Skip to content

[v5] Port Changes from dev to msal-v5 #8153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Dec 2, 2025
Merged

[v5] Port Changes from dev to msal-v5 #8153

merged 16 commits into from
Dec 2, 2025
+487 −103

Conversation

@Ugonnaak1
Copy link
Contributor

@Ugonnaak1 Ugonnaak1 commented Nov 19, 2025

No description provided.

Ugonnaak1 and others added 6 commits November 18, 2025 16:47
@Ugonnaak1
Surface Errors from MsalRuntime with Interaction Required (#7961)
87f9cbf 
When customers use `acquireTokenSilent` with msal-node-runtime, errors
reported to OneAuth-MSAL (such as interaction_required) are surfaced as:

```
  "errormessage": "interaction_required: (pii)",
  "errorname": "InteractionRequiredAuthError",
  "errorstack": "InteractionRequiredAuthError: interaction_required: (pii)\n    at ue.wrapError (c:\\Program <REDACTED: user-file-path> VS <REDACTED: user-file-path>:2:386244)\n    at Object.o (c:\\Program <REDACTED: user-file-path> VS <REDACTED: user-file-path>:2:381487)"
```
 
However, these errors lack critical context such as the error code and
error tag from the broker or our library which makes it difficult for
our team to diagnose and resolve their issues.


This PR helps surface errors for interaction-required scenarios by 
replacing `InteractionRequiredAuthError` with `NativeAuthError` for
InteractionRequired Status in NativeBrokerPlugin and enhancing the
NativeAuthError context

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@Ugonnaak1
update msal-node-runtime version (#7979)
943a8c8
@Ugonnaak1
Enable passing of redirect uri for Nativebroker (#8005)
4f2da6d 
Current PCA requests don't allow the customer to pass in their own
redirecturi. This is an issue for signed MacOS apps because the customer
is forced to use the unsigned redirect URI which will hit a redirecturi
validation error in the Apple Broker
```
  errorMessage: 'Description: Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=MSAL redirectUri validation error: redirect uri has incorrect scheme - it must be in the form of msauth.<app_bundle_id>://auth\n' +
    'ADAL redirectUri validation error: Source application does not match redirect uri host. Invalid source app., MSALInternalErrorCodeKey=-42000, MSALBrokerVersionKey=5.2508.0}, Domain: MSALErrorDomain.Error was thrown in sourceArea: Broker (Error Code: -42000, Tag: 508638916)',

```
Solution:
Make providing a redirecturi optional. If the customer doesn't provide
one, we fallback to the default for each platform in broker scenarios
For non-broker scenarios, if redirecturi is provided, we warn them it
won't be used and use the default

Also added a function to convert error tags to their string version to
make error lookup quicker.
@Ugonnaak1
Reset Redirecturi during broker fallback (#8049)
88b3734 
If a user attempts a broker flow but the broker isn’t available on their
machine, the flow falls back to the browser. However, since a redirect
URI was provided for the broker flow, an error is thrown.

This PR adds a check to determine whether the broker is enabled in the
config and resets the redirect URI to an empty string instead of
throwing an error.
@Ugonnaak1
update msal-node-runtime version to 0.20.0 (#8113)
8e6fa7a
@Ugonnaak1
Handle MsalRuntime Error Surfacing (#8120)
e9126bc 
Aimed to solve the problem discussed
[here:](https://identitydivision.visualstudio.com/DevEx/_git/AuthLibrariesApiReview/pullrequest/20409?path=/MSALJS/%5Bmsal-node%5D%20MsalRuntime/Surface_MsalRuntime_Errors.md)
Solution 5 implementation
@Ugonnaak1 Ugonnaak1 requested a review from a team as a code owner November 19, 2025 03:27
Copilot AI review requested due to automatic review settings November 19, 2025 03:27
@Ugonnaak1 Ugonnaak1 requested a review from a team as a code owner November 19, 2025 03:27
Copilot finished reviewing on behalf of Ugonnaak1 November 19, 2025 03:31
Copilot AI reviewed Nov 19, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR ports several changes from the dev branch to the msal-v5 branch, focusing on improved broker error handling and redirect URI management for broker flows.

Key changes:

  • Introduces PlatformBrokerError class to preserve detailed broker error information from MSAL Runtime
  • Enables passing redirectUri in InteractiveRequest with validation logic for broker vs. non-broker scenarios
  • Updates msal-node-runtime dependency from v0.18.x to v0.20.0

Reviewed Changes

Copilot reviewed 23 out of 24 changed files in this pull request and generated 16 comments.

Show a summary per file
File Description
package-lock.json Updates @azure/msal-node-runtime dependency to v0.20.0
lib/msal-node/test/client/PublicClientApplication.spec.ts Adds test coverage for redirectUri validation and broker fallback scenarios
lib/msal-node/src/request/InteractiveRequest.ts Removes redirectUri from omitted properties, allowing it to be passed in requests
lib/msal-node/src/error/NodeAuthError.ts Adds new error type for unsupported redirectUri scenarios
lib/msal-node/src/client/PublicClientApplication.ts Implements redirectUri validation logic for interactive and silent token acquisition
lib/msal-common/src/exports-common.ts Exports new PlatformBrokerError class
lib/msal-common/src/error/PlatformBrokerError.ts Implements new error class to preserve broker error details
lib/msal-common/src/error/ClientAuthErrorCodes.ts Adds platformBrokerError error code constant
lib/msal-common/src/error/AuthError.ts Adds platformBrokerError property to preserve broker error details
lib/msal-node/apiReview/msal-node.api.md Updates API surface to reflect InteractiveRequest type change
lib/msal-common/apiReview/msal-common.api.md Documents new PlatformBrokerError class and platformBrokerError property
extensions/msal-node-extensions/test/broker/NativeBrokerPlugin.spec.ts Updates tests to verify PlatformBrokerError wrapping and improves mock setup
extensions/msal-node-extensions/src/error/NativeAuthError.ts Removes NativeAuthError class (replaced by PlatformBrokerError)
extensions/msal-node-extensions/src/broker/NativeBrokerPlugin.ts Refactors error wrapping to use PlatformBrokerError and updates redirect URI handling
extensions/msal-node-extensions/package.json Updates @azure/msal-node-runtime dependency to v0.20.0
docs/errors.md Documents new platform_broker_error code
change/*.json Multiple beachball changefiles for affected packages
Comments suppressed due to low confidence (1)

lib/msal-common/src/error/PlatformBrokerError.ts:20

  • The initial value of tagBuffer is unused, since it is always overwritten.
    let tagBuffer = "*****";

peterzenz
peterzenz previously approved these changes Nov 19, 2025
View reviewed changes
Copy link
Contributor

@peterzenz peterzenz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some of the AI comments here are pretty good. I'm assuming though this is a straight port from v4 to v5 so you don't want to change much, but you can pick up additional changes for v5 if they make sense.

@Ugonnaak1 Ugonnaak1 force-pushed the akaliugonna/port-change-to-msalv5 branch from d6df529 to df22efa Compare November 19, 2025 19:27
hectormmg
hectormmg approved these changes Dec 2, 2025
View reviewed changes
Copy link
Member

@hectormmg hectormmg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one nit regarding the change file below.

change/@azure-msal-node-extensions-9ca3981d-f124-46a7-802a-10be0f64a7e7.json
@@ -0,0 +1,7 @@
{
"type": "patch",
"comment": "Bump msal-node-runtime to v0.19.0",
Copy link
Member

@hectormmg hectormmg Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file can be removed since there's another bumping to v0.20.0.

@Ugonnaak1 Ugonnaak1 merged commit 73d88fd into msal-v5 Dec 2, 2025
7 checks passed
@Ugonnaak1 Ugonnaak1 deleted the akaliugonna/port-change-to-msalv5 branch December 2, 2025 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@hectormmg hectormmg hectormmg approved these changes

@shylasummers shylasummers shylasummers approved these changes

@peterzenz peterzenz Awaiting requested review from peterzenz

@jo-arroyo jo-arroyo Awaiting requested review from jo-arroyo

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@Ugonnaak1 @hectormmg @shylasummers @peterzenz @jo-arroyo