Skip to content

[Feature Request] Add MSI Source to MSAL's client side telemetry #4941

New issue
New issue
Open
3 of 3 issues completed
Open
[Feature Request] Add MSI Source to MSAL's client side telemetry#4941
3 of 3 issues completed
Labels
Possible-SolutionSimilar-Issuescenario:ManagedIdentity
@neha-bhargava

Description

@neha-bhargava
neha-bhargava
opened on Sep 24, 2024

MSAL client type

Managed identity

Problem statement

To improve observability and diagnostics for Managed Identity (MSI) in MSAL, propose adding additional client-side telemetry. This will provide insights into token acquisition patterns, environment detection, failure scenarios, and feature adoption.

  • MSI Source Tracking : Capture which MSI source (IMDS, App Service, Service Fabric, AKS, IMDSv2, etc.) is being used.
  • Token Revocation Events MSIv1 : Capture occurrences of bypass_cache=true to measure revocation triggers.
  • Token Revocation Events MSIv2 : Capture occurrences of error_code to /credential endpoint to measure revocation triggers.
  • Certificate Type Detection : – Identify if MSAL uses platform, developer-provided, or in-memory self-signed certificates.
  • Failure Reasons : – MSI token acquisition failures (e.g., auth errors, network issues, 404s)

Proposed Solution

Add a counter MsalMsiCounter with tags

  • MsiSource
  • TokenType
  • BypassCache
  • CertType
  • CredentialOutCome
  • MsalVersion
  • Platform

Failure reasons mentioned above are already captured in MsalFailedCounter

Alternatives

No response

Sub-issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    Possible-SolutionSimilar-Issuescenario:ManagedIdentity

    Type

    No type

    Projects

    MSAL Customer Trust

    Status

    Committed

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions