Merge branch 'dev' of https://github.com/AzureAD/microsoft-aut status

thentication-library-common-for-android into fadi/publish-libraries-to-newandroid-feed

Author: fadidurah

changelog.txt

@@ -1,5 +1,7 @@
 vNext
 ----------
+- [PATCH] Fix Edge browser selection on devices where Microsoft Edge is the default browser: add the rotated Edge signing certificate hash to the Edge BrowserDescriptor and accept multi-signer browsers when any signature intersects the safelist, instead of requiring strict set-equality (resolves MSAL #2414)
+- [MINOR] Refactor Auth Tab integration to use provider-based strategy selection. Adds AuthTabStrategyProvider and BrowserLaunchStrategy with Custom Tabs fallback. Compatible with androidx.browser:browser:1.7.0.
 - [MINOR] Add provisionResourceAccountCredentials API to DeviceRegistrationClientApplication with V0 protocol params/response and add IPPhone to AppRegistry (#3086)
 - [PATCH] Extend filter-then-clone optimization to deleteAccessTokensWithIntersectingScopes and add telemetry attributes (#3114)
 - [PATCH] Wire ClientDataInfo through AcquireTokenResult, exceptions (#3109)

common/build.gradle

@@ -259,7 +259,7 @@ dependencies {
     testImplementation "junit:junit:$rootProject.ext.junitVersion"
     testImplementation "org.mockito:mockito-core:$rootProject.ext.mockitoCoreVersion"
     testImplementation "org.mockito.kotlin:mockito-kotlin:$rootProject.ext.mockitoKotlinVersion"
-    testImplementation "io.mockk:mockk:1.11.0"
+    testImplementation "io.mockk:mockk:1.13.10"
 
     testImplementation "org.powermock:powermock-module-junit4:$rootProject.ext.powerMockVersion"
     testImplementation "org.powermock:powermock-module-junit4-rule:$rootProject.ext.powerMockVersion"

common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/AuthTabStrategyProvider.kt

@@ -0,0 +1,94 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.providers.oauth2
+
+import android.content.Context
+import android.os.Bundle
+import androidx.fragment.app.FragmentActivity
+import com.microsoft.identity.common.logging.Logger
+
+/**
+ * Registry for Auth Tab strategy integration provided by consumers outside Common.
+ *
+ * Common intentionally does not depend on browser 1.9.0 APIs, so external modules register
+ * support checks and strategy creation here.
+ */
+object AuthTabStrategyProvider {
+
+    /**
+     * Immutable holder so both callbacks are published atomically through a single
+     * volatile reference. This prevents readers from observing a half-registered
+     * state where, for example, [isAvailable] returns true while
+     * [isAuthTabSupported] still sees a null support checker.
+     */
+    private data class Registration(
+        val strategyFactory: (FragmentActivity, (Bundle) -> Unit) -> BrowserLaunchStrategy,
+        val supportChecker: (Context, String) -> Boolean
+    )
+
+    @Volatile
+    private var registration: Registration? = null
+
+    private val tag = AuthTabStrategyProvider::class.java.simpleName
+
+    /**
+     * Registers Auth Tab strategy creation and support checking callbacks.
+     *
+     * Both callbacks become visible to other threads atomically.
+     */
+    fun register(
+        factory: (FragmentActivity, (Bundle) -> Unit) -> BrowserLaunchStrategy,
+        isSupported: (Context, String) -> Boolean
+    ) {
+        registration = Registration(factory, isSupported)
+        Logger.info("$tag:register", "Auth Tab strategy provider registered")
+    }
+
+    /**
+     * Returns true if Auth Tab is supported for the provided browser package.
+     */
+    fun isAuthTabSupported(context: Context, browserPackage: String): Boolean {
+        val current = registration ?: return false
+        return current.supportChecker(context, browserPackage)
+    }
+
+    /**
+     * Creates an Auth Tab browser launch strategy if registered.
+     */
+    fun createStrategy(
+        activity: FragmentActivity,
+        onResult: (Bundle) -> Unit
+    ): BrowserLaunchStrategy? {
+        val current = registration ?: return null
+        return current.strategyFactory(activity, onResult)
+    }
+
+    /**
+     * Returns true if an Auth Tab strategy factory has been registered.
+     */
+    fun isAvailable(): Boolean = registration != null
+
+    internal fun resetForTest() {
+        registration = null
+    }
+}

common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/BrowserLaunchStrategy.kt

@@ -0,0 +1,47 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.providers.oauth2
+
+/**
+ * Strategy contract for launching external browser authentication flows.
+ */
+interface BrowserLaunchStrategy {
+
+    /**
+     * Launches the browser using the strategy implementation.
+     */
+    fun launch()
+
+    /**
+     * Returns true if [SwitchBrowserActivity] should finish in [SwitchBrowserActivity.onResume]
+     * when the user returns after launch (for example, pressing back in the browser).
+     *
+     * Strategies that receive results through callbacks should return false.
+     */
+    fun handlesCancellationOnResume(): Boolean
+
+    /**
+     * Cleans up strategy resources.
+     */
+    fun cleanup()
+}

common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/CustomTabsLaunchStrategy.kt

@@ -0,0 +1,111 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.providers.oauth2
+
+import android.content.Intent
+import androidx.core.net.toUri
+import androidx.fragment.app.FragmentActivity
+import com.microsoft.identity.common.internal.ui.browser.CustomTabsManager
+import com.microsoft.identity.common.java.opentelemetry.AttributeName
+import com.microsoft.identity.common.java.opentelemetry.SpanExtension
+import com.microsoft.identity.common.logging.Logger
+
+/**
+ * Browser launch strategy that uses Custom Tabs when supported.
+ */
+class CustomTabsLaunchStrategy(
+    private val activity: FragmentActivity
+) : BrowserLaunchStrategy {
+
+    private val customTabsManager = CustomTabsManager(activity)
+
+    companion object {
+        private val TAG: String = CustomTabsLaunchStrategy::class.java.simpleName
+    }
+
+    override fun launch() {
+        val methodTag = "$TAG:launch"
+        val extras = activity.intent.extras
+        if (extras == null) {
+            finishWithError(
+                methodTag,
+                "Intent extras are missing - Cannot proceed with browser switch"
+            )
+            return
+        }
+        val browserPackageName = extras.getString(SwitchBrowserActivity.BROWSER_PACKAGE_NAME)
+        val browserSupportsCustomTabs = extras.getBoolean(SwitchBrowserActivity.BROWSER_SUPPORTS_CUSTOM_TABS, false)
+        val processUri = extras.getString(SwitchBrowserActivity.PROCESS_URI)
+
+        if (browserPackageName.isNullOrBlank()) {
+            finishWithError(methodTag, "No browser package name found in extras - Cannot proceed with browser switch")
+            return
+        }
+
+        if (processUri.isNullOrBlank()) {
+            finishWithError(methodTag, "No process URI found in extras - Cannot proceed with browser switch")
+            return
+        }
+
+        Logger.info(
+            methodTag,
+            "Launching switch browser request on browser: $browserPackageName, Custom Tabs supported: $browserSupportsCustomTabs"
+        )
+
+        val browserIntent: Intent
+        var isUsingCustomTabs = false
+        if (browserSupportsCustomTabs) {
+            Logger.info(methodTag, "CustomTabsService is supported.")
+            if (!customTabsManager.bind(activity, browserPackageName)) {
+                Logger.warn(methodTag, "Failed to bind CustomTabsService.")
+                browserIntent = Intent(Intent.ACTION_VIEW)
+            } else {
+                isUsingCustomTabs = true
+                browserIntent = customTabsManager.customTabsIntent.intent
+            }
+        } else {
+            Logger.warn(methodTag, "CustomTabsService is NOT supported")
+            browserIntent = Intent(Intent.ACTION_VIEW)
+            browserIntent.setPackage(browserPackageName)
+        }
+        SpanExtension.current().setAttribute(
+            AttributeName.auth_tab_fallback_to_custom_tabs.name,
+            isUsingCustomTabs
+        )
+
+
+        browserIntent.setData(processUri.toUri())
+        activity.startActivity(browserIntent)
+    }
+
+    override fun handlesCancellationOnResume(): Boolean = true
+
+    override fun cleanup() {
+        customTabsManager.unbind()
+    }
+
+    private fun finishWithError(methodTag: String, message: String) {
+        Logger.error(methodTag, message, null)
+        activity.finish()
+    }
+}