UI Tests for auth flows

libs/SalesforceSDKCore/SalesforceSDKCore.xcodeproj/xcshareddata/xcschemes/SalesforceSDKCore.xcscheme

@@ -26,7 +26,8 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES">
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      codeCoverageEnabled = "YES">
       <MacroExpansion>
          <BuildableReference
             BuildableIdentifier = "primary"

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/Common/SalesforceSDKManager.m

@@ -493,7 +493,7 @@ - (NSString *)devInfoTitleString
                 [presentedViewController dismissViewControllerAnimated:YES completion:^{
                     // Restart authentication with the updated configuration
                     if ([presentedViewController isKindOfClass:[SFLoginViewController class]]) {
-                        [[SFUserAccountManager sharedInstance] restartAuthenticationForViewController:(SFLoginViewController *)presentedViewController];
+                        [[SFUserAccountManager sharedInstance] restartAuthenticationForViewController:(SFLoginViewController *)presentedViewController recreateAuthRequest:YES];
                     }
                     // TODO support advanced auth case
                 }];

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/Login/DevConfig/BootConfigEditor.swift

@@ -27,6 +27,13 @@
 
 import SwiftUI
 
+// MARK: - JSON Import Labels
+public struct BootConfigJSONKeys {
+    public static let consumerKey = "remoteAccessConsumerKey"
+    public static let redirectUri = "oauthRedirectURI"
+    public static let scopes = "scopes"
+}
+
 public struct BootConfigEditor: View {
     let title: String
     let buttonLabel: String
@@ -38,6 +45,8 @@ public struct BootConfigEditor: View {
     let onUseConfig: () -> Void
     let initiallyExpanded: Bool
     @State private var isExpanded: Bool = false
+    @State private var showImportAlert: Bool = false
+    @State private var importJSONText: String = ""
 
     public init(
         title: String,
@@ -63,21 +72,32 @@ public struct BootConfigEditor: View {
 
     public var body: some View {
         VStack(alignment: .leading, spacing: 12) {
-            Button(action: {
-                withAnimation {
-                    isExpanded.toggle()
+            HStack {
+                Button(action: {
+                    withAnimation {
+                        isExpanded.toggle()
+                    }
+                }) {
+                    HStack {
+                        Text(title)
+                            .font(.headline)
+                            .foregroundColor(.primary)
+                        Spacer()
+                        Image(systemName: isExpanded ? "chevron.up" : "chevron.down")
+                            .foregroundColor(.secondary)
+                    }
                 }
-            }) {
-                HStack {
-                    Text(title)
-                        .font(.headline)
-                        .foregroundColor(.primary)
-                    Spacer()
-                    Image(systemName: isExpanded ? "chevron.up" : "chevron.down")
-                        .foregroundColor(.secondary)
+                Button(action: {
+                    importJSONText = ""
+                    showImportAlert = true
+                }) {
+                    Image(systemName: "square.and.arrow.down")
+                        .font(.subheadline)
+                        .foregroundColor(.blue)
                 }
-                .padding(.horizontal)
+                .accessibilityIdentifier("importConfigButton")
             }
+            .padding(.horizontal)
 
             if isExpanded {
                 VStack(alignment: .leading, spacing: 8) {
@@ -130,6 +150,34 @@ public struct BootConfigEditor: View {
         .onAppear {
             isExpanded = initiallyExpanded
         }
+        .alert("Import Configuration", isPresented: $showImportAlert) {
+            TextField("Paste JSON here", text: $importJSONText)
+            Button("Import") {
+                importConfigFromJSON()
+            }
+            Button("Cancel", role: .cancel) { }
+        } message: {
+            Text("Paste JSON with remoteAccessConsumerKey, oauthRedirectURI, and scopes")
+        }
+    }
+
+    // MARK: - Helper Methods
+
+    private func importConfigFromJSON() {
+        guard let jsonData = importJSONText.data(using: .utf8),
+              let json = try? JSONSerialization.jsonObject(with: jsonData, options: []) as? [String: Any] else {
+            return
+        }
+
+        if let key = json[BootConfigJSONKeys.consumerKey] as? String {
+            consumerKey = key
+        }
+        if let uri = json[BootConfigJSONKeys.redirectUri] as? String {
+            callbackUrl = uri
+        }
+        if let scopesValue = json[BootConfigJSONKeys.scopes] as? String {
+            scopes = scopesValue
+        }
     }
 }
 

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/Login/SFLoginViewController.h

@@ -54,6 +54,9 @@ NS_SWIFT_NAME(SalesforceLoginViewControllerDelegate)
 
 - (void)loginViewControllerDidReload:(nonnull SFLoginViewController *)loginViewController;
 
+- (void)loginViewControllerDidChangeLoginOptions:(nonnull SFLoginViewController *)loginViewController;
+
+
 @end
 
 /** The Salesforce login screen view.

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/Login/SFLoginViewController.m

@@ -317,8 +317,8 @@ - (UIBarButtonItem *)createSettingsButton {
                                                  handler:^(__kindof UIAction* _Nonnull action) {
             UIViewController *configPicker = [BootConfigPickerViewController makeViewControllerOnConfigurationCompleted:^{
                 [self dismissViewControllerAnimated:YES completion:^{
-                    if ([self.delegate respondsToSelector:@selector(loginViewControllerDidReload:)]) {
-                        [self.delegate loginViewControllerDidReload:self];
+                    if ([self.delegate respondsToSelector:@selector(loginViewControllerDidChangeLoginOptions:)]) {
+                        [self.delegate loginViewControllerDidChangeLoginOptions:self];
                     }
                 }];
             }];

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/OAuth/SFOAuthCoordinator+Internal.h

@@ -81,7 +81,7 @@ NS_ASSUME_NONNULL_BEGIN
  * Returns the scope query parameter string for OAuth requests.
  * @return A properly formatted scope parameter string, or empty string if no scopes provided.
  */
-- (NSString *)scopeQueryParamString;
+- (NSString *)scopeQueryParamString:(NSArray<NSString*>*)scopes;
 
 /**
  Migrates the refresh token for a user to a new app configuration.

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/OAuth/SFOAuthCoordinator.m

@@ -821,7 +821,7 @@ - (NSString *)approvalURLForEndpoint:(NSString *)authorizeEndpoint
     }
 
     // OAuth scopes
-    NSString *scopeString = [self scopeQueryParamString];
+    NSString *scopeString = [self scopeQueryParamString:credentials.scopes];
     if (scopeString.length > 0) {
         [approvalUrlString appendString:scopeString];
     }
@@ -842,9 +842,9 @@ -(void) clearFrontDoorBridgeLoginOverride {
     self.frontdoorBridgeLoginOverride = nil;
 }
 
-- (NSString *)scopeQueryParamString {
-    if (self.scopes.count > 0) {
-        NSString *scopeStr = [SFScopeParser computeScopeParameterWithURLEncodingWithScopes:self.scopes];
+- (NSString *)scopeQueryParamString:(NSArray<NSString*>*)scopes {
+    if (scopes.count > 0) {
+        NSString *scopeStr = [SFScopeParser computeScopeParameterWithURLEncodingWithScopes:[NSSet setWithArray:scopes]];
         return [NSString stringWithFormat:@"&%@=%@", kSFOAuthScope, scopeStr];
     } else {
         return @"";

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/OAuth/SFSDKAuthSession.m

@@ -73,6 +73,7 @@ - (SFOAuthCredentials *)newClientCredentials {
     creds.clientId = self.oauthRequest.oauthClientId;
     creds.redirectUri = self.oauthRequest.oauthCompletionUrl;
     creds.domain = self.oauthRequest.loginHost;
+    creds.scopes = [self.oauthRequest.scopes allObjects];
     creds.accessToken = nil;
     return creds;
 }

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/UserAccount/SFUserAccountManager+Internal.h

@@ -218,6 +218,9 @@ Set this block to handle presentation of the Authentication View Controller.
 
 - (void)restartAuthenticationForViewController:(SFLoginViewController *)loginViewController;
 
+- (void)restartAuthenticationForViewController:(SFLoginViewController *)loginViewController recreateAuthRequest:(BOOL)recreateAuthRequest;
+
+
 @end
 
 NS_ASSUME_NONNULL_END

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/UserAccount/SFUserAccountManager.m

@@ -579,6 +579,7 @@ -(SFSDKAuthRequest *)migrateRefreshAuthRequest:(SFSDKAppConfig *)newAppConfig {
     request.additionalOAuthParameterKeys = self.additionalOAuthParameterKeys;
     request.oauthClientId = newAppConfig.remoteAccessConsumerKey;
     request.oauthCompletionUrl = newAppConfig.oauthRedirectURI;
+    request.scopes = newAppConfig.oauthScopes;
     request.scene = [[SFSDKWindowManager sharedManager] defaultScene];
     return request;
 }
@@ -1119,9 +1120,26 @@ - (void)loginViewControllerDidReload:(SFLoginViewController *)loginViewControlle
     [self restartAuthenticationForViewController:loginViewController];
 }
 
+- (void)loginViewControllerDidChangeLoginOptions:(SFLoginViewController *)loginViewController {
+    [self restartAuthenticationForViewController:loginViewController recreateAuthRequest:YES];
+}
+
 - (void)restartAuthenticationForViewController:(SFLoginViewController *)loginViewController {
+    [self restartAuthenticationForViewController:loginViewController recreateAuthRequest:NO];
+}
+
+- (void)restartAuthenticationForViewController:(SFLoginViewController *)loginViewController recreateAuthRequest:(BOOL)recreateAuthRequest {
     NSString *sceneId = loginViewController.view.window.windowScene.session.persistentIdentifier;
-    [self restartAuthentication:self.authSessions[sceneId]];
+
+    SFSDKAuthSession* session = self.authSessions[sceneId];
+
+    // Recreate the oauth request
+    // Otherwise changes to consumer key / callback url or scopes will not get picked up
+    if (recreateAuthRequest) {
+        session.oauthRequest = [self defaultAuthRequestWithLoginHost:session.oauthRequest.loginHost];
+    }
+
+    [self restartAuthentication:session];
 }
 
 #pragma mark - SFSDKLoginHostDelegate

libs/SalesforceSDKCore/SalesforceSDKCoreTests/SalesforceOAuthUnitTests.m

@@ -464,10 +464,10 @@ - (void)testDefaultTokenEncryption {
 - (void)testScopeQueryParamStringEmptyScopes {
     // Given
     SFOAuthCoordinator *coordinator = [[SFOAuthCoordinator alloc] init];
-    coordinator.scopes = [NSSet set];
+    NSArray<NSString*> *scopes = [NSArray array];
 
     // When
-    NSString *result = [coordinator scopeQueryParamString];
+    NSString *result = [coordinator scopeQueryParamString:scopes];
 
     // Then
     XCTAssertEqualObjects(result, @"", @"Empty scopes should return empty string");
@@ -476,10 +476,10 @@ - (void)testScopeQueryParamStringEmptyScopes {
 - (void)testScopeQueryParamStringNilScopes {
     // Given
     SFOAuthCoordinator *coordinator = [[SFOAuthCoordinator alloc] init];
-    coordinator.scopes = nil;
+    NSArray<NSString*> *scopes = nil;
 
     // When
-    NSString *result = [coordinator scopeQueryParamString];
+    NSString *result = [coordinator scopeQueryParamString:scopes];
 
     // Then
     XCTAssertEqualObjects(result, @"", @"Nil scopes should return empty string");
@@ -488,10 +488,10 @@ - (void)testScopeQueryParamStringNilScopes {
 - (void)testScopeQueryParamStringSingleScope {
     // Given
     SFOAuthCoordinator *coordinator = [[SFOAuthCoordinator alloc] init];
-    coordinator.scopes = [NSSet setWithObject:@"web"];
+    NSArray<NSString*> *scopes = @[@"web"];
 
     // When
-    NSString *result = [coordinator scopeQueryParamString];
+    NSString *result = [coordinator scopeQueryParamString:scopes];
 
     // Then
     // Should include refresh_token and the provided scope, URL encoded
@@ -501,10 +501,10 @@ - (void)testScopeQueryParamStringSingleScope {
 - (void)testScopeQueryParamStringMultipleScopes {
     // Given
     SFOAuthCoordinator *coordinator = [[SFOAuthCoordinator alloc] init];
-    coordinator.scopes = [NSSet setWithObjects:@"web", @"api", @"id", nil];
+    NSArray<NSString*> *scopes = @[@"web", @"api", @"id"];
 
     // When
-    NSString *result = [coordinator scopeQueryParamString];
+    NSString *result = [coordinator scopeQueryParamString:scopes];
 
     // Then
     // Should include refresh_token and all provided scopes, sorted and URL encoded
@@ -514,10 +514,10 @@ - (void)testScopeQueryParamStringMultipleScopes {
 - (void)testScopeQueryParamStringWithRefreshTokenAlreadyPresent {
     // Given
     SFOAuthCoordinator *coordinator = [[SFOAuthCoordinator alloc] init];
-    coordinator.scopes = [NSSet setWithObjects:@"web", @"api", @"refresh_token", nil];
-    
+    NSArray<NSString*> *scopes = @[@"web", @"api", @"refresh_token"];
+
     // When
-    NSString *result = [coordinator scopeQueryParamString];
+    NSString *result = [coordinator scopeQueryParamString:scopes];
 
     // Then
     // Should still work correctly even if refresh_token is already present