Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

isQrPinAvailable API #1931

Merged
merged 21 commits into from
Jan 17, 2024
Merged

isQrPinAvailable API #1931

merged 21 commits into from
Jan 17, 2024

Conversation

p3dr0rv
Copy link
Contributor

@p3dr0rv p3dr0rv commented Oct 27, 2023
edited

Why?

To determine if QR + PIN authorization is available for MDM devices, Teams app will call this API.
if the result is true: Teams will show a button to login using QR + PIN,
if the result is false: Teams will not show this button.

How does this API works?

The QR + PIN feature will be configured by the administrator through app configuration policies for managed Android Enterprise devices. https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-android
Where the administrator can enable/disable this type of authorization for all managed devices, by seating this key "isQrPinAvailable" to true in the Authenticator app.

On Android we have 3 apps which can be the broker, Authenticator, CP (Company Portal) and LTW (Link to Windows). which makes things extremely complex.
To keep the configuration simple for the tenant's administrator, we propose to use the managed configurations of the Authenticator app to read/set the admin flag. Meaning that authenticator app must be installed on Android devices to use the QR + PIN feature.

qrpinapi drawio2

Client design doc

Changes

  • In this PR we modify the msal test app to add button and check the functionality of the API
  • We add the new function to the PublicClientAPI

Related PR

https://github.com/AzureAD/ad-accounts-for-android/pull/2587
AzureAD/microsoft-authentication-library-common-for-android#2219

@p3dr0rv p3dr0rv mentioned this pull request Oct 30, 2023
Merged
@p3dr0rv p3dr0rv changed the title [WIP] is QR + PIN available? API isQrPinAvailable API Oct 30, 2023
@p3dr0rv p3dr0rv marked this pull request as ready for review November 29, 2023 00:54
@p3dr0rv p3dr0rv requested a review from a team as a code owner November 29, 2023 00:54
rpdome
rpdome reviewed Nov 29, 2023
View reviewed changes
msal/src/main/java/com/microsoft/identity/client/PublicClientApplication.java Outdated
Logger.info(methodTag, "is QR + PIN available? " + commandResult.getResult());
return (Boolean) commandResult.getResult();
case ERROR:
Logger.error(methodTag, "Unexpected error on isQRPinAvailable", (Throwable) commandResult.getResult());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is throwing me off :/

We should be using something similar to kotlin's Result class instead. (separate method for result and exception).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll address this as a separate PR, I would like to keep it simple, and this change will affect other thing no related to QR+PIN.

p3dr0rv added a commit to AzureAD/microsoft-authentication-library-common-for-android that referenced this pull request Jan 17, 2024
@p3dr0rv
isQrPinAvailable API (#2219)
389106f 
## Why?
To determine if QR + PIN authorization is available for MDM devices,
Teams app will call this API.
if the result is true: Teams will show a button to login using QR + PIN,
if the result is false: Teams will not show this button.

## How does this API works?
The QR + PIN feature will be configured by the administrator through app
configuration policies for managed Android Enterprise devices.
https://learn.microsoft.com/en-us/mem/intune/apps/app-configuration-policies-use-android
Where the administrator can enable/disable this type of authorization
for all managed devices, by seating this key "isQrPinAvailable" to true
in the Authenticator app.

On Android we have 3 apps which can be the broker, Authenticator, CP
(Company Portal) and LTW (Link to Windows). which makes things extremely
complex.
To keep the configuration simple for the tenant's administrator, we
propose to use the managed configurations of the Authenticator app to
read/set the admin flag. Meaning that authenticator app must be
installed on Android devices to use the QR + PIN feature.

![qrpinapi
drawio2](https://github.com/AzureAD/microsoft-authentication-library-common-for-android/assets/76129899/fdc414af-b66b-40b8-a03b-a256d0d614ad)

[Client design
doc](https://microsoft-my.sharepoint-df.com/:w:/p/mipetriu/EWbcvu99HRxEgy-BC9jilKoBnqIr3yCJaNPZMlGSG5c3ow?e=aP0ey1)

## Changes

- Add constants for API
- Add BaseCommand for isQrPinAvailable, used by BrokerMsal API
- Add behavior for LocalMsalController (not supported)
BrokerMsalController and (supported, call the broker)

## Related PR
AzureAD/ad-accounts-for-android#2587

AzureAD/microsoft-authentication-library-for-android#1931
@p3dr0rv p3dr0rv merged commit 1e7f00e into dev Jan 17, 2024
9 checks passed
@p3dr0rv p3dr0rv deleted the pedroro/isQrPinAvailableApi branch January 17, 2024 07:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rpdome rpdome rpdome approved these changes

@fadidurah fadidurah fadidurah approved these changes

Assignees
No one assigned
Labels
msal testapps
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@p3dr0rv @rpdome @fadidurah