Skip to content

[release/8.0] Update @azure/msal-browser from 2.x to 4.x #66236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
wtgodbe merged 1 commit into from
Apr 9, 2026
+16 −11
Merged

[release/8.0] Update @azure/msal-browser from 2.x to 4.x #66236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion src/Components/WebAssembly/Authentication.Msal/src/Interop/AuthenticationService.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,10 @@ class MsalAuthorizeService implements AuthorizeService {
this._msalApplication = new Msal.PublicClientApplication(this._settings);
}

async initialize(): Promise<void> {
await this._msalApplication.initialize();
}

getAccount() {
if (this._account) {
return this._account;
Expand Down Expand Up @@ -283,7 +287,7 @@ class MsalAuthorizeService implements AuthorizeService {
return await this._msalApplication.loginPopup(request);
} catch (e) {
// If the user explicitly cancelled the pop-up, avoid performing a redirect.
if (this.isMsalError(e) && e.errorCode !== Msal.BrowserAuthErrorMessage.userCancelledError.code) {
if (this.isMsalError(e) && e.errorCode !== Msal.BrowserAuthErrorCodes.userCancelled) {
this.debug('User canceled sign-in pop-up');
this.signInWithRedirect(request);
Comment on lines 289 to 292
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The debug log message is misleading: this branch executes when the error is not userCancelled, but it logs "User canceled sign-in pop-up" and the preceding comment says cancellation should avoid redirect. Please adjust the message (and/or branch structure) so logs/comments match the actual redirect fallback behavior.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Member

@akoeplinger akoeplinger Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah this seems correct. looking through the history a bit this was refactored a couple times (e.g. ecf2a23#diff-e93d88646a9c7b8accad9fd0d381af964d3f5e6bba9d4e72c22f602565a3c4cc) but the original intention of the comment was to talk about the "else" case

/cc @javiercn

} else {
Expand Down Expand Up @@ -466,6 +470,7 @@ export class AuthenticationService {
public static async init(settings: AuthorizeServiceConfiguration, jsLoggingOptions: JavaScriptLoggingOptions) {
if (!AuthenticationService._initialized) {
AuthenticationService.instance = new MsalAuthorizeService(settings, new Logger(jsLoggingOptions));
await AuthenticationService.instance.initialize();
AuthenticationService.instance.initializeMsalHandler();
AuthenticationService._initialized = true;
}
Comment on lines 470 to 476
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AuthenticationService.init can race if called concurrently: _initialized is set only after awaiting instance.initialize(), so a second call can create/initialize a second MsalAuthorizeService instance. Consider using a single shared initialization Promise (similar to WebAssembly.Authentication's AuthenticationService._initialized) so concurrent calls await the same work and the instance is constructed once.

Copilot uses AI. Check for mistakes.
Expand Down
2 changes: 1 addition & 1 deletion src/Components/WebAssembly/Authentication.Msal/src/Interop/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
"webpack-cli": "^4.9.2"
},
"dependencies": {
"@azure/msal-browser": "^2.39.0"
"@azure/msal-browser": "^4.30.0"
},
"resolutions": {
"ansi-regex": "5.0.1",
Expand Down
18 changes: 9 additions & 9 deletions src/Components/WebAssembly/Authentication.Msal/src/Interop/yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,17 @@
"@jridgewell/gen-mapping" "^0.1.0"
"@jridgewell/trace-mapping" "^0.3.9"

"@azure/msal-browser@^2.39.0":
version "2.39.0"
resolved "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/@azure/msal-browser/-/msal-browser-2.39.0.tgz#684fd3974c2628b2dffd04a4c8416a0945b42b69"
integrity sha1-aE/Tl0wmKLLf/QSkyEFqCUW0K2k=
"@azure/msal-browser@^4.30.0":
version "4.30.0"
resolved "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/@azure/msal-browser/-/msal-browser-4.30.0.tgz"
integrity sha1-MPuveuJtmrdnGqvKPUH5xS0qOTc=
dependencies:
"@azure/msal-common" "13.3.3"
"@azure/msal-common" "15.17.0"

"@azure/msal-common@13.3.3":
version "13.3.3"
resolved "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/@azure/msal-common/-/msal-common-13.3.3.tgz#b4963c9e5a164ed890b204becb036303ccf4f6ac"
integrity sha1-tJY8nloWTtiQsgS+ywNjA8z09qw=
"@azure/msal-common@15.17.0":
version "15.17.0"
resolved "https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public-npm/npm/registry/@azure/msal-common/-/msal-common-15.17.0.tgz"
integrity sha1-rjwDN4yFJkKxyaMDOA6UXCuJfwI=

"@babel/code-frame@^7.18.6":
version "7.18.6"
Expand Down
Loading