PR Feedback

Avery-Dunn · Avery-Dunn · commit f1fa204c0cef · 2026-05-18T13:31:08.000-07:00
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserFederatedIdentityCredentialParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserFederatedIdentityCredentialParameters.java
@@ -131,6 +131,12 @@ public Map<String, String> extraHttpHeaders() {
         return this.extraHttpHeaders;
     }
 
+    /**
+     * @deprecated Present only to satisfy the {@link IAcquireTokenParameters} interface contract.
+     * Not recommended for use — this API is scheduled for removal across all parameter classes
+     * and will be replaced by a new mechanism in a future release.
+     */
+    @Deprecated
     public Map<String, String> extraQueryParameters() {
         return this.extraQueryParameters;
     }
@@ -201,8 +207,11 @@ public UserFederatedIdentityCredentialParametersBuilder extraHttpHeaders(Map<Str
         }
 
         /**
-         * Adds additional parameters to the token request.
+         * @deprecated Present only to satisfy the {@link IAcquireTokenParameters} interface contract.
+         * Not recommended for use — this API is scheduled for removal across all parameter classes
+         * and will be replaced by a new mechanism in a future release.
          */
+        @Deprecated
         public UserFederatedIdentityCredentialParametersBuilder extraQueryParameters(Map<String, String> extraQueryParameters) {
             this.extraQueryParameters = extraQueryParameters;
             return this;
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserFederatedIdentityCredentialRequest.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserFederatedIdentityCredentialRequest.java
@@ -30,14 +30,10 @@ private static OAuthAuthorizationGrant createMsalGrant(UserFederatedIdentityCred
             params.put(GrantConstants.USERNAME_PARAMETER, parameters.username());
         }
 
-        if (parameters.claims() != null) {
-            params.put("claims", parameters.claims().formatAsJSONString());
-        }
-
-        // OAuthAuthorizationGrant constructor automatically adds:
-        // - scope augmented with openid, offline_access, profile (COMMON_SCOPES)
-        // - client_info=1
-        return new OAuthAuthorizationGrant(params, parameters.scopes());
+        // Use the 3-arg constructor so that claims are properly set on the grant object.
+        // This ensures TokenRequestExecutor can correctly merge user claims with clientCapabilities
+        // rather than silently overwriting them.
+        return new OAuthAuthorizationGrant(params, parameters.scopes(), parameters.claims());
     }
 
     UserFederatedIdentityCredentialParameters parameters() {
