@equinor/fusion-framework-module-msal 7.2.1 → 7.3.0

package/dist/types/MsalConfigurator.d.ts

@@ -76,7 +76,7 @@ export declare class MsalConfigurator extends BaseConfigBuilder<MsalConfig> {
      * This follows Microsoft's standard SPA Auth Code Flow pattern and is compatible with
      * MSAL Browser's acquireTokenByCode() method.
      *
-     * @param authCode - The authorization code issued by the backend
+     * @param authCode - The authorization code issued by the backend, or undefined to clear/reset it
      * @returns The configurator instance for method chaining
      *
      * @example
@@ -84,15 +84,19 @@ export declare class MsalConfigurator extends BaseConfigBuilder<MsalConfig> {
      * // Backend provides auth code in HTML/config
      * const config = { auth: { code: getAuthCodeFromBackend() } };
      * configurator.setAuthCode(config.auth.code);
+     *
+     * // Clear previously configured auth code
+     * configurator.setAuthCode(undefined);
      * ```
      *
      * @remarks
      * - Auth codes are single-use and short-lived (typically 5-10 minutes)
      * - The exchange happens during module initialization before requiresAuth check
      * - If exchange fails, the provider falls back to standard MSAL authentication flows
+     * - Passing undefined, empty, or whitespace-only values clears the configured auth code
      * - Requires backend to be configured with SPA Auth Code support
      */
-    setAuthCode(authCode: string): this;
+    setAuthCode(authCode?: string): this;
     /**
      * Sets whether authentication is required for the application.
      *

package/dist/types/__tests__/MsalConfigurator.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/types/__tests__/MsalProvider.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/types/module.d.ts

@@ -1,7 +1,6 @@
-import { type Module, type IModulesConfigurator } from '@equinor/fusion-framework-module';
+import { type Module, type IModulesConfigurator, type ModuleConfigType } from '@equinor/fusion-framework-module';
 import { MsalConfigurator } from './MsalConfigurator';
 import { type IMsalProvider } from './MsalProvider';
-import type { MsalClientConfig } from './MsalClient';
 /**
  * MSAL authentication module configuration.
  *
@@ -28,23 +27,7 @@ export declare const module: MsalModule;
  * This function receives a builder object with methods to configure the MSAL client
  * and authentication requirements.
  */
-export type AuthConfigFn = (builder: {
-    /**
-     * Set MSAL client configuration
-     * @param config - Client configuration with tenant ID, client ID, etc.
-     */
-    setClientConfig: (config: MsalClientConfig) => void;
-    /**
-     * Set whether authentication is required for the application
-     * @param requiresAuth - If true, app will attempt automatic login on initialization
-     */
-    setRequiresAuth: (requiresAuth: boolean) => void;
-    /**
-     * Set a default login hint used for silent SSO and pre-filled usernames
-     * @param loginHint - Preferred username/email to use for login hint
-     */
-    setLoginHint: (loginHint: string) => void;
-}) => void;
+export type AuthConfigFn<TRef = unknown> = (configurator: ModuleConfigType<MsalModule>, ref?: TRef) => void;
 /**
  * Enables MSAL authentication module in the framework.
  *
@@ -81,7 +64,7 @@ export declare const enableMSAL: (configurator: IModulesConfigurator<any, any>,
  */
 export declare const configureMsal: (configure: AuthConfigFn) => {
     module: MsalModule;
-    configure: AuthConfigFn;
+    configure: AuthConfigFn<unknown>;
 };
 declare module '@equinor/fusion-framework-module' {
     interface Modules {

package/dist/types/version.d.ts

@@ -1 +1 @@
-export declare const version = "7.2.1";
+export declare const version = "7.3.0";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@equinor/fusion-framework-module-msal",
-  "version": "7.2.1",
+  "version": "7.3.0",
   "description": "Microsoft Authentication Library (MSAL) integration module for Fusion Framework",
   "main": "dist/esm/index.js",
   "types": "dist/types/index.d.ts",
@@ -58,8 +58,8 @@
     "semver": "^7.5.4",
     "typescript": "^5.8.2",
     "zod": "^4.1.8",
-    "@equinor/fusion-framework-module-telemetry": "^4.6.3",
-    "@equinor/fusion-framework-module": "^5.0.5"
+    "@equinor/fusion-framework-module": "^5.0.5",
+    "@equinor/fusion-framework-module-telemetry": "^4.6.3"
   },
   "peerDependenciesMeta": {
     "@equinor/fusion-framework-module-telemetry": {

package/src/MsalConfigurator.ts

@@ -136,7 +136,7 @@ export class MsalConfigurator extends BaseConfigBuilder<MsalConfig> {
    * This follows Microsoft's standard SPA Auth Code Flow pattern and is compatible with
    * MSAL Browser's acquireTokenByCode() method.
    *
-   * @param authCode - The authorization code issued by the backend
+   * @param authCode - The authorization code issued by the backend, or undefined to clear/reset it
    * @returns The configurator instance for method chaining
    *
    * @example
@@ -144,16 +144,21 @@ export class MsalConfigurator extends BaseConfigBuilder<MsalConfig> {
    * // Backend provides auth code in HTML/config
    * const config = { auth: { code: getAuthCodeFromBackend() } };
    * configurator.setAuthCode(config.auth.code);
+   *
+   * // Clear previously configured auth code
+   * configurator.setAuthCode(undefined);
    * ```
    *
    * @remarks
    * - Auth codes are single-use and short-lived (typically 5-10 minutes)
    * - The exchange happens during module initialization before requiresAuth check
    * - If exchange fails, the provider falls back to standard MSAL authentication flows
+   * - Passing undefined, empty, or whitespace-only values clears the configured auth code
    * - Requires backend to be configured with SPA Auth Code support
    */
-  setAuthCode(authCode: string): this {
-    this._set('authCode', async () => authCode);
+  setAuthCode(authCode?: string): this {
+    const normalizedAuthCode = authCode?.trim() || undefined;
+    this._set('authCode', async () => normalizedAuthCode);
     return this;
   }
 

package/src/MsalProvider.ts

@@ -142,7 +142,7 @@ export class MsalProvider extends BaseModuleProvider<MsalConfig> implements IMsa
 
     // Extract auth code from config if present
     // This will be used during initialize to exchange for tokens
-    this.#authCode = config.authCode;
+    this.#authCode = config.authCode?.trim() || undefined;
 
     // Validate required client configuration
     if (!config.client) {

package/src/__tests__/MsalConfigurator.test.ts

@@ -0,0 +1,64 @@
+import type { ConfigBuilderCallbackArgs } from '@equinor/fusion-framework-module';
+import { describe, expect, it, vi } from 'vitest';
+import type { IMsalClient } from '../MsalClient.interface';
+import { type MsalConfig, MsalConfigurator } from '../MsalConfigurator';
+
+const createConfigCallbackArgs = (): ConfigBuilderCallbackArgs => ({
+  config: {},
+  hasModule: vi.fn().mockReturnValue(false),
+  requireInstance: vi.fn(),
+});
+
+const createClient = (): IMsalClient => ({}) as IMsalClient;
+
+const createInitialConfig = (): Pick<MsalConfig, 'telemetry'> => ({
+  telemetry: {
+    metadata: {},
+    scope: [],
+  },
+});
+
+describe('MsalConfigurator', () => {
+  it('setAuthCode should normalize surrounding whitespace', async () => {
+    const configurator = new MsalConfigurator();
+
+    configurator.setClient(createClient());
+    configurator.setAuthCode('  auth-code  ');
+
+    const config = await configurator.createConfigAsync(
+      createConfigCallbackArgs(),
+      createInitialConfig(),
+    );
+
+    expect(config.authCode).toBe('auth-code');
+  });
+
+  it('setAuthCode should allow clearing with undefined', async () => {
+    const configurator = new MsalConfigurator();
+
+    configurator.setClient(createClient());
+    configurator.setAuthCode('auth-code');
+    configurator.setAuthCode(undefined);
+
+    const config = await configurator.createConfigAsync(
+      createConfigCallbackArgs(),
+      createInitialConfig(),
+    );
+
+    expect(config.authCode).toBeUndefined();
+  });
+
+  it('setAuthCode should treat whitespace-only values as undefined', async () => {
+    const configurator = new MsalConfigurator();
+
+    configurator.setClient(createClient());
+    configurator.setAuthCode('   ');
+
+    const config = await configurator.createConfigAsync(
+      createConfigCallbackArgs(),
+      createInitialConfig(),
+    );
+
+    expect(config.authCode).toBeUndefined();
+  });
+});

package/src/__tests__/MsalProvider.test.ts

@@ -0,0 +1,74 @@
+import { describe, expect, it, vi } from 'vitest';
+import type { IMsalClient } from '../MsalClient.interface';
+import type { MsalConfig } from '../MsalConfigurator';
+import { MsalProvider } from '../MsalProvider';
+import type { AuthenticationResult } from '../types';
+
+type MockMsalClient = {
+  client: IMsalClient;
+  acquireTokenByCode: ReturnType<typeof vi.fn>;
+  initialize: ReturnType<typeof vi.fn>;
+};
+
+const createClient = (): MockMsalClient => {
+  const initialize = vi.fn(async () => undefined);
+  const acquireTokenByCode = vi.fn(async () => ({}) as AuthenticationResult);
+
+  return {
+    client: {
+      clientId: 'test-client-id',
+      initialize,
+      acquireTokenByCode,
+      setActiveAccount: vi.fn(),
+    } as unknown as IMsalClient,
+    acquireTokenByCode,
+    initialize,
+  };
+};
+
+const createConfig = (client: IMsalClient, authCode?: string): MsalConfig => ({
+  client,
+  version: '7.0.0',
+  requiresAuth: false,
+  authCode,
+  telemetry: {
+    metadata: { module: 'msal', version: '7.0.0' },
+    scope: ['framework', 'authentication'],
+  },
+});
+
+describe('MsalProvider.initialize', () => {
+  it('should not attempt auth code exchange when auth code is undefined', async () => {
+    const mockClient = createClient();
+
+    const provider = new MsalProvider(createConfig(mockClient.client, undefined));
+    await provider.initialize();
+
+    expect(mockClient.initialize).toHaveBeenCalledTimes(1);
+    expect(mockClient.acquireTokenByCode).not.toHaveBeenCalled();
+  });
+
+  it('should not attempt auth code exchange when auth code is whitespace-only', async () => {
+    const mockClient = createClient();
+
+    const provider = new MsalProvider(createConfig(mockClient.client, '   '));
+    await provider.initialize();
+
+    expect(mockClient.acquireTokenByCode).not.toHaveBeenCalled();
+  });
+
+  it('should exchange auth code once and clear it afterwards', async () => {
+    const mockClient = createClient();
+
+    const provider = new MsalProvider(createConfig(mockClient.client, 'auth-code'));
+
+    await provider.initialize();
+    await provider.initialize();
+
+    expect(mockClient.acquireTokenByCode).toHaveBeenCalledTimes(1);
+    expect(mockClient.acquireTokenByCode).toHaveBeenCalledWith({
+      code: 'auth-code',
+      scopes: ['test-client-id/.default'],
+    });
+  });
+});

package/src/module.ts

@@ -1,12 +1,12 @@
 import {
   type Module,
   type IModulesConfigurator,
+  type ModuleConfigType,
   SemanticVersion,
 } from '@equinor/fusion-framework-module';
 
 import { MsalConfigurator } from './MsalConfigurator';
 import { MsalProvider, type IMsalProvider } from './MsalProvider';
-import type { MsalClientConfig } from './MsalClient';
 
 import { version } from './version';
 
@@ -80,23 +80,10 @@ export const module: MsalModule = {
  * This function receives a builder object with methods to configure the MSAL client
  * and authentication requirements.
  */
-export type AuthConfigFn = (builder: {
-  /**
-   * Set MSAL client configuration
-   * @param config - Client configuration with tenant ID, client ID, etc.
-   */
-  setClientConfig: (config: MsalClientConfig) => void;
-  /**
-   * Set whether authentication is required for the application
-   * @param requiresAuth - If true, app will attempt automatic login on initialization
-   */
-  setRequiresAuth: (requiresAuth: boolean) => void;
-  /**
-   * Set a default login hint used for silent SSO and pre-filled usernames
-   * @param loginHint - Preferred username/email to use for login hint
-   */
-  setLoginHint: (loginHint: string) => void;
-}) => void;
+export type AuthConfigFn<TRef = unknown> = (
+  configurator: ModuleConfigType<MsalModule>,
+  ref?: TRef,
+) => void;
 
 /**
  * Enables MSAL authentication module in the framework.

package/src/version.ts

@@ -1,2 +1,2 @@
 // Generated by genversion.
-export const version = '7.2.1';
+export const version = '7.3.0';