Port monitor_window_timeout telemetry enhancements to v5 (dev branch) (#8385)

This pull request enhances telemetry and monitoring in the MSAL Browser
library by adding more detailed performance and error tracking,
particularly for bridge timeouts and network conditions. It also
introduces warnings and telemetry when the redirect URI’s origin does
not match the current page, helping to diagnose authentication issues.
The changes include propagating the `performanceClient` for more
granular telemetry, collecting network information, and expanding test
coverage to ensure these features work as intended.

**Telemetry and Performance Improvements:**

- Added the `performanceClient` parameter to the `waitForBridgeResponse`
function and all its call sites in `PopupClient` and
`SilentIframeClient`, enabling more detailed telemetry for bridge
timeout scenarios.
[[1]](diffhunk://#diff-78bb6bdde3811910ee513b0902523f82816adfed7fb4e71c34554ba04711956eL237-R255)
[[2]](diffhunk://#diff-3f43afd5556603a80064728bd701519ec2e22979f09ae6095b7fdea0507ad593L375-R376)
[[3]](diffhunk://#diff-3f43afd5556603a80064728bd701519ec2e22979f09ae6095b7fdea0507ad593L504-R506)
[[4]](diffhunk://#diff-3f43afd5556603a80064728bd701519ec2e22979f09ae6095b7fdea0507ad593L632-R635)
[[5]](diffhunk://#diff-3f43afd5556603a80064728bd701519ec2e22979f09ae6095b7fdea0507ad593L786-R790)
[[6]](diffhunk://#diff-379febb046eaaa641bafb36c0a72f4c585eda5881b889dd8942919112539e5faL304-R305)
[[7]](diffhunk://#diff-379febb046eaaa641bafb36c0a72f4c585eda5881b889dd8942919112539e5faL469-R471)
[[8]](diffhunk://#diff-d8aa8313e46503e745028509a1ac18093831ea5baeafe63c63ea825727aa3580L1504-R1504)
- Enhanced telemetry in `waitForBridgeResponse` by logging the timeout
value and message version, providing more context for monitor window
timeout errors.
[[1]](diffhunk://#diff-78bb6bdde3811910ee513b0902523f82816adfed7fb4e71c34554ba04711956eL237-R255)
[[2]](diffhunk://#diff-78bb6bdde3811910ee513b0902523f82816adfed7fb4e71c34554ba04711956eR286-R297)
- Collected network information (effective connection type and
round-trip time) in performance events using a new `getNetworkInfo`
utility, and included this data in telemetry for better diagnostics.
[[1]](diffhunk://#diff-7bf3f5ead1c2093dd056541885a7effa8b79d493ebfac484c2bce9e132cb42e6R21)
[[2]](diffhunk://#diff-686e6e522b4c2193064ffc1229f6f8c210bddf5fdc88690acc6ce1f893e4e44cR8-R34)
[[3]](diffhunk://#diff-7bf3f5ead1c2093dd056541885a7effa8b79d493ebfac484c2bce9e132cb42e6R164-R172)

**Error Handling and Diagnostics:**

- Added a warning and a telemetry field when the redirect URI’s origin
does not match the current page, helping to surface potential
authentication misconfigurations.

**Testing Enhancements:**

- Expanded unit tests to verify logging and telemetry for cross-origin
redirect URIs and the inclusion of network information in performance
events, as well as to ensure the new `performanceClient` parameter is
properly handled in all relevant test cases.
[[1]](diffhunk://#diff-38bf5f23ba532c32331992082c13e9fb5e3e6b61a8ddc5a06f6cb41c5191f29bR346-R396)
[[2]](diffhunk://#diff-910035273036aec3a2ea5df6d270f63c5008957027756ead62325c6214ee168aR77-R131)
[[3]](diffhunk://#diff-0e4f86d8a16dd8be09b5f3b33d82dafe4c4325e3fd92b994120b0290beb0c2d6L1911-R1912)
[[4]](diffhunk://#diff-0e4f86d8a16dd8be09b5f3b33d82dafe4c4325e3fd92b994120b0290beb0c2d6L1947-R1949)
[[5]](diffhunk://#diff-0e4f86d8a16dd8be09b5f3b33d82dafe4c4325e3fd92b994120b0290beb0c2d6L1987-R1990)
[[6]](diffhunk://#diff-0e4f86d8a16dd8be09b5f3b33d82dafe4c4325e3fd92b994120b0290beb0c2d6L2044-R2056)
[[7]](diffhunk://#diff-d597c4d5e0f6d07f5ddd39328c482759a4377c4024b73a1f03c5af03b62bbd07L124-R125)
[[8]](diffhunk://#diff-d597c4d5e0f6d07f5ddd39328c482759a4377c4024b73a1f03c5af03b62bbd07L159-R161)
[[9]](diffhunk://#diff-d597c4d5e0f6d07f5ddd39328c482759a4377c4024b73a1f03c5af03b62bbd07L198-R201)
[[10]](diffhunk://#diff-d597c4d5e0f6d07f5ddd39328c482759a4377c4024b73a1f03c5af03b62bbd07L254-R266)

**Documentation and Release:**

- Updated API documentation to reflect the new `performanceClient`
parameter and created change files for `@azure/msal-browser` and
`@azure/msal-common` noting the additional telemetry for monitor window
timeout errors.
[[1]](diffhunk://#diff-d8aa8313e46503e745028509a1ac18093831ea5baeafe63c63ea825727aa3580L1504-R1504)
[[2]](diffhunk://#diff-a0ad68ef5aa0fbf7b3181f222cdc9314009d150df48e59d6de586a2c0bec5840R1-R7)
[[3]](diffhunk://#diff-528f1b737ee6dde3d5da4d005008c0edc57475bc94174ef051f520ed1f504d0aR1-R7)

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: tnorling <5307810+tnorling@users.noreply.github.com>
Co-authored-by: Thomas Norling <thomas.norling@microsoft.com>

Author: Copilot

change/@azure-msal-browser-43f9e5a9-94f7-4463-a4e9-fca092b41cad.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Additional telemetry for monitor_window_timeout errors [#8385](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/8385)",
+  "packageName": "@azure/msal-browser",
+  "email": "thomas.norling@microsoft.com",
+  "dependentChangeType": "patch"
+}

change/@azure-msal-common-7ef9342e-351a-4732-857c-4df5d7b4216b.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Additional telemetry for monitor_window_timeout errors [#8385](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/8385)",
+  "packageName": "@azure/msal-common",
+  "email": "thomas.norling@microsoft.com",
+  "dependentChangeType": "patch"
+}

lib/msal-browser/apiReview/msal-browser.api.md

@@ -1501,7 +1501,7 @@ export const version = "5.4.0";
 // Warning: (ae-missing-release-tag) "waitForBridgeResponse" is part of the package's API, but it is missing a release tag (@alpha, @beta, @public, or @internal)
 //
 // @public (undocumented)
-function waitForBridgeResponse(timeoutMs: number, logger: Logger, browserCrypto: ICrypto, request: CommonAuthorizationUrlRequest | CommonEndSessionRequest): Promise<string>;
+function waitForBridgeResponse(timeoutMs: number, logger: Logger, browserCrypto: ICrypto, request: CommonAuthorizationUrlRequest | CommonEndSessionRequest, performanceClient: IPerformanceClient): Promise<string>;
 
 // Warning: (ae-missing-release-tag) "WrapperSKU" is part of the package's API, but it is missing a release tag (@alpha, @beta, @public, or @internal)
 // Warning: (ae-missing-release-tag) "WrapperSKU" is part of the package's API, but it is missing a release tag (@alpha, @beta, @public, or @internal)

lib/msal-browser/src/interaction_client/PopupClient.ts

@@ -372,7 +372,8 @@ export class PopupClient extends StandardInteractionClient {
                     this.config.system.popupBridgeTimeout,
                     this.logger,
                     this.browserCrypto,
-                    request
+                    request,
+                    this.performanceClient
                 );
 
                 const serverParams = invoke(
@@ -501,7 +502,8 @@ export class PopupClient extends StandardInteractionClient {
             this.config.system.popupBridgeTimeout,
             this.logger,
             this.browserCrypto,
-            popupRequest
+            popupRequest,
+            this.performanceClient
         );
 
         const serverParams = invoke(
@@ -629,7 +631,8 @@ export class PopupClient extends StandardInteractionClient {
             this.config.system.popupBridgeTimeout,
             this.logger,
             this.browserCrypto,
-            request
+            request,
+            this.performanceClient
         );
 
         const serverParams = invoke(
@@ -783,7 +786,8 @@ export class PopupClient extends StandardInteractionClient {
                 this.config.system.popupBridgeTimeout,
                 this.logger,
                 this.browserCrypto,
-                validRequest
+                validRequest,
+                this.performanceClient
             ).catch(() => {
                 // Swallow any errors related to monitoring the window. Server logout is best effort
             });

lib/msal-browser/src/interaction_client/SilentIframeClient.ts

@@ -301,7 +301,8 @@ export class SilentIframeClient extends StandardInteractionClient {
             this.config.system.iframeBridgeTimeout,
             this.logger,
             this.browserCrypto,
-            request
+            request,
+            this.performanceClient
         );
 
         const serverParams = invoke(
@@ -466,7 +467,8 @@ export class SilentIframeClient extends StandardInteractionClient {
             this.config.system.iframeBridgeTimeout,
             this.logger,
             this.browserCrypto,
-            request
+            request,
+            this.performanceClient
         );
 
         const serverParams = invoke(

lib/msal-browser/src/interaction_client/StandardInteractionClient.ts

@@ -327,6 +327,16 @@ export async function initializeAuthorizationRequest(
         logger,
         correlationId
     );
+    if (new URL(redirectUri).origin !== new URL(window.location.href).origin) {
+        logger.warning(
+            "The origin of the redirect URI does not match the origin of the current page. This is likely to cause issues with authentication.",
+            correlationId
+        );
+        performanceClient.addFields(
+            { isRedirectUriCrossOrigin: true },
+            correlationId
+        );
+    }
     const browserState: BrowserStateObject = {
         interactionType: interactionType,
     };

lib/msal-browser/src/telemetry/BrowserPerformanceClient.ts

@@ -18,6 +18,7 @@ import { name, version } from "../packageMetadata.js";
 import { BrowserCacheLocation } from "../utils/BrowserConstants.js";
 import * as BrowserCrypto from "../crypto/BrowserCrypto.js";
 import { BROWSER_PERF_ENABLED_KEY } from "../cache/CacheKeys.js";
+import { getNetworkInfo } from "../utils/MsalFrameStatsUtils.js";
 
 /**
  * Returns browser performance measurement module if session flag is enabled. Returns undefined otherwise.
@@ -160,12 +161,15 @@ export class BrowserPerformanceClient
                 error?: unknown,
                 account?: AccountInfo
             ): PerformanceEvent | null => {
+                const networkInfo = getNetworkInfo();
                 const res = inProgressEvent.end(
                     {
                         ...event,
                         startPageVisibility,
                         endPageVisibility: this.getPageVisibility(),
                         durationMs: getPerfDurationMs(startTime),
+                        networkEffectiveType: networkInfo.effectiveType,
+                        networkRtt: networkInfo.rtt,
                     },
                     error,
                     account

lib/msal-browser/src/utils/BrowserUtils.ts

@@ -10,6 +10,7 @@ import {
     UrlUtils,
     RequestParameterBuilder,
     ICrypto,
+    IPerformanceClient,
     Logger,
     CommonAuthorizationUrlRequest,
     CommonEndSessionRequest,
@@ -234,14 +235,24 @@ export async function waitForBridgeResponse(
     timeoutMs: number,
     logger: Logger,
     browserCrypto: ICrypto,
-    request: CommonAuthorizationUrlRequest | CommonEndSessionRequest
+    request: CommonAuthorizationUrlRequest | CommonEndSessionRequest,
+    performanceClient: IPerformanceClient
 ): Promise<string> {
     return new Promise<string>((resolve, reject) => {
         logger.verbose(
             "BrowserUtils.waitForBridgeResponse - started",
             request.correlationId
         );
 
+        const correlationId = request.correlationId;
+
+        performanceClient.addFields(
+            {
+                redirectBridgeTimeoutMs: timeoutMs,
+            },
+            correlationId
+        );
+
         const { libraryState } = ProtocolUtils.parseRequestState(
             browserCrypto.base64Decode,
             request.state || ""
@@ -272,6 +283,18 @@ export async function waitForBridgeResponse(
         channel.onmessage = (event) => {
             responseString = event.data.payload;
 
+            const messageVersion =
+                event?.data && typeof event.data.v === "number"
+                    ? event.data.v
+                    : undefined;
+
+            performanceClient.addFields(
+                {
+                    redirectBridgeMessageVersion: messageVersion,
+                },
+                correlationId
+            );
+
             // Clear the active monitor
             activeBridgeMonitor = null;
 

lib/msal-browser/src/utils/MsalFrameStatsUtils.ts

@@ -5,6 +5,33 @@
 
 import { InProgressPerformanceEvent, Logger } from "@azure/msal-common/browser";
 
+interface NetworkConnection {
+    effectiveType?: string;
+    rtt?: number;
+}
+
+/**
+ * Get network information for telemetry purposes. This is only supported in Chromium-based browsers.
+ * @returns Network connection information, or an empty object if not available.
+ */
+export function getNetworkInfo(): NetworkConnection {
+    if (typeof window === "undefined" || !window.navigator) {
+        return {};
+    }
+    const connection: NetworkConnection | undefined =
+        "connection" in window.navigator
+            ? (
+                  window.navigator as Navigator & {
+                      connection: NetworkConnection;
+                  }
+              ).connection
+            : undefined;
+    return {
+        effectiveType: connection?.effectiveType,
+        rtt: connection?.rtt,
+    };
+}
+
 export function collectInstanceStats(
     currentClientId: string,
     performanceEvent: InProgressPerformanceEvent,

lib/msal-browser/test/interaction_client/PopupClient.spec.ts

@@ -1908,7 +1908,8 @@ describe("PopupClient", () => {
                 5000,
                 clientImpl.logger,
                 clientImpl.browserCrypto,
-                request
+                request,
+                clientImpl.performanceClient
             );
 
             expect(response).toEqual("code=testCode&state=testState");
@@ -1944,7 +1945,8 @@ describe("PopupClient", () => {
                 5000,
                 clientImpl.logger,
                 clientImpl.browserCrypto,
-                request
+                request,
+                clientImpl.performanceClient
             );
 
             expect(response).toEqual("code=authCode&state=testState456");
@@ -1984,7 +1986,8 @@ describe("PopupClient", () => {
                     100,
                     clientImpl.logger,
                     clientImpl.browserCrypto,
-                    request
+                    request,
+                    clientImpl.performanceClient
                 )
             ).rejects.toMatchObject({
                 errorCode: BrowserAuthErrorCodes.timedOut,
@@ -2041,14 +2044,16 @@ describe("PopupClient", () => {
                 5000,
                 clientImpl.logger,
                 clientImpl.browserCrypto,
-                request1
+                request1,
+                clientImpl.performanceClient
             );
 
             const promise2 = BrowserUtils.waitForBridgeResponse(
                 5000,
                 clientImpl.logger,
                 clientImpl.browserCrypto,
-                request2
+                request2,
+                clientImpl.performanceClient
             );
 
             const [response1, response2] = await Promise.all([