optional method and it is not implemented, then ``onResetPasswordRequiredError(error:newState:)`` will be called.
+    /// - Note: If a flow requires this optional method and it is not implemented,
+    ///         then ``onResetPasswordRequiredError(error:newState:)`` will be called.
     /// - Parameter newState: An object representing the new state of the flow with follow on methods.
     @MainActor @objc optional func onResetPasswordCompleted(newState: SignInAfterResetPasswordState)
 }

MSAL/src/native_auth/public/state_machine/state/SignInAfterPreviousFlowBaseState+Internal.swift

@@ -28,13 +28,15 @@ extension SignInAfterPreviousFlowBaseState {
 
     func signInInternal(
         scopes: [String]?,
+        claimsRequestJson: String?,
         telemetryId: MSALNativeAuthTelemetryApiId
     ) async -> MSALNativeAuthSignInControlling.SignInAfterPreviousFlowControllerResponse {
         let context = MSALNativeAuthRequestContext(correlationId: correlationId)
         return await controller.signIn(
             username: username,
             continuationToken: continuationToken,
             scopes: scopes,
+            claimsRequestJson: claimsRequestJson,
             telemetryId: telemetryId,
             context: context
         )