Add WebAuthn version support in configuration, Fixes AB#3385532 #2393
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
❌ Work item link check failed. Description does not contain AB#{ID}. Click here to Learn more. |
p3dr0rv
changed the title
|
✅ Work item link check complete. Description contains link AB#3385532 to an Azure Boards work item. |
github-actions
bot
changed the title
|
❌ Work item link check failed. Description does not contain AB#{ID}. Click here to Learn more. |
|
✅ Work item link check complete. Description contains link AB#3385532 to an Azure Boards work item. |
…er addition logic
…rences in related classes
There was a problem hiding this comment.
Pull Request Overview
This PR adds WebAuthn protocol version configuration support to enable testing of WebAuthn/passkey flows in broker-less scenarios on PPE MSA environments. The primary objective is to allow apps to specify WebAuthn version 1.1 in their configuration and have the SDK automatically include the appropriate passkey protocol headers when conditions are met.
Key changes:
- Added
webauthn_versionconfiguration field with serialization, accessors, and merge logic - Implemented conditional passkey protocol header injection based on WebAuthn version, Android version, and authorization agent
- Enhanced test app to append MSA OAuth2 query parameter for PPE WebAuthn testing when using version 1.1
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| msal_config_webview_ppe_msa.json | Adds webauthn_version 1.1 to test configuration for PPE MSA WebView testing |
| MsalWrapper.java | Conditionally appends msaoauth2=true query parameter for PPE WebAuthn 1.1 testing |
| CommandParametersAdapter.java | Implements passkey header logic with version checks and helper methods |
| PublicClientApplicationConfiguration.java | Adds webauthn_version field with serialization and configuration merge support |
| versions.gradle | Adds webkit dependency version declaration |
| common | Updates subproject commit reference |
| changelog | Documents the WebAuthn version support feature |
msal/src/main/java/com/microsoft/identity/client/internal/CommandParametersAdapter.java
Outdated
Show resolved
Hide resolved
msal/src/main/java/com/microsoft/identity/client/internal/CommandParametersAdapter.java
Outdated
Show resolved
Hide resolved
testapps/testapp/src/main/java/com/microsoft/identity/client/testapp/MsalWrapper.java
Outdated
Show resolved
Hide resolved
…andParametersAdapter.java Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…estapp/MsalWrapper.java Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…andParametersAdapter.java Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…CommandParametersAdapter
melissaahn
approved these changes
Oct 24, 2025
msal/src/main/java/com/microsoft/identity/client/internal/CommandParametersAdapter.java
Show resolved
Hide resolved
msal/src/main/java/com/microsoft/identity/client/internal/CommandParametersAdapter.java
Outdated
Show resolved
Hide resolved
msal/src/main/java/com/microsoft/identity/client/internal/CommandParametersAdapter.java
Outdated
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
AB#3385532
https://identitydivision.visualstudio.com/DevEx/_git/AuthLibrariesApiReview/pullrequest/20357
Add WebAuthn Version Support and Passkey Headers
This PR adds support for handling the WebAuthn protocol version in the app configuration and authentication flow for broker-less scenarios. also enables testing on WEBVIEW PPE MSA
Changes:
webauthn_versionfield toPublicClientApplicationConfiguration, including serialization, accessors, and merge logic, allowing apps to define and retrieve the WebAuthn version from configuration files.CommandParametersAdapterto include passkey protocol headers in authentication requests when WebAuthn is enabled, supported (Android 9+), Authorization agent is Webview and the version is 1.1.MsalWrapper) to append themsaoauth2=trueparameter to query strings when running in the pre-production environment with WebAuthn 1.1 enabled, enabling proper testing of WebAuthn flows.Related PR: AzureAD/microsoft-authentication-library-common-for-android#2769
Test
1- create account https://signup.live-int.com/?lic=1
2 - Install msal test app, (ensure no broker is installed)
3 - change config to MSA_WEBVIEW_PPE
4- Click acquire token and complete auth flow (username, password)
5 - User is presented with the option to register a passkey, complete the flow, and you will end up with a token and a passkey.
6 - try again with no user selected and use the passkey.