[Bug] Xamarin: Make library linker-safe

[tipa]

Which Version of MSAL are you using ?
MSAL 4.8.0

Platform
Xamarin.Android & Xamarin.iOS

Repro
Enable full linking in Xamarin project
iOS:

Android:

Expected behavior
Library works without any (or minimal) adjustments needed

Actual behavior
Usage of the library fails (see error below) because needed classes (or their constructors/methods) were removed/linked away. Affected classes are, amongst others, Microsoft.Identity.Client.Core.IdToken, Microsoft.Identity.Client.Instance.TenantDiscoveryResponse, Microsoft.Identity.Client.Instance.Discovery.InstanceDiscoveryResponse.
Previously (with v4.7.1) I only had to manually add class Microsoft.Identity.Client.BrowserTabActivity to the LinkDescription.xml, but with v4.8.0, many more classes need to be excluded from linking manually.

Possible Solution
It would be great if the SDK could be made linker-safe so that I wouldn't have to care and exclude classes manually. Afaik, this can be done by Attributes as described here or here

Additional context/ Logs / Screenshots

MSAL.Xamarin.iOS.4.8.0.0.MsalClientException:
ErrorCode: json_parse_failed
Microsoft.Identity.Client.MsalClientException: Failed to parse the returned id token. ---> Microsoft.Identity.Json.JsonSerializationException: Unable to find a constructor to use for type Microsoft.Identity.Client.Core.IdToken. A class should either have a default constructor, one constructor with arguments or a constructor marked with the JsonConstructor attribute. Path 'ver', line 1, position 7.
at Microsoft.Identity.Json.Serialization.JsonSerializerInternalReader.CreateNewObject (Microsoft.Identity.Json.JsonReader reader, Microsoft.Identity.Json.Serialization.JsonObjectContract objectContract, Microsoft.Identity.Json.Serialization.JsonProperty containerMember, Microsoft.Identity.Json.Serialization.JsonProperty containerProperty, System.String id, System.Boolean& createdFromNonDefaultCreator) [0x000d5] in :0

[bgavrilMS]

This looks like it's tied to the serialization work we've done. We've moved away from [DataContract] to Newtonsoft, and this seems to affect the serializer.

[trwalke]

Hi @tipa we are going to send you a preview package to test soon. What is a good email address that we can send it to?

[tipa]

partl_at_outlook.com

[bgavrilMS]

We've realeased a 4.8.1-preview https://www.nuget.org/packages/Microsoft.Identity.Client/4.8.1-preview1 that fixes the crashing bug found on 4.8.0 and improves linking.

During our testing with Linker Options set to Link ALL, we're hitting a Null Ref exception in App Center, with no possibility of figuring out the stack trace. So there may be a bug in there still and would be great if someone can verify on their app.

[tipa]

Can you perhaps give some more information about in what scenario you tested the 4.8.1-preview? Did the token refresh continue to work? I am currently on the fence testing that preview version in my app with a lot of users relying on the OneDrive connection to work reliably

[bgavrilMS]

We tested this manually around acquiring tokens interactive and silent, with a variety of web UIs (embedded browser, system browser, broker). We have automation for scenarios around token refresh, so I'd expect those to work. Today, our automation on Android and iOS cannot run system browsers and brokers (AppCenter limitations), but most scenarios are common between mobile and desktop and we test on desktop.

In MSAL 4.9 we will be releasing support for Android broker, which is something that you may want to use. Perhaps this would be a better time to upgrade?

[tipa]

I just tested briefly with v4.8.1-preview + Linker set to Full but I still encountered the same problem on both Android & iOS:

Microsoft.Identity.Json.JsonSerializationException: Unable to find a constructor to use for type Microsoft.Identity.Client.Instance.Discovery.InstanceDiscoveryResponse. A class should either have a default constructor, one constructor with arguments or a constructor marked with the JsonConstructor attribute. Path 'tenant_discovery_endpoint', line 1, position 29.
  at Microsoft.Identity.Json.Serialization.JsonSerializerInternalReader.CreateNewObject (Microsoft.Identity.Json.JsonReader reader, Microsoft.Identity.Json.Serialization.JsonObjectContract objectContract, Microsoft.Identity.Json.Serialization.JsonProperty containerMember, Microsoft.Identity.Json.Serialization.JsonProperty containerProperty, System.String id, System.Boolean& createdFromNonDefaultCreator) [0x000d5] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Json.Serialization.JsonSerializerInternalReader.CreateObject (Microsoft.Identity.Json.JsonReader reader, System.Type objectType, Microsoft.Identity.Json.Serialization.JsonContract contract, Microsoft.Identity.Json.Serialization.JsonProperty member, Microsoft.Identity.Json.Serialization.JsonContainerContract containerContract, Microsoft.Identity.Json.Serialization.JsonProperty containerMember, System.Object existingValue) [0x00148] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal (Microsoft.Identity.Json.JsonReader reader, System.Type objectType, Microsoft.Identity.Json.Serialization.JsonContract contract, Microsoft.Identity.Json.Serialization.JsonProperty member, Microsoft.Identity.Json.Serialization.JsonContainerContract containerContract, Microsoft.Identity.Json.Serialization.JsonProperty containerMember, System.Object existingValue) [0x0006d] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Json.Serialization.JsonSerializerInternalReader.Deserialize (Microsoft.Identity.Json.JsonReader reader, System.Type objectType, System.Boolean checkAdditionalContent) [0x000db] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Json.JsonSerializer.DeserializeInternal (Microsoft.Identity.Json.JsonReader reader, System.Type objectType) [0x00054] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Json.JsonSerializer.Deserialize (Microsoft.Identity.Json.JsonReader reader, System.Type objectType) [0x00000] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Json.JsonConvert.DeserializeObject (System.String value, System.Type type, Microsoft.Identity.Json.JsonSerializerSettings settings) [0x0002d] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Json.JsonConvert.DeserializeObject[T] (System.String value, Microsoft.Identity.Json.JsonSerializerSettings settings) [0x00000] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Json.JsonConvert.DeserializeObject[T] (System.String value) [0x00000] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.Utils.JsonHelper.DeserializeFromJson[T] (System.String json) [0x00012] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T] (Microsoft.Identity.Client.Http.HttpResponse response, Microsoft.Identity.Client.Core.RequestContext requestContext, System.Boolean addCorrelationId) [0x00029] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.OAuth2.OAuth2Client.ExecuteRequestAsync[T] (System.Uri endPoint, System.Net.Http.HttpMethod method, Microsoft.Identity.Client.Core.RequestContext requestContext, System.Boolean expectErrorsOn200OK) [0x002b3] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.OAuth2.OAuth2Client.DiscoverAadInstanceAsync (System.Uri endPoint, Microsoft.Identity.Client.Core.RequestContext requestContext) [0x0007e] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.Instance.Discovery.NetworkMetadataProvider.SendInstanceDiscoveryRequestAsync (System.Uri authority, Microsoft.Identity.Client.Core.RequestContext requestContext) [0x00125] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.Instance.Discovery.NetworkMetadataProvider.FetchAllDiscoveryMetadataAsync (System.Uri authority, Microsoft.Identity.Client.Core.RequestContext requestContext) [0x00078] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.Instance.Discovery.NetworkMetadataProvider.GetMetadataAsync (System.Uri authority, Microsoft.Identity.Client.Core.RequestContext requestContext) [0x000e0] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.Instance.Discovery.InstanceDiscoveryManager.FetchNetworkMetadataOrFallbackAsync (Microsoft.Identity.Client.Core.RequestContext requestContext, System.Uri authorityUri) [0x00083] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.Instance.Discovery.InstanceDiscoveryManager.GetMetadataEntryAsync (System.String authority, Microsoft.Identity.Client.Core.RequestContext requestContext) [0x000e1] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.Internal.Requests.RequestBase.UpdateAuthorityWithPreferredNetworkHostAsync () [0x00091] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.Internal.Requests.RequestBase.ResolveAuthorityEndpointsAsync () [0x00075] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync (System.Threading.CancellationToken cancellationToken) [0x00115] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync (System.Threading.CancellationToken cancellationToken) [0x001f2] in <d009108838894458a808924a2c4fd5af>:0 
  at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.ExecuteAsync (Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenCommonParameters commonParameters, Microsoft.Identity.Client.ApiConfig.Parameters.AcquireTokenInteractiveParameters interactiveParameters, System.Threading.CancellationToken cancellationToken) [0x000f2] in <d009108838894458a808924a2c4fd5af>:0 

@bgavrilMS I would rather get this resolved sooner than later, afaik Android broker requires the MS Authenticator app to be installed and I would expect this applies only to a small percentage of my users

[bgavrilMS]

@tipa - I assume that you are using Link All option?

[tipa]

Yes, I do

[bgavrilMS]

Ok, able to repro the issue and found a fix. Will be releasing 4.8.1 soon.

[tipa]

I am still getting this exception with 4.8.1

Java.Lang.RuntimeException: 'Unable to instantiate activity ComponentInfo{partl.workinghours/microsoft.identity.client.BrowserTabActivity}: java.lang.ClassNotFoundException: Didn't find class "microsoft.identity.client.BrowserTabActivity" on path: DexPathList[[zip file "/system/framework/org.apache.http.legacy.boot.jar", zip file "/data/app/partl.workinghours-5qQb62qT5mTVfE-4GTmQWA==/base.apk"],nativeLibraryDirectories=[/data/app/partl.workinghours-5qQb62qT5mTVfE-4GTmQWA==/lib/arm64, /data/app/partl.workinghours-5qQb62qT5mTVfE-4GTmQWA==/base.apk!/lib/arm64-v8a, /system/lib64]]'

[bgavrilMS]

@tipa - I don't really know what else to do to please the linker, this class was decorated with the [Preserve] attribute, meant to give a hint to the linker to not delete this.

microsoft-authentication-library-for-dotnet/src/client/Microsoft.Identity.Client/Platforms/Android/BrowserTabActivity.cs

Line 20 in faabb9c

[Preserve(AllMembers = true)]

I will follow up with Xamarin folks. May I recommend that you don't link MSAL - I don't think there's that much to gain anyway, but happy to be proven wrong.

[tipa]

My bad, somehow the project decided to downgrade MSAl to 4.7.1 again, sorry for the false alarm!

[bgavrilMS]

Ah ok, no worries, glad this works :)