alexbuckgit
diff --git a/‎msal-javascript-conceptual/angular/MIP-avoid-page-reloads.md
Lines changed: 142 additions & 0 deletions b/‎msal-javascript-conceptual/angular/MIP-avoid-page-reloads.md
Lines changed: 142 additions & 0 deletions
diff --git a/‎msal-javascript-conceptual/browser/MIP-errors.md
Lines changed: 153 additions & 0 deletions b/‎msal-javascript-conceptual/browser/MIP-errors.md
Lines changed: 153 additions & 0 deletions
diff --git a/‎msal-javascript-conceptual/browser/MIP-logging.md
Lines changed: 78 additions & 0 deletions b/‎msal-javascript-conceptual/browser/MIP-logging.md
Lines changed: 78 additions & 0 deletions
@@ -0,0 +1,142 @@
+---
+title: Avoid page reloads (MSAL.js)
+description: Learn how to avoid page reloads when acquiring and renewing tokens silently using the Microsoft Authentication Library for JavaScript (MSAL.js).
+author: OwenRichards1
+manager: CelesteDG
+ms.author: owenrichards
+ms.custom: devx-track-js
+ms.date: 05/29/2019
+ms.reviewer: saeeda
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: how-to
+#Customer intent: As an application developer, I want to learn about avoiding page reloads so I can create more robust applications.
+---
+
+# Avoid page reloads when acquiring and renewing tokens silently using MSAL.js
+The Microsoft Authentication Library for JavaScript (MSAL.js) uses hidden `iframe` elements to acquire and renew tokens silently in the background. Microsoft Entra ID returns the token back to the registered `redirect_uri` specified in the token request(by default this is the app's root page). Since the response is a 302, it results in the HTML corresponding to the `redirect_uri` getting loaded in the `iframe`. Usually the app's `redirect_uri` is the root page and this causes it to reload.
+
+In other cases, if navigating to the app's root page requires authentication, it might lead to nested `iframe` elements or `X-Frame-Options: deny` error.
+
+Since MSAL.js cannot dismiss the 302 issued by Microsoft Entra ID and is required to process the returned token, it cannot prevent the `redirect_uri` from getting loaded in the `iframe`.
+
+To avoid the entire app reloading again or other errors caused due to this, please follow these workarounds.
+
+## Specify different HTML for the iframe
+
+Set the `redirect_uri` property on config to a simple page, that does not require authentication. You have to make sure that it matches with the `redirect_uri` registered in Microsoft Entra admin center. This will not affect user's login experience as MSAL saves the start page when user begins the login process and redirects back to the exact ___location after login is completed.
+
+## Initialization in your main app file
+
+If your app is structured such that there is one central JavaScript file that defines the app's initialization, routing, and other stuff, you can conditionally load your app modules based on whether the app is loading in an `iframe` or not. For example:
+
+In AngularJS: app.js
+
+```javascript
+// Check that the window is an iframe and not popup
+if (window !== window.parent && !window.opener) {
+angular.module('todoApp', ['ui.router', 'MsalAngular'])
+    .config(['$httpProvider', 'msalAuthenticationServiceProvider','$locationProvider', function ($httpProvider, msalProvider,$locationProvider) {
+        msalProvider.init(
+            // msal configuration
+        );
+
+        $locationProvider.html5Mode(false).hashPrefix('');
+    }]);
+}
+else {
+    angular.module('todoApp', ['ui.router', 'MsalAngular'])
+        .config(['$stateProvider', '$httpProvider', 'msalAuthenticationServiceProvider', '$locationProvider', function ($stateProvider, $httpProvider, msalProvider, $locationProvider) {
+            $stateProvider.state("Home", {
+                url: '/Home',
+                controller: "homeCtrl",
+                templateUrl: "/App/Views/Home.html",
+            }).state("TodoList", {
+                url: '/TodoList',
+                controller: "todoListCtrl",
+                templateUrl: "/App/Views/TodoList.html",
+                requireLogin: true
+            })
+
+            $locationProvider.html5Mode(false).hashPrefix('');
+
+            msalProvider.init(
+                // msal configuration
+            );
+        }]);
+}
+```
+
+In Angular: app.module.ts
+
+```javascript
+// Imports...
+@NgModule({
+  declarations: [
+    AppComponent,
+    MsalComponent,
+    MainMenuComponent,
+    AccountMenuComponent,
+    OsNavComponent
+  ],
+  imports: [
+    BrowserModule,
+    AppRoutingModule,
+    HttpClientModule,
+    ServiceWorkerModule.register('ngsw-worker.js', { enabled: environment.production }),
+    MsalModule.forRoot(environment.MsalConfig),
+    SuiModule,
+    PagesModule
+  ],
+  providers: [
+    HttpServiceHelper,
+    {provide: HTTP_INTERCEPTORS, useClass: MsalInterceptor, multi: true},
+    AuthService
+  ],
+  entryComponents: [
+    AppComponent,
+    MsalComponent
+  ]
+})
+export class AppModule {
+  constructor() {
+    console.log('APP Module Constructor!');
+  }
+
+  ngDoBootstrap(ref: ApplicationRef) {
+    if (window !== window.parent && !window.opener)
+    {
+      console.log("Bootstrap: MSAL");
+      ref.bootstrap(MsalComponent);
+    }
+    else
+    {
+    //this.router.resetConfig(RouterModule);
+      console.log("Bootstrap: App");
+      ref.bootstrap(AppComponent);
+    }
+  }
+}
+```
+
+MsalComponent:
+
+```javascript
+import { Component} from '@angular/core';
+import { MsalService } from '@azure/msal-angular';
+
+// This component is used only to avoid Angular reload
+// when doing acquireTokenSilent()
+
+@Component({
+  selector: 'app-root',
+  template: '',
+})
+export class MsalComponent {
+  constructor(private Msal: MsalService) {
+  }
+}
+```
+
+## Next steps
+Learn more about [building a single-page application (SPA)](scenario-spa-overview.md) using MSAL.js.
@@ -0,0 +1,153 @@
+---
+title: Handle errors and exceptions in MSAL.js
+description: Learn how to handle errors and exceptions, Conditional Access claims challenges, and retries in MSAL.js applications.
+author: Dickson-Mwendia
+manager: CelesteDG
+ms.author: dmwendia
+ms.custom: devx-track-js
+ms.date: 11/26/2020
+ms.reviewer: saeeda, hahamil
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: conceptual
+#Customer intent:
+---
+# Handle errors and exceptions in MSAL.js
+
+[!INCLUDE [Active directory error handling introduction](./includes/error-handling-and-tips/error-handling-introduction.md)]
+
+## Error handling in MSAL.js
+
+MSAL.js provides error objects that abstract and classify the different types of common errors. It also provides an interface to access specific details of the errors such as error messages to handle them appropriately.
+
+### Error object
+
+```javascript
+export class AuthError extends Error {
+    // This is a short code describing the error
+    errorCode: string;
+    // This is a descriptive string of the error,
+    // and may also contain the mitigation strategy
+    errorMessage: string;
+    // Name of the error class
+    this.name = "AuthError";
+}
+```
+
+By extending the error class, you have access to the following properties:
+- `AuthError.message`:  Same as the `errorMessage`.
+- `AuthError.stack`: Stack trace for thrown errors.
+
+### Error types
+
+The following error types are available:
+
+- `AuthError`: Base error class for the MSAL.js library, also used for unexpected errors.
+
+- `ClientAuthError`: Error class which denotes an issue with Client authentication. Most errors that come from the library are ClientAuthErrors. These errors result from things like calling a login method when login is already in progress, the user cancels the login, and so on.
+
+- `ClientConfigurationError`: Error class, extends `ClientAuthError` thrown before requests are made when the given user config parameters are malformed or missing.
+
+- `ServerError`: Error class, represents the error strings sent by the authentication server. These errors may be invalid request formats or parameters, or any other errors that prevent the server from authenticating or authorizing the user.
+
+- `InteractionRequiredAuthError`: Error class, extends `ServerError` to represent server errors, which require an interactive call. This error is thrown by `acquireTokenSilent` if the user is required to interact with the server to provide credentials or consent for authentication/authorization. Error codes include `"interaction_required"`, `"login_required"`, and `"consent_required"`.
+
+For error handling in authentication flows with redirect methods (`loginRedirect`, `acquireTokenRedirect`), you'll need to handle the redirect promise, which is called with success or failure after the redirect using the `handleRedirectPromise()` method as follows:
+
+```javascript
+const msal = require('@azure/msal-browser');
+const myMSALObj = new msal.PublicClientApplication(msalConfig);
+
+// Register Callbacks for redirect flow
+myMSALObj.handleRedirectPromise()
+    .then(function (response) {
+        //success response
+    })
+    .catch((error) => {
+        console.log(error);
+    })
+myMSALObj.acquireTokenRedirect(request);
+```
+
+The methods for pop-up experience (`loginPopup`, `acquireTokenPopup`) return promises, so you can use the promise pattern (`.then` and `.catch`) to handle them as shown:
+
+```javascript
+myMSALObj.acquireTokenPopup(request).then(
+    function (response) {
+        // success response
+    }).catch(function (error) {
+        console.log(error);
+    });
+```
+
+### Errors that require interaction
+
+An error is returned when you attempt to use a non-interactive method of acquiring a token such as `acquireTokenSilent`, but MSAL couldn't do it silently.
+
+Possible reasons are:
+
+- you need to sign in
+- you need to consent
+- you need to go through a multi-factor authentication experience.
+
+The remediation is to call an interactive method such as `acquireTokenPopup` or `acquireTokenRedirect`:
+
+```javascript
+// Request for Access Token
+myMSALObj.acquireTokenSilent(request).then(function (response) {
+    // call API
+}).catch( function (error) {
+    // call acquireTokenPopup in case of acquireTokenSilent failure
+    // due to interaction required
+    if (error instanceof InteractionRequiredAuthError) {
+        myMSALObj.acquireTokenPopup(request).then(
+            function (response) {
+                // call API
+            }).catch(function (error) {
+                console.log(error);
+            });
+    }
+});
+```
+
+[!INCLUDE [Active directory error handling claims challenges](./includes/error-handling-and-tips/error-handling-claims-challenges.md)]
+
+When getting tokens silently (using `acquireTokenSilent`) using MSAL.js, your application may receive errors when a [Conditional Access claims challenge](v2-conditional-access-dev-guide.md) such as MFA policy is required by an API you're trying to access.
+
+The pattern to handle this error is to make an interactive call to acquire token in MSAL.js such as `acquireTokenPopup` or `acquireTokenRedirect` as in the following example:
+
+```javascript
+myMSALObj.acquireTokenSilent(accessTokenRequest).then(function(accessTokenResponse) {
+    // call API
+}).catch(function(error) {
+    if (error instanceof InteractionRequiredAuthError) {
+    
+        // extract, if exists, claims from the error object
+        if (error.claims) {
+            accessTokenRequest.claims = error.claims,
+        
+        // call acquireTokenPopup in case of InteractionRequiredAuthError failure
+        myMSALObj.acquireTokenPopup(accessTokenRequest).then(function(accessTokenResponse) {
+            // call API
+        }).catch(function(error) {
+            console.log(error);
+        });
+    }
+});
+```
+
+Interactively acquiring the token prompts the user and gives them the opportunity to satisfy the required Conditional Access policy.
+
+When calling an API requiring Conditional Access, you can receive a claims challenge in the error from the API. In this case, you can pass the claims returned in the error to the `claims` parameter in the [access token request object](msal-js-pass-custom-state-authentication-request.md) to satisfy the appropriate policy. 
+
+See [How to use Continuous Access Evaluation enabled APIs in your applications](./app-resilience-continuous-access-evaluation.md) for more detail.
+
+### Using other frameworks
+
+Using toolkits like Tauri for registered single page applications (SPAs) with the identity platform are not recognized for production apps. SPAs only support URLs that start with `https` for production apps and `http://localhost` for local development. Prefixes like `tauri://localhost` cannot be used for browser apps. This format can only be supported for mobile or web apps as they have a confidential component unlike browser apps.
+
+[!INCLUDE [Active directory error handling retries](./includes/error-handling-and-tips/error-handling-retries.md)]
+
+## Next steps
+
+Consider enabling [Logging in MSAL.js](msal-logging-js.md) to help you diagnose and debug issues
@@ -0,0 +1,78 @@
+---
+title: Logging errors and exceptions in MSAL.js
+description: Learn how to log errors and exceptions in MSAL.js
+author: Dickson-Mwendia
+manager: CelesteDG
+ms.author: dmwendia
+ms.custom: devx-track-js
+ms.date: 12/21/2021
+ms.reviewer: saeeda, jmprieur
+ms.service: active-directory
+ms.subservice: develop
+ms.topic: conceptual
+#Customer intent:
+---
+# Logging in MSAL.js
+
+[!INCLUDE [MSAL logging introduction](./includes/error-handling-and-tips/error-logging-introduction.md)]
+
+## Configure logging in MSAL.js
+
+Enable logging in MSAL.js (JavaScript) by passing a loggerOptions object during the configuration for creating a `PublicClientApplication` instance. The only required config parameter is the client ID of the application. Everything else is optional, but may be required depending on your tenant and application model.
+
+The loggerOptions object has the following properties:
+
+- `loggerCallback`: a Callback function that can be provided by the developer to handle the logging of MSAL statements in a custom manner. Implement the `loggerCallback` function depending on how you want to redirect logs. The loggerCallback function has the following format ` (level: LogLevel, message: string, containsPii: boolean): void`
+     - The supported log levels are: `Error`, `Warning`, `Info`, and `Verbose`. The default is `Info`.
+- `piiLoggingEnabled` (optional): if set to true, logs personal and organizational data. By default this is false so that your application doesn't log personal data. Personal data logs are never written to default outputs like Console, Logcat, or NSLog.
+
+```javascript
+import msal from "@azure/msal-browser"
+
+const msalConfig = {
+    auth: {
+        clientId: "enter_client_id_here",
+        authority: "https://login.microsoftonline.com/common",
+        knownAuthorities: [],
+        cloudDiscoveryMetadata: "",
+        redirectUri: "enter_redirect_uri_here",
+        postLogoutRedirectUri: "enter_postlogout_uri_here",
+        navigateToLoginRequestUrl: true,
+        clientCapabilities: ["CP1"]
+    },
+    cache: {
+        cacheLocation: "sessionStorage",
+        storeAuthStateInCookie: false,
+        secureCookies: false
+    },
+    system: {
+        loggerOptions: {
+            logLevel: msal.LogLevel.Verbose,
+            loggerCallback: (level, message, containsPii) => {
+                if (containsPii) {
+                    return;
+                }
+                switch (level) {
+                    case msal.LogLevel.Error:
+                        console.error(message);
+                        return;
+                    case msal.LogLevel.Info:
+                        console.info(message);
+                        return;
+                    case msal.LogLevel.Verbose:
+                        console.debug(message);
+                        return;
+                    case msal.LogLevel.Warning:
+                        console.warn(message);
+                        return;
+                }
+            },
+            piiLoggingEnabled: false
+        },
+    },
+};
+```
+
+## Next steps
+
+For more code samples, refer to [Microsoft identity platform code samples](sample-v2-code.md).