Allow consumer key to be defined at runtime by application

.github/DangerFiles/TestOrchestrator.rb

@@ -10,6 +10,7 @@
 SCHEMES = ['SalesforceSDKCommon', 'SalesforceAnalytics', 'SalesforceSDKCore', 'SmartStore', 'MobileSync']
 
 modifed_libs = Set[]
+
 for file in (git.modified_files + git.added_files);
     scheme = file.split("libs/").last.split("/").first
     if SCHEMES.include?(scheme) 

.github/workflows/nightly.yaml

@@ -31,7 +31,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        app: [RestAPIExplorer, MobileSyncExplorer]
+        app: [RestAPIExplorer, MobileSyncExplorer, AuthFlowTester]
         ios: [^26, ^18, ^17]
         include:
           - ios: ^26

.github/workflows/pr.yaml

@@ -120,7 +120,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        app: [RestAPIExplorer, MobileSyncExplorer]
+        app: [RestAPIExplorer, MobileSyncExplorer, AuthFlowTester]
         ios: [^26, ^18]
         include:
           - ios: ^26

SalesforceMobileSDK.xcworkspace/xcshareddata/xcschemes/Everything.xcscheme

@@ -266,7 +266,7 @@
             buildForAnalyzing = "YES">
             <BuildableReference
                BuildableIdentifier = "primary"
-               BlueprintIdentifier = "B716A3E3218F6EEA009D407F"
+               BlueprintIdentifier = "F27137B928405BB8003B3D69"
                BuildableName = "SalesforceSDKCommonTestApp.app"
                BlueprintName = "SalesforceSDKCommonTestApp"
                ReferencedContainer = "container:libs/SalesforceSDKCommon/SalesforceSDKCommon.xcodeproj">

SalesforceMobileSDK.xcworkspace/xcshareddata/xcschemes/UnitTests.xcscheme

@@ -266,7 +266,7 @@
             buildForAnalyzing = "YES">
             <BuildableReference
                BuildableIdentifier = "primary"
-               BlueprintIdentifier = "B716A3E3218F6EEA009D407F"
+               BlueprintIdentifier = "F27137B928405BB8003B3D69"
                BuildableName = "SalesforceSDKCommonTestApp.app"
                BlueprintName = "SalesforceSDKCommonTestApp"
                ReferencedContainer = "container:libs/SalesforceSDKCommon/SalesforceSDKCommon.xcodeproj">

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/Common/SalesforceSDKManager.h

@@ -203,6 +203,19 @@ NS_SWIFT_NAME(SalesforceManager)
  */
 @property (nonatomic, copy) SFSDKUserAgentCreationBlock userAgentString NS_SWIFT_NAME(userAgentGenerator);
 
+/**
+ Block to dynamically select the app config at runtime based on login host.
+
+ NB: SFUserAccountManager stores the consumer key, callback URL, etc. in its shared
+ instance, backed by shared prefs and initialized from the static boot config.
+ Previously, the app always used these shared instance values for login.
+ Now, the app can inject alternate values instead — in that case, the shared
+ instance and prefs are left untouched (not read or overwritten).
+ The consumer key and related values used for login are saved in the user
+ account credentials (as before) and therefore used later for token refresh.
+ */
+ @property (nonatomic, copy, nullable) SFSDKAppConfigRuntimeSelectorBlock appConfigRuntimeSelectorBlock NS_SWIFT_NAME(bootConfigRuntimeSelector);
+
 /** Use this flag to indicate if the APP will be an identity provider. When enabled this flag allows this application to perform authentication on behalf of another app.
  */
 @property (nonatomic,assign) BOOL isIdentityProvider NS_SWIFT_NAME(isIdentityProvider);
@@ -306,6 +319,17 @@ NS_SWIFT_NAME(SalesforceManager)
  */
 - (id <SFBiometricAuthenticationManager>)biometricAuthenticationManager;
 
+/**
+ * Asynchronously retrieves the app config (aka boot config) for the specified login host.
+ *
+ * If an appConfigRuntimeSelectorBlock is set, it will be invoked to select the appropriate config.
+ * If the block is not set or returns nil, the default appConfig will be returned.
+ *
+ * @param loginHost The selected login host
+ * @param callback The callback invoked with the selected app config
+ */
+- (void)appConfigForLoginHost:(nullable NSString *)loginHost callback:(nonnull void (^)(SFSDKAppConfig * _Nullable))callback NS_SWIFT_NAME(bootConfig(forLoginHost:callback:));
+
 /**
  * Creates the NativeLoginManager instance.
  *

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/Common/SalesforceSDKManager.m

@@ -914,6 +914,19 @@ - (void)biometricAuthenticationFlowDidComplete:(NSNotification *)notification {
     return [SFScreenLockManagerInternal shared];
 }
 
+#pragma mark - Runtime App Config (aka Bootconfig) Override
+
+- (void) appConfigForLoginHost:(nullable NSString *)loginHost callback:(nonnull void (^)(SFSDKAppConfig * _Nullable))callback {
+    if (self.appConfigRuntimeSelectorBlock) {
+        self.appConfigRuntimeSelectorBlock(loginHost, ^(SFSDKAppConfig *config) {
+            // Fall back to default appConfig if the selector block returns nil
+            callback(config ?: self.appConfig);
+        });
+    } else {
+        callback(self.appConfig);
+    }
+}
+
 #pragma mark - Native Login
 
 - (id <SFNativeLoginManager>)useNativeLoginWithConsumerKey:(nonnull NSString *)consumerKey
@@ -964,7 +977,7 @@ - (void)biometricAuthenticationFlowDidComplete:(NSNotification *)notification {
 
     return nativeLogin;
 }
-
+    
 @end
 
 NSString *SFAppTypeGetDescription(SFAppType appType){

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/OAuth/JwtAccessToken.swift

@@ -30,12 +30,12 @@ import Foundation
 
 /// Struct representing a JWT Header
 public struct JwtHeader: Codable {
-    let algorithm: String?
-    let type: String?
-    let keyId: String?
-    let tokenType: String?
-    let tenantKey: String?
-    let version: String?
+    public let algorithm: String?
+    public let type: String?
+    public let keyId: String?
+    public let tokenType: String?
+    public let tenantKey: String?
+    public let version: String?
 
     enum CodingKeys: String, CodingKey {
         case algorithm = "alg"
@@ -49,13 +49,13 @@ public struct JwtHeader: Codable {
 
 /// Struct representing a JWT Payload
 public struct JwtPayload: Codable {
-    let audience: [String]?
-    let expirationTime: Int?
-    let issuer: String?
-    let notBeforeTime: Int?
-    let subject: String?
-    let scopes: String?
-    let clientId: String?
+    public let audience: [String]?
+    public let expirationTime: Int?
+    public let issuer: String?
+    public let notBeforeTime: Int?
+    public let subject: String?
+    public let scopes: String?
+    public let clientId: String?
 
     enum CodingKeys: String, CodingKey {
         case audience = "aud"
@@ -71,9 +71,9 @@ public struct JwtPayload: Codable {
 /// Class representing a JWT Access Token
 @objc(SFSDKJwtAccessToken)
 public class JwtAccessToken : NSObject {
-    let rawJwt: String
-    let header: JwtHeader
-    let payload: JwtPayload
+    public let rawJwt: String
+    public let header: JwtHeader
+    public let payload: JwtPayload
 
     /// Initializer to parse and decode the JWT string
     @objc public init(jwt: String) throws {
@@ -116,7 +116,7 @@ public class JwtAccessToken : NSObject {
     }
 
     /// Helper method to decode Base64 URL-encoded strings
-    private static func decodeBase64Url(_ string: String) throws -> String {
+    public static func decodeBase64Url(_ string: String) throws -> String {
         var base64 = string
             .replacingOccurrences(of: "-", with: "+")
             .replacingOccurrences(of: "_", with: "/")
@@ -133,7 +133,7 @@ public class JwtAccessToken : NSObject {
     }
 
     /// Custom errors for JWT decoding
-    enum JwtError: Error {
+    public enum JwtError: Error {
         case invalidFormat
         case invalidBase64
     }

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/Test/SFSDKTestCredentialsData.h

@@ -39,6 +39,8 @@ NS_ASSUME_NONNULL_BEGIN
 @property (nonatomic, readonly) NSString *redirectUri;
 @property (nonatomic, readonly) NSString *loginHost;
 @property (nonatomic, readonly) NSString *communityUrl;
+@property (nonatomic, readonly) NSString *username;
+@property (nonatomic, readonly) NSString *displayName;
 
 @end
 

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/Test/SFSDKTestCredentialsData.m

@@ -88,4 +88,14 @@ - (NSString *)communityUrl
     return _credentialsDict[@"community_url"];
 }
 
+- (NSString *)username
+{
+    return _credentialsDict[@"username"];
+}
+
+- (NSString *)displayName
+{
+    return _credentialsDict[@"display_name"];
+}
+
 @end

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/UserAccount/SFUserAccountManager+Internal.h

@@ -201,7 +201,8 @@ Set this block to handle presentation of the Authentication View Controller.
 
 - (SFSDKAuthRequest *)defaultAuthRequest;
 
-- (SFSDKAuthRequest *)defaultAuthRequestWithLoginHost:(nullable NSString *)loginHost;
+- (SFSDKAuthRequest *)authRequestWithLoginHost:(nullable NSString *)loginHost appConfig:(nullable SFSDKAppConfig*)appConfig;
+
 
 - (BOOL)loginWithCompletion:(nullable SFUserAccountManagerSuccessCallbackBlock)completionBlock
                     failure:(nullable SFUserAccountManagerFailureCallbackBlock)failureBlock

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/UserAccount/SFUserAccountManager.m

@@ -155,7 +155,7 @@
 }
 @end
 
 @implementation SFUserAccountManager
 
 @synthesize currentUser = _currentUser;
 @synthesize userAccountMap = _userAccountMap;
@@ -613,9 +613,16 @@
 
     dispatch_async(dispatch_get_main_queue(), ^{
         [SFSDKWebViewStateManager removeSessionForcefullyWithCompletionHandler:^{
-            [authSession.oauthCoordinator authenticateWithCredentials:authSession.credentials];
+            // Get app config for the login host. If appConfigRuntimeSelectorBlock is set,
+            // it will be invoked to select the appropriate config. Otherwise, returns the default appConfig.
+            [[SalesforceSDKManager sharedManager] appConfigForLoginHost:request.loginHost callback:^(SFSDKAppConfig* appConfig) {
+                authSession.credentials.clientId = appConfig.remoteAccessConsumerKey;
+                authSession.credentials.redirectUri = appConfig.oauthRedirectURI;
+                authSession.credentials.scopes = [appConfig.oauthScopes allObjects];
+                [authSession.oauthCoordinator authenticateWithCredentials:authSession.credentials];
+            }];
         }];
-            
+
     });
     return self.authSessions[sceneId].isAuthenticating;
 }

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/Util/SalesforceSDKCoreDefines.h

@@ -24,7 +24,9 @@
 
 #import <Foundation/Foundation.h>
 @class SFUserAccount;
+@class SFSDKAppConfig;
 @class UIViewController;
+@class SFSDKAppConfig;
 @protocol SFSDKLoginFlowSelectionView;
 @protocol SFSDKUserSelectionView;
 
@@ -53,4 +55,10 @@ typedef UIViewController<SFSDKLoginFlowSelectionView>*_Nonnull (^SFIDPLoginFlowS
  */
 typedef UIViewController<SFSDKUserSelectionView>*_Nonnull (^SFIDPUserSelectionBlock)(void) NS_SWIFT_NAME(IDPUserSelectionBlock);
 
+/**
+ Block to select an app config at runtime based on the login host.
+ The block takes a login host and a callback. The callback should be invoked with the selected app config.
+ */
+ typedef void (^SFSDKAppConfigRuntimeSelectorBlock)(NSString * _Nonnull loginHost, void (^_Nonnull callback)(SFSDKAppConfig * _Nullable)) NS_SWIFT_NAME(BootConfigRuntimeSelector);
+
 NS_ASSUME_NONNULL_END

libs/SalesforceSDKCore/SalesforceSDKCoreTests/SalesforceSDKManagerTests.m

@@ -485,4 +485,118 @@ - (void)compareAppNames:(NSString *)expectedAppName
     XCTAssertTrue([userAgent containsString:expectedAppName], @"App names should match");
 }
 
+#pragma mark - Runtime Selected App Config Tests
+
+- (void)verifyAppConfigForLoginHost:(NSString *)loginHost
+                        description:(NSString *)description
+                         assertions:(void (^)(SFSDKAppConfig *config))assertions {
+    XCTestExpectation *expectation = [self expectationWithDescription:description];
+    [[SalesforceSDKManager sharedManager] appConfigForLoginHost:loginHost callback:^(SFSDKAppConfig *config) {
+        assertions(config);
+        [expectation fulfill];
+    }];
+    [self waitForExpectations:@[expectation] timeout:1.0];
+}
+
+- (void)testAppConfigForLoginHostReturnsDefaultWhenBlockNotSet {
+    // Clear any existing block
+    [SalesforceSDKManager sharedManager].appConfigRuntimeSelectorBlock = nil;
+
+    // Get the default app config for comparison
+    SFSDKAppConfig *defaultConfig = [SalesforceSDKManager sharedManager].appConfig;
+
+    // Test with nil loginHost - should return default config
+    [self verifyAppConfigForLoginHost:nil
+                          description:@"Callback should be called with default config"
+                           assertions:^(SFSDKAppConfig *config) {
+        XCTAssertEqual(config, defaultConfig, @"Should return default appConfig when no selector block is set");
+    }];
+
+    // Test with a loginHost - should still return default config
+    [self verifyAppConfigForLoginHost:@"https://test.salesforce.com"
+                          description:@"Callback should be called with default config"
+                           assertions:^(SFSDKAppConfig *config) {
+        XCTAssertEqual(config, defaultConfig, @"Should return default appConfig when no selector block is set, regardless of loginHost");
+    }];
+}
+
+- (void)testAppConfigForLoginHostWithDifferentLoginHosts {
+    NSString *loginHost1 = @"https://login.salesforce.com";
+    NSString *loginHost2 = @"https://test.salesforce.com";
+
+    NSDictionary *config1Dict = @{
+        @"remoteAccessConsumerKey": @"clientId1",
+        @"oauthRedirectURI": @"app1://oauth/done",
+        @"shouldAuthenticate": @YES
+    };
+    SFSDKAppConfig *config1 = [[SFSDKAppConfig alloc] initWithDict:config1Dict];
+
+    NSDictionary *config2Dict = @{
+        @"remoteAccessConsumerKey": @"clientId2",
+        @"oauthRedirectURI": @"app2://oauth/done",
+        @"shouldAuthenticate": @YES
+    };
+    SFSDKAppConfig *config2 = [[SFSDKAppConfig alloc] initWithDict:config2Dict];
+
+    // Get the default app config for comparison
+    SFSDKAppConfig *defaultConfig = [SalesforceSDKManager sharedManager].appConfig;
+
+    // Set the selector block to return different configs based on loginHost
+    [SalesforceSDKManager sharedManager].appConfigRuntimeSelectorBlock = ^(NSString *loginHost, void (^callback)(SFSDKAppConfig *)) {
+        if ([loginHost isEqualToString:loginHost1]) {
+            callback(config1);
+        } else if ([loginHost isEqualToString:loginHost2]) {
+            callback(config2);
+        } else {
+            callback(nil);
+        }
+    };
+
+    // Test first loginHost
+    [self verifyAppConfigForLoginHost:loginHost1
+                          description:@"First callback should be called"
+                           assertions:^(SFSDKAppConfig *result1) {
+        XCTAssertNotNil(result1, @"Should return config for loginHost1");
+        XCTAssertEqual(result1, config1, @"Should return config1 for loginHost1");
+        XCTAssertEqualObjects(result1.remoteAccessConsumerKey, @"clientId1", @"Should have correct client ID for config1");
+    }];
+
+    // Test second loginHost
+    [self verifyAppConfigForLoginHost:loginHost2
+                          description:@"Second callback should be called"
+                           assertions:^(SFSDKAppConfig *result2) {
+        XCTAssertNotNil(result2, @"Should return config for loginHost2");
+        XCTAssertEqual(result2, config2, @"Should return config2 for loginHost2");
+        XCTAssertEqualObjects(result2.remoteAccessConsumerKey, @"clientId2", @"Should have correct client ID for config2");
+    }];
+
+    // Test with nil loginHost - should return default config
+    [self verifyAppConfigForLoginHost:nil
+                          description:@"Callback should be called with default config"
+                           assertions:^(SFSDKAppConfig *config) {
+        XCTAssertEqual(config, defaultConfig, @"Should return default appConfig when nil loginHost is passed");
+    }];
+}
+
+- (void)testAppConfigForLoginHostReturnsDefaultWhenBlockReturnsNil {
+    __block BOOL blockWasCalled = NO;
+
+    // Get the default app config for comparison
+    SFSDKAppConfig *defaultConfig = [SalesforceSDKManager sharedManager].appConfig;
+
+    // Set the selector block to return nil via callback
+    [SalesforceSDKManager sharedManager].appConfigRuntimeSelectorBlock = ^(NSString *loginHost, void (^callback)(SFSDKAppConfig *)) {
+        blockWasCalled = YES;
+        callback(nil);
+    };
+
+    // Call the method - should fall back to default config even though block returns nil
+    [self verifyAppConfigForLoginHost:@"https://test.salesforce.com"
+                          description:@"Callback should be called"
+                           assertions:^(SFSDKAppConfig *config) {
+        XCTAssertTrue(blockWasCalled, @"Block should have been called");
+        XCTAssertEqual(config, defaultConfig, @"Should return default appConfig when block returns nil");
+    }];
+}
+
 @end