[Bug] If client_info is invalid, throw exception

[bgavrilMS]

Library version used

4.63.1

.NET version

9

Scenario

ConfidentialClient - web site (AcquireTokenByAuthCode)

Is this a new or an existing app?

This is a new app or experiment

Issue description and reproduction steps

1. Use an IdP which returns a client_info, but instead of the expected format (base64url encoded version of {"uid": , "utid": "} it returns a bad value like "foo".

Actual: MSAL incorrectly ignores the bad format and returns a result with a bad AccountID

Expected: an exception stating that the Identity Provider sends incorrect values.

Relevant code snippets

No response

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

No response

[rayluo]

1. Use an IdP which returns a client_info, but instead of the expected format (base64url encoded version of {"uid": , "utid": "} it returns a bad value like "foo".

Actual: MSAL incorrectly ignores the bad format and returns a result with a bad AccountID

Expected: an exception stating that the Identity Provider sends incorrect values.

Good to know. The current behavior was probably caused by an overly aggressive exception handling, thus should be an easy fix for MSAL .Net.

But how do we want the fix to be? Does the new "exception stating that the Identity Provider sends incorrect values" have to be a specific one such as WrongClientInfo (which might then imply other MSALs would need to follow suit)? The status quo in other MSALs is presumably just throwing a default exception such as json decode error. I suppose that is fine, because it is rare.

[bgavrilMS]

Won't fix