Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,7 @@ private async Task<MsalTokenResponse> TryGetTokenUsingFociAsync(CancellationToke
return null;
#else
if (MsalError.InvalidGrantError.Equals(ex?.ErrorCode, StringComparison.OrdinalIgnoreCase) &&
MsalError.ClientMismatch.Equals(ex?.SubError, StringComparison.OrdinalIgnoreCase))
MsalError.ClientMismatch.Equals(ex?.SubErrorForLogging, StringComparison.OrdinalIgnoreCase))
{
logger.Error("[FOCI] FRT refresh failed - client mismatch. ");
return null;
Expand Down
15 changes: 9 additions & 6 deletions src/client/Microsoft.Identity.Client/MsalServiceException.cs
Original file line number Diff line number Diff line change
Expand Up @@ -205,10 +205,13 @@ public HttpResponseHeaders Headers

#endregion

/// <remarks>
/// The suberror should not be exposed for public consumption yet, as STS needs to do some work first.
/// </remarks>
internal string SubError { get; set; }
/// <summary>
/// Sub-error returned by the token service refining <see cref="MsalException.ErrorCode"/>
/// (for example <c>consent_required</c>, <c>bad_token</c>, <c>protection_policy_required</c>).
/// Values are emitted by the service and may change without notice; intended for diagnostics
/// and logging — do not branch production behavior on this value.
/// </summary>
public string SubErrorForLogging { get; internal set; }
Comment thread
neha-bhargava marked this conversation as resolved.

/// <summary>
/// A list of STS-specific error codes that can help in diagnostics.
Expand Down Expand Up @@ -249,7 +252,7 @@ internal override void PopulateJson(JObject jObject)
jObject[ClaimsKey] = Claims;
jObject[ResponseBodyKey] = ResponseBody;
jObject[CorrelationIdKey] = CorrelationId;
jObject[SubErrorKey] = SubError;
jObject[SubErrorKey] = SubErrorForLogging;
}

internal override void PopulateObjectFromJson(JObject jObject)
Expand All @@ -259,7 +262,7 @@ internal override void PopulateObjectFromJson(JObject jObject)
Claims = JsonHelper.GetExistingOrEmptyString(jObject, ClaimsKey);
ResponseBody = JsonHelper.GetExistingOrEmptyString(jObject, ResponseBodyKey);
CorrelationId = JsonHelper.GetExistingOrEmptyString(jObject, CorrelationIdKey);
SubError = JsonHelper.GetExistingOrEmptyString(jObject, SubErrorKey);
SubErrorForLogging = JsonHelper.GetExistingOrEmptyString(jObject, SubErrorKey);
}
#endregion
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ internal static MsalServiceException FromHttpResponse(

ex.Claims = oAuth2Response?.Claims;
ex.CorrelationId = oAuth2Response?.CorrelationId;
ex.SubError = oAuth2Response?.SubError;
ex.SubErrorForLogging = oAuth2Response?.SubError;
ex.ErrorCodes = oAuth2Response?.ErrorCodes;

return ex;
Expand Down Expand Up @@ -168,7 +168,7 @@ internal static MsalServiceException FromBrokerResponse(
SetHttpExceptionData(ex, brokerHttpResponse);

ex.CorrelationId = correlationId;
ex.SubError = subErrorCode;
ex.SubErrorForLogging = subErrorCode;

return ex;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ public MsalThrottledServiceException(MsalServiceException originalException) :
originalException.Message,
originalException.InnerException)
{
SubError = originalException.SubError;
SubErrorForLogging = originalException.SubErrorForLogging;
StatusCode = originalException.StatusCode;
Claims = originalException.Claims;
CorrelationId = originalException.CorrelationId;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ public MsalThrottledUiRequiredException(MsalUiRequiredException originalExceptio
originalException.InnerException,
originalException.Classification)
{
SubError = originalException.SubError;
SubErrorForLogging = originalException.SubErrorForLogging;
StatusCode = originalException.StatusCode;
Claims = originalException.Claims;
CorrelationId = originalException.CorrelationId;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,19 +71,19 @@ public UiRequiredExceptionClassification Classification
{
get
{
if (string.Equals(base.SubError, MsalError.BasicAction, StringComparison.OrdinalIgnoreCase))
if (string.Equals(base.SubErrorForLogging, MsalError.BasicAction, StringComparison.OrdinalIgnoreCase))
return UiRequiredExceptionClassification.BasicAction;

if (string.Equals(base.SubError, MsalError.AdditionalAction, StringComparison.OrdinalIgnoreCase))
if (string.Equals(base.SubErrorForLogging, MsalError.AdditionalAction, StringComparison.OrdinalIgnoreCase))
return UiRequiredExceptionClassification.AdditionalAction;

if (string.Equals(base.SubError, MsalError.MessageOnly, StringComparison.OrdinalIgnoreCase))
if (string.Equals(base.SubErrorForLogging, MsalError.MessageOnly, StringComparison.OrdinalIgnoreCase))
return UiRequiredExceptionClassification.MessageOnly;

if (string.Equals(base.SubError, MsalError.ConsentRequired, StringComparison.OrdinalIgnoreCase))
if (string.Equals(base.SubErrorForLogging, MsalError.ConsentRequired, StringComparison.OrdinalIgnoreCase))
return UiRequiredExceptionClassification.ConsentRequired;

if (string.Equals(base.SubError, MsalError.UserPasswordExpired, StringComparison.OrdinalIgnoreCase))
if (string.Equals(base.SubErrorForLogging, MsalError.UserPasswordExpired, StringComparison.OrdinalIgnoreCase))
return UiRequiredExceptionClassification.UserPasswordExpired;

return _classification;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string
Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string
Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string
Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string
Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string
Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
Microsoft.Identity.Client.MsalServiceException.SubErrorForLogging.get -> string
Microsoft.Identity.Client.AzureCloudInstance.GovFr = 5 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovDe = 6 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Microsoft.Identity.Client.AzureCloudInstance.GovSg = 7 -> Microsoft.Identity.Client.AzureCloudInstance
Original file line number Diff line number Diff line change
Expand Up @@ -890,7 +890,7 @@ private void ProtectionPolicyNotEnabled_Throws_Exception_Common(Action<MsalToken
{
// Assert
Assert.AreEqual(BrokerResponseConst.AndroidUnauthorizedClient, ex.ErrorCode);
Assert.AreEqual(BrokerResponseConst.AndroidProtectionPolicyRequired, ex.SubError);
Assert.AreEqual(BrokerResponseConst.AndroidProtectionPolicyRequired, ex.SubErrorForLogging);

return;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ public void MsalServiceException_CanSerializeAndDeserializeRoundTrip()
Claims = SomeClaims,
CorrelationId = SomeCorrelationId,
ResponseBody = SomeResponseBody,
SubError = SomeSubError
SubErrorForLogging = SomeSubError
};

SerializeDeserializeAndValidate(ex, typeof(MsalServiceException), true);
Expand All @@ -76,7 +76,7 @@ public void MsalUiRequiredException_CanSerializeAndDeserializeRoundTrip()
Claims = SomeClaims,
CorrelationId = SomeCorrelationId,
ResponseBody = SomeResponseBody,
SubError = SomeSubError
SubErrorForLogging = SomeSubError
};

SerializeDeserializeAndValidate(ex, typeof(MsalUiRequiredException), true);
Expand Down Expand Up @@ -108,7 +108,7 @@ private void SerializeDeserializeAndValidate(MsalException ex, Type expectedType
Assert.AreEqual(SomeClaims, serviceEx.Claims);
Assert.AreEqual(SomeResponseBody, serviceEx.ResponseBody);
Assert.AreEqual(SomeCorrelationId, serviceEx.CorrelationId);
Assert.AreEqual(SomeSubError, serviceEx.SubError);
Assert.AreEqual(SomeSubError, serviceEx.SubErrorForLogging);
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ private static void ValidateClassification(
Assert.Contains(ExMessage, msalException.Message);
Assert.AreEqual("some_claims", msalException.Claims);
Assert.AreEqual("6347d33d-941a-4c35-9912-a9cf54fb1b3e", msalException.CorrelationId);
Assert.AreEqual(suberror ?? "", msalException.SubError);
Assert.AreEqual(suberror ?? "", msalException.SubErrorForLogging);

if (expectUiRequiredException)
{
Expand Down Expand Up @@ -194,7 +194,7 @@ public void MsalUiRequiredException_Oauth2Response()
Assert.AreEqual(ExMessage + " " + MsalErrorMessage.ClaimsChallenge, msalServiceException.Message);
Assert.AreEqual("some_claims", msalServiceException.Claims);
Assert.AreEqual("6347d33d-941a-4c35-9912-a9cf54fb1b3e", msalServiceException.CorrelationId);
Assert.AreEqual("some_suberror", msalServiceException.SubError);
Assert.AreEqual("some_suberror", msalServiceException.SubErrorForLogging);

ValidateExceptionProductInformation(msalException);
}
Expand Down Expand Up @@ -265,7 +265,7 @@ public void MsalServiceException_HttpResponse_OAuthResponse()

Assert.AreEqual("some_claims", msalServiceException.Claims);
Assert.AreEqual("6347d33d-941a-4c35-9912-a9cf54fb1b3e", msalServiceException.CorrelationId);
Assert.AreEqual("some_suberror", msalServiceException.SubError);
Assert.AreEqual("some_suberror", msalServiceException.SubErrorForLogging);
ValidateExceptionProductInformation(msalException);

// Act
Expand Down Expand Up @@ -343,7 +343,7 @@ public void MsalServiceException_FromHttpResponse()
Assert.AreEqual(responseBody, msalServiceException.ResponseBody);
Assert.AreEqual(ExMessage + " " + MsalErrorMessage.ClaimsChallenge, msalServiceException.Message);
Assert.AreEqual((int)statusCode, msalServiceException.StatusCode);
Assert.AreEqual("some_suberror", msalServiceException.SubError);
Assert.AreEqual("some_suberror", msalServiceException.SubErrorForLogging);

Assert.AreEqual(retryAfterSpan, msalServiceException.Headers.RetryAfter.Delta);
ValidateExceptionProductInformation(msalException);
Expand Down
Loading