v5 loadExternalTokens fixes #8259
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tication-library-for-js into v5-loadExternalTokens-fixes
…eAD/microsoft-authentication-library-for-js into v5-loadExternalTokens-fixes
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request introduces bug fixes and enhancements to the external token loading (loadExternalTokens) functionality in MSAL browser and common libraries. The changes focus on improving authority/environment handling, implementing refresh token expiration tracking, and enhancing telemetry for better observability.
Changes:
- Authority handling now uses
AuthorityFactory.createDiscoveredInstanceto ensure tokens are cached with the preferred cache environment (e.g.,login.windows.net) - Refresh token expiration is calculated and stored when
refresh_token_expires_inis provided in the response - New telemetry fields (
acntLoggedOut,extRtExpiresOnSeconds) added for improved diagnostics - Account validation logic improved to use
getAllAccountswith filters for better alias support - Tenant profile handling enhanced to ensure home tenant profile is always present
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| lib/msal-browser/src/cache/TokenCache.ts | Core changes to use AuthorityFactory for proper environment handling, non-optional authority parameter, and refresh token expiration calculation |
| lib/msal-browser/src/cache/BrowserCacheManager.ts | Removed unnecessary optional chaining for result.account properties (now guaranteed non-null) |
| lib/msal-browser/test/cache/TokenCache.spec.ts | Comprehensive test additions for refresh token expiration, preferred cache environment, and removal of obsolete authority error test |
| lib/msal-common/src/response/ResponseHandler.ts | Improved account validation using getAllAccounts with filters and added telemetry for logged-out accounts |
| lib/msal-common/src/cache/utils/AccountEntityUtils.ts | Enhanced to ensure home tenant profile always exists in getAccountInfo and createAccountEntityFromAccountInfo |
| lib/msal-common/src/telemetry/performance/PerformanceEvent.ts | Added new telemetry fields: acntLoggedOut and extRtExpiresOnSeconds |
| lib/msal-common/test/response/ResponseHandler.spec.ts | New tests for handling refresh token responses with account alias validation |
| lib/msal-common/test/cache/AccountEntityUtils.spec.ts | Updated test expectations for home tenant profile creation |
| lib/msal-node/test/client/PublicClientApplication.spec.ts | Added getAllAccounts mock for test compatibility |
| lib/msal-browser/test/interaction_client/SilentRefreshClient.spec.ts | Added getAllAccounts mock for test compatibility |
| lib/msal-common/apiReview/msal-common.api.md | Updated API surface to reflect new telemetry fields |
| change/@azure-msal-common-*.json | Beachball change file for msal-common package |
| change/@azure-msal-browser-*.json | Beachball change file for msal-browser package |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces improvements and bug fixes to the external token loading logic in the MSAL browser library, focusing on correct authority/environment handling, refresh token expiration, and telemetry enhancements. It also updates and adds new tests to ensure proper caching behavior and coverage for new features.
Token caching and authority/environment handling:
TokenCache.tsnow usesAuthorityFactory.createDiscoveredInstance, ensuring that the preferred cache environment (e.g.,login.windows.net) is used when storing tokens, rather than the canonical authority string. This affects how accounts and tokens are keyed and cached. [1] [2]authorityandidTokenClaimsparameters in token/account generation and caching functions, simplifying error handling and ensuring correct environment assignment. [1] [2] [3] [4]Refresh token expiration and telemetry:
refresh_token_expires_inis present in the external token response, the code calculates and stores an explicit expiration time for the refresh token. This value is also added to telemetry asextRtExpiresOnSecondsfor monitoring. [1] [2] [3] [4]PerformanceEventtype is updated to include new telemetry fields (acntLoggedOut,extRtExpiresOnSeconds) for improved diagnostics. [1] [2]Test improvements and coverage:
refresh_token_expires_inis provided, and without expiration when it is absent. Additional tests confirm that the preferred cache environment is used for all token types.login.windows.netfor environment values.Miscellaneous:
These changes collectively improve correctness, reliability, and observability of external token loading and caching in the browser library.