Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial skeleton and design document for Native Auth features #7414

Draft
wants to merge 11 commits into
base: dev
Choose a base branch
from
Draft

Initial skeleton and design document for Native Auth features #7414

wants to merge 11 commits into from
+3,370 −0

Conversation

shenj
Copy link

@shenj shenj commented Nov 11, 2024

No description provided.

@github-actions github-actions bot added documentation Related to documentation. msal-browser Related to msal-browser package labels Nov 11, 2024
axhaferllari
axhaferllari reviewed Nov 22, 2024
View reviewed changes
lib/msal-native-auth/rollup.config.js Show resolved Hide resolved
lib/msal-native-auth/samples/SignInSample.ts Show resolved Hide resolved
lib/msal-native-auth/package.json Show resolved Hide resolved
lib/msal-native-auth/samples/lib/msal-native-auth.samples.js
@@ -0,0 +1,107 @@
'use strict';
(function (global, factory) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks like another sample, do we need this here?

lib/msal-native-auth/src/INativeAuthPublicClientApplication.ts
SignUpOptions,
} from "./NativeAuthActionOptions.js";

export interface INativeAuthPublicClientApplication {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion on the naming of the interface (not sure though what is the followed standard):
NativeAuthClient

lib/msal-native-auth/src/NativeAuthConstants.ts
* Licensed under the MIT License.
*/

export const GrantTypeConstants = {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe the Constants postfix should not be needed

lib/msal-native-auth/src/NativeAuthPublicClientApplication.ts
import { NativeAuthOperatingContext } from "./operating_context/NativeAuthOperatingContext.js";

export class NativeAuthPublicClientApplication
extends PublicClientApplication
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this extends PublicClientApplicatoin from msal-browser?

lib/msal-native-auth/doc/tech-design/Tech Design.md Outdated
// Code is required.
// Collect code from customer.
const code = "test-code";
const submitCodeResult = await signInResult.nextStateHandler.submitCode(code);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this not the ideal design, because it starts from the assumption that the signInResults is a a specific type and has a submitCode function. I think as per Single Responsibility, signInResults object should contain only the state of the app.signIn call. The submit function instead should be exposed in the app object, so that is not tight to the result type.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think an alternative approach to expose the SDK functions can be like (high level design):

const authApp= NativeAuthPublicClientApplication.create(config);

async function startSignIn() {
  const signInResult = await app.signIn(signInOptions);
  
  if (signInResult .state === SignInState.CodeRequired) {
    navigate("/code-required");
  } else if (signInResult .state === SignInState.PasswordRequired) {
   navigate("/password-required");
  } else if (signInResult .state === SignInState.Error) {
     // show error
  }
}

async function onCodeSubmit(code) {
  const result= await app.signInCodeSubmit(code);
  
  if (signInResult .state === SignInState.CodeRequired) {
    navigate("/code-required");
  } else if (signInResult .state === SignInState.PasswordRequired) {
   navigate("/password-required");
  } else if (signInResult .state === SignInState.Error) {
     // show error
  }else if (signInResult .state === SignInState.Completed) {
     // fetch token
  }
}

By exposing the functions to authApp instance allows decoupling, making more flexible to consume the library.

lib/msal-native-auth/doc/tech-design/Tech Design.md Outdated

const accountInfo: AccountInfo | undefined;

if (signInResult.isFlowCompleted()) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

signInResult should only contain the state of the function call, in this case isFlowCompleted can be converted to a state.

axhaferllari
axhaferllari reviewed Nov 22, 2024
View reviewed changes
lib/msal-native-auth/src/NativeAuthPublicClientApplication.ts
* Creates a new instance of a PublicClientApplication with the given configuration.
* @param config - A configuration object for the PublicClientApplication instance
*/
static create(
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be a method to retrive as well the created instance

axhaferllari
axhaferllari reviewed Nov 22, 2024
View reviewed changes
lib/msal-native-auth/src/auth_flow/state_handler/ResetPasswordStateHandler.ts
/*
* Reset password handler for the state of code required.
*/
export class ResetPasswordCodeRequiredStateHandler extends ResetPasswordStateHandler {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this class is extending ResetPasswordStateHandler?

axhaferllari
axhaferllari reviewed Nov 22, 2024
View reviewed changes
lib/msal-native-auth/src/controller/NativeAuthStandardController.ts Outdated
Comment on lines 103 to 178
try {
// The authority URL need to be revisited to ensure it is correct.
const authorityUrl = this.config.auth.authority;

// start the signin flow
const signInStartParams: SignInStartParams = new SignInStartParams(
authorityUrl,
this.config.auth.clientId,
correlationId,
this.nativeAuthConfig.nativeAuth.challengeTypes ?? [],
signInOptions.scopes ?? [],
signInOptions.username,
signInOptions.password
);

const startResult = await this.signInClient.start(
signInStartParams
);

if (startResult instanceof SignInWithContinuationTokenResult) {
// require password
if (!signInOptions.password) {
return new SignInResult(
undefined,
new SignInPasswordRequiredStateHandler(
this.signInClient,
correlationId,
startResult.continuationToken,
this.nativeAuthConfig,
signInOptions.scopes
)
);
}

// if the password is provided, then try to get token silently.
const signInSubmitPasswordParams =
new SignInSubmitPasswordParams(
authorityUrl,
this.config.auth.clientId,
correlationId,
this.nativeAuthConfig.nativeAuth.challengeTypes ?? [],
signInOptions.scopes ?? [],
startResult.continuationToken,
signInOptions.password
);

const completedResult = await this.signInClient.submitPassword(
signInSubmitPasswordParams
);

const accountManager = new AccountInfo(
completedResult.authenticationResult.account,
correlationId,
this.nativeAuthConfig
);

return new SignInResult(accountManager);
} else if (startResult instanceof SignInCodeSendResponse) {
// require code
return new SignInResult(
undefined,
new SignInCodeRequiredStateHandler(
this.signInClient,
correlationId,
startResult.continuationToken,
this.nativeAuthConfig,
signInOptions.scopes
)
);
} else {
throw new UnexpectedError("Unknow SignInStartResult type");
}
} catch (error) {
return SignInResult.createWithError(error);
}
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My suggestion here is to refactor this method because there are early returns disconected from each other, making the code hard to read and test.

axhaferllari
axhaferllari reviewed Nov 22, 2024
View reviewed changes
lib/msal-native-auth/src/controller/NativeAuthStandardController.ts
signInOptions.password
);

const completedResult = await this.signInClient.submitPassword(
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The submitPassword method here might not necessarily return a complete, Can the server might respond with another challenge?

axhaferllari
axhaferllari reviewed Nov 22, 2024
View reviewed changes
lib/msal-native-auth/src/controller/NativeAuthStandardController.ts Outdated
* @param signInOptions - Options for signing in the user.
* @returns The result of the operation.
*/
async signIn(signInOptions: SignInInputs): Promise<SignInResult> {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as discussed, IMHO, this call should return the signInClient instead of a signInResult, or eventually allow the user to specify the flow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@axhaferllari axhaferllari axhaferllari left review comments

@sameerag sameerag Awaiting requested review from sameerag sameerag will be requested when the pull request is marked ready for review sameerag is a code owner

@tnorling tnorling Awaiting requested review from tnorling tnorling will be requested when the pull request is marked ready for review tnorling is a code owner

@hectormmg hectormmg Awaiting requested review from hectormmg hectormmg will be requested when the pull request is marked ready for review hectormmg is a code owner

@jo-arroyo jo-arroyo Awaiting requested review from jo-arroyo jo-arroyo will be requested when the pull request is marked ready for review jo-arroyo is a code owner

@peterzenz peterzenz Awaiting requested review from peterzenz peterzenz will be requested when the pull request is marked ready for review peterzenz is a code owner

@konstantin-msft konstantin-msft Awaiting requested review from konstantin-msft konstantin-msft will be requested when the pull request is marked ready for review konstantin-msft is a code owner

@lalimasharda lalimasharda Awaiting requested review from lalimasharda lalimasharda will be requested when the pull request is marked ready for review lalimasharda is a code owner

@shylasummers shylasummers Awaiting requested review from shylasummers shylasummers will be requested when the pull request is marked ready for review shylasummers is a code owner

@bgavrilMS bgavrilMS Awaiting requested review from bgavrilMS bgavrilMS will be requested when the pull request is marked ready for review bgavrilMS is a code owner

@Robbie-Microsoft Robbie-Microsoft Awaiting requested review from Robbie-Microsoft Robbie-Microsoft will be requested when the pull request is marked ready for review Robbie-Microsoft is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
documentation Related to documentation. msal-browser Related to msal-browser package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shenj @axhaferllari