Instrument additional data points

change/@azure-msal-browser-73ec5ebe-e4ae-4669-ae10-1f218239df94.json

@@ -0,0 +1,7 @@
+{
+  "type": "minor",
+  "comment": "Instrument additional data points #7543",
+  "packageName": "@azure/msal-browser",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

change/@azure-msal-common-a68a68db-d459-40f8-bdb4-4ea01b1ed588.json

@@ -0,0 +1,7 @@
+{
+  "type": "minor",
+  "comment": "Instrument additional data points #7543",
+  "packageName": "@azure/msal-common",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

lib/msal-browser/src/interaction_client/PopupClient.ts

@@ -103,6 +103,11 @@ export class PopupClient extends StandardInteractionClient {
                 popupWindowParent: request.popupWindowParent ?? window,
             };
 
+            this.performanceClient.addFields(
+                { isAsyncPopup: this.config.system.asyncPopups },
+                this.correlationId
+            );
+
             // asyncPopups flag is true. Acquires token without first opening popup. Popup will be opened later asynchronously.
             if (this.config.system.asyncPopups) {
                 this.logger.verbose("asyncPopups set to true, acquiring token");

lib/msal-browser/test/interaction_client/PopupClient.spec.ts

@@ -57,7 +57,7 @@ import { InteractionHandler } from "../../src/interaction_handler/InteractionHan
 import { getDefaultPerformanceClient } from "../utils/TelemetryUtils.js";
 import { AuthenticationResult } from "../../src/response/AuthenticationResult.js";
 import { BrowserCacheManager } from "../../src/cache/BrowserCacheManager.js";
-import { BrowserAuthErrorCodes } from "../../src/index.js";
+import { BrowserAuthErrorCodes, BrowserUtils } from "../../src/index.js";
 import { FetchClient } from "../../src/network/FetchClient.js";
 
 const testPopupWondowDefaults = {
@@ -206,13 +206,22 @@ describe("PopupClient", () => {
         });
 
         it("opens popups asynchronously if configured", async () => {
+            const perfClient = getDefaultPerformanceClient();
             let pca = new PublicClientApplication({
                 auth: {
                     clientId: TEST_CONFIG.MSAL_CLIENT_ID,
                 },
                 system: {
                     asyncPopups: true,
                 },
+                telemetry: {
+                    client: perfClient,
+                },
+            });
+
+            let resEvents;
+            perfClient.addPerformanceCallback((events) => {
+                resEvents = events;
             });
 
             await pca.initialize();
@@ -237,7 +246,9 @@ describe("PopupClient", () => {
                 //@ts-ignore
                 pca.performanceClient,
                 //@ts-ignore
-                pca.nativeInternalStorage
+                pca.nativeInternalStorage,
+                undefined,
+                TEST_CONFIG.CORRELATION_ID
             );
 
             jest.spyOn(PkceGenerator, "generatePkceCodes").mockResolvedValue({
@@ -258,13 +269,18 @@ describe("PopupClient", () => {
                     TEST_CONFIG.TOKEN_TYPE_BEARER as AuthenticationScheme,
             };
 
+            const rootMeasurement = perfClient.startMeasurement(
+                "root-measurement",
+                request.correlationId
+            );
             const popupSpy = jest
                 .spyOn(PopupClient.prototype, "openSizedPopup")
                 .mockImplementation();
 
             try {
                 await popupClient.acquireToken(request);
             } catch (e) {}
+            rootMeasurement.end({ success: true });
             expect(popupSpy).toHaveBeenCalled();
             expect(popupSpy.mock.calls[0]).toHaveLength(2);
             expect(
@@ -279,16 +295,29 @@ describe("PopupClient", () => {
             expect(popupSpy.mock.calls[0][0]).toContain(
                 `login_hint=${encodeURIComponent(request.loginHint || "")}`
             );
+
+            // @ts-ignore
+            const event = resEvents[0];
+            expect(event.isAsyncPopup).toBeTruthy();
         });
 
         it("calls native broker if server responds with accountId", async () => {
+            const perfClient = getDefaultPerformanceClient();
             pca = new PublicClientApplication({
                 auth: {
                     clientId: TEST_CONFIG.MSAL_CLIENT_ID,
                 },
                 system: {
                     allowPlatformBroker: true,
                 },
+                telemetry: {
+                    client: perfClient,
+                },
+            });
+
+            let resEvents;
+            perfClient.addPerformanceCallback((events) => {
+                resEvents = events;
             });
 
             await pca.initialize();
@@ -370,7 +399,7 @@ describe("PopupClient", () => {
                 //@ts-ignore
                 pca.logger,
                 2000,
-                getDefaultPerformanceClient()
+                perfClient
             );
             //@ts-ignore
             popupClient = new PopupClient(
@@ -392,11 +421,20 @@ describe("PopupClient", () => {
                 pca.nativeInternalStorage,
                 nativeMessageHandler
             );
+            const correlationId = BrowserUtils.createGuid();
+            const rootMeasurement = perfClient.startMeasurement(
+                "root-measurement",
+                correlationId
+            );
             const tokenResp = await popupClient.acquireToken({
                 redirectUri: TEST_URIS.TEST_REDIR_URI,
                 scopes: TEST_CONFIG.DEFAULT_SCOPES,
+                correlationId,
             });
+            rootMeasurement.end({ success: true });
             expect(tokenResp).toEqual(testTokenResponse);
+            // @ts-ignore
+            expect(resEvents[0].isAsyncPopup).toBeFalsy();
         });
 
         it("throws if server responds with accountId but extension message handler is not instantiated", async () => {

lib/msal-common/apiReview/msal-common.api.md

@@ -3062,6 +3062,15 @@ export type PerformanceEvent = {
     retryError?: string;
     embeddedClientId?: string;
     embeddedRedirectUri?: string;
+    isAsyncPopup?: boolean;
+    rtExpiresOnMs?: number;
+    sidFromClaims?: boolean;
+    sidFromRequest?: boolean;
+    loginHintFromRequest?: boolean;
+    loginHintFromUpn?: boolean;
+    loginHintFromClaim?: boolean;
+    domainHintFromRequest?: boolean;
+    prompt?: string;
 };
 
 // Warning: (tsdoc-undefined-tag) The TSDoc tag "@export" is not defined in this configuration
@@ -4273,12 +4282,12 @@ const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
 // src/client/AuthorizationCodeClient.ts:229:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/client/AuthorizationCodeClient.ts:307:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/client/AuthorizationCodeClient.ts:507:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
-// src/client/AuthorizationCodeClient.ts:730:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
-// src/client/AuthorizationCodeClient.ts:790:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
+// src/client/AuthorizationCodeClient.ts:763:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
+// src/client/AuthorizationCodeClient.ts:823:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/client/RefreshTokenClient.ts:193:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
-// src/client/RefreshTokenClient.ts:277:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
-// src/client/RefreshTokenClient.ts:278:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
-// src/client/RefreshTokenClient.ts:337:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
+// src/client/RefreshTokenClient.ts:286:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
+// src/client/RefreshTokenClient.ts:287:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
+// src/client/RefreshTokenClient.ts:346:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/client/SilentFlowClient.ts:172:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/config/ClientConfiguration.ts:50:5 - (ae-forgotten-export) The symbol "ClientCredentials" needs to be exported by the entry point index.d.ts
 // src/config/ClientConfiguration.ts:51:5 - (ae-forgotten-export) The symbol "LibraryInfo" needs to be exported by the entry point index.d.ts

lib/msal-common/src/client/AuthorizationCodeClient.ts

@@ -571,8 +571,17 @@ export class AuthorizationCodeClient extends BaseClient {
 
         if (request.domainHint) {
             parameterBuilder.addDomainHint(request.domainHint);
+            this.performanceClient?.addFields(
+                { domainHintFromRequest: true },
+                correlationId
+            );
         }
 
+        this.performanceClient?.addFields(
+            { prompt: request.prompt },
+            correlationId
+        );
+
         // Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object
         if (request.prompt !== PromptValue.SELECT_ACCOUNT) {
             // AAD will throw if prompt=select_account is passed with an account hint
@@ -582,6 +591,10 @@ export class AuthorizationCodeClient extends BaseClient {
                     "createAuthCodeUrlQueryString: Prompt is none, adding sid from request"
                 );
                 parameterBuilder.addSid(request.sid);
+                this.performanceClient?.addFields(
+                    { sidFromRequest: true },
+                    correlationId
+                );
             } else if (request.account) {
                 const accountSid = this.extractAccountSid(request.account);
                 let accountLoginHintClaim = this.extractLoginHint(
@@ -601,6 +614,10 @@ export class AuthorizationCodeClient extends BaseClient {
                         "createAuthCodeUrlQueryString: login_hint claim present on account"
                     );
                     parameterBuilder.addLoginHint(accountLoginHintClaim);
+                    this.performanceClient?.addFields(
+                        { loginHintFromClaim: true },
+                        correlationId
+                    );
                     try {
                         const clientInfo = buildClientInfoFromHomeAccountId(
                             request.account.homeAccountId
@@ -620,6 +637,10 @@ export class AuthorizationCodeClient extends BaseClient {
                         "createAuthCodeUrlQueryString: Prompt is none, adding sid from account"
                     );
                     parameterBuilder.addSid(accountSid);
+                    this.performanceClient?.addFields(
+                        { sidFromClaim: true },
+                        correlationId
+                    );
                     try {
                         const clientInfo = buildClientInfoFromHomeAccountId(
                             request.account.homeAccountId
@@ -636,12 +657,20 @@ export class AuthorizationCodeClient extends BaseClient {
                     );
                     parameterBuilder.addLoginHint(request.loginHint);
                     parameterBuilder.addCcsUpn(request.loginHint);
+                    this.performanceClient?.addFields(
+                        { loginHintFromRequest: true },
+                        correlationId
+                    );
                 } else if (request.account.username) {
                     // Fallback to account username if provided
                     this.logger.verbose(
                         "createAuthCodeUrlQueryString: Adding login_hint from account"
                     );
                     parameterBuilder.addLoginHint(request.account.username);
+                    this.performanceClient?.addFields(
+                        { loginHintFromUpn: true },
+                        correlationId
+                    );
                     try {
                         const clientInfo = buildClientInfoFromHomeAccountId(
                             request.account.homeAccountId
@@ -659,6 +688,10 @@ export class AuthorizationCodeClient extends BaseClient {
                 );
                 parameterBuilder.addLoginHint(request.loginHint);
                 parameterBuilder.addCcsUpn(request.loginHint);
+                this.performanceClient?.addFields(
+                    { loginHintFromRequest: true },
+                    correlationId
+                );
             }
         } else {
             this.logger.verbose(

lib/msal-common/src/client/RefreshTokenClient.ts

@@ -230,6 +230,10 @@ export class RefreshTokenClient extends BaseClient {
                     DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS
             )
         ) {
+            this.performanceClient?.addFields(
+                { rtExpiresOnMs: Number(refreshToken.expiresOn) },
+                request.correlationId
+            );
             throw createInteractionRequiredAuthError(
                 InteractionRequiredAuthErrorCodes.refreshTokenExpired
             );
@@ -256,16 +260,21 @@ export class RefreshTokenClient extends BaseClient {
                 request.correlationId
             )(refreshTokenRequest);
         } catch (e) {
-            if (
-                e instanceof InteractionRequiredAuthError &&
-                e.subError === InteractionRequiredAuthErrorCodes.badToken
-            ) {
-                // Remove bad refresh token from cache
-                this.logger.verbose(
-                    "acquireTokenWithRefreshToken: bad refresh token, removing from cache"
+            if (e instanceof InteractionRequiredAuthError) {
+                this.performanceClient?.addFields(
+                    { rtExpiresOnMs: Number(refreshToken.expiresOn) },
+                    request.correlationId
                 );
-                const badRefreshTokenKey = generateCredentialKey(refreshToken);
-                this.cacheManager.removeRefreshToken(badRefreshTokenKey);
+
+                if (e.subError === InteractionRequiredAuthErrorCodes.badToken) {
+                    // Remove bad refresh token from cache
+                    this.logger.verbose(
+                        "acquireTokenWithRefreshToken: bad refresh token, removing from cache"
+                    );
+                    const badRefreshTokenKey =
+                        generateCredentialKey(refreshToken);
+                    this.cacheManager.removeRefreshToken(badRefreshTokenKey);
+                }
             }
 
             throw e;

lib/msal-common/src/telemetry/performance/PerformanceEvent.ts

@@ -868,6 +868,19 @@ export type PerformanceEvent = {
 
     embeddedClientId?: string;
     embeddedRedirectUri?: string;
+
+    isAsyncPopup?: boolean;
+
+    rtExpiresOnMs?: number;
+
+    sidFromClaims?: boolean;
+    sidFromRequest?: boolean;
+    loginHintFromRequest?: boolean;
+    loginHintFromUpn?: boolean;
+    loginHintFromClaim?: boolean;
+    domainHintFromRequest?: boolean;
+
+    prompt?: string;
 };
 
 export type PerformanceEventContext = {