Skip to content

Add token-acquisition metadata + failure details surface#253

Merged
neha-bhargava merged 4 commits into
mainfrom
nebharg/metadata-surface-poc
Jun 19, 2026
Merged

Add token-acquisition metadata + failure details surface#253
neha-bhargava merged 4 commits into
mainfrom
nebharg/metadata-surface-poc

Conversation

@neha-bhargava

@neha-bhargava neha-bhargava commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds a metadata + failure-details surface to AuthorizationHeaderInformation, AuthorizationHeaderError, and AcquireTokenResult so downstream consumers can observe MSAL-side acquisition diagnostics without bespoke side channels.

What's proposed

  • TokenAcquisitionMetadata — populated by IdWeb from AuthenticationResult.AuthenticationResultMetadata. Carries TokenSource, CacheLevel, CacheRefreshReason, RegionDetails, and timing fields (DurationTotalInMs, DurationInHttpInMs, DurationInCacheInMs, RefreshOn, TokenEndpoint).

  • TokenAcquisitionFailureDetails — populated on the failure path. Carries ErrorCode, SubError, StatusCode, Claims, CorrelationId. Field names mirror MsalServiceException one-to-one so the MSAL → Abstractions copy is identity.

  • AcquiredToken* satellite typesAcquiredTokenSource, AcquiredTokenCacheLevel, AcquiredTokenCacheRefreshReason, AcquiredTokenRegionDetails, AcquiredTokenRegionOutcome. The prefix mirrors the existing AcquireTokenResult and avoids CS0104 source-breaking ambiguity with the identically-named types in Microsoft.Identity.Client (caught by IdWeb-gate validation).

  • AdditionalResponseParameters mirrored on AuthorizationHeaderInformation (already present on AcquireTokenResult) so consumers can read OAuth extras off the header surface without rehydrating the token result.

  • Metadata / FailureDetails properties on AuthorizationHeaderInformation, AuthorizationHeaderError, and AcquireTokenResult ({ get; set; }); the nested diagnostics types themselves (TokenAcquisitionMetadata, TokenAcquisitionFailureDetails, AcquiredTokenRegionDetails) are init-only. Additive — existing object-initializer call sites unaffected.

  • IsExternalInit polyfill added for net462/net472/netstandard2.0/netstandard2.1 (init-only setters not in the BCL on those TFMs).

Compatibility

Fully non-breaking on all three axes (binary, source, type-check). 277/277 existing tests pass across net10 / net8 / net462.

References

Adds opt-in metadata that lets MISE/IdWeb downstream callers observe how an access token was acquired and why a header-creation attempt failed, without taking a dependency on MSAL.NET internals.

New public surface:

- TokenAcquisitionMetadata, RegionDetails, TokenAcquisitionFailureDetails (sealed POCOs, init-only)

- TokenSource, CacheRefreshReason, CacheLevel, RegionOutcome enums

- AcquireTokenResult.Metadata, AuthorizationHeaderInformation.Metadata

- AuthorizationHeaderError.Metadata, AuthorizationHeaderError.FailureDetails

All members listed in PublicAPI.Unshipped.txt for every target framework. Adds an internal IsExternalInit polyfill so the new init-only setters compile on net462/netstandard2.0/netstandard2.1.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ResponseParameters to AuthorizationHeaderInformation; xmldoc tightening

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@neha-bhargava neha-bhargava changed the title [POC] Add token-acquisition metadata + failure details surface Add token-acquisition metadata + failure details surface Jun 15, 2026
@neha-bhargava

Copy link
Copy Markdown
Contributor Author

@copilot resolve the merge conflicts in this pull request

@neha-bhargava neha-bhargava marked this pull request as ready for review June 15, 2026 18:05

Copilot AI commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

@copilot resolve the merge conflicts in this pull request

Resolved in 4b63af1.

Comment thread src/Microsoft.Identity.Abstractions/TokenAcquisition/AcquiredTokenCacheLevel.cs Outdated
…l.None semantics

MSAL.NET's CacheLevel.None covers any case where the token came from the identity provider rather than a cache tier — cache miss, ForceRefresh, proactive refresh, or cache bypassed. The previous 'cache was not consulted' wording was narrower than the actual semantics flowing in from MSAL via IdWeb. Addresses review comment from @bgavrilMS.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@neha-bhargava neha-bhargava merged commit a43c18d into main Jun 19, 2026
5 checks passed
@neha-bhargava neha-bhargava deleted the nebharg/metadata-surface-poc branch June 19, 2026 05:07
neha-bhargava added a commit that referenced this pull request Jun 19, 2026
- Bump MicrosoftIdentityAbstractionsVersion 12.1.1 -> 12.2.1
- Add changelog entry (#253 token-acquisition metadata + failure-details surface, #255 AcquireTokenOptions request-message extensions)
- Move accumulated public API from Unshipped to Shipped across all target frameworks (#252 UseBoundCredential/ApiUrl/Protocol, #253, #255)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
neha-bhargava added a commit that referenced this pull request Jun 19, 2026
* Prepare release 12.2.1

- Bump MicrosoftIdentityAbstractionsVersion 12.1.1 -> 12.2.1
- Add changelog entry (#253 token-acquisition metadata + failure-details surface, #255 AcquireTokenOptions request-message extensions)
- Move accumulated public API from Unshipped to Shipped across all target frameworks (#252 UseBoundCredential/ApiUrl/Protocol, #253, #255)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Update changelog.md

Co-authored-by: Travis Walker <travis.walker@microsoft.com>
Signed-off-by: Neha Bhargava <61847233+neha-bhargava@users.noreply.github.com>

---------

Signed-off-by: Neha Bhargava <61847233+neha-bhargava@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Travis Walker <travis.walker@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants