Add additional step ID and blocking error constants for onboarding telemetry, Fixes AB#3462876 (#3117)

## Summary

Adds the remaining step ID and blocking error constants from the Mobile
Onboarding Telemetry design (section 9 Step Taxonomy) to
`OnboardingTelemetryConstants`. Pure additive - no behavior change, no
caller wiring in this PR.

Linked Feature:
[AB#3462876](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3462876)

## Why

PR #3088 shipped the recorder + the 5 step/blocking-error constants
OneAuth needed for non-brokered (`STEP_AUTHENTICATION_STARTED`,
`STEP_BROKER_INSTALL_PROMPTED`, `STEP_DEVICE_REGISTRATION_STARTED`,
`BLOCKING_ERROR_BROKER_INSTALL`, `BLOCKING_ERROR_MDM_FLOW`). The
remaining ~20 step IDs from the design will be needed by:

- The WebView hooks PR (follow-up) - emits `MDMEnrollmentStarted`,
`CompanyPortalLaunched`, `WebCpEnrollmentStarted`, etc. from
`AzureActiveDirectoryWebViewClient` URL-handler sites.
- Broker-side step emission (follow-up) - `AccountSelectionStarted`,
`InterruptFlowStarted`, `PrtAcquired`, `TokenIssued`, etc.
- OneAuth follow-ups for AM API + WebCP detection (Veena's request) -
needs `MDMEnrollmentStarted` constant.
- Termination steps - `UserCanceled`, `AuthorizationTimedOut`.

Landing the constants ahead of caller wiring lets downstream PRs
reference typed constants instead of hardcoded strings, and avoids a
chicken-and-egg sequencing problem.

## Constants added

Grouped by onboarding flow phase (matching design section 9):

- **Authentication / WebView**: `STEP_ACCOUNT_SELECTION_STARTED`,
`STEP_PASSKEY_AUTH_STARTED`, `STEP_CERT_BASED_AUTH_STARTED`
- **MFA / Strong Auth**: `STEP_STRONG_AUTH_SETUP_STARTED`,
`STEP_STRONG_AUTH_SETUP_COMPLETED`,
`STEP_AUTHENTICATOR_MFA_LINKING_STARTED`
- **CA Block & Remediation**: `STEP_CA_BLOCK_RECEIVED`,
`STEP_INTERRUPT_FLOW_STARTED`, `STEP_CONSENT_PROMPT_SHOWN`,
`STEP_TERMS_OF_USE_SHOWN`, `STEP_PASSWORD_RESET_REQUIRED`
- **Device Registration**: `STEP_DEVICE_REGISTRATION_UPGRADE_STARTED`
- **MDM Enrollment**: `STEP_MDM_ENROLLMENT_STARTED` (value
`MDMEnrollmentStarted`), `STEP_COMPANY_PORTAL_LAUNCHED`,
`STEP_WEB_CP_ENROLLMENT_STARTED`, `STEP_GOOGLE_ENROLLMENT_STARTED`
- **Intune App Protection**: `STEP_INTUNE_APP_PROTECTION_REQUIRED`
- **Compliance Remediation**: `STEP_COMPLIANCE_REMEDIATION_STARTED`,
`STEP_COMPLIANCE_REMEDIATION_COMPLETED`
- **Token Acquisition**: `STEP_PRT_ACQUIRED`, `STEP_TOKEN_ISSUED`
- **Termination**: `STEP_USER_CANCELED`, `STEP_AUTHORIZATION_TIMED_OUT`
- **Blocking error**: `BLOCKING_ERROR_DEVICE_REGISTRATION`
(`"DEVICE_REGISTRATION_REQUIRED"`)

All values are PascalCase (consistent with the existing `STEP_*`
constants and matching what eSTS/MATS expect for these enum-like step
values).

## Testing

- No new tests - pure constant additions; existing
`OnboardingTelemetryRecorderTest` and
`OnboardingSessionCorrelationStoreTest` continue to pass.
- Built locally; constants compile cleanly.

## Dependencies

- **Builds on**: PR #3088 (already merged) - extends
`OnboardingTelemetryConstants` added there.
- **Consumed by** (follow-up PRs):
- WebView page-tracking hooks (`AzureActiveDirectoryWebViewClient`
setter + emissions)
- Broker step emission (`BrokerSsoController`, `PrtController`, error
handler)
- OneAuth caller updates (AM API + WebCP detection per Veena's PR #3088
comment)
- **No breaking changes** - purely additive to the existing `object`.

Author: wzhipan

changelog.txt

@@ -2,6 +2,7 @@ vNext
 ----------
 - [PATCH] Extend filter-then-clone optimization to deleteAccessTokensWithIntersectingScopes and add telemetry attributes (#3114)
 - [PATCH] Wire ClientDataInfo through AcquireTokenResult, exceptions (#3109)
+- [MINOR] Add additional step ID and blocking error constants for full onboarding telemetry coverage (#3117)
 - [PATCH] Handle app_link Intent redirection by validating broker install links and rejecting unsupported redirect URIs with appropriate error responses (#3102)
 - [MINOR] Add onboarding telemetry blob fields to BrokerRequest/BrokerResult and command parameters for client↔broker IPC transport (#3111)
 - [PATCH] Extend filter-then-clone optimization to load() and getIdTokensForAccountRecord() in MsalOAuth2TokenCache: when ENABLE_FILTER_THEN_CLONE_IN_MEMORY_CACHE flight is enabled, skip clone-all preload and call direct flight-gated overloads that clone only matching credentials; add new getCredentialsFilteredBy overload with kid support (#3100)

common4j/src/main/com/microsoft/identity/common/java/telemetry/OnboardingTelemetryConstants.kt

@@ -39,17 +39,64 @@ object OnboardingTelemetryConstants {
 
     // Step ID values not used in C++ aggregation (no derived duration metric computed from these)
     const val STEP_AUTHENTICATION_STARTED = "AuthenticationStarted"
+    const val STEP_ACCOUNT_SELECTION_STARTED = "AccountSelectionStarted"
     const val STEP_CREDENTIAL_ENTRY_COMPLETED = "CredentialEntryCompleted"
+    const val STEP_PASSKEY_AUTH_STARTED = "PasskeyAuthStarted"
+    const val STEP_CERT_BASED_AUTH_STARTED = "CertBasedAuthStarted"
+
+    // MFA / Strong Auth Setup
+    const val STEP_STRONG_AUTH_SETUP_STARTED = "StrongAuthSetupStarted"
+    const val STEP_STRONG_AUTH_SETUP_COMPLETED = "StrongAuthSetupCompleted"
+    const val STEP_AUTHENTICATOR_MFA_LINKING_STARTED = "AuthenticatorMfaLinkingStarted"
+
+    // Conditional Access Block & Remediation
+    const val STEP_CA_BLOCK_RECEIVED = "CABlockReceived"
+    const val STEP_INTERRUPT_FLOW_STARTED = "InterruptFlowStarted"
+    const val STEP_CONSENT_PROMPT_SHOWN = "ConsentPromptShown"
+    const val STEP_TERMS_OF_USE_SHOWN = "TermsOfUseShown"
+    const val STEP_PASSWORD_RESET_REQUIRED = "PasswordResetRequired"
+
+    // Broker Installation
     const val STEP_BROKER_INSTALL_PROMPTED = "BrokerInstallPrompted"
     const val STEP_BROKER_INSTALL_PROMPTED_FOR_MDM = "BrokerInstallPromptedForMDM"
+
+    // Device Registration (WPJ)
     const val STEP_DEVICE_REGISTRATION_STARTED = "DeviceRegistrationStarted"
     const val STEP_DEVICE_REGISTRATION_COMPLETED = "DeviceRegistrationCompleted"
+    const val STEP_DEVICE_REGISTRATION_UPGRADE_STARTED = "DeviceRegistrationUpgradeStarted"
+
+    // MDM Enrollment (PP → WP transition)
+    const val STEP_MDM_ENROLLMENT_STARTED = "MDMEnrollmentStarted"
+    const val STEP_COMPANY_PORTAL_LAUNCHED = "CompanyPortalLaunched"
+    const val STEP_WEB_CP_ENROLLMENT_STARTED = "WebCpEnrollmentStarted"
+    const val STEP_GOOGLE_ENROLLMENT_STARTED = "GoogleEnrollmentStarted"
+
+    // Intune App Protection (MAM)
+    const val STEP_INTUNE_APP_PROTECTION_REQUIRED = "IntuneAppProtectionRequired"
+
+    // Compliance Remediation
+    const val STEP_COMPLIANCE_REMEDIATION_STARTED = "ComplianceRemediationStarted"
+    const val STEP_COMPLIANCE_REMEDIATION_COMPLETED = "ComplianceRemediationCompleted"
+
+    // Token Acquisition & Completion
+    const val STEP_PRT_ACQUIRED = "PrtAcquired"
+    const val STEP_TOKEN_ISSUED = "TokenIssued"
     const val STEP_FLOW_COMPLETED = "FlowCompleted"
 
+    // Termination (Non-Success)
+    const val STEP_USER_CANCELED = "UserCanceled"
+    const val STEP_AUTHORIZATION_TIMED_OUT = "AuthorizationTimedOut"
+
     // Blocking error values — must match C++ hardcoded strings in InteractiveRequest.cpp
     const val BLOCKING_ERROR_BROKER_INSTALL = "BROKER_INSTALLATION_TRIGGERED"
     const val BLOCKING_ERROR_MDM_FLOW = "MDM_FLOW"
 
+    // Device-registration blocking errors — one per BrokerExceptionClassifier.Category
+    // (see broker4j BrokerExceptionClassifier + InteractiveRequestAcquireTokenErrorHandler).
+    const val BLOCKING_ERROR_DEVICE_REGISTRATION_NEEDED = "DEVICE_REGISTRATION_NEEDED"
+    const val BLOCKING_ERROR_STRONG_DEVICE_REGISTRATION_NEEDED = "STRONG_DEVICE_REGISTRATION_NEEDED"
+    const val BLOCKING_ERROR_INSUFFICIENT_DEVICE_REGISTRATION = "INSUFFICIENT_DEVICE_REGISTRATION"
+
     // Platform-specific values
     const val PROFILE_USER = "userProfile"
     const val PROFILE_WORK = "workProfile"