Add new option into MSIDRequestParameters to skip cache on broker response

[kaisong1990]

Proposed changes

This pull request introduces a new property to control whether token responses from SSO Extension should be skipped when saving to the cache, and updates the relevant logic to respect this setting. The changes are focused on providing more granular control over token caching behavior, particularly for SSO Extension responses.

Token caching control improvements:

• Added a new property skipTokenCacheFromSsoExtensionResponse to MSIDRequestParameters to allow skipping cache of SSO Extension token responses.
• Updated MSIDTokenResponseValidator to check the new skipTokenCacheFromSsoExtensionResponse property before saving token responses to cache.
• Modified MSIDSSOTokenResponseHandler to reset skipTokenCacheFromSsoExtensionResponse to NO when handling additional token responses, ensuring they are still cached as required.

The feature is expected to be controlled by ECS flight when integrating into OA

Type of change

• Feature work
• Bug fix
• Documentation
• Engineering change
• Test
• Logging/Telemetry

Risk

• High – Errors could cause MAJOR regression of many scenarios. (Example: new large features or high level infrastructure changes)
• Medium – Errors could cause regression of 1 or more scenarios. (Example: somewhat complex bug fixes, small new features)
• Small – No issues are expected. (Example: Very small bug fixes, string changes, or configuration settings changes)

Additional information

AB#3403754

[azure-pipelines]

This pull request does not update changelog.txt.

Please consider if this change would be noticeable to a partner or user and either update changelog.txt or resolve this conversation.

[Copilot]

Pull request overview

This PR adds a new option skipTokenCacheFromBrokerResponse to MSIDRequestParameters that allows skipping the cache when processing broker responses. This enables callers to receive tokens from the broker without automatically caching them in the token cache.

Changes:

• Added skipTokenCacheFromBrokerResponse boolean property to MSIDRequestParameters
• Modified token validation flow to conditionally skip caching based on this flag
• Updated broker request/response handlers to pass the flag through the validation pipeline
• Updated all affected test cases to assert the new parameter in request dictionaries

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
MSIDRequestParameters.h	Added new property declaration for skipTokenCacheFromBrokerResponse
MSIDBrokerTokenRequest.m	Serializes the new property to the broker resume dictionary
MSIDBrokerResponseHandler.m	Reads skipCacheBrokerResponse from resume state and passes to validator
MSIDTokenResponseValidator.h/.m	Added skipCacheBrokerResponse parameter to validation methods and conditional cache logic
MSIDDefaultBrokerResponseHandler.m	Passes NO for skipCacheBrokerResponse when handling additional tokens
MSIDLegacyBrokerResponseHandler.m	Passes NO for skipCacheBrokerResponse for Intune MAM tokens
MSIDSSOTokenResponseHandler.m	Resets skipTokenCacheFromBrokerResponse to NO for additional token responses
MSIDLegacyBrokerRequestTests.m	Updated test assertions to include the new parameter with value YES
MSIDDefaultBrokerRequestTests.m	Updated test assertions to include the new parameter with value NO
MSIDBrokerTokenRequestTests.m	Updated test setup and assertions to include the new parameter with value YES

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.