Fallback from WAM to browser on B2C, extend Webview2 support (#4073)

* Fallback from WAM to browser on B2C, extend Webview2 support

* fix

* Update test names

* Fallback from WAM to browser on B2C, extend Webview2 support

* fix

* Update test names

* PR comments

* more fixes

* fix

* comments

---------

Co-authored-by: Gladwin Johnson <90415114+gladjohn@users.noreply.github.com>

src/client/Microsoft.Identity.Client.Desktop/DesktopExtensions.cs

@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.ComponentModel;
 using Microsoft.Identity.Client.Broker;
 using Microsoft.Identity.Client.Core;
 using Microsoft.Identity.Client.Internal.Broker;
@@ -26,6 +27,7 @@ public static class DesktopExtensions
         /// </summary>
         /// <remarks>These extensions live in a separate package to avoid adding dependencies to MSAL</remarks>
         [Obsolete("Use WithWindowsDesktopFeatures instead. For broker support only, use  WithBroker(BrokerOptions) from Microsoft.Identity.Client.Broker package.", false)]
+        [EditorBrowsable(EditorBrowsableState.Never)]
         public static PublicClientApplicationBuilder WithDesktopFeatures(this PublicClientApplicationBuilder builder)
         {
             builder.WithWindowsDesktopFeatures(new BrokerOptions(BrokerOptions.OperatingSystems.Windows));
@@ -35,26 +37,35 @@ public static PublicClientApplicationBuilder WithDesktopFeatures(this PublicClie
         /// <summary>
         /// Adds enhanced support for desktop applications, e.g. CLI, WinForms, WPF apps.
         /// - Windows Authentication Manager (WAM) broker, the recommended authentication mechanism on Windows 10+ - https://aka.ms/msal-net-wam
-        /// - Embedded web view. AAD applications use the older WebBrowser control. B2C applications use WebView2, an embedded browser based on Microsoft Edge - https://aka.ms/msal-net-webview2
+        /// - Embedded web view. AAD applications use the older WebBrowser control. Other applications (B2C, ADFS etc.) use WebView2, an embedded browser based on Microsoft Edge - https://aka.ms/msal-net-webview2
         /// </summary>
-        /// <remarks>These extensions live in a separate package to avoid adding dependencies to MSAL</remarks>
+        /// <remarks>This is not required for MAUI / WinUI applications</remarks>
         public static PublicClientApplicationBuilder WithWindowsDesktopFeatures(this PublicClientApplicationBuilder builder, BrokerOptions brokerOptions)
         {
             builder.Config.BrokerOptions = brokerOptions;
             builder.Config.IsBrokerEnabled = brokerOptions.IsBrokerEnabledOnCurrentOs();
 
             AddRuntimeSupportForWam(builder);
-            AddSupportForWebView2(builder);
+            WithWindowsEmbeddedBrowserSupport(builder);
 
             return builder;
         }
 
         /// <summary>
-        /// Enables Windows broker flows on older platforms, such as .NET framework, where these are not available in the box with Microsoft.Identity.Client
+        /// Adds better embedded browser support to MSAL.
+        /// AAD applications will use the older WebBrowser control.
+        /// Other applications (B2C, ADFS etc.) will use an embedded browser based on Microsoft Edge - https://aka.ms/msal-net-webview2
         /// </summary>
-        private static void AddSupportForWebView2(PublicClientApplicationBuilder builder)
+        /// <remarks>This is not required for MAUI / WinUI applications. This is ignored on Mac and Linux.</remarks>    
+        /// 
+        public static PublicClientApplicationBuilder WithWindowsEmbeddedBrowserSupport(this PublicClientApplicationBuilder builder)
         {
-            builder.Config.WebUiFactoryCreator = () => new WebView2WebUiFactory();
+            if (DesktopOsHelper.IsWindows())
+            {
+                builder.Config.WebUiFactoryCreator = () => new WebView2WebUiFactory();
+            }
+
+            return builder;
         }
 
         internal static void AddRuntimeSupportForWam(PublicClientApplicationBuilder builder)

src/client/Microsoft.Identity.Client.Desktop/WamExtension.cs

@@ -2,6 +2,7 @@
 // Licensed under the MIT License.
 
 using System;
+using System.ComponentModel;
 
 namespace Microsoft.Identity.Client.Desktop
 {
@@ -15,6 +16,7 @@ public static class WamExtension
         /// For details about Windows broker, see https://aka.ms/msal-net-wam
         /// </summary>
         [Obsolete("This API has been replaced with WithBroker(BrokerOptions)")]
+        [EditorBrowsable(EditorBrowsableState.Never)]
         public static PublicClientApplicationBuilder WithWindowsBroker(this PublicClientApplicationBuilder builder, bool enableBroker = true)
         {
             builder.Config.IdentityLogger?.Log(new IdentityModel.Abstractions.LogEntry() { EventLogLevel = IdentityModel.Abstractions.EventLogLevel.Informational, Message = "Desktop WAM Broker extension calling RuntimeBroker extension" });

src/client/Microsoft.Identity.Client/Platforms/Features/RuntimeBroker/RuntimeBroker.cs

@@ -540,10 +540,10 @@ public bool IsBrokerInstalledAndInvokable(AuthorityType authorityType)
                 return false;
             }
 
-            // WAM does not work on pure ADFS environments
-            if (authorityType == AuthorityType.Adfs)
+            // WAM only works with AAD
+            if (authorityType != AuthorityType.Aad)
             {
-                _logger?.Warning("[WAM Broker] WAM does not work in pure ADFS environments. Falling back to browser for an ADFS authority unless Proof-of-Possession is configured. ");
+                _logger?.Warning($"[WAM Broker] Authority is {authorityType}. WAM is not available");
                 return false;
             }
 

src/client/Microsoft.Identity.Client/Platforms/Features/WebView2WebUi/WebView2WebUiFactory.cs

@@ -45,11 +45,8 @@ public IWebUI CreateAuthenticationDialog(CoreUIParent coreUIParent, WebViewPrefe
             }
 
             AuthorityType authorityType = requestContext.ServiceBundle.Config.Authority.AuthorityInfo.AuthorityType;
-            bool isAadOrAdfsAuthority =
-                authorityType == AuthorityType.Aad ||
-                authorityType == AuthorityType.Adfs;
 
-            if (isAadOrAdfsAuthority)
+            if (authorityType == AuthorityType.Aad)
             {
                 requestContext.Logger.Info($"Using WebView1 embedded browser because the authority is {authorityType}. WebView2 does not provide SSO.");
                 return new InteractiveWebUI(coreUIParent, requestContext);

src/client/Microsoft.Identity.Client/Platforms/netcore/NetCoreWebUIFactory.cs

@@ -26,14 +26,7 @@ internal class NetCoreWebUIFactory : IWebUIFactory
             if (webViewPreference == WebViewPreference.Embedded)
             {
                 throw new MsalClientException(MsalError.WebviewUnavailable,
-                    "If you have a Windows application which targets net5.0, net5.0-windows, net6.0, or net6.0-windows, change the target to at least net6.0-windows10.0.17763.0, " +
-                        "which provides support from Windows 7 to Windows 10. For details, see https://github.com/dotnet/designs/blob/main/accepted/2020/platform-checks/platform-checks.md" +
-
-                    "If you have a cross-platform (Windows, Mac, Linux) application which targets net6.0, dual target net6.0 and net6.0-windows10.0.17763.0." +
-                        "Your installer should deploy the net6.0 version on Mac and Linux and the net6.0-window10.0.17763.0 on Windows." +
-                        "For details, see https://github.com/dotnet/designs/blob/main/accepted/2020/platform-checks/platform-checks.md" +
-
-                    "If you have a .NET Core 3.1 app, reference the NuGet package Microsoft.Identity.Client.Desktop and call the extension method .WithDesktopFeatures() first." + "For details, see https://aka.ms/msal-net-webview2 or use the system WebView - see https://aka.ms/msal-net-os-browser");
+                    "To enable the embedded webview on Windows, reference Microsoft.Identity.Client.Desktop and call the extension method .WithEmbeddedBrowserSupport().");
             }
 
             requestContext.Logger.Info("Using system browser.");