Switch to browser on DUNA redirect URL., Fixes AB#3079799

common/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java

@@ -22,12 +22,16 @@
 // THE SOFTWARE.
 package com.microsoft.identity.common.adal.internal;
 
+import android.net.Uri;
+
+import androidx.annotation.Nullable;
 import androidx.annotation.VisibleForTesting;
 
 import com.microsoft.identity.common.internal.logging.Logger;
 import com.microsoft.identity.common.java.broker.BrokerAccountDataName;
 
 import java.nio.charset.Charset;
+import java.util.Set;
 
 import lombok.AccessLevel;
 import lombok.AllArgsConstructor;
@@ -529,6 +533,45 @@ public static final class AAD {
         public static final String APP_VERSION = "x-app-ver";
     }
 
+    /**
+     * Represents the constants value for the DUNA flow.
+     */
+    @NoArgsConstructor(access = AccessLevel.PRIVATE)
+    public static final class SWITCH_BROWSER {
+
+        /**
+         * String Query parameter key for the session token.
+         */
+        public static final String CODE = "code";
+
+        /**
+         * String Query parameter key for the endpoint.
+         */
+        public static final String ACTION_URI = "action_uri";
+
+        /**
+         * String Query parameter key for the endpoint.
+         */
+        public static final String ACTION = "action";
+
+        /**
+         * Check if the request is to switch the browser.
+         * <p>
+         * The request is considered "switch_browser" if the URL contains
+         * the action URI, code, and action parameters.
+         *
+         * @param uri The URI of the request.
+         * @return True if the request contains the required parameters, false otherwise.
+         */
+        public static boolean isSwitchBrowserRequest(@Nullable final Uri uri) {
+            if (uri == null) {
+                return false;
+            }
+            final Set<String> requiredParams = Set.of(ACTION_URI, CODE, ACTION);
+            return uri.getQueryParameterNames().containsAll(requiredParams);
+        }
+    }
+
     /**
      * Represents the constants for broker.
      */

common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerRequest.java

@@ -34,6 +34,7 @@
 import com.microsoft.identity.common.java.ui.PreferredAuthMethod;
 
 import java.io.Serializable;
+import java.util.List;
 
 import lombok.Builder;
 import lombok.Getter;
@@ -79,6 +80,7 @@ private static final class SerializedNames {
         final static String PREFERRED_AUTH_METHOD = "preferred_auth_method";
         final static String ACCOUNT_TRANSFER_TOKEN = "account_transfer_token";
         final static String SUPPRESS_ACCOUNT_PICKER = "suppress_account_picker";
+        final static String BROWSER_SAFE_LIST = "browser_safe_list";
     }
 
     /**
@@ -185,7 +187,6 @@ private static final class SerializedNames {
     /**
      * Boolean if set, will try to refresh the token instead of using it from cache.
      */
-    @Nullable
     @SerializedName(SerializedNames.FORCE_REFRESH)
     private boolean mForceRefresh;
 
@@ -227,7 +228,6 @@ private static final class SerializedNames {
     /**
      * Boolean indicated whether app supports multiple clouds.
      */
-    @NonNull
     @SerializedName(SerializedNames.MULTIPLE_CLOUDS_SUPPORTED)
     private boolean mMultipleCloudsSupported;
 
@@ -239,7 +239,6 @@ private static final class SerializedNames {
     @SerializedName(SerializedNames.AUTHENTICATION_SCHEME)
     private AbstractAuthenticationScheme mAuthenticationScheme;
 
-    @Nullable
     @SerializedName(SerializedNames.POWER_OPT_CHECK_ENABLED)
     private boolean mPowerOptCheckEnabled;
 
@@ -266,4 +265,10 @@ private static final class SerializedNames {
      */
     @SerializedName(SerializedNames.SUPPRESS_ACCOUNT_PICKER)
     private boolean mSuppressAccountPicker;
+
+    /**
+     * List of browsers that are safe to use for the request.
+     */
+    @SerializedName(SerializedNames.BROWSER_SAFE_LIST)
+    private List<BrowserDescriptor> mBrowserSafeList;
 }

common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/AuthorizationActivityFactory.java

@@ -111,6 +111,9 @@ public static Intent getAuthorizationActivityIntent(final Context context,
         final LibraryConfiguration libraryConfig = LibraryConfiguration.getInstance();
         if (ProcessUtil.isBrokerProcess(context)) {
             intent = new Intent(context, BrokerAuthorizationActivity.class);
+            intent.setFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK | Intent.FLAG_ACTIVITY_NEW_TASK);
+            // In the case of a DUNA flow, we need to transition from the browser to the WebView.
+            // These flags ensure that we have a new task stack that allows for this transition.
         } else if (libraryConfig.isAuthorizationInCurrentTask() && !authorizationAgent.equals(AuthorizationAgent.WEBVIEW)) {
         // We exclude the case when the authorization agent is already selected as WEBVIEW because of confusion
         // that results from attempting to use the CurrentTaskAuthorizationActivity in that case, because as webview

common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/WebViewAuthorizationFragment.java

@@ -28,6 +28,7 @@
 import android.content.Intent;
 import android.content.pm.PackageManager;
 import android.graphics.Bitmap;
+import android.net.Uri;
 import android.os.Build;
 import android.os.Bundle;
 import android.view.LayoutInflater;
@@ -459,6 +460,46 @@ public ActivityResultLauncher<LegacyFido2ApiObject> getFidoLauncher() {
         return mFidoLauncher;
     }
 
+    /**
+     * Launches the web browser intent for the given uri.
+     *
+     * @param uri The uri to launch the web browser intent.
+     */
+    public boolean launchWebBrowserIntent(@NonNull final Uri uri) {
+        final String methodTag = TAG + ":launchWebBrowserIntent";
+        if (mAuthIntent != null) {
+            Logger.info(methodTag, "Launching web browser intent for DUNA flow.");
+            mAuthIntent.setData(uri);
+            startActivity(mAuthIntent);
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * Constructs the switch browser uri with the given action uri and parameters.
+     *
+     * @param action_uri The action uri.
+     * @param params     The parameters.
+     * @return The constructed uri.
+     */
+    public Uri constructSwithBrowserUri(@NonNull final String action_uri, @Nullable final HashMap<String, String> params) {
+        final String[] paths = action_uri.split("/");
+        final String authority = paths[0];
+        final Uri.Builder uriBuilder = new Uri.Builder()
+                .scheme("https")
+                .encodedAuthority(authority);
+        for (int i = 1; i < paths.length; i++) {
+            uriBuilder.appendPath(paths[i]);
+        }
+        if (params != null) {
+            for (HashMap.Entry<String, String> entry : params.entrySet()) {
+                uriBuilder.appendQueryParameter(entry.getKey(), entry.getValue());
+            }
+        }
+        return uriBuilder.build();
+    }
+
     /**
      * Helper method to check if the authorization request is being made through broker.
      * Done by checking for broker version key in the url

common/src/main/java/com/microsoft/identity/common/internal/request/MsalBrokerRequestAdapter.java

@@ -132,6 +132,7 @@ public BrokerRequest brokerRequestFromAcquireTokenParameters(@NonNull final Inte
                 .preferredAuthMethod(parameters.getPreferredAuthMethod())
                 .accountTransferToken(parameters.getAccountTransferToken())
                 .suppressAccountPicker(parameters.isSuppressBrokerAccountPicker())
+                .browserSafeList(parameters.getBrowserSafeList())
                 .build();
 
         return brokerRequest;

common/src/main/java/com/microsoft/identity/common/internal/ui/AndroidAuthorizationStrategyFactory.java

@@ -32,7 +32,6 @@
 import com.microsoft.identity.common.internal.ui.browser.Browser;
 import com.microsoft.identity.common.internal.ui.browser.DefaultBrowserAuthorizationStrategy;
 import com.microsoft.identity.common.java.WarningType;
-import com.microsoft.identity.common.java.exception.ClientException;
 import com.microsoft.identity.common.java.exception.ErrorStrings;
 import com.microsoft.identity.common.java.commands.parameters.BrokerInteractiveTokenCommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.InteractiveTokenCommandParameters;
@@ -41,11 +40,9 @@
 import com.microsoft.identity.common.internal.ui.browser.BrowserSelector;
 import com.microsoft.identity.common.internal.ui.webview.EmbeddedWebViewAuthorizationStrategy;
 import com.microsoft.identity.common.java.ui.AuthorizationAgent;
-import com.microsoft.identity.common.java.ui.BrowserDescriptor;
 import com.microsoft.identity.common.logging.Logger;
 import com.microsoft.identity.common.java.strategies.IAuthorizationStrategyFactory;
 
-import java.util.List;
 
 import lombok.Builder;
 import lombok.experimental.Accessors;
@@ -61,62 +58,79 @@ public class AndroidAuthorizationStrategyFactory implements IAuthorizationStrate
     private final Activity mActivity;
     private final Fragment mFragment;
 
+    /**
+     * Get the authorization strategy.
+     *
+     * @param parameters The parameters for the command.
+     * @return The authorization strategy.
+     */
     @Override
     public IAuthorizationStrategy getAuthorizationStrategy(
             @NonNull final InteractiveTokenCommandParameters parameters) {
         final String methodTag = TAG + ":getAuthorizationStrategy";
-        //Valid if available browser installed. Will fallback to embedded webView if no browser available.
-
-        if (parameters.getAuthorizationAgent() == AuthorizationAgent.WEBVIEW) {
-            Logger.info(methodTag, "Use webView for authorization.");
-            return getGenericAuthorizationStrategy();
-        }
 
+        Browser browser;
         try {
-            final Browser browser = BrowserSelector.select(
+             browser = BrowserSelector.select(
                     mContext,
                     parameters.getBrowserSafeList(),
                     parameters.getPreferredBrowser());
+        } catch (final Throwable throwable) {
+            Logger.warn(methodTag, ErrorStrings.NO_AVAILABLE_BROWSER_FOUND);
+            browser = null;
+        }
 
-            Logger.info(methodTag, "Use browser for authorization.");
-            return getBrowserAuthorizationStrategy(
-                    browser,
-                    (parameters instanceof BrokerInteractiveTokenCommandParameters));
-        } catch (final ClientException e) {
-            Logger.info(methodTag, "Unable to use browser to do the authorization because "
-                    + ErrorStrings.NO_AVAILABLE_BROWSER_FOUND + " Use embedded webView instead.");
-            return getGenericAuthorizationStrategy();
+        // Use embedded webView if no browser available or authorization agent is webView
+        if (parameters.getAuthorizationAgent() == AuthorizationAgent.WEBVIEW || browser == null) {
+            Logger.info(methodTag, "Use webView for authorization.");
+            return getGenericAuthorizationStrategy(browser);
         }
+
+        Logger.info(methodTag, "Use browser for authorization.");
+        return getBrowserAuthorizationStrategy(
+                browser,
+                (parameters instanceof BrokerInteractiveTokenCommandParameters));
+
     }
 
+    /**
+     * Get current task browser authorization strategy or default browser authorization strategy.
+     * If the authorization is in current task, use current task browser authorization strategy.
+     *
+     * @param browser The browser to use for authorization.
+     * @param isBrokerRequest True if the request is from broker.
+     * @return The browser authorization strategy.
+     */
     private IAuthorizationStrategy getBrowserAuthorizationStrategy(@NonNull final Browser browser,
                                                                    final boolean isBrokerRequest) {
         if (LibraryConfiguration.getInstance().isAuthorizationInCurrentTask()) {
-            final CurrentTaskBrowserAuthorizationStrategy currentTaskBrowserAuthorizationStrategy =
-                    new CurrentTaskBrowserAuthorizationStrategy(
-                            mContext,
-                            mActivity,
-                            mFragment);
-            currentTaskBrowserAuthorizationStrategy.setBrowser(browser);
-            return currentTaskBrowserAuthorizationStrategy;
+            return new CurrentTaskBrowserAuthorizationStrategy(
+                    mContext,
+                    mActivity,
+                    mFragment,
+                    browser);
         } else {
-            final DefaultBrowserAuthorizationStrategy defaultBrowserAuthorizationStrategy = new DefaultBrowserAuthorizationStrategy(
+            return new DefaultBrowserAuthorizationStrategy(
                     mContext,
                     mActivity,
                     mFragment,
-                    isBrokerRequest
+                    isBrokerRequest,
+                    browser
             );
-            defaultBrowserAuthorizationStrategy.setBrowser(browser);
-            return defaultBrowserAuthorizationStrategy;
         }
     }
 
-    // Suppressing unchecked warnings due to casting of EmbeddedWebViewAuthorizationStrategy to GenericAuthorizationStrategy
-    @SuppressWarnings(WarningType.unchecked_warning)
-    private IAuthorizationStrategy getGenericAuthorizationStrategy() {
+    /**
+     * Get the generic authorization strategy.
+     *
+     * @param browser The browser to use in case we need to use a browser.
+     * @return The embedded web view authorization strategy.
+     */
+    private IAuthorizationStrategy getGenericAuthorizationStrategy(@Nullable final Browser browser) {
         return new EmbeddedWebViewAuthorizationStrategy(
                 mContext,
                 mActivity,
-                mFragment);
+                mFragment,
+                browser);
     }
 }

common/src/main/java/com/microsoft/identity/common/internal/ui/CurrentTaskBrowserAuthorizationStrategy.java

@@ -30,6 +30,7 @@
 import androidx.annotation.Nullable;
 import androidx.fragment.app.Fragment;
 
+import com.microsoft.identity.common.internal.ui.browser.Browser;
 import com.microsoft.identity.common.internal.ui.browser.BrowserAuthorizationStrategy;
 import com.microsoft.identity.common.java.WarningType;
 import com.microsoft.identity.common.java.providers.oauth2.AuthorizationRequest;
@@ -43,8 +44,9 @@ public class CurrentTaskBrowserAuthorizationStrategy<
         extends BrowserAuthorizationStrategy<GenericOAuth2Strategy, GenericAuthorizationRequest> {
     public CurrentTaskBrowserAuthorizationStrategy(@NonNull Context applicationContext,
                                                    @NonNull Activity activity,
-                                                   @Nullable Fragment fragment) {
-        super(applicationContext, activity, fragment);
+                                                   @Nullable Fragment fragment,
+                                                   @NonNull final Browser browser) {
+        super(applicationContext, activity, fragment, browser);
     }
 
     @Override

common/src/main/java/com/microsoft/identity/common/internal/ui/browser/BrowserAuthorizationStrategy.java

@@ -59,18 +59,17 @@ public abstract class BrowserAuthorizationStrategy<
 
     private CustomTabsManager mCustomTabManager;
     private ResultFuture<AuthorizationResult> mAuthorizationResultFuture;
-    private Browser mBrowser;
     private boolean mDisposed;
     private GenericOAuth2Strategy mOAuth2Strategy; //NOPMD
     private GenericAuthorizationRequest mAuthorizationRequest; //NOPMD
 
+    private final Browser mBrowser;
+
     public BrowserAuthorizationStrategy(@NonNull Context applicationContext,
                                         @NonNull Activity activity,
-                                        @Nullable Fragment fragment) {
+                                        @Nullable Fragment fragment,
+                                        @NonNull Browser browser) {
         super(applicationContext, activity, fragment);
-    }
-
-    public void setBrowser(final Browser browser) {
         mBrowser = browser;
     }
 
@@ -169,7 +168,7 @@ public void completeAuthorization(int requestCode, @NonNull final RawAuthorizati
     /**
      * Disposes state that will not normally be handled by garbage collection. This should be
      * called when the authorization service is no longer required, including when any owning
-     * activity is paused or destroyed (i.e. in {@link android.app.Activity#onStop()}).
+     * activity is paused or destroyed (i.e. in Activity#onStop()).
      */
     public void dispose() {
         if (mDisposed) {

common/src/main/java/com/microsoft/identity/common/internal/ui/browser/CustomTabsManager.java

@@ -165,7 +165,7 @@ private CustomTabsSession createSession(@Nullable final CustomTabsCallback callb
      * if available when the {@link CustomTabsServiceConnection} is connected or the
      * {@link CustomTabsManager#CUSTOM_TABS_MAX_CONNECTION_TIMEOUT} is timed out.
      */
-    public CustomTabsClient getClient() {
+    private CustomTabsClient getClient() {
         final String methodTag = TAG + ":getClient";
         try {
             mClientLatch.await(CUSTOM_TABS_MAX_CONNECTION_TIMEOUT, TimeUnit.SECONDS);

common/src/main/java/com/microsoft/identity/common/internal/ui/browser/DefaultBrowserAuthorizationStrategy.java

@@ -46,8 +46,9 @@ public class DefaultBrowserAuthorizationStrategy<
     public DefaultBrowserAuthorizationStrategy(@NonNull Context applicationContext,
                                                @NonNull Activity activity,
                                                @Nullable Fragment fragment,
-                                               boolean isRequestFromBroker) {
-        super(applicationContext, activity, fragment);
+                                               boolean isRequestFromBroker,
+                                               @NonNull final Browser browser) {
+        super(applicationContext, activity, fragment, browser);
         mIsRequestFromBroker = isRequestFromBroker;
     }