@azure/msal-browser 4.13.1 → 4.13.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientNext.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.d.ts +1 -0
- package/dist/broker/nativeBroker/NativeStatusCodes.d.ts.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +4 -3
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +6 -6
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.d.ts +5 -6
- package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +17 -18
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/ControllerFactory.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +2 -2
- package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +3 -3
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.d.ts +1 -1
- package/dist/crypto/CryptoOps.d.ts.map +1 -1
- package/dist/crypto/CryptoOps.mjs +5 -3
- package/dist/crypto/CryptoOps.mjs.map +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.d.ts.map +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +16 -3
- package/dist/crypto/SignedHttpRequest.mjs.map +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.d.ts.map +1 -1
- package/dist/error/NativeAuthError.mjs +5 -3
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +3 -3
- package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -4
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +2 -2
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +2 -2
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/msal-browser.cjs +806 -794
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +806 -794
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +67 -65
- package/lib/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -0
- package/lib/types/broker/nativeBroker/NativeStatusCodes.d.ts.map +1 -1
- package/lib/types/cache/BrowserCacheManager.d.ts +5 -6
- package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/crypto/CryptoOps.d.ts +1 -1
- package/lib/types/crypto/CryptoOps.d.ts.map +1 -1
- package/lib/types/crypto/SignedHttpRequest.d.ts.map +1 -1
- package/lib/types/error/NativeAuthError.d.ts.map +1 -1
- package/lib/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/package.json +2 -2
- package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -0
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +5 -5
- package/src/cache/BrowserCacheManager.ts +22 -23
- package/src/controllers/NestedAppAuthController.ts +1 -3
- package/src/controllers/StandardController.ts +3 -2
- package/src/crypto/CryptoOps.ts +8 -2
- package/src/crypto/SignedHttpRequest.ts +19 -1
- package/src/error/NativeAuthError.ts +4 -0
- package/src/interaction_client/BaseInteractionClient.ts +4 -3
- package/src/interaction_client/PlatformAuthInteractionClient.ts +4 -5
- package/src/interaction_client/PopupClient.ts +3 -2
- package/src/interaction_client/RedirectClient.ts +3 -2
- package/src/packageMetadata.ts +1 -1
package/lib/msal-browser.cjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v4.13.
|
|
1
|
+
/*! @azure/msal-browser v4.13.2 2025-06-18 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v15.7.
|
|
5
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -298,7 +298,7 @@ const JsonWebTokenTypes = {
|
|
|
298
298
|
// Token renewal offset default in seconds
|
|
299
299
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
300
300
|
|
|
301
|
-
/*! @azure/msal-common v15.7.
|
|
301
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
302
302
|
/*
|
|
303
303
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
304
304
|
* Licensed under the MIT License.
|
|
@@ -315,7 +315,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
315
315
|
unexpectedError: unexpectedError
|
|
316
316
|
});
|
|
317
317
|
|
|
318
|
-
/*! @azure/msal-common v15.7.
|
|
318
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
319
319
|
|
|
320
320
|
/*
|
|
321
321
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -364,7 +364,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
364
364
|
: AuthErrorMessages[code]);
|
|
365
365
|
}
|
|
366
366
|
|
|
367
|
-
/*! @azure/msal-common v15.7.
|
|
367
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
368
368
|
/*
|
|
369
369
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
370
370
|
* Licensed under the MIT License.
|
|
@@ -462,7 +462,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
462
462
|
userTimeoutReached: userTimeoutReached
|
|
463
463
|
});
|
|
464
464
|
|
|
465
|
-
/*! @azure/msal-common v15.7.
|
|
465
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
466
466
|
|
|
467
467
|
/*
|
|
468
468
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -714,7 +714,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
714
714
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
715
715
|
}
|
|
716
716
|
|
|
717
|
-
/*! @azure/msal-common v15.7.
|
|
717
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
718
718
|
|
|
719
719
|
/*
|
|
720
720
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -753,7 +753,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
753
753
|
},
|
|
754
754
|
};
|
|
755
755
|
|
|
756
|
-
/*! @azure/msal-common v15.7.
|
|
756
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
757
757
|
|
|
758
758
|
/*
|
|
759
759
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -944,12 +944,12 @@ class Logger {
|
|
|
944
944
|
}
|
|
945
945
|
}
|
|
946
946
|
|
|
947
|
-
/*! @azure/msal-common v15.7.
|
|
947
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
948
948
|
/* eslint-disable header/header */
|
|
949
949
|
const name$1 = "@azure/msal-common";
|
|
950
|
-
const version$1 = "15.7.
|
|
950
|
+
const version$1 = "15.7.1";
|
|
951
951
|
|
|
952
|
-
/*! @azure/msal-common v15.7.
|
|
952
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
953
953
|
/*
|
|
954
954
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
955
955
|
* Licensed under the MIT License.
|
|
@@ -969,7 +969,7 @@ const AzureCloudInstance = {
|
|
|
969
969
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
970
970
|
};
|
|
971
971
|
|
|
972
|
-
/*! @azure/msal-common v15.7.
|
|
972
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
973
973
|
|
|
974
974
|
/*
|
|
975
975
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1030,7 +1030,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1030
1030
|
}
|
|
1031
1031
|
}
|
|
1032
1032
|
|
|
1033
|
-
/*! @azure/msal-common v15.7.
|
|
1033
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1034
1034
|
/*
|
|
1035
1035
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1036
1036
|
* Licensed under the MIT License.
|
|
@@ -1085,7 +1085,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
1085
1085
|
return cachedAtSec > nowSeconds();
|
|
1086
1086
|
}
|
|
1087
1087
|
|
|
1088
|
-
/*! @azure/msal-common v15.7.
|
|
1088
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1089
1089
|
|
|
1090
1090
|
/*
|
|
1091
1091
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1412,7 +1412,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
1412
1412
|
return metadata.expiresAt <= nowSeconds();
|
|
1413
1413
|
}
|
|
1414
1414
|
|
|
1415
|
-
/*! @azure/msal-common v15.7.
|
|
1415
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1416
1416
|
/*
|
|
1417
1417
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1418
1418
|
* Licensed under the MIT License.
|
|
@@ -1466,7 +1466,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
1466
1466
|
urlParseError: urlParseError
|
|
1467
1467
|
});
|
|
1468
1468
|
|
|
1469
|
-
/*! @azure/msal-common v15.7.
|
|
1469
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1470
1470
|
|
|
1471
1471
|
/*
|
|
1472
1472
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1604,7 +1604,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
1604
1604
|
return new ClientConfigurationError(errorCode);
|
|
1605
1605
|
}
|
|
1606
1606
|
|
|
1607
|
-
/*! @azure/msal-common v15.7.
|
|
1607
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1608
1608
|
/*
|
|
1609
1609
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1610
1610
|
* Licensed under the MIT License.
|
|
@@ -1701,7 +1701,7 @@ class StringUtils {
|
|
|
1701
1701
|
}
|
|
1702
1702
|
}
|
|
1703
1703
|
|
|
1704
|
-
/*! @azure/msal-common v15.7.
|
|
1704
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1705
1705
|
|
|
1706
1706
|
/*
|
|
1707
1707
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1892,7 +1892,7 @@ class ScopeSet {
|
|
|
1892
1892
|
}
|
|
1893
1893
|
}
|
|
1894
1894
|
|
|
1895
|
-
/*! @azure/msal-common v15.7.
|
|
1895
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1896
1896
|
|
|
1897
1897
|
/*
|
|
1898
1898
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1932,7 +1932,7 @@ function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
|
1932
1932
|
};
|
|
1933
1933
|
}
|
|
1934
1934
|
|
|
1935
|
-
/*! @azure/msal-common v15.7.
|
|
1935
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1936
1936
|
/*
|
|
1937
1937
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1938
1938
|
* Licensed under the MIT License.
|
|
@@ -2011,7 +2011,7 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
2011
2011
|
return updatedAccountInfo;
|
|
2012
2012
|
}
|
|
2013
2013
|
|
|
2014
|
-
/*! @azure/msal-common v15.7.
|
|
2014
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2015
2015
|
/*
|
|
2016
2016
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2017
2017
|
* Licensed under the MIT License.
|
|
@@ -2026,7 +2026,7 @@ const AuthorityType = {
|
|
|
2026
2026
|
Ciam: 3,
|
|
2027
2027
|
};
|
|
2028
2028
|
|
|
2029
|
-
/*! @azure/msal-common v15.7.
|
|
2029
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2030
2030
|
/*
|
|
2031
2031
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2032
2032
|
* Licensed under the MIT License.
|
|
@@ -2048,7 +2048,7 @@ function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
|
2048
2048
|
return null;
|
|
2049
2049
|
}
|
|
2050
2050
|
|
|
2051
|
-
/*! @azure/msal-common v15.7.
|
|
2051
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2052
2052
|
/*
|
|
2053
2053
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2054
2054
|
* Licensed under the MIT License.
|
|
@@ -2072,7 +2072,7 @@ const ProtocolMode = {
|
|
|
2072
2072
|
EAR: "EAR",
|
|
2073
2073
|
};
|
|
2074
2074
|
|
|
2075
|
-
/*! @azure/msal-common v15.7.
|
|
2075
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2076
2076
|
|
|
2077
2077
|
/*
|
|
2078
2078
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2315,7 +2315,7 @@ class AccountEntity {
|
|
|
2315
2315
|
}
|
|
2316
2316
|
}
|
|
2317
2317
|
|
|
2318
|
-
/*! @azure/msal-common v15.7.
|
|
2318
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2319
2319
|
|
|
2320
2320
|
/*
|
|
2321
2321
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2380,7 +2380,7 @@ function mapToQueryString(parameters, encodeExtraParams = true, extraQueryParame
|
|
|
2380
2380
|
return queryParameterArray.join("&");
|
|
2381
2381
|
}
|
|
2382
2382
|
|
|
2383
|
-
/*! @azure/msal-common v15.7.
|
|
2383
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2384
2384
|
|
|
2385
2385
|
/*
|
|
2386
2386
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2544,7 +2544,7 @@ class UrlString {
|
|
|
2544
2544
|
}
|
|
2545
2545
|
}
|
|
2546
2546
|
|
|
2547
|
-
/*! @azure/msal-common v15.7.
|
|
2547
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2548
2548
|
|
|
2549
2549
|
/*
|
|
2550
2550
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2684,7 +2684,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2684
2684
|
return null;
|
|
2685
2685
|
}
|
|
2686
2686
|
|
|
2687
|
-
/*! @azure/msal-common v15.7.
|
|
2687
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2688
2688
|
/*
|
|
2689
2689
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2690
2690
|
* Licensed under the MIT License.
|
|
@@ -2692,7 +2692,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2692
2692
|
const cacheQuotaExceededErrorCode = "cache_quota_exceeded";
|
|
2693
2693
|
const cacheUnknownErrorCode = "cache_error_unknown";
|
|
2694
2694
|
|
|
2695
|
-
/*! @azure/msal-common v15.7.
|
|
2695
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2696
2696
|
|
|
2697
2697
|
/*
|
|
2698
2698
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2719,7 +2719,7 @@ class CacheError extends Error {
|
|
|
2719
2719
|
}
|
|
2720
2720
|
}
|
|
2721
2721
|
|
|
2722
|
-
/*! @azure/msal-common v15.7.
|
|
2722
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2723
2723
|
|
|
2724
2724
|
/*
|
|
2725
2725
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2730,11 +2730,12 @@ class CacheError extends Error {
|
|
|
2730
2730
|
* @internal
|
|
2731
2731
|
*/
|
|
2732
2732
|
class CacheManager {
|
|
2733
|
-
constructor(clientId, cryptoImpl, logger, staticAuthorityOptions) {
|
|
2733
|
+
constructor(clientId, cryptoImpl, logger, performanceClient, staticAuthorityOptions) {
|
|
2734
2734
|
this.clientId = clientId;
|
|
2735
2735
|
this.cryptoImpl = cryptoImpl;
|
|
2736
2736
|
this.commonLogger = logger.clone(name$1, version$1);
|
|
2737
2737
|
this.staticAuthorityOptions = staticAuthorityOptions;
|
|
2738
|
+
this.performanceClient = performanceClient;
|
|
2738
2739
|
}
|
|
2739
2740
|
/**
|
|
2740
2741
|
* Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.
|
|
@@ -2943,7 +2944,6 @@ class CacheManager {
|
|
|
2943
2944
|
};
|
|
2944
2945
|
const tokenKeys = this.getTokenKeys();
|
|
2945
2946
|
const currentScopes = ScopeSet.fromString(credential.target);
|
|
2946
|
-
const removedAccessTokens = [];
|
|
2947
2947
|
tokenKeys.accessToken.forEach((key) => {
|
|
2948
2948
|
if (!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) {
|
|
2949
2949
|
return;
|
|
@@ -2953,11 +2953,10 @@ class CacheManager {
|
|
|
2953
2953
|
this.credentialMatchesFilter(tokenEntity, accessTokenFilter)) {
|
|
2954
2954
|
const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
|
|
2955
2955
|
if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
|
|
2956
|
-
|
|
2956
|
+
this.removeAccessToken(key, correlationId);
|
|
2957
2957
|
}
|
|
2958
2958
|
}
|
|
2959
2959
|
});
|
|
2960
|
-
await Promise.all(removedAccessTokens);
|
|
2961
2960
|
await this.setAccessTokenCredential(credential, correlationId);
|
|
2962
2961
|
}
|
|
2963
2962
|
/**
|
|
@@ -3199,34 +3198,31 @@ class CacheManager {
|
|
|
3199
3198
|
/**
|
|
3200
3199
|
* Removes all accounts and related tokens from cache.
|
|
3201
3200
|
*/
|
|
3202
|
-
|
|
3201
|
+
removeAllAccounts(correlationId) {
|
|
3203
3202
|
const allAccountKeys = this.getAccountKeys();
|
|
3204
|
-
const removedAccounts = [];
|
|
3205
3203
|
allAccountKeys.forEach((cacheKey) => {
|
|
3206
|
-
|
|
3204
|
+
this.removeAccount(cacheKey, correlationId);
|
|
3207
3205
|
});
|
|
3208
|
-
await Promise.all(removedAccounts);
|
|
3209
3206
|
}
|
|
3210
3207
|
/**
|
|
3211
3208
|
* Removes the account and related tokens for a given account key
|
|
3212
3209
|
* @param account
|
|
3213
3210
|
*/
|
|
3214
|
-
|
|
3211
|
+
removeAccount(accountKey, correlationId) {
|
|
3215
3212
|
const account = this.getAccount(accountKey, this.commonLogger);
|
|
3216
3213
|
if (!account) {
|
|
3217
3214
|
return;
|
|
3218
3215
|
}
|
|
3219
|
-
|
|
3216
|
+
this.removeAccountContext(account, correlationId);
|
|
3220
3217
|
this.removeItem(accountKey);
|
|
3221
3218
|
}
|
|
3222
3219
|
/**
|
|
3223
3220
|
* Removes credentials associated with the provided account
|
|
3224
3221
|
* @param account
|
|
3225
3222
|
*/
|
|
3226
|
-
|
|
3223
|
+
removeAccountContext(account, correlationId) {
|
|
3227
3224
|
const allTokenKeys = this.getTokenKeys();
|
|
3228
3225
|
const accountId = account.generateAccountId();
|
|
3229
|
-
const removedCredentials = [];
|
|
3230
3226
|
allTokenKeys.idToken.forEach((key) => {
|
|
3231
3227
|
if (key.indexOf(accountId) === 0) {
|
|
3232
3228
|
this.removeIdToken(key);
|
|
@@ -3234,7 +3230,7 @@ class CacheManager {
|
|
|
3234
3230
|
});
|
|
3235
3231
|
allTokenKeys.accessToken.forEach((key) => {
|
|
3236
3232
|
if (key.indexOf(accountId) === 0) {
|
|
3237
|
-
|
|
3233
|
+
this.removeAccessToken(key, correlationId);
|
|
3238
3234
|
}
|
|
3239
3235
|
});
|
|
3240
3236
|
allTokenKeys.refreshToken.forEach((key) => {
|
|
@@ -3242,17 +3238,17 @@ class CacheManager {
|
|
|
3242
3238
|
this.removeRefreshToken(key);
|
|
3243
3239
|
}
|
|
3244
3240
|
});
|
|
3245
|
-
await Promise.all(removedCredentials);
|
|
3246
3241
|
}
|
|
3247
3242
|
/**
|
|
3248
3243
|
* returns a boolean if the given credential is removed
|
|
3249
3244
|
* @param credential
|
|
3250
3245
|
*/
|
|
3251
|
-
|
|
3246
|
+
removeAccessToken(key, correlationId) {
|
|
3252
3247
|
const credential = this.getAccessTokenCredential(key);
|
|
3253
3248
|
if (!credential) {
|
|
3254
3249
|
return;
|
|
3255
3250
|
}
|
|
3251
|
+
this.removeItem(key);
|
|
3256
3252
|
// Remove Token Binding Key from key store for PoP Tokens Credentials
|
|
3257
3253
|
if (credential.credentialType.toLowerCase() ===
|
|
3258
3254
|
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) {
|
|
@@ -3260,16 +3256,15 @@ class CacheManager {
|
|
|
3260
3256
|
const accessTokenWithAuthSchemeEntity = credential;
|
|
3261
3257
|
const kid = accessTokenWithAuthSchemeEntity.keyId;
|
|
3262
3258
|
if (kid) {
|
|
3263
|
-
|
|
3264
|
-
|
|
3265
|
-
|
|
3266
|
-
|
|
3267
|
-
|
|
3268
|
-
}
|
|
3259
|
+
void this.cryptoImpl
|
|
3260
|
+
.removeTokenBindingKey(kid)
|
|
3261
|
+
.catch(() => {
|
|
3262
|
+
this.commonLogger.error(`Failed to remove token binding key ${kid}`, correlationId);
|
|
3263
|
+
this.performanceClient?.incrementFields({ removeTokenBindingKeyFailure: 1 }, correlationId);
|
|
3264
|
+
});
|
|
3269
3265
|
}
|
|
3270
3266
|
}
|
|
3271
3267
|
}
|
|
3272
|
-
return this.removeItem(key);
|
|
3273
3268
|
}
|
|
3274
3269
|
/**
|
|
3275
3270
|
* Removes all app metadata objects from cache.
|
|
@@ -3411,10 +3406,10 @@ class CacheManager {
|
|
|
3411
3406
|
* @param request {BaseAuthRequest}
|
|
3412
3407
|
* @param tokenKeys {?TokenKeys}
|
|
3413
3408
|
* @param performanceClient {?IPerformanceClient}
|
|
3414
|
-
* @param correlationId {?string}
|
|
3415
3409
|
*/
|
|
3416
|
-
getAccessToken(account, request, tokenKeys, targetRealm
|
|
3417
|
-
|
|
3410
|
+
getAccessToken(account, request, tokenKeys, targetRealm) {
|
|
3411
|
+
const correlationId = request.correlationId;
|
|
3412
|
+
this.commonLogger.trace("CacheManager - getAccessToken called", correlationId);
|
|
3418
3413
|
const scopes = ScopeSet.createSearchScopes(request.scopes);
|
|
3419
3414
|
const authScheme = request.authenticationScheme || AuthenticationScheme.BEARER;
|
|
3420
3415
|
/*
|
|
@@ -3453,20 +3448,18 @@ class CacheManager {
|
|
|
3453
3448
|
});
|
|
3454
3449
|
const numAccessTokens = accessTokens.length;
|
|
3455
3450
|
if (numAccessTokens < 1) {
|
|
3456
|
-
this.commonLogger.info("CacheManager:getAccessToken - No token found");
|
|
3451
|
+
this.commonLogger.info("CacheManager:getAccessToken - No token found", correlationId);
|
|
3457
3452
|
return null;
|
|
3458
3453
|
}
|
|
3459
3454
|
else if (numAccessTokens > 1) {
|
|
3460
|
-
this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them");
|
|
3455
|
+
this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them", correlationId);
|
|
3461
3456
|
accessTokens.forEach((accessToken) => {
|
|
3462
|
-
|
|
3457
|
+
this.removeAccessToken(generateCredentialKey(accessToken), correlationId);
|
|
3463
3458
|
});
|
|
3464
|
-
|
|
3465
|
-
performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
|
|
3466
|
-
}
|
|
3459
|
+
this.performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
|
|
3467
3460
|
return null;
|
|
3468
3461
|
}
|
|
3469
|
-
this.commonLogger.info("CacheManager:getAccessToken - Returning access token");
|
|
3462
|
+
this.commonLogger.info("CacheManager:getAccessToken - Returning access token", correlationId);
|
|
3470
3463
|
return accessTokens[0];
|
|
3471
3464
|
}
|
|
3472
3465
|
/**
|
|
@@ -3904,576 +3897,16 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3904
3897
|
}
|
|
3905
3898
|
}
|
|
3906
3899
|
|
|
3907
|
-
/*! @azure/msal-common v15.7.
|
|
3908
|
-
|
|
3900
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
3909
3901
|
/*
|
|
3910
3902
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3911
3903
|
* Licensed under the MIT License.
|
|
3912
3904
|
*/
|
|
3913
|
-
const DEFAULT_SYSTEM_OPTIONS = {
|
|
3914
|
-
tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
|
|
3915
|
-
preventCorsPreflight: false,
|
|
3916
|
-
};
|
|
3917
|
-
const DEFAULT_LOGGER_IMPLEMENTATION = {
|
|
3918
|
-
loggerCallback: () => {
|
|
3919
|
-
// allow users to not set loggerCallback
|
|
3920
|
-
},
|
|
3921
|
-
piiLoggingEnabled: false,
|
|
3922
|
-
logLevel: exports.LogLevel.Info,
|
|
3923
|
-
correlationId: Constants.EMPTY_STRING,
|
|
3924
|
-
};
|
|
3925
|
-
const DEFAULT_CACHE_OPTIONS = {
|
|
3926
|
-
claimsBasedCachingEnabled: false,
|
|
3927
|
-
};
|
|
3928
|
-
const DEFAULT_NETWORK_IMPLEMENTATION = {
|
|
3929
|
-
async sendGetRequestAsync() {
|
|
3930
|
-
throw createClientAuthError(methodNotImplemented);
|
|
3931
|
-
},
|
|
3932
|
-
async sendPostRequestAsync() {
|
|
3933
|
-
throw createClientAuthError(methodNotImplemented);
|
|
3934
|
-
},
|
|
3935
|
-
};
|
|
3936
|
-
const DEFAULT_LIBRARY_INFO = {
|
|
3937
|
-
sku: Constants.SKU,
|
|
3938
|
-
version: version$1,
|
|
3939
|
-
cpu: Constants.EMPTY_STRING,
|
|
3940
|
-
os: Constants.EMPTY_STRING,
|
|
3941
|
-
};
|
|
3942
|
-
const DEFAULT_CLIENT_CREDENTIALS = {
|
|
3943
|
-
clientSecret: Constants.EMPTY_STRING,
|
|
3944
|
-
clientAssertion: undefined,
|
|
3945
|
-
};
|
|
3946
|
-
const DEFAULT_AZURE_CLOUD_OPTIONS = {
|
|
3947
|
-
azureCloudInstance: AzureCloudInstance.None,
|
|
3948
|
-
tenant: `${Constants.DEFAULT_COMMON_TENANT}`,
|
|
3949
|
-
};
|
|
3950
|
-
const DEFAULT_TELEMETRY_OPTIONS = {
|
|
3951
|
-
application: {
|
|
3952
|
-
appName: "",
|
|
3953
|
-
appVersion: "",
|
|
3954
|
-
},
|
|
3955
|
-
};
|
|
3956
3905
|
/**
|
|
3957
|
-
*
|
|
3958
|
-
*
|
|
3959
|
-
* @param Configuration
|
|
3906
|
+
* Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient.
|
|
3960
3907
|
*
|
|
3961
|
-
* @
|
|
3962
|
-
|
|
3963
|
-
function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions: userSystemOptions, loggerOptions: userLoggerOption, cacheOptions: userCacheOptions, storageInterface: storageImplementation, networkInterface: networkImplementation, cryptoInterface: cryptoImplementation, clientCredentials: clientCredentials, libraryInfo: libraryInfo, telemetry: telemetry, serverTelemetryManager: serverTelemetryManager, persistencePlugin: persistencePlugin, serializableCache: serializableCache, }) {
|
|
3964
|
-
const loggerOptions = {
|
|
3965
|
-
...DEFAULT_LOGGER_IMPLEMENTATION,
|
|
3966
|
-
...userLoggerOption,
|
|
3967
|
-
};
|
|
3968
|
-
return {
|
|
3969
|
-
authOptions: buildAuthOptions(userAuthOptions),
|
|
3970
|
-
systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions },
|
|
3971
|
-
loggerOptions: loggerOptions,
|
|
3972
|
-
cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },
|
|
3973
|
-
storageInterface: storageImplementation ||
|
|
3974
|
-
new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions)),
|
|
3975
|
-
networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION,
|
|
3976
|
-
cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION,
|
|
3977
|
-
clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS,
|
|
3978
|
-
libraryInfo: { ...DEFAULT_LIBRARY_INFO, ...libraryInfo },
|
|
3979
|
-
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry },
|
|
3980
|
-
serverTelemetryManager: serverTelemetryManager || null,
|
|
3981
|
-
persistencePlugin: persistencePlugin || null,
|
|
3982
|
-
serializableCache: serializableCache || null,
|
|
3983
|
-
};
|
|
3984
|
-
}
|
|
3985
|
-
/**
|
|
3986
|
-
* Construct authoptions from the client and platform passed values
|
|
3987
|
-
* @param authOptions
|
|
3988
|
-
*/
|
|
3989
|
-
function buildAuthOptions(authOptions) {
|
|
3990
|
-
return {
|
|
3991
|
-
clientCapabilities: [],
|
|
3992
|
-
azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
|
|
3993
|
-
skipAuthorityMetadataCache: false,
|
|
3994
|
-
instanceAware: false,
|
|
3995
|
-
encodeExtraQueryParams: false,
|
|
3996
|
-
...authOptions,
|
|
3997
|
-
};
|
|
3998
|
-
}
|
|
3999
|
-
/**
|
|
4000
|
-
* Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise
|
|
4001
|
-
* @param ClientConfiguration
|
|
4002
|
-
*/
|
|
4003
|
-
function isOidcProtocolMode(config) {
|
|
4004
|
-
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
4005
|
-
}
|
|
4006
|
-
|
|
4007
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4008
|
-
/*
|
|
4009
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4010
|
-
* Licensed under the MIT License.
|
|
4011
|
-
*/
|
|
4012
|
-
const CcsCredentialType = {
|
|
4013
|
-
HOME_ACCOUNT_ID: "home_account_id",
|
|
4014
|
-
UPN: "UPN",
|
|
4015
|
-
};
|
|
4016
|
-
|
|
4017
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4018
|
-
/*
|
|
4019
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4020
|
-
* Licensed under the MIT License.
|
|
4021
|
-
*/
|
|
4022
|
-
const CLIENT_ID = "client_id";
|
|
4023
|
-
const REDIRECT_URI = "redirect_uri";
|
|
4024
|
-
const RESPONSE_TYPE = "response_type";
|
|
4025
|
-
const RESPONSE_MODE = "response_mode";
|
|
4026
|
-
const GRANT_TYPE = "grant_type";
|
|
4027
|
-
const CLAIMS = "claims";
|
|
4028
|
-
const SCOPE = "scope";
|
|
4029
|
-
const REFRESH_TOKEN = "refresh_token";
|
|
4030
|
-
const STATE = "state";
|
|
4031
|
-
const NONCE = "nonce";
|
|
4032
|
-
const PROMPT = "prompt";
|
|
4033
|
-
const CODE = "code";
|
|
4034
|
-
const CODE_CHALLENGE = "code_challenge";
|
|
4035
|
-
const CODE_CHALLENGE_METHOD = "code_challenge_method";
|
|
4036
|
-
const CODE_VERIFIER = "code_verifier";
|
|
4037
|
-
const CLIENT_REQUEST_ID = "client-request-id";
|
|
4038
|
-
const X_CLIENT_SKU = "x-client-SKU";
|
|
4039
|
-
const X_CLIENT_VER = "x-client-VER";
|
|
4040
|
-
const X_CLIENT_OS = "x-client-OS";
|
|
4041
|
-
const X_CLIENT_CPU = "x-client-CPU";
|
|
4042
|
-
const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
|
|
4043
|
-
const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
|
|
4044
|
-
const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
|
|
4045
|
-
const X_APP_NAME = "x-app-name";
|
|
4046
|
-
const X_APP_VER = "x-app-ver";
|
|
4047
|
-
const POST_LOGOUT_URI = "post_logout_redirect_uri";
|
|
4048
|
-
const ID_TOKEN_HINT = "id_token_hint";
|
|
4049
|
-
const CLIENT_SECRET = "client_secret";
|
|
4050
|
-
const CLIENT_ASSERTION = "client_assertion";
|
|
4051
|
-
const CLIENT_ASSERTION_TYPE = "client_assertion_type";
|
|
4052
|
-
const TOKEN_TYPE = "token_type";
|
|
4053
|
-
const REQ_CNF = "req_cnf";
|
|
4054
|
-
const RETURN_SPA_CODE = "return_spa_code";
|
|
4055
|
-
const NATIVE_BROKER = "nativebroker";
|
|
4056
|
-
const LOGOUT_HINT = "logout_hint";
|
|
4057
|
-
const SID = "sid";
|
|
4058
|
-
const LOGIN_HINT = "login_hint";
|
|
4059
|
-
const DOMAIN_HINT = "domain_hint";
|
|
4060
|
-
const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
|
|
4061
|
-
const BROKER_CLIENT_ID = "brk_client_id";
|
|
4062
|
-
const BROKER_REDIRECT_URI = "brk_redirect_uri";
|
|
4063
|
-
const INSTANCE_AWARE = "instance_aware";
|
|
4064
|
-
const EAR_JWK = "ear_jwk";
|
|
4065
|
-
const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
4066
|
-
|
|
4067
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4068
|
-
|
|
4069
|
-
/*
|
|
4070
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4071
|
-
* Licensed under the MIT License.
|
|
4072
|
-
*/
|
|
4073
|
-
function instrumentBrokerParams(parameters, correlationId, performanceClient) {
|
|
4074
|
-
if (!correlationId) {
|
|
4075
|
-
return;
|
|
4076
|
-
}
|
|
4077
|
-
const clientId = parameters.get(CLIENT_ID);
|
|
4078
|
-
if (clientId && parameters.has(BROKER_CLIENT_ID)) {
|
|
4079
|
-
performanceClient?.addFields({
|
|
4080
|
-
embeddedClientId: clientId,
|
|
4081
|
-
embeddedRedirectUri: parameters.get(REDIRECT_URI),
|
|
4082
|
-
}, correlationId);
|
|
4083
|
-
}
|
|
4084
|
-
}
|
|
4085
|
-
/**
|
|
4086
|
-
* Add the given response_type
|
|
4087
|
-
* @param parameters
|
|
4088
|
-
* @param responseType
|
|
4089
|
-
*/
|
|
4090
|
-
function addResponseType(parameters, responseType) {
|
|
4091
|
-
parameters.set(RESPONSE_TYPE, responseType);
|
|
4092
|
-
}
|
|
4093
|
-
/**
|
|
4094
|
-
* add response_mode. defaults to query.
|
|
4095
|
-
* @param responseMode
|
|
4096
|
-
*/
|
|
4097
|
-
function addResponseMode(parameters, responseMode) {
|
|
4098
|
-
parameters.set(RESPONSE_MODE, responseMode ? responseMode : ResponseMode.QUERY);
|
|
4099
|
-
}
|
|
4100
|
-
/**
|
|
4101
|
-
* Add flag to indicate STS should attempt to use WAM if available
|
|
4102
|
-
*/
|
|
4103
|
-
function addNativeBroker(parameters) {
|
|
4104
|
-
parameters.set(NATIVE_BROKER, "1");
|
|
4105
|
-
}
|
|
4106
|
-
/**
|
|
4107
|
-
* add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
|
|
4108
|
-
* @param scopeSet
|
|
4109
|
-
* @param addOidcScopes
|
|
4110
|
-
*/
|
|
4111
|
-
function addScopes(parameters, scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {
|
|
4112
|
-
// Always add openid to the scopes when adding OIDC scopes
|
|
4113
|
-
if (addOidcScopes &&
|
|
4114
|
-
!defaultScopes.includes("openid") &&
|
|
4115
|
-
!scopes.includes("openid")) {
|
|
4116
|
-
defaultScopes.push("openid");
|
|
4117
|
-
}
|
|
4118
|
-
const requestScopes = addOidcScopes
|
|
4119
|
-
? [...(scopes || []), ...defaultScopes]
|
|
4120
|
-
: scopes || [];
|
|
4121
|
-
const scopeSet = new ScopeSet(requestScopes);
|
|
4122
|
-
parameters.set(SCOPE, scopeSet.printScopes());
|
|
4123
|
-
}
|
|
4124
|
-
/**
|
|
4125
|
-
* add clientId
|
|
4126
|
-
* @param clientId
|
|
4127
|
-
*/
|
|
4128
|
-
function addClientId(parameters, clientId) {
|
|
4129
|
-
parameters.set(CLIENT_ID, clientId);
|
|
4130
|
-
}
|
|
4131
|
-
/**
|
|
4132
|
-
* add redirect_uri
|
|
4133
|
-
* @param redirectUri
|
|
4134
|
-
*/
|
|
4135
|
-
function addRedirectUri(parameters, redirectUri) {
|
|
4136
|
-
parameters.set(REDIRECT_URI, redirectUri);
|
|
4137
|
-
}
|
|
4138
|
-
/**
|
|
4139
|
-
* add post logout redirectUri
|
|
4140
|
-
* @param redirectUri
|
|
4141
|
-
*/
|
|
4142
|
-
function addPostLogoutRedirectUri(parameters, redirectUri) {
|
|
4143
|
-
parameters.set(POST_LOGOUT_URI, redirectUri);
|
|
4144
|
-
}
|
|
4145
|
-
/**
|
|
4146
|
-
* add id_token_hint to logout request
|
|
4147
|
-
* @param idTokenHint
|
|
4148
|
-
*/
|
|
4149
|
-
function addIdTokenHint(parameters, idTokenHint) {
|
|
4150
|
-
parameters.set(ID_TOKEN_HINT, idTokenHint);
|
|
4151
|
-
}
|
|
4152
|
-
/**
|
|
4153
|
-
* add domain_hint
|
|
4154
|
-
* @param domainHint
|
|
4155
|
-
*/
|
|
4156
|
-
function addDomainHint(parameters, domainHint) {
|
|
4157
|
-
parameters.set(DOMAIN_HINT, domainHint);
|
|
4158
|
-
}
|
|
4159
|
-
/**
|
|
4160
|
-
* add login_hint
|
|
4161
|
-
* @param loginHint
|
|
4162
|
-
*/
|
|
4163
|
-
function addLoginHint(parameters, loginHint) {
|
|
4164
|
-
parameters.set(LOGIN_HINT, loginHint);
|
|
4165
|
-
}
|
|
4166
|
-
/**
|
|
4167
|
-
* Adds the CCS (Cache Credential Service) query parameter for login_hint
|
|
4168
|
-
* @param loginHint
|
|
4169
|
-
*/
|
|
4170
|
-
function addCcsUpn(parameters, loginHint) {
|
|
4171
|
-
parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
|
|
4172
|
-
}
|
|
4173
|
-
/**
|
|
4174
|
-
* Adds the CCS (Cache Credential Service) query parameter for account object
|
|
4175
|
-
* @param loginHint
|
|
4176
|
-
*/
|
|
4177
|
-
function addCcsOid(parameters, clientInfo) {
|
|
4178
|
-
parameters.set(HeaderNames.CCS_HEADER, `Oid:${clientInfo.uid}@${clientInfo.utid}`);
|
|
4179
|
-
}
|
|
4180
|
-
/**
|
|
4181
|
-
* add sid
|
|
4182
|
-
* @param sid
|
|
4183
|
-
*/
|
|
4184
|
-
function addSid(parameters, sid) {
|
|
4185
|
-
parameters.set(SID, sid);
|
|
4186
|
-
}
|
|
4187
|
-
/**
|
|
4188
|
-
* add claims
|
|
4189
|
-
* @param claims
|
|
4190
|
-
*/
|
|
4191
|
-
function addClaims(parameters, claims, clientCapabilities) {
|
|
4192
|
-
const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
|
|
4193
|
-
try {
|
|
4194
|
-
JSON.parse(mergedClaims);
|
|
4195
|
-
}
|
|
4196
|
-
catch (e) {
|
|
4197
|
-
throw createClientConfigurationError(invalidClaims);
|
|
4198
|
-
}
|
|
4199
|
-
parameters.set(CLAIMS, mergedClaims);
|
|
4200
|
-
}
|
|
4201
|
-
/**
|
|
4202
|
-
* add correlationId
|
|
4203
|
-
* @param correlationId
|
|
4204
|
-
*/
|
|
4205
|
-
function addCorrelationId(parameters, correlationId) {
|
|
4206
|
-
parameters.set(CLIENT_REQUEST_ID, correlationId);
|
|
4207
|
-
}
|
|
4208
|
-
/**
|
|
4209
|
-
* add library info query params
|
|
4210
|
-
* @param libraryInfo
|
|
4211
|
-
*/
|
|
4212
|
-
function addLibraryInfo(parameters, libraryInfo) {
|
|
4213
|
-
// Telemetry Info
|
|
4214
|
-
parameters.set(X_CLIENT_SKU, libraryInfo.sku);
|
|
4215
|
-
parameters.set(X_CLIENT_VER, libraryInfo.version);
|
|
4216
|
-
if (libraryInfo.os) {
|
|
4217
|
-
parameters.set(X_CLIENT_OS, libraryInfo.os);
|
|
4218
|
-
}
|
|
4219
|
-
if (libraryInfo.cpu) {
|
|
4220
|
-
parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
|
|
4221
|
-
}
|
|
4222
|
-
}
|
|
4223
|
-
/**
|
|
4224
|
-
* Add client telemetry parameters
|
|
4225
|
-
* @param appTelemetry
|
|
4226
|
-
*/
|
|
4227
|
-
function addApplicationTelemetry(parameters, appTelemetry) {
|
|
4228
|
-
if (appTelemetry?.appName) {
|
|
4229
|
-
parameters.set(X_APP_NAME, appTelemetry.appName);
|
|
4230
|
-
}
|
|
4231
|
-
if (appTelemetry?.appVersion) {
|
|
4232
|
-
parameters.set(X_APP_VER, appTelemetry.appVersion);
|
|
4233
|
-
}
|
|
4234
|
-
}
|
|
4235
|
-
/**
|
|
4236
|
-
* add prompt
|
|
4237
|
-
* @param prompt
|
|
4238
|
-
*/
|
|
4239
|
-
function addPrompt(parameters, prompt) {
|
|
4240
|
-
parameters.set(PROMPT, prompt);
|
|
4241
|
-
}
|
|
4242
|
-
/**
|
|
4243
|
-
* add state
|
|
4244
|
-
* @param state
|
|
4245
|
-
*/
|
|
4246
|
-
function addState(parameters, state) {
|
|
4247
|
-
if (state) {
|
|
4248
|
-
parameters.set(STATE, state);
|
|
4249
|
-
}
|
|
4250
|
-
}
|
|
4251
|
-
/**
|
|
4252
|
-
* add nonce
|
|
4253
|
-
* @param nonce
|
|
4254
|
-
*/
|
|
4255
|
-
function addNonce(parameters, nonce) {
|
|
4256
|
-
parameters.set(NONCE, nonce);
|
|
4257
|
-
}
|
|
4258
|
-
/**
|
|
4259
|
-
* add code_challenge and code_challenge_method
|
|
4260
|
-
* - throw if either of them are not passed
|
|
4261
|
-
* @param codeChallenge
|
|
4262
|
-
* @param codeChallengeMethod
|
|
4263
|
-
*/
|
|
4264
|
-
function addCodeChallengeParams(parameters, codeChallenge, codeChallengeMethod) {
|
|
4265
|
-
if (codeChallenge && codeChallengeMethod) {
|
|
4266
|
-
parameters.set(CODE_CHALLENGE, codeChallenge);
|
|
4267
|
-
parameters.set(CODE_CHALLENGE_METHOD, codeChallengeMethod);
|
|
4268
|
-
}
|
|
4269
|
-
else {
|
|
4270
|
-
throw createClientConfigurationError(pkceParamsMissing);
|
|
4271
|
-
}
|
|
4272
|
-
}
|
|
4273
|
-
/**
|
|
4274
|
-
* add the `authorization_code` passed by the user to exchange for a token
|
|
4275
|
-
* @param code
|
|
4276
|
-
*/
|
|
4277
|
-
function addAuthorizationCode(parameters, code) {
|
|
4278
|
-
parameters.set(CODE, code);
|
|
4279
|
-
}
|
|
4280
|
-
/**
|
|
4281
|
-
* add the `refreshToken` passed by the user
|
|
4282
|
-
* @param refreshToken
|
|
4283
|
-
*/
|
|
4284
|
-
function addRefreshToken(parameters, refreshToken) {
|
|
4285
|
-
parameters.set(REFRESH_TOKEN, refreshToken);
|
|
4286
|
-
}
|
|
4287
|
-
/**
|
|
4288
|
-
* add the `code_verifier` passed by the user to exchange for a token
|
|
4289
|
-
* @param codeVerifier
|
|
4290
|
-
*/
|
|
4291
|
-
function addCodeVerifier(parameters, codeVerifier) {
|
|
4292
|
-
parameters.set(CODE_VERIFIER, codeVerifier);
|
|
4293
|
-
}
|
|
4294
|
-
/**
|
|
4295
|
-
* add client_secret
|
|
4296
|
-
* @param clientSecret
|
|
4297
|
-
*/
|
|
4298
|
-
function addClientSecret(parameters, clientSecret) {
|
|
4299
|
-
parameters.set(CLIENT_SECRET, clientSecret);
|
|
4300
|
-
}
|
|
4301
|
-
/**
|
|
4302
|
-
* add clientAssertion for confidential client flows
|
|
4303
|
-
* @param clientAssertion
|
|
4304
|
-
*/
|
|
4305
|
-
function addClientAssertion(parameters, clientAssertion) {
|
|
4306
|
-
if (clientAssertion) {
|
|
4307
|
-
parameters.set(CLIENT_ASSERTION, clientAssertion);
|
|
4308
|
-
}
|
|
4309
|
-
}
|
|
4310
|
-
/**
|
|
4311
|
-
* add clientAssertionType for confidential client flows
|
|
4312
|
-
* @param clientAssertionType
|
|
4313
|
-
*/
|
|
4314
|
-
function addClientAssertionType(parameters, clientAssertionType) {
|
|
4315
|
-
if (clientAssertionType) {
|
|
4316
|
-
parameters.set(CLIENT_ASSERTION_TYPE, clientAssertionType);
|
|
4317
|
-
}
|
|
4318
|
-
}
|
|
4319
|
-
/**
|
|
4320
|
-
* add grant type
|
|
4321
|
-
* @param grantType
|
|
4322
|
-
*/
|
|
4323
|
-
function addGrantType(parameters, grantType) {
|
|
4324
|
-
parameters.set(GRANT_TYPE, grantType);
|
|
4325
|
-
}
|
|
4326
|
-
/**
|
|
4327
|
-
* add client info
|
|
4328
|
-
*
|
|
4329
|
-
*/
|
|
4330
|
-
function addClientInfo(parameters) {
|
|
4331
|
-
parameters.set(CLIENT_INFO, "1");
|
|
4332
|
-
}
|
|
4333
|
-
function addInstanceAware(parameters) {
|
|
4334
|
-
if (!parameters.has(INSTANCE_AWARE)) {
|
|
4335
|
-
parameters.set(INSTANCE_AWARE, "true");
|
|
4336
|
-
}
|
|
4337
|
-
}
|
|
4338
|
-
/**
|
|
4339
|
-
* add extraQueryParams
|
|
4340
|
-
* @param eQParams
|
|
4341
|
-
*/
|
|
4342
|
-
function addExtraQueryParameters(parameters, eQParams) {
|
|
4343
|
-
Object.entries(eQParams).forEach(([key, value]) => {
|
|
4344
|
-
if (!parameters.has(key) && value) {
|
|
4345
|
-
parameters.set(key, value);
|
|
4346
|
-
}
|
|
4347
|
-
});
|
|
4348
|
-
}
|
|
4349
|
-
function addClientCapabilitiesToClaims(claims, clientCapabilities) {
|
|
4350
|
-
let mergedClaims;
|
|
4351
|
-
// Parse provided claims into JSON object or initialize empty object
|
|
4352
|
-
if (!claims) {
|
|
4353
|
-
mergedClaims = {};
|
|
4354
|
-
}
|
|
4355
|
-
else {
|
|
4356
|
-
try {
|
|
4357
|
-
mergedClaims = JSON.parse(claims);
|
|
4358
|
-
}
|
|
4359
|
-
catch (e) {
|
|
4360
|
-
throw createClientConfigurationError(invalidClaims);
|
|
4361
|
-
}
|
|
4362
|
-
}
|
|
4363
|
-
if (clientCapabilities && clientCapabilities.length > 0) {
|
|
4364
|
-
if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
|
|
4365
|
-
// Add access_token key to claims object
|
|
4366
|
-
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
|
|
4367
|
-
}
|
|
4368
|
-
// Add xms_cc claim with provided clientCapabilities to access_token key
|
|
4369
|
-
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
|
|
4370
|
-
{
|
|
4371
|
-
values: clientCapabilities,
|
|
4372
|
-
};
|
|
4373
|
-
}
|
|
4374
|
-
return JSON.stringify(mergedClaims);
|
|
4375
|
-
}
|
|
4376
|
-
/**
|
|
4377
|
-
* add pop_jwk to query params
|
|
4378
|
-
* @param cnfString
|
|
4379
|
-
*/
|
|
4380
|
-
function addPopToken(parameters, cnfString) {
|
|
4381
|
-
if (cnfString) {
|
|
4382
|
-
parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
|
|
4383
|
-
parameters.set(REQ_CNF, cnfString);
|
|
4384
|
-
}
|
|
4385
|
-
}
|
|
4386
|
-
/**
|
|
4387
|
-
* add SSH JWK and key ID to query params
|
|
4388
|
-
*/
|
|
4389
|
-
function addSshJwk(parameters, sshJwkString) {
|
|
4390
|
-
if (sshJwkString) {
|
|
4391
|
-
parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
|
|
4392
|
-
parameters.set(REQ_CNF, sshJwkString);
|
|
4393
|
-
}
|
|
4394
|
-
}
|
|
4395
|
-
/**
|
|
4396
|
-
* add server telemetry fields
|
|
4397
|
-
* @param serverTelemetryManager
|
|
4398
|
-
*/
|
|
4399
|
-
function addServerTelemetry(parameters, serverTelemetryManager) {
|
|
4400
|
-
parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
|
|
4401
|
-
parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
|
|
4402
|
-
}
|
|
4403
|
-
/**
|
|
4404
|
-
* Adds parameter that indicates to the server that throttling is supported
|
|
4405
|
-
*/
|
|
4406
|
-
function addThrottling(parameters) {
|
|
4407
|
-
parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
|
|
4408
|
-
}
|
|
4409
|
-
/**
|
|
4410
|
-
* Adds logout_hint parameter for "silent" logout which prevent server account picker
|
|
4411
|
-
*/
|
|
4412
|
-
function addLogoutHint(parameters, logoutHint) {
|
|
4413
|
-
parameters.set(LOGOUT_HINT, logoutHint);
|
|
4414
|
-
}
|
|
4415
|
-
function addBrokerParameters(parameters, brokerClientId, brokerRedirectUri) {
|
|
4416
|
-
if (!parameters.has(BROKER_CLIENT_ID)) {
|
|
4417
|
-
parameters.set(BROKER_CLIENT_ID, brokerClientId);
|
|
4418
|
-
}
|
|
4419
|
-
if (!parameters.has(BROKER_REDIRECT_URI)) {
|
|
4420
|
-
parameters.set(BROKER_REDIRECT_URI, brokerRedirectUri);
|
|
4421
|
-
}
|
|
4422
|
-
}
|
|
4423
|
-
/**
|
|
4424
|
-
* Add EAR (Encrypted Authorize Response) request parameters
|
|
4425
|
-
* @param parameters
|
|
4426
|
-
* @param jwk
|
|
4427
|
-
*/
|
|
4428
|
-
function addEARParameters(parameters, jwk) {
|
|
4429
|
-
parameters.set(EAR_JWK, encodeURIComponent(jwk));
|
|
4430
|
-
// ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
|
|
4431
|
-
const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
|
|
4432
|
-
parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
|
|
4433
|
-
}
|
|
4434
|
-
|
|
4435
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4436
|
-
/*
|
|
4437
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4438
|
-
* Licensed under the MIT License.
|
|
4439
|
-
*/
|
|
4440
|
-
function isOpenIdConfigResponse(response) {
|
|
4441
|
-
return (response.hasOwnProperty("authorization_endpoint") &&
|
|
4442
|
-
response.hasOwnProperty("token_endpoint") &&
|
|
4443
|
-
response.hasOwnProperty("issuer") &&
|
|
4444
|
-
response.hasOwnProperty("jwks_uri"));
|
|
4445
|
-
}
|
|
4446
|
-
|
|
4447
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4448
|
-
/*
|
|
4449
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4450
|
-
* Licensed under the MIT License.
|
|
4451
|
-
*/
|
|
4452
|
-
function isCloudInstanceDiscoveryResponse(response) {
|
|
4453
|
-
return (response.hasOwnProperty("tenant_discovery_endpoint") &&
|
|
4454
|
-
response.hasOwnProperty("metadata"));
|
|
4455
|
-
}
|
|
4456
|
-
|
|
4457
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4458
|
-
/*
|
|
4459
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4460
|
-
* Licensed under the MIT License.
|
|
4461
|
-
*/
|
|
4462
|
-
function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
4463
|
-
return (response.hasOwnProperty("error") &&
|
|
4464
|
-
response.hasOwnProperty("error_description"));
|
|
4465
|
-
}
|
|
4466
|
-
|
|
4467
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4468
|
-
/*
|
|
4469
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4470
|
-
* Licensed under the MIT License.
|
|
4471
|
-
*/
|
|
4472
|
-
/**
|
|
4473
|
-
* Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient.
|
|
4474
|
-
*
|
|
4475
|
-
* @export
|
|
4476
|
-
* @enum {number}
|
|
3908
|
+
* @export
|
|
3909
|
+
* @enum {number}
|
|
4477
3910
|
*/
|
|
4478
3911
|
const PerformanceEvents = {
|
|
4479
3912
|
/**
|
|
@@ -4950,34 +4383,673 @@ const PerformanceEventAbbreviations = new Map([
|
|
|
4950
4383
|
[PerformanceEvents.DecryptEarResponse, "decryptEarResp"],
|
|
4951
4384
|
]);
|
|
4952
4385
|
/**
|
|
4953
|
-
* State of the performance event.
|
|
4386
|
+
* State of the performance event.
|
|
4387
|
+
*
|
|
4388
|
+
* @export
|
|
4389
|
+
* @enum {number}
|
|
4390
|
+
*/
|
|
4391
|
+
const PerformanceEventStatus = {
|
|
4392
|
+
NotStarted: 0,
|
|
4393
|
+
InProgress: 1,
|
|
4394
|
+
Completed: 2,
|
|
4395
|
+
};
|
|
4396
|
+
const IntFields = new Set([
|
|
4397
|
+
"accessTokenSize",
|
|
4398
|
+
"durationMs",
|
|
4399
|
+
"idTokenSize",
|
|
4400
|
+
"matsSilentStatus",
|
|
4401
|
+
"matsHttpStatus",
|
|
4402
|
+
"refreshTokenSize",
|
|
4403
|
+
"queuedTimeMs",
|
|
4404
|
+
"startTimeMs",
|
|
4405
|
+
"status",
|
|
4406
|
+
"multiMatchedAT",
|
|
4407
|
+
"multiMatchedID",
|
|
4408
|
+
"multiMatchedRT",
|
|
4409
|
+
"unencryptedCacheCount",
|
|
4410
|
+
"encryptedCacheExpiredCount",
|
|
4411
|
+
]);
|
|
4412
|
+
|
|
4413
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4414
|
+
|
|
4415
|
+
/*
|
|
4416
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4417
|
+
* Licensed under the MIT License.
|
|
4418
|
+
*/
|
|
4419
|
+
class StubPerformanceMeasurement {
|
|
4420
|
+
startMeasurement() {
|
|
4421
|
+
return;
|
|
4422
|
+
}
|
|
4423
|
+
endMeasurement() {
|
|
4424
|
+
return;
|
|
4425
|
+
}
|
|
4426
|
+
flushMeasurement() {
|
|
4427
|
+
return null;
|
|
4428
|
+
}
|
|
4429
|
+
}
|
|
4430
|
+
class StubPerformanceClient {
|
|
4431
|
+
generateId() {
|
|
4432
|
+
return "callback-id";
|
|
4433
|
+
}
|
|
4434
|
+
startMeasurement(measureName, correlationId) {
|
|
4435
|
+
return {
|
|
4436
|
+
end: () => null,
|
|
4437
|
+
discard: () => { },
|
|
4438
|
+
add: () => { },
|
|
4439
|
+
increment: () => { },
|
|
4440
|
+
event: {
|
|
4441
|
+
eventId: this.generateId(),
|
|
4442
|
+
status: PerformanceEventStatus.InProgress,
|
|
4443
|
+
authority: "",
|
|
4444
|
+
libraryName: "",
|
|
4445
|
+
libraryVersion: "",
|
|
4446
|
+
clientId: "",
|
|
4447
|
+
name: measureName,
|
|
4448
|
+
startTimeMs: Date.now(),
|
|
4449
|
+
correlationId: correlationId || "",
|
|
4450
|
+
},
|
|
4451
|
+
measurement: new StubPerformanceMeasurement(),
|
|
4452
|
+
};
|
|
4453
|
+
}
|
|
4454
|
+
startPerformanceMeasurement() {
|
|
4455
|
+
return new StubPerformanceMeasurement();
|
|
4456
|
+
}
|
|
4457
|
+
calculateQueuedTime() {
|
|
4458
|
+
return 0;
|
|
4459
|
+
}
|
|
4460
|
+
addQueueMeasurement() {
|
|
4461
|
+
return;
|
|
4462
|
+
}
|
|
4463
|
+
setPreQueueTime() {
|
|
4464
|
+
return;
|
|
4465
|
+
}
|
|
4466
|
+
endMeasurement() {
|
|
4467
|
+
return null;
|
|
4468
|
+
}
|
|
4469
|
+
discardMeasurements() {
|
|
4470
|
+
return;
|
|
4471
|
+
}
|
|
4472
|
+
removePerformanceCallback() {
|
|
4473
|
+
return true;
|
|
4474
|
+
}
|
|
4475
|
+
addPerformanceCallback() {
|
|
4476
|
+
return "";
|
|
4477
|
+
}
|
|
4478
|
+
emitEvents() {
|
|
4479
|
+
return;
|
|
4480
|
+
}
|
|
4481
|
+
addFields() {
|
|
4482
|
+
return;
|
|
4483
|
+
}
|
|
4484
|
+
incrementFields() {
|
|
4485
|
+
return;
|
|
4486
|
+
}
|
|
4487
|
+
cacheEventByCorrelationId() {
|
|
4488
|
+
return;
|
|
4489
|
+
}
|
|
4490
|
+
}
|
|
4491
|
+
|
|
4492
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4493
|
+
|
|
4494
|
+
/*
|
|
4495
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4496
|
+
* Licensed under the MIT License.
|
|
4497
|
+
*/
|
|
4498
|
+
const DEFAULT_SYSTEM_OPTIONS = {
|
|
4499
|
+
tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
|
|
4500
|
+
preventCorsPreflight: false,
|
|
4501
|
+
};
|
|
4502
|
+
const DEFAULT_LOGGER_IMPLEMENTATION = {
|
|
4503
|
+
loggerCallback: () => {
|
|
4504
|
+
// allow users to not set loggerCallback
|
|
4505
|
+
},
|
|
4506
|
+
piiLoggingEnabled: false,
|
|
4507
|
+
logLevel: exports.LogLevel.Info,
|
|
4508
|
+
correlationId: Constants.EMPTY_STRING,
|
|
4509
|
+
};
|
|
4510
|
+
const DEFAULT_CACHE_OPTIONS = {
|
|
4511
|
+
claimsBasedCachingEnabled: false,
|
|
4512
|
+
};
|
|
4513
|
+
const DEFAULT_NETWORK_IMPLEMENTATION = {
|
|
4514
|
+
async sendGetRequestAsync() {
|
|
4515
|
+
throw createClientAuthError(methodNotImplemented);
|
|
4516
|
+
},
|
|
4517
|
+
async sendPostRequestAsync() {
|
|
4518
|
+
throw createClientAuthError(methodNotImplemented);
|
|
4519
|
+
},
|
|
4520
|
+
};
|
|
4521
|
+
const DEFAULT_LIBRARY_INFO = {
|
|
4522
|
+
sku: Constants.SKU,
|
|
4523
|
+
version: version$1,
|
|
4524
|
+
cpu: Constants.EMPTY_STRING,
|
|
4525
|
+
os: Constants.EMPTY_STRING,
|
|
4526
|
+
};
|
|
4527
|
+
const DEFAULT_CLIENT_CREDENTIALS = {
|
|
4528
|
+
clientSecret: Constants.EMPTY_STRING,
|
|
4529
|
+
clientAssertion: undefined,
|
|
4530
|
+
};
|
|
4531
|
+
const DEFAULT_AZURE_CLOUD_OPTIONS = {
|
|
4532
|
+
azureCloudInstance: AzureCloudInstance.None,
|
|
4533
|
+
tenant: `${Constants.DEFAULT_COMMON_TENANT}`,
|
|
4534
|
+
};
|
|
4535
|
+
const DEFAULT_TELEMETRY_OPTIONS = {
|
|
4536
|
+
application: {
|
|
4537
|
+
appName: "",
|
|
4538
|
+
appVersion: "",
|
|
4539
|
+
},
|
|
4540
|
+
};
|
|
4541
|
+
/**
|
|
4542
|
+
* Function that sets the default options when not explicitly configured from app developer
|
|
4543
|
+
*
|
|
4544
|
+
* @param Configuration
|
|
4545
|
+
*
|
|
4546
|
+
* @returns Configuration
|
|
4547
|
+
*/
|
|
4548
|
+
function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions: userSystemOptions, loggerOptions: userLoggerOption, cacheOptions: userCacheOptions, storageInterface: storageImplementation, networkInterface: networkImplementation, cryptoInterface: cryptoImplementation, clientCredentials: clientCredentials, libraryInfo: libraryInfo, telemetry: telemetry, serverTelemetryManager: serverTelemetryManager, persistencePlugin: persistencePlugin, serializableCache: serializableCache, }) {
|
|
4549
|
+
const loggerOptions = {
|
|
4550
|
+
...DEFAULT_LOGGER_IMPLEMENTATION,
|
|
4551
|
+
...userLoggerOption,
|
|
4552
|
+
};
|
|
4553
|
+
return {
|
|
4554
|
+
authOptions: buildAuthOptions(userAuthOptions),
|
|
4555
|
+
systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions },
|
|
4556
|
+
loggerOptions: loggerOptions,
|
|
4557
|
+
cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },
|
|
4558
|
+
storageInterface: storageImplementation ||
|
|
4559
|
+
new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions), new StubPerformanceClient()),
|
|
4560
|
+
networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION,
|
|
4561
|
+
cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION,
|
|
4562
|
+
clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS,
|
|
4563
|
+
libraryInfo: { ...DEFAULT_LIBRARY_INFO, ...libraryInfo },
|
|
4564
|
+
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry },
|
|
4565
|
+
serverTelemetryManager: serverTelemetryManager || null,
|
|
4566
|
+
persistencePlugin: persistencePlugin || null,
|
|
4567
|
+
serializableCache: serializableCache || null,
|
|
4568
|
+
};
|
|
4569
|
+
}
|
|
4570
|
+
/**
|
|
4571
|
+
* Construct authoptions from the client and platform passed values
|
|
4572
|
+
* @param authOptions
|
|
4573
|
+
*/
|
|
4574
|
+
function buildAuthOptions(authOptions) {
|
|
4575
|
+
return {
|
|
4576
|
+
clientCapabilities: [],
|
|
4577
|
+
azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
|
|
4578
|
+
skipAuthorityMetadataCache: false,
|
|
4579
|
+
instanceAware: false,
|
|
4580
|
+
encodeExtraQueryParams: false,
|
|
4581
|
+
...authOptions,
|
|
4582
|
+
};
|
|
4583
|
+
}
|
|
4584
|
+
/**
|
|
4585
|
+
* Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise
|
|
4586
|
+
* @param ClientConfiguration
|
|
4587
|
+
*/
|
|
4588
|
+
function isOidcProtocolMode(config) {
|
|
4589
|
+
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
4590
|
+
}
|
|
4591
|
+
|
|
4592
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4593
|
+
/*
|
|
4594
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4595
|
+
* Licensed under the MIT License.
|
|
4596
|
+
*/
|
|
4597
|
+
const CcsCredentialType = {
|
|
4598
|
+
HOME_ACCOUNT_ID: "home_account_id",
|
|
4599
|
+
UPN: "UPN",
|
|
4600
|
+
};
|
|
4601
|
+
|
|
4602
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4603
|
+
/*
|
|
4604
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4605
|
+
* Licensed under the MIT License.
|
|
4606
|
+
*/
|
|
4607
|
+
const CLIENT_ID = "client_id";
|
|
4608
|
+
const REDIRECT_URI = "redirect_uri";
|
|
4609
|
+
const RESPONSE_TYPE = "response_type";
|
|
4610
|
+
const RESPONSE_MODE = "response_mode";
|
|
4611
|
+
const GRANT_TYPE = "grant_type";
|
|
4612
|
+
const CLAIMS = "claims";
|
|
4613
|
+
const SCOPE = "scope";
|
|
4614
|
+
const REFRESH_TOKEN = "refresh_token";
|
|
4615
|
+
const STATE = "state";
|
|
4616
|
+
const NONCE = "nonce";
|
|
4617
|
+
const PROMPT = "prompt";
|
|
4618
|
+
const CODE = "code";
|
|
4619
|
+
const CODE_CHALLENGE = "code_challenge";
|
|
4620
|
+
const CODE_CHALLENGE_METHOD = "code_challenge_method";
|
|
4621
|
+
const CODE_VERIFIER = "code_verifier";
|
|
4622
|
+
const CLIENT_REQUEST_ID = "client-request-id";
|
|
4623
|
+
const X_CLIENT_SKU = "x-client-SKU";
|
|
4624
|
+
const X_CLIENT_VER = "x-client-VER";
|
|
4625
|
+
const X_CLIENT_OS = "x-client-OS";
|
|
4626
|
+
const X_CLIENT_CPU = "x-client-CPU";
|
|
4627
|
+
const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
|
|
4628
|
+
const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
|
|
4629
|
+
const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
|
|
4630
|
+
const X_APP_NAME = "x-app-name";
|
|
4631
|
+
const X_APP_VER = "x-app-ver";
|
|
4632
|
+
const POST_LOGOUT_URI = "post_logout_redirect_uri";
|
|
4633
|
+
const ID_TOKEN_HINT = "id_token_hint";
|
|
4634
|
+
const CLIENT_SECRET = "client_secret";
|
|
4635
|
+
const CLIENT_ASSERTION = "client_assertion";
|
|
4636
|
+
const CLIENT_ASSERTION_TYPE = "client_assertion_type";
|
|
4637
|
+
const TOKEN_TYPE = "token_type";
|
|
4638
|
+
const REQ_CNF = "req_cnf";
|
|
4639
|
+
const RETURN_SPA_CODE = "return_spa_code";
|
|
4640
|
+
const NATIVE_BROKER = "nativebroker";
|
|
4641
|
+
const LOGOUT_HINT = "logout_hint";
|
|
4642
|
+
const SID = "sid";
|
|
4643
|
+
const LOGIN_HINT = "login_hint";
|
|
4644
|
+
const DOMAIN_HINT = "domain_hint";
|
|
4645
|
+
const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
|
|
4646
|
+
const BROKER_CLIENT_ID = "brk_client_id";
|
|
4647
|
+
const BROKER_REDIRECT_URI = "brk_redirect_uri";
|
|
4648
|
+
const INSTANCE_AWARE = "instance_aware";
|
|
4649
|
+
const EAR_JWK = "ear_jwk";
|
|
4650
|
+
const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
4651
|
+
|
|
4652
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4653
|
+
|
|
4654
|
+
/*
|
|
4655
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4656
|
+
* Licensed under the MIT License.
|
|
4657
|
+
*/
|
|
4658
|
+
function instrumentBrokerParams(parameters, correlationId, performanceClient) {
|
|
4659
|
+
if (!correlationId) {
|
|
4660
|
+
return;
|
|
4661
|
+
}
|
|
4662
|
+
const clientId = parameters.get(CLIENT_ID);
|
|
4663
|
+
if (clientId && parameters.has(BROKER_CLIENT_ID)) {
|
|
4664
|
+
performanceClient?.addFields({
|
|
4665
|
+
embeddedClientId: clientId,
|
|
4666
|
+
embeddedRedirectUri: parameters.get(REDIRECT_URI),
|
|
4667
|
+
}, correlationId);
|
|
4668
|
+
}
|
|
4669
|
+
}
|
|
4670
|
+
/**
|
|
4671
|
+
* Add the given response_type
|
|
4672
|
+
* @param parameters
|
|
4673
|
+
* @param responseType
|
|
4674
|
+
*/
|
|
4675
|
+
function addResponseType(parameters, responseType) {
|
|
4676
|
+
parameters.set(RESPONSE_TYPE, responseType);
|
|
4677
|
+
}
|
|
4678
|
+
/**
|
|
4679
|
+
* add response_mode. defaults to query.
|
|
4680
|
+
* @param responseMode
|
|
4681
|
+
*/
|
|
4682
|
+
function addResponseMode(parameters, responseMode) {
|
|
4683
|
+
parameters.set(RESPONSE_MODE, responseMode ? responseMode : ResponseMode.QUERY);
|
|
4684
|
+
}
|
|
4685
|
+
/**
|
|
4686
|
+
* Add flag to indicate STS should attempt to use WAM if available
|
|
4687
|
+
*/
|
|
4688
|
+
function addNativeBroker(parameters) {
|
|
4689
|
+
parameters.set(NATIVE_BROKER, "1");
|
|
4690
|
+
}
|
|
4691
|
+
/**
|
|
4692
|
+
* add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
|
|
4693
|
+
* @param scopeSet
|
|
4694
|
+
* @param addOidcScopes
|
|
4695
|
+
*/
|
|
4696
|
+
function addScopes(parameters, scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {
|
|
4697
|
+
// Always add openid to the scopes when adding OIDC scopes
|
|
4698
|
+
if (addOidcScopes &&
|
|
4699
|
+
!defaultScopes.includes("openid") &&
|
|
4700
|
+
!scopes.includes("openid")) {
|
|
4701
|
+
defaultScopes.push("openid");
|
|
4702
|
+
}
|
|
4703
|
+
const requestScopes = addOidcScopes
|
|
4704
|
+
? [...(scopes || []), ...defaultScopes]
|
|
4705
|
+
: scopes || [];
|
|
4706
|
+
const scopeSet = new ScopeSet(requestScopes);
|
|
4707
|
+
parameters.set(SCOPE, scopeSet.printScopes());
|
|
4708
|
+
}
|
|
4709
|
+
/**
|
|
4710
|
+
* add clientId
|
|
4711
|
+
* @param clientId
|
|
4712
|
+
*/
|
|
4713
|
+
function addClientId(parameters, clientId) {
|
|
4714
|
+
parameters.set(CLIENT_ID, clientId);
|
|
4715
|
+
}
|
|
4716
|
+
/**
|
|
4717
|
+
* add redirect_uri
|
|
4718
|
+
* @param redirectUri
|
|
4719
|
+
*/
|
|
4720
|
+
function addRedirectUri(parameters, redirectUri) {
|
|
4721
|
+
parameters.set(REDIRECT_URI, redirectUri);
|
|
4722
|
+
}
|
|
4723
|
+
/**
|
|
4724
|
+
* add post logout redirectUri
|
|
4725
|
+
* @param redirectUri
|
|
4726
|
+
*/
|
|
4727
|
+
function addPostLogoutRedirectUri(parameters, redirectUri) {
|
|
4728
|
+
parameters.set(POST_LOGOUT_URI, redirectUri);
|
|
4729
|
+
}
|
|
4730
|
+
/**
|
|
4731
|
+
* add id_token_hint to logout request
|
|
4732
|
+
* @param idTokenHint
|
|
4733
|
+
*/
|
|
4734
|
+
function addIdTokenHint(parameters, idTokenHint) {
|
|
4735
|
+
parameters.set(ID_TOKEN_HINT, idTokenHint);
|
|
4736
|
+
}
|
|
4737
|
+
/**
|
|
4738
|
+
* add domain_hint
|
|
4739
|
+
* @param domainHint
|
|
4740
|
+
*/
|
|
4741
|
+
function addDomainHint(parameters, domainHint) {
|
|
4742
|
+
parameters.set(DOMAIN_HINT, domainHint);
|
|
4743
|
+
}
|
|
4744
|
+
/**
|
|
4745
|
+
* add login_hint
|
|
4746
|
+
* @param loginHint
|
|
4747
|
+
*/
|
|
4748
|
+
function addLoginHint(parameters, loginHint) {
|
|
4749
|
+
parameters.set(LOGIN_HINT, loginHint);
|
|
4750
|
+
}
|
|
4751
|
+
/**
|
|
4752
|
+
* Adds the CCS (Cache Credential Service) query parameter for login_hint
|
|
4753
|
+
* @param loginHint
|
|
4754
|
+
*/
|
|
4755
|
+
function addCcsUpn(parameters, loginHint) {
|
|
4756
|
+
parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
|
|
4757
|
+
}
|
|
4758
|
+
/**
|
|
4759
|
+
* Adds the CCS (Cache Credential Service) query parameter for account object
|
|
4760
|
+
* @param loginHint
|
|
4761
|
+
*/
|
|
4762
|
+
function addCcsOid(parameters, clientInfo) {
|
|
4763
|
+
parameters.set(HeaderNames.CCS_HEADER, `Oid:${clientInfo.uid}@${clientInfo.utid}`);
|
|
4764
|
+
}
|
|
4765
|
+
/**
|
|
4766
|
+
* add sid
|
|
4767
|
+
* @param sid
|
|
4768
|
+
*/
|
|
4769
|
+
function addSid(parameters, sid) {
|
|
4770
|
+
parameters.set(SID, sid);
|
|
4771
|
+
}
|
|
4772
|
+
/**
|
|
4773
|
+
* add claims
|
|
4774
|
+
* @param claims
|
|
4775
|
+
*/
|
|
4776
|
+
function addClaims(parameters, claims, clientCapabilities) {
|
|
4777
|
+
const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
|
|
4778
|
+
try {
|
|
4779
|
+
JSON.parse(mergedClaims);
|
|
4780
|
+
}
|
|
4781
|
+
catch (e) {
|
|
4782
|
+
throw createClientConfigurationError(invalidClaims);
|
|
4783
|
+
}
|
|
4784
|
+
parameters.set(CLAIMS, mergedClaims);
|
|
4785
|
+
}
|
|
4786
|
+
/**
|
|
4787
|
+
* add correlationId
|
|
4788
|
+
* @param correlationId
|
|
4789
|
+
*/
|
|
4790
|
+
function addCorrelationId(parameters, correlationId) {
|
|
4791
|
+
parameters.set(CLIENT_REQUEST_ID, correlationId);
|
|
4792
|
+
}
|
|
4793
|
+
/**
|
|
4794
|
+
* add library info query params
|
|
4795
|
+
* @param libraryInfo
|
|
4796
|
+
*/
|
|
4797
|
+
function addLibraryInfo(parameters, libraryInfo) {
|
|
4798
|
+
// Telemetry Info
|
|
4799
|
+
parameters.set(X_CLIENT_SKU, libraryInfo.sku);
|
|
4800
|
+
parameters.set(X_CLIENT_VER, libraryInfo.version);
|
|
4801
|
+
if (libraryInfo.os) {
|
|
4802
|
+
parameters.set(X_CLIENT_OS, libraryInfo.os);
|
|
4803
|
+
}
|
|
4804
|
+
if (libraryInfo.cpu) {
|
|
4805
|
+
parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
|
|
4806
|
+
}
|
|
4807
|
+
}
|
|
4808
|
+
/**
|
|
4809
|
+
* Add client telemetry parameters
|
|
4810
|
+
* @param appTelemetry
|
|
4811
|
+
*/
|
|
4812
|
+
function addApplicationTelemetry(parameters, appTelemetry) {
|
|
4813
|
+
if (appTelemetry?.appName) {
|
|
4814
|
+
parameters.set(X_APP_NAME, appTelemetry.appName);
|
|
4815
|
+
}
|
|
4816
|
+
if (appTelemetry?.appVersion) {
|
|
4817
|
+
parameters.set(X_APP_VER, appTelemetry.appVersion);
|
|
4818
|
+
}
|
|
4819
|
+
}
|
|
4820
|
+
/**
|
|
4821
|
+
* add prompt
|
|
4822
|
+
* @param prompt
|
|
4823
|
+
*/
|
|
4824
|
+
function addPrompt(parameters, prompt) {
|
|
4825
|
+
parameters.set(PROMPT, prompt);
|
|
4826
|
+
}
|
|
4827
|
+
/**
|
|
4828
|
+
* add state
|
|
4829
|
+
* @param state
|
|
4830
|
+
*/
|
|
4831
|
+
function addState(parameters, state) {
|
|
4832
|
+
if (state) {
|
|
4833
|
+
parameters.set(STATE, state);
|
|
4834
|
+
}
|
|
4835
|
+
}
|
|
4836
|
+
/**
|
|
4837
|
+
* add nonce
|
|
4838
|
+
* @param nonce
|
|
4839
|
+
*/
|
|
4840
|
+
function addNonce(parameters, nonce) {
|
|
4841
|
+
parameters.set(NONCE, nonce);
|
|
4842
|
+
}
|
|
4843
|
+
/**
|
|
4844
|
+
* add code_challenge and code_challenge_method
|
|
4845
|
+
* - throw if either of them are not passed
|
|
4846
|
+
* @param codeChallenge
|
|
4847
|
+
* @param codeChallengeMethod
|
|
4848
|
+
*/
|
|
4849
|
+
function addCodeChallengeParams(parameters, codeChallenge, codeChallengeMethod) {
|
|
4850
|
+
if (codeChallenge && codeChallengeMethod) {
|
|
4851
|
+
parameters.set(CODE_CHALLENGE, codeChallenge);
|
|
4852
|
+
parameters.set(CODE_CHALLENGE_METHOD, codeChallengeMethod);
|
|
4853
|
+
}
|
|
4854
|
+
else {
|
|
4855
|
+
throw createClientConfigurationError(pkceParamsMissing);
|
|
4856
|
+
}
|
|
4857
|
+
}
|
|
4858
|
+
/**
|
|
4859
|
+
* add the `authorization_code` passed by the user to exchange for a token
|
|
4860
|
+
* @param code
|
|
4861
|
+
*/
|
|
4862
|
+
function addAuthorizationCode(parameters, code) {
|
|
4863
|
+
parameters.set(CODE, code);
|
|
4864
|
+
}
|
|
4865
|
+
/**
|
|
4866
|
+
* add the `refreshToken` passed by the user
|
|
4867
|
+
* @param refreshToken
|
|
4868
|
+
*/
|
|
4869
|
+
function addRefreshToken(parameters, refreshToken) {
|
|
4870
|
+
parameters.set(REFRESH_TOKEN, refreshToken);
|
|
4871
|
+
}
|
|
4872
|
+
/**
|
|
4873
|
+
* add the `code_verifier` passed by the user to exchange for a token
|
|
4874
|
+
* @param codeVerifier
|
|
4875
|
+
*/
|
|
4876
|
+
function addCodeVerifier(parameters, codeVerifier) {
|
|
4877
|
+
parameters.set(CODE_VERIFIER, codeVerifier);
|
|
4878
|
+
}
|
|
4879
|
+
/**
|
|
4880
|
+
* add client_secret
|
|
4881
|
+
* @param clientSecret
|
|
4882
|
+
*/
|
|
4883
|
+
function addClientSecret(parameters, clientSecret) {
|
|
4884
|
+
parameters.set(CLIENT_SECRET, clientSecret);
|
|
4885
|
+
}
|
|
4886
|
+
/**
|
|
4887
|
+
* add clientAssertion for confidential client flows
|
|
4888
|
+
* @param clientAssertion
|
|
4889
|
+
*/
|
|
4890
|
+
function addClientAssertion(parameters, clientAssertion) {
|
|
4891
|
+
if (clientAssertion) {
|
|
4892
|
+
parameters.set(CLIENT_ASSERTION, clientAssertion);
|
|
4893
|
+
}
|
|
4894
|
+
}
|
|
4895
|
+
/**
|
|
4896
|
+
* add clientAssertionType for confidential client flows
|
|
4897
|
+
* @param clientAssertionType
|
|
4898
|
+
*/
|
|
4899
|
+
function addClientAssertionType(parameters, clientAssertionType) {
|
|
4900
|
+
if (clientAssertionType) {
|
|
4901
|
+
parameters.set(CLIENT_ASSERTION_TYPE, clientAssertionType);
|
|
4902
|
+
}
|
|
4903
|
+
}
|
|
4904
|
+
/**
|
|
4905
|
+
* add grant type
|
|
4906
|
+
* @param grantType
|
|
4907
|
+
*/
|
|
4908
|
+
function addGrantType(parameters, grantType) {
|
|
4909
|
+
parameters.set(GRANT_TYPE, grantType);
|
|
4910
|
+
}
|
|
4911
|
+
/**
|
|
4912
|
+
* add client info
|
|
4954
4913
|
*
|
|
4955
|
-
* @export
|
|
4956
|
-
* @enum {number}
|
|
4957
4914
|
*/
|
|
4958
|
-
|
|
4959
|
-
|
|
4960
|
-
|
|
4961
|
-
|
|
4962
|
-
|
|
4963
|
-
|
|
4964
|
-
|
|
4965
|
-
|
|
4966
|
-
|
|
4967
|
-
|
|
4968
|
-
|
|
4969
|
-
|
|
4970
|
-
|
|
4971
|
-
|
|
4972
|
-
|
|
4973
|
-
|
|
4974
|
-
|
|
4975
|
-
|
|
4976
|
-
|
|
4977
|
-
|
|
4978
|
-
|
|
4915
|
+
function addClientInfo(parameters) {
|
|
4916
|
+
parameters.set(CLIENT_INFO, "1");
|
|
4917
|
+
}
|
|
4918
|
+
function addInstanceAware(parameters) {
|
|
4919
|
+
if (!parameters.has(INSTANCE_AWARE)) {
|
|
4920
|
+
parameters.set(INSTANCE_AWARE, "true");
|
|
4921
|
+
}
|
|
4922
|
+
}
|
|
4923
|
+
/**
|
|
4924
|
+
* add extraQueryParams
|
|
4925
|
+
* @param eQParams
|
|
4926
|
+
*/
|
|
4927
|
+
function addExtraQueryParameters(parameters, eQParams) {
|
|
4928
|
+
Object.entries(eQParams).forEach(([key, value]) => {
|
|
4929
|
+
if (!parameters.has(key) && value) {
|
|
4930
|
+
parameters.set(key, value);
|
|
4931
|
+
}
|
|
4932
|
+
});
|
|
4933
|
+
}
|
|
4934
|
+
function addClientCapabilitiesToClaims(claims, clientCapabilities) {
|
|
4935
|
+
let mergedClaims;
|
|
4936
|
+
// Parse provided claims into JSON object or initialize empty object
|
|
4937
|
+
if (!claims) {
|
|
4938
|
+
mergedClaims = {};
|
|
4939
|
+
}
|
|
4940
|
+
else {
|
|
4941
|
+
try {
|
|
4942
|
+
mergedClaims = JSON.parse(claims);
|
|
4943
|
+
}
|
|
4944
|
+
catch (e) {
|
|
4945
|
+
throw createClientConfigurationError(invalidClaims);
|
|
4946
|
+
}
|
|
4947
|
+
}
|
|
4948
|
+
if (clientCapabilities && clientCapabilities.length > 0) {
|
|
4949
|
+
if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
|
|
4950
|
+
// Add access_token key to claims object
|
|
4951
|
+
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
|
|
4952
|
+
}
|
|
4953
|
+
// Add xms_cc claim with provided clientCapabilities to access_token key
|
|
4954
|
+
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
|
|
4955
|
+
{
|
|
4956
|
+
values: clientCapabilities,
|
|
4957
|
+
};
|
|
4958
|
+
}
|
|
4959
|
+
return JSON.stringify(mergedClaims);
|
|
4960
|
+
}
|
|
4961
|
+
/**
|
|
4962
|
+
* add pop_jwk to query params
|
|
4963
|
+
* @param cnfString
|
|
4964
|
+
*/
|
|
4965
|
+
function addPopToken(parameters, cnfString) {
|
|
4966
|
+
if (cnfString) {
|
|
4967
|
+
parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
|
|
4968
|
+
parameters.set(REQ_CNF, cnfString);
|
|
4969
|
+
}
|
|
4970
|
+
}
|
|
4971
|
+
/**
|
|
4972
|
+
* add SSH JWK and key ID to query params
|
|
4973
|
+
*/
|
|
4974
|
+
function addSshJwk(parameters, sshJwkString) {
|
|
4975
|
+
if (sshJwkString) {
|
|
4976
|
+
parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
|
|
4977
|
+
parameters.set(REQ_CNF, sshJwkString);
|
|
4978
|
+
}
|
|
4979
|
+
}
|
|
4980
|
+
/**
|
|
4981
|
+
* add server telemetry fields
|
|
4982
|
+
* @param serverTelemetryManager
|
|
4983
|
+
*/
|
|
4984
|
+
function addServerTelemetry(parameters, serverTelemetryManager) {
|
|
4985
|
+
parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
|
|
4986
|
+
parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
|
|
4987
|
+
}
|
|
4988
|
+
/**
|
|
4989
|
+
* Adds parameter that indicates to the server that throttling is supported
|
|
4990
|
+
*/
|
|
4991
|
+
function addThrottling(parameters) {
|
|
4992
|
+
parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
|
|
4993
|
+
}
|
|
4994
|
+
/**
|
|
4995
|
+
* Adds logout_hint parameter for "silent" logout which prevent server account picker
|
|
4996
|
+
*/
|
|
4997
|
+
function addLogoutHint(parameters, logoutHint) {
|
|
4998
|
+
parameters.set(LOGOUT_HINT, logoutHint);
|
|
4999
|
+
}
|
|
5000
|
+
function addBrokerParameters(parameters, brokerClientId, brokerRedirectUri) {
|
|
5001
|
+
if (!parameters.has(BROKER_CLIENT_ID)) {
|
|
5002
|
+
parameters.set(BROKER_CLIENT_ID, brokerClientId);
|
|
5003
|
+
}
|
|
5004
|
+
if (!parameters.has(BROKER_REDIRECT_URI)) {
|
|
5005
|
+
parameters.set(BROKER_REDIRECT_URI, brokerRedirectUri);
|
|
5006
|
+
}
|
|
5007
|
+
}
|
|
5008
|
+
/**
|
|
5009
|
+
* Add EAR (Encrypted Authorize Response) request parameters
|
|
5010
|
+
* @param parameters
|
|
5011
|
+
* @param jwk
|
|
5012
|
+
*/
|
|
5013
|
+
function addEARParameters(parameters, jwk) {
|
|
5014
|
+
parameters.set(EAR_JWK, encodeURIComponent(jwk));
|
|
5015
|
+
// ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
|
|
5016
|
+
const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
|
|
5017
|
+
parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
|
|
5018
|
+
}
|
|
5019
|
+
|
|
5020
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
5021
|
+
/*
|
|
5022
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5023
|
+
* Licensed under the MIT License.
|
|
5024
|
+
*/
|
|
5025
|
+
function isOpenIdConfigResponse(response) {
|
|
5026
|
+
return (response.hasOwnProperty("authorization_endpoint") &&
|
|
5027
|
+
response.hasOwnProperty("token_endpoint") &&
|
|
5028
|
+
response.hasOwnProperty("issuer") &&
|
|
5029
|
+
response.hasOwnProperty("jwks_uri"));
|
|
5030
|
+
}
|
|
5031
|
+
|
|
5032
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
5033
|
+
/*
|
|
5034
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5035
|
+
* Licensed under the MIT License.
|
|
5036
|
+
*/
|
|
5037
|
+
function isCloudInstanceDiscoveryResponse(response) {
|
|
5038
|
+
return (response.hasOwnProperty("tenant_discovery_endpoint") &&
|
|
5039
|
+
response.hasOwnProperty("metadata"));
|
|
5040
|
+
}
|
|
5041
|
+
|
|
5042
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
5043
|
+
/*
|
|
5044
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5045
|
+
* Licensed under the MIT License.
|
|
5046
|
+
*/
|
|
5047
|
+
function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
5048
|
+
return (response.hasOwnProperty("error") &&
|
|
5049
|
+
response.hasOwnProperty("error_description"));
|
|
5050
|
+
}
|
|
4979
5051
|
|
|
4980
|
-
/*! @azure/msal-common v15.7.
|
|
5052
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4981
5053
|
/*
|
|
4982
5054
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4983
5055
|
* Licensed under the MIT License.
|
|
@@ -5073,7 +5145,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
5073
5145
|
};
|
|
5074
5146
|
};
|
|
5075
5147
|
|
|
5076
|
-
/*! @azure/msal-common v15.7.
|
|
5148
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
5077
5149
|
|
|
5078
5150
|
/*
|
|
5079
5151
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5179,7 +5251,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
5179
5251
|
},
|
|
5180
5252
|
};
|
|
5181
5253
|
|
|
5182
|
-
/*! @azure/msal-common v15.7.
|
|
5254
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
5183
5255
|
|
|
5184
5256
|
/*
|
|
5185
5257
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6018,7 +6090,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
6018
6090
|
};
|
|
6019
6091
|
}
|
|
6020
6092
|
|
|
6021
|
-
/*! @azure/msal-common v15.7.
|
|
6093
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6022
6094
|
|
|
6023
6095
|
/*
|
|
6024
6096
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6049,7 +6121,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
6049
6121
|
}
|
|
6050
6122
|
}
|
|
6051
6123
|
|
|
6052
|
-
/*! @azure/msal-common v15.7.
|
|
6124
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6053
6125
|
|
|
6054
6126
|
/*
|
|
6055
6127
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6068,7 +6140,7 @@ class ServerError extends AuthError {
|
|
|
6068
6140
|
}
|
|
6069
6141
|
}
|
|
6070
6142
|
|
|
6071
|
-
/*! @azure/msal-common v15.7.
|
|
6143
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6072
6144
|
/*
|
|
6073
6145
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6074
6146
|
* Licensed under the MIT License.
|
|
@@ -6089,7 +6161,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
6089
6161
|
};
|
|
6090
6162
|
}
|
|
6091
6163
|
|
|
6092
|
-
/*! @azure/msal-common v15.7.
|
|
6164
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6093
6165
|
|
|
6094
6166
|
/*
|
|
6095
6167
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6176,7 +6248,7 @@ class ThrottlingUtils {
|
|
|
6176
6248
|
}
|
|
6177
6249
|
}
|
|
6178
6250
|
|
|
6179
|
-
/*! @azure/msal-common v15.7.
|
|
6251
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6180
6252
|
|
|
6181
6253
|
/*
|
|
6182
6254
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6207,7 +6279,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
6207
6279
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
6208
6280
|
}
|
|
6209
6281
|
|
|
6210
|
-
/*! @azure/msal-common v15.7.
|
|
6282
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6211
6283
|
|
|
6212
6284
|
/*
|
|
6213
6285
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6355,7 +6427,7 @@ class BaseClient {
|
|
|
6355
6427
|
}
|
|
6356
6428
|
}
|
|
6357
6429
|
|
|
6358
|
-
/*! @azure/msal-common v15.7.
|
|
6430
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6359
6431
|
/*
|
|
6360
6432
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6361
6433
|
* Licensed under the MIT License.
|
|
@@ -6364,6 +6436,7 @@ class BaseClient {
|
|
|
6364
6436
|
const noTokensFound = "no_tokens_found";
|
|
6365
6437
|
const nativeAccountUnavailable = "native_account_unavailable";
|
|
6366
6438
|
const refreshTokenExpired = "refresh_token_expired";
|
|
6439
|
+
const uxNotAllowed = "ux_not_allowed";
|
|
6367
6440
|
// Codes potentially returned by server
|
|
6368
6441
|
const interactionRequired = "interaction_required";
|
|
6369
6442
|
const consentRequired = "consent_required";
|
|
@@ -6378,10 +6451,11 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
6378
6451
|
loginRequired: loginRequired,
|
|
6379
6452
|
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
6380
6453
|
noTokensFound: noTokensFound,
|
|
6381
|
-
refreshTokenExpired: refreshTokenExpired
|
|
6454
|
+
refreshTokenExpired: refreshTokenExpired,
|
|
6455
|
+
uxNotAllowed: uxNotAllowed
|
|
6382
6456
|
});
|
|
6383
6457
|
|
|
6384
|
-
/*! @azure/msal-common v15.7.
|
|
6458
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6385
6459
|
|
|
6386
6460
|
/*
|
|
6387
6461
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6395,6 +6469,7 @@ const InteractionRequiredServerErrorMessage = [
|
|
|
6395
6469
|
consentRequired,
|
|
6396
6470
|
loginRequired,
|
|
6397
6471
|
badToken,
|
|
6472
|
+
uxNotAllowed,
|
|
6398
6473
|
];
|
|
6399
6474
|
const InteractionRequiredAuthSubErrorMessage = [
|
|
6400
6475
|
"message_only",
|
|
@@ -6409,6 +6484,7 @@ const InteractionRequiredAuthErrorMessages = {
|
|
|
6409
6484
|
[nativeAccountUnavailable]: "The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",
|
|
6410
6485
|
[refreshTokenExpired]: "Refresh token has expired.",
|
|
6411
6486
|
[badToken]: "Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.",
|
|
6487
|
+
[uxNotAllowed]: "`canShowUI` flag in Edge was set to false. User interaction required on web page. Please invoke an interactive API to resolve.",
|
|
6412
6488
|
};
|
|
6413
6489
|
/**
|
|
6414
6490
|
* Interaction required errors defined by the SDK
|
|
@@ -6469,7 +6545,7 @@ function createInteractionRequiredAuthError(errorCode) {
|
|
|
6469
6545
|
return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
|
|
6470
6546
|
}
|
|
6471
6547
|
|
|
6472
|
-
/*! @azure/msal-common v15.7.
|
|
6548
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6473
6549
|
|
|
6474
6550
|
/*
|
|
6475
6551
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6541,7 +6617,7 @@ class ProtocolUtils {
|
|
|
6541
6617
|
}
|
|
6542
6618
|
}
|
|
6543
6619
|
|
|
6544
|
-
/*! @azure/msal-common v15.7.
|
|
6620
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6545
6621
|
|
|
6546
6622
|
/*
|
|
6547
6623
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6625,7 +6701,7 @@ class PopTokenGenerator {
|
|
|
6625
6701
|
}
|
|
6626
6702
|
}
|
|
6627
6703
|
|
|
6628
|
-
/*! @azure/msal-common v15.7.
|
|
6704
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6629
6705
|
/*
|
|
6630
6706
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6631
6707
|
* Licensed under the MIT License.
|
|
@@ -6652,7 +6728,7 @@ class PopTokenGenerator {
|
|
|
6652
6728
|
}
|
|
6653
6729
|
}
|
|
6654
6730
|
|
|
6655
|
-
/*! @azure/msal-common v15.7.
|
|
6731
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6656
6732
|
|
|
6657
6733
|
/*
|
|
6658
6734
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6983,7 +7059,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
6983
7059
|
return baseAccount;
|
|
6984
7060
|
}
|
|
6985
7061
|
|
|
6986
|
-
/*! @azure/msal-common v15.7.
|
|
7062
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6987
7063
|
|
|
6988
7064
|
/*
|
|
6989
7065
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7050,7 +7126,7 @@ class RequestValidator {
|
|
|
7050
7126
|
}
|
|
7051
7127
|
}
|
|
7052
7128
|
|
|
7053
|
-
/*! @azure/msal-common v15.7.
|
|
7129
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7054
7130
|
/*
|
|
7055
7131
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7056
7132
|
* Licensed under the MIT License.
|
|
@@ -7068,7 +7144,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
7068
7144
|
}
|
|
7069
7145
|
}
|
|
7070
7146
|
|
|
7071
|
-
/*! @azure/msal-common v15.7.
|
|
7147
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7072
7148
|
|
|
7073
7149
|
/*
|
|
7074
7150
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7301,7 +7377,7 @@ class AuthorizationCodeClient extends BaseClient {
|
|
|
7301
7377
|
}
|
|
7302
7378
|
}
|
|
7303
7379
|
|
|
7304
|
-
/*! @azure/msal-common v15.7.
|
|
7380
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7305
7381
|
|
|
7306
7382
|
/*
|
|
7307
7383
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7510,7 +7586,7 @@ class RefreshTokenClient extends BaseClient {
|
|
|
7510
7586
|
}
|
|
7511
7587
|
}
|
|
7512
7588
|
|
|
7513
|
-
/*! @azure/msal-common v15.7.
|
|
7589
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7514
7590
|
|
|
7515
7591
|
/*
|
|
7516
7592
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7542,7 +7618,7 @@ class SilentFlowClient extends BaseClient {
|
|
|
7542
7618
|
const requestTenantId = request.account.tenantId ||
|
|
7543
7619
|
getTenantFromAuthorityString(request.authority);
|
|
7544
7620
|
const tokenKeys = this.cacheManager.getTokenKeys();
|
|
7545
|
-
const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId
|
|
7621
|
+
const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId);
|
|
7546
7622
|
if (!cachedAccessToken) {
|
|
7547
7623
|
// must refresh due to non-existent access_token
|
|
7548
7624
|
this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
|
|
@@ -7608,7 +7684,7 @@ class SilentFlowClient extends BaseClient {
|
|
|
7608
7684
|
}
|
|
7609
7685
|
}
|
|
7610
7686
|
|
|
7611
|
-
/*! @azure/msal-common v15.7.
|
|
7687
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7612
7688
|
|
|
7613
7689
|
/*
|
|
7614
7690
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7623,7 +7699,7 @@ const StubbedNetworkModule = {
|
|
|
7623
7699
|
},
|
|
7624
7700
|
};
|
|
7625
7701
|
|
|
7626
|
-
/*! @azure/msal-common v15.7.
|
|
7702
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7627
7703
|
|
|
7628
7704
|
/*
|
|
7629
7705
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7847,7 +7923,7 @@ function extractLoginHint(account) {
|
|
|
7847
7923
|
return account.idTokenClaims?.login_hint || null;
|
|
7848
7924
|
}
|
|
7849
7925
|
|
|
7850
|
-
/*! @azure/msal-common v15.7.
|
|
7926
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7851
7927
|
|
|
7852
7928
|
/*
|
|
7853
7929
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7905,7 +7981,7 @@ class AuthenticationHeaderParser {
|
|
|
7905
7981
|
}
|
|
7906
7982
|
}
|
|
7907
7983
|
|
|
7908
|
-
/*! @azure/msal-common v15.7.
|
|
7984
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7909
7985
|
|
|
7910
7986
|
/*
|
|
7911
7987
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8168,7 +8244,7 @@ class ServerTelemetryManager {
|
|
|
8168
8244
|
}
|
|
8169
8245
|
}
|
|
8170
8246
|
|
|
8171
|
-
/*! @azure/msal-common v15.7.
|
|
8247
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
8172
8248
|
/*
|
|
8173
8249
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8174
8250
|
* Licensed under the MIT License.
|
|
@@ -8176,7 +8252,7 @@ class ServerTelemetryManager {
|
|
|
8176
8252
|
const missingKidError = "missing_kid_error";
|
|
8177
8253
|
const missingAlgError = "missing_alg_error";
|
|
8178
8254
|
|
|
8179
|
-
/*! @azure/msal-common v15.7.
|
|
8255
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
8180
8256
|
|
|
8181
8257
|
/*
|
|
8182
8258
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8201,7 +8277,7 @@ function createJoseHeaderError(code) {
|
|
|
8201
8277
|
return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
|
|
8202
8278
|
}
|
|
8203
8279
|
|
|
8204
|
-
/*! @azure/msal-common v15.7.
|
|
8280
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
8205
8281
|
|
|
8206
8282
|
/*
|
|
8207
8283
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8241,86 +8317,7 @@ class JoseHeader {
|
|
|
8241
8317
|
}
|
|
8242
8318
|
}
|
|
8243
8319
|
|
|
8244
|
-
/*! @azure/msal-common v15.7.
|
|
8245
|
-
|
|
8246
|
-
/*
|
|
8247
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8248
|
-
* Licensed under the MIT License.
|
|
8249
|
-
*/
|
|
8250
|
-
class StubPerformanceMeasurement {
|
|
8251
|
-
startMeasurement() {
|
|
8252
|
-
return;
|
|
8253
|
-
}
|
|
8254
|
-
endMeasurement() {
|
|
8255
|
-
return;
|
|
8256
|
-
}
|
|
8257
|
-
flushMeasurement() {
|
|
8258
|
-
return null;
|
|
8259
|
-
}
|
|
8260
|
-
}
|
|
8261
|
-
class StubPerformanceClient {
|
|
8262
|
-
generateId() {
|
|
8263
|
-
return "callback-id";
|
|
8264
|
-
}
|
|
8265
|
-
startMeasurement(measureName, correlationId) {
|
|
8266
|
-
return {
|
|
8267
|
-
end: () => null,
|
|
8268
|
-
discard: () => { },
|
|
8269
|
-
add: () => { },
|
|
8270
|
-
increment: () => { },
|
|
8271
|
-
event: {
|
|
8272
|
-
eventId: this.generateId(),
|
|
8273
|
-
status: PerformanceEventStatus.InProgress,
|
|
8274
|
-
authority: "",
|
|
8275
|
-
libraryName: "",
|
|
8276
|
-
libraryVersion: "",
|
|
8277
|
-
clientId: "",
|
|
8278
|
-
name: measureName,
|
|
8279
|
-
startTimeMs: Date.now(),
|
|
8280
|
-
correlationId: correlationId || "",
|
|
8281
|
-
},
|
|
8282
|
-
measurement: new StubPerformanceMeasurement(),
|
|
8283
|
-
};
|
|
8284
|
-
}
|
|
8285
|
-
startPerformanceMeasurement() {
|
|
8286
|
-
return new StubPerformanceMeasurement();
|
|
8287
|
-
}
|
|
8288
|
-
calculateQueuedTime() {
|
|
8289
|
-
return 0;
|
|
8290
|
-
}
|
|
8291
|
-
addQueueMeasurement() {
|
|
8292
|
-
return;
|
|
8293
|
-
}
|
|
8294
|
-
setPreQueueTime() {
|
|
8295
|
-
return;
|
|
8296
|
-
}
|
|
8297
|
-
endMeasurement() {
|
|
8298
|
-
return null;
|
|
8299
|
-
}
|
|
8300
|
-
discardMeasurements() {
|
|
8301
|
-
return;
|
|
8302
|
-
}
|
|
8303
|
-
removePerformanceCallback() {
|
|
8304
|
-
return true;
|
|
8305
|
-
}
|
|
8306
|
-
addPerformanceCallback() {
|
|
8307
|
-
return "";
|
|
8308
|
-
}
|
|
8309
|
-
emitEvents() {
|
|
8310
|
-
return;
|
|
8311
|
-
}
|
|
8312
|
-
addFields() {
|
|
8313
|
-
return;
|
|
8314
|
-
}
|
|
8315
|
-
incrementFields() {
|
|
8316
|
-
return;
|
|
8317
|
-
}
|
|
8318
|
-
cacheEventByCorrelationId() {
|
|
8319
|
-
return;
|
|
8320
|
-
}
|
|
8321
|
-
}
|
|
8322
|
-
|
|
8323
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
8320
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
8324
8321
|
|
|
8325
8322
|
/*
|
|
8326
8323
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10425,7 +10422,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
10425
10422
|
|
|
10426
10423
|
/* eslint-disable header/header */
|
|
10427
10424
|
const name = "@azure/msal-browser";
|
|
10428
|
-
const version = "4.13.
|
|
10425
|
+
const version = "4.13.2";
|
|
10429
10426
|
|
|
10430
10427
|
/*
|
|
10431
10428
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -11269,7 +11266,9 @@ class CryptoOps {
|
|
|
11269
11266
|
async removeTokenBindingKey(kid) {
|
|
11270
11267
|
await this.cache.removeItem(kid);
|
|
11271
11268
|
const keyFound = await this.cache.containsKey(kid);
|
|
11272
|
-
|
|
11269
|
+
if (keyFound) {
|
|
11270
|
+
throw createClientAuthError(bindingKeyNotRemoved);
|
|
11271
|
+
}
|
|
11273
11272
|
}
|
|
11274
11273
|
/**
|
|
11275
11274
|
* Removes all cryptographic keys from IndexedDB storage
|
|
@@ -11791,14 +11790,13 @@ const EventType = {
|
|
|
11791
11790
|
*/
|
|
11792
11791
|
class BrowserCacheManager extends CacheManager {
|
|
11793
11792
|
constructor(clientId, cacheConfig, cryptoImpl, logger, performanceClient, eventHandler, staticAuthorityOptions) {
|
|
11794
|
-
super(clientId, cryptoImpl, logger, staticAuthorityOptions);
|
|
11793
|
+
super(clientId, cryptoImpl, logger, performanceClient, staticAuthorityOptions);
|
|
11795
11794
|
this.cacheConfig = cacheConfig;
|
|
11796
11795
|
this.logger = logger;
|
|
11797
11796
|
this.internalStorage = new MemoryStorage();
|
|
11798
11797
|
this.browserStorage = getStorageImplementation(clientId, cacheConfig.cacheLocation, logger, performanceClient);
|
|
11799
11798
|
this.temporaryCacheStorage = getStorageImplementation(clientId, cacheConfig.temporaryCacheLocation, logger, performanceClient);
|
|
11800
11799
|
this.cookieStorage = new CookieStorage();
|
|
11801
|
-
this.performanceClient = performanceClient;
|
|
11802
11800
|
this.eventHandler = eventHandler;
|
|
11803
11801
|
}
|
|
11804
11802
|
async initialize(correlationId) {
|
|
@@ -11926,16 +11924,16 @@ class BrowserCacheManager extends CacheManager {
|
|
|
11926
11924
|
* Extends inherited removeAccount function to include removal of the account key from the map
|
|
11927
11925
|
* @param key
|
|
11928
11926
|
*/
|
|
11929
|
-
|
|
11930
|
-
|
|
11927
|
+
removeAccount(key, correlationId) {
|
|
11928
|
+
super.removeAccount(key, correlationId);
|
|
11931
11929
|
this.removeAccountKeyFromMap(key);
|
|
11932
11930
|
}
|
|
11933
11931
|
/**
|
|
11934
11932
|
* Removes credentials associated with the provided account
|
|
11935
11933
|
* @param account
|
|
11936
11934
|
*/
|
|
11937
|
-
|
|
11938
|
-
|
|
11935
|
+
removeAccountContext(account, correlationId) {
|
|
11936
|
+
super.removeAccountContext(account, correlationId);
|
|
11939
11937
|
/**
|
|
11940
11938
|
* @deprecated - Remove this in next major version in favor of more consistent LOGOUT event
|
|
11941
11939
|
*/
|
|
@@ -11955,8 +11953,8 @@ class BrowserCacheManager extends CacheManager {
|
|
|
11955
11953
|
* Removes given accessToken from the cache and from the key map
|
|
11956
11954
|
* @param key
|
|
11957
11955
|
*/
|
|
11958
|
-
|
|
11959
|
-
|
|
11956
|
+
removeAccessToken(key, correlationId) {
|
|
11957
|
+
super.removeAccessToken(key, correlationId);
|
|
11960
11958
|
this.removeTokenKey(key, CredentialType.ACCESS_TOKEN);
|
|
11961
11959
|
}
|
|
11962
11960
|
/**
|
|
@@ -12401,9 +12399,9 @@ class BrowserCacheManager extends CacheManager {
|
|
|
12401
12399
|
/**
|
|
12402
12400
|
* Clears all cache entries created by MSAL.
|
|
12403
12401
|
*/
|
|
12404
|
-
|
|
12402
|
+
clear(correlationId) {
|
|
12405
12403
|
// Removes all accounts and their credentials
|
|
12406
|
-
|
|
12404
|
+
this.removeAllAccounts(correlationId);
|
|
12407
12405
|
this.removeAppMetadata();
|
|
12408
12406
|
// Remove temp storage first to make sure any cookies are cleared
|
|
12409
12407
|
this.temporaryCacheStorage.getKeys().forEach((cacheKey) => {
|
|
@@ -12427,22 +12425,22 @@ class BrowserCacheManager extends CacheManager {
|
|
|
12427
12425
|
* @param correlationId {string} correlation id
|
|
12428
12426
|
* @returns
|
|
12429
12427
|
*/
|
|
12430
|
-
|
|
12431
|
-
performanceClient.addQueueMeasurement(PerformanceEvents.ClearTokensAndKeysWithClaims, correlationId);
|
|
12428
|
+
clearTokensAndKeysWithClaims(correlationId) {
|
|
12429
|
+
this.performanceClient.addQueueMeasurement(PerformanceEvents.ClearTokensAndKeysWithClaims, correlationId);
|
|
12432
12430
|
const tokenKeys = this.getTokenKeys();
|
|
12433
|
-
|
|
12431
|
+
let removedAccessTokens = 0;
|
|
12434
12432
|
tokenKeys.accessToken.forEach((key) => {
|
|
12435
12433
|
// if the access token has claims in its key, remove the token key and the token
|
|
12436
12434
|
const credential = this.getAccessTokenCredential(key);
|
|
12437
12435
|
if (credential?.requestedClaimsHash &&
|
|
12438
12436
|
key.includes(credential.requestedClaimsHash.toLowerCase())) {
|
|
12439
|
-
|
|
12437
|
+
this.removeAccessToken(key, correlationId);
|
|
12438
|
+
removedAccessTokens++;
|
|
12440
12439
|
}
|
|
12441
12440
|
});
|
|
12442
|
-
await Promise.all(removedAccessTokens);
|
|
12443
12441
|
// warn if any access tokens are removed
|
|
12444
|
-
if (removedAccessTokens
|
|
12445
|
-
this.logger.warning(`${removedAccessTokens
|
|
12442
|
+
if (removedAccessTokens > 0) {
|
|
12443
|
+
this.logger.warning(`${removedAccessTokens} access tokens with claims in the cache keys have been removed from the cache.`);
|
|
12446
12444
|
}
|
|
12447
12445
|
}
|
|
12448
12446
|
/**
|
|
@@ -12916,7 +12914,7 @@ class BaseInteractionClient {
|
|
|
12916
12914
|
}
|
|
12917
12915
|
// Clear given account.
|
|
12918
12916
|
try {
|
|
12919
|
-
|
|
12917
|
+
this.browserStorage.removeAccount(AccountEntity.generateAccountCacheKey(account), this.correlationId);
|
|
12920
12918
|
this.logger.verbose("Cleared cache items belonging to the account provided in the logout request.");
|
|
12921
12919
|
}
|
|
12922
12920
|
catch (error) {
|
|
@@ -12927,7 +12925,7 @@ class BaseInteractionClient {
|
|
|
12927
12925
|
try {
|
|
12928
12926
|
this.logger.verbose("No account provided in logout request, clearing all cache items.", this.correlationId);
|
|
12929
12927
|
// Clear all accounts and tokens
|
|
12930
|
-
|
|
12928
|
+
this.browserStorage.clear(this.correlationId);
|
|
12931
12929
|
// Clear any stray keys from IndexedDB
|
|
12932
12930
|
await this.browserCrypto.clearKeystore();
|
|
12933
12931
|
}
|
|
@@ -13429,7 +13427,8 @@ const USER_CANCEL = "USER_CANCEL";
|
|
|
13429
13427
|
const NO_NETWORK = "NO_NETWORK";
|
|
13430
13428
|
const PERSISTENT_ERROR = "PERSISTENT_ERROR";
|
|
13431
13429
|
const DISABLED = "DISABLED";
|
|
13432
|
-
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
13430
|
+
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
13431
|
+
const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
|
|
13433
13432
|
|
|
13434
13433
|
/*
|
|
13435
13434
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -13487,6 +13486,8 @@ function createNativeAuthError(code, description, ext) {
|
|
|
13487
13486
|
return createBrowserAuthError(userCancelled);
|
|
13488
13487
|
case NO_NETWORK:
|
|
13489
13488
|
return createBrowserAuthError(noNetworkConnectivity);
|
|
13489
|
+
case UX_NOT_ALLOWED:
|
|
13490
|
+
return createInteractionRequiredAuthError(uxNotAllowed);
|
|
13490
13491
|
}
|
|
13491
13492
|
}
|
|
13492
13493
|
return new NativeAuthError(code, NativeAuthErrorMessages[code] || description, ext);
|
|
@@ -13927,9 +13928,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
13927
13928
|
// Store the account info and hence `nativeAccountId` in browser cache
|
|
13928
13929
|
await this.browserStorage.setAccount(accountEntity, this.correlationId);
|
|
13929
13930
|
// Remove any existing cached tokens for this account in browser storage
|
|
13930
|
-
this.browserStorage.removeAccountContext(accountEntity
|
|
13931
|
-
this.logger.error(`Error occurred while removing account context from browser storage. ${e}`);
|
|
13932
|
-
});
|
|
13931
|
+
this.browserStorage.removeAccountContext(accountEntity, this.correlationId);
|
|
13933
13932
|
}
|
|
13934
13933
|
/**
|
|
13935
13934
|
* Stores the access_token and id_token in inmemory storage
|
|
@@ -14885,14 +14884,14 @@ function isDomEnabledForPlatformAuth() {
|
|
|
14885
14884
|
* @param authenticationScheme
|
|
14886
14885
|
*/
|
|
14887
14886
|
function isPlatformAuthAllowed(config, logger, platformAuthProvider, authenticationScheme) {
|
|
14888
|
-
logger.trace("
|
|
14887
|
+
logger.trace("isPlatformAuthAllowed called");
|
|
14889
14888
|
if (!config.system.allowPlatformBroker) {
|
|
14890
|
-
logger.trace("
|
|
14889
|
+
logger.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false");
|
|
14891
14890
|
// Developer disabled WAM
|
|
14892
14891
|
return false;
|
|
14893
14892
|
}
|
|
14894
14893
|
if (!platformAuthProvider) {
|
|
14895
|
-
logger.trace("
|
|
14894
|
+
logger.trace("isPlatformAuthAllowed: Platform auth provider is not initialized, returning false");
|
|
14896
14895
|
// Platform broker auth providers are not available
|
|
14897
14896
|
return false;
|
|
14898
14897
|
}
|
|
@@ -14900,10 +14899,10 @@ function isPlatformAuthAllowed(config, logger, platformAuthProvider, authenticat
|
|
|
14900
14899
|
switch (authenticationScheme) {
|
|
14901
14900
|
case AuthenticationScheme.BEARER:
|
|
14902
14901
|
case AuthenticationScheme.POP:
|
|
14903
|
-
logger.trace("
|
|
14902
|
+
logger.trace("isPlatformAuthAllowed: authenticationScheme is supported, returning true");
|
|
14904
14903
|
return true;
|
|
14905
14904
|
default:
|
|
14906
|
-
logger.trace("
|
|
14905
|
+
logger.trace("isPlatformAuthAllowed: authenticationScheme is not supported, returning false");
|
|
14907
14906
|
return false;
|
|
14908
14907
|
}
|
|
14909
14908
|
}
|
|
@@ -15113,7 +15112,7 @@ class PopupClient extends StandardInteractionClient {
|
|
|
15113
15112
|
if (validRequest.account?.homeAccountId &&
|
|
15114
15113
|
validRequest.postLogoutRedirectUri &&
|
|
15115
15114
|
authClient.authority.protocolMode === ProtocolMode.OIDC) {
|
|
15116
|
-
|
|
15115
|
+
this.browserStorage.removeAccount(validRequest.account?.homeAccountId, this.correlationId);
|
|
15117
15116
|
this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, exports.InteractionType.Popup, validRequest);
|
|
15118
15117
|
if (mainWindowRedirectUri) {
|
|
15119
15118
|
const navigationOptions = {
|
|
@@ -15709,7 +15708,7 @@ class RedirectClient extends StandardInteractionClient {
|
|
|
15709
15708
|
}
|
|
15710
15709
|
catch {
|
|
15711
15710
|
if (validLogoutRequest.account?.homeAccountId) {
|
|
15712
|
-
|
|
15711
|
+
this.browserStorage.removeAccount(validLogoutRequest.account?.homeAccountId, this.correlationId);
|
|
15713
15712
|
this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, exports.InteractionType.Redirect, validLogoutRequest);
|
|
15714
15713
|
return;
|
|
15715
15714
|
}
|
|
@@ -16549,7 +16548,7 @@ class StandardController {
|
|
|
16549
16548
|
}
|
|
16550
16549
|
if (!this.config.cache.claimsBasedCachingEnabled) {
|
|
16551
16550
|
this.logger.verbose("Claims-based caching is disabled. Clearing the previous cache with claims");
|
|
16552
|
-
|
|
16551
|
+
invoke(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage), PerformanceEvents.ClearTokensAndKeysWithClaims, this.logger, this.performanceClient, initCorrelationId)(initCorrelationId);
|
|
16553
16552
|
}
|
|
16554
16553
|
this.config.system.asyncPopups &&
|
|
16555
16554
|
(await this.preGeneratePkceCodes(initCorrelationId));
|
|
@@ -18299,7 +18298,7 @@ class NestedAppAuthController {
|
|
|
18299
18298
|
};
|
|
18300
18299
|
// fetch access token and check for expiry
|
|
18301
18300
|
const tokenKeys = this.browserStorage.getTokenKeys();
|
|
18302
|
-
const cachedAccessToken = this.browserStorage.getAccessToken(currentAccount, authRequest, tokenKeys, currentAccount.tenantId
|
|
18301
|
+
const cachedAccessToken = this.browserStorage.getAccessToken(currentAccount, authRequest, tokenKeys, currentAccount.tenantId);
|
|
18303
18302
|
// If there is no access token, log it and return null
|
|
18304
18303
|
if (!cachedAccessToken) {
|
|
18305
18304
|
this.logger.verbose("No cached access token found");
|
|
@@ -19812,7 +19811,20 @@ class SignedHttpRequest {
|
|
|
19812
19811
|
* @returns If keys are properly deleted
|
|
19813
19812
|
*/
|
|
19814
19813
|
async removeKeys(publicKeyThumbprint) {
|
|
19815
|
-
return this.cryptoOps
|
|
19814
|
+
return this.cryptoOps
|
|
19815
|
+
.removeTokenBindingKey(publicKeyThumbprint)
|
|
19816
|
+
.then(() => true)
|
|
19817
|
+
.catch((error) => {
|
|
19818
|
+
/*
|
|
19819
|
+
* @deprecated - To maintain public API signature, we return false if the error is due to the key still being present in indexedDB.
|
|
19820
|
+
*/
|
|
19821
|
+
if (error instanceof ClientAuthError &&
|
|
19822
|
+
error.errorCode ===
|
|
19823
|
+
bindingKeyNotRemoved) {
|
|
19824
|
+
return false;
|
|
19825
|
+
}
|
|
19826
|
+
throw error;
|
|
19827
|
+
});
|
|
19816
19828
|
}
|
|
19817
19829
|
}
|
|
19818
19830
|
|