AzureAD · fadidurah · Apr 28, 2025 · Apr 16, 2025 · Apr 16, 2025 · Apr 16, 2025
@@ -1,5 +1,6 @@
 vNext
 ----------
+- [MINOR] Pass Work Profile existence, OS Version, and Manufacturer to ESTS (#2627)
 - [MINOR] Add telemetry for the switch browser protocol (#2612)
 
 Version 21.0.0

@@ -36,6 +36,7 @@
 import com.microsoft.identity.common.internal.providers.oauth2.AndroidTaskStateGenerator;
 import com.microsoft.identity.common.internal.ui.AndroidAuthorizationStrategyFactory;
 import com.microsoft.identity.common.internal.ui.browser.AndroidBrowserSelector;
+import com.microsoft.identity.common.internal.util.WorkProfileUtil;
 import com.microsoft.identity.common.java.WarningType;
 import com.microsoft.identity.common.java.interfaces.IPlatformComponents;
 import com.microsoft.identity.common.java.interfaces.PlatformComponents;
@@ -67,6 +68,10 @@ public static synchronized void initializeGlobalStates(@NonNull final Context co
         if (!sGlobalStateInitalized) {
             HttpCache.initialize(context);
             Device.setDeviceMetadata(new AndroidDeviceMetadata());
+
+            // Denotes whether or not request is from personal profile but device has a Work Profile Available
+            Device.setIsInPersonalProfileButClouddpcWorkProfileAvailable(
+                    WorkProfileUtil.checkIfIsInPersonalProfileButClouddpcWorkProfileAvailable(context));
             Logger.setAndroidLogger();
 
             final File cacheDir = context.getCacheDir();

@@ -0,0 +1,70 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.util;
+
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.ResolveInfo;
+import android.os.Build;
+
+import com.microsoft.identity.common.logging.Logger;
+
+import java.util.List;
+
+import lombok.NonNull;
+
+public class WorkProfileUtil {
+    private static final String TAG = WorkProfileUtil.class.getSimpleName();
+
+    /**
+     * Helper method to check if we are in personal profile but a work profile managed by clouddpc
+     * is available.
+     * <a href="https://developers.google.com/android/management/work-profile-detection#detect_if_the_device_has_a_work_profile">Google Docs for intent used</a>
+     * @param context context needed to check for intent
+     * @return true if called in personal profile and a work profile managed by clouddpc exists, false otherwise
+     */
+    public static boolean checkIfIsInPersonalProfileButClouddpcWorkProfileAvailable(@NonNull final Context context) {
+        try {
+            final Intent intent = new Intent("com.google.android.apps.work.clouddpc.ACTION_DETECT_WORK_PROFILE");
+            final List<ResolveInfo> activities = context.getPackageManager().queryIntentActivities(intent, 0);
+
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+                return activities.stream()
+                        .anyMatch(
+                                (ResolveInfo resolveInfo) -> resolveInfo.isCrossProfileIntentForwarderActivity());
+            } else {
+                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
+                    return activities.stream()
+                            .anyMatch(
+                                    (ResolveInfo resolveInfo) -> resolveInfo.activityInfo.name.equals("com.android.internal.app.ForwardIntentToManagedProfile"));
+                }
+            }
+
+            return false;
+        } catch (Exception e) {
+            // If we run into exception for any reason, we'll just return false
+            Logger.warn(TAG, "Received an exception while trying to check if clouddpc work profile is available: " + e.getMessage());
+            return false;
+        }
+    }
+}
@@ -50,6 +50,11 @@ public class Device {
 
     private static IDeviceMetadata sDeviceMetadata;
 
+    /**
+     * Denotes whether or not request is from personal profile but device has a Work Profile Available
+     */
+    private static boolean sIsInPersonalProfileButClouddpcWorkProfileAvailable = false;
+
     private static final ReentrantReadWriteLock sLock = new ReentrantReadWriteLock();
 
     @GuardedBy("sLock")
@@ -73,6 +78,26 @@ public static void clearDeviceMetadata(){
         }
     }
 
+    @GuardedBy("sLock")
+    public static void setIsInPersonalProfileButClouddpcWorkProfileAvailable(final boolean isWorkProfileAvailable) {
+        sLock.writeLock().lock();
+        try {
+            sIsInPersonalProfileButClouddpcWorkProfileAvailable = isWorkProfileAvailable;
+        } finally {
+            sLock.writeLock().unlock();
+        }
+    }
+
+    @GuardedBy("sLock")
+    public static boolean isInPersonalProfileButClouddpcWorkProfileAvailable() {
+        sLock.readLock().lock();
+        try {
+            return sIsInPersonalProfileButClouddpcWorkProfileAvailable;
+        } finally {
+            sLock.readLock().unlock();
+        }
+    }
+
     @NonNull
     @GuardedBy("sLock")
     public static Map<String, String> getPlatformIdParameters() {
@@ -84,10 +109,12 @@ public static Map<String, String> getPlatformIdParameters() {
                 platformParameters.put(PlatformIdParameters.CPU_PLATFORM, sDeviceMetadata.getCpu());
                 platformParameters.put(PlatformIdParameters.OS, sDeviceMetadata.getOsForEsts());
                 platformParameters.put(PlatformIdParameters.DEVICE_MODEL, sDeviceMetadata.getDeviceModel());
+                platformParameters.put(PlatformIdParameters.MANUFACTURER, sDeviceMetadata.getManufacturer());
             } else {
                 platformParameters.put(PlatformIdParameters.CPU_PLATFORM, NOT_SET);
                 platformParameters.put(PlatformIdParameters.OS, NOT_SET);
                 platformParameters.put(PlatformIdParameters.DEVICE_MODEL, NOT_SET);
+                platformParameters.put(PlatformIdParameters.MANUFACTURER, NOT_SET);
             }
 
             return Collections.unmodifiableMap(platformParameters);
@@ -246,6 +273,11 @@ public static final class PlatformIdParameters {
          */
         public static final String OS = "x-client-OS";
 
+        /**
+         * The String representing the device Manufacturer.
+         */
+        public static final String MANUFACTURER = "x-client-MN";
+
         /**
          * The String representing the device model.
          */

@@ -123,6 +123,12 @@ public abstract class MicrosoftAuthorizationRequest<T extends MicrosoftAuthoriza
     @SerializedName("x-client-DM")
     private final String mDiagnosticDM;
 
+    @Expose()
+    @Getter
+    @Accessors(prefix = "m")
+    @SerializedName("x-client-MN")
+    private final String mDiagnosticMN;
+
     @Expose()
     @Getter
     @Accessors(prefix = "m")
@@ -135,6 +141,12 @@ public abstract class MicrosoftAuthorizationRequest<T extends MicrosoftAuthoriza
     @SerializedName("pc")
     private final String mPreferredAuthMethodCode;
 
+    @Expose()
+    @Getter
+    @Accessors(prefix = "m")
+    @SerializedName("x-client-WPAvailable")
+    private final Boolean mWorkProfileAvailable;
+
 
     /**
      * Constructor of MicrosoftAuthorizationRequest.
@@ -162,6 +174,8 @@ protected MicrosoftAuthorizationRequest(@SuppressWarnings(WarningType.rawtype_wa
         mDiagnosticOS = Device.getOsForEsts();
         mDiagnosticDM = Device.getModel();
         mDiagnosticCPU = Device.getCpu();
+        mDiagnosticMN = Device.getManufacturer();
+        mWorkProfileAvailable = Device.isInPersonalProfileButClouddpcWorkProfileAvailable();
     }
 
     public abstract static class Builder<B extends MicrosoftAuthorizationRequest.Builder<B>> extends AuthorizationRequest.Builder<B> {

@@ -51,10 +51,11 @@ public void tearDown() {
     public void testGetDataWhenMetadataIsNotSet(){
         // Shouldn't crash.
         final Map<String, String> platformParameter = Device.getPlatformIdParameters();
-        Assert.assertEquals(3, platformParameter.size());
+        Assert.assertEquals(4, platformParameter.size());
         Assert.assertEquals(NOT_SET, platformParameter.get(Device.PlatformIdParameters.CPU_PLATFORM));
         Assert.assertEquals(NOT_SET, platformParameter.get(Device.PlatformIdParameters.DEVICE_MODEL));
         Assert.assertEquals(NOT_SET, platformParameter.get(Device.PlatformIdParameters.OS));
+        Assert.assertEquals(NOT_SET, platformParameter.get(Device.PlatformIdParameters.MANUFACTURER));
 
         Assert.assertEquals(NOT_SET, Device.getManufacturer());
         Assert.assertEquals(NOT_SET, Device.getModel());
@@ -66,10 +67,11 @@ public void testGetPlatformIdParameters(){
         Device.setDeviceMetadata(new MockDeviceMetadata());
 
         final Map<String, String> platformParameter = Device.getPlatformIdParameters();
-        Assert.assertEquals(3, platformParameter.size());
+        Assert.assertEquals(4, platformParameter.size());
         Assert.assertEquals(MockDeviceMetadata.TEST_CPU, platformParameter.get(Device.PlatformIdParameters.CPU_PLATFORM));
         Assert.assertEquals(MockDeviceMetadata.TEST_DEVICE_MODEL, platformParameter.get(Device.PlatformIdParameters.DEVICE_MODEL));
         Assert.assertEquals(MockDeviceMetadata.TEST_OS_ESTS, platformParameter.get(Device.PlatformIdParameters.OS));
+        Assert.assertEquals(MockDeviceMetadata.TEST_MANUFACTURER, platformParameter.get(Device.PlatformIdParameters.MANUFACTURER));
     }
 
     @Test

@@ -49,6 +49,7 @@ public class MicrosoftAuthorizationRequestTest {
     @After
     public void tearDown() {
         Device.clearDeviceMetadata();
+        Device.setIsInPersonalProfileButClouddpcWorkProfileAvailable(false);
     }
 
     public static final String MOCK_AUTHORITY = "http://mock_authority";
@@ -85,13 +86,51 @@ public void testCreateUriFromAuthorizationRequest() throws MalformedURLException
                         "&x-client-OS=" + MockDeviceMetadata.TEST_OS_ESTS +
                         "&x-client-CPU=" + MockDeviceMetadata.TEST_CPU +
                         "&x-client-DM=" + MockDeviceMetadata.TEST_DEVICE_MODEL +
+                        "&x-client-MN=" + MockDeviceMetadata.TEST_MANUFACTURER +
                         "&instance_aware=" + MOCK_MULTIPLE_CLOUD_AWARE +
+                        "&x-client-WPAvailable=false" +
                 // Base class fields start here.
                         "&response_type=code" +
                         "&state=" + MOCK_STATE_ENCODED,
                 request.getAuthorizationRequestAsHttpRequest().toString());
     }
 
+    @Test
+    public void testCreateUriFromAuthorizationRequestWithWPAvailable() throws MalformedURLException, ClientException {
+        Device.setDeviceMetadata(new MockDeviceMetadata());
+
+        Device.setIsInPersonalProfileButClouddpcWorkProfileAvailable(true);
+
+        final MockMicrosoftAuthorizationRequest request = new MockMicrosoftAuthorizationRequest.Builder()
+                .setAuthority(new URL(MOCK_AUTHORITY))
+                .setLibraryVersion(MOCK_LIBRARY_VERSION)
+                .setLibraryName(MOCK_LIBRARY_NAME)
+                .setMultipleCloudAware(MOCK_MULTIPLE_CLOUD_AWARE)
+                .setCorrelationId(MOCK_CORRELATION_ID)
+                .setLoginHint(MOCK_LOGIN_HINT)
+                .setPkceChallenge(MOCK_PKCE_CHALLENGE)
+                .setState(MOCK_STATE)
+                .build();
+
+        Assert.assertEquals(MockAuthorizationRequest.MOCK_AUTH_ENDPOINT +
+                        "?login_hint=" + MOCK_LOGIN_HINT +
+                        "&client-request-id=" + MOCK_CORRELATION_ID +
+                        "&code_challenge=" + MOCK_PKCE_CHALLENGE.getCodeChallenge() +
+                        "&code_challenge_method=" + MOCK_PKCE_CHALLENGE.getCodeChallengeMethod() +
+                        "&x-client-Ver=" + MOCK_LIBRARY_VERSION +
+                        "&x-client-SKU=" + MOCK_LIBRARY_NAME +
+                        "&x-client-OS=" + MockDeviceMetadata.TEST_OS_ESTS +
+                        "&x-client-CPU=" + MockDeviceMetadata.TEST_CPU +
+                        "&x-client-DM=" + MockDeviceMetadata.TEST_DEVICE_MODEL +
+                        "&x-client-MN=" + MockDeviceMetadata.TEST_MANUFACTURER +
+                        "&instance_aware=" + MOCK_MULTIPLE_CLOUD_AWARE +
+                        "&x-client-WPAvailable=true" +
+                        // Base class fields start here.
+                        "&response_type=code" +
+                        "&state=" + MOCK_STATE_ENCODED,
+                request.getAuthorizationRequestAsHttpRequest().toString());
+    }
+
     // If state is not provided, MicrosoftAuthorizationRequest should generate a default one.
     @Test
     public void testDefaultStateGenerated(){

@@ -95,6 +95,7 @@ public class MicrosoftStsAuthorizationRequestTests {
     @After
     public void tearDown() {
         Device.clearDeviceMetadata();
+        Device.setIsInPersonalProfileButClouddpcWorkProfileAvailable(false);
     }
 
     static URL getValidRequestUrl() throws MalformedURLException {
@@ -139,6 +140,61 @@ public void testCreateUriFromAuthorizationRequest() throws MalformedURLException
                         "&x-client-OS=" + MockDeviceMetadata.TEST_OS_ESTS +
                         "&x-client-CPU=" + MockDeviceMetadata.TEST_CPU +
                         "&x-client-DM=" + MockDeviceMetadata.TEST_DEVICE_MODEL +
+                        "&x-client-MN=" + MockDeviceMetadata.TEST_MANUFACTURER +
+                        "&x-client-WPAvailable=false" +
+                        "&response_type=code" +
+                        "&client_id=" + DEFAULT_TEST_CLIENT_ID +
+                        "&redirect_uri=" + DEFAULT_TEST_REDIRECT_URI_ENCODED +
+                        "&state=" + MOCK_STATE_ENCODED +
+                        "&scope=" + DEFAULT_TEST_SCOPE_ENCODED +
+                        "&" + MOCK_FLIGHT_QUERY_1 + "=" + MOCK_FLIGHT_VALUE_1 +
+                        "&" + MOCK_FLIGHT_QUERY_2 + "=" + MOCK_FLIGHT_VALUE_2 +
+                        "&slice=" + DEFAULT_TEST_SLICE_PARAMETER +
+                        "&dc=" + DEFAULT_TEST_DATA_CENTER,
+                request.getAuthorizationRequestAsHttpRequest().toString());
+
+        Assert.assertEquals(DEFAULT_TEST_DISPLAYABLEID, request.getDisplayableId());
+    }
+
+    @Test
+    public void testCreateUriFromAuthorizationRequestWithWPAvailable() throws MalformedURLException, URISyntaxException, ClientException {
+        Device.setDeviceMetadata(new MockDeviceMetadata());
+        Device.setIsInPersonalProfileButClouddpcWorkProfileAvailable(true);
+
+        final MicrosoftStsAuthorizationRequest request = new MicrosoftStsAuthorizationRequest.Builder()
+                .setPrompt(DEFAULT_TEST_PROMPT)
+                .setUid(DEFAULT_TEST_UID)
+                .setUtid(DEFAULT_TEST_UTID)
+                .setInstalledCompanyPortalVersion(TEST_CP_VERSION)
+                .setSlice(DEFAULT_TEST_SLICE)
+                .setFlightParameters(DEFAULT_FLIGHT_PARAMETER)
+                .setDisplayableId(DEFAULT_TEST_DISPLAYABLEID)
+
+                // Values from base class.
+                .setCorrelationId(DEFAULT_TEST_CORRELATION_ID)
+                .setPkceChallenge(MOCK_PKCE_CHALLENGE)
+                .setAuthority(getValidRequestUrl())
+
+                .setClientId(DEFAULT_TEST_CLIENT_ID)
+                .setRedirectUri(DEFAULT_TEST_REDIRECT_URI)
+                .setState(MOCK_STATE)
+                .setScope(DEFAULT_TEST_SCOPE)
+                .build();
+
+        Assert.assertEquals(DEFAULT_TEST_AUTHORIZATION_ENDPOINT +
+                        "?prompt=" + DEFAULT_TEST_PROMPT +
+                        "&login_req=" + DEFAULT_TEST_UID +
+                        "&domain_req=" + DEFAULT_TEST_UTID +
+                        "&cpVersion=" + TEST_CP_VERSION +
+                        // Base class fields start here.
+                        "&client-request-id=" + DEFAULT_TEST_CORRELATION_ID +
+                        "&code_challenge=" + MOCK_PKCE_CHALLENGE.getCodeChallenge() +
+                        "&code_challenge_method=" + MOCK_PKCE_CHALLENGE.getCodeChallengeMethod() +
+                        "&x-client-OS=" + MockDeviceMetadata.TEST_OS_ESTS +
+                        "&x-client-CPU=" + MockDeviceMetadata.TEST_CPU +
+                        "&x-client-DM=" + MockDeviceMetadata.TEST_DEVICE_MODEL +
+                        "&x-client-MN=" + MockDeviceMetadata.TEST_MANUFACTURER +
+                        "&x-client-WPAvailable=true" +
                         "&response_type=code" +
                         "&client_id=" + DEFAULT_TEST_CLIENT_ID +
                         "&redirect_uri=" + DEFAULT_TEST_REDIRECT_URI_ENCODED +