Authority mismatch instrumentation

change/@azure-msal-browser-8d6fcd39-1f3b-4b4d-81e6-b729b83cdd7e.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Authority mismatch instrumentation [#8212](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/8212)",
+  "packageName": "@azure/msal-browser",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

change/@azure-msal-common-adda0fb4-dea9-4116-b965-68b15040c909.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Authority mismatch instrumentation [#8212](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/8212)",
+  "packageName": "@azure/msal-common",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

lib/msal-browser/src/interaction_client/BaseInteractionClient.ts

@@ -235,6 +235,26 @@ export abstract class BaseInteractionClient {
         );
 
         if (account && !discoveredAuthority.isAlias(account.environment)) {
+            const normalizeValue = (value: string | undefined): string => {
+                if (value === undefined) {
+                    return "(undefined)";
+                }
+
+                if (value.trim() === "") {
+                    return "(empty string)";
+                }
+                return value;
+            };
+
+            this.performanceClient.addFields(
+                {
+                    discoveredAuthority: normalizeValue(
+                        discoveredAuthority.canonicalAuthority
+                    ),
+                    accountEnvironment: normalizeValue(account.environment),
+                },
+                this.correlationId
+            );
             throw createClientConfigurationError(
                 ClientConfigurationErrorCodes.authorityMismatch
             );

lib/msal-browser/test/interaction_client/BaseInteractionClient.spec.ts

@@ -269,6 +269,170 @@ describe("BaseInteractionClient", () => {
                 });
         });
 
+        it("Adds telemetry fields when authority mismatch occurs with valid values", async () => {
+            const testAccount = {
+                homeAccountId: TEST_DATA_CLIENT_INFO.TEST_HOME_ACCOUNT_ID,
+                localAccountId: TEST_DATA_CLIENT_INFO.TEST_UID,
+                environment: "login.windows-ppe.net",
+                tenantId: "3338040d-6c67-4c5b-b112-36a304b66dad",
+                username: "[email protected]",
+                loginHint: "loginHint",
+            };
+
+            // @ts-ignore
+            const addFieldsSpy = jest.spyOn(
+                (testClient as any).performanceClient,
+                "addFields"
+            );
+
+            await testClient
+                // @ts-ignore
+                .getDiscoveredAuthority({
+                    requestAuthority:
+                        "https://login.microsoftonline.com/common",
+                    account: testAccount,
+                })
+                .catch((error) => {
+                    expect(error).toStrictEqual(
+                        createClientConfigurationError(
+                            ClientConfigurationErrorCodes.authorityMismatch
+                        )
+                    );
+                });
+
+            expect(addFieldsSpy).toHaveBeenCalledWith(
+                expect.objectContaining({
+                    discoveredAuthority:
+                        "https://login.microsoftonline.com/common/",
+                    accountEnvironment: "login.windows-ppe.net",
+                }),
+                expect.any(String)
+            );
+        });
+
+        it("Adds telemetry with normalized values when account environment is undefined", async () => {
+            const testAccount = {
+                homeAccountId: TEST_DATA_CLIENT_INFO.TEST_HOME_ACCOUNT_ID,
+                localAccountId: TEST_DATA_CLIENT_INFO.TEST_UID,
+                environment: undefined as any,
+                tenantId: "3338040d-6c67-4c5b-b112-36a304b66dad",
+                username: "[email protected]",
+                loginHint: "loginHint",
+            };
+
+            // @ts-ignore
+            const addFieldsSpy = jest.spyOn(
+                (testClient as any).performanceClient,
+                "addFields"
+            );
+
+            await testClient
+                // @ts-ignore
+                .getDiscoveredAuthority({
+                    requestAuthority:
+                        "https://login.microsoftonline.com/common",
+                    account: testAccount,
+                })
+                .catch((error) => {
+                    expect(error).toStrictEqual(
+                        createClientConfigurationError(
+                            ClientConfigurationErrorCodes.authorityMismatch
+                        )
+                    );
+                });
+
+            expect(addFieldsSpy).toHaveBeenCalledWith(
+                expect.objectContaining({
+                    discoveredAuthority:
+                        "https://login.microsoftonline.com/common/",
+                    accountEnvironment: "(undefined)",
+                }),
+                expect.any(String)
+            );
+        });
+
+        it("Adds telemetry with normalized values when account environment is empty string", async () => {
+            const testAccount = {
+                homeAccountId: TEST_DATA_CLIENT_INFO.TEST_HOME_ACCOUNT_ID,
+                localAccountId: TEST_DATA_CLIENT_INFO.TEST_UID,
+                environment: "",
+                tenantId: "3338040d-6c67-4c5b-b112-36a304b66dad",
+                username: "[email protected]",
+                loginHint: "loginHint",
+            };
+
+            // @ts-ignore
+            const addFieldsSpy = jest.spyOn(
+                (testClient as any).performanceClient,
+                "addFields"
+            );
+
+            await testClient
+                // @ts-ignore
+                .getDiscoveredAuthority({
+                    requestAuthority:
+                        "https://login.microsoftonline.com/common",
+                    account: testAccount,
+                })
+                .catch((error) => {
+                    expect(error).toStrictEqual(
+                        createClientConfigurationError(
+                            ClientConfigurationErrorCodes.authorityMismatch
+                        )
+                    );
+                });
+
+            expect(addFieldsSpy).toHaveBeenCalledWith(
+                expect.objectContaining({
+                    discoveredAuthority:
+                        "https://login.microsoftonline.com/common/",
+                    accountEnvironment: "(empty string)",
+                }),
+                expect.any(String)
+            );
+        });
+
+        it("Adds telemetry with normalized values when account environment is whitespace-only", async () => {
+            const testAccount = {
+                homeAccountId: TEST_DATA_CLIENT_INFO.TEST_HOME_ACCOUNT_ID,
+                localAccountId: TEST_DATA_CLIENT_INFO.TEST_UID,
+                environment: "   ",
+                tenantId: "3338040d-6c67-4c5b-b112-36a304b66dad",
+                username: "[email protected]",
+                loginHint: "loginHint",
+            };
+
+            // @ts-ignore
+            const addFieldsSpy = jest.spyOn(
+                (testClient as any).performanceClient,
+                "addFields"
+            );
+
+            await testClient
+                // @ts-ignore
+                .getDiscoveredAuthority({
+                    requestAuthority:
+                        "https://login.microsoftonline.com/common",
+                    account: testAccount,
+                })
+                .catch((error) => {
+                    expect(error).toStrictEqual(
+                        createClientConfigurationError(
+                            ClientConfigurationErrorCodes.authorityMismatch
+                        )
+                    );
+                });
+
+            expect(addFieldsSpy).toHaveBeenCalledWith(
+                expect.objectContaining({
+                    discoveredAuthority:
+                        "https://login.microsoftonline.com/common/",
+                    accountEnvironment: "(empty string)",
+                }),
+                expect.any(String)
+            );
+        });
+
         it("Does not throw error when authority in request or MSAL config matches with environment set for account", (done) => {
             const testAccount = {
                 homeAccountId: TEST_DATA_CLIENT_INFO.TEST_HOME_ACCOUNT_ID,

lib/msal-common/apiReview/msal-common.api.md

@@ -3505,6 +3505,8 @@ export type PerformanceEvent = {
     cacheAtCount?: number;
     scenarioId?: string;
     accountType?: "AAD" | "MSA" | "B2C";
+    discoveredAuthority?: string;
+    accountEnvironment?: string;
     retryError?: string;
     embeddedClientId?: string;
     embeddedRedirectUri?: string;
@@ -4821,8 +4823,8 @@ const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
 // src/telemetry/performance/PerformanceEvent.ts:815:22 - (tsdoc-escape-right-brace) The "}" character should be escaped using a backslash to avoid confusion with a TSDoc inline tag
 // src/telemetry/performance/PerformanceEvent.ts:815:14 - (tsdoc-malformed-inline-tag) Expecting a TSDoc tag starting with "{@"
 // src/telemetry/performance/PerformanceEvent.ts:815:8 - (tsdoc-undefined-tag) The TSDoc tag "@type" is not defined in this configuration
-// src/telemetry/performance/PerformanceEvent.ts:889:21 - (tsdoc-escape-right-brace) The "}" character should be escaped using a backslash to avoid confusion with a TSDoc inline tag
-// src/telemetry/performance/PerformanceEvent.ts:889:14 - (tsdoc-malformed-inline-tag) Expecting a TSDoc tag starting with "{@"
-// src/telemetry/performance/PerformanceEvent.ts:889:8 - (tsdoc-undefined-tag) The TSDoc tag "@type" is not defined in this configuration
+// src/telemetry/performance/PerformanceEvent.ts:893:21 - (tsdoc-escape-right-brace) The "}" character should be escaped using a backslash to avoid confusion with a TSDoc inline tag
+// src/telemetry/performance/PerformanceEvent.ts:893:14 - (tsdoc-malformed-inline-tag) Expecting a TSDoc tag starting with "{@"
+// src/telemetry/performance/PerformanceEvent.ts:893:8 - (tsdoc-undefined-tag) The TSDoc tag "@type" is not defined in this configuration
 
 ```

lib/msal-common/src/cache/entities/AccountEntity.ts

@@ -147,7 +147,7 @@ export class AccountEntity {
             accountDetails.environment ||
             (authority && authority.getPreferredCache());
 
-        if (!env) {
+        if (!env || env.trim() === "") {
             throw createClientAuthError(
                 ClientAuthErrorCodes.invalidCacheEnvironment
             );

lib/msal-common/src/response/ResponseHandler.ts

@@ -354,7 +354,7 @@ export class ResponseHandler {
         authCodePayload?: AuthorizationCodePayload
     ): CacheRecord {
         const env = authority.getPreferredCache();
-        if (!env) {
+        if (!env || env.trim() === "") {
             throw createClientAuthError(
                 ClientAuthErrorCodes.invalidCacheEnvironment
             );

lib/msal-common/src/telemetry/performance/PerformanceEvent.ts

@@ -883,6 +883,10 @@ export type PerformanceEvent = {
 
     accountType?: "AAD" | "MSA" | "B2C";
 
+    // Discovered authority and passed in account's authority/environment values
+    discoveredAuthority?: string;
+    accountEnvironment?: string;
+
     /**
      * Server error that triggers a request retry
      *