Merge pull request #2198 from AzureAD/release/1.4.0

MSAL Release 1.4.0

CHANGELOG.md

@@ -1,3 +1,7 @@
+## [1.4.0]:
+* Add platform sequence param. #2192
+* Native auth can now store multiple access tokens related to different resources.
+
 ## [1.3.3]
 * Update common core submodule.
 * Automation improvements.

MSAL.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "MSAL"
-  s.version      = "1.3.3"
+  s.version      = "1.4.0"
   s.summary      = "Microsoft Authentication Library (MSAL) for iOS"
   s.description  = <<-DESC
                    The MSAL library for iOS gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Microsoft Azure B2C for those using our hosted identity management service.

MSAL/MSAL.xcodeproj/project.pbxproj

@@ -253,7 +253,6 @@
 		287F650C2982F4AD00ED90BD /* MSALNativeAuthResponseSerializer.swift in Sources */ = {isa = PBXBuildFile; fileRef = 287F650B2982F4AD00ED90BD /* MSALNativeAuthResponseSerializer.swift */; };
 		287F65182983F77D00ED90BD /* MSALNativeAuthRequestParametersKey.swift in Sources */ = {isa = PBXBuildFile; fileRef = 287F65172983F77D00ED90BD /* MSALNativeAuthRequestParametersKey.swift */; };
 		287F6524298401AE00ED90BD /* MSALNativeAuthResponseSerializerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 287F6523298401AE00ED90BD /* MSALNativeAuthResponseSerializerTests.swift */; };
-		2884855C295DAFD400516492 /* MSALNativeAuthTokens.swift in Sources */ = {isa = PBXBuildFile; fileRef = 2884855B295DAFD400516492 /* MSALNativeAuthTokens.swift */; };
 		289747AC2979487900838C80 /* MSALNativeAuthUrlRequestSerializerTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 289747A92979487900838C80 /* MSALNativeAuthUrlRequestSerializerTests.swift */; };
 		289747B129799C6B00838C80 /* MSALNativeAuthInputValidator.swift in Sources */ = {isa = PBXBuildFile; fileRef = 289747AF29799A8700838C80 /* MSALNativeAuthInputValidator.swift */; };
 		289E15592948E601006104D9 /* MSALNativeAuthCacheInterface.swift in Sources */ = {isa = PBXBuildFile; fileRef = 289E15582948E601006104D9 /* MSALNativeAuthCacheInterface.swift */; };
@@ -1552,7 +1551,6 @@
 		287F650B2982F4AD00ED90BD /* MSALNativeAuthResponseSerializer.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MSALNativeAuthResponseSerializer.swift; sourceTree = "<group>"; };
 		287F65172983F77D00ED90BD /* MSALNativeAuthRequestParametersKey.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MSALNativeAuthRequestParametersKey.swift; sourceTree = "<group>"; };
 		287F6523298401AE00ED90BD /* MSALNativeAuthResponseSerializerTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MSALNativeAuthResponseSerializerTests.swift; sourceTree = "<group>"; };
-		2884855B295DAFD400516492 /* MSALNativeAuthTokens.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MSALNativeAuthTokens.swift; sourceTree = "<group>"; };
 		289747A92979487900838C80 /* MSALNativeAuthUrlRequestSerializerTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = MSALNativeAuthUrlRequestSerializerTests.swift; sourceTree = "<group>"; };
 		289747AF29799A8700838C80 /* MSALNativeAuthInputValidator.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MSALNativeAuthInputValidator.swift; sourceTree = "<group>"; };
 		289E15582948E601006104D9 /* MSALNativeAuthCacheInterface.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MSALNativeAuthCacheInterface.swift; sourceTree = "<group>"; };
@@ -3952,7 +3950,6 @@
 			children = (
 				289E156C2948EB8A006104D9 /* MSALNativeAuthCacheAccessor.swift */,
 				289E15582948E601006104D9 /* MSALNativeAuthCacheInterface.swift */,
-				2884855B295DAFD400516492 /* MSALNativeAuthTokens.swift */,
 			);
 			path = cache;
 			sourceTree = "<group>";
@@ -5746,7 +5743,6 @@
 				E2C61FE729DED73700F15203 /* MSALNativeAuthSignUpChallengeResponseError.swift in Sources */,
 				289747B129799C6B00838C80 /* MSALNativeAuthInputValidator.swift in Sources */,
 				DEE34F7AD170B71C00BC302A /* MSALNativeAuthResetPasswordContinueResponseError.swift in Sources */,
-				2884855C295DAFD400516492 /* MSALNativeAuthTokens.swift in Sources */,
 				28E4D9032A30ABA200280921 /* ResendCodeError.swift in Sources */,
 				E2F6269D2A780DDE00C4A303 /* MSALNativeAuthPublicClientApplication+Internal.swift in Sources */,
 				DEE34F83D170B71C00BC302A /* MSALNativeAuthResetPasswordSubmitResponseError.swift in Sources */,

MSAL/resources/ios/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.3.3</string>
+	<string>1.4.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSPrincipalClass</key>

MSAL/resources/mac/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.3.3</string>
+	<string>1.4.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>

MSAL/src/MSALErrorConverter.m

@@ -112,6 +112,7 @@ + (void)initialize
                                    @(MSIDErrorJITTroubleshootingAcquireToken) : @(MSALErrorJITTroubleshootingAcquireToken),
                                    @(MSIDErrorDeviceNotPSSORegistered) : @(MSALErrorDeviceNotPSSORegistered),
                                    @(MSIDErrorPSSOKeyIdMismatch) : @(MSALErrorPSSOKeyIdMismatch),
+                                   @(MSIDErrorJITErrorHandlingConfigNotFound) : @(MSALErrorJITErrorHandlingConfigNotFound),
 
                                    // Oauth2 errors
                                    @(MSIDErrorServerOauth) : @(MSALInternalErrorAuthorizationFailed),

MSAL/src/MSALPublicClientApplication.m

@@ -111,6 +111,8 @@
 #import "MSIDAssymetricKeyLookupAttributes.h"
 #import "MSIDRequestTelemetryConstants.h"
 #import "MSALWipeCacheForAllAccountsConfig.h"
+#import "NSString+MSIDTelemetryExtensions.h"
+#import "MSIDVersion.h"
 
 @interface MSALPublicClientApplication()
 {
@@ -211,7 +213,7 @@ - (instancetype)initWithConfiguration:(MSALPublicClientApplicationConfig *)confi
                                                                     bypassRedirectValidation:config.bypassRedirectURIValidation
                                                                                        error:&msidError];
 
-    if (!msalRedirectUri)
+    if (!msalRedirectUri && !config.bypassRedirectURIValidation)
     {
         if (error) *error = [MSALErrorConverter msalErrorFromMsidError:msidError];
         return nil;
@@ -863,6 +865,10 @@ - (void)acquireTokenSilentWithParameters:(MSALSilentTokenParameters *)parameters
     NSMutableDictionary *extraURLQueryParameters = [self.internalConfig.extraQueryParameters.extraURLQueryParameters mutableCopy];
     [extraURLQueryParameters addEntriesFromDictionary:parameters.extraQueryParameters];
     msidParams.extraURLQueryParameters = extraURLQueryParameters;
+
+    msidParams.platformSequence = [NSString msidUpdatePlatformSequenceParamWithSrcName:[MSIDVersion platformName]
+                                                                            srcVersion:[MSIDVersion sdkVersion]
+                                                                              sequence:nil];
 
     msidParams.tokenExpirationBuffer = self.internalConfig.tokenExpirationBuffer;
     msidParams.claimsRequest = parameters.claimsRequest.msidClaimsRequest;
@@ -879,6 +885,7 @@ - (void)acquireTokenSilentWithParameters:(MSALSilentTokenParameters *)parameters
     // Nested auth protocol
     msidParams.nestedAuthBrokerClientId = self.internalConfig.nestedAuthBrokerClientId;
     msidParams.nestedAuthBrokerRedirectUri = self.internalConfig.nestedAuthBrokerRedirectUri;
+    msidParams.bypassRedirectURIValidation = self.internalConfig.bypassRedirectURIValidation;
 
     MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, msidParams,
                  @"-[MSALPublicClientApplication acquireTokenSilentForScopes:%@\n"
@@ -1200,6 +1207,10 @@ - (void)acquireTokenWithParameters:(MSALInteractiveTokenParameters *)parameters
     [extraURLQueryParameters addEntriesFromDictionary:parameters.extraQueryParameters];
     msidParams.extraURLQueryParameters = extraURLQueryParameters;
 
+    msidParams.platformSequence = [NSString msidUpdatePlatformSequenceParamWithSrcName:[MSIDVersion platformName]
+                                                                            srcVersion:[MSIDVersion sdkVersion]
+                                                                              sequence:nil];
+
     msidParams.tokenExpirationBuffer = self.internalConfig.tokenExpirationBuffer;
     msidParams.extendedLifetimeEnabled = self.internalConfig.extendedLifetimeEnabled;
     msidParams.clientCapabilities = self.internalConfig.clientApplicationCapabilities;
@@ -1453,7 +1464,9 @@ - (void)signoutWithAccount:(nonnull MSALAccount *)account
     msidParams.validateAuthority = [self shouldValidateAuthorityForRequestAuthority:requestAuthority];
     msidParams.keychainAccessGroup = self.internalConfig.cacheConfig.keychainSharingGroup;
     msidParams.providedAuthority = requestAuthority;
-
+    msidParams.platformSequence = [NSString msidUpdatePlatformSequenceParamWithSrcName:[MSIDVersion platformName]
+                                                                            srcVersion:[MSIDVersion sdkVersion]
+                                                                              sequence:nil];
     NSError *localError;
     BOOL localRemovalResult = [self removeAccountImpl:account wipeAccount:signoutParameters.wipeAccount error:&localError];
 

MSAL/src/MSAL_Internal.h

@@ -26,8 +26,8 @@
 //------------------------------------------------------------------------------
 
 #define MSAL_VER_HIGH       1
-#define MSAL_VER_LOW        3
-#define MSAL_VER_PATCH      3
+#define MSAL_VER_LOW        4
+#define MSAL_VER_PATCH      0
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

MSAL/src/configuration/MSALPublicClientApplicationConfig.m

@@ -130,6 +130,7 @@ - (id)copyWithZone:(NSZone *)zone
     item->_verifiedRedirectUri = [_verifiedRedirectUri copyWithZone:zone];
     item->_extraQueryParameters = [_extraQueryParameters copyWithZone:zone];
     item->_multipleCloudsSupported = _multipleCloudsSupported;
+    item->_bypassRedirectURIValidation = _bypassRedirectURIValidation;
     return item;
 }
 

MSAL/src/native_auth/cache/MSALNativeAuthCacheAccessor.swift

@@ -38,26 +38,17 @@ final class MSALNativeAuthCacheAccessor: MSALNativeAuthCacheInterface {
         self.accountMetadataCache = accountMetadataCache
     }
 
-    func getTokens(
+    func getIdToken(
         account: MSALAccount,
         configuration: MSIDConfiguration,
-        context: MSIDRequestContext) throws -> MSALNativeAuthTokens {
+        context: MSIDRequestContext) throws -> String? {
             let accountConfiguration = try getAccountConfiguration(configuration: configuration, account: account)
             let idToken = try tokenCacheAccessor.getIDToken(
                 forAccount: account.lookupAccountIdentifier,
                 configuration: accountConfiguration,
                 idTokenType: MSIDCredentialType.MSIDIDTokenType,
                 context: context)
-            let refreshToken = try tokenCacheAccessor.getRefreshToken(
-                withAccount: account.lookupAccountIdentifier,
-                familyId: nil,
-                configuration: accountConfiguration,
-                context: context)
-            let accessToken = try tokenCacheAccessor.getAccessToken(
-                forAccount: account.lookupAccountIdentifier,
-                configuration: accountConfiguration,
-                context: context)
-            return MSALNativeAuthTokens(accessToken: accessToken, refreshToken: refreshToken, rawIdToken: idToken.rawIdToken)
+            return idToken.rawIdToken
         }
 
     func getAllAccounts(configuration: MSIDConfiguration) throws -> [MSALAccount] {

MSAL/src/native_auth/cache/MSALNativeAuthCacheInterface.swift

@@ -28,10 +28,10 @@ import Foundation
 protocol MSALNativeAuthCacheInterface {
     init(tokenCache: MSIDDefaultTokenCacheAccessor, accountMetadataCache: MSIDAccountMetadataCacheAccessor)
 
-    func getTokens(
+    func getIdToken(
         account: MSALAccount,
         configuration: MSIDConfiguration,
-        context: MSIDRequestContext) throws -> MSALNativeAuthTokens
+        context: MSIDRequestContext) throws -> String?
 
     func getAllAccounts(configuration: MSIDConfiguration) throws -> [MSALAccount]
 

MSAL/src/native_auth/configuration/MSALNativeAuthConfiguration.swift

@@ -32,18 +32,21 @@ struct MSALNativeAuthConfiguration {
     let clientId: String
     let authority: MSIDCIAMAuthority
     let challengeTypes: [MSALNativeAuthInternalChallengeType]
+    let redirectUri: String?
     var sliceConfig: MSALSliceConfig?
 
     init(
         clientId: String,
         authority: MSALCIAMAuthority,
-        challengeTypes: [MSALNativeAuthInternalChallengeType]) throws {
+        challengeTypes: [MSALNativeAuthInternalChallengeType],
+        redirectUri: String?) throws {
         self.clientId = clientId
         self.authority = try MSIDCIAMAuthority(
             url: authority.url,
             validateFormat: false,
             context: MSALNativeAuthRequestContext()
         )
         self.challengeTypes = challengeTypes
+        self.redirectUri = redirectUri
     }
 }