AzureAD · fadidurah · May 24, 2025 · Apr 2, 2025 · Apr 2, 2025 · Apr 10, 2025
@@ -25,8 +25,9 @@ package com.microsoft.identity.common.internal.broker
 import android.webkit.JavascriptInterface
 import com.google.gson.stream.MalformedJsonException
 import com.microsoft.identity.common.internal.numberMatch.NumberMatchHelper
-import com.microsoft.identity.common.java.util.JsonUtil
 import com.microsoft.identity.common.logging.Logger
+import com.google.gson.Gson
+import com.google.gson.JsonSyntaxException
 
 /**
  * JavaScript API to receive JSON string payloads from AuthUX in order to facilitate calling various
@@ -74,25 +75,36 @@ class AuthUxJavaScriptInterface {
         Logger.info(methodTag, "Received a payload from AuthUX through JavaScript API.")
 
         try {
-            val parsedJson = JsonUtil.extractJsonObjectIntoMap(jsonPayload)
+            val payloadObject = parseJsonToAuthUxJsonPayloadObject(jsonPayload)
+
+            Logger.info(methodTag, "Correlation ID during JavaScript Call: [${payloadObject.correlationId}]")
 
-            val correlationID = parsedJson["correlationID"]
-            Logger.info(methodTag, "Correlation ID during JavaScript Call: [$correlationID]")
 
             // TODO: Leaving these here, as these will be relevant for next WebCP feature
-            // val actionName = parsedJson["action_name"]
-            // val actionComponent = parsedJson["action_component"]
+            // val actionName = payloadObject.actionName
+            // val actionComponent = payloadObject.actionComponent
+
+            val parameters = payloadObject.params
+            if (parameters == null) {
+                Logger.warn(methodTag, "Payload from AuthUX contained no \"params\" field.")
+                return
+            }
+
+            val function = parameters.function
 
-            val parameters = JsonUtil.extractJsonObjectIntoMap(parsedJson["params"])
-            val function = parameters["function"]
-            val data = JsonUtil.extractJsonObjectIntoMap(parameters["data"])
             Logger.info(methodTag, "Function name: [$function]")
 
+            val data = parameters.data
+            if (data == null) {
+                Logger.warn(methodTag, "Payload from AuthUX contained no \"data\" field.")
+                return
+            }
+
             when (function) {
                 FunctionNames.NUMBER_MATCH.name ->
                     NumberMatchHelper.storeNumberMatch(
-                        data[NumberMatchHelper.SESSION_ID_ATTRIBUTE_NAME],
-                        data[NumberMatchHelper.NUMBER_MATCH_ATTRIBUTE_NAME])
+                        data.sessionId,
+                        data.numberMatch)
                 else ->
                     Logger.warn(methodTag, "Payload from AuthUX contained an unknown function name.")
             }
@@ -101,8 +113,8 @@ class AuthUxJavaScriptInterface {
                 is NullPointerException -> {
                     Logger.warn(methodTag, "Payload with missing mandatory fields sent through JavaScriptInterface")
                 }
-                is MalformedJsonException -> {
-                    Logger.warn(methodTag, "Malformed JSON payload sent through JavaScriptInterface")
+                is MalformedJsonException, is JsonSyntaxException -> {
+                    Logger.warn(methodTag, "Error Parsing JSON payload sent through JavaScriptInterface")
                 }
                 else -> {
                     Logger.warn(methodTag, "Unknown error occurred while processing the payload.")
@@ -111,6 +123,11 @@ class AuthUxJavaScriptInterface {
         }
     }
 
+    private fun parseJsonToAuthUxJsonPayloadObject(jsonString: String): AuthUxJsonPayloadObject {
+        val gson = Gson()
+        return gson.fromJson(jsonString, AuthUxJsonPayloadObject::class.java)
+    }
+
     /**
      * Enum class to hold function names
      */

diff --git a/...on/src/main/java/com/microsoft/identity/common/internal/broker/AuthUxJsonPayloadObject.kt b/...on/src/main/java/com/microsoft/identity/common/internal/broker/AuthUxJsonPayloadObject.kt
@@ -0,0 +1,86 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.broker
+
+import com.google.gson.annotations.SerializedName
+
+/**
+ * Data class representing the JSON payload object received from AuthUX.
+ *
+ * @property correlationId The correlation ID for the request.
+ * @property actionName The name of the action being performed.
+ * @property actionComponent The component responsible for the action.
+ * @property params The parameters for the action, including function and data.
+ */
+data class AuthUxJsonPayloadObject(
+    @SerializedName(SerializedNames.CORRELATIONID)
+    val correlationId: String?,
+
+    @SerializedName(SerializedNames.ACTION_NAME)
+    val actionName: String?,
+
+    @SerializedName(SerializedNames.ACTION_COMPONENT)
+    val actionComponent: String?,
+
+    @SerializedName(SerializedNames.PARAMS)
+    val params: AuthUxParams?
+)
+
+/**
+ * Data class representing the parameters for the action, including function and data.
+ *
+ * @property function The function to be executed.
+ * @property data The data associated with the function.
+ */
+data class AuthUxParams(
+    @SerializedName(SerializedNames.FUNCTION)
+    val function: String?,
+
+    @SerializedName(SerializedNames.DATA)
+    val data: AuthUxData?
+)
+
+/**
+ * Data class representing the data associated with the JS API call.
+ *
+ * @property sessionId The session ID for the request.
+ * @property numberMatch The number match value.
+ */
+data class AuthUxData(
+    @SerializedName(SerializedNames.SESSIONID)
+    val sessionId: String?,
+
+    @SerializedName(SerializedNames.NUMBERMATCH)
+    val numberMatch: String?
+)
+
+object SerializedNames {
+    const val CORRELATIONID = "correlationID"
+    const val ACTION_NAME = "action_name"
+    const val ACTION_COMPONENT = "action_component"
+    const val PARAMS = "params"
+    const val FUNCTION = "function"
+    const val DATA = "data"
+    const val SESSIONID = "sessionID"
+    const val NUMBERMATCH = "numberMatch"
+}
@@ -23,6 +23,7 @@
 package com.microsoft.identity.common.internal.broker
 
 import com.microsoft.identity.common.internal.numberMatch.NumberMatchHelper
+import org.junit.After
 import org.junit.Before
 import org.junit.Test
 
@@ -55,6 +56,12 @@ class AuthUxJavaScriptInterfaceTest {
         authUxJavaScriptInterface = AuthUxJavaScriptInterface()
     }
 
+    @After
+    fun tearDown() {
+        // Clear the static map after each test
+        NumberMatchHelper.numberMatchMap.clear()
+    }
+
     @Test
     fun `test postMessageToBroker with NUMBER_MATCH function`() {
         // Call the method
@@ -64,4 +71,20 @@ class AuthUxJavaScriptInterfaceTest {
         val storedValue = NumberMatchHelper.numberMatchMap[mockSessionId]
         assert(storedValue == mockNumberMatchValue)
     }
+
+    @Test
+    fun `test postMessageToBroker with empty json`() {
+        // Call the method
+        authUxJavaScriptInterface.postMessageToBroker("{}")
+
+        // Should not get an exception
+    }
+
+    @Test
+    fun `test postMessageToBroker with non-json string`() {
+        // Call the method
+        authUxJavaScriptInterface.postMessageToBroker("NotAJson")
+
+        // Should not get an exception
+    }
 }
diff --git a/...rc/test/java/com/microsoft/identity/common/internal/broker/AuthUxJsonPayloadObjectTest.kt b/...rc/test/java/com/microsoft/identity/common/internal/broker/AuthUxJsonPayloadObjectTest.kt
@@ -0,0 +1,75 @@
+package com.microsoft.identity.common.internal.broker
+
+import com.google.gson.Gson
+import org.junit.Assert.*
+import org.junit.Test
+
+class AuthUxJsonPayloadObjectTest {
+
+    private val gson = Gson()
+
+    @Test
+    fun `test deserialization of valid JSON`() {
+        val json = """
+            {
+                "correlationID": "12345",
+                "action_name": "write_data",
+                "action_component": "broker",
+                "params": {
+                    "function": "NUMBER_MATCH",
+                    "data": {
+                        "sessionID": "67890",
+                        "numberMatch": "123456"
+                    }
+                }
+            }
+        """.trimIndent()
+
+        val payload = gson.fromJson(json, AuthUxJsonPayloadObject::class.java)
+
+        assertNotNull(payload)
+        assertEquals("12345", payload.correlationId)
+        assertEquals("write_data", payload.actionName)
+        assertEquals("broker", payload.actionComponent)
+
+        val params = payload.params
+        assertNotNull(params)
+        assertEquals("NUMBER_MATCH", params?.function)
+
+        val data = params?.data
+        assertNotNull(data)
+        assertEquals("67890", data?.sessionId)
+        assertEquals("123456", data?.numberMatch)
+    }
+
+    @Test
+    fun `test deserialization of JSON with missing fields`() {
+        val json = """
+            {
+                "correlationID": "12345",
+                "action_name": "write_data"
+            }
+        """.trimIndent()
+
+        val payload = gson.fromJson(json, AuthUxJsonPayloadObject::class.java)
+
+        assertNotNull(payload)
+        assertEquals("12345", payload.correlationId)
+        assertEquals("write_data", payload.actionName)
+        assertNull(payload.actionComponent)
+        assertNull(payload.params)
+    }
+
+    @Test
+    fun `test deserialization of empty JSON`() {
+        val json = "{}"
+
+        val payload = gson.fromJson(json, AuthUxJsonPayloadObject::class.java)
+
+        assertNotNull(payload)
+        assertNull(payload.correlationId)
+        assertNull(payload.actionName)
+        assertNull(payload.actionComponent)
+        assertNull(payload.params)
+    }
+}