updated ropg prefs and checking

Profile Manifest/com.twocanoes.xcreds.plist

@@ -555,7 +555,7 @@ Note that Google does not support the offline_access scope so instead use the pr
 			<key>pfm_documentation_url</key>
 			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 			<key>pfm_name</key>
-			<string>shouldUseROPGForOIDCLogin</string>
+			<string>shouldUseROPGForLoginWindowLogin</string>
 			<key>pfm_title</key>
 			<string>Use ROPG when logging in at login window</string>
 			<key>pfm_type</key>
@@ -569,23 +569,25 @@ Note that Google does not support the offline_access scope so instead use the pr
 			<key>pfm_documentation_url</key>
 			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 			<key>pfm_name</key>
-			<string>shouldVerifyPasswordWithRopg</string>
+			<string>shouldUseROPGForMenuLogin</string>
 			<key>pfm_title</key>
 			<string>Use ROPG when testing password</string>
 			<key>pfm_type</key>
 			<string>boolean</string>
 		</dict>
 		<dict>
+			<key>pfm_default</key>
+			<false/>
 			<key>pfm_description</key>
-			<string>ROPG Client ID for use when checking password.</string>
+			<string>When verifying local password matches cloud password in the background, use ROPG. If set to false, the refresh token will be used to verify password change.</string>
 			<key>pfm_documentation_url</key>
 			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
 			<key>pfm_name</key>
-			<string>ropgClientID</string>
+			<string>shouldUseROPGForPasswordChangeChecking</string>
 			<key>pfm_title</key>
-			<string>ROPG Client ID</string>
+			<string>Should Use ROPG For Password Change Checking</string>
 			<key>pfm_type</key>
-			<string>string</string>
+			<string>boolean</string>
 		</dict>
 		<dict>
 			<key>pfm_description</key>
@@ -611,18 +613,6 @@ Note that Google does not support the offline_access scope so instead use the pr
 			<key>pfm_type</key>
 			<string>string</string>
 		</dict>
-		<dict>
-			<key>pfm_description</key>
-			<string>ROPG Client Secret for use when checking password.</string>
-			<key>pfm_documentation_url</key>
-			<string>https://twocanoes.com/knowledge-base/xcreds-admin-guide/#preferences</string>
-			<key>pfm_name</key>
-			<string>ropgClientSecret</string>
-			<key>pfm_title</key>
-			<string>ROPG Client Secret</string>
-			<key>pfm_type</key>
-			<string>string</string>
-		</dict>
 		<dict>
 			<key>pfm_default</key>
 			<integer>0</integer>

XCreds/MainController.swift

@@ -56,7 +56,7 @@ class MainController: NSObject, UpdateCredentialsFeedbackProtocol {
         NSApp.activate(ignoringOtherApps: true)
 
         scheduleManager.setNextCheckTime()
-        if (DefaultsOverride.standardOverride.value(forKey: PrefKeys.shouldVerifyPasswordWithRopg.rawValue) != nil || DefaultsOverride.standardOverride.value(forKey: PrefKeys.aDDomain.rawValue) != nil) && DefaultsOverride.standardOverride.value(forKey: PrefKeys.shouldUpdatePasswordWithWebview.rawValue) == nil
+        if (DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseROPGForMenuLogin.rawValue) == true || DefaultsOverride.standardOverride.value(forKey: PrefKeys.aDDomain.rawValue) != nil )
         {
 
             if let window = windowController.window{

XCreds/PrefKeys.swift

@@ -10,11 +10,9 @@ import Foundation
 enum PrefKeys: String {
     case clientID, clientSecret, password="xcreds local password",discoveryURL, redirectURI, scopes, accessToken, idToken, refreshToken, tokenEndpoint, expirationDate, invalidToken, refreshRateHours,refreshRateMinutes, showDebug, verifyPassword, shouldShowQuitMenu, shouldShowPreferencesOnStart, shouldSetGoogleAccessTypeToOffline, passwordChangeURL, shouldShowAboutMenu, username, idpHostName, passwordElementID, shouldFindPasswordElement, shouldShowVersionInfo, shouldShowSupportStatus,shouldShowConfigureWifiButton,shouldShowMacLoginButton, loginWindowBackgroundImageURL, shouldShowCloudLoginByDefault, shouldPreferLocalLoginInsteadOfCloudLogin, idpHostNames,autoRefreshLoginTimer, loginWindowWidth, loginWindowHeight, shouldShowRefreshBanner, shouldSwitchToLoginWindowWhenLocked,accounts = "Accounts",
          windowSignIn = "WindowSignIn", settingsOverrideScriptPath, localAdminUserName, localAdminPassword, usernamePlaceholder, passwordPlaceholder, shouldShowLocalOnlyCheckbox, shouldShowTokenUpdateStatus, shouldDetectNetworkToDetermineLoginWindow, showLoginWindowDelaySeconds, shouldPromptForMigration, shouldAllowKeyComboForMacLoginWindow, aliasName,claimsToAddToLocalUserAccount, loadPageTitle, loadPageInfo,shouldPromptForADPasswordChange, hideIfPathExists, allowedUsersArray, allowUsersClaim
-    case ropgClientID
-    case ropgClientSecret
-    case shouldVerifyPasswordWithRopg
-    case shouldUpdatePasswordWithWebview
-    case shouldUseROPGForOIDCLogin
+    case shouldUseROPGForPasswordChangeChecking
+    case shouldUseROPGForMenuLogin
+    case shouldUseROPGForLoginWindowLogin
     case actionItemOnly = "ActionItemOnly"
     case aDDomain = "ADDomain"
     case aDSite = "ADSite"

XCreds/TokenManager.swift

@@ -51,27 +51,19 @@ class TokenManager: OIDCLiteDelegate,DSQueryable {
     func oidc() -> OIDCLite {
         var scopes: [String]?
         var additionalParameters:[String:String]? = nil
-        var clientSecret:String?
-        var clientID:String?
 
         if let oidcPrivate = oidcLocal {
             oidcPrivate.getEndpoints()
 
             return oidcPrivate
         }
-        let clientSecretRaw = DefaultsOverride.standardOverride.string(forKey: PrefKeys.ropgClientSecret.rawValue) != nil ? DefaultsOverride.standardOverride.string(forKey: PrefKeys.ropgClientSecret.rawValue) : DefaultsOverride.standardOverride.string(forKey: PrefKeys.clientSecret.rawValue)
-
-        if let clientSecretRaw = clientSecretRaw,
-           clientSecretRaw != "" {
-            clientSecret = clientSecretRaw
-        }
-
-        let clientIDRaw = DefaultsOverride.standardOverride.string(forKey: PrefKeys.ropgClientID.rawValue) != nil ? DefaultsOverride.standardOverride.string(forKey: PrefKeys.ropgClientID.rawValue) : DefaultsOverride.standardOverride.string(forKey: PrefKeys.clientID.rawValue)
+        let clientSecret = DefaultsOverride.standardOverride.string(forKey: PrefKeys.clientSecret.rawValue)
+
+
 
-        if let clientIDRaw = clientIDRaw,
-           clientIDRaw != "" {
-            clientID = clientIDRaw
-        }
+        let clientID = DefaultsOverride.standardOverride.string(forKey: PrefKeys.clientID.rawValue)
+
+
 
         if let scopesRaw = DefaultsOverride.standardOverride.string(forKey: PrefKeys.scopes.rawValue) {
             scopes = scopesRaw.components(separatedBy: " ")
@@ -170,7 +162,7 @@ class TokenManager: OIDCLiteDelegate,DSQueryable {
         //ropg
         if
             let keychainAccountAndPassword = keychainAccountAndPassword,
-            DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldVerifyPasswordWithRopg.rawValue) == true,
+            DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseROPGForPasswordChangeChecking.rawValue) == true,
 
                 let keychainPassword = keychainAccountAndPassword.1{
             TCSLogWithMark("Checking credentials in keychain using ROPG")

XCreds/defaults.plist

@@ -52,7 +52,11 @@
 	<true/>
 	<key>shouldDetectNetworkToDetermineLoginWindow</key>
 	<false/>
-	<key>shouldUseROPGForOIDCLogin</key>
+	<key>shouldUseROPGForPasswordChangeChecking</key>
+	<false/>
+	<key>shouldUseROPGForMenuLogin</key>
+	<false/>
+	<key>shouldUseROPGForLoginWindowLogin</key>
 	<false/>
 	<key>passwordPlaceholder</key>
 	<string>Password</string>

XCredsLoginPlugIn/LoginWindow/SignInWindowController.swift

@@ -171,7 +171,7 @@ protocol UpdateCredentialsFeedbackProtocol {
         else {
             //show based on if there is an AD domain or not
 
-            let isLocalOnly = self.domainName.isEmpty == true && UserDefaults.standard.bool(forKey: PrefKeys.shouldUseROPGForOIDCLogin.rawValue) == false
+            let isLocalOnly = self.domainName.isEmpty == true && UserDefaults.standard.bool(forKey: PrefKeys.shouldUseROPGForMenuLogin.rawValue) == true
             self.localOnlyCheckBox.isHidden = isLocalOnly
             self.localOnlyView.isHidden = isLocalOnly
 
@@ -284,7 +284,7 @@ protocol UpdateCredentialsFeedbackProtocol {
         updateLoginWindowInfo()
         TCSLogWithMark()
 
-        if (self.domainName.isEmpty==true && UserDefaults.standard.bool(forKey: PrefKeys.shouldUseROPGForOIDCLogin.rawValue) == false) || self.localOnlyCheckBox.state == .on{
+        if (self.domainName.isEmpty==true && UserDefaults.standard.bool(forKey: PrefKeys.shouldUseROPGForLoginWindowLogin.rawValue) == false) || self.localOnlyCheckBox.state == .on{
             TCSLogWithMark("do local auth only")
             if PasswordUtils.verifyUser(name: shortName, auth: passString)  {
                 setRequiredHintsAndContext()
@@ -296,7 +296,7 @@ protocol UpdateCredentialsFeedbackProtocol {
                 authFail()
             }
             return
-        } else if UserDefaults.standard.bool(forKey: PrefKeys.shouldUseROPGForOIDCLogin.rawValue) == true { TCSLogWithMark("Checking credentials using ROPG")
+        } else if UserDefaults.standard.bool(forKey: PrefKeys.shouldUseROPGForLoginWindowLogin.rawValue) == true { TCSLogWithMark("Checking credentials using ROPG")
             //                let currentUser = PasswordUtils.getCurrentConsoleUserRecord()
             //                guard let userName = currentUser?.recordName else {
             //                    TCSLogWithMark("no username")

XCredsLoginPlugIn/Mechanisms/XCredsLoginMechanism.swift

@@ -166,7 +166,7 @@ import Network
         let preferLocalLogin = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldPreferLocalLoginInsteadOfCloudLogin.rawValue)
         let shouldDetectNetwork = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldDetectNetworkToDetermineLoginWindow.rawValue)
 
-        let useROPG = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseROPGForOIDCLogin.rawValue)
+        let useROPG = DefaultsOverride.standardOverride.bool(forKey: PrefKeys.shouldUseROPGForLoginWindow.rawValue)
 
 
         TCSLogWithMark("checking if local login")

xCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist

@@ -84,22 +84,6 @@
             landmarkType = "7">
          </BreakpointContent>
       </BreakpointProxy>
-      <BreakpointProxy
-         BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
-         <BreakpointContent
-            uuid = "CBD9CBF1-D7E4-418F-898D-907B84342E7B"
-            shouldBeEnabled = "Yes"
-            ignoreCount = "0"
-            continueAfterRunningActions = "No"
-            filePath = "XCreds/TokenManager.swift"
-            startingColumnNumber = "9223372036854775807"
-            endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "67"
-            endingLineNumber = "67"
-            landmarkName = "oidc()"
-            landmarkType = "7">
-         </BreakpointContent>
-      </BreakpointProxy>
       <BreakpointProxy
          BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
          <BreakpointContent
@@ -110,8 +94,8 @@
             filePath = "XCreds/TokenManager.swift"
             startingColumnNumber = "9223372036854775807"
             endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "78"
-            endingLineNumber = "78"
+            startingLineNumber = "70"
+            endingLineNumber = "70"
             landmarkName = "oidc()"
             landmarkType = "7">
          </BreakpointContent>