[TeamsDevices] [nGMS] Add DeviceCodeFlow (DCF) to Broker (#1752)

### **What**
This PR includes adding DCF to Broker for Teams Devices' nGMS changes.
Feature is controlled by `FlightNames.ENABLE_NGMS_FLOW` and is currently
set to false.

### **Why** and **How**
nGMS Teams Devices Design PR:
https://identitydivision.visualstudio.com/DevEx/_git/AuthLibrariesApiReview/pullrequest/6564?_a=files

// TODO:
1) Add Telemetry once Msal to Broker telemetry is setup. Currently, I've
added OTel spans for broker side
2) Add UTs

### **Testing and Validation:**
Tested DCF` authResult ` flow and able to get the User code and other
DCF info successfully

![MSAL_DCF_FETCH_AUTH_RESULT](https://user-images.githubusercontent.com/107152318/213335492-b6f5b856-f758-467a-b7a4-8eb19d318251.png)

Tested DCF `acquireToken` by signing into `/devicelogin` and able to get
token successfully

![MSAL_DCF_ACQUIRE_TOKEN](https://user-images.githubusercontent.com/107152318/213337703-6dd0fcf2-a748-44b6-9aac-95ad26b71a77.png)

Validated that an exception shall be thrown if nGMS Feature flag
(FlightNames.ENABLE_NGMS_FLOW)
 is disabled 

![MSAL_DCF_NOT_SUPPORTED_BEFORE_NGMS](https://user-images.githubusercontent.com/107152318/213335855-6a58dea4-c370-44f8-9372-6ec586fc45fe.png)

---------

Co-authored-by: REDMOND\amritsaini <[email protected]>

Author: Pallav2309

common

@@ -0,0 +1,43 @@
+//  Copyright (c) Microsoft Corporation.
+//  All rights reserved.
+//
+//  This code is licensed under the MIT License.
+//
+//  Permission is hereby granted, free of charge, to any person obtaining a copy
+//  of this software and associated documentation files(the "Software"), to deal
+//  in the Software without restriction, including without limitation the rights
+//  to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+//  copies of the Software, and to permit persons to whom the Software is
+//  furnished to do so, subject to the following conditions :
+//
+//  The above copyright notice and this permission notice shall be included in
+//  all copies or substantial portions of the Software.
+//
+//  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+//  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+//  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+//  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+//  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+//  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+//  THE SOFTWARE.
+package com.microsoft.identity.client;
+
+public class DeviceCodeFlowParameters extends TokenParameters {
+
+    public DeviceCodeFlowParameters(DeviceCodeFlowParameters.Builder builder) {
+        super(builder);
+    }
+
+    public static class Builder extends TokenParameters.Builder<DeviceCodeFlowParameters.Builder> {
+
+        @Override
+        public DeviceCodeFlowParameters.Builder self() {
+            return this;
+        }
+
+        public DeviceCodeFlowParameters build() {
+            return new DeviceCodeFlowParameters(this);
+        }
+    }
+
+}

msal/src/main/java/com/microsoft/identity/client/DeviceCodeFlowParameters.java

@@ -25,13 +25,16 @@
 import android.app.Activity;
 
 import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
 import androidx.annotation.WorkerThread;
 
+import com.microsoft.identity.client.claims.ClaimsRequest;
 import com.microsoft.identity.client.exception.MsalException;
 import com.microsoft.identity.common.java.util.TaskCompletedCallbackWithError;
 
 import java.util.Date;
 import java.util.List;
+import java.util.UUID;
 
 public interface IPublicClientApplication {
 
@@ -89,6 +92,21 @@ void acquireToken(@NonNull final Activity activity,
     @WorkerThread
     IAuthenticationResult acquireTokenSilent(@NonNull final AcquireTokenSilentParameters acquireTokenSilentParameters) throws InterruptedException, MsalException;
 
+//    /**
+//     * Perform the Device Code Flow (DCF) protocol to allow a device without input capability to authenticate and get a new access token.
+//     * This flow is now supported in Broker as well. It also supports requesting Claims using the "claims" Request. Parameter.
+//     *
+//     * @param scopes   the desired access scopes
+//     * @param callback callback object used to communicate with the API throughout the protocol
+//     * @param claims claims Authentication Request parameter requests that specific Claims be returned from the UserInfo Endpoint and/or in the ID Token.
+//     * @param correlationId  correlation id of this request
+//     *
+//     * Important: Use of this API requires setting the minimum_required_broker_protocol_version to
+//     * "13.0" or higher.
+//     * Note: This API is in testing phase and might return not supported error until fully supported.
+//     */
+//    void acquireTokenWithDeviceCode(@NonNull List<String> scopes, @NonNull final DeviceCodeFlowCallback callback, @Nullable final ClaimsRequest claims, @Nullable final UUID correlationId);
+
     /**
      * Perform the Device Code Flow (DCF) protocol to allow a device without input capability to authenticate and get a new access token.
      * Currently, flow is only supported in local MSAL. No Broker support.

msal/src/main/java/com/microsoft/identity/client/IPublicClientApplication.java

@@ -82,8 +82,6 @@
 import com.microsoft.identity.common.crypto.AndroidAuthSdkStorageEncryptionManager;
 import com.microsoft.identity.common.internal.broker.BrokerValidator;
 import com.microsoft.identity.common.internal.cache.SharedPreferencesFileManager;
-import com.microsoft.identity.common.internal.commands.DeviceCodeFlowCommand;
-import com.microsoft.identity.common.internal.commands.DeviceCodeFlowCommandCallback;
 import com.microsoft.identity.common.internal.commands.GenerateShrCommand;
 import com.microsoft.identity.common.internal.commands.GetDeviceModeCommand;
 import com.microsoft.identity.common.internal.controllers.LocalMSALController;
@@ -100,6 +98,8 @@
 import com.microsoft.identity.common.java.cache.IShareSingleSignOnState;
 import com.microsoft.identity.common.java.cache.MsalOAuth2TokenCache;
 import com.microsoft.identity.common.java.commands.CommandCallback;
+import com.microsoft.identity.common.java.commands.DeviceCodeFlowCommand;
+import com.microsoft.identity.common.java.commands.DeviceCodeFlowCommandCallback;
 import com.microsoft.identity.common.java.commands.InteractiveTokenCommand;
 import com.microsoft.identity.common.java.commands.SilentTokenCommand;
 import com.microsoft.identity.common.java.commands.parameters.CommandParameters;
@@ -136,6 +136,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.UUID;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
@@ -1838,6 +1839,49 @@ public void onError(MsalException exception) {
         }
     }
 
+//    public void acquireTokenWithDeviceCode(@NonNull List<String> scopes, @NonNull final DeviceCodeFlowCallback callback, @Nullable final ClaimsRequest claimsRequest, @Nullable final UUID correlationId) {
+//        DeviceCodeFlowParameters.Builder builder = new DeviceCodeFlowParameters.Builder();
+//
+//        if (null != correlationId) {
+//            builder.withCorrelationId(correlationId);
+//        }
+//
+//        DeviceCodeFlowParameters deviceCodeFlowParameters =
+//                builder.withScopes(scopes)
+//                        .withClaims(claimsRequest)
+//                        .build();
+//
+//        final DeviceCodeFlowCommandParameters commandParameters = CommandParametersAdapter
+//                .createDeviceCodeFlowWithClaimsCommandParameters(
+//                        mPublicClientConfiguration,
+//                        mPublicClientConfiguration.getOAuth2TokenCache(),
+//                        deviceCodeFlowParameters);
+//
+//        final DeviceCodeFlowCommandCallback deviceCodeFlowCommandCallback = getDeviceCodeFlowCommandCallback(callback);
+//
+//        try {
+//            final DeviceCodeFlowCommand deviceCodeFlowCommand = new DeviceCodeFlowCommand(
+//                    commandParameters,
+//                    MSALControllerFactory.getDefaultController(
+//                            mPublicClientConfiguration.getAppContext(),
+//                            commandParameters.getAuthority(),
+//                            mPublicClientConfiguration
+//                    ),
+//                    deviceCodeFlowCommandCallback,
+//                    PublicApiId.DEVICE_CODE_FLOW_WITH_CLAIMS_AND_CALLBACK
+//            );
+//
+//            CommandDispatcher.submitSilent(deviceCodeFlowCommand);
+//        } catch (final MsalClientException e) {
+//            final MsalClientException clientException = new MsalClientException(
+//                    UNKNOWN_ERROR,
+//                    "Unexpected error while acquiring token with device code.",
+//                    e
+//            );
+//            callback.onError(clientException);
+//        }
+//    }
+
     public void acquireTokenWithDeviceCode(@NonNull List<String> scopes, @NonNull final DeviceCodeFlowCallback callback) {
         // Create a DeviceCodeFlowCommandParameters object that takes in the desired scopes and the callback object
         // Use CommandParametersAdapter

msal/src/main/java/com/microsoft/identity/client/PublicClientApplication.java

@@ -59,12 +59,12 @@
 import com.microsoft.identity.common.adal.internal.util.StringExtensions;
 import com.microsoft.identity.common.crypto.AndroidAuthSdkStorageEncryptionManager;
 import com.microsoft.identity.common.internal.cache.SharedPreferencesFileManager;
-import com.microsoft.identity.common.internal.commands.DeviceCodeFlowCommandCallback;
 import com.microsoft.identity.common.internal.commands.GetCurrentAccountCommand;
 import com.microsoft.identity.common.internal.commands.RemoveCurrentAccountCommand;
 import com.microsoft.identity.common.internal.migration.TokenMigrationCallback;
 import com.microsoft.identity.common.java.cache.ICacheRecord;
 import com.microsoft.identity.common.java.commands.CommandCallback;
+import com.microsoft.identity.common.java.commands.DeviceCodeFlowCommandCallback;
 import com.microsoft.identity.common.java.commands.parameters.CommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.RemoveAccountCommandParameters;
 import com.microsoft.identity.common.java.controllers.BaseController;

msal/src/main/java/com/microsoft/identity/client/SingleAccountPublicClientApplication.java

@@ -8,6 +8,7 @@
 
 import com.microsoft.identity.client.AcquireTokenParameters;
 import com.microsoft.identity.client.AcquireTokenSilentParameters;
+import com.microsoft.identity.client.DeviceCodeFlowParameters;
 import com.microsoft.identity.client.IAccount;
 import com.microsoft.identity.client.ITenantProfile;
 import com.microsoft.identity.client.MultiTenantAccount;
@@ -203,6 +204,46 @@ public static SilentTokenCommandParameters createSilentTokenCommandParameters(
         return commandParameters;
     }
 
+    /**
+     * Adapter method to create DeviceCodeFlowCommandParameters from DeviceCodeFlowParameters
+     * @param configuration PCA configuration
+     * @param tokenCache token cache for storing results
+     * @param parameters deviceCodeFlowParameters
+     * @return DeviceCodeFlowCommandParameters
+     */
+    public static DeviceCodeFlowCommandParameters createDeviceCodeFlowWithClaimsCommandParameters(
+            @NonNull final PublicClientApplicationConfiguration configuration,
+            @NonNull final OAuth2TokenCache tokenCache,
+            @NonNull final DeviceCodeFlowParameters parameters) {
+
+        final String claimsRequestJson = ClaimsRequest.getJsonStringFromClaimsRequest(parameters.getClaimsRequest());
+
+        final Authority authority = configuration.getDefaultAuthority();
+
+        final AbstractAuthenticationScheme authenticationScheme = new BearerAuthenticationSchemeInternal();
+
+        final DeviceCodeFlowCommandParameters commandParameters = DeviceCodeFlowCommandParameters.builder()
+                .platformComponents(AndroidPlatformComponentsFactory.createFromContext(configuration.getAppContext()))
+                .applicationName(configuration.getAppContext().getPackageName())
+                .applicationVersion(getPackageVersion(configuration.getAppContext()))
+                .clientId(configuration.getClientId())
+                .isSharedDevice(configuration.getIsSharedDevice())
+                .redirectUri(configuration.getRedirectUri())
+                .oAuth2TokenCache(tokenCache)
+                .requiredBrokerProtocolVersion(configuration.getRequiredBrokerProtocolVersion())
+                .sdkType(SdkType.MSAL)
+                .sdkVersion(PublicClientApplication.getSdkVersion())
+                .powerOptCheckEnabled(configuration.isPowerOptCheckForEnabled())
+                .authenticationScheme(authenticationScheme)
+                .scopes(new HashSet<>(parameters.getScopes()))
+                .authority(authority)
+                .claimsRequestJson(claimsRequestJson)
+                .correlationId(parameters.getCorrelationId())
+                .build();
+
+        return commandParameters;
+    }
+
     public static DeviceCodeFlowCommandParameters createDeviceCodeFlowCommandParameters(
             @NonNull final PublicClientApplicationConfiguration configuration,
             @NonNull final OAuth2TokenCache tokenCache,

msal/src/main/java/com/microsoft/identity/client/internal/CommandParametersAdapter.java

@@ -29,12 +29,14 @@
 import androidx.test.core.app.ApplicationProvider;
 
 import com.microsoft.identity.client.claims.ClaimsRequest;
+import com.microsoft.identity.client.claims.RequestedClaim;
 import com.microsoft.identity.client.claims.RequestedClaimAdditionalInformation;
 import com.microsoft.identity.client.internal.CommandParametersAdapter;
 import com.microsoft.identity.common.components.AndroidPlatformComponentsFactory;
 import com.microsoft.identity.common.java.cache.IAccountCredentialAdapter;
 import com.microsoft.identity.common.java.cache.IAccountCredentialCache;
 import com.microsoft.identity.common.java.cache.MsalOAuth2TokenCache;
+import com.microsoft.identity.common.java.commands.parameters.DeviceCodeFlowCommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.InteractiveTokenCommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.SilentTokenCommandParameters;
 import com.microsoft.identity.common.java.providers.oauth2.OAuth2TokenCache;
@@ -50,6 +52,7 @@
 import java.io.File;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
 import java.util.UUID;
 
 @RunWith(RobolectricTestRunner.class)
@@ -146,6 +149,30 @@ public void testAcquireTokenSilentOperationWithCorrelationId() throws ClientExce
         Assert.assertEquals(correlationId.toString(), commandParameters.getCorrelationId());
     }
 
+    @Test
+    public void testDeviceCodeFlowOperationWithClaimsWithCorrelationId() throws ClientException {
+        final UUID correlationId = UUID.randomUUID();
+        DeviceCodeFlowCommandParameters commandParameters = CommandParametersAdapter.createDeviceCodeFlowWithClaimsCommandParameters(getConfiguration(AAD_NONE_CONFIG_FILE), getCache(), getDeviceCodeFlowParametersWithClaimsWithCorrelationId(correlationId));
+        Assert.assertNotNull(commandParameters.getCorrelationId());
+        Assert.assertEquals(correlationId.toString(), commandParameters.getCorrelationId());
+        validateDeviceCodeFlowClaimsInCommandParameter(commandParameters);
+    }
+
+    @Test
+    public void testDeviceCodeFlowOperationWithClaimsWithoutCorrelationId() throws ClientException {
+        DeviceCodeFlowCommandParameters commandParameters = CommandParametersAdapter.createDeviceCodeFlowWithClaimsCommandParameters(getConfiguration(AAD_NONE_CONFIG_FILE), getCache(), getDeviceCodeFlowParametersWithClaimsWithoutCorrelationId());
+        Assert.assertNull(commandParameters.getCorrelationId());
+        validateDeviceCodeFlowClaimsInCommandParameter(commandParameters);
+    }
+
+    @Test
+    public void testDeviceCodeFlowOperationWithoutClaims() throws ClientException {
+        DeviceCodeFlowCommandParameters commandParameters = CommandParametersAdapter.createDeviceCodeFlowWithClaimsCommandParameters(getConfiguration(AAD_NONE_CONFIG_FILE), getCache(), getDeviceCodeFlowParametersWithoutClaims());
+        Assert.assertNull(commandParameters.getCorrelationId());
+        Assert.assertNull(commandParameters.getClaimsRequestJson());
+    }
+
+
     private ClaimsRequest getAccessTokenClaimsRequest(@NonNull String claimName, @NonNull String claimValue) {
         ClaimsRequest cp1ClaimsRequest = new ClaimsRequest();
         RequestedClaimAdditionalInformation info = new RequestedClaimAdditionalInformation();
@@ -232,6 +259,53 @@ private AcquireTokenParameters getAcquireTokenParametersWithCorrelationId(final
         return parameters;
     }
 
+    private DeviceCodeFlowParameters getDeviceCodeFlowParametersWithClaimsWithCorrelationId(final UUID correlationId) {
+        DeviceCodeFlowParameters parameters = new DeviceCodeFlowParameters.Builder()
+                .withClaims(getDeviceCodeFlowClaimsRequest())
+                .withScopes(new ArrayList<String>(Arrays.asList("User.Read")))
+                .withCorrelationId(correlationId)
+                .build();
+
+        return parameters;
+    }
+
+    private DeviceCodeFlowParameters getDeviceCodeFlowParametersWithClaimsWithoutCorrelationId() {
+        DeviceCodeFlowParameters parameters = new DeviceCodeFlowParameters.Builder()
+                .withClaims(getDeviceCodeFlowClaimsRequest())
+                .withScopes(new ArrayList<String>(Arrays.asList("User.Read")))
+                .build();
+
+        return parameters;
+    }
+
+    private DeviceCodeFlowParameters getDeviceCodeFlowParametersWithoutClaims() {
+        DeviceCodeFlowParameters parameters = new DeviceCodeFlowParameters.Builder()
+                .withScopes(new ArrayList<String>(Arrays.asList("User.Read")))
+                .build();
+
+        return parameters;
+    }
+
+    private ClaimsRequest getDeviceCodeFlowClaimsRequest() {
+        RequestedClaimAdditionalInformation information = new RequestedClaimAdditionalInformation();
+        information.setEssential(true);
+        ClaimsRequest claimsRequest = new ClaimsRequest();
+        claimsRequest.requestClaimInAccessToken("deviceid", information);
+        return claimsRequest;
+    }
+
+    private void validateDeviceCodeFlowClaimsInCommandParameter(DeviceCodeFlowCommandParameters deviceCodeFlowCommandParameters) {
+        Assert.assertNotNull(deviceCodeFlowCommandParameters.getClaimsRequestJson());
+        ClaimsRequest claimsRequest = ClaimsRequest.getClaimsRequestFromJsonString(deviceCodeFlowCommandParameters.getClaimsRequestJson());
+        Assert.assertNotNull(claimsRequest);
+        Assert.assertNotNull(claimsRequest.getAccessTokenClaimsRequested());
+        RequestedClaim requestedClaim = claimsRequest.getAccessTokenClaimsRequested().get(0);
+        Assert.assertNotNull(requestedClaim);
+
+        Assert.assertEquals("deviceid", requestedClaim.getName());
+        Assert.assertTrue(requestedClaim.getAdditionalInformation().getEssential());
+    }
+
     private PublicClientApplicationConfiguration getConfiguration(String path) {
         return PublicClientApplicationConfigurationFactory.initializeConfiguration(mContext, getConfigFile(path));
     }

msal/src/test/java/com/microsoft/identity/client/CommandParametersTest.java

@@ -22,9 +22,9 @@
 // THE SOFTWARE.
 package com.microsoft.identity.client.e2e.shadows;
 
+import com.microsoft.identity.common.java.commands.DeviceCodeFlowCommand;
 import com.microsoft.identity.common.java.exception.ErrorStrings;
 import com.microsoft.identity.common.java.exception.ServiceException;
-import com.microsoft.identity.common.internal.commands.DeviceCodeFlowCommand;
 import com.microsoft.identity.common.java.result.AcquireTokenResult;
 
 import org.robolectric.annotation.Implements;

msal/src/test/java/com/microsoft/identity/client/e2e/shadows/ShadowDeviceCodeFlowCommandAuthError.java

@@ -24,8 +24,8 @@
 
 import com.microsoft.identity.common.java.cache.CacheRecord;
 import com.microsoft.identity.common.java.cache.ICacheRecord;
-import com.microsoft.identity.common.internal.commands.DeviceCodeFlowCommand;
-import com.microsoft.identity.common.internal.commands.DeviceCodeFlowCommandCallback;
+import com.microsoft.identity.common.java.commands.DeviceCodeFlowCommand;
+import com.microsoft.identity.common.java.commands.DeviceCodeFlowCommandCallback;
 import com.microsoft.identity.common.java.dto.AccountRecord;
 import com.microsoft.identity.common.java.request.SdkType;
 import com.microsoft.identity.common.java.result.AcquireTokenResult;

msal/src/test/java/com/microsoft/identity/client/e2e/shadows/ShadowDeviceCodeFlowCommandSuccessful.java

@@ -22,10 +22,10 @@
 // THE SOFTWARE.
 package com.microsoft.identity.client.e2e.shadows;
 
+import com.microsoft.identity.common.java.commands.DeviceCodeFlowCommand;
+import com.microsoft.identity.common.java.commands.DeviceCodeFlowCommandCallback;
 import com.microsoft.identity.common.java.exception.ErrorStrings;
 import com.microsoft.identity.common.java.exception.ServiceException;
-import com.microsoft.identity.common.internal.commands.DeviceCodeFlowCommand;
-import com.microsoft.identity.common.internal.commands.DeviceCodeFlowCommandCallback;
 import com.microsoft.identity.common.java.result.AcquireTokenResult;
 
 import org.robolectric.annotation.Implements;