-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add first order broker parameters #7348
Conversation
konstantin-msft
commented
Sep 27, 2024
•
edited
Loading
edited
- Add first order embedded client id parameter.
- Instrument embedded client id and embedded redirect uri.
- Default redirect uri to the current page in auth config.
1feef7c
to
ff65f71
Compare
14cec29
to
feb1025
Compare
7424edf
to
a2e6af9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the changes. Approved.
@@ -274,6 +275,7 @@ function buildAuthOptions(authOptions: AuthOptions): Required<AuthOptions> { | |||
azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS, | |||
skipAuthorityMetadataCache: false, | |||
instanceAware: false, | |||
redirectUri: "https://localhost", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should not be using or defaulting to localhost here - suggest making redirectUri required on the AuthOptions object to avoid
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Made redirectUri
mandatory in msal-common and update msal-browser and msal-node accordingly.
e66460d
to
abe3cb8
Compare
b3e38fa
to
db921b7
Compare
- Instrument embedded client id.
db921b7
to
0f9eb68
Compare
// generate the correlationId if not set by the user and add | ||
const correlationId = | ||
request.correlationId || | ||
this.config.cryptoInterface.createNewGuid(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is correlationId not a required param on request
? CorrelationId should have long been generated by the time we reach this point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be a required param as CommonAuthorizationUrlRequest
extends BaseAuthRequest
. I moved this piece from here. Not sure if this.config.cryptoInterface.createNewGuid()
was added on purpose or just copy-pasted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. This is likely leftover from a time when correlationId was still optional. This would be a good opportunity to clean it up if we're moving it.