Skip to content

Commit f604806

Browse files
authored
Merge Hotfix/1.7.44 (#1456)
* Add support of "lookup" mode in broker (#1450) * Add support of "lookup" mode in broker. * Fix tests. * modified: changelog.txt * Support web_page_uri. * modified: changelog.txt * Update changelog. * modified: changelog.txt
1 parent 9eadce5 commit f604806

16 files changed

+45
-3
lines changed

IdentityCore/src/broker_operation/request/token_request/MSIDBrokerOperationTokenRequest.h

+3
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ NS_ASSUME_NONNULL_BEGIN
3636
@property (nonatomic) MSIDProviderType providerType;
3737
@property (nonatomic, nullable) NSString *oidcScope;
3838
@property (nonatomic, nullable) NSDictionary *extraQueryParameters;
39+
@property (nonatomic) BOOL allowAnyExtraURLQueryParameters;
3940
@property (nonatomic) BOOL instanceAware;
4041
@property (nonatomic, nullable) NSDictionary *enrollmentIds;
4142
@property (nonatomic, nullable) NSDictionary *mamResources;
@@ -48,6 +49,8 @@ NS_ASSUME_NONNULL_BEGIN
4849
@property (nonatomic, nullable) NSString *clientSku;
4950
@property (nonatomic) BOOL skipValidateResultAccount;
5051
@property (nonatomic) BOOL forceRefresh;
52+
@property (nonatomic) BOOL ignoreScopeValidation;
53+
5154

5255
+ (BOOL)fillRequest:(MSIDBrokerOperationTokenRequest *)request
5356
withParameters:(MSIDRequestParameters *)parameters

IdentityCore/src/broker_operation/request/token_request/MSIDBrokerOperationTokenRequest.m

+3
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,8 @@ + (BOOL)fillRequest:(MSIDBrokerOperationTokenRequest *)request
6666
request.skipValidateResultAccount = parameters.skipValidateResultAccount;
6767
request.forceRefresh = parameters.forceRefresh;
6868
request.platformSequence = parameters.platformSequence;
69+
request.allowAnyExtraURLQueryParameters = parameters.allowAnyExtraURLQueryParameters;
70+
request.ignoreScopeValidation = parameters.ignoreScopeValidation;
6971
return YES;
7072
}
7173

@@ -153,6 +155,7 @@ - (NSDictionary *)jsonDictionary
153155
json[MSID_CLIENT_SKU_KEY] = self.clientSku;
154156
json[MSID_SKIP_VALIDATE_RESULT_ACCOUNT_KEY] = [@(self.skipValidateResultAccount) stringValue];
155157
json[MSID_FORCE_REFRESH_KEY] = [@(self.forceRefresh) stringValue];
158+
156159
return json;
157160
}
158161

IdentityCore/src/broker_operation/response/browser_native_message_response/MSIDBrowserNativeMessageGetTokenResponse.m

+2-2
Original file line numberDiff line numberDiff line change
@@ -71,15 +71,15 @@ - (NSDictionary *)jsonDictionary
7171
}
7272

7373
__auto_type accountJson = [NSMutableDictionary new];
74-
accountJson[@"userName"] = tokenResponse.idTokenObj.username;
74+
accountJson[@"userName"] = tokenResponse.accountUpn;
7575
accountJson[@"id"] = tokenResponse.accountIdentifier;
7676

7777
response[@"account"] = accountJson;
7878
response[@"state"] = self.state;
7979

8080
__auto_type propertiesJson = [NSMutableDictionary new];
8181
// TODO: once ests follow the latest protocol, this should be removed. Account ID should be read from accountJson.
82-
propertiesJson[@"UPN"] = tokenResponse.idTokenObj.username;
82+
propertiesJson[@"UPN"] = accountJson[@"userName"];
8383
response[@"properties"] = propertiesJson;
8484

8585
return response;

IdentityCore/src/oauth2/MSIDOauth2Factory.m

+1-1
Original file line numberDiff line numberDiff line change
@@ -375,7 +375,7 @@ - (BOOL)fillAccount:(MSIDAccount *)account
375375
fromResponse:(MSIDTokenResponse *)response
376376
configuration:(MSIDConfiguration *)configuration
377377
{
378-
NSString *homeAccountId = response.idTokenObj.userId;
378+
NSString *homeAccountId = response.idTokenObj.userId ?: [response accountIdentifier];
379379

380380
if (!homeAccountId)
381381
{

IdentityCore/src/oauth2/MSIDTokenResponse.h

+2
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,8 @@
9191

9292
@property (nonatomic, readonly, nullable) NSString *accountIdentifier;
9393

94+
@property (nonatomic, readonly, nullable) NSString *accountUpn;
95+
9496
- (nullable instancetype)initWithJSONDictionary:(nonnull NSDictionary *)json
9597
refreshToken:(nullable MSIDBaseToken<MSIDRefreshableToken> *)token
9698
error:(NSError * _Nullable __autoreleasing *_Nullable)error;

IdentityCore/src/oauth2/MSIDTokenResponse.m

+5
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,11 @@ - (NSString *)accountIdentifier
131131
return self.idTokenObj.uniqueId;
132132
}
133133

134+
- (NSString *)accountUpn
135+
{
136+
return self.idTokenObj.username;
137+
}
138+
134139
#pragma mark - Protected
135140

136141
- (MSIDIdTokenClaims *)tokenClaimsFromRawIdToken:(NSString *)rawIdToken error:(NSError *__autoreleasing*)error

IdentityCore/src/oauth2/aad_base/MSIDAADTokenResponse.h

+1
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@
3737
@property (nonatomic, nullable) MSIDClientInfo *clientInfo;
3838
@property (nonatomic, nullable) NSString *familyId;
3939
@property (nonatomic, nullable) NSString *suberror;
40+
/// UPN of the user.
4041
@property (nonatomic, nullable) NSString *additionalUserId;
4142

4243
// Custom properties that ADAL/MSAL handles

IdentityCore/src/oauth2/aad_base/MSIDAADTokenResponse.m

+5
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,11 @@ - (NSString *)accountIdentifier
7979
return self.clientInfo.accountIdentifier;
8080
}
8181

82+
- (NSString *)accountUpn
83+
{
84+
return [super accountUpn] ?: self.additionalUserId;
85+
}
86+
8287
#pragma mark - MSIDJsonSerializable
8388

8489
- (instancetype)initWithJSONDictionary:(NSDictionary *)json error:(NSError *__autoreleasing*)error

IdentityCore/src/parameters/MSIDRequestParameters.h

+3
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@
5454
@property (nonatomic) NSString *oidcScope;
5555
@property (nonatomic) MSIDAccountIdentifier *accountIdentifier;
5656
@property (nonatomic) BOOL validateAuthority;
57+
@property (nonatomic) BOOL ignoreScopeValidation;
5758
@property (nonatomic) NSString *nonce;
5859
@property (nonatomic) NSString *clientSku;
5960
@property (nonatomic) BOOL skipValidateResultAccount;
@@ -67,6 +68,8 @@
6768
@property (nonatomic) NSDictionary *extraTokenRequestParameters;
6869
// Additional URL query parameters that will be added to both token and authorize requests
6970
@property (nonatomic) NSDictionary *extraURLQueryParameters;
71+
// Currently used only in broker to enable/disable EQP filtering.
72+
@property (nonatomic) BOOL allowAnyExtraURLQueryParameters;
7073
@property (nonatomic) NSUInteger tokenExpirationBuffer;
7174
@property (nonatomic) BOOL extendedLifetimeEnabled;
7275
@property (nonatomic) BOOL instanceAware;

IdentityCore/src/requests/sdk/MSIDTokenResponseValidator.h

+1
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,7 @@
6868
- (BOOL)validateTokenResult:(nonnull MSIDTokenResult *)tokenResult
6969
configuration:(nonnull MSIDConfiguration *)configuration
7070
oidcScope:(nullable NSString *)oidcScope
71+
validateScopes:(BOOL)validateScopes
7172
correlationID:(nonnull NSUUID *)correlationID
7273
error:(NSError * _Nullable __autoreleasing * _Nullable)error;
7374

IdentityCore/src/requests/sdk/MSIDTokenResponseValidator.m

+3
Original file line numberDiff line numberDiff line change
@@ -124,6 +124,7 @@ - (MSIDTokenResult *)createTokenResultFromResponse:(MSIDTokenResponse *)tokenRes
124124
- (BOOL)validateTokenResult:(__unused MSIDTokenResult *)tokenResult
125125
configuration:(__unused MSIDConfiguration *)configuration
126126
oidcScope:(__unused NSString *)oidcScope
127+
validateScopes:(__unused BOOL)validateScopes
127128
correlationID:(__unused NSUUID *)correlationID
128129
error:(__unused NSError *__autoreleasing*)error
129130
{
@@ -224,6 +225,7 @@ - (MSIDTokenResult *)validateAndSaveBrokerResponse:(MSIDBrokerResponse *)brokerR
224225
BOOL resultValid = [self validateTokenResult:tokenResult
225226
configuration:configuration
226227
oidcScope:oidcScope
228+
validateScopes:YES
227229
correlationID:correlationID
228230
error:error];
229231

@@ -289,6 +291,7 @@ - (MSIDTokenResult *)validateAndSaveTokenResponse:(MSIDTokenResponse *)tokenResp
289291
BOOL resultValid = [self validateTokenResult:tokenResult
290292
configuration:parameters.msidConfiguration
291293
oidcScope:parameters.oidcScope
294+
validateScopes:!parameters.ignoreScopeValidation
292295
correlationID:parameters.correlationId
293296
error:error];
294297

IdentityCore/src/requests/sdk/adal/MSIDLegacyTokenResponseValidator.m

+1
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ @implementation MSIDLegacyTokenResponseValidator
3737
- (BOOL)validateTokenResult:(MSIDTokenResult *)tokenResult
3838
configuration:(__unused MSIDConfiguration *)configuration
3939
oidcScope:(__unused NSString *)oidcScope
40+
validateScopes:(__unused BOOL)validateScopes
4041
correlationID:(NSUUID *)correlationID
4142
error:(NSError *__autoreleasing*)error
4243
{

IdentityCore/src/requests/sdk/msal/MSIDDefaultTokenResponseValidator.m

+3
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ @implementation MSIDDefaultTokenResponseValidator
3535
- (BOOL)validateTokenResult:(MSIDTokenResult *)tokenResult
3636
configuration:(MSIDConfiguration *)configuration
3737
oidcScope:(NSString *)oidcScope
38+
validateScopes:(BOOL)validateScopes
3839
correlationID:(NSUUID *)correlationID
3940
error:(NSError *__autoreleasing*)error
4041
{
@@ -47,6 +48,8 @@ - (BOOL)validateTokenResult:(MSIDTokenResult *)tokenResult
4748
{
4849
return YES;
4950
}
51+
52+
if (!validateScopes) return YES;
5053

5154
NSOrderedSet *grantedScopes = tokenResult.accessToken.scopes;
5255
NSOrderedSet *normalizedGrantedScopes = grantedScopes.normalizedScopeSet;

IdentityCore/tests/MSIDDefaultTokenResponseValidatorTests.m

+4
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,7 @@ - (void)testValidateTokenResult_whenSomeScopesRejectedByServer_shouldReturnError
8787
[self.validator validateTokenResult:result
8888
configuration:configuration
8989
oidcScope:defaultOidcScope
90+
validateScopes:YES
9091
correlationID:correlationID
9192
error:&error];
9293

@@ -131,6 +132,7 @@ - (void)testValidateTokenResult_whenEmailScopesNotIncludedByServer_shouldReturnV
131132
BOOL validated = [self.validator validateTokenResult:result
132133
configuration:configuration
133134
oidcScope:defaultOidcScope
135+
validateScopes:YES
134136
correlationID:correlationID
135137
error:&error];
136138

@@ -171,6 +173,7 @@ - (void)testValidateTokenResult_whenEmailScopesIncludedByServer_shouldReturnVali
171173
BOOL validated = [self.validator validateTokenResult:result
172174
configuration:configuration
173175
oidcScope:defaultOidcScope
176+
validateScopes:YES
174177
correlationID:correlationID
175178
error:&error];
176179

@@ -206,6 +209,7 @@ - (void)testValidateTokenResult_whenWithValidResponse_shouldReturnValidResult
206209
BOOL validated = [self.validator validateTokenResult:result
207210
configuration:configuration
208211
oidcScope:defaultOidcScope
212+
validateScopes:YES
209213
correlationID:correlationID
210214
error:&error];
211215

IdentityCore/tests/MSIDLegacyTokenResponseValidatorTests.m

+1
Original file line numberDiff line numberDiff line change
@@ -207,6 +207,7 @@ - (void)testValidateTokenResult_whenResultContainsAccount_shouldReturnNoError
207207
BOOL result = [self.validator validateTokenResult:testResult
208208
configuration:[MSIDConfiguration new]
209209
oidcScope:nil
210+
validateScopes:YES
210211
correlationID:[NSUUID new]
211212
error:&error];
212213

changelog.txt

+7
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,16 @@
1+
Version 1.7.44
2+
* Merge 1.7.42-hotfix
3+
14
Version 1.7.43
25
* Support web_page_uri #1440
36
* Save error received from ESTS, and return it to the client on silent broker calls (#1438)
47
* XPC CommonCore Minor change to support broker XPC changes (#1436)
58
* Assign completion block before perform request (#1434)
69

10+
Version 1.7.42-hotfix
11+
* Add support of "lookup" mode in broker #1450
12+
* Support web_page_uri #1440
13+
714
Version 1.7.42
815
* Support extra query parameters on signout (#1243)
916
* Wrap ASAuthorizationProviderExtensionAuthorizationRequest methods (#1427)

0 commit comments

Comments
 (0)