Logging

MSAL for Java uses the Simple Logging Facade for Java (SLF4J) to abstract the logging framework. SLF4J serves as a simple facade or abstraction for various logging frameworks, such as java.util.logging, logback and log4j. SLF4J allows the end-user to plug in the desired logging framework at deployment time.

For example, if you application is using logback, you would add the logback dependency to the pom file of your application:

        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-classic</artifactId>
            <version>1.2.3</version>
        </dependency>

and add the logback configuration file:

<?xml version="1.0" encoding="UTF-8"?>
<configuration debug="true">

</configuration>

SLF4J would automatically bind to logback at deployment time, and you would see MSAL logs being written to console.

For instructions on how to bind to other logging frameworks, reference the SLF4J manual

Personal Identifiable Information (PII) & Organizational Identifiable Information (OII)

By default, MSAL logging does not capture or log any PII or OII. The library allows app developers to turn this on by configuring logPii on the client application builder. By turning on PII or OII, the app takes responsibility for safely handling highly-sensitive data and complying with any regulatory requirements.

PII or OII logging disabled. Default Logger does not capture any PII or OII

    PublicClientApplication app2 = PublicClientApplication.builder(PUBLIC_CLIENT_ID)
            .authority(AUTHORITY)
            .build();

PII or OII logging enabled

    PublicClientApplication app2 = PublicClientApplication.builder(PUBLIC_CLIENT_ID)
            .authority(AUTHORITY)
            .logPii(true)
            .build();