AzureAD · trwalke · May 23, 2023 · Oct 6, 2022 · Oct 7, 2022 · Oct 7, 2022
@@ -341,8 +341,6 @@ public ConfidentialClientApplicationBuilder WithGenericAuthority(string authorit
         /// <returns>The builder to chain the .With methods</returns>
         public ConfidentialClientApplicationBuilder WithTelemetryClient(params ITelemetryClient[] telemetryClients)
         {
-            ValidateUseOfExperimentalFeature("ITelemetryClient");
-
             if (telemetryClients == null)
             {
                 throw new ArgumentNullException(nameof(telemetryClients));

@@ -10,21 +10,26 @@
 namespace Microsoft.Identity.Client.Cache
 {
     /// <summary>
-    /// Identifies the type of cache used when accessing the cache.
+    /// Identifies the type of cache used when accessing the cache. Cache implementations must provide this.
     /// </summary>
-    public enum CacheTypeUsed
+    public enum CacheLevel
     {
         /// <summary>
-        /// Specifies that no cache type is used
+        /// Specifies that the cache level used is None.
+        /// Token was retrieved from ESTS
         /// </summary>
         None = 0,
         /// <summary>
-        /// Specifies if the L1 cache is used
+        /// Specifies that the cache level used is unknown.
+        /// The custom token cache which doesn't relay the info about which cache was hit back to MSAL.
         /// </summary>
-        L1Cache = 1,
+        Unknown = 1,
         /// <summary>
-        /// Specifies if the L2 cache is used
+        /// Specifies if the L1 cache is used.
         /// </summary>
-        L2Cache = 2
+        L1Cache = 2,
+        /// <summary>
+        /// Specifies if the L2 cache is used.
+        L2Cache = 3
     }
 }
@@ -10,6 +10,7 @@
 using Microsoft.Identity.Client.Internal;
 using Microsoft.Identity.Client.Internal.Requests;
 using Microsoft.Identity.Client.OAuth2;
+using Microsoft.Identity.Client.TelemetryCore.TelemetryClient;
 
 namespace Microsoft.Identity.Client.Cache
 {
@@ -106,6 +107,7 @@ private async Task RefreshCacheForReadOperationsAsync()
                     await TokenCacheInternal.Semaphore.WaitAsync(_requestParams.RequestContext.UserCancellationToken).ConfigureAwait(false);
                     _requestParams.RequestContext.Logger.Verbose(()=>"[Cache Session Manager] Entered cache semaphore");
 
+                    TelemetryData telemetryData = new TelemetryData();
                     Stopwatch stopwatch = new Stopwatch();
                     try
                     {
@@ -130,7 +132,7 @@ private async Task RefreshCacheForReadOperationsAsync()
                                   requestTenantId: _requestParams.AuthorityManager.OriginalAuthority.TenantId,
                                   identityLogger: _requestParams.RequestContext.Logger.IdentityLogger,
                                   piiLoggingEnabled: _requestParams.RequestContext.Logger.PiiLoggingEnabled,
-                                  telemetryDatapoints: RequestContext.TelemetryDatapoints);
+                                  telemetryData: telemetryData);
 
                                 stopwatch.Start();
                                 await TokenCacheInternal.OnBeforeAccessAsync(args).ConfigureAwait(false);
@@ -157,7 +159,7 @@ private async Task RefreshCacheForReadOperationsAsync()
                                   requestTenantId: _requestParams.AuthorityManager.OriginalAuthority.TenantId,
                                   identityLogger: _requestParams.RequestContext.Logger.IdentityLogger,
                                   piiLoggingEnabled: _requestParams.RequestContext.Logger.PiiLoggingEnabled,
-                                  telemetryDatapoints: RequestContext.TelemetryDatapoints);
+                                  telemetryData: telemetryData);
 
                                 await TokenCacheInternal.OnAfterAccessAsync(args).ConfigureAwait(false);
                                 RequestContext.ApiEvent.DurationInCacheInMs += stopwatch.ElapsedMilliseconds;
@@ -172,6 +174,7 @@ private async Task RefreshCacheForReadOperationsAsync()
                     {
                         TokenCacheInternal.Semaphore.Release();
                         _requestParams.RequestContext.Logger.Verbose(()=>"[Cache Session Manager] Released cache semaphore");
+                        RequestContext.ApiEvent.CacheLevel = telemetryData.CacheLevel;
                     }
                 }
             }

@@ -20,7 +20,7 @@ internal class CertificateAndClaimsClientCredential : IClientCredential
         private readonly string _base64EncodedThumbprint; // x5t
         public X509Certificate2 Certificate { get; }
 
-        public AssertionType TelemetryAssertionType => AssertionType.CertificateWithoutSni;
+        public AssertionType AssertionType => AssertionType.CertificateWithoutSni;
 
         public CertificateAndClaimsClientCredential(X509Certificate2 certificate, IDictionary<string, string> claimsToSign, bool appendDefaultClaims)
         {

@@ -18,7 +18,7 @@ namespace Microsoft.Identity.Client.Internal.ClientCredential
 {
     internal interface IClientCredential
     {
-        AssertionType TelemetryAssertionType { get; }
+        AssertionType AssertionType { get; }
 
         Task AddConfidentialClientParametersAsync(
               OAuth2Client oAuth2Client,

@@ -15,7 +15,7 @@ internal class SecretStringClientCredential : IClientCredential
     {
         internal string Secret { get; }
 
-        public AssertionType TelemetryAssertionType => AssertionType.Secret;
+        public AssertionType AssertionType => AssertionType.Secret;
 
         public SecretStringClientCredential(string secret)
         {

@@ -15,7 +15,7 @@ internal class SignedAssertionClientCredential : IClientCredential
     {
         private readonly string _signedAssertion;
 
-        public AssertionType TelemetryAssertionType => AssertionType.ClientAssertion;
+        public AssertionType AssertionType => AssertionType.ClientAssertion;
 
         public SignedAssertionClientCredential(string signedAssertion)
         {

@@ -15,7 +15,7 @@ internal class SignedAssertionDelegateClientCredential : IClientCredential
     {
         internal Func<CancellationToken, Task<string>> _signedAssertionDelegate { get; }
         internal Func<AssertionRequestOptions, Task<string>> _signedAssertionWithInfoDelegate { get; }
-        public AssertionType TelemetryAssertionType => AssertionType.ClientAssertion;
+        public AssertionType AssertionType => AssertionType.ClientAssertion;
 
         [System.ComponentModel.EditorBrowsable(System.ComponentModel.EditorBrowsableState.Never)]
         public SignedAssertionDelegateClientCredential(Func<CancellationToken, Task<string>> signedAssertionDelegate)

@@ -26,8 +26,6 @@ internal class RequestContext
 
         public CancellationToken UserCancellationToken { get; }
 
-        public TelemetryDatapoints TelemetryDatapoints { get; } = new TelemetryDatapoints();
-
         public RequestContext(IServiceBundle serviceBundle, Guid correlationId, CancellationToken cancellationToken = default)
         {
             ServiceBundle = serviceBundle ?? throw new ArgumentNullException(nameof(serviceBundle));

@@ -96,21 +96,22 @@ public async Task<AuthenticationResult> RunAsync(CancellationToken cancellationT
                     LogReturnedToken(authenticationResult);
                     UpdateTelemetry(sw, apiEvent, authenticationResult);
                     LogMetricsFromAuthResult(authenticationResult, AuthenticationRequestParameters.RequestContext.Logger);
-                    LogSuccessfulTelemetryToClient(authenticationResult, AuthenticationRequestParameters.RequestContext.TelemetryDatapoints, telemetryEventDetails, telemetryClients);
+                    LogSuccessfulTelemetryToClient(authenticationResult, telemetryEventDetails, telemetryClients);
 
                     return authenticationResult;
                 }
                 catch (MsalException ex)
                 {
                     apiEvent.ApiErrorCode = ex.ErrorCode;
                     AuthenticationRequestParameters.RequestContext.Logger.ErrorPii(ex);
-                    LogErrorTelemetryToClient(ex.ErrorCode, telemetryEventDetails, telemetryClients);
+                    LogMsalErrorTelemetryToClient(ex, telemetryEventDetails, telemetryClients);
                     throw;
                 }
                 catch (Exception ex)
                 {
                     apiEvent.ApiErrorCode = ex.GetType().Name;
                     AuthenticationRequestParameters.RequestContext.Logger.ErrorPii(ex);
+                    LogErrorTelemetryToClient(ex, telemetryEventDetails, telemetryClients);
                     throw;
                 }
                 finally
@@ -120,16 +121,38 @@ public async Task<AuthenticationResult> RunAsync(CancellationToken cancellationT
             }
         }
 
-        private void LogErrorTelemetryToClient(string errorCode, MsalTelemetryEventDetails telemetryEventDetails, ITelemetryClient[] telemetryClients)
+        private void LogMsalErrorTelemetryToClient(MsalException ex, MsalTelemetryEventDetails telemetryEventDetails, ITelemetryClient[] telemetryClients)
+        {
+            if (telemetryClients.HasEnabledClients(TelemetryConstants.AcquireTokenEventName))
+            {
+                if (ex is MsalClientException clientException)
+                {
+                    telemetryEventDetails.SetProperty(TelemetryConstants.Succeeded, false);
+                    telemetryEventDetails.SetProperty(TelemetryConstants.ErrorCode, clientException.ErrorCode);
+                    telemetryEventDetails.SetProperty(TelemetryConstants.ErrorMessage, clientException.Message);
+                }
+
+                if (ex is MsalServiceException serviceException)
+                {
+                    telemetryEventDetails.SetProperty(TelemetryConstants.Succeeded, false);
+                    telemetryEventDetails.SetProperty(TelemetryConstants.ErrorCode, serviceException.ErrorCode);
+                    telemetryEventDetails.SetProperty(TelemetryConstants.ErrorMessage, serviceException.Message);
+                    telemetryEventDetails.SetProperty(TelemetryConstants.StsErrorCode, serviceException.ErrorCodes.AsSingleString());
+                }
+            }
+        }
+
+        private void LogErrorTelemetryToClient(Exception ex, MsalTelemetryEventDetails telemetryEventDetails, ITelemetryClient[] telemetryClients)
         {
             if (telemetryClients.HasEnabledClients(TelemetryConstants.AcquireTokenEventName))
             {
                 telemetryEventDetails.SetProperty(TelemetryConstants.Succeeded, false);
-                telemetryEventDetails.SetProperty(TelemetryConstants.ErrorCode, errorCode);
+                telemetryEventDetails.SetProperty(TelemetryConstants.ErrorCode, ex.GetType().ToString());
+                telemetryEventDetails.SetProperty(TelemetryConstants.ErrorMessage, ex.Message);
             }
         }
 
-        private void LogSuccessfulTelemetryToClient(AuthenticationResult authenticationResult, TelemetryDatapoints telemetryDatapoints, MsalTelemetryEventDetails telemetryEventDetails, ITelemetryClient[] telemetryClients)
+        private void LogSuccessfulTelemetryToClient(AuthenticationResult authenticationResult, MsalTelemetryEventDetails telemetryEventDetails, ITelemetryClient[] telemetryClients)
         {
             if (telemetryClients.HasEnabledClients(TelemetryConstants.AcquireTokenEventName))
             {
@@ -142,13 +165,14 @@ private void LogSuccessfulTelemetryToClient(AuthenticationResult authenticationR
                 telemetryEventDetails.SetProperty(TelemetryConstants.TokenType, (int)AuthenticationRequestParameters.RequestContext.ApiEvent.TokenType);
                 telemetryEventDetails.SetProperty(TelemetryConstants.RemainingLifetime, (authenticationResult.ExpiresOn - DateTime.Now).TotalMilliseconds);
                 telemetryEventDetails.SetProperty(TelemetryConstants.ActivityId, authenticationResult.CorrelationId);
-                telemetryEventDetails.SetProperty(TelemetryConstants.RefreshOn, 
-                    authenticationResult.AuthenticationResultMetadata.RefreshOn.HasValue ?
-                    DateTimeHelpers.DateTimeToUnixTimestampMilliseconds(authenticationResult.AuthenticationResultMetadata.RefreshOn.Value)
-                    : 0);
+
+                if (authenticationResult.AuthenticationResultMetadata.RefreshOn.HasValue)
+                {
+                    telemetryEventDetails.SetProperty(TelemetryConstants.RefreshOn, DateTimeHelpers.DateTimeToUnixTimestampMilliseconds(authenticationResult.AuthenticationResultMetadata.RefreshOn.Value));
+                }
                 telemetryEventDetails.SetProperty(TelemetryConstants.AssertionType, (int)AuthenticationRequestParameters.RequestContext.ApiEvent.AssertionType);
                 telemetryEventDetails.SetProperty(TelemetryConstants.Endpoint, AuthenticationRequestParameters.Authority.AuthorityInfo.CanonicalAuthority.ToString());
-                telemetryEventDetails.SetProperty(TelemetryConstants.CacheUsed, (int)telemetryDatapoints.CacheTypeUsed);
+                telemetryEventDetails.SetProperty(TelemetryConstants.CacheLevel, (int)GetCacheLevel(authenticationResult));
                 ParseScopesForTelemetry(telemetryEventDetails);
             }
         }
@@ -157,19 +181,45 @@ private void ParseScopesForTelemetry(MsalTelemetryEventDetails telemetryEventDet
         {
             if (AuthenticationRequestParameters.Scope.Count > 0)
             {
-                var firstScope = AuthenticationRequestParameters.Scope.First().ToString();
+                string firstScope = AuthenticationRequestParameters.Scope.First();
+
                 if (Uri.IsWellFormedUriString(firstScope, UriKind.Absolute))
                 {
-                    telemetryEventDetails.SetProperty(TelemetryConstants.Resource, firstScope);
+                    Uri firstScopeAsUri = new Uri(firstScope);
+                    telemetryEventDetails.SetProperty(TelemetryConstants.Resource, $"{firstScopeAsUri.Scheme}://{firstScopeAsUri.Host}");
+
+                    StringBuilder stringBuilder = new StringBuilder();
+
+                    foreach (string scope in AuthenticationRequestParameters.Scope)
+                    {
+                         stringBuilder.Append(scope.Split(new[] { firstScopeAsUri.Host }, StringSplitOptions.None)[1].Replace("/", string.Empty) + " ");
+                    }
+
+                    telemetryEventDetails.SetProperty(TelemetryConstants.Scopes, stringBuilder.ToString().TrimEnd(' '));
                 }
                 else
                 {
-                    telemetryEventDetails.SetProperty(TelemetryConstants.Scopes, JsonHelper.SerializeToJson(AuthenticationRequestParameters.Scope));
+                    telemetryEventDetails.SetProperty(TelemetryConstants.Scopes, AuthenticationRequestParameters.Scope.AsSingleString());
                 }
-
             }
         }
 
+        private CacheLevel GetCacheLevel(AuthenticationResult authenticationResult)
+        {
+            if (authenticationResult.AuthenticationResultMetadata.TokenSource == TokenSource.Cache) //Check if token scource is cache
+            {
+                if (AuthenticationRequestParameters.RequestContext.ApiEvent.CacheLevel > CacheLevel.Unknown) //Check if cache has indicated which level was used
+                {
+                    return AuthenticationRequestParameters.RequestContext.ApiEvent.CacheLevel;
+                }
+
+                //If no level was used, set to unknown
+                return CacheLevel.Unknown;
+            }
+
+            return CacheLevel.None;
+        }
+
         private static void LogMetricsFromAuthResult(AuthenticationResult authenticationResult, ILoggerAdapter logger)
         {
             if (logger.IsLoggingEnabled(LogLevel.Always))
@@ -230,14 +280,15 @@ private AssertionType GetAssertionType()
         {
             if (!string.IsNullOrWhiteSpace(ServiceBundle.Config.ManagedIdentityUserAssignedClientId) ||
                 !string.IsNullOrWhiteSpace(ServiceBundle.Config.ManagedIdentityUserAssignedResourceId) ||
+                (!string.IsNullOrWhiteSpace(ServiceBundle.Config.TenantId) && ServiceBundle.Config.TenantId.Equals(Constants.ManagedIdentityDefaultTenant)) ||
                 ServiceBundle.Config.AppTokenProvider != null)
             {
                 return AssertionType.Msi;
             }
 
             if (ServiceBundle.Config.ClientCredential != null)
             {
-                if (ServiceBundle.Config.ClientCredential.TelemetryAssertionType == AssertionType.CertificateWithoutSni)
+                if (ServiceBundle.Config.ClientCredential.AssertionType == AssertionType.CertificateWithoutSni)
                 {
                     if (ServiceBundle.Config.SendX5C)
                     {
@@ -247,7 +298,7 @@ private AssertionType GetAssertionType()
                     return AssertionType.CertificateWithoutSni;
                 }
 
-                return ServiceBundle.Config.ClientCredential.TelemetryAssertionType;
+                return ServiceBundle.Config.ClientCredential.AssertionType;
             }
 
             return AssertionType.None;

@@ -221,6 +221,11 @@ public HttpResponseHeaders Headers
         /// </remarks>
         internal string SubError { get; set; }
 
+        /// <summary>
+        /// A list of STS-specific error codes that can help in diagnostics.
+        /// </summary>
+        internal string[] ErrorCodes { get; set; }
+
         /// <summary>
         /// As per discussion with Evo, AAD 
         /// </summary>

@@ -58,6 +58,7 @@ internal static MsalServiceException FromHttpResponse(
             ex.Claims = oAuth2Response?.Claims;
             ex.CorrelationId = oAuth2Response?.CorrelationId;
             ex.SubError = oAuth2Response?.SubError;
+            ex.ErrorCodes = oAuth2Response?.ErrorCodes;
 
             return ex;
         }

@@ -1,12 +1,6 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
-
 namespace Microsoft.Identity.Client.TelemetryCore
 {
     internal enum AssertionType

@@ -3,6 +3,7 @@
 
 using System;
 using Microsoft.Identity.Client.AuthScheme;
+using Microsoft.Identity.Client.Cache;
 using Microsoft.Identity.Client.Region;
 
 namespace Microsoft.Identity.Client.TelemetryCore.Internal.Events
@@ -128,5 +129,11 @@ public string TokenTypeString
         }
 
         public AssertionType AssertionType { get; set; }
+
+        public CacheLevel CacheLevel { get; set; }
+
+        public static bool IsLongRunningObo(ApiIds apiId) => apiId == ApiIds.InitiateLongRunningObo || apiId == ApiIds.AcquireTokenInLongRunningObo;
+
+        public static bool IsOnBehalfOfRequest(ApiIds apiId) => apiId == ApiIds.AcquireTokenOnBehalfOf || IsLongRunningObo(apiId);
     }
 }
diff --git a/src/client/Microsoft.Identity.Client/TelemetryCore/TelemetryClient/TelemetryDatapoints.cs b/src/client/Microsoft.Identity.Client/TelemetryCore/TelemetryClient/TelemetryDatapoints.cs
@@ -9,11 +9,11 @@ namespace Microsoft.Identity.Client.TelemetryCore.TelemetryClient
     /// <summary>
     /// Stores details to log to the <see cref="ITelemetryClient"/>.
     /// </summary>
-    public class TelemetryDatapoints
+    public class TelemetryData
     {
         /// <summary>
         /// Type of cache used. This data is captured from MSAL or Microsoft.Identity.Web to log to telemetry.
         /// </summary>
-        public CacheTypeUsed CacheTypeUsed { get; set; } = CacheTypeUsed.None;
+        public CacheLevel CacheLevel { get; set; } = CacheLevel.None;
     }
 }