Merge pull request #234 from AzureAD/pkeyauth_flag_fix

Pkeyauth flag fix to master

Author: Kanishk Panwar

ADALiOS.podspec

@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "ADALiOS"
-  s.version      = "1.1.10"
+  s.version      = "1.1.11"
   s.summary      = "The ADAL SDK for iOS gives you the ability to add Azure Identity authentication to your application"
 
   s.description  = <<-DESC

ADALiOS/ADALiOS/ADALiOS.h

@@ -20,6 +20,7 @@
 //version in static define until we identify a better place:
 #define ADAL_VER_HIGH   1
 #define ADAL_VER_LOW    1
+#define ADAL_VER_PATCH  11
 
 #import "ADLogger.h"
 #import "ADErrorCodes.h"

ADALiOS/ADALiOS/ADAuthenticationContext.m

@@ -1602,10 +1602,7 @@ - (void)request:(NSString *)authorizationServer
     webRequest.method = HTTPPost;
     [webRequest.headers setObject:@"application/json" forKey:@"Accept"];
     [webRequest.headers setObject:@"application/x-www-form-urlencoded" forKey:@"Content-Type"];
-    if([[ADWorkPlaceJoin WorkPlaceJoinManager] isWorkPlaceJoined ]){
-        [webRequest.headers setObject:pKeyAuthHeaderVersion forKey:pKeyAuthHeader];
-    }
-    
+    [webRequest.headers setObject:pKeyAuthHeaderVersion forKey:pKeyAuthHeader];    
     if(additionalHeaders){
         for (NSString* key in [additionalHeaders allKeys] ) {
             [webRequest.headers setObject:[additionalHeaders objectForKey:key ] forKey:key];

ADALiOS/ADALiOS/ADAuthenticationWebViewController.m

@@ -77,9 +77,7 @@ - (void)dealloc
 - (void)start
 {
     NSMutableURLRequest* request = [[NSMutableURLRequest alloc] initWithURL:_startURL];
-    if([[ADWorkPlaceJoin WorkPlaceJoinManager] isWorkPlaceJoined]){
-        [request setValue:@"1.0" forHTTPHeaderField: @"x-ms-PkeyAuth"];
-    }
+    [request setValue:@"1.0" forHTTPHeaderField: @"x-ms-PkeyAuth"];
     [_webView loadRequest:request];
 }
 
@@ -141,7 +139,7 @@ - (BOOL)webView:(UIWebView *)webView shouldStartLoadWithRequest:(NSURLRequest *)
         return NO;
     }
 
-    if([[ADWorkPlaceJoin WorkPlaceJoinManager] isWorkPlaceJoined] && ![request.allHTTPHeaderFields valueForKey:pKeyAuthHeader]){
+    if(![request.allHTTPHeaderFields valueForKey:pKeyAuthHeader]){
         // Create a mutable copy of the immutable request and add more headers
         NSMutableURLRequest *mutableRequest = [request mutableCopy];
         [mutableRequest addValue:pKeyAuthHeaderVersion forHTTPHeaderField:pKeyAuthHeader];

ADALiOS/ADALiOS/ADLogger.m

@@ -44,7 +44,7 @@ +(void) setLogCallBack: (LogCallback) callback
 {
     @synchronized(self)//Avoid changing to null while attempting to call it.
     {
-        sLogCallback = callback;
+        sLogCallback = [callback copy];
     }
 }
 
@@ -197,7 +197,7 @@ +(NSUUID*) getCorrelationId
 
 +(NSString*) getAdalVersion
 {
-    return [NSString stringWithFormat:@"%d.%d", ADAL_VER_HIGH, ADAL_VER_LOW];
+    return [NSString stringWithFormat:@"%d.%d.%d", ADAL_VER_HIGH, ADAL_VER_LOW, ADAL_VER_PATCH];
 }
 
 +(void) logToken: (NSString*) token

ADALiOS/ADALiOS/ADPkeyAuthHelper.m

@@ -52,20 +52,21 @@ + (NSString*) createDeviceAuthResponse:(NSString*) authorizationServer
     NSString* pKeyAuthHeader = @"";
     BOOL challengeSuccessful = false;
 
-    if(challengeType == AD_ISSUER){
-        
-        NSString* certAuths = [challengeData valueForKey:@"CertAuthorities"];
-        certAuths = [[certAuths adUrlFormDecode] stringByReplacingOccurrencesOfString:@" "
-                                                                           withString:@""];
-        NSString* issuerOU = [ADPkeyAuthHelper getOrgUnitFromIssuer:[info certificateIssuer]];
-        challengeSuccessful = [self isValidIssuer:certAuths keychainCertIssuer:issuerOU];
-    }else{
-        NSString* expectedThumbprint = [challengeData valueForKey:@"CertThumbprint"];
-        if(expectedThumbprint){
-            challengeSuccessful = [NSString adSame:expectedThumbprint toString:[ADPkeyAuthHelper computeThumbprint:[info certificateData]]];
+    if ([info isWorkPlaceJoined]) {
+        if(challengeType == AD_ISSUER){
+            
+            NSString* certAuths = [challengeData valueForKey:@"CertAuthorities"];
+            certAuths = [[certAuths adUrlFormDecode] stringByReplacingOccurrencesOfString:@" "
+                                                                               withString:@""];
+            NSString* issuerOU = [ADPkeyAuthHelper getOrgUnitFromIssuer:[info certificateIssuer]];
+            challengeSuccessful = [self isValidIssuer:certAuths keychainCertIssuer:issuerOU];
+        }else{
+            NSString* expectedThumbprint = [challengeData valueForKey:@"CertThumbprint"];
+            if(expectedThumbprint){
+                challengeSuccessful = [NSString adSame:expectedThumbprint toString:[ADPkeyAuthHelper computeThumbprint:[info certificateData]]];
+            }
         }
     }
-    
     if(challengeSuccessful){
         pKeyAuthHeader = [NSString stringWithFormat:@"AuthToken=\"%@\",", [ADPkeyAuthHelper createDeviceAuthResponse:authorizationServer nonce:[challengeData valueForKey:@"nonce"] identity:info]];
     }
@@ -97,7 +98,7 @@ + (BOOL) isValidIssuer:(NSString*) certAuths
     keychainCertIssuer = [keychainCertIssuer uppercaseString];
     certAuths = [certAuths uppercaseString];
     NSRegularExpression *regex = [NSRegularExpression regularExpressionWithPattern:regexString options:0 error:NULL];
-
+    
     for (NSTextCheckingResult* myMatch in [regex matchesInString:certAuths options:0 range:NSMakeRange(0, [certAuths length])]){
         for (NSUInteger i = 0; i < myMatch.numberOfRanges; ++i)
         {
@@ -115,7 +116,7 @@ + (BOOL) isValidIssuer:(NSString*) certAuths
 + (NSString *) createDeviceAuthResponse:(NSString*) audience
                                   nonce:(NSString*) nonce
                                identity:(ADRegistrationInformation *) identity{
-
+    
     NSArray *arrayOfStrings = @[[NSString stringWithFormat:@"%@", [[identity certificateData] base64EncodedStringWithOptions:0]]];
     NSDictionary *header = @{
                              @"alg" : @"RS256",

Samples/MyTestiOSApp/MyTestiOSApp/BVTestMainViewController.m

@@ -133,7 +133,7 @@ - (IBAction)pressMeAction:(id)sender
                                   clientId:clientId
                                redirectUri:[NSURL URLWithString:redirectUri]
                                     userId:userId
-                      extraQueryParameters: mAADInstance.extraQueryParameters
+                      extraQueryParameters:@"nux=1"
                            completionBlock:^(ADAuthenticationResult *result) {
                                if (result.status != AD_SUCCEEDED)
                                {

changelog.txt

@@ -1,3 +1,13 @@
+Version 1.1.11
+--------------
+This release contains bug fixes and updates for an improved developer experience. Given below is the changelist -
+
+* Added support for client assertion to acquire token.
+* Client Metric reporting support for improved service analytics.
+* Updated logging messages to include ADAL version and correlation id.
+* Fixed Issue #230.
+* Fixed Issue #229.
+
 Version 1.1.10
 --------------
 This release contains several bug fixes and updates for an improved developer experience. Given below is the changelist -
@@ -51,4 +61,4 @@ This release includes bug fixes for PkeyAuth protocol. Given below is a cumulati
 * Removed PII indentifying log statements.
 * Fixed the issue where the root view controller was being dismissed upon web view cancellation.
 * Fixed memory leaks and added allocation checks.
-* Fixed cache issue where adal would error out while getting token for 3rd unique user.
+* Fixed cache issue where adal would error out while getting token for 3rd unique user.