Native auth: SMS OTP MFA/JIT implementation, Fixes AB#3313635 #2766
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
changed the title
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR implements SMS OTP Multi-Factor Authentication (MFA) and Just-In-Time (JIT) provisioning capabilities in the native authentication system. The changes extend the existing email OTP infrastructure to support SMS-based verification flows.
- Adds SMS channel support for OTP verification in MFA and JIT flows
- Refactors MFA command structure to use auth method IDs instead of default challenges
- Introduces blocked verification contact handling for improved error messaging
Reviewed Changes
Copilot reviewed 28 out of 28 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| MockApiResponseType.kt | Adds SMS success response type for testing |
| NativeAuthResponseHandlerTest.kt | Removes deprecated introspect required test case |
| NativeAuthRequestProviderTest.kt | Updates OOB token request tests with MFA grant type support |
| ApiErrorResponseUtil.kt | Adds blocked challenge target error detection, removes introspect required check |
| SignInChallengeApiResult.kt | Removes deprecated IntrospectRequired result type |
| SignInChallengeApiResponse.kt | Simplifies response handling by removing introspect required logic |
| AuthenticationMethodApiResult.kt | Makes loginHint field nullable |
| JITChallengeApiResult.kt | Adds BlockedVerificationContact error result |
| JITChallengeApiResponse.kt | Adds blocked verification contact error handling |
| SignInTokenRequest.kt | Adds MFA grant type parameter support |
| NativeAuthRequestProvider.kt | Updates OOB token request creation with MFA grant type |
| NativeAuthConstants.kt | Adds MFA_OOB grant type, removes VOICE channel |
| SignInCommandResult.kt | Refactors MFARequired to include auth methods instead of error details |
| MFACommandResult.kt | Removes SelectionRequired result type |
| JITCommandResult.kt | Adds BlockedVerificationContact result |
| SignInSubmitCodeCommandParameters.java | Adds isMFAGrantType field |
| MFAChallengeAuthMethodCommandParameters.java | Replaces default challenge with auth method ID approach |
| PublicApiId.java | Removes unused MFA API identifiers |
| CommandUtilTest.kt | Updates tests for MFA grant type handling |
| NativeAuthControllerTest.kt | Comprehensive test updates for SMS MFA flows |
| SignInOAuthStrategyTest.kt | Updates token request tests with MFA grant type |
| CommandUtil.java | Adds MFA grant type support to utility methods |
| NativeAuthMsalController.kt | Major refactoring of MFA flow handling and introspect integration |
| MFAChallengeCommand.kt | Updates command to use auth method parameters |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
...m/microsoft/identity/common/java/nativeauth/providers/responses/jit/JITChallengeApiResult.kt
Show resolved
Hide resolved
...va/com/microsoft/identity/common/nativeauth/internal/controllers/NativeAuthControllerTest.kt
Outdated
Show resolved
Hide resolved
...va/com/microsoft/identity/common/nativeauth/internal/controllers/NativeAuthMsalController.kt
Show resolved
Hide resolved
# Conflicts: # common/src/test/java/com/microsoft/identity/common/nativeauth/internal/controllers/NativeAuthControllerTest.kt # common4j/src/main/com/microsoft/identity/common/java/nativeauth/controllers/results/SignInCommandResult.kt
nilo-ms
added
the
Skip-Consumers-Check
mustafamizrak
approved these changes
Sep 24, 2025
spetrescu84
approved these changes
Sep 24, 2025
andwhysoft
approved these changes
Sep 24, 2025
nilo-ms
added a commit
to AzureAD/microsoft-authentication-library-for-android
that referenced
this pull request
Sep 25, 2025
This PR needs to be merged after the email OTP MFA one. This PR contains the changes to support SMS OTP MFA/JIT. Verification contact is now a mandatory field. MSAL Common PR: AzureAD/microsoft-authentication-library-common-for-android#2766 Fixes [AB#3313635](https://identitydivision.visualstudio.com/Engineering/_workitems/edit/3313635)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR needs to be merged after the email OTP MFA one.
This PR contains the changes to support SMS OTP MFA/JIT.
Verification contact is now a mandatory field.
MSAL PR: AzureAD/microsoft-authentication-library-for-android#2382
Fixes AB#3313635