From 09624ea4e7d0cc3eac8ba18dd33d6a97d96b8aaf Mon Sep 17 00:00:00 2001 From: Olga Dalton Date: Mon, 1 Feb 2021 17:02:50 -0800 Subject: [PATCH 1/6] Mask EUII logs --- MSAL/IdentityCore | 2 +- MSAL/src/MSALAccountEnumerationParameters.m | 2 +- MSAL/src/MSALPublicClientApplication.m | 4 ++-- MSAL/src/configuration/MSALLoggerConfig.m | 10 ++++++++++ .../external/ios/MSALLegacySharedADALAccount.m | 2 +- .../external/ios/MSALLegacySharedAccount.m | 2 +- .../external/ios/MSALLegacySharedAccountsProvider.m | 8 ++++---- .../external/ios/MSALLegacySharedMSAAccount.m | 2 +- .../src/public/configuration/global/MSALLoggerConfig.h | 8 ++++++++ 9 files changed, 29 insertions(+), 11 deletions(-) diff --git a/MSAL/IdentityCore b/MSAL/IdentityCore index dc9c4318c9..a309f89871 160000 --- a/MSAL/IdentityCore +++ b/MSAL/IdentityCore @@ -1 +1 @@ -Subproject commit dc9c4318c9f3d88fee2688655e75da798ddf3409 +Subproject commit a309f8987151a897534a875e1b809a42a99e8734 diff --git a/MSAL/src/MSALAccountEnumerationParameters.m b/MSAL/src/MSALAccountEnumerationParameters.m index c3dd822cf7..6ab7881f6f 100644 --- a/MSAL/src/MSALAccountEnumerationParameters.m +++ b/MSAL/src/MSALAccountEnumerationParameters.m @@ -94,7 +94,7 @@ - (instancetype)initWithTenantProfileIdentifier:(nonnull NSString *)tenantProfil - (NSString *)description { - return [NSString stringWithFormat:@"Account identifier %@, username %@, tenant profile identifier %@, return only signed in accounts %d", self.identifier, self.username, self.tenantProfileIdentifier, self.returnOnlySignedInAccounts]; + return [NSString stringWithFormat:@"Account identifier %@, username %@, tenant profile identifier %@, return only signed in accounts %d", self.identifier, MSID_PII_LOG_EMAIL(self.username), self.tenantProfileIdentifier, self.returnOnlySignedInAccounts]; } @end diff --git a/MSAL/src/MSALPublicClientApplication.m b/MSAL/src/MSALPublicClientApplication.m index 71a3d1b65b..d21ec0e377 100644 --- a/MSAL/src/MSALPublicClientApplication.m +++ b/MSAL/src/MSALPublicClientApplication.m @@ -421,7 +421,7 @@ - (MSALAccount *)accountForIdentifier:(NSString *)identifier - (NSArray *)accountsForParameters:(MSALAccountEnumerationParameters *)parameters error:(NSError **)error { - MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Querying MSAL accounts with parameters (identifier=%@, tenantProfileId=%@, username=%@, return only signed in accounts %d)", MSID_PII_LOG_MASKABLE(parameters.identifier), MSID_PII_LOG_MASKABLE(parameters.tenantProfileIdentifier), MSID_PII_LOG_EMAIL(parameters.username), parameters.returnOnlySignedInAccounts); + MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Querying MSAL accounts with parameters (identifier=%@, tenantProfileId=%@, username=%@, return only signed in accounts %d)", MSID_PII_LOG_TRACKABLE(parameters.identifier), MSID_PII_LOG_MASKABLE(parameters.tenantProfileIdentifier), MSID_PII_LOG_EMAIL(parameters.username), parameters.returnOnlySignedInAccounts); MSALAccountsProvider *request = [[MSALAccountsProvider alloc] initWithTokenCache:self.tokenCache accountMetadataCache:self.accountMetadataCache @@ -1206,7 +1206,7 @@ - (void)acquireTokenWithParameters:(MSALInteractiveTokenParameters *)parameters " claimsRequest:%@]", parameters.scopes, parameters.extraScopesToConsent, - MSID_PII_LOG_MASKABLE(parameters.account.homeAccountId), + MSID_PII_LOG_TRACKABLE(parameters.account.homeAccountId), MSID_PII_LOG_EMAIL(parameters.loginHint), MSALStringForPromptType(parameters.promptType), parameters.extraQueryParameters, diff --git a/MSAL/src/configuration/MSALLoggerConfig.m b/MSAL/src/configuration/MSALLoggerConfig.m index 4f3e38f762..ef1ed2df31 100644 --- a/MSAL/src/configuration/MSALLoggerConfig.m +++ b/MSAL/src/configuration/MSALLoggerConfig.m @@ -87,4 +87,14 @@ - (BOOL)piiEnabled return [MSIDLogger sharedLogger].piiLoggingEnabled; } +- (void)setMaskEUII:(BOOL)maskEUII +{ + [MSIDLogger sharedLogger].euiiMaskingEnabled = maskEUII; +} + +- (BOOL)maskEUII +{ + return [MSIDLogger sharedLogger].euiiMaskingEnabled; +} + @end diff --git a/MSAL/src/configuration/external/ios/MSALLegacySharedADALAccount.m b/MSAL/src/configuration/external/ios/MSALLegacySharedADALAccount.m index eeb7f04c5f..9a8e56b987 100644 --- a/MSAL/src/configuration/external/ios/MSALLegacySharedADALAccount.m +++ b/MSAL/src/configuration/external/ios/MSALLegacySharedADALAccount.m @@ -132,7 +132,7 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)jsonDictionary error:(NSE _username = [jsonDictionary msidStringObjectForKey:@"username"]; _accountClaims = claims; - MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Created external ADAL account with identifier %@, object Id %@, tenant Id %@, name %@, username %@, claims %@", MSID_PII_LOG_TRACKABLE(_identifier), MSID_PII_LOG_MASKABLE(_objectId), _tenantId, MSID_PII_LOG_MASKABLE(displayName), MSID_PII_LOG_EMAIL(_username), MSID_PII_LOG_MASKABLE(_accountClaims)); + MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Created external ADAL account with identifier %@, object Id %@, tenant Id %@, name %@, username %@, claims %@", MSID_PII_LOG_TRACKABLE(_identifier), MSID_PII_LOG_TRACKABLE(_objectId), _tenantId, MSID_EUII_ONLY_LOG_MASKABLE(displayName), MSID_PII_LOG_EMAIL(_username), MSID_EUII_ONLY_LOG_MASKABLE(_accountClaims)); } return self; diff --git a/MSAL/src/configuration/external/ios/MSALLegacySharedAccount.m b/MSAL/src/configuration/external/ios/MSALLegacySharedAccount.m index a82b3db197..438555b742 100644 --- a/MSAL/src/configuration/external/ios/MSALLegacySharedAccount.m +++ b/MSAL/src/configuration/external/ios/MSALLegacySharedAccount.m @@ -64,7 +64,7 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)jsonDictionary error:(NSE } _signinStatusDictionary = [jsonDictionary msidObjectForKey:@"signInStatus" ofClass:[NSDictionary class]]; - MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Created sign in status dictionary %@", MSID_PII_LOG_MASKABLE(_signinStatusDictionary)); + MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Created sign in status dictionary %@", MSID_EUII_ONLY_LOG_MASKABLE(_signinStatusDictionary)); } return self; diff --git a/MSAL/src/configuration/external/ios/MSALLegacySharedAccountsProvider.m b/MSAL/src/configuration/external/ios/MSALLegacySharedAccountsProvider.m index b6b992237b..846f40f3b8 100644 --- a/MSAL/src/configuration/external/ios/MSALLegacySharedAccountsProvider.m +++ b/MSAL/src/configuration/external/ios/MSALLegacySharedAccountsProvider.m @@ -182,7 +182,7 @@ - (instancetype)initWithSharedKeychainAccessGroup:(NSString *)sharedGroup - (BOOL)updateAccount:(id)account idTokenClaims:(NSDictionary *)idTokenClaims error:(__unused NSError **)error { - MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Updating account %@", MSID_PII_LOG_MASKABLE(account)); + MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Updating account %@", MSID_EUII_ONLY_LOG_MASKABLE(account)); [self updateAccountAsync:account idTokenClaims:idTokenClaims @@ -248,7 +248,7 @@ - (BOOL)removeAccount:(id)account tenantProfiles:(nullable NSArray *)tenantProfiles error:(NSError * _Nullable * _Nullable)error { - MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Removing account %@", MSID_PII_LOG_MASKABLE(account)); + MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Removing account %@", MSID_EUII_ONLY_LOG_MASKABLE(account)); __block BOOL result = YES; __block NSError *removeError; @@ -416,7 +416,7 @@ - (BOOL)updateAccountImpl:(id)account return NO; } - MSID_LOG_WITH_CTX(MSIDLogLevelInfo, nil, @"Updating accounts %@", MSID_PII_LOG_MASKABLE(accounts)); + MSID_LOG_WITH_CTX(MSIDLogLevelInfo, nil, @"Updating accounts %@", MSID_EUII_ONLY_LOG_MASKABLE(accounts)); NSError *saveError = nil; BOOL saveResult = [self saveUpdatedAccount:account @@ -450,7 +450,7 @@ - (BOOL)saveUpdatedAccount:(id)account NSString *versionIdentifier = [self accountVersionIdentifier:version]; NSMutableDictionary *resultDictionary = jsonObject ? [[jsonObject jsonDictionary] mutableCopy] : [NSMutableDictionary new]; - MSID_LOG_WITH_CTX(MSIDLogLevelInfo, nil, @"Updating accounts %@", MSID_PII_LOG_MASKABLE(accounts)); + MSID_LOG_WITH_CTX(MSIDLogLevelInfo, nil, @"Updating accounts %@", MSID_EUII_ONLY_LOG_MASKABLE(accounts)); for (MSALLegacySharedAccount *sharedAccount in accounts) { diff --git a/MSAL/src/configuration/external/ios/MSALLegacySharedMSAAccount.m b/MSAL/src/configuration/external/ios/MSALLegacySharedMSAAccount.m index 9a00687bb3..0706c81cca 100644 --- a/MSAL/src/configuration/external/ios/MSALLegacySharedMSAAccount.m +++ b/MSAL/src/configuration/external/ios/MSALLegacySharedMSAAccount.m @@ -87,7 +87,7 @@ - (instancetype)initWithJSONDictionary:(NSDictionary *)jsonDictionary error:(NSE _accountClaims = @{@"tid": MSID_DEFAULT_MSA_TENANTID, @"oid": uid}; - MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Created external MSA account with identifier %@, object Id %@, tenant Id %@, username %@, claims %@", MSID_PII_LOG_TRACKABLE(_identifier), MSID_PII_LOG_MASKABLE(cid), MSID_DEFAULT_MSA_TENANTID, MSID_PII_LOG_EMAIL(_username), MSID_PII_LOG_MASKABLE(_accountClaims)); + MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, nil, @"Created external MSA account with identifier %@, object Id %@, tenant Id %@, username %@, claims %@", MSID_PII_LOG_TRACKABLE(_identifier), MSID_PII_LOG_TRACKABLE(cid), MSID_DEFAULT_MSA_TENANTID, MSID_PII_LOG_EMAIL(_username), MSID_EUII_ONLY_LOG_MASKABLE(_accountClaims)); } return self; diff --git a/MSAL/src/public/configuration/global/MSALLoggerConfig.h b/MSAL/src/public/configuration/global/MSALLoggerConfig.h index 6330ba28ee..c4a46ca846 100644 --- a/MSAL/src/public/configuration/global/MSALLoggerConfig.h +++ b/MSAL/src/public/configuration/global/MSALLoggerConfig.h @@ -47,6 +47,14 @@ NS_ASSUME_NONNULL_BEGIN */ @property (atomic) BOOL piiEnabled; +/** + MSAL provides logging callbacks that assist in diagnostics. By default the library will not return any messages with any user or organizational information. However, this might make diagnosing issues difficult. + When both piiEnabled is set to YES, and maskEUII is set to YES, MSAL logs will still include OII (organization identifiable information), and EUPI (end user pseudonymous identifiers), but MSAL will try to exclude and/or mask any EUII (end user identifiable information) like UPN, username, email from its logs. + This flag has no effect when piiEnabled is set to NO. + Default value is NO. +*/ +@property (atomic) BOOL maskEUII; + #pragma mark - Setting up the logging callback /** From 0f91de2b61356511d04b2677aeaac15f041e1957 Mon Sep 17 00:00:00 2001 From: Olga Dalton Date: Mon, 1 Feb 2021 17:11:34 -0800 Subject: [PATCH 2/6] Updated changelog --- CHANGELOG.md | 3 +++ MSAL/IdentityCore | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a67b1bed8c..b63c2634f4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +## TBD +* Mask EUII in logs (#1206) + ## [1.1.14] - 2020-01-19 * Removed identity core classes from public api (#1158). * Fixed possible deadlock caused by thread explosion (#1175) diff --git a/MSAL/IdentityCore b/MSAL/IdentityCore index a309f89871..fa19081553 160000 --- a/MSAL/IdentityCore +++ b/MSAL/IdentityCore @@ -1 +1 @@ -Subproject commit a309f8987151a897534a875e1b809a42a99e8734 +Subproject commit fa190815539ba5789761d7dea5ed95a2653412ca From 7368f3e1a578d320d58e992301a0988334c22ba1 Mon Sep 17 00:00:00 2001 From: Olga Dalton Date: Mon, 1 Feb 2021 17:15:08 -0800 Subject: [PATCH 3/6] Updated common submodule --- MSAL/IdentityCore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MSAL/IdentityCore b/MSAL/IdentityCore index fa19081553..3275a5c71d 160000 --- a/MSAL/IdentityCore +++ b/MSAL/IdentityCore @@ -1 +1 @@ -Subproject commit fa190815539ba5789761d7dea5ed95a2653412ca +Subproject commit 3275a5c71daf4f5e8895a7cdb6bff9d55031e9b1 From 3bc151078206d1181402e1cc744006b9bc19b58d Mon Sep 17 00:00:00 2001 From: Olga Dalton Date: Mon, 8 Feb 2021 19:49:13 -0800 Subject: [PATCH 4/6] Addressed PR feedback --- MSAL/IdentityCore | 2 +- MSAL/src/configuration/MSALLoggerConfig.m | 18 ++++++++++++------ .../configuration/global/MSALLoggerConfig.h | 19 +++++++++++++++++-- .../app/ios/MSALTestAppLogViewController.m | 2 +- 4 files changed, 31 insertions(+), 10 deletions(-) diff --git a/MSAL/IdentityCore b/MSAL/IdentityCore index 3275a5c71d..7ff734f263 160000 --- a/MSAL/IdentityCore +++ b/MSAL/IdentityCore @@ -1 +1 @@ -Subproject commit 3275a5c71daf4f5e8895a7cdb6bff9d55031e9b1 +Subproject commit 7ff734f263d33ed0b896d063926b1719553037fd diff --git a/MSAL/src/configuration/MSALLoggerConfig.m b/MSAL/src/configuration/MSALLoggerConfig.m index ef1ed2df31..d64ffea612 100644 --- a/MSAL/src/configuration/MSALLoggerConfig.m +++ b/MSAL/src/configuration/MSALLoggerConfig.m @@ -79,22 +79,28 @@ - (MSALLogLevel)logLevel - (void)setPiiEnabled:(BOOL)piiEnabled { - [MSIDLogger sharedLogger].piiLoggingEnabled = piiEnabled; + [MSIDLogger sharedLogger].logMaskingLevel = piiEnabled ? MSIDLogMaskingSettingsMaskSecretsOnly : MSIDLogMaskingSettingsMaskAllPII; } - (BOOL)piiEnabled { - return [MSIDLogger sharedLogger].piiLoggingEnabled; + switch ([MSIDLogger sharedLogger].logMaskingLevel) { + case MSIDLogMaskingSettingsMaskAllPII: + return NO; + + default: + return YES; + } } -- (void)setMaskEUII:(BOOL)maskEUII +- (MSALLogMaskingLevel)logMaskingLevel { - [MSIDLogger sharedLogger].euiiMaskingEnabled = maskEUII; + return (MSALLogMaskingLevel)[MSIDLogger sharedLogger].logMaskingLevel; } -- (BOOL)maskEUII +- (void)setLogMaskingLevel:(MSALLogMaskingLevel)logMaskingLevel { - return [MSIDLogger sharedLogger].euiiMaskingEnabled; + [MSIDLogger sharedLogger].logMaskingLevel = (MSIDLogMaskingLevel)logMaskingLevel; } @end diff --git a/MSAL/src/public/configuration/global/MSALLoggerConfig.h b/MSAL/src/public/configuration/global/MSALLoggerConfig.h index c4a46ca846..d1b79044e8 100644 --- a/MSAL/src/public/configuration/global/MSALLoggerConfig.h +++ b/MSAL/src/public/configuration/global/MSALLoggerConfig.h @@ -28,6 +28,20 @@ #import #import "MSALDefinitions.h" +/*! Levels of log masking */ +typedef NS_ENUM(NSInteger, MSALLogMaskingLevel) +{ + /** MSAL will not return any messages with any user or organizational information. This includes EUII and EUPI. This is the default level. */ + MSALLogMaskingSettingsMaskAllPII, + + /** MSAL logs will still include OII (organization identifiable information), and EUPI (end user pseudonymous identifiers), but MSAL will try to exclude and/or mask any EUII (end user identifiable information) like UPN, username, email from its logs. */ + + MSALLogMaskingSettingsMaskEUIIOnly, // + + /** MSAL logs will still include OII (organization identifiable information), EUPI (end user pseudonymous identifiers), and EUII (end user identifiable information) like UPN, username, email from its logs. MSAL will still hide all secrets like tokens from its logs */ + MSALLogMaskingSettingsMaskSecretsOnly +}; + NS_ASSUME_NONNULL_BEGIN /** @@ -45,15 +59,16 @@ NS_ASSUME_NONNULL_BEGIN /** MSAL provides logging callbacks that assist in diagnostics. There is a boolean value in the logging callback that indicates whether the message contains user information. If piiEnabled is set to NO, the callback will not be triggered for log messages that contain any user information. By default the library will not return any messages with user information in them. */ -@property (atomic) BOOL piiEnabled; +@property (atomic) BOOL piiEnabled DEPRECATED_MSG_ATTRIBUTE("Use logMaskingLevel instead"); /** MSAL provides logging callbacks that assist in diagnostics. By default the library will not return any messages with any user or organizational information. However, this might make diagnosing issues difficult. + logMaskingLevel property can be used to adjust level of MSAL masking. When both piiEnabled is set to YES, and maskEUII is set to YES, MSAL logs will still include OII (organization identifiable information), and EUPI (end user pseudonymous identifiers), but MSAL will try to exclude and/or mask any EUII (end user identifiable information) like UPN, username, email from its logs. This flag has no effect when piiEnabled is set to NO. Default value is NO. */ -@property (atomic) BOOL maskEUII; +@property (atomic) MSALLogMaskingLevel logMaskingLevel; #pragma mark - Setting up the logging callback diff --git a/MSAL/test/app/ios/MSALTestAppLogViewController.m b/MSAL/test/app/ios/MSALTestAppLogViewController.m index 6ca830f38b..e59301be82 100644 --- a/MSAL/test/app/ios/MSALTestAppLogViewController.m +++ b/MSAL/test/app/ios/MSALTestAppLogViewController.m @@ -60,7 +60,7 @@ - (id)init [self setEdgesForExtendedLayout:UIRectEdgeNone]; - MSALGlobalConfig.loggerConfig.piiEnabled = YES; + MSALGlobalConfig.loggerConfig.logMaskingLevel = MSALLogMaskingSettingsMaskEUIIOnly; [MSALGlobalConfig.loggerConfig setLogCallback:^(MSALLogLevel level, NSString * _Nullable message, __unused BOOL containsPII) { (void)level; From f7e8af6c0c4d5f67709d188fb9f92e5c37742771 Mon Sep 17 00:00:00 2001 From: Olga Dalton Date: Mon, 8 Feb 2021 20:06:14 -0800 Subject: [PATCH 5/6] Updated public documentation --- MSAL/src/public/configuration/global/MSALLoggerConfig.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/MSAL/src/public/configuration/global/MSALLoggerConfig.h b/MSAL/src/public/configuration/global/MSALLoggerConfig.h index d1b79044e8..01f8cd1b1a 100644 --- a/MSAL/src/public/configuration/global/MSALLoggerConfig.h +++ b/MSAL/src/public/configuration/global/MSALLoggerConfig.h @@ -36,7 +36,7 @@ typedef NS_ENUM(NSInteger, MSALLogMaskingLevel) /** MSAL logs will still include OII (organization identifiable information), and EUPI (end user pseudonymous identifiers), but MSAL will try to exclude and/or mask any EUII (end user identifiable information) like UPN, username, email from its logs. */ - MSALLogMaskingSettingsMaskEUIIOnly, // + MSALLogMaskingSettingsMaskEUIIOnly, /** MSAL logs will still include OII (organization identifiable information), EUPI (end user pseudonymous identifiers), and EUII (end user identifiable information) like UPN, username, email from its logs. MSAL will still hide all secrets like tokens from its logs */ MSALLogMaskingSettingsMaskSecretsOnly @@ -64,9 +64,7 @@ NS_ASSUME_NONNULL_BEGIN /** MSAL provides logging callbacks that assist in diagnostics. By default the library will not return any messages with any user or organizational information. However, this might make diagnosing issues difficult. logMaskingLevel property can be used to adjust level of MSAL masking. - When both piiEnabled is set to YES, and maskEUII is set to YES, MSAL logs will still include OII (organization identifiable information), and EUPI (end user pseudonymous identifiers), but MSAL will try to exclude and/or mask any EUII (end user identifiable information) like UPN, username, email from its logs. - This flag has no effect when piiEnabled is set to NO. - Default value is NO. + Default value is MSALLogMaskingSettingsMaskAllPII. */ @property (atomic) MSALLogMaskingLevel logMaskingLevel; From 1e92f294f9d3724b4e5604b84c101334377501e7 Mon Sep 17 00:00:00 2001 From: Olga Dalton Date: Wed, 10 Feb 2021 13:40:25 -0800 Subject: [PATCH 6/6] Addressed feedback --- MSAL/IdentityCore | 2 +- MSAL/src/public/configuration/global/MSALLoggerConfig.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/MSAL/IdentityCore b/MSAL/IdentityCore index 7ff734f263..769b35edc9 160000 --- a/MSAL/IdentityCore +++ b/MSAL/IdentityCore @@ -1 +1 @@ -Subproject commit 7ff734f263d33ed0b896d063926b1719553037fd +Subproject commit 769b35edc99a5dc6e73c2dde478e89d960052e08 diff --git a/MSAL/src/public/configuration/global/MSALLoggerConfig.h b/MSAL/src/public/configuration/global/MSALLoggerConfig.h index 01f8cd1b1a..b71f6cb311 100644 --- a/MSAL/src/public/configuration/global/MSALLoggerConfig.h +++ b/MSAL/src/public/configuration/global/MSALLoggerConfig.h @@ -59,14 +59,14 @@ NS_ASSUME_NONNULL_BEGIN /** MSAL provides logging callbacks that assist in diagnostics. There is a boolean value in the logging callback that indicates whether the message contains user information. If piiEnabled is set to NO, the callback will not be triggered for log messages that contain any user information. By default the library will not return any messages with user information in them. */ -@property (atomic) BOOL piiEnabled DEPRECATED_MSG_ATTRIBUTE("Use logMaskingLevel instead"); +@property (nonatomic) BOOL piiEnabled DEPRECATED_MSG_ATTRIBUTE("Use logMaskingLevel instead"); /** MSAL provides logging callbacks that assist in diagnostics. By default the library will not return any messages with any user or organizational information. However, this might make diagnosing issues difficult. logMaskingLevel property can be used to adjust level of MSAL masking. Default value is MSALLogMaskingSettingsMaskAllPII. */ -@property (atomic) MSALLogMaskingLevel logMaskingLevel; +@property (nonatomic) MSALLogMaskingLevel logMaskingLevel; #pragma mark - Setting up the logging callback