Merge pull request #2036 from microsoftgraph/po/LogMsalEvents

peombwa · web-flow · commit 63e0fea0c9fd · 2023-05-25T11:31:13.000-07:00
Log MSAL events to debug stream
diff --git a/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs b/src/Authentication/Authentication.Core/Utilities/AuthenticationHelpers.cs
@@ -2,11 +2,13 @@
 //  Copyright (c) Microsoft Corporation.  All Rights Reserved.  Licensed under the MIT License.  See License in the project root for license information.
 // ------------------------------------------------------------------------------
 using Azure.Core;
+using Azure.Core.Diagnostics;
 using Azure.Identity;
 using Microsoft.Graph.PowerShell.Authentication.Core.Extensions;
 using Microsoft.Identity.Client;
 using Microsoft.Identity.Client.Extensions.Msal;
 using System;
+using System.Diagnostics.Tracing;
 using System.Globalization;
 using System.IO;
 using System.Linq;
@@ -201,8 +203,14 @@ public static async Task<IAuthContext> AuthenticateAsync(IAuthContext authContex
             {
                 try
                 {
-                    signInAuthContext = await SignInAsync(authContext, cancellationToken).ConfigureAwait(false);
-                    retrySignIn = false;
+                    // Write MSAL logs to debug stream.
+                    using (AzureEventSourceListener listener = new AzureEventSourceListener(
+                        (args, message) => GraphSession.Instance.OutputWriter.WriteDebug($"{message}"),
+                        level: EventLevel.Informational))
+                    {
+                        signInAuthContext = await SignInAsync(authContext, cancellationToken).ConfigureAwait(false);
+                        retrySignIn = false;
+                    };
                 }
                 catch (AuthenticationFailedException authEx)
                 {
diff --git a/src/Authentication/Authentication/test/Connect-MgGraph.Tests.ps1 b/src/Authentication/Authentication/test/Connect-MgGraph.Tests.ps1
@@ -95,9 +95,17 @@ Describe 'Connect-MgGraph In App Mode' {
     }
 
 }
+
 Describe 'Connect-MgGraph Dependency Resolution' {
     It 'Should load Mg module side by side with Az module.' {
         { Connect-AzAccount -ApplicationId $RandomClientId -CertificateThumbprint "Invalid" -Tenant "Invalid" -ErrorAction Stop } | Should -Throw -ExpectedMessage "*Could not find tenant id*"
         { Connect-MgGraph -TenantId "thisdomaindoesnotexist.com" -ErrorAction Stop -UseDeviceAuthentication } | Should -Throw -ExpectedMessage "*AADSTS90002*"
     }
+}
+
+Describe 'Connect-MgGraph Logging' {
+    It 'Should write MSAL logs to debug stream.' {
+        $MgDebugStream = $(Connect-MgGraph -TenantId "thisdomaindoesnotexist.com" -UseDeviceAuthentication -Debug -ErrorAction SilentlyContinue) 5>&1
+        $MgDebugStream[0] | Should -Match "DeviceCodeCredential.Authenticate invoked. Scopes: \[ User.Read \]"
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -95,9 +95,17 @@ Describe 'Connect-MgGraph In App Mode' {`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`}`
	`98`	`+`
`98`	`99`	`Describe 'Connect-MgGraph Dependency Resolution' {`
`99`	`100`	`It 'Should load Mg module side by side with Az module.' {`
`100`	`101`	`{ Connect-AzAccount -ApplicationId $RandomClientId -CertificateThumbprint "Invalid" -Tenant "Invalid" -ErrorAction Stop } \| Should -Throw -ExpectedMessage "Could not find tenant id"`
`101`	`102`	`{ Connect-MgGraph -TenantId "thisdomaindoesnotexist.com" -ErrorAction Stop -UseDeviceAuthentication } \| Should -Throw -ExpectedMessage "AADSTS90002"`
`102`	`103`	`}`
	`104`	`+}`
	`105`	`+`
	`106`	`+Describe 'Connect-MgGraph Logging' {`
	`107`	`+ It 'Should write MSAL logs to debug stream.' {`
	`108`	`+ $MgDebugStream = $(Connect-MgGraph -TenantId "thisdomaindoesnotexist.com" -UseDeviceAuthentication -Debug -ErrorAction SilentlyContinue) 5>&1`
	`109`	`+ $MgDebugStream[0] \| Should -Match "DeviceCodeCredential.Authenticate invoked. Scopes: \[ User.Read \]"`
	`110`	`+ }`
`103`	`111`	`}`