AzureAD
diff --git a/‎changelog.txt‎
Lines changed: 5 additions & 0 deletions b/‎changelog.txt‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎common/build.gradle‎
Lines changed: 1 addition & 1 deletion b/‎common/build.gradle‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/AuthTabStrategyProvider.kt‎
Lines changed: 94 additions & 0 deletions b/‎common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/AuthTabStrategyProvider.kt‎
Lines changed: 94 additions & 0 deletions
diff --git a/‎common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/BrowserLaunchStrategy.kt‎
Lines changed: 47 additions & 0 deletions b/‎common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/BrowserLaunchStrategy.kt‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/CustomTabsLaunchStrategy.kt‎
Lines changed: 111 additions & 0 deletions b/‎common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/CustomTabsLaunchStrategy.kt‎
Lines changed: 111 additions & 0 deletions
@@ -1,5 +1,10 @@
 vNext
 ----------
+- [PATCH] Emit ipc_strategy telemetry attribute for successful device registration IPC strategy and refactor execute flow to pack protocol request once before strategy retries (#3124)
+- [PATCH] Fix Edge browser selection on devices where Microsoft Edge is the default browser: add the rotated Edge signing certificate hash to the Edge BrowserDescriptor and accept multi-signer browsers when any signature intersects the safelist, instead of requiring strict set-equality (resolves MSAL #2414)
+- [MINOR] Refactor Auth Tab integration to use provider-based strategy selection. Adds AuthTabStrategyProvider and BrowserLaunchStrategy with Custom Tabs fallback. Compatible with androidx.browser:browser:1.7.0.
+- [MINOR] Wire onboarding telemetry hooks into AzureActiveDirectoryWebViewClient for page-transition step capture (broker install, MDM enrollment, Company Portal launch, MFA linking) and last-loaded-domain tracking (#3121)
+- [MINOR] Propagate the onboarding telemetry blob through the broker failure path: add BaseException.onboardingBlob and round-trip it through MsalBrokerResultAdapter so callers can emit onboarding telemetry on failure outcomes. Also add an MsalBrokerResultAdapter overload that accepts an onboarding blob on the success path so the broker can attach the finalized blob to the success result bundle (#3123)
 - [MINOR] Add provisionResourceAccountCredentials API to DeviceRegistrationClientApplication with V0 protocol params/response and add IPPhone to AppRegistry (#3086)
 - [PATCH] Extend filter-then-clone optimization to deleteAccessTokensWithIntersectingScopes and add telemetry attributes (#3114)
 - [PATCH] Wire ClientDataInfo through AcquireTokenResult, exceptions (#3109)
 
@@ -259,7 +259,7 @@ dependencies {
     testImplementation "junit:junit:$rootProject.ext.junitVersion"
     testImplementation "org.mockito:mockito-core:$rootProject.ext.mockitoCoreVersion"
     testImplementation "org.mockito.kotlin:mockito-kotlin:$rootProject.ext.mockitoKotlinVersion"
-    testImplementation "io.mockk:mockk:1.11.0"
+    testImplementation "io.mockk:mockk:1.13.10"
 
     testImplementation "org.powermock:powermock-module-junit4:$rootProject.ext.powerMockVersion"
     testImplementation "org.powermock:powermock-module-junit4-rule:$rootProject.ext.powerMockVersion"
 
@@ -0,0 +1,94 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.providers.oauth2
+
+import android.content.Context
+import android.os.Bundle
+import androidx.fragment.app.FragmentActivity
+import com.microsoft.identity.common.logging.Logger
+
+/**
+ * Registry for Auth Tab strategy integration provided by consumers outside Common.
+ *
+ * Common intentionally does not depend on browser 1.9.0 APIs, so external modules register
+ * support checks and strategy creation here.
+ */
+object AuthTabStrategyProvider {
+
+    /**
+     * Immutable holder so both callbacks are published atomically through a single
+     * volatile reference. This prevents readers from observing a half-registered
+     * state where, for example, [isAvailable] returns true while
+     * [isAuthTabSupported] still sees a null support checker.
+     */
+    private data class Registration(
+        val strategyFactory: (FragmentActivity, (Bundle) -> Unit) -> BrowserLaunchStrategy,
+        val supportChecker: (Context, String) -> Boolean
+    )
+
+    @Volatile
+    private var registration: Registration? = null
+
+    private val tag = AuthTabStrategyProvider::class.java.simpleName
+
+    /**
+     * Registers Auth Tab strategy creation and support checking callbacks.
+     *
+     * Both callbacks become visible to other threads atomically.
+     */
+    fun register(
+        factory: (FragmentActivity, (Bundle) -> Unit) -> BrowserLaunchStrategy,
+        isSupported: (Context, String) -> Boolean
+    ) {
+        registration = Registration(factory, isSupported)
+        Logger.info("$tag:register", "Auth Tab strategy provider registered")
+    }
+
+    /**
+     * Returns true if Auth Tab is supported for the provided browser package.
+     */
+    fun isAuthTabSupported(context: Context, browserPackage: String): Boolean {
+        val current = registration ?: return false
+        return current.supportChecker(context, browserPackage)
+    }
+
+    /**
+     * Creates an Auth Tab browser launch strategy if registered.
+     */
+    fun createStrategy(
+        activity: FragmentActivity,
+        onResult: (Bundle) -> Unit
+    ): BrowserLaunchStrategy? {
+        val current = registration ?: return null
+        return current.strategyFactory(activity, onResult)
+    }
+
+    /**
+     * Returns true if an Auth Tab strategy factory has been registered.
+     */
+    fun isAvailable(): Boolean = registration != null
+
+    internal fun resetForTest() {
+        registration = null
+    }
+}
@@ -0,0 +1,47 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.providers.oauth2
+
+/**
+ * Strategy contract for launching external browser authentication flows.
+ */
+interface BrowserLaunchStrategy {
+
+    /**
+     * Launches the browser using the strategy implementation.
+     */
+    fun launch()
+
+    /**
+     * Returns true if [SwitchBrowserActivity] should finish in [SwitchBrowserActivity.onResume]
+     * when the user returns after launch (for example, pressing back in the browser).
+     *
+     * Strategies that receive results through callbacks should return false.
+     */
+    fun handlesCancellationOnResume(): Boolean
+
+    /**
+     * Cleans up strategy resources.
+     */
+    fun cleanup()
+}
@@ -0,0 +1,111 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.providers.oauth2
+
+import android.content.Intent
+import androidx.core.net.toUri
+import androidx.fragment.app.FragmentActivity
+import com.microsoft.identity.common.internal.ui.browser.CustomTabsManager
+import com.microsoft.identity.common.java.opentelemetry.AttributeName
+import com.microsoft.identity.common.java.opentelemetry.SpanExtension
+import com.microsoft.identity.common.logging.Logger
+
+/**
+ * Browser launch strategy that uses Custom Tabs when supported.
+ */
+class CustomTabsLaunchStrategy(
+    private val activity: FragmentActivity
+) : BrowserLaunchStrategy {
+
+    private val customTabsManager = CustomTabsManager(activity)
+
+    companion object {
+        private val TAG: String = CustomTabsLaunchStrategy::class.java.simpleName
+    }
+
+    override fun launch() {
+        val methodTag = "$TAG:launch"
+        val extras = activity.intent.extras
+        if (extras == null) {
+            finishWithError(
+                methodTag,
+                "Intent extras are missing - Cannot proceed with browser switch"
+            )
+            return
+        }
+        val browserPackageName = extras.getString(SwitchBrowserActivity.BROWSER_PACKAGE_NAME)
+        val browserSupportsCustomTabs = extras.getBoolean(SwitchBrowserActivity.BROWSER_SUPPORTS_CUSTOM_TABS, false)
+        val processUri = extras.getString(SwitchBrowserActivity.PROCESS_URI)
+
+        if (browserPackageName.isNullOrBlank()) {
+            finishWithError(methodTag, "No browser package name found in extras - Cannot proceed with browser switch")
+            return
+        }
+
+        if (processUri.isNullOrBlank()) {
+            finishWithError(methodTag, "No process URI found in extras - Cannot proceed with browser switch")
+            return
+        }
+
+        Logger.info(
+            methodTag,
+            "Launching switch browser request on browser: $browserPackageName, Custom Tabs supported: $browserSupportsCustomTabs"
+        )
+
+        val browserIntent: Intent
+        var isUsingCustomTabs = false
+        if (browserSupportsCustomTabs) {
+            Logger.info(methodTag, "CustomTabsService is supported.")
+            if (!customTabsManager.bind(activity, browserPackageName)) {
+                Logger.warn(methodTag, "Failed to bind CustomTabsService.")
+                browserIntent = Intent(Intent.ACTION_VIEW)
+            } else {
+                isUsingCustomTabs = true
+                browserIntent = customTabsManager.customTabsIntent.intent
+            }
+        } else {
+            Logger.warn(methodTag, "CustomTabsService is NOT supported")
+            browserIntent = Intent(Intent.ACTION_VIEW)
+            browserIntent.setPackage(browserPackageName)
+        }
+        SpanExtension.current().setAttribute(
+            AttributeName.auth_tab_fallback_to_custom_tabs.name,
+            isUsingCustomTabs
+        )
+
+
+        browserIntent.setData(processUri.toUri())
+        activity.startActivity(browserIntent)
+    }
+
+    override fun handlesCancellationOnResume(): Boolean = true
+
+    override fun cleanup() {
+        customTabsManager.unbind()
+    }
+
+    private fun finishWithError(methodTag: String, message: String) {
+        Logger.error(methodTag, message, null)
+        activity.finish()
+    }
+}