@equinor/fusion-framework-module-msal 7.2.2 → 7.3.0

package/dist/types/MsalConfigurator.d.ts

@@ -76,7 +76,7 @@ export declare class MsalConfigurator extends BaseConfigBuilder<MsalConfig> {
      * This follows Microsoft's standard SPA Auth Code Flow pattern and is compatible with
      * MSAL Browser's acquireTokenByCode() method.
      *
-     * @param authCode - The authorization code issued by the backend
+     * @param authCode - The authorization code issued by the backend, or undefined to clear/reset it
      * @returns The configurator instance for method chaining
      *
      * @example
@@ -84,15 +84,19 @@ export declare class MsalConfigurator extends BaseConfigBuilder<MsalConfig> {
      * // Backend provides auth code in HTML/config
      * const config = { auth: { code: getAuthCodeFromBackend() } };
      * configurator.setAuthCode(config.auth.code);
+     *
+     * // Clear previously configured auth code
+     * configurator.setAuthCode(undefined);
      * ```
      *
      * @remarks
      * - Auth codes are single-use and short-lived (typically 5-10 minutes)
      * - The exchange happens during module initialization before requiresAuth check
      * - If exchange fails, the provider falls back to standard MSAL authentication flows
+     * - Passing undefined, empty, or whitespace-only values clears the configured auth code
      * - Requires backend to be configured with SPA Auth Code support
      */
-    setAuthCode(authCode: string): this;
+    setAuthCode(authCode?: string): this;
     /**
      * Sets whether authentication is required for the application.
      *

package/dist/types/__tests__/MsalConfigurator.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/types/__tests__/MsalProvider.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/types/version.d.ts

@@ -1 +1 @@
-export declare const version = "7.2.2";
+export declare const version = "7.3.0";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@equinor/fusion-framework-module-msal",
-  "version": "7.2.2",
+  "version": "7.3.0",
   "description": "Microsoft Authentication Library (MSAL) integration module for Fusion Framework",
   "main": "dist/esm/index.js",
   "types": "dist/types/index.d.ts",
@@ -58,8 +58,8 @@
     "semver": "^7.5.4",
     "typescript": "^5.8.2",
     "zod": "^4.1.8",
-    "@equinor/fusion-framework-module-telemetry": "^4.6.3",
-    "@equinor/fusion-framework-module": "^5.0.5"
+    "@equinor/fusion-framework-module": "^5.0.5",
+    "@equinor/fusion-framework-module-telemetry": "^4.6.3"
   },
   "peerDependenciesMeta": {
     "@equinor/fusion-framework-module-telemetry": {

package/src/MsalConfigurator.ts

@@ -136,7 +136,7 @@ export class MsalConfigurator extends BaseConfigBuilder<MsalConfig> {
    * This follows Microsoft's standard SPA Auth Code Flow pattern and is compatible with
    * MSAL Browser's acquireTokenByCode() method.
    *
-   * @param authCode - The authorization code issued by the backend
+   * @param authCode - The authorization code issued by the backend, or undefined to clear/reset it
    * @returns The configurator instance for method chaining
    *
    * @example
@@ -144,16 +144,21 @@ export class MsalConfigurator extends BaseConfigBuilder<MsalConfig> {
    * // Backend provides auth code in HTML/config
    * const config = { auth: { code: getAuthCodeFromBackend() } };
    * configurator.setAuthCode(config.auth.code);
+   *
+   * // Clear previously configured auth code
+   * configurator.setAuthCode(undefined);
    * ```
    *
    * @remarks
    * - Auth codes are single-use and short-lived (typically 5-10 minutes)
    * - The exchange happens during module initialization before requiresAuth check
    * - If exchange fails, the provider falls back to standard MSAL authentication flows
+   * - Passing undefined, empty, or whitespace-only values clears the configured auth code
    * - Requires backend to be configured with SPA Auth Code support
    */
-  setAuthCode(authCode: string): this {
-    this._set('authCode', async () => authCode);
+  setAuthCode(authCode?: string): this {
+    const normalizedAuthCode = authCode?.trim() || undefined;
+    this._set('authCode', async () => normalizedAuthCode);
     return this;
   }
 

package/src/MsalProvider.ts

@@ -142,7 +142,7 @@ export class MsalProvider extends BaseModuleProvider<MsalConfig> implements IMsa
 
     // Extract auth code from config if present
     // This will be used during initialize to exchange for tokens
-    this.#authCode = config.authCode;
+    this.#authCode = config.authCode?.trim() || undefined;
 
     // Validate required client configuration
     if (!config.client) {

package/src/__tests__/MsalConfigurator.test.ts

@@ -0,0 +1,64 @@
+import type { ConfigBuilderCallbackArgs } from '@equinor/fusion-framework-module';
+import { describe, expect, it, vi } from 'vitest';
+import type { IMsalClient } from '../MsalClient.interface';
+import { type MsalConfig, MsalConfigurator } from '../MsalConfigurator';
+
+const createConfigCallbackArgs = (): ConfigBuilderCallbackArgs => ({
+  config: {},
+  hasModule: vi.fn().mockReturnValue(false),
+  requireInstance: vi.fn(),
+});
+
+const createClient = (): IMsalClient => ({}) as IMsalClient;
+
+const createInitialConfig = (): Pick<MsalConfig, 'telemetry'> => ({
+  telemetry: {
+    metadata: {},
+    scope: [],
+  },
+});
+
+describe('MsalConfigurator', () => {
+  it('setAuthCode should normalize surrounding whitespace', async () => {
+    const configurator = new MsalConfigurator();
+
+    configurator.setClient(createClient());
+    configurator.setAuthCode('  auth-code  ');
+
+    const config = await configurator.createConfigAsync(
+      createConfigCallbackArgs(),
+      createInitialConfig(),
+    );
+
+    expect(config.authCode).toBe('auth-code');
+  });
+
+  it('setAuthCode should allow clearing with undefined', async () => {
+    const configurator = new MsalConfigurator();
+
+    configurator.setClient(createClient());
+    configurator.setAuthCode('auth-code');
+    configurator.setAuthCode(undefined);
+
+    const config = await configurator.createConfigAsync(
+      createConfigCallbackArgs(),
+      createInitialConfig(),
+    );
+
+    expect(config.authCode).toBeUndefined();
+  });
+
+  it('setAuthCode should treat whitespace-only values as undefined', async () => {
+    const configurator = new MsalConfigurator();
+
+    configurator.setClient(createClient());
+    configurator.setAuthCode('   ');
+
+    const config = await configurator.createConfigAsync(
+      createConfigCallbackArgs(),
+      createInitialConfig(),
+    );
+
+    expect(config.authCode).toBeUndefined();
+  });
+});

package/src/__tests__/MsalProvider.test.ts

@@ -0,0 +1,74 @@
+import { describe, expect, it, vi } from 'vitest';
+import type { IMsalClient } from '../MsalClient.interface';
+import type { MsalConfig } from '../MsalConfigurator';
+import { MsalProvider } from '../MsalProvider';
+import type { AuthenticationResult } from '../types';
+
+type MockMsalClient = {
+  client: IMsalClient;
+  acquireTokenByCode: ReturnType<typeof vi.fn>;
+  initialize: ReturnType<typeof vi.fn>;
+};
+
+const createClient = (): MockMsalClient => {
+  const initialize = vi.fn(async () => undefined);
+  const acquireTokenByCode = vi.fn(async () => ({}) as AuthenticationResult);
+
+  return {
+    client: {
+      clientId: 'test-client-id',
+      initialize,
+      acquireTokenByCode,
+      setActiveAccount: vi.fn(),
+    } as unknown as IMsalClient,
+    acquireTokenByCode,
+    initialize,
+  };
+};
+
+const createConfig = (client: IMsalClient, authCode?: string): MsalConfig => ({
+  client,
+  version: '7.0.0',
+  requiresAuth: false,
+  authCode,
+  telemetry: {
+    metadata: { module: 'msal', version: '7.0.0' },
+    scope: ['framework', 'authentication'],
+  },
+});
+
+describe('MsalProvider.initialize', () => {
+  it('should not attempt auth code exchange when auth code is undefined', async () => {
+    const mockClient = createClient();
+
+    const provider = new MsalProvider(createConfig(mockClient.client, undefined));
+    await provider.initialize();
+
+    expect(mockClient.initialize).toHaveBeenCalledTimes(1);
+    expect(mockClient.acquireTokenByCode).not.toHaveBeenCalled();
+  });
+
+  it('should not attempt auth code exchange when auth code is whitespace-only', async () => {
+    const mockClient = createClient();
+
+    const provider = new MsalProvider(createConfig(mockClient.client, '   '));
+    await provider.initialize();
+
+    expect(mockClient.acquireTokenByCode).not.toHaveBeenCalled();
+  });
+
+  it('should exchange auth code once and clear it afterwards', async () => {
+    const mockClient = createClient();
+
+    const provider = new MsalProvider(createConfig(mockClient.client, 'auth-code'));
+
+    await provider.initialize();
+    await provider.initialize();
+
+    expect(mockClient.acquireTokenByCode).toHaveBeenCalledTimes(1);
+    expect(mockClient.acquireTokenByCode).toHaveBeenCalledWith({
+      code: 'auth-code',
+      scopes: ['test-client-id/.default'],
+    });
+  });
+});

package/src/version.ts

@@ -1,2 +1,2 @@
 // Generated by genversion.
-export const version = '7.2.2';
+export const version = '7.3.0';