Skip to content

Native auth: add new SDK error when authentication method is blocked #2734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 26, 2025
Merged

Native auth: add new SDK error when authentication method is blocked #2734

merged 3 commits into from
Sep 26, 2025

Conversation

nilo-ms
Copy link
Contributor

@nilo-ms nilo-ms commented Sep 26, 2025

Proposed changes

Add new SDK error when authentication method is blocked

Type of change

  • Feature work
  • Bug fix
  • Documentation
  • Engineering change
  • Test
  • Logging/Telemetry

Risk

  • High – Errors could cause MAJOR regression of many scenarios. (Example: new large features or high level infrastructure changes)
  • Medium – Errors could cause regression of 1 or more scenarios. (Example: somewhat complex bug fixes, small new features)
  • Small – No issues are expected. (Example: Very small bug fixes, string changes, or configuration settings changes)

@nilo-ms nilo-ms requested a review from a team as a code owner September 26, 2025 14:37
@Copilot Copilot AI review requested due to automatic review settings September 26, 2025 14:37
@nilo-ms nilo-ms added the native-auth Code related to native authentication label Sep 26, 2025
Copilot
Copilot AI reviewed Sep 26, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds new SDK error handling for when authentication methods are blocked (error code 550024), expanding the existing error handling system to provide more specific error types and messages when authentication methods or verification contacts are blocked by the server.

  • Added a new error type authMethodBlocked to the MFA request challenge error system
  • Added a new error type verificationContactBlocked to the registration strong auth challenge error system
  • Updated response validators to recognize error code 550024 and map it to appropriate blocked error types

Reviewed Changes

Copilot reviewed 19 out of 21 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
MFARequestChallengeError.swift Converted from generic error to specific error class with authMethodBlocked type
RegisterStrongAuthChallengeError.swift Added verificationContactBlocked error type
MSALNativeAuthErrorMessage.swift Added error messages for blocked authentication methods
MSALNativeAuthESTSApiErrorCodes.swift Added error code 550024 for authMethodBlocked
Various validator files Updated to handle error code 550024 and return appropriate blocked error types
Test files Added comprehensive test coverage for the new error scenarios

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@nilo-ms nilo-ms enabled auto-merge September 26, 2025 14:50
mustafamizrak
mustafamizrak reviewed Sep 26, 2025
View reviewed changes
MSAL/src/native_auth/network/responses/validator/jit/MSALNativeAuthJITResponseValidator.swift
let knownErrorCode = MSALNativeAuthESTSApiErrorCodes(rawValue: errorCode),
knownErrorCode == .invalidVerificationContact else {
if error.errorCodes?.contains(MSALNativeAuthESTSApiErrorCodes.authMethodBlocked.rawValue) == true {
let customErrorDescription = MSALNativeAuthErrorMessage.verificationContactBlocked + (error.errorDescription ?? "")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't be it MSALNativeAuthErrorMessage.authMethodBlocked?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. The auth method blocked message is for the MFA flow. We differentiate the error messages, because the user should act differently between the two errors.

@nilo-ms nilo-ms merged commit c4d1f01 into dev Sep 26, 2025
13 checks passed
@nilo-ms nilo-ms deleted the danilo/method-blocked-error branch September 26, 2025 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@azure-pipelines azure-pipelines[bot] azure-pipelines[bot] left review comments

Copilot code review Copilot Copilot left review comments

@mustafamizrak mustafamizrak mustafamizrak approved these changes

Assignees

No one assigned

Labels

native-auth Code related to native authentication

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nilo-ms @mustafamizrak