Fix JSON object conversion in PlatformDOMRequest v4 (#8350)

Co-authored-by: Sameera Gajjarapu <sameera.gajjarapu@microsoft.com>
Co-authored-by: Thomas Norling <thomas.norling@microsoft.com>

Author: 3 people

change/@azure-msal-browser-2a439cd6-3e60-4ee6-999d-5187b0299b2f.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Fix JSON object conversion in PlatformDOMRequest v4 [#8350](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/8350)",
+  "packageName": "@azure/msal-browser",
+  "email": "lalimasharda@microsoft.com",
+  "dependentChangeType": "patch"
+}

lib/msal-browser/src/broker/nativeBroker/PlatformAuthDOMHandler.ts

@@ -231,18 +231,29 @@ export class PlatformAuthDOMHandler implements IPlatformAuthHandler {
     private getDOMExtraParams(
         extraParameters: Record<string, unknown>
     ): DOMExtraParameters {
-        const stringifiedParams = Object.entries(extraParameters).reduce(
-            (record, [key, value]) => {
-                record[key] = String(value);
-                return record;
-            },
-            {} as StringDict
-        );
-
-        const validExtraParams: DOMExtraParameters = {
-            ...stringifiedParams,
-        };
-
-        return validExtraParams;
+        try {
+            const stringifiedProperties: StringDict = {};
+            for (const [key, value] of Object.entries(extraParameters)) {
+                if (!value) {
+                    continue;
+                }
+                if (typeof value === "object") {
+                    stringifiedProperties[key] = JSON.stringify(value);
+                } else {
+                    stringifiedProperties[key] = String(value);
+                }
+            }
+            return stringifiedProperties;
+        } catch (e) {
+            this.logger.error(
+                this.platformAuthType + " - Error stringifying extra parameters"
+            );
+            this.logger.errorPii(
+                this.platformAuthType +
+                    " - Error stringifying extra parameters: " +
+                    e
+            );
+            return {};
+        }
     }
 }

lib/msal-browser/test/broker/PlatformAuthDOMHandler.spec.ts

@@ -532,9 +532,16 @@ describe("PlatformAuthDOMHandler tests", () => {
                 nonce: "test-nonce",
                 claims: "test-claims",
                 instanceAware: true,
-                windowTitleSubstring: "test-window-substring",
+                windowTitleSubstring: null,
                 extendedExpiryToken: true,
                 signPopToken: true,
+                account: {
+                    nativeAccountId: "native-test-id",
+                    userName: "test-user",
+                    name: "Test User",
+                    username: "testest@test.com",
+                },
+                someArrayParam: ["value1", "value2"],
             };
             const domExtraParams =
                 //@ts-ignore
@@ -544,10 +551,79 @@ describe("PlatformAuthDOMHandler tests", () => {
                 nonce: "test-nonce",
                 claims: "test-claims",
                 instanceAware: "true",
-                windowTitleSubstring: "test-window-substring",
                 extendedExpiryToken: "true",
                 signPopToken: "true",
+                account: JSON.stringify(testExtraParameters.account),
+                someArrayParam: '["value1","value2"]',
+            });
+        });
+
+        it("should omit undefined values", async () => {
+            getSupportedContractsMock.mockResolvedValue([
+                PlatformAuthConstants.PLATFORM_DOM_APIS,
+            ]);
+            const platformAuthDOMHandler =
+                await PlatformAuthDOMHandler.createProvider(
+                    logger,
+                    performanceClient,
+                    "test-correlation-id"
+                );
+
+            const testExtraParameters = {
+                prompt: PromptValue.NONE,
+                nonce: "test-nonce",
+                claims: "test-claims",
+                instanceAware: undefined,
+            };
+
+            const domExtraParams =
+                //@ts-ignore
+                platformAuthDOMHandler.getDOMExtraParams(testExtraParameters);
+            expect(domExtraParams).toEqual({
+                prompt: "none",
+                nonce: "test-nonce",
+                claims: "test-claims",
             });
+            expect(domExtraParams).not.toHaveProperty("instanceAware");
+        });
+
+        it("should catch JSON.stringify error and return empty object", async () => {
+            getSupportedContractsMock.mockResolvedValue([
+                PlatformAuthConstants.PLATFORM_DOM_APIS,
+            ]);
+            const platformAuthDOMHandler =
+                await PlatformAuthDOMHandler.createProvider(
+                    logger,
+                    performanceClient,
+                    "test-correlation-id"
+                );
+
+            // Create a circular reference that will cause JSON.stringify to throw
+            const circularObj: any = { name: "test" };
+            circularObj.self = circularObj;
+
+            const testExtraParameters = {
+                prompt: PromptValue.NONE,
+                problemParam: circularObj,
+            };
+
+            console.log("Testing circular object:", testExtraParameters);
+
+            const loggerErrorSpy = jest.spyOn(logger, "error");
+            const loggerErrorPiiSpy = jest.spyOn(logger, "errorPii");
+
+            const domExtraParams =
+                //@ts-ignore
+                platformAuthDOMHandler.getDOMExtraParams(testExtraParameters);
+
+            expect(domExtraParams).toEqual({});
+            expect(loggerErrorSpy).toHaveBeenCalledWith(
+                "PlatformAuthDOMHandler - Error stringifying extra parameters"
+            );
+            expect(loggerErrorPiiSpy).toHaveBeenCalled();
+            expect(loggerErrorPiiSpy.mock.calls[0][0]).toContain(
+                "Error stringifying extra parameters"
+            );
         });
     });
 });