Merge branch 'dev' into dependency-updates

Author: hectormmg

change/@azure-msal-node-a4bee0a7-f0d9-4f21-a850-94cad8403505.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Preserve authority metadata when calling clear() [#8542](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/8542)",
+  "packageName": "@azure/msal-node",
+  "email": "shylasummers@microsoft.com",
+  "dependentChangeType": "patch"
+}

lib/msal-node/src/cache/NodeStorage.ts

@@ -500,7 +500,7 @@ export class NodeStorage extends CacheManager {
     }
 
     /**
-     * Clears all cache entries created by MSAL (except tokens).
+     * Clears all cache entries created by MSAL except authority metadata..
      */
     clear(): void {
         this.logger.trace("Clearing cache entries created by MSAL", "");
@@ -510,6 +510,9 @@ export class NodeStorage extends CacheManager {
 
         // delete each element
         cacheKeys.forEach((key) => {
+            if (this.isAuthorityMetadata(key)) {
+                return;
+            }
             this.removeItem(key);
         });
         this.emitChange();

lib/msal-node/src/client/ClientApplication.ts

@@ -675,7 +675,7 @@ export abstract class ClientApplication {
     }
 
     /**
-     * Clear the cache
+     * Clear the cache except for authority metadata.
      */
     clearCache(): void {
         this.storage.clear();

lib/msal-node/src/client/IConfidentialClientApplication.ts

@@ -67,7 +67,7 @@ export interface IConfidentialClientApplication {
     /** Replaces the default logger set in configurations with new Logger with new configurations */
     setLogger(logger: Logger): void;
 
-    /** Clear the cache */
+    /** Clear the cache except for authority metadata. */
     clearCache(): void;
 
     /** This extensibility point is meant for Azure SDK to enhance Managed Identity support */

lib/msal-node/src/client/IPublicClientApplication.ts

@@ -68,7 +68,7 @@ export interface IPublicClientApplication {
     /** Replaces the default logger set in configurations with new Logger with new configurations */
     setLogger(logger: Logger): void;
 
-    /** Clear the cache */
+    /** Clear the cache except for authority metadata, which is not included in the serialized cache and would otherwise be lost. */
     clearCache(): void;
 
     /** Gets all cached accounts */

lib/msal-node/test/cache/Storage.spec.ts

@@ -366,22 +366,52 @@ describe("Storage tests for msal-node: ", () => {
         expect(newInMemoryCache.accounts[ACCOUNT_KEY]).toBeUndefined;
     });
 
-    it("should remove all keys from the cache when clear() is called", () => {
+    it("clear() removes all cache entries except authority metadata", () => {
         const nodeStorage = new NodeStorage(
             logger,
             clientId,
             DEFAULT_CRYPTO_IMPLEMENTATION
         );
         nodeStorage.setInMemoryCache(inMemoryCache);
 
-        nodeStorage.clear();
+        const host = "login.microsoftonline.com";
+        const authorityMetadataKey = `authority-metadata-${clientId}-${host}`;
+        const authorityMetadata: AuthorityMetadataEntity = {
+            aliases: [host],
+            preferred_cache: host,
+            preferred_network: host,
+            canonical_authority: TEST_CONSTANTS.DEFAULT_AUTHORITY,
+            authorization_endpoint:
+                DEFAULT_OPENID_CONFIG_RESPONSE.body.authorization_endpoint,
+            token_endpoint: DEFAULT_OPENID_CONFIG_RESPONSE.body.token_endpoint,
+            end_session_endpoint:
+                DEFAULT_OPENID_CONFIG_RESPONSE.body.end_session_endpoint,
+            issuer: DEFAULT_OPENID_CONFIG_RESPONSE.body.issuer,
+            jwks_uri: DEFAULT_OPENID_CONFIG_RESPONSE.body.jwks_uri,
+            aliasesFromNetwork: false,
+            endpointsFromNetwork: false,
+            expiresAt: CacheHelpers.generateAuthorityMetadataExpiresAt(),
+        };
+        nodeStorage.setAuthorityMetadata(
+            authorityMetadataKey,
+            authorityMetadata
+        );
 
-        expect(nodeStorage.getAccount(ACCOUNT_KEY)).toBeNull();
+        nodeStorage.clear();
 
+        // Token/account/appMetadata entries should be cleared
         const newInMemoryCache = nodeStorage.getInMemoryCache();
         Object.values(newInMemoryCache).forEach((cacheSection) => {
             expect(cacheSection).toEqual({});
         });
+
+        // Authority metadata should be preserved
+        expect(nodeStorage.getAuthorityMetadata(authorityMetadataKey)).toEqual(
+            authorityMetadata
+        );
+        expect(nodeStorage.getAuthorityMetadataKeys()).toContain(
+            authorityMetadataKey
+        );
     });
 
     describe("Getters and Setters", () => {

lib/msal-node/test/cache/TokenCache.spec.ts

@@ -10,6 +10,7 @@ import {
     ICachePlugin,
     buildStaticAuthorityOptions,
     Constants,
+    AuthorityMetadataEntity,
 } from "@azure/msal-common";
 import { NodeStorage } from "../../src/cache/NodeStorage.js";
 import { TokenCache } from "../../src/cache/TokenCache.js";
@@ -283,6 +284,70 @@ describe("TokenCache tests", () => {
         );
     });
 
+    it("overwriteCache should preserve authority metadata", async () => {
+        const cachePath = "./test/cache/cache-test-files/default-cache.json";
+        const beforeCacheAccess = async (context: TokenCacheContext) => {
+            context.tokenCache.deserialize(
+                await promises.readFile(cachePath, Constants.EncodingTypes.UTF8)
+            );
+        };
+        const afterCacheAccess = async (context: TokenCacheContext) => {
+            await promises.writeFile(cachePath, context.tokenCache.serialize());
+        };
+
+        const cachePlugin: ICachePlugin = {
+            beforeCacheAccess,
+            afterCacheAccess,
+        };
+
+        const tokenCache = new TokenCache(storage, logger, cachePlugin);
+
+        // Populate authority metadata in the storage before overwriting
+        const authorityMetadataKey =
+            "authority-metadata-mock_client_id-login.microsoftonline.com";
+        const authorityMetadata = {
+            aliases: [
+                "login.microsoftonline.com",
+                "login.windows.net",
+                "login.microsoft.com",
+            ],
+            preferred_cache: "login.windows.net",
+            preferred_network: "login.microsoftonline.com",
+            canonical_authority: "https://login.microsoftonline.com/common",
+            authorization_endpoint:
+                "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
+            token_endpoint:
+                "https://login.microsoftonline.com/common/oauth2/v2.0/token",
+            end_session_endpoint:
+                "https://login.microsoftonline.com/common/oauth2/v2.0/logout",
+            issuer: "https://login.microsoftonline.com/{tenantid}/v2.0",
+            jwks_uri:
+                "https://login.microsoftonline.com/common/discovery/v2.0/keys",
+            aliasesFromNetwork: true,
+            endpointsFromNetwork: true,
+            expiresAt:
+                msalCommon.CacheHelpers.generateAuthorityMetadataExpiresAt(),
+        };
+        storage.setAuthorityMetadata(
+            authorityMetadataKey,
+            authorityMetadata as AuthorityMetadataEntity
+        );
+
+        expect(storage.getAuthorityMetadata(authorityMetadataKey)).toEqual(
+            authorityMetadata
+        );
+
+        await tokenCache.overwriteCache();
+
+        const restoredMetadata =
+            storage.getAuthorityMetadata(authorityMetadataKey);
+        expect(restoredMetadata).not.toBeNull();
+        expect(restoredMetadata!.aliases).toEqual(authorityMetadata.aliases);
+        expect(restoredMetadata!.preferred_cache).toEqual(
+            authorityMetadata.preferred_cache
+        );
+    });
+
     it("overwriteCache should not throw and simply return if persistent cache does not exist", async () => {
         const tokenCache = new TokenCache(storage, logger);