Merge branch 'dev' into mchand/resource-account-api

Author: mohitc1

CODEOWNERS

@@ -7,6 +7,9 @@
 
 *       @AzureAD/androididentity
 
+# Shared Ownership
+#---------------------
+changelog.txt @AzureAD/androididentity @AzureAD/NativeAuthTeam
 
 # Area Owners
 #---------------------

azure-pipelines/pull-request-validation/common.yml

@@ -2,7 +2,7 @@
 # Variable: 'MOCK_API_URL' was defined in the Variables tab
 # Description: Assemble and run unit test
 name: $(date:yyyyMMdd)$(rev:.r)
-
+trigger: none
 variables:
   - group: devex-ciam-test
 

azure-pipelines/pull-request-validation/common4j.yml

@@ -3,7 +3,7 @@
 # Variable: 'MOCK_API_URL' was defined in the Variables tab
 # Uses Java 11
 name: $(date:yyyyMMdd)$(rev:.r)
-
+trigger: none
 variables:
   - group: devex-ciam-test
 

changelog.txt

@@ -1,6 +1,13 @@
 vNext
 ----------
-- [MINOR] Enable the new Broker discovery on MSAL by default (#2618)
+- [PATCH] Allow generating wrapping key without PURPOSE_WRAP_KEY with Flight (#2633))
+- [MINOR] Adding a state parameter to prevent phish attacks, in “switch_browser” flow. (#2631)
+- [MINOR] Move camera logic to CameraPermissionRequestHandler and add SdmQrPinManager (#2630)
+- [MINOR] Pass Work Profile existence, OS Version, and Manufacturer to ESTS (#2627)
+- [MINOR] Add telemetry for the switch browser protocol (#2612)
+
+Version 21.0.0
+----------
 - [PATCH] Improve logs and error reporting SIWG flow (#2616)
 - [PATCH] Only show QR +PIN rationale when the request origin is from Microsoft (#2613)
 - [MINOR] Add an extra index for MSAL CPP core in the extra client sku header (#2610)
@@ -9,6 +16,7 @@ vNext
 - [PATCH] Track MAM flow in telemetry (#2608)
 - [PATCH] Fix multiple prompts issue in cross cloud request (#2599)
 - [PATCH] Corrected error handling in cross cloud scenario (#2602)
+- [MINOR] Native auth: Add claimsRequest also to getAccessToken and signIn after signUp/SSPR flows (#2622)
 
 Version 20.1.1
 ----------

common/src/androidTest/java/com/microsoft/identity/common/internal/platform/AndroidDevicePoPManagerEncryptionTests.java

@@ -52,7 +52,6 @@
 // https://github.com/robolectric/robolectric/issues/1518
 //todo: Investigate if these tests can be migrated to common4j
 @RunWith(Parameterized.class)
-@Config(sdk =21)
 public class AndroidDevicePoPManagerEncryptionTests {
 
     private static final String DATA_TO_ENCRYPT = "The quick brown fox jumped over the lazy dog.";

common/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java

@@ -560,6 +560,10 @@ public static final class SWITCH_BROWSER {
          */
         public static final String ACTION_URI = "action_uri";
 
+        /**
+         * String Query parameter key for the state blob.
+         */
+        public static final String STATE = "state";
     }
 
     /**
@@ -1161,6 +1165,18 @@ public static String computeMaxHostBrokerProtocol() {
          */
         public static final String LTW_APP_SHA512_DEBUG_SIGNATURE = "5PAhhZNSRRvq7vpTT5vrYJbSLh05AU8USf7oUTS239PEltebX87uGN7GhAe5244lJepwZ5RU4vu8N6ospXVOlg==";
 
+        /**
+         * Signing certificate thumbprint of the DEBUG-signed Microsoft Intune app.
+         * Generated with SHA-512.
+         */
+        public static final String INTUNE_APP_SHA512_DEBUG_SIGNATURE = "F+Tat7A/mlOJCzRYEmj9DgLRHU2Nb0VSQjgZEyAehqW9+cOT0oYjkT/fa33hYcVMwUzaSy0hUOVt9KQtyFRnVQ==";
+
+        /**
+         * Signing certificate thumbprint of the RELEASE-signed Microsoft Intune app.
+         * Generated with SHA-512.
+         */
+        public static final String INTUNE_APP_SHA512_RELEASE_SIGNATURE = "jPpMoaNvcxSLMX4yG4C3Gf86rtTqh33SqpuRKg4WOP+MnnpA52zZgvKLW76U4Cqqf68iaBk9W7k/jhciiSAtgQ==";
+
         /**
          * Teams IP Phones (Sakurai devices) is supported by Intune, but does not have a back button nor browser.
          * The only supported detection of this phone is the application install state.

common/src/main/java/com/microsoft/identity/common/components/AndroidPlatformComponentsFactory.java

@@ -36,7 +36,10 @@
 import com.microsoft.identity.common.internal.providers.oauth2.AndroidTaskStateGenerator;
 import com.microsoft.identity.common.internal.ui.AndroidAuthorizationStrategyFactory;
 import com.microsoft.identity.common.internal.ui.browser.AndroidBrowserSelector;
+import com.microsoft.identity.common.internal.util.WorkProfileUtil;
 import com.microsoft.identity.common.java.WarningType;
+import com.microsoft.identity.common.java.flighting.CommonFlight;
+import com.microsoft.identity.common.java.flighting.CommonFlightsManager;
 import com.microsoft.identity.common.java.interfaces.IPlatformComponents;
 import com.microsoft.identity.common.java.interfaces.PlatformComponents;
 import com.microsoft.identity.common.java.net.DefaultHttpClientWrapper;
@@ -67,6 +70,12 @@ public static synchronized void initializeGlobalStates(@NonNull final Context co
         if (!sGlobalStateInitalized) {
             HttpCache.initialize(context);
             Device.setDeviceMetadata(new AndroidDeviceMetadata());
+
+            // Denotes whether or not request is from personal profile but device has a Work Profile Available
+            if (CommonFlightsManager.INSTANCE.getFlightsProvider().isFlightEnabled(CommonFlight.ENABLE_AM_API_WORKPROFILE_EXTRA_QUERY_PARAMETERS)) {
+                Device.setIsInPersonalProfileButClouddpcWorkProfileAvailable(
+                        WorkProfileUtil.checkIfIsInPersonalProfileButClouddpcWorkProfileAvailable(context));
+            }
             Logger.setAndroidLogger();
 
             final File cacheDir = context.getCacheDir();