Skip to content

Add support for custom claims and password change required error #7948

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jul 30, 2025
Merged

Add support for custom claims and password change required error #7948

merged 7 commits into from
Jul 30, 2025

Conversation

yongdiw
Copy link
Contributor

@yongdiw yongdiw commented Jul 28, 2025

This pull request introduces support for custom claims in various authentication flows within the msal-browser library. The most significant changes include adding a claims field to multiple input types, ensuring claims are valid JSON strings, and propagating the claims field through the authentication process.

Support for custom claims:

  • Added a claims field to several input types (SignInInputs, ResetPasswordInputs, AccessTokenRetrievalInputs, and others) to allow custom claims during authentication.

Validation enhancements:

  • Introduced a new utility function, ensureArgumentIsJSONString, to validate that the claims field is a properly formatted JSON string. This function is used in multiple places to ensure input integrity.

Integration into authentication flows:

  • Updated the CustomAuthStandardController and related classes to handle the claims field during sign-in and token retrieval processes.
  • Modified API request types and parameters to include the claims field, ensuring it is passed to the backend during token requests.

Error handling improvements:

  • Added methods to detect specific errors, such as password reset requirements, during authentication flows.

Unit testing:

  • Enhanced the ArgumentValidator unit tests to cover the new ensureArgumentIsJSONString function.

@Copilot Copilot AI review requested due to automatic review settings July 28, 2025 11:43
@github-actions github-actions bot added the msal-browser Related to msal-browser package label Jul 28, 2025
Copilot
Copilot AI reviewed Jul 28, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request adds comprehensive support for custom claims in authentication flows within the msal-browser library and enhances error handling for password reset requirements. The implementation ensures claims are properly validated as JSON objects and propagated through various authentication processes.

Key Changes:

  • Added claims field support across multiple input types and authentication flows (sign-in, access token retrieval, continuation token flows)
  • Implemented ensureArgumentIsJSONString utility function to validate claims as properly formatted JSON objects
  • Enhanced error handling to detect password reset required scenarios (error code 50142)

Reviewed Changes

Copilot reviewed 22 out of 22 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
ArgumentValidator.ts Added new ensureArgumentIsJSONString function for JSON validation
ArgumentValidator.spec.ts Comprehensive unit tests for the new JSON validation function
CustomAuthActionInputs.ts Added optional claims field to input type definitions
SignInParams.ts Added claims field to SignIn parameter interfaces
SignInClient.ts Updated token request methods to include claims parameter
SignInStateParameters.ts Added claims field to state parameter interfaces
SignInPasswordRequiredState.ts Propagated claims through password submission flow
SignInContinuationState.ts Added claims validation and propagation for continuation token flow
SignInCodeRequiredState.ts Propagated claims through code submission flow
SignInError.ts Added isPasswordResetRequired method for error detection
CustomAuthAccountData.ts Enhanced access token retrieval to support claims parameter
AuthFlowErrorBase.ts Added password reset error detection logic
CustomAuthStandardController.ts Updated sign-in flow to validate and propagate claims
ApiRequestTypes.ts Added claims field to API request type definitions
SignInApiClient.ts Updated API client methods to include claims in requests
Multiple test files Added test coverage for claims functionality and cache cleanup

konstantin-msft
konstantin-msft previously approved these changes Jul 28, 2025
View reviewed changes
sameerag
sameerag previously approved these changes Jul 28, 2025
View reviewed changes
Copy link
Member

@sameerag sameerag left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit comments

@yongdiw yongdiw dismissed stale reviews from sameerag and konstantin-msft via dd45182 July 28, 2025 17:39
@yongdiw yongdiw merged commit 2ffb0a2 into dev Jul 30, 2025
7 checks passed
@yongdiw yongdiw deleted the yongdi/custom-claims-code branch July 30, 2025 08:33
yongdiw added a commit that referenced this pull request Jul 30, 2025
@yongdiw
Add support for custom claims and password change required error (#7948)
43da039 
This pull request introduces support for custom claims in various
authentication flows within the `msal-browser` library. The most
significant changes include adding a `claims` field to multiple input
types, ensuring claims are valid JSON strings, and propagating the
`claims` field through the authentication process.

### Support for custom claims:

* Added a `claims` field to several input types (`SignInInputs`,
`ResetPasswordInputs`, `AccessTokenRetrievalInputs`, and others) to
allow custom claims during authentication.

### Validation enhancements:

* Introduced a new utility function, `ensureArgumentIsJSONString`, to
validate that the `claims` field is a properly formatted JSON string.
This function is used in multiple places to ensure input integrity.

### Integration into authentication flows:

* Updated the `CustomAuthStandardController` and related classes to
handle the `claims` field during sign-in and token retrieval processes.
* Modified API request types and parameters to include the `claims`
field, ensuring it is passed to the backend during token requests.
### Error handling improvements:

* Added methods to detect specific errors, such as password reset
requirements, during authentication flows.

### Unit testing:

* Enhanced the `ArgumentValidator` unit tests to cover the new
`ensureArgumentIsJSONString` function.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@sameerag sameerag sameerag approved these changes

@konstantin-msft konstantin-msft konstantin-msft approved these changes

@tnorling tnorling Awaiting requested review from tnorling tnorling is a code owner

@hectormmg hectormmg Awaiting requested review from hectormmg hectormmg is a code owner

@jo-arroyo jo-arroyo Awaiting requested review from jo-arroyo jo-arroyo is a code owner

@peterzenz peterzenz Awaiting requested review from peterzenz peterzenz is a code owner

@lalimasharda lalimasharda Awaiting requested review from lalimasharda lalimasharda is a code owner

@shylasummers shylasummers Awaiting requested review from shylasummers shylasummers is a code owner

@bgavrilMS bgavrilMS Awaiting requested review from bgavrilMS

@Robbie-Microsoft Robbie-Microsoft Awaiting requested review from Robbie-Microsoft

Assignees
No one assigned
Labels
msal-browser Related to msal-browser package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yongdiw @sameerag @konstantin-msft