diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7024da1862..f1b658e360 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## [1.6.2]:
+* Add native auth instructions to error description when reset password required is returned (#2582)
+* Save error received from ESTS, and return it to the client on silent broker calls (#2379)
+* Support web_page_uri (#2384)
+
## [1.6.1]:
* Support extra query parameters on logout endpoint (#2339)
* Add support functions to help broker improve cross cloud experience (#2361)
diff --git a/CODEOWNERS b/CODEOWNERS
index 8116329d9b..e79e9e5098 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -2,9 +2,10 @@
# Unless a later match takes precedence, these users will be requested
# for review whenever someone opens a pull request.
* @AzureAD/AppleIdentityTeam
-# @AzureAD/AppleIdentityTeam and @AzureAD/MSAL-ObjC-CIAM will be the co-owners of MSAL.project and CHANGELOG.md files
+# @AzureAD/AppleIdentityTeam and @AzureAD/MSAL-ObjC-CIAM will be the co-owners of MSAL.project, CHANGELOG.md and all files under azure_pipelines
/MSAL/MSAL.xcodeproj/project.pbxproj @AzureAD/AppleIdentityTeam @AzureAD/MSAL-ObjC-CIAM
CHANGELOG.md @AzureAD/AppleIdentityTeam @AzureAD/MSAL-ObjC-CIAM
+/azure_pipelines/ @AzureAD/AppleIdentityTeam @AzureAD/MSAL-ObjC-CIAM
# @AzureAD/MSAL-ObjC-CIAM owns any files in the */native_auth
# directories, subdirectories and other files related to native auth.
/MSAL/module.modulemap @AzureAD/MSAL-ObjC-CIAM
diff --git a/MSAL.podspec b/MSAL.podspec
index ab857e2b3b..e57c83f3c6 100644
--- a/MSAL.podspec
+++ b/MSAL.podspec
@@ -1,6 +1,6 @@
Pod::Spec.new do |s|
s.name = "MSAL"
- s.version = "1.6.1"
+ s.version = "1.6.2"
s.summary = "Microsoft Authentication Library (MSAL) for iOS"
s.description = <<-DESC
The MSAL library for iOS gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Microsoft Azure B2C for those using our hosted identity management service.
diff --git a/MSAL/IdentityCore b/MSAL/IdentityCore
index b4fd324d20..9eadce57c5 160000
--- a/MSAL/IdentityCore
+++ b/MSAL/IdentityCore
@@ -1 +1 @@
-Subproject commit b4fd324d200caef614635cecb4c0ac66c413e23f
+Subproject commit 9eadce57c5c76f5b7a6f9c78c807bddeffaa18c5
diff --git a/MSAL/resources/ios/Info.plist b/MSAL/resources/ios/Info.plist
index 789a806555..74b5d5abec 100644
--- a/MSAL/resources/ios/Info.plist
+++ b/MSAL/resources/ios/Info.plist
@@ -15,7 +15,7 @@
CFBundlePackageType
FMWK
CFBundleShortVersionString
- 1.6.1
+ 1.6.2
CFBundleVersion
$(CURRENT_PROJECT_VERSION)
NSPrincipalClass
diff --git a/MSAL/resources/mac/Info.plist b/MSAL/resources/mac/Info.plist
index aaff4089ac..dd3c09f9d2 100644
--- a/MSAL/resources/mac/Info.plist
+++ b/MSAL/resources/mac/Info.plist
@@ -15,7 +15,7 @@
CFBundlePackageType
FMWK
CFBundleShortVersionString
- 1.6.1
+ 1.6.2
CFBundleVersion
$(CURRENT_PROJECT_VERSION)
NSHumanReadableCopyright
diff --git a/MSAL/src/MSALError.m b/MSAL/src/MSALError.m
index 1d0eed0127..2a741a9472 100644
--- a/MSAL/src/MSALError.m
+++ b/MSAL/src/MSALError.m
@@ -30,6 +30,7 @@
NSString *MSALErrorDomain = @"MSALErrorDomain";
NSString *MSALOAuthErrorKey = @"MSALOAuthErrorKey";
NSString *MSALOAuthSubErrorKey = @"MSALOAuthSubErrorKey";
+NSString *MSALOAuthSubErrorDescriptionKey = @"MSALOAuthSubErrorDescriptionKey";
NSString *MSALErrorDescriptionKey = @"MSALErrorDescriptionKey";
NSString *MSALSTSErrorCodesKey = @"MSALSTSErrorCodesKey";
NSString *MSALInternalErrorCodeKey = @"MSALInternalErrorCodeKey";
diff --git a/MSAL/src/MSALErrorConverter.m b/MSAL/src/MSALErrorConverter.m
index 44dbaedea3..7e81fd6288 100644
--- a/MSAL/src/MSALErrorConverter.m
+++ b/MSAL/src/MSALErrorConverter.m
@@ -142,6 +142,7 @@ + (void)initialize
MSIDSTSErrorCodesKey : MSALSTSErrorCodesKey,
MSIDOAuthErrorKey: MSALOAuthErrorKey,
MSIDOAuthSubErrorKey: MSALOAuthSubErrorKey,
+ MSIDOAuthSubErrorDescriptionKey: MSALOAuthSubErrorDescriptionKey,
MSIDDeclinedScopesKey: MSALDeclinedScopesKey,
MSIDGrantedScopesKey: MSALGrantedScopesKey,
MSIDUserDisplayableIdkey: MSALDisplayableUserIdKey,
diff --git a/MSAL/src/MSAL_Internal.h b/MSAL/src/MSAL_Internal.h
index 86334d4b6d..7b17640fac 100644
--- a/MSAL/src/MSAL_Internal.h
+++ b/MSAL/src/MSAL_Internal.h
@@ -27,7 +27,7 @@
#define MSAL_VER_HIGH 1
#define MSAL_VER_LOW 6
-#define MSAL_VER_PATCH 1
+#define MSAL_VER_PATCH 2
#define STR_HELPER(x) #x
#define STR(x) STR_HELPER(x)
diff --git a/MSAL/src/native_auth/network/errors/MSALNativeAuthESTSApiErrorCodes.swift b/MSAL/src/native_auth/network/errors/MSALNativeAuthESTSApiErrorCodes.swift
index 38b17a6358..ca88c8de10 100644
--- a/MSAL/src/native_auth/network/errors/MSALNativeAuthESTSApiErrorCodes.swift
+++ b/MSAL/src/native_auth/network/errors/MSALNativeAuthESTSApiErrorCodes.swift
@@ -28,4 +28,5 @@ enum MSALNativeAuthESTSApiErrorCodes: Int {
case invalidCredentials = 50126
case userNotHaveAPassword = 500222
case invalidRequestParameter = 90100
+ case resetPasswordRequired = 50142
}
diff --git a/MSAL/src/native_auth/network/errors/MSALNativeAuthErrorMessage.swift b/MSAL/src/native_auth/network/errors/MSALNativeAuthErrorMessage.swift
index 2849467427..2f616c6347 100644
--- a/MSAL/src/native_auth/network/errors/MSALNativeAuthErrorMessage.swift
+++ b/MSAL/src/native_auth/network/errors/MSALNativeAuthErrorMessage.swift
@@ -45,6 +45,7 @@ enum MSALNativeAuthErrorMessage {
static let unexpectedResponseBody = "Unexpected response body received"
static let unexpectedChallengeType = "Unexpected challenge type"
static let refreshTokenMFARequiredError = "Multi-factor authentication is required, which can't be fulfilled as part of this flow. Please sign out and perform a new sign in operation. More information: "
+ static let passwordResetRequired = "User password change is required, which can't be fulfilled as part of this flow. Please reset the password and perform a new sign in operation. More information: "
}
// swiftlint:enable line_length
diff --git a/MSAL/src/native_auth/network/responses/validator/token/MSALNativeAuthTokenResponseValidator.swift b/MSAL/src/native_auth/network/responses/validator/token/MSALNativeAuthTokenResponseValidator.swift
index 5a74b96ac1..169ae17fb4 100644
--- a/MSAL/src/native_auth/network/responses/validator/token/MSALNativeAuthTokenResponseValidator.swift
+++ b/MSAL/src/native_auth/network/responses/validator/token/MSALNativeAuthTokenResponseValidator.swift
@@ -139,6 +139,19 @@ final class MSALNativeAuthTokenResponseValidator: MSALNativeAuthTokenResponseVal
apiError: MSALNativeAuthTokenResponseError,
context: MSIDRequestContext
) -> MSALNativeAuthTokenValidatedResponse {
+ var apiError = apiError
+ if apiError.errorCodes?.contains(MSALNativeAuthESTSApiErrorCodes.resetPasswordRequired.rawValue) ?? false {
+ let customErrorDescription = MSALNativeAuthErrorMessage.passwordResetRequired + (apiError.errorDescription ?? "")
+ apiError = MSALNativeAuthTokenResponseError(
+ error: apiError.error,
+ subError: apiError.subError,
+ errorDescription: customErrorDescription,
+ errorCodes: apiError.errorCodes,
+ errorURI: apiError.errorURI,
+ innerErrors: apiError.innerErrors,
+ continuationToken: apiError.continuationToken,
+ correlationId: apiError.correlationId)
+ }
return handleInvalidResponseErrorCodes(
apiError,
context: context,
@@ -206,7 +219,8 @@ final class MSALNativeAuthTokenResponseValidator: MSALNativeAuthTokenResponseVal
case .invalidCredentials:
return .invalidPassword(apiError)
case .userNotHaveAPassword,
- .invalidRequestParameter:
+ .invalidRequestParameter,
+ .resetPasswordRequired:
return .generalError(apiError)
}
}
@@ -219,7 +233,8 @@ final class MSALNativeAuthTokenResponseValidator: MSALNativeAuthTokenResponseVal
case .userNotFound,
.invalidCredentials,
.userNotHaveAPassword,
- .invalidRequestParameter:
+ .invalidRequestParameter,
+ .resetPasswordRequired:
return .invalidRequest(apiError)
}
}
diff --git a/MSAL/src/native_auth/public/MSALNativeAuthUserAccountResult+Internal.swift b/MSAL/src/native_auth/public/MSALNativeAuthUserAccountResult+Internal.swift
index b09b425c50..33bed90d16 100644
--- a/MSAL/src/native_auth/public/MSALNativeAuthUserAccountResult+Internal.swift
+++ b/MSAL/src/native_auth/public/MSALNativeAuthUserAccountResult+Internal.swift
@@ -90,6 +90,8 @@ extension MSALNativeAuthUserAccountResult {
let errorCodes = error.userInfo[MSALSTSErrorCodesKey] as? [Int] ?? []
if isMFARequiredError(errorCodes: errorCodes) {
message = MSALNativeAuthErrorMessage.refreshTokenMFARequiredError + message
+ } else if isResetPasswordRequiredError(errorCodes: errorCodes) {
+ message = MSALNativeAuthErrorMessage.passwordResetRequired + message
}
let correlationId = correlationIdFromMSALError(error: error) ?? context.correlationId()
return RetrieveAccessTokenError(type: .generalError, message: message, correlationId: correlationId, errorCodes: errorCodes)
@@ -103,4 +105,8 @@ extension MSALNativeAuthUserAccountResult {
let mfaRequiredErrorCode = 50076
return errorCodes.contains(mfaRequiredErrorCode)
}
+
+ private func isResetPasswordRequiredError(errorCodes: [Int]) -> Bool {
+ return errorCodes.contains(MSALNativeAuthESTSApiErrorCodes.resetPasswordRequired.rawValue)
+ }
}
diff --git a/MSAL/src/public/MSALError.h b/MSAL/src/public/MSALError.h
index fb2ba75acc..473e4447cd 100644
--- a/MSAL/src/public/MSALError.h
+++ b/MSAL/src/public/MSALError.h
@@ -56,6 +56,11 @@ extern NSString *MSALOAuthErrorKey;
*/
extern NSString *MSALOAuthSubErrorKey;
+/**
+ The suberror description returned by the service.
+ */
+extern NSString *MSALOAuthSubErrorDescriptionKey;
+
/**
The extended error description. Note that this string can change and should
not be relied upon for any error handling logic.
diff --git a/MSAL/test/app/mac/Base.lproj/Main.storyboard b/MSAL/test/app/mac/Base.lproj/Main.storyboard
index 0760e74710..5ca9ad8a28 100644
--- a/MSAL/test/app/mac/Base.lproj/Main.storyboard
+++ b/MSAL/test/app/mac/Base.lproj/Main.storyboard
@@ -1,9 +1,9 @@
-
+
-
-
+
+
@@ -741,10 +741,10 @@
-
+
-
-
+
+
@@ -752,10 +752,10 @@
-
+
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
-
-
+
+
-
-
+
+
@@ -808,18 +846,18 @@
-
+
-
-
+
+
-
-
+
+
@@ -837,18 +875,18 @@
-
+
-
-
+
+
-
-
+
+
@@ -866,10 +904,10 @@
-
+
-
-
+
+
@@ -877,10 +915,10 @@
-
+
-
+
-
+
-
-
+
+
@@ -912,7 +950,7 @@
-
-
+
+
@@ -942,10 +980,10 @@
-
+
-
-
+
+
@@ -953,7 +991,7 @@
-
+
@@ -973,10 +1011,10 @@
-
+
-
-
+
+
@@ -984,7 +1022,7 @@
-
+
@@ -992,6 +1030,7 @@
+
@@ -1006,10 +1045,10 @@
-
+
-
-
+
+
@@ -1017,7 +1056,7 @@
-
+
@@ -1037,10 +1076,10 @@
-
+
-
-
+
+
@@ -1048,7 +1087,7 @@
-
+
@@ -1068,18 +1107,18 @@
-
+
-
-
+
+
-
-
+
+
@@ -1097,10 +1136,10 @@
-
+
-
+
-
+
-
+
-
+
@@ -1180,7 +1219,7 @@
-
+
@@ -1193,10 +1232,10 @@
-
+
@@ -1307,6 +1348,7 @@
+
@@ -1339,7 +1381,7 @@
-
+
@@ -1371,7 +1413,7 @@
-
+
@@ -1384,11 +1426,11 @@
-
+
-
-
+
+
@@ -1433,10 +1475,10 @@
-
+