Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use single FRT #1470

Open
wants to merge 23 commits into
base: dev
Choose a base branch
from
Open

Use single FRT #1470

Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
b7ac9d4
Use a single FRT if configured and enabled
juan-arias Jan 4, 2025
7250799
Remove not used file
juan-arias Jan 6, 2025
63a1fa9
Allow MSAL apps to disable single FRT
juan-arias Jan 7, 2025
034c23a
Merge branch 'dev' into jarias/use-single-frt
juan-arias Jan 7, 2025
c22fe16
Send refresh token to web view to prevent password prompts when inter…
juan-arias Jan 11, 2025
3aa7008
Add extra logs, don't send extra custom headers when using broker
juan-arias Jan 14, 2025
2e732d1
Store flag to disable FRT in requestContext instead of msidConfigurat…
juan-arias Jan 18, 2025
0e2175f
Merge branch 'dev' into jarias/use-single-frt
juan-arias Feb 10, 2025
340f3d3
Return reason why FRT is enabled or not.
juan-arias Feb 14, 2025
748fed2
Clean commented code
juan-arias Feb 14, 2025
9adf79b
Merge branch 'dev' into jarias/use-single-frt
juan-arias Mar 4, 2025
357ac47
Merge branch 'dev' into jarias/use-single-frt
juan-arias Mar 10, 2025
3c5a825
Refactor SFRT code to now handle activation/deactivation from a featu…
juan-arias Mar 12, 2025
cee6ee5
Add server side telemetry
juan-arias Mar 12, 2025
2f5fb2f
Merge branch 'dev' into jarias/use-single-frt
juan-arias Mar 12, 2025
248c3b1
Update changelog
juan-arias Mar 12, 2025
477991e
Fix build error
juan-arias Mar 12, 2025
006c43d
Fix build error
juan-arias Mar 12, 2025
c443a0b
Merge branch 'dev' into jarias/use-single-frt
juan-arias Mar 20, 2025
d8c4614
Address PR comments
juan-arias Mar 21, 2025
0fbe5d1
Merge branch 'dev' into jarias/use-single-frt
juan-arias Mar 27, 2025
48800fb
Decide to enable/disable single frt based on string flight to allow 3…
juan-arias Mar 27, 2025
742807e
Address PR comments
juan-arias Mar 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions IdentityCore/IdentityCore.xcodeproj/project.pbxproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1768,6 +1768,9 @@
B41163B929BAC9BF00E64619 /* MSIDWKNavigationActionMock.m in Sources */ = {isa = PBXBuildFile; fileRef = B41163B829BAC9BF00E64619 /* MSIDWKNavigationActionMock.m */; };
B41163BA29BAC9BF00E64619 /* MSIDWKNavigationActionMock.m in Sources */ = {isa = PBXBuildFile; fileRef = B41163B829BAC9BF00E64619 /* MSIDWKNavigationActionMock.m */; };
B41163BC29BAC9EE00E64619 /* MSIDWKNavigationActionMock.h in Headers */ = {isa = PBXBuildFile; fileRef = B41163BB29BAC9DE00E64619 /* MSIDWKNavigationActionMock.h */; };
B42C16012CE7E54800553316 /* MSIDFamilyRefreshToken.h in Headers */ = {isa = PBXBuildFile; fileRef = B42C16002CE7E53800553316 /* MSIDFamilyRefreshToken.h */; };
B42C16032CE7E55200553316 /* MSIDFamilyRefreshToken.m in Sources */ = {isa = PBXBuildFile; fileRef = B42C16022CE7E54C00553316 /* MSIDFamilyRefreshToken.m */; };
B42C16042CE7E55200553316 /* MSIDFamilyRefreshToken.m in Sources */ = {isa = PBXBuildFile; fileRef = B42C16022CE7E54C00553316 /* MSIDFamilyRefreshToken.m */; };
B431B5232AF040450020CD3D /* MSIDBrokerOperationPasskeyAssertionRequestTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B431B5222AF040450020CD3D /* MSIDBrokerOperationPasskeyAssertionRequestTests.m */; };
B431B5242AF040450020CD3D /* MSIDBrokerOperationPasskeyAssertionRequestTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B431B5222AF040450020CD3D /* MSIDBrokerOperationPasskeyAssertionRequestTests.m */; };
B431B5262AF05B3F0020CD3D /* MSIDBrokerOperationPasskeyCredentialRequestTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B431B5252AF05B3F0020CD3D /* MSIDBrokerOperationPasskeyCredentialRequestTests.m */; };
Expand Down Expand Up @@ -3224,6 +3227,8 @@
B41163B529BAC20000E64619 /* MSIDAADOAuthEmbeddedWebviewControllerTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDAADOAuthEmbeddedWebviewControllerTests.m; sourceTree = "<group>"; };
B41163B829BAC9BF00E64619 /* MSIDWKNavigationActionMock.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDWKNavigationActionMock.m; sourceTree = "<group>"; };
B41163BB29BAC9DE00E64619 /* MSIDWKNavigationActionMock.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDWKNavigationActionMock.h; sourceTree = "<group>"; };
B42C16002CE7E53800553316 /* MSIDFamilyRefreshToken.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MSIDFamilyRefreshToken.h; sourceTree = "<group>"; };
B42C16022CE7E54C00553316 /* MSIDFamilyRefreshToken.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDFamilyRefreshToken.m; sourceTree = "<group>"; };
B431B5222AF040450020CD3D /* MSIDBrokerOperationPasskeyAssertionRequestTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDBrokerOperationPasskeyAssertionRequestTests.m; sourceTree = "<group>"; };
B431B5252AF05B3F0020CD3D /* MSIDBrokerOperationPasskeyCredentialRequestTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDBrokerOperationPasskeyCredentialRequestTests.m; sourceTree = "<group>"; };
B431B5282AF05C890020CD3D /* MSIDBrokerOperationGetPasskeyAssertionResponseTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDBrokerOperationGetPasskeyAssertionResponseTests.m; sourceTree = "<group>"; };
Expand Down Expand Up @@ -4785,6 +4790,8 @@
B2DD4B2520A7D67C0047A66E /* MSIDLegacyRefreshToken.m */,
60F7BE8921DA4DFC00F1BBA1 /* MSIDPrimaryRefreshToken.h */,
60F7BE8A21DA4E2900F1BBA1 /* MSIDPrimaryRefreshToken.m */,
B42C16002CE7E53800553316 /* MSIDFamilyRefreshToken.h */,
B42C16022CE7E54C00553316 /* MSIDFamilyRefreshToken.m */,
);
path = token;
sourceTree = "<group>";
Expand Down Expand Up @@ -6243,6 +6250,7 @@
B2C7089221991CED00D917B8 /* MSIDAADV1BrokerResponse.h in Headers */,
239E3BBE23E1004F00F7A50A /* MSIDClientSDKType.h in Headers */,
B286B9822389DC13007833AD /* MSIDBrokerOperationInteractiveTokenRequest.h in Headers */,
B42C16012CE7E54800553316 /* MSIDFamilyRefreshToken.h in Headers */,
B2C708B1219A615100D917B8 /* MSIDLegacyBrokerResponseHandler.h in Headers */,
B286B9BC2389DDF3007833AD /* MSIDAADAuthorityValidationRequest.h in Headers */,
B2936F8720AD17370050C585 /* MSIDOauth2Factory+Internal.h in Headers */,
Expand Down Expand Up @@ -7136,6 +7144,7 @@
B214C3A51FE855290070C4F2 /* MSIDDefaultTokenCacheAccessor.m in Sources */,
60F7BEA321DA69A000F1BBA1 /* MSIDPrimaryRefreshToken.m in Sources */,
D62600141FBD380500EE4487 /* NSString+MSIDExtensions.m in Sources */,
B42C16032CE7E55200553316 /* MSIDFamilyRefreshToken.m in Sources */,
B210F4331FDDE7EB005A8F76 /* MSIDTokenResponse.m in Sources */,
B2964BE3205103920000BC95 /* MSIDTokenFilteringHelper.m in Sources */,
B210F4391FDDEA23005A8F76 /* MSIDAADV1TokenResponse.m in Sources */,
Expand Down Expand Up @@ -8022,6 +8031,7 @@
239222B5243D3791009736C4 /* MSIDCurrentRequestTelemetry.m in Sources */,
B23ECEEB1FF2F56A0015FC1D /* MSIDAADTokenResponse.m in Sources */,
B28D90AB218FD1F800E230D6 /* MSIDDefaultTokenResponseValidator.m in Sources */,
B42C16042CE7E55200553316 /* MSIDFamilyRefreshToken.m in Sources */,
23985AB42391BA1100942308 /* MSIDTokenResponseHandler.m in Sources */,
B28BDA80217E964B003E5670 /* MSIDB2CTokenResponse.m in Sources */,
600D19BC20964D8C0004CD43 /* MSIDWorkPlaceJoinUtil.m in Sources */,
Expand Down
1 change: 1 addition & 0 deletions IdentityCore/src/MSIDBasicContext.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ NS_ASSUME_NONNULL_BEGIN
@property (nonatomic, nullable) NSString *logComponent;
@property (nonatomic, nullable) NSString *telemetryRequestId;
@property (nonatomic, nullable) NSDictionary *appRequestMetadata;
@property (nonatomic, readwrite) BOOL disableFRT;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: readwrite is by default I think, can be removed

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated


@end

Expand Down
26 changes: 26 additions & 0 deletions IdentityCore/src/MSIDConstants.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,8 @@ extern NSString * _Nonnull const MSID_DEVICE_MODEL_KEY;//E.g. iPhone 5S
extern NSString * _Nonnull const MSID_APP_NAME_KEY;
extern NSString * _Nonnull const MSID_APP_VER_KEY;
extern NSString * _Nonnull const MSID_CCS_HINT_KEY;
extern NSString * _Nonnull const MSID_WEBAUTH_IGNORE_SSO_KEY;
extern NSString * _Nonnull const MSID_WEBAUTH_REFRESH_TOKEN_KEY;

extern NSString * _Nonnull const MSID_DEFAULT_FAMILY_ID;
extern NSString * _Nonnull const MSID_ADAL_SDK_NAME;
Expand Down Expand Up @@ -149,6 +151,9 @@ extern NSString * _Nonnull const MSID_POP_TOKEN_KEY_LABEL;
extern NSString * _Nonnull const MSID_THROTTLING_METADATA_KEYCHAIN;
extern NSString * _Nonnull const MSID_THROTTLING_METADATA_KEYCHAIN_VERSION;

extern NSString * _Nonnull const MSID_USE_SINGLE_FRT_KEYCHAIN;
extern NSString * _Nonnull const MSID_USE_SINGLE_FRT_KEY;

extern NSString * _Nonnull const MSID_SHARED_MODE_CURRENT_ACCOUNT_CHANGED_NOTIFICATION_KEY;

extern NSString * _Nonnull const MSID_PREFERRED_AUTH_METHOD_KEY;
Expand All @@ -171,6 +176,27 @@ typedef NS_ENUM(NSInteger, MSIDPlatformSequenceIndex)
MSIDPlatformSequenceIndexLast = MSIDPlatformSequenceIndexBrowserCore,
};

typedef NS_ENUM(NSInteger, MSIDIsFRTEnabledStatus)
{
// FRT has not been explicitly enabled with keychain item
MSIDIsFRTEnabledStatusNotEnabled = 0,

// FRT is enabled
MSIDIsFRTEnabledStatusActive,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: Is there a difference between enabled and active? If not, can we use the same (enable vs disable) or active/not active

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No difference, updated to enable/disable


// Client app has disabled FRT through MSIDRequestParameters or was disabled previuosly by keychain item
MSIDIsFRTEnabledStatusDisabledByClientApp,

// There was an error reading keychain item
MSIDIsFRTEnabledStatusDisabledByKeychainError,

// There was an error deserializing keychain item
MSIDIsFRTEnabledStatusDisabledByDeserializationError,

// FRT has been disabled with keychain item
MSIDIsFRTEnabledStatusDisabledByKeychainItem
};

extern NSString * _Nonnull const MSID_BROWSER_RESPONSE_SWITCH_BROWSER;
extern NSString * _Nonnull const MSID_BROWSER_RESPONSE_SWITCH_BROWSER_RESUME;

Expand Down
5 changes: 5 additions & 0 deletions IdentityCore/src/MSIDConstants.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@
NSString *const MSID_APP_NAME_KEY = @"x-app-name";
NSString *const MSID_APP_VER_KEY = @"x-app-ver";
NSString *const MSID_CCS_HINT_KEY = @"X-AnchorMailbox";
NSString *const MSID_WEBAUTH_IGNORE_SSO_KEY = @"x-ms-sso-Ignore-SSO";
NSString *const MSID_WEBAUTH_REFRESH_TOKEN_KEY = @"x-ms-sso-RefreshToken";

NSString *const MSID_DEFAULT_FAMILY_ID = @"1";
NSString *const MSID_ADAL_SDK_NAME = @"adal-objc";
Expand Down Expand Up @@ -60,6 +62,9 @@
NSString *const MSID_THROTTLING_METADATA_KEYCHAIN = @"com.microsoft.identity.throttling.metadata";
NSString *const MSID_THROTTLING_METADATA_KEYCHAIN_VERSION = @"Ver1";

NSString *const MSID_USE_SINGLE_FRT_KEYCHAIN = @"useSingleFRT";
NSString *const MSID_USE_SINGLE_FRT_KEY = @"use_single_frt";

NSString *const MSID_SHARED_MODE_CURRENT_ACCOUNT_CHANGED_NOTIFICATION_KEY = @"SHARED_MODE_CURRENT_ACCOUNT_CHANGED";

NSString *const MSID_PREFERRED_AUTH_METHOD_KEY = @"pc";
Expand Down
1 change: 1 addition & 0 deletions IdentityCore/src/MSIDOAuth2Constants.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,7 @@ extern NSString *const MSID_LEGACY_TOKEN_CACHE_TYPE;
extern NSString *const MSID_ID_TOKEN_CACHE_TYPE;
extern NSString *const MSID_LEGACY_ID_TOKEN_CACHE_TYPE;
extern NSString *const MSID_PRT_TOKEN_CACHE_TYPE;
extern NSString *const MSID_FRT_TOKEN_CACHE_TYPE;
extern NSString *const MSID_GENERAL_TOKEN_CACHE_TYPE;
extern NSString *const MSID_GENERAL_CACHE_ITEM_TYPE;
extern NSString *const MSID_APP_METADATA_CACHE_TYPE;
Expand Down
1 change: 1 addition & 0 deletions IdentityCore/src/MSIDOAuth2Constants.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,7 @@
NSString *const MSID_ID_TOKEN_CACHE_TYPE = @"IdToken";
NSString *const MSID_LEGACY_ID_TOKEN_CACHE_TYPE = @"V1IdToken";
NSString *const MSID_PRT_TOKEN_CACHE_TYPE = @"PrimaryRefreshToken";
NSString *const MSID_FRT_TOKEN_CACHE_TYPE = @"FamilyRefreshToken";
NSString *const MSID_GENERAL_TOKEN_CACHE_TYPE = @"token";
NSString *const MSID_GENERAL_CACHE_ITEM_TYPE = @"general_cache_item";
NSString *const MSID_APP_METADATA_CACHE_TYPE = @"appmetadata";
Expand Down
5 changes: 5 additions & 0 deletions IdentityCore/src/MSIDRequestContext.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,5 +29,10 @@
- (NSString *)logComponent;
- (NSString *)telemetryRequestId;
- (NSDictionary *)appRequestMetadata;
/**
Temporal property to disable Family Refresh Token. This will be removed in future, added to allow 1P apps to disablle this feature themselves.
Enabled by default, also configured to be enabled/disabled remotely by Microsoft.
*/
@property (nonatomic, readwrite) BOOL disableFRT;

@end
8 changes: 8 additions & 0 deletions IdentityCore/src/cache/accessor/MSIDAccountCredentialCache.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
#import "MSIDCredentialType.h"
#import "MSIDAccountType.h"
#import "MSIDExtendedTokenCacheDataSource.h"
#import "MSIDConstants.h"

@class MSIDAccountCacheItem;
@class MSIDAppMetadataCacheItem;
Expand All @@ -34,6 +35,7 @@
@class MSIDDefaultAccountCacheQuery;
@class MSIDDefaultCredentialCacheKey;
@class MSIDDefaultCredentialCacheQuery;
@class MSIDConfiguration;
@protocol MSIDRequestContext;
@protocol MSIDExtendedTokenCacheDataSource;

Expand Down Expand Up @@ -193,4 +195,10 @@
context:(nullable id<MSIDRequestContext>)context
error:(NSError * _Nullable __autoreleasing * _Nullable)error;

/*
Check if support FRT has been enabled
*/
- (MSIDIsFRTEnabledStatus)checkFRTEnabled:(nullable id<MSIDRequestContext>)context
error:(NSError * _Nullable __autoreleasing * _Nullable)error;

@end
161 changes: 160 additions & 1 deletion IdentityCore/src/cache/accessor/MSIDAccountCredentialCache.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,10 @@
#import "MSIDAppMetadataCacheKey.h"
#import "MSIDAppMetadataCacheQuery.h"
#import "MSIDExtendedTokenCacheDataSource.h"
#import "MSIDConfiguration.h"
#import "MSIDConstants.h"
#import "MSIDJsonObject.h"
#import "MSIDFlightManager.h"

@interface MSIDAccountCredentialCache()
{
Expand Down Expand Up @@ -382,7 +386,7 @@ - (BOOL)removeCredential:(nonnull MSIDCredentialCacheItem *)credential

BOOL result = [_dataSource removeTokensWithKey:key context:context error:error];

if (result && credential.credentialType == MSIDRefreshTokenType)
if (result && (credential.credentialType == MSIDRefreshTokenType || credential.credentialType == MSIDFamilyRefreshTokenType))
{
[_dataSource saveWipeInfoWithContext:context error:nil];
}
Expand Down Expand Up @@ -556,4 +560,159 @@ - (BOOL)removeAppMetadata:(nonnull MSIDAppMetadataCacheItem *)appMetadata
return cacheItems;
}

- (MSIDIsFRTEnabledStatus)checkFRTEnabled:(nullable id<MSIDRequestContext>)context
error:(NSError * _Nullable __autoreleasing * _Nullable)error
{
// This block will be used to check feature flags and update FRT settings if needed, depending on the current status
// of the keychain item, avoiding an unnecessary read or update if status is the same
MSIDIsFRTEnabledStatus (^checkFeatureFlagsAndReturn)(MSIDIsFRTEnabledStatus) = ^MSIDIsFRTEnabledStatus(MSIDIsFRTEnabledStatus status) {

// Check if FRT is enabled by feature flight
MSIDFlightManager *flightManager = [MSIDFlightManager sharedInstance];
BOOL flagEnableFRT = [flightManager boolForKey:@"enable_client_sfrt_by_tenant_id"]; // TODO: Replace this by the constant from the other branch, and remove the hardcoded YES
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: do you still need TODO here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I will replace this when the other PR (#1489) is merged.

BOOL flagDisableAllFRT = [flightManager boolForKey:@"disable_client_sfrt_for_all"];
BOOL shouldEnableFRT = flagEnableFRT && !flagDisableAllFRT;

switch (status)
{
// No entry in cache
case MSIDIsFRTEnabledStatusNotEnabled:
if (shouldEnableFRT)
{
[self updateFRTSettings:YES context:context error:nil];
return MSIDIsFRTEnabledStatusActive;
}
break;

// Deserialization error, try to enable/disable if needed
case MSIDIsFRTEnabledStatusDisabledByDeserializationError:
if (shouldEnableFRT)
{
[self updateFRTSettings:YES context:context error:nil];
return MSIDIsFRTEnabledStatusActive;
}
else if (flagDisableAllFRT)
{
[self updateFRTSettings:NO context:context error:nil];
return MSIDIsFRTEnabledStatusDisabledByKeychainItem;
}
break;

// FRT is currently enabled, check to see if should be disabled
case MSIDIsFRTEnabledStatusActive:
if (flagDisableAllFRT)
{
[self updateFRTSettings:NO context:context error:nil];
return MSIDIsFRTEnabledStatusDisabledByKeychainItem;
}
break;

// FRT is disabled, check to see if should be enabled
case MSIDIsFRTEnabledStatusDisabledByKeychainItem:
if (shouldEnableFRT)
{
[self updateFRTSettings:YES context:context error:nil];
return MSIDIsFRTEnabledStatusActive;
}
break;

// Error reading keychain item, do not update settings
case MSIDIsFRTEnabledStatusDisabledByKeychainError:
break;

// Feature is disabled by client app, do nothing with keychain item
case MSIDIsFRTEnabledStatusDisabledByClientApp:
break;
}

return status;
};

// Check if FRT is disabled by client
if (context.disableFRT)
{
MSID_LOG_WITH_CTX(MSIDLogLevelInfo, context, @"FRT disabled by MSAL client app, returning NO");
return checkFeatureFlagsAndReturn(MSIDIsFRTEnabledStatusDisabledByClientApp);
}

NSError *readError = nil;
NSArray<MSIDJsonObject *> *jsonObjects = [_dataSource jsonObjectsWithKey:[MSIDAccountCredentialCache checkFRTCacheKey]
serializer:[MSIDCacheItemJsonSerializer new]
context:context
error:&readError];

if (readError)
{
MSID_LOG_WITH_CTX(MSIDLogLevelError, context, @"Failed to retrieve FRT cache entry, error: %@", readError);
if (error)
{
*error = readError;
}
return checkFeatureFlagsAndReturn(MSIDIsFRTEnabledStatusDisabledByKeychainError);
}

if (![jsonObjects count])
{
MSID_LOG_WITH_CTX(MSIDLogLevelInfo, context, @"No FRT cache entry found, returning NO");
return checkFeatureFlagsAndReturn(MSIDIsFRTEnabledStatusNotEnabled);
}

NSDictionary *dict = [jsonObjects[0] jsonDictionary];
if (!dict || ![dict isKindOfClass:[NSDictionary class]] || [dict objectForKey:MSID_USE_SINGLE_FRT_KEY] == nil)
{
MSID_LOG_WITH_CTX(MSIDLogLevelError, context, @"Failed to deserialize FRT cache entry, returning NO");
return checkFeatureFlagsAndReturn(MSIDIsFRTEnabledStatusDisabledByDeserializationError);
}

id useFRT = dict[MSID_USE_SINGLE_FRT_KEY];
if(([useFRT isKindOfClass:[NSNumber class]] || [useFRT isKindOfClass:[NSString class]]) && [useFRT boolValue])
{
MSID_LOG_WITH_CTX(MSIDLogLevelInfo, context, @"FRT is enabled");
return checkFeatureFlagsAndReturn(MSIDIsFRTEnabledStatusActive);
}

MSID_LOG_WITH_CTX(MSIDLogLevelInfo, context, @"FRT is disabled");
return checkFeatureFlagsAndReturn(MSIDIsFRTEnabledStatusDisabledByKeychainItem);
}

- (void)updateFRTSettings:(BOOL)enableFRT
context:(nullable id<MSIDRequestContext>)context
error:(NSError * _Nullable __autoreleasing * _Nullable)error
{
MSID_LOG_WITH_CTX(MSIDLogLevelInfo, context, @"Updating UseSingleFRT Item with enableFRT:%@", enableFRT ? @"YES" : @"NO");

NSDictionary *settings = @{MSID_USE_SINGLE_FRT_KEY: @(enableFRT)};

NSError *saveError = nil;
MSIDJsonObject *jsonObject = [[MSIDJsonObject alloc] initWithJSONDictionary:settings error:&saveError];

[_dataSource saveJsonObject:jsonObject
serializer:[MSIDCacheItemJsonSerializer new]
key:[MSIDAccountCredentialCache checkFRTCacheKey]
context:context
error:&saveError];

if (saveError)
{
MSID_LOG_WITH_CTX(MSIDLogLevelError, context, @"Failed to save FRT cache entry, error: %@", saveError);
if (error)
{
*error = saveError;
}
}
}

+ (MSIDCacheKey *)checkFRTCacheKey
{
static MSIDCacheKey *cacheKey = nil;
static dispatch_once_t onceToken;
dispatch_once(&onceToken, ^{
cacheKey = [[MSIDCacheKey alloc] initWithAccount:MSID_USE_SINGLE_FRT_KEYCHAIN
service:MSID_USE_SINGLE_FRT_KEYCHAIN
generic:nil
type:nil];
});
return cacheKey;
}

@end
Loading
Loading