Azure · sadasant · Aug 27, 2021 · Aug 31, 2021 · Aug 31, 2021 · Sep 1, 2021
@@ -4,6 +4,8 @@
 
 ### Features Added
 
+- All of the credentials now include `enableUnsafeLogging` on their constructor options. If set to true, Personal Identifiable Information (PII) will be displayed in trace logs.
+
 ### Breaking Changes
 
 #### Breaking Changes from 2.0.0-beta.5

@@ -321,6 +321,7 @@ export { TokenCredential }
 export interface TokenCredentialOptions extends CommonClientOptions {
     allowMultiTenantAuthentication?: boolean;
     authorityHost?: string;
+    enableUnsafeLogging?: boolean;
 }
 
 // @public

@@ -312,4 +312,10 @@ export interface TokenCredentialOptions extends CommonClientOptions {
    * If set to true, allows authentication flows to change the tenantId of the request if a different tenantId is received from a challenge or through a direct getToken call.
    */
   allowMultiTenantAuthentication?: boolean;
+
+  /**
+   * If set to true, personal data may be displayed in the trace logs depending on the authentication method.
+   * By default, this is disabled.
+   */
+  enableUnsafeLogging?: boolean;
 }
@@ -39,7 +39,7 @@ export class MSALAuthCode extends MsalBrowser {
     };
     this.msalConfig.system = {
       loggerOptions: {
-        loggerCallback: defaultLoggerCallback(this.logger, "Browser")
+        loggerCallback: defaultLoggerCallback(this.logger, options.enableUnsafeLogging)
       }
     };
 

@@ -13,6 +13,7 @@ import { CredentialFlowGetTokenOptions } from "./credentials";
  */
 export interface MsalFlowOptions {
   logger: CredentialLogger;
+  enableUnsafeLogging?: boolean;
   clientId?: string;
   tenantId?: string;
   authorityHost?: string;

@@ -135,7 +135,8 @@ export abstract class MsalNode extends MsalBaseUtilities implements MsalFlow {
       system: {
         networkClient: this.identityClient,
         loggerOptions: {
-          loggerCallback: defaultLoggerCallback(options.logger)
+          piiLoggingEnabled: options.enableUnsafeLogging,
+          loggerCallback: defaultLoggerCallback(options.logger, options.enableUnsafeLogging)
         }
       }
     };

@@ -85,12 +85,14 @@ export function getKnownAuthorities(tenantId: string, authorityHost: string): st
  */
 export const defaultLoggerCallback: (
   logger: CredentialLogger,
-  platform?: "Node" | "Browser"
+  enableUnsafeLogging?: boolean
 ) => msalCommon.ILoggerCallback = (
   logger: CredentialLogger,
-  platform: "Node" | "Browser" = isNode ? "Node" : "Browser"
+  enableUnsafeLogging: boolean = false
 ) => (level, message, containsPii): void => {
-  if (containsPii) {
+  const platform = isNode ? "Node" : "Browser";
+
+  if (containsPii && !enableUnsafeLogging) {
     return;
   }
   switch (level) {