[SIWG] Pass Sign In With Google credential to broker, Fixes AB#3100603 (

#2573) Fixes [AB#3100603](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3100603) The PR adds to allow passing google id token credential from app side (in OneAuth) to Android Broker via Android Common. OneAuth can get the id token by using Sign In With Google component added earlier and pass it to Android Broker via BrokerRequest object. Changes include: 1. Make SignInWithGoogleCredential object serializable to allow passing the object from app side to broker as part of BrokerRequest. 2. Locally the reference to object can be maintained in Android AndroidInteractiveTokenCommandParameters which is renamed from AndroidActivityInteractiveTokenCommandParameters to be more flexible to accommodate more fields. 3. On Broker received, BrokerRequest is deserialized. If it has google credentials, it will be attached in BrokerInteractiveTokenCommandParameters as headers (x-ms-fidp-token: <itoken calue>) and extra query parameters (id_provder=google.com). Refer Broker PR. 4. Updated latest broker version to 17. OneAuth should call broker for sign in with google flow only if the broker version supports this version. OneAuth does broker version check early in deciding if support broker is present or not. 5. Added Unit tests. Related PRs: Broker: AzureAD/ad-accounts-for-android#3038 MSAL: AzureAD/microsoft-authentication-library-for-android#2247
AzureAD · Jan 29, 2025 · b1e33fb · b1e33fb
1 parent 99a061e
commit b1e33fb
Show file tree

Hide file tree

Showing 25 changed files with 251 additions and 60 deletions.
diff --git a/changelog.txt b/changelog.txt
@@ -1,5 +1,6 @@
 vNext
 ----------
+- [MAJOR] Pass google id token to broker for enabling Sign in with Google (#2573)
 - [MINOR] Organize browser selection classes and change signature for get AuthorizationStrategy (#2564)
 - [MINOR] Add support for OneBox Environment (#2559)
 - [MINOR] Add support for claims requests for native authentication (#2572)

diff --git a/...on/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java b/...on/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java
@@ -605,7 +605,7 @@ public static final class Broker {
          *
          * @see <a href="https://identitydivision.visualstudio.com/DevEx/_git/AuthLibrariesApiReview?path=/%5BAndroid%5D%20Broker%20API/broker_protocol_versions.md">Android Auth Broker Protocol Versions</a>
          */
-        public static final String LATEST_MSAL_TO_BROKER_PROTOCOL_VERSION_CODE = "16.0";
+        public static final String LATEST_MSAL_TO_BROKER_PROTOCOL_VERSION_CODE = "17.0";
 
         /**
          * The maximum msal-to-broker protocol version known by clients such as MSAL Android.

diff --git a/common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerRequest.java b/common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerRequest.java
@@ -26,6 +26,7 @@
 import androidx.annotation.Nullable;
 
 import com.google.gson.annotations.SerializedName;
+import com.microsoft.identity.common.internal.msafederation.google.SignInWithGoogleCredential;
 import com.microsoft.identity.common.java.authscheme.AbstractAuthenticationScheme;
 import com.microsoft.identity.common.java.opentelemetry.SerializableSpanContext;
 import com.microsoft.identity.common.java.providers.oauth2.OpenIdConnectPromptParameter;
@@ -79,6 +80,7 @@ private static final class SerializedNames {
         final static String PREFERRED_AUTH_METHOD = "preferred_auth_method";
         final static String ACCOUNT_TRANSFER_TOKEN = "account_transfer_token";
         final static String SUPPRESS_ACCOUNT_PICKER = "suppress_account_picker";
+        final static String SIGN_IN_WITH_GOOGLE_CREDENTIAL = "sign_in_with_google_credential";
     }
 
     /**
@@ -266,4 +268,8 @@ private static final class SerializedNames {
      */
     @SerializedName(SerializedNames.SUPPRESS_ACCOUNT_PICKER)
     private boolean mSuppressAccountPicker;
+
+    @Nullable
+    @SerializedName(SerializedNames.SIGN_IN_WITH_GOOGLE_CREDENTIAL)
+    private SignInWithGoogleCredential mSignInWithGoogleCredential;
 }
diff --git a/...ityInteractiveTokenCommandParameters.java → ...oidInteractiveTokenCommandParameters.java b/...ityInteractiveTokenCommandParameters.java → ...oidInteractiveTokenCommandParameters.java
@@ -25,6 +25,7 @@
 import android.app.Activity;
 
 import com.microsoft.identity.common.internal.controllers.BrokerMsalController;
+import com.microsoft.identity.common.internal.msafederation.google.SignInWithGoogleCredential;
 import com.microsoft.identity.common.java.commands.parameters.InteractiveTokenCommandParameters;
 
 import lombok.EqualsAndHashCode;
@@ -39,6 +40,8 @@
 @Getter
 @SuperBuilder(toBuilder = true)
 @EqualsAndHashCode(callSuper = true)
-public class AndroidActivityInteractiveTokenCommandParameters extends InteractiveTokenCommandParameters {
+public class AndroidInteractiveTokenCommandParameters extends InteractiveTokenCommandParameters {
     private transient final Activity activity;
+
+    private final SignInWithGoogleCredential signInWithGoogleCredential;
 }
diff --git a/...rc/main/java/com/microsoft/identity/common/internal/controllers/BrokerMsalController.java b/...rc/main/java/com/microsoft/identity/common/internal/controllers/BrokerMsalController.java
@@ -67,7 +67,7 @@
 import com.microsoft.identity.common.internal.cache.ClientActiveBrokerCache;
 import com.microsoft.identity.common.internal.cache.HelloCache;
 import com.microsoft.identity.common.internal.cache.HelloCacheResult;
-import com.microsoft.identity.common.internal.commands.parameters.AndroidActivityInteractiveTokenCommandParameters;
+import com.microsoft.identity.common.internal.commands.parameters.AndroidInteractiveTokenCommandParameters;
 import com.microsoft.identity.common.internal.request.MsalBrokerRequestAdapter;
 import com.microsoft.identity.common.internal.result.MsalBrokerResultAdapter;
 import com.microsoft.identity.common.internal.telemetry.Telemetry;
@@ -358,8 +358,8 @@ public AcquireTokenResult acquireToken(final @NonNull InteractiveTokenCommandPar
         final Intent interactiveRequestIntent = getBrokerAuthorizationIntent(parameters);
 
         Activity activity = null;
-        if (parameters instanceof AndroidActivityInteractiveTokenCommandParameters) {
-            activity = ((AndroidActivityInteractiveTokenCommandParameters) parameters).getActivity();
+        if (parameters instanceof AndroidInteractiveTokenCommandParameters) {
+            activity = ((AndroidInteractiveTokenCommandParameters) parameters).getActivity();
         }
 
         //Pass this intent to the BrokerActivity which will be used to start this activity

diff --git a/...ederation/IFederatedCredentialCallback.kt → ...ration/IMsaFederatedCredentialCallback.kt b/...ederation/IFederatedCredentialCallback.kt → ...ration/IMsaFederatedCredentialCallback.kt
@@ -26,7 +26,7 @@ package com.microsoft.identity.common.internal.msafederation
  * Interface for Federated Credential Callback. Helps calling sign methods
  * async from java.
  */
-interface IFederatedCredentialCallback<R : FederatedCredential> {
+interface IMsaFederatedCredentialCallback<R : MsaFederatedCredential> {
     /**
      * Called when the sign in is successful.
      */

diff --git a/...msafederation/IFederatedSignInProvider.kt → ...federation/IMsaFederatedSignInProvider.kt b/...msafederation/IFederatedSignInProvider.kt → ...federation/IMsaFederatedSignInProvider.kt
@@ -25,7 +25,7 @@ package com.microsoft.identity.common.internal.msafederation
 /**
  * Internal interface for Federated Sign In Providers.
  */
-internal interface IFederatedSignInProvider {
-    suspend fun signIn(): Result<FederatedCredential>
+internal interface IMsaFederatedSignInProvider {
+    suspend fun signIn(): Result<MsaFederatedCredential>
     suspend fun signOut()
 }
diff --git a/...rnal/msafederation/FederatedCredential.kt → ...l/msafederation/MsaFederatedCredential.kt b/...rnal/msafederation/FederatedCredential.kt → ...l/msafederation/MsaFederatedCredential.kt
@@ -22,8 +22,11 @@
 // THE SOFTWARE.
 package com.microsoft.identity.common.internal.msafederation
 
+import com.google.gson.annotations.SerializedName
+import java.util.AbstractMap
+
 /**
  * Represents credential artifact as result of successful sign in into a federated sign in provider
  * (Google/Apple). It can contain id token and/or auth code. See implementations for more details.
  */
-abstract class FederatedCredential(val federatedSignInProviderName: FederatedSignInProviderName)
+abstract class MsaFederatedCredential(@SerializedName("signInProviderName") val signInProviderName: MsaFederatedSignInProviderName)
diff --git a/...safederation/FederatedSignInParameters.kt → ...ederation/MsaFederatedSignInParameters.kt b/...safederation/FederatedSignInParameters.kt → ...ederation/MsaFederatedSignInParameters.kt
@@ -25,6 +25,6 @@ package com.microsoft.identity.common.internal.msafederation
 /**
  * Parameters for Federated Sign In. e.g. SignInWithGoogleParameters for Google.
  */
-abstract class FederatedSignInParameters {
-    abstract val providerName: FederatedSignInProviderName
+abstract class MsaFederatedSignInParameters {
+    abstract val providerName: MsaFederatedSignInProviderName
 }
diff --git a/...eration/FederatedSignInProviderFactory.kt → ...tion/MsaFederatedSignInProviderFactory.kt b/...eration/FederatedSignInProviderFactory.kt → ...tion/MsaFederatedSignInProviderFactory.kt
@@ -29,14 +29,14 @@ import com.microsoft.identity.common.internal.msafederation.google.SignInWithGoo
  * Factory class to get the Federated Sign In Provider based on provider type in parameters
  * Currently only Google is supported.
  */
-internal object FederatedSignInProviderFactory {
+internal object MsaFederatedSignInProviderFactory {
 
     /**
      * Get the Federated Sign In Provider based on provider type in parameters.
      */
-    fun getProvider(parameters: FederatedSignInParameters): IFederatedSignInProvider {
+    fun getProvider(parameters: MsaFederatedSignInParameters): IMsaFederatedSignInProvider {
         return when (parameters.providerName) {
-            FederatedSignInProviderName.GOOGLE -> GoogleSignInProvider.create(parameters as SignInWithGoogleParameters, MsaFederationConstants.GOOGLE_MSA_WEB_CLIENT_ID)
+            MsaFederatedSignInProviderName.GOOGLE -> GoogleSignInProvider.create(parameters as SignInWithGoogleParameters, MsaFederationConstants.GOOGLE_MSA_WEB_CLIENT_ID)
 
             else -> {
                 throw IllegalArgumentException("Unsupported provider type")

diff --git a/...federation/FederatedSignInProviderName.kt → ...eration/MsaFederatedSignInProviderName.kt b/...federation/FederatedSignInProviderName.kt → ...eration/MsaFederatedSignInProviderName.kt
@@ -26,7 +26,7 @@ package com.microsoft.identity.common.internal.msafederation
  * Enum class for Federated Sign In Provider Name like Google, Apple
  * Currently only Google is supported.
  */
-enum class FederatedSignInProviderName(private val idProviderName: String) {
+enum class MsaFederatedSignInProviderName(private val idProviderName: String) {
     GOOGLE("google.com"),
     APPLE("apple.com"); // would be used later
 

diff --git a/...main/java/com/microsoft/identity/common/internal/msafederation/MsaFederationExtensions.kt b/...main/java/com/microsoft/identity/common/internal/msafederation/MsaFederationExtensions.kt
@@ -0,0 +1,41 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+@file:JvmName("MsaFederationExtensions")
+package com.microsoft.identity.common.internal.msafederation
+
+import com.microsoft.identity.common.internal.msafederation.google.SignInWithGoogleCredential
+import java.util.AbstractMap
+
+/**
+ * Helper/Extension method to create header that can be used in MSA authorization
+ */
+fun SignInWithGoogleCredential.getIdProviderHeadersForAuthorization(): Map<String, String> {
+    return mapOf(MsaFederationConstants.MSA_ID_TOKEN_HEADER_KEY to this.idToken)
+}
+
+/**
+ * Helper/Extension method to create query parameter that can be used in MSA authorization
+ */
+fun SignInWithGoogleCredential.getIdProviderExtraQueryParamForAuthorization(): Map.Entry<String, String> {
+    return AbstractMap.SimpleEntry(MsaFederationConstants.MSA_ID_PROVIDER_EXTRA_QUERY_PARAM_KEY, signInProviderName.getIdProviderName())
+}
diff --git a/.../java/com/microsoft/identity/common/internal/msafederation/google/GoogleSignInProvider.kt b/.../java/com/microsoft/identity/common/internal/msafederation/google/GoogleSignInProvider.kt
@@ -32,7 +32,7 @@ import com.google.android.libraries.identity.googleid.GetGoogleIdOption
 import com.google.android.libraries.identity.googleid.GetSignInWithGoogleOption
 import com.google.android.libraries.identity.googleid.GoogleIdTokenCredential
 import com.google.android.libraries.identity.googleid.GoogleIdTokenParsingException
-import com.microsoft.identity.common.internal.msafederation.IFederatedSignInProvider
+import com.microsoft.identity.common.internal.msafederation.IMsaFederatedSignInProvider
 import com.microsoft.identity.common.java.base64.Base64Util
 import com.microsoft.identity.common.java.exception.ClientException
 import com.microsoft.identity.common.logging.Logger
@@ -48,7 +48,7 @@ import java.security.SecureRandom
 internal class GoogleSignInProvider(private val credentialManager: CredentialManager,
                            private val parameters: SignInWithGoogleParameters,
                            private val webClientId: String
-) : IFederatedSignInProvider {
+) : IMsaFederatedSignInProvider {
 
     companion object {
         private const val TAG = "GoogleSignInProvider"

diff --git a/...soft/identity/common/internal/msafederation/google/ISignInWithGoogleCredentialCallback.kt b/...soft/identity/common/internal/msafederation/google/ISignInWithGoogleCredentialCallback.kt
@@ -22,13 +22,13 @@
 // THE SOFTWARE.
 package com.microsoft.identity.common.internal.msafederation.google
 
-import com.microsoft.identity.common.internal.msafederation.IFederatedCredentialCallback
+import com.microsoft.identity.common.internal.msafederation.IMsaFederatedCredentialCallback
 
 /**
  * Interface for Federated Credential Callback. Helps calling sign methods
  * async from java.
  */
 interface ISignInWithGoogleCredentialCallback :
-    IFederatedCredentialCallback<SignInWithGoogleCredential> {
+    IMsaFederatedCredentialCallback<SignInWithGoogleCredential> {
     override fun onSuccess(credential: SignInWithGoogleCredential)
 }
diff --git a/...n/java/com/microsoft/identity/common/internal/msafederation/google/SignInWithGoogleApi.kt b/...n/java/com/microsoft/identity/common/internal/msafederation/google/SignInWithGoogleApi.kt
@@ -23,7 +23,7 @@
 package com.microsoft.identity.common.internal.msafederation.google
 
 import android.app.Activity
-import com.microsoft.identity.common.internal.msafederation.FederatedSignInProviderFactory
+import com.microsoft.identity.common.internal.msafederation.MsaFederatedSignInProviderFactory
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.launch
@@ -34,7 +34,7 @@ import kotlinx.coroutines.withContext
  * Entry point for signing in with Google into MSA.
  */
 class SignInWithGoogleApi internal constructor(
-    private val federatedSignInProviderFactory: FederatedSignInProviderFactory){
+    private val federatedSignInProviderFactory: MsaFederatedSignInProviderFactory){
 
     companion object {
         private const val TAG = "SignInWithGoogleApi"
@@ -45,9 +45,14 @@ class SignInWithGoogleApi internal constructor(
         @JvmStatic
         fun getInstance(): SignInWithGoogleApi {
             return instance ?: synchronized(this) {
-                instance ?: SignInWithGoogleApi(FederatedSignInProviderFactory).also { instance = it }
+                instance ?: SignInWithGoogleApi(MsaFederatedSignInProviderFactory).also { instance = it }
             }
         }
+
+        @JvmStatic
+        fun setInstance(api: SignInWithGoogleApi) {
+            instance = api
+        }
     }
 
     /**

diff --git a/...com/microsoft/identity/common/internal/msafederation/google/SignInWithGoogleCredential.kt b/...com/microsoft/identity/common/internal/msafederation/google/SignInWithGoogleCredential.kt
@@ -22,21 +22,16 @@
 // THE SOFTWARE.
 package com.microsoft.identity.common.internal.msafederation.google
 
-import com.microsoft.identity.common.internal.msafederation.MsaFederationConstants.MSA_ID_TOKEN_HEADER_KEY
-import com.microsoft.identity.common.internal.msafederation.FederatedCredential
-import com.microsoft.identity.common.internal.msafederation.FederatedSignInProviderName
+import com.google.gson.annotations.SerializedName
+import com.microsoft.identity.common.internal.msafederation.MsaFederatedCredential
+import com.microsoft.identity.common.internal.msafederation.MsaFederatedSignInProviderName
+import java.io.Serializable
 
 /**
  * Represents credential artifact as result of successful sign in with google
  * It can contain id token.
  */
-data class SignInWithGoogleCredential internal constructor(internal val idToken: String) : FederatedCredential(FederatedSignInProviderName.GOOGLE) {
-
-    /**
-     * Helper method to create header that can be used in MSA
-     * authorization. (Move to better place.)
-     */
-    fun asHeaders(): Map<String, String> {
-        return mapOf(MSA_ID_TOKEN_HEADER_KEY to idToken)
-    }
+data class SignInWithGoogleCredential internal constructor(
+    @SerializedName("idToken") internal val idToken: String) : MsaFederatedCredential(MsaFederatedSignInProviderName.GOOGLE), Serializable {
 }
+
diff --git a/...com/microsoft/identity/common/internal/msafederation/google/SignInWithGoogleParameters.kt b/...com/microsoft/identity/common/internal/msafederation/google/SignInWithGoogleParameters.kt
@@ -23,8 +23,8 @@
 package com.microsoft.identity.common.internal.msafederation.google
 
 import android.app.Activity
-import com.microsoft.identity.common.internal.msafederation.FederatedSignInParameters
-import com.microsoft.identity.common.internal.msafederation.FederatedSignInProviderName
+import com.microsoft.identity.common.internal.msafederation.MsaFederatedSignInParameters
+import com.microsoft.identity.common.internal.msafederation.MsaFederatedSignInProviderName
 
 /**
  * SignInWithGoogleParameters holds the parameters required for signing in with Google.
@@ -34,7 +34,7 @@ import com.microsoft.identity.common.internal.msafederation.FederatedSignInProvi
  */
 data class SignInWithGoogleParameters(
     internal val activity: Activity
-) : FederatedSignInParameters() {
+) : MsaFederatedSignInParameters() {
 
     /**
      * Secondary constructor to initialize the parameters with an option to use a bottom sheet UI.
@@ -54,6 +54,6 @@ data class SignInWithGoogleParameters(
     /**
      * The provider type for the federated sign-in, which is Google in this case.
      */
-    override val providerName: FederatedSignInProviderName
-        get() = FederatedSignInProviderName.GOOGLE
+    override val providerName: MsaFederatedSignInProviderName
+        get() = MsaFederatedSignInProviderName.GOOGLE
 }
diff --git a/...com/microsoft/identity/common/internal/providers/oauth2/AuthorizationActivityFactory.java b/...com/microsoft/identity/common/internal/providers/oauth2/AuthorizationActivityFactory.java
@@ -41,8 +41,9 @@
 import androidx.annotation.NonNull;
 import androidx.fragment.app.Fragment;
 
-import com.microsoft.identity.common.internal.msafederation.FederatedSignInProviderName;
+import com.microsoft.identity.common.internal.msafederation.MsaFederatedSignInProviderName;
 import com.microsoft.identity.common.internal.msafederation.MsaFederationConstants;
+import com.microsoft.identity.common.internal.msafederation.MsaFederationExtensions;
 import com.microsoft.identity.common.internal.msafederation.google.SignInWithGoogleCredential;
 import com.microsoft.identity.common.internal.msafederation.google.SignInWithGoogleParameters;
 import com.microsoft.identity.common.internal.msafederation.google.SignInWithGoogleApi;
@@ -60,6 +61,7 @@
 
 import java.net.URISyntaxException;
 import java.util.HashMap;
+import java.util.Map;
 
 /**
  * Constructs intents and/or fragments for interactive requests based on library configuration and current request.
@@ -281,13 +283,14 @@ public static Intent getAuthorizationActivityIntent(final Context context,
     ) throws ClientException {
         // add header
         final HashMap<String, String> requestHeadersWithGoogleAuthCredential = requestHeaders == null? new HashMap<>() : new HashMap<>(requestHeaders);
-        requestHeadersWithGoogleAuthCredential.putAll(signInWithGoogleCredential.asHeaders());
+        requestHeadersWithGoogleAuthCredential.putAll(MsaFederationExtensions.getIdProviderHeadersForAuthorization(signInWithGoogleCredential));
 
         // add id provider query parameter
-        String requestUrlWithIdProvider = null;
+        String requestUrlWithIdProvider;
         try {
             final CommonURIBuilder uriBuilder = new CommonURIBuilder(requestUrl);
-            uriBuilder.addParameterIfAbsent(MsaFederationConstants.MSA_ID_PROVIDER_EXTRA_QUERY_PARAM_KEY, FederatedSignInProviderName.GOOGLE.getIdProviderName());
+            final Map.Entry<String, String> extraQueryParamForAuthorization = MsaFederationExtensions.getIdProviderExtraQueryParamForAuthorization(signInWithGoogleCredential);
+            uriBuilder.addParameterIfAbsent(extraQueryParamForAuthorization.getKey(), extraQueryParamForAuthorization.getValue());
             requestUrlWithIdProvider = uriBuilder.build().toString();
         } catch (final URISyntaxException e) {
             throw new ClientException(ClientException.MALFORMED_URL, "Failed to add id provider query parameter to request URL", e);

diff --git a/...rc/main/java/com/microsoft/identity/common/internal/request/MsalBrokerRequestAdapter.java b/...rc/main/java/com/microsoft/identity/common/internal/request/MsalBrokerRequestAdapter.java
@@ -49,6 +49,7 @@
 
 import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
 import com.microsoft.identity.common.internal.broker.BrokerRequest;
+import com.microsoft.identity.common.internal.commands.parameters.AndroidInteractiveTokenCommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.AcquirePrtSsoTokenCommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.DeviceCodeFlowCommandParameters;
 import com.microsoft.identity.common.java.commands.parameters.GenerateShrCommandParameters;
@@ -92,7 +93,7 @@ public BrokerRequest brokerRequestFromAcquireTokenParameters(@NonNull final Inte
         final String extraOptions = parameters.getExtraOptions() != null ?
                 QueryParamsAdapter._toJson(parameters.getExtraOptions()) : null;
 
-        final BrokerRequest brokerRequest = BrokerRequest.builder()
+        final BrokerRequest.BrokerRequestBuilder brokerRequestBuilder = BrokerRequest.builder()
                 .authority(parameters.getAuthority().getAuthorityURL().toString())
                 .scope(TextUtils.join(" ", parameters.getScopes()))
                 .redirect(parameters.getRedirectUri())
@@ -127,10 +128,14 @@ public BrokerRequest brokerRequestFromAcquireTokenParameters(@NonNull final Inte
                 .preferredBrowser(parameters.getPreferredBrowser())
                 .preferredAuthMethod(parameters.getPreferredAuthMethod())
                 .accountTransferToken(parameters.getAccountTransferToken())
-                .suppressAccountPicker(parameters.isSuppressBrokerAccountPicker())
-                .build();
+                .suppressAccountPicker(parameters.isSuppressBrokerAccountPicker());
 
-        return brokerRequest;
+        if (parameters instanceof AndroidInteractiveTokenCommandParameters) {
+            final AndroidInteractiveTokenCommandParameters androidInteractiveTokenCommandParameters = (AndroidInteractiveTokenCommandParameters) parameters;
+            brokerRequestBuilder.signInWithGoogleCredential(androidInteractiveTokenCommandParameters.getSignInWithGoogleCredential());
+        }
+
+        return brokerRequestBuilder.build();
     }
 
     @Override