[Feature Request] Update Managed Identity Exceptions to MSALServiceExceptions

[gladjohn]

Core Library

MSAL Node (@azure/msal-node)

Wrapper Library

MSAL Node Extensions (@azure/msal-node-extensions)

Public or Confidential Client?

Confidential

Description

In MSAL .NET, ManagedIdentityException only derived from ServiceException and not from UIRequiredException. This created a disconnect in our hierarchy of exceptions, as it didn't encompass all the necessary types that our application deals with, particularly in scenarios requiring user interaction (CAE with SLC). By moving to MsalServiceException, we ensure that all exceptions fit neatly into our established hierarchy, making it more predictable and easier to manage.

The introduction of ManagedIdentityException was initially intended to add extra data about the source leading to this exception. However, this approach led to a fragmentation in our exception handling logic. In scenarios involving shared logic between Managed Service Identity (MSI) and Security Token Service (STS), the code needed to handle or throw the correct exception type, leading to unnecessary complexity (SLC). By standardizing on MsalServiceException, we eliminate this fragmentation, allowing for more streamlined and reusable exception handling code.

The previous approach often required catching MsalServiceException and rethrowing it as ManagedIdentityException in certain contexts. This added an extra layer of complexity to our exception handling logic. With this refactor, we eliminate such patterns, simplifying the flow and making the code more maintainable.

To expose the Managed Identity source, we instead added a property bag with extra details for this exception. And create MSALServiceExceptions for MI Exceptions

The ask for MSAL Node is to use MSALServiceExceptions when you GA MI as a feature.

MSAL .NET PR : https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/pull/4476

Source

Internal (Microsoft)