@azure/msal-browser 4.12.0 → 4.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientNext.mjs +1 -1
- package/dist/broker/nativeBroker/IPlatformAuthHandler.d.ts +12 -0
- package/dist/broker/nativeBroker/IPlatformAuthHandler.d.ts.map +1 -0
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts +30 -0
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -0
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +143 -0
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -0
- package/dist/broker/nativeBroker/{NativeMessageHandler.d.ts → PlatformAuthExtensionHandler.d.ts} +16 -16
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.d.ts.map +1 -0
- package/dist/broker/nativeBroker/{NativeMessageHandler.mjs → PlatformAuthExtensionHandler.mjs} +66 -58
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs.map +1 -0
- package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts +26 -0
- package/dist/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -0
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +108 -0
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -0
- package/dist/broker/nativeBroker/{NativeRequest.d.ts → PlatformAuthRequest.d.ts} +34 -3
- package/dist/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -0
- package/dist/broker/nativeBroker/{NativeResponse.d.ts → PlatformAuthResponse.d.ts} +24 -2
- package/dist/broker/nativeBroker/PlatformAuthResponse.d.ts.map +1 -0
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.d.ts +6 -2
- package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +17 -2
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/ControllerFactory.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.d.ts +2 -2
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +30 -29
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.d.ts +10 -1
- package/dist/event/EventMessage.d.ts.map +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventMessage.mjs.map +1 -1
- package/dist/event/EventType.d.ts +1 -0
- package/dist/event/EventType.d.ts.map +1 -1
- package/dist/event/EventType.mjs +2 -1
- package/dist/event/EventType.mjs.map +1 -1
- package/dist/index.d.ts +2 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.mjs +2 -1
- package/dist/index.mjs.map +1 -1
- package/dist/interaction_client/BaseInteractionClient.d.ts +3 -3
- package/dist/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +3 -3
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/{NativeInteractionClient.d.ts → PlatformAuthInteractionClient.d.ts} +21 -23
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -0
- package/dist/interaction_client/{NativeInteractionClient.mjs → PlatformAuthInteractionClient.mjs} +80 -111
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -0
- package/dist/interaction_client/PopupClient.d.ts +2 -2
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +7 -7
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts +2 -2
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +7 -8
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.d.ts +2 -2
- package/dist/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +3 -3
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts +2 -2
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +7 -8
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +4 -4
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +10 -9
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/utils/BrowserConstants.d.ts +8 -1
- package/dist/utils/BrowserConstants.d.ts.map +1 -1
- package/dist/utils/BrowserConstants.mjs +11 -4
- package/dist/utils/BrowserConstants.mjs.map +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/msal-browser.cjs +1539 -1318
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +1539 -1318
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +66 -66
- package/lib/types/broker/nativeBroker/IPlatformAuthHandler.d.ts +12 -0
- package/lib/types/broker/nativeBroker/IPlatformAuthHandler.d.ts.map +1 -0
- package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts +30 -0
- package/lib/types/broker/nativeBroker/PlatformAuthDOMHandler.d.ts.map +1 -0
- package/lib/types/broker/nativeBroker/{NativeMessageHandler.d.ts → PlatformAuthExtensionHandler.d.ts} +16 -16
- package/lib/types/broker/nativeBroker/PlatformAuthExtensionHandler.d.ts.map +1 -0
- package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts +26 -0
- package/lib/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -0
- package/lib/types/broker/nativeBroker/{NativeRequest.d.ts → PlatformAuthRequest.d.ts} +34 -3
- package/lib/types/broker/nativeBroker/PlatformAuthRequest.d.ts.map +1 -0
- package/lib/types/broker/nativeBroker/{NativeResponse.d.ts → PlatformAuthResponse.d.ts} +24 -2
- package/lib/types/broker/nativeBroker/PlatformAuthResponse.d.ts.map +1 -0
- package/lib/types/cache/BrowserCacheManager.d.ts +6 -2
- package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts +2 -2
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/event/EventMessage.d.ts +10 -1
- package/lib/types/event/EventMessage.d.ts.map +1 -1
- package/lib/types/event/EventType.d.ts +1 -0
- package/lib/types/event/EventType.d.ts.map +1 -1
- package/lib/types/index.d.ts +2 -1
- package/lib/types/index.d.ts.map +1 -1
- package/lib/types/interaction_client/BaseInteractionClient.d.ts +3 -3
- package/lib/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/{NativeInteractionClient.d.ts → PlatformAuthInteractionClient.d.ts} +21 -23
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -0
- package/lib/types/interaction_client/PopupClient.d.ts +2 -2
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts +2 -2
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentAuthCodeClient.d.ts +2 -2
- package/lib/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts +2 -2
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts +4 -4
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/utils/BrowserConstants.d.ts +8 -1
- package/lib/types/utils/BrowserConstants.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/broker/nativeBroker/IPlatformAuthHandler.ts +17 -0
- package/src/broker/nativeBroker/PlatformAuthDOMHandler.ts +248 -0
- package/src/broker/nativeBroker/{NativeMessageHandler.ts → PlatformAuthExtensionHandler.ts} +90 -79
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +164 -0
- package/src/broker/nativeBroker/{NativeRequest.ts → PlatformAuthRequest.ts} +41 -2
- package/src/broker/nativeBroker/{NativeResponse.ts → PlatformAuthResponse.ts} +25 -1
- package/src/cache/BrowserCacheManager.ts +27 -3
- package/src/controllers/StandardController.ts +51 -45
- package/src/event/EventMessage.ts +11 -0
- package/src/event/EventType.ts +1 -0
- package/src/index.ts +3 -0
- package/src/interaction_client/BaseInteractionClient.ts +4 -4
- package/src/interaction_client/{NativeInteractionClient.ts → PlatformAuthInteractionClient.ts} +136 -167
- package/src/interaction_client/PopupClient.ts +8 -7
- package/src/interaction_client/RedirectClient.ts +12 -12
- package/src/interaction_client/SilentAuthCodeClient.ts +3 -3
- package/src/interaction_client/SilentIframeClient.ts +12 -12
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +12 -10
- package/src/utils/BrowserConstants.ts +9 -1
- package/dist/broker/nativeBroker/NativeMessageHandler.d.ts.map +0 -1
- package/dist/broker/nativeBroker/NativeMessageHandler.mjs.map +0 -1
- package/dist/broker/nativeBroker/NativeRequest.d.ts.map +0 -1
- package/dist/broker/nativeBroker/NativeResponse.d.ts.map +0 -1
- package/dist/interaction_client/NativeInteractionClient.d.ts.map +0 -1
- package/dist/interaction_client/NativeInteractionClient.mjs.map +0 -1
- package/lib/types/broker/nativeBroker/NativeMessageHandler.d.ts.map +0 -1
- package/lib/types/broker/nativeBroker/NativeRequest.d.ts.map +0 -1
- package/lib/types/broker/nativeBroker/NativeResponse.d.ts.map +0 -1
- package/lib/types/interaction_client/NativeInteractionClient.d.ts.map +0 -1
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
6
|
import {
|
|
7
|
-
|
|
7
|
+
PlatformAuthConstants,
|
|
8
8
|
NativeExtensionMethod,
|
|
9
9
|
} from "../../utils/BrowserConstants.js";
|
|
10
10
|
import {
|
|
@@ -12,7 +12,6 @@ import {
|
|
|
12
12
|
AuthError,
|
|
13
13
|
createAuthError,
|
|
14
14
|
AuthErrorCodes,
|
|
15
|
-
AuthenticationScheme,
|
|
16
15
|
InProgressPerformanceEvent,
|
|
17
16
|
PerformanceEvents,
|
|
18
17
|
IPerformanceClient,
|
|
@@ -20,14 +19,16 @@ import {
|
|
|
20
19
|
import {
|
|
21
20
|
NativeExtensionRequest,
|
|
22
21
|
NativeExtensionRequestBody,
|
|
23
|
-
|
|
22
|
+
PlatformAuthRequest,
|
|
23
|
+
} from "./PlatformAuthRequest.js";
|
|
24
24
|
import { createNativeAuthError } from "../../error/NativeAuthError.js";
|
|
25
25
|
import {
|
|
26
26
|
createBrowserAuthError,
|
|
27
27
|
BrowserAuthErrorCodes,
|
|
28
28
|
} from "../../error/BrowserAuthError.js";
|
|
29
|
-
import { BrowserConfiguration } from "../../config/Configuration.js";
|
|
30
29
|
import { createNewGuid } from "../../crypto/BrowserCrypto.js";
|
|
30
|
+
import { PlatformAuthResponse } from "./PlatformAuthResponse.js";
|
|
31
|
+
import { IPlatformAuthHandler } from "./IPlatformAuthHandler.js";
|
|
31
32
|
|
|
32
33
|
type ResponseResolvers<T> = {
|
|
33
34
|
resolve: (value: T | PromiseLike<T>) => void;
|
|
@@ -36,7 +37,7 @@ type ResponseResolvers<T> = {
|
|
|
36
37
|
) => void;
|
|
37
38
|
};
|
|
38
39
|
|
|
39
|
-
export class
|
|
40
|
+
export class PlatformAuthExtensionHandler implements IPlatformAuthHandler {
|
|
40
41
|
private extensionId: string | undefined;
|
|
41
42
|
private extensionVersion: string | undefined;
|
|
42
43
|
private logger: Logger;
|
|
@@ -48,6 +49,7 @@ export class NativeMessageHandler {
|
|
|
48
49
|
private readonly windowListener: (event: MessageEvent) => void;
|
|
49
50
|
private readonly performanceClient: IPerformanceClient;
|
|
50
51
|
private readonly handshakeEvent: InProgressPerformanceEvent;
|
|
52
|
+
platformAuthType: string;
|
|
51
53
|
|
|
52
54
|
constructor(
|
|
53
55
|
logger: Logger,
|
|
@@ -66,34 +68,51 @@ export class NativeMessageHandler {
|
|
|
66
68
|
this.handshakeEvent = performanceClient.startMeasurement(
|
|
67
69
|
PerformanceEvents.NativeMessageHandlerHandshake
|
|
68
70
|
);
|
|
71
|
+
this.platformAuthType =
|
|
72
|
+
PlatformAuthConstants.PLATFORM_EXTENSION_PROVIDER;
|
|
69
73
|
}
|
|
70
74
|
|
|
71
75
|
/**
|
|
72
76
|
* Sends a given message to the extension and resolves with the extension response
|
|
73
|
-
* @param
|
|
77
|
+
* @param request
|
|
74
78
|
*/
|
|
75
|
-
async sendMessage(
|
|
76
|
-
|
|
79
|
+
async sendMessage(
|
|
80
|
+
request: PlatformAuthRequest
|
|
81
|
+
): Promise<PlatformAuthResponse> {
|
|
82
|
+
this.logger.trace(this.platformAuthType + " - sendMessage called.");
|
|
83
|
+
|
|
84
|
+
// fall back to native calls
|
|
85
|
+
const messageBody: NativeExtensionRequestBody = {
|
|
86
|
+
method: NativeExtensionMethod.GetToken,
|
|
87
|
+
request: request,
|
|
88
|
+
};
|
|
89
|
+
|
|
77
90
|
const req: NativeExtensionRequest = {
|
|
78
|
-
channel:
|
|
91
|
+
channel: PlatformAuthConstants.CHANNEL_ID,
|
|
79
92
|
extensionId: this.extensionId,
|
|
80
93
|
responseId: createNewGuid(),
|
|
81
|
-
body:
|
|
94
|
+
body: messageBody,
|
|
82
95
|
};
|
|
83
96
|
|
|
84
97
|
this.logger.trace(
|
|
85
|
-
"
|
|
98
|
+
this.platformAuthType + " - Sending request to browser extension"
|
|
86
99
|
);
|
|
87
100
|
this.logger.tracePii(
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
101
|
+
this.platformAuthType +
|
|
102
|
+
` - Sending request to browser extension: ${JSON.stringify(
|
|
103
|
+
req
|
|
104
|
+
)}`
|
|
91
105
|
);
|
|
92
106
|
this.messageChannel.port1.postMessage(req);
|
|
93
107
|
|
|
94
|
-
|
|
108
|
+
const response: object = await new Promise((resolve, reject) => {
|
|
95
109
|
this.resolvers.set(req.responseId, { resolve, reject });
|
|
96
110
|
});
|
|
111
|
+
|
|
112
|
+
const validatedResponse: PlatformAuthResponse =
|
|
113
|
+
this.validatePlatformBrokerResponse(response);
|
|
114
|
+
|
|
115
|
+
return validatedResponse;
|
|
97
116
|
}
|
|
98
117
|
|
|
99
118
|
/**
|
|
@@ -107,20 +126,21 @@ export class NativeMessageHandler {
|
|
|
107
126
|
logger: Logger,
|
|
108
127
|
handshakeTimeoutMs: number,
|
|
109
128
|
performanceClient: IPerformanceClient
|
|
110
|
-
): Promise<
|
|
111
|
-
logger.trace("
|
|
129
|
+
): Promise<PlatformAuthExtensionHandler> {
|
|
130
|
+
logger.trace("PlatformAuthExtensionHandler - createProvider called.");
|
|
131
|
+
|
|
112
132
|
try {
|
|
113
|
-
const preferredProvider = new
|
|
133
|
+
const preferredProvider = new PlatformAuthExtensionHandler(
|
|
114
134
|
logger,
|
|
115
135
|
handshakeTimeoutMs,
|
|
116
136
|
performanceClient,
|
|
117
|
-
|
|
137
|
+
PlatformAuthConstants.PREFERRED_EXTENSION_ID
|
|
118
138
|
);
|
|
119
139
|
await preferredProvider.sendHandshakeRequest();
|
|
120
140
|
return preferredProvider;
|
|
121
141
|
} catch (e) {
|
|
122
142
|
// If preferred extension fails for whatever reason, fallback to using any installed extension
|
|
123
|
-
const backupProvider = new
|
|
143
|
+
const backupProvider = new PlatformAuthExtensionHandler(
|
|
124
144
|
logger,
|
|
125
145
|
handshakeTimeoutMs,
|
|
126
146
|
performanceClient
|
|
@@ -135,13 +155,13 @@ export class NativeMessageHandler {
|
|
|
135
155
|
*/
|
|
136
156
|
private async sendHandshakeRequest(): Promise<void> {
|
|
137
157
|
this.logger.trace(
|
|
138
|
-
"
|
|
158
|
+
this.platformAuthType + " - sendHandshakeRequest called."
|
|
139
159
|
);
|
|
140
160
|
// Register this event listener before sending handshake
|
|
141
161
|
window.addEventListener("message", this.windowListener, false); // false is important, because content script message processing should work first
|
|
142
162
|
|
|
143
163
|
const req: NativeExtensionRequest = {
|
|
144
|
-
channel:
|
|
164
|
+
channel: PlatformAuthConstants.CHANNEL_ID,
|
|
145
165
|
extensionId: this.extensionId,
|
|
146
166
|
responseId: createNewGuid(),
|
|
147
167
|
body: {
|
|
@@ -192,7 +212,7 @@ export class NativeMessageHandler {
|
|
|
192
212
|
* @param event
|
|
193
213
|
*/
|
|
194
214
|
private onWindowMessage(event: MessageEvent): void {
|
|
195
|
-
this.logger.trace("
|
|
215
|
+
this.logger.trace(this.platformAuthType + " - onWindowMessage called");
|
|
196
216
|
// We only accept messages from ourselves
|
|
197
217
|
if (event.source !== window) {
|
|
198
218
|
return;
|
|
@@ -202,7 +222,7 @@ export class NativeMessageHandler {
|
|
|
202
222
|
|
|
203
223
|
if (
|
|
204
224
|
!request.channel ||
|
|
205
|
-
request.channel !==
|
|
225
|
+
request.channel !== PlatformAuthConstants.CHANNEL_ID
|
|
206
226
|
) {
|
|
207
227
|
return;
|
|
208
228
|
}
|
|
@@ -221,7 +241,8 @@ export class NativeMessageHandler {
|
|
|
221
241
|
*/
|
|
222
242
|
if (!handshakeResolver) {
|
|
223
243
|
this.logger.trace(
|
|
224
|
-
|
|
244
|
+
this.platformAuthType +
|
|
245
|
+
`.onWindowMessage - resolver can't be found for request ${request.responseId}`
|
|
225
246
|
);
|
|
226
247
|
return;
|
|
227
248
|
}
|
|
@@ -253,7 +274,9 @@ export class NativeMessageHandler {
|
|
|
253
274
|
* @param event
|
|
254
275
|
*/
|
|
255
276
|
private onChannelMessage(event: MessageEvent): void {
|
|
256
|
-
this.logger.trace(
|
|
277
|
+
this.logger.trace(
|
|
278
|
+
this.platformAuthType + " - onChannelMessage called."
|
|
279
|
+
);
|
|
257
280
|
const request = event.data;
|
|
258
281
|
|
|
259
282
|
const resolver = this.resolvers.get(request.responseId);
|
|
@@ -270,12 +293,14 @@ export class NativeMessageHandler {
|
|
|
270
293
|
}
|
|
271
294
|
const response = request.body.response;
|
|
272
295
|
this.logger.trace(
|
|
273
|
-
|
|
296
|
+
this.platformAuthType +
|
|
297
|
+
" - Received response from browser extension"
|
|
274
298
|
);
|
|
275
299
|
this.logger.tracePii(
|
|
276
|
-
|
|
277
|
-
response
|
|
278
|
-
|
|
300
|
+
this.platformAuthType +
|
|
301
|
+
` - Received response from browser extension: ${JSON.stringify(
|
|
302
|
+
response
|
|
303
|
+
)}`
|
|
279
304
|
);
|
|
280
305
|
if (response.status !== "Success") {
|
|
281
306
|
resolver.reject(
|
|
@@ -310,7 +335,8 @@ export class NativeMessageHandler {
|
|
|
310
335
|
} else if (method === NativeExtensionMethod.HandshakeResponse) {
|
|
311
336
|
if (!handshakeResolver) {
|
|
312
337
|
this.logger.trace(
|
|
313
|
-
|
|
338
|
+
this.platformAuthType +
|
|
339
|
+
`.onChannelMessage - resolver can't be found for request ${request.responseId}`
|
|
314
340
|
);
|
|
315
341
|
return;
|
|
316
342
|
}
|
|
@@ -323,7 +349,8 @@ export class NativeMessageHandler {
|
|
|
323
349
|
this.extensionId = request.extensionId;
|
|
324
350
|
this.extensionVersion = request.body.version;
|
|
325
351
|
this.logger.verbose(
|
|
326
|
-
|
|
352
|
+
this.platformAuthType +
|
|
353
|
+
` - Received HandshakeResponse from extension: ${this.extensionId}`
|
|
327
354
|
);
|
|
328
355
|
this.handshakeEvent.end({
|
|
329
356
|
extensionInstalled: true,
|
|
@@ -349,6 +376,30 @@ export class NativeMessageHandler {
|
|
|
349
376
|
}
|
|
350
377
|
}
|
|
351
378
|
|
|
379
|
+
/**
|
|
380
|
+
* Validates native platform response before processing
|
|
381
|
+
* @param response
|
|
382
|
+
*/
|
|
383
|
+
private validatePlatformBrokerResponse(
|
|
384
|
+
response: object
|
|
385
|
+
): PlatformAuthResponse {
|
|
386
|
+
if (
|
|
387
|
+
response.hasOwnProperty("access_token") &&
|
|
388
|
+
response.hasOwnProperty("id_token") &&
|
|
389
|
+
response.hasOwnProperty("client_info") &&
|
|
390
|
+
response.hasOwnProperty("account") &&
|
|
391
|
+
response.hasOwnProperty("scope") &&
|
|
392
|
+
response.hasOwnProperty("expires_in")
|
|
393
|
+
) {
|
|
394
|
+
return response as PlatformAuthResponse;
|
|
395
|
+
} else {
|
|
396
|
+
throw createAuthError(
|
|
397
|
+
AuthErrorCodes.unexpectedError,
|
|
398
|
+
"Response missing expected properties."
|
|
399
|
+
);
|
|
400
|
+
}
|
|
401
|
+
}
|
|
402
|
+
|
|
352
403
|
/**
|
|
353
404
|
* Returns the Id for the browser extension this handler is communicating with
|
|
354
405
|
* @returns
|
|
@@ -365,52 +416,12 @@ export class NativeMessageHandler {
|
|
|
365
416
|
return this.extensionVersion;
|
|
366
417
|
}
|
|
367
418
|
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
static isPlatformBrokerAvailable(
|
|
376
|
-
config: BrowserConfiguration,
|
|
377
|
-
logger: Logger,
|
|
378
|
-
nativeExtensionProvider?: NativeMessageHandler,
|
|
379
|
-
authenticationScheme?: AuthenticationScheme
|
|
380
|
-
): boolean {
|
|
381
|
-
logger.trace("isPlatformBrokerAvailable called");
|
|
382
|
-
if (!config.system.allowPlatformBroker) {
|
|
383
|
-
logger.trace(
|
|
384
|
-
"isPlatformBrokerAvailable: allowPlatformBroker is not enabled, returning false"
|
|
385
|
-
);
|
|
386
|
-
// Developer disabled WAM
|
|
387
|
-
return false;
|
|
388
|
-
}
|
|
389
|
-
|
|
390
|
-
if (!nativeExtensionProvider) {
|
|
391
|
-
logger.trace(
|
|
392
|
-
"isPlatformBrokerAvailable: Platform extension provider is not initialized, returning false"
|
|
393
|
-
);
|
|
394
|
-
// Extension is not available
|
|
395
|
-
return false;
|
|
396
|
-
}
|
|
397
|
-
|
|
398
|
-
if (authenticationScheme) {
|
|
399
|
-
switch (authenticationScheme) {
|
|
400
|
-
case AuthenticationScheme.BEARER:
|
|
401
|
-
case AuthenticationScheme.POP:
|
|
402
|
-
logger.trace(
|
|
403
|
-
"isPlatformBrokerAvailable: authenticationScheme is supported, returning true"
|
|
404
|
-
);
|
|
405
|
-
return true;
|
|
406
|
-
default:
|
|
407
|
-
logger.trace(
|
|
408
|
-
"isPlatformBrokerAvailable: authenticationScheme is not supported, returning false"
|
|
409
|
-
);
|
|
410
|
-
return false;
|
|
411
|
-
}
|
|
412
|
-
}
|
|
413
|
-
|
|
414
|
-
return true;
|
|
419
|
+
getExtensionName(): string | undefined {
|
|
420
|
+
return this.getExtensionId() ===
|
|
421
|
+
PlatformAuthConstants.PREFERRED_EXTENSION_ID
|
|
422
|
+
? "chrome"
|
|
423
|
+
: this.getExtensionId()?.length
|
|
424
|
+
? "unknown"
|
|
425
|
+
: undefined;
|
|
415
426
|
}
|
|
416
427
|
}
|
|
@@ -0,0 +1,164 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
import {
|
|
7
|
+
LoggerOptions,
|
|
8
|
+
IPerformanceClient,
|
|
9
|
+
Logger,
|
|
10
|
+
AuthenticationScheme,
|
|
11
|
+
StubPerformanceClient,
|
|
12
|
+
} from "@azure/msal-common/browser";
|
|
13
|
+
import { name, version } from "../../packageMetadata.js";
|
|
14
|
+
import {
|
|
15
|
+
BrowserConfiguration,
|
|
16
|
+
DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
|
|
17
|
+
} from "../../config/Configuration.js";
|
|
18
|
+
import { PlatformAuthExtensionHandler } from "./PlatformAuthExtensionHandler.js";
|
|
19
|
+
import { IPlatformAuthHandler } from "./IPlatformAuthHandler.js";
|
|
20
|
+
import { PlatformAuthDOMHandler } from "./PlatformAuthDOMHandler.js";
|
|
21
|
+
import { createNewGuid } from "../../crypto/BrowserCrypto.js";
|
|
22
|
+
import {
|
|
23
|
+
BrowserCacheLocation,
|
|
24
|
+
PLATFORM_AUTH_DOM_SUPPORT,
|
|
25
|
+
} from "../../utils/BrowserConstants.js";
|
|
26
|
+
|
|
27
|
+
/**
|
|
28
|
+
* Checks if the platform broker is available in the current environment.
|
|
29
|
+
* @param loggerOptions
|
|
30
|
+
* @param perfClient
|
|
31
|
+
* @returns
|
|
32
|
+
*/
|
|
33
|
+
export async function isPlatformBrokerAvailable(
|
|
34
|
+
loggerOptions?: LoggerOptions,
|
|
35
|
+
perfClient?: IPerformanceClient,
|
|
36
|
+
correlationId?: string
|
|
37
|
+
): Promise<boolean> {
|
|
38
|
+
const logger = new Logger(loggerOptions || {}, name, version);
|
|
39
|
+
|
|
40
|
+
logger.trace("isPlatformBrokerAvailable called");
|
|
41
|
+
|
|
42
|
+
const performanceClient = perfClient || new StubPerformanceClient();
|
|
43
|
+
|
|
44
|
+
if (typeof window === "undefined") {
|
|
45
|
+
logger.trace("Non-browser environment detected, returning false");
|
|
46
|
+
return false;
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
return !!(await getPlatformAuthProvider(
|
|
50
|
+
logger,
|
|
51
|
+
performanceClient,
|
|
52
|
+
correlationId || createNewGuid()
|
|
53
|
+
));
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
export async function getPlatformAuthProvider(
|
|
57
|
+
logger: Logger,
|
|
58
|
+
performanceClient: IPerformanceClient,
|
|
59
|
+
correlationId: string,
|
|
60
|
+
nativeBrokerHandshakeTimeout?: number
|
|
61
|
+
): Promise<IPlatformAuthHandler | undefined> {
|
|
62
|
+
logger.trace("getPlatformAuthProvider called", correlationId);
|
|
63
|
+
|
|
64
|
+
const enablePlatformBrokerDOMSupport = isDomEnabledForPlatformAuth();
|
|
65
|
+
|
|
66
|
+
logger.trace(
|
|
67
|
+
"Has client allowed platform auth via DOM API: " +
|
|
68
|
+
enablePlatformBrokerDOMSupport
|
|
69
|
+
);
|
|
70
|
+
let platformAuthProvider: IPlatformAuthHandler | undefined;
|
|
71
|
+
try {
|
|
72
|
+
if (enablePlatformBrokerDOMSupport) {
|
|
73
|
+
// Check if DOM platform API is supported first
|
|
74
|
+
platformAuthProvider = await PlatformAuthDOMHandler.createProvider(
|
|
75
|
+
logger,
|
|
76
|
+
performanceClient,
|
|
77
|
+
correlationId
|
|
78
|
+
);
|
|
79
|
+
}
|
|
80
|
+
if (!platformAuthProvider) {
|
|
81
|
+
logger.trace(
|
|
82
|
+
"Platform auth via DOM API not available, checking for extension"
|
|
83
|
+
);
|
|
84
|
+
/*
|
|
85
|
+
* If DOM APIs are not available, check if browser extension is available.
|
|
86
|
+
* Platform authentication via DOM APIs is preferred over extension APIs.
|
|
87
|
+
*/
|
|
88
|
+
platformAuthProvider =
|
|
89
|
+
await PlatformAuthExtensionHandler.createProvider(
|
|
90
|
+
logger,
|
|
91
|
+
nativeBrokerHandshakeTimeout ||
|
|
92
|
+
DEFAULT_NATIVE_BROKER_HANDSHAKE_TIMEOUT_MS,
|
|
93
|
+
performanceClient
|
|
94
|
+
);
|
|
95
|
+
}
|
|
96
|
+
} catch (e) {
|
|
97
|
+
logger.trace("Platform auth not available", e as string);
|
|
98
|
+
}
|
|
99
|
+
return platformAuthProvider;
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
/**
|
|
103
|
+
* Returns true if the DOM API support for platform auth is enabled in session storage
|
|
104
|
+
* @returns boolean
|
|
105
|
+
* @deprecated
|
|
106
|
+
*/
|
|
107
|
+
export function isDomEnabledForPlatformAuth(): boolean {
|
|
108
|
+
let sessionStorage: Storage | undefined;
|
|
109
|
+
try {
|
|
110
|
+
sessionStorage = window[BrowserCacheLocation.SessionStorage];
|
|
111
|
+
// Mute errors if it's a non-browser environment or cookies are blocked.
|
|
112
|
+
return sessionStorage?.getItem(PLATFORM_AUTH_DOM_SUPPORT) === "true";
|
|
113
|
+
} catch (e) {
|
|
114
|
+
return false;
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
/**
|
|
119
|
+
* Returns boolean indicating whether or not the request should attempt to use native broker
|
|
120
|
+
* @param logger
|
|
121
|
+
* @param config
|
|
122
|
+
* @param platformAuthProvider
|
|
123
|
+
* @param authenticationScheme
|
|
124
|
+
*/
|
|
125
|
+
export function isPlatformAuthAllowed(
|
|
126
|
+
config: BrowserConfiguration,
|
|
127
|
+
logger: Logger,
|
|
128
|
+
platformAuthProvider?: IPlatformAuthHandler,
|
|
129
|
+
authenticationScheme?: AuthenticationScheme
|
|
130
|
+
): boolean {
|
|
131
|
+
logger.trace("isBrokerAvailable called");
|
|
132
|
+
if (!config.system.allowPlatformBroker) {
|
|
133
|
+
logger.trace(
|
|
134
|
+
"isBrokerAvailable: allowPlatformBroker is not enabled, returning false"
|
|
135
|
+
);
|
|
136
|
+
// Developer disabled WAM
|
|
137
|
+
return false;
|
|
138
|
+
}
|
|
139
|
+
|
|
140
|
+
if (!platformAuthProvider) {
|
|
141
|
+
logger.trace(
|
|
142
|
+
"isBrokerAvailable: Platform auth provider is not initialized, returning false"
|
|
143
|
+
);
|
|
144
|
+
// Platform broker auth providers are not available
|
|
145
|
+
return false;
|
|
146
|
+
}
|
|
147
|
+
|
|
148
|
+
if (authenticationScheme) {
|
|
149
|
+
switch (authenticationScheme) {
|
|
150
|
+
case AuthenticationScheme.BEARER:
|
|
151
|
+
case AuthenticationScheme.POP:
|
|
152
|
+
logger.trace(
|
|
153
|
+
"isBrokerAvailable: authenticationScheme is supported, returning true"
|
|
154
|
+
);
|
|
155
|
+
return true;
|
|
156
|
+
default:
|
|
157
|
+
logger.trace(
|
|
158
|
+
"isBrokerAvailable: authenticationScheme is not supported, returning false"
|
|
159
|
+
);
|
|
160
|
+
return false;
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
return true;
|
|
164
|
+
}
|
|
@@ -9,7 +9,7 @@ import { StoreInCache, StringDict } from "@azure/msal-common/browser";
|
|
|
9
9
|
/**
|
|
10
10
|
* Token request which native broker will use to acquire tokens
|
|
11
11
|
*/
|
|
12
|
-
export type
|
|
12
|
+
export type PlatformAuthRequest = {
|
|
13
13
|
accountId: string; // WAM specific account id used for identification of WAM account. This can be any broker-id eventually
|
|
14
14
|
clientId: string;
|
|
15
15
|
authority: string;
|
|
@@ -40,7 +40,7 @@ export type NativeTokenRequest = {
|
|
|
40
40
|
*/
|
|
41
41
|
export type NativeExtensionRequestBody = {
|
|
42
42
|
method: NativeExtensionMethod;
|
|
43
|
-
request?:
|
|
43
|
+
request?: PlatformAuthRequest;
|
|
44
44
|
};
|
|
45
45
|
|
|
46
46
|
/**
|
|
@@ -52,3 +52,42 @@ export type NativeExtensionRequest = {
|
|
|
52
52
|
extensionId?: string;
|
|
53
53
|
body: NativeExtensionRequestBody;
|
|
54
54
|
};
|
|
55
|
+
|
|
56
|
+
export type PlatformDOMTokenRequest = {
|
|
57
|
+
brokerId: string;
|
|
58
|
+
accountId?: string;
|
|
59
|
+
clientId: string;
|
|
60
|
+
authority: string;
|
|
61
|
+
scope: string;
|
|
62
|
+
redirectUri: string;
|
|
63
|
+
correlationId: string;
|
|
64
|
+
isSecurityTokenService: boolean;
|
|
65
|
+
state?: string;
|
|
66
|
+
/*
|
|
67
|
+
* Known optional parameters will go into extraQueryParameters.
|
|
68
|
+
* List of known parameters is:
|
|
69
|
+
* "prompt", "nonce", "claims", "loginHint", "instanceAware", "windowTitleSubstring", "extendedExpiryToken", "storeInCache",
|
|
70
|
+
* ProofOfPossessionParams: "reqCnf", "keyId", "tokenType", "shrClaims", "shrNonce", "resourceRequestMethod", "resourceRequestUri", "signPopToken"
|
|
71
|
+
*/
|
|
72
|
+
extraParameters?: DOMExtraParameters;
|
|
73
|
+
embeddedClientId?: string;
|
|
74
|
+
storeInCache?: StoreInCache; // Object of booleans indicating whether to store tokens in the cache or not (default is true)
|
|
75
|
+
};
|
|
76
|
+
|
|
77
|
+
export type DOMExtraParameters = StringDict & {
|
|
78
|
+
prompt?: string;
|
|
79
|
+
nonce?: string;
|
|
80
|
+
claims?: string;
|
|
81
|
+
loginHint?: string;
|
|
82
|
+
instanceAware?: string;
|
|
83
|
+
windowTitleSubstring?: string;
|
|
84
|
+
extendedExpiryToken?: string;
|
|
85
|
+
reqCnf?: string;
|
|
86
|
+
keyId?: string;
|
|
87
|
+
tokenType?: string;
|
|
88
|
+
shrClaims?: string;
|
|
89
|
+
shrNonce?: string;
|
|
90
|
+
resourceRequestMethod?: string;
|
|
91
|
+
resourceRequestUri?: string;
|
|
92
|
+
signPopToken?: string; // Set to true only if token request deos not contain a PoP keyId
|
|
93
|
+
};
|
|
@@ -15,7 +15,7 @@ export type NativeAccountInfo = {
|
|
|
15
15
|
/**
|
|
16
16
|
* Token response returned by Native Platform
|
|
17
17
|
*/
|
|
18
|
-
export type
|
|
18
|
+
export type PlatformAuthResponse = {
|
|
19
19
|
access_token: string;
|
|
20
20
|
account: NativeAccountInfo;
|
|
21
21
|
client_info: string;
|
|
@@ -54,3 +54,27 @@ export type MATS = {
|
|
|
54
54
|
http_status?: number;
|
|
55
55
|
http_event_count?: number;
|
|
56
56
|
};
|
|
57
|
+
|
|
58
|
+
export type PlatformDOMTokenResponse = {
|
|
59
|
+
isSuccess: boolean;
|
|
60
|
+
state?: string;
|
|
61
|
+
accessToken: string;
|
|
62
|
+
expiresIn: number;
|
|
63
|
+
account: NativeAccountInfo;
|
|
64
|
+
clientInfo: string;
|
|
65
|
+
idToken: string;
|
|
66
|
+
scopes: string;
|
|
67
|
+
proofOfPossessionPayload?: string;
|
|
68
|
+
extendedLifetimeToken?: boolean;
|
|
69
|
+
error: ErrorResult;
|
|
70
|
+
properties?: Record<string, string>;
|
|
71
|
+
};
|
|
72
|
+
|
|
73
|
+
export type ErrorResult = {
|
|
74
|
+
code: string;
|
|
75
|
+
description?: string;
|
|
76
|
+
errorCode: string;
|
|
77
|
+
protocolError?: string;
|
|
78
|
+
status: string;
|
|
79
|
+
properties?: object;
|
|
80
|
+
};
|
|
@@ -53,7 +53,7 @@ import { LocalStorage } from "./LocalStorage.js";
|
|
|
53
53
|
import { SessionStorage } from "./SessionStorage.js";
|
|
54
54
|
import { MemoryStorage } from "./MemoryStorage.js";
|
|
55
55
|
import { IWindowStorage } from "./IWindowStorage.js";
|
|
56
|
-
import {
|
|
56
|
+
import { PlatformAuthRequest } from "../broker/nativeBroker/PlatformAuthRequest.js";
|
|
57
57
|
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
58
58
|
import { SilentRequest } from "../request/SilentRequest.js";
|
|
59
59
|
import { SsoSilentRequest } from "../request/SsoSilentRequest.js";
|
|
@@ -66,6 +66,7 @@ import { getAccountKeys, getTokenKeys } from "./CacheHelpers.js";
|
|
|
66
66
|
import { EventType } from "../event/EventType.js";
|
|
67
67
|
import { EventHandler } from "../event/EventHandler.js";
|
|
68
68
|
import { clearHash } from "../utils/BrowserUtils.js";
|
|
69
|
+
import { version } from "../packageMetadata.js";
|
|
69
70
|
|
|
70
71
|
/**
|
|
71
72
|
* This class implements the cache storage interface for MSAL through browser local or session storage.
|
|
@@ -123,6 +124,29 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
123
124
|
|
|
124
125
|
async initialize(correlationId: string): Promise<void> {
|
|
125
126
|
await this.browserStorage.initialize(correlationId);
|
|
127
|
+
this.trackVersionChanges(correlationId);
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
/**
|
|
131
|
+
* Tracks upgrades and downgrades for telemetry and debugging purposes
|
|
132
|
+
*/
|
|
133
|
+
private trackVersionChanges(correlationId: string): void {
|
|
134
|
+
const previousVersion = this.browserStorage.getItem(
|
|
135
|
+
StaticCacheKeys.VERSION
|
|
136
|
+
);
|
|
137
|
+
if (previousVersion) {
|
|
138
|
+
this.logger.info(
|
|
139
|
+
`MSAL.js was last initialized by version: ${previousVersion}`
|
|
140
|
+
);
|
|
141
|
+
this.performanceClient.addFields(
|
|
142
|
+
{ previousLibraryVersion: previousVersion },
|
|
143
|
+
correlationId
|
|
144
|
+
);
|
|
145
|
+
}
|
|
146
|
+
|
|
147
|
+
if (previousVersion !== version) {
|
|
148
|
+
this.browserStorage.setItem(StaticCacheKeys.VERSION, version);
|
|
149
|
+
}
|
|
126
150
|
}
|
|
127
151
|
|
|
128
152
|
/**
|
|
@@ -1162,7 +1186,7 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
1162
1186
|
/**
|
|
1163
1187
|
* Gets cached native request for redirect flows
|
|
1164
1188
|
*/
|
|
1165
|
-
getCachedNativeRequest():
|
|
1189
|
+
getCachedNativeRequest(): PlatformAuthRequest | null {
|
|
1166
1190
|
this.logger.trace("BrowserCacheManager.getCachedNativeRequest called");
|
|
1167
1191
|
const cachedRequest = this.getTemporaryCache(
|
|
1168
1192
|
TemporaryCacheKeys.NATIVE_REQUEST,
|
|
@@ -1177,7 +1201,7 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
1177
1201
|
|
|
1178
1202
|
const parsedRequest = this.validateAndParseJson(
|
|
1179
1203
|
cachedRequest
|
|
1180
|
-
) as
|
|
1204
|
+
) as PlatformAuthRequest;
|
|
1181
1205
|
if (!parsedRequest) {
|
|
1182
1206
|
this.logger.error(
|
|
1183
1207
|
"BrowserCacheManager.getCachedNativeRequest: Unable to parse native request"
|