Release/1.7.0 (#2505)

* Add automation token binding settings

* Update core.

* modified:   MSAL/IdentityCore

* merge release 1.6.2 back to dev

* Use older version of xcpretty

* Minor automation tweaks

* Fixed cookie clearing

* Update submodule

* Trigger build, due to pipeline error.

* Updated parentViewController documentation

* Update MSAL submodule

* Publish temporary Swift Package 2024-11-27 10:36:29

* Revert "Publish temporary Swift Package 2024-11-27 10:36:29"

This reverts commit d879d57.

* Test with newer Xcode & macOS version

* Test newer iOS version

* MSA automation support

* update submodule

* 1.1.10 & 1.1.12

* 2.1.11

* 1.1.13

* 1.1.2

* 1.1.5

* 2.1.10

* 2.1.10 move to the right place

* 2.1.5

* 2.1.6

* 2.1.7&2.1.8

* pass 2.1.11

* 1.1.10 pass

* 1.1.11 pass

* 1.1.12 pass

* 1.1.13 pass

* 1.1.2 pass

* 1.1.5 pass

* 2.1.10 pass + use correct error message

* 2.1.5 pass

* 2.1.6 pass

* 2.1.7 pass

* 2.1.8 pass

* remove correlation id one because it's out of scope

* Verify Custom URL Domain - Sign In

* add signInCustomDomain2InSuccess and skip

* tenant_id + replicate name

* submodule update (#2426)

* submodule update

* dummy change

---------

Co-authored-by: Kai Song <[email protected]>

* trigger pipeline

* wrong key

* Address comments

* Revert "Address comments"

This reverts commit 14531e1.

* Address comments

* Add new error mapping for http error code 403 and 404

* update the error name

* Revert "Address comments"

This reverts commit 9b56bc2.

* Revert "Revert "Address comments""

This reverts commit 4463c60.

* Use OTP instead of password to customURL

* Address comments

* Pass the local test

* Merge main in dev (#2448)

* merge Hotfix/1.6.3 in main (#2437)

* Add support of "lookup" mode in broker (#2414)

* Update core.

* modified:   MSAL/IdentityCore

* modified:   CHANGELOG.md

* modified:   MSAL/IdentityCore

* modified:   MSAL/IdentityCore

* modified:   MSAL/IdentityCore

* Update changelog.

* bump version.

* modified:   MSAL/IdentityCore

* Skipping failing E2E tests for macOS due to Keychain access required by the Kevault component

* Revert "Skipping failing E2E tests for macOS due to Keychain access required by the Kevault component"

This reverts commit d239b4c.

* Switch PR validation to proper macOS version

* Revert "Switch PR validation to proper macOS version"

This reverts commit 1c93d83.

* Move pipeline to run with Xcode 16 on MacOS 14 (#2456)

* submodule update

* more log

* upgrade to Xcode 16

* submodule update

* update native auth xcode version

* switch to arm

* disable pod related task in automation

* dummy try

* Revert back

* Add image info

* Spetrescu/test macos 14 (#2447)

* Revert macos to 14 and comment

* Proper spacing

* Spacing

* Spacing

* Using Xcode 16.1

* Change simulator to 18.1 for xcode 16.1

* Update simulator

* Correct macos version

---------

Co-authored-by: Silviu Petrescu <[email protected]>

* [iOS SDK] Skip E2E tests that don't work on macOS (#2450)

* Skipping e2e tests for macOS that don't work

* Fix macOS version for PR validation script

* Test skip reason updated (#2451)

---------

Co-authored-by: Kai Song <[email protected]>
Co-authored-by: Silviu Petrescu <[email protected]>
Co-authored-by: Silviu Petrescu <[email protected]>

* Uninstall xcpretty version 0.4.0 before installing version 0.3.0

* Add new errors for passkey biometric policy mismatch  and invalid passkey extension

* Update IdentityCore to use latest dev branch

* add broker submodule check yaml file and add yaml to pr-validation for testing

* remove extra quote symbol in yaml file

* fixed common core checkout script and added openssl changes from wpj submodule check

* add wpj openssl checkout changes

* remove testing changes to pr-validation

* update codeowners file (#2479)

* update to dev Common Core

* Add new PSSO error

* Add PSSO registration needs repair status in getDeviceInfo psso status

* Native Auth E2E test fix (#2480)

* throw XCTSkip("1secmail service is down. Ignoring test for now.")

* Remove one from the ignored batch

* retrigger checks

* update the skip comment

---------

Co-authored-by: Danilo Raspa <[email protected]>

* update common core for prompt suppress

* update submodule

* update submodule

* update submodule

* update common core to newest suppress PR

* update submodule

* update common core

* bring in newest dev + suppress code in common core

* Add parameters to public methods (#2492)

* add parametreized interface

* Unit test for parameters

* deprecated get access token

* UserAccountResult tests

* added tests for SignInAfter states

* Objective C/SAmple app public

* Update MSAL/src/native_auth/public/MSALNativeAuthPublicClientApplication.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthGetAccessTokenParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthSignInAfterSignUpParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthSignInParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthSignUpParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthResetPasswordParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthSignInAfterResetPasswordParameters .swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthSignInParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/MSALNativeAuthUserAccountResult.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/state_machine/state/SignInAfterResetPasswordState.swift

Co-authored-by: Danilo Raspa <[email protected]>

* PR Comments

* PR Changes

* Homogenized wording to flow

* Add default value for force refresh

* PR comments

* Update changelog

* Update changelog

* Updated version

* latest ic

---------

Co-authored-by: Danilo Raspa <[email protected]>

* update common core to dev

* Native auth: Add support for claims request (#2496)

* add parametreized interface

* Unit test for parameters

* deprecated get access token

* UserAccountResult tests

* added tests for SignInAfter states

* Objective C/SAmple app public

* Update MSAL/src/native_auth/public/MSALNativeAuthPublicClientApplication.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthGetAccessTokenParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthSignInAfterSignUpParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthSignInParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthSignUpParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthResetPasswordParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthSignInAfterResetPasswordParameters .swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/parameters/MSALNativeAuthSignInParameters.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/MSALNativeAuthUserAccountResult.swift

Co-authored-by: Danilo Raspa <[email protected]>

* Update MSAL/src/native_auth/public/state_machine/state/SignInAfterResetPasswordState.swift

Co-authored-by: Danilo Raspa <[email protected]>

* PR Comments

* PR Changes

* Homogenized wording to flow

* add claims request to the signIn parameters

* Add claims request field to signIn method

* fix compilation and add new unit tests, Fix integration test

* update changelog file

* fix indentation

---------

Co-authored-by: Silviu Petrescu <[email protected]>
Co-authored-by: Silviu Petrescu <[email protected]>

* Add new psso error

* Kasong/automation add retry (#2504)

* Add back retry on MSAL automation

* Fix typo

* Update typo

* quite MSAL automation logs

* Update ymal for retry

* publish crash logs if any

* publish crash logs if any

* trye to fix all failures

* Add sleep

---------

Co-authored-by: Kai Song <[email protected]>

* release 1.7.0

* Kasong/1.7.0 release patch (#2506)

* merge Hotfix/1.6.3 in main (#2437)

* Add support of "lookup" mode in broker (#2414)

* Update core.

* modified:   MSAL/IdentityCore

* modified:   CHANGELOG.md

* modified:   MSAL/IdentityCore

* modified:   MSAL/IdentityCore

* modified:   MSAL/IdentityCore

* Update changelog.

* bump version.

* Updating MSAL framework checksum & url for 1.6.3 [skip ci]

* Update common core

---------

Co-authored-by: Sergei Demchenko <[email protected]>
Co-authored-by: Kai Song <[email protected]>

* Kasong/update common core conflict (#2511)

* merge Hotfix/1.6.3 in main (#2437)

* Add support of "lookup" mode in broker (#2414)

* Update core.

* modified:   MSAL/IdentityCore

* modified:   CHANGELOG.md

* modified:   MSAL/IdentityCore

* modified:   MSAL/IdentityCore

* modified:   MSAL/IdentityCore

* Update changelog.

* bump version.

* Updating MSAL framework checksum & url for 1.6.3 [skip ci]

* Update release common to latest

---------

Co-authored-by: Sergei Demchenko <[email protected]>
Co-authored-by: Kai Song <[email protected]>

* Kasong/merge conflict 1.7.0 (#2512)

* merge Hotfix/1.6.3 in main (#2437)

* Add support of "lookup" mode in broker (#2414)

* Update core.

* modified:   MSAL/IdentityCore

* modified:   CHANGELOG.md

* modified:   MSAL/IdentityCore

* modified:   MSAL/IdentityCore

* modified:   MSAL/IdentityCore

* Update changelog.

* bump version.

* Updating MSAL framework checksum & url for 1.6.3 [skip ci]

---------

Co-authored-by: Sergei Demchenko <[email protected]>
Co-authored-by: Kai Song <[email protected]>

---------

Co-authored-by: Antonio Alwan <[email protected]>
Co-authored-by: Sergey Demchenko <[email protected]>
Co-authored-by: Veena Soman <[email protected]>
Co-authored-by: Juan Arias Roldan <[email protected]>
Co-authored-by: Olga Dalton <[email protected]>
Co-authored-by: Juan Arias <[email protected]>
Co-authored-by: Olga Dalton <[email protected]>
Co-authored-by: Yuki-YuXin <[email protected]>
Co-authored-by: Kai Song <[email protected]>
Co-authored-by: Silviu Petrescu <[email protected]>
Co-authored-by: Silviu Petrescu <[email protected]>
Co-authored-by: Yuki-YuXin <[email protected]>
Co-authored-by: mipetriu <[email protected]>
Co-authored-by: Danilo Raspa <[email protected]>
Co-authored-by: mipetriu <[email protected]>
Co-authored-by: Danilo Raspa <[email protected]>
Co-authored-by: Kai Song <[email protected]>

CHANGELOG.md

@@ -1,3 +1,7 @@
+## [1.7.0]
+* Add support for claims request in native authentication signIn (#2496)
+* Move native auth public methods to parameter class (#2492)
+
 ## [1.6.3]
 * Merge 1.6.1-hotfix
 

CODEOWNERS

@@ -2,10 +2,11 @@
 # Unless a later match takes precedence, these users will be requested
 # for review whenever someone opens a pull request.
 *       @AzureAD/AppleIdentityTeam
-# @AzureAD/AppleIdentityTeam and @AzureAD/MSAL-ObjC-CIAM will be the co-owners of MSAL.project, CHANGELOG.md and all files under azure_pipelines
+# @AzureAD/AppleIdentityTeam and @AzureAD/MSAL-ObjC-CIAM will be the co-owners of MSAL.project, CHANGELOG.md, Package.swift and all files under azure_pipelines
 /MSAL/MSAL.xcodeproj/project.pbxproj @AzureAD/AppleIdentityTeam @AzureAD/MSAL-ObjC-CIAM
 CHANGELOG.md @AzureAD/AppleIdentityTeam @AzureAD/MSAL-ObjC-CIAM
 /azure_pipelines/ @AzureAD/AppleIdentityTeam @AzureAD/MSAL-ObjC-CIAM
+/Package.swift @AzureAD/AppleIdentityTeam @AzureAD/MSAL-ObjC-CIAM
 # @AzureAD/MSAL-ObjC-CIAM owns any files in the */native_auth
 # directories, subdirectories and other files related to native auth.
 /MSAL/module.modulemap @AzureAD/MSAL-ObjC-CIAM
@@ -22,7 +23,6 @@ CHANGELOG.md @AzureAD/AppleIdentityTeam @AzureAD/MSAL-ObjC-CIAM
 /MSAL/MSAL.xcodeproj/xcshareddata/xcschemes/unit-test-host-mac.xcscheme @AzureAD/MSAL-ObjC-CIAM
 /MSAL/MSAL.xcodeproj/xcshareddata/xcschemes/MSAL\ iOS\ Native\ Auth\ E2E\ Tests.xcscheme @AzureAD/MSAL-ObjC-CIAM
 /MSAL/MSAL.xcodeproj/xcshareddata/xcschemes/MSAL\ Mac\ Native\ Auth\ E2E\ Tests.xcscheme @AzureAD/MSAL-ObjC-CIAM
-/Package.swift @AzureAD/MSAL-ObjC-CIAM
 /spm-integration-test.sh @AzureAD/MSAL-ObjC-CIAM
 # For more details about inheritance patterns, or to assign different
 # owners for individual file extensions, see:

MSAL.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "MSAL"
-  s.version      = "1.6.3"
+  s.version      = "1.7.0"
   s.summary      = "Microsoft Authentication Library (MSAL) for iOS"
   s.description  = <<-DESC
                    The MSAL library for iOS gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Microsoft Azure B2C for those using our hosted identity management service.

MSAL/resources/ios/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.6.3</string>
+	<string>1.7.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSPrincipalClass</key>

MSAL/resources/mac/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.6.3</string>
+	<string>1.7.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>

MSAL/src/MSALDeviceInformation.m

@@ -116,6 +116,8 @@ - (MSALPlatformSSOStatus)msalPlatformSSOStatusFromMSIDPlatformSSOStatus:(MSIDPla
             return MSALPlatformSSOEnabledNotRegistered;
         case MSIDPlatformSSOEnabledAndRegistered:
             return MSALPlatformSSOEnabledAndRegistered;
+        case MSIDPlatformSSORegistrationNeedsRepair:
+            return MSALPlatformSSORegistrationNeedsRepair;
 
         default:
             return MSALPlatformSSONotEnabled;

MSAL/src/MSALErrorConverter.m

@@ -113,6 +113,13 @@ + (void)initialize
                                    @(MSIDErrorDeviceNotPSSORegistered) : @(MSALErrorDeviceNotPSSORegistered),
                                    @(MSIDErrorPSSOKeyIdMismatch) : @(MSALErrorPSSOKeyIdMismatch),
                                    @(MSIDErrorJITErrorHandlingConfigNotFound) : @(MSALErrorJITErrorHandlingConfigNotFound),
+                                   @(MSIDErrorPSSOBiometricPolicyMismatch) : @(MSALErrorPSSOBiometricPolicyMismatch),
+                                   @(MSIDErrorPSSOInvalidPasskeyExtension) : @(MSALErrorPSSOInvalidPasskeyExtension),
+                                   @(MSIDErrorPSSOSaveLoginConfigFailure) :@(MSALErrorPSSOSaveLoginConfigFailure),
+                                   @(MSIDErrorPSSOPasskeyLAError) :@(MSALErrorPSSOPasskeyLAError),
+                                   @(MSIDErrorPSSOBiometricsNotAvailable): @(MSALErrorPSSOBiometricsNotAvailable),
+                                   @(MSIDErrorPSSOBiometricsNotEnrolled): @(MSALErrorPSSOBiometricsNotEnrolled),
+
 
                                    // Oauth2 errors
                                    @(MSIDErrorServerOauth) : @(MSALInternalErrorAuthorizationFailed),
@@ -130,7 +137,8 @@ + (void)initialize
                                    @(MSIDErrorServerError) : @(MSALErrorServerError),
                                    @(MSIDErrorServerInvalidState) : @(MSALInternalErrorInvalidState),
                                    @(MSIDErrorServerProtectionPoliciesRequired) : @(MSALErrorServerProtectionPoliciesRequired),
-                                   @(MSIDErrorServerUnhandledResponse) : @(MSALInternalErrorUnhandledResponse)
+                                   @(MSIDErrorServerUnhandledResponse) : @(MSALInternalErrorUnhandledResponse),
+                                   @(MSIDErrorUnexpectedHttpResponse) : @(MSALInternalErrorUnexpectedHttpResponse)
                                    }
                            };
 

MSAL/src/MSAL_Internal.h

@@ -26,8 +26,8 @@
 //------------------------------------------------------------------------------
 
 #define MSAL_VER_HIGH       1
-#define MSAL_VER_LOW        6
-#define MSAL_VER_PATCH      3
+#define MSAL_VER_LOW        7
+#define MSAL_VER_PATCH      0
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)

MSAL/src/native_auth/controllers/MSALNativeAuthTokenController.swift

@@ -81,6 +81,7 @@ class MSALNativeAuthTokenController: MSALNativeAuthBaseController {
         oobCode: String? = nil,
         grantType: MSALNativeAuthGrantType,
         includeChallengeType: Bool = true,
+        claimsRequestJson: String? = nil,
         context: MSALNativeAuthRequestContext) -> MSIDHttpRequest? {
             do {
                 let params = MSALNativeAuthTokenRequestParameters(
@@ -92,7 +93,8 @@ class MSALNativeAuthTokenController: MSALNativeAuthBaseController {
                     password: password,
                     oobCode: oobCode,
                     includeChallengeType: includeChallengeType,
-                    refreshToken: nil)
+                    refreshToken: nil,
+                    claimsRequestJson: claimsRequestJson)
                 return try requestProvider.signInWithPassword(parameters: params, context: context)
             } catch {
                 MSALLogger.log(level: .error, context: context, format: "Error creating SignIn Token Request: \(error)")
@@ -118,7 +120,8 @@ class MSALNativeAuthTokenController: MSALNativeAuthBaseController {
                     password: nil,
                     oobCode: nil,
                     includeChallengeType: false,
-                    refreshToken: refreshToken)
+                    refreshToken: refreshToken,
+                    claimsRequestJson: nil)
                 return try requestProvider.refreshToken(parameters: params, context: context)
             } catch {
                 MSALLogger.log(level: .error, context: context, format: "Error creating Refresh Token Request: \(error)")

MSAL/src/native_auth/controllers/sign_in/MSALNativeAuthSignInParameters.swift → MSAL/src/native_auth/controllers/sign_in/MSALNativeAuthInternalSignInParameters.swift

@@ -24,20 +24,23 @@
 
 @_implementationOnly import MSAL_Private
 
-class MSALNativeAuthSignInParameters {
+class MSALNativeAuthInternalSignInParameters {
     let username: String
     let password: String?
     let context: MSALNativeAuthRequestContext
     let scopes: [String]?
+    let claimsRequestJson: String?
 
     init(
         username: String,
         password: String?,
         context: MSALNativeAuthRequestContext,
-        scopes: [String]?) {
+        scopes: [String]?,
+        claimsRequestJson: String?) {
         self.username = username
         self.password = password
         self.context = context
         self.scopes = scopes
+        self.claimsRequestJson = claimsRequestJson
     }
 }

MSAL/src/native_auth/controllers/sign_in/MSALNativeAuthMFAControlling.swift

@@ -34,18 +34,21 @@ protocol MSALNativeAuthMFAControlling {
         continuationToken: String,
         authMethod: MSALAuthMethod?,
         context: MSALNativeAuthRequestContext,
-        scopes: [String]
+        scopes: [String],
+        claimsRequestJson: String?
     ) async -> MFARequestChallengeControllerResponse
 
     func getAuthMethods(
         continuationToken: String,
         context: MSALNativeAuthRequestContext,
-        scopes: [String]
+        scopes: [String],
+        claimsRequestJson: String?
     ) async -> MFAGetAuthMethodsControllerResponse
 
     func submitChallenge(
         challenge: String,
         continuationToken: String,
         context: MSALNativeAuthRequestContext,
-        scopes: [String]) async -> MFASubmitChallengeControllerResponse
+        scopes: [String],
+        claimsRequestJson: String?) async -> MFASubmitChallengeControllerResponse
 }