Fix Login for Admin and Welcome Discovery incompatability.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: brandonpage

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/Login/SFLoginViewController.m

@@ -42,6 +42,9 @@
 #import "SalesforceSDKManager+Internal.h"
 #import <LocalAuthentication/LocalAuthentication.h>
 #import "SFRestAPI+Internal.h"
+#import "SFOAuthCoordinator+Internal.h"
+#import "SFSDKAuthSession.h"
+#import "SFSDKAuthRequest.h"
 #import <SalesforceSDKCore/SalesforceSDKCore-Swift.h>
 @interface SFLoginViewController () <SFSDKLoginHostDelegate, SFUserAccountManagerDelegate>
 
@@ -323,14 +326,29 @@ - (UIBarButtonItem *)createSettingsButton {
     }
 
     // Login for Admin - forces browser-based (advanced) authentication to support phishing-resistant MFA.
-    [menuActions addObject:[UIAction actionWithTitle:[SFSDKResourceUtils localizedString:@"LOGIN_FOR_ADMIN"]
+    // Wrapped in an uncached UIDeferredMenuElement so the show/hide predicate is re-evaluated each
+    // time the menu opens. The entry is hidden during phase 1 of Welcome Discovery (i.e. before the
+    // user has selected an account on welcome.salesforce.com/discovery), where we have no resolved
+    // My Domain to launch the browser session against.
+    __weak typeof(self) weakSelf = self;
+    UIDeferredMenuElement *loginForAdminElement = [UIDeferredMenuElement elementWithUncachedProvider:^(void (^ _Nonnull completion)(NSArray<UIMenuElement *> * _Nonnull)) {
+        __strong typeof(weakSelf) strongSelf = weakSelf;
+        if (![SFLoginViewController shouldShowLoginForAdminForSession:[strongSelf currentAuthSessionForMenu]]) {
+            completion(@[]);
+            return;
+        }
+        UIAction *action = [UIAction actionWithTitle:[SFSDKResourceUtils localizedString:@"LOGIN_FOR_ADMIN"]
                                                image:nil
                                           identifier:nil
                                              handler:^(__kindof UIAction* _Nonnull action) {
-        if ([self.delegate respondsToSelector:@selector(loginViewControllerDidSelectLoginForAdmin:)]) {
-            [self.delegate loginViewControllerDidSelectLoginForAdmin:self];
-        }
-    }]];
+            __strong typeof(weakSelf) handlerSelf = weakSelf;
+            if ([handlerSelf.delegate respondsToSelector:@selector(loginViewControllerDidSelectLoginForAdmin:)]) {
+                [handlerSelf.delegate loginViewControllerDidSelectLoginForAdmin:handlerSelf];
+            }
+        }];
+        completion(@[action]);
+    }];
+    [menuActions addObject:loginForAdminElement];
 
     UIMenu *menu = [UIMenu menuWithTitle:@"" // No title
                                 children:menuActions];
@@ -340,6 +358,33 @@ - (UIBarButtonItem *)createSettingsButton {
     return settingsButton;
 }
 
+- (nullable SFSDKAuthSession *)currentAuthSessionForMenu {
+    NSString *sceneId = self.view.window.windowScene.session.persistentIdentifier;
+    if (sceneId.length == 0) {
+        return nil;
+    }
+    return [[SFUserAccountManager sharedInstance].authSessions objectForKey:sceneId];
+}
+
++ (BOOL)shouldShowLoginForAdminForSession:(nullable SFSDKAuthSession *)session {
+    // Default to showing the entry when we have no session/coordinator info.
+    // This matches the previous (always-shown) behavior on non-discovery flows
+    // and during early SDK lifecycle before the auth session is wired up.
+    SFOAuthCoordinator *coordinator = session.oauthCoordinator;
+    if (session == nil || coordinator == nil) {
+        return YES;
+    }
+
+    NSString *loginHost = session.oauthRequest.loginHost;
+    SFDomainDiscoveryCoordinator *discoveryCoordinator = [[SFDomainDiscoveryCoordinator alloc] init];
+    BOOL isDiscoveryHost = [discoveryCoordinator isDiscoveryDomain:loginHost];
+    // Hide only when we are mid-discovery (no My Domain selected yet).
+    if (isDiscoveryHost && !coordinator.domainUpdated) {
+        return NO;
+    }
+    return YES;
+}
+
 - (UIView *)createTitleItem {
     NSString *title = [SFSDKResourceUtils localizedString:@"TITLE_LOGIN"];
     // Setup top item.

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/OAuth/SFSDKAuthRequest.h

@@ -35,7 +35,19 @@ NS_ASSUME_NONNULL_BEGIN
 
 /// Indicates that browser auth was initiated by the "Login for Admin" action.
 /// When YES, cancelling the browser session returns to the WebView login instead of showing the server picker.
-@property (nonatomic, assign) BOOL loginAsAdmin;
+@property (nonatomic, assign) BOOL loginForAdmin;
+
+/// Login-for-Admin override: the My Domain to authenticate against, set when
+/// LFA is invoked from phase 2 of Welcome Discovery. Consulted only while
+/// `loginForAdmin == YES`; the request's `loginHost` is left unchanged so that
+/// other settings actions (Reload, Clear Cache) and the post-cancel restart
+/// continue to operate against the originally configured login host.
+/// Cleared together with `loginForAdmin` when the LFA browser session is cancelled.
+@property (nonatomic, copy, nullable) NSString *loginForAdminMyDomain;
+
+/// Login-for-Admin override: the login_hint OAuth parameter to pass to the
+/// browser session. Same scoping rules as `loginForAdminMyDomain`.
+@property (nonatomic, copy, nullable) NSString *loginForAdminLoginHint;
 
 @property (nonatomic, strong) NSArray<NSString *> *additionalOAuthParameterKeys;
 @property (nonatomic, strong) NSDictionary<NSString *,id> * additionalTokenRefreshParams;

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/OAuth/SFSDKAuthSession.m

@@ -60,7 +60,7 @@ -(void)initCoordinator {
     self.oauthCoordinator.additionalTokenRefreshParams = self.oauthRequest.additionalTokenRefreshParams;
     self.oauthCoordinator.scopes = self.oauthRequest.scopes;
     self.oauthCoordinator.brandLoginPath = self.oauthRequest.brandLoginPath;
-    self.oauthCoordinator.useBrowserAuth = self.oauthRequest.useBrowserAuth || self.oauthRequest.loginAsAdmin;
+    self.oauthCoordinator.useBrowserAuth = self.oauthRequest.useBrowserAuth || self.oauthRequest.loginForAdmin;
     if (_spAppCredentials && _spAppCredentials.domain) {
         self.oauthCoordinator.credentials.domain = _spAppCredentials.domain;
     }

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/UserAccount/SFUserAccountManager.h

@@ -651,6 +651,12 @@ Use this method to stop/clear any authentication which is has already been start
  2. Walk the key window's view hierarchy and locate the `SFLoginViewController` presented
     inside the SDK's navigation controller.
 
+ @note Welcome Discovery: when the active login host is a Welcome Discovery host
+ (e.g. `welcome.salesforce.com/discovery`) and the user has not yet selected an
+ account, "Login for Admin" is a no-op (there is no resolved My Domain to switch
+ to). After the user picks an account on the discovery page, this method may be
+ called again and will use the resolved My Domain for the browser session.
+
  @param loginViewController The login view controller whose scene's active auth session should
  switch to "Login for Admin". Its window's scene is used to locate the session.
  */

libs/SalesforceSDKCore/SalesforceSDKCore/Classes/UserAccount/SFUserAccountManager.m

@@ -608,26 +608,38 @@ - (BOOL)authenticateWithRequest:(SFSDKAuthRequest *)request
                                                         initWithFrontdoorBridgeUrl:frontDoorBridgeUrl
                                                         codeVerifier:codeVerifier];
     }
-    authSession.oauthCoordinator.loginHint = loginHint;
+    // Login for Admin: when the request carries a My Domain override (set by
+    // loginViewControllerDidSelectLoginForAdmin: in phase-2 Welcome Discovery),
+    // route the browser session to the resolved My Domain and forward the
+    // captured login hint, while leaving request.loginHost — and therefore
+    // every other restart path — pointed at the originally configured host.
+    BOOL useLfaOverride = request.loginForAdmin && request.loginForAdminMyDomain.length > 0;
+    if (useLfaOverride) {
+        authSession.credentials.domain = request.loginForAdminMyDomain;
+        authSession.oauthCoordinator.loginHint = request.loginForAdminLoginHint;
+    } else {
+        authSession.oauthCoordinator.loginHint = loginHint;
+    }
+    NSString *appConfigLoginHost = useLfaOverride ? request.loginForAdminMyDomain : request.loginHost;
     NSString *sceneId = authSession.sceneId;
     self.authSessions[sceneId] = authSession;
-    
+
     if (self.nativeLoginEnabled && !self.shouldFallbackToWebAuthentication) {
         authSession.oauthCoordinator.useNativeAuth = YES;
     }
-    
+
     dispatch_async(dispatch_get_main_queue(), ^{
         [SFSDKWebViewStateManager removeSessionForcefullyWithCompletionHandler:^{
             // Get app config for the login host. If appConfigRuntimeSelectorBlock is set,
             // it will be invoked to select the appropriate config. Otherwise, returns the default appConfig.
-            [[SalesforceSDKManager sharedManager] appConfigForLoginHost:request.loginHost callback:^(SFSDKAppConfig* appConfig) {
+            [[SalesforceSDKManager sharedManager] appConfigForLoginHost:appConfigLoginHost callback:^(SFSDKAppConfig* appConfig) {
                 authSession.credentials.clientId = appConfig.remoteAccessConsumerKey;
                 authSession.credentials.redirectUri = appConfig.oauthRedirectURI;
                 authSession.credentials.scopes = [appConfig.oauthScopes allObjects];
                 [authSession.oauthCoordinator authenticateWithCredentials:authSession.credentials];
             }];
         }];
-        
+
     });
     return self.authSessions[sceneId].isAuthenticating;
 }
@@ -702,6 +714,9 @@ - (void)restartAuthentication:(SFSDKAuthSession *)session {
     [self dismissAuthViewControllerIfPresentForScene:scene completion:^{
         __strong typeof(weakSelf) strongSelf = weakSelf;
         strongSelf.authSessions[scene.session.persistentIdentifier].isAuthenticating = NO;
+        // LFA passes its hint via the request's loginForAdminLoginHint override
+        // (consulted in authenticateWithRequest:); other restart paths intentionally
+        // pass nil so a hint set on a prior session does not bleed across server changes.
         [strongSelf authenticateWithRequest:session.oauthRequest
                                   loginHint:nil
                                  completion:session.authSuccessCallback
@@ -1032,9 +1047,14 @@ - (void)oauthCoordinatorDidCancelBrowserAuthentication:(SFOAuthCoordinator *)coo
     }
 
     // When "Login for Admin" initiated the browser auth, clear the flag and
-    // restart the WebView login flow instead of showing the server picker.
-    if (coordinator.authSession.oauthRequest.loginAsAdmin) {
-        coordinator.authSession.oauthRequest.loginAsAdmin = NO;
+    // its My Domain / login hint overrides, then restart the WebView login
+    // flow against the originally configured host instead of showing the
+    // server picker. For Welcome Discovery, this means the user lands back
+    // on the discovery page and re-picks an account.
+    if (coordinator.authSession.oauthRequest.loginForAdmin) {
+        coordinator.authSession.oauthRequest.loginForAdmin = NO;
+        coordinator.authSession.oauthRequest.loginForAdminMyDomain = nil;
+        coordinator.authSession.oauthRequest.loginForAdminLoginHint = nil;
         [self restartAuthentication:coordinator.authSession];
         return;
     }
@@ -1125,7 +1145,27 @@ - (void)loginViewControllerDidReload:(SFLoginViewController *)loginViewControlle
 - (void)loginViewControllerDidSelectLoginForAdmin:(SFLoginViewController *)loginViewController {
     NSString *sceneId = loginViewController.view.window.windowScene.session.persistentIdentifier;
     SFSDKAuthSession *session = self.authSessions[sceneId];
-    session.oauthRequest.loginAsAdmin = YES;
+    SFOAuthCoordinator *coordinator = session.oauthCoordinator;
+
+    // Phase-1 Welcome Discovery: a discovery host is loaded but the user has not
+    // yet picked an account, so credentials.domain is still the discovery host
+    // and we have no My Domain to advance to. Switching to ASWebAuthenticationSession
+    // here would launch the browser against welcome.salesforce.com — wrong UX.
+    // No-op until phase 2 lands.
+    SFDomainDiscoveryCoordinator *discoveryCoordinator = [[SFDomainDiscoveryCoordinator alloc] init];
+    if ([discoveryCoordinator isDiscoveryDomain:session.oauthRequest.loginHost] && !coordinator.domainUpdated) {
+        [SFSDKCoreLogger w:[self class] format:@"%@: Login for Admin is not available before a My Domain has been selected on the Welcome Discovery page; ignoring.", NSStringFromSelector(_cmd)];
+        return;
+    }
+
+    // Phase-2 Welcome Discovery (or a non-discovery host): record the resolved
+    // My Domain and login hint as LFA-scoped overrides on the request. The
+    // request's loginHost is left untouched so that Reload / Clear Cache /
+    // post-cancel restart continue to use the originally configured host.
+    // These overrides are in-memory only and are cleared on LFA cancel.
+    session.oauthRequest.loginForAdminMyDomain = coordinator.credentials.domain.length > 0 ? coordinator.credentials.domain : nil;
+    session.oauthRequest.loginForAdminLoginHint = coordinator.loginHint.length > 0 ? coordinator.loginHint : nil;
+    session.oauthRequest.loginForAdmin = YES;
     [self restartAuthenticationForViewController:loginViewController];
 }