Promote MsalServiceException.SubError to public#6063
Merged
Conversation
Promotes the server-emitted OAuth sub-error from internal to public so callers can distinguish fine-grained ESTS failure cases (consent_required, bad_token, protection_policy_required, etc.) that are otherwise indistinguishable inside a single ErrorCode such as invalid_grant. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR promotes MsalServiceException.SubError to a public API so downstream libraries can access and propagate richer service error diagnostics without message parsing.
Changes:
- Makes
MsalServiceException.SubErrorpublicly gettable/settable and adds XML documentation describing its diagnostic nature. - Updates PublicAPI baselines (Unshipped) across all supported target frameworks to reflect the new public surface.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/client/Microsoft.Identity.Client/MsalServiceException.cs | Changes SubError from internal to public and documents intended usage/semantics. |
| src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt | Adds the new public getter/setter to the netstandard2.0 API baseline. |
| src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt | Adds the new public getter/setter to the net462 API baseline. |
| src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt | Adds the new public getter/setter to the net472 API baseline. |
| src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt | Adds the new public getter/setter to the net8.0 API baseline. |
| src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt | Adds the new public getter/setter to the net8.0-android API baseline. |
| src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt | Adds the new public getter/setter to the net8.0-ios API baseline. |
…l (only getter is net-new public surface) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
Author
|
@copilot resolve the merge conflicts in this pull request |
Contributor
Resolved the merge conflicts locally in |
bgavrilMS
reviewed
Jun 15, 2026
bgavrilMS
approved these changes
Jun 15, 2026
Addresses reviewer comment: clarifies the property is intended for diagnostics/logging, not production branching. Public getter renamed; internal setter renamed in lockstep across the call graph (Throttled* copy ctors, MsalUiRequiredException.Classification accessor, CacheSilentStrategy FOCI fallback, MsalServiceException JSON round-trip). OAuth2ResponseBase.SubError (wire-level field) intentionally untouched. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
gladjohn
approved these changes
Jun 16, 2026
This was referenced Jun 23, 2026
Merged
Closed
Closed
Open
Open
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Promotes
MsalServiceException.SubErrorgetter frominternaltopublicso downstream layers can map richer error diagnostics through the outbound token-acquisition pipeline. Setter staysinternal— only MSAL produces these values.What's proposed
MsalServiceException.SubError— getter promoted frominternaltopublic(net-new public surface onMsalServiceException;MsalExceptionhas noSubErrormember). Setter remainsinternal— only MSAL writes this value from the wire.PublicAPI baseline files updated per the project's analyzer.
Why
SubErrordiscriminates failure subtypes within a singleErrorCode. E.g.invalid_grantcan be qualified byconsent_required(caller should re-prompt),bad_token(drop the cached entry), orprotection_policy_required(satisfy a CA challenge). Without public access, consumers building structured error surfaces (e.g.TokenAcquisitionFailureDetailsin Microsoft.Identity.Abstractions) fall back to string-parsingMessage.Compatibility
Widening a getter from
internaltopublicis non-breaking on all three axes (binary, source, type-check). The setter is unchanged.References
MISE/docs/design proposal/surface_msal_authentication_result_metadata.md