Skip to content

Commit 48929f9

Browse files
hectormmgCopilot
andauthored
Add correlationId to POST request query params (#8308)
This pull request adds support for propagating the `correlationId` in authorization requests to ensure traceability across services. The main changes involve updating the `getEARForm` and `getCodeForm` functions to include the `correlationId` in the query parameters, and adding tests to verify this behavior. Enhancements to correlationId propagation: * Updated `getEARForm` and `getCodeForm` in `Authorize.ts` to add the `correlationId` to the query parameters, allowing gateways to propagate it to identity providers. [[1]](diffhunk://#diff-a4a9623518687b3ceac75fec2a3748ba77e40fd2166581e3ff0c4149258c6165R218-R226) [[2]](diffhunk://#diff-a4a9623518687b3ceac75fec2a3748ba77e40fd2166581e3ff0c4149258c6165R270-R283) Testing improvements: * Added and updated tests in `Authorize.spec.ts` to verify that the `correlationId` is present in both the post body and query parameters of the authorization forms. [[1]](diffhunk://#diff-383f979b9a05a2d7fe02052138e8087f6ca2167e78d44dc4d41c391463d4da04R197-R204) [[2]](diffhunk://#diff-383f979b9a05a2d7fe02052138e8087f6ca2167e78d44dc4d41c391463d4da04R393-R469) --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
1 parent d4b2c2c commit 48929f9

3 files changed

Lines changed: 106 additions & 0 deletions

File tree

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
{
2+
"type": "patch",
3+
"comment": "Add correlationId to POST request query params [#8308](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/8308)",
4+
"packageName": "@azure/msal-browser",
5+
"email": "hemoral@microsoft.com",
6+
"dependentChangeType": "patch"
7+
}

lib/msal-browser/src/protocol/Authorize.ts

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,13 @@ export async function getEARForm(
215215
queryParams,
216216
request.extraQueryParameters || {}
217217
);
218+
219+
// Add correlationId to query params so gateway can propagate it to IDPs
220+
RequestParameterBuilder.addCorrelationId(
221+
queryParams,
222+
request.correlationId
223+
);
224+
218225
const url = AuthorizeProtocol.getAuthorizeUrl(
219226
authority,
220227
queryParams,
@@ -258,11 +265,18 @@ export async function getCodeForm(
258265
);
259266

260267
const queryParams = new Map<string, string>();
268+
261269
RequestParameterBuilder.addExtraQueryParameters(
262270
queryParams,
263271
request.extraQueryParameters || {}
264272
);
265273

274+
// Add correlationId to query params so gateway can propagate it to IDPs
275+
RequestParameterBuilder.addCorrelationId(
276+
queryParams,
277+
request.correlationId
278+
);
279+
266280
const url = AuthorizeProtocol.getAuthorizeUrl(
267281
authority,
268282
queryParams,

lib/msal-browser/test/protocol/Authorize.spec.ts

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -194,6 +194,14 @@ describe("Authorize Protocol Tests", () => {
194194
BrowserConstants.MSAL_SKU
195195
);
196196
checkInputProperties(AADServerParamKeys.X_CLIENT_VER, version);
197+
198+
// Verify correlationId is present in authorize URL query params
199+
const actionUrl = new URL(form.action);
200+
expect(
201+
actionUrl.searchParams.get(
202+
AADServerParamKeys.CLIENT_REQUEST_ID
203+
)
204+
).toEqual(validRequest.correlationId);
197205
});
198206
});
199207

@@ -382,4 +390,81 @@ describe("Authorize Protocol Tests", () => {
382390
});
383391
});
384392
});
393+
describe("getCodeForm tests", () => {
394+
const config = buildConfiguration(
395+
{ auth: { clientId: TEST_CONFIG.MSAL_CLIENT_ID } },
396+
true
397+
);
398+
const logger = new Logger({});
399+
const performanceClient = new StubPerformanceClient();
400+
const authorityOptions: AuthorityOptions = {
401+
protocolMode: ProtocolMode.AAD,
402+
knownAuthorities: [],
403+
cloudDiscoveryMetadata: "",
404+
authorityMetadata: "",
405+
};
406+
const eventHandler = new EventHandler();
407+
const cacheManager = new BrowserCacheManager(
408+
TEST_CONFIG.MSAL_CLIENT_ID,
409+
config.cache,
410+
new CryptoOps(logger, performanceClient),
411+
logger,
412+
performanceClient,
413+
eventHandler
414+
);
415+
let authority: Authority;
416+
const validRequest: CommonAuthorizationUrlRequest = {
417+
authority: TEST_CONFIG.validAuthority,
418+
scopes: ["openid", "profile"],
419+
correlationId: TEST_CONFIG.CORRELATION_ID,
420+
redirectUri: window.location.href,
421+
state: TEST_STATE_VALUES.TEST_STATE_REDIRECT,
422+
nonce: ID_TOKEN_CLAIMS.nonce,
423+
responseMode: ResponseMode.FRAGMENT,
424+
codeChallenge: "code-challenge",
425+
};
426+
427+
beforeAll(async () => {
428+
jest.useFakeTimers();
429+
authority = await AuthorityFactory.createDiscoveredInstance(
430+
TEST_CONFIG.validAuthority,
431+
config.system.networkClient,
432+
cacheManager,
433+
authorityOptions,
434+
logger,
435+
TEST_CONFIG.CORRELATION_ID,
436+
performanceClient
437+
);
438+
});
439+
440+
afterAll(() => {
441+
jest.useRealTimers();
442+
});
443+
444+
it("Adds correlationId to both post body and query params", async () => {
445+
const form = await Authorize.getCodeForm(
446+
document,
447+
config,
448+
authority,
449+
validRequest,
450+
logger,
451+
performanceClient
452+
);
453+
454+
// Post body check
455+
const clientRequestIdInput = form.elements.namedItem(
456+
AADServerParamKeys.CLIENT_REQUEST_ID
457+
) as HTMLInputElement;
458+
expect(clientRequestIdInput).toBeTruthy();
459+
expect(clientRequestIdInput.value).toEqual(
460+
validRequest.correlationId
461+
);
462+
463+
// Query param check
464+
const actionUrl = new URL(form.action);
465+
expect(
466+
actionUrl.searchParams.get(AADServerParamKeys.CLIENT_REQUEST_ID)
467+
).toEqual(validRequest.correlationId);
468+
});
469+
});
385470
});

0 commit comments

Comments
 (0)