Skip to content

[correlationId] Make correlationId a required parameter on AuthError constructors (breaking)#8609

Open
sameerag wants to merge 19 commits into
devfrom
correlationId-in-errorpath
Open

[correlationId] Make correlationId a required parameter on AuthError constructors (breaking)#8609
sameerag wants to merge 19 commits into
devfrom
correlationId-in-errorpath

Conversation

@sameerag
Copy link
Copy Markdown
Member

@sameerag sameerag commented May 27, 2026
edited
Loading

Summary

** Makes correlationId a required parameter on the AuthError constructor (and all subclass error constructors) across every MSAL package. This ensures thrown errors carry correlation context consistently for telemetry and debugging.

Previously correlationId was attached after construction via setCorrelationId(), which was inconsistently called. That helper is removed; the value is now required at construction.

Scope of this PR

This PR now serves as the single consolidated PR for the correlationId error propagation work (instead of the original stacked split).

Changes

@azure/msal-common

  • AuthError constructor signature changed from (errorCode, errorMessage?, suberror?) to (errorCode, correlationId, errorMessage?, suberror?).
  • All subclasses updated: ClientAuthError, ClientConfigurationError, InteractionRequiredAuthError, ServerError, JoseHeaderError, NetworkError, CacheError.
  • setCorrelationId() removed.
  • Error helper signatures and call sites updated to pass correlationId (or "" where not yet in scope).
  • API review file regenerated to reflect new public signatures.

@azure/msal-browser

  • Updated error construction paths to pass required correlationId.
  • Native auth error translation updated and test coverage expanded for correlationId propagation.

@azure/msal-node, @azure/msal-node-extensions, @azure/msal-react, @azure/msal-angular

  • Mechanical fan-out: error throw paths updated to pass correlationId (or "" where not in scope).

Change files

  • Major version bump change files included for affected packages.

Migration

// Before
throw new AuthError("my_code", "my message");
err.setCorrelationId(corrId);

// After
throw new AuthError("my_code", corrId, "my message");

@sameerag
Propagate correlationId through error creation helpers
fc926ef 
Adds an optional correlationId parameter to createAuthError, createClientAuthError, createClientConfigurationError, createInteractionRequiredAuthError, createBrowserAuthError, createBrowserConfigurationAuthError, and createNativeAuthError. Updates msal-browser and msal-common call sites to forward the current request correlationId so thrown errors carry it for telemetry/debugging.
Copilot AI review requested due to automatic review settings May 27, 2026 06:55
@sameerag sameerag requested a review from a team as a code owner May 27, 2026 06:55
Copilot AI reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves MSAL telemetry/debuggability by propagating the current request correlationId into errors created via msal-common/msal-browser error factory helpers, and updates internal throw sites and unit tests accordingly.

Changes:

  • Add optional correlationId parameters to several error creation helpers and forward correlationId at key throw sites.
  • Update native broker error translation (createNativeAuthError) to apply correlationId across translated error types.
  • Add/extend unit tests to verify correlationId behavior for updated helpers.

Reviewed changes

Copilot reviewed 26 out of 26 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
lib/msal-common/test/error/InteractionRequiredAuthError.spec.ts Adds tests asserting correlationId behavior for interaction-required error factory.
lib/msal-common/test/error/ClientConfigurationError.spec.ts Adds tests asserting correlationId behavior for client configuration error factory.
lib/msal-common/test/error/ClientAuthError.spec.ts Adds tests asserting correlationId behavior for client auth error factory.
lib/msal-common/test/error/AuthError.spec.ts Adds tests asserting correlationId behavior for base auth error factory.
lib/msal-common/src/error/InteractionRequiredAuthError.ts Extends interaction-required error factory signature to accept correlationId.
lib/msal-common/src/error/ClientConfigurationError.ts Extends configuration error factory signature to accept/set correlationId.
lib/msal-common/src/error/ClientAuthError.ts Extends client auth error factory signature to accept/set correlationId.
lib/msal-common/src/error/AuthError.ts Extends base auth error factory signature to accept/set correlationId.
lib/msal-common/src/client/SilentFlowClient.ts Forwards request.correlationId when throwing client auth errors.
lib/msal-common/src/client/RefreshTokenClient.ts Forwards request.correlationId when throwing interaction-required errors.
lib/msal-common/src/client/AuthorizationCodeClient.ts Forwards request.correlationId when throwing client/configuration errors.
lib/msal-browser/test/error/NativeAuthError.spec.ts Adds tests asserting correlationId is preserved on translated native errors.
lib/msal-browser/test/error/BrowserConfigurationAuthError.spec.ts Adds tests asserting correlationId behavior for browser configuration error factory.
lib/msal-browser/test/error/BrowserAuthError.spec.ts Adds tests asserting correlationId behavior for browser auth error factory.
lib/msal-browser/src/interaction_client/SilentAuthCodeClient.ts Forwards correlationId into thrown browser auth errors.
lib/msal-browser/src/interaction_client/PopupClient.ts Forwards correlationId into thrown browser auth errors in popup flows.
lib/msal-browser/src/interaction_client/PlatformAuthInteractionClient.ts Forwards correlationId into thrown common/browser errors in platform auth flows.
lib/msal-browser/src/interaction_client/BaseInteractionClient.ts Forwards correlationId into thrown common configuration errors.
lib/msal-browser/src/error/NativeAuthError.ts Extends native error translation to accept/apply correlationId.
lib/msal-browser/src/error/BrowserConfigurationAuthError.ts Extends browser configuration error factory to accept/set correlationId.
lib/msal-browser/src/error/BrowserAuthError.ts Extends browser auth error factory to accept/set correlationId.
lib/msal-browser/src/controllers/StandardController.ts Forwards correlationId into thrown common/browser errors in controller paths.
lib/msal-browser/src/broker/nativeBroker/PlatformAuthExtensionHandler.ts Forwards correlationId when translating/throwing native and auth errors.
lib/msal-browser/src/broker/nativeBroker/PlatformAuthDOMHandler.ts Forwards correlationId when translating/throwing native and auth errors.
change/@azure-msal-common-151e2ba1-220e-4a47-a4dc-e421d262da2a.json Adds patch changefile for msal-common.
change/@azure-msal-browser-7c559b7a-066d-486b-b68f-4b4359e3f053.json Adds patch changefile for msal-browser.

Comment thread lib/msal-common/src/error/AuthError.ts
Comment on lines 62 to 66
export function createAuthError(
code: string,
additionalMessage?: string
additionalMessage?: string,
correlationId?: string
): AuthError {
Comment thread lib/msal-common/src/error/InteractionRequiredAuthError.ts
Comment thread lib/msal-browser/src/error/NativeAuthError.ts
Comment thread change/@azure-msal-common-151e2ba1-220e-4a47-a4dc-e421d262da2a.json Outdated
Comment thread change/@azure-msal-browser-7c559b7a-066d-486b-b68f-4b4359e3f053.json Outdated
Comment thread lib/msal-browser/test/error/NativeAuthError.spec.ts
tnorling
tnorling reviewed May 27, 2026
View reviewed changes
Comment thread lib/msal-common/src/error/AuthError.ts Outdated
sameerag added 7 commits May 27, 2026 14:01
@sameerag
Make correlationId a required parameter in msal-common error construc…
263c3eb 
…tors

Breaking change: correlationId is now a mandatory positional parameter
(position 2, before optional errorMessage/additionalMessage) on:
  - AuthError, ClientAuthError, ClientConfigurationError
  - InteractionRequiredAuthError, ServerError
  - JoseHeaderError, PlatformBrokerError

The setCorrelationId() method has been removed from AuthError. Callers
should assign to the public correlationId field directly if they need
to set it after construction.

All factory functions (createAuthError, createClientAuthError,
createClientConfigurationError, createInteractionRequiredAuthError,
createJoseHeaderError) now require correlationId as the second argument.
@sameerag
Refactor msal-browser to use mandatory correlationId in errors
726b54c
@sameerag
msal-node: mandatory correlationId in error constructors
840a5c2
@sameerag
msal-node-extensions: mandatory correlationId in error constructors
777bfc0
@sameerag
msal-react: mandatory correlationId in error constructors
575bc89
@sameerag
msal-angular: mandatory correlationId in error constructors
75b06b0
@sameerag
Add changefiles for correlationId breaking change; bump types; remove…
2203613 
… stray file
Copy link
Copy Markdown
Contributor

Copilot AI commented May 30, 2026

@copilot Is the format fixed?

Yes—it's fixed. The stack format is [correlationId X/4] ..., and the four PRs are #8609, #8616, #8617, and #8618.

@sameerag
Copy link
Copy Markdown
Member Author

sameerag commented Jun 1, 2026

@copilot What are these outstanding changes?

Copy link
Copy Markdown
Contributor

Copilot AI commented Jun 1, 2026

@copilot What are these outstanding changes?

Only one code-review item is still outstanding on this PR: updating lib/msal-common/apiReview/msal-common.api.md to reflect the new correlationId-aware factory signatures. The other review comments in this PR thread are resolved. The remaining broader correlationId follow-up work is in the stacked PRs #8616, #8617, and #8618.

@sameerag
Copy link
Copy Markdown
Member Author

sameerag commented Jun 1, 2026

@copilot On the local branch I mean

Copy link
Copy Markdown
Contributor

Copilot AI commented Jun 1, 2026

@copilot On the local branch I mean

Locally there are no outstanding uncommitted changes right now — working tree is clean on copilot/fix-8609 (git status shows nothing to commit). The latest local commits are already the PR updates (including fb5d618 for msal-common.api.md and 2679024 for NativeAuthError test coverage).

@sameerag
Copy link
Copy Markdown
Member Author

sameerag commented Jun 1, 2026

@copilot Can we please collapse all PRs into one, as the changes are still many and would like a central place to handle all of them?

Copy link
Copy Markdown
Contributor

Copilot AI commented Jun 1, 2026

@copilot Can we please collapse all PRs into one, as the changes are still many and would like a central place to handle all of them?

Yes — we can consolidate. I can stop the stacked approach and put the remaining correlationId changes into this single PR so there’s one central place to review. I can’t merge/close PRs directly from here, so once we move the remaining changes here, please close the other stacked PRs.

@sameerag
Copy link
Copy Markdown
Member Author

sameerag commented Jun 1, 2026

@copilot Have you checked it in and made the changes in the PR notes + change files?

Copy link
Copy Markdown
Contributor

Copilot AI commented Jun 1, 2026

@copilot Have you checked it in and made the changes in the PR notes + change files?

Code/check-ins are done, and the change files are updated (including the #8609 link format). PR notes are not yet updated to remove the old stacked/TBD wording — that still needs to be adjusted in the PR description text.

@sameerag
Copy link
Copy Markdown
Member Author

sameerag commented Jun 1, 2026

@copilot Can we update the PR description please?

Copy link
Copy Markdown
Contributor

Copilot AI commented Jun 1, 2026

@copilot Can we update the PR description please?

Yes — I can prepare the updated text right away. I don’t have a direct tool here to edit the PR body itself, so please paste this updated description into the PR notes and I’ll keep subsequent updates aligned to it:

Summary

Breaking change. Makes correlationId a required parameter on the AuthError constructor (and all subclass error constructors) across every MSAL package. This ensures thrown errors carry correlation context consistently for telemetry and debugging.

Previously correlationId was attached after construction via setCorrelationId(), which was inconsistently called. That helper is removed; the value is now required at construction.

Scope of this PR

This PR now serves as the single consolidated PR for the correlationId error propagation work (instead of the original stacked split).

Changes

@azure/msal-common

  • AuthError constructor signature changed from (errorCode, errorMessage?, suberror?) to (errorCode, correlationId, errorMessage?, suberror?).
  • All subclasses updated: ClientAuthError, ClientConfigurationError, InteractionRequiredAuthError, ServerError, JoseHeaderError, NetworkError, CacheError.
  • setCorrelationId() removed.
  • Error helper signatures and call sites updated to pass correlationId (or "" where not yet in scope).
  • API review file regenerated to reflect new public signatures.

@azure/msal-browser

  • Updated error construction paths to pass required correlationId.
  • Native auth error translation updated and test coverage expanded for correlationId propagation.

@azure/msal-node, @azure/msal-node-extensions, @azure/msal-react, @azure/msal-angular

  • Mechanical fan-out: error throw paths updated to pass correlationId (or "" where not in scope).

Change files

  • Major version bump change files included for affected packages.

Migration

// Before
throw new AuthError("my_code", "my message");
err.setCorrelationId(corrId);

// After
throw new AuthError("my_code", corrId, "my message");

Copilot AI changed the title [correlationId 1/4] Make correlationId a required parameter on AuthError constructors (breaking) [correlationId] Make correlationId a required parameter on AuthError constructors (breaking) Jun 1, 2026
@sameerag
Copy link
Copy Markdown
Member Author

sameerag commented Jun 1, 2026

@copilot Can we close the remaining PRs?

Copy link
Copy Markdown
Contributor

Copilot AI commented Jun 1, 2026

@copilot Can we close the remaining PRs?

I can’t close PRs directly from this environment. Please close #8616, #8617, and #8618 from GitHub UI, and I’ll keep all remaining correlationId updates consolidated in this PR.

Copilot stopped work on behalf of sameerag due to an error June 2, 2026 22:59
The session was cancelled by the user.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tnorling tnorling tnorling left review comments

Copilot code review Copilot Copilot left review comments

@shenj shenj Awaiting requested review from shenj shenj is a code owner

@yongdiw yongdiw Awaiting requested review from yongdiw yongdiw is a code owner

@nilo-ms nilo-ms Awaiting requested review from nilo-ms nilo-ms is a code owner

@spetrescu84 spetrescu84 Awaiting requested review from spetrescu84 spetrescu84 is a code owner

@mustafamizrak mustafamizrak Awaiting requested review from mustafamizrak mustafamizrak is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sameerag @tnorling