Add provisionResourceAccountCredentials API to Common's DRCA, Fixes AB#3450074 (#3086)

## Summary

Adds the `provisionResourceAccountCredentials` IPC API to
`DeviceRegistrationClientApplication` (DRCA) enabling OneAuth consumers
to provision resource account credentials via the broker. Also adds
Teams IP Phone (Sakurai) app entries to `AppRegistry`.

## Changes

### New API: `provisionResourceAccountCredentials`
- Added `provisionResourceAccountCredentials(tenantId, raObjectId,
correlationId, sdkType, sdkVersion)` to
`DeviceRegistrationClientApplication`
- `sdkType` (`SdkType`) and `sdkVersion` (`String`) are required
parameters
- Returns an `AccountRecord` for the provisioned resource account

### Protocol Files
- Added `ProvisionResourceAccountCredentialsV0Parameters` — V0 wire
params (correlationId, tenantId, raObjectId, sdkType, sdkVersion)
- Added `ProvisionResourceAccountCredentialsV0Response` — V0 wire
response carrying `AccountRecord`
- Renamed protocol constant to
`PROVISION_RESOURCE_ACCOUNT_CREDENTIALS_V0`

### AppRegistry
- Added `IPPHONE_PROD` and `IPPHONE_DEBUG` entries for Teams IP Phone
(Sakurai) devices using existing constants from
`AuthenticationConstants`

### Tests
- Added `provisionResourceAccountCredentials_returnsAccountRecord` unit
test to `DeviceRegistrationClientApplicationTest`

## Files Changed
| File | Change |
|------|--------|
| `DeviceRegistrationClientApplication.kt` | New
`provisionResourceAccountCredentials` method |
| `ProvisionResourceAccountCredentialsV0Parameters.java` | New V0
protocol params (Java + Lombok) |
| `ProvisionResourceAccountCredentialsV0Response.java` | New V0 protocol
response (Java + Lombok) |
| `DeviceRegistrationProtocolConstants.java` | Renamed constant |
| `AppRegistry.kt` | Added IPPhone entries |
| `DeviceRegistrationClientApplicationTest.kt` | New unit test |
| `changelog.txt` | Added vNext entry |

## Companion PR
- **Broker**:
https://github.com/identity-authnz-teams/ad-accounts-for-android/pull/153

## Work Item
Fixes
[AB#3450074](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3450074)

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mohitc1 <22034758+mohitc1@users.noreply.github.com>

Author: 3 people

changelog.txt

@@ -1,5 +1,6 @@
 vNext
 ----------
+- [MINOR] Add provisionResourceAccountCredentials API to DeviceRegistrationClientApplication with V0 protocol params/response and add IPPhone to AppRegistry (#3086)
 - [PATCH] Extend filter-then-clone optimization to deleteAccessTokensWithIntersectingScopes and add telemetry attributes (#3114)
 - [PATCH] Wire ClientDataInfo through AcquireTokenResult, exceptions (#3109)
 - [MINOR] Add additional step ID and blocking error constants for full onboarding telemetry coverage (#3117)

common/src/main/java/com/microsoft/identity/common/internal/apps/AppRegistry.kt

@@ -29,6 +29,9 @@ import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broke
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.INTUNE_APP_PACKAGE_NAME
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.INTUNE_APP_SHA512_DEBUG_SIGNATURE
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.INTUNE_APP_SHA512_RELEASE_SIGNATURE
+import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.IPPHONE_APP_PACKAGE_NAME
+import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.IPPHONE_APP_SHA512_DEBUG_SIGNATURE
+import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.IPPHONE_APP_SHA512_RELEASE_SIGNATURE
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.ONE_AUTH_TEST_APP_SIGNATURE
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.SHARED_EDGE_SIGNATURE
 import com.microsoft.identity.common.internal.broker.BrokerData
@@ -112,6 +115,18 @@ object AppRegistry {
         signingCertificateThumbprint = INTUNE_APP_SHA512_DEBUG_SIGNATURE
     )
 
+    val TEAMS_IPPHONE_PROD = App(
+        nickName = "Teams IP Phone - Teams Devices (prod)",
+        packageName = IPPHONE_APP_PACKAGE_NAME,
+        signingCertificateThumbprint = IPPHONE_APP_SHA512_RELEASE_SIGNATURE
+    )
+
+    val TEAMS_IPPHONE_DEBUG = App(
+        nickName = "Teams IP Phone - Teams Devices (debug)",
+        packageName = IPPHONE_APP_PACKAGE_NAME,
+        signingCertificateThumbprint = IPPHONE_APP_SHA512_DEBUG_SIGNATURE
+    )
+
     val MSAL_TEST_APP = App(
         nickName = "MSAL Test App",
         packageName = "com.msft.identity.client.sample.local",
@@ -145,12 +160,14 @@ object AppRegistry {
         add(BrokerData.prodCompanyPortal)
         add(INTUNE_CE_PROD)
         add(INTUNE_AOSP_AGENT_PROD)
+        add(TEAMS_IPPHONE_PROD)
         if (BrokerData.getShouldTrustDebugBrokers()) {
             add(INTUNE_AOSP_AGENT_DEBUG)
             add(BrokerData.debugBrokerHost)
             add(BrokerData.debugMicrosoftAuthenticator)
             add(BrokerData.debugCompanyPortal)
             add(INTUNE_CE_DEBUG)
+            add(TEAMS_IPPHONE_DEBUG)
         }
     }
 

common/src/main/java/com/microsoft/identity/deviceregistration/api/DeviceRegistrationClientApplication.kt

@@ -52,6 +52,7 @@ import com.microsoft.identity.deviceregistration.java.protocol.parameters.GetIns
 import com.microsoft.identity.deviceregistration.java.protocol.parameters.GetRegistrationStateV0Parameters
 import com.microsoft.identity.deviceregistration.java.protocol.parameters.InstallCertificateSilentlyV0Parameters
 import com.microsoft.identity.deviceregistration.java.protocol.parameters.PreProvisionedBlobV0Parameters
+import com.microsoft.identity.deviceregistration.java.protocol.parameters.ProvisionResourceAccountCredentialsV0Parameters
 import com.microsoft.identity.deviceregistration.java.protocol.parameters.UnregisterDeviceV0Parameters
 import com.microsoft.identity.deviceregistration.java.protocol.response.DeviceRegistrationPreAuthorizedV0Response
 import com.microsoft.identity.deviceregistration.java.protocol.response.DeviceRegistrationWithTokensV0Response
@@ -62,6 +63,9 @@ import com.microsoft.identity.deviceregistration.java.protocol.response.GetInsta
 import com.microsoft.identity.deviceregistration.java.protocol.response.GetRegistrationStateV0Response
 import com.microsoft.identity.deviceregistration.java.protocol.response.InstallCertificateSilentlyV0Response
 import com.microsoft.identity.deviceregistration.java.protocol.response.PreProvisionedBlobV0Response
+import com.microsoft.identity.deviceregistration.java.protocol.response.ProvisionResourceAccountCredentialsV0Response
+import com.microsoft.identity.common.java.dto.AccountRecord
+import com.microsoft.identity.common.java.request.SdkType
 import java.util.UUID
 
 /**
@@ -89,7 +93,7 @@ class DeviceRegistrationClientApplication {
         mController = buildController(
             context,
             components,
-            BrokerDiscoveryClientFactory.Companion.getInstanceForClientSdk(context, components),
+            BrokerDiscoveryClientFactory.getInstanceForClientSdk(context, components),
             DeviceRegistrationIpcStrategiesProvider()
         )
     }
@@ -121,7 +125,7 @@ class DeviceRegistrationClientApplication {
         ): AndroidDeviceRegistrationClientController {
             val cacheUpdater = ActiveBrokerCacheUpdater(
                 context,
-                ClientActiveBrokerCache.Companion.getBrokerSdkCache(components.storageSupplier)
+                ClientActiveBrokerCache.getBrokerSdkCache(components.storageSupplier)
             )
             return AndroidDeviceRegistrationClientController(
                 context,
@@ -432,4 +436,36 @@ class DeviceRegistrationClientApplication {
         return GetDeviceRegistrationRecordV0Response.create(responseSerialized)
             .deviceRegistrationRecord
     }
+
+    /**
+     * Provisions resource account credentials for the specified tenant and resource account object ID.
+     *
+     * @param tenantId             tenant ID for the resource account.
+     * @param raObjectId           resource account object ID (user ID in home tenant).
+     * @param correlationId        correlation ID for request tracing.
+     * @param sdkType              SDK type of the caller (required).
+     * @param sdkVersion           SDK version of the caller (required).
+     * @param drsDiscoveryEndpoint discovery endpoint name. Default is "PROD".
+     * @return [AccountRecord] representing the provisioned resource account credentials.
+     */
+    @JvmOverloads
+    @Throws(BaseException::class)
+    fun provisionResourceAccountCredentials(
+        tenantId: String,
+        raObjectId: String,
+        correlationId: UUID,
+        sdkType: SdkType,
+        sdkVersion: String,
+        drsDiscoveryEndpoint: DrsDiscoveryEndpoint = DrsDiscoveryEndpoint.PROD
+    ): AccountRecord {
+        val methodTag = "$TAG:provisionResourceAccountCredentials"
+        Logger.info(methodTag, "ProvisionResourceAccountCredentials started. CorrelationId: $correlationId")
+        val responseSerialized = mController.execute(
+            ProvisionResourceAccountCredentialsV0Parameters(correlationId, tenantId, raObjectId, sdkType.name, sdkVersion, drsDiscoveryEndpoint.name)
+        )
+        val response = ProvisionResourceAccountCredentialsV0Response.create(responseSerialized)
+        val result = response.accountRecord
+        Logger.info(methodTag, "ProvisionResourceAccountCredentials ended successfully.")
+        return result
+    }
 }

common/src/test/java/com/microsoft/identity/deviceregistration/api/DeviceRegistrationClientApplicationTest.kt

@@ -41,6 +41,10 @@ import com.microsoft.identity.deviceregistration.java.protocol.response.GetDevic
 import com.microsoft.identity.deviceregistration.java.protocol.response.GetDeviceRegistrationRecordsV0Response
 import com.microsoft.identity.deviceregistration.java.protocol.response.GetRegistrationStateV0Response
 import com.microsoft.identity.deviceregistration.java.protocol.response.PreProvisionedBlobV0Response
+import com.microsoft.identity.deviceregistration.java.protocol.parameters.ProvisionResourceAccountCredentialsV0Parameters
+import com.microsoft.identity.deviceregistration.java.protocol.response.ProvisionResourceAccountCredentialsV0Response
+import com.microsoft.identity.common.java.dto.AccountRecord
+import com.microsoft.identity.common.java.request.SdkType
 import org.junit.Assert
 import org.junit.Before
 import org.junit.Test
@@ -197,4 +201,50 @@ class DeviceRegistrationClientApplicationTest {
         drca.getPreProvisionedBlob("test-tenant", correlationId)
         // If we get here without exception, the correlationId was accepted and the flow completed
     }
+
+    @Test
+    fun provisionResourceAccountCredentials_returnsAccountRecord() {
+        val accountRecord = AccountRecord()
+        accountRecord.homeAccountId = "uid.utid"
+        accountRecord.localAccountId = "uid"
+        accountRecord.username = "ra@test.com"
+        accountRecord.environment = "login.microsoftonline.com"
+        accountRecord.realm = "utid"
+        val response = ProvisionResourceAccountCredentialsV0Response(UUID.randomUUID(), accountRecord)
+        val drca = createDrca(successStrategy(packer.pack(response)))
+
+        val result = drca.provisionResourceAccountCredentials("utid", "uid", UUID.randomUUID(), SdkType.MSAL, "1.0.0")
+
+        Assert.assertNotNull(result)
+        Assert.assertEquals("uid.utid", result.homeAccountId)
+        Assert.assertEquals("uid", result.localAccountId)
+        Assert.assertEquals("ra@test.com", result.username)
+        Assert.assertEquals("login.microsoftonline.com", result.environment)
+        Assert.assertEquals("utid", result.realm)
+    }
+
+    @Test
+    fun provisionResourceAccountCredentials_passesParamsToIpc() {
+        val correlationId = UUID.randomUUID()
+        val accountRecord = AccountRecord()
+        val response = ProvisionResourceAccountCredentialsV0Response(UUID.randomUUID(), accountRecord)
+        val strategy: IIpcStrategy = mock()
+        whenever(strategy.getType()).thenReturn(IIpcStrategy.Type.CONTENT_PROVIDER)
+        whenever(strategy.communicateToBroker(any())).thenAnswer { invocation ->
+            val bundle = (invocation.arguments[0] as BrokerOperationBundle).bundle
+            val protocolData = bundle?.getByteArray("protocol.data")
+            Assert.assertNotNull(protocolData)
+            val parameters = ProvisionResourceAccountCredentialsV0Parameters.create(protocolData)
+            Assert.assertEquals(correlationId, parameters.correlationId)
+            Assert.assertEquals("test-tenant", parameters.tenantId)
+            Assert.assertEquals("test-ra-oid", parameters.raObjectId)
+            Assert.assertEquals("MSAL", parameters.sdkType)
+            Assert.assertEquals("1.0.0", parameters.sdkVersion)
+            Assert.assertEquals("PROD", parameters.drsDiscoveryEndpoint)
+            packer.pack(response)
+        }
+
+        val drca = createDrca(strategy)
+        drca.provisionResourceAccountCredentials("test-tenant", "test-ra-oid", correlationId, SdkType.MSAL, "1.0.0")
+    }
 }

common4j/src/main/com/microsoft/identity/deviceregistration/java/protocol/DeviceRegistrationProtocolConstants.java

@@ -36,5 +36,5 @@ public final class DeviceRegistrationProtocolConstants {
     public static final String UNREGISTER_DEVICE_V0 = "protocol.unregister.v0";
     public static final String INSTALL_CERTIFICATE_SILENTLY_V0 = "protocol.install.certificate.silently.v0";
     public static final String GET_DEVICE_REGISTRATION_RECORD_VO = "get.device.registration.record.v0";
-    public static final String PROVISION_RESOURCE_ACCOUNT_V0 = "protocol.provision.resource.account.v0";
+    public static final String PROVISION_RESOURCE_ACCOUNT_CREDENTIALS_V0 = "protocol.provision.resource.account.credentials.v0";
 }

…rovisionResourceAccountV0Parameters.java …ourceAccountCredentialsV0Parameters.javacommon4j/src/main/com/microsoft/identity/deviceregistration/java/protocol/parameters/ProvisionResourceAccountV0Parameters.java renamed to common4j/src/main/com/microsoft/identity/deviceregistration/java/protocol/parameters/ProvisionResourceAccountCredentialsV0Parameters.java common4j/src/main/com/microsoft/identity/deviceregistration/java/protocol/parameters/ProvisionResourceAccountV0Parameters.java renamed to common4j/src/main/com/microsoft/identity/deviceregistration/java/protocol/parameters/ProvisionResourceAccountCredentialsV0Parameters.java

@@ -22,42 +22,48 @@
 // THE SOFTWARE.
 package com.microsoft.identity.deviceregistration.java.protocol.parameters;
 
+import com.microsoft.identity.common.java.exception.ClientException;
 import com.microsoft.identity.deviceregistration.java.protocol.DeviceRegistrationProtocolConstants;
+import com.microsoft.identity.deviceregistration.java.protocol.packer.DeviceRegistrationProtocolMoshiSerializer;
+import com.microsoft.identity.deviceregistration.java.protocol.packer.IDeviceRegistrationProtocolSerializer;
 
 import java.util.UUID;
 
+import edu.umd.cs.findbugs.annotations.Nullable;
 import lombok.Getter;
 import lombok.NonNull;
 import lombok.experimental.Accessors;
 
-import com.microsoft.identity.deviceregistration.java.protocol.packer.DeviceRegistrationProtocolMoshiSerializer;
-import com.microsoft.identity.deviceregistration.java.protocol.packer.IDeviceRegistrationProtocolSerializer;
-import com.microsoft.identity.common.java.exception.ClientException;
-
 /**
- * Implements a protocol parameters for provisioning a resource account.
+ * Implements protocol parameters for provisioning resource account credentials.
  */
 @Accessors(prefix = "m")
-public class ProvisionResourceAccountV0Parameters extends AbstractDeviceRegistrationProtocolParameters {
+public class ProvisionResourceAccountCredentialsV0Parameters extends AbstractDeviceRegistrationProtocolParameters {
 
-    private static final IDeviceRegistrationProtocolSerializer<ProvisionResourceAccountV0Parameters> serializer
-            = new DeviceRegistrationProtocolMoshiSerializer<>(ProvisionResourceAccountV0Parameters.class);
+    private static final IDeviceRegistrationProtocolSerializer<ProvisionResourceAccountCredentialsV0Parameters> serializer
+            = new DeviceRegistrationProtocolMoshiSerializer<>(ProvisionResourceAccountCredentialsV0Parameters.class);
 
     /**
      * Creates a protocol object from a byte array (serialized protocol).
      *
      * @param serializedData protocol data serialized
      */
-    public static ProvisionResourceAccountV0Parameters create(final byte[] serializedData) throws ClientException {
+    public static ProvisionResourceAccountCredentialsV0Parameters create(final byte[] serializedData) throws ClientException {
         return serializer.deserialize(serializedData);
     }
 
-    public ProvisionResourceAccountV0Parameters(@NonNull final UUID correlationId,
-                                                @NonNull final String tenantId,
-                                                @NonNull final String raObjectId) {
+    public ProvisionResourceAccountCredentialsV0Parameters(@NonNull final UUID correlationId,
+                                                           @NonNull final String tenantId,
+                                                           @NonNull final String raObjectId,
+                                                           @Nullable final String sdkType,
+                                                           @Nullable final String sdkVersion,
+                                                           @Nullable final String drsDiscoveryEndpoint) {
         super(correlationId);
         mTenantId = tenantId;
         mRaObjectId = raObjectId;
+        mSdkType = sdkType;
+        mSdkVersion = sdkVersion;
+        mDrsDiscoveryEndpoint = drsDiscoveryEndpoint;
     }
 
     @Getter
@@ -68,10 +74,22 @@ public ProvisionResourceAccountV0Parameters(@NonNull final UUID correlationId,
     @NonNull
     private final String mRaObjectId;
 
+    @Getter
+    @Nullable
+    private final String mSdkType;
+
+    @Getter
+    @Nullable
+    private final String mSdkVersion;
+
+    @Getter
+    @Nullable
+    private final String mDrsDiscoveryEndpoint;
+
     @Override
     @NonNull
     public String getProtocolName() {
-        return DeviceRegistrationProtocolConstants.PROVISION_RESOURCE_ACCOUNT_V0;
+        return DeviceRegistrationProtocolConstants.PROVISION_RESOURCE_ACCOUNT_CREDENTIALS_V0;
     }
 
     /**

…/ProvisionResourceAccountV0Response.java …esourceAccountCredentialsV0Response.javacommon4j/src/main/com/microsoft/identity/deviceregistration/java/protocol/response/ProvisionResourceAccountV0Response.java renamed to common4j/src/main/com/microsoft/identity/deviceregistration/java/protocol/response/ProvisionResourceAccountCredentialsV0Response.java common4j/src/main/com/microsoft/identity/deviceregistration/java/protocol/response/ProvisionResourceAccountV0Response.java renamed to common4j/src/main/com/microsoft/identity/deviceregistration/java/protocol/response/ProvisionResourceAccountCredentialsV0Response.java

@@ -22,53 +22,56 @@
 // THE SOFTWARE.
 package com.microsoft.identity.deviceregistration.java.protocol.response;
 
+import com.microsoft.identity.common.java.dto.AccountRecord;
+import com.microsoft.identity.common.java.exception.ClientException;
 import com.microsoft.identity.deviceregistration.java.protocol.DeviceRegistrationProtocolConstants;
+import com.microsoft.identity.deviceregistration.java.protocol.packer.DeviceRegistrationProtocolMoshiSerializer;
+import com.microsoft.identity.deviceregistration.java.protocol.packer.IDeviceRegistrationProtocolSerializer;
 
 import java.util.UUID;
 
 import lombok.Getter;
 import lombok.NonNull;
 import lombok.experimental.Accessors;
 
-import com.microsoft.identity.deviceregistration.java.protocol.packer.DeviceRegistrationProtocolMoshiSerializer;
-import com.microsoft.identity.deviceregistration.java.protocol.packer.IDeviceRegistrationProtocolSerializer;
-import com.microsoft.identity.common.java.exception.ClientException;
-
+/**
+ * Response for the provision resource account credentials protocol.
+ */
 @Accessors(prefix = "m")
-public class ProvisionResourceAccountV0Response extends AbstractDeviceRegistrationProtocolResponse {
+public class ProvisionResourceAccountCredentialsV0Response extends AbstractDeviceRegistrationProtocolResponse {
 
-    private static final IDeviceRegistrationProtocolSerializer<ProvisionResourceAccountV0Response> serializer
-            = new DeviceRegistrationProtocolMoshiSerializer<>(ProvisionResourceAccountV0Response.class);
+    private static final IDeviceRegistrationProtocolSerializer<ProvisionResourceAccountCredentialsV0Response> serializer
+            = new DeviceRegistrationProtocolMoshiSerializer<>(ProvisionResourceAccountCredentialsV0Response.class);
 
     /**
      * Creates a protocol object from a byte array (serialized protocol).
      *
      * @param serializedData protocol data serialized
      */
-    public static ProvisionResourceAccountV0Response create(final byte[] serializedData) throws ClientException {
+    public static ProvisionResourceAccountCredentialsV0Response create(final byte[] serializedData) throws ClientException {
         return serializer.deserialize(serializedData);
     }
 
-    public ProvisionResourceAccountV0Response(@NonNull final UUID correlationId,
-                                              @NonNull final String result) {
+    public ProvisionResourceAccountCredentialsV0Response(@NonNull final UUID correlationId,
+                                                         @NonNull final AccountRecord accountRecord) {
         super(correlationId);
-        mResult = result;
+        mAccountRecord = accountRecord;
     }
 
     @Getter
     @NonNull
-    private final String mResult;
+    private final AccountRecord mAccountRecord;
 
     /**
      * Returns the name of the protocol.
      */
     @Override
     public String getProtocolName() {
-        return DeviceRegistrationProtocolConstants.PROVISION_RESOURCE_ACCOUNT_V0;
+        return DeviceRegistrationProtocolConstants.PROVISION_RESOURCE_ACCOUNT_CREDENTIALS_V0;
     }
 
     /**
-     * return the serialized the protocol.
+     * Serialization is handled by the packer layer.
      */
     @Override
     public byte[] serialize() {