Deprecate cache options (#7707)

This PR adds deprecation notices to cache options in v4. These cache
config options will be removed in MSAL v5 (PR #7697)

---------

Co-authored-by: Thomas Norling <[email protected]>

Author: jo-arroyo

change/@azure-msal-browser-86f9da8f-a58b-4f89-bc6b-d89c970890af.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Deprecate cache options #7707",
+  "packageName": "@azure/msal-browser",
+  "email": "[email protected]",
+  "dependentChangeType": "none"
+}

change/@azure-msal-common-895a7c22-36eb-4f34-9299-55de6ce5e4bc.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Deprecate cache options #7707",
+  "packageName": "@azure/msal-common",
+  "email": "[email protected]",
+  "dependentChangeType": "none"
+}

lib/msal-angular/docs/configuration.md

@@ -58,7 +58,7 @@ import { PublicClientApplication, InteractionType, BrowserCacheLocation } from "
         },
         cache: {
           cacheLocation: BrowserCacheLocation.LocalStorage,
-          storeAuthStateInCookie: true, // set to true for IE 11
+          storeAuthStateInCookie: true, // Deprecated, will be removed in the next major version
         },
         system: {
           loggerOptions: {

lib/msal-angular/docs/initialization.md

@@ -31,7 +31,7 @@ import { PublicClientApplication, InteractionType, BrowserCacheLocation } from "
             },
             cache: {
                 cacheLocation : BrowserCacheLocation.LocalStorage,
-                storeAuthStateInCookie: true, // set to true for IE 11
+                storeAuthStateInCookie: true, // Deprecated, will be removed in future version
             },
             system: {
                 loggerOptions: {
@@ -115,7 +115,7 @@ import { PublicClientApplication, InteractionType, BrowserCacheLocation } from "
             },
             cache: {
                 cacheLocation : BrowserCacheLocation.LocalStorage,
-                storeAuthStateInCookie: true, // set to true for IE 11
+                storeAuthStateInCookie: true, // Deprecated, will be removed in future version
             },
             system: {
                 loggerOptions: {

lib/msal-browser/apiReview/msal-browser.api.md

@@ -1786,7 +1786,7 @@ export type WrapperSKU = (typeof WrapperSKU)[keyof typeof WrapperSKU];
 // src/cache/LocalStorage.ts:296:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/cache/LocalStorage.ts:354:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/cache/LocalStorage.ts:385:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
-// src/config/Configuration.ts:252:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts
+// src/config/Configuration.ts:256:5 - (ae-forgotten-export) The symbol "InternalAuthOptions" needs to be exported by the entry point index.d.ts
 // src/event/EventHandler.ts:113:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/event/EventHandler.ts:139:8 - (tsdoc-param-tag-missing-hyphen) The @param block should be followed by a parameter name and then a hyphen
 // src/index.ts:8:12 - (tsdoc-characters-after-block-tag) The token "@azure" looks like a TSDoc tag but contains an invalid character "/"; if it is not a tag, use a backslash to escape the "@"

lib/msal-browser/docs/caching.md

@@ -71,6 +71,9 @@ To faciliate efficient token acquisition while maintaining a good UX, MSAL cache
 > :bulb: The authorization code is only stored in memory and will be discarded after redeeming it for tokens.
 
 ## Warning :warning:
+
+**NOTE: `temporaryCacheLocation` is deprecated will be removed in the next major version.**
+
 Overriding `temporaryCacheLocation` should be done with caution. Specifically when choosing `localStorage`. Interaction in more than one tab/window will not be supported and you may receive `interaction_in_progress` errors unexpectedly. This is an escape hatch, not a fully supported feature.
 
 When using MSAL.js with the default configuration in a scenario where the user is redirected after successful authentication in a new window or tab, the OAuth 2.0 Authorization Code with PKCE flow will be interrupted. In this case, the original window or tab where the authentication state (code verifier and challenge) are stored, will be lost, and the authentication flow will fail.

lib/msal-browser/docs/configuration.md

@@ -97,6 +97,11 @@ const msalInstance = new PublicClientApplication(msalConfig);
 | Option                      | Description                                                                                                                                                                                                                                                                                                                                                                                                                     | Format                                                                                                  | Default Value                                       |
 | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | --------------------------------------------------- |
 | `cacheLocation`             | Location of token cache in browser.                                                                                                                                                                                                                                                                                                                                                                                             | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage`                                    |
+
+**Note: The following cache config options are deprecated and will be removed in the next major version**
+
+| Option                      | Description                                                                                                                                                                                                                                                                                                                                                                                                                     | Format                                                                                                  | Default Value                                       |
+| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | --------------------------------------------------- |
 | `temporaryCacheLocation`    | Location of temporary cache in browser. This option should only be changed for specific edge cases. Please refer to [caching](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/caching.md#cached-artifacts) for more.                                                                                                                                                          | String value that must be one of the following: `"sessionStorage"`, `"localStorage"`, `"memoryStorage"` | `sessionStorage`                                    |
 | `storeAuthStateInCookie`    | If true, stores cache items in cookies as well as browser cache. Should be set to true for use cases using IE.                                                                                                                                                                                                                                                                                                                  | boolean                                                                                                 | `false`                                             |
 | `secureCookies`             | If true and `storeAuthStateInCookies` is also enabled, MSAL adds the `Secure` flag to the browser cookie so it can only be sent over HTTPS.                                                                                                                                                                                                                                                                                     | boolean                                                                                                 | `false`                                             |

lib/msal-browser/src/config/Configuration.ts

@@ -134,23 +134,27 @@ export type CacheOptions = {
     cacheLocation?: BrowserCacheLocation | string;
     /**
      * Used to specify the temporaryCacheLocation user wants to set. Valid values are "localStorage", "sessionStorage" and "memoryStorage".
+     * @deprecated This option is deprecated and will be removed in the next major version.
      */
     temporaryCacheLocation?: BrowserCacheLocation | string;
     /**
      * If set, MSAL stores the auth request state required for validation of the auth flows in the browser cookies. By default this flag is set to false.
+     * @deprecated This option is deprecated and will be removed in the next major version.
      */
     storeAuthStateInCookie?: boolean;
     /**
      * If set, MSAL sets the "Secure" flag on cookies so they can only be sent over HTTPS. By default this flag is set to true.
-     * @deprecated This option will be removed in a future major version and all cookies set will include the Secure attribute.
+     * @deprecated This option will be removed in the next major version and all cookies set will include the Secure attribute.
      */
     secureCookies?: boolean;
     /**
      * If set, MSAL will attempt to migrate cache entries from older versions on initialization. By default this flag is set to true if cacheLocation is localStorage, otherwise false.
+     * @deprecated This option is deprecated and will be removed in the next major version.
      */
     cacheMigrationEnabled?: boolean;
     /**
      * Flag that determines whether access tokens are stored based on requested claims
+     * @deprecated This option is deprecated and will be removed in the next major version.
      */
     claimsBasedCachingEnabled?: boolean;
 };

lib/msal-common/src/config/ClientConfiguration.ts

@@ -131,6 +131,9 @@ export type LoggerOptions = {
  * - claimsBasedCachingEnabled   - Sets whether tokens should be cached based on the claims hash. Default is false.
  */
 export type CacheOptions = {
+    /**
+     * @deprecated claimsBasedCachingEnabled is deprecated and will be removed in the next major version.
+     */
     claimsBasedCachingEnabled?: boolean;
 };