add enum to support xpc mode

AzureAD · Feb 26, 2025 · 5603852 · 5603852
1 parent 9bd5556
commit 5603852
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 10 deletions.
diff --git a/IdentityCore/src/MSIDConstants.h b/IdentityCore/src/MSIDConstants.h
@@ -97,7 +97,8 @@ typedef NS_ENUM(NSUInteger, MSIDXpcMode)
 {
     MSIDXpcModeDisable = 0,
     MSIDXpcModeBackup,
-    MSIDXpcModeFull
+    MSIDXpcModeFull,
+    MSIDXpcModeOverride
 };
 
 typedef void (^MSIDRequestCompletionBlock)(MSIDTokenResult * _Nullable result, NSError * _Nullable error);

diff --git a/IdentityCore/src/controllers/MSIDRequestControllerFactory.m b/IdentityCore/src/controllers/MSIDRequestControllerFactory.m
@@ -164,14 +164,14 @@ @implementation MSIDRequestControllerFactory
 
         MSIDSilentController *xpcController = nil;
 #if TARGET_OS_OSX
-        if (parameters.xpcMode != MSIDXpcModeDisable && [MSIDXpcSilentTokenRequestController canPerformRequest])
+        if (parameters.msidXpcMode != MSIDXpcModeDisable && [MSIDXpcSilentTokenRequestController canPerformRequest])
         {
             xpcController = [[MSIDXpcSilentTokenRequestController alloc] initWithRequestParameters:parameters
                                                                                            forceRefresh:forceRefresh
                                                                                    tokenRequestProvider:tokenRequestProvider
                                                                           fallbackInteractiveController:fallbackController
                                                                                                   error:error];
-            if (parameters.xpcMode == MSIDXpcModeFull)
+            if (parameters.msidXpcMode == MSIDXpcModeFull || parameters.msidXpcMode == MSIDXpcModeOverride)
             {
                 // If in Xpc full mode, the XPCController will work as a isolated controller when SsoExtension cannotPerformRequest
                 fallbackController = xpcController;
@@ -180,7 +180,9 @@ @implementation MSIDRequestControllerFactory
         }
 #endif
 
-        if ([MSIDSSOExtensionSilentTokenRequestController canPerformRequest])
+        BOOL shouldSkipSsoExtension = parameters.msidXpcMode == MSIDXpcModeOverride;
+
+        if (!shouldSkipSsoExtension && [MSIDSSOExtensionSilentTokenRequestController canPerformRequest])
         {
             fallbackController = [[MSIDSSOExtensionSilentTokenRequestController alloc] initWithRequestParameters:parameters
                                                                                                     forceRefresh:forceRefresh

diff --git a/IdentityCore/src/parameters/MSIDRequestParameters.h b/IdentityCore/src/parameters/MSIDRequestParameters.h
@@ -109,7 +109,7 @@
 @property (nonatomic) MSIDExternalSSOContext *ssoContext;
 
 #pragma mark - Xpc Mode
-@property (nonatomic) MSIDXpcMode xpcMode;
+@property (nonatomic) MSIDXpcMode msidXpcMode;
 
 - (NSURL *)tokenEndpoint;
 

diff --git a/IdentityCore/src/util/MSIDXpcSingleSignOnProvider.m b/IdentityCore/src/util/MSIDXpcSingleSignOnProvider.m
@@ -277,10 +277,10 @@ - (void)getXpcService:(NSXPCListenerEndpointCompletionBlock)continueBlock
     if (@available(macOS 13.0, *)) {
         [connection setCodeSigningRequirement:codeSigningRequirement];
     } else {
-        // Fallback on earlier versions
+        // Intentionally left empty because the entire XPC flow will only be available on macOS 13 and above and gaurded through canPerformRequest
     }
-    [connection resume];
 
+    [connection resume];
     [connection setInterruptionHandler:^{
         NSError *xpcUnexpectedError = MSIDCreateError(MSIDErrorDomain, MSIDErrorSSOExtensionUnexpectedError, @"[Entra broker] CLIENT -- dispatcher connection is interrupted", nil, nil, nil, nil, nil, YES);
         if (continueBlock) continueBlock(nil, nil, xpcUnexpectedError);

diff --git a/IdentityCore/tests/MSIDRequestControllerFactoryTests.m b/IdentityCore/tests/MSIDRequestControllerFactoryTests.m
@@ -206,7 +206,7 @@ - (void)testWhenSsoExtensionIsEnabled_andXpcIsPartiallyEnabled_andSsoExtensionIs
                                                                                               testError:nil
                                                                                   testWebMSAuthResponse:nil];
     MSIDRequestParameters *parameters = [self requestParameters];
-    parameters.xpcMode = MSIDXpcModeBackup;
+    parameters.msidXpcMode = MSIDXpcModeBackup;
     parameters.allowUsingLocalCachedRtWhenSsoExtFailed = YES;
 
     NSError *error;
@@ -267,7 +267,7 @@ - (void)testWhenSsoExtensionIsEnabled_andXpcIsPartiallyEnabled_andSsoExtensionIs
                                                                                               testError:nil
                                                                                   testWebMSAuthResponse:nil];
     MSIDRequestParameters *parameters = [self requestParameters];
-    parameters.xpcMode = MSIDXpcModeBackup;
+    parameters.msidXpcMode = MSIDXpcModeBackup;
     parameters.allowUsingLocalCachedRtWhenSsoExtFailed = YES;
 
     NSError *error;
@@ -341,7 +341,7 @@ - (void)testWhenSsoExtensionIsEnabled_andXpcIsFullyEnabled_andSsoExtensionIsDisa
                                                                                               testError:nil
                                                                                   testWebMSAuthResponse:nil];
     MSIDRequestParameters *parameters = [self requestParameters];
-    parameters.xpcMode = MSIDXpcModeFull;
+    parameters.msidXpcMode = MSIDXpcModeFull;
     parameters.allowUsingLocalCachedRtWhenSsoExtFailed = YES;
 
     NSError *error;