From 2a6bc41ecfe134b92ff5037119802e8282a5e235 Mon Sep 17 00:00:00 2001
From: Yeming Liu <yeliu@microsoft.com>
Date: Thu, 18 Dec 2025 17:52:35 +1100
Subject: [PATCH] Enhance browser-based login success message to advise against
 its use and recommend Web Account Manager (WAM) for better security.

---
 src/Accounts/Accounts/ChangeLog.md                         | 1 +
 .../Authenticators/InteractiveUserAuthenticator.cs         | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/src/Accounts/Accounts/ChangeLog.md b/src/Accounts/Accounts/ChangeLog.md
index aa80437100d9..cd0416bc0628 100644
--- a/src/Accounts/Accounts/ChangeLog.md
+++ b/src/Accounts/Accounts/ChangeLog.md
@@ -19,6 +19,7 @@
 -->
 
 ## Upcoming Release
+* Updated the success message of browser-based interactive login to warn users against using this authentication method and recommend switching to Web Account Manager (WAM) for a more robust authentication mechanism.
 
 ## Version 5.3.1
 * Updated Azure.Core from 1.45.0 to 1.47.3
diff --git a/src/Accounts/Authenticators/InteractiveUserAuthenticator.cs b/src/Accounts/Authenticators/InteractiveUserAuthenticator.cs
index cc5ba463b6ad..592a49476b08 100644
--- a/src/Accounts/Authenticators/InteractiveUserAuthenticator.cs
+++ b/src/Accounts/Authenticators/InteractiveUserAuthenticator.cs
@@ -54,6 +54,12 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
             var requestContext = new TokenRequestContext(scopes, claims: claimsChallenge, isCaeEnabled: true);
             var authority = interactiveParameters.Environment.ActiveDirectoryAuthority;
 
+            var browserCustomizationOptions = new BrowserCustomizationOptions()
+            {
+                SuccessMessage = @"Login completed successfully. You can close this browser window and return to the application.
+<b>Warning:</b> We strongly advise against the authentication method you are about to use. Please switch to the broker (WAM) for a more robust authentication mechanism. Learn more about using WAM here http://",
+            };
+
             var options = new InteractiveBrowserCredentialOptions()
             {
                 ClientId = clientId,
@@ -61,6 +67,7 @@ public override Task<IAccessToken> Authenticate(AuthenticationParameters paramet
                 TokenCachePersistenceOptions = tokenCacheProvider.GetTokenCachePersistenceOptions(),
                 AuthorityHost = new Uri(authority),
                 RedirectUri = GetReplyUrl(onPremise, interactiveParameters.PromptAction),
+                BrowserCustomization = browserCustomizationOptions,
                 LoginHint = interactiveParameters.UserId
             };
             options.DisableInstanceDiscovery = interactiveParameters.DisableInstanceDiscovery ?? options.DisableInstanceDiscovery;