From d92acd5c1248c9bb0ba7d80b94db1d2afc0fb082 Mon Sep 17 00:00:00 2001
From: srulyt <sruly@thetabers.com>
Date: Thu, 9 Nov 2017 17:31:49 +0200
Subject: [PATCH 1/3] Update Readme

fixed a mistake in Server to Server Client Credentials sample
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5711bf5..298a8c1 100644
--- a/README.md
+++ b/README.md
@@ -103,7 +103,7 @@ app.get('/getAToken', function(req, res) {
 See the [client credentials sample](https://github.com/MSOpenTech/azure-activedirectory-library-for-nodejs/blob/master/sample/client-credentials-sample.js).
 
 ```javascript
-var adal = require('adal-node').AuthenticationContext;
+var AuthenticationContext = require('adal-node').AuthenticationContext;
 
 var authorityHostUrl = 'https://login.windows.net';
 var tenant = 'myTenant.onmicrosoft.com'; // AAD Tenant name.

From 6e6fa70f39ecb6be27074bbfd5602783f1985b43 Mon Sep 17 00:00:00 2001
From: Sijun Liu <sijliu@microsoft.com>
Date: Fri, 23 Feb 2018 18:21:38 -0800
Subject: [PATCH 2/3] gdpr work

---
 README.md                        | 16 +++++++++++++-
 changelog.md                     |  5 +++++
 lib/adal.d.ts                    |  2 ++
 lib/authentication-parameters.js |  7 +++---
 lib/authority.js                 |  9 +++++---
 lib/cache-driver.js              | 13 ++++++-----
 lib/log.js                       | 37 ++++++++++++++++++++++----------
 lib/mex.js                       | 12 +++++++----
 lib/oauth2client.js              | 11 +++++-----
 lib/self-signed-jwt.js           |  5 +++--
 lib/token-request.js             |  8 ++++---
 lib/user-realm.js                | 10 ++++-----
 lib/util.js                      |  6 +++---
 lib/wstrust-request.js           |  4 ++--
 lib/wstrust-response.js          |  4 ++--
 package-lock.json                |  2 +-
 package.json                     |  2 +-
 test/username-password.ts        |  3 ++-
 18 files changed, 104 insertions(+), 52 deletions(-)

diff --git a/README.md b/README.md
index ff4d5e1..bbe3967 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 The ADAL for node.js library makes it easy for node.js applications to authenticate to AAD in order to access AAD protected web resources.  It supports 3 authentication modes shown in the quickstart code below.
 
 ## Versions
-Current version - 0.1.27  
+Current version - 0.1.28  
 Minimum recommended version - 0.1.22  
 You can find the changes for each version in the [change log](https://github.com/AzureAD/azure-activedirectory-library-for-nodejs/blob/master/changelog.txt).
 
@@ -29,6 +29,20 @@ All code is licensed under the Apache 2.0 license and we triage actively on GitH
 
 ``` $ npm install adal-node ```
 
+### Configure the logging
+
+```javascript
+var logging = require('adal-node').Logging;
+
+logging.setLoggingOptions({
+  log: function(level, message, error) {
+    // provide your own implementation of the log function
+  },
+  level: logging.LOGGING_LEVEL.VERBOSE, // provide the logging level
+  loggingWithPII: false  // Determine if you want to log personal identitification information. The default value is false.
+});
+```
+
 ### Authorization Code
 
 See the [website sample](https://github.com/MSOpenTech/azure-activedirectory-library-for-nodejs/blob/master/sample/website-sample.js) for a complete bare bones express based web site that makes use of the code below.
diff --git a/changelog.md b/changelog.md
index b909221..286e380 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,3 +1,8 @@
+Version 0.1.28
+--------------
+Release Date: 26 Feburary 2018
+* Added GDPR support per Microsoft policy.
+
 Version 0.1.27
 --------------
 Release Date: 08 January 2018
diff --git a/lib/adal.d.ts b/lib/adal.d.ts
index 2592520..af35fcb 100644
--- a/lib/adal.d.ts
+++ b/lib/adal.d.ts
@@ -25,10 +25,12 @@ type LoggingCallback = (level: LoggingLevel, message: string, error?: Error) =>
  * @memberOf Logging
  * @property {LoggingCallback} [log] The function to call when ADAL generates a log entry.
  * @property {LoggingLevel} [level] The maximum level of log entries to generate.
+ * @property {boolean} [loggingWithPII] This value indicts if personal identity related information such as token and claims should be logged. The default value is false.
  */
 interface LoggingOptions {
   log?: LoggingCallback;
   level?: LoggingLevel;
+  loggingWithPII?: boolean;
 }
 
 export class Logging {
diff --git a/lib/authentication-parameters.js b/lib/authentication-parameters.js
index 8e7f58a..10c8db6 100644
--- a/lib/authentication-parameters.js
+++ b/lib/authentication-parameters.js
@@ -236,11 +236,12 @@ exports.createAuthenticationParametersFromUrl = function(url, callback, correlat
     var logContext = log.createLogContext(correlationId);
     var logger = new log.Logger('AuthenticationParameters', logContext);
 
-    logger.verbose('Attempting to retrieve authentication parameters from: ' + challengeUrl);
+    logger.verbose('Attempting to retrieve authentication parameters');
+    logger.verbose('Attempting to retrieve authentication parameters from: ' + challengeUrl, true);
     var options = util.createRequestOptions( { _callContext : { _logContext: logContext } } );
     request.get(challengeUrl, options, function(err, response) {
       if (err) {
-        logger.error('Authentication parameters http get failed.', err);
+        logger.error('Authentication parameters http get failed.', err, true);
         callback(err);
         return;
       }
@@ -248,7 +249,7 @@ exports.createAuthenticationParametersFromUrl = function(url, callback, correlat
       try {
         parameters = exports.createAuthenticationParametersFromResponse(response);
       } catch(creationErr) {
-        logger.error('Unable to parse response in to authentication paramaters.', creationErr);
+        logger.error('Unable to parse response in to authentication paramaters.', creationErr, true);
         callback(creationErr);
         return;
       }
diff --git a/lib/authority.js b/lib/authority.js
index d6049d4..ca98601 100644
--- a/lib/authority.js
+++ b/lib/authority.js
@@ -166,7 +166,8 @@ Authority.prototype._performDynamicInstanceDiscovery = function(callback) {
 
     var getOptions = util.createRequestOptions(self);
 
-    this._log.verbose('Attempting instance discover at: ' + url.format(discoveryEndpoint));
+    this._log.verbose('Attempting instance discover');
+    this._log.verbose('Attempting instance discover at: ' + url.format(discoveryEndpoint), true);
     request.get(discoveryEndpoint, getOptions, util.createRequestHandler('Instance Discovery', this._log, callback,
       function(response, body) {
         var discoveryResponse = JSON.parse(body);
@@ -255,7 +256,8 @@ Authority.prototype.validate = function(callContext, callback) {
   var self = this;
 
   if (!this._validated) {
-    this._log.verbose('Performing instance discovery: ' + url.format(this._url));
+    this._log.verbose('Performing instance discovery');
+    this._log.verbose('Performing instance discovery: ' + url.format(this._url), true);
     this._validateViaInstanceDiscovery(function(err, tenantDiscoveryEndpoint) {
       if (err)
       {
@@ -267,7 +269,8 @@ Authority.prototype.validate = function(callContext, callback) {
       }
     });
   } else {
-    this._log.verbose('Instance discovery/validation has either already been completed or is turned off: ' + url.format(this._url));
+    this._log.verbose('Instance discovery/validation has either already been completed or is turned off');
+    this._log.verbose('Instance discovery/validation has either already been completed or is turned off: ' + url.format(this._url), true);
     this._getOAuthEndpoints(null, callback);
     return;
   }
diff --git a/lib/cache-driver.js b/lib/cache-driver.js
index c890668..aa67d87 100644
--- a/lib/cache-driver.js
+++ b/lib/cache-driver.js
@@ -157,7 +157,7 @@ CacheDriver.prototype._getPotentialEntries = function(query, callback) {
   }
 
   this._log.verbose('Looking for potential cache entries:');
-  this._log.verbose(JSON.stringify(potentialEntriesQuery));
+  this._log.verbose(JSON.stringify(potentialEntriesQuery), true);
   this._find(potentialEntriesQuery, function(err, entries) {
     self._log.verbose('Found ' + entries.length + ' potential entries.');
     callback(err, entries);
@@ -225,7 +225,8 @@ CacheDriver.prototype._loadSingleEntryFromCache = function(query, callback) {
       }
     }
     if (returnVal) {
-      self._log.verbose('Returning token from cache lookup, ' + createTokenIdMessage(returnVal));
+      self._log.verbose('Returning token from cache lookup');
+      self._log.verbose('Returning token from cache lookup, ' + createTokenIdMessage(returnVal), true);
     }
     callback(null, returnVal, isResourceTenantSpecific);
   });
@@ -279,7 +280,7 @@ CacheDriver.prototype._refreshExpiredEntry = function(entry, callback) {
     var newEntry = self._createEntryFromRefresh(entry, tokenResponse);
     self._replaceEntry(entry, newEntry, function(err) {
       if (err) {
-        self._log.error('error refreshing expired token', err);
+        self._log.error('error refreshing expired token', err, true);
       } else {
         self._log.info('Returning token refreshed after expiry.');
       }
@@ -304,7 +305,7 @@ CacheDriver.prototype._acquireNewTokenFromMrrt = function(entry, callback) {
     var newEntry = self._createEntryFromRefresh(entry, tokenResponse);
     self.add(newEntry, function(err) {
       if (err) {
-        self._log.error('error refreshing mrrt', err);
+        self._log.error('error refreshing mrrt', err, true);
       } else {
         self._log.info('Returning token derived from mrrt refresh.');
       }
@@ -348,7 +349,8 @@ CacheDriver.prototype._refreshEntryIfNecessary = function(entry, isResourceSpeci
 CacheDriver.prototype.find = function(query, callback) {
   var self = this;
   query = query || {};
-  this._log.verbose('finding with query:' + JSON.stringify(query));
+  this._log.verbose('finding using query');
+  this._log.verbose('finding with query:' + JSON.stringify(query), true);
   this._loadSingleEntryFromCache(query, function(err, entry, isResourceTenantSpecific) {
     if (err) {
       callback(err);
@@ -499,6 +501,7 @@ CacheDriver.prototype._augmentEntryWithCacheMetadata = function(entry) {
  */
 CacheDriver.prototype.add = function(entry, callback) {
   var self = this;
+  this._log.verbose('Adding entry');
   this._log.verbose('Adding entry, ' + createTokenIdMessage(entry));
 
   this._augmentEntryWithCacheMetadata(entry);
diff --git a/lib/log.js b/lib/log.js
index 8cbad26..7e7df6f 100644
--- a/lib/log.js
+++ b/lib/log.js
@@ -92,6 +92,10 @@ var Logging = {
       options.level = this.LOGGING_LEVEL.ERROR;
     }
 
+    if (options.loggingWithPII != true) {
+      options.loggingWithPII = false;
+    }
+    
     this.LogOptions = options;
   },
 
@@ -111,6 +115,7 @@ var Logging = {
   LogOptions : {
     log : function() {},
     level : 0,
+    loggingWithPII: false
   }
 };
 
@@ -141,8 +146,13 @@ Object.defineProperty(Logger.prototype, 'context', {
  * @param  {string|function} message A message string, or a function that returns a message string, to log.
  * @param  {Error} [error] If this is a {@link Logging.LOGGING_LEVEL.ERROR|ERROR} level log entry then the caller
  *                       should pass an error object in this parameter.
+ * @param  {boolean} [containsPII] Determines if the log message contains personal information. Default value is false.
  */
-Logger.prototype.log = function(level, message, error) {
+Logger.prototype.log = function (level, message, error, containsPII) {
+  if (containsPII == true && !Logging.LogOptions.loggingWithPII) {
+    return;
+  }
+
   if (level <= Logging.LogOptions.level) {
     if (_.isFunction(message)) {
       message = message();
@@ -163,43 +173,48 @@ Logger.prototype.log = function(level, message, error) {
  * Generate an {@link Logging.LOGGING_LEVEL.ERROR|ERROR} level log entry.
  * @param  {string} message A message to log
  * @param  {Error} error The Error object associated with this log entry
+ * @param  {boolean} [containsPII] Determines if the log message contains personal information. Default value is false.
  */
-Logger.prototype.error = function(message, error) {
-  this.log(Logging.LOGGING_LEVEL.ERROR, message, error);
+Logger.prototype.error = function (message, error, containsPII) {
+  this.log(Logging.LOGGING_LEVEL.ERROR, message, error, containsPII);
 };
 
 /**
  * Generate an {@link Logging.LOGGING_LEVEL.WARN|WARN} level log entry.
  * @param  {string} message A message to log
+ * @param  {boolean} [containsPII] Determines if the log message contains personal information. Default value is false.
  */
-Logger.prototype.warn = function(message) {
-  this.log(Logging.LOGGING_LEVEL.WARN, message, null);
+Logger.prototype.warn = function (message, containsPII) {
+  this.log(Logging.LOGGING_LEVEL.WARN, message, null, containsPII);
 };
 
 /**
  * Generate an {@link Logging.LOGGING_LEVEL.INFO|INFO} level log entry.
  * @param  {string} message A message to log
+ * @param  {boolean} [containsPII] Determines if the log message contains personal information. Default value is false.
  */
-Logger.prototype.info = function(message) {
-  this.log(Logging.LOGGING_LEVEL.INFO, message, null);
+Logger.prototype.info = function (message, containsPII) {
+  this.log(Logging.LOGGING_LEVEL.INFO, message, null, containsPII);
 };
 
 /**
  * Generate an {@link Logging.LOGGING_LEVEL.VERBOSE|VERBOSE} level log entry.
  * @param  {string} message A message to log
+ * @param  {boolean} [containsPII] Determines if the log message contains personal information. Default value is false.
  */
-Logger.prototype.verbose = function(message) {
-  this.log(Logging.LOGGING_LEVEL.VERBOSE, message, null);
+Logger.prototype.verbose = function (message, containsPII) {
+  this.log(Logging.LOGGING_LEVEL.VERBOSE, message, null, containsPII);
 };
 
 /**
  * Generate a {@link Logging.LOGGING_LEVEL.ERROR|ERROR} level log entry, as well as an
  * Error object to go with it.  This is a convenience method for throwing logged errors.
  * @param  {string} message A message to log
+ * @param  {boolean} [containsPII] Determines if the log message contains personal information. Default value is false.
  */
-Logger.prototype.createError = function(message) {
+Logger.prototype.createError = function(message, containsPII) {
   var err = new Error(message);
-  this.error(message, err);
+  this.error(message, err, containsPII);
   return err;
 };
 
diff --git a/lib/mex.js b/lib/mex.js
index 00ec94b..e930c59 100644
--- a/lib/mex.js
+++ b/lib/mex.js
@@ -47,7 +47,8 @@ function Mex(callContext, url) {
   this._dom = null;
   this._mexDoc = null;
   this._usernamePasswordPolicy = {};
-  this._log.verbose('Mex created with url: ' + url);
+  this._log.verbose('Mex created');
+  this._log.verbose('Mex created with url: ' + url, true);
 }
 
 /**
@@ -75,6 +76,7 @@ Object.defineProperty(Mex.prototype, 'usernamePasswordPolicy', {
 * @param {Mex.DiscoverCallback}  callback  Called when discover is complete.
 */
 Mex.prototype.discover = function (callback) {
+  this._log.verbose('Retrieving mex');
   this._log.verbose('Retrieving mex at: ' + this._url);
   var self = this;
   var options = util.createRequestOptions(self, { headers : { 'Content-Type' : 'application/soap+xml'} });
@@ -89,7 +91,7 @@ Mex.prototype.discover = function (callback) {
         self._parse(callback);
         return;
       } catch (err) {
-        self._log.error('Failed to parse mex response in to DOM', err);
+        self._log.error('Failed to parse mex response in to DOM', err, true);
         callback(err);
       }
     })
@@ -119,12 +121,14 @@ Mex.prototype._checkPolicy = function(policyNode) {
     }
   }
   if (policyId) {
-    this._log.verbose('found matching policy id: ' + policyId);
+    this._log.verbose('found matching policy id');
+    this._log.verbose('found matching policy id: ' + policyId, true);
   } else {
     if (!id) {
       id = '<no id>';
     }
-    this._log.verbose('potential policy did not match required transport binding: ' + id);
+    this._log.verbose('potential policy did not match required transport binding');
+    this._log.verbose('potential policy did not match required transport binding: ' + id, true);
   }
   return policyId;
 };
diff --git a/lib/oauth2client.js b/lib/oauth2client.js
index d4cd2cc..9c51d7c 100644
--- a/lib/oauth2client.js
+++ b/lib/oauth2client.js
@@ -228,8 +228,9 @@ OAuth2Client.prototype._parseIdToken = function(encodedIdToken) {
     }
 
     idToken = JSON.parse(base64Decoded);
-  } catch(err) {
-    this._log.warn('The returned id_token could not be decoded: ' + err.stack);
+  } catch (err) {
+    this._log.warn('the returned id_token could not be decoded');
+    this._log.warn('The returned id_token could not be decoded: ' + err.stack, true);
     return;
   }
 
@@ -379,7 +380,7 @@ OAuth2Client.prototype._handleGetTokenResponse = function(response, body, callba
   try {
     tokenResponse = this._validateTokenResponse(body);
   } catch (e) {
-    this._log.error('Error validating get token response', e);
+    this._log.error('Error validating get token response', e, true);
     callback(e);
     return;
   }
@@ -391,7 +392,7 @@ OAuth2Client.prototype._handleGetDeviceCodeResponse = function(response, body, c
    try {
       deviceCodeResponse = this._validateDeviceCodeResponse(body);
    } catch (e) {
-      this._log.error('Error validating get user code response', e);
+      this._log.error('Error validating get user code response', e, true);
       callback(e);
       return;
    }
@@ -421,7 +422,7 @@ OAuth2Client.prototype._getTokenWithPolling = function (postOptions, callback) {
           try {
              tokenResponse = self._handlePollingResponse(body);
           } catch (e) {
-             self._log.error('Error validating get token response', e);
+             self._log.error('Error validating get token response', e, true);
              callback(null, e);
              return;
           }
diff --git a/lib/self-signed-jwt.js b/lib/self-signed-jwt.js
index 0304346..e94900e 100644
--- a/lib/self-signed-jwt.js
+++ b/lib/self-signed-jwt.js
@@ -87,7 +87,8 @@ SelfSignedJwt.prototype._createHeader = function(thumbprint) {
   var x5t = this._createx5tValue(thumbprint);
   var header = { typ: 'JWT', alg: 'RS256', x5t : x5t };
 
-  this._log.verbose('Creating self signed JWT header.  x5t: ' + x5t);
+  this._log.verbose('Creating self signed JWT header');
+  this._log.verbose('Creating self signed JWT header.  x5t: ' + x5t, true);
 
   return header;
 };
@@ -129,7 +130,7 @@ SelfSignedJwt.prototype._signJwt = function(header, payload, certificate) {
      jwt = jws.sign({ header : header, payload : payload, secret : certificate });
   }
   catch (err) {
-     this._log.error(err);
+     this._log.error(err, true);
      throw this._log.createError('Failed to sign JWT.This is most likely due to an invalid certificate.');   
   }
   
diff --git a/lib/token-request.js b/lib/token-request.js
index 2f13924..d6e0748 100644
--- a/lib/token-request.js
+++ b/lib/token-request.js
@@ -139,7 +139,8 @@ TokenRequest.prototype._getTokenWithCacheWrapper = function(callback, getTokenFu
   var cacheQuery = this._createCacheQuery();
   this._cacheDriver.find(cacheQuery, function(err, token) {
     if (err) {
-      self._log.warn('Attempt to look for token in cache resulted in Error: ' + err.stack);
+      self._log.warn('Attempt to look for token in cahce resulted in Error');
+      self._log.warn('Attempt to look for token in cache resulted in Error: ' + err.stack, true);
     }
 
     if (!token) {
@@ -290,7 +291,7 @@ TokenRequest.prototype._performWSTrustExchange = function(wstrustEndpoint, wstru
     }
 
     if (!response.token) {
-      var rstrErr = self._log.createError('Unsucessful RSTR.\n\terror code: ' + response.errorCode + '\n\tfaultMessage: ' + response.faultMessage);
+      var rstrErr = self._log.createError('Unsucessful RSTR.\n\terror code: ' + response.errorCode + '\n\tfaultMessage: ' + response.faultMessage, true);
       callback(rstrErr);
       return;
     }
@@ -350,7 +351,8 @@ TokenRequest.prototype._getTokenUsernamePasswordFederated = function(username, p
     return;
   } else {
     var mexEndpoint = this._userRealm.federationMetadataUrl;
-    this._log.verbose('Attempting mex at: ' + mexEndpoint);
+    this._log.verbose('Attempting mex');
+    this._log.verbose('Attempting mex at: ' + mexEndpoint, true);
     var mex = this._createMex(mexEndpoint);
     mex.discover(function(mexErr) {
       var wstrustEndpoint;
diff --git a/lib/user-realm.js b/lib/user-realm.js
index eafbf20..90238e6 100644
--- a/lib/user-realm.js
+++ b/lib/user-realm.js
@@ -188,8 +188,8 @@ UserRealm.prototype._logParsedResponse = function() {
   this._log.verbose('UserRealm response:');
   this._log.verbose(' AccountType:             ' + this.accountType);
   this._log.verbose(' FederationProtocol:      ' + this.federationProtocol);
-  this._log.verbose(' FederationMetatdataUrl:  ' + this.federationMetadataUrl);
-  this._log.verbose(' FederationActiveAuthUrl: ' + this.federationActiveAuthUrl);
+  this._log.verbose(' FederationMetatdataUrl:  ' + this.federationMetadataUrl, true);
+  this._log.verbose(' FederationActiveAuthUrl: ' + this.federationActiveAuthUrl, true);
 };
 
 /**
@@ -199,13 +199,13 @@ UserRealm.prototype._logParsedResponse = function() {
 * @param {UserRealm.DiscoverCallback} callback  Called when parsing is complete.
 */
 UserRealm.prototype._parseDiscoveryResponse = function(body, callback) {
-  this._log.verbose('Discovery response:\n' + body);
+  this._log.verbose('Discovery response:\n' + body, true);
 
   var response;
   try {
     response = JSON.parse(body);
   } catch (err) {
-    callback(this._log.createError('Parsing realm discovery respone JSON failed: ' + body));
+    callback(this._log.createError('Parsing realm discovery respone JSON failed: ' + body, true));
     return;
   }
 
@@ -257,7 +257,7 @@ UserRealm.prototype.discover = function(callback) {
   );
 
   var userRealmUrl = this._getUserRealmUrl();
-  this._log.verbose('Performing user realm discovery at: ' + url.format(userRealmUrl));
+  this._log.verbose('Performing user realm discovery at: ' + url.format(userRealmUrl), true);
   request.get(userRealmUrl, options, util.createRequestHandler('User Realm Discovery', this._log, callback,
     function(response, body) {
       self._parseDiscoveryResponse(body, callback);
diff --git a/lib/util.js b/lib/util.js
index f5d1333..ced0b2a 100644
--- a/lib/util.js
+++ b/lib/util.js
@@ -93,7 +93,7 @@ function createRequestOptions(self, options) {
 
 function logReturnCorrelationId(log, operationMessage, response) {
   if (response && response.headers && response.headers['client-request-id']) {
-    log.info(operationMessage + 'Server returned this correlationId: ' + response.headers['client-request-id']);
+    log.info(operationMessage + 'Server returned this correlationId: ' + response.headers['client-request-id'], true);
   }
 }
 
@@ -112,7 +112,7 @@ function createRequestHandler(operationMessage, log, errorCallback, successCallb
   return function(err, response, body) {
     logReturnCorrelationId(log, operationMessage, response);
     if (err) {
-      log.error(operationMessage + ' request failed with', err);
+      log.error(operationMessage + ' request failed with', err, true);
       errorCallback(err);
       return;
     }
@@ -127,7 +127,7 @@ function createRequestHandler(operationMessage, log, errorCallback, successCallb
           // No problem if it doesn't parse.
         }
       }
-      errorCallback(log.createError(returnErrorString), errorResponse);
+      errorCallback(log.createError(returnErrorString, true), errorResponse);
       return;
     }
 
diff --git a/lib/wstrust-request.js b/lib/wstrust-request.js
index ff5b62c..42cdcc7 100644
--- a/lib/wstrust-request.js
+++ b/lib/wstrust-request.js
@@ -167,7 +167,7 @@ WSTrustRequest.prototype._buildRST = function(username, password) {
       </s:Body>\
     </s:Envelope>';
 
-  this._log.verbose('Created RST: \n' + RSTTemplate);
+  this._log.verbose('Created RST: \n' + RSTTemplate, true);
 
   var RST = this._populateRSTUsernamePassword(RSTTemplate, username, password);
   return RST;
@@ -221,7 +221,7 @@ WSTrustRequest.prototype.acquireToken = function(username, password, callback) {
     }
   );
 
-  this._log.verbose('Sending RST to: ' + this._wstrustEndpointUrl);
+  this._log.verbose('Sending RST to: ' + this._wstrustEndpointUrl, true);
 
   request.post(this._wstrustEndpointUrl, options, util.createRequestHandler('WS-Trust RST', this._log, callback,
     function(response, body) {
diff --git a/lib/wstrust-response.js b/lib/wstrust-response.js
index 1c07ffb..87c7c62 100644
--- a/lib/wstrust-response.js
+++ b/lib/wstrust-response.js
@@ -267,7 +267,7 @@ WSTrustResponse.prototype.parse = function() {
       };
       this._dom = new DOMParser(options).parseFromString(this._response);
     } catch (err) {
-      throw this._log.createError('Failed to parse RSTR in to DOM', err);
+      throw this._log.createError('Failed to parse RSTR in to DOM', err, true);
     }
 
     var errorFound = this._parseError();
@@ -275,7 +275,7 @@ WSTrustResponse.prototype.parse = function() {
     if (errorFound) {
       var stringErrorCode = this.ErrorCode || 'NONE';
       var stringFaultMessage = this.FaultMessage || 'NONE';
-      throw this._log.createError('Server returned error in RSTR - ErrorCode: ' + stringErrorCode + ' : FaultMessage: ' + stringFaultMessage);
+      throw this._log.createError('Server returned error in RSTR - ErrorCode: ' + stringErrorCode + ' : FaultMessage: ' + stringFaultMessage, true);
     }
 
     this._parseToken();
diff --git a/package-lock.json b/package-lock.json
index c98a2a0..d980a3b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "adal-node",
-  "version": "0.1.27",
+  "version": "0.1.28",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 100032a..fd7cb8b 100644
--- a/package.json
+++ b/package.json
@@ -10,7 +10,7 @@
     "type": "git",
     "url": "https://github.com/AzureAD/azure-activedirectory-library-for-nodejs.git"
   },
-  "version": "0.1.27",
+  "version": "0.1.28",
   "description": "Windows Azure Active Directory Client Library for node",
   "keywords": [
     "node",
diff --git a/test/username-password.ts b/test/username-password.ts
index c8cf1f0..4ec84af 100644
--- a/test/username-password.ts
+++ b/test/username-password.ts
@@ -329,7 +329,8 @@ suite('username-password', function() {
     };
     var logOptions: adal.LoggingOptions = {
       level: 3,
-      log : testCorrelationIdLog
+      log : testCorrelationIdLog,
+      loggingWithPII: true
     };
 
     var oldOptions = adal.Logging.getLoggingOptions();

From 7a14d29b2beefd061cc41f69cfdc21c0423ae6b1 Mon Sep 17 00:00:00 2001
From: Sijun Liu <sijliu@microsoft.com>
Date: Mon, 26 Feb 2018 16:06:10 -0800
Subject: [PATCH 3/3] encode uri

---
 lib/authority.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/authority.js b/lib/authority.js
index ca98601..02d1144 100644
--- a/lib/authority.js
+++ b/lib/authority.js
@@ -135,7 +135,7 @@ Authority.prototype._performStaticInstanceDiscovery = function() {
 };
 
 Authority.prototype._createAuthorityUrl = function() {
-  return 'https://' + this._url.host + '/' + this._tenant + AADConstants.AUTHORIZE_ENDPOINT_PATH;
+  return 'https://' + this._url.host + '/' + encodeURIComponent(this._tenant) + AADConstants.AUTHORIZE_ENDPOINT_PATH;
 };
 
 /**
@@ -228,11 +228,11 @@ Authority.prototype._getOAuthEndpoints = function(tenantDiscoveryEndpoint, callb
   } else {
     // fallback to the well known token endpoint path.
     if (!this._tokenEndpoint){
-       this._tokenEndpoint = url.format('https://' + this._url.host + '/' + this._tenant) + AADConstants.TOKEN_ENDPOINT_PATH;
+       this._tokenEndpoint = url.format('https://' + this._url.host + '/' + encodeURIComponent(this._tenant)) + AADConstants.TOKEN_ENDPOINT_PATH;
     }
 
     if (!this._deviceCodeEndpoint){
-       this._deviceCodeEndpoint = url.format('https://' + this._url.host + '/' + this._tenant) + AADConstants.DEVICE_ENDPOINT_PATH;
+       this._deviceCodeEndpoint = url.format('https://' + this._url.host + '/' + encodeURIComponent(this._tenant)) + AADConstants.DEVICE_ENDPOINT_PATH;
     }
 
     callback();