Skip to content

Commit 5e936dd

Browse files
author
Kanishk Panwar
committed
Merge pull request #234 from AzureAD/pkeyauth_flag_fix
Pkeyauth flag fix to master
2 parents 9a9b492 + 1c44d26 commit 5e936dd

File tree

8 files changed

+34
-27
lines changed

8 files changed

+34
-27
lines changed

ADALiOS.podspec

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
Pod::Spec.new do |s|
22
s.name = "ADALiOS"
3-
s.version = "1.1.10"
3+
s.version = "1.1.11"
44
s.summary = "The ADAL SDK for iOS gives you the ability to add Azure Identity authentication to your application"
55

66
s.description = <<-DESC

ADALiOS/ADALiOS/ADALiOS.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
//version in static define until we identify a better place:
2121
#define ADAL_VER_HIGH 1
2222
#define ADAL_VER_LOW 1
23+
#define ADAL_VER_PATCH 11
2324

2425
#import "ADLogger.h"
2526
#import "ADErrorCodes.h"

ADALiOS/ADALiOS/ADAuthenticationContext.m

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1602,10 +1602,7 @@ - (void)request:(NSString *)authorizationServer
16021602
webRequest.method = HTTPPost;
16031603
[webRequest.headers setObject:@"application/json" forKey:@"Accept"];
16041604
[webRequest.headers setObject:@"application/x-www-form-urlencoded" forKey:@"Content-Type"];
1605-
if([[ADWorkPlaceJoin WorkPlaceJoinManager] isWorkPlaceJoined ]){
1606-
[webRequest.headers setObject:pKeyAuthHeaderVersion forKey:pKeyAuthHeader];
1607-
}
1608-
1605+
[webRequest.headers setObject:pKeyAuthHeaderVersion forKey:pKeyAuthHeader];
16091606
if(additionalHeaders){
16101607
for (NSString* key in [additionalHeaders allKeys] ) {
16111608
[webRequest.headers setObject:[additionalHeaders objectForKey:key ] forKey:key];

ADALiOS/ADALiOS/ADAuthenticationWebViewController.m

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -77,9 +77,7 @@ - (void)dealloc
7777
- (void)start
7878
{
7979
NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:_startURL];
80-
if([[ADWorkPlaceJoin WorkPlaceJoinManager] isWorkPlaceJoined]){
81-
[request setValue:@"1.0" forHTTPHeaderField: @"x-ms-PkeyAuth"];
82-
}
80+
[request setValue:@"1.0" forHTTPHeaderField: @"x-ms-PkeyAuth"];
8381
[_webView loadRequest:request];
8482
}
8583

@@ -141,7 +139,7 @@ - (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)
141139
return NO;
142140
}
143141

144-
if([[ADWorkPlaceJoin WorkPlaceJoinManager] isWorkPlaceJoined] && ![request.allHTTPHeaderFields valueForKey:pKeyAuthHeader]){
142+
if(![request.allHTTPHeaderFields valueForKey:pKeyAuthHeader]){
145143
// Create a mutable copy of the immutable request and add more headers
146144
NSMutableURLRequest *mutableRequest = [request mutableCopy];
147145
[mutableRequest addValue:pKeyAuthHeaderVersion forHTTPHeaderField:pKeyAuthHeader];

ADALiOS/ADALiOS/ADLogger.m

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ +(void) setLogCallBack: (LogCallback) callback
4444
{
4545
@synchronized(self)//Avoid changing to null while attempting to call it.
4646
{
47-
sLogCallback = callback;
47+
sLogCallback = [callback copy];
4848
}
4949
}
5050

@@ -197,7 +197,7 @@ +(NSUUID*) getCorrelationId
197197

198198
+(NSString*) getAdalVersion
199199
{
200-
return [NSString stringWithFormat:@"%d.%d", ADAL_VER_HIGH, ADAL_VER_LOW];
200+
return [NSString stringWithFormat:@"%d.%d.%d", ADAL_VER_HIGH, ADAL_VER_LOW, ADAL_VER_PATCH];
201201
}
202202

203203
+(void) logToken: (NSString*) token

ADALiOS/ADALiOS/ADPkeyAuthHelper.m

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -52,20 +52,21 @@ + (NSString*) createDeviceAuthResponse:(NSString*) authorizationServer
5252
NSString* pKeyAuthHeader = @"";
5353
BOOL challengeSuccessful = false;
5454

55-
if(challengeType == AD_ISSUER){
56-
57-
NSString* certAuths = [challengeData valueForKey:@"CertAuthorities"];
58-
certAuths = [[certAuths adUrlFormDecode] stringByReplacingOccurrencesOfString:@" "
59-
withString:@""];
60-
NSString* issuerOU = [ADPkeyAuthHelper getOrgUnitFromIssuer:[info certificateIssuer]];
61-
challengeSuccessful = [self isValidIssuer:certAuths keychainCertIssuer:issuerOU];
62-
}else{
63-
NSString* expectedThumbprint = [challengeData valueForKey:@"CertThumbprint"];
64-
if(expectedThumbprint){
65-
challengeSuccessful = [NSString adSame:expectedThumbprint toString:[ADPkeyAuthHelper computeThumbprint:[info certificateData]]];
55+
if ([info isWorkPlaceJoined]) {
56+
if(challengeType == AD_ISSUER){
57+
58+
NSString* certAuths = [challengeData valueForKey:@"CertAuthorities"];
59+
certAuths = [[certAuths adUrlFormDecode] stringByReplacingOccurrencesOfString:@" "
60+
withString:@""];
61+
NSString* issuerOU = [ADPkeyAuthHelper getOrgUnitFromIssuer:[info certificateIssuer]];
62+
challengeSuccessful = [self isValidIssuer:certAuths keychainCertIssuer:issuerOU];
63+
}else{
64+
NSString* expectedThumbprint = [challengeData valueForKey:@"CertThumbprint"];
65+
if(expectedThumbprint){
66+
challengeSuccessful = [NSString adSame:expectedThumbprint toString:[ADPkeyAuthHelper computeThumbprint:[info certificateData]]];
67+
}
6668
}
6769
}
68-
6970
if(challengeSuccessful){
7071
pKeyAuthHeader = [NSString stringWithFormat:@"AuthToken=\"%@\",", [ADPkeyAuthHelper createDeviceAuthResponse:authorizationServer nonce:[challengeData valueForKey:@"nonce"] identity:info]];
7172
}
@@ -97,7 +98,7 @@ + (BOOL) isValidIssuer:(NSString*) certAuths
9798
keychainCertIssuer = [keychainCertIssuer uppercaseString];
9899
certAuths = [certAuths uppercaseString];
99100
NSRegularExpression *regex = [NSRegularExpression regularExpressionWithPattern:regexString options:0 error:NULL];
100-
101+
101102
for (NSTextCheckingResult* myMatch in [regex matchesInString:certAuths options:0 range:NSMakeRange(0, [certAuths length])]){
102103
for (NSUInteger i = 0; i < myMatch.numberOfRanges; ++i)
103104
{
@@ -115,7 +116,7 @@ + (BOOL) isValidIssuer:(NSString*) certAuths
115116
+ (NSString *) createDeviceAuthResponse:(NSString*) audience
116117
nonce:(NSString*) nonce
117118
identity:(ADRegistrationInformation *) identity{
118-
119+
119120
NSArray *arrayOfStrings = @[[NSString stringWithFormat:@"%@", [[identity certificateData] base64EncodedStringWithOptions:0]]];
120121
NSDictionary *header = @{
121122
@"alg" : @"RS256",

Samples/MyTestiOSApp/MyTestiOSApp/BVTestMainViewController.m

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@ - (IBAction)pressMeAction:(id)sender
133133
clientId:clientId
134134
redirectUri:[NSURL URLWithString:redirectUri]
135135
userId:userId
136-
extraQueryParameters: mAADInstance.extraQueryParameters
136+
extraQueryParameters:@"nux=1"
137137
completionBlock:^(ADAuthenticationResult *result) {
138138
if (result.status != AD_SUCCEEDED)
139139
{

changelog.txt

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,13 @@
1+
Version 1.1.11
2+
--------------
3+
This release contains bug fixes and updates for an improved developer experience. Given below is the changelist -
4+
5+
* Added support for client assertion to acquire token.
6+
* Client Metric reporting support for improved service analytics.
7+
* Updated logging messages to include ADAL version and correlation id.
8+
* Fixed Issue #230.
9+
* Fixed Issue #229.
10+
111
Version 1.1.10
212
--------------
313
This release contains several bug fixes and updates for an improved developer experience. Given below is the changelist -
@@ -51,4 +61,4 @@ This release includes bug fixes for PkeyAuth protocol. Given below is a cumulati
5161
* Removed PII indentifying log statements.
5262
* Fixed the issue where the root view controller was being dismissed upon web view cancellation.
5363
* Fixed memory leaks and added allocation checks.
54-
* Fixed cache issue where adal would error out while getting token for 3rd unique user.
64+
* Fixed cache issue where adal would error out while getting token for 3rd unique user.

0 commit comments

Comments
 (0)