AzureAD · Ugonnaak1 · Dec 2, 2025 · Aug 6, 2025 · Aug 12, 2025 · Aug 25, 2025
diff --git a/change/@azure-msal-common-fa718400-1f30-4ec0-a922-9ab96a7fe335.json b/change/@azure-msal-common-fa718400-1f30-4ec0-a922-9ab96a7fe335.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "error surfacing changes",
+  "packageName": "@azure/msal-common",
+  "email": "akaliugonna@microsoft.com",
+  "dependentChangeType": "patch"
+}
diff --git a/change/@azure-msal-node-118ac835-7803-4e30-81cd-91c4afe6bf9d.json b/change/@azure-msal-node-118ac835-7803-4e30-81cd-91c4afe6bf9d.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "enable passing of redirect uri",
+  "packageName": "@azure/msal-node",
+  "email": "akaliugonna@microsoft.com",
+  "dependentChangeType": "patch"
+}
diff --git a/change/@azure-msal-node-extensions-05784d6a-75fa-4bbf-adf4-543636d3ae42.json b/change/@azure-msal-node-extensions-05784d6a-75fa-4bbf-adf4-543636d3ae42.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "error surfacing changes",
+  "packageName": "@azure/msal-node-extensions",
+  "email": "akaliugonna@microsoft.com",
+  "dependentChangeType": "patch"
+}
diff --git a/change/@azure-msal-node-extensions-9b2b5205-8f2c-49f3-bf7e-b00665abef87.json b/change/@azure-msal-node-extensions-9b2b5205-8f2c-49f3-bf7e-b00665abef87.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Surface Errors from MsalRuntime with Interaction Required #7961",
+  "packageName": "@azure/msal-node-extensions",
+  "email": "akaliugonna@microsoft.com",
+  "dependentChangeType": "patch"
+}
diff --git a/change/@azure-msal-node-extensions-9ca3981d-f124-46a7-802a-10be0f64a7e7.json b/change/@azure-msal-node-extensions-9ca3981d-f124-46a7-802a-10be0f64a7e7.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Bump msal-node-runtime to v0.19.0",
+  "packageName": "@azure/msal-node-extensions",
+  "email": "akaliugonna@microsoft.com",
+  "dependentChangeType": "patch"
+}
diff --git a/change/@azure-msal-node-extensions-bce3798f-5840-4955-a647-70f9009359fc.json b/change/@azure-msal-node-extensions-bce3798f-5840-4955-a647-70f9009359fc.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "enable passing of redirect uri",
+  "packageName": "@azure/msal-node-extensions",
+  "email": "akaliugonna@microsoft.com",
+  "dependentChangeType": "patch"
+}
diff --git a/change/@azure-msal-node-extensions-e30dc56d-30d4-45c2-b7a2-bb8d03bff668.json b/change/@azure-msal-node-extensions-e30dc56d-30d4-45c2-b7a2-bb8d03bff668.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Bump msal-node-runtime to v0.20.0",
+  "packageName": "@azure/msal-node-extensions",
+  "email": "akaliugonna@microsoft.com",
+  "dependentChangeType": "patch"
+}
diff --git a/change/@azure-msal-node-f21ce81f-a941-4847-a7e4-e9ea5b515c40.json b/change/@azure-msal-node-f21ce81f-a941-4847-a7e4-e9ea5b515c40.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "broker redirect uri changes",
+  "packageName": "@azure/msal-node",
+  "email": "akaliugonna@microsoft.com",
+  "dependentChangeType": "patch"
+}
@@ -172,6 +172,9 @@ This error occurs when MSAL.js surpasses the allotted storage limit when attempt
 
 -   The nested app auth bridge is disabled.
 
+### `platform_broker_error`
+-   An error occurred in the native broker. See the platformBrokerError property for details.
+
 ## Client configuration errors
 
 ### `redirect_uri_empty`

@@ -65,7 +65,7 @@
     },
     "dependencies": {
         "@azure/msal-common": "16.0.0-alpha.0",
-        "@azure/msal-node-runtime": "^0.18.1",
+        "@azure/msal-node-runtime": "^0.20.0",
         "keytar": "^7.8.0"
     },
     "devDependencies": {

@@ -17,6 +17,7 @@ import {
     InteractionRequiredAuthError,
     Logger,
     LoggerOptions,
+    PlatformBrokerError,
     NativeRequest,
     NativeSignOutRequest,
     ServerError,
@@ -36,7 +37,6 @@ import {
     LogLevel as MsalRuntimeLogLevel,
 } from "@azure/msal-node-runtime";
 import { ErrorCodes } from "../utils/Constants.js";
-import { NativeAuthError } from "../error/NativeAuthError.js";
 import { version, name } from "../packageMetadata.js";
 
 export class NativeBrokerPlugin implements INativeBrokerPlugin {
@@ -192,10 +192,16 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
             request.correlationId
         );
         const platformRequest = request;
+        if (!platformRequest.redirectUri) {
+            platformRequest.redirectUri =
+                this.chooseRedirectUriByPlatform(platformRequest);
+            this.logger.info(
+                "NativeBrokerPlugin - No Redirect URI provided, using default",
+                platformRequest.correlationId
+            );
+        }
         const authParams = this.generateRequestParameters(platformRequest);
         const account = await this.getAccount(platformRequest);
-        platformRequest.redirectUri =
-            this.chooseRedirectUriByPlatform(platformRequest);
 
         return new Promise(
             (resolve: (value: AuthenticationResult) => void, reject) => {
@@ -250,9 +256,15 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
             request.correlationId
         );
         const platformRequest = request;
+        if (!platformRequest.redirectUri) {
+            platformRequest.redirectUri =
+                this.chooseRedirectUriByPlatform(platformRequest);
+            this.logger.info(
+                "NativeBrokerPlugin - No Redirect URI provided, using default",
+                platformRequest.correlationId
+            );
+        }
         const authParams = this.generateRequestParameters(platformRequest);
-        platformRequest.redirectUri =
-            this.chooseRedirectUriByPlatform(platformRequest);
         const account = await this.getAccount(platformRequest);
         const windowHandle = providedWindowHandle || Buffer.from([0]);
 
@@ -462,9 +474,7 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
                 request.authority
             );
 
-            authParams.SetRedirectUri(
-                this.chooseRedirectUriByPlatform(request)
-            );
+            authParams.SetRedirectUri(request.redirectUri);
             authParams.SetRequestedScopes(request.scopes.join(" "));
 
             if (request.claims) {
@@ -639,54 +649,70 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
         );
     }
 
-    private wrapError(error: unknown): NativeAuthError | Object | null {
+    private wrapError(error: unknown): PlatformBrokerError | Object | null {
         if (
             error &&
             typeof error === "object" &&
             this.isMsalRuntimeError(error)
         ) {
             const { errorCode, errorStatus, errorContext, errorTag } =
                 error as MsalRuntimeError;
+
+            const msalNodeRuntimeError = new PlatformBrokerError(
+                ErrorStatus[errorStatus],
+                errorContext,
+                errorCode,
+                errorTag
+            );
+
+            let wrappedError;
+
             switch (errorStatus) {
                 case ErrorStatus.InteractionRequired:
                 case ErrorStatus.AccountUnusable:
-                    return new InteractionRequiredAuthError(
+                    wrappedError = new InteractionRequiredAuthError(
                         ErrorCodes.INTERATION_REQUIRED_ERROR_CODE,
-                        errorContext
+                        msalNodeRuntimeError.message
                     );
+                    break;
                 case ErrorStatus.NoNetwork:
                 case ErrorStatus.NetworkTemporarilyUnavailable:
-                    return createClientAuthError(
+                    wrappedError = createClientAuthError(
                         ClientAuthErrorCodes.noNetworkConnectivity
                     );
+                    break;
                 case ErrorStatus.ServerTemporarilyUnavailable:
-                    return new ServerError(
+                    wrappedError = new ServerError(
                         ErrorCodes.SERVER_UNAVAILABLE,
                         errorContext
                     );
+                    break;
                 case ErrorStatus.UserCanceled:
-                    return createClientAuthError(
+                    wrappedError = createClientAuthError(
                         ClientAuthErrorCodes.userCanceled
                     );
+                    break;
                 case ErrorStatus.AuthorityUntrusted:
-                    return createClientConfigurationError(
+                    wrappedError = createClientConfigurationError(
                         ClientConfigurationErrorCodes.untrustedAuthority
                     );
+                    break;
                 case ErrorStatus.UserSwitched:
                     // Not an error case, if there's customer demand we can surface this as a response property
                     return null;
                 case ErrorStatus.AccountNotFound:
-                    return createClientAuthError(
+                    wrappedError = createClientAuthError(
                         ClientAuthErrorCodes.noAccountFound
                     );
+                    break;
                 default:
-                    return new NativeAuthError(
-                        ErrorStatus[errorStatus],
-                        errorContext,
-                        errorCode,
-                        errorTag
+                    wrappedError = createClientAuthError(
+                        ClientAuthErrorCodes.platformBrokerError
                     );
             }
+
+            wrappedError.platformBrokerError = msalNodeRuntimeError;
+            return wrappedError;
         }
         throw error;
     }