Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clientSecret can now (once again) be provided as undefined #7209

Merged
merged 8 commits into from
Aug 8, 2024
Merged

clientSecret can now (once again) be provided as undefined #7209

merged 8 commits into from
Aug 8, 2024

Conversation

Robbie-Microsoft
Copy link
Collaborator

Fixed a regression accidentally introduced in Implemented SHA2 Certificate Functionality. clientSecret can now (once again) be provided as undefined.

added unit test

@github-actions github-actions bot added the msal-node Related to msal-node package label Jul 18, 2024
@Robbie-Microsoft Robbie-Microsoft marked this pull request as ready for review July 18, 2024 16:24
@Robbie-Microsoft Robbie-Microsoft linked an issue Jul 18, 2024 that may be closed by this pull request
setClientCredential() errors when no clientCertificate property is set #7201
Closed
2 tasks
@yuezk
Copy link

yuezk commented Jul 19, 2024
edited
Loading

Hi,

I'm from #7201 and am curious about the root cause since the code has been strongly typed.

Looks like this is a runtime error and the root cause is as @RoelVB said in #7201 (comment).

Though this PR can fix #7201, I'm afraid we may run into similar issues if it is not fixed from the root.

Related:

maorleger
maorleger approved these changes Jul 25, 2024
View reviewed changes
Copy link

@maorleger maorleger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We chatted offline a bit. Here's what I think:

  • Agree that there's a larger issue here with the spread operator. There is always a disconnect between your defined types and what you actually get at runtime especially when it comes to your external API
  • IMO, fixing this correctly requires some additional thought. While I agree that you could fix the cert key specifically by spreading it out ala clientCertificate: { ...DEFAULT_AUTH_OPTIONS.clientCertificate, ...auth.clientCertificate } }, that still requires discipline whenever objects are added to the config and is an easy trap to fall into. Consider creating a separate issue to track the larger fix and linking to it in your PR
  • You may also play around with exactOptionalPropertyTypes which may not help your users but it will help you catch errors internally where possible like this playground - again, it's not perfect especially with spread
  • I would also check if config.auth.clientCertificate is used anywhere else in the code just to confirm

LGTM for the immediate future, and a separate issue can be created to address the troubles with the spread operator here. That's at least what I would do!

@Robbie-Microsoft
Copy link
Collaborator Author

Thanks @maorleger!

@RoelVB I agree with your analysis about what the root cause is. However, this behavior (root cause) already existed before the regression this PR addresses was introduced.

@yuezk I'm going to keep this PR as is, and create a new GitHub issue for "larger refactoring to remove the ambiguity for deeply nested properties".

@yuezk
Copy link

yuezk commented Jul 26, 2024

Thanks for explaining this. I agree with your decision.

@Robbie-Microsoft
Copy link
Collaborator Author

Linking the issue I created.

@Robbie-Microsoft Robbie-Microsoft merged commit 4592e9f into dev Aug 8, 2024
9 checks passed
@Robbie-Microsoft Robbie-Microsoft deleted the 2.11.0-regression branch August 8, 2024 16:41
@urbankrepel urbankrepel mentioned this pull request Sep 7, 2024
Merged
This was referenced Sep 18, 2024
Closed
Closed
@AbidemiAdio AbidemiAdio mentioned this pull request Sep 19, 2024
Closed
@suityou01 suityou01 mentioned this pull request Sep 19, 2024
Open
@beclamide beclamide mentioned this pull request Sep 19, 2024
Closed
@rohanssalunkhe rohanssalunkhe mentioned this pull request Sep 20, 2024
Closed
@tanovellino tanovellino mentioned this pull request Sep 21, 2024
Closed
This was referenced Sep 21, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maorleger maorleger maorleger approved these changes

@bgavrilMS bgavrilMS bgavrilMS approved these changes

@neha-bhargava neha-bhargava neha-bhargava approved these changes

@sameerag sameerag Awaiting requested review from sameerag sameerag is a code owner

@tnorling tnorling Awaiting requested review from tnorling tnorling is a code owner

@hectormmg hectormmg Awaiting requested review from hectormmg hectormmg is a code owner

@peterzenz peterzenz Awaiting requested review from peterzenz peterzenz is a code owner

@trwalke trwalke Awaiting requested review from trwalke trwalke is a code owner

@pmaytak pmaytak Awaiting requested review from pmaytak pmaytak is a code owner

@gladjohn gladjohn Awaiting requested review from gladjohn gladjohn is a code owner

@rayluo rayluo Awaiting requested review from rayluo rayluo is a code owner

@Avery-Dunn Avery-Dunn Awaiting requested review from Avery-Dunn Avery-Dunn is a code owner

Assignees
No one assigned
Labels
msal-node Related to msal-node package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

setClientCredential() errors when no clientCertificate property is set
5 participants
@Robbie-Microsoft @yuezk @maorleger @bgavrilMS @neha-bhargava