Add constants for broker app link redirect , Fixes AB#3239785 (#2646)

p3dr0rv · Copilot · web-flow · commit f47b86d52654 · 2025-05-30T20:18:30.000-07:00
[AB#3239785](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3239785) Currently the Broker uses a custom scheme redirect uri (msauth://Microsoft.AAD.BrokerPlugin). In (AzureAD/ad-accounts-for-android#3098) we introduce app link-based redirect uri for Broker as those are more secure. Here we define the constants for the app link redirect URIs for the Broker apps. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
diff --git a/common/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java b/common/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java
@@ -1483,6 +1483,41 @@ public static String computeMaxHostBrokerProtocol() {
          */
         public static final String POWERLIFT_TENANT_ID = "powerLiftTenantId";
 
+        /**
+         * The App Link redirect URL for the Authenticator app.
+         */
+        public static final String AUTHENTICATOR_APP_LINK_REDIRECT_URL = "https://login.microsoftonline.com/authenticator";
+
+        /**
+         * The App Link redirect URL for the LTW app.
+         */
+        public static final String LTW_APP_LINK_REDIRECT_URL = "https://login.microsoftonline.com/ltw";
+
+        /**
+         * App Link redirect URL for the CP app.
+         */
+        public static final String COMPANY_PORTAL_APP_LINK_REDIRECT_URL = "https://login.microsoftonline.com/cp";
+
+        /**
+         * App Link redirect URL for the BrokerHost app.
+         */
+        public static final String BROKER_HOST_APP_LINK_REDIRECT_URL = "https://login.microsoftonline.com/brokerhost";
+
+        /**
+         * App Link redirect URL for the Mock Auth app.
+         */
+        public static final String MOCK_LTW_APP_LINK_REDIRECT_URL = "https://login.microsoftonline.com/mockltw";
+
+        /**
+         * App Link redirect URL for the Mock CP app.
+         */
+        public static final String MOCK_CP_APP_LINK_REDIRECT_URL = "https://login.microsoftonline.com/mockcp";
+
+        /**
+         * App Link redirect URL for the Mock Auth app.
+         */
+        public static final String MOCK_AUTH_APP_LINK_REDIRECT_URL = "https://login.microsoftonline.com/mockauth";
+
         /**
          * Bundle identifiers for x-ms-clitelem info.
          */
diff --git a/common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerData.kt b/common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerData.kt
@@ -39,7 +39,8 @@ import java.util.Collections
  */
 data class BrokerData(val packageName : String,
                       val signingCertificateThumbprint : String,
-                      private val nickName: String?) {
+                      private val nickName: String?,
+                      val appLinkRedirectUri: String? = null) {
     constructor(packageName: String, signingCertificateThumbprint: String):
                 this(packageName, signingCertificateThumbprint, null)
 
@@ -94,70 +95,81 @@ data class BrokerData(val packageName : String,
         val debugMicrosoftAuthenticator = BrokerData(
             AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_PACKAGE_NAME,
             AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_DEBUG_SIGNATURE_SHA512,
-            "debugMicrosoftAuthenticator"
+            "debugMicrosoftAuthenticator",
+            AuthenticationConstants.Broker.AUTHENTICATOR_APP_LINK_REDIRECT_URL
         )
 
         @JvmStatic
         val prodMicrosoftAuthenticator = BrokerData(
             AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_PACKAGE_NAME,
             AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_RELEASE_SIGNATURE_SHA512,
-            "prodMicrosoftAuthenticator"
+            "prodMicrosoftAuthenticator",
+            AuthenticationConstants.Broker.AUTHENTICATOR_APP_LINK_REDIRECT_URL
         )
 
         @JvmStatic
         val debugCompanyPortal = BrokerData(
             AuthenticationConstants.Broker.COMPANY_PORTAL_APP_PACKAGE_NAME,
             AuthenticationConstants.Broker.COMPANY_PORTAL_APP_DEBUG_SIGNATURE_SHA512,
-            "debugCompanyPortal"
+            "debugCompanyPortal",
+            AuthenticationConstants.Broker.COMPANY_PORTAL_APP_LINK_REDIRECT_URL
         )
 
         @JvmStatic
         val prodCompanyPortal = BrokerData(
             AuthenticationConstants.Broker.COMPANY_PORTAL_APP_PACKAGE_NAME,
             AuthenticationConstants.Broker.COMPANY_PORTAL_APP_RELEASE_SIGNATURE_SHA512,
-            "prodCompanyPortal"
+            "prodCompanyPortal",
+            AuthenticationConstants.Broker.COMPANY_PORTAL_APP_LINK_REDIRECT_URL
         )
 
         @JvmStatic
         val debugBrokerHost = BrokerData(
             AuthenticationConstants.Broker.BROKER_HOST_APP_PACKAGE_NAME,
             AuthenticationConstants.Broker.BROKER_HOST_APP_SIGNATURE_SHA512,
-            "debugBrokerHost"
+            "debugBrokerHost",
+            AuthenticationConstants.Broker.BROKER_HOST_APP_LINK_REDIRECT_URL
         )
 
         @JvmStatic
         val debugMockCp = BrokerData(
             AuthenticationConstants.Broker.MOCK_CP_PACKAGE_NAME,
             AuthenticationConstants.Broker.MOCK_CP_SIGNATURE_SHA512,
-            "debugMockCp"
+            "debugMockCp",
+            AuthenticationConstants.Broker.MOCK_CP_APP_LINK_REDIRECT_URL
         )
 
         @JvmStatic
         val debugMockAuthApp = BrokerData(
             AuthenticationConstants.Broker.MOCK_AUTH_APP_PACKAGE_NAME,
             AuthenticationConstants.Broker.MOCK_AUTH_APP_SIGNATURE_SHA512,
-            "debugMockAuthApp"
+            "debugMockAuthApp",
+            AuthenticationConstants.Broker.MOCK_AUTH_APP_PACKAGE_NAME
         )
 
         @JvmStatic
         val debugMockLtw = BrokerData(
             AuthenticationConstants.Broker.MOCK_LTW_PACKAGE_NAME,
             AuthenticationConstants.Broker.MOCK_LTW_SIGNATURE_SHA512,
-            "debugMockLtw"
+            "debugMockLtw",
+            AuthenticationConstants.Broker.MOCK_LTW_APP_LINK_REDIRECT_URL
         )
 
         @JvmStatic
         val prodLTW = BrokerData(
             AuthenticationConstants.Broker.LTW_APP_PACKAGE_NAME,
             AuthenticationConstants.Broker.LTW_APP_SHA512_RELEASE_SIGNATURE,
-            "prodLTW"
+            "prodLTW",
+            AuthenticationConstants.Broker.LTW_APP_LINK_REDIRECT_URL
         )
 
         @JvmStatic
         val debugLTW = BrokerData(
             AuthenticationConstants.Broker.LTW_APP_PACKAGE_NAME,
             AuthenticationConstants.Broker.LTW_APP_SHA512_DEBUG_SIGNATURE,
-            "debugLTW"
+            "debugLTW",
+            AuthenticationConstants.Broker.LTW_APP_LINK_REDIRECT_URL
+
         )
 
         @JvmStatic
