AzureAD · Yuki-YuXin · Jun 19, 2025 · Jun 19, 2025 · Jun 19, 2025 · Jun 19, 2025
@@ -113,7 +113,6 @@
 import com.microsoft.identity.common.java.commands.parameters.GenerateShrCommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.InteractiveTokenCommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.SilentTokenCommandParameters;
-import com.microsoft.identity.common.java.controllers.BaseController;
 import com.microsoft.identity.common.java.controllers.CommandDispatcher;
 import com.microsoft.identity.common.java.controllers.CommandResult;
 import com.microsoft.identity.common.java.controllers.ExceptionAdapter;
@@ -143,6 +142,7 @@
 import com.microsoft.identity.nativeauth.INativeAuthPublicClientApplication;
 import com.microsoft.identity.nativeauth.NativeAuthPublicClientApplication;
 import com.microsoft.identity.nativeauth.NativeAuthPublicClientApplicationConfiguration;
+import com.microsoft.identity.nativeauth.NativeAuthPublicClientApplicationParameters;
 
 import java.io.File;
 import java.util.ArrayList;
@@ -237,7 +237,7 @@ static class NONNULL_CONSTANTS {
         static final String AUTHORITY = "authority";
         static final String REDIRECT_URI = "redirect_uri";
         static final String CONFIG_FILE = "config_file";
-        static final String CONFIG = "config";
+        static final String CLIENT_PARAMETER = "client_parameter";
         static final String ACTIVITY = "activity";
         static final String SCOPES = "scopes";
         static final String ACCOUNT = "account";
@@ -847,6 +847,7 @@ public static INativeAuthPublicClientApplication createNativeAuthPublicClientApp
                     null,
                     null,
                     null,
+                    null,
                     null
             );
         }  catch (MsalException e) {
@@ -898,6 +899,7 @@ public static INativeAuthPublicClientApplication createNativeAuthPublicClientApp
                     null,
                     null,
                     null,
+                    null,
                     null
             );
         } catch (BaseException e) {
@@ -929,6 +931,7 @@ public static INativeAuthPublicClientApplication createNativeAuthPublicClientApp
      * @param clientId    The application client id. Cannot be null.
      * @param authority   The default authority to be used for the authority. If this is null, the default authority will be used.
      * @param redirectUri The redirect URI of the application.
+     * @param challengeTypes The challengeTypes supported for authentication declared by client.
      * @return An instance of INativeAuthPublicClientApplication.
      *
      * @deprecated This method is deprecated. Use createNativeAuthPublicClientApplication(Context, NativeAuthPublicClientApplicationConfiguration) instead.
@@ -951,7 +954,8 @@ public static INativeAuthPublicClientApplication createNativeAuthPublicClientApp
                     clientId,
                     authority,
                     redirectUri,
-                    challengeTypes
+                    challengeTypes,
+                    null
             );
         } catch (BaseException e) {
             throw new MsalClientException(
@@ -965,7 +969,7 @@ public static INativeAuthPublicClientApplication createNativeAuthPublicClientApp
     /**
      * Creates an instance of INativeAuthPublicClientApplication using the provided context and configuration.
      *
-     * <p>{@link PublicClientApplication#createNativeAuthPublicClientApplication(Context, NativeAuthPublicClientApplicationConfiguration)}
+     * <p>{@link PublicClientApplication#createNativeAuthPublicClientApplication(Context, NativeAuthPublicClientApplicationParameters)}
      * will read the client id and other configuration settings from the provided configuration object.</p>
      *
      * <p>This function will pass back an {@link MsalClientException} object if it is unable
@@ -980,7 +984,7 @@ public static INativeAuthPublicClientApplication createNativeAuthPublicClientApp
      *                strong reference to the activity, thus preventing correct garbage
      *                collection and causing bugs.
      *                </p>
-     * @param config The configuration object containing client ID, authority, redirect URI, and challenge types.
+     * @param parameters The NativeAuthPublicClientApplication parameter class containing mandatory client ID, authorityUri, challenge types and optional capabilities, redirectUri.
      *               Cannot be null.
      *               <p>
      *               For more information on the schema of the MSAL configuration object,
@@ -991,17 +995,18 @@ public static INativeAuthPublicClientApplication createNativeAuthPublicClientApp
      */
     public static INativeAuthPublicClientApplication createNativeAuthPublicClientApplication(
             @NonNull final Context context,
-            @NonNull final NativeAuthPublicClientApplicationConfiguration config) throws MsalException {
+            @NonNull final NativeAuthPublicClientApplicationParameters parameters) throws MsalException {
         validateNonNullArgument(context, NONNULL_CONSTANTS.CONTEXT);
-        validateNonNullArgument(config, NONNULL_CONSTANTS.CONFIG);
+        validateNonNullArgument(parameters, NONNULL_CONSTANTS.CLIENT_PARAMETER);
 
         try {
             return createNativeAuthApplication(
-                    Companion.initializeNativeAuthConfiguration(context, config),
-                    null,
-                    null,
-                    null,
-                    null
+                    Companion.initializeNativeAuthConfiguration(context),
+                    parameters.getClientId(),
+                    parameters.getAuthorityUrl(),
+                    parameters.getRedirectUri(),
+                    parameters.getChallengeTypes(),
+                    parameters.getCapabilities()
             );
         } catch (BaseException e) {
             throw new MsalClientException(
@@ -1187,7 +1192,8 @@ private static NativeAuthPublicClientApplication createNativeAuthApplication(@No
                                                                                  @Nullable final String clientId,
                                                                                  @Nullable final String authority,
                                                                                  @Nullable final String redirectUri,
-                                                                                 @Nullable final List<String> challengeTypes) throws BaseException {
+                                                                                 @Nullable final List<String> challengeTypes,
+                                                                                 @Nullable final List<String> capabilities) throws BaseException {
         if (clientId != null) {
             config.setClientId(clientId);
         }
@@ -1208,6 +1214,10 @@ private static NativeAuthPublicClientApplication createNativeAuthApplication(@No
             config.setChallengeTypes(challengeTypes);
         }
 
+        if (capabilities != null) {
+            config.setCapabilities(capabilities);
+        }
+
         // Check whether account mode is set to SINGLE
         validateAccountModeConfiguration(config);
 

@@ -248,9 +248,6 @@ public void setClientId(final String clientId) {
      * @return The List of current Authorities.
      */
     public List<Authority> getAuthorities() {
-        if (mAuthorities == null) {
-            mAuthorities = new ArrayList<>();
-        }
         return mAuthorities;
     }
 
@@ -435,7 +432,7 @@ public Boolean isWebauthnCapable() {
     }
 
     public Authority getDefaultAuthority() {
-        if (mAuthorities != null && mAuthorities.size() != 0) {
+        if (mAuthorities != null) {
             if (mAuthorities.size() > 1) {
                 for (Authority authority : mAuthorities) {
                     if (authority.getDefault()) {

@@ -87,14 +87,6 @@ class NativeAuthPublicClientApplicationConfigurationFactory :
             return initializeNativeAuthConfigurationInternal(context, loadConfiguration(configFile))
         }
 
-        /**
-         * Initialize [NativeAuthPublicClientApplicationConfiguration] object from the provided config object, if there is any,
-         * and merge it with the default native auth config
-         */
-        fun initializeNativeAuthConfiguration(context: Context, config: NativeAuthPublicClientApplicationConfiguration): NativeAuthPublicClientApplicationConfiguration {
-            return initializeNativeAuthConfigurationInternal(context, config)
-        }
-
         /**
          * Initialize the Native Auth configuration with base MSAL default configs and Native Auth default Configs
          */

@@ -0,0 +1,51 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+package com.microsoft.identity.nativeauth
+
+
+public class NativeAuthPublicClientApplicationParameters (
+    /**
+     * The application client id. Cannot be null.
+     */
+    val clientId: String,
+    /**
+     * The authorityUrl to be used for the authority.
+     */
+    val authorityUrl: String,
+    /**
+     * The challenge types supported for authentication declared by client. Cannot be null.
+     */
+    val challengeTypes: List<String>,
+) {
+
+    /**
+     * The capabilities supported for authentication declared by client.
+     */
+    var capabilities: List<String>? = null
+
+    /**
+     *  The redirect URI of the application. Required for using browser.
+     */
+    var redirectUri: String? = null
+}
@@ -1,3 +1,26 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
 package com.microsoft.identity.nativeauth.parameters
 
 import com.microsoft.identity.nativeauth.AuthMethod

@@ -1,3 +1,26 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
 package com.microsoft.identity.nativeauth.parameters
 
 import com.microsoft.identity.nativeauth.statemachine.states.RegisterStrongAuthVerificationRequiredState

@@ -32,7 +32,6 @@ import com.microsoft.identity.client.e2e.shadows.ShadowAndroidSdkStorageEncrypti
 import com.microsoft.identity.client.e2e.tests.IPublicClientApplicationTest
 import com.microsoft.identity.client.exception.MsalException
 import com.microsoft.identity.common.internal.controllers.CommandDispatcherHelper
-import com.microsoft.identity.common.java.authorities.Authority
 import com.microsoft.identity.internal.testutils.TestUtils
 import com.microsoft.identity.internal.testutils.labutils.KeyVaultFetchHelper
 import com.microsoft.identity.internal.testutils.labutils.LabConstants
@@ -41,7 +40,7 @@ import com.microsoft.identity.internal.testutils.labutils.LabUserQuery
 import com.microsoft.identity.internal.testutils.nativeauth.ConfigType
 import com.microsoft.identity.internal.testutils.nativeauth.api.models.NativeAuthTestConfig
 import com.microsoft.identity.nativeauth.INativeAuthPublicClientApplication
-import com.microsoft.identity.nativeauth.NativeAuthPublicClientApplicationConfiguration
+import com.microsoft.identity.nativeauth.NativeAuthPublicClientApplicationParameters
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.test.StandardTestDispatcher
 import kotlinx.coroutines.test.setMain
@@ -118,20 +117,16 @@ abstract class NativeAuthPublicClientApplicationAbstractTest : IPublicClientAppl
 
     fun setupPCA(config: NativeAuthTestConfig.Config, challengeTypes: List<String>, capabilities: List<String>): INativeAuthPublicClientApplication {
         return try {
-            val nativeAuthConfig = NativeAuthPublicClientApplicationConfiguration()
-            nativeAuthConfig.clientId = config.clientId
-            val authorityObject = Authority.getAuthorityFromAuthorityUrl(
+            val parameters = NativeAuthPublicClientApplicationParameters(
+                config.clientId,
                 config.authorityUrl,
-                config.clientId
+                challengeTypes
             )
-            authorityObject.setDefault(true)
-            nativeAuthConfig.getAuthorities().add(authorityObject)
-            nativeAuthConfig.setChallengeTypes(challengeTypes)
-            nativeAuthConfig.setCapabilities(capabilities)
+            parameters.capabilities = capabilities
 
             PublicClientApplication.createNativeAuthPublicClientApplication(
                 context,
-                nativeAuthConfig
+                parameters
             )
         } catch (e: MsalException) {
             Assert.fail(e.message)

@@ -155,7 +155,7 @@ class SignUpEmailPasswordTest : NativeAuthPublicClientApplicationAbstractTest()
     @Test
     fun testSuccessOTPResend() {
         config = getConfig(defaultConfigType)
-        application = setupPCA(config, defaultChallengeTypes, defaultChallengeTypes)
+        application = setupPCA(config, defaultChallengeTypes, defaultCapabilities)
 
         retryOperation {
             runBlocking {
@@ -243,7 +243,7 @@ class SignUpEmailPasswordTest : NativeAuthPublicClientApplicationAbstractTest()
     @Test
     fun testErrorInvalidPasswordFormat() {
         config = getConfig(defaultConfigType)
-        application = setupPCA(config, defaultChallengeTypes, defaultChallengeTypes)
+        application = setupPCA(config, defaultChallengeTypes, defaultCapabilities)
 
         runBlocking { // Running with runBlocking to avoid default 10 second execution timeout.
             val user = tempEmailApi.generateRandomEmailAddressLocally()