Merge Release 1.6.0 into main (#2355)

* Adding task to trigger pipeline in ADO

* Update pr-validation.yml for Azure Pipelines

* Correcting project and org

Correcting

* trigger

* Update pr-validation.yml for Azure Pipelines

* trigger

* Update pr-validation.yml for Azure Pipelines

* Allow passing query parameters in signout

* Revert PPE change

* Updated changelog

* Fix changelog in common

* Updating pipeline id for pr assitant

* reduce timeout

* Add a poorly written method to test AI

* Adding index out of bounds

* test

* reverting

* trigger

* MacOS increase version to 10.15 (#2343)

* Correct typo

* Adding poor code

* Adding comment

* Update common core

* Reverting change for poor code

* Final check

* Updating MSAL framework checksum & url for 1.5.1 [skip ci] (#2348)

Co-authored-by: Yong Zeng <[email protected]>

* Native authentication email OTP MFA (#2341)

* Email OTP MFA Network layer implementation (#2275)

* add introspect request, response and error classes

* make authentication method fields mandatory, add validator code for introspect responses

* update signIN challenge request and response

* handle mfa required using suberror and not error code

* fix unit tests after new changes

* rename validate function and add new test for introspect required error result

* add new unit tests for introspect validation

* add new unit tests for token response validation - mfa required

* fix integration tests compilation error

* add new integration tests for introspect api

* - Adjustments in integration tests to align with mock API changes

* Address comments on PR

---------

Co-authored-by: Marcos Borges <[email protected]>
Co-authored-by: Marcos Borges <[email protected]>

* first public interface draft

* add missing method in signINPasswordRequiredDelegate

* add dummy logic

* Add dedicated errors for MFA sub flow

* add optional new state to error callbacks

* Make channel type extensible

* Update and add new public comments

* fix compilation errors in E2E tests

* Fix typo and swiftlint warnings

* add base mfa states, return awaiting mfa on password required state

* add implementation for mfa required response after submitting a code

* handle remaning strongAuthRequired response

* handle introspect required and update todo comment

* add send challenge MFA business logic

* reuse code for send challenge method

* Email OTP MFA - public interface changes (#2296)

* first public interface draft

* add missing method in signINPasswordRequiredDelegate

* add dummy logic

* Add dedicated errors for MFA sub flow

* add optional new state to error callbacks

* Make channel type extensible

* Update and add new public comments

* fix compilation errors in E2E tests

* Fix typo and swiftlint warnings

* Address PR comments

* use same name for awaitingMFA method, add more details to the comment

* merge two mfa error and handle get auth methods request

* complete implementation of get auth methods method

* implement submit challenge reusing submit code function

* remove telemetry check in controller test. Delegate dispatcher should trigger telemetry

* Add unit tests for SendChallenge delegate dispatcher

* Add remaining tests for mfa delegate dispatchers

* add new unit tests for MFA error classes

* Writing tests for awaitingMFAState

* add unit tests for mfaRequiredState

* add new unit tests to existing signIn Controller

* add new test for sendChallengeState, add new class for MFA controller tests

* move mfa tests to dedicated class

* add new tests for mfa controller. Fix some bugs too

* add new tests for send challenge

* add new tests for get auth methods

* add new tests for submit Challenge, stop telemetry on successful result

* fix compilation error on integration tests

* rename sendChallenge to requestChallenge

* Address PR comments

* address PR comments. Fix bug around SSPR telemetry id

* address PR comments

* Email OTP MFA business logic (#2302)

* first public interface draft

* add missing method in signINPasswordRequiredDelegate

* add dummy logic

* Add dedicated errors for MFA sub flow

* add optional new state to error callbacks

* Make channel type extensible

* Update and add new public comments

* fix compilation errors in E2E tests

* Fix typo and swiftlint warnings

* add base mfa states, return awaiting mfa on password required state

* add implementation for mfa required response after submitting a code

* handle remaning strongAuthRequired response

* handle introspect required and update todo comment

* add send challenge MFA business logic

* reuse code for send challenge method

* merge two mfa error and handle get auth methods request

* complete implementation of get auth methods method

* implement submit challenge reusing submit code function

* remove telemetry check in controller test. Delegate dispatcher should trigger telemetry

* Add unit tests for SendChallenge delegate dispatcher

* Add remaining tests for mfa delegate dispatchers

* add new unit tests for MFA error classes

* Writing tests for awaitingMFAState

* add unit tests for mfaRequiredState

* add new unit tests to existing signIn Controller

* add new test for sendChallengeState, add new class for MFA controller tests

* move mfa tests to dedicated class

* add new tests for mfa controller. Fix some bugs too

* add new tests for send challenge

* add new tests for get auth methods

* add new tests for submit Challenge, stop telemetry on successful result

* fix compilation error on integration tests

* rename sendChallenge to requestChallenge

* Address PR comments

* address PR comments. Fix bug around SSPR telemetry id

* address PR comments

* Log a warning message and add warning on code documentation (#2306)

* add email otp mfa files to mac targets. Remove not used files

* Add E2E tests for email OTP MFA feature (#2331)

* add new e2e test for signIn with username and password and MFA

* add new end to end tests for mfa

* add missing E2E tests for email OTP MFA

* throw xctskip error to skip error

* refactor E2E tests

* rename internal test function

* send wrong code as string

* Refresh token, customise MFA required error description (#2322)

* add new error codes key and parse msid error codes

* add new error converter tests

* update changelog file

* add custom error message if error code is mfaRequired

* Add new unit tests for error codes handling

* add file to mac os target

* revert change for project file

* Add new MFARequestChallengeError and MFAGetAuthMethodsError (#2340)

* add period at the end of the sentence

* remove null pointer in project file

* remove trailing space and enable all mfa e2e tests

---------

Co-authored-by: Marcos Borges <[email protected]>
Co-authored-by: Marcos Borges <[email protected]>

* [iOS SDK] Update current user account result with latest account and id token after refresh (#2346)

* Update the current user account result data

* Made user account get access token testable
Added unit and e2e tests

* PR comments

* Fixed test around scopes after adding bundle id for IOS to client

* PR comments

* Added ConfigTested to validate config after being created
Made createRetrieveAccessTokenError and adjusted tests

* Reverted issue around UUID

* Release 1.6.0

* Merge dev into release/1.6.0 (#2363)

* Support caller app info for browser SSO flows  (#2347)

* modified:   MSAL/IdentityCore

* modified:   MSAL/IdentityCore

* modified:   MSAL/IdentityCore

* Update core.

* Add specific minimum version to match downloaded visionOS simulator's version

* Trigger Build

* Remove duplicated test, use proper name for test and skip test for macOS (#2362)

---------

Co-authored-by: Sergei Demchenko <[email protected]>
Co-authored-by: Juan Arias Roldan <[email protected]>
Co-authored-by: Juan Arias <[email protected]>

* Updating MSAL framework checksum & url for 1.5.1 [skip ci] (#2357)

Co-authored-by: Yong Zeng <[email protected]>

---------

Co-authored-by: Ameya Patil <[email protected]>
Co-authored-by: Olga Dalton <[email protected]>
Co-authored-by: Olga Dalton <[email protected]>
Co-authored-by: Ameya Patil <[email protected]>
Co-authored-by: Yong Zeng <[email protected]>
Co-authored-by: Danilo Raspa <[email protected]>
Co-authored-by: Marcos Borges <[email protected]>
Co-authored-by: Marcos Borges <[email protected]>
Co-authored-by: Sergei Demchenko <[email protected]>
Co-authored-by: Juan Arias Roldan <[email protected]>
Co-authored-by: Juan Arias <[email protected]>

CHANGELOG.md

@@ -1,3 +1,6 @@
+## [1.6.0]:
+* Support extra query parameters on logout endpoint (#2339)
+
 ## [1.5.1]:
 * Parse and add STS error codes in token error result (#2319)
 * VisionOS support added (#2139)

MSAL.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "MSAL"
-  s.version      = "1.5.1"
+  s.version      = "1.6.0"
   s.summary      = "Microsoft Authentication Library (MSAL) for iOS"
   s.description  = <<-DESC
                    The MSAL library for iOS gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Microsoft Azure B2C for those using our hosted identity management service.

MSAL/.swiftlint.yml

@@ -13,3 +13,4 @@ function_parameter_count:
 
 disabled_rules:
   - todo
+  - empty_enum_arguments

MSAL/resources/ios/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.5.1</string>
+	<string>1.6.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSPrincipalClass</key>

MSAL/resources/mac/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.5.1</string>
+	<string>1.6.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>

MSAL/src/MSALPublicClientApplication.m

@@ -1458,6 +1458,10 @@ - (void)signoutWithAccount:(nonnull MSALAccount *)account
     msidParams.platformSequence = [NSString msidUpdatePlatformSequenceParamWithSrcName:[MSIDVersion platformName]
                                                                             srcVersion:[MSIDVersion sdkVersion]
                                                                               sequence:nil];
+
+    // Extra parameters to be added to the /authorize endpoint.
+    msidParams.extraURLQueryParameters = signoutParameters.extraQueryParameters;
+
     NSError *localError;
     BOOL localRemovalResult = [self removeAccountImpl:account wipeAccount:signoutParameters.wipeAccount error:&localError];
 

MSAL/src/MSAL_Internal.h

@@ -26,8 +26,8 @@
 //------------------------------------------------------------------------------
 
 #define MSAL_VER_HIGH       1
-#define MSAL_VER_LOW        5
-#define MSAL_VER_PATCH      1
+#define MSAL_VER_LOW        6
+#define MSAL_VER_PATCH      0
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

MSAL/src/native_auth/network/MSALNativeAuthInternalChannelType.swift → MSAL/src/native_auth/MSALNativeAuthLogMessage.swift

@@ -20,18 +20,11 @@
 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-// THE SOFTWARE.
+// THE SOFTWARE.  
 
-enum MSALNativeAuthInternalChannelType: String, Decodable {
-    case phone
-    case email
+import Foundation
 
-    func toPublicChannelType() -> MSALNativeAuthChannelType {
-        switch self {
-        case .phone:
-            return .phone
-        case .email:
-            return .email
-        }
-    }
+enum MSALNativeAuthLogMessage {
+    static let privatePreviewLog =
+    "Warning ⚠️: this API is experimental. It may be changed in the future without notice. Do not use in production applications."
 }

MSAL/src/native_auth/client_application_wrapper/silent_token/MSALNativeAuthSilentTokenProvider.swift

@@ -0,0 +1,47 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+/// Wrapper class around PublicClientApplication which helps with testability
+class MSALNativeAuthSilentTokenProvider: MSALNativeAuthSilentTokenProviding {
+
+    private let application: MSALNativeAuthPublicClientApplication?
+
+    init(
+        configuration config: MSALPublicClientApplicationConfig,
+        challengeTypes: MSALNativeAuthChallengeTypes) throws {
+            self.application = try? MSALNativeAuthPublicClientApplication(configuration: config, challengeTypes: challengeTypes)
+        }
+
+    func acquireTokenSilent(parameters: MSALSilentTokenParameters,
+                            completionBlock: @escaping MSALNativeAuthSilentTokenResponse) {
+        application?.acquireTokenSilent(with: parameters) { result, error in
+            if let result {
+                let silentTokenResult = MSALNativeAuthSilentTokenResult(result: result)
+                completionBlock(silentTokenResult, error)
+            } else {
+                completionBlock(nil, error)
+            }
+        }
+    }
+}

MSAL/src/native_auth/client_application_wrapper/silent_token/MSALNativeAuthSilentTokenProviding.swift

@@ -0,0 +1,57 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+/// Class used to extract infromation from MSALResult required by the UserAccountResult to be updated and returned
+/// MSALResult cannot be directly created from Swift
+class MSALNativeAuthSilentTokenResult {
+    let accessTokenResult: MSALNativeAuthTokenResult
+    let rawIdToken: String?
+    let account: MSALAccount
+    let correlationId: UUID
+
+    init(result: MSALResult) {
+        self.rawIdToken = result.idToken
+        self.account = result.account
+        self.accessTokenResult = MSALNativeAuthTokenResult(accessToken: result.accessToken,
+                                                           scopes: result.scopes,
+                                                           expiresOn: result.expiresOn)
+        self.correlationId = result.correlationId
+    }
+
+    init (accessTokenResult: MSALNativeAuthTokenResult,
+          rawIdToken: String?,
+          account: MSALAccount,
+          correlationId: UUID) {
+        self.rawIdToken = rawIdToken
+        self.account = account
+        self.accessTokenResult = accessTokenResult
+        self.correlationId = correlationId
+    }
+}
+
+typealias MSALNativeAuthSilentTokenResponse = (MSALNativeAuthSilentTokenResult?, (any Error)?) -> Void
+
+protocol MSALNativeAuthSilentTokenProviding {
+    func acquireTokenSilent(parameters: MSALSilentTokenParameters, completionBlock: @escaping MSALNativeAuthSilentTokenResponse)
+}

MSAL/src/native_auth/client_application_wrapper/silent_token/factory/MSALNativeAuthSilentTokenProviderBuildable.swift

@@ -0,0 +1,28 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+protocol MSALNativeAuthSilentTokenProviderBuildable {
+    func makeSilentTokenProvider(configuration: MSALPublicClientApplicationConfig,
+                                 challengeTypes: MSALNativeAuthChallengeTypes) throws -> MSALNativeAuthSilentTokenProviding?
+}

MSAL/src/native_auth/client_application_wrapper/silent_token/factory/MSALNativeAuthSilentTokenProviderFactory.swift

@@ -0,0 +1,30 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+class MSALNativeAuthSilentTokenProviderFactory: MSALNativeAuthSilentTokenProviderBuildable {
+    func makeSilentTokenProvider(configuration: MSALPublicClientApplicationConfig,
+                                 challengeTypes: MSALNativeAuthChallengeTypes) throws -> MSALNativeAuthSilentTokenProviding? {
+        return try? MSALNativeAuthSilentTokenProvider(configuration: configuration, challengeTypes: challengeTypes)
+    }
+}

MSAL/src/native_auth/controllers/responses/MFAResults.swift

@@ -0,0 +1,41 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+import Foundation
+
+enum MFARequestChallengeResult {
+    case verificationRequired(sentTo: String, channelTargetType: MSALNativeAuthChannelType, codeLength: Int, newState: MFARequiredState)
+    case selectionRequired(authMethods: [MSALAuthMethod], newState: MFARequiredState)
+    case error(error: MFARequestChallengeError, newState: MFARequiredState?)
+}
+
+enum MFAGetAuthMethodsResult {
+    case selectionRequired(authMethods: [MSALAuthMethod], newState: MFARequiredState)
+    case error(error: MFAGetAuthMethodsError, newState: MFARequiredState?)
+}
+
+enum MFASubmitChallengeResult {
+    case completed(MSALNativeAuthUserAccountResult)
+    case error(error: MFASubmitChallengeError, newState: MFARequiredState?)
+}

MSAL/src/native_auth/controllers/responses/SignInResults.swift

@@ -28,13 +28,15 @@ enum SignInStartResult {
     case completed(MSALNativeAuthUserAccountResult)
     case codeRequired(newState: SignInCodeRequiredState, sentTo: String, channelTargetType: MSALNativeAuthChannelType, codeLength: Int)
     case passwordRequired(newState: SignInPasswordRequiredState)
+    case awaitingMFA(newState: AwaitingMFAState)
     case error(SignInStartError)
 }
 
 typealias SignInResendCodeResult = CodeRequiredGenericResult<SignInCodeRequiredState, ResendCodeError>
 
 enum SignInPasswordRequiredResult {
     case completed(MSALNativeAuthUserAccountResult)
+    case awaitingMFA(newState: AwaitingMFAState)
     case error(error: PasswordRequiredError, newState: SignInPasswordRequiredState?)
 }
 

MSAL/src/native_auth/controllers/sign_in/MSALNativeAuthMFAControlling.swift

@@ -0,0 +1,51 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+import Foundation
+
+protocol MSALNativeAuthMFAControlling {
+
+    typealias MFARequestChallengeControllerResponse = MSALNativeAuthControllerTelemetryWrapper<MFARequestChallengeResult>
+    typealias MFAGetAuthMethodsControllerResponse = MSALNativeAuthControllerTelemetryWrapper<MFAGetAuthMethodsResult>
+    typealias MFASubmitChallengeControllerResponse = MSALNativeAuthControllerTelemetryWrapper<MFASubmitChallengeResult>
+
+    func requestChallenge(
+        continuationToken: String,
+        authMethod: MSALAuthMethod?,
+        context: MSALNativeAuthRequestContext,
+        scopes: [String]
+    ) async -> MFARequestChallengeControllerResponse
+
+    func getAuthMethods(
+        continuationToken: String,
+        context: MSALNativeAuthRequestContext,
+        scopes: [String]
+    ) async -> MFAGetAuthMethodsControllerResponse
+
+    func submitChallenge(
+        challenge: String,
+        continuationToken: String,
+        context: MSALNativeAuthRequestContext,
+        scopes: [String]) async -> MFASubmitChallengeControllerResponse
+}