Move auth error messages out of the bundle

change/@azure-msal-browser-bde3f512-0d2d-41c3-b6ac-951b5a7948a2.json

@@ -0,0 +1,7 @@
+{
+  "type": "minor",
+  "comment": "Move auth error messages out of the bundle #7744",
+  "packageName": "@azure/msal-browser",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

change/@azure-msal-common-1d8047ac-0257-4486-bd31-f76b71df1d90.json

@@ -0,0 +1,7 @@
+{
+  "type": "minor",
+  "comment": "Move auth error messages out of the bundle #7744",
+  "packageName": "@azure/msal-common",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

change/@azure-msal-node-a9c0aa9f-2a96-4720-bfaa-4d6d9edf852c.json

@@ -0,0 +1,7 @@
+{
+  "type": "minor",
+  "comment": "Move auth error messages out of the bundle #7744",
+  "packageName": "@azure/msal-node",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

lib/msal-browser/apiReview/msal-browser.api.md

@@ -14,15 +14,12 @@ import { AuthenticationResult as AuthenticationResult_2 } from '@azure/msal-comm
 import { AuthenticationScheme } from '@azure/msal-common/browser';
 import { AuthError } from '@azure/msal-common/browser';
 import { AuthErrorCodes } from '@azure/msal-common/browser';
-import { AuthErrorMessages } from '@azure/msal-common/browser';
 import { AzureCloudInstance } from '@azure/msal-common/browser';
 import { AzureCloudOptions } from '@azure/msal-common/browser';
 import { ClientAuthError } from '@azure/msal-common/browser';
 import { ClientAuthErrorCodes } from '@azure/msal-common/browser';
-import { ClientAuthErrorMessages } from '@azure/msal-common/browser';
 import { ClientConfigurationError } from '@azure/msal-common/browser';
 import { ClientConfigurationErrorCodes } from '@azure/msal-common/browser';
-import { ClientConfigurationErrorMessages } from '@azure/msal-common/browser';
 import { CommonAuthorizationCodeRequest } from '@azure/msal-common/browser';
 import { CommonAuthorizationUrlRequest } from '@azure/msal-common/browser';
 import { CommonEndSessionRequest } from '@azure/msal-common/browser';
@@ -113,8 +110,6 @@ export { AuthError }
 
 export { AuthErrorCodes }
 
-export { AuthErrorMessages }
-
 // Warning: (ae-missing-release-tag) "AuthorizationCodeRequest" is part of the package's API, but it is missing a release tag (@alpha, @beta, @public, or @internal)
 //
 // @public (undocumented)
@@ -431,14 +426,10 @@ export { ClientAuthError }
 
 export { ClientAuthErrorCodes }
 
-export { ClientAuthErrorMessages }
-
 export { ClientConfigurationError }
 
 export { ClientConfigurationErrorCodes }
 
-export { ClientConfigurationErrorMessages }
-
 // Warning: (ae-missing-release-tag) "Configuration" is part of the package's API, but it is missing a release tag (@alpha, @beta, @public, or @internal)
 //
 // @public
@@ -1491,7 +1482,7 @@ export type WrapperSKU = (typeof WrapperSKU)[keyof typeof WrapperSKU];
 // src/cache/LocalStorage.ts:296:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/cache/LocalStorage.ts:354:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/cache/LocalStorage.ts:385:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
-// src/config/Configuration.ts:256:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts
+// src/config/Configuration.ts:231:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts
 // src/event/EventHandler.ts:113:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/event/EventHandler.ts:139:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/index.ts:8:12 - (tsdoc-characters-after-block-tag) The token "@azure" looks like a TSDoc tag but contains an invalid character "/"; if it is not a tag, use a backslash to escape the "@"

lib/msal-browser/src/error/BrowserAuthError.ts

@@ -7,107 +7,16 @@ import { AuthError } from "@azure/msal-common/browser";
 import * as BrowserAuthErrorCodes from "./BrowserAuthErrorCodes.js";
 export { BrowserAuthErrorCodes }; // Allow importing as "BrowserAuthErrorCodes"
 
-const ErrorLink = "For more visit: aka.ms/msaljs/browser-errors";
-
-/**
- * BrowserAuthErrorMessage class containing string constants used by error codes and messages.
- */
-export const BrowserAuthErrorMessages = {
-    [BrowserAuthErrorCodes.pkceNotCreated]:
-        "The PKCE code challenge and verifier could not be generated.",
-    [BrowserAuthErrorCodes.earJwkEmpty]:
-        "No EAR encryption key provided. This is unexpected.",
-    [BrowserAuthErrorCodes.earJweEmpty]:
-        "Server response does not contain ear_jwe property. This is unexpected.",
-    [BrowserAuthErrorCodes.cryptoNonExistent]:
-        "The crypto object or function is not available.",
-    [BrowserAuthErrorCodes.emptyNavigateUri]:
-        "Navigation URI is empty. Please check stack trace for more info.",
-    [BrowserAuthErrorCodes.hashEmptyError]: `Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. ${ErrorLink}`,
-    [BrowserAuthErrorCodes.noStateInHash]:
-        "Hash does not contain state. Please verify that the request originated from msal.",
-    [BrowserAuthErrorCodes.hashDoesNotContainKnownProperties]: `Hash does not contain known properites. Please verify that your redirectUri is not changing the hash.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.unableToParseState]:
-        "Unable to parse state. Please verify that the request originated from msal.",
-    [BrowserAuthErrorCodes.stateInteractionTypeMismatch]:
-        "Hash contains state but the interaction type does not match the caller.",
-    [BrowserAuthErrorCodes.interactionInProgress]: `Interaction is currently in progress. Please ensure that this interaction has been completed before calling an interactive API.   ${ErrorLink}`,
-    [BrowserAuthErrorCodes.popupWindowError]:
-        "Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser.",
-    [BrowserAuthErrorCodes.emptyWindowError]:
-        "window.open returned null or undefined window object.",
-    [BrowserAuthErrorCodes.userCancelled]: "User cancelled the flow.",
-    [BrowserAuthErrorCodes.monitorPopupTimeout]: `Token acquisition in popup failed due to timeout.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.monitorWindowTimeout]: `Token acquisition in iframe failed due to timeout.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.redirectInIframe]:
-        "Redirects are not supported for iframed or brokered applications. Please ensure you are using MSAL.js in a top frame of the window if using the redirect APIs, or use the popup APIs.",
-    [BrowserAuthErrorCodes.blockIframeReload]: `Request was blocked inside an iframe because MSAL detected an authentication response.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.blockNestedPopups]:
-        "Request was blocked inside a popup because MSAL detected it was running in a popup.",
-    [BrowserAuthErrorCodes.iframeClosedPrematurely]:
-        "The iframe being monitored was closed prematurely.",
-    [BrowserAuthErrorCodes.silentLogoutUnsupported]:
-        "Silent logout not supported. Please call logoutRedirect or logoutPopup instead.",
-    [BrowserAuthErrorCodes.noAccountError]:
-        "No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.",
-    [BrowserAuthErrorCodes.silentPromptValueError]:
-        "The value given for the prompt value is not valid for silent requests - must be set to 'none' or 'no_session'.",
-    [BrowserAuthErrorCodes.noTokenRequestCacheError]:
-        "No token request found in cache.",
-    [BrowserAuthErrorCodes.unableToParseTokenRequestCacheError]:
-        "The cached token request could not be parsed.",
-    [BrowserAuthErrorCodes.authRequestNotSetError]:
-        "Auth Request not set. Please ensure initiateAuthRequest was called from the InteractionHandler",
-    [BrowserAuthErrorCodes.invalidCacheType]: "Invalid cache type",
-    [BrowserAuthErrorCodes.nonBrowserEnvironment]:
-        "Login and token requests are not supported in non-browser environments.",
-    [BrowserAuthErrorCodes.databaseNotOpen]: "Database is not open!",
-    [BrowserAuthErrorCodes.noNetworkConnectivity]:
-        "No network connectivity. Check your internet connection.",
-    [BrowserAuthErrorCodes.postRequestFailed]:
-        "Network request failed: If the browser threw a CORS error, check that the redirectUri is registered in the Azure App Portal as type 'SPA'",
-    [BrowserAuthErrorCodes.getRequestFailed]:
-        "Network request failed. Please check the network trace to determine root cause.",
-    [BrowserAuthErrorCodes.failedToParseResponse]:
-        "Failed to parse network response. Check network trace.",
-    [BrowserAuthErrorCodes.unableToLoadToken]: "Error loading token to cache.",
-    [BrowserAuthErrorCodes.cryptoKeyNotFound]:
-        "Cryptographic Key or Keypair not found in browser storage.",
-    [BrowserAuthErrorCodes.authCodeRequired]:
-        "An authorization code must be provided (as the `code` property on the request) to this flow.",
-    [BrowserAuthErrorCodes.authCodeOrNativeAccountIdRequired]:
-        "An authorization code or nativeAccountId must be provided to this flow.",
-    [BrowserAuthErrorCodes.spaCodeAndNativeAccountIdPresent]:
-        "Request cannot contain both spa code and native account id.",
-    [BrowserAuthErrorCodes.databaseUnavailable]:
-        "IndexedDB, which is required for persistent cryptographic key storage, is unavailable. This may be caused by browser privacy features which block persistent storage in third-party contexts.",
-    [BrowserAuthErrorCodes.unableToAcquireTokenFromNativePlatform]: `Unable to acquire token from native platform.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.nativeHandshakeTimeout]:
-        "Timed out while attempting to establish connection to browser extension",
-    [BrowserAuthErrorCodes.nativeExtensionNotInstalled]:
-        "Native extension is not installed. If you think this is a mistake call the initialize function.",
-    [BrowserAuthErrorCodes.nativeConnectionNotEstablished]: `Connection to native platform has not been established. Please install a compatible browser extension and run initialize().  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.uninitializedPublicClientApplication]: `You must call and await the initialize function before attempting to call any other MSAL API.  ${ErrorLink}`,
-    [BrowserAuthErrorCodes.nativePromptNotSupported]:
-        "The provided prompt is not supported by the native platform. This request should be routed to the web based flow.",
-    [BrowserAuthErrorCodes.invalidBase64String]:
-        "Invalid base64 encoded string.",
-    [BrowserAuthErrorCodes.invalidPopTokenRequest]:
-        "Invalid PoP token request. The request should not have both a popKid value and signPopToken set to true.",
-    [BrowserAuthErrorCodes.failedToBuildHeaders]:
-        "Failed to build request headers object.",
-    [BrowserAuthErrorCodes.failedToParseHeaders]:
-        "Failed to parse response headers",
-    [BrowserAuthErrorCodes.failedToDecryptEarResponse]:
-        "Failed to decrypt ear response",
-};
+export function getDefaultErrorMessage(code: string): string {
+    return `See https://aka.ms/msaljs/browser/errors#${code} for details`;
+}
 
 /**
  * Browser library error class thrown by the MSAL.js library for SPAs
  */
 export class BrowserAuthError extends AuthError {
     constructor(errorCode: string, subError?: string) {
-        super(errorCode, BrowserAuthErrorMessages[errorCode], subError);
+        super(errorCode, getDefaultErrorMessage(errorCode), subError);
 
         Object.setPrototypeOf(this, BrowserAuthError.prototype);
         this.name = "BrowserAuthError";

lib/msal-browser/src/error/BrowserConfigurationAuthError.ts

@@ -5,17 +5,8 @@
 
 import { AuthError } from "@azure/msal-common/browser";
 import * as BrowserConfigurationAuthErrorCodes from "./BrowserConfigurationAuthErrorCodes.js";
+import { getDefaultErrorMessage } from "./BrowserAuthError.js";
 export { BrowserConfigurationAuthErrorCodes };
-
-export const BrowserConfigurationAuthErrorMessages = {
-    [BrowserConfigurationAuthErrorCodes.storageNotSupported]:
-        "Given storage configuration option was not supported.",
-    [BrowserConfigurationAuthErrorCodes.stubbedPublicClientApplicationCalled]:
-        "Stub instance of Public Client Application was called. If using msal-react, please ensure context is not used without a provider. For more visit: aka.ms/msaljs/browser-errors",
-    [BrowserConfigurationAuthErrorCodes.inMemRedirectUnavailable]:
-        "Redirect cannot be supported. In-memory storage was selected and storeAuthStateInCookie=false, which would cause the library to be unable to handle the incoming hash. If you would like to use the redirect API, please use session/localStorage or set storeAuthStateInCookie=true.",
-};
-
 /**
  * Browser library error class thrown by the MSAL.js library for SPAs
  */
@@ -33,6 +24,6 @@ export function createBrowserConfigurationAuthError(
 ): BrowserConfigurationAuthError {
     return new BrowserConfigurationAuthError(
         errorCode,
-        BrowserConfigurationAuthErrorMessages[errorCode]
+        getDefaultErrorMessage(errorCode)
     );
 }

lib/msal-browser/src/error/NativeAuthError.ts

@@ -12,6 +12,7 @@ import {
 import {
     createBrowserAuthError,
     BrowserAuthErrorCodes,
+    getDefaultErrorMessage,
 } from "./BrowserAuthError.js";
 
 import * as NativeAuthErrorCodes from "./NativeAuthErrorCodes.js";
@@ -28,16 +29,11 @@ export type OSError = {
 
 const INVALID_METHOD_ERROR = -2147186943;
 
-export const NativeAuthErrorMessages = {
-    [NativeAuthErrorCodes.userSwitch]:
-        "User attempted to switch accounts in the native broker, which is not allowed. All new accounts must sign-in through the standard web flow first, please try again.",
-};
-
 export class NativeAuthError extends AuthError {
     ext: OSError | undefined;
 
     constructor(errorCode: string, description?: string, ext?: OSError) {
-        super(errorCode, description);
+        super(errorCode, description || getDefaultErrorMessage(errorCode));
 
         Object.setPrototypeOf(this, NativeAuthError.prototype);
         this.name = "NativeAuthError";
@@ -90,7 +86,8 @@ export function createNativeAuthError(
         switch (ext.status) {
             case NativeStatusCodes.ACCOUNT_UNAVAILABLE:
                 return createInteractionRequiredAuthError(
-                    InteractionRequiredAuthErrorCodes.nativeAccountUnavailable
+                    InteractionRequiredAuthErrorCodes.nativeAccountUnavailable,
+                    getDefaultErrorMessage(code)
                 );
             case NativeStatusCodes.USER_INTERACTION_REQUIRED:
                 return new InteractionRequiredAuthError(code, description);
@@ -105,9 +102,5 @@ export function createNativeAuthError(
         }
     }
 
-    return new NativeAuthError(
-        code,
-        NativeAuthErrorMessages[code] || description,
-        ext
-    );
+    return new NativeAuthError(code, description, ext);
 }

lib/msal-browser/src/error/NativeAuthErrorCodes.ts

@@ -5,3 +5,4 @@
 
 export const contentError = "ContentError";
 export const userSwitch = "user_switch";
+export const unsupportedMethod = "unsupported_method";

lib/msal-browser/src/error/NestedAppAuthError.ts

@@ -4,16 +4,7 @@
  */
 
 import { AuthError } from "@azure/msal-common/browser";
-
-/**
- * NestedAppAuthErrorMessage class containing string constants used by error codes and messages.
- */
-export const NestedAppAuthErrorMessage = {
-    unsupportedMethod: {
-        code: "unsupported_method",
-        desc: "This method is not supported in nested app environment.",
-    },
-};
+import { unsupportedMethod } from "./NativeAuthErrorCodes.js";
 
 export class NestedAppAuthError extends AuthError {
     constructor(errorCode: string, errorMessage?: string) {
@@ -24,9 +15,6 @@ export class NestedAppAuthError extends AuthError {
     }
 
     public static createUnsupportedError(): NestedAppAuthError {
-        return new NestedAppAuthError(
-            NestedAppAuthErrorMessage.unsupportedMethod.code,
-            NestedAppAuthErrorMessage.unsupportedMethod.desc
-        );
+        return new NestedAppAuthError(unsupportedMethod);
     }
 }

lib/msal-browser/src/index.ts

@@ -110,13 +110,10 @@ export {
     // Error
     AuthError,
     AuthErrorCodes,
-    AuthErrorMessages,
     ClientAuthError,
     ClientAuthErrorCodes,
-    ClientAuthErrorMessages,
     ClientConfigurationError,
     ClientConfigurationErrorCodes,
-    ClientConfigurationErrorMessages,
     InteractionRequiredAuthError,
     InteractionRequiredAuthErrorCodes,
     ServerError,