From 4daf068dadde7913fb43873df77ba65508089976 Mon Sep 17 00:00:00 2001 From: Ameya Date: Wed, 22 Oct 2025 19:10:36 -0700 Subject: [PATCH 1/3] Add isBoundAppRefreshTokenRequested property and constants for requesting BARTs --- IdentityCore/src/MSIDConstants.h | 2 ++ IdentityCore/src/MSIDConstants.m | 3 +++ IdentityCore/src/MSIDOAuth2Constants.h | 1 + IdentityCore/src/MSIDOAuth2Constants.m | 1 + IdentityCore/src/parameters/MSIDRequestParameters.h | 2 ++ 5 files changed, 9 insertions(+) diff --git a/IdentityCore/src/MSIDConstants.h b/IdentityCore/src/MSIDConstants.h index cb8bcf402..144711686 100644 --- a/IdentityCore/src/MSIDConstants.h +++ b/IdentityCore/src/MSIDConstants.h @@ -211,6 +211,8 @@ extern NSString * _Nonnull const MSID_FRT_STATUS_DISABLED; extern NSString * _Nonnull const MSID_BROWSER_RESPONSE_SWITCH_BROWSER; extern NSString * _Nonnull const MSID_BROWSER_RESPONSE_SWITCH_BROWSER_RESUME; +extern NSString * _Nonnull const MSID_BOUND_RT_REDEEM; + extern NSString * _Nonnull const MSID_FLIGHT_USE_V2_WEB_RESPONSE_FACTORY; extern NSString * _Nonnull const MSID_FLIGHT_SUPPORT_DUNA_CBA; extern NSString * _Nonnull const MSID_FLIGHT_DISABLE_JIT_TROUBLESHOOTING_LEGACY_AUTH; diff --git a/IdentityCore/src/MSIDConstants.m b/IdentityCore/src/MSIDConstants.m index ca9b4df54..abfb2653e 100644 --- a/IdentityCore/src/MSIDConstants.m +++ b/IdentityCore/src/MSIDConstants.m @@ -83,6 +83,9 @@ NSString *const MSID_BROWSER_RESPONSE_SWITCH_BROWSER = @"switch_browser"; NSString *const MSID_BROWSER_RESPONSE_SWITCH_BROWSER_RESUME = @"switch_browser_resume"; +// Bound App Refresh token constants +NSString *const MSID_BOUND_RT_REDEEM = @"bound_rt_redeem"; + NSString *const MSID_FLIGHT_USE_V2_WEB_RESPONSE_FACTORY = @"use_v2_web_response_factory"; NSString *const MSID_FLIGHT_SUPPORT_DUNA_CBA = @"support_duna_cba_v2"; NSString *const MSID_FLIGHT_DISABLE_JIT_TROUBLESHOOTING_LEGACY_AUTH = @"disable_jit_remediation_legacy_auth"; diff --git a/IdentityCore/src/MSIDOAuth2Constants.h b/IdentityCore/src/MSIDOAuth2Constants.h index dd0f6f437..68df5b6a7 100644 --- a/IdentityCore/src/MSIDOAuth2Constants.h +++ b/IdentityCore/src/MSIDOAuth2Constants.h @@ -180,3 +180,4 @@ extern NSString *const MSID_CCS_REQUEST_ID_RESPONSE; extern NSString *const MSID_CCS_REQUEST_SEQUENCE_KEY; extern NSString *const MSID_CCS_REQUEST_SEQUENCE_RESPONSE; extern NSString *const MSID_BOUND_DEVICE_ID_CACHE_KEY; +extern NSString *const MSID_BOUND_RT_EXCHANGE; diff --git a/IdentityCore/src/MSIDOAuth2Constants.m b/IdentityCore/src/MSIDOAuth2Constants.m index 3ac00b48d..ce4f16dcb 100644 --- a/IdentityCore/src/MSIDOAuth2Constants.m +++ b/IdentityCore/src/MSIDOAuth2Constants.m @@ -181,3 +181,4 @@ NSString *const MSID_CCS_REQUEST_SEQUENCE_RESPONSE = @"ccs-request-sequence"; NSString *const MSID_BOUND_DEVICE_ID_CACHE_KEY = @"bound_device_id"; +NSString *const MSID_BOUND_RT_EXCHANGE = @"bound_rt_exchange"; diff --git a/IdentityCore/src/parameters/MSIDRequestParameters.h b/IdentityCore/src/parameters/MSIDRequestParameters.h index 314dde255..87f8743c8 100644 --- a/IdentityCore/src/parameters/MSIDRequestParameters.h +++ b/IdentityCore/src/parameters/MSIDRequestParameters.h @@ -122,6 +122,8 @@ - (NSURL *)tokenEndpoint; +@property (nonatomic) BOOL isBoundAppRefreshTokenRequested; + #pragma mark Methods - (void)setCloudAuthorityWithCloudHostName:(NSString *)cloudHostName; - (NSString *)allTokenRequestScopes; From 54ae2be44190e4cbad80fed0b73db1c01976b7c5 Mon Sep 17 00:00:00 2001 From: Ameya Patil Date: Fri, 21 Nov 2025 16:06:19 -0800 Subject: [PATCH 2/3] Adding documentation --- IdentityCore/src/parameters/MSIDRequestParameters.h | 1 + 1 file changed, 1 insertion(+) diff --git a/IdentityCore/src/parameters/MSIDRequestParameters.h b/IdentityCore/src/parameters/MSIDRequestParameters.h index 87f8743c8..691b64bef 100644 --- a/IdentityCore/src/parameters/MSIDRequestParameters.h +++ b/IdentityCore/src/parameters/MSIDRequestParameters.h @@ -122,6 +122,7 @@ - (NSURL *)tokenEndpoint; +// property that indicates if calling app requested broker for a Bound App Refresh token @property (nonatomic) BOOL isBoundAppRefreshTokenRequested; #pragma mark Methods From 36c8df6381a128f7d6326730431798524f6ed0c3 Mon Sep 17 00:00:00 2001 From: Ameya Date: Fri, 21 Nov 2025 16:33:56 -0800 Subject: [PATCH 3/3] Update to right constant --- .../parameters/MSIDBoundRefreshTokenRedemptionParameters.m | 2 +- IdentityCore/tests/MSIDBoundRefreshTokenRedemptionTests.m | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/IdentityCore/src/parameters/MSIDBoundRefreshTokenRedemptionParameters.m b/IdentityCore/src/parameters/MSIDBoundRefreshTokenRedemptionParameters.m index cb1acc135..4f1c6ef34 100644 --- a/IdentityCore/src/parameters/MSIDBoundRefreshTokenRedemptionParameters.m +++ b/IdentityCore/src/parameters/MSIDBoundRefreshTokenRedemptionParameters.m @@ -70,7 +70,7 @@ - (nonnull NSMutableDictionary *)jsonDictionary { NSMutableDictionary *jsonDict = [NSMutableDictionary new]; jsonDict[MSID_OAUTH2_GRANT_TYPE] = MSID_OAUTH2_REFRESH_TOKEN; - jsonDict[MSID_BOUND_REFRESH_TOKEN_EXCHANGE] = @1; + jsonDict[MSID_BOUND_RT_EXCHANGE] = @1; jsonDict[@"aud"] = self.audience; jsonDict[@"iss"] = self.clientId; // Issuer is the client ID NSTimeInterval now = [[NSDate date] timeIntervalSince1970]; diff --git a/IdentityCore/tests/MSIDBoundRefreshTokenRedemptionTests.m b/IdentityCore/tests/MSIDBoundRefreshTokenRedemptionTests.m index bfbb51abd..611dae62a 100644 --- a/IdentityCore/tests/MSIDBoundRefreshTokenRedemptionTests.m +++ b/IdentityCore/tests/MSIDBoundRefreshTokenRedemptionTests.m @@ -889,7 +889,7 @@ - (void)testJsonDictionary_verifyAllRequiredFields_shouldBePresent // Verify all expected keys are present NSArray *expectedKeys = @[ MSID_OAUTH2_GRANT_TYPE, - MSID_BOUND_REFRESH_TOKEN_EXCHANGE, + MSID_BOUND_RT_EXCHANGE, @"iss", @"iat", @"exp", @@ -950,7 +950,7 @@ - (void)testJsonDictionary_boundRefreshTokenExchangeValue_shouldBeNumberOne NSMutableDictionary *jsonDict = [params jsonDictionary]; // Verify the bound_refresh_token_exchange is exactly @1 (NSNumber with value 1) - id boundExchangeValue = jsonDict[MSID_BOUND_REFRESH_TOKEN_EXCHANGE]; + id boundExchangeValue = jsonDict[MSID_BOUND_RT_EXCHANGE]; XCTAssertTrue([boundExchangeValue isKindOfClass:[NSNumber class]]); XCTAssertEqualObjects(boundExchangeValue, @1); XCTAssertEqual([boundExchangeValue intValue], 1); @@ -1098,7 +1098,7 @@ - (void)validateJwtValidity:(NSString *)jwt params:(MSIDBoundRefreshTokenRedempt XCTAssertFalse([payloadObject[@"scope"] containsString:@"aza"]); XCTAssertEqualObjects(payloadObject[@"refresh_token"], refreshToken); XCTAssertEqualObjects(payloadObject[@"grant_type"], @"refresh_token"); - XCTAssertEqualObjects(payloadObject[MSID_BOUND_REFRESH_TOKEN_EXCHANGE], @1); + XCTAssertEqualObjects(payloadObject[MSID_BOUND_RT_EXCHANGE], @1); XCTAssertNotNil(payloadObject[@"iat"]); XCTAssertNotNil(payloadObject[@"nbf"]); XCTAssertNotNil(payloadObject[@"exp"]);