diff --git a/change/@azure-msal-browser-ab395da1-96b3-4e3e-aba4-97816697bd09.json b/change/@azure-msal-browser-ab395da1-96b3-4e3e-aba4-97816697bd09.json new file mode 100644 index 0000000000..d5947396c5 --- /dev/null +++ b/change/@azure-msal-browser-ab395da1-96b3-4e3e-aba4-97816697bd09.json @@ -0,0 +1,7 @@ +{ + "type": "patch", + "comment": "Add additional logging for Nested App Auth initialization errors (#7064)", + "packageName": "@azure/msal-browser", + "email": "dasau@microsoft.com", + "dependentChangeType": "patch" +} diff --git a/change/@azure-msal-node-4db7cb53-4748-451c-8675-2bb9a4fe0bb1.json b/change/@azure-msal-node-4db7cb53-4748-451c-8675-2bb9a4fe0bb1.json new file mode 100644 index 0000000000..38aa23be28 --- /dev/null +++ b/change/@azure-msal-node-4db7cb53-4748-451c-8675-2bb9a4fe0bb1.json @@ -0,0 +1,7 @@ +{ + "type": "patch", + "comment": "Removed Managed Identity Resource URI Validation", + "packageName": "@azure/msal-node", + "email": "rginsburg@microsoft.com", + "dependentChangeType": "patch" +} diff --git a/lib/msal-browser/src/controllers/ControllerFactory.ts b/lib/msal-browser/src/controllers/ControllerFactory.ts index b9a521766f..447ad1ca47 100644 --- a/lib/msal-browser/src/controllers/ControllerFactory.ts +++ b/lib/msal-browser/src/controllers/ControllerFactory.ts @@ -29,10 +29,7 @@ export async function createController( await Promise.all(operatingContexts); - if ( - teamsApp.isAvailable() && - teamsApp.getConfig().auth.supportsNestedAppAuth - ) { + if (teamsApp.isAvailable()) { const controller = await import("./NestedAppAuthController"); return controller.NestedAppAuthController.createController(teamsApp); } else if (standard.isAvailable()) { diff --git a/lib/msal-browser/src/operatingcontext/TeamsAppOperatingContext.ts b/lib/msal-browser/src/operatingcontext/TeamsAppOperatingContext.ts index 7b5970749a..6e96d4509f 100644 --- a/lib/msal-browser/src/operatingcontext/TeamsAppOperatingContext.ts +++ b/lib/msal-browser/src/operatingcontext/TeamsAppOperatingContext.ts @@ -61,6 +61,11 @@ export class TeamsAppOperatingContext extends BaseOperatingContext { * TODO: Add implementation to check for presence of inject Nested App Auth Bridge JavaScript interface * */ + + if (!this.getConfig().auth.supportsNestedAppAuth) { + return false; + } + try { if (typeof window !== "undefined") { const bridgeProxy: IBridgeProxy = await BridgeProxy.create(); @@ -74,18 +79,19 @@ export class TeamsAppOperatingContext extends BaseOperatingContext { this.activeAccount = await bridgeProxy.getActiveAccount(); } - } catch (e) { - this.activeAccount = undefined; + } catch { + // Ignore errors } this.bridgeProxy = bridgeProxy; this.available = bridgeProxy !== undefined; - } else { - this.available = false; } - } catch (e) { - this.available = false; - } finally { - return this.available; + } catch (ex) { + this.logger.infoPii( + `Could not initialize Nested App Auth bridge (${ex})` + ); } + + this.logger.info(`Nested App Auth Bridge available: ${this.available}`); + return this.available; } } diff --git a/lib/msal-node/src/client/ManagedIdentityApplication.ts b/lib/msal-node/src/client/ManagedIdentityApplication.ts index dd4db52c67..6208dfb002 100644 --- a/lib/msal-node/src/client/ManagedIdentityApplication.ts +++ b/lib/msal-node/src/client/ManagedIdentityApplication.ts @@ -16,7 +16,8 @@ import { ProtocolMode, StaticAuthorityOptions, AuthenticationResult, - UrlString, + createClientConfigurationError, + ClientConfigurationErrorCodes, } from "@azure/msal-common"; import { ManagedIdentityConfiguration, @@ -31,10 +32,6 @@ import { ManagedIdentityClient } from "./ManagedIdentityClient"; import { ManagedIdentityRequestParams } from "../request/ManagedIdentityRequestParams"; import { NodeStorage } from "../cache/NodeStorage"; import { DEFAULT_AUTHORITY_FOR_MANAGED_IDENTITY } from "../utils/Constants"; -import { - ManagedIdentityErrorCodes, - createManagedIdentityError, -} from "../error/ManagedIdentityError"; /** * Class to initialize a managed identity and identify the service @@ -122,14 +119,9 @@ export class ManagedIdentityApplication { public async acquireToken( managedIdentityRequestParams: ManagedIdentityRequestParams ): Promise { - const resourceUrlString = new UrlString( - managedIdentityRequestParams.resource.replace("/.default", "") - ); - try { - resourceUrlString.validateAsUri(); - } catch (e) { - throw createManagedIdentityError( - ManagedIdentityErrorCodes.invalidResource + if (!managedIdentityRequestParams.resource) { + throw createClientConfigurationError( + ClientConfigurationErrorCodes.urlEmptyError ); } diff --git a/lib/msal-node/src/error/ManagedIdentityError.ts b/lib/msal-node/src/error/ManagedIdentityError.ts index 9a67dbea09..2bac44c366 100644 --- a/lib/msal-node/src/error/ManagedIdentityError.ts +++ b/lib/msal-node/src/error/ManagedIdentityError.ts @@ -14,8 +14,6 @@ export { ManagedIdentityErrorCodes }; export const ManagedIdentityErrorMessages = { [ManagedIdentityErrorCodes.invalidManagedIdentityIdType]: "More than one ManagedIdentityIdType was provided.", - [ManagedIdentityErrorCodes.invalidResource]: - "The supplied resource is an invalid URL.", [ManagedIdentityErrorCodes.missingId]: "A ManagedIdentityId id was not provided.", [ManagedIdentityErrorCodes.MsiEnvironmentVariableUrlMalformedErrorCodes diff --git a/lib/msal-node/src/error/ManagedIdentityErrorCodes.ts b/lib/msal-node/src/error/ManagedIdentityErrorCodes.ts index f60df42b21..67a6129def 100644 --- a/lib/msal-node/src/error/ManagedIdentityErrorCodes.ts +++ b/lib/msal-node/src/error/ManagedIdentityErrorCodes.ts @@ -6,7 +6,6 @@ import { ManagedIdentityEnvironmentVariableNames } from "../utils/Constants"; export const invalidManagedIdentityIdType = "invalid_managed_identity_id_type"; -export const invalidResource = "invalid_resource"; export const missingId = "missing_client_id"; export const networkUnavailable = "network_unavailable"; export const unableToCreateAzureArc = "unable_to_create_azure_arc"; diff --git a/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts b/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts index ef2f149f58..e05a62a5ec 100644 --- a/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts +++ b/lib/msal-node/test/client/ManagedIdentitySources/Imds.spec.ts @@ -785,16 +785,6 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { const systemAssignedManagedIdentityApplication: ManagedIdentityApplication = new ManagedIdentityApplication(systemAssignedConfig); - await expect( - systemAssignedManagedIdentityApplication.acquireToken({ - resource: "invalid_resource", - }) - ).rejects.toMatchObject( - createManagedIdentityError( - ManagedIdentityErrorCodes.invalidResource - ) - ); - await expect( systemAssignedManagedIdentityApplication.acquireToken({ resource: "", @@ -822,7 +812,7 @@ describe("Acquires a token successfully via an IMDS Managed Identity", () => { expect(() => { new ManagedIdentityApplication(badUserAssignedClientIdConfig); - }).toThrowError( + }).toThrow( createManagedIdentityError( ManagedIdentityErrorCodes.invalidManagedIdentityIdType )