Updating exceptions for 404 to include authority (#5095)

* Updating exceptions for 404 to includ authority

* Refactoring

* Adding regional test

* Clean up

* Adding token endpoint

* Adding additional test case

* Test fix

---------

Co-authored-by: trwalke <[email protected]>

Author: trwalke

src/client/Microsoft.Identity.Client/MsalServiceExceptionFactory.cs

@@ -3,6 +3,8 @@
 
 using System;
 using System.Collections.Generic;
+using System.Net;
+using System.Text;
 using Microsoft.Identity.Client.Http;
 using Microsoft.Identity.Client.Internal;
 using Microsoft.Identity.Client.Internal.Broker;
@@ -23,7 +25,8 @@ internal static MsalServiceException FromHttpResponse(
           string errorCode,
           string errorMessage,
           HttpResponse httpResponse,
-          Exception innerException = null)
+          Exception innerException = null,
+          RequestContext context = null)
         {
             MsalServiceException ex = null;
             OAuth2ResponseBase oAuth2Response = JsonHelper.TryToDeserializeFromJson<OAuth2ResponseBase>(httpResponse?.Body);
@@ -39,7 +42,7 @@ internal static MsalServiceException FromHttpResponse(
                 else  
                 {  
                     errorMessageToUse  = errorMessage;  
-                }  
+                }
 
                 if (oAuth2Response.Claims == null)
                 {
@@ -61,7 +64,7 @@ internal static MsalServiceException FromHttpResponse(
                     innerException);
             }
 
-            ex ??= new MsalServiceException(errorCode, errorMessage, innerException);
+            ex ??= new MsalServiceException(errorCode, GetErrorMessage(errorMessage, httpResponse, context), innerException);
 
             SetHttpExceptionData(ex, httpResponse);
 
@@ -73,6 +76,32 @@ internal static MsalServiceException FromHttpResponse(
             return ex;
         }
 
+        private static string GetErrorMessage(string errorMessage, HttpResponse httpResponse, RequestContext context)
+        {
+            // Using StringBuilder for more efficient string concatenation
+            var sb = new StringBuilder(errorMessage);
+
+            if (httpResponse.StatusCode == HttpStatusCode.NotFound && context != null)
+            {
+                sb.Append("\nAuthority used: ")
+                  .Append(context.ServiceBundle.Config.Authority?.AuthorityInfo?.CanonicalAuthority?.AbsoluteUri?.Split('?')[0]);
+
+                if (context.ApiEvent != null && !context.ApiEvent.TokenEndpoint.IsNullOrEmpty())
+                {
+                    sb.Append("\nToken Endpoint: ")
+                      .Append(context.ApiEvent?.TokenEndpoint);
+                }
+
+                if (!context.ServiceBundle.Config.AzureRegion.IsNullOrEmpty())
+                {
+                    sb.Append("\nRegion Used: ")
+                      .Append(context.ServiceBundle.Config.AzureRegion);
+                }
+            }
+
+            return sb.ToString();
+        }
+
         private static bool IsThrottled(OAuth2ResponseBase oAuth2Response)
         {
             return oAuth2Response.ErrorDescription != null &&

src/client/Microsoft.Identity.Client/OAuth2/OAuth2Client.cs

@@ -256,24 +256,28 @@ private static void ThrowServerException(HttpResponse response, RequestContext r
                 exceptionToThrow = MsalServiceExceptionFactory.FromHttpResponse(
                     MsalError.NonParsableOAuthError,
                     MsalErrorMessage.NonParsableOAuthError,
-                    response);
+                    response,
+                    null,
+                    requestContext);
             }
             catch (Exception ex)
             {
-
                 exceptionToThrow = MsalServiceExceptionFactory.FromHttpResponse(
                     MsalError.UnknownError,
                     response.Body,
                     response,
-                    ex);
+                    ex,
+                    requestContext);
             }
 
             exceptionToThrow ??= MsalServiceExceptionFactory.FromHttpResponse(
                     response.StatusCode == HttpStatusCode.NotFound
                         ? MsalError.HttpStatusNotFound
                         : MsalError.HttpStatusCodeNotOk,
                     httpErrorCodeMessage,
-                    response);
+                    response,
+                    null,
+                    requestContext);
 
             if (shouldLogAsError)
             {

tests/Microsoft.Identity.Test.Common/TestConstants.cs

@@ -230,7 +230,6 @@ public static IDictionary<string, string> ExtraQueryParameters
             }
         }
 
-
         public const string MsalCCAKeyVaultUri = "https://buildautomation.vault.azure.net/secrets/AzureADIdentityDivisionTestAgentSecret/";
         public const string MsalCCAKeyVaultSecretName = "MSIDLAB4-IDLABS-APP-AzureADMyOrg-CC";
         public const string MsalOBOKeyVaultUri = "https://buildautomation.vault.azure.net/secrets/IdentityDivisionDotNetOBOServiceSecret/";

tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.NetFwk.cs

@@ -87,7 +87,6 @@ public async Task RefreshOnIsEnabled(bool useRegional)
                     result.AuthenticationResultMetadata.RegionDetails.RegionOutcome);
         }
 
-
         [DataTestMethod]
         [DataRow(Cloud.Public, TargetFrameworks.NetFx | TargetFrameworks.NetCore)]
         [DataRow(Cloud.Adfs, TargetFrameworks.NetFx | TargetFrameworks.NetCore)]

tests/Microsoft.Identity.Test.Unit/ExceptionTests/MsalExceptionTests.cs

@@ -509,6 +509,82 @@ await app.AcquireTokenForClient(TestConstants.s_scope)
             }
         }
 
+        [TestMethod]
+        public async Task AuthorityInNotFoundExceptions()
+        {
+            using (var harness = CreateTestHarness())
+            {
+                harness.HttpManager.AddMockHandler(MockHelpers.CreateInstanceDiscoveryMockHandler(TestConstants.AuthorityCommonTenant + TestConstants.DiscoveryEndPoint));
+                harness.HttpManager.AddMockHandlerContentNotFound(HttpMethod.Post);
+
+                ConfidentialClientApplication app = null;
+                var certificate = new X509Certificate2(
+                    ResourceHelper.GetTestResourceRelativePath("RSATestCertDotNet.pfx"));
+
+                app = ConfidentialClientApplicationBuilder
+                    .Create(TestConstants.ClientId)
+                    .WithAuthority(new Uri(ClientApplicationBase.DefaultAuthority), true)
+                    .WithRedirectUri(TestConstants.RedirectUri)
+                    .WithHttpManager(harness.HttpManager)
+                    .WithCertificate(certificate)
+                    .BuildConcrete();
+
+                var ex = await Assert.ThrowsExceptionAsync<MsalServiceException>(async () =>
+                {
+                    await app.AcquireTokenForClient(TestConstants.s_scope)
+                             .ExecuteAsync(CancellationToken.None)
+                             .ConfigureAwait(false);
+                }).ConfigureAwait(false);
+
+                Assert.IsTrue(ex.Message.Contains("Authority used: https://login.microsoftonline.com/common/"));
+                Assert.IsTrue(ex.Message.Contains("Token Endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/token"));
+
+                //Validate that the authority is not appended with extra query parameters
+                //Validate that the region is also captured
+                Environment.SetEnvironmentVariable("REGION_NAME", TestConstants.Region);
+
+                harness.HttpManager.AddMockHandler(MockHelpers.CreateInstanceDiscoveryMockHandler(TestConstants.AuthorityCommonTenant + TestConstants.DiscoveryEndPoint));
+                harness.HttpManager.AddMockHandlerContentNotFound(HttpMethod.Post);
+
+                app = ConfidentialClientApplicationBuilder
+                    .Create(TestConstants.ClientId)
+                    .WithAuthority(new Uri(TestConstants.AuthorityNotKnownTenanted + "extra=qp"), true)
+                    .WithAzureRegion(TestConstants.Region)
+                    .WithRedirectUri(TestConstants.RedirectUri)
+                    .WithHttpManager(harness.HttpManager)
+                    .WithCertificate(certificate)
+                    .BuildConcrete();
+
+                ex = await AssertException.TaskThrowsAsync<MsalServiceException>(async () =>
+                {
+                    await app.AcquireTokenForClient(TestConstants.s_scope)
+                                                 .ExecuteAsync(CancellationToken.None)
+                                                 .ConfigureAwait(false);
+                }).ConfigureAwait(false);
+
+                Assert.IsTrue(ex.Message.Contains("Authority used: https://sts.access.edu/my-utid/"));
+                Assert.IsTrue(ex.Message.Contains("Token Endpoint: https://centralus.sts.access.edu/my-utid/oauth2/v2.0/token"));
+                Assert.IsTrue(ex.Message.Contains($"Region Used: {TestConstants.Region}"));
+
+                //harness.HttpManager.AddMockHandler(MockHelpers.CreateInstanceDiscoveryMockHandler(TestConstants.AuthorityCommonTenant + TestConstants.DiscoveryEndPoint));
+                harness.HttpManager.AddRequestTimeoutResponseMessageMockHandler(HttpMethod.Post);
+                harness.HttpManager.AddRequestTimeoutResponseMessageMockHandler(HttpMethod.Post);
+
+                //Ensure non 404 error codes do not trigger message
+                ex = await AssertException.TaskThrowsAsync<MsalServiceException>(async () =>
+                {
+                    await app.AcquireTokenForClient(TestConstants.s_scope)
+                                                 .WithForceRefresh(true)
+                                                 .ExecuteAsync(CancellationToken.None)
+                                                 .ConfigureAwait(false);
+                }).ConfigureAwait(false);
+
+                Assert.IsFalse(ex.Message.Contains("Authority used:"));
+                Assert.IsFalse(ex.Message.Contains("Token Endpoint:"));
+                Assert.IsFalse(ex.Message.Contains($"Region Used:"));
+            }
+        }
+
         private void AssertPropertyHasPublicGetAndSet(Type t, string propertyName)
         {
             var prop = t.GetProperty(propertyName);

tests/Microsoft.Identity.Test.Unit/RequestsTests/IntegratedWindowsAuthUsernamePasswordTests.cs

@@ -415,7 +415,6 @@ public async Task AcquireTokenByIntegratedWindowsAuthInvalidClientTestAsync()
             }
         }
 
-
         [TestMethod]
         [DeploymentItem(@"Resources\TestMex.xml")]
         [DeploymentItem(@"Resources\WsTrustResponse.xml")]