Start sending ClientAuthError telemetry for microsoft auth (#278643)

To better bucketize MSAL broker errors.

Author: TylerLeonhardt

extensions/microsoft-authentication/package-lock.json

@@ -141,8 +141,8 @@
   },
   "dependencies": {
     "@azure/ms-rest-azure-env": "^2.0.0",
-    "@azure/msal-node": "^3.8.0",
-    "@azure/msal-node-extensions": "^1.5.23",
+    "@azure/msal-node": "^3.8.3",
+    "@azure/msal-node-extensions": "^1.5.25",
     "@vscode/extension-telemetry": "^0.9.8",
     "keytar": "file:./packageMocks/keytar",
     "vscode-tas-client": "^0.1.84"

extensions/microsoft-authentication/package.json

@@ -3,7 +3,7 @@
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
-import { AuthError } from '@azure/msal-node';
+import { AuthError, ClientAuthError } from '@azure/msal-node';
 import TelemetryReporter, { TelemetryEventProperties } from '@vscode/extension-telemetry';
 import { IExperimentationTelemetry } from 'vscode-tas-client';
 
@@ -108,6 +108,40 @@ export class MicrosoftAuthenticationTelemetryReporter implements IExperimentatio
 		});
 	}
 
+	sendTelemetryClientAuthErrorEvent(error: ClientAuthError): void {
+		const errorCode = error.errorCode;
+		const correlationId = error.correlationId;
+		let brokerErrorCode: string | undefined;
+		let brokerStatusCode: string | undefined;
+		let brokerTag: string | undefined;
+
+		// Extract platform broker error information if available
+		if (error.platformBrokerError) {
+			brokerErrorCode = error.platformBrokerError.errorCode;
+			brokerStatusCode = `${error.platformBrokerError.statusCode}`;
+			brokerTag = error.platformBrokerError.tag;
+		}
+
+		/* __GDPR__
+			"msalClientAuthError" : {
+				"owner": "TylerLeonhardt",
+				"comment": "Used to determine how often users run into client auth errors during the login flow.",
+				"errorCode": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The client auth error code." },
+				"correlationId": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The client auth error correlation id." },
+				"brokerErrorCode": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The broker error code." },
+				"brokerStatusCode": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The broker error status code." },
+				"brokerTag": { "classification": "SystemMetaData", "purpose": "FeatureInsight", "comment": "The broker error tag." }
+			}
+		*/
+		this._telemetryReporter.sendTelemetryErrorEvent('msalClientAuthError', {
+			errorCode,
+			correlationId,
+			brokerErrorCode,
+			brokerStatusCode,
+			brokerTag
+		});
+	}
+
 	/**
 	 * Sends an event for an account type available at startup.
 	 * @param scopes The scopes for the session

extensions/microsoft-authentication/src/common/telemetryReporter.ts

@@ -522,7 +522,11 @@ export class MsalAuthProvider implements AuthenticationProvider {
 				} catch (e) {
 					// If we can't get a token silently, the account is probably in a bad state so we should skip it
 					// MSAL will log this already, so we don't need to log it again
-					this._telemetryReporter.sendTelemetryErrorEvent(e);
+					if (e instanceof ClientAuthError) {
+						this._telemetryReporter.sendTelemetryClientAuthErrorEvent(e);
+					} else {
+						this._telemetryReporter.sendTelemetryErrorEvent(e);
+					}
 					this._logger.info(`[getAllSessionsForPca] [${scopeData.scopeStr}] [${account.username}] failed to acquire token silently, skipping account`, JSON.stringify(e));
 					continue;
 				}