Pass Work Profile existence, OS Version, and Manufacturer to ESTS, Fixes AB#3138815 #2627
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
✅ Work item link check complete. Description contains link AB#3138815 to an Azure Boards work item. |
github-actions
bot
changed the title
rpdome
reviewed
Apr 18, 2025
common4j/src/main/com/microsoft/identity/common/java/platform/Device.java
Outdated
Show resolved
Hide resolved
rpdome
approved these changes
Apr 23, 2025
fadidurah
commented
Apr 23, 2025
common4j/src/main/com/microsoft/identity/common/java/providers/oauth2/AuthorizationRequest.java
Outdated
Show resolved
Hide resolved
fadidurah
commented
Apr 23, 2025
common4j/src/main/com/microsoft/identity/common/java/controllers/BaseController.java
Outdated
Show resolved
Hide resolved
p3dr0rv
reviewed
Apr 25, 2025
common/src/main/java/com/microsoft/identity/common/internal/util/WorkProfileUtil.java
Outdated
Show resolved
Hide resolved
p3dr0rv
reviewed
Apr 25, 2025
common4j/src/main/com/microsoft/identity/common/java/platform/Device.java
Outdated
Show resolved
Hide resolved
rpdome
approved these changes
Apr 25, 2025
fadidurah
added
the
Skip-Consumers-Check
rpdome
approved these changes
Apr 28, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Feature Spec: https://microsoft-my.sharepoint-df.com/:w:/p/jukollin/EW3bntSipC1Ek8gY7sIX_yUBXip16NxHN-mge53O1V0K7Q?e=vxoEue
Contract with ESTS for query parameter names: https://microsoft-my.sharepoint-df.com/:w:/r/personal/fadidurah_microsoft_com/_layouts/15/doc2.aspx?sourcedoc=%7B7F727CCE-ECB4-4790-B4B9-369B8BD14A5D%7D&file=Document.docx&action=editnew&mobileredirect=true&wdPreviousSession=640fdd8a-c8fd-4983-fd56-29908be02022&wdNewAndOpenCt=1740713103250&wdo=4&wdOrigin=TEAMS-MAGLEV.p2p_ns.rwc&wdPreviousCorrelation=3a1b8576-c30c-4b46-9f9e-7cfde7fb9cbe&wdnd=1&wdTpl=blankNew&share=IQHOfHJ_tOyQR7S5NpuL0UpdAYK9OGBqj-cKpGfw7kJbcPk&wdExp=TEAMS-TREATMENT&wdhostclicktime=1744341352978&web=1
Msal-only Authorize request:
/login.microsoftonline.com/organizations/oAuth2/v2.0/authorize?prompt=select_account&client-request-id=de149d0e-9a9e-4f42-accf-c43e209b1b35&x-client-CPU=arm64-v8a&x-client-DM=Pixel&x-client-MN=Google&x-client-OS=29&x-client-SKU=MSAL.Android&x-client-Ver=5.10.0&login_hint=&instance_aware=false&code_challenge=8sy252i6gSVaCyONbgVYS9qhatnWyybwGzqs35bPwYQ&code_challenge_method=S256&x-client-WPAvailable=true&claims=%7B%7D&client_id=4b0db8c2-9f26-4417-8bde-3f0e3656f8e0&redirect_uri=msauth%3A%2F%2Fcom.msft.identity.client.sample.local%2F1wIqXSqBj7w%252Bh11ZifsnqwgyKrY%253D&response_type=code&scope=user.read%20%20openid%20offline_access%20profile&state=NzM6ZmIzZWFkZTctNDRmNC00YjBkLWEzODItOGVhYzc2ZTlkM2E1LWRiNmNlMzg2LTQ2NzktNGE2Ni1hMWVhLTk0Y2IzYmQ1NWJlZg
Msal-broker Authorize request:
/login.microsoftonline.com/organizations/oAuth2/v2.0/authorize?prompt=login&client-request-id=ef4e33b5-b8ae-45e9-a9ff-d0ea51487db2&x-client-CPU=arm64-v8a&x-client-DM=Pixel&x-client-MN=Google&x-client-OS=29&x-client-SKU=MSAL.Android&x-client-Ver=6.0.0&login_hint=&instance_aware=true&code_challenge=rax8IWFnE_OtZlr1p7GKgWZk9cF2gl6o1fGKS3gmx5U&code_challenge_method=S256&x-client-WPAvailable=true&client_id=29d9ed98-a469-4536-ade2-f981bc1d605e&redirect_uri=msauth%3A%2F%2FMicrosoft.AAD.BrokerPlugin&response_type=code&scope=aza%20openid%20email%20profile%20offline_access%20urn%3Aaad%3Atb%3Aupdate%3Aprt%2F.default&state=MTI3OjVjNGIwMjFmLWM5NTYtNDk4Yy1iNTVhLThlNWVjZjcwZjg2OC03NzU2NjljOC05NTRhLTQ2MjktYjVlMC1kMmZiNDY5YWRhYWE&temp-param=Temporary&webauthn=1&brkr=1&x-client-brkrver=8.1.20250423-1ESdev.6&x-app-name=com.msft.identity.client.sample.local&x-app-ver=1.0-local&domain_hint=organizations&caller_app_client_id=4b0db8c2-9f26-4417-8bde-3f0e3656f8e0&caller_app_redirect_uri=msauth%3A%2F%2Fcom.msft.identity.client.sample.local%2F1wIqXSqBj7w%252Bh11ZifsnqwgyKrY%253D&prt_protocol_version=3.0
Note
x-client-MN=Google,x-client-OS=29, andx-client-WPAvailable=trueWe were already passing OS version (x-client-OS), this PR makes changes to common to include Device manufacturer and an additional parameter denoting if we are making a request from personal profile, but a work profile managed by clouddpc (NOT MANAGED BY COMPANY PORTAL, the intent will not be found if work profile is managed by Company Portal).
Validation: Manual validation done with JAmes, setup Android Enterprise work profile on test device, and was getting a success when querying for intent. Did this for MSAL, MSAL/Broker, and OneAuth/Broker. Separate work must be done to get these parameters sent in oneuath only scenarios
AB#3138815