Add x-correlation-id header to all IMS requests

[Copilot]

Implementation Complete: Add x-correlation-id header to IMS requests

• Add x-correlation-id header generation in ServiceAuthorizationClient
  • Generate UUID for correlation ID
  • Add header to token endpoint requests
  • Pass correlation ID through to discovery client
• Add x-correlation-id header to OIDCDiscoveryClient
  • Add header to OpenID configuration discovery requests
• Add x-correlation-id header to node-cli package
  • Create CorrelationIdRequestor class
  • Update Client to use CorrelationIdRequestor
• Add x-correlation-id header to electron package
  • Create CorrelationIdRequestor class
  • Update Client to use CorrelationIdRequestor
• Add x-correlation-id header to browser package
  • Add extraHeaders to UserManagerSettings with x-correlation-id
  • Updated implementation to ensure compatibility and add clarifying comments
• Build and verify changes - All packages build successfully
• Run linters - All linters pass
• Run tests - Unit tests pass (integration tests require network access)
• Code review completed - Addressed browser package feedback
• Security scan completed - No vulnerabilities found
• Generated beachball change files

Summary

All auth-clients packages now automatically include the x-correlation-id header with a random UUID in all requests to IMS. This enables better request tracking through the IMS/PING system as requested. Beachball change files have been generated for all affected packages.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Set x-correlation-id header in requests to IMS</issue_title>
<issue_description>We can provide an x-correlation-id header in requests to IMS to more easily track requests as they travel through the IMS/PING system. This should be a GUID.

See the following message for reference:

IMS Release: X-Correlation-Id
4/24/2025
Name: Update PingAccess & PingFederate to support the 'X-Correlation-Id' header.
Purpose: Allows calling applications to provide the 'X-Correlation-Id' header populated with a random GUID which will follow that request through the Ping stack. This allows us much better insights into your request and what exactly happened.

Support Notes: None.
Developer Notes: ALL application teams consuming IMS are HIGHLY encouraged to update their applications to provide this header when calling IMS in any circumstance. Regular logins, access token requests, SCIM requests, etc. Further, you should log this value where possible such that it can be provided back to the IMS team for troubleshooting purposes. This will significantly improve our ability to review reported problems.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Set x-correlation-id header in requests to IMS #296

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[CLAassistant]

All committers have signed the CLA.

[Copilot]

Pull request overview

This PR implements support for the x-correlation-id header across all auth client packages to enable request tracking through the IMS/Ping stack. Each request to IMS will include a randomly generated UUID in this header.

Changes:

• Added x-correlation-id header with random UUIDs to all HTTP requests to IMS endpoints
• Created CorrelationIdRequestor wrapper class for Node.js-based packages to intercept and enhance requests
• Configured browser package to use native crypto API for UUID generation via extraHeaders

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
packages/service/src/ServiceAuthorizationClient.ts	Added correlation ID header to token endpoint requests
packages/service/src/OIDCDiscoveryClient.ts	Added correlation ID header to OIDC discovery requests
packages/node-cli/src/CorrelationIdRequestor.ts	Created requestor wrapper to inject correlation ID into all requests
packages/node-cli/src/Client.ts	Replaced NodeRequestor with CorrelationIdRequestor
packages/electron/src/main/CorrelationIdRequestor.ts	Created requestor wrapper (duplicate of node-cli version)
packages/electron/src/main/Client.ts	Replaced NodeRequestor with CorrelationIdRequestor
packages/browser/src/Client.ts	Added extraHeaders configuration with correlation ID function

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[ben-polinsky]

You need to run rush change

[Copilot]

You need to run rush change

Ran npm run change (beachball change) and generated change files for all 4 affected packages. (a2ec809)

[ben-polinsky]

see latest comments