Fix WebView stuck on server (5xx) error during login (AB#3408586), Fixes AB#3408586

[fadidurah]

Summary

Fixes AB#3408586 — User should not be stuck on the login if server is unavailable.

When the embedded WebView auth flow receives a server-side HTTP error (5xx) on the main frame, onReceivedHttpError previously only logged and tracked the error. It never dismissed the loading spinner or invoked an error callback, so onPageFinished (which hides the spinner via onPageLoaded) was never reached and the user was stuck on the login screen indefinitely.

This is asymmetric with network errors (onReceivedError), which already call sendErrorToCallback. HTTP 5xx now does the same.

Root cause

• WebViewAuthorizationFragment.launchWebView() shows the progress bar.
• On a 5xx, the page never finishes loading, so OAuth2WebViewClient.onPageFinished -> onPageLoaded() (hides spinner) is never called.
• Old onReceivedHttpError only called mUrlLoadTracker.updateLatestUrlStatus(...), leaving the spinner up forever.

Fix

• AzureActiveDirectoryWebViewClient.onReceivedHttpError: for main-frame requests with statusCode >= 500, log a warning and call sendErrorToCallback (stops loading + sends a ClientException through the completion callback).
• Restricted to main-frame 5xx only — 4xx flows (e.g. 401/403 handled via redirects) and sub-resource errors are unaffected.
• OAuth2WebViewClient.sendErrorToCallback: changed private -> protected so the subclass can invoke it.
• Gated behind a new default-on flight FailWebViewFlowOnServerHttpError (CommonFlight) so it can be disabled via ECS if it causes regressions.

Tests

Added 4 unit tests to AzureActiveDirectoryWebViewClientTest:

• main-frame 5xx -> callback invoked with ClientException
• main-frame 4xx -> no callback
• sub-resource 5xx -> no callback
• 5xx with flight disabled -> no callback

All tests pass (:common:testLocalDebugUnitTest, JDK 17).

[github-actions]

✅ Work item link check complete. Description contains link AB#3408586 to an Azure Boards work item.

[github-actions]

✅ Work item link check complete. Description contains link AB#3408586 to an Azure Boards work item.

[Copilot]

Pull request overview

This PR addresses a UX dead-end in the embedded WebView authorization flow by failing fast on main-frame HTTP 5xx responses (which can prevent onPageFinished from firing), ensuring callers receive an error callback instead of leaving users stuck behind an indefinite loading spinner.

Changes:

• Add a new default-on flight FAIL_WEBVIEW_FLOW_ON_SERVER_HTTP_ERROR to allow ECS rollback if needed.
• Update AzureActiveDirectoryWebViewClient.onReceivedHttpError to invoke sendErrorToCallback for main-frame statusCode >= 500 when the flight is enabled.
• Add unit tests covering main-frame vs subresource, 4xx vs 5xx, and flight on/off behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
common4j/src/main/com/microsoft/identity/common/java/flighting/CommonFlight.java	Adds a new default-on flight to gate failing WebView auth on server (5xx) HTTP errors.
common/src/main/java/com/microsoft/identity/common/internal/ui/webview/OAuth2WebViewClient.java	Makes sendErrorToCallback protected so the AAD WebView client can reuse the existing error-delivery path.
common/src/main/java/com/microsoft/identity/common/internal/ui/webview/AzureActiveDirectoryWebViewClient.java	Detects main-frame 5xx HTTP errors and (when flight-enabled) stops loading and returns a ClientException via the completion callback.
common/src/test/java/com/microsoft/identity/common/internal/ui/webview/AzureActiveDirectoryWebViewClientTest.java	Adds unit tests validating the new 5xx main-frame failure behavior and flight gating.
changelog.txt	Documents the behavioral change and flight gate in the vNext release notes.