Node interop: Add handling for redirect URI based on platform (#7908)

Sets the redirect URI in the `NativeBrokerPlugin` class based on platform

Author: shylasummers

change/@azure-msal-node-extensions-6b5455ba-96e4-4d51-8f4e-dfb22a7a9a35.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Add handling for redirect URI based on platform #7908",
+  "packageName": "@azure/msal-node-extensions",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

extensions/msal-node-extensions/src/broker/NativeBrokerPlugin.ts

@@ -192,8 +192,11 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
             "NativeBrokerPlugin - acquireTokenSilent called",
             request.correlationId
         );
-        const authParams = this.generateRequestParameters(request);
-        const account = await this.getAccount(request);
+        const platformRequest = request;
+        const authParams = this.generateRequestParameters(platformRequest);
+        const account = await this.getAccount(platformRequest);
+        platformRequest.redirectUri =
+            this.chooseRedirectUriByPlatform(platformRequest);
 
         return new Promise(
             (resolve: (value: AuthenticationResult) => void, reject) => {
@@ -208,7 +211,7 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
                         }
                     }
                     const authenticationResult = this.getAuthenticationResult(
-                        request,
+                        platformRequest,
                         result
                     );
                     resolve(authenticationResult);
@@ -218,14 +221,14 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
                     if (account) {
                         msalNodeRuntime.AcquireTokenSilentlyAsync(
                             authParams,
-                            request.correlationId,
+                            platformRequest.correlationId,
                             account,
                             resultCallback
                         );
                     } else {
                         msalNodeRuntime.SignInSilentlyAsync(
                             authParams,
-                            request.correlationId,
+                            platformRequest.correlationId,
                             resultCallback
                         );
                     }
@@ -247,8 +250,11 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
             "NativeBrokerPlugin - acquireTokenInteractive called",
             request.correlationId
         );
-        const authParams = this.generateRequestParameters(request);
-        const account = await this.getAccount(request);
+        const platformRequest = request;
+        const authParams = this.generateRequestParameters(platformRequest);
+        platformRequest.redirectUri =
+            this.chooseRedirectUriByPlatform(platformRequest);
+        const account = await this.getAccount(platformRequest);
         const windowHandle = providedWindowHandle || Buffer.from([0]);
 
         return new Promise(
@@ -264,27 +270,28 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
                         }
                     }
                     const authenticationResult = this.getAuthenticationResult(
-                        request,
+                        platformRequest,
                         result
                     );
                     resolve(authenticationResult);
                 };
 
                 try {
-                    switch (request.prompt) {
+                    switch (platformRequest.prompt) {
                         case PromptValue.LOGIN:
                         case PromptValue.SELECT_ACCOUNT:
                         case PromptValue.CREATE:
                             this.logger.info(
                                 "Calling native interop SignInInteractively API",
-                                request.correlationId
+                                platformRequest.correlationId
                             );
                             const loginHint =
-                                request.loginHint || Constants.EMPTY_STRING;
+                                platformRequest.loginHint ||
+                                Constants.EMPTY_STRING;
                             msalNodeRuntime.SignInInteractivelyAsync(
                                 windowHandle,
                                 authParams,
-                                request.correlationId,
+                                platformRequest.correlationId,
                                 loginHint,
                                 resultCallback
                             );
@@ -293,22 +300,22 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
                             if (account) {
                                 this.logger.info(
                                     "Calling native interop AcquireTokenSilently API",
-                                    request.correlationId
+                                    platformRequest.correlationId
                                 );
                                 msalNodeRuntime.AcquireTokenSilentlyAsync(
                                     authParams,
-                                    request.correlationId,
+                                    platformRequest.correlationId,
                                     account,
                                     resultCallback
                                 );
                             } else {
                                 this.logger.info(
                                     "Calling native interop SignInSilently API",
-                                    request.correlationId
+                                    platformRequest.correlationId
                                 );
                                 msalNodeRuntime.SignInSilentlyAsync(
                                     authParams,
-                                    request.correlationId,
+                                    platformRequest.correlationId,
                                     resultCallback
                                 );
                             }
@@ -317,26 +324,27 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
                             if (account) {
                                 this.logger.info(
                                     "Calling native interop AcquireTokenInteractively API",
-                                    request.correlationId
+                                    platformRequest.correlationId
                                 );
                                 msalNodeRuntime.AcquireTokenInteractivelyAsync(
                                     windowHandle,
                                     authParams,
-                                    request.correlationId,
+                                    platformRequest.correlationId,
                                     account,
                                     resultCallback
                                 );
                             } else {
                                 this.logger.info(
                                     "Calling native interop SignIn API",
-                                    request.correlationId
+                                    platformRequest.correlationId
                                 );
                                 const loginHint =
-                                    request.loginHint || Constants.EMPTY_STRING;
+                                    platformRequest.loginHint ||
+                                    Constants.EMPTY_STRING;
                                 msalNodeRuntime.SignInAsync(
                                     windowHandle,
                                     authParams,
-                                    request.correlationId,
+                                    platformRequest.correlationId,
                                     loginHint,
                                     resultCallback
                                 );
@@ -457,7 +465,10 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
                 request.clientId,
                 request.authority
             );
-            authParams.SetRedirectUri(request.redirectUri);
+
+            authParams.SetRedirectUri(
+                this.chooseRedirectUriByPlatform(request)
+            );
             authParams.SetRequestedScopes(request.scopes.join(" "));
 
             if (request.claims) {
@@ -516,6 +527,26 @@ export class NativeBrokerPlugin implements INativeBrokerPlugin {
         return authParams;
     }
 
+    private chooseRedirectUriByPlatform(request: NativeRequest): string {
+        this.logger.trace(
+            "NativeBrokerPlugin - chooseRedirectUriByPlatform called",
+            request.correlationId
+        );
+        let redirectUri: string;
+        switch (process.platform) {
+            case "darwin":
+                redirectUri = "msauth.com.msauth.unsignedapp://auth";
+                break;
+            case "win32":
+                redirectUri = `ms-appx-web://Microsoft.AAD.BrokerPlugin/${request.clientId}`;
+                break;
+            default:
+                redirectUri =
+                    "https://login.microsoftonline.com/common/oauth2/nativeclient";
+        }
+        return redirectUri;
+    }
+
     private getAuthenticationResult(
         request: NativeRequest,
         authResult: AuthResult