Native Auth Backward Compatibility feature, Fixes AB#3287604

msal/src/main/java/com/microsoft/identity/client/PublicClientApplication.java

@@ -113,7 +113,6 @@
 import com.microsoft.identity.common.java.commands.parameters.GenerateShrCommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.InteractiveTokenCommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.SilentTokenCommandParameters;
-import com.microsoft.identity.common.java.controllers.BaseController;
 import com.microsoft.identity.common.java.controllers.CommandDispatcher;
 import com.microsoft.identity.common.java.controllers.CommandResult;
 import com.microsoft.identity.common.java.controllers.ExceptionAdapter;
@@ -143,6 +142,7 @@
 import com.microsoft.identity.nativeauth.INativeAuthPublicClientApplication;
 import com.microsoft.identity.nativeauth.NativeAuthPublicClientApplication;
 import com.microsoft.identity.nativeauth.NativeAuthPublicClientApplicationConfiguration;
+import com.microsoft.identity.nativeauth.NativeAuthPublicClientApplicationParameters;
 
 import java.io.File;
 import java.util.ArrayList;
@@ -237,6 +237,7 @@ static class NONNULL_CONSTANTS {
         static final String AUTHORITY = "authority";
         static final String REDIRECT_URI = "redirect_uri";
         static final String CONFIG_FILE = "config_file";
+        static final String CLIENT_PARAMETER = "client_parameter";
         static final String ACTIVITY = "activity";
         static final String SCOPES = "scopes";
         static final String ACCOUNT = "account";
@@ -846,6 +847,7 @@ public static INativeAuthPublicClientApplication createNativeAuthPublicClientApp
                     null,
                     null,
                     null,
+                    null,
                     null
             );
         }  catch (MsalException e) {
@@ -897,6 +899,7 @@ public static INativeAuthPublicClientApplication createNativeAuthPublicClientApp
                     null,
                     null,
                     null,
+                    null,
                     null
             );
         } catch (BaseException e) {
@@ -928,8 +931,12 @@ public static INativeAuthPublicClientApplication createNativeAuthPublicClientApp
      * @param clientId    The application client id. Cannot be null.
      * @param authority   The default authority to be used for the authority. If this is null, the default authority will be used.
      * @param redirectUri The redirect URI of the application.
+     * @param challengeTypes The challengeTypes supported for authentication declared by client.
      * @return An instance of INativeAuthPublicClientApplication.
+     *
+     * @deprecated This method is deprecated. Use createNativeAuthPublicClientApplication(Context, NativeAuthPublicClientApplicationConfiguration) instead.
      */
+    @Deprecated
     public static INativeAuthPublicClientApplication createNativeAuthPublicClientApplication(
             @NonNull final Context context,
             @NonNull final String clientId,
@@ -947,7 +954,59 @@ public static INativeAuthPublicClientApplication createNativeAuthPublicClientApp
                     clientId,
                     authority,
                     redirectUri,
-                    challengeTypes
+                    challengeTypes,
+                    null
+            );
+        } catch (BaseException e) {
+            throw new MsalClientException(
+                    UNKNOWN_ERROR,
+                    NATIVE_AUTH_APPLICATION_CREATION_UNKNOWN_ERROR_MESSAGE,
+                    e
+            );
+        }
+    }
+
+    /**
+     * Creates an instance of INativeAuthPublicClientApplication using the provided context and configuration.
+     *
+     * <p>{@link PublicClientApplication#createNativeAuthPublicClientApplication(Context, NativeAuthPublicClientApplicationParameters)}
+     * will read the client id and other configuration settings from the provided configuration object.</p>
+     *
+     * <p>This function will pass back an {@link MsalClientException} object if it is unable
+     * to return {@link INativeAuthPublicClientApplication}. For example, AccountMode
+     * in configuration is not set to single.</p>
+     *
+     * @param context Application's {@link Context}. The SDK requires the application context
+     *                to be passed in {@link PublicClientApplication}. Cannot be null.
+     *                <p>
+     *                Note: The {@link Context} should be the application context instead of
+     *                the running activity's context, which could potentially make the SDK hold a
+     *                strong reference to the activity, thus preventing correct garbage
+     *                collection and causing bugs.
+     *                </p>
+     * @param parameters The NativeAuthPublicClientApplication parameter class containing mandatory client ID, authorityUri, challenge types and optional capabilities, redirectUri.
+     *               Cannot be null.
+     *               <p>
+     *               For more information on the schema of the MSAL configuration object,
+     *               please see <a href="https://developer.android.com/guide/topics/resources/providing-resources">Android app resource overview</a>
+     *               and <a href="https://github.com/AzureAD/microsoft-authentication-library-for-android/wiki">MSAL Github Wiki</a>.
+     *               </p>
+     * @return An instance of INativeAuthPublicClientApplication.
+     */
+    public static INativeAuthPublicClientApplication createNativeAuthPublicClientApplication(
+            @NonNull final Context context,
+            @NonNull final NativeAuthPublicClientApplicationParameters parameters) throws MsalException {
+        validateNonNullArgument(context, NONNULL_CONSTANTS.CONTEXT);
+        validateNonNullArgument(parameters, NONNULL_CONSTANTS.CLIENT_PARAMETER);
+
+        try {
+            return createNativeAuthApplication(
+                    Companion.initializeNativeAuthConfiguration(context),
+                    parameters.getClientId(),
+                    parameters.getAuthorityUrl(),
+                    parameters.getRedirectUri(),
+                    parameters.getChallengeTypes(),
+                    parameters.getCapabilities()
             );
         } catch (BaseException e) {
             throw new MsalClientException(
@@ -1133,7 +1192,8 @@ private static NativeAuthPublicClientApplication createNativeAuthApplication(@No
                                                                                  @Nullable final String clientId,
                                                                                  @Nullable final String authority,
                                                                                  @Nullable final String redirectUri,
-                                                                                 @Nullable final List<String> challengeTypes) throws BaseException {
+                                                                                 @Nullable final List<String> challengeTypes,
+                                                                                 @Nullable final List<String> capabilities) throws BaseException {
         if (clientId != null) {
             config.setClientId(clientId);
         }
@@ -1154,6 +1214,10 @@ private static NativeAuthPublicClientApplication createNativeAuthApplication(@No
             config.setChallengeTypes(challengeTypes);
         }
 
+        if (capabilities != null) {
+            config.setCapabilities(capabilities);
+        }
+
         // Check whether account mode is set to SINGLE
         validateAccountModeConfiguration(config);
 

msal/src/main/java/com/microsoft/identity/client/exception/MsalClientException.java

@@ -278,7 +278,9 @@ public final class MsalClientException extends MsalException {
      * Configuration error. Native auth app passed with an invalid challenge type.
      */
     public static final String NATIVE_AUTH_INVALID_CHALLENGE_TYPE_ERROR_CODE = "native_auth_invalid_challenge_type";
+    public static final String NATIVE_AUTH_INVALID_CAPABILITY_ERROR_CODE = "native_auth_invalid_capability";
     public static final String NATIVE_AUTH_INVALID_CHALLENGE_TYPE_ERROR_MESSAGE = "NativeAuthPublicClientApplication detected invalid challenge type.";
+    public static final String NATIVE_AUTH_INVALID_CAPABILITY_ERROR_MESSAGE = "NativeAuthPublicClientApplication detected invalid capability.";
 
     public MsalClientException(final String errorCode) {
         super(errorCode);

msal/src/main/java/com/microsoft/identity/client/internal/CommandParametersAdapter.java

@@ -362,6 +362,7 @@ public static SignUpStartCommandParameters createSignUpStartCommandParameters(
                 .username(username)
                 .password(password)
                 .challengeType(configuration.getChallengeTypes())
+                .capabilities(configuration.getCapabilities())
                 .userAttributes(userAttributes)
                 // Start of the flow, so there is no correlation ID to use from a previous API response.
                 // Set it to a default value.
@@ -569,6 +570,7 @@ public static SignInStartCommandParameters createSignInStartCommandParameters(
                 .authenticationScheme(authenticationScheme)
                 .clientId(configuration.getClientId())
                 .challengeType(configuration.getChallengeTypes())
+                .capabilities(configuration.getCapabilities())
                 .claimsRequestJson(claimsRequestJson)
                 .scopes(scopes)
                 // Start of the flow, so there is no correlation ID to use from a previous API response.
@@ -993,6 +995,7 @@ public static ResetPasswordStartCommandParameters createResetPasswordStartComman
                         .authority(authority)
                         .username(username)
                         .challengeType(configuration.getChallengeTypes())
+                        .capabilities(configuration.getCapabilities())
                         .clientId(configuration.getClientId())
                         // Start of the flow, so there is no correlation ID to use from a previous API response.
                         // Set it to a default value.

msal/src/main/java/com/microsoft/identity/nativeauth/NativeAuthPublicClientApplicationConfiguration.kt

@@ -48,10 +48,13 @@ public class NativeAuthPublicClientApplicationConfiguration :
         private val TAG = NativeAuthPublicClientApplicationConfiguration::class.java.simpleName
         private val VALID_CHALLENGE_TYPES = listOf(NativeAuthConstants.ChallengeType.PASSWORD,
             NativeAuthConstants.ChallengeType.OOB, NativeAuthConstants.ChallengeType.REDIRECT)
+        private val VALID_CAPABILITIES = listOf(NativeAuthConstants.Capabilities.MFA_REQUIRED,
+            NativeAuthConstants.Capabilities.REGISTRATION_REQUIRED)
     }
 
     private object NativeAuthSerializedNames {
         const val CHALLENGE_TYPES = "challenge_types"
+        const val CAPABILITIES = "capabilities"
         const val USE_MOCK_API = "use_mock_api_for_native_auth"
         const val DC = "dc"
     }
@@ -61,6 +64,11 @@ public class NativeAuthPublicClientApplicationConfiguration :
     @SerializedName(NativeAuthSerializedNames.CHALLENGE_TYPES)
     private var challengeTypes: List<String>? = null
 
+    //List of capabilities supported by the client.
+    //For a complete list of capabilities see [NativeAuthConstants.Capabilities]
+    @SerializedName(NativeAuthSerializedNames.CAPABILITIES)
+    private var capabilities: List<String>? = null
+
     //The mock API authority used for testing will be rejected by validation logic run on
     // instantiation. This flag is used to bypass those checks in various points in the application
     @SerializedName(NativeAuthSerializedNames.USE_MOCK_API)
@@ -79,6 +87,14 @@ public class NativeAuthPublicClientApplicationConfiguration :
         this.challengeTypes = challengeTypes
     }
 
+    fun getCapabilities(): List<String>? {
+        return capabilities
+    }
+
+    fun setCapabilities(capabilities: List<String>?) {
+        this.capabilities = capabilities
+    }
+
     fun mergeConfiguration(config: NativeAuthPublicClientApplicationConfiguration) {
         // Call super.mergeConfiguration to handle base configuration fields
         super.mergeConfiguration(config)
@@ -91,6 +107,8 @@ public class NativeAuthPublicClientApplicationConfiguration :
         // Handle Native Auth specific fields
         challengeTypes = if (config.challengeTypes == null) challengeTypes else config.challengeTypes
 
+        capabilities = if (config.capabilities == null) capabilities else config.capabilities
+
         useMockAuthority = if (config.useMockAuthority == null) useMockAuthority else config.useMockAuthority
 
         dc = if (config.dc == null) dc else config.dc
@@ -174,15 +192,21 @@ public class NativeAuthPublicClientApplicationConfiguration :
 
         // Check that challenge types are all valid
         validateChallengeTypes()
+        // Check that capabilities are all valid
+        validateCapabilities()
     }
 
     /**
      * Validates that the challenge types passed are valid
      */
+    @Throws(MsalClientException::class)
     private fun validateChallengeTypes() {
         // Make all challenge types lowercase for simplicity
         challengeTypes = challengeTypes?.map { it.lowercase() }
 
+        // Remove duplicate capabilities
+        challengeTypes = challengeTypes?.distinct()
+
         challengeTypes?.forEach { challengeType ->
             // Make sure challenge types passed were valid
             if (challengeType !in VALID_CHALLENGE_TYPES) {
@@ -194,6 +218,28 @@ public class NativeAuthPublicClientApplicationConfiguration :
         }
     }
 
+    /**
+     * Validates that the capabilities passed are valid
+     */
+    @Throws(MsalClientException::class)
+    private fun validateCapabilities() {
+        // Make all capabilities lowercase for simplicity
+        capabilities = capabilities?.map { it.lowercase() }
+
+        // Remove duplicate capabilities
+        capabilities = capabilities?.distinct()
+
+        capabilities?.forEach { capability ->
+            // Make sure capabilities passed were valid
+            if (capability !in VALID_CAPABILITIES) {
+                throw MsalClientException(
+                    MsalClientException.NATIVE_AUTH_INVALID_CAPABILITY_ERROR_CODE,
+                    MsalClientException.NATIVE_AUTH_INVALID_CAPABILITY_ERROR_MESSAGE + " \"" + capability + "\""
+                )
+            }
+        }
+    }
+
     /**
      * Overriding this method to add a check for redirect uri. If no uri was passed, we don't need to check this.
      */

msal/src/main/java/com/microsoft/identity/nativeauth/NativeAuthPublicClientApplicationParameters.kt

@@ -0,0 +1,51 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+package com.microsoft.identity.nativeauth
+
+
+public class NativeAuthPublicClientApplicationParameters (
+    /**
+     * The application client id. Cannot be null.
+     */
+    val clientId: String,
+    /**
+     * The authorityUrl to be used for the authority.
+     */
+    val authorityUrl: String,
+    /**
+     * The challenge types supported for authentication declared by client. Cannot be null.
+     */
+    val challengeTypes: List<String>,
+) {
+
+    /**
+     * The capabilities supported for authentication declared by client.
+     */
+    var capabilities: List<String>? = null
+
+    /**
+     *  The redirect URI of the application. Required for using browser.
+     */
+    var redirectUri: String? = null
+}

msal/src/main/java/com/microsoft/identity/nativeauth/parameters/NativeAuthChallengeAuthMethodParameters.kt

@@ -1,3 +1,26 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
 package com.microsoft.identity.nativeauth.parameters
 
 import com.microsoft.identity.nativeauth.AuthMethod

msal/src/main/java/com/microsoft/identity/nativeauth/parameters/NativeAuthRegisterStrongAuthVerificationRequiredResultParameters.kt

@@ -1,3 +1,26 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
 package com.microsoft.identity.nativeauth.parameters
 
 import com.microsoft.identity.nativeauth.statemachine.states.RegisterStrongAuthVerificationRequiredState