Merge branch 'dev' into rapong/revert

Author: rpdome

changelog.txt

@@ -1,5 +1,6 @@
 vNext
 ----------
+- [MINOR] Add telemetry for the switch browser protocol (#2612)
 
 Version 21.0.0
 ----------
@@ -11,6 +12,7 @@ Version 21.0.0
 - [PATCH] Track MAM flow in telemetry (#2608)
 - [PATCH] Fix multiple prompts issue in cross cloud request (#2599)
 - [PATCH] Corrected error handling in cross cloud scenario (#2602)
+- [MINOR] Native auth: Add claimsRequest also to getAccessToken and signIn after signUp/SSPR flows (#2622)
 
 Version 20.1.1
 ----------

common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/WebViewAuthorizationFragment.java

@@ -85,6 +85,8 @@
 import static com.microsoft.identity.common.java.AuthenticationConstants.SdkPlatformFields.PRODUCT;
 import static com.microsoft.identity.common.java.AuthenticationConstants.SdkPlatformFields.VERSION;
 
+import io.opentelemetry.api.trace.SpanContext;
+
 /**
  * Authorization fragment with embedded webview.
  */
@@ -536,7 +538,8 @@ public void setPKeyAuthStatus(final boolean status) {
 
     private SwitchBrowserProtocolCoordinator getSwitchBrowserCoordinator() {
         if (mSwitchBrowserProtocolCoordinator == null) {
-            mSwitchBrowserProtocolCoordinator = new SwitchBrowserProtocolCoordinator(requireActivity());
+            final SpanContext spanContext = requireActivity() instanceof AuthorizationActivity ? ((AuthorizationActivity) requireActivity()).getSpanContext() : null;
+            mSwitchBrowserProtocolCoordinator = new SwitchBrowserProtocolCoordinator(requireActivity(), spanContext);
         }
         return mSwitchBrowserProtocolCoordinator;
     }

common/src/main/java/com/microsoft/identity/common/internal/ui/webview/challengehandlers/SwitchBrowserRequestHandler.kt

@@ -31,8 +31,15 @@ import com.microsoft.identity.common.internal.ui.browser.CustomTabsManager
 import com.microsoft.identity.common.internal.ui.webview.switchbrowser.SwitchBrowserUriHelper.isSwitchBrowserRedirectUrl
 import com.microsoft.identity.common.java.browser.IBrowserSelector
 import com.microsoft.identity.common.java.exception.ClientException
+import com.microsoft.identity.common.java.opentelemetry.AttributeName
+import com.microsoft.identity.common.java.opentelemetry.OTelUtility
+import com.microsoft.identity.common.java.opentelemetry.SpanExtension
+import com.microsoft.identity.common.java.opentelemetry.SpanName
 import com.microsoft.identity.common.java.ui.BrowserDescriptor
 import com.microsoft.identity.common.logging.Logger
+import io.opentelemetry.api.trace.Span
+import io.opentelemetry.api.trace.SpanContext
+import io.opentelemetry.api.trace.StatusCode
 
 /**
  * SwitchBrowserRequestHandler is a challenge handler for SwitchBrowserChallenge.
@@ -42,9 +49,13 @@ class SwitchBrowserRequestHandler(
     private val activity: Activity,
     private val context: Context,
     private val customTabsManager: CustomTabsManager,
-    private val browserSelector: IBrowserSelector
+    private val browserSelector: IBrowserSelector,
+    private val spanContext: SpanContext?
 ) : IChallengeHandler<SwitchBrowserChallenge, Unit> {
 
+    val span: Span by lazy {
+        OTelUtility.createSpanFromParent(SpanName.SwitchBrowserProcess.name, spanContext)
+    }
 
     var isChallengeHandled: Boolean = false
         private set
@@ -53,11 +64,12 @@ class SwitchBrowserRequestHandler(
         private val TAG = SwitchBrowserRequestHandler::class.simpleName
     }
 
-    constructor(activity: Activity) : this(
+    constructor(activity: Activity, spanContext: SpanContext?) : this(
         activity,
         activity.applicationContext,
         CustomTabsManager(activity.applicationContext),
-        AndroidBrowserSelector(activity.applicationContext)
+        AndroidBrowserSelector(activity.applicationContext),
+        spanContext
     )
 
     /**
@@ -69,49 +81,68 @@ class SwitchBrowserRequestHandler(
      */
     @Throws(ClientException::class)
     override fun processChallenge(switchBrowserChallenge: SwitchBrowserChallenge) {
-        val methodTag = "$TAG:processChallenge"
+        SpanExtension.makeCurrentSpan(span).use {
+            val methodTag = "$TAG:processChallenge"
 
-        // Select a browser to handle the switch browser challenge
-        val browser = browserSelector.selectBrowser(
-            BrowserDescriptor.getBrowserSafeListForSwitchBrowser(),
-            null
-        )
-        if (browser == null) {
-            val exception = ClientException(
-                ClientException.NO_BROWSERS_AVAILABLE,
-                "No browser found for SwitchBrowserChallenge."
-            )
-            Logger.error(
-                methodTag,
-                "No browser found for SwitchBrowserChallenge.",
-                exception
+            // Select a browser to handle the switch browser challenge
+            val browser = browserSelector.selectBrowser(
+                BrowserDescriptor.getBrowserSafeListForSwitchBrowser(),
+                null
             )
-            throw exception
-        }
+            if (browser == null) {
+                val exception = ClientException(
+                    ClientException.NO_BROWSERS_AVAILABLE,
+                    "No browser found for SwitchBrowserChallenge."
+                )
+                Logger.error(
+                    methodTag,
+                    "No browser found for SwitchBrowserChallenge.",
+                    exception
+                )
+                span.setStatus(StatusCode.ERROR)
+                span.recordException(exception)
+                span.end()
+                throw exception
+            }
 
-        // Create an intent to launch the browser
-        val browserIntent: Intent
-        if (browser.isCustomTabsServiceSupported) {
-            Logger.info(methodTag, "CustomTabsService is supported.")
-            //create customTabsIntent
-            if (!customTabsManager.bind(context, browser.packageName)) {
-                Logger.warn(methodTag, "Failed to bind CustomTabsService.")
-                browserIntent = Intent(Intent.ACTION_VIEW)
+            // Create an intent to launch the browser
+            val browserIntent: Intent
+            if (browser.isCustomTabsServiceSupported) {
+                Logger.info(methodTag, "CustomTabsService is supported.")
+                //create customTabsIntent
+                if (!customTabsManager.bind(context, browser.packageName)) {
+                    Logger.warn(methodTag, "Failed to bind CustomTabsService.")
+                    browserIntent = Intent(Intent.ACTION_VIEW)
+                } else {
+                    browserIntent = customTabsManager.customTabsIntent.intent
+                }
             } else {
-                browserIntent = customTabsManager.customTabsIntent.intent
+                Logger.warn(methodTag, "CustomTabsService is NOT supported")
+                browserIntent = Intent(Intent.ACTION_VIEW)
             }
-        } else {
-            Logger.warn(methodTag, "CustomTabsService is NOT supported")
-            browserIntent = Intent(Intent.ACTION_VIEW)
+            Logger.info(
+                methodTag,
+                "Launching switch browser request on browser: ${browser.packageName}"
+            )
+            browserIntent.setPackage(browser.packageName)
+            browserIntent.setData(switchBrowserChallenge.uri)
+            activity.startActivity(browserIntent)
+            isChallengeHandled = true
+            span.setAttribute(
+                AttributeName.is_switch_browser_request_handled.name,
+                isChallengeHandled
+            )
+            span.setAttribute(
+                AttributeName.browser_package_name.name,
+                browser.packageName
+            )
+            span.setAttribute(
+                AttributeName.is_custom_tabs_supported.name,
+                browser.isCustomTabsServiceSupported
+            )
+            span.setStatus(StatusCode.OK)
+            span.end()
         }
-        Logger.info(
-            methodTag,
-            "Launching switch browser request on browser: ${browser.packageName}"
-        )
-        browserIntent.setPackage(browser.packageName)
-        browserIntent.setData(switchBrowserChallenge.uri)
-        activity.startActivity(browserIntent)
-        isChallengeHandled = true
     }
 
     /**

common/src/main/java/com/microsoft/identity/common/internal/ui/webview/switchbrowser/SwitchBrowserProtocolCoordinator.kt

@@ -35,16 +35,29 @@ import com.microsoft.identity.common.internal.ui.webview.switchbrowser.SwitchBro
 import com.microsoft.identity.common.internal.ui.webview.switchbrowser.SwitchBrowserUriHelper.isSwitchBrowserRedirectUrl
 import com.microsoft.identity.common.java.AuthenticationConstants.AAD.AUTHORIZATION
 import com.microsoft.identity.common.java.exception.ClientException
+import com.microsoft.identity.common.java.opentelemetry.AttributeName
+import com.microsoft.identity.common.java.opentelemetry.OTelUtility
+import com.microsoft.identity.common.java.opentelemetry.SpanExtension
+import com.microsoft.identity.common.java.opentelemetry.SpanName
 import com.microsoft.identity.common.java.ui.AuthorizationAgent
 import com.microsoft.identity.common.logging.Logger
+import io.opentelemetry.api.trace.Span
+import io.opentelemetry.api.trace.SpanContext
+import io.opentelemetry.api.trace.StatusCode
 
 /**
  * SwitchBrowserProtocolCoordinator is responsible for coordinating the switch browser protocol.
  * Contains the handler to process the switch browser request and resume action.
  */
 class SwitchBrowserProtocolCoordinator(
-    val switchBrowserRequestHandler: SwitchBrowserRequestHandler) {
-    constructor(activity: Activity) : this(SwitchBrowserRequestHandler(activity))
+    val switchBrowserRequestHandler: SwitchBrowserRequestHandler,
+    private val spanContext: SpanContext? = null) {
+
+    constructor(activity: Activity, spanContext: SpanContext?) : this(SwitchBrowserRequestHandler(activity, spanContext), spanContext)
+
+    val span: Span by lazy {
+        OTelUtility.createSpanFromParent(SpanName.SwitchBrowserResume.name, spanContext)
+    }
 
     companion object {
         private const val TAG = "SwitchBrowserProtocolCoordinator"
@@ -99,21 +112,30 @@ class SwitchBrowserProtocolCoordinator(
         extras: Bundle,
         onSuccessAction: (Uri, HashMap<String, String>) -> Unit
     ) {
-        val methodTag = "$TAG:processSwitchBrowserResume"
-        val actionUri = extras.getString(SWITCH_BROWSER.ACTION_URI)
-        val code = extras.getString(SWITCH_BROWSER.CODE)
-        if (actionUri.isNullOrEmpty() || code.isNullOrEmpty()) {
-            throw ClientException(
-                ClientException.MISSING_PARAMETER,
-                "Action URI is null/empty: ${actionUri == null}, code is null/empty: ${code == null}"
-            )
+        SpanExtension.makeCurrentSpan(span).use {
+            val methodTag = "$TAG:processSwitchBrowserResume"
+            val actionUri = extras.getString(SWITCH_BROWSER.ACTION_URI)
+            val code = extras.getString(SWITCH_BROWSER.CODE)
+            if (actionUri.isNullOrEmpty() || code.isNullOrEmpty()) {
+                val clientException = ClientException(
+                    ClientException.MISSING_PARAMETER,
+                    "Action URI is null/empty: ${actionUri == null}, code is null/empty: ${code == null}"
+                )
+                span.setStatus(StatusCode.ERROR)
+                span.recordException(clientException)
+                span.end()
+                throw clientException
+            }
+            val resumeUri = buildResumeUri(actionUri)
+            val headers = hashMapOf(AUTHORIZATION to code)
+            onSuccessAction(resumeUri, headers)
+            // Reset the challenge state after processing the resume action
+            switchBrowserRequestHandler.resetChallengeState()
+            Logger.info(methodTag, "Switch browser resume action processed successfully.")
+            span.setAttribute(AttributeName.is_switch_browser_resume_handled.name, true)
+            span.setStatus(StatusCode.OK)
+            span.end()
         }
-        val resumeUri = buildResumeUri(actionUri)
-        val headers = hashMapOf(AUTHORIZATION to code)
-        onSuccessAction(resumeUri, headers)
-        // Reset the challenge state after processing the resume action
-        switchBrowserRequestHandler.resetChallengeState()
-        Logger.info(methodTag, "Switch browser resume action processed successfully.")
     }
 
     /**

common/src/test/java/com/microsoft/identity/common/internal/ui/webview/challengehandlers/SwitchBrowserRequestHandlerTest.kt

@@ -60,7 +60,7 @@ class SwitchBrowserRequestHandlerTest {
         `when`(challenge.uri).thenReturn(Uri.parse("https://example.com"))
         val browserSelector = // Browser available
             IBrowserSelector { _, _ -> Browser("fakeBrowser", emptySet(), "browser", false) }
-        val handler = SwitchBrowserRequestHandler(mockActivity, context, customTabsManager, browserSelector)
+        val handler = SwitchBrowserRequestHandler(mockActivity, context, customTabsManager, browserSelector, null)
         handler.processChallenge(challenge)
         Assert.assertTrue(activityExecuted)
     }
@@ -75,7 +75,7 @@ class SwitchBrowserRequestHandlerTest {
         val challenge = mock(SwitchBrowserChallenge::class.java)
         `when`(challenge.uri).thenReturn(Uri.parse("https://example.com"))
         val browserSelector = IBrowserSelector { _, _ -> null } // No browser available
-        val handler = SwitchBrowserRequestHandler(activity, context, customTabsManager, browserSelector)
+        val handler = SwitchBrowserRequestHandler(activity, context, customTabsManager, browserSelector, null)
         val exception = Assert.assertThrows(ClientException::class.java) {
             handler.processChallenge(challenge)
         }

common4j/src/main/com/microsoft/identity/common/java/nativeauth/commands/parameters/BaseSignInTokenCommandParameters.java

@@ -26,6 +26,8 @@
 
 import java.util.List;
 
+import javax.annotation.Nullable;
+
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.experimental.SuperBuilder;
@@ -44,5 +46,11 @@ public abstract class BaseSignInTokenCommandParameters extends BaseNativeAuthCom
     */
    public final List<String> scopes;
 
+   /**
+    * Claims to send to the token endpoint.
+    */
+   @Nullable
+   public final String claimsRequestJson;
+
    private final AbstractAuthenticationScheme authenticationScheme;
 }

common4j/src/main/com/microsoft/identity/common/java/nativeauth/commands/parameters/MFADefaultChallengeCommandParameters.java

@@ -47,12 +47,6 @@ public class MFADefaultChallengeCommandParameters extends BaseSignInTokenCommand
     @NonNull
     public final String continuationToken;
 
-    /**
-     * Claims to send to the token endpoint.
-     */
-    @Nullable
-    public final String claimsRequestJson;
-
     @NonNull
     @Override
     public String toUnsanitizedString() {

common4j/src/main/com/microsoft/identity/common/java/nativeauth/commands/parameters/MFASubmitChallengeCommandParameters.java

@@ -51,12 +51,6 @@ public class MFASubmitChallengeCommandParameters extends BaseSignInTokenCommandP
     @NonNull
     public final String continuationToken;
 
-    /**
-     * Claims to send to the token endpoint.
-     */
-    @Nullable
-    public final String claimsRequestJson;
-
     @NonNull
     @Override
     public String toUnsanitizedString() {

common4j/src/main/com/microsoft/identity/common/java/nativeauth/commands/parameters/SignInStartCommandParameters.java

@@ -54,12 +54,6 @@ public class SignInStartCommandParameters extends BaseSignInTokenCommandParamete
     @Nullable
     public final char[] password;
 
-    /**
-     * Claims to send to the token endpoint.
-     */
-    @Nullable
-    public final String claimsRequestJson;
-
     @NonNull
     @Override
     public String toUnsanitizedString() {

common4j/src/main/com/microsoft/identity/common/java/nativeauth/commands/parameters/SignInSubmitCodeCommandParameters.java

@@ -51,12 +51,6 @@ public class SignInSubmitCodeCommandParameters extends BaseSignInTokenCommandPar
     @NonNull
     public final String continuationToken;
 
-    /**
-     * Claims to send to the token endpoint.
-     */
-    @Nullable
-    public final String claimsRequestJson;
-
     @NonNull
     @Override
     public String toUnsanitizedString() {