diff --git a/src/client/Microsoft.Identity.Client/Internal/Requests/Silent/CacheSilentStrategy.cs b/src/client/Microsoft.Identity.Client/Internal/Requests/Silent/CacheSilentStrategy.cs index 9e61b7a21d..b1f7d63b21 100644 --- a/src/client/Microsoft.Identity.Client/Internal/Requests/Silent/CacheSilentStrategy.cs +++ b/src/client/Microsoft.Identity.Client/Internal/Requests/Silent/CacheSilentStrategy.cs @@ -237,7 +237,7 @@ private async Task TryGetTokenUsingFociAsync(CancellationToke return null; #else if (MsalError.InvalidGrantError.Equals(ex?.ErrorCode, StringComparison.OrdinalIgnoreCase) && - MsalError.ClientMismatch.Equals(ex?.SubError, StringComparison.OrdinalIgnoreCase)) + MsalError.ClientMismatch.Equals(ex?.SubErrorForLogging, StringComparison.OrdinalIgnoreCase)) { logger.Error("[FOCI] FRT refresh failed - client mismatch. "); return null; diff --git a/src/client/Microsoft.Identity.Client/MsalServiceException.cs b/src/client/Microsoft.Identity.Client/MsalServiceException.cs index 06d9975394..c4ec33fb7a 100644 --- a/src/client/Microsoft.Identity.Client/MsalServiceException.cs +++ b/src/client/Microsoft.Identity.Client/MsalServiceException.cs @@ -205,10 +205,13 @@ public HttpResponseHeaders Headers #endregion - /// - /// The suberror should not be exposed for public consumption yet, as STS needs to do some work first. - /// - internal string SubError { get; set; } + /// + /// Sub-error returned by the token service refining + /// (for example consent_required, bad_token, protection_policy_required). + /// Values are emitted by the service and may change without notice; intended for diagnostics + /// and logging — do not branch production behavior on this value. + /// + public string SubErrorForLogging { get; internal set; } /// /// A list of STS-specific error codes that can help in diagnostics. @@ -249,7 +252,7 @@ internal override void PopulateJson(JObject jObject) jObject[ClaimsKey] = Claims; jObject[ResponseBodyKey] = ResponseBody; jObject[CorrelationIdKey] = CorrelationId; - jObject[SubErrorKey] = SubError; + jObject[SubErrorKey] = SubErrorForLogging; } internal override void PopulateObjectFromJson(JObject jObject) @@ -259,7 +262,7 @@ internal override void PopulateObjectFromJson(JObject jObject) Claims = JsonHelper.GetExistingOrEmptyString(jObject, ClaimsKey); ResponseBody = JsonHelper.GetExistingOrEmptyString(jObject, ResponseBodyKey); CorrelationId = JsonHelper.GetExistingOrEmptyString(jObject, CorrelationIdKey); - SubError = JsonHelper.GetExistingOrEmptyString(jObject, SubErrorKey); + SubErrorForLogging = JsonHelper.GetExistingOrEmptyString(jObject, SubErrorKey); } #endregion } diff --git a/src/client/Microsoft.Identity.Client/MsalServiceExceptionFactory.cs b/src/client/Microsoft.Identity.Client/MsalServiceExceptionFactory.cs index 181dd224ec..e2039d971f 100644 --- a/src/client/Microsoft.Identity.Client/MsalServiceExceptionFactory.cs +++ b/src/client/Microsoft.Identity.Client/MsalServiceExceptionFactory.cs @@ -78,7 +78,7 @@ internal static MsalServiceException FromHttpResponse( ex.Claims = oAuth2Response?.Claims; ex.CorrelationId = oAuth2Response?.CorrelationId; - ex.SubError = oAuth2Response?.SubError; + ex.SubErrorForLogging = oAuth2Response?.SubError; ex.ErrorCodes = oAuth2Response?.ErrorCodes; return ex; @@ -168,7 +168,7 @@ internal static MsalServiceException FromBrokerResponse( SetHttpExceptionData(ex, brokerHttpResponse); ex.CorrelationId = correlationId; - ex.SubError = subErrorCode; + ex.SubErrorForLogging = subErrorCode; return ex; } diff --git a/src/client/Microsoft.Identity.Client/MsalThrottledServiceException.cs b/src/client/Microsoft.Identity.Client/MsalThrottledServiceException.cs index 50401e8f4b..0c907109dd 100644 --- a/src/client/Microsoft.Identity.Client/MsalThrottledServiceException.cs +++ b/src/client/Microsoft.Identity.Client/MsalThrottledServiceException.cs @@ -23,7 +23,7 @@ public MsalThrottledServiceException(MsalServiceException originalException) : originalException.Message, originalException.InnerException) { - SubError = originalException.SubError; + SubErrorForLogging = originalException.SubErrorForLogging; StatusCode = originalException.StatusCode; Claims = originalException.Claims; CorrelationId = originalException.CorrelationId; diff --git a/src/client/Microsoft.Identity.Client/MsalThrottledUiRequiredException.cs b/src/client/Microsoft.Identity.Client/MsalThrottledUiRequiredException.cs index 6ece4ebfb4..5c87188921 100644 --- a/src/client/Microsoft.Identity.Client/MsalThrottledUiRequiredException.cs +++ b/src/client/Microsoft.Identity.Client/MsalThrottledUiRequiredException.cs @@ -27,7 +27,7 @@ public MsalThrottledUiRequiredException(MsalUiRequiredException originalExceptio originalException.InnerException, originalException.Classification) { - SubError = originalException.SubError; + SubErrorForLogging = originalException.SubErrorForLogging; StatusCode = originalException.StatusCode; Claims = originalException.Claims; CorrelationId = originalException.CorrelationId; diff --git a/src/client/Microsoft.Identity.Client/MsalUiRequiredException.cs b/src/client/Microsoft.Identity.Client/MsalUiRequiredException.cs index 765188ba06..779b136720 100644 --- a/src/client/Microsoft.Identity.Client/MsalUiRequiredException.cs +++ b/src/client/Microsoft.Identity.Client/MsalUiRequiredException.cs @@ -71,19 +71,19 @@ public UiRequiredExceptionClassification Classification { get { - if (string.Equals(base.SubError, MsalError.BasicAction, StringComparison.OrdinalIgnoreCase)) + if (string.Equals(base.SubErrorForLogging, MsalError.BasicAction, StringComparison.OrdinalIgnoreCase)) return UiRequiredExceptionClassification.BasicAction; - if (string.Equals(base.SubError, MsalError.AdditionalAction, StringComparison.OrdinalIgnoreCase)) + if (string.Equals(base.SubErrorForLogging, MsalError.AdditionalAction, StringComparison.OrdinalIgnoreCase)) return UiRequiredExceptionClassification.AdditionalAction; - if (string.Equals(base.SubError, MsalError.MessageOnly, StringComparison.OrdinalIgnoreCase)) + if (string.Equals(base.SubErrorForLogging, MsalError.MessageOnly, StringComparison.OrdinalIgnoreCase)) return UiRequiredExceptionClassification.MessageOnly; - if (string.Equals(base.SubError, MsalError.ConsentRequired, StringComparison.OrdinalIgnoreCase)) + if (string.Equals(base.SubErrorForLogging, MsalError.ConsentRequired, StringComparison.OrdinalIgnoreCase)) return UiRequiredExceptionClassification.ConsentRequired; - if (string.Equals(base.SubError, MsalError.UserPasswordExpired, StringComparison.OrdinalIgnoreCase)) + if (string.Equals(base.SubErrorForLogging, MsalError.UserPasswordExpired, StringComparison.OrdinalIgnoreCase)) return UiRequiredExceptionClassification.UserPasswordExpired; return _classification; diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt index 23d74c590c..cc90ae4e03 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt @@ -1,3 +1,4 @@ +Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance -Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance +Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance \ No newline at end of file diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt index 23d74c590c..cc90ae4e03 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt @@ -1,3 +1,4 @@ +Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance -Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance +Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance \ No newline at end of file diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt index 23d74c590c..cc90ae4e03 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt @@ -1,3 +1,4 @@ +Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance -Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance +Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance \ No newline at end of file diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt index 23d74c590c..cc90ae4e03 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt @@ -1,3 +1,4 @@ +Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance -Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance +Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance \ No newline at end of file diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt index 23d74c590c..cc90ae4e03 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt @@ -1,3 +1,4 @@ +Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance -Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance +Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance \ No newline at end of file diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt index 23d74c590c..cc90ae4e03 100644 --- a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt +++ b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt @@ -1,3 +1,4 @@ +Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance -Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance +Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance \ No newline at end of file diff --git a/tests/Microsoft.Identity.Test.Unit/BrokerTests/BrokerRequestTests.cs b/tests/Microsoft.Identity.Test.Unit/BrokerTests/BrokerRequestTests.cs index 9ce0485ca0..01229c5cc4 100644 --- a/tests/Microsoft.Identity.Test.Unit/BrokerTests/BrokerRequestTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/BrokerTests/BrokerRequestTests.cs @@ -890,7 +890,7 @@ private void ProtectionPolicyNotEnabled_Throws_Exception_Common(Action