@W-17449395: [Android] Welcome login email deeplinking support in MSDK 13.1 (#2715)

Author: JohnsonEricAtSalesforce

libs/SalesforceHybrid/src/com/salesforce/androidsdk/phonegap/ui/SalesforceDroidGapActivity.kt

@@ -43,6 +43,7 @@ import com.salesforce.androidsdk.config.BootConfig.isAbsoluteUrl
 import com.salesforce.androidsdk.config.BootConfig.validateBootConfig
 import com.salesforce.androidsdk.config.LoginServerManager.PRODUCTION_LOGIN_URL
 import com.salesforce.androidsdk.config.LoginServerManager.SANDBOX_LOGIN_URL
+import com.salesforce.androidsdk.config.LoginServerManager.WELCOME_LOGIN_URL
 import com.salesforce.androidsdk.phonegap.app.SalesforceHybridSDKManager
 import com.salesforce.androidsdk.phonegap.ui.SalesforceWebViewClientHelper.getAppHomeUrl
 import com.salesforce.androidsdk.phonegap.ui.SalesforceWebViewClientHelper.hasCachedAppHome
@@ -573,7 +574,7 @@ open class SalesforceDroidGapActivity : CordovaActivity(), SalesforceActivityInt
                         ?.url
                         ?.trim { it <= ' ' } ?: return@withTimeout
 
-                    if (loginServer == PRODUCTION_LOGIN_URL || loginServer == SANDBOX_LOGIN_URL || !isHttpsUrl(loginServer) || loginServer.toHttpUrlOrNull() == null) {
+                    if (loginServer == PRODUCTION_LOGIN_URL || loginServer == WELCOME_LOGIN_URL || loginServer == SANDBOX_LOGIN_URL || !isHttpsUrl(loginServer) || loginServer.toHttpUrlOrNull() == null) {
                         return@withTimeout
                     }
 

libs/SalesforceSDK/res/xml/servers.xml

@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <servers>
     <server name="Production" url="https://login.salesforce.com" />
+    <server name="Welcome" url="https://welcome.salesforce.com" />
     <server name="Sandbox" url="https://test.salesforce.com" />
 </servers>

libs/SalesforceSDK/src/com/salesforce/androidsdk/app/SalesforceSDKManager.kt

@@ -57,6 +57,8 @@ import android.view.View.SYSTEM_UI_FLAG_LIGHT_STATUS_BAR
 import android.view.WindowInsetsController.APPEARANCE_LIGHT_STATUS_BARS
 import android.webkit.CookieManager
 import android.webkit.URLUtil.isHttpsUrl
+import androidx.annotation.VisibleForTesting
+import androidx.annotation.VisibleForTesting.Companion.PROTECTED
 import androidx.compose.material3.ColorScheme
 import androidx.compose.runtime.Composable
 import androidx.core.content.ContextCompat.RECEIVER_EXPORTED
@@ -104,6 +106,7 @@ import com.salesforce.androidsdk.config.BootConfig.getBootConfig
 import com.salesforce.androidsdk.config.LoginServerManager
 import com.salesforce.androidsdk.config.LoginServerManager.PRODUCTION_LOGIN_URL
 import com.salesforce.androidsdk.config.LoginServerManager.SANDBOX_LOGIN_URL
+import com.salesforce.androidsdk.config.LoginServerManager.WELCOME_LOGIN_URL
 import com.salesforce.androidsdk.config.RuntimeConfig.ConfigKey.IDPAppPackageName
 import com.salesforce.androidsdk.config.RuntimeConfig.getRuntimeConfig
 import com.salesforce.androidsdk.developer.support.notifications.local.ShowDeveloperSupportNotifier.Companion.BROADCAST_INTENT_ACTION_SHOW_DEVELOPER_SUPPORT
@@ -142,7 +145,7 @@ import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers.Default
 import kotlinx.coroutines.Dispatchers.Main
 import kotlinx.coroutines.launch
-import kotlinx.coroutines.withTimeout
+import kotlinx.coroutines.withTimeoutOrNull
 import okhttp3.HttpUrl.Companion.toHttpUrlOrNull
 import org.json.JSONObject
 import java.lang.String.CASE_INSENSITIVE_ORDER
@@ -339,11 +342,13 @@ open class SalesforceSDKManager protected constructor(
      */
     @set:Synchronized
     open var isBrowserLoginEnabled = false
-        protected set
+        @VisibleForTesting(otherwise = PROTECTED)
+        set
 
     /** Optionally enables browser session sharing */
     var isShareBrowserSessionEnabled = false
-        private set
+        @VisibleForTesting
+        set
 
     /**
      * The custom tab browser to use during advanced authentication.
@@ -1900,36 +1905,35 @@ open class SalesforceSDKManager protected constructor(
     /**
      * Fetches the authentication configuration, if required.
      *
+     * @param httpAccess The HTTP access to use for API integration.  Defaults
+     * to null to use the default HTTP access.  This parameter is intended for
+     * testing purposes only and should not be used in release builds.
      * @param completion An optional function to invoke at the end of the action
      */
-    fun fetchAuthenticationConfiguration(
-        completion: (() -> Unit)? = null
+    internal fun fetchAuthenticationConfiguration(
+        httpAccess: HttpAccess? = null,
+        completion: (() -> Unit),
     ) = CoroutineScope(Default).launch {
-        runCatching {
-            // If this takes more than five seconds it can cause Android's application not responding report.
-            withTimeout(5000L) {
-                val loginServer = loginServerManager.selectedLoginServer?.url?.trim { it <= ' ' } ?: return@withTimeout
-
-                if (loginServer == PRODUCTION_LOGIN_URL || loginServer == SANDBOX_LOGIN_URL || !isHttpsUrl(loginServer) || loginServer.toHttpUrlOrNull() == null) {
-                    setBrowserLoginEnabled(
-                        browserLoginEnabled = false,
-                        shareBrowserSessionEnabled = false
-                    )
+        // If this takes more than five seconds it can cause Android's application not responding report.
+        withTimeoutOrNull(5000L) {
+            val loginServer = loginServerManager.selectedLoginServer.url.trim()
+            if (loginServer == PRODUCTION_LOGIN_URL || loginServer == WELCOME_LOGIN_URL || loginServer == SANDBOX_LOGIN_URL || !isHttpsUrl(loginServer) || loginServer.toHttpUrlOrNull() == null) {
+                setBrowserLoginEnabled(
+                    browserLoginEnabled = false,
+                    shareBrowserSessionEnabled = false
+                )
 
-                    return@withTimeout
-                }
+                return@withTimeoutOrNull
+            }
 
-                getMyDomainAuthConfig(loginServer).let { authConfig ->
-                    setBrowserLoginEnabled(
-                        browserLoginEnabled = authConfig?.isBrowserLoginEnabled ?: false,
-                        shareBrowserSessionEnabled = authConfig?.isShareBrowserSessionEnabled ?: false
-                    )
-                }
+            getMyDomainAuthConfig(httpAccess, loginServer).let { authConfig ->
+                setBrowserLoginEnabled(
+                    browserLoginEnabled = authConfig?.isBrowserLoginEnabled ?: false,
+                    shareBrowserSessionEnabled = authConfig?.isShareBrowserSessionEnabled ?: false
+                )
             }
-        }.onFailure { e ->
-            e(TAG, "Exception occurred while fetching authentication configuration", e)
         }
 
-        completion?.invoke()
+        completion.invoke()
     }
 }

libs/SalesforceSDK/src/com/salesforce/androidsdk/auth/OAuth2.java

@@ -104,6 +104,7 @@ public class OAuth2 {
     private static final String BIOMETRIC_AUTHENTICATION_TIMEOUT = "BIOMETRIC_AUTHENTICATION_TIMEOUT";
     private static final int BIOMETRIC_AUTHENTICATION_DEFAULT_TIMEOUT = 15;
     private static final String HYBRID_REFRESH = "hybrid_refresh";  // Grant Type Values
+    public static final String LOGIN_HINT = "login_hint";
     private static final String REFRESH_TOKEN = "refresh_token";  // Grant Type Values
     protected static final String RESPONSE_TYPE = "response_type";
     private static final String SCOPE = "scope";
@@ -235,6 +236,49 @@ public String toString() {
         }
     }
 
+    /**
+     * Builds the URL to the authorization web page for this login server.
+     * You need not provide the 'refresh_token' scope, as it is provided automatically.
+     *
+     * This overload defaults `loginHint` to null and does not enable Salesforce Welcome Login hint.
+     *
+     * @param useWebServerAuthentication True to use web server flow, False to use user agent flow
+     * @param useHybridAuthentication    True to use "hybrid" flow
+     * @param loginServer                Base protocol and server to use (e.g. https://login.salesforce.com).
+     * @param clientId                   OAuth client ID.
+     * @param callbackUrl                OAuth callback URL or redirect URL.
+     * @param scopes                     A list of OAuth scopes to request (e.g. {"visualforce", "api"}). If null,
+     *                                   the default OAuth scope is provided.
+     * @param displayType                OAuth display type. If null, the default of 'touch' is used.
+     * @param codeChallenge              Code challenge to use when using web server flow
+     * @param addlParams                 Any additional parameters that may be added to the request.
+     * @return A URL to start the OAuth flow in a web browser/view.
+     * @see <a href="https://help.salesforce.com/apex/HTViewHelpDoc?language=en&id=remoteaccess_oauth_scopes.htm">RemoteAccess OAuth Scopes</a>
+     */
+    public static URI getAuthorizationUrl(
+            boolean useWebServerAuthentication,
+            boolean useHybridAuthentication,
+            URI loginServer,
+            String clientId,
+            String callbackUrl,
+            String[] scopes,
+            String displayType,
+            String codeChallenge,
+            Map<String, String> addlParams) {
+        return getAuthorizationUrl(
+                useWebServerAuthentication,
+                useHybridAuthentication,
+                loginServer,
+                clientId,
+                callbackUrl,
+                scopes,
+                null,
+                displayType,
+                codeChallenge,
+                addlParams
+        );
+    }
+
     /**
      * Builds the URL to the authorization web page for this login server.
      * You need not provide the 'refresh_token' scope, as it is provided automatically.
@@ -246,6 +290,7 @@ public String toString() {
      * @param callbackUrl                OAuth callback URL or redirect URL.
      * @param scopes                     A list of OAuth scopes to request (e.g. {"visualforce", "api"}). If null,
      *                                   the default OAuth scope is provided.
+     * @param loginHint                  When applicable, the Salesforce Welcome Login hint
      * @param displayType                OAuth display type. If null, the default of 'touch' is used.
      * @param codeChallenge              Code challenge to use when using web server flow
      * @param addlParams                 Any additional parameters that may be added to the request.
@@ -259,6 +304,7 @@ public static URI getAuthorizationUrl(
             String clientId,
             String callbackUrl,
             String[] scopes,
+            String loginHint,
             String displayType,
             String codeChallenge,
             Map<String,String> addlParams) {
@@ -273,6 +319,9 @@ public static URI getAuthorizationUrl(
         if (scopes != null && scopes.length > 0) {
             sb.append(AND).append(SCOPE).append(EQUAL).append(Uri.encode(computeScopeParameter(scopes)));
         }
+        if (!TextUtils.isEmpty(loginHint)) {
+            sb.append(AND).append(LOGIN_HINT).append(EQUAL).append(Uri.encode(loginHint));
+        }
         sb.append(AND).append(REDIRECT_URI).append(EQUAL).append(callbackUrl);
         sb.append(AND).append(DEVICE_ID).append(EQUAL).append(SalesforceSDKManager.getInstance().getDeviceId());
         if (useWebServerAuthentication) {

libs/SalesforceSDK/src/com/salesforce/androidsdk/config/LoginServerManager.java

@@ -61,6 +61,7 @@ public class LoginServerManager {
 
 	// Default login servers.
 	public static final String PRODUCTION_LOGIN_URL = "https://login.salesforce.com";
+	public static final String WELCOME_LOGIN_URL = "https://welcome.salesforce.com";
 	public static final String SANDBOX_LOGIN_URL = "https://test.salesforce.com";
 
 	// Keys used in shared preferences.
@@ -457,7 +458,7 @@ public static class LoginServer {
 		 * @param url Server URL.
 		 * @param isCustom True - if custom URL, False - otherwise.
 		 */
-		public LoginServer(String name, String url, boolean isCustom) {
+		public LoginServer(@NonNull String name, @NonNull String url, boolean isCustom) {
 			this.name = name;
 			this.url = url;
 			this.isCustom = isCustom;

libs/SalesforceSDK/src/com/salesforce/androidsdk/ui/LoginActivity.kt

@@ -74,6 +74,8 @@ import androidx.activity.result.ActivityResult
 import androidx.activity.result.ActivityResultLauncher
 import androidx.activity.result.contract.ActivityResultContracts
 import androidx.activity.viewModels
+import androidx.annotation.VisibleForTesting
+import androidx.annotation.VisibleForTesting.Companion.PROTECTED
 import androidx.biometric.BiometricManager
 import androidx.biometric.BiometricManager.Authenticators.BIOMETRIC_STRONG
 import androidx.biometric.BiometricManager.Authenticators.BIOMETRIC_WEAK
@@ -126,6 +128,7 @@ import com.salesforce.androidsdk.auth.OAuth2.TokenEndpointResponse
 import com.salesforce.androidsdk.auth.OAuth2.swapJWTForTokens
 import com.salesforce.androidsdk.auth.idp.interfaces.SPManager.Status
 import com.salesforce.androidsdk.auth.idp.interfaces.SPManager.StatusUpdateCallback
+import com.salesforce.androidsdk.config.LoginServerManager.LoginServer
 import com.salesforce.androidsdk.config.RuntimeConfig.ConfigKey.ManagedAppCertAlias
 import com.salesforce.androidsdk.config.RuntimeConfig.ConfigKey.RequireCertAuth
 import com.salesforce.androidsdk.config.RuntimeConfig.getRuntimeConfig
@@ -157,7 +160,8 @@ import java.security.cert.X509Certificate
  */
 open class LoginActivity : FragmentActivity() {
     // View Model
-    protected open val viewModel: LoginViewModel
+    @VisibleForTesting(otherwise = PROTECTED)
+    open val viewModel: LoginViewModel
             by viewModels { SalesforceSDKManager.getInstance().loginViewModelFactory }
 
     // Webview and Clients
@@ -195,6 +199,9 @@ open class LoginActivity : FragmentActivity() {
             SalesforceSDKManager.getInstance().setViewNavigationVisibility(this)
         }
 
+        // Set the Salesforce Welcome Login hint and host for the OAuth authorize URL, if applicable.
+        useLoginHint(intent)
+
         /*
          * For Salesforce Identity API UI Bridge support, the overriding
          * frontdoor bridge URL to use in place of the default initial login URL
@@ -435,7 +442,27 @@ open class LoginActivity : FragmentActivity() {
     }
 
     // endregion
+    // region Salesforce Welcome Login Private Implementation
 
+    /**
+     * Uses the Salesforce Welcome login hint and host in the Intent, if
+     * applicable.
+     */
+    private fun useLoginHint(intent: Intent) {
+
+        viewModel.loginHint = intent.getStringExtra(EXTRA_KEY_LOGIN_HINT)
+        intent.getStringExtra(EXTRA_KEY_LOGIN_HOST)?.let { loginHost ->
+            SalesforceSDKManager.getInstance().loginServerManager.setSelectedLoginServer(
+                LoginServer(
+                    loginHost,
+                    "https://$loginHost",
+                    true
+                )
+            )
+        }
+    }
+
+    // endregion
     // End of Public Functions
 
     protected open fun certAuthOrLogin() {
@@ -1002,6 +1029,15 @@ open class LoginActivity : FragmentActivity() {
         private const val BACKGROUND_COLOR_JAVASCRIPT =
             "(function() { return window.getComputedStyle(document.body, null).getPropertyValue('background-color'); })();"
 
+        // endregion
+        // region Log In With Login Hint Public Implementation
+
+        /** Intent extra key for login hint value */
+        const val EXTRA_KEY_LOGIN_HINT = "login_hint"
+
+        /** Intent extra key for login host to use with login hint */
+        const val EXTRA_KEY_LOGIN_HOST = "login_host"
+
         // endregion
         // region QR Code Login Via Salesforce Identity API UI Bridge Public Implementation
 

libs/SalesforceSDK/src/com/salesforce/androidsdk/ui/LoginViewModel.kt

@@ -163,6 +163,9 @@ open class LoginViewModel(val bootConfig: BootConfig) : ViewModel() {
     @VisibleForTesting
     internal var codeVerifier: String? = null
 
+    /** The Salesforce Welcome Login hint parameter value for the OAuth authorize endpoint */
+    internal var loginHint: String? = null
+
     // Auth code we receive from the JWT swap for magic links.
     internal var authCodeForJwtFlow: String? = null
 
@@ -317,6 +320,7 @@ open class LoginViewModel(val bootConfig: BootConfig) : ViewModel() {
             clientId,
             bootConfig.oauthRedirectURI,
             bootConfig.oauthScopes,
+            loginHint,
             authorizationDisplayType,
             codeChallenge,
             additionalParams

libs/SalesforceSDK/src/com/salesforce/androidsdk/util/AuthConfigUtil.java

@@ -29,6 +29,8 @@
 import android.content.Intent;
 import android.text.TextUtils;
 
+import androidx.annotation.Nullable;
+
 import com.salesforce.androidsdk.app.SalesforceSDKManager;
 import com.salesforce.androidsdk.auth.HttpAccess;
 import com.salesforce.androidsdk.rest.RestResponse;
@@ -63,7 +65,26 @@ public class AuthConfigUtil {
      * @param loginUrl Login URL.
      * @return Auth config.
      */
-    public static MyDomainAuthConfig getMyDomainAuthConfig(String loginUrl) {
+    public static MyDomainAuthConfig getMyDomainAuthConfig(
+            String loginUrl
+    ) {
+        return getMyDomainAuthConfig(null, loginUrl);
+    }
+
+    /**
+     * Returns the auth config associated with a my domain login endpoint. This call
+     * should be made from a background thread since it makes a network request.
+     *
+     * @param httpAccess The HTTP access to use for API integration.  Defaults
+     * to null to use the default HTTP access.  This parameter is intended for
+     * testing purposes only and should not be used in release builds.
+     * @param loginUrl Login URL.
+     * @return Auth config.
+     */
+    public static MyDomainAuthConfig getMyDomainAuthConfig(
+            @Nullable HttpAccess httpAccess,
+            String loginUrl
+    ) {
         if (TextUtils.isEmpty(loginUrl)) {
             return null;
         }
@@ -74,7 +95,8 @@ public static MyDomainAuthConfig getMyDomainAuthConfig(String loginUrl) {
         final String authConfigUrl = loginUrl + MY_DOMAIN_AUTH_CONFIG_ENDPOINT;
         final Request request = new Request.Builder().url(authConfigUrl).get().build();
         try {
-            final Response response = HttpAccess.DEFAULT.getOkHttpClient().newCall(request).execute();
+            final HttpAccess httpAccessResolved = httpAccess != null ? httpAccess : HttpAccess.DEFAULT;
+            final Response response = httpAccessResolved.getOkHttpClient().newCall(request).execute();
             if (response.isSuccessful()) {
                 authConfig = new MyDomainAuthConfig((new RestResponse(response)).asJSONObject());
             }