From 4592e9ff0b3ba55fe3a5e722cc4591f884be0462 Mon Sep 17 00:00:00 2001
From: Robbie-Microsoft <87724641+Robbie-Microsoft@users.noreply.github.com>
Date: Thu, 8 Aug 2024 12:41:10 -0400
Subject: [PATCH] clientSecret can now (once again) be provided as undefined
 (#7209)

Fixed a regression accidentally introduced in [Implemented SHA2
Certificate
Functionality](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/7192).
`clientSecret` can now (once again) be provided as `undefined`.

added unit test
---
 ...-6f0eb47c-4e46-44a6-b012-c766e7392170.json |  7 +++++++
 .../client/ConfidentialClientApplication.ts   |  6 +++---
 .../ConfidentialClientApplication.spec.ts     | 19 +++++++++++++++++++
 3 files changed, 29 insertions(+), 3 deletions(-)
 create mode 100644 change/@azure-msal-node-6f0eb47c-4e46-44a6-b012-c766e7392170.json

diff --git a/change/@azure-msal-node-6f0eb47c-4e46-44a6-b012-c766e7392170.json b/change/@azure-msal-node-6f0eb47c-4e46-44a6-b012-c766e7392170.json
new file mode 100644
index 0000000000..b36fb159ed
--- /dev/null
+++ b/change/@azure-msal-node-6f0eb47c-4e46-44a6-b012-c766e7392170.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "clientSecret can now (once again) be provided as undefined #7209",
+  "packageName": "@azure/msal-node",
+  "email": "rginsburg@microsoft.com",
+  "dependentChangeType": "patch"
+}
diff --git a/lib/msal-node/src/client/ConfidentialClientApplication.ts b/lib/msal-node/src/client/ConfidentialClientApplication.ts
index d2f083b92b..7a02767158 100644
--- a/lib/msal-node/src/client/ConfidentialClientApplication.ts
+++ b/lib/msal-node/src/client/ConfidentialClientApplication.ts
@@ -221,9 +221,9 @@ export class ConfidentialClientApplication
         const clientSecretNotEmpty = !!this.config.auth.clientSecret;
         const clientAssertionNotEmpty = !!this.config.auth.clientAssertion;
         const certificateNotEmpty =
-            (!!this.config.auth.clientCertificate.thumbprint ||
-                !!this.config.auth.clientCertificate.thumbprintSha256) &&
-            !!this.config.auth.clientCertificate.privateKey;
+            (!!this.config.auth.clientCertificate?.thumbprint ||
+                !!this.config.auth.clientCertificate?.thumbprintSha256) &&
+            !!this.config.auth.clientCertificate?.privateKey;
 
         /*
          * If app developer configures this callback, they don't need a credential
diff --git a/lib/msal-node/test/client/ConfidentialClientApplication.spec.ts b/lib/msal-node/test/client/ConfidentialClientApplication.spec.ts
index 614ad6d1df..e476a42302 100644
--- a/lib/msal-node/test/client/ConfidentialClientApplication.spec.ts
+++ b/lib/msal-node/test/client/ConfidentialClientApplication.spec.ts
@@ -75,6 +75,25 @@ describe("ConfidentialClientApplication", () => {
         expect(client).toBeInstanceOf(ConfidentialClientApplication);
     });
 
+    test("optional NodeAuthOptions values that are passed in as undefined will not break the application", () => {
+        let client: ConfidentialClientApplication;
+
+        // clientCertificate is already set, by default
+        config.auth.clientSecret = undefined;
+        client = new ConfidentialClientApplication(config);
+        expect(client).toBeInstanceOf(ConfidentialClientApplication);
+
+        config.auth.clientSecret = "secret";
+        config.auth.clientCertificate = undefined;
+        client = new ConfidentialClientApplication(config);
+        expect(client).toBeInstanceOf(ConfidentialClientApplication);
+
+        // clientSecret defined above
+        config.auth.clientAssertion = undefined;
+        client = new ConfidentialClientApplication(config);
+        expect(client).toBeInstanceOf(ConfidentialClientApplication);
+    });
+
     describe("auth code flow", () => {
         test("acquireTokenByAuthorizationCode", async () => {
             const acquireTokenByCodeSpy: jest.SpyInstance = jest.spyOn(