clientSecret can now (once again) be provided as undefined (#7209)

Fixed a regression accidentally introduced in [Implemented SHA2 Certificate Functionality](#7192). `clientSecret` can now (once again) be provided as `undefined`. added unit test
AzureAD · Aug 8, 2024 · 4592e9f · 4592e9f
1 parent 9b44cb4
commit 4592e9f
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 3 deletions.
diff --git a/change/@azure-msal-node-6f0eb47c-4e46-44a6-b012-c766e7392170.json b/change/@azure-msal-node-6f0eb47c-4e46-44a6-b012-c766e7392170.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "clientSecret can now (once again) be provided as undefined #7209",
+  "packageName": "@azure/msal-node",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}
diff --git a/lib/msal-node/src/client/ConfidentialClientApplication.ts b/lib/msal-node/src/client/ConfidentialClientApplication.ts
@@ -221,9 +221,9 @@ export class ConfidentialClientApplication
         const clientSecretNotEmpty = !!this.config.auth.clientSecret;
         const clientAssertionNotEmpty = !!this.config.auth.clientAssertion;
         const certificateNotEmpty =
-            (!!this.config.auth.clientCertificate.thumbprint ||
-                !!this.config.auth.clientCertificate.thumbprintSha256) &&
-            !!this.config.auth.clientCertificate.privateKey;
+            (!!this.config.auth.clientCertificate?.thumbprint ||
+                !!this.config.auth.clientCertificate?.thumbprintSha256) &&
+            !!this.config.auth.clientCertificate?.privateKey;
 
         /*
          * If app developer configures this callback, they don't need a credential

diff --git a/lib/msal-node/test/client/ConfidentialClientApplication.spec.ts b/lib/msal-node/test/client/ConfidentialClientApplication.spec.ts
@@ -75,6 +75,25 @@ describe("ConfidentialClientApplication", () => {
         expect(client).toBeInstanceOf(ConfidentialClientApplication);
     });
 
+    test("optional NodeAuthOptions values that are passed in as undefined will not break the application", () => {
+        let client: ConfidentialClientApplication;
+
+        // clientCertificate is already set, by default
+        config.auth.clientSecret = undefined;
+        client = new ConfidentialClientApplication(config);
+        expect(client).toBeInstanceOf(ConfidentialClientApplication);
+
+        config.auth.clientSecret = "secret";
+        config.auth.clientCertificate = undefined;
+        client = new ConfidentialClientApplication(config);
+        expect(client).toBeInstanceOf(ConfidentialClientApplication);
+
+        // clientSecret defined above
+        config.auth.clientAssertion = undefined;
+        client = new ConfidentialClientApplication(config);
+        expect(client).toBeInstanceOf(ConfidentialClientApplication);
+    });
+
     describe("auth code flow", () => {
         test("acquireTokenByAuthorizationCode", async () => {
             const acquireTokenByCodeSpy: jest.SpyInstance = jest.spyOn(