Logging in MSAL for Android
The Microsoft Authentication Library (MSAL) apps generate log messages that can help diagnose issues. An app can configure logging with a few lines of code, and have custom control over the level of detail and whether or not personal and organizational data is logged. We recommend you create an MSAL logging implementation and provide a way for users to submit logs when they have authentication issues.
MSAL provides several levels of logging detail:
- LogAlways: No level filtering is done on this log level. Log messages of all levels will be logged.
- Critical: Logs that describe an unrecoverable application or system crash, or a catastrophic failure that requires immediate attention.
- Error: Indicates something has gone wrong and an error was generated. Used for debugging and identifying problems.
- Warning: There hasn't necessarily been an error or failure, but are intended for diagnostics and pinpointing problems.
- Informational: MSAL will log events intended for informational purposes not necessarily intended for debugging.
- Verbose (Default): MSAL logs the full details of library behavior.
Note
Not all log levels are available for all MSAL SDK's
By default, the MSAL logger doesn't capture any highly sensitive personal or organizational data. The library provides the option to enable logging personal and organizational data if you decide to do so.
The following sections provide more details about MSAL error logging for your application.
Turn logging on at app creation by creating a logging callback. The callback takes these parameters:
tag
is a string passed to the callback by the library. It's associated with the log entry and can be used to sort logging messages.logLevel
enables you to decide which level of logging you want. The supported log levels are:Error
,Warning
,Info
, andVerbose
.message
is the content of the log entry.containsPII
specifies whether messages containing personal data, or organizational data are logged. By default, this is set to false, so that your application doesn't log personal data. IfcontainsPII
istrue
, this method will receive the messages twice: once with thecontainsPII
parameter set tofalse
and themessage
without personal data, and a second time with thecontainsPii
parameter set totrue
and the message might contain personal data. In some cases (when the message doesn't contain personal data), the message will be the same.
private StringBuilder mLogs;
mLogs = new StringBuilder();
Logger.getInstance().setExternalLogger(new ILoggerCallback()
{
@Override
public void log(String tag, Logger.LogLevel logLevel, String message, boolean containsPII)
{
mLogs.append(message).append('\n');
}
});
By default, the MSAL logger won't capture any personal identifiable information or organizational identifiable information. To enable the logging of personal identifiable information or organizational identifiable information:
Logger.getInstance().setEnablePII(true);
To disable logging personal data and organization data:
Logger.getInstance().setEnablePII(false);
By default logging to logcat is disabled. To enable:
Logger.getInstance().setEnableLogcatLog(true);
For more code samples, refer to Microsoft identity platform code samples.