AzureAD · somalaya · Jan 26, 2024 · Jan 8, 2024 · Jan 8, 2024 · Jan 8, 2024
@@ -71,9 +71,11 @@ public class NestedAppHelper {
 
     private final String mAuthorityUrl;
 
-    private static final String HUB_APP_CLIENT_ID = "1fec8e78-bce4-4aaf-ab1b-5451cc387264";
+    private static final String HUB_APP_CLIENT_ID_MSA = "8ec6bc83-69c8-4392-8f08-b3c986009232";
 
-    private static final String NESTED_APP_CLIENT_ID = "4b0db8c2-9f26-4417-8bde-3f0e3656f8e0";
+    private static final String HUB_APP_CLIENT_ID_AAD = "1fec8e78-bce4-4aaf-ab1b-5451cc387264";
+
+    private static final String NESTED_APP_CLIENT_ID = "9668f2bd-6103-4292-9024-84fa2d1b6fb2";
 
     private static final String NESTED_APP_US_GOV_CLIENT_ID = "cb7faed4-b8c0-49ee-b421-f5ed16894c83";
 
@@ -106,7 +108,14 @@ public NestedAppHelper(Activity activity, ILabAccount labAccount) {
                 BrokerData.getDebugBrokerHost().getPackageName()
         );
 
-       mAuthorityUrl = "https://login.microsoftonline.com/common";
+        final String hubAppClientId;
+        if (labAccount.getUserType() == UserType.MSA) {
+            mAuthorityUrl = "https://login.microsoftonline.com/consumers";
+            hubAppClientId = HUB_APP_CLIENT_ID_MSA;
+        } else {
+            mAuthorityUrl = "https://login.microsoftonline.com/common";
+            hubAppClientId = HUB_APP_CLIENT_ID_AAD;
+        }
         mInteractiveParameters = AndroidActivityInteractiveTokenCommandParameters
                 .builder()
                 .platformComponents(mPlatformComponents)
@@ -119,7 +128,7 @@ public NestedAppHelper(Activity activity, ILabAccount labAccount) {
                 .authority(Authority.getAuthorityFromAuthorityUrl(mAuthorityUrl))
                 .scopes(Collections.singleton(GRAPH_SCOPE))
                 .redirectUri(HUB_APP_REDIRECT_URI)
-                .clientId(HUB_APP_CLIENT_ID)
+                .clientId(hubAppClientId)
                 .requiredBrokerProtocolVersion(REQUIRED_PROTOCOL_VERSION_FIFTEEN)
                 .loginHint(labAccount.getUsername())
                 .authenticationScheme(new BearerAuthenticationSchemeInternal())
@@ -142,17 +151,14 @@ protected void performATForHubApp() {
             final AcquireTokenResult tokenResult = acquireTokenFuture.get();
             Assert.assertNotNull(tokenResult);
             Assert.assertTrue(tokenResult.getSucceeded());
-            final String appId =
-                    (String) IDToken.parseJWT(tokenResult.getLocalAuthenticationResult().getAccessToken()).get(APP_ID);
-            Assert.assertEquals(HUB_APP_CLIENT_ID, appId);
+            validateAppIdIfRequired(tokenResult, HUB_APP_CLIENT_ID_AAD);
 
-        } catch (InterruptedException | ExecutionException | TimeoutException |
-                 ServiceException e) {
+        } catch (InterruptedException | ExecutionException | TimeoutException | ServiceException e) {
             throw new AssertionError(e);
         }
     }
 
-    protected void  performATForHubAppInUSGovCloud() {
+    protected void performATForHubAppInUSGovCloud() {
         mInteractiveParameters = AndroidActivityInteractiveTokenCommandParameters
                 .builder()
                 .platformComponents(mPlatformComponents)
@@ -165,7 +171,7 @@ protected void  performATForHubAppInUSGovCloud() {
                 .authority(Authority.getAuthorityFromAuthorityUrl(US_GOV_AUTHORITY))
                 .scopes(Collections.singleton(GRAPH_SCOPE))
                 .redirectUri(HUB_APP_US_GOV_REDIRECT_URI)
-                .clientId(HUB_APP_CLIENT_ID)
+                .clientId(HUB_APP_CLIENT_ID_AAD)
                 .requiredBrokerProtocolVersion(REQUIRED_PROTOCOL_VERSION_FIFTEEN)
                 .loginHint(mLabAccount.getUsername())
                 .authenticationScheme(new BearerAuthenticationSchemeInternal())
@@ -181,6 +187,8 @@ protected void performATSilentForNestedApp(AccountRecord accountRecord, boolean
         if (shouldAddDeviceIdClaim) {
             claimsJsonString = DEVICE_ID_CLAIM;
         }
+
+        final String hubAppClientId = mLabAccount.getUserType() == UserType.MSA ? HUB_APP_CLIENT_ID_MSA : HUB_APP_CLIENT_ID_AAD;
         final SilentTokenCommandParameters mSilentTokenCommandParameters =
                 SilentTokenCommandParameters
                         .builder()
@@ -195,7 +203,7 @@ protected void performATSilentForNestedApp(AccountRecord accountRecord, boolean
                         .forceRefresh(true)
                         .scopes(Collections.singleton(GRAPH_SCOPE))
                         .redirectUri(HUB_APP_REDIRECT_URI)
-                        .clientId(HUB_APP_CLIENT_ID)
+                        .clientId(hubAppClientId)
                         .childRedirectUri(NESTED_APP_REDIRECT_URI)
                         .childClientId(NESTED_APP_CLIENT_ID)
                         .authenticationScheme(new BearerAuthenticationSchemeInternal())
@@ -210,14 +218,20 @@ protected void performATSilentForNestedApp(AccountRecord accountRecord, boolean
         Assert.assertTrue(acquireTokenSilentResult.getSucceeded());
         // NAA requests must not be serviced from cache
         Assert.assertFalse(acquireTokenSilentResult.getLocalAuthenticationResult().isServicedFromCache());
-        // cannot parse jwt for MSA
+
+        validateAppIdIfRequired(acquireTokenSilentResult, NESTED_APP_CLIENT_ID);
+    }
+
+    private void validateAppIdIfRequired(@NonNull final AcquireTokenResult acquireTokenResult, @NonNull final String expectedClientId) throws ServiceException {
+        // Cannot parse jwt for MSA, so no validation for MSA
         if (mLabAccount.getUserType() != UserType.MSA) {
-            final String appId = (String) IDToken.parseJWT(acquireTokenSilentResult.getLocalAuthenticationResult().getAccessToken()).get(APP_ID);
-            Assert.assertEquals(NESTED_APP_CLIENT_ID, appId);
+            final String appId = (String) IDToken.parseJWT(acquireTokenResult.getLocalAuthenticationResult().getAccessToken()).get(APP_ID);
+            Assert.assertEquals(expectedClientId, appId);
         }
     }
 
     protected void performATSilentForNestedAppInUSGovCloud(AccountRecord accountRecord) throws BaseException {
+        final String hubAppClientId = mLabAccount.getUserType() == UserType.MSA ? HUB_APP_CLIENT_ID_MSA : HUB_APP_CLIENT_ID_AAD;
         final SilentTokenCommandParameters mSilentTokenCommandParameters =
                 SilentTokenCommandParameters
                         .builder()
@@ -232,7 +246,7 @@ protected void performATSilentForNestedAppInUSGovCloud(AccountRecord accountReco
                         .forceRefresh(true)
                         .scopes(Collections.singleton(GRAPH_SCOPE))
                         .redirectUri(HUB_APP_US_GOV_REDIRECT_URI)
-                        .clientId(HUB_APP_CLIENT_ID)
+                        .clientId(hubAppClientId)
                         .childRedirectUri(NESTED_APP_REDIRECT_URI)
                         .childClientId(NESTED_APP_US_GOV_CLIENT_ID)
                         .authenticationScheme(new BearerAuthenticationSchemeInternal())
@@ -246,18 +260,16 @@ protected void performATSilentForNestedAppInUSGovCloud(AccountRecord accountReco
         Assert.assertTrue(acquireTokenSilentResult.getSucceeded());
         // NAA requests must not be serviced from cache
         Assert.assertFalse(acquireTokenSilentResult.getLocalAuthenticationResult().isServicedFromCache());
-        // cannot parse jwt for MSA
-        if (mLabAccount.getUserType() != UserType.MSA) {
-            final String appId = (String) IDToken.parseJWT(acquireTokenSilentResult.getLocalAuthenticationResult().getAccessToken()).get(APP_ID);
-            Assert.assertEquals(NESTED_APP_US_GOV_CLIENT_ID, appId);
-        }
+        validateAppIdIfRequired(acquireTokenSilentResult, NESTED_APP_US_GOV_CLIENT_ID);
     }
 
     protected void performInteractiveATForNestedApp(boolean shouldAddDeviceIdClaim) {
         String claimsJsonString = "";
         if (shouldAddDeviceIdClaim) {
             claimsJsonString = DEVICE_ID_CLAIM;
         }
+        final String hubAppClientId = mLabAccount.getUserType() == UserType.MSA ? HUB_APP_CLIENT_ID_MSA : HUB_APP_CLIENT_ID_AAD;
+
         mInteractiveParameters = AndroidActivityInteractiveTokenCommandParameters
                 .builder()
                 .platformComponents(mPlatformComponents)
@@ -270,7 +282,7 @@ protected void performInteractiveATForNestedApp(boolean shouldAddDeviceIdClaim)
                 .authority(Authority.getAuthorityFromAuthorityUrl(mAuthorityUrl))
                 .scopes(Collections.singleton(GRAPH_SCOPE))
                 .redirectUri(HUB_APP_REDIRECT_URI)
-                .clientId(HUB_APP_CLIENT_ID)
+                .clientId(hubAppClientId)
                 .requiredBrokerProtocolVersion(REQUIRED_PROTOCOL_VERSION_FIFTEEN)
                 .loginHint(mLabAccount.getUsername())
                 .authenticationScheme(new BearerAuthenticationSchemeInternal())
@@ -291,7 +303,7 @@ protected void performInteractiveATForNestedApp(boolean shouldAddDeviceIdClaim)
 
         try {
             if (shouldAddDeviceIdClaim) {
-                CompletableFuture<Void>  handleRegisterPromptFuture = CompletableFuture.runAsync(() -> {
+                CompletableFuture<Void> handleRegisterPromptFuture = CompletableFuture.runAsync(() -> {
                     handlePromptAsync(this::handleRegistration);
                 });
                 CompletableFuture.allOf(handlePromptFuture, handleRegisterPromptFuture, acquireTokenFuture).get(TIME_OUT_IN_SECONDS, TimeUnit.SECONDS);
@@ -301,9 +313,7 @@ protected void performInteractiveATForNestedApp(boolean shouldAddDeviceIdClaim)
             final AcquireTokenResult tokenResult = acquireTokenFuture.get();
             Assert.assertNotNull(tokenResult);
             Assert.assertTrue(tokenResult.getSucceeded());
-            final String appId =
-                    (String) IDToken.parseJWT(tokenResult.getLocalAuthenticationResult().getAccessToken()).get(APP_ID);
-            Assert.assertEquals(NESTED_APP_CLIENT_ID, appId);
+            validateAppIdIfRequired(tokenResult, NESTED_APP_CLIENT_ID);
 
         } catch (InterruptedException | ExecutionException | TimeoutException |
                  ServiceException e) {

@@ -26,15 +26,11 @@
 
 import com.microsoft.identity.client.msal.automationapp.R;
 import com.microsoft.identity.client.msal.automationapp.testpass.broker.AbstractMsalBrokerTest;
-import com.microsoft.identity.client.ui.automation.annotations.LocalBrokerHostDebugUiTest;
-import com.microsoft.identity.client.ui.automation.annotations.SupportedBrokers;
-import com.microsoft.identity.client.ui.automation.broker.BrokerHost;
 import com.microsoft.identity.common.java.dto.AccountRecord;
 import com.microsoft.identity.labapi.utilities.client.LabQuery;
 import com.microsoft.identity.labapi.utilities.constants.TempUserType;
 import com.microsoft.identity.labapi.utilities.constants.UserType;
 
-import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
@@ -44,8 +40,6 @@
 
 // Nested App auth silent request
 // https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2688459
-@SupportedBrokers(brokers = {BrokerHost.class})
-@LocalBrokerHostDebugUiTest
 @RunWith(Parameterized.class)
 public class TestCase2688459 extends AbstractMsalBrokerTest {
 
@@ -58,33 +52,25 @@ public TestCase2688459(@NonNull UserType userType) {
     @Parameterized.Parameters(name = "{0}")
     public static List<UserType> userType() {
         return Arrays.asList(
-          //    UserType.MSA, MSA will not be tested until ESTS bug in NAA flow is fixed
+                UserType.MSA,
                 UserType.CLOUD
         );
     }
 
-    @Before
-    public void before() {
-        ((BrokerHost) mBroker).enablePrtV3();
-    }
-
     @Test
     public void test_2688459() throws Throwable {
         NestedAppHelper nestedAppHelper = new NestedAppHelper(mActivity, mLabAccount);
         // perform AT interactive request for hub app
         nestedAppHelper.performATForHubApp();
 
-        mBroker.forceStop();
-        mBroker.launch();
-
         // get account record after AT interactive of hub app.
         AccountRecord accountRecord = nestedAppHelper.getAccountRecordAfterHubAppAT();
 
         // perform ATS for nested app
         try {
             nestedAppHelper.performATSilentForNestedApp(accountRecord, false);
         } catch (Throwable e) {
-           throw new AssertionError(e);
+            throw new AssertionError(e);
         }
     }
 

@@ -26,14 +26,10 @@
 
 import com.microsoft.identity.client.msal.automationapp.R;
 import com.microsoft.identity.client.msal.automationapp.testpass.broker.AbstractMsalBrokerTest;
-import com.microsoft.identity.client.ui.automation.annotations.LocalBrokerHostDebugUiTest;
-import com.microsoft.identity.client.ui.automation.annotations.SupportedBrokers;
-import com.microsoft.identity.client.ui.automation.broker.BrokerHost;
 import com.microsoft.identity.labapi.utilities.client.LabQuery;
 import com.microsoft.identity.labapi.utilities.constants.TempUserType;
 import com.microsoft.identity.labapi.utilities.constants.UserType;
 
-import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;
@@ -44,8 +40,6 @@
 // Nested app interactive request after hub does an interactive request
 // https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2688460
 @RunWith(Parameterized.class)
-@LocalBrokerHostDebugUiTest
-@SupportedBrokers(brokers = {BrokerHost.class})
 public class TestCase2688460 extends AbstractMsalBrokerTest {
     private final UserType mUserType;
 
@@ -56,25 +50,17 @@ public TestCase2688460(@NonNull UserType userType) {
     @Parameterized.Parameters(name = "{0}")
     public static List<UserType> userType() {
         return Arrays.asList(
-                //UserType.MSA,
+                UserType.MSA,
                 UserType.CLOUD
         );
     }
 
-    @Before
-    public void before() {
-        ((BrokerHost) mBroker).enablePrtV3();
-    }
-
     @Test
     public void test_2688460() {
         NestedAppHelper nestedAppHelper = new NestedAppHelper(mActivity, mLabAccount);
         // perform AT interactive request for hub app
         nestedAppHelper.performATForHubApp();
 
-        mBroker.forceStop();
-        mBroker.launch();
-
         // just verify that getAccounts does not fail
         nestedAppHelper.getAccountRecordAfterHubAppAT();
         nestedAppHelper.performInteractiveATForNestedApp(false);

@@ -44,8 +44,6 @@
 // Nested app's fresh AT interactive succeeds but silent request fails
 // https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2688462
 @RunWith(Parameterized.class)
-@LocalBrokerHostDebugUiTest
-@SupportedBrokers(brokers = {BrokerHost.class})
 public class TestCase2688462 extends AbstractMsalBrokerTest {
     private final UserType mUserType;
 
@@ -56,25 +54,18 @@ public TestCase2688462(@NonNull UserType userType) {
     @Parameterized.Parameters(name = "{0}")
     public static List<UserType> userType() {
         return Arrays.asList(
-                //UserType.MSA,
+                UserType.MSA,
                 UserType.CLOUD
         );
     }
 
-    @Before
-    public void before() {
-        ((BrokerHost) mBroker).enablePrtV3();
-    }
     @Test
     public void test_2688462() {
         NestedAppHelper nestedAppHelper = new NestedAppHelper(mActivity, mLabAccount);
         // perform AT interactive request for nested app
         nestedAppHelper.performInteractiveATForNestedApp(false);
         // verify getAccounts gives 0 records
         nestedAppHelper.getAccountRecordAfterNestedAppAT();
-
-        mBroker.forceStop();
-        mBroker.launch();
     }
 
     @Override

@@ -22,11 +22,9 @@
 //  THE SOFTWARE.
 package com.microsoft.identity.client.msal.automationapp.testpass.broker.nestedAppAuth;
 
-import androidx.annotation.NonNull;
 
 import com.microsoft.identity.client.msal.automationapp.R;
 import com.microsoft.identity.client.msal.automationapp.testpass.broker.AbstractMsalBrokerTest;
-import com.microsoft.identity.client.ui.automation.annotations.LocalBrokerHostDebugUiTest;
 import com.microsoft.identity.client.ui.automation.annotations.SupportedBrokers;
 import com.microsoft.identity.client.ui.automation.broker.BrokerHost;
 import com.microsoft.identity.common.java.dto.AccountRecord;
@@ -36,46 +34,18 @@
 import com.microsoft.identity.labapi.utilities.constants.UserType;
 
 import org.junit.Assert;
-import org.junit.Before;
 import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
-
-import java.util.Arrays;
-import java.util.List;
 
 // Nested app passes deviceId claim - silent call fails
 // https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2690048
-@RunWith(Parameterized.class)
-@LocalBrokerHostDebugUiTest
 @SupportedBrokers(brokers = {BrokerHost.class})
 public class TestCase2690048 extends AbstractMsalBrokerTest {
-    private final UserType mUserType;
-
-    public TestCase2690048(@NonNull UserType userType) {
-        mUserType = userType;
-    }
-
-    @Parameterized.Parameters(name = "{0}")
-    public static List<UserType> userType() {
-        return Arrays.asList(
-                //    UserType.MSA,
-                UserType.CLOUD
-        );
-    }
-
-    @Before
-    public void before() {
-        ((BrokerHost) mBroker).enablePrtV3();
-    }
 
     @Test
     public void test_2690048() {
         NestedAppHelper nestedAppHelper = new NestedAppHelper(mActivity, mLabAccount);
         // perform AT interactive request for hub app
         nestedAppHelper.performATForHubApp();
-        mBroker.forceStop();
-        mBroker.launch();
 
         // get account record after AT interactive of hub app.
         AccountRecord accountRecord = nestedAppHelper.getAccountRecordAfterHubAppAT();
@@ -96,7 +66,7 @@ public void test_2690048() {
     @Override
     public LabQuery getLabQuery() {
         return LabQuery.builder()
-                .userType(mUserType)
+                .userType(UserType.CLOUD)
                 .build();
     }
 

@@ -53,9 +53,6 @@ public void test_2703171() throws Throwable {
         // perform AT interactive request for hub app
         nestedAppHelper.performATForHubAppInUSGovCloud();
 
-        mBroker.forceStop();
-        mBroker.launch();
-
         AccountRecord accountRecord = nestedAppHelper.getAccountRecordAfterHubAppAT();
 
         try {