From 0cb830576e690fceae0bdf475754119bd4dad8c8 Mon Sep 17 00:00:00 2001 From: joarroyo Date: Fri, 11 Apr 2025 20:44:45 -0700 Subject: [PATCH 01/10] Deprecate temporaryCacheLocation --- lib/msal-browser/docs/caching.md | 3 +++ lib/msal-browser/src/config/Configuration.ts | 2 ++ 2 files changed, 5 insertions(+) diff --git a/lib/msal-browser/docs/caching.md b/lib/msal-browser/docs/caching.md index 0661f06c5b..c93368fa49 100644 --- a/lib/msal-browser/docs/caching.md +++ b/lib/msal-browser/docs/caching.md @@ -71,6 +71,9 @@ To faciliate efficient token acquisition while maintaining a good UX, MSAL cache > :bulb: The authorization code is only stored in memory and will be discarded after redeeming it for tokens. ## Warning :warning: + +**NOTE: `temporaryCacheLocation` is deprecated as of MSAL v5 and will be removed in a future release.** + Overriding `temporaryCacheLocation` should be done with caution. Specifically when choosing `localStorage`. Interaction in more than one tab/window will not be supported and you may receive `interaction_in_progress` errors unexpectedly. This is an escape hatch, not a fully supported feature. When using MSAL.js with the default configuration in a scenario where the user is redirected after successful authentication in a new window or tab, the OAuth 2.0 Authorization Code with PKCE flow will be interrupted. In this case, the original window or tab where the authentication state (code verifier and challenge) are stored, will be lost, and the authentication flow will fail. diff --git a/lib/msal-browser/src/config/Configuration.ts b/lib/msal-browser/src/config/Configuration.ts index dbf839f1e4..e04e7b98a5 100644 --- a/lib/msal-browser/src/config/Configuration.ts +++ b/lib/msal-browser/src/config/Configuration.ts @@ -122,6 +122,8 @@ export type CacheOptions = { */ cacheLocation?: BrowserCacheLocation | string; /** + * @deprecated + * temporaryCacheLocation is deprecated and will be removed in a future release. * Used to specify the temporaryCacheLocation user wants to set. Valid values are "localStorage", "sessionStorage" and "memoryStorage". */ temporaryCacheLocation?: BrowserCacheLocation | string; From becbd55154cf8b8f05ebdace656d0aa538c1699a Mon Sep 17 00:00:00 2001 From: joarroyo Date: Sat, 12 Apr 2025 12:13:12 -0700 Subject: [PATCH 02/10] Remove storeAuthStateInCookie --- .github/ISSUE_TEMPLATE/bug_report.yml | 1 - lib/msal-angular/docs/configuration.md | 3 - lib/msal-angular/docs/events.md | 1 - lib/msal-angular/docs/initialization.md | 2 - lib/msal-browser/docs/configuration.md | 2 - .../src/cache/BrowserCacheManager.ts | 30 -- lib/msal-browser/src/config/Configuration.ts | 5 - .../src/controllers/StandardController.ts | 1 - .../error/BrowserConfigurationAuthError.ts | 2 +- lib/msal-browser/src/utils/BrowserUtils.ts | 5 +- .../test/app/PublicClientApplication.spec.ts | 5 +- .../test/cache/BrowserCacheManager.spec.ts | 313 ------------------ .../test/cache/TokenCache.spec.ts | 1 - .../test/config/Configuration.spec.ts | 5 - .../interaction_client/RedirectClient.spec.ts | 1 - .../authConfigs/aadAuthConfig.json | 9 +- .../authConfigs/aadMultiTenantAuthConfig.json | 13 +- .../authConfigs/aadTenantedAuthConfig.json | 9 +- .../authConfigs/b2cAuthConfig.json | 13 +- .../authConfigs/localStorageAuthConfig.json | 9 +- .../authConfigs/memStorageAuthConfig.json | 9 +- .../react-router-sample/README.md | 4 - 22 files changed, 39 insertions(+), 404 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 8ee6733c52..c1eebb8ecd 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -109,7 +109,6 @@ body: }, cache: { cacheLocation: "sessionStorage" - storeAuthStateInCookie: false } } validations: diff --git a/lib/msal-angular/docs/configuration.md b/lib/msal-angular/docs/configuration.md index 0468194f93..f7d8e10102 100644 --- a/lib/msal-angular/docs/configuration.md +++ b/lib/msal-angular/docs/configuration.md @@ -58,7 +58,6 @@ import { PublicClientApplication, InteractionType, BrowserCacheLocation } from " }, cache: { cacheLocation: BrowserCacheLocation.LocalStorage, - storeAuthStateInCookie: true, // set to true for IE 11 }, system: { loggerOptions: { @@ -261,7 +260,6 @@ fetch("/assets/configuration.json") }, "cache": { "cacheLocation": "localStorage", - "storeAuthStateInCookie": true } }, "guard": { @@ -471,7 +469,6 @@ export class AppModule {} }, "cache": { "cacheLocation": "localStorage", - "storeAuthStateInCookie": true } }, "guard": { diff --git a/lib/msal-angular/docs/events.md b/lib/msal-angular/docs/events.md index 91ea4b0ec0..5995c8a07e 100644 --- a/lib/msal-angular/docs/events.md +++ b/lib/msal-angular/docs/events.md @@ -222,7 +222,6 @@ import { PublicClientApplication, InteractionType, BrowserCacheLocation } from " }, cache: { cacheLocation : BrowserCacheLocation.LocalStorage, - storeAuthStateInCookie: true, // set to true for IE 11 }, system: { loggerOptions: { diff --git a/lib/msal-angular/docs/initialization.md b/lib/msal-angular/docs/initialization.md index a8b2f7e1e7..4712b69130 100644 --- a/lib/msal-angular/docs/initialization.md +++ b/lib/msal-angular/docs/initialization.md @@ -31,7 +31,6 @@ import { PublicClientApplication, InteractionType, BrowserCacheLocation } from " }, cache: { cacheLocation : BrowserCacheLocation.LocalStorage, - storeAuthStateInCookie: true, // set to true for IE 11 }, system: { loggerOptions: { @@ -115,7 +114,6 @@ import { PublicClientApplication, InteractionType, BrowserCacheLocation } from " }, cache: { cacheLocation : BrowserCacheLocation.LocalStorage, - storeAuthStateInCookie: true, // set to true for IE 11 }, system: { loggerOptions: { diff --git a/lib/msal-browser/docs/configuration.md b/lib/msal-browser/docs/configuration.md index 62dda1c2fc..f726e94786 100644 --- a/lib/msal-browser/docs/configuration.md +++ b/lib/msal-browser/docs/configuration.md @@ -24,7 +24,6 @@ const msalConfig = { cache: { cacheLocation: "sessionStorage", temporaryCacheLocation: "sessionStorage", - storeAuthStateInCookie: false, secureCookies: false, claimsBasedCachingEnabled: true, }, @@ -98,7 +97,6 @@ const msalInstance = new PublicClientApplication(msalConfig); | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | | `cacheLocation` | Location of token cache in browser. | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage` | | `temporaryCacheLocation` | Location of temporary cache in browser. This option should only be changed for specific edge cases. Please refer to [caching](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/caching.md#cached-artifacts) for more. | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage` | -| `storeAuthStateInCookie` | If true, stores cache items in cookies as well as browser cache. Should be set to true for use cases using IE. | boolean | `false` | | `secureCookies` | If true and `storeAuthStateInCookies` is also enabled, MSAL adds the `Secure` flag to the browser cookie so it can only be sent over HTTPS. | boolean | `false` | | `cacheMigrationEnabled` | If true, cache entries from older versions of MSAL will be updated to conform to the latest cache schema on startup. If your application has not been recently updated to a new version of MSAL.js you can safely turn this off. In the event old cache entries are not migrated it may result in a cache miss when attempting to retrieve accounts or tokens and affected users may need to re-authenticate to get up to date. | boolean | `true` when using `localStorage`, `false` otherwise | | `claimsBasedCachingEnabled` | If `true`, access tokens will be cached under a key containing the hash of the requested claims string, resulting in a cache miss and new network token request when the same token request is made with different or missing claims. If set to `false`, tokens will be cached without claims, but all requests containing claims will go to the network and overwrite any previously cached token with the same scopes. | boolean | `false` | diff --git a/lib/msal-browser/src/cache/BrowserCacheManager.ts b/lib/msal-browser/src/cache/BrowserCacheManager.ts index 4bedbdc870..4c67d29a23 100644 --- a/lib/msal-browser/src/cache/BrowserCacheManager.ts +++ b/lib/msal-browser/src/cache/BrowserCacheManager.ts @@ -68,8 +68,6 @@ import { EventHandler } from "../event/EventHandler.js"; /** * This class implements the cache storage interface for MSAL through browser local or session storage. - * Cookies are only used if storeAuthStateInCookie is true, and are only used for - * parameters such as state and nonce, generally. */ export class BrowserCacheManager extends CacheManager { // Cache configuration, either set by user or default values. @@ -885,21 +883,10 @@ export class BrowserCacheManager extends CacheManager { /** * Gets cache item with given key. - * Will retrieve from cookies if storeAuthStateInCookie is set to true. * @param key */ getTemporaryCache(cacheKey: string, generateKey?: boolean): string | null { const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey; - if (this.cacheConfig.storeAuthStateInCookie) { - const itemCookie = this.cookieStorage.getItem(key); - if (itemCookie) { - this.logger.trace( - "BrowserCacheManager.getTemporaryCache: storeAuthStateInCookies set to true, retrieving from cookies" - ); - return itemCookie; - } - } - const value = this.temporaryCacheStorage.getItem(key); if (!value) { // If temp cache item not found in session/memory, check local storage for items set by old versions @@ -928,8 +915,6 @@ export class BrowserCacheManager extends CacheManager { /** * Sets the cache item with the key and value given. - * Stores in cookie if storeAuthStateInCookie is set to true. - * This can cause cookie overflow if used incorrectly. * @param key * @param value */ @@ -939,14 +924,7 @@ export class BrowserCacheManager extends CacheManager { generateKey?: boolean ): void { const key = generateKey ? this.generateCacheKey(cacheKey) : cacheKey; - this.temporaryCacheStorage.setItem(key, value); - if (this.cacheConfig.storeAuthStateInCookie) { - this.logger.trace( - "BrowserCacheManager.setTemporaryCache: storeAuthStateInCookie set to true, setting item cookie" - ); - this.cookieStorage.setItem(key, value, undefined); - } } /** @@ -959,17 +937,10 @@ export class BrowserCacheManager extends CacheManager { /** * Removes the temporary cache item with the given key. - * Will also clear the cookie item if storeAuthStateInCookie is set to true. * @param key */ removeTemporaryItem(key: string): void { this.temporaryCacheStorage.removeItem(key); - if (this.cacheConfig.storeAuthStateInCookie) { - this.logger.trace( - "BrowserCacheManager.removeItem: storeAuthStateInCookie is true, clearing item cookie" - ); - this.cookieStorage.removeItem(key); - } } /** @@ -1370,7 +1341,6 @@ export const DEFAULT_BROWSER_CACHE_MANAGER = ( const cacheOptions: Required = { cacheLocation: BrowserCacheLocation.MemoryStorage, temporaryCacheLocation: BrowserCacheLocation.MemoryStorage, - storeAuthStateInCookie: false, cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; diff --git a/lib/msal-browser/src/config/Configuration.ts b/lib/msal-browser/src/config/Configuration.ts index e04e7b98a5..a622c448b3 100644 --- a/lib/msal-browser/src/config/Configuration.ts +++ b/lib/msal-browser/src/config/Configuration.ts @@ -127,10 +127,6 @@ export type CacheOptions = { * Used to specify the temporaryCacheLocation user wants to set. Valid values are "localStorage", "sessionStorage" and "memoryStorage". */ temporaryCacheLocation?: BrowserCacheLocation | string; - /** - * If set, MSAL stores the auth request state required for validation of the auth flows in the browser cookies. By default this flag is set to false. - */ - storeAuthStateInCookie?: boolean; /** * If set, MSAL will attempt to migrate cache entries from older versions on initialization. By default this flag is set to true if cacheLocation is localStorage, otherwise false. */ @@ -287,7 +283,6 @@ export function buildConfiguration( const DEFAULT_CACHE_OPTIONS: Required = { cacheLocation: BrowserCacheLocation.SessionStorage, temporaryCacheLocation: BrowserCacheLocation.SessionStorage, - storeAuthStateInCookie: false, // Default cache migration to true if cache location is localStorage since entries are preserved across tabs/windows. Migration has little to no benefit in sessionStorage and memoryStorage cacheMigrationEnabled: userInputCache && diff --git a/lib/msal-browser/src/controllers/StandardController.ts b/lib/msal-browser/src/controllers/StandardController.ts index 18067bf4e7..ced406fb50 100644 --- a/lib/msal-browser/src/controllers/StandardController.ts +++ b/lib/msal-browser/src/controllers/StandardController.ts @@ -257,7 +257,6 @@ export class StandardController implements IController { const nativeCacheOptions: Required = { cacheLocation: BrowserCacheLocation.MemoryStorage, temporaryCacheLocation: BrowserCacheLocation.MemoryStorage, - storeAuthStateInCookie: false, cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; diff --git a/lib/msal-browser/src/error/BrowserConfigurationAuthError.ts b/lib/msal-browser/src/error/BrowserConfigurationAuthError.ts index 1550fa0c51..c6185f0c6a 100644 --- a/lib/msal-browser/src/error/BrowserConfigurationAuthError.ts +++ b/lib/msal-browser/src/error/BrowserConfigurationAuthError.ts @@ -13,7 +13,7 @@ export const BrowserConfigurationAuthErrorMessages = { [BrowserConfigurationAuthErrorCodes.stubbedPublicClientApplicationCalled]: "Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors", [BrowserConfigurationAuthErrorCodes.inMemRedirectUnavailable]: - "Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true.", + "Redirect cannot be supported. In-memory storage was selected, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage.", }; /** diff --git a/lib/msal-browser/src/utils/BrowserUtils.ts b/lib/msal-browser/src/utils/BrowserUtils.ts index b1e1c9b5bd..02825ae3e7 100644 --- a/lib/msal-browser/src/utils/BrowserUtils.ts +++ b/lib/msal-browser/src/utils/BrowserUtils.ts @@ -171,10 +171,9 @@ export function redirectPreflightCheck( ): void { preflightCheck(initialized); blockRedirectInIframe(config.system.allowRedirectInIframe); - // Block redirects if memory storage is enabled but storeAuthStateInCookie is not + // Block redirects if memory storage is enabled if ( - config.cache.cacheLocation === BrowserCacheLocation.MemoryStorage && - !config.cache.storeAuthStateInCookie + config.cache.cacheLocation === BrowserCacheLocation.MemoryStorage ) { throw createBrowserConfigurationAuthError( BrowserConfigurationAuthErrorCodes.inMemRedirectUnavailable diff --git a/lib/msal-browser/test/app/PublicClientApplication.spec.ts b/lib/msal-browser/test/app/PublicClientApplication.spec.ts index 97e511ec42..2bebc833f5 100644 --- a/lib/msal-browser/test/app/PublicClientApplication.spec.ts +++ b/lib/msal-browser/test/app/PublicClientApplication.spec.ts @@ -119,7 +119,6 @@ import { INTERACTION_TYPE } from "../../src/utils/BrowserConstants.js"; const cacheConfig = { temporaryCacheLocation: BrowserCacheLocation.SessionStorage, cacheLocation: BrowserCacheLocation.SessionStorage, - storeAuthStateInCookie: false, cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; @@ -1933,14 +1932,13 @@ describe("PublicClientApplication.ts Class Unit Tests", () => { } }); - it("throws error if cacheLocation is Memory Storage and storeAuthStateInCookie is false", async () => { + it("throws error if cacheLocation is Memory Storage", async () => { pca = new PublicClientApplication({ auth: { clientId: TEST_CONFIG.MSAL_CLIENT_ID, }, cache: { cacheLocation: BrowserCacheLocation.MemoryStorage, - storeAuthStateInCookie: false, }, system: { allowPlatformBroker: false, @@ -7281,7 +7279,6 @@ describe("PublicClientApplication.ts Class Unit Tests", () => { { cacheLocation: BrowserCacheLocation.LocalStorage, temporaryCacheLocation: BrowserCacheLocation.SessionStorage, - storeAuthStateInCookie: false, cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }, diff --git a/lib/msal-browser/test/cache/BrowserCacheManager.spec.ts b/lib/msal-browser/test/cache/BrowserCacheManager.spec.ts index a732e886d0..7602e877c9 100644 --- a/lib/msal-browser/test/cache/BrowserCacheManager.spec.ts +++ b/lib/msal-browser/test/cache/BrowserCacheManager.spec.ts @@ -61,7 +61,6 @@ describe("BrowserCacheManager tests", () => { cacheConfig = { temporaryCacheLocation: BrowserCacheLocation.SessionStorage, cacheLocation: BrowserCacheLocation.SessionStorage, - storeAuthStateInCookie: false, cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; @@ -2378,318 +2377,6 @@ describe("BrowserCacheManager tests", () => { }); }); - describe("Interface functions with storeAuthStateInCookie=true", () => { - let browserSessionStorage: BrowserCacheManager; - let browserLocalStorage: BrowserCacheManager; - let browserMemoryStorage: BrowserCacheManager; - let cacheVal: string; - let msalCacheKey: string; - beforeEach(async () => { - browserSessionStorage = new BrowserCacheManager( - TEST_CONFIG.MSAL_CLIENT_ID, - { - ...cacheConfig, - cacheLocation: BrowserCacheLocation.SessionStorage, - storeAuthStateInCookie: true, - }, - browserCrypto, - logger, - new StubPerformanceClient(), - new EventHandler() - ); - await browserSessionStorage.initialize(TEST_CONFIG.CORRELATION_ID); - browserLocalStorage = new BrowserCacheManager( - TEST_CONFIG.MSAL_CLIENT_ID, - { - ...cacheConfig, - cacheLocation: BrowserCacheLocation.LocalStorage, - storeAuthStateInCookie: true, - }, - browserCrypto, - logger, - new StubPerformanceClient(), - new EventHandler() - ); - await browserLocalStorage.initialize(TEST_CONFIG.CORRELATION_ID); - browserMemoryStorage = new BrowserCacheManager( - TEST_CONFIG.MSAL_CLIENT_ID, - { - ...cacheConfig, - cacheLocation: BrowserCacheLocation.MemoryStorage, - storeAuthStateInCookie: true, - }, - browserCrypto, - logger, - new StubPerformanceClient(), - new EventHandler() - ); - await browserMemoryStorage.initialize(TEST_CONFIG.CORRELATION_ID); - cacheVal = "cacheVal"; - msalCacheKey = browserSessionStorage.generateCacheKey("cacheKey"); - }); - - afterEach(async () => { - await browserSessionStorage.clear(); - await browserLocalStorage.clear(); - }); - - it("setTempCache()", () => { - // sessionStorage - browserSessionStorage.setTemporaryCache( - msalCacheKey, - cacheVal, - true - ); - expect(window.sessionStorage.getItem(msalCacheKey)).toBe(cacheVal); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - // @ts-ignore - browserSessionStorage.cookieStorage.removeItem(msalCacheKey); - // localStorage - browserLocalStorage.setTemporaryCache(msalCacheKey, cacheVal, true); - expect(window.sessionStorage.getItem(msalCacheKey)).toBe(cacheVal); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - // @ts-ignore - browserLocalStorage.cookieStorage.removeItem(msalCacheKey); - // browser memory - browserMemoryStorage.setTemporaryCache( - msalCacheKey, - cacheVal, - true - ); - expect(browserMemoryStorage.getTemporaryCache(msalCacheKey)).toBe( - cacheVal - ); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - // @ts-ignore - browserMemoryStorage.cookieStorage.removeItem(msalCacheKey); - }); - - it("getTempCache()", () => { - // sessionStorage - browserSessionStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect( - browserSessionStorage.getTemporaryCache(msalCacheKey, true) - ).toBe(cacheVal); - expect( - // @ts-ignore - browserSessionStorage.cookieStorage.getItem(msalCacheKey) - ).toEqual(cacheVal); - // localStorage - browserLocalStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect( - browserLocalStorage.getTemporaryCache(msalCacheKey, true) - ).toBe(cacheVal); - expect( - // @ts-ignore - browserLocalStorage.cookieStorage.getItem(msalCacheKey) - ).toEqual(cacheVal); - // @ts-ignore - browserMemoryStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect( - browserMemoryStorage.getTemporaryCache(msalCacheKey, true) - ).toBe(cacheVal); - expect( - // @ts-ignore - browserMemoryStorage.cookieStorage.getItem(msalCacheKey) - ).toEqual(cacheVal); - }); - - it("removeTemporaryItem()", () => { - const clearCookieSpy = jest.spyOn( - CookieStorage.prototype, - "removeItem" - ); - // sessionStorage - browserSessionStorage.setTemporaryCache( - msalCacheKey, - cacheVal, - true - ); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - browserSessionStorage.removeTemporaryItem(msalCacheKey); - expect(window.sessionStorage.getItem(msalCacheKey)).toBeNull(); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - expect(clearCookieSpy).toHaveBeenCalledTimes(1); - // localStorage - browserLocalStorage.setTemporaryCache(msalCacheKey, cacheVal, true); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - browserLocalStorage.removeTemporaryItem(msalCacheKey); - expect(window.localStorage.getItem(msalCacheKey)).toBeNull(); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - expect(clearCookieSpy).toHaveBeenCalledTimes(2); - // browser memory - browserMemoryStorage.setTemporaryCache( - msalCacheKey, - cacheVal, - true - ); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - browserMemoryStorage.removeTemporaryItem(msalCacheKey); - expect( - // @ts-ignore - browserMemoryStorage.temporaryCacheStorage.getItem(msalCacheKey) - ).toBeNull(); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - expect(clearCookieSpy).toHaveBeenCalledTimes(3); - }); - - it("clear()", async () => { - // sessionStorage - browserSessionStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - await browserSessionStorage.clear(); - expect(browserSessionStorage.getKeys()).toHaveLength(0); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - // localStorage - browserLocalStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - await browserLocalStorage.clear(); - expect(browserLocalStorage.getKeys()).toHaveLength(0); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - // browser memory - browserMemoryStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - await browserMemoryStorage.clear(); - expect(browserMemoryStorage.getKeys()).toHaveLength(0); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - }); - - it("setTempCache() with item that contains ==", () => { - msalCacheKey = `${Constants.CACHE_PREFIX}.${TEST_STATE_VALUES.ENCODED_LIB_STATE}`; - // sessionStorage - browserSessionStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(window.sessionStorage.getItem(msalCacheKey)).toBe(cacheVal); - expect(document.cookie).toContain( - `${encodeURIComponent(msalCacheKey)}=${cacheVal}` - ); - // @ts-ignore - browserSessionStorage.cookieStorage.removeItem(msalCacheKey); - // localStorage - browserLocalStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(window.sessionStorage.getItem(msalCacheKey)).toBe(cacheVal); - expect(document.cookie).toContain( - `${encodeURIComponent(msalCacheKey)}=${cacheVal}` - ); - // @ts-ignore - browserLocalStorage.cookieStorage.removeItem(msalCacheKey); - // browser memory - browserMemoryStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(browserMemoryStorage.getTemporaryCache(msalCacheKey)).toBe( - cacheVal - ); - expect(document.cookie).toContain( - `${encodeURIComponent(msalCacheKey)}=${cacheVal}` - ); - // @ts-ignore - browserMemoryStorage.cookieStorage.removeItem(msalCacheKey); - }); - - it("getTempCache() with item that contains ==", () => { - msalCacheKey = `${Constants.CACHE_PREFIX}.${TEST_STATE_VALUES.ENCODED_LIB_STATE}`; - const getCookieSpy = jest.spyOn(CookieStorage.prototype, "getItem"); - // sessionStorage - browserSessionStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(browserSessionStorage.getTemporaryCache(msalCacheKey)).toBe( - cacheVal - ); - expect(getCookieSpy.mock.results[0].value).toEqual(cacheVal); - expect(getCookieSpy).toHaveBeenCalledTimes(1); - // localStorage - browserLocalStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(browserLocalStorage.getTemporaryCache(msalCacheKey)).toBe( - cacheVal - ); - expect(getCookieSpy.mock.results[1].value).toEqual(cacheVal); - expect(getCookieSpy).toHaveBeenCalledTimes(2); - // @ts-ignore - browserMemoryStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(browserLocalStorage.getTemporaryCache(msalCacheKey)).toBe( - cacheVal - ); - expect(getCookieSpy.mock.results[2].value).toEqual(cacheVal); - expect(getCookieSpy).toHaveBeenCalledTimes(3); - }); - - it("removeTemporaryItem() with item that contains ==", () => { - msalCacheKey = `${Constants.CACHE_PREFIX}.${TEST_STATE_VALUES.ENCODED_LIB_STATE}`; - const clearCookieSpy = jest.spyOn( - CookieStorage.prototype, - "removeItem" - ); - // sessionStorage - browserSessionStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(window.sessionStorage.getItem(msalCacheKey)).toBe(cacheVal); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - browserSessionStorage.removeTemporaryItem(msalCacheKey); - expect(window.sessionStorage.getItem(msalCacheKey)).toBeNull(); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - expect(clearCookieSpy).toHaveBeenCalledTimes(1); - // localStorage - browserLocalStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - browserLocalStorage.removeTemporaryItem(msalCacheKey); - expect(window.sessionStorage.getItem(msalCacheKey)).toBeNull(); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - expect(clearCookieSpy).toHaveBeenCalledTimes(2); - // browser memory - browserMemoryStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - browserMemoryStorage.removeTemporaryItem(msalCacheKey); - // @ts-ignore - expect( - browserMemoryStorage.getTemporaryCache(msalCacheKey) - ).toBeNull(); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - expect(clearCookieSpy).toHaveBeenCalledTimes(3); - }); - - it("clear() with item that contains ==", async () => { - msalCacheKey = `${Constants.CACHE_PREFIX}.${TEST_STATE_VALUES.ENCODED_LIB_STATE}`; - // sessionStorage - browserSessionStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - await browserSessionStorage.clear(); - expect(browserSessionStorage.getKeys()).toHaveLength(0); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - // localStorage - browserLocalStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - await browserLocalStorage.clear(); - expect(browserLocalStorage.getKeys()).toHaveLength(0); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - // browser memory - browserMemoryStorage.setTemporaryCache(msalCacheKey, cacheVal); - expect(document.cookie).toContain(`${msalCacheKey}=${cacheVal}`); - await browserMemoryStorage.clear(); - expect(browserMemoryStorage.getKeys()).toHaveLength(0); - expect(document.cookie).not.toContain( - `${msalCacheKey}=${cacheVal}` - ); - }); - }); - describe("Helpers", () => { it("resetTempCacheItems() resets all temporary cache items with the given state", () => { const browserStorage = new BrowserCacheManager( diff --git a/lib/msal-browser/test/cache/TokenCache.spec.ts b/lib/msal-browser/test/cache/TokenCache.spec.ts index 7a262f9462..9b37b3265a 100644 --- a/lib/msal-browser/test/cache/TokenCache.spec.ts +++ b/lib/msal-browser/test/cache/TokenCache.spec.ts @@ -64,7 +64,6 @@ describe("TokenCache tests", () => { cacheConfig = { temporaryCacheLocation: BrowserCacheLocation.SessionStorage, cacheLocation: BrowserCacheLocation.SessionStorage, - storeAuthStateInCookie: false, cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; diff --git a/lib/msal-browser/test/config/Configuration.spec.ts b/lib/msal-browser/test/config/Configuration.spec.ts index 93b437d55f..e083372b94 100644 --- a/lib/msal-browser/test/config/Configuration.spec.ts +++ b/lib/msal-browser/test/config/Configuration.spec.ts @@ -52,8 +52,6 @@ describe("Configuration.ts Class Unit Tests", () => { expect(emptyConfig.cache).toBeDefined(); expect(emptyConfig.cache?.cacheLocation).toBeDefined(); expect(emptyConfig.cache?.cacheLocation).toBe("sessionStorage"); - expect(emptyConfig.cache?.storeAuthStateInCookie).toBeDefined(); - expect(emptyConfig.cache?.storeAuthStateInCookie).toBe(false); expect(emptyConfig.cache?.claimsBasedCachingEnabled).toBe(false); // System config checks expect(emptyConfig.system).toBeDefined(); @@ -242,7 +240,6 @@ describe("Configuration.ts Class Unit Tests", () => { }, cache: { cacheLocation: BrowserCacheLocation.LocalStorage, - storeAuthStateInCookie: true, claimsBasedCachingEnabled: true, }, system: { @@ -272,8 +269,6 @@ describe("Configuration.ts Class Unit Tests", () => { expect(newConfig.cache).not.toBeNull(); expect(newConfig.cache?.cacheLocation).not.toBeNull(); expect(newConfig.cache?.cacheLocation).toBe("localStorage"); - expect(newConfig.cache?.storeAuthStateInCookie).not.toBeNull(); - expect(newConfig.cache?.storeAuthStateInCookie).toBe(true); expect(newConfig.cache?.claimsBasedCachingEnabled).toBe(true); // System config checks expect(newConfig.system).not.toBeNull(); diff --git a/lib/msal-browser/test/interaction_client/RedirectClient.spec.ts b/lib/msal-browser/test/interaction_client/RedirectClient.spec.ts index 43711e5bf6..70af23cb34 100644 --- a/lib/msal-browser/test/interaction_client/RedirectClient.spec.ts +++ b/lib/msal-browser/test/interaction_client/RedirectClient.spec.ts @@ -91,7 +91,6 @@ import { BrowserPerformanceClient } from "../../src/telemetry/BrowserPerformance const cacheConfig = { cacheLocation: BrowserCacheLocation.SessionStorage, temporaryCacheLocation: BrowserCacheLocation.SessionStorage, - storeAuthStateInCookie: false, cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; diff --git a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadAuthConfig.json b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadAuthConfig.json index 90ec1944b5..5c7795cd33 100644 --- a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadAuthConfig.json +++ b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadAuthConfig.json @@ -5,14 +5,15 @@ "authority": "https://login.microsoftonline.com/common" }, "cache": { - "cacheLocation": "sessionStorage", - "storeAuthStateInCookie": false + "cacheLocation": "sessionStorage" }, "system": { "allowPlatformBroker": false } }, "request": { - "scopes": ["User.Read"] + "scopes": [ + "User.Read" + ] } -} +} \ No newline at end of file diff --git a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadMultiTenantAuthConfig.json b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadMultiTenantAuthConfig.json index 5b8a7aec68..c63d83c02c 100644 --- a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadMultiTenantAuthConfig.json +++ b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadMultiTenantAuthConfig.json @@ -5,24 +5,25 @@ "authority": "https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca" }, "cache": { - "cacheLocation": "sessionStorage", - "storeAuthStateInCookie": false + "cacheLocation": "sessionStorage" }, "system": { "allowPlatformBroker": false } }, "request": { - "scopes": ["User.Read"] + "scopes": [ + "User.Read" + ] }, "tenants": { - "home": { + "home": { "tenantId": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca", "authority": "https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca" - }, + }, "guest": { "tenantId": "8e44f19d-bbab-4a82-b76b-4cd0a6fbc97a", "authority": "https://login.microsoftonline.com/8e44f19d-bbab-4a82-b76b-4cd0a6fbc97a" } } -} +} \ No newline at end of file diff --git a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadTenantedAuthConfig.json b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadTenantedAuthConfig.json index 01141aec79..bd2a17cd71 100644 --- a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadTenantedAuthConfig.json +++ b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/aadTenantedAuthConfig.json @@ -5,14 +5,15 @@ "authority": "https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca" }, "cache": { - "cacheLocation": "sessionStorage", - "storeAuthStateInCookie": false + "cacheLocation": "sessionStorage" }, "system": { "allowPlatformBroker": false } }, "request": { - "scopes": ["User.Read"] + "scopes": [ + "User.Read" + ] } -} +} \ No newline at end of file diff --git a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/b2cAuthConfig.json b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/b2cAuthConfig.json index e7755bd5d0..5eb872a9bc 100644 --- a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/b2cAuthConfig.json +++ b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/b2cAuthConfig.json @@ -3,17 +3,20 @@ "auth": { "clientId": "4c837770-7a2b-471e-aafa-3328d04a23b1", "authority": "https://msidlabb2c.b2clogin.com/msidlabb2c.onmicrosoft.com/B2C_1_SISOPolicy/", - "knownAuthorities": ["msidlabb2c.b2clogin.com"] + "knownAuthorities": [ + "msidlabb2c.b2clogin.com" + ] }, "cache": { - "cacheLocation": "sessionStorage", - "storeAuthStateInCookie": false + "cacheLocation": "sessionStorage" }, "system": { "allowPlatformBroker": false } }, "request": { - "scopes": ["https://msidlabb2c.onmicrosoft.com/4c837770-7a2b-471e-aafa-3328d04a23b1/read"] + "scopes": [ + "https://msidlabb2c.onmicrosoft.com/4c837770-7a2b-471e-aafa-3328d04a23b1/read" + ] } -} +} \ No newline at end of file diff --git a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/localStorageAuthConfig.json b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/localStorageAuthConfig.json index 42e38744a0..07338ec644 100644 --- a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/localStorageAuthConfig.json +++ b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/localStorageAuthConfig.json @@ -5,14 +5,15 @@ "authority": "https://login.microsoftonline.com/common" }, "cache": { - "cacheLocation": "localStorage", - "storeAuthStateInCookie": false + "cacheLocation": "localStorage" }, "system": { "allowPlatformBroker": false } }, "request": { - "scopes": ["User.Read"] + "scopes": [ + "User.Read" + ] } -} +} \ No newline at end of file diff --git a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/memStorageAuthConfig.json b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/memStorageAuthConfig.json index 580be73a47..eb120a7590 100644 --- a/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/memStorageAuthConfig.json +++ b/samples/msal-browser-samples/VanillaJSTestApp2.0/app/customizable-e2e-test/authConfigs/memStorageAuthConfig.json @@ -5,14 +5,15 @@ "authority": "https://login.microsoftonline.com/common" }, "cache": { - "cacheLocation": "memoryStorage", - "storeAuthStateInCookie": true + "cacheLocation": "memoryStorage" }, "system": { "allowPlatformBroker": false } }, "request": { - "scopes": ["User.Read"] + "scopes": [ + "User.Read" + ] } -} +} \ No newline at end of file diff --git a/samples/msal-react-samples/react-router-sample/README.md b/samples/msal-react-samples/react-router-sample/README.md index f409c90c62..3d51fc313a 100644 --- a/samples/msal-react-samples/react-router-sample/README.md +++ b/samples/msal-react-samples/react-router-sample/README.md @@ -80,10 +80,6 @@ You will also see any lint errors in the console. 1. Open [http://localhost:3000](http://localhost:3000) to view it in the browser. 1. Open [http://localhost:3000/profile](http://localhost:3000/profile) to see an example of a protected route. If you are not yet signed in, signin will be invoked automatically. -#### Running the sample in IE11 - -`@azure/msal-react` and `@azure/msal-browser` support IE11 but the `react-scripts` package requires a few polyfills to work properly. In order to run this sample in IE11 go to `src/index.js` and uncomment the first 2 imports. We recommend using the redirect flow and setting the `storeAuthStateInCookie` config parameter to `true` in IE11 as there are known issues with popups. You can read more about the known issues with IE11 [here](https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/Known-issues-on-IE-and-Edge-Browser) - #### Learn more about the 3rd-party libraries used to create this sample - [React documentation](https://reactjs.org/). From 9ecf558d7dbd8c6f2f4486eca07858c315265db5 Mon Sep 17 00:00:00 2001 From: joarroyo Date: Sat, 12 Apr 2025 12:18:11 -0700 Subject: [PATCH 03/10] Remove secureCookies docs --- lib/msal-browser/docs/configuration.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/msal-browser/docs/configuration.md b/lib/msal-browser/docs/configuration.md index f726e94786..699e38d137 100644 --- a/lib/msal-browser/docs/configuration.md +++ b/lib/msal-browser/docs/configuration.md @@ -24,7 +24,6 @@ const msalConfig = { cache: { cacheLocation: "sessionStorage", temporaryCacheLocation: "sessionStorage", - secureCookies: false, claimsBasedCachingEnabled: true, }, system: { @@ -97,7 +96,6 @@ const msalInstance = new PublicClientApplication(msalConfig); | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | | `cacheLocation` | Location of token cache in browser. | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage` | | `temporaryCacheLocation` | Location of temporary cache in browser. This option should only be changed for specific edge cases. Please refer to [caching](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/caching.md#cached-artifacts) for more. | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage` | -| `secureCookies` | If true and `storeAuthStateInCookies` is also enabled, MSAL adds the `Secure` flag to the browser cookie so it can only be sent over HTTPS. | boolean | `false` | | `cacheMigrationEnabled` | If true, cache entries from older versions of MSAL will be updated to conform to the latest cache schema on startup. If your application has not been recently updated to a new version of MSAL.js you can safely turn this off. In the event old cache entries are not migrated it may result in a cache miss when attempting to retrieve accounts or tokens and affected users may need to re-authenticate to get up to date. | boolean | `true` when using `localStorage`, `false` otherwise | | `claimsBasedCachingEnabled` | If `true`, access tokens will be cached under a key containing the hash of the requested claims string, resulting in a cache miss and new network token request when the same token request is made with different or missing claims. If set to `false`, tokens will be cached without claims, but all requests containing claims will go to the network and overwrite any previously cached token with the same scopes. | boolean | `false` | From 279d602bee0db813fcb9ff824ec3a4948b3e99fe Mon Sep 17 00:00:00 2001 From: joarroyo Date: Sat, 12 Apr 2025 12:27:10 -0700 Subject: [PATCH 04/10] Remove cacheMigrationEnabled --- lib/msal-browser/docs/configuration.md | 1 - lib/msal-browser/src/cache/BrowserCacheManager.ts | 1 - lib/msal-browser/src/config/Configuration.ts | 10 ---------- lib/msal-browser/src/controllers/StandardController.ts | 1 - .../test/app/PublicClientApplication.spec.ts | 2 -- .../test/cache/BrowserCacheManager.spec.ts | 1 - lib/msal-browser/test/cache/TokenCache.spec.ts | 1 - .../test/interaction_client/RedirectClient.spec.ts | 1 - 8 files changed, 18 deletions(-) diff --git a/lib/msal-browser/docs/configuration.md b/lib/msal-browser/docs/configuration.md index 699e38d137..10583cbc09 100644 --- a/lib/msal-browser/docs/configuration.md +++ b/lib/msal-browser/docs/configuration.md @@ -96,7 +96,6 @@ const msalInstance = new PublicClientApplication(msalConfig); | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | | `cacheLocation` | Location of token cache in browser. | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage` | | `temporaryCacheLocation` | Location of temporary cache in browser. This option should only be changed for specific edge cases. Please refer to [caching](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/caching.md#cached-artifacts) for more. | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage` | -| `cacheMigrationEnabled` | If true, cache entries from older versions of MSAL will be updated to conform to the latest cache schema on startup. If your application has not been recently updated to a new version of MSAL.js you can safely turn this off. In the event old cache entries are not migrated it may result in a cache miss when attempting to retrieve accounts or tokens and affected users may need to re-authenticate to get up to date. | boolean | `true` when using `localStorage`, `false` otherwise | | `claimsBasedCachingEnabled` | If `true`, access tokens will be cached under a key containing the hash of the requested claims string, resulting in a cache miss and new network token request when the same token request is made with different or missing claims. If set to `false`, tokens will be cached without claims, but all requests containing claims will go to the network and overwrite any previously cached token with the same scopes. | boolean | `false` | See [Caching in MSAL](./caching.md) for more. diff --git a/lib/msal-browser/src/cache/BrowserCacheManager.ts b/lib/msal-browser/src/cache/BrowserCacheManager.ts index 4c67d29a23..c2a59f32d9 100644 --- a/lib/msal-browser/src/cache/BrowserCacheManager.ts +++ b/lib/msal-browser/src/cache/BrowserCacheManager.ts @@ -1341,7 +1341,6 @@ export const DEFAULT_BROWSER_CACHE_MANAGER = ( const cacheOptions: Required = { cacheLocation: BrowserCacheLocation.MemoryStorage, temporaryCacheLocation: BrowserCacheLocation.MemoryStorage, - cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; return new BrowserCacheManager( diff --git a/lib/msal-browser/src/config/Configuration.ts b/lib/msal-browser/src/config/Configuration.ts index a622c448b3..ae49e43d59 100644 --- a/lib/msal-browser/src/config/Configuration.ts +++ b/lib/msal-browser/src/config/Configuration.ts @@ -127,10 +127,6 @@ export type CacheOptions = { * Used to specify the temporaryCacheLocation user wants to set. Valid values are "localStorage", "sessionStorage" and "memoryStorage". */ temporaryCacheLocation?: BrowserCacheLocation | string; - /** - * If set, MSAL will attempt to migrate cache entries from older versions on initialization. By default this flag is set to true if cacheLocation is localStorage, otherwise false. - */ - cacheMigrationEnabled?: boolean; /** * Flag that determines whether access tokens are stored based on requested claims */ @@ -283,12 +279,6 @@ export function buildConfiguration( const DEFAULT_CACHE_OPTIONS: Required = { cacheLocation: BrowserCacheLocation.SessionStorage, temporaryCacheLocation: BrowserCacheLocation.SessionStorage, - // Default cache migration to true if cache location is localStorage since entries are preserved across tabs/windows. Migration has little to no benefit in sessionStorage and memoryStorage - cacheMigrationEnabled: - userInputCache && - userInputCache.cacheLocation === BrowserCacheLocation.LocalStorage - ? true - : false, claimsBasedCachingEnabled: false, }; diff --git a/lib/msal-browser/src/controllers/StandardController.ts b/lib/msal-browser/src/controllers/StandardController.ts index ced406fb50..de1ddbe8e8 100644 --- a/lib/msal-browser/src/controllers/StandardController.ts +++ b/lib/msal-browser/src/controllers/StandardController.ts @@ -257,7 +257,6 @@ export class StandardController implements IController { const nativeCacheOptions: Required = { cacheLocation: BrowserCacheLocation.MemoryStorage, temporaryCacheLocation: BrowserCacheLocation.MemoryStorage, - cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; this.nativeInternalStorage = new BrowserCacheManager( diff --git a/lib/msal-browser/test/app/PublicClientApplication.spec.ts b/lib/msal-browser/test/app/PublicClientApplication.spec.ts index 2bebc833f5..e94844074c 100644 --- a/lib/msal-browser/test/app/PublicClientApplication.spec.ts +++ b/lib/msal-browser/test/app/PublicClientApplication.spec.ts @@ -119,7 +119,6 @@ import { INTERACTION_TYPE } from "../../src/utils/BrowserConstants.js"; const cacheConfig = { temporaryCacheLocation: BrowserCacheLocation.SessionStorage, cacheLocation: BrowserCacheLocation.SessionStorage, - cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; @@ -7279,7 +7278,6 @@ describe("PublicClientApplication.ts Class Unit Tests", () => { { cacheLocation: BrowserCacheLocation.LocalStorage, temporaryCacheLocation: BrowserCacheLocation.SessionStorage, - cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }, new CryptoOps(new Logger({})), diff --git a/lib/msal-browser/test/cache/BrowserCacheManager.spec.ts b/lib/msal-browser/test/cache/BrowserCacheManager.spec.ts index 7602e877c9..a85afd7f15 100644 --- a/lib/msal-browser/test/cache/BrowserCacheManager.spec.ts +++ b/lib/msal-browser/test/cache/BrowserCacheManager.spec.ts @@ -61,7 +61,6 @@ describe("BrowserCacheManager tests", () => { cacheConfig = { temporaryCacheLocation: BrowserCacheLocation.SessionStorage, cacheLocation: BrowserCacheLocation.SessionStorage, - cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; logger = new Logger({ diff --git a/lib/msal-browser/test/cache/TokenCache.spec.ts b/lib/msal-browser/test/cache/TokenCache.spec.ts index 9b37b3265a..19e507594a 100644 --- a/lib/msal-browser/test/cache/TokenCache.spec.ts +++ b/lib/msal-browser/test/cache/TokenCache.spec.ts @@ -64,7 +64,6 @@ describe("TokenCache tests", () => { cacheConfig = { temporaryCacheLocation: BrowserCacheLocation.SessionStorage, cacheLocation: BrowserCacheLocation.SessionStorage, - cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; logger = new Logger({ diff --git a/lib/msal-browser/test/interaction_client/RedirectClient.spec.ts b/lib/msal-browser/test/interaction_client/RedirectClient.spec.ts index 70af23cb34..82574a3c3b 100644 --- a/lib/msal-browser/test/interaction_client/RedirectClient.spec.ts +++ b/lib/msal-browser/test/interaction_client/RedirectClient.spec.ts @@ -91,7 +91,6 @@ import { BrowserPerformanceClient } from "../../src/telemetry/BrowserPerformance const cacheConfig = { cacheLocation: BrowserCacheLocation.SessionStorage, temporaryCacheLocation: BrowserCacheLocation.SessionStorage, - cacheMigrationEnabled: false, claimsBasedCachingEnabled: false, }; From 91f9f57404aeff317780436bacbc7fad374051c4 Mon Sep 17 00:00:00 2001 From: joarroyo Date: Sat, 12 Apr 2025 12:50:15 -0700 Subject: [PATCH 05/10] Deprecate claimsBasedCachingEnabled --- lib/msal-browser/docs/configuration.md | 4 ++-- lib/msal-browser/src/config/Configuration.ts | 2 ++ lib/msal-common/src/config/ClientConfiguration.ts | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/msal-browser/docs/configuration.md b/lib/msal-browser/docs/configuration.md index 10583cbc09..f14ee98830 100644 --- a/lib/msal-browser/docs/configuration.md +++ b/lib/msal-browser/docs/configuration.md @@ -95,8 +95,8 @@ const msalInstance = new PublicClientApplication(msalConfig); | Option | Description | Format | Default Value | | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | | `cacheLocation` | Location of token cache in browser. | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage` | -| `temporaryCacheLocation` | Location of temporary cache in browser. This option should only be changed for specific edge cases. Please refer to [caching](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/caching.md#cached-artifacts) for more. | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage` | -| `claimsBasedCachingEnabled` | If `true`, access tokens will be cached under a key containing the hash of the requested claims string, resulting in a cache miss and new network token request when the same token request is made with different or missing claims. If set to `false`, tokens will be cached without claims, but all requests containing claims will go to the network and overwrite any previously cached token with the same scopes. | boolean | `false` | +| `temporaryCacheLocation` | Location of temporary cache in browser. This option should only be changed for specific edge cases. Please refer to [caching](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/caching.md#cached-artifacts) for more. **Note: This is deprecated and will be removed in a future release.** | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage` | +| `claimsBasedCachingEnabled` | If `true`, access tokens will be cached under a key containing the hash of the requested claims string, resulting in a cache miss and new network token request when the same token request is made with different or missing claims. If set to `false`, tokens will be cached without claims, but all requests containing claims will go to the network and overwrite any previously cached token with the same scopes. **Note: This is deprecated and will be removed in a future release.** | boolean | `false` | See [Caching in MSAL](./caching.md) for more. diff --git a/lib/msal-browser/src/config/Configuration.ts b/lib/msal-browser/src/config/Configuration.ts index ae49e43d59..dac280dcf4 100644 --- a/lib/msal-browser/src/config/Configuration.ts +++ b/lib/msal-browser/src/config/Configuration.ts @@ -128,6 +128,8 @@ export type CacheOptions = { */ temporaryCacheLocation?: BrowserCacheLocation | string; /** + * @deprecated + * claimsBasedCachingEnabled is deprecated and will be removed in a future release. * Flag that determines whether access tokens are stored based on requested claims */ claimsBasedCachingEnabled?: boolean; diff --git a/lib/msal-common/src/config/ClientConfiguration.ts b/lib/msal-common/src/config/ClientConfiguration.ts index e3eecd1206..efa8fc13a2 100644 --- a/lib/msal-common/src/config/ClientConfiguration.ts +++ b/lib/msal-common/src/config/ClientConfiguration.ts @@ -126,6 +126,10 @@ export type LoggerOptions = { * - claimsBasedCachingEnabled - Sets whether tokens should be cached based on the claims hash. Default is false. */ export type CacheOptions = { + /** + * @deprecated + * claimsBasedCachingEnabled is deprecated and will be removed in a future release. + */ claimsBasedCachingEnabled?: boolean; }; From b5814146668d13df3f76896abb8d6659494e6c27 Mon Sep 17 00:00:00 2001 From: joarroyo Date: Sat, 12 Apr 2025 12:52:41 -0700 Subject: [PATCH 06/10] Format:fix --- lib/msal-browser/src/utils/BrowserUtils.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/msal-browser/src/utils/BrowserUtils.ts b/lib/msal-browser/src/utils/BrowserUtils.ts index 02825ae3e7..bb89637f98 100644 --- a/lib/msal-browser/src/utils/BrowserUtils.ts +++ b/lib/msal-browser/src/utils/BrowserUtils.ts @@ -172,9 +172,7 @@ export function redirectPreflightCheck( preflightCheck(initialized); blockRedirectInIframe(config.system.allowRedirectInIframe); // Block redirects if memory storage is enabled - if ( - config.cache.cacheLocation === BrowserCacheLocation.MemoryStorage - ) { + if (config.cache.cacheLocation === BrowserCacheLocation.MemoryStorage) { throw createBrowserConfigurationAuthError( BrowserConfigurationAuthErrorCodes.inMemRedirectUnavailable ); From a0187a413bfc06720d8cbfb989e35b411e131413 Mon Sep 17 00:00:00 2001 From: joarroyo Date: Sat, 12 Apr 2025 12:54:37 -0700 Subject: [PATCH 07/10] Change files --- ...-msal-browser-6f00d163-ea6e-4461-8d64-f654afaa2e5c.json | 7 +++++++ ...e-msal-common-c037e1e0-4f7a-49c5-912a-ce0ea99fcf1e.json | 7 +++++++ 2 files changed, 14 insertions(+) create mode 100644 change/@azure-msal-browser-6f00d163-ea6e-4461-8d64-f654afaa2e5c.json create mode 100644 change/@azure-msal-common-c037e1e0-4f7a-49c5-912a-ce0ea99fcf1e.json diff --git a/change/@azure-msal-browser-6f00d163-ea6e-4461-8d64-f654afaa2e5c.json b/change/@azure-msal-browser-6f00d163-ea6e-4461-8d64-f654afaa2e5c.json new file mode 100644 index 0000000000..b0d6506a2c --- /dev/null +++ b/change/@azure-msal-browser-6f00d163-ea6e-4461-8d64-f654afaa2e5c.json @@ -0,0 +1,7 @@ +{ + "type": "major", + "comment": "Configuration changes to CacheOptions #7697", + "packageName": "@azure/msal-browser", + "email": "joarroyo@microsoft.com", + "dependentChangeType": "patch" +} diff --git a/change/@azure-msal-common-c037e1e0-4f7a-49c5-912a-ce0ea99fcf1e.json b/change/@azure-msal-common-c037e1e0-4f7a-49c5-912a-ce0ea99fcf1e.json new file mode 100644 index 0000000000..9a6b28c4e0 --- /dev/null +++ b/change/@azure-msal-common-c037e1e0-4f7a-49c5-912a-ce0ea99fcf1e.json @@ -0,0 +1,7 @@ +{ + "type": "minor", + "comment": "Deprecate claimsBasedCachingEnabled as part of Configuration change #7697", + "packageName": "@azure/msal-common", + "email": "joarroyo@microsoft.com", + "dependentChangeType": "patch" +} From bac042da920ff4775bac64006f033ba2434c8d49 Mon Sep 17 00:00:00 2001 From: joarroyo Date: Tue, 15 Apr 2025 12:10:16 -0700 Subject: [PATCH 08/10] apiExtractor --- lib/msal-browser/apiReview/msal-browser.api.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/msal-browser/apiReview/msal-browser.api.md b/lib/msal-browser/apiReview/msal-browser.api.md index 5ddce4d665..8667c7cdde 100644 --- a/lib/msal-browser/apiReview/msal-browser.api.md +++ b/lib/msal-browser/apiReview/msal-browser.api.md @@ -411,8 +411,6 @@ export type CacheLookupPolicy = (typeof CacheLookupPolicy)[keyof typeof CacheLoo export type CacheOptions = { cacheLocation?: BrowserCacheLocation | string; temporaryCacheLocation?: BrowserCacheLocation | string; - storeAuthStateInCookie?: boolean; - cacheMigrationEnabled?: boolean; claimsBasedCachingEnabled?: boolean; }; @@ -1493,7 +1491,7 @@ export type WrapperSKU = (typeof WrapperSKU)[keyof typeof WrapperSKU]; // src/cache/LocalStorage.ts:296:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/cache/LocalStorage.ts:354:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/cache/LocalStorage.ts:385:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen -// src/config/Configuration.ts:236:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts +// src/config/Configuration.ts:232:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts // src/event/EventHandler.ts:113:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/event/EventHandler.ts:139:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/index.ts:8:12 - (tsdoc-characters-after-block-tag) The token "@azure" looks like a TSDoc tag but contains an invalid character "/"; if it is not a tag, use a backslash to escape the "@" From e0f8803fd9416d433ff98449ec87298706e67bdf Mon Sep 17 00:00:00 2001 From: joarroyo Date: Wed, 16 Apr 2025 10:44:59 -0700 Subject: [PATCH 09/10] Update apiExtractor after merge --- lib/msal-browser/apiReview/msal-browser.api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/msal-browser/apiReview/msal-browser.api.md b/lib/msal-browser/apiReview/msal-browser.api.md index 3e868e3c62..707249161d 100644 --- a/lib/msal-browser/apiReview/msal-browser.api.md +++ b/lib/msal-browser/apiReview/msal-browser.api.md @@ -1490,7 +1490,7 @@ export type WrapperSKU = (typeof WrapperSKU)[keyof typeof WrapperSKU]; // src/cache/LocalStorage.ts:296:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/cache/LocalStorage.ts:354:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/cache/LocalStorage.ts:385:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen -// src/config/Configuration.ts:231:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts +// src/config/Configuration.ts:227:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts // src/event/EventHandler.ts:113:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/event/EventHandler.ts:139:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/index.ts:8:12 - (tsdoc-characters-after-block-tag) The token "@azure" looks like a TSDoc tag but contains an invalid character "/"; if it is not a tag, use a backslash to escape the "@" From cd106bc4631b60bf1995513e68eaae6ff5723502 Mon Sep 17 00:00:00 2001 From: joarroyo Date: Wed, 16 Apr 2025 14:55:18 -0700 Subject: [PATCH 10/10] Update apiExtractor after merge --- lib/msal-browser/apiReview/msal-browser.api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/msal-browser/apiReview/msal-browser.api.md b/lib/msal-browser/apiReview/msal-browser.api.md index 6095ccac18..ec7148510b 100644 --- a/lib/msal-browser/apiReview/msal-browser.api.md +++ b/lib/msal-browser/apiReview/msal-browser.api.md @@ -1489,7 +1489,7 @@ export type WrapperSKU = (typeof WrapperSKU)[keyof typeof WrapperSKU]; // src/cache/LocalStorage.ts:296:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/cache/LocalStorage.ts:354:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/cache/LocalStorage.ts:385:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen -// src/config/Configuration.ts:227:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts +// src/config/Configuration.ts:223:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts // src/event/EventHandler.ts:113:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/event/EventHandler.ts:139:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen // src/index.ts:8:12 - (tsdoc-characters-after-block-tag) The token "@azure" looks like a TSDoc tag but contains an invalid character "/"; if it is not a tag, use a backslash to escape the "@"