allowNativeBroker = false outside of AAD protocol mode

AzureAD · Jul 12, 2023 · d96b9d0 · d96b9d0
1 parent d81c43c
commit d96b9d0
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/lib/msal-browser/src/config/Configuration.ts b/lib/msal-browser/src/config/Configuration.ts
@@ -328,6 +328,14 @@ export function buildConfiguration(
             throw ClientConfigurationError.createCannotSetOIDCOptionsError();
     }
 
+    // Throw an error if user has set allowNativeBroker to true without being in AAD protocol mode
+    if(userInputAuth &&
+        userInputAuth.protocolMode !== ProtocolMode.AAD && 
+        providedSystemOptions &&
+        providedSystemOptions.allowNativeBroker) {
+            throw ClientConfigurationError.createCannotAllowNativeBrokerError();
+    }
+
     const overlayedConfig: BrowserConfiguration = {
         auth: { ...DEFAULT_AUTH_OPTIONS, ...userInputAuth },
         cache: { ...DEFAULT_CACHE_OPTIONS, ...userInputCache },

diff --git a/lib/msal-common/src/error/ClientConfigurationError.ts b/lib/msal-common/src/error/ClientConfigurationError.ts
@@ -109,6 +109,10 @@ export const ClientConfigurationErrorMessage = {
         code: "cannot_set_OIDCOptions",
         desc: "Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",
     },
+    cannotAllowNativeBroker:{
+        code: "cannot_allow_native_broker",
+        desc: "Cannot set allowNativeBroker parameter to true when not in AAD protocol mode.",
+    },
     authorityMismatch: {
         code: "authority_mismatch",
         desc: "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority."
@@ -384,6 +388,16 @@ export class ClientConfigurationError extends ClientAuthError {
         );
     }
 
+    /**
+     * Throws error when allowNativeBroker is set to true when not in AAD protocol mode
+     */
+    static createCannotAllowNativeBrokerError(): ClientConfigurationError {
+        return new ClientConfigurationError(
+            ClientConfigurationErrorMessage.cannotAllowNativeBroker.code,
+            ClientConfigurationErrorMessage.cannotAllowNativeBroker.desc
+        );
+    }
+
     /**
      * Create an error when the authority provided in request does not match authority provided in account or MSAL.js configuration.
      */