pedro romero vargas
pedro romero vargas
# Before When QR + PIN auth is enabled, and the user selects an invalid QR code, we get this:  # After 
https://portal.microsofticm.com/imp/v5/incidents/details/543093195/summary https://github.com/AzureAD/microsoft-authentication-library-for-android/issues/2164 Couple of customers have reported vulnerabilities on the nimbus lib using MobSF. The vulnerabilities are: WE: CWE-649: Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking...
## Context Currently, for QR + PIN authentication, users are prompted for camera permission every time the camera is used, even if OS-level permissions are granted. This is a CELA...
[AB#3121976](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3121976)
# Adding telemetry for Switch browser protocol. ## How to read the data? - ATIInteractively.is_switch_browser_protocol indicates that the client is sending a switch browser protocol. - SwitchBrowserProtocol.is_switch_browser_request_handled indicates that the...
[AB#3167637](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3167637)
This PR adds full OpenTelemetry tracing for passkey flows that use JS bridge and makes trace context consistent across the auth process. What’s new: PasskeyReplyChannel: Creates spans and sets attributes...
[AB#3385532](https://identitydivision.visualstudio.com/fac9d424-53d2-45c0-91b5-ef6ba7a6bf26/_workitems/edit/3385532) https://identitydivision.visualstudio.com/DevEx/_git/AuthLibrariesApiReview/pullrequest/20357 This PR implements passkey registration support for MSAL/Broker/OneAuth on Android WebView through a WebMessageListener bridge. It extends the existing authentication-only passkey functionality to include full registration capabilities, leveraging...