@azure/identity 4.0.1-alpha.20240112.2 → 4.0.1-alpha.20240118.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of @azure/identity might be problematic. Click here for more details.
- package/dist/index.js +195 -336
- package/dist/index.js.map +1 -1
- package/dist-esm/src/client/identityClient.js +16 -23
- package/dist-esm/src/client/identityClient.js.map +1 -1
- package/dist-esm/src/credentials/authorizationCodeCredential.js +4 -14
- package/dist-esm/src/credentials/authorizationCodeCredential.js.map +1 -1
- package/dist-esm/src/credentials/azureCliCredential.js +9 -8
- package/dist-esm/src/credentials/azureCliCredential.js.map +1 -1
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js +10 -9
- package/dist-esm/src/credentials/azureDeveloperCliCredential.js.map +1 -1
- package/dist-esm/src/credentials/azurePowerShellCredential.js +5 -5
- package/dist-esm/src/credentials/azurePowerShellCredential.js.map +1 -1
- package/dist-esm/src/credentials/clientAssertionCredential.js +2 -9
- package/dist-esm/src/credentials/clientAssertionCredential.js.map +1 -1
- package/dist-esm/src/credentials/clientCertificateCredential.js +8 -15
- package/dist-esm/src/credentials/clientCertificateCredential.js.map +1 -1
- package/dist-esm/src/credentials/clientSecretCredential.browser.js +2 -2
- package/dist-esm/src/credentials/clientSecretCredential.browser.js.map +1 -1
- package/dist-esm/src/credentials/clientSecretCredential.js +3 -7
- package/dist-esm/src/credentials/clientSecretCredential.js.map +1 -1
- package/dist-esm/src/credentials/defaultAzureCredential.js +17 -46
- package/dist-esm/src/credentials/defaultAzureCredential.js.map +1 -1
- package/dist-esm/src/credentials/deviceCodeCredential.js +5 -13
- package/dist-esm/src/credentials/deviceCodeCredential.js.map +1 -1
- package/dist-esm/src/credentials/environmentCredential.js +3 -2
- package/dist-esm/src/credentials/environmentCredential.js.map +1 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js +6 -15
- package/dist-esm/src/credentials/interactiveBrowserCredential.browser.js.map +1 -1
- package/dist-esm/src/credentials/interactiveBrowserCredential.js +13 -26
- package/dist-esm/src/credentials/interactiveBrowserCredential.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js +2 -5
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2017.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2019.js +2 -5
- package/dist-esm/src/credentials/managedIdentityCredential/appServiceMsi2019.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js +5 -12
- package/dist-esm/src/credentials/managedIdentityCredential/arcMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js +2 -5
- package/dist-esm/src/credentials/managedIdentityCredential/cloudShellMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js +1 -6
- package/dist-esm/src/credentials/managedIdentityCredential/fabricMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js +6 -8
- package/dist-esm/src/credentials/managedIdentityCredential/imdsMsi.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/index.js +12 -18
- package/dist-esm/src/credentials/managedIdentityCredential/index.js.map +1 -1
- package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js +1 -7
- package/dist-esm/src/credentials/managedIdentityCredential/tokenExchangeMsi.js.map +1 -1
- package/dist-esm/src/credentials/onBehalfOfCredential.js +1 -5
- package/dist-esm/src/credentials/onBehalfOfCredential.js.map +1 -1
- package/dist-esm/src/credentials/usernamePasswordCredential.browser.js +1 -1
- package/dist-esm/src/credentials/usernamePasswordCredential.browser.js.map +1 -1
- package/dist-esm/src/credentials/usernamePasswordCredential.js +3 -7
- package/dist-esm/src/credentials/usernamePasswordCredential.js.map +1 -1
- package/dist-esm/src/credentials/visualStudioCodeCredential.js +4 -6
- package/dist-esm/src/credentials/visualStudioCodeCredential.js.map +1 -1
- package/dist-esm/src/credentials/workloadIdentityCredential.js +1 -1
- package/dist-esm/src/credentials/workloadIdentityCredential.js.map +1 -1
- package/dist-esm/src/msal/browserFlows/msalAuthCode.js +35 -22
- package/dist-esm/src/msal/browserFlows/msalAuthCode.js.map +1 -1
- package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js +6 -7
- package/dist-esm/src/msal/browserFlows/msalBrowserCommon.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js +4 -4
- package/dist-esm/src/msal/nodeFlows/msalAuthorizationCode.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js +5 -5
- package/dist-esm/src/msal/nodeFlows/msalDeviceCode.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js +31 -40
- package/dist-esm/src/msal/nodeFlows/msalNodeCommon.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js +9 -7
- package/dist-esm/src/msal/nodeFlows/msalOpenBrowser.js.map +1 -1
- package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js +4 -4
- package/dist-esm/src/msal/nodeFlows/msalUsernamePassword.js.map +1 -1
- package/dist-esm/src/msal/utils.browser.js +2 -6
- package/dist-esm/src/msal/utils.browser.js.map +1 -1
- package/dist-esm/src/msal/utils.js +2 -6
- package/dist-esm/src/msal/utils.js.map +1 -1
- package/dist-esm/src/util/logging.js +2 -6
- package/dist-esm/src/util/logging.js.map +1 -1
- package/dist-esm/src/util/processMultiTenantRequest.browser.js +2 -1
- package/dist-esm/src/util/processMultiTenantRequest.browser.js.map +1 -1
- package/dist-esm/src/util/processMultiTenantRequest.js +3 -2
- package/dist-esm/src/util/processMultiTenantRequest.js.map +1 -1
- package/package.json +1 -1
|
@@ -20,6 +20,7 @@ export class MSALAuthCode extends MsalBrowser {
|
|
|
20
20
|
* @param options - Parameters necessary and otherwise used to create the MSAL object.
|
|
21
21
|
*/
|
|
22
22
|
constructor(options) {
|
|
23
|
+
var _a;
|
|
23
24
|
super(options);
|
|
24
25
|
this.loginHint = options.loginHint;
|
|
25
26
|
this.msalConfig.cache = {
|
|
@@ -30,14 +31,20 @@ export class MSALAuthCode extends MsalBrowser {
|
|
|
30
31
|
loggerOptions: {
|
|
31
32
|
loggerCallback: defaultLoggerCallback(this.logger, "Browser"),
|
|
32
33
|
logLevel: getMSALLogLevel(getLogLevel()),
|
|
33
|
-
piiLoggingEnabled: options.loggingOptions
|
|
34
|
+
piiLoggingEnabled: (_a = options.loggingOptions) === null || _a === void 0 ? void 0 : _a.enableUnsafeSupportLogging,
|
|
34
35
|
},
|
|
35
36
|
};
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
if (this.
|
|
39
|
-
|
|
37
|
+
}
|
|
38
|
+
async getApp() {
|
|
39
|
+
if (!this.app) {
|
|
40
|
+
// Prepare the MSAL application
|
|
41
|
+
this.app = await msalBrowser.PublicClientApplication.createPublicClientApplication(this.msalConfig);
|
|
42
|
+
// setting the account right after the app is created.
|
|
43
|
+
if (this.account) {
|
|
44
|
+
this.app.setActiveAccount(publicToMsal(this.account));
|
|
45
|
+
}
|
|
40
46
|
}
|
|
47
|
+
return this.app;
|
|
41
48
|
}
|
|
42
49
|
/**
|
|
43
50
|
* Loads the account based on the result of the authentication.
|
|
@@ -46,9 +53,10 @@ export class MSALAuthCode extends MsalBrowser {
|
|
|
46
53
|
*/
|
|
47
54
|
async handleBrowserResult(result) {
|
|
48
55
|
try {
|
|
56
|
+
const app = await this.getApp();
|
|
49
57
|
if (result && result.account) {
|
|
50
58
|
this.logger.info(`MSAL Browser V2 authentication successful.`);
|
|
51
|
-
|
|
59
|
+
app.setActiveAccount(result.account);
|
|
52
60
|
return msalToPublic(this.clientId, result.account);
|
|
53
61
|
}
|
|
54
62
|
// If by this point we happen to have an active account, we should stop trying to parse this.
|
|
@@ -57,7 +65,7 @@ export class MSALAuthCode extends MsalBrowser {
|
|
|
57
65
|
return msalToPublic(this.clientId, activeAccount);
|
|
58
66
|
}
|
|
59
67
|
// If we don't have an active account, we try to activate it from all the already loaded accounts.
|
|
60
|
-
const accounts =
|
|
68
|
+
const accounts = app.getAllAccounts();
|
|
61
69
|
if (accounts.length > 1) {
|
|
62
70
|
// If there's more than one account in memory, we force the user to authenticate again.
|
|
63
71
|
// At this point we can't identify which account should this credential work with,
|
|
@@ -71,7 +79,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
71
79
|
// To safely trigger a new login, we're also ensuring the local cache is cleared up for this MSAL object.
|
|
72
80
|
// However, we want to avoid kicking the user out of their authentication on the Azure side.
|
|
73
81
|
// We do this by calling to logout while specifying a `onRedirectNavigate` that returns false.
|
|
74
|
-
await
|
|
82
|
+
await app.logout({
|
|
75
83
|
onRedirectNavigate: () => false,
|
|
76
84
|
});
|
|
77
85
|
return;
|
|
@@ -79,7 +87,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
79
87
|
// If there's only one account for this MSAL object, we can safely activate it.
|
|
80
88
|
if (accounts.length === 1) {
|
|
81
89
|
const account = accounts[0];
|
|
82
|
-
|
|
90
|
+
app.setActiveAccount(account);
|
|
83
91
|
return msalToPublic(this.clientId, account);
|
|
84
92
|
}
|
|
85
93
|
this.logger.info(`No accounts were found through MSAL.`);
|
|
@@ -93,7 +101,8 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
93
101
|
* Uses MSAL to handle the redirect.
|
|
94
102
|
*/
|
|
95
103
|
async handleRedirect() {
|
|
96
|
-
|
|
104
|
+
const app = await this.getApp();
|
|
105
|
+
return this.handleBrowserResult((await app.handleRedirectPromise(redirectHash)) || undefined);
|
|
97
106
|
}
|
|
98
107
|
/**
|
|
99
108
|
* Uses MSAL to trigger a redirect or a popup login.
|
|
@@ -104,20 +113,22 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
104
113
|
scopes: arrayScopes,
|
|
105
114
|
loginHint: this.loginHint,
|
|
106
115
|
};
|
|
116
|
+
const app = await this.getApp();
|
|
107
117
|
switch (this.loginStyle) {
|
|
108
118
|
case "redirect": {
|
|
109
|
-
await
|
|
119
|
+
await app.loginRedirect(loginRequest);
|
|
110
120
|
return;
|
|
111
121
|
}
|
|
112
122
|
case "popup":
|
|
113
|
-
return this.handleBrowserResult(await
|
|
123
|
+
return this.handleBrowserResult(await app.loginPopup(loginRequest));
|
|
114
124
|
}
|
|
115
125
|
}
|
|
116
126
|
/**
|
|
117
127
|
* Uses MSAL to retrieve the active account.
|
|
118
128
|
*/
|
|
119
129
|
async getActiveAccount() {
|
|
120
|
-
const
|
|
130
|
+
const app = await this.getApp();
|
|
131
|
+
const account = app.getActiveAccount();
|
|
121
132
|
if (!account) {
|
|
122
133
|
return;
|
|
123
134
|
}
|
|
@@ -136,16 +147,17 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
136
147
|
});
|
|
137
148
|
}
|
|
138
149
|
const parameters = {
|
|
139
|
-
authority: options
|
|
140
|
-
correlationId: options
|
|
141
|
-
claims: options
|
|
150
|
+
authority: (options === null || options === void 0 ? void 0 : options.authority) || this.msalConfig.auth.authority,
|
|
151
|
+
correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
|
|
152
|
+
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
142
153
|
account: publicToMsal(account),
|
|
143
154
|
forceRefresh: false,
|
|
144
155
|
scopes,
|
|
145
156
|
};
|
|
146
157
|
try {
|
|
147
158
|
this.logger.info("Attempting to acquire token silently");
|
|
148
|
-
const
|
|
159
|
+
const app = await this.getApp();
|
|
160
|
+
const response = await app.acquireTokenSilent(parameters);
|
|
149
161
|
return this.handleResult(scopes, this.clientId, response);
|
|
150
162
|
}
|
|
151
163
|
catch (err) {
|
|
@@ -165,22 +177,23 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
165
177
|
});
|
|
166
178
|
}
|
|
167
179
|
const parameters = {
|
|
168
|
-
authority: options
|
|
169
|
-
correlationId: options
|
|
170
|
-
claims: options
|
|
180
|
+
authority: (options === null || options === void 0 ? void 0 : options.authority) || this.msalConfig.auth.authority,
|
|
181
|
+
correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
|
|
182
|
+
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
171
183
|
account: publicToMsal(account),
|
|
172
184
|
loginHint: this.loginHint,
|
|
173
185
|
scopes,
|
|
174
186
|
};
|
|
187
|
+
const app = await this.getApp();
|
|
175
188
|
switch (this.loginStyle) {
|
|
176
189
|
case "redirect":
|
|
177
190
|
// This will go out of the page.
|
|
178
191
|
// Once the InteractiveBrowserCredential is initialized again,
|
|
179
192
|
// we'll load the MSAL account in the constructor.
|
|
180
|
-
await
|
|
193
|
+
await app.acquireTokenRedirect(parameters);
|
|
181
194
|
return { token: "", expiresOnTimestamp: 0 };
|
|
182
195
|
case "popup":
|
|
183
|
-
return this.handleResult(scopes, this.clientId, await
|
|
196
|
+
return this.handleResult(scopes, this.clientId, await app.acquireTokenPopup(parameters));
|
|
184
197
|
}
|
|
185
198
|
}
|
|
186
199
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"msalAuthCode.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalAuthCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,WAAW,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,WAAW,EAA0B,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG9F,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAE3D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,uCAAuC;AACvC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;AAExC;;;;GAIG;AACH,MAAM,OAAO,YAAa,SAAQ,WAAW;IAI3C;;;;;OAKG;IACH,YAAY,OAA+B;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEnC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;YACtB,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG;YACvB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC;gBAC7D,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,OAAO,CAAC,cAAc,EAAE,0BAA0B;aACtE;SACF,CAAC;QAEF,kCAAkC;QAClC,IAAI,CAAC,GAAG,GAAG,IAAI,WAAW,CAAC,uBAAuB,CAChD,IAAI,CAAC,UAAuC,CAC7C,CAAC;QACF,IAAI,IAAI,CAAC,OAAO,EAAE;YAChB,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;SACvD;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,mBAAmB,CAC/B,MAAyC;QAEzC,IAAI;YACF,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE;gBAC5B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC/D,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAC1C,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;aACpD;YAED,6FAA6F;YAC7F,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,GAAI,CAAC,gBAAgB,EAAE,CAAC;YACzD,IAAI,aAAa,EAAE;gBACjB,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;aACnD;YAED,kGAAkG;YAClG,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;YAC3C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;gBACvB,uFAAuF;gBACvF,kFAAkF;gBAClF,uEAAuE;gBACvE,uCAAuC;gBACvC,IAAI,CAAC,MAAM,CAAC,IAAI,CACd;;;;gKAIsJ,CACvJ,CAAC;gBACF,yGAAyG;gBACzG,4FAA4F;gBAC5F,8FAA8F;gBAC9F,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;oBACpB,kBAAkB,EAAE,GAAG,EAAE,CAAC,KAAK;iBAChC,CAAC,CAAC;gBACH,OAAO;aACR;YAED,+EAA+E;YAC/E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;gBACzB,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;gBAC5B,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBACnC,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;aAC7C;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;SAC1D;QAAC,OAAO,CAAM,EAAE;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;SACxE;QACD,OAAO;IACT,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc;QACzB,OAAO,IAAI,CAAC,mBAAmB,CAC7B,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAClE,CAAC;IACJ,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,KAAK,CAAC,SAA4B,EAAE;QAC/C,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC;QACF,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU,CAAC,CAAC;gBACf,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBAC3C,OAAO;aACR;YACD,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;SAC5E;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,gBAAgB;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAC5C,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO;SACR;QACD,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc,CACzB,MAAgB,EAChB,OAAuC;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE;YACZ,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAU;YAChE,aAAa,EAAE,OAAO,EAAE,aAAa;YACrC,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;YAC9B,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI;YACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;SAC3D;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE;YACZ,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAU;YAChE,aAAa,EAAE,OAAO,EAAE,aAAa;YACrC,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;YAC9B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM;SACP,CAAC;QAEF,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAClD,MAAM,IAAI,CAAC,GAAG,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAChD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;YAC9C,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,YAAY,CACtB,MAAM,EACN,IAAI,CAAC,QAAQ,EACb,MAAM,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAC7C,CAAC;SACL;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\nimport { MsalBrowser, MsalBrowserFlowOptions } from \"./msalBrowserCommon\";\nimport { defaultLoggerCallback, msalToPublic, publicToMsal, getMSALLogLevel } from \"../utils\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { AuthenticationRecord } from \"../types\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { getLogLevel } from \"@azure/logger\";\n\n// We keep a copy of the redirect hash.\nconst redirectHash = self.location.hash;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport class MSALAuthCode extends MsalBrowser {\n protected app: msalBrowser.PublicClientApplication;\n private loginHint?: string;\n\n /**\n * Sets up an MSAL object based on the given parameters.\n * MSAL with Auth Code allows sending a previously obtained `authenticationRecord` through the optional parameters,\n * which is set to be the active account.\n * @param options - Parameters necessary and otherwise used to create the MSAL object.\n */\n constructor(options: MsalBrowserFlowOptions) {\n super(options);\n this.loginHint = options.loginHint;\n\n this.msalConfig.cache = {\n cacheLocation: \"sessionStorage\",\n storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n };\n this.msalConfig.system = {\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(this.logger, \"Browser\"),\n logLevel: getMSALLogLevel(getLogLevel()),\n piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n },\n };\n\n // Preparing the MSAL application.\n this.app = new msalBrowser.PublicClientApplication(\n this.msalConfig as msalBrowser.Configuration,\n );\n if (this.account) {\n this.app.setActiveAccount(publicToMsal(this.account));\n }\n }\n\n /**\n * Loads the account based on the result of the authentication.\n * If no result was received, tries to load the account from the cache.\n * @param result - Result object received from MSAL.\n */\n private async handleBrowserResult(\n result?: msalBrowser.AuthenticationResult,\n ): Promise<AuthenticationRecord | undefined> {\n try {\n if (result && result.account) {\n this.logger.info(`MSAL Browser V2 authentication successful.`);\n this.app.setActiveAccount(result.account);\n return msalToPublic(this.clientId, result.account);\n }\n\n // If by this point we happen to have an active account, we should stop trying to parse this.\n const activeAccount = await this.app!.getActiveAccount();\n if (activeAccount) {\n return msalToPublic(this.clientId, activeAccount);\n }\n\n // If we don't have an active account, we try to activate it from all the already loaded accounts.\n const accounts = this.app.getAllAccounts();\n if (accounts.length > 1) {\n // If there's more than one account in memory, we force the user to authenticate again.\n // At this point we can't identify which account should this credential work with,\n // since at this point the user won't have provided enough information.\n // We log a message in case that helps.\n this.logger.info(\n `More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing \"InteractiveBrowserCredential\".`,\n );\n // To safely trigger a new login, we're also ensuring the local cache is cleared up for this MSAL object.\n // However, we want to avoid kicking the user out of their authentication on the Azure side.\n // We do this by calling to logout while specifying a `onRedirectNavigate` that returns false.\n await this.app.logout({\n onRedirectNavigate: () => false,\n });\n return;\n }\n\n // If there's only one account for this MSAL object, we can safely activate it.\n if (accounts.length === 1) {\n const account = accounts[0];\n this.app.setActiveAccount(account);\n return msalToPublic(this.clientId, account);\n }\n\n this.logger.info(`No accounts were found through MSAL.`);\n } catch (e: any) {\n this.logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n }\n return;\n }\n\n /**\n * Uses MSAL to handle the redirect.\n */\n public async handleRedirect(): Promise<AuthenticationRecord | undefined> {\n return this.handleBrowserResult(\n (await this.app.handleRedirectPromise(redirectHash)) || undefined,\n );\n }\n\n /**\n * Uses MSAL to trigger a redirect or a popup login.\n */\n public async login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n const loginRequest: msalBrowser.RedirectRequest = {\n scopes: arrayScopes,\n loginHint: this.loginHint,\n };\n switch (this.loginStyle) {\n case \"redirect\": {\n await this.app.loginRedirect(loginRequest);\n return;\n }\n case \"popup\":\n return this.handleBrowserResult(await this.app.loginPopup(loginRequest));\n }\n }\n\n /**\n * Uses MSAL to retrieve the active account.\n */\n public async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n const account = this.app.getActiveAccount();\n if (!account) {\n return;\n }\n return msalToPublic(this.clientId, account);\n }\n\n /**\n * Attempts to retrieve a token from cache.\n */\n public async getTokenSilent(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const account = await this.getActiveAccount();\n if (!account) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.SilentRequest = {\n authority: options?.authority || this.msalConfig.auth.authority!,\n correlationId: options?.correlationId,\n claims: options?.claims,\n account: publicToMsal(account),\n forceRefresh: false,\n scopes,\n };\n\n try {\n this.logger.info(\"Attempting to acquire token silently\");\n const response = await this.app.acquireTokenSilent(parameters);\n return this.handleResult(scopes, this.clientId, response);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve the token in the browser.\n */\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const account = await this.getActiveAccount();\n if (!account) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.RedirectRequest = {\n authority: options?.authority || this.msalConfig.auth.authority!,\n correlationId: options?.correlationId,\n claims: options?.claims,\n account: publicToMsal(account),\n loginHint: this.loginHint,\n scopes,\n };\n\n switch (this.loginStyle) {\n case \"redirect\":\n // This will go out of the page.\n // Once the InteractiveBrowserCredential is initialized again,\n // we'll load the MSAL account in the constructor.\n await this.app.acquireTokenRedirect(parameters);\n return { token: \"\", expiresOnTimestamp: 0 };\n case \"popup\":\n return this.handleResult(\n scopes,\n this.clientId,\n await this.app.acquireTokenPopup(parameters),\n );\n }\n }\n}\n"]}
|
|
1
|
+
{"version":3,"file":"msalAuthCode.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalAuthCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,KAAK,WAAW,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,WAAW,EAA0B,MAAM,qBAAqB,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,YAAY,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAG9F,OAAO,EAAE,2BAA2B,EAAE,MAAM,cAAc,CAAC;AAE3D,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAE5C,uCAAuC;AACvC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;AAExC;;;;GAIG;AACH,MAAM,OAAO,YAAa,SAAQ,WAAW;IAI3C;;;;;OAKG;IACH,YAAY,OAA+B;;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QAEnC,IAAI,CAAC,UAAU,CAAC,KAAK,GAAG;YACtB,aAAa,EAAE,gBAAgB;YAC/B,sBAAsB,EAAE,IAAI,EAAE,0DAA0D;SACzF,CAAC;QACF,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG;YACvB,aAAa,EAAE;gBACb,cAAc,EAAE,qBAAqB,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC;gBAC7D,QAAQ,EAAE,eAAe,CAAC,WAAW,EAAE,CAAC;gBACxC,iBAAiB,EAAE,MAAA,OAAO,CAAC,cAAc,0CAAE,0BAA0B;aACtE;SACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,MAAM;QAClB,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;YACb,+BAA+B;YAC/B,IAAI,CAAC,GAAG,GAAG,MAAM,WAAW,CAAC,uBAAuB,CAAC,6BAA6B,CAChF,IAAI,CAAC,UAAuC,CAC7C,CAAC;YAEF,sDAAsD;YACtD,IAAI,IAAI,CAAC,OAAO,EAAE;gBAChB,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;aACvD;SACF;QAED,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IACD;;;;OAIG;IACK,KAAK,CAAC,mBAAmB,CAC/B,MAAyC;QAEzC,IAAI;YACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,IAAI,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE;gBAC5B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;gBAC/D,GAAG,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACrC,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;aACpD;YAED,6FAA6F;YAC7F,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,GAAI,CAAC,gBAAgB,EAAE,CAAC;YACzD,IAAI,aAAa,EAAE;gBACjB,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;aACnD;YAED,kGAAkG;YAClG,MAAM,QAAQ,GAAG,GAAG,CAAC,cAAc,EAAE,CAAC;YACtC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;gBACvB,uFAAuF;gBACvF,kFAAkF;gBAClF,uEAAuE;gBACvE,uCAAuC;gBACvC,IAAI,CAAC,MAAM,CAAC,IAAI,CACd;;;;gKAIsJ,CACvJ,CAAC;gBACF,yGAAyG;gBACzG,4FAA4F;gBAC5F,8FAA8F;gBAC9F,MAAM,GAAG,CAAC,MAAM,CAAC;oBACf,kBAAkB,EAAE,GAAG,EAAE,CAAC,KAAK;iBAChC,CAAC,CAAC;gBACH,OAAO;aACR;YAED,+EAA+E;YAC/E,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;gBACzB,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;gBAC5B,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;gBAC9B,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;aAC7C;YAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;SAC1D;QAAC,OAAO,CAAM,EAAE;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;SACxE;QACD,OAAO;IACT,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc;QACzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,OAAO,IAAI,CAAC,mBAAmB,CAAC,CAAC,MAAM,GAAG,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC;IAChG,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,KAAK,CAAC,SAA4B,EAAE;QAC/C,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,YAAY,GAAgC;YAChD,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU,CAAC,CAAC;gBACf,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtC,OAAO;aACR;YACD,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC;SACvE;IACH,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,gBAAgB;QAC3B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACvC,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO;SACR;QACD,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,cAAc,CACzB,MAAgB,EAChB,OAAuC;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE;YACZ,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,UAAU,GAA8B;YAC5C,SAAS,EAAE,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,KAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAU;YAChE,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;YACvB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;YAC9B,YAAY,EAAE,KAAK;YACnB,MAAM;SACP,CAAC;QAEF,IAAI;YACF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;YACzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;SAC3D;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE;YACZ,MAAM,IAAI,2BAA2B,CAAC;gBACpC,MAAM;gBACN,eAAe,EAAE,OAAO;gBACxB,OAAO,EACL,sFAAsF;aACzF,CAAC,CAAC;SACJ;QAED,MAAM,UAAU,GAAgC;YAC9C,SAAS,EAAE,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,KAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAU;YAChE,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;YACrC,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;YACvB,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC;YAC9B,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM;SACP,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,QAAQ,IAAI,CAAC,UAAU,EAAE;YACvB,KAAK,UAAU;gBACb,gCAAgC;gBAChC,8DAA8D;gBAC9D,kDAAkD;gBAElD,MAAM,GAAG,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;gBAC3C,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,kBAAkB,EAAE,CAAC,EAAE,CAAC;YAC9C,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC,CAAC;SAC5F;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\nimport { MsalBrowser, MsalBrowserFlowOptions } from \"./msalBrowserCommon\";\nimport { defaultLoggerCallback, msalToPublic, publicToMsal, getMSALLogLevel } from \"../utils\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { AuthenticationRecord } from \"../types\";\nimport { AuthenticationRequiredError } from \"../../errors\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { getLogLevel } from \"@azure/logger\";\n\n// We keep a copy of the redirect hash.\nconst redirectHash = self.location.hash;\n\n/**\n * Uses MSAL Browser 2.X for browser authentication,\n * which uses the [Auth Code Flow](https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow).\n * @internal\n */\nexport class MSALAuthCode extends MsalBrowser {\n protected app?: msalBrowser.IPublicClientApplication;\n private loginHint?: string;\n\n /**\n * Sets up an MSAL object based on the given parameters.\n * MSAL with Auth Code allows sending a previously obtained `authenticationRecord` through the optional parameters,\n * which is set to be the active account.\n * @param options - Parameters necessary and otherwise used to create the MSAL object.\n */\n constructor(options: MsalBrowserFlowOptions) {\n super(options);\n this.loginHint = options.loginHint;\n\n this.msalConfig.cache = {\n cacheLocation: \"sessionStorage\",\n storeAuthStateInCookie: true, // Set to true to improve the experience on IE11 and Edge.\n };\n this.msalConfig.system = {\n loggerOptions: {\n loggerCallback: defaultLoggerCallback(this.logger, \"Browser\"),\n logLevel: getMSALLogLevel(getLogLevel()),\n piiLoggingEnabled: options.loggingOptions?.enableUnsafeSupportLogging,\n },\n };\n }\n\n private async getApp(): Promise<msalBrowser.IPublicClientApplication> {\n if (!this.app) {\n // Prepare the MSAL application\n this.app = await msalBrowser.PublicClientApplication.createPublicClientApplication(\n this.msalConfig as msalBrowser.Configuration,\n );\n\n // setting the account right after the app is created.\n if (this.account) {\n this.app.setActiveAccount(publicToMsal(this.account));\n }\n }\n\n return this.app;\n }\n /**\n * Loads the account based on the result of the authentication.\n * If no result was received, tries to load the account from the cache.\n * @param result - Result object received from MSAL.\n */\n private async handleBrowserResult(\n result?: msalBrowser.AuthenticationResult,\n ): Promise<AuthenticationRecord | undefined> {\n try {\n const app = await this.getApp();\n if (result && result.account) {\n this.logger.info(`MSAL Browser V2 authentication successful.`);\n app.setActiveAccount(result.account);\n return msalToPublic(this.clientId, result.account);\n }\n\n // If by this point we happen to have an active account, we should stop trying to parse this.\n const activeAccount = await this.app!.getActiveAccount();\n if (activeAccount) {\n return msalToPublic(this.clientId, activeAccount);\n }\n\n // If we don't have an active account, we try to activate it from all the already loaded accounts.\n const accounts = app.getAllAccounts();\n if (accounts.length > 1) {\n // If there's more than one account in memory, we force the user to authenticate again.\n // At this point we can't identify which account should this credential work with,\n // since at this point the user won't have provided enough information.\n // We log a message in case that helps.\n this.logger.info(\n `More than one account was found authenticated for this Client ID and Tenant ID.\nHowever, no \"authenticationRecord\" has been provided for this credential,\ntherefore we're unable to pick between these accounts.\nA new login attempt will be requested, to ensure the correct account is picked.\nTo work with multiple accounts for the same Client ID and Tenant ID, please provide an \"authenticationRecord\" when initializing \"InteractiveBrowserCredential\".`,\n );\n // To safely trigger a new login, we're also ensuring the local cache is cleared up for this MSAL object.\n // However, we want to avoid kicking the user out of their authentication on the Azure side.\n // We do this by calling to logout while specifying a `onRedirectNavigate` that returns false.\n await app.logout({\n onRedirectNavigate: () => false,\n });\n return;\n }\n\n // If there's only one account for this MSAL object, we can safely activate it.\n if (accounts.length === 1) {\n const account = accounts[0];\n app.setActiveAccount(account);\n return msalToPublic(this.clientId, account);\n }\n\n this.logger.info(`No accounts were found through MSAL.`);\n } catch (e: any) {\n this.logger.info(`Failed to acquire token through MSAL. ${e.message}`);\n }\n return;\n }\n\n /**\n * Uses MSAL to handle the redirect.\n */\n public async handleRedirect(): Promise<AuthenticationRecord | undefined> {\n const app = await this.getApp();\n return this.handleBrowserResult((await app.handleRedirectPromise(redirectHash)) || undefined);\n }\n\n /**\n * Uses MSAL to trigger a redirect or a popup login.\n */\n public async login(scopes: string | string[] = []): Promise<AuthenticationRecord | undefined> {\n const arrayScopes = Array.isArray(scopes) ? scopes : [scopes];\n const loginRequest: msalBrowser.RedirectRequest = {\n scopes: arrayScopes,\n loginHint: this.loginHint,\n };\n const app = await this.getApp();\n switch (this.loginStyle) {\n case \"redirect\": {\n await app.loginRedirect(loginRequest);\n return;\n }\n case \"popup\":\n return this.handleBrowserResult(await app.loginPopup(loginRequest));\n }\n }\n\n /**\n * Uses MSAL to retrieve the active account.\n */\n public async getActiveAccount(): Promise<AuthenticationRecord | undefined> {\n const app = await this.getApp();\n const account = app.getActiveAccount();\n if (!account) {\n return;\n }\n return msalToPublic(this.clientId, account);\n }\n\n /**\n * Attempts to retrieve a token from cache.\n */\n public async getTokenSilent(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const account = await this.getActiveAccount();\n if (!account) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.SilentRequest = {\n authority: options?.authority || this.msalConfig.auth.authority!,\n correlationId: options?.correlationId,\n claims: options?.claims,\n account: publicToMsal(account),\n forceRefresh: false,\n scopes,\n };\n\n try {\n this.logger.info(\"Attempting to acquire token silently\");\n const app = await this.getApp();\n const response = await app.acquireTokenSilent(parameters);\n return this.handleResult(scopes, this.clientId, response);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n\n /**\n * Attempts to retrieve the token in the browser.\n */\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n const account = await this.getActiveAccount();\n if (!account) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Silent authentication failed. We couldn't retrieve an active account from the cache.\",\n });\n }\n\n const parameters: msalBrowser.RedirectRequest = {\n authority: options?.authority || this.msalConfig.auth.authority!,\n correlationId: options?.correlationId,\n claims: options?.claims,\n account: publicToMsal(account),\n loginHint: this.loginHint,\n scopes,\n };\n const app = await this.getApp();\n switch (this.loginStyle) {\n case \"redirect\":\n // This will go out of the page.\n // Once the InteractiveBrowserCredential is initialized again,\n // we'll load the MSAL account in the constructor.\n\n await app.acquireTokenRedirect(parameters);\n return { token: \"\", expiresOnTimestamp: 0 };\n case \"popup\":\n return this.handleResult(scopes, this.clientId, await app.acquireTokenPopup(parameters));\n }\n }\n}\n"]}
|
|
@@ -34,6 +34,7 @@ export function defaultBrowserMsalConfig(options) {
|
|
|
34
34
|
*/
|
|
35
35
|
export class MsalBrowser extends MsalBaseUtilities {
|
|
36
36
|
constructor(options) {
|
|
37
|
+
var _a;
|
|
37
38
|
super(options);
|
|
38
39
|
this.logger = options.logger;
|
|
39
40
|
this.loginStyle = options.loginStyle;
|
|
@@ -41,16 +42,13 @@ export class MsalBrowser extends MsalBaseUtilities {
|
|
|
41
42
|
throw new CredentialUnavailableError("A client ID is required in browsers");
|
|
42
43
|
}
|
|
43
44
|
this.clientId = options.clientId;
|
|
44
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
45
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
|
|
45
46
|
this.tenantId = resolveTenantId(this.logger, options.tenantId, options.clientId);
|
|
46
47
|
this.authorityHost = options.authorityHost;
|
|
47
48
|
this.msalConfig = defaultBrowserMsalConfig(options);
|
|
48
49
|
this.disableAutomaticAuthentication = options.disableAutomaticAuthentication;
|
|
49
50
|
if (options.authenticationRecord) {
|
|
50
|
-
this.account = {
|
|
51
|
-
...options.authenticationRecord,
|
|
52
|
-
tenantId: this.tenantId,
|
|
53
|
-
};
|
|
51
|
+
this.account = Object.assign(Object.assign({}, options.authenticationRecord), { tenantId: this.tenantId });
|
|
54
52
|
}
|
|
55
53
|
}
|
|
56
54
|
/**
|
|
@@ -63,7 +61,8 @@ export class MsalBrowser extends MsalBaseUtilities {
|
|
|
63
61
|
* Clears MSAL's cache.
|
|
64
62
|
*/
|
|
65
63
|
async logout() {
|
|
66
|
-
|
|
64
|
+
var _a;
|
|
65
|
+
(_a = this.app) === null || _a === void 0 ? void 0 : _a.logout();
|
|
67
66
|
}
|
|
68
67
|
/**
|
|
69
68
|
* Attempts to retrieve an authenticated token from MSAL.
|
|
@@ -83,7 +82,7 @@ export class MsalBrowser extends MsalBaseUtilities {
|
|
|
83
82
|
if (err.name !== "AuthenticationRequiredError") {
|
|
84
83
|
throw err;
|
|
85
84
|
}
|
|
86
|
-
if (options
|
|
85
|
+
if (options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication) {
|
|
87
86
|
throw new AuthenticationRequiredError({
|
|
88
87
|
scopes,
|
|
89
88
|
getTokenOptions: options,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAEhF,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAKlC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAqClD;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM;SACzD;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,OAAgB,WAAY,SAAQ,iBAAiB;IAWzD,YAAY,OAA+B
|
|
1
|
+
{"version":3,"file":"msalBrowserCommon.js","sourceRoot":"","sources":["../../../../src/msal/browserFlows/msalBrowserCommon.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,2BAA2B,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AAEhF,OAAO,EACL,yBAAyB,EACzB,mCAAmC,EACnC,eAAe,GAChB,MAAM,0BAA0B,CAAC;AAKlC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAqClD;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CACtC,OAA+B;IAE/B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,eAAe,CAAC;IACrD,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IAChE,OAAO;QACL,IAAI,EAAE;YACJ,QAAQ,EAAE,OAAO,CAAC,QAAS;YAC3B,SAAS;YACT,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,wBAAwB,CAAC;YAC5F,qDAAqD;YACrD,yCAAyC;YACzC,kEAAkE;YAClE,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM;SACzD;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,OAAgB,WAAY,SAAQ,iBAAiB;IAWzD,YAAY,OAA+B;;QACzC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;YACrB,MAAM,IAAI,0BAA0B,CAAC,qCAAqC,CAAC,CAAC;SAC7E;QACD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,4BAA4B,GAAG,mCAAmC,CACrE,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,sBAAsB,0CAAE,0BAA0B,CAC5D,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;QAC3C,IAAI,CAAC,UAAU,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,8BAA8B,GAAG,OAAO,CAAC,8BAA8B,CAAC;QAE7E,IAAI,OAAO,CAAC,oBAAoB,EAAE;YAChC,IAAI,CAAC,OAAO,mCACP,OAAO,CAAC,oBAAoB,KAC/B,QAAQ,EAAE,IAAI,CAAC,QAAQ,GACxB,CAAC;SACH;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI;QACR,sBAAsB;IACxB,CAAC;IAOD;;OAEG;IACH,KAAK,CAAC,MAAM;;QACV,MAAA,IAAI,CAAC,GAAG,0CAAE,MAAM,EAAE,CAAC;IACrB,CAAC;IAsBD;;OAEG;IACI,KAAK,CAAC,QAAQ,CACnB,MAAgB,EAChB,UAAyC,EAAE;QAE3C,MAAM,QAAQ,GACZ,yBAAyB,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,4BAA4B,CAAC;YACpF,IAAI,CAAC,QAAQ,CAAC;QAEhB,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;YACtB,OAAO,CAAC,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;SAChE;QAED,uDAAuD;QACvD,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAE5B,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,8BAA8B,EAAE;YAC5E,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SAC1B;QACD,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YAC/C,IAAI,GAAG,CAAC,IAAI,KAAK,6BAA6B,EAAE;gBAC9C,MAAM,GAAG,CAAC;aACX;YACD,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,8BAA8B,EAAE;gBAC3C,MAAM,IAAI,2BAA2B,CAAC;oBACpC,MAAM;oBACN,eAAe,EAAE,OAAO;oBACxB,OAAO,EACL,uFAAuF;iBAC1F,CAAC,CAAC;aACJ;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,oEAAoE,IAAI,CAAC,UAAU,EAAE,CACtF,CAAC;YACF,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalBrowser from \"@azure/msal-browser\";\nimport { AuthenticationRequiredError, CredentialUnavailableError } from \"../../errors\";\nimport { MsalBaseUtilities, getAuthority, getKnownAuthorities } from \"../utils\";\nimport { MsalFlow, MsalFlowOptions } from \"../flows\";\nimport {\n processMultiTenantRequest,\n resolveAdditionallyAllowedTenantIds,\n resolveTenantId,\n} from \"../../util/tenantIdUtils\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { AuthenticationRecord } from \"../types\";\nimport { BrowserLoginStyle } from \"../../credentials/interactiveBrowserCredentialOptions\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { DefaultTenantId } from \"../../constants\";\nimport { MultiTenantTokenCredentialOptions } from \"../../credentials/multiTenantTokenCredentialOptions\";\nimport { LogPolicyOptions } from \"@azure/core-rest-pipeline\";\n\n/**\n * Union of the constructor parameters that all MSAL flow types take.\n * Some properties might not be used by some flow types.\n */\nexport interface MsalBrowserFlowOptions extends MsalFlowOptions {\n tokenCredentialOptions: MultiTenantTokenCredentialOptions;\n redirectUri?: string;\n loginStyle: BrowserLoginStyle;\n loginHint?: string;\n /**\n * Allows users to configure settings for logging policy options, allow logging account information and personally identifiable information for customer support.\n */\n loggingOptions?: LogPolicyOptions & {\n /**\n * Allows logging account information once the authentication flow succeeds.\n */\n allowLoggingAccountIdentifiers?: boolean;\n /**\n * Allows logging personally identifiable information for customer support.\n */\n enableUnsafeSupportLogging?: boolean;\n };\n}\n\n/**\n * The common methods we use to work with the MSAL browser flows.\n * @internal\n */\nexport interface MsalBrowserFlow extends MsalFlow {\n login(scopes?: string[]): Promise<AuthenticationRecord | undefined>;\n handleRedirect(): Promise<AuthenticationRecord | undefined>;\n}\n\n/**\n * Generates a MSAL configuration that generally works for browsers\n * @internal\n */\nexport function defaultBrowserMsalConfig(\n options: MsalBrowserFlowOptions,\n): msalBrowser.Configuration {\n const tenantId = options.tenantId || DefaultTenantId;\n const authority = getAuthority(tenantId, options.authorityHost);\n return {\n auth: {\n clientId: options.clientId!,\n authority,\n knownAuthorities: getKnownAuthorities(tenantId, authority, options.disableInstanceDiscovery),\n // If the users picked redirect as their login style,\n // but they didn't provide a redirectUri,\n // we can try to use the current page we're in as a default value.\n redirectUri: options.redirectUri || self.location.origin,\n },\n };\n}\n\n/**\n * MSAL partial base client for the browsers.\n *\n * It completes the input configuration with some default values.\n * It also provides with utility protected methods that can be used from any of the clients,\n * which includes handlers for successful responses and errors.\n *\n * @internal\n */\nexport abstract class MsalBrowser extends MsalBaseUtilities implements MsalBrowserFlow {\n protected loginStyle: BrowserLoginStyle;\n protected clientId: string;\n protected tenantId: string;\n protected additionallyAllowedTenantIds: string[];\n protected authorityHost?: string;\n protected account: AuthenticationRecord | undefined;\n protected msalConfig: msalBrowser.Configuration;\n protected disableAutomaticAuthentication?: boolean;\n protected app?: msalBrowser.IPublicClientApplication;\n\n constructor(options: MsalBrowserFlowOptions) {\n super(options);\n this.logger = options.logger;\n this.loginStyle = options.loginStyle;\n if (!options.clientId) {\n throw new CredentialUnavailableError(\"A client ID is required in browsers\");\n }\n this.clientId = options.clientId;\n this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(\n options?.tokenCredentialOptions?.additionallyAllowedTenants,\n );\n this.tenantId = resolveTenantId(this.logger, options.tenantId, options.clientId);\n this.authorityHost = options.authorityHost;\n this.msalConfig = defaultBrowserMsalConfig(options);\n this.disableAutomaticAuthentication = options.disableAutomaticAuthentication;\n\n if (options.authenticationRecord) {\n this.account = {\n ...options.authenticationRecord,\n tenantId: this.tenantId,\n };\n }\n }\n\n /**\n * In the browsers we don't need to init()\n */\n async init(): Promise<void> {\n // Nothing to do here.\n }\n\n /**\n * Attempts to handle a redirection request the least amount of times possible.\n */\n public abstract handleRedirect(): Promise<AuthenticationRecord | undefined>;\n\n /**\n * Clears MSAL's cache.\n */\n async logout(): Promise<void> {\n this.app?.logout();\n }\n\n /**\n * Uses MSAL to retrieve the active account.\n */\n public abstract getActiveAccount(): Promise<AuthenticationRecord | undefined>;\n\n /**\n * Uses MSAL to trigger a redirect or a popup login.\n */\n public abstract login(scopes?: string | string[]): Promise<AuthenticationRecord | undefined>;\n\n /**\n * Attempts to retrieve a token from cache.\n */\n public abstract getTokenSilent(scopes: string[]): Promise<AccessToken>;\n\n /**\n * Attempts to retrieve the token in the browser.\n */\n protected abstract doGetToken(scopes: string[]): Promise<AccessToken>;\n\n /**\n * Attempts to retrieve an authenticated token from MSAL.\n */\n public async getToken(\n scopes: string[],\n options: CredentialFlowGetTokenOptions = {},\n ): Promise<AccessToken> {\n const tenantId =\n processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||\n this.tenantId;\n\n if (!options.authority) {\n options.authority = getAuthority(tenantId, this.authorityHost);\n }\n\n // We ensure that redirection is handled at this point.\n await this.handleRedirect();\n\n if (!(await this.getActiveAccount()) && !this.disableAutomaticAuthentication) {\n await this.login(scopes);\n }\n return this.getTokenSilent(scopes).catch((err) => {\n if (err.name !== \"AuthenticationRequiredError\") {\n throw err;\n }\n if (options?.disableAutomaticAuthentication) {\n throw new AuthenticationRequiredError({\n scopes,\n getTokenOptions: options,\n message:\n \"Automatic authentication has been disabled. You may call the authentication() method.\",\n });\n }\n this.logger.info(\n `Silent authentication failed, falling back to interactive method ${this.loginStyle}`,\n );\n return this.doGetToken(scopes);\n });\n }\n}\n"]}
|
|
@@ -26,13 +26,13 @@ export class MsalAuthorizationCode extends MsalNode {
|
|
|
26
26
|
}
|
|
27
27
|
async doGetToken(scopes, options) {
|
|
28
28
|
try {
|
|
29
|
-
const result = await this.getApp("confidentialFirst", options
|
|
29
|
+
const result = await this.getApp("confidentialFirst", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenByCode({
|
|
30
30
|
scopes,
|
|
31
31
|
redirectUri: this.redirectUri,
|
|
32
32
|
code: this.authorizationCode,
|
|
33
|
-
correlationId: options
|
|
34
|
-
authority: options
|
|
35
|
-
claims: options
|
|
33
|
+
correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
|
|
34
|
+
authority: options === null || options === void 0 ? void 0 : options.authority,
|
|
35
|
+
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
36
36
|
});
|
|
37
37
|
// The Client Credential flow does not return an account,
|
|
38
38
|
// so each time getToken gets called, we will have to acquire a new token through the service.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"msalAuthorizationCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalAuthorizationCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAG7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAYtD;;;;GAIG;AACH,MAAM,OAAO,qBAAsB,SAAQ,QAAQ;IAIjD,YAAY,OAAqC;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,iCAAiC,CAAC,CAAC;QAClE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QACnD,IAAI,OAAO,CAAC,YAAY,EAAE;YACxB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;SAC1D;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAIpB;QACC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC;YACxE,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;IACL,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,OAAO,
|
|
1
|
+
{"version":3,"file":"msalAuthorizationCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalAuthorizationCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAG7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAYtD;;;;GAIG;AACH,MAAM,OAAO,qBAAsB,SAAQ,QAAQ;IAIjD,YAAY,OAAqC;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,MAAM,GAAG,gBAAgB,CAAC,iCAAiC,CAAC,CAAC;QAClE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QACnD,IAAI,OAAO,CAAC,YAAY,EAAE;YACxB,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;SAC1D;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAIpB;QACC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC;YACxE,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,WAAW,EAAE,OAAO,CAAC,WAAW;SACjC,CAAC,CAAC;IACL,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,mBAAmB,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,kBAAkB,CAAC;gBAC3F,MAAM;gBACN,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,IAAI,EAAE,IAAI,CAAC,iBAAiB;gBAC5B,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC,CAAC;YACH,yDAAyD;YACzD,8FAA8F;YAC9F,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;SACtE;QAAC,OAAO,GAAQ,EAAE;YACjB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;SAC9C;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { credentialLogger } from \"../../util/logging\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through opening a browser window.\n * @internal\n */\nexport interface MsalAuthorizationCodeOptions extends MsalNodeOptions {\n redirectUri: string;\n authorizationCode: string;\n clientSecret?: string;\n}\n\n/**\n * This MSAL client sets up a web server to listen for redirect callbacks, then calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`\n * to trigger the authentication flow, and then respond based on the values obtained from the redirect callback\n * @internal\n */\nexport class MsalAuthorizationCode extends MsalNode {\n private redirectUri: string;\n private authorizationCode: string;\n\n constructor(options: MsalAuthorizationCodeOptions) {\n super(options);\n this.logger = credentialLogger(\"Node.js MSAL Authorization Code\");\n this.redirectUri = options.redirectUri;\n this.authorizationCode = options.authorizationCode;\n if (options.clientSecret) {\n this.msalConfig.auth.clientSecret = options.clientSecret;\n }\n }\n\n async getAuthCodeUrl(options: {\n scopes: string[];\n redirectUri: string;\n enableCae?: boolean;\n }): Promise<string> {\n await this.init();\n return this.getApp(\"confidentialFirst\", options.enableCae).getAuthCodeUrl({\n scopes: options.scopes,\n redirectUri: options.redirectUri,\n });\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n try {\n const result = await this.getApp(\"confidentialFirst\", options?.enableCae).acquireTokenByCode({\n scopes,\n redirectUri: this.redirectUri,\n code: this.authorizationCode,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n });\n // The Client Credential flow does not return an account,\n // so each time getToken gets called, we will have to acquire a new token through the service.\n return this.handleResult(scopes, this.clientId, result || undefined);\n } catch (err: any) {\n throw this.handleError(scopes, err, options);\n }\n }\n}\n"]}
|
|
@@ -16,12 +16,12 @@ export class MsalDeviceCode extends MsalNode {
|
|
|
16
16
|
deviceCodeCallback: this.userPromptCallback,
|
|
17
17
|
scopes,
|
|
18
18
|
cancel: false,
|
|
19
|
-
correlationId: options
|
|
20
|
-
authority: options
|
|
21
|
-
claims: options
|
|
19
|
+
correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
|
|
20
|
+
authority: options === null || options === void 0 ? void 0 : options.authority,
|
|
21
|
+
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
22
22
|
};
|
|
23
|
-
const promise = this.getApp("public", options
|
|
24
|
-
const deviceResponse = await this.withCancellation(promise, options
|
|
23
|
+
const promise = this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenByDeviceCode(requestOptions);
|
|
24
|
+
const deviceResponse = await this.withCancellation(promise, options === null || options === void 0 ? void 0 : options.abortSignal, () => {
|
|
25
25
|
requestOptions.cancel = true;
|
|
26
26
|
});
|
|
27
27
|
return this.handleResult(scopes, this.clientId, deviceResponse || undefined);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"msalDeviceCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalDeviceCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAa7D;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAG1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACvD,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,cAAc,GAA+B;gBACjD,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM;gBACN,MAAM,EAAE,KAAK;gBACb,aAAa,EAAE,OAAO,
|
|
1
|
+
{"version":3,"file":"msalDeviceCode.js","sourceRoot":"","sources":["../../../../src/msal/nodeFlows/msalDeviceCode.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAGlC,OAAO,EAAE,QAAQ,EAAmB,MAAM,kBAAkB,CAAC;AAa7D;;;GAGG;AACH,MAAM,OAAO,cAAe,SAAQ,QAAQ;IAG1C,YAAY,OAA8B;QACxC,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IACvD,CAAC;IAES,KAAK,CAAC,UAAU,CACxB,MAAgB,EAChB,OAAuC;QAEvC,IAAI;YACF,MAAM,cAAc,GAA+B;gBACjD,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,MAAM;gBACN,MAAM,EAAE,KAAK;gBACb,aAAa,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,aAAa;gBACrC,SAAS,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS;gBAC7B,MAAM,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM;aACxB,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC,CAAC,wBAAwB,CAChF,cAAc,CACf,CAAC;YACF,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,EAAE,GAAG,EAAE;gBACrF,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC;YAC/B,CAAC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,EAAE,cAAc,IAAI,SAAS,CAAC,CAAC;SAC9E;QAAC,OAAO,KAAU,EAAE;YACnB,MAAM,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;SAChD;IACH,CAAC;CACF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT license.\n\nimport * as msalNode from \"@azure/msal-node\";\nimport { MsalNode, MsalNodeOptions } from \"./msalNodeCommon\";\nimport { AccessToken } from \"@azure/core-auth\";\nimport { CredentialFlowGetTokenOptions } from \"../credentials\";\nimport { DeviceCodePromptCallback } from \"../../credentials/deviceCodeCredentialOptions\";\n\n/**\n * Options that can be passed to configure MSAL to handle authentication through device codes.\n * @internal\n */\nexport interface MsalDeviceCodeOptions extends MsalNodeOptions {\n userPromptCallback: DeviceCodePromptCallback;\n}\n\n/**\n * MSAL device code client. Calls to the MSAL's public application's `acquireTokenByDeviceCode` during `doGetToken`.\n * @internal\n */\nexport class MsalDeviceCode extends MsalNode {\n private userPromptCallback: DeviceCodePromptCallback;\n\n constructor(options: MsalDeviceCodeOptions) {\n super(options);\n this.userPromptCallback = options.userPromptCallback;\n }\n\n protected async doGetToken(\n scopes: string[],\n options?: CredentialFlowGetTokenOptions,\n ): Promise<AccessToken> {\n try {\n const requestOptions: msalNode.DeviceCodeRequest = {\n deviceCodeCallback: this.userPromptCallback,\n scopes,\n cancel: false,\n correlationId: options?.correlationId,\n authority: options?.authority,\n claims: options?.claims,\n };\n const promise = this.getApp(\"public\", options?.enableCae).acquireTokenByDeviceCode(\n requestOptions,\n );\n const deviceResponse = await this.withCancellation(promise, options?.abortSignal, () => {\n requestOptions.cancel = true;\n });\n return this.handleResult(scopes, this.clientId, deviceResponse || undefined);\n } catch (error: any) {\n throw this.handleError(scopes, error, options);\n }\n }\n}\n"]}
|
|
@@ -52,34 +52,29 @@ export const msalNodeFlowNativeBrokerControl = {
|
|
|
52
52
|
*/
|
|
53
53
|
export class MsalNode extends MsalBaseUtilities {
|
|
54
54
|
constructor(options) {
|
|
55
|
+
var _a, _b, _c, _d, _e, _f, _g;
|
|
55
56
|
super(options);
|
|
56
57
|
this.app = {};
|
|
57
58
|
this.caeApp = {};
|
|
58
59
|
this.requiresConfidential = false;
|
|
59
60
|
this.msalConfig = this.defaultNodeMsalConfig(options);
|
|
60
61
|
this.tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
|
|
61
|
-
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds(options
|
|
62
|
+
this.additionallyAllowedTenantIds = resolveAdditionallyAllowedTenantIds((_a = options === null || options === void 0 ? void 0 : options.tokenCredentialOptions) === null || _a === void 0 ? void 0 : _a.additionallyAllowedTenants);
|
|
62
63
|
this.clientId = this.msalConfig.auth.clientId;
|
|
63
|
-
if (options
|
|
64
|
+
if (options === null || options === void 0 ? void 0 : options.getAssertion) {
|
|
64
65
|
this.getAssertion = options.getAssertion;
|
|
65
66
|
}
|
|
66
|
-
this.enableBroker = options
|
|
67
|
-
this.enableMsaPassthrough = options
|
|
68
|
-
this.parentWindowHandle = options.brokerOptions
|
|
67
|
+
this.enableBroker = (_b = options === null || options === void 0 ? void 0 : options.brokerOptions) === null || _b === void 0 ? void 0 : _b.enabled;
|
|
68
|
+
this.enableMsaPassthrough = (_c = options === null || options === void 0 ? void 0 : options.brokerOptions) === null || _c === void 0 ? void 0 : _c.legacyEnableMsaPassthrough;
|
|
69
|
+
this.parentWindowHandle = (_d = options.brokerOptions) === null || _d === void 0 ? void 0 : _d.parentWindowHandle;
|
|
69
70
|
// If persistence has been configured
|
|
70
|
-
if (persistenceProvider !== undefined && options.tokenCachePersistenceOptions
|
|
71
|
-
const nonCaeOptions = {
|
|
72
|
-
|
|
73
|
-
...options.tokenCachePersistenceOptions,
|
|
74
|
-
};
|
|
75
|
-
const caeOptions = {
|
|
76
|
-
name: `${options.tokenCachePersistenceOptions.name}.${CACHE_CAE_SUFFIX}`,
|
|
77
|
-
...options.tokenCachePersistenceOptions,
|
|
78
|
-
};
|
|
71
|
+
if (persistenceProvider !== undefined && ((_e = options.tokenCachePersistenceOptions) === null || _e === void 0 ? void 0 : _e.enabled)) {
|
|
72
|
+
const nonCaeOptions = Object.assign({ name: `${options.tokenCachePersistenceOptions.name}.${CACHE_NON_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions);
|
|
73
|
+
const caeOptions = Object.assign({ name: `${options.tokenCachePersistenceOptions.name}.${CACHE_CAE_SUFFIX}` }, options.tokenCachePersistenceOptions);
|
|
79
74
|
this.createCachePlugin = () => persistenceProvider(nonCaeOptions);
|
|
80
75
|
this.createCachePluginCae = () => persistenceProvider(caeOptions);
|
|
81
76
|
}
|
|
82
|
-
else if (options.tokenCachePersistenceOptions
|
|
77
|
+
else if ((_f = options.tokenCachePersistenceOptions) === null || _f === void 0 ? void 0 : _f.enabled) {
|
|
83
78
|
throw new Error([
|
|
84
79
|
"Persistent token caching was requested, but no persistence provider was configured.",
|
|
85
80
|
"You must install the identity-cache-persistence plugin package (`npm install --save @azure/identity-cache-persistence`)",
|
|
@@ -96,7 +91,7 @@ export class MsalNode extends MsalBaseUtilities {
|
|
|
96
91
|
"`useIdentityPlugin(createNativeBrokerPlugin())` before using `enableBroker`.",
|
|
97
92
|
].join(" "));
|
|
98
93
|
}
|
|
99
|
-
this.azureRegion = options.regionalAuthority
|
|
94
|
+
this.azureRegion = (_g = options.regionalAuthority) !== null && _g !== void 0 ? _g : process.env.AZURE_REGIONAL_AUTHORITY_NAME;
|
|
100
95
|
if (this.azureRegion === RegionalAuthority.AutoDiscoverRegion) {
|
|
101
96
|
this.azureRegion = "AUTO_DISCOVER";
|
|
102
97
|
}
|
|
@@ -105,15 +100,12 @@ export class MsalNode extends MsalBaseUtilities {
|
|
|
105
100
|
* Generates a MSAL configuration that generally works for Node.js
|
|
106
101
|
*/
|
|
107
102
|
defaultNodeMsalConfig(options) {
|
|
103
|
+
var _a;
|
|
108
104
|
const clientId = options.clientId || DeveloperSignOnClientId;
|
|
109
105
|
const tenantId = resolveTenantId(options.logger, options.tenantId, options.clientId);
|
|
110
106
|
this.authorityHost = options.authorityHost || process.env.AZURE_AUTHORITY_HOST;
|
|
111
107
|
const authority = getAuthority(tenantId, this.authorityHost);
|
|
112
|
-
this.identityClient = new IdentityClient({
|
|
113
|
-
...options.tokenCredentialOptions,
|
|
114
|
-
authorityHost: authority,
|
|
115
|
-
loggingOptions: options.loggingOptions,
|
|
116
|
-
});
|
|
108
|
+
this.identityClient = new IdentityClient(Object.assign(Object.assign({}, options.tokenCredentialOptions), { authorityHost: authority, loggingOptions: options.loggingOptions }));
|
|
117
109
|
const clientCapabilities = [];
|
|
118
110
|
return {
|
|
119
111
|
auth: {
|
|
@@ -128,7 +120,7 @@ export class MsalNode extends MsalBaseUtilities {
|
|
|
128
120
|
loggerOptions: {
|
|
129
121
|
loggerCallback: defaultLoggerCallback(options.logger),
|
|
130
122
|
logLevel: getMSALLogLevel(getLogLevel()),
|
|
131
|
-
piiLoggingEnabled: options.loggingOptions
|
|
123
|
+
piiLoggingEnabled: (_a = options.loggingOptions) === null || _a === void 0 ? void 0 : _a.enableUnsafeSupportLogging,
|
|
132
124
|
},
|
|
133
125
|
},
|
|
134
126
|
};
|
|
@@ -152,21 +144,21 @@ export class MsalNode extends MsalBaseUtilities {
|
|
|
152
144
|
* Prepares the MSAL applications.
|
|
153
145
|
*/
|
|
154
146
|
async init(options) {
|
|
155
|
-
if (options
|
|
147
|
+
if (options === null || options === void 0 ? void 0 : options.abortSignal) {
|
|
156
148
|
options.abortSignal.addEventListener("abort", () => {
|
|
157
149
|
// This will abort any pending request in the IdentityClient,
|
|
158
150
|
// based on the received or generated correlationId
|
|
159
151
|
this.identityClient.abortRequests(options.correlationId);
|
|
160
152
|
});
|
|
161
153
|
}
|
|
162
|
-
const app = options
|
|
163
|
-
if (options
|
|
154
|
+
const app = (options === null || options === void 0 ? void 0 : options.enableCae) ? this.caeApp : this.app;
|
|
155
|
+
if (options === null || options === void 0 ? void 0 : options.enableCae) {
|
|
164
156
|
this.msalConfig.auth.clientCapabilities = ["cp1"];
|
|
165
157
|
}
|
|
166
158
|
if (app.public || app.confidential) {
|
|
167
159
|
return;
|
|
168
160
|
}
|
|
169
|
-
if (options
|
|
161
|
+
if ((options === null || options === void 0 ? void 0 : options.enableCae) && this.createCachePluginCae !== undefined) {
|
|
170
162
|
this.msalConfig.cache = {
|
|
171
163
|
cachePlugin: await this.createCachePluginCae(),
|
|
172
164
|
};
|
|
@@ -185,7 +177,7 @@ export class MsalNode extends MsalBaseUtilities {
|
|
|
185
177
|
this.logger.warning("Parent window handle is not specified for the broker. This may cause unexpected behavior. Please provide the parentWindowHandle.");
|
|
186
178
|
}
|
|
187
179
|
}
|
|
188
|
-
if (options
|
|
180
|
+
if (options === null || options === void 0 ? void 0 : options.enableCae) {
|
|
189
181
|
this.caeApp.public = new msalNode.PublicClientApplication(this.msalConfig);
|
|
190
182
|
}
|
|
191
183
|
else {
|
|
@@ -198,7 +190,7 @@ export class MsalNode extends MsalBaseUtilities {
|
|
|
198
190
|
if (this.msalConfig.auth.clientSecret ||
|
|
199
191
|
this.msalConfig.auth.clientAssertion ||
|
|
200
192
|
this.msalConfig.auth.clientCertificate) {
|
|
201
|
-
if (options
|
|
193
|
+
if (options === null || options === void 0 ? void 0 : options.enableCae) {
|
|
202
194
|
this.caeApp.confidential = new msalNode.ConfidentialClientApplication(this.msalConfig);
|
|
203
195
|
}
|
|
204
196
|
else {
|
|
@@ -223,7 +215,7 @@ export class MsalNode extends MsalBaseUtilities {
|
|
|
223
215
|
.catch(reject);
|
|
224
216
|
if (abortSignal) {
|
|
225
217
|
abortSignal.addEventListener("abort", () => {
|
|
226
|
-
onCancel
|
|
218
|
+
onCancel === null || onCancel === void 0 ? void 0 : onCancel();
|
|
227
219
|
});
|
|
228
220
|
}
|
|
229
221
|
});
|
|
@@ -236,7 +228,7 @@ export class MsalNode extends MsalBaseUtilities {
|
|
|
236
228
|
return this.account;
|
|
237
229
|
}
|
|
238
230
|
const cache = this.getApp("confidentialFirst", enableCae).getTokenCache();
|
|
239
|
-
const accountsByTenant = await cache
|
|
231
|
+
const accountsByTenant = await (cache === null || cache === void 0 ? void 0 : cache.getAllAccounts());
|
|
240
232
|
if (!accountsByTenant) {
|
|
241
233
|
return;
|
|
242
234
|
}
|
|
@@ -258,7 +250,8 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
258
250
|
* Attempts to retrieve a token from cache.
|
|
259
251
|
*/
|
|
260
252
|
async getTokenSilent(scopes, options) {
|
|
261
|
-
|
|
253
|
+
var _a, _b, _c;
|
|
254
|
+
await this.getActiveAccount(options === null || options === void 0 ? void 0 : options.enableCae);
|
|
262
255
|
if (!this.account) {
|
|
263
256
|
throw new AuthenticationRequiredError({
|
|
264
257
|
scopes,
|
|
@@ -269,10 +262,10 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
269
262
|
const silentRequest = {
|
|
270
263
|
// To be able to re-use the account, the Token Cache must also have been provided.
|
|
271
264
|
account: publicToMsal(this.account),
|
|
272
|
-
correlationId: options
|
|
265
|
+
correlationId: options === null || options === void 0 ? void 0 : options.correlationId,
|
|
273
266
|
scopes,
|
|
274
|
-
authority: options
|
|
275
|
-
claims: options
|
|
267
|
+
authority: options === null || options === void 0 ? void 0 : options.authority,
|
|
268
|
+
claims: options === null || options === void 0 ? void 0 : options.claims,
|
|
276
269
|
};
|
|
277
270
|
if (hasNativeBroker() && this.enableBroker) {
|
|
278
271
|
if (!silentRequest.tokenQueryParameters) {
|
|
@@ -294,10 +287,8 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
294
287
|
* `authenticationRecord` parameter. See issue - https://github.com/Azure/azure-sdk-for-js/issues/24349#issuecomment-1496715651
|
|
295
288
|
* This workaround serves as a workaround for silent authentication not happening when authenticationRecord is passed.
|
|
296
289
|
*/
|
|
297
|
-
await this.getApp("publicFirst", options
|
|
298
|
-
|
|
299
|
-
.getAllAccounts();
|
|
300
|
-
const response = (await this.getApp("confidential", options?.enableCae)?.acquireTokenSilent(silentRequest)) ?? (await this.getApp("public", options?.enableCae).acquireTokenSilent(silentRequest));
|
|
290
|
+
await ((_a = this.getApp("publicFirst", options === null || options === void 0 ? void 0 : options.enableCae)) === null || _a === void 0 ? void 0 : _a.getTokenCache().getAllAccounts());
|
|
291
|
+
const response = (_c = (await ((_b = this.getApp("confidential", options === null || options === void 0 ? void 0 : options.enableCae)) === null || _b === void 0 ? void 0 : _b.acquireTokenSilent(silentRequest)))) !== null && _c !== void 0 ? _c : (await this.getApp("public", options === null || options === void 0 ? void 0 : options.enableCae).acquireTokenSilent(silentRequest));
|
|
301
292
|
return this.handleResult(scopes, this.clientId, response || undefined);
|
|
302
293
|
}
|
|
303
294
|
catch (err) {
|
|
@@ -312,7 +303,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
312
303
|
const tenantId = processMultiTenantRequest(this.tenantId, options, this.additionallyAllowedTenantIds) ||
|
|
313
304
|
this.tenantId;
|
|
314
305
|
options.authority = getAuthority(tenantId, this.authorityHost);
|
|
315
|
-
options.correlationId = options
|
|
306
|
+
options.correlationId = (options === null || options === void 0 ? void 0 : options.correlationId) || this.generateUuid();
|
|
316
307
|
await this.init(options);
|
|
317
308
|
try {
|
|
318
309
|
// MSAL now caches tokens based on their claims,
|
|
@@ -332,7 +323,7 @@ To work with multiple accounts for the same Client ID and Tenant ID, please prov
|
|
|
332
323
|
if (err.name !== "AuthenticationRequiredError") {
|
|
333
324
|
throw err;
|
|
334
325
|
}
|
|
335
|
-
if (options
|
|
326
|
+
if (options === null || options === void 0 ? void 0 : options.disableAutomaticAuthentication) {
|
|
336
327
|
throw new AuthenticationRequiredError({
|
|
337
328
|
scopes,
|
|
338
329
|
getTokenOptions: options,
|