Merge branch 'dev' into claims_bugfix

AzureAD · Apr 30, 2024 · 99ce409 · 99ce409
2 parents 6722bcd + 1c72e3f
commit 99ce409
Show file tree

Hide file tree

Showing 8 changed files with 35 additions and 39 deletions.
diff --git a/change/@azure-msal-browser-ab395da1-96b3-4e3e-aba4-97816697bd09.json b/change/@azure-msal-browser-ab395da1-96b3-4e3e-aba4-97816697bd09.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Add additional logging for Nested App Auth initialization errors (#7064)",
+  "packageName": "@azure/msal-browser",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}
diff --git a/change/@azure-msal-node-4db7cb53-4748-451c-8675-2bb9a4fe0bb1.json b/change/@azure-msal-node-4db7cb53-4748-451c-8675-2bb9a4fe0bb1.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Removed Managed Identity Resource URI Validation",
+  "packageName": "@azure/msal-node",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}
diff --git a/lib/msal-browser/src/controllers/ControllerFactory.ts b/lib/msal-browser/src/controllers/ControllerFactory.ts
@@ -29,10 +29,7 @@ export async function createController(
 
     await Promise.all(operatingContexts);
 
-    if (
-        teamsApp.isAvailable() &&
-        teamsApp.getConfig().auth.supportsNestedAppAuth
-    ) {
+    if (teamsApp.isAvailable()) {
         const controller = await import("./NestedAppAuthController");
         return controller.NestedAppAuthController.createController(teamsApp);
     } else if (standard.isAvailable()) {

diff --git a/lib/msal-browser/src/operatingcontext/TeamsAppOperatingContext.ts b/lib/msal-browser/src/operatingcontext/TeamsAppOperatingContext.ts
@@ -61,6 +61,11 @@ export class TeamsAppOperatingContext extends BaseOperatingContext {
          * TODO: Add implementation to check for presence of inject Nested App Auth Bridge JavaScript interface
          *
          */
+
+        if (!this.getConfig().auth.supportsNestedAppAuth) {
+            return false;
+        }
+
         try {
             if (typeof window !== "undefined") {
                 const bridgeProxy: IBridgeProxy = await BridgeProxy.create();
@@ -74,18 +79,19 @@ export class TeamsAppOperatingContext extends BaseOperatingContext {
                         this.activeAccount =
                             await bridgeProxy.getActiveAccount();
                     }
-                } catch (e) {
-                    this.activeAccount = undefined;
+                } catch {
+                    // Ignore errors
                 }
                 this.bridgeProxy = bridgeProxy;
                 this.available = bridgeProxy !== undefined;
-            } else {
-                this.available = false;
             }
-        } catch (e) {
-            this.available = false;
-        } finally {
-            return this.available;
+        } catch (ex) {
+            this.logger.infoPii(
+                `Could not initialize Nested App Auth bridge (${ex})`
+            );
         }
+
+        this.logger.info(`Nested App Auth Bridge available: ${this.available}`);
+        return this.available;
     }
 }
diff --git a/lib/msal-node/src/client/ManagedIdentityApplication.ts b/lib/msal-node/src/client/ManagedIdentityApplication.ts
@@ -16,7 +16,8 @@ import {
     ProtocolMode,
     StaticAuthorityOptions,
     AuthenticationResult,
-    UrlString,
+    createClientConfigurationError,
+    ClientConfigurationErrorCodes,
 } from "@azure/msal-common";
 import {
     ManagedIdentityConfiguration,
@@ -31,10 +32,6 @@ import { ManagedIdentityClient } from "./ManagedIdentityClient";
 import { ManagedIdentityRequestParams } from "../request/ManagedIdentityRequestParams";
 import { NodeStorage } from "../cache/NodeStorage";
 import { DEFAULT_AUTHORITY_FOR_MANAGED_IDENTITY } from "../utils/Constants";
-import {
-    ManagedIdentityErrorCodes,
-    createManagedIdentityError,
-} from "../error/ManagedIdentityError";
 
 /**
  * Class to initialize a managed identity and identify the service
@@ -122,14 +119,9 @@ export class ManagedIdentityApplication {
     public async acquireToken(
         managedIdentityRequestParams: ManagedIdentityRequestParams
     ): Promise<AuthenticationResult> {
-        const resourceUrlString = new UrlString(
-            managedIdentityRequestParams.resource.replace("/.default", "")
-        );
-        try {
-            resourceUrlString.validateAsUri();
-        } catch (e) {
-            throw createManagedIdentityError(
-                ManagedIdentityErrorCodes.invalidResource
+        if (!managedIdentityRequestParams.resource) {
+            throw createClientConfigurationError(
+                ClientConfigurationErrorCodes.urlEmptyError
             );
         }
 

diff --git a/lib/msal-node/src/error/ManagedIdentityError.ts b/lib/msal-node/src/error/ManagedIdentityError.ts
@@ -14,8 +14,6 @@ export { ManagedIdentityErrorCodes };
 export const ManagedIdentityErrorMessages = {
     [ManagedIdentityErrorCodes.invalidManagedIdentityIdType]:
         "More than one ManagedIdentityIdType was provided.",
-    [ManagedIdentityErrorCodes.invalidResource]:
-        "The supplied resource is an invalid URL.",
     [ManagedIdentityErrorCodes.missingId]:
         "A ManagedIdentityId id was not provided.",
     [ManagedIdentityErrorCodes.MsiEnvironmentVariableUrlMalformedErrorCodes

diff --git a/lib/msal-node/src/error/ManagedIdentityErrorCodes.ts b/lib/msal-node/src/error/ManagedIdentityErrorCodes.ts
@@ -6,7 +6,6 @@
 import { ManagedIdentityEnvironmentVariableNames } from "../utils/Constants";
 
 export const invalidManagedIdentityIdType = "invalid_managed_identity_id_type";
-export const invalidResource = "invalid_resource";
 export const missingId = "missing_client_id";
 export const networkUnavailable = "network_unavailable";
 export const unableToCreateAzureArc = "unable_to_create_azure_arc";

diff --git a/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts
@@ -785,16 +785,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => {
             const systemAssignedManagedIdentityApplication: ManagedIdentityApplication =
                 new ManagedIdentityApplication(systemAssignedConfig);
 
-            await expect(
-                systemAssignedManagedIdentityApplication.acquireToken({
-                    resource: "invalid_resource",
-                })
-            ).rejects.toMatchObject(
-                createManagedIdentityError(
-                    ManagedIdentityErrorCodes.invalidResource
-                )
-            );
-
             await expect(
                 systemAssignedManagedIdentityApplication.acquireToken({
                     resource: "",
@@ -822,7 +812,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => {
 
             expect(() => {
                 new ManagedIdentityApplication(badUserAssignedClientIdConfig);
-            }).toThrowError(
+            }).toThrow(
                 createManagedIdentityError(
                     ManagedIdentityErrorCodes.invalidManagedIdentityIdType
                 )