Release/1.2.0

CHANGELOG.md

@@ -1,3 +1,7 @@
+## [1.2.0]
+* Multi-tenant PkeyAuth support in MSAL (#1438)
+* Add support to wipe cache for all accounts (#1426)
+
 ## [1.1.26]
 * Added more string utils in common core (#1417)
 * Fixed links in iframe to open in themselves instead of browser for embedded web views (#1424)

MSAL.podspec

@@ -1,9 +1,9 @@
 Pod::Spec.new do |s|
   s.name         = "MSAL"
-  s.version      = "1.1.26"
-  s.summary      = "Microsoft Authentication Library (MSAL) Preview for iOS"
+  s.version      = "1.2.0"
+  s.summary      = "Microsoft Authentication Library (MSAL) for iOS"
   s.description  = <<-DESC
-                   The MSAL library preview for iOS gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Microsoft Azure B2C for those using our hosted identity management service.
+                   The MSAL library for iOS gives your app the ability to begin using the Microsoft Cloud by supporting Microsoft Azure Active Directory and Microsoft Accounts in a converged experience using industry standard OAuth2 and OpenID Connect. The library also supports Microsoft Azure B2C for those using our hosted identity management service.
                    DESC
   s.homepage     = "https://github.com/AzureAD/microsoft-authentication-library-for-objc"
   s.license      = { 

MSAL/MSAL Test App.entitlements

@@ -8,6 +8,7 @@
 		<string>$(AppIdentifierPrefix)com.microsoft.adalcache</string>
 		<string>$(AppIdentifierPrefix)com.microsoft.workplacejoin</string>
 		<string>$(AppIdentifierPrefix)com.microsoft.ssoseeding</string>
+		<string>$(AppIdentifierPrefix)com.microsoft.workplacejoin.v2</string>
 	</array>
 </dict>
 </plist>

MSAL/MSAL.xcodeproj/project.pbxproj

@@ -88,6 +88,14 @@
 		04D32CAF1FD615B3000B123E /* MSALErrorConverter.m in Sources */ = {isa = PBXBuildFile; fileRef = 04D32CAD1FD615B3000B123E /* MSALErrorConverter.m */; };
 		04D32CD01FD8AFF3000B123E /* MSALErrorConverterTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 04D32CCF1FD8AFF3000B123E /* MSALErrorConverterTests.m */; };
 		04D32CD11FD8AFF3000B123E /* MSALErrorConverterTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 04D32CCF1FD8AFF3000B123E /* MSALErrorConverterTests.m */; };
+		0D96DB3727850E3900DEAF87 /* MSALWipeCacheForAllAccountsConfig.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D96DB3627850E3900DEAF87 /* MSALWipeCacheForAllAccountsConfig.m */; };
+		0D96DB3827850E8200DEAF87 /* MSALWipeCacheForAllAccountsConfig.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D96DB3627850E3900DEAF87 /* MSALWipeCacheForAllAccountsConfig.m */; };
+		0D96DB3927850E8400DEAF87 /* MSALWipeCacheForAllAccountsConfig.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D96DB3627850E3900DEAF87 /* MSALWipeCacheForAllAccountsConfig.m */; };
+		0D96DB3A27850E8500DEAF87 /* MSALWipeCacheForAllAccountsConfig.m in Sources */ = {isa = PBXBuildFile; fileRef = 0D96DB3627850E3900DEAF87 /* MSALWipeCacheForAllAccountsConfig.m */; };
+		0D96DB3B27850F0E00DEAF87 /* MSALWipeCacheForAllAccountsConfig.h in Headers */ = {isa = PBXBuildFile; fileRef = 0D96DB2E27850E1300DEAF87 /* MSALWipeCacheForAllAccountsConfig.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		0D96DB3C27850F0F00DEAF87 /* MSALWipeCacheForAllAccountsConfig.h in Headers */ = {isa = PBXBuildFile; fileRef = 0D96DB2E27850E1300DEAF87 /* MSALWipeCacheForAllAccountsConfig.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		0D96DB3D27850F1100DEAF87 /* MSALWipeCacheForAllAccountsConfig.h in Headers */ = {isa = PBXBuildFile; fileRef = 0D96DB2E27850E1300DEAF87 /* MSALWipeCacheForAllAccountsConfig.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		0D96DB3E27850F1200DEAF87 /* MSALWipeCacheForAllAccountsConfig.h in Headers */ = {isa = PBXBuildFile; fileRef = 0D96DB2E27850E1300DEAF87 /* MSALWipeCacheForAllAccountsConfig.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		1E04572324BD5A7D00444756 /* MSALCacheItemDetailViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 1E04572024BD5A7D00444756 /* MSALCacheItemDetailViewController.m */; };
 		1E06CD6524D116F800E3D0E5 /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = D6A206371FC510B500755A51 /* Security.framework */; };
 		1E1A2E042256D12F001009ED /* MSALTestAppSettings.m in Sources */ = {isa = PBXBuildFile; fileRef = D61A64B01E5AAC5C0086D120 /* MSALTestAppSettings.m */; };
@@ -1096,6 +1104,8 @@
 		04D32CAC1FD61585000B123E /* MSALErrorConverter.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSALErrorConverter.h; sourceTree = "<group>"; };
 		04D32CAD1FD615B3000B123E /* MSALErrorConverter.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSALErrorConverter.m; sourceTree = "<group>"; };
 		04D32CCF1FD8AFF3000B123E /* MSALErrorConverterTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSALErrorConverterTests.m; sourceTree = "<group>"; };
+		0D96DB2E27850E1300DEAF87 /* MSALWipeCacheForAllAccountsConfig.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSALWipeCacheForAllAccountsConfig.h; sourceTree = "<group>"; };
+		0D96DB3627850E3900DEAF87 /* MSALWipeCacheForAllAccountsConfig.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSALWipeCacheForAllAccountsConfig.m; sourceTree = "<group>"; };
 		1E04571F24BD5A7D00444756 /* MSALCacheItemDetailViewController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSALCacheItemDetailViewController.h; sourceTree = "<group>"; };
 		1E04572024BD5A7D00444756 /* MSALCacheItemDetailViewController.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSALCacheItemDetailViewController.m; sourceTree = "<group>"; };
 		1E1A2E052256D194001009ED /* AppKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppKit.framework; path = System/Library/Frameworks/AppKit.framework; sourceTree = SDKROOT; };
@@ -1708,6 +1718,7 @@
 				96B5E6F02256D197002232F9 /* MSALExtraQueryParameters.h */,
 				96B5E6F12256D197002232F9 /* MSALExtraQueryParameters.m */,
 				2338295622D7E49E001B8AD6 /* MSALWebviewParameters.m */,
+				0D96DB3627850E3900DEAF87 /* MSALWipeCacheForAllAccountsConfig.m */,
 			);
 			path = configuration;
 			sourceTree = "<group>";
@@ -1941,6 +1952,7 @@
 				96B5E6CC2256D152002232F9 /* MSALCacheConfig.h */,
 				B29A56A4228262770023F5E6 /* MSALExternalAccountProviding.h */,
 				B29A56B8228266B40023F5E6 /* MSALSerializedADALCacheProvider.h */,
+				0D96DB2E27850E1300DEAF87 /* MSALWipeCacheForAllAccountsConfig.h */,
 			);
 			path = cache;
 			sourceTree = "<group>";
@@ -2512,6 +2524,7 @@
 				B2D4789D230E3E14005AE186 /* MSALAccount+MultiTenantAccount.h in Headers */,
 				B2D47889230E3DCC005AE186 /* MSALAADOauth2Provider.h in Headers */,
 				B273D0AD226E8585005A7BB4 /* MSALErrorConverter+Internal.h in Headers */,
+				0D96DB3E27850F1200DEAF87 /* MSALWipeCacheForAllAccountsConfig.h in Headers */,
 				B2D478B8230E3E90005AE186 /* MSALExternalAccountHandler.h in Headers */,
 				1E5319C724A51F33007BCF30 /* MSALHttpMethod.h in Headers */,
 				04A6B5C0226937530035C7C2 /* MSALAccount+Internal.h in Headers */,
@@ -2634,6 +2647,7 @@
 				B273D07F226E8507005A7BB4 /* MSALPublicClientStatusNotifications.h in Headers */,
 				B2D478AC230E3E88005AE186 /* MSALLegacySharedMSAAccount.h in Headers */,
 				B2D4789E230E3E2C005AE186 /* MSALWebviewParameters.h in Headers */,
+				0D96DB3D27850F1100DEAF87 /* MSALWipeCacheForAllAccountsConfig.h in Headers */,
 				B2D478AA230E3E82005AE186 /* MSALLegacySharedADALAccount.h in Headers */,
 				B273D0B6226E8596005A7BB4 /* MSALPublicClientApplication+Internal.h in Headers */,
 				B2D47890230E3DD9005AE186 /* MSALOauth2Provider+Internal.h in Headers */,
@@ -2748,6 +2762,7 @@
 				B273D0C1226E85A7005A7BB4 /* MSALGlobalConfig+Internal.h in Headers */,
 				232D69002240A3FF00594BBD /* MSALTokenParameters+Internal.h in Headers */,
 				B273D0C7226E85C2005A7BB4 /* MSALCacheConfig+Internal.h in Headers */,
+				0D96DB3B27850F0E00DEAF87 /* MSALWipeCacheForAllAccountsConfig.h in Headers */,
 				96CF95232268FD0500D97374 /* MSALAuthority.h in Headers */,
 				B27CCDF2229F9F4700CAD565 /* MSALAccountEnumerationParameters.h in Headers */,
 				963377BF211E14C600943EE0 /* MSALWebviewType_Internal.h in Headers */,
@@ -2859,6 +2874,7 @@
 				1EDAE331218A4FA2001898E1 /* MSALAuthority_Internal.h in Headers */,
 				23014D4625672DF9005E12F2 /* MSALAuthenticationSchemePop+Internal.h in Headers */,
 				B273D0C0226E85A7005A7BB4 /* MSALGlobalConfig+Internal.h in Headers */,
+				0D96DB3C27850F0F00DEAF87 /* MSALWipeCacheForAllAccountsConfig.h in Headers */,
 				963377C0211E14C600943EE0 /* MSALWebviewType_Internal.h in Headers */,
 				B203459E21AFA1FB00B221AA /* MSALRedirectUri+Internal.h in Headers */,
 			);
@@ -3507,6 +3523,7 @@
 				1E5319C024A51E07007BCF30 /* MSALAuthenticationSchemePop.m in Sources */,
 				B273D0E0226E85E3005A7BB4 /* MSALExtraQueryParameters.m in Sources */,
 				1E5319BC24A51DF5007BCF30 /* MSALAuthenticationSchemeBearer.m in Sources */,
+				0D96DB3927850E8400DEAF87 /* MSALWipeCacheForAllAccountsConfig.m in Sources */,
 				2343CBF02576C2D3002D405A /* MSALParameters.m in Sources */,
 				B2D478B4230E3E8B005AE186 /* MSALSerializedADALCacheProvider.m in Sources */,
 				38880DF423280C5900688C24 /* MSALPublicClientApplicationConfig.m in Sources */,
@@ -3588,6 +3605,7 @@
 				B273D0A4226E8577005A7BB4 /* MSALIndividualClaimRequest.m in Sources */,
 				1E5319BD24A51DF6007BCF30 /* MSALAuthenticationSchemeBearer.m in Sources */,
 				583BFD0F24DC8E670035B901 /* MSALRedirectUriVerifier.m in Sources */,
+				0D96DB3A27850E8500DEAF87 /* MSALWipeCacheForAllAccountsConfig.m in Sources */,
 				04A6B5B2226937070035C7C2 /* MSALPromptType.m in Sources */,
 				B2D478BE230E3EAF005AE186 /* MSALTenantProfile.m in Sources */,
 				B2D478A8230E3E5A005AE186 /* MSALTelemetryEventsObservingProxy.m in Sources */,
@@ -3805,6 +3823,7 @@
 				B29A56C222826EE20023F5E6 /* MSALSerializedADALCacheProvider.m in Sources */,
 				B2C0E79F23AC7996006C9CAD /* MSALParameters.m in Sources */,
 				B21E07B3210E542C007E3A3C /* MSALRedirectUriVerifier.m in Sources */,
+				0D96DB3727850E3900DEAF87 /* MSALWipeCacheForAllAccountsConfig.m in Sources */,
 				96B5E6EE2256D180002232F9 /* MSALSliceConfig.m in Sources */,
 				B2A3C28B2145FD0F0082525C /* MSALAccountsProvider.m in Sources */,
 				1EE776C6246C98E700F7EBFC /* MSALAuthenticationSchemePop.m in Sources */,
@@ -3873,6 +3892,7 @@
 				23A68A7D20F538B90071E435 /* MSALB2CAuthority.m in Sources */,
 				96B5E6EF2256D180002232F9 /* MSALSliceConfig.m in Sources */,
 				B2A3C28C2145FD0F0082525C /* MSALAccountsProvider.m in Sources */,
+				0D96DB3827850E8200DEAF87 /* MSALWipeCacheForAllAccountsConfig.m in Sources */,
 				232D68D9223DB8C200594BBD /* MSALSilentTokenParameters.m in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;

MSAL/MSAL.xcodeproj/xcshareddata/xcschemes/MSAL Test Automation (iOS).xcscheme

@@ -46,6 +46,17 @@
                BlueprintName = "InteractiveiOSTests"
                ReferencedContainer = "container:MSAL.xcodeproj">
             </BuildableReference>
+            <SkippedTests>
+               <Test
+                  Identifier = "MSALPingUITests/testInteractivePingLogin_withConvergedApp_withPromptAlways_withLoginHint_andPassedInWebView">
+               </Test>
+               <Test
+                  Identifier = "MSALPingUITests/testInteractivePingLogin_withConvergedApp_withPromptAlways_withLoginHint_andSystemWebView">
+               </Test>
+               <Test
+                  Identifier = "MSALPingUITests/testInteractivePingLogin_withNonConvergedApp_withPromptAlways_noLoginHint_andEmbeddedWebView">
+               </Test>
+            </SkippedTests>
          </TestableReference>
          <TestableReference
             skipped = "NO">

MSAL/resources/ios/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.1.26</string>
+	<string>1.2.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSPrincipalClass</key>

MSAL/resources/mac/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>FMWK</string>
 	<key>CFBundleShortVersionString</key>
-	<string>1.1.26</string>
+	<string>1.2.0</string>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>

MSAL/src/MSALDeviceInformation.m

@@ -30,6 +30,7 @@
 #import "MSIDDeviceInfo.h"
 #import <AuthenticationServices/AuthenticationServices.h>
 #import "ASAuthorizationSingleSignOnProvider+MSIDExtensions.h"
+#import "MSIDBrokerConstants.h"
 
 NSString *const MSAL_DEVICE_INFORMATION_SSO_EXTENSION_FULL_MODE_KEY = @"isSSOExtensionInFullMode";
 
@@ -115,6 +116,10 @@ - (NSString *)msalDeviceModeString
 - (void) initExtraDeviceInformation:(MSIDDeviceInfo *)deviceInfo
 {
     [_extraDeviceInformation setValue:deviceInfo.ssoExtensionMode == MSIDSSOExtensionModeFull ? @"Yes" : @"No" forKey:MSAL_DEVICE_INFORMATION_SSO_EXTENSION_FULL_MODE_KEY];
+    if (![NSString msidIsStringNilOrBlank:deviceInfo.mdmId])
+    {
+        [_extraDeviceInformation setValue:deviceInfo.mdmId forKey:MSID_BROKER_MDM_ID_KEY];
+    }
 }
 
 - (void) addRegisteredDeviceMetadataInformation:(NSDictionary *)deviceInfoMetadata

MSAL/src/MSALPublicClientApplication.m

@@ -109,6 +109,7 @@
 #import "MSIDDevicePopManager.h"
 #import "MSIDAssymetricKeyLookupAttributes.h"
 #import "MSIDRequestTelemetryConstants.h"
+#import "MSALWipeCacheForAllAccountsConfig.h"
 
 @interface MSALPublicClientApplication()
 {
@@ -1434,12 +1435,84 @@ - (void)signoutWithAccount:(nonnull MSALAccount *)account
         block(NO, localError, nil);
         return;
     }
+
+    if (signoutParameters.wipeCacheForAllAccounts)
+    {
+        BOOL result = YES;
+        NSError *localError;
+
+        result = [self.tokenCache clearCacheForAllAccountsWithContext:nil error:&localError];
+
+        if (!result)
+        {
+            block(NO, localError, nil);
+            return;
+        }
+
+
+#if !TARGET_OS_IPHONE
+        // Clear additional cache locations
+        NSDictionary<NSString *, NSDictionary *> *additionalPartnerLocations = MSALWipeCacheForAllAccountsConfig.additionalPartnerLocations;
+        if (additionalPartnerLocations && additionalPartnerLocations.count > 0)
+        {
+            NSError *removePartnerLocationError = nil;
+            NSMutableArray <NSString *> *locationErrors = nil;
+            MSIDMacACLKeychainAccessor *keychainAccessor = [[MSIDMacACLKeychainAccessor alloc] initWithTrustedApplications:nil accessLabel:@"Microsoft Credentials" error:nil];
+            for (NSString* locationName in additionalPartnerLocations)
+            {
+                localError = nil;
+                NSDictionary *cacheLocation = additionalPartnerLocations[locationName];
+
+                // Try to read the keychain data in order to trigger the prompt asking for login password, user HAS TO click 'Always Allow' to then be able to delete it.
+                [keychainAccessor getDataWithAttributes:cacheLocation
+                                                context:nil
+                                                  error:&localError];
+
+                if (localError)
+                {
+                    result = NO;
+                    if (!locationErrors)
+                    {
+                        locationErrors = [[NSMutableArray alloc] init];
+                    }
+                    [locationErrors addObject:[NSString stringWithFormat:@"'%@'", locationName]];
+                    NSError *additionalLocationError = MSIDCreateError(MSIDErrorDomain, MSIDErrorInternal, [NSString stringWithFormat:@"WipeCacheForAllAccounts - error when reading cache for the item: %@.", locationName], nil, nil, localError, nil, nil, YES);
+                    removePartnerLocationError = additionalLocationError;
+                    continue;
+                }
+
+                BOOL removeResult = [keychainAccessor removeItemWithAttributes:cacheLocation
+                                                                       context:nil
+                                                                         error:&localError];
+
+                if (!removeResult)
+                {
+                    result = NO;
+                    if (!locationErrors)
+                    {
+                        locationErrors = [[NSMutableArray alloc] init];
+                    }
+                    [locationErrors addObject:[NSString stringWithFormat:@"'%@'", locationName]];
+                    removePartnerLocationError = localError;
+                }
+            }
+
+            if (!result && locationErrors)
+            {
+                NSError *additionalLocationError = MSIDCreateError(MSIDErrorDomain, MSIDErrorInternal, [NSString stringWithFormat:@"WipeCacheForAllAccounts - error when removing cache for the item(s): %@. User might need to select 'Always Allow' when prompted the login password to access keychain.", [locationErrors componentsJoinedByString:@", "]], nil, nil, removePartnerLocationError, nil, @{@"locationErrors":locationErrors}, YES);
+                block(NO, additionalLocationError, nil);
+                return;
+            }
+        }
+#endif
+    }
 
     NSError *controllerError;
     MSIDSignoutController *controller = [MSIDRequestControllerFactory signoutControllerForParameters:msidParams
                                                                                         oauthFactory:self.msalOauth2Provider.msidOauth2Factory
                                                                             shouldSignoutFromBrowser:signoutParameters.signoutFromBrowser
                                                                                    shouldWipeAccount:signoutParameters.wipeAccount
+                                                                       shouldWipeCacheForAllAccounts:signoutParameters.wipeCacheForAllAccounts
                                                                                                error:&controllerError];
 
     if (!controller)
@@ -1459,7 +1532,7 @@ - (void)signoutWithAccount:(nonnull MSALAccount *)account
 - (void)getDeviceInformationWithParameters:(MSALParameters *)parameters
                            completionBlock:(MSALDeviceInformationCompletionBlock)completionBlock
 {
-    MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Querying device info");
+    MSID_LOG_WITH_CTX(MSIDLogLevelInfo, nil, @"Querying device info");
 
     __auto_type block = ^(MSALDeviceInformation * _Nullable deviceInformation, NSError * _Nullable msidError)
     {
@@ -1471,7 +1544,7 @@ - (void)getDeviceInformationWithParameters:(MSALParameters *)parameters
         }
         else
         {
-            MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Retrieved device info %@", deviceInformation);
+            MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Retrieved device info %@", MSID_PII_LOG_MASKABLE(deviceInformation));
         }
 
         [MSALPublicClientApplication logOperation:@"getDeviceInformation" result:nil error:msalError context:nil];
@@ -1495,6 +1568,7 @@ - (void)getDeviceInformationWithParameters:(MSALParameters *)parameters
 
     if (!requestParams)
     {
+        MSID_LOG_WITH_CTX_PII(MSIDLogLevelError, nil, @"GetDeviceInfo: Error when creating requestParams: %@", requestParamsError);
         block(nil, requestParamsError);
         return;
     }

MSAL/src/MSAL_Internal.h

@@ -26,8 +26,8 @@
 //------------------------------------------------------------------------------
 
 #define MSAL_VER_HIGH       1
-#define MSAL_VER_LOW        1
-#define MSAL_VER_PATCH      26
+#define MSAL_VER_LOW        2
+#define MSAL_VER_PATCH      0
 
 #define STR_HELPER(x) #x
 #define STR(x) STR_HELPER(x)