AzureAD · Avery-Dunn · Nov 18, 2025 · Nov 10, 2025 · Nov 10, 2025 · Nov 10, 2025
diff --git a/change/@azure-msal-node-ad99a1d3-bdf2-499d-a4a2-7b4ef4153d6a.json b/change/@azure-msal-node-ad99a1d3-bdf2-499d-a4a2-7b4ef4153d6a.json
@@ -0,0 +1,7 @@
+{
+  "type": "major",
+  "comment": "Remove extraQueryParameters and extraParameters fields from Request types [#8136](https://github.com/AzureAD/microsoft-authentication-library-for-js/pull/8136)",
+  "packageName": "@azure/msal-node",
+  "email": "avdunn@microsoft.com",
+  "dependentChangeType": "patch"
+}
@@ -13,8 +13,6 @@ import { CommonClientCredentialRequest } from "./CommonClientCredentialRequest.j
  * - correlationId           - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
  * - skipCache               - Skip token cache lookup and force request to authority to get a a new token. Defaults to false.
  * - clientAssertion         - An assertion string or a callback function that returns an assertion string (both are Base64Url-encoded signed JWTs) used in the Client Credential flow
- * - extraQueryParameters    - String to string map of custom query parameters added to outgoing token service requests
- * - extraParameters         - String to string map of custom query parameters added to outgoing token service requests
  * @public
  */
 export type ClientCredentialRequest = Partial<

@@ -18,10 +18,11 @@ import {
  * - preferredAzureRegionOptions        - Options of the user's preferred azure region
  * - clientAssertion                  - An assertion string or a callback function that returns an assertion string (both are Base64Url-encoded signed JWTs) used in the Client Credential flow
  * - azureRegion                       - Azure region to be used for regional authentication
- * - extraQueryParameters              - String to string map of custom query parameters added to outgoing token service requests
- * - extraParameters                   - String to string map of custom query parameters added to outgoing token service requests
  */
-export type CommonClientCredentialRequest = BaseAuthRequest & {
+export type CommonClientCredentialRequest = Omit<
+    BaseAuthRequest,
+    "extraQueryParameters" | "extraParameters"
+> & {
     skipCache?: boolean;
     azureRegion?: AzureRegion;
     clientAssertion?: ClientAssertion;

@@ -11,10 +11,11 @@ import { BaseAuthRequest } from "@azure/msal-common/node";
  * - correlationId           - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
  * - oboAssertion            - The access token that was sent to the middle-tier API. This token must have an audience of the app making this OBO request.
  * - skipCache               - Skip token cache lookup and force request to authority to get a a new token. Defaults to false.
- * - extraQueryParameters    - String to string map of custom query parameters added to outgoing token service requests
- * - extraParameters         - String to string map of custom query parameters added to outgoing token service requests
  */
-export type CommonOnBehalfOfRequest = BaseAuthRequest & {
+export type CommonOnBehalfOfRequest = Omit<
+    BaseAuthRequest,
+    "extraQueryParameters" | "extraParameters"
+> & {
     oboAssertion: string;
     skipCache?: boolean;
 };
@@ -11,8 +11,6 @@ import { CommonOnBehalfOfRequest } from "./CommonOnBehalfOfRequest.js";
  * - correlationId           - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
  * - oboAssertion            - The access token that was sent to the middle-tier API. This token must have an audience of the app making this OBO request.
  * - skipCache               - Skip token cache lookup and force request to authority to get a a new token. Defaults to false.
- * - extraQueryParameters    - String to string map of custom query parameters added to outgoing token service requests
- * - extraParameters         - String to string map of custom query parameters added to outgoing token service requests
  * @public
  */
 export type OnBehalfOfRequest = Partial<

@@ -119,45 +119,6 @@ describe("ClientCredentialClient unit tests", () => {
         checkMockedNetworkRequest(returnVal, checks);
     });
 
-    it("Adds extraQueryParameters to the /token request", async () => {
-        const badExecutePostToTokenEndpointMock = jest.spyOn(
-            ClientCredentialClient.prototype,
-            <any>"executePostToTokenEndpoint"
-        );
-        // no implementation has been mocked, the acquireToken call will fail
-
-        const fakeConfig: ClientConfiguration =
-            await ClientTestUtils.createTestClientConfiguration();
-        const client: ClientCredentialClient = new ClientCredentialClient(
-            fakeConfig
-        );
-
-        const clientCredentialRequest: CommonClientCredentialRequest = {
-            authority: TEST_CONFIG.validAuthority,
-            correlationId: TEST_CONFIG.CORRELATION_ID,
-            scopes: TEST_CONFIG.DEFAULT_GRAPH_SCOPE,
-            extraQueryParameters: {
-                testParam1: "testValue1",
-                testParam2: "",
-                testParam3: "testValue3",
-            },
-        };
-
-        await expect(
-            client.acquireToken(clientCredentialRequest)
-        ).rejects.toThrow();
-
-        if (!badExecutePostToTokenEndpointMock.mock.lastCall) {
-            fail("executePostToTokenEndpointMock was not called");
-        }
-        const url: string = badExecutePostToTokenEndpointMock.mock
-            .lastCall[0] as string;
-        expect(
-            url.includes("/token?testParam1=testValue1&testParam3=testValue3")
-        ).toBeTruthy();
-        expect(!url.includes("/token?testParam2=")).toBeTruthy();
-    });
-
     it("acquireToken's interactionRequiredAuthError error contains claims", async () => {
         const errorResponse = {
             error: "interaction_required",

@@ -232,46 +232,6 @@ describe("OnBehalfOf unit tests", () => {
             );
         });
 
-        it("Adds extraQueryParameters to the /token request", async () => {
-            const badExecutePostToTokenEndpointMock = jest.spyOn(
-                OnBehalfOfClient.prototype,
-                <any>"executePostToTokenEndpoint"
-            );
-            // no implementation has been mocked, the acquireToken call will fail
-
-            const fakeConfig: ClientConfiguration =
-                await ClientTestUtils.createTestClientConfiguration();
-            const client: OnBehalfOfClient = new OnBehalfOfClient(fakeConfig);
-
-            const oboRequest: CommonOnBehalfOfRequest = {
-                scopes: [...TEST_CONFIG.DEFAULT_GRAPH_SCOPE],
-                authority: TEST_CONFIG.validAuthority,
-                correlationId: TEST_CONFIG.CORRELATION_ID,
-                oboAssertion: "user_assertion_hash",
-                skipCache: true,
-                claims: TEST_CONFIG.CLAIMS,
-                extraQueryParameters: {
-                    testParam1: "testValue1",
-                    testParam2: "",
-                    testParam3: "testValue3",
-                },
-            };
-
-            await expect(client.acquireToken(oboRequest)).rejects.toThrow();
-
-            if (!badExecutePostToTokenEndpointMock.mock.lastCall) {
-                fail("executePostToTokenEndpointMock was not called");
-            }
-            const url: string = badExecutePostToTokenEndpointMock.mock
-                .lastCall[0] as string;
-            expect(
-                url.includes(
-                    "/token?testParam1=testValue1&testParam3=testValue3"
-                )
-            ).toBeTruthy();
-            expect(!url.includes("/token?testParam2=")).toBeTruthy();
-        });
-
         it("Does not add claims when empty object provided", async () => {
             const client = new OnBehalfOfClient(config);