Plugin XPC related UI into MSAL Mac Sample app and update commonCore

MSAL/MSAL.xcodeproj/project.pbxproj

@@ -5959,7 +5959,6 @@
 					};
 					1E614BD922558D8300EBF62F = {
 						CreatedOnToolsVersion = 10.1;
-						DevelopmentTeam = UBF8T346G9;
 						SystemCapabilities = {
 							com.apple.Keychain = {
 								enabled = 0;
@@ -8011,12 +8010,13 @@
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_ENTITLEMENTS = test/app/mac/MSALMacTestApp.entitlements;
-				CODE_SIGN_IDENTITY = "Mac Developer";
+				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
 				COPY_PHASE_STRIP = NO;
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				DEVELOPMENT_TEAM = UBF8T346G9;
+				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				ENABLE_TESTABILITY = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu11;
@@ -8084,12 +8084,13 @@
 				CLANG_WARN_UNREACHABLE_CODE = YES;
 				CLANG_WARN__DUPLICATE_METHOD_MATCH = YES;
 				CODE_SIGN_ENTITLEMENTS = test/app/mac/MSALMacTestApp.entitlements;
-				CODE_SIGN_IDENTITY = "Mac Developer";
+				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
 				COPY_PHASE_STRIP = NO;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				DEVELOPMENT_TEAM = UBF8T346G9;
+				ENABLE_HARDENED_RUNTIME = YES;
 				ENABLE_NS_ASSERTIONS = NO;
 				ENABLE_STRICT_OBJC_MSGSEND = YES;
 				GCC_C_LANGUAGE_STANDARD = gnu11;

MSAL/MSAL.xcodeproj/xcshareddata/xcschemes/MSAL (Mac Framework).xcscheme

@@ -26,7 +26,8 @@
       buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
-      shouldUseLaunchSchemeArgsEnv = "YES">
+      shouldUseLaunchSchemeArgsEnv = "YES"
+      codeCoverageEnabled = "YES">
       <MacroExpansion>
          <BuildableReference
             BuildableIdentifier = "primary"

MSAL/src/MSALPublicClientApplication.m

@@ -718,6 +718,16 @@ - (void)acquireTokenSilentWithParameters:(MSALSilentTokenParameters *)parameters
     msidParams.validateAuthority = shouldValidate;
     msidParams.extendedLifetimeEnabled = self.internalConfig.extendedLifetimeEnabled;
     msidParams.clientCapabilities = self.internalConfig.clientApplicationCapabilities;
+#if TARGET_OS_OSX && DEBUG
+    msidParams.xpcMode = (NSUInteger)parameters.msalXpcMode;
+#elif TARGET_OS_OSX
+    if (parameters.msalXpcMode == MSALXpcModeOverride)
+    {
+        parameters.msalXpcMode = MSALXpcModeDisable;
+    }
+
+    msidParams.xpcMode = (NSUInteger)parameters.msalXpcMode;
+#endif
 
     // Extra parameters to be added to the /token endpoint.
     msidParams.extraTokenRequestParameters = self.internalConfig.extraQueryParameters.extraTokenURLParameters;
@@ -1064,6 +1074,16 @@ - (void)acquireTokenWithParameters:(MSALInteractiveTokenParameters *)parameters
     msidParams.currentRequestTelemetry.schemaVersion = HTTP_REQUEST_TELEMETRY_SCHEMA_VERSION;
     msidParams.currentRequestTelemetry.apiId = [msidParams.telemetryApiId integerValue];
     msidParams.currentRequestTelemetry.tokenCacheRefreshType = TokenCacheRefreshTypeNoCacheLookupInvolved;
+#if TARGET_OS_OSX && DEBUG
+    msidParams.xpcMode = (NSUInteger)parameters.msalXpcMode;
+#elif TARGET_OS_OSX
+    if (parameters.msalXpcMode == MSALXpcModeOverride)
+    {
+        parameters.msalXpcMode = MSALXpcModeDisable;
+    }
+
+    msidParams.xpcMode = (NSUInteger)parameters.msalXpcMode;
+#endif
 
 #if TARGET_OS_OSX
     msidParams.clientSku = MSID_CLIENT_SKU_MSAL_OSX;

MSAL/src/public/MSALDefinitions.h

@@ -194,6 +194,37 @@ typedef NS_ENUM(NSUInteger, MSALPreferredAuthMethod)
     MSALPreferredAuthMethodNone
 };
 
+#if TARGET_OS_OSX
+
+/**
+ Preferred Xpc mode for MSAL requests. Can be configured by developers MSAL integration
+ */
+typedef NS_ENUM(NSUInteger, MSALXpcMode)
+{
+    /*
+        Broker Xpc service call is disabled
+    */
+    MSALXpcModeDisable,
+    /*
+        Broker Xpc service call is only used as a backup service when SsoExtension service failed.
+        If SsoExtenion is not available on the device (canPerformRequest returns false), Broker Xpc service call will be disabled
+    */
+    MSALXpcModeBackup,
+    /*
+        Broker Xpc service call is used as a backup call when SsoExtension service failed.
+        If SsoExtenion is not available on the device, Xpc service call will be the primary auth service
+    */
+    MSALXpcModeFull,
+
+    /*
+        Development only: Broker Xpc service is used as main Sso service, and ignored SsoExtension service completely.
+        This option will be ignored if used in production and will be treated same as MSALXpcModeDisable
+    */
+    MSALXpcModeOverride
+};
+
+#endif
+
 /**
     The block that gets invoked after MSAL has finished getting a token silently or interactively.
     @param result       Represents information returned to the application after a successful interactive or silent token acquisition. See `MSALResult` for more information.

MSAL/src/public/MSALTokenParameters.h

@@ -87,6 +87,16 @@ NS_ASSUME_NONNULL_BEGIN
  */
 @property (nonatomic, nullable) id<MSALAuthenticationSchemeProtocol> authenticationScheme;
 
+#if TARGET_OS_OSX
+
+/**
+ Broker Xpc service mode defined by developer. This service can be used a backup service on top of today's Entra ID SingleSignOn extension or an isolated service if tenant has no Entra ID SingleSignOn extension deployed
+ */
+
+@property (nonatomic) MSALXpcMode msalXpcMode;
+
+#endif
+
 #pragma mark - Creating MSALTokenParameters
 
 /**