Update Xpc silent controler error handling as fallback

[kaisong1990]

Proposed changes

In this PR, a new protocol is added to the base MSIDRequestControlling.h. This new protocol is used to decide whether the current fallback request controller should continue acquiring token based on the passed in error from the main controller.

1. Updated XPC silent controller when work as a SsoExt fallback controller, only below 4 error code will trigger a fallback:
   case ASAuthorizationErrorNotHandled:
   case ASAuthorizationErrorUnknown:
   case ASAuthorizationErrorFailed:
   case MSIDErrorSSOExtensionUnexpectedError:
2. Update the original error handling logic that either returns the main token request controller error or the valid token result from the fallback controller. This also aligns with OA

Type of change

• Feature work
• Bug fix
• Documentation
• Engineering change
• Test
• Logging/Telemetry

Risk

• High – Errors could cause MAJOR regression of many scenarios. (Example: new large features or high level infrastructure changes)
• Medium – Errors could cause regression of 1 or more scenarios. (Example: somewhat complex bug fixes, small new features)
• Small – No issues are expected. (Example: Very small bug fixes, string changes, or configuration settings changes)

Additional information

[azure-pipelines]

This pull request does not update changelog.txt.

Please consider if this change would be noticeable to a partner or user and either update changelog.txt or resolve this conversation.

[antrix1989]

why do we call fallback if we already have result?

[kaisong1990]

In this case, the result is nil, the valid part is error only. I can send nil specifically

[antrix1989]

1. can we add this flag directly to "acquireToken" method?
2. Nit: Can we rename it to "skipAcquire..." instead of "should..."?"should" sounds like a dynamic condition to me, while here we know for sure that we want to skip.

[ameyapat]

+1, methods with 'should' prefix usually indicate return type as BOOL but this does not seem to be the case here.

[ameyapat]

What if error is nil? This method will log incorrect info which might confuse in case of issue debugging

[ameyapat]

What is this supposed to do? Did you miss something?

[ameyapat]

Can the controller be reused for multiple requests? If it is, controller's shouldSkipAcquireToken might get set to NO in 1st request and remain NO for second request

[ameyapat]

The comment says shouldSkipXpcRequest but property is named shouldSkipAcquireToken. Can you rename property to shouldSkipCallingXpc? shouldSkipAcquireToken is confusing

[ameyapat]

Since this boolean would be initialized to NO by default, I would suggest naming property to 'shouldUseXpcToAcquireToken' instead of 'shouldSkip..'

[ameyapat]

Is this comment inaccurate? If we know fallbackController cannot be nil here, why do a nil check and log in the code? Please remove the comment as it isn't accurate according to the code following it

[Copilot]

Pull Request Overview

This PR updates the error handling flow for the XPC silent controller to enable a fallback mechanism when the primary token acquisition fails with certain error codes. Key changes include:

• Adding a new protocol method for error-based fallback control.
• Modifying the XPC silent token request controller to conditionally delegate to a fallback controller.
• Updating integration tests to reflect the adjusted error handling logic.

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
IdentityCore/tests/integration/MSIDSilentControllerIntegrationTests.m	Updated expected error comparisons and added new tests for XPC and SSO fallback scenarios.
IdentityCore/src/controllers/broker/mac/MSIDXpcSilentTokenRequestController.m	Modified logging and control flow in acquireToken, and introduced logic to determine when to skip the XPC request.
IdentityCore/src/controllers/broker/ios/MSIDBrokerInteractiveController.m	Added an unused implementation for shouldSkipAcquireTokenBasedOn:.
IdentityCore/src/controllers/MSIDSilentController.m	Updated fallback logic to determine which error or result to return, and added a call to the fallback controller’s skip check.
IdentityCore/src/controllers/MSIDRequestControlling.h	Added the new protocol method shouldSkipAcquireTokenBasedOn:.
IdentityCore/src/controllers/MSIDLocalInteractiveController.m	Implemented an empty shouldSkipAcquireTokenBasedOn: as it is not used in this controller.

[Copilot]

The empty if-block checking the error domain may be unclear to future maintainers. Consider adding a comment or explicitly setting 'shouldSkipAcquireToken' to clarify the intended behavior when the error domain is not ASAuthorizationErrorDomain or MSIDErrorDomain.

Suggested change

	if (![error.domain isEqualToString:ASAuthorizationErrorDomain] && ![error.domain isEqualToString:MSIDErrorDomain]) {
	if (![error.domain isEqualToString:ASAuthorizationErrorDomain] && ![error.domain isEqualToString:MSIDErrorDomain]) {
	// No action is required for error domains other than ASAuthorizationErrorDomain or MSIDErrorDomain.
	// This block is intentionally left empty.

[Copilot]

[nitpick] The compound condition determining when to use the fallback result versus the main controller's error could benefit from additional inline documentation. A brief explanation of why the condition prioritizes a valid fallback result or the absence of both result and error would improve maintainability.