Skip to content

Conversation

@nilo-ms
Copy link
Contributor

@nilo-ms nilo-ms commented Nov 6, 2025

Update auth method blocked error handling. Use suberror instead of error codes

AB#3395876

@nilo-ms nilo-ms requested a review from a team as a code owner November 6, 2025 12:28
Copilot AI review requested due to automatic review settings November 6, 2025 12:28
@github-actions github-actions bot changed the title Native auth: update auth method blocked error handling Native auth: update auth method blocked error handling, Fixes AB#3395876 Nov 6, 2025
@nilo-ms nilo-ms requested a review from a team as a code owner November 6, 2025 12:31
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR refactors the error detection mechanism for blocked authentication methods and verification contacts in Native Auth responses. The change migrates from an error-code-based approach (errorCodes checking for 550024) to a suberror-based approach (subError checking for "provider_blocked_by_rep"), aligning with updated API contract specifications.

Key changes:

  • Added subError field to JITChallengeApiResponse to support provider blocking detection
  • Updated error detection logic from error.isInvalidRequest() && errorCodes?.first().isBlockedChallengeTarget() to error.isAccessDenied() && subError.isProviderBlocked()
  • Replaced the removed isBlockedChallengeTarget() function with new isProviderBlocked() and isAccessDenied() utility functions

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
ApiErrorResponseUtil.kt Removed isBlockedChallengeTarget() function and added isAccessDenied() and isProviderBlocked() utility functions for new error detection
SignInChallengeApiResponse.kt Updated imports and error detection logic to use isAccessDenied() and isProviderBlocked() instead of the removed isBlockedChallengeTarget()
JITChallengeApiResponse.kt Added subError field, updated imports, and changed error detection logic for blocked verification contacts
NativeAuthResponseHandler.kt Added subError = null to empty response construction for JITChallengeApiResponse
NativeAuthResponseHandlerTest.kt Updated all JITChallengeApiResponse test constructors to include subError = null parameter
Comments suppressed due to low confidence (1)

common4j/src/main/com/microsoft/identity/common/java/nativeauth/providers/responses/signin/SignInChallengeApiResponse.kt:87

  • Missing test coverage for the new blocked auth method scenario. The PR introduces a new error detection path (error.isAccessDenied() && subError.isProviderBlocked()) that triggers SignInChallengeApiResult.BlockedAuthMethod, but there are no tests validating this new behavior.

Recommendation: Add a test case in NativeAuthResponseHandlerTest.kt (similar to existing SignInChallengeApiResponse tests) that verifies:

  • When error is "access_denied"
  • And subError is "provider_blocked_by_rep"
  • The result is correctly mapped to SignInChallengeApiResult.BlockedAuthMethod

This ensures the new provider blocking logic works as intended for sign-in challenges.

                    error.isAccessDenied() && subError.isProviderBlocked() -> {
                        SignInChallengeApiResult.BlockedAuthMethod(
                            error = error.orEmpty(),
                            errorDescription = errorDescription.orEmpty(),
                            errorCodes = errorCodes.orEmpty(),
                            correlationId = correlationId
                        )

@nilo-ms nilo-ms merged commit 67d323b into dev Nov 7, 2025
23 of 25 checks passed
@nilo-ms nilo-ms deleted the danilo/update-blocked-auth-method- branch November 7, 2025 17:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants