@W-19461869: [M1][MSDK13.1] Enable Flexible Server Matching for QR Code Login (Android)

Author: JohnsonEricAtSalesforce

libs/SalesforceSDK/res/values/strings.xml

@@ -8,6 +8,7 @@
     <string name="account_type">com.salesforce.androidsdk</string>
     <string name="app_package">com.salesforce.androidsdk</string>
     <string name="cannot_use_another_apps_login_qr_code">Cannot use another app\'s login QR Code.  Please log in to this app.</string>
+    <string name="cannot_use_another_login_hosts_login_qr_code">Cannot use another login host\'s login QR Code.  Please log in to this app.</string>
 
     <!-- If you're only supporting recent versions of Android (e.g. 3.x and up), you can override this to be touch and get a better looking login UI  -->
     <string name="oauth_display_type">touch</string>

libs/SalesforceSDK/src/com/salesforce/androidsdk/config/LoginServerManager.java

@@ -54,7 +54,7 @@
  *
  * @author bhariharan
  */
-public class LoginServerManager {
+public class LoginServerManager implements LoginServerManaging {
 	// LiveData representation of the users current selected server.
 	public MutableLiveData<LoginServer> selectedServer = new MutableLiveData<>();
 
@@ -447,6 +447,37 @@ private List<LoginServer> getLoginServersFromPreferences(SharedPreferences prefs
 		return (!allServers.isEmpty() ? allServers : null);
 	}
 
+    // region Login Server Managing Implementation
+
+    /**
+     * Returns the login server at the specified index.
+     *
+     * @param index The index of the login server to retrieve
+     * @return The Login server instance at the specified index, or null if index is out of bounds
+     */
+    @Override
+    public LoginServer loginServerAtIndex(int index) {
+        final List<LoginServer> servers = getLoginServers();
+        if (servers != null && index >= 0 && index < servers.size()) {
+            return servers.get(index);
+        }
+        return null;
+    }
+
+    /**
+     * Returns the total number of login servers.
+     *
+     * @return The number of available login servers
+     */
+    @Override
+    public int numberOfLoginServers() {
+        final List<LoginServer> servers = getLoginServers();
+        return servers != null ? servers.size() : 0;
+    }
+
+    // endregion
+
+
 	/**
 	 * Class to encapsulate a login server name, URL, index and type (custom or not).
 	 */

libs/SalesforceSDK/src/com/salesforce/androidsdk/config/LoginServerManaging.kt

@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2025-present, salesforce.com, inc.
+ * All rights reserved.
+ * Redistribution and use of this software in source and binary forms, with or
+ * without modification, are permitted provided that the following conditions
+ * are met:
+ * - Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * - Neither the name of salesforce.com, inc. nor the names of its contributors
+ * may be used to endorse or promote products derived from this software without
+ * specific prior written permission of salesforce.com, inc.
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.salesforce.androidsdk.config
+
+import com.salesforce.androidsdk.config.LoginServerManager.LoginServer
+
+/**
+ * An object that can manage Salesforce Mobile SDK's list of login server. This
+ * is functionally equivalent to MSDK's iOS `SFSDKLoginHostStoring` protocol.
+ */
+internal interface LoginServerManaging {
+
+    /**
+     * Returns the login server at the specified index.
+     *
+     * @param index The index of the login server to retrieve
+     * @return The login server instance at the specified index, or null if
+     * index is out of bounds
+     */
+    fun loginServerAtIndex(index: Int): LoginServer?
+
+    /**
+     * Returns the total number of login servers.
+     *
+     * @return The number of available login servers
+     */
+    fun numberOfLoginServers(): Int
+}
+

libs/SalesforceSDK/src/com/salesforce/androidsdk/ui/FrontdoorBridgeLoginOverride.kt

@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2025-present, salesforce.com, inc.
+ * All rights reserved.
+ * Redistribution and use of this software in source and binary forms, with or
+ * without modification, are permitted provided that the following conditions
+ * are met:
+ * - Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * - Neither the name of salesforce.com, inc. nor the names of its contributors
+ * may be used to endorse or promote products derived from this software without
+ * specific prior written permission of salesforce.com, inc.
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package com.salesforce.androidsdk.ui
+
+import android.net.Uri
+import androidx.core.net.toUri
+import com.salesforce.androidsdk.app.SalesforceSDKManager
+import com.salesforce.androidsdk.config.BootConfig
+import com.salesforce.androidsdk.config.LoginServerManaging
+import com.salesforce.androidsdk.config.RuntimeConfig.ConfigKey.AppServiceHosts
+import com.salesforce.androidsdk.config.RuntimeConfig.ConfigKey.OnlyShowAuthorizedHosts
+import com.salesforce.androidsdk.config.RuntimeConfig.getRuntimeConfig
+
+/**
+ * For Salesforce Identity UI Bridge API support, an overriding front door
+ * bridge URL to use in place of the default initial URL.
+ */
+internal class FrontdoorBridgeLoginOverride(
+    /**
+     * For Salesforce Identity UI Bridge API support, an overriding front door
+     * bridge URL to use in place of the default initial URL
+     */
+    val frontdoorBridgeUrl: Uri,
+
+    /**
+     * For Salesforce Identity UI Bridge API support, the optional web server
+     * flow code verifier accompanying the front door bridge URL
+     */
+    val codeVerifier: String? = null,
+
+    /**
+     * The selected app login server.  This is intended for test automation only
+     */
+    selectedAppLoginServer: String = SalesforceSDKManager.getInstance().loginServerManager.selectedLoginServer.url,
+
+    /**
+     * The preference for using mobile device management preferences for
+     * allowing the addition and switching of app login servers.  This is
+     * intended for test automation only
+     */
+    addingAndSwitchingLoginServersPerMdm: Boolean = true,
+
+    /**
+     * The preference for allowing the addition and switching of app login
+     * servers when the MDM preference is ignored.  This is intended for test
+     * automation only
+     */
+    addingAndSwitchingLoginServerOverride: Boolean = false
+) {
+
+    /**
+     * For Salesforce Identity UI Bridge API support, indicates if the
+     * overriding front door bridge URL has a consumer key value that matches
+     * the app config.
+     */
+    var matchesConsumerKey: Boolean = false
+        private set
+
+    /**
+     * For Salesforce Identity UI Bridge API support, indicates if the
+     * overriding front door bridge URL has a host that matches the app's
+     * selected login server.
+     */
+    var matchesLoginHost: Boolean = false
+        private set
+
+    init {
+        val frontdoorBridgeUrlComponents = frontdoorBridgeUrl.toString()
+        val frontdoorBridgeUri = frontdoorBridgeUrlComponents.toUri()
+        val startUrlParam = frontdoorBridgeUri.getQueryParameter("startURL")
+
+        // Check if the client_id matches the app's consumer key
+        startUrlParam?.let { startUrlString ->
+            val startUri = startUrlString.toUri()
+            val frontdoorBridgeUrlClientId = startUri.getQueryParameter("client_id")
+
+            frontdoorBridgeUrlClientId?.let { clientId ->
+                val appConsumerKey = BootConfig.getBootConfig(SalesforceSDKManager.getInstance().appContext).remoteAccessConsumerKey
+                matchesConsumerKey = clientId == appConsumerKey
+            }
+        }
+
+        // Check if the front door URL host matches the app's selected login server
+        val addingAndSwitchingLoginServersAllowedResolved = if (!addingAndSwitchingLoginServersPerMdm) {
+            addingAndSwitchingLoginServerOverride
+        } else {
+            addingAndSwitchingLoginServersAllowed
+        }
+
+        val frontdoorBridgeUrlAppLoginServerMatch = FrontdoorBridgeUrlAppLoginServerMatch(
+            frontdoorBridgeUrl = frontdoorBridgeUrl,
+            loginServerManaging = loginServerManager,
+            addingAndSwitchingLoginServersAllowed = addingAndSwitchingLoginServersAllowedResolved,
+            selectedAppLoginServer = selectedAppLoginServer
+        )
+
+        var appLoginServer = frontdoorBridgeUrlAppLoginServerMatch.appLoginServerMatch
+        if (appLoginServer == null && addingAndSwitchingLoginServersAllowedResolved) {
+            appLoginServer = frontdoorBridgeUrl.host
+        }
+
+        appLoginServer?.let { appLoginServer ->
+            matchesLoginHost = true
+            // Set the login appLoginServer on the server manager
+            val loginServerManager = SalesforceSDKManager.getInstance().loginServerManager
+            val loginUrl = "https://$appLoginServer"
+            loginServerManager.addCustomLoginServer(loginUrl, loginUrl)
+        }
+    }
+
+    private val addingAndSwitchingLoginServersAllowed: Boolean
+        get() {
+            val runtimeConfig = getRuntimeConfig(SalesforceSDKManager.getInstance().appContext)
+            val onlyShowAuthorizedServers = runtimeConfig.getBoolean(OnlyShowAuthorizedHosts)
+            val mdmLoginServers = try {
+                runtimeConfig.getStringArrayStoredAsArrayOrCSV(AppServiceHosts)
+            } catch (_: Exception) {
+                null
+            }
+            return !onlyShowAuthorizedServers && (mdmLoginServers?.isEmpty() != false)
+        }
+
+    private val loginServerManager: LoginServerManaging
+        get() = SalesforceSDKManager.getInstance().loginServerManager
+}
+

libs/SalesforceSDK/src/com/salesforce/androidsdk/ui/FrontdoorBridgeUrlAppLoginServerMatch.kt

@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2025-present, salesforce.com, inc.
+ * All rights reserved.
+ * Redistribution and use of this software in source and binary forms, with or
+ * without modification, are permitted provided that the following conditions
+ * are met:
+ * - Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * - Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * - Neither the name of salesforce.com, inc. nor the names of its contributors
+ * may be used to endorse or promote products derived from this software without
+ * specific prior written permission of salesforce.com, inc.
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+package com.salesforce.androidsdk.ui
+
+import android.net.Uri
+import com.salesforce.androidsdk.config.LoginServerManaging
+import java.net.URL
+
+internal data class FrontdoorBridgeUrlAppLoginServerMatch(
+    val frontdoorBridgeUrl: Uri,
+    val loginServerManaging: LoginServerManaging,
+    val addingAndSwitchingLoginServersAllowed: Boolean,
+    val selectedAppLoginServer: String
+) {
+
+    internal val appLoginServerMatch: String? by lazy {
+        appLoginServerForFrontdoorBridgeUrl(
+            frontdoorBridgeUrl,
+            loginServerManaging,
+            addingAndSwitchingLoginServersAllowed,
+            selectedAppLoginServer
+        )
+    }
+
+    private fun appLoginServerForFrontdoorBridgeUrl(
+        frontdoorBridgeUrl: Uri,
+        loginServerManaging: LoginServerManaging,
+        addingAndSwitchingLoginServersAllowed: Boolean,
+        selectedAppLoginServer: String
+    ): String? {
+        val frontdoorBridgeUrlHost = frontdoorBridgeUrl.host ?: return null
+
+        val eligibleAppLoginServers = eligibleAppLoginServersForFrontdoorBridgeUrl(
+            loginServerManaging,
+            addingAndSwitchingLoginServersAllowed,
+            selectedAppLoginServer
+        )
+
+        for (eligibleAppLoginServer in eligibleAppLoginServers) {
+            if (frontdoorBridgeUrlHost == eligibleAppLoginServer) {
+                return eligibleAppLoginServer
+            }
+        }
+
+        if (frontdoorBridgeUrl.isMyDomain()) {
+            val frontdoorBridgeUrlMyDomainSuffix = frontdoorBridgeUrlHost.split("\\.my\\.").last()
+            if (frontdoorBridgeUrlMyDomainSuffix.isNotEmpty()) {
+                for (eligibleAppLoginServer in eligibleAppLoginServers) {
+                    if (eligibleAppLoginServer.endsWith(frontdoorBridgeUrlMyDomainSuffix)) {
+                        return eligibleAppLoginServer
+                    }
+                }
+            }
+        }
+
+        return null
+    }
+
+    private fun eligibleAppLoginServersForFrontdoorBridgeUrl(
+        loginHostStore: LoginServerManaging,
+        addingAndSwitchingLoginHostsAllowed: Boolean,
+        selectedAppLoginHost: String
+    ): List<String> {
+        val results = mutableListOf<String>()
+        if (addingAndSwitchingLoginHostsAllowed) {
+            val numberOfHosts = loginHostStore.numberOfLoginServers()
+            for (i in 0 until numberOfHosts) {
+                val server = loginHostStore.loginServerAtIndex(i)
+                server?.let {
+                    try {
+                        val url = URL(it.url)
+                        results.add(url.host)
+                    } catch (_: Exception) {
+                        // Skip invalid URLs
+                    }
+                }
+            }
+        } else {
+            results.add(selectedAppLoginHost)
+        }
+        return results
+    }
+}
+
+private fun Uri.isMyDomain(): Boolean {
+    return host?.contains(".my.") == true
+}