Instrument functions that drop multiple matched tokens (#6647)

- Instrument functions that drop multiple matched tokens.

change/@azure-msal-common-b38740aa-6b13-44e0-ade3-e2a48f051efb.json

@@ -0,0 +1,7 @@
+{
+  "type": "minor",
+  "comment": "Instrument functions that drop multiple matched tokens #6647",
+  "packageName": "@azure/msal-common",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

lib/msal-common/src/cache/CacheManager.ts

@@ -46,6 +46,7 @@ import { StoreInCache } from "../request/StoreInCache";
 import { getAliasesFromStaticSources } from "../authority/AuthorityMetadata";
 import { StaticAuthorityOptions } from "../authority/AuthorityOptions";
 import { TokenClaims } from "../account/TokenClaims";
+import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient";
 
 /**
  * Interface class which implement cache storage functions used by MSAL to perform validity checks, and store tokens.
@@ -876,29 +877,40 @@ export abstract class CacheManager implements ICacheManager {
 
     /**
      * Retrieve the cached credentials into a cacherecord
-     * @param account
-     * @param clientId
-     * @param scopes
-     * @param environment
-     * @param authScheme
+     * @param account {AccountInfo}
+     * @param request {BaseAuthRequest}
+     * @param environment {string}
+     * @param performanceClient {?IPerformanceClient}
+     * @param correlationId {?string}
      */
     readCacheRecord(
         account: AccountInfo,
         request: BaseAuthRequest,
-        environment: string
+        environment: string,
+        performanceClient?: IPerformanceClient,
+        correlationId?: string
     ): CacheRecord {
         const tokenKeys = this.getTokenKeys();
         const cachedAccount = this.readAccountFromCache(account);
-        const cachedIdToken = this.getIdToken(account, tokenKeys);
+        const cachedIdToken = this.getIdToken(
+            account,
+            tokenKeys,
+            performanceClient,
+            correlationId
+        );
         const cachedAccessToken = this.getAccessToken(
             account,
             request,
-            tokenKeys
+            tokenKeys,
+            performanceClient,
+            correlationId
         );
         const cachedRefreshToken = this.getRefreshToken(
             account,
             false,
-            tokenKeys
+            tokenKeys,
+            performanceClient,
+            correlationId
         );
         const cachedAppMetadata = this.readAppMetadataFromCache(environment);
 
@@ -930,13 +942,16 @@ export abstract class CacheManager implements ICacheManager {
 
     /**
      * Retrieve IdTokenEntity from cache
-     * @param clientId
-     * @param account
-     * @param inputRealm
+     * @param account {AccountInfo}
+     * @param tokenKeys {?TokenKeys}
+     * @param performanceClient {?IPerformanceClient}
+     * @param correlationId {?string}
      */
     getIdToken(
         account: AccountInfo,
-        tokenKeys?: TokenKeys
+        tokenKeys?: TokenKeys,
+        performanceClient?: IPerformanceClient,
+        correlationId?: string
     ): IdTokenEntity | null {
         this.commonLogger.trace("CacheManager - getIdToken called");
         const idTokenFilter: CredentialFilter = {
@@ -963,6 +978,12 @@ export abstract class CacheManager implements ICacheManager {
             idTokens.forEach((idToken) => {
                 this.removeIdToken(generateCredentialKey(idToken));
             });
+            if (performanceClient && correlationId) {
+                performanceClient.addFields(
+                    { multiMatchedID: idTokens.length },
+                    correlationId
+                );
+            }
             return null;
         }
 
@@ -1047,15 +1068,18 @@ export abstract class CacheManager implements ICacheManager {
 
     /**
      * Retrieve AccessTokenEntity from cache
-     * @param clientId
-     * @param account
-     * @param scopes
-     * @param authScheme
+     * @param account {AccountInfo}
+     * @param request {BaseAuthRequest}
+     * @param tokenKeys {?TokenKeys}
+     * @param performanceClient {?IPerformanceClient}
+     * @param correlationId {?string}
      */
     getAccessToken(
         account: AccountInfo,
         request: BaseAuthRequest,
-        tokenKeys?: TokenKeys
+        tokenKeys?: TokenKeys,
+        performanceClient?: IPerformanceClient,
+        correlationId?: string
     ): AccessTokenEntity | null {
         this.commonLogger.trace("CacheManager - getAccessToken called");
         const scopes = ScopeSet.createSearchScopes(request.scopes);
@@ -1119,6 +1143,12 @@ export abstract class CacheManager implements ICacheManager {
             accessTokens.forEach((accessToken) => {
                 void this.removeAccessToken(generateCredentialKey(accessToken));
             });
+            if (performanceClient && correlationId) {
+                performanceClient.addFields(
+                    { multiMatchedAT: accessTokens.length },
+                    correlationId
+                );
+            }
             return null;
         }
 
@@ -1216,14 +1246,18 @@ export abstract class CacheManager implements ICacheManager {
 
     /**
      * Helper to retrieve the appropriate refresh token from cache
-     * @param clientId
-     * @param account
-     * @param familyRT
+     * @param account {AccountInfo}
+     * @param familyRT {boolean}
+     * @param tokenKeys {?TokenKeys}
+     * @param performanceClient {?IPerformanceClient}
+     * @param correlationId {?string}
      */
     getRefreshToken(
         account: AccountInfo,
         familyRT: boolean,
-        tokenKeys?: TokenKeys
+        tokenKeys?: TokenKeys,
+        performanceClient?: IPerformanceClient,
+        correlationId?: string
     ): RefreshTokenEntity | null {
         this.commonLogger.trace("CacheManager - getRefreshToken called");
         const id = familyRT ? THE_FAMILY_ID : undefined;
@@ -1266,6 +1300,13 @@ export abstract class CacheManager implements ICacheManager {
         }
         // address the else case after remove functions address environment aliases
 
+        if (numRefreshTokens > 1 && performanceClient && correlationId) {
+            performanceClient.addFields(
+                { multiMatchedRT: numRefreshTokens },
+                correlationId
+            );
+        }
+
         this.commonLogger.info(
             "CacheManager:getRefreshToken - returning refresh token"
         );

lib/msal-common/src/client/RefreshTokenClient.ts

@@ -202,7 +202,13 @@ export class RefreshTokenClient extends BaseClient {
             this.logger,
             this.performanceClient,
             request.correlationId
-        )(request.account, foci);
+        )(
+            request.account,
+            foci,
+            undefined,
+            this.performanceClient,
+            request.correlationId
+        );
 
         if (!refreshToken) {
             throw createInteractionRequiredAuthError(

lib/msal-common/src/client/SilentFlowClient.ts

@@ -124,7 +124,9 @@ export class SilentFlowClient extends BaseClient {
         const cacheRecord = this.cacheManager.readCacheRecord(
             request.account,
             request,
-            environment
+            environment,
+            this.performanceClient,
+            request.correlationId
         );
 
         if (!cacheRecord.accessToken) {

lib/msal-common/src/telemetry/performance/PerformanceEvent.ts

@@ -558,6 +558,13 @@ export type PerformanceEvent = {
      * Nested App Auth Fields
      */
     nestedAppAuthRequest?: boolean;
+
+    /**
+     * Multiple matched access/id/refresh tokens in the cache
+     */
+    multiMatchedAT?: number;
+    multiMatchedID?: number;
+    multiMatchedRT?: number;
 };
 
 export const IntFields: ReadonlySet<string> = new Set([
@@ -570,4 +577,7 @@ export const IntFields: ReadonlySet<string> = new Set([
     "queuedTimeMs",
     "startTimeMs",
     "status",
+    "multiMatchedAT",
+    "multiMatchedID",
+    "multiMatchedRT",
 ]);