temp build for ToU

somalaya · somalaya · commit c8dbb0f439c2 · 2026-02-26T17:12:53.000-08:00
diff --git a/common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/AuthorizationFragment.java b/common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/AuthorizationFragment.java
@@ -229,6 +229,11 @@ void sendResult(@NonNull final RawAuthorizationResult result) {
         // Track the final result code we got for this authorization flow
         mFinalResultCode = result.getResultCode();
 
+        // Log the URL load tracker for debugging WebView navigation issues
+        if (!mUrlStatusTracker.isEmpty()) {
+            Logger.info(methodTag, "URL Load Tracker (" + mUrlStatusTracker.size() + " entries): " + mUrlStatusTracker);
+        }
+
         final PropertyBag propertyBag = RawAuthorizationResult.toPropertyBag(result);
         propertyBag.put(REQUEST_CODE, BROWSER_FLOW);
 
@@ -335,10 +340,6 @@ private static String sanitizeUrl(final String url) {
                         host.endsWith(AuthenticationConstants.Broker.AAD_CHINA_URL_HOST_SUFFIX) ||
                         host.endsWith(AuthenticationConstants.Broker.MSA_URL_HOST_SUFFIX);
 
-                if (!isAllowedHost) {
-                    return "[REDACTED]";
-                }
-
                 // Build sanitized URL: scheme + host + path only (no query params or fragments)
                 final StringBuilder sanitizedUrl = new StringBuilder();
                 final String scheme = uri.getScheme();
diff --git a/common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/WebViewAuthorizationFragment.java b/common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/WebViewAuthorizationFragment.java
@@ -44,6 +44,7 @@
 import android.view.MotionEvent;
 import android.view.View;
 import android.view.ViewGroup;
+import android.webkit.ConsoleMessage;
 import android.webkit.PermissionRequest;
 import android.webkit.WebChromeClient;
 import android.webkit.WebSettings;
@@ -354,6 +355,10 @@ public boolean onTouch(final View view, final MotionEvent event) {
         mWebView.getSettings().setSupportZoom(webViewZoomEnabled);
         mWebView.setVisibility(View.INVISIBLE);
         mWebView.setWebViewClient(webViewClient);
+        // Allow mixed content (HTTPS pages loading HTTP sub-resources) for compatibility
+        // with ToU/MFA pages that may load resources over HTTP.
+        mWebView.getSettings().setMixedContentMode(WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE);
+
         mWebView.setWebChromeClient(new WebChromeClient() {
             @Override
             public void onPermissionRequest(final PermissionRequest request) {
@@ -367,6 +372,23 @@ public void onPermissionRequest(final PermissionRequest request) {
                 });
             }
 
+            @Override
+            public boolean onConsoleMessage(final ConsoleMessage consoleMessage) {
+                // Log JS console messages to help debug WebView rendering issues (e.g., ToU blank screen)
+                final String level = consoleMessage.messageLevel().name();
+                final String msg = "JS Console [" + level + "]: " + consoleMessage.message()
+                        + " (source: " + consoleMessage.sourceId()
+                        + ", line: " + consoleMessage.lineNumber() + ")";
+                if (consoleMessage.messageLevel() == ConsoleMessage.MessageLevel.ERROR) {
+                    Logger.error(methodTag, msg, null);
+                } else if (consoleMessage.messageLevel() == ConsoleMessage.MessageLevel.WARNING) {
+                    Logger.warn(methodTag, msg);
+                } else {
+                    Logger.info(methodTag, msg);
+                }
+                return true;
+            }
+
             @Override
             public Bitmap getDefaultVideoPoster() {
                 // When not playing, video elements are represented by a 'poster' image.
diff --git a/common/src/main/java/com/microsoft/identity/common/internal/ui/webview/AzureActiveDirectoryWebViewClient.java b/common/src/main/java/com/microsoft/identity/common/internal/ui/webview/AzureActiveDirectoryWebViewClient.java
@@ -202,6 +202,11 @@ public void onPageFinished(final WebView view,
                                final String url) {
         super.onPageFinished(view, url);
 
+        // Track page load completion
+        if (mUrlLoadTracker != null) {
+            mUrlLoadTracker.updateLatestUrlStatus("PAGE_FINISHED", null);
+        }
+
         if (mAuthUxJavaScriptInterfaceAdded) {
             // Add a function to the api. Must do this to first stringify the dict object, as Android @JavaScriptInterface does not support
             // passing dict objects through Javascript APIs, only Strings and primitive types. Server side will be sending message in a dict
