Fix hardcoded metadata fetching for tenanted authorities (#6622)

This PR: - Updates hardcoded Cloud Discovery Metadata to the correct value from the network response - Returns a cached account without ID token claims if the matching ID token cannot be found - Adds end-to-end tests for AAD tenanted authorities - Fixes #6608 and #6602
AzureAD · Oct 30, 2023 · c93777e · c93777e
1 parent ec68b28
commit c93777e
Show file tree

Hide file tree

Showing 12 changed files with 767 additions and 528 deletions.
diff --git a/change/@azure-msal-common-781f4bee-0546-4407-a682-b7b453e07706.json b/change/@azure-msal-common-781f4bee-0546-4407-a682-b7b453e07706.json
@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Fix hardcoded metadata fetching for tenanted authorities #6622",
+  "packageName": "@azure/msal-common",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}
diff --git a/lib/msal-browser/test/app/PublicClientApplication.spec.ts b/lib/msal-browser/test/app/PublicClientApplication.spec.ts
@@ -5202,7 +5202,6 @@ describe("PublicClientApplication.ts Class Unit Tests", () => {
 
         testAccount3.clientInfo =
             TEST_DATA_CLIENT_INFO.TEST_CLIENT_INFO_B64ENCODED;
-        testAccount3.idTokenClaims = testAccountInfo3.idTokenClaims;
 
         const idToken3: IdTokenEntity = {
             realm: testAccountInfo3.tenantId,
@@ -5238,7 +5237,6 @@ describe("PublicClientApplication.ts Class Unit Tests", () => {
 
         testAccount4.clientInfo =
             TEST_DATA_CLIENT_INFO.TEST_CLIENT_INFO_B64ENCODED;
-        testAccount4.idTokenClaims = testAccountInfo4.idTokenClaims;
 
         const idToken4: IdTokenEntity = {
             realm: testAccountInfo4.tenantId,

diff --git a/lib/msal-common/src/authority/Authority.ts b/lib/msal-common/src/authority/Authority.ts
@@ -855,7 +855,7 @@ export class Authority {
         } else {
             const hardcodedMetadata =
                 getCloudDiscoveryMetadataFromHardcodedValues(
-                    this.canonicalAuthority
+                    this.hostnameAndPort
                 );
             if (hardcodedMetadata) {
                 this.logger.verbose(
@@ -1264,13 +1264,11 @@ export function buildStaticAuthorityOptions(
     authOptions: Partial<AuthorityOptions>
 ): StaticAuthorityOptions {
     const rawCloudDiscoveryMetadata = authOptions.cloudDiscoveryMetadata;
-    let cloudDiscoveryMetadata: CloudDiscoveryMetadata[] | undefined =
+    let cloudDiscoveryMetadata: CloudInstanceDiscoveryResponse | undefined =
         undefined;
     if (rawCloudDiscoveryMetadata) {
         try {
-            cloudDiscoveryMetadata = JSON.parse(
-                rawCloudDiscoveryMetadata
-            ).metadata;
+            cloudDiscoveryMetadata = JSON.parse(rawCloudDiscoveryMetadata);
         } catch (e) {
             throw createClientConfigurationError(
                 ClientConfigurationErrorCodes.invalidCloudDiscoveryMetadata