Native Auth Backward Compatibility feature, Fixes AB#3287604 (#2669)

Related msal PR:
AzureAD/microsoft-authentication-library-for-android#2305
Fixes
[AB#{3287604}](https://dev.azure.com/IdentityDivision/Engineering/_workitems/edit/3287604)

Native Auth Backward Compatibility feature includes:
- [Add capabilities parameter to native auth public client application
initialization, Fixes AB#3287412, Closed
AB#3287412](ca1ed52)
- [Add capabilities parameter to the flow start operations, Fixes
AB#3288182, Closed
AB#3288182](1a93a53)
- [Handle redirect across all endpoints and return the redirect reason
to the developers, Closed
AB#3288191](0220406)

The main addition to this PR is the testing section

Author: Yuki-YuXin

changelog.txt

@@ -2,6 +2,7 @@ vNext
 ----------
 - [MINOR] changes accommodating the WrappedKeyAlgoIdentifier module (#2667)
 - [MINOR] Fixing the sign in screens when edge to edge is enabled (#2665)
+- [MINOR] Native auth: Make native auth MFA feature more backward compatible(#2669)
 
 Version 21.2.0
 ----------

common/src/main/java/com/microsoft/identity/common/nativeauth/internal/controllers/NativeAuthMsalController.kt

@@ -0,0 +1,217 @@
+//  Copyright (c) Microsoft Corporation.
+//  All rights reserved.
+//
+//  This code is licensed under the MIT License.
+//
+//  Permission is hereby granted, free of charge, to any person obtaining a copy
+//  of this software and associated documentation files(the "Software"), to deal
+//  in the Software without restriction, including without limitation the rights
+//  to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+//  copies of the Software, and to permit persons to whom the Software is
+//  furnished to do so, subject to the following conditions :
+//
+//  The above copyright notice and this permission notice shall be included in
+//  all copies or substantial portions of the Software.
+//
+//  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+//  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+//  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+//  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+//  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+//  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+//  THE SOFTWARE.
+package com.microsoft.identity.common.internal.providers.microsoft.nativeauth.integration
+
+import android.os.Build
+import com.microsoft.identity.common.nativeauth.ApiConstants
+import com.microsoft.identity.common.java.interfaces.PlatformComponents
+import com.microsoft.identity.common.java.logging.DiagnosticContext
+import com.microsoft.identity.common.java.nativeauth.commands.parameters.JITChallengeAuthMethodCommandParameters
+import com.microsoft.identity.common.java.nativeauth.commands.parameters.JITContinueCommandParameters
+import com.microsoft.identity.common.java.nativeauth.commands.parameters.JITIntrospectCommandParameters
+import com.microsoft.identity.common.java.net.UrlConnectionHttpClient
+import com.microsoft.identity.common.java.nativeauth.providers.NativeAuthOAuth2Configuration
+import com.microsoft.identity.common.java.nativeauth.providers.NativeAuthOAuth2Strategy
+import com.microsoft.identity.common.java.nativeauth.providers.NativeAuthRequestProvider
+import com.microsoft.identity.common.java.nativeauth.providers.NativeAuthResponseHandler
+import com.microsoft.identity.common.java.nativeauth.providers.interactors.JITInteractor
+import com.microsoft.identity.common.java.nativeauth.providers.interactors.ResetPasswordInteractor
+import com.microsoft.identity.common.java.nativeauth.providers.interactors.SignInInteractor
+import com.microsoft.identity.common.java.nativeauth.providers.interactors.SignUpInteractor
+import com.microsoft.identity.common.java.nativeauth.providers.responses.jit.JITChallengeApiResult
+import com.microsoft.identity.common.java.nativeauth.providers.responses.jit.JITContinueApiResult
+import com.microsoft.identity.common.java.nativeauth.providers.responses.jit.JITIntrospectApiResult
+import com.microsoft.identity.common.java.providers.oauth2.OAuth2StrategyParameters
+import com.microsoft.identity.common.nativeauth.MockApiEndpoint
+import com.microsoft.identity.common.nativeauth.MockApiResponseType
+import com.microsoft.identity.common.nativeauth.MockApiUtils
+import org.junit.Assert
+import org.junit.Before
+import org.junit.Test
+import org.junit.runner.RunWith
+import org.mockito.kotlin.mock
+import org.mockito.kotlin.whenever
+import org.powermock.core.classloader.annotations.PowerMockIgnore
+import org.powermock.core.classloader.annotations.PrepareForTest
+import org.robolectric.RobolectricTestRunner
+import org.robolectric.annotation.Config
+import java.util.UUID
+
+/**
+ * These are integration tests using mocked API responses. This class
+ * covers all sign up endpoints.
+ * These tests run on the mock API, see: $(MOCK_API_URL) in the variable of the pipeline.
+ */
+@RunWith(
+    RobolectricTestRunner::class
+)
+@PowerMockIgnore("javax.net.ssl.*")
+@PrepareForTest(DiagnosticContext::class)
+@Config(sdk = [Build.VERSION_CODES.O_MR1])
+class JITOAuthStrategyTest {
+
+    private val CLIENT_ID = "079af063-4ea7-4dcd-91ff-2b24f54621ea"
+    private val CHALLENGE_TYPE = "oob password redirect"
+    private val CAPABILITIES = "mfa_required registration_required"
+    private val CONTINUATION_TOKEN = "12345"
+    private val VERIFICATION_CONTACT = "[email protected]"
+    private val CHALLENGE_CHANNEL = "email"
+    private val AUTH_METHOD_CHALLENGE_TYPE = "email"
+
+    private val OOB_CODE = "1234"
+    private val GRANT_TYPE = "oob"
+
+    private val mockConfig = mock<NativeAuthOAuth2Configuration>()
+    private val mockStrategyParams = mock<OAuth2StrategyParameters>()
+
+    private lateinit var nativeAuthOAuth2Strategy: NativeAuthOAuth2Strategy
+
+    @Before
+    fun setup() {
+        whenever(mockConfig.clientId).thenReturn(CLIENT_ID)
+        whenever(mockConfig.tokenEndpoint).thenReturn(ApiConstants.MockApi.tokenEndpoint)
+        whenever(mockConfig.getSignUpStartEndpoint()).thenReturn(ApiConstants.MockApi.signUpStartRequestUrl)
+        whenever(mockConfig.getSignUpChallengeEndpoint()).thenReturn(ApiConstants.MockApi.signUpChallengeRequestUrl)
+        whenever(mockConfig.getSignUpContinueEndpoint()).thenReturn(ApiConstants.MockApi.signUpContinueRequestUrl)
+        whenever(mockConfig.getSignInInitiateEndpoint()).thenReturn(ApiConstants.MockApi.signInInitiateRequestUrl)
+        whenever(mockConfig.getSignInChallengeEndpoint()).thenReturn(ApiConstants.MockApi.signInChallengeRequestUrl)
+        whenever(mockConfig.getSignInIntrospectEndpoint()).thenReturn(ApiConstants.MockApi.signInIntrospectRequestUrl)
+        whenever(mockConfig.getSignInTokenEndpoint()).thenReturn(ApiConstants.MockApi.signInTokenRequestUrl)
+        whenever(mockConfig.getResetPasswordStartEndpoint()).thenReturn(ApiConstants.MockApi.ssprStartRequestUrl)
+        whenever(mockConfig.getResetPasswordChallengeEndpoint()).thenReturn(ApiConstants.MockApi.ssprChallengeRequestUrl)
+        whenever(mockConfig.getResetPasswordContinueEndpoint()).thenReturn(ApiConstants.MockApi.ssprContinueRequestUrl)
+        whenever(mockConfig.getResetPasswordSubmitEndpoint()).thenReturn(ApiConstants.MockApi.ssprSubmitRequestUrl)
+        whenever(mockConfig.getResetPasswordPollCompletionEndpoint()).thenReturn(ApiConstants.MockApi.ssprPollCompletionRequestUrl)
+        whenever(mockConfig.getJITIntrospectEndpoint()).thenReturn(ApiConstants.MockApi.jitIntrospectRequestUrl)
+        whenever(mockConfig.getJITChallengeEndpoint()).thenReturn(ApiConstants.MockApi.jitChallengeRequestUrl)
+        whenever(mockConfig.getJITContinueEndpoint()).thenReturn(ApiConstants.MockApi.jitContinueRequestUrl)
+        whenever(mockConfig.challengeType).thenReturn(CHALLENGE_TYPE)
+        whenever(mockConfig.capabilities).thenReturn(CAPABILITIES)
+
+        nativeAuthOAuth2Strategy = NativeAuthOAuth2Strategy(
+            config = mockConfig,
+            strategyParameters = mockStrategyParams,
+            signUpInteractor = SignUpInteractor(
+                httpClient = UrlConnectionHttpClient.getDefaultInstance(),
+                nativeAuthRequestProvider = NativeAuthRequestProvider(
+                    mockConfig
+                ),
+                nativeAuthResponseHandler = NativeAuthResponseHandler()
+            ),
+            signInInteractor = SignInInteractor(
+                httpClient = UrlConnectionHttpClient.getDefaultInstance(),
+                nativeAuthRequestProvider = NativeAuthRequestProvider(
+                    mockConfig
+                ),
+                nativeAuthResponseHandler = NativeAuthResponseHandler()
+            ),
+            resetPasswordInteractor = ResetPasswordInteractor(
+                httpClient = UrlConnectionHttpClient.getDefaultInstance(),
+                nativeAuthRequestProvider = NativeAuthRequestProvider(mockConfig),
+                nativeAuthResponseHandler = NativeAuthResponseHandler()
+            ),
+            jitInteractor = JITInteractor(
+                httpClient = UrlConnectionHttpClient.getDefaultInstance(),
+                nativeAuthRequestProvider = NativeAuthRequestProvider(config = mockConfig),
+                nativeAuthResponseHandler = NativeAuthResponseHandler()
+            )
+        )
+    }
+
+    @Test
+    fun testPerformJITIntrospectRedirect() {
+        val correlationId = UUID.randomUUID().toString()
+
+        MockApiUtils.configureMockApi(
+            endpointType = MockApiEndpoint.JITIntrospect,
+            correlationId = correlationId,
+            responseType = MockApiResponseType.CHALLENGE_TYPE_REDIRECT
+        )
+
+        val parameters = JITIntrospectCommandParameters.builder()
+            .platformComponents(mock<PlatformComponents>())
+            .continuationToken(CONTINUATION_TOKEN)
+            .correlationId(correlationId)
+            .build()
+
+        val jitIntrospectResult = nativeAuthOAuth2Strategy.performJITIntrospectRequest(
+            parameters = parameters
+        )
+
+        Assert.assertTrue(jitIntrospectResult is JITIntrospectApiResult.Redirect)
+        Assert.assertNotNull((jitIntrospectResult as JITIntrospectApiResult.Redirect).redirectReason)
+    }
+
+    @Test
+    fun testPerformJITChallengeRedirect() {
+        val correlationId = UUID.randomUUID().toString()
+
+        MockApiUtils.configureMockApi(
+            endpointType = MockApiEndpoint.JITChallenge,
+            correlationId = correlationId,
+            responseType = MockApiResponseType.CHALLENGE_TYPE_REDIRECT
+        )
+
+        val parameters = JITChallengeAuthMethodCommandParameters.builder()
+            .platformComponents(mock<PlatformComponents>())
+            .continuationToken(CONTINUATION_TOKEN)
+            .verificationContact(VERIFICATION_CONTACT)
+            .authMethodChallengeType(AUTH_METHOD_CHALLENGE_TYPE)
+            .challengeChannel(CHALLENGE_CHANNEL)
+            .correlationId(correlationId)
+            .build()
+
+        val jitChallengeResult = nativeAuthOAuth2Strategy.performJITChallengeRequest(
+            parameters = parameters
+        )
+
+        Assert.assertTrue(jitChallengeResult is JITChallengeApiResult.Redirect)
+        Assert.assertNotNull((jitChallengeResult as JITChallengeApiResult.Redirect).redirectReason)
+    }
+
+    @Test
+    fun testPerformJITContinueRedirect() {
+        val correlationId = UUID.randomUUID().toString()
+
+        MockApiUtils.configureMockApi(
+            endpointType = MockApiEndpoint.JITContinue,
+            correlationId = correlationId,
+            responseType = MockApiResponseType.CHALLENGE_TYPE_REDIRECT
+        )
+
+        val parameters = JITContinueCommandParameters.builder()
+            .platformComponents(mock<PlatformComponents>())
+            .continuationToken(CONTINUATION_TOKEN)
+            .code(OOB_CODE)
+            .grantType(GRANT_TYPE)
+            .correlationId(correlationId)
+            .build()
+
+        val jitContinueResult = nativeAuthOAuth2Strategy.performJITContinueRequest(
+            parameters = parameters
+        )
+
+        Assert.assertTrue(jitContinueResult is JITContinueApiResult.Redirect)
+        Assert.assertNotNull((jitContinueResult as JITContinueApiResult.Redirect).redirectReason)
+    }
+}

common/src/test/java/com/microsoft/identity/common/internal/providers/microsoft/nativeauth/integration/JITOAuthStrategyTest.kt

@@ -49,6 +49,7 @@ import com.microsoft.identity.common.nativeauth.MockApiUtils.Companion.configure
 import io.mockk.every
 import io.mockk.mockk
 import org.junit.Assert.assertEquals
+import org.junit.Assert.assertNotNull
 import org.junit.Assert.assertTrue
 import org.junit.Before
 import org.junit.Test
@@ -62,7 +63,7 @@ import org.robolectric.annotation.Config
 import java.util.UUID
 
 /**
- * These are integration tests using real API responses instead of mocked API responses. This class
+ * These are integration tests using mocked API responses. This class
  * covers all sign up endpoints.
  * These tests run on the mock API, see: $(MOCK_API_URL) in the variable of the pipeline.
  */
@@ -80,6 +81,7 @@ class ResetPasswordOAuth2StrategyTest {
     private val TENANT = "samtoso.onmicrosoft.com"
     private val CLIENT_ID = "079af063-4ea7-4dcd-91ff-2b24f54621ea"
     private val CHALLENGE_TYPE = "oob redirect"
+    private val CAPABILITIES = "mfa_required registration_required"
     private val OOB_CODE = "123456"
     private val CONTINUATION_TOKEN = "1234"
     private val INVALID_GRANT_ERROR = "invalid_grant"
@@ -117,6 +119,7 @@ class ResetPasswordOAuth2StrategyTest {
         whenever(mockConfig.getJITChallengeEndpoint()).thenReturn(ApiConstants.MockApi.jitChallengeRequestUrl)
         whenever(mockConfig.getJITContinueEndpoint()).thenReturn(ApiConstants.MockApi.jitContinueRequestUrl)
         whenever(mockConfig.challengeType).thenReturn(CHALLENGE_TYPE)
+        whenever(mockConfig.capabilities).thenReturn(CAPABILITIES)
 
         nativeAuthOAuth2Strategy = NativeAuthOAuth2Strategy(
             config = mockConfig,
@@ -210,7 +213,7 @@ class ResetPasswordOAuth2StrategyTest {
     }
 
     @Test
-    fun testPerformResetPasswordStartChallengeTypeRedirectError() {
+    fun testPerformResetPasswordStartChallengeTypeRedirect() {
         val correlationId = UUID.randomUUID().toString()
 
         configureMockApi(
@@ -227,6 +230,7 @@ class ResetPasswordOAuth2StrategyTest {
             mockResetPasswordStartCommandParameters
         )
         assertTrue(ssprStartResult is ResetPasswordStartApiResult.Redirect)
+        assertNotNull((ssprStartResult as ResetPasswordStartApiResult.Redirect).redirectReason)
     }
 
     /**
@@ -273,6 +277,25 @@ class ResetPasswordOAuth2StrategyTest {
         assertTrue(ssprChallengeResult is ResetPasswordChallengeApiResult.CodeRequired)
     }
 
+    @Test
+    fun testPerformResetPasswordChallengeRedirect() {
+        val correlationId = UUID.randomUUID().toString()
+
+        configureMockApi(
+            endpointType = MockApiEndpoint.SSPRChallenge,
+            correlationId = correlationId,
+            responseType = MockApiResponseType.CHALLENGE_TYPE_REDIRECT
+        )
+
+        val ssprChallengeResult = nativeAuthOAuth2Strategy.performResetPasswordChallenge(
+            continuationToken = CONTINUATION_TOKEN,
+            correlationId = correlationId
+        )
+
+        assertTrue(ssprChallengeResult is ResetPasswordChallengeApiResult.Redirect)
+        assertNotNull((ssprChallengeResult as ResetPasswordChallengeApiResult.Redirect).redirectReason)
+    }
+
     @Test
     fun testPerformResetPasswordChallengeExpiredTokenError() {
         val correlationId = UUID.randomUUID().toString()
@@ -292,6 +315,29 @@ class ResetPasswordOAuth2StrategyTest {
         assertEquals((ssprChallengeResult as ResetPasswordChallengeApiResult.ExpiredToken).error, EXPIRED_TOKEN_ERROR)
     }
 
+    @Test
+    fun testPerformResetPasswordContinueRedirect() {
+        val correlationId = UUID.randomUUID().toString()
+
+        configureMockApi(
+            endpointType = MockApiEndpoint.SSPRContinue,
+            correlationId = correlationId,
+            responseType = MockApiResponseType.CHALLENGE_TYPE_REDIRECT
+        )
+
+        val mockResetPasswordSubmitCodeCommandParameters = mockk<ResetPasswordSubmitCodeCommandParameters>()
+        every { mockResetPasswordSubmitCodeCommandParameters.getContinuationToken() } returns CONTINUATION_TOKEN
+        every { mockResetPasswordSubmitCodeCommandParameters.getCode() } returns OOB_CODE
+        every { mockResetPasswordSubmitCodeCommandParameters.getCorrelationId() } returns correlationId
+
+        val ssprContinueApiResult = nativeAuthOAuth2Strategy.performResetPasswordContinue(
+            mockResetPasswordSubmitCodeCommandParameters
+        )
+
+        assertTrue(ssprContinueApiResult is ResetPasswordContinueApiResult.Redirect)
+        assertNotNull((ssprContinueApiResult as ResetPasswordContinueApiResult.Redirect).redirectReason)
+    }
+
     @Test
     fun testPerformResetPasswordContinueSuccess() {
         val correlationId = UUID.randomUUID().toString()
@@ -329,6 +375,28 @@ class ResetPasswordOAuth2StrategyTest {
         assertTrue(ssprSubmitResult is ResetPasswordSubmitApiResult.SubmitSuccess)
     }
 
+    @Test
+    fun testPerformResetPasswordSubmitRedirect() {
+        val correlationId = UUID.randomUUID().toString()
+
+        configureMockApi(
+            endpointType = MockApiEndpoint.SSPRSubmit,
+            correlationId = correlationId,
+            responseType = MockApiResponseType.CHALLENGE_TYPE_REDIRECT
+        )
+
+        val mockResetPasswordSubmitCommandParameters = mockk<ResetPasswordSubmitNewPasswordCommandParameters>()
+        every { mockResetPasswordSubmitCommandParameters.getContinuationToken() } returns CONTINUATION_TOKEN
+        every { mockResetPasswordSubmitCommandParameters.getNewPassword() } returns PASSWORD
+        every { mockResetPasswordSubmitCommandParameters.getCorrelationId() } returns correlationId
+
+        val ssprSubmitResult = nativeAuthOAuth2Strategy.performResetPasswordSubmit(
+            mockResetPasswordSubmitCommandParameters
+        )
+        assertTrue(ssprSubmitResult is ResetPasswordSubmitApiResult.Redirect)
+        assertNotNull((ssprSubmitResult as ResetPasswordSubmitApiResult.Redirect).redirectReason)
+    }
+
     @Test
     fun testPerformResetPasswordSubmitPasswordTooWeakError() {
         val correlationId = UUID.randomUUID().toString()
@@ -448,4 +516,22 @@ class ResetPasswordOAuth2StrategyTest {
         )
         assertTrue(ssprPollCompletionResult is ResetPasswordPollCompletionApiResult.PollingSucceeded)
     }
+
+    @Test
+    fun testPerformResetPasswordPollCompletionRedirect() {
+        val correlationId = UUID.randomUUID().toString()
+
+        configureMockApi(
+            endpointType = MockApiEndpoint.SSPRPoll,
+            correlationId = correlationId,
+            responseType = MockApiResponseType.CHALLENGE_TYPE_REDIRECT
+        )
+
+        val ssprPollCompletionResult = nativeAuthOAuth2Strategy.performResetPasswordPollCompletion(
+            continuationToken = CONTINUATION_TOKEN,
+            correlationId = correlationId
+        )
+        assertTrue(ssprPollCompletionResult is ResetPasswordPollCompletionApiResult.Redirect)
+        assertNotNull((ssprPollCompletionResult as ResetPasswordPollCompletionApiResult.Redirect).redirectReason)
+    }
 }