Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article gives an overview of the different types of errors and recommendations for handling common sign-in errors.
MSAL error handling basics
Exceptions in Microsoft Authentication Library (MSAL) are intended for app developers to troubleshoot, not for displaying to end users. Exception messages are not localized.
When processing exceptions and errors, you can use the exception type itself and the error code to distinguish between exceptions. For a list of error codes, see Microsoft Entra authentication and authorization error codes.
During the sign-in experience, you may encounter errors about consents, Conditional Access (MFA, Device Management, Location-based restrictions), token issuance and redemption, and user properties.
The following section provides more details about error handling for your app.
Configure logging in MSAL.js
Enable logging in MSAL.js (JavaScript) by passing a loggerOptions object during the configuration for creating a PublicClientApplication instance. The only required config parameter is the client ID of the application. Everything else is optional, but may be required depending on your tenant and application model.
The loggerOptions object has the following properties:
loggerCallback: a Callback function that can be provided by the developer to handle the logging of MSAL statements in a custom manner. Implement theloggerCallbackfunction depending on how you want to redirect logs. The loggerCallback function has the following format(level: LogLevel, message: string, containsPii: boolean): void- The supported log levels are:
Error,Warning,Info, andVerbose. The default isInfo.
- The supported log levels are:
piiLoggingEnabled(optional): if set to true, logs personal and organizational data. By default this is false so that your application doesn't log personal data. Personal data logs are never written to default outputs like Console, Logcat, or NSLog.
import msal from "@azure/msal-browser"
const msalConfig = {
auth: {
clientId: "enter_client_id_here",
authority: "https://login.microsoftonline.com/common",
knownAuthorities: [],
cloudDiscoveryMetadata: "",
redirectUri: "enter_redirect_uri_here",
postLogoutRedirectUri: "enter_postlogout_uri_here",
navigateToLoginRequestUrl: true,
clientCapabilities: ["CP1"]
},
cache: {
cacheLocation: "sessionStorage",
storeAuthStateInCookie: false,
secureCookies: false
},
system: {
loggerOptions: {
logLevel: msal.LogLevel.Verbose,
loggerCallback: (level, message, containsPii) => {
if (containsPii) {
return;
}
switch (level) {
case msal.LogLevel.Error:
console.error(message);
return;
case msal.LogLevel.Info:
console.info(message);
return;
case msal.LogLevel.Verbose:
console.debug(message);
return;
case msal.LogLevel.Warning:
console.warn(message);
return;
}
},
piiLoggingEnabled: false
},
},
};
Next steps
For more code samples, refer to Microsoft identity platform code samples.