- Move auth error messages out of the bundle

Author: konstantin-msft

lib/msal-browser/docs/errors.md

@@ -7,107 +7,12 @@ import { AuthError } from "@azure/msal-common/browser";
 import * as BrowserAuthErrorCodes from "./BrowserAuthErrorCodes.js";
 export { BrowserAuthErrorCodes }; // Allow importing as "BrowserAuthErrorCodes"
 
-const ErrorLink = "For more visit: aka.ms/msaljs/browser-errors";
-
-/**
- * BrowserAuthErrorMessage class containing string constants used by error codes and messages.
- */
-export const BrowserAuthErrorMessages = {
-    [BrowserAuthErrorCodes.pkceNotCreated]:
-        "The PKCE code challenge and verifier could not be generated.",
-    [BrowserAuthErrorCodes.earJwkEmpty]:
-        "No EAR encryption key provided. This is unexpected.",
-    [BrowserAuthErrorCodes.earJweEmpty]:
-        "Server response does not contain ear_jwe property. This is unexpected.",
-    [BrowserAuthErrorCodes.cryptoNonExistent]:
-        "The crypto object or function is not available.",
-    [BrowserAuthErrorCodes.emptyNavigateUri]:
-        "Navigation URI is empty. Please check stack trace for more info.",
-    [BrowserAuthErrorCodes.hashEmptyError]: `Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. ${ErrorLink}`,
-    [BrowserAuthErrorCodes.noStateInHash]:
-        "Hash does not contain state. Please verify that the request originated from msal.",
-    [BrowserAuthErrorCodes.hashDoesNotContainKnownProperties]: `Hash does not contain known properites. Please verify that your redirectUri is not changing the hash.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.unableToParseState]:
-        "Unable to parse state. Please verify that the request originated from msal.",
-    [BrowserAuthErrorCodes.stateInteractionTypeMismatch]:
-        "Hash contains state but the interaction type does not match the caller.",
-    [BrowserAuthErrorCodes.interactionInProgress]: `Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API.   ${ErrorLink}`,
-    [BrowserAuthErrorCodes.popupWindowError]:
-        "Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.",
-    [BrowserAuthErrorCodes.emptyWindowError]:
-        "window.open returned null or undefined window object.",
-    [BrowserAuthErrorCodes.userCancelled]: "User cancelled the flow.",
-    [BrowserAuthErrorCodes.monitorPopupTimeout]: `Token acquisition in popup failed due to timeout.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.monitorWindowTimeout]: `Token acquisition in iframe failed due to timeout.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.redirectInIframe]:
-        "Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.",
-    [BrowserAuthErrorCodes.blockIframeReload]: `Request was blocked inside an iframe because MSAL detected an authentication response.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.blockNestedPopups]:
-        "Request was blocked inside a popup because MSAL detected it was running in a popup.",
-    [BrowserAuthErrorCodes.iframeClosedPrematurely]:
-        "The iframe being monitored was closed prematurely.",
-    [BrowserAuthErrorCodes.silentLogoutUnsupported]:
-        "Silent logout not supported. Please call logoutRedirect or logoutPopup instead.",
-    [BrowserAuthErrorCodes.noAccountError]:
-        "No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.",
-    [BrowserAuthErrorCodes.silentPromptValueError]:
-        "The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.",
-    [BrowserAuthErrorCodes.noTokenRequestCacheError]:
-        "No token request found in cache.",
-    [BrowserAuthErrorCodes.unableToParseTokenRequestCacheError]:
-        "The cached token request could not be parsed.",
-    [BrowserAuthErrorCodes.authRequestNotSetError]:
-        "Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler",
-    [BrowserAuthErrorCodes.invalidCacheType]: "Invalid cache type",
-    [BrowserAuthErrorCodes.nonBrowserEnvironment]:
-        "Login and token requests are not supported in non-browser environments.",
-    [BrowserAuthErrorCodes.databaseNotOpen]: "Database is not open!",
-    [BrowserAuthErrorCodes.noNetworkConnectivity]:
-        "No network connectivity. Check your internet connection.",
-    [BrowserAuthErrorCodes.postRequestFailed]:
-        "Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'",
-    [BrowserAuthErrorCodes.getRequestFailed]:
-        "Network request failed. Please check the network trace to determine root cause.",
-    [BrowserAuthErrorCodes.failedToParseResponse]:
-        "Failed to parse network response. Check network trace.",
-    [BrowserAuthErrorCodes.unableToLoadToken]: "Error loading token to cache.",
-    [BrowserAuthErrorCodes.cryptoKeyNotFound]:
-        "Cryptographic Key or Keypair not found in browser storage.",
-    [BrowserAuthErrorCodes.authCodeRequired]:
-        "An authorization code must be provided (as the `code` property on the request) to this flow.",
-    [BrowserAuthErrorCodes.authCodeOrNativeAccountIdRequired]:
-        "An authorization code or nativeAccountId must be provided to this flow.",
-    [BrowserAuthErrorCodes.spaCodeAndNativeAccountIdPresent]:
-        "Request cannot contain both spa code and native account id.",
-    [BrowserAuthErrorCodes.databaseUnavailable]:
-        "IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.",
-    [BrowserAuthErrorCodes.unableToAcquireTokenFromNativePlatform]: `Unable to acquire token from native platform.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.nativeHandshakeTimeout]:
-        "Timed out while attempting to establish connection to browser extension",
-    [BrowserAuthErrorCodes.nativeExtensionNotInstalled]:
-        "Native extension is not installed. If you think this is a mistake call the initialize function.",
-    [BrowserAuthErrorCodes.nativeConnectionNotEstablished]: `Connection to native platform has not been established. Please install a compatible browser extension and run initialize().  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.uninitializedPublicClientApplication]: `You must call and await the initialize function before attempting to call any other MSAL API.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.nativePromptNotSupported]:
-        "The provided prompt is not supported by the native platform. This request should be routed to the web based flow.",
-    [BrowserAuthErrorCodes.invalidBase64String]:
-        "Invalid base64 encoded string.",
-    [BrowserAuthErrorCodes.invalidPopTokenRequest]:
-        "Invalid PoP token request. The request should not have both a popKid value and signPopToken set to true.",
-    [BrowserAuthErrorCodes.failedToBuildHeaders]:
-        "Failed to build request headers object.",
-    [BrowserAuthErrorCodes.failedToParseHeaders]:
-        "Failed to parse response headers",
-    [BrowserAuthErrorCodes.failedToDecryptEarResponse]:
-        "Failed to decrypt ear response",
-};
-
 /**
  * Browser library error class thrown by the MSAL.js library for SPAs
  */
 export class BrowserAuthError extends AuthError {
     constructor(errorCode: string, subError?: string) {
-        super(errorCode, BrowserAuthErrorMessages[errorCode], subError);
+        super(errorCode, `See https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/errors.md#${errorCode} for details`, subError);
 
         Object.setPrototypeOf(this, BrowserAuthError.prototype);
         this.name = "BrowserAuthError";

lib/msal-browser/src/error/BrowserAuthError.ts

@@ -6,16 +6,6 @@
 import { AuthError } from "@azure/msal-common/browser";
 import * as BrowserConfigurationAuthErrorCodes from "./BrowserConfigurationAuthErrorCodes.js";
 export { BrowserConfigurationAuthErrorCodes };
-
-export const BrowserConfigurationAuthErrorMessages = {
-    [BrowserConfigurationAuthErrorCodes.storageNotSupported]:
-        "Given storage configuration option was not supported.",
-    [BrowserConfigurationAuthErrorCodes.stubbedPublicClientApplicationCalled]:
-        "Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors",
-    [BrowserConfigurationAuthErrorCodes.inMemRedirectUnavailable]:
-        "Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true.",
-};
-
 /**
  * Browser library error class thrown by the MSAL.js library for SPAs
  */
@@ -32,7 +22,6 @@ export function createBrowserConfigurationAuthError(
     errorCode: string
 ): BrowserConfigurationAuthError {
     return new BrowserConfigurationAuthError(
-        errorCode,
-        BrowserConfigurationAuthErrorMessages[errorCode]
+        errorCode
     );
 }

lib/msal-browser/src/error/BrowserConfigurationAuthError.ts

@@ -28,11 +28,6 @@ export type OSError = {
 
 const INVALID_METHOD_ERROR = -2147186943;
 
-export const NativeAuthErrorMessages = {
-    [NativeAuthErrorCodes.userSwitch]:
-        "User attempted to switch accounts in the native broker, which is not allowed. All new accounts must sign-in through the standard web flow first, please try again.",
-};
-
 export class NativeAuthError extends AuthError {
     ext: OSError | undefined;
 
@@ -107,7 +102,7 @@ export function createNativeAuthError(
 
     return new NativeAuthError(
         code,
-        NativeAuthErrorMessages[code] || description,
+        description,
         ext
     );
 }

lib/msal-browser/src/error/NativeAuthError.ts

@@ -5,3 +5,4 @@
 
 export const contentError = "ContentError";
 export const userSwitch = "user_switch";
+export const unsupportedMethod = "unsupported_method";

lib/msal-browser/src/error/NativeAuthErrorCodes.ts

@@ -4,16 +4,7 @@
  */
 
 import { AuthError } from "@azure/msal-common/browser";
-
-/**
- * NestedAppAuthErrorMessage class containing string constants used by error codes and messages.
- */
-export const NestedAppAuthErrorMessage = {
-    unsupportedMethod: {
-        code: "unsupported_method",
-        desc: "This method is not supported in nested app environment.",
-    },
-};
+import { unsupportedMethod } from "./NativeAuthErrorCodes.js";
 
 export class NestedAppAuthError extends AuthError {
     constructor(errorCode: string, errorMessage?: string) {
@@ -25,8 +16,7 @@ export class NestedAppAuthError extends AuthError {
 
     public static createUnsupportedError(): NestedAppAuthError {
         return new NestedAppAuthError(
-            NestedAppAuthErrorMessage.unsupportedMethod.code,
-            NestedAppAuthErrorMessage.unsupportedMethod.desc
+            unsupportedMethod
         );
     }
 }

lib/msal-browser/src/error/NestedAppAuthError.ts

@@ -110,13 +110,10 @@ export {
     // Error
     AuthError,
     AuthErrorCodes,
-    AuthErrorMessages,
     ClientAuthError,
     ClientAuthErrorCodes,
-    ClientAuthErrorMessages,
     ClientConfigurationError,
     ClientConfigurationErrorCodes,
-    ClientConfigurationErrorMessages,
     InteractionRequiredAuthError,
     InteractionRequiredAuthErrorCodes,
     ServerError,