Add STS error codes to MSAL public error (#2319)

nilo-ms · web-flow · commit 7792bfb0dce7 · 2024-09-12T12:06:16.000+01:00
* add new error codes key and parse msid error codes

* add new error converter tests

* update changelog file

* add new unit test to check specific scenario when user info is nil
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,5 @@
 ## [TBD]:
+* Parse and add STS error codes in token error result (#2319)
 * VisionOS support added (#2139)
 
 ## [1.5.0]
diff --git a/MSAL/IdentityCore b/MSAL/IdentityCore
@@ -1 +1 @@
-Subproject commit ec40a8851cf9d2d4bbb06a18c593f953064d723c
+Subproject commit f1c0962cee41fc1a7dc805ccb81dc276e26cc60c
diff --git a/MSAL/src/MSALError.m b/MSAL/src/MSALError.m
@@ -31,6 +31,7 @@
 NSString *MSALOAuthErrorKey = @"MSALOAuthErrorKey";
 NSString *MSALOAuthSubErrorKey = @"MSALOAuthSubErrorKey";
 NSString *MSALErrorDescriptionKey = @"MSALErrorDescriptionKey";
+NSString *MSALSTSErrorCodesKey = @"MSALSTSErrorCodesKey";
 NSString *MSALInternalErrorCodeKey = @"MSALInternalErrorCodeKey";
 NSString *MSALHTTPHeadersKey = @"MSALHTTPHeadersKey";
 NSString *MSALHTTPResponseCodeKey = @"MSALHTTPResponseCodeKey";
diff --git a/MSAL/src/MSALErrorConverter.m b/MSAL/src/MSALErrorConverter.m
@@ -139,6 +139,7 @@ + (void)initialize
                              MSIDHTTPResponseCodeKey : MSALHTTPResponseCodeKey,
                              MSIDCorrelationIdKey : MSALCorrelationIDKey,
                              MSIDErrorDescriptionKey : MSALErrorDescriptionKey,
+                             MSIDSTSErrorCodesKey : MSALSTSErrorCodesKey,
                              MSIDOAuthErrorKey: MSALOAuthErrorKey,
                              MSIDOAuthSubErrorKey: MSALOAuthSubErrorKey,
                              MSIDDeclinedScopesKey: MSALDeclinedScopesKey,
@@ -249,8 +250,12 @@ + (NSError *)errorWithDomain:(NSString *)domain
     if (errorDescription) msalUserInfo[MSALErrorDescriptionKey] = errorDescription;
     if (oauthError) msalUserInfo[MSALOAuthErrorKey] = oauthError;
     if (subError) msalUserInfo[MSALOAuthSubErrorKey] = subError;
-    
-    if (underlyingError) msalUserInfo[NSUnderlyingErrorKey] = [MSALErrorConverter msalErrorFromMsidError:underlyingError];
+        
+    if (underlyingError) {
+        msalUserInfo[NSUnderlyingErrorKey] = [MSALErrorConverter msalErrorFromMsidError:underlyingError];
+        NSArray<NSNumber *>* stsErrorCodes = underlyingError.userInfo[MSIDSTSErrorCodesKey];
+        if (stsErrorCodes) msalUserInfo[MSALSTSErrorCodesKey] = stsErrorCodes;
+    }
     
     msalUserInfo[MSALInternalErrorCodeKey] = internalCode;
 
diff --git a/MSAL/src/public/MSALError.h b/MSAL/src/public/MSALError.h
@@ -62,6 +62,12 @@ extern NSString *MSALOAuthSubErrorKey;
  */
 extern NSString *MSALErrorDescriptionKey;
 
+/**
+    A list of STS-specific error codes returned by the service that can help in diagnostics. Note that error codes can change and should
+    not be relied upon for any error handling logic.
+ */
+extern NSString *MSALSTSErrorCodesKey;
+
 /**
  Internal error code returned together with MSALErrorInternal error.
  */
diff --git a/MSAL/test/unit/MSALErrorConverterTests.m b/MSAL/test/unit/MSALErrorConverterTests.m
@@ -89,6 +89,7 @@ - (void)testErrorConversion_whenOnlyErrorDomainIsMapped_ErrorCodeShouldBeKept {
     NSUUID *correlationId = [NSUUID UUID];
     NSDictionary *httpHeaders = @{@"fake header key" : @"fake header value"};
     NSString *httpResponseCode = @"-99999";
+    NSArray<NSNumber *> *stsErrorCodes = @[@123];
     
     NSError *msalError = [MSALErrorConverter errorWithDomain:MSIDKeychainErrorDomain
                                                         code:errorCode
@@ -100,6 +101,7 @@ - (void)testErrorConversion_whenOnlyErrorDomainIsMapped_ErrorCodeShouldBeKept {
                                                     userInfo:@{MSIDHTTPHeadersKey : httpHeaders,
                                                                MSIDHTTPResponseCodeKey : httpResponseCode,
                                                                MSIDThrottlingCacheHitKey : @1,
+                                                               MSIDSTSErrorCodesKey : stsErrorCodes,
                                                                @"additional_user_info": @"unmapped_userinfo"}
                                               classifyErrors:YES
                                           msalOauth2Provider:nil
@@ -123,6 +125,29 @@ - (void)testErrorConversion_whenOnlyErrorDomainIsMapped_ErrorCodeShouldBeKept {
     XCTAssertNil(msalError.userInfo[MSIDHTTPResponseCodeKey]);
     XCTAssertEqualObjects(msalError.userInfo[@"additional_user_info"], @"unmapped_userinfo");
     XCTAssertTrue(msalError.userInfo[MSALThrottlingCacheHitKey]);
+    XCTAssertEqualObjects(msalError.userInfo[MSALSTSErrorCodesKey], stsErrorCodes);
+}
+
+- (void)testErrorConversion_ErrorCodesAreAlsoRetrievedFromUnderlyingError_ErrorShouldBeParsedCorrectly {
+    NSArray<NSNumber *> *stsErrorCodes = @[@123];
+    NSError *underlyingError = [NSError errorWithDomain:NSOSStatusErrorDomain code:errSecItemNotFound userInfo:@{MSIDSTSErrorCodesKey : stsErrorCodes}];
+    
+    
+    NSError *msalError = [MSALErrorConverter errorWithDomain:MSIDKeychainErrorDomain
+                                                        code:1
+                                            errorDescription:@"description"
+                                                  oauthError:@"oauthError"
+                                                    subError:@"subError"
+                                             underlyingError:underlyingError
+                                               correlationId:[NSUUID UUID]
+                                                    userInfo:nil
+                                              classifyErrors:YES
+                                          msalOauth2Provider:nil
+                                                  authScheme:[MSALAuthenticationSchemeBearer new]
+                                                  popManager:nil];
+    
+    XCTAssertNotNil(msalError);
+    XCTAssertEqualObjects(msalError.userInfo[MSALSTSErrorCodesKey], stsErrorCodes);
 }
 
 - (void)testErrorConversion_whenUnclassifiedInternalMSALErrorPassed_shouldMapToInternal
@@ -153,6 +178,7 @@ - (void)testErrorConversion_whenUnclassifiedInternalMSALErrorPassed_shouldMapToI
     XCTAssertEqualObjects(msalError.userInfo[MSALOAuthErrorKey], oauthError);
     XCTAssertEqualObjects(msalError.userInfo[MSALOAuthSubErrorKey], subError);
     XCTAssertEqualObjects(msalError.userInfo[MSALInternalErrorCodeKey], @(-42400));
+    XCTAssertFalse([msalError.userInfo.allKeys containsObject: MSALSTSErrorCodesKey]);
 }
 
 - (void)testErrorConversion_whenUnclassifiedInternalMSALErrorPassed_andErrorDescriptionPassedInDictionary_shouldMapToInternal_andPreserveErrorDescription

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`## [TBD]:`
	`2`	`+* Parse and add STS error codes in token error result (#2319)`
`2`	`3`	`* VisionOS support added (#2139)`
`3`	`4`
`4`	`5`	`## [1.5.0]`