Skip to content

Add correlation ID to exception messages and log on request initialization #1012

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 4 commits into
base: dev
Choose a base branch
from
Draft

Add correlation ID to exception messages and log on request initialization #1012

Copilot wants to merge 4 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Feb 11, 2026
edited
Loading

Correlation IDs were not consistently logged during failures, making client-to-server log correlation difficult. Several exception paths lacked correlation ID context.

Changes

Exception Infrastructure

  • Added correlationId field and constructor to MsalException base class
  • Added correlation ID constructors to MsalClientException, MsalServiceException, MsalThrottlingException
  • Exception messages now formatted via LogHelper.createMessage() to embed correlation ID: [Correlation ID: {id}] {message}

Exception Throw Sites Updated

Eight error paths now include correlation IDs from RequestContext:

  • HTTP failures and throttling (HttpHelper)
  • Token endpoint validation (TokenRequestExecutor)
  • User realm discovery errors (AcquireTokenByAuthorizationGrantSupplier)
  • Cache misses (AcquireTokenSilentSupplier)
  • Managed identity errors (AbstractManagedIdentitySource, AcquireTokenByManagedIdentitySupplier)
  • Device code expiration (AcquireTokenByDeviceCodeFlowSupplier)
  • Interactive redirect URI validation (InteractiveRequest)

Request Initialization Logging

RequestContext constructor now logs correlation ID on creation, ensuring every request ID is captured regardless of subsequent failure paths.

Example

// Before
throw new MsalClientException("Cache miss", AuthenticationErrorCode.CACHE_MISS);

// After
String correlationId = silentRequest.requestContext().correlationId();
LOG.info(LogHelper.createMessage("Cache miss", correlationId));
throw new MsalClientException("Cache miss", AuthenticationErrorCode.CACHE_MISS, correlationId);

// Exception message now contains: "[Correlation ID: abc-123] Cache miss"

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • build.shibboleth.net
    • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java /usr/lib/jvm/temurin-17-jdk-amd64/bin/java --enable-native-access=ALL-UNNAMED -classpath /usr/share/apache-maven-3.9.12/boot/plexus-classworlds-2.9.0.jar -Dclassworlds.conf=/usr/share/apache-maven-3.9.12/bin/m2.conf -Dmaven.home=/usr/share/apache-maven-3.9.12 -Dlibrary.jansi.path=/usr/share/apache-maven-3.9.12/lib/jansi-native -Dmaven.multiModuleProjectDirectory=/home/REDACTED/work/microsoft-authentication-library-for-java/microsoft-authentication-library-for-java org.codehaus.plexus.classworlds.launcher.Launcher -f pom.xml -B -V -e -Dfindbugs.skip -Dcheckstyle.skip -Dpmd.skip=true -Dspotbugs.skip -Denforcer.skip -Dmaven.javadoc.skip (dns block)
  • login.windows.net
    • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java /usr/lib/jvm/temurin-17-jdk-amd64/bin/java -javaagent:/home/REDACTED/.m2/repository/org/jacoco/org.jacoco.agent/0.8.12/org.jacoco.agent-0.8.12-runtime.jar=destfile=/home/REDACTED/work/microsoft-authentication-library-for-java/microsoft-authentication-library-for-java/msal4j-sdk/target/jacoco.exec -noverify -jar /home/REDACTED/work/microsoft-authentication-library-for-java/microsoft-authentication-library-for-java/msal4j-sdk/target/surefire/surefirebooter-20260211220657743_3.jar /home/REDACTED/work/microsoft-authentication-library-for-java/microsoft-authentication-library-for-java/msal4j-sdk/target/surefire 2026-02-11T22-06-57_177-jvmRun1 surefire-20260211220657743_1tmp surefire_0-20260211220657743_2tmp (dns block)
  • msidlabciam1.ciamlogin.com
    • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java /usr/lib/jvm/temurin-17-jdk-amd64/bin/java -javaagent:/home/REDACTED/.m2/repository/org/jacoco/org.jacoco.agent/0.8.12/org.jacoco.agent-0.8.12-runtime.jar=destfile=/home/REDACTED/work/microsoft-authentication-library-for-java/microsoft-authentication-library-for-java/msal4j-sdk/target/jacoco.exec -noverify -jar /home/REDACTED/work/microsoft-authentication-library-for-java/microsoft-authentication-library-for-java/msal4j-sdk/target/surefire/surefirebooter-20260211220657743_3.jar /home/REDACTED/work/microsoft-authentication-library-for-java/microsoft-authentication-library-for-java/msal4j-sdk/target/surefire 2026-02-11T22-06-57_177-jvmRun1 surefire-20260211220657743_1tmp surefire_0-20260211220657743_2tmp (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>Ensure every correlation ID is properly logged</issue_title>
<issue_description>Correlation ID's are created on a per-request basis in RequestContext, and optionally set at the application level as an alternative. Every request gets a correlation ID, and they are critical to connect client-side logs to server-side logs.

Logging these correlation IDs has been mostly unchanged since the first version of MSAL Java, however customer issues have shown that there a gaps where correlation IDs are not properly logged in all failure cases.

We should audit how correlation IDs are logged, and ensure:

  • Every correlation ID that gets made is logged at some point
  • Correlation IDs are included in exceptions</issue_description>

<agent_instructions>This issue is just about improving around the "correlationId" field in the RequestContext class. This is not a sensitive value and is just a random ID to match logs in multiple places, so there should be no security concerns. You should be able to accomplish this by ensuring the correlation ID is logged whenever it is created or changed, and by examining when exceptions are thrown throughout the library: if a RequestContext instance is available, try to log the correlationId field in the error message.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI changed the title [WIP] Ensure every correlation ID is properly logged Add correlation ID to exception messages and log on request initialization Feb 11, 2026
Copilot AI requested a review from Avery-Dunn February 11, 2026 22:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Avery-Dunn Avery-Dunn Awaiting requested review from Avery-Dunn

At least 1 approving review is required to merge this pull request.

Assignees

@Avery-Dunn Avery-Dunn

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ensure every correlation ID is properly logged

2 participants

@Avery-Dunn