Skip to content

Disable ServerTelemetryManager by default #8600

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tnorling wants to merge 7 commits into
base: dev
Choose a base branch
from
Open

Disable ServerTelemetryManager by default #8600

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
881eabd
disable server telemetry
May 21, 2026
0c55eb0
Change files
May 21, 2026
ad6cdc4
address copilot feedback
May 21, 2026
edac352
Merge branch 'dev' into disable-serverTelemetry
tnorling May 26, 2026
7f0b007
Merge branch 'dev' into disable-serverTelemetry
tnorling May 27, 2026
6892c0f
formatting
tnorling May 27, 2026
53048ec
Update e2e tests
tnorling May 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions change/@azure-msal-browser-0c5b4f43-6dec-40eb-8a4d-60a63666c744.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"type": "minor",
"comment": "Disable ServerTelemetryManager by default [#8600](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/8600)",
"packageName": "@azure/msal-browser",
"email": "thomas.norling@microsoft.com",
"dependentChangeType": "patch"
Comment thread
tnorling marked this conversation as resolved.
}
7 changes: 7 additions & 0 deletions change/@azure-msal-common-ac7e7225-f5ff-4376-a86b-b6989215c195.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"type": "minor",
"comment": "Disable ServerTelemetryManager by default [#8600](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/8600)",
"packageName": "@azure/msal-common",
"email": "thomas.norling@microsoft.com",
"dependentChangeType": "patch"
Comment thread
tnorling marked this conversation as resolved.
}
5 changes: 3 additions & 2 deletions lib/msal-browser/apiReview/msal-browser.api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -411,6 +411,7 @@ export type BrowserSystemOptions = SystemOptions & {
allowPlatformBroker?: boolean;
nativeBrokerHandshakeTimeout?: number;
protocolMode?: ProtocolMode;
serverTelemetryEnabled?: boolean;
};

// Warning: (ae-missing-release-tag) "BrowserTelemetryOptions" is part of the package's API, but it is missing a release tag (@alpha, @beta, @public, or @internal)
Expand Down Expand Up @@ -1542,8 +1543,8 @@ export type WrapperSKU = (typeof WrapperSKU)[keyof typeof WrapperSKU];
// src/cache/LocalStorage.ts:366:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
// src/cache/LocalStorage.ts:429:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
// src/cache/LocalStorage.ts:460:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
// src/config/Configuration.ts:217:5 - (ae-incompatible-release-tags) The symbol "experimental" is marked as @public, but its signature references "BrowserExperimentalOptions" which is marked as @internal
// src/config/Configuration.ts:226:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts
// src/config/Configuration.ts:222:5 - (ae-incompatible-release-tags) The symbol "experimental" is marked as @public, but its signature references "BrowserExperimentalOptions" which is marked as @internal
// src/config/Configuration.ts:231:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts
// src/event/EventHandler.ts:116:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
// src/event/EventHandler.ts:143:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
// src/index.ts:8:12 - (tsdoc-characters-after-block-tag) The token "@azure" looks like a TSDoc tag but contains an invalid character "/"; if it is not a tag, use a backslash to escape the "@"
Expand Down
6 changes: 4 additions & 2 deletions lib/msal-browser/docs/configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,8 @@ const msalConfig = {
windowHashTimeout: 60000,
iframeHashTimeout: 6000,
loadFrameTimeout: 0,
protocolMode: "AAD"
protocolMode: "AAD",
serverTelemetryEnabled: false,
},
telemetry: {
application: {
Expand Down Expand Up @@ -104,7 +105,8 @@ See [Caching in MSAL](./caching.md) for more.
| `cryptoOptions` | Config object for crypto operations in the browser. | See [below](#crypto-config-options.) | See [below](#crypto-config-options.) |
| `popupBridgeTimeout` | Timeout in milliseconds to wait for the popup to send its response via BroadcastChannel. If the user closes the popup without completing authentication, `loginPopup` or `acquireTokenPopup` will reject with a `timed_out` error after this timeout. See [Popup closure detection](./login-user.md#popup-closure-detection-and-interactionstatus). | integer (milliseconds) | `60000` |
| `iframeBridgeTimeout` | Timeout in milliseconds to wait for a hidden iframe to send its response via BroadcastChannel during silent token acquisition (`ssoSilent`, `acquireTokenSilent`). If the iframe does not respond within this time, the call will reject with a `timed_out` error. | integer (milliseconds) | `10000` |
| `protocolMode` | Enum representing the protocol mode to use. If `"AAD"`, will function on the OIDC-compliant AAD v2 endpoints; if `"OIDC"`, will function on other OIDC-compliant endpoints.
| `protocolMode` | Enum representing the protocol mode to use. If `"AAD"`, will function on the OIDC-compliant AAD v2 endpoints; if `"OIDC"`, will function on other OIDC-compliant endpoints. | string | `"AAD"` |
| `serverTelemetryEnabled` | Enables MSER server telemetry headers and browser cache writes for failed requests. When `false`, MSAL does not send MSER headers and does not persist server telemetry data to browser storage. This option is deprecated and will be removed in a future release. | boolean | `false` |

#### Logger Config Options

Expand Down
6 changes: 6 additions & 0 deletions lib/msal-browser/src/config/Configuration.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,11 @@ export type BrowserSystemOptions = SystemOptions & {
* Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
*/
protocolMode?: ProtocolMode;
/**
* @deprecated This option will be removed in a future release.
* Flag to enable emitting telemetry to the STS. When disabled, failed requests are not cached to browser storage and x-client-current-telemetry, x-client-last-telemetry parameters are not sent to the STS. Defaults to false.
*/
serverTelemetryEnabled?: boolean;
};

/** @internal */
Expand Down Expand Up @@ -315,6 +320,7 @@ export function buildConfiguration(
userInputSystem?.nativeBrokerHandshakeTimeout ||
DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
protocolMode: ProtocolMode.AAD,
serverTelemetryEnabled: false,
};

const providedSystemOptions: Required<BrowserSystemOptions> = {
Expand Down
13 changes: 12 additions & 1 deletion lib/msal-browser/src/interaction_client/BaseInteractionClient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import {
AccountInfo,
UrlString,
ServerTelemetryManager,
StubServerTelemetryManager,
ServerTelemetryRequest,
createClientConfigurationError,
ClientConfigurationErrorCodes,
Expand Down Expand Up @@ -108,6 +109,7 @@ export function getRedirectUri(
* @param browserStorage - Browser cache manager instance for storing telemetry data
* @param logger - Optional logger instance for verbose logging
* @param forceRefresh - Optional flag to force refresh of telemetry data
* @param enabled - Optional flag to enable or disable server telemetry (default: true for custom_auth flows, false for standard flows)
* @returns Configured ServerTelemetryManager instance
*/
export function initializeServerTelemetryManager(
Expand All @@ -116,9 +118,18 @@ export function initializeServerTelemetryManager(
correlationId: string,
browserStorage: BrowserCacheManager,
logger: Logger,
forceRefresh?: boolean
forceRefresh?: boolean,
enabled: boolean = true
): ServerTelemetryManager {
logger.verbose("initializeServerTelemetryManager called", correlationId);
if (!enabled) {
logger.verbose(
"Server telemetry is disabled in configuration. Skipping telemetry manager initialization.",
correlationId
);
return new StubServerTelemetryManager();
}
Comment thread
tnorling marked this conversation as resolved.

const telemetryPayload: ServerTelemetryRequest = {
clientId: clientId,
correlationId: correlationId,
Expand Down
12 changes: 9 additions & 3 deletions lib/msal-browser/src/interaction_client/PlatformAuthInteractionClient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,9 @@ export class PlatformAuthInteractionClient extends BaseInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);

try {
Expand Down Expand Up @@ -369,7 +371,9 @@ export class PlatformAuthInteractionClient extends BaseInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);
serverTelemetryManager.setNativeBrokerErrorCode(e.errorCode);
if (isFatalNativeAuthError(e)) {
Expand Down Expand Up @@ -472,7 +476,9 @@ export class PlatformAuthInteractionClient extends BaseInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);
serverTelemetryManager.clearNativeBrokerErrorCode();
this.performanceClient?.addFields(
Expand Down
12 changes: 9 additions & 3 deletions lib/msal-browser/src/interaction_client/PopupClient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -298,7 +298,9 @@ export class PopupClient extends StandardInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);

const pkce =
Expand Down Expand Up @@ -533,7 +535,9 @@ export class PopupClient extends StandardInteractionClient {
this.config.auth.clientId,
correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
),
requestAuthority: request.authority,
requestAzureCloudOptions: request.azureCloudOptions,
Expand Down Expand Up @@ -699,7 +703,9 @@ export class PopupClient extends StandardInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);

try {
Expand Down
12 changes: 9 additions & 3 deletions lib/msal-browser/src/interaction_client/RedirectClient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,9 @@ export class RedirectClient extends StandardInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);

const pkceCodes = await invokeAsync(
Expand Down Expand Up @@ -414,7 +416,9 @@ export class RedirectClient extends StandardInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);

const navigateToLoginRequestUrl =
Expand Down Expand Up @@ -815,7 +819,9 @@ export class RedirectClient extends StandardInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);

try {
Expand Down
4 changes: 3 additions & 1 deletion lib/msal-browser/src/interaction_client/SilentAuthCodeClient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,9 @@ export class SilentAuthCodeClient extends StandardInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);

try {
Expand Down
4 changes: 3 additions & 1 deletion lib/msal-browser/src/interaction_client/SilentCacheClient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,9 @@ export class SilentCacheClient extends StandardInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);

const clientConfig = await invokeAsync(
Expand Down
12 changes: 9 additions & 3 deletions lib/msal-browser/src/interaction_client/SilentIframeClient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,9 @@ export class SilentIframeClient extends StandardInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);

try {
Expand Down Expand Up @@ -342,7 +344,9 @@ export class SilentIframeClient extends StandardInteractionClient {
this.config.auth.clientId,
correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
),
requestAuthority: request.authority,
requestAzureCloudOptions: request.azureCloudOptions,
Expand Down Expand Up @@ -436,7 +440,9 @@ export class SilentIframeClient extends StandardInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
),
requestAuthority: silentRequest.authority,
requestAzureCloudOptions: silentRequest.azureCloudOptions,
Expand Down
4 changes: 3 additions & 1 deletion lib/msal-browser/src/interaction_client/SilentRefreshClient.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,9 @@ export class SilentRefreshClient extends StandardInteractionClient {
this.config.auth.clientId,
this.correlationId,
this.browserStorage,
this.logger
this.logger,
undefined,
this.config.system.serverTelemetryEnabled
);

const refreshTokenClient = await this.createRefreshTokenClient({
Expand Down
6 changes: 6 additions & 0 deletions lib/msal-browser/test/app/PublicClientApplication.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5757,6 +5757,9 @@ describe("PublicClientApplication.ts Class Unit Tests", () => {
});

it("throws error that SilentFlowClient.acquireToken() throws", async () => {
// Enable server telemetry so cacheFailedRequest writes to storage
//@ts-ignore
pca.config.system.serverTelemetryEnabled = true;
const testError: AuthError = new AuthError(
"create_login_url_error",
"Error in creating a login url"
Expand Down Expand Up @@ -5800,6 +5803,9 @@ describe("PublicClientApplication.ts Class Unit Tests", () => {
});

it("throws error that SilentFlowClient.acquireToken() throws when making parallel requests", async () => {
// Enable server telemetry so cacheFailedRequest writes to storage
//@ts-ignore
pca.config.system.serverTelemetryEnabled = true;
const testError: AuthError = new AuthError(
"create_login_url_error",
"Error in creating a login url"
Expand Down
19 changes: 19 additions & 0 deletions lib/msal-browser/test/config/Configuration.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,25 @@ describe("Configuration.ts Class Unit Tests", () => {
expect(emptyConfig.system?.allowPlatformBroker).toBe(false);
});

it("serverTelemetryEnabled defaults to false", () => {
const config = buildConfiguration(
{ auth: { clientId: TEST_CONFIG.MSAL_CLIENT_ID } },
true
);
expect(config.system.serverTelemetryEnabled).toBe(false);
});

it("sets serverTelemetryEnabled to passed in true value", () => {
const config = buildConfiguration(
{
auth: { clientId: TEST_CONFIG.MSAL_CLIENT_ID },
system: { serverTelemetryEnabled: true },
},
true
);
expect(config.system.serverTelemetryEnabled).toBe(true);
});

it("sets allowPlatformBroker to passed in true value", () => {
const config: Configuration = buildConfiguration(
{
Expand Down
20 changes: 20 additions & 0 deletions lib/msal-browser/test/interaction_client/PlatformAuthInteractionClient.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1110,6 +1110,10 @@ describe("PlatformAuthInteractionClient Tests", () => {
});

it("does not set native broker error to server telemetry", async () => {
// Enable server telemetry so telemetry data is written to storage
//@ts-ignore
platformAuthInteractionClient.config.system.serverTelemetryEnabled =
true;
jest.spyOn(
PlatformAuthExtensionHandler.prototype,
"sendMessage"
Expand All @@ -1134,6 +1138,10 @@ describe("PlatformAuthInteractionClient Tests", () => {
});

it("sets native broker error to server telemetry", async () => {
// Enable server telemetry so telemetry data is written to storage
//@ts-ignore
platformAuthInteractionClient.config.system.serverTelemetryEnabled =
true;
jest.spyOn(
PlatformAuthExtensionHandler.prototype,
"sendMessage"
Expand Down Expand Up @@ -1162,6 +1170,10 @@ describe("PlatformAuthInteractionClient Tests", () => {
});

it("resets native broker error in server telemetry", async () => {
// Enable server telemetry so telemetry data is written to storage
//@ts-ignore
platformAuthInteractionClient.config.system.serverTelemetryEnabled =
true;
const sendMessageStub = jest
.spyOn(PlatformAuthExtensionHandler.prototype, "sendMessage")
.mockImplementation();
Expand Down Expand Up @@ -1423,6 +1435,10 @@ describe("PlatformAuthInteractionClient Tests", () => {
});

it("sets native broker error to server telemetry", (done) => {
// Enable server telemetry so telemetry data is written to storage
//@ts-ignore
platformAuthInteractionClient.config.system.serverTelemetryEnabled =
true;
jest.spyOn(
NavigationClient.prototype,
"navigateExternal"
Expand Down Expand Up @@ -1458,6 +1474,10 @@ describe("PlatformAuthInteractionClient Tests", () => {
});

it("resets native broker error in server telemetry", async () => {
// Enable server telemetry so telemetry data is written to storage
//@ts-ignore
platformAuthInteractionClient.config.system.serverTelemetryEnabled =
true;
jest.spyOn(
NavigationClient.prototype,
"navigateExternal"
Expand Down
6 changes: 6 additions & 0 deletions lib/msal-browser/test/interaction_client/PopupClient.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -867,6 +867,9 @@ describe("PopupClient", () => {
});

it("catches error and cleans cache before rethrowing", async () => {
// Enable server telemetry so cacheFailedRequest writes to storage
//@ts-ignore
popupClient.config.system.serverTelemetryEnabled = true;
const testError: AuthError = new AuthError(
"create_login_url_error",
"Error in creating a login url"
Expand Down Expand Up @@ -1136,6 +1139,9 @@ describe("PopupClient", () => {
});

it("catches error and cleans cache before rethrowing", async () => {
// Enable server telemetry so cacheFailedRequest writes to storage
//@ts-ignore
popupClient.config.system.serverTelemetryEnabled = true;
const testError: AuthError = new AuthError(
"create_logout_url_error",
"Error in creating a logout url"
Expand Down
Loading
Loading