Skip to content

Read BART from ests response when refresh_token_type & set deviceID #1604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Nov 14, 2025
Merged

Read BART from ests response when refresh_token_type & set deviceID #1604

merged 7 commits into from
Nov 14, 2025

Conversation

@ameyapat
Copy link
Contributor

@ameyapat ameyapat commented Oct 26, 2025

Proposed changes

When ESTS response contains refresh_token_type = bound_app_rt, it indicates Bound app refresh token (BART). This PR aims to read that and initialize BoundRefreshToken and set it as so in broker response.

Type of change

  • Feature work
  • Bug fix
  • Documentation
  • Engineering change
  • Test
  • Logging/Telemetry

Risk

  • High – Errors could cause MAJOR regression of many scenarios. (Example: new large features or high level infrastructure changes)
  • Medium – Errors could cause regression of 1 or more scenarios. (Example: somewhat complex bug fixes, small new features)
  • Small – No issues are expected. (Example: Very small bug fixes, string changes, or configuration settings changes)

Additional information

@ameyapat ameyapat requested a review from a team as a code owner October 26, 2025 23:46
Copilot AI reviewed Oct 26, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for reading Bound App Refresh Tokens (BART) from ESTS responses. When the server response contains refresh_token_type = bound_app_rt, the code now initializes a MSIDBoundRefreshToken object instead of a standard refresh token and associates it with the device ID.

Key Changes

  • Introduced new constants for BART detection (MSID_REFRESH_TOKEN_TYPE, MSID_REFRESH_TOKEN_TYPE_BOUND_APP_RT, MSID_BART_DEVICE_ID_KEY)
  • Added boundAppRefreshTokenDeviceId property to MSIDTokenResponse to capture device ID from server responses
  • Modified token creation logic in both MSIDOauth2Factory and MSIDTokenResponseValidator to create MSIDBoundRefreshToken instances when BART is detected

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
MSIDTokenResponseValidator.m Adds logic to convert standard refresh tokens to bound refresh tokens when BART is detected in token validation
MSIDOauth2Factory.m Implements BART detection and conversion during refresh token creation from server response
MSIDTokenResponse.h/.m Adds property to store bound app refresh token device ID from server response
MSIDOAuth2Constants.h/.m Defines constants for refresh token type detection
MSIDBrokerConstants.h/.m Adds constant for BART device ID key used in broker communication

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ameyapat
Merge branch 'release/1.17.1' into ameyapat/read-bart-rt-type-from-es…
383ecb5 
…ts-response

* release/1.17.1: (33 commits)
  Update changelog.txt
  Resolve error
  Reset flag in teardown
  Address comments
  Remove flight and test
  Update changelog
  Check boolValue but not presence of value. Add more unit tests
  Mocking flight and cache value
  Add Feature flag and cache to control enablement
  trigger pipeline
  Clean up changes
  fix a typo
  fix deprecation compiling issue
  Update test and number in time based claims
  Fix UT
  Add long casting
  Updating error to interaction required
  remove extra ;
  Address comment
  Support domain_hint param.
  ...

# Conflicts:
#	IdentityCore/src/MSIDOAuth2Constants.m
@ameyapat
Refactor condition for readability
3092463
@ameyapat
Add changelog entry
2549cb9
@ameyapat
Simplify condition
9d64382
@ameyapat ameyapat changed the base branch from dev to release/1.17.1 November 12, 2025 01:04
kaisong1990
kaisong1990 reviewed Nov 13, 2025
View reviewed changes
Copy link
Contributor

@kaisong1990 kaisong1990 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor questions

kaisong1990
kaisong1990 approved these changes Nov 14, 2025
View reviewed changes
@ameyapat ameyapat merged commit 8adb775 into release/1.17.1 Nov 14, 2025
12 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kaisong1990 kaisong1990 kaisong1990 approved these changes

@gagandeepghai gagandeepghai Awaiting requested review from gagandeepghai gagandeepghai is a code owner automatically assigned from AzureAD/appleidentityteam

@oldalton oldalton Awaiting requested review from oldalton oldalton is a code owner automatically assigned from AzureAD/appleidentityteam

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ameyapat @kaisong1990