@azure/msal-browser 4.13.1 → 4.13.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientNext.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.d.ts +1 -0
- package/dist/broker/nativeBroker/NativeStatusCodes.d.ts.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +4 -3
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +6 -6
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.d.ts +5 -6
- package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +17 -18
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/ControllerFactory.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +2 -2
- package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +3 -3
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.d.ts +1 -1
- package/dist/crypto/CryptoOps.d.ts.map +1 -1
- package/dist/crypto/CryptoOps.mjs +5 -3
- package/dist/crypto/CryptoOps.mjs.map +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.d.ts.map +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +16 -3
- package/dist/crypto/SignedHttpRequest.mjs.map +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.d.ts.map +1 -1
- package/dist/error/NativeAuthError.mjs +5 -3
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +3 -3
- package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +2 -4
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +2 -2
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +2 -2
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/msal-browser.cjs +806 -794
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +806 -794
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +67 -65
- package/lib/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -0
- package/lib/types/broker/nativeBroker/NativeStatusCodes.d.ts.map +1 -1
- package/lib/types/cache/BrowserCacheManager.d.ts +5 -6
- package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/crypto/CryptoOps.d.ts +1 -1
- package/lib/types/crypto/CryptoOps.d.ts.map +1 -1
- package/lib/types/crypto/SignedHttpRequest.d.ts.map +1 -1
- package/lib/types/error/NativeAuthError.d.ts.map +1 -1
- package/lib/types/interaction_client/BaseInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/package.json +2 -2
- package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -0
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +5 -5
- package/src/cache/BrowserCacheManager.ts +22 -23
- package/src/controllers/NestedAppAuthController.ts +1 -3
- package/src/controllers/StandardController.ts +3 -2
- package/src/crypto/CryptoOps.ts +8 -2
- package/src/crypto/SignedHttpRequest.ts +19 -1
- package/src/error/NativeAuthError.ts +4 -0
- package/src/interaction_client/BaseInteractionClient.ts +4 -3
- package/src/interaction_client/PlatformAuthInteractionClient.ts +4 -5
- package/src/interaction_client/PopupClient.ts +3 -2
- package/src/interaction_client/RedirectClient.ts +3 -2
- package/src/packageMetadata.ts +1 -1
package/lib/msal-browser.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v4.13.
|
|
1
|
+
/*! @azure/msal-browser v4.13.2 2025-06-18 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v15.7.
|
|
9
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -302,7 +302,7 @@
|
|
|
302
302
|
// Token renewal offset default in seconds
|
|
303
303
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
304
304
|
|
|
305
|
-
/*! @azure/msal-common v15.7.
|
|
305
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
306
306
|
/*
|
|
307
307
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
308
308
|
* Licensed under the MIT License.
|
|
@@ -319,7 +319,7 @@
|
|
|
319
319
|
unexpectedError: unexpectedError
|
|
320
320
|
});
|
|
321
321
|
|
|
322
|
-
/*! @azure/msal-common v15.7.
|
|
322
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
323
323
|
|
|
324
324
|
/*
|
|
325
325
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -368,7 +368,7 @@
|
|
|
368
368
|
: AuthErrorMessages[code]);
|
|
369
369
|
}
|
|
370
370
|
|
|
371
|
-
/*! @azure/msal-common v15.7.
|
|
371
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
372
372
|
/*
|
|
373
373
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
374
374
|
* Licensed under the MIT License.
|
|
@@ -466,7 +466,7 @@
|
|
|
466
466
|
userTimeoutReached: userTimeoutReached
|
|
467
467
|
});
|
|
468
468
|
|
|
469
|
-
/*! @azure/msal-common v15.7.
|
|
469
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
470
470
|
|
|
471
471
|
/*
|
|
472
472
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -718,7 +718,7 @@
|
|
|
718
718
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
719
719
|
}
|
|
720
720
|
|
|
721
|
-
/*! @azure/msal-common v15.7.
|
|
721
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
722
722
|
|
|
723
723
|
/*
|
|
724
724
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -757,7 +757,7 @@
|
|
|
757
757
|
},
|
|
758
758
|
};
|
|
759
759
|
|
|
760
|
-
/*! @azure/msal-common v15.7.
|
|
760
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
761
761
|
|
|
762
762
|
/*
|
|
763
763
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -948,12 +948,12 @@
|
|
|
948
948
|
}
|
|
949
949
|
}
|
|
950
950
|
|
|
951
|
-
/*! @azure/msal-common v15.7.
|
|
951
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
952
952
|
/* eslint-disable header/header */
|
|
953
953
|
const name$1 = "@azure/msal-common";
|
|
954
|
-
const version$1 = "15.7.
|
|
954
|
+
const version$1 = "15.7.1";
|
|
955
955
|
|
|
956
|
-
/*! @azure/msal-common v15.7.
|
|
956
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
957
957
|
/*
|
|
958
958
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
959
959
|
* Licensed under the MIT License.
|
|
@@ -973,7 +973,7 @@
|
|
|
973
973
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
974
974
|
};
|
|
975
975
|
|
|
976
|
-
/*! @azure/msal-common v15.7.
|
|
976
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
977
977
|
|
|
978
978
|
/*
|
|
979
979
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1034,7 +1034,7 @@
|
|
|
1034
1034
|
}
|
|
1035
1035
|
}
|
|
1036
1036
|
|
|
1037
|
-
/*! @azure/msal-common v15.7.
|
|
1037
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1038
1038
|
/*
|
|
1039
1039
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1040
1040
|
* Licensed under the MIT License.
|
|
@@ -1089,7 +1089,7 @@
|
|
|
1089
1089
|
return cachedAtSec > nowSeconds();
|
|
1090
1090
|
}
|
|
1091
1091
|
|
|
1092
|
-
/*! @azure/msal-common v15.7.
|
|
1092
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1093
1093
|
|
|
1094
1094
|
/*
|
|
1095
1095
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1416,7 +1416,7 @@
|
|
|
1416
1416
|
return metadata.expiresAt <= nowSeconds();
|
|
1417
1417
|
}
|
|
1418
1418
|
|
|
1419
|
-
/*! @azure/msal-common v15.7.
|
|
1419
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1420
1420
|
/*
|
|
1421
1421
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1422
1422
|
* Licensed under the MIT License.
|
|
@@ -1470,7 +1470,7 @@
|
|
|
1470
1470
|
urlParseError: urlParseError
|
|
1471
1471
|
});
|
|
1472
1472
|
|
|
1473
|
-
/*! @azure/msal-common v15.7.
|
|
1473
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1474
1474
|
|
|
1475
1475
|
/*
|
|
1476
1476
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1608,7 +1608,7 @@
|
|
|
1608
1608
|
return new ClientConfigurationError(errorCode);
|
|
1609
1609
|
}
|
|
1610
1610
|
|
|
1611
|
-
/*! @azure/msal-common v15.7.
|
|
1611
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1612
1612
|
/*
|
|
1613
1613
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1614
1614
|
* Licensed under the MIT License.
|
|
@@ -1705,7 +1705,7 @@
|
|
|
1705
1705
|
}
|
|
1706
1706
|
}
|
|
1707
1707
|
|
|
1708
|
-
/*! @azure/msal-common v15.7.
|
|
1708
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1709
1709
|
|
|
1710
1710
|
/*
|
|
1711
1711
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1896,7 +1896,7 @@
|
|
|
1896
1896
|
}
|
|
1897
1897
|
}
|
|
1898
1898
|
|
|
1899
|
-
/*! @azure/msal-common v15.7.
|
|
1899
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1900
1900
|
|
|
1901
1901
|
/*
|
|
1902
1902
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1936,7 +1936,7 @@
|
|
|
1936
1936
|
};
|
|
1937
1937
|
}
|
|
1938
1938
|
|
|
1939
|
-
/*! @azure/msal-common v15.7.
|
|
1939
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
1940
1940
|
/*
|
|
1941
1941
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1942
1942
|
* Licensed under the MIT License.
|
|
@@ -2015,7 +2015,7 @@
|
|
|
2015
2015
|
return updatedAccountInfo;
|
|
2016
2016
|
}
|
|
2017
2017
|
|
|
2018
|
-
/*! @azure/msal-common v15.7.
|
|
2018
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2019
2019
|
/*
|
|
2020
2020
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2021
2021
|
* Licensed under the MIT License.
|
|
@@ -2030,7 +2030,7 @@
|
|
|
2030
2030
|
Ciam: 3,
|
|
2031
2031
|
};
|
|
2032
2032
|
|
|
2033
|
-
/*! @azure/msal-common v15.7.
|
|
2033
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2034
2034
|
/*
|
|
2035
2035
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2036
2036
|
* Licensed under the MIT License.
|
|
@@ -2052,7 +2052,7 @@
|
|
|
2052
2052
|
return null;
|
|
2053
2053
|
}
|
|
2054
2054
|
|
|
2055
|
-
/*! @azure/msal-common v15.7.
|
|
2055
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2056
2056
|
/*
|
|
2057
2057
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2058
2058
|
* Licensed under the MIT License.
|
|
@@ -2076,7 +2076,7 @@
|
|
|
2076
2076
|
EAR: "EAR",
|
|
2077
2077
|
};
|
|
2078
2078
|
|
|
2079
|
-
/*! @azure/msal-common v15.7.
|
|
2079
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2080
2080
|
|
|
2081
2081
|
/*
|
|
2082
2082
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2319,7 +2319,7 @@
|
|
|
2319
2319
|
}
|
|
2320
2320
|
}
|
|
2321
2321
|
|
|
2322
|
-
/*! @azure/msal-common v15.7.
|
|
2322
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2323
2323
|
|
|
2324
2324
|
/*
|
|
2325
2325
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2384,7 +2384,7 @@
|
|
|
2384
2384
|
return queryParameterArray.join("&");
|
|
2385
2385
|
}
|
|
2386
2386
|
|
|
2387
|
-
/*! @azure/msal-common v15.7.
|
|
2387
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2388
2388
|
|
|
2389
2389
|
/*
|
|
2390
2390
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2548,7 +2548,7 @@
|
|
|
2548
2548
|
}
|
|
2549
2549
|
}
|
|
2550
2550
|
|
|
2551
|
-
/*! @azure/msal-common v15.7.
|
|
2551
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2552
2552
|
|
|
2553
2553
|
/*
|
|
2554
2554
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2688,7 +2688,7 @@
|
|
|
2688
2688
|
return null;
|
|
2689
2689
|
}
|
|
2690
2690
|
|
|
2691
|
-
/*! @azure/msal-common v15.7.
|
|
2691
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2692
2692
|
/*
|
|
2693
2693
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2694
2694
|
* Licensed under the MIT License.
|
|
@@ -2696,7 +2696,7 @@
|
|
|
2696
2696
|
const cacheQuotaExceededErrorCode = "cache_quota_exceeded";
|
|
2697
2697
|
const cacheUnknownErrorCode = "cache_error_unknown";
|
|
2698
2698
|
|
|
2699
|
-
/*! @azure/msal-common v15.7.
|
|
2699
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2700
2700
|
|
|
2701
2701
|
/*
|
|
2702
2702
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2723,7 +2723,7 @@
|
|
|
2723
2723
|
}
|
|
2724
2724
|
}
|
|
2725
2725
|
|
|
2726
|
-
/*! @azure/msal-common v15.7.
|
|
2726
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
2727
2727
|
|
|
2728
2728
|
/*
|
|
2729
2729
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2734,11 +2734,12 @@
|
|
|
2734
2734
|
* @internal
|
|
2735
2735
|
*/
|
|
2736
2736
|
class CacheManager {
|
|
2737
|
-
constructor(clientId, cryptoImpl, logger, staticAuthorityOptions) {
|
|
2737
|
+
constructor(clientId, cryptoImpl, logger, performanceClient, staticAuthorityOptions) {
|
|
2738
2738
|
this.clientId = clientId;
|
|
2739
2739
|
this.cryptoImpl = cryptoImpl;
|
|
2740
2740
|
this.commonLogger = logger.clone(name$1, version$1);
|
|
2741
2741
|
this.staticAuthorityOptions = staticAuthorityOptions;
|
|
2742
|
+
this.performanceClient = performanceClient;
|
|
2742
2743
|
}
|
|
2743
2744
|
/**
|
|
2744
2745
|
* Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.
|
|
@@ -2947,7 +2948,6 @@
|
|
|
2947
2948
|
};
|
|
2948
2949
|
const tokenKeys = this.getTokenKeys();
|
|
2949
2950
|
const currentScopes = ScopeSet.fromString(credential.target);
|
|
2950
|
-
const removedAccessTokens = [];
|
|
2951
2951
|
tokenKeys.accessToken.forEach((key) => {
|
|
2952
2952
|
if (!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) {
|
|
2953
2953
|
return;
|
|
@@ -2957,11 +2957,10 @@
|
|
|
2957
2957
|
this.credentialMatchesFilter(tokenEntity, accessTokenFilter)) {
|
|
2958
2958
|
const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
|
|
2959
2959
|
if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
|
|
2960
|
-
|
|
2960
|
+
this.removeAccessToken(key, correlationId);
|
|
2961
2961
|
}
|
|
2962
2962
|
}
|
|
2963
2963
|
});
|
|
2964
|
-
await Promise.all(removedAccessTokens);
|
|
2965
2964
|
await this.setAccessTokenCredential(credential, correlationId);
|
|
2966
2965
|
}
|
|
2967
2966
|
/**
|
|
@@ -3203,34 +3202,31 @@
|
|
|
3203
3202
|
/**
|
|
3204
3203
|
* Removes all accounts and related tokens from cache.
|
|
3205
3204
|
*/
|
|
3206
|
-
|
|
3205
|
+
removeAllAccounts(correlationId) {
|
|
3207
3206
|
const allAccountKeys = this.getAccountKeys();
|
|
3208
|
-
const removedAccounts = [];
|
|
3209
3207
|
allAccountKeys.forEach((cacheKey) => {
|
|
3210
|
-
|
|
3208
|
+
this.removeAccount(cacheKey, correlationId);
|
|
3211
3209
|
});
|
|
3212
|
-
await Promise.all(removedAccounts);
|
|
3213
3210
|
}
|
|
3214
3211
|
/**
|
|
3215
3212
|
* Removes the account and related tokens for a given account key
|
|
3216
3213
|
* @param account
|
|
3217
3214
|
*/
|
|
3218
|
-
|
|
3215
|
+
removeAccount(accountKey, correlationId) {
|
|
3219
3216
|
const account = this.getAccount(accountKey, this.commonLogger);
|
|
3220
3217
|
if (!account) {
|
|
3221
3218
|
return;
|
|
3222
3219
|
}
|
|
3223
|
-
|
|
3220
|
+
this.removeAccountContext(account, correlationId);
|
|
3224
3221
|
this.removeItem(accountKey);
|
|
3225
3222
|
}
|
|
3226
3223
|
/**
|
|
3227
3224
|
* Removes credentials associated with the provided account
|
|
3228
3225
|
* @param account
|
|
3229
3226
|
*/
|
|
3230
|
-
|
|
3227
|
+
removeAccountContext(account, correlationId) {
|
|
3231
3228
|
const allTokenKeys = this.getTokenKeys();
|
|
3232
3229
|
const accountId = account.generateAccountId();
|
|
3233
|
-
const removedCredentials = [];
|
|
3234
3230
|
allTokenKeys.idToken.forEach((key) => {
|
|
3235
3231
|
if (key.indexOf(accountId) === 0) {
|
|
3236
3232
|
this.removeIdToken(key);
|
|
@@ -3238,7 +3234,7 @@
|
|
|
3238
3234
|
});
|
|
3239
3235
|
allTokenKeys.accessToken.forEach((key) => {
|
|
3240
3236
|
if (key.indexOf(accountId) === 0) {
|
|
3241
|
-
|
|
3237
|
+
this.removeAccessToken(key, correlationId);
|
|
3242
3238
|
}
|
|
3243
3239
|
});
|
|
3244
3240
|
allTokenKeys.refreshToken.forEach((key) => {
|
|
@@ -3246,17 +3242,17 @@
|
|
|
3246
3242
|
this.removeRefreshToken(key);
|
|
3247
3243
|
}
|
|
3248
3244
|
});
|
|
3249
|
-
await Promise.all(removedCredentials);
|
|
3250
3245
|
}
|
|
3251
3246
|
/**
|
|
3252
3247
|
* returns a boolean if the given credential is removed
|
|
3253
3248
|
* @param credential
|
|
3254
3249
|
*/
|
|
3255
|
-
|
|
3250
|
+
removeAccessToken(key, correlationId) {
|
|
3256
3251
|
const credential = this.getAccessTokenCredential(key);
|
|
3257
3252
|
if (!credential) {
|
|
3258
3253
|
return;
|
|
3259
3254
|
}
|
|
3255
|
+
this.removeItem(key);
|
|
3260
3256
|
// Remove Token Binding Key from key store for PoP Tokens Credentials
|
|
3261
3257
|
if (credential.credentialType.toLowerCase() ===
|
|
3262
3258
|
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) {
|
|
@@ -3264,16 +3260,15 @@
|
|
|
3264
3260
|
const accessTokenWithAuthSchemeEntity = credential;
|
|
3265
3261
|
const kid = accessTokenWithAuthSchemeEntity.keyId;
|
|
3266
3262
|
if (kid) {
|
|
3267
|
-
|
|
3268
|
-
|
|
3269
|
-
|
|
3270
|
-
|
|
3271
|
-
|
|
3272
|
-
}
|
|
3263
|
+
void this.cryptoImpl
|
|
3264
|
+
.removeTokenBindingKey(kid)
|
|
3265
|
+
.catch(() => {
|
|
3266
|
+
this.commonLogger.error(`Failed to remove token binding key ${kid}`, correlationId);
|
|
3267
|
+
this.performanceClient?.incrementFields({ removeTokenBindingKeyFailure: 1 }, correlationId);
|
|
3268
|
+
});
|
|
3273
3269
|
}
|
|
3274
3270
|
}
|
|
3275
3271
|
}
|
|
3276
|
-
return this.removeItem(key);
|
|
3277
3272
|
}
|
|
3278
3273
|
/**
|
|
3279
3274
|
* Removes all app metadata objects from cache.
|
|
@@ -3415,10 +3410,10 @@
|
|
|
3415
3410
|
* @param request {BaseAuthRequest}
|
|
3416
3411
|
* @param tokenKeys {?TokenKeys}
|
|
3417
3412
|
* @param performanceClient {?IPerformanceClient}
|
|
3418
|
-
* @param correlationId {?string}
|
|
3419
3413
|
*/
|
|
3420
|
-
getAccessToken(account, request, tokenKeys, targetRealm
|
|
3421
|
-
|
|
3414
|
+
getAccessToken(account, request, tokenKeys, targetRealm) {
|
|
3415
|
+
const correlationId = request.correlationId;
|
|
3416
|
+
this.commonLogger.trace("CacheManager - getAccessToken called", correlationId);
|
|
3422
3417
|
const scopes = ScopeSet.createSearchScopes(request.scopes);
|
|
3423
3418
|
const authScheme = request.authenticationScheme || AuthenticationScheme.BEARER;
|
|
3424
3419
|
/*
|
|
@@ -3457,20 +3452,18 @@
|
|
|
3457
3452
|
});
|
|
3458
3453
|
const numAccessTokens = accessTokens.length;
|
|
3459
3454
|
if (numAccessTokens < 1) {
|
|
3460
|
-
this.commonLogger.info("CacheManager:getAccessToken - No token found");
|
|
3455
|
+
this.commonLogger.info("CacheManager:getAccessToken - No token found", correlationId);
|
|
3461
3456
|
return null;
|
|
3462
3457
|
}
|
|
3463
3458
|
else if (numAccessTokens > 1) {
|
|
3464
|
-
this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them");
|
|
3459
|
+
this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them", correlationId);
|
|
3465
3460
|
accessTokens.forEach((accessToken) => {
|
|
3466
|
-
|
|
3461
|
+
this.removeAccessToken(generateCredentialKey(accessToken), correlationId);
|
|
3467
3462
|
});
|
|
3468
|
-
|
|
3469
|
-
performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
|
|
3470
|
-
}
|
|
3463
|
+
this.performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
|
|
3471
3464
|
return null;
|
|
3472
3465
|
}
|
|
3473
|
-
this.commonLogger.info("CacheManager:getAccessToken - Returning access token");
|
|
3466
|
+
this.commonLogger.info("CacheManager:getAccessToken - Returning access token", correlationId);
|
|
3474
3467
|
return accessTokens[0];
|
|
3475
3468
|
}
|
|
3476
3469
|
/**
|
|
@@ -3908,576 +3901,16 @@
|
|
|
3908
3901
|
}
|
|
3909
3902
|
}
|
|
3910
3903
|
|
|
3911
|
-
/*! @azure/msal-common v15.7.
|
|
3912
|
-
|
|
3904
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
3913
3905
|
/*
|
|
3914
3906
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3915
3907
|
* Licensed under the MIT License.
|
|
3916
3908
|
*/
|
|
3917
|
-
const DEFAULT_SYSTEM_OPTIONS = {
|
|
3918
|
-
tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
|
|
3919
|
-
preventCorsPreflight: false,
|
|
3920
|
-
};
|
|
3921
|
-
const DEFAULT_LOGGER_IMPLEMENTATION = {
|
|
3922
|
-
loggerCallback: () => {
|
|
3923
|
-
// allow users to not set loggerCallback
|
|
3924
|
-
},
|
|
3925
|
-
piiLoggingEnabled: false,
|
|
3926
|
-
logLevel: exports.LogLevel.Info,
|
|
3927
|
-
correlationId: Constants.EMPTY_STRING,
|
|
3928
|
-
};
|
|
3929
|
-
const DEFAULT_CACHE_OPTIONS = {
|
|
3930
|
-
claimsBasedCachingEnabled: false,
|
|
3931
|
-
};
|
|
3932
|
-
const DEFAULT_NETWORK_IMPLEMENTATION = {
|
|
3933
|
-
async sendGetRequestAsync() {
|
|
3934
|
-
throw createClientAuthError(methodNotImplemented);
|
|
3935
|
-
},
|
|
3936
|
-
async sendPostRequestAsync() {
|
|
3937
|
-
throw createClientAuthError(methodNotImplemented);
|
|
3938
|
-
},
|
|
3939
|
-
};
|
|
3940
|
-
const DEFAULT_LIBRARY_INFO = {
|
|
3941
|
-
sku: Constants.SKU,
|
|
3942
|
-
version: version$1,
|
|
3943
|
-
cpu: Constants.EMPTY_STRING,
|
|
3944
|
-
os: Constants.EMPTY_STRING,
|
|
3945
|
-
};
|
|
3946
|
-
const DEFAULT_CLIENT_CREDENTIALS = {
|
|
3947
|
-
clientSecret: Constants.EMPTY_STRING,
|
|
3948
|
-
clientAssertion: undefined,
|
|
3949
|
-
};
|
|
3950
|
-
const DEFAULT_AZURE_CLOUD_OPTIONS = {
|
|
3951
|
-
azureCloudInstance: AzureCloudInstance.None,
|
|
3952
|
-
tenant: `${Constants.DEFAULT_COMMON_TENANT}`,
|
|
3953
|
-
};
|
|
3954
|
-
const DEFAULT_TELEMETRY_OPTIONS = {
|
|
3955
|
-
application: {
|
|
3956
|
-
appName: "",
|
|
3957
|
-
appVersion: "",
|
|
3958
|
-
},
|
|
3959
|
-
};
|
|
3960
3909
|
/**
|
|
3961
|
-
*
|
|
3962
|
-
*
|
|
3963
|
-
* @param Configuration
|
|
3910
|
+
* Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient.
|
|
3964
3911
|
*
|
|
3965
|
-
* @
|
|
3966
|
-
|
|
3967
|
-
function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions: userSystemOptions, loggerOptions: userLoggerOption, cacheOptions: userCacheOptions, storageInterface: storageImplementation, networkInterface: networkImplementation, cryptoInterface: cryptoImplementation, clientCredentials: clientCredentials, libraryInfo: libraryInfo, telemetry: telemetry, serverTelemetryManager: serverTelemetryManager, persistencePlugin: persistencePlugin, serializableCache: serializableCache, }) {
|
|
3968
|
-
const loggerOptions = {
|
|
3969
|
-
...DEFAULT_LOGGER_IMPLEMENTATION,
|
|
3970
|
-
...userLoggerOption,
|
|
3971
|
-
};
|
|
3972
|
-
return {
|
|
3973
|
-
authOptions: buildAuthOptions(userAuthOptions),
|
|
3974
|
-
systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions },
|
|
3975
|
-
loggerOptions: loggerOptions,
|
|
3976
|
-
cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },
|
|
3977
|
-
storageInterface: storageImplementation ||
|
|
3978
|
-
new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions)),
|
|
3979
|
-
networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION,
|
|
3980
|
-
cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION,
|
|
3981
|
-
clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS,
|
|
3982
|
-
libraryInfo: { ...DEFAULT_LIBRARY_INFO, ...libraryInfo },
|
|
3983
|
-
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry },
|
|
3984
|
-
serverTelemetryManager: serverTelemetryManager || null,
|
|
3985
|
-
persistencePlugin: persistencePlugin || null,
|
|
3986
|
-
serializableCache: serializableCache || null,
|
|
3987
|
-
};
|
|
3988
|
-
}
|
|
3989
|
-
/**
|
|
3990
|
-
* Construct authoptions from the client and platform passed values
|
|
3991
|
-
* @param authOptions
|
|
3992
|
-
*/
|
|
3993
|
-
function buildAuthOptions(authOptions) {
|
|
3994
|
-
return {
|
|
3995
|
-
clientCapabilities: [],
|
|
3996
|
-
azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
|
|
3997
|
-
skipAuthorityMetadataCache: false,
|
|
3998
|
-
instanceAware: false,
|
|
3999
|
-
encodeExtraQueryParams: false,
|
|
4000
|
-
...authOptions,
|
|
4001
|
-
};
|
|
4002
|
-
}
|
|
4003
|
-
/**
|
|
4004
|
-
* Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise
|
|
4005
|
-
* @param ClientConfiguration
|
|
4006
|
-
*/
|
|
4007
|
-
function isOidcProtocolMode(config) {
|
|
4008
|
-
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
4009
|
-
}
|
|
4010
|
-
|
|
4011
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4012
|
-
/*
|
|
4013
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4014
|
-
* Licensed under the MIT License.
|
|
4015
|
-
*/
|
|
4016
|
-
const CcsCredentialType = {
|
|
4017
|
-
HOME_ACCOUNT_ID: "home_account_id",
|
|
4018
|
-
UPN: "UPN",
|
|
4019
|
-
};
|
|
4020
|
-
|
|
4021
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4022
|
-
/*
|
|
4023
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4024
|
-
* Licensed under the MIT License.
|
|
4025
|
-
*/
|
|
4026
|
-
const CLIENT_ID = "client_id";
|
|
4027
|
-
const REDIRECT_URI = "redirect_uri";
|
|
4028
|
-
const RESPONSE_TYPE = "response_type";
|
|
4029
|
-
const RESPONSE_MODE = "response_mode";
|
|
4030
|
-
const GRANT_TYPE = "grant_type";
|
|
4031
|
-
const CLAIMS = "claims";
|
|
4032
|
-
const SCOPE = "scope";
|
|
4033
|
-
const REFRESH_TOKEN = "refresh_token";
|
|
4034
|
-
const STATE = "state";
|
|
4035
|
-
const NONCE = "nonce";
|
|
4036
|
-
const PROMPT = "prompt";
|
|
4037
|
-
const CODE = "code";
|
|
4038
|
-
const CODE_CHALLENGE = "code_challenge";
|
|
4039
|
-
const CODE_CHALLENGE_METHOD = "code_challenge_method";
|
|
4040
|
-
const CODE_VERIFIER = "code_verifier";
|
|
4041
|
-
const CLIENT_REQUEST_ID = "client-request-id";
|
|
4042
|
-
const X_CLIENT_SKU = "x-client-SKU";
|
|
4043
|
-
const X_CLIENT_VER = "x-client-VER";
|
|
4044
|
-
const X_CLIENT_OS = "x-client-OS";
|
|
4045
|
-
const X_CLIENT_CPU = "x-client-CPU";
|
|
4046
|
-
const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
|
|
4047
|
-
const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
|
|
4048
|
-
const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
|
|
4049
|
-
const X_APP_NAME = "x-app-name";
|
|
4050
|
-
const X_APP_VER = "x-app-ver";
|
|
4051
|
-
const POST_LOGOUT_URI = "post_logout_redirect_uri";
|
|
4052
|
-
const ID_TOKEN_HINT = "id_token_hint";
|
|
4053
|
-
const CLIENT_SECRET = "client_secret";
|
|
4054
|
-
const CLIENT_ASSERTION = "client_assertion";
|
|
4055
|
-
const CLIENT_ASSERTION_TYPE = "client_assertion_type";
|
|
4056
|
-
const TOKEN_TYPE = "token_type";
|
|
4057
|
-
const REQ_CNF = "req_cnf";
|
|
4058
|
-
const RETURN_SPA_CODE = "return_spa_code";
|
|
4059
|
-
const NATIVE_BROKER = "nativebroker";
|
|
4060
|
-
const LOGOUT_HINT = "logout_hint";
|
|
4061
|
-
const SID = "sid";
|
|
4062
|
-
const LOGIN_HINT = "login_hint";
|
|
4063
|
-
const DOMAIN_HINT = "domain_hint";
|
|
4064
|
-
const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
|
|
4065
|
-
const BROKER_CLIENT_ID = "brk_client_id";
|
|
4066
|
-
const BROKER_REDIRECT_URI = "brk_redirect_uri";
|
|
4067
|
-
const INSTANCE_AWARE = "instance_aware";
|
|
4068
|
-
const EAR_JWK = "ear_jwk";
|
|
4069
|
-
const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
4070
|
-
|
|
4071
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4072
|
-
|
|
4073
|
-
/*
|
|
4074
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4075
|
-
* Licensed under the MIT License.
|
|
4076
|
-
*/
|
|
4077
|
-
function instrumentBrokerParams(parameters, correlationId, performanceClient) {
|
|
4078
|
-
if (!correlationId) {
|
|
4079
|
-
return;
|
|
4080
|
-
}
|
|
4081
|
-
const clientId = parameters.get(CLIENT_ID);
|
|
4082
|
-
if (clientId && parameters.has(BROKER_CLIENT_ID)) {
|
|
4083
|
-
performanceClient?.addFields({
|
|
4084
|
-
embeddedClientId: clientId,
|
|
4085
|
-
embeddedRedirectUri: parameters.get(REDIRECT_URI),
|
|
4086
|
-
}, correlationId);
|
|
4087
|
-
}
|
|
4088
|
-
}
|
|
4089
|
-
/**
|
|
4090
|
-
* Add the given response_type
|
|
4091
|
-
* @param parameters
|
|
4092
|
-
* @param responseType
|
|
4093
|
-
*/
|
|
4094
|
-
function addResponseType(parameters, responseType) {
|
|
4095
|
-
parameters.set(RESPONSE_TYPE, responseType);
|
|
4096
|
-
}
|
|
4097
|
-
/**
|
|
4098
|
-
* add response_mode. defaults to query.
|
|
4099
|
-
* @param responseMode
|
|
4100
|
-
*/
|
|
4101
|
-
function addResponseMode(parameters, responseMode) {
|
|
4102
|
-
parameters.set(RESPONSE_MODE, responseMode ? responseMode : ResponseMode.QUERY);
|
|
4103
|
-
}
|
|
4104
|
-
/**
|
|
4105
|
-
* Add flag to indicate STS should attempt to use WAM if available
|
|
4106
|
-
*/
|
|
4107
|
-
function addNativeBroker(parameters) {
|
|
4108
|
-
parameters.set(NATIVE_BROKER, "1");
|
|
4109
|
-
}
|
|
4110
|
-
/**
|
|
4111
|
-
* add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
|
|
4112
|
-
* @param scopeSet
|
|
4113
|
-
* @param addOidcScopes
|
|
4114
|
-
*/
|
|
4115
|
-
function addScopes(parameters, scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {
|
|
4116
|
-
// Always add openid to the scopes when adding OIDC scopes
|
|
4117
|
-
if (addOidcScopes &&
|
|
4118
|
-
!defaultScopes.includes("openid") &&
|
|
4119
|
-
!scopes.includes("openid")) {
|
|
4120
|
-
defaultScopes.push("openid");
|
|
4121
|
-
}
|
|
4122
|
-
const requestScopes = addOidcScopes
|
|
4123
|
-
? [...(scopes || []), ...defaultScopes]
|
|
4124
|
-
: scopes || [];
|
|
4125
|
-
const scopeSet = new ScopeSet(requestScopes);
|
|
4126
|
-
parameters.set(SCOPE, scopeSet.printScopes());
|
|
4127
|
-
}
|
|
4128
|
-
/**
|
|
4129
|
-
* add clientId
|
|
4130
|
-
* @param clientId
|
|
4131
|
-
*/
|
|
4132
|
-
function addClientId(parameters, clientId) {
|
|
4133
|
-
parameters.set(CLIENT_ID, clientId);
|
|
4134
|
-
}
|
|
4135
|
-
/**
|
|
4136
|
-
* add redirect_uri
|
|
4137
|
-
* @param redirectUri
|
|
4138
|
-
*/
|
|
4139
|
-
function addRedirectUri(parameters, redirectUri) {
|
|
4140
|
-
parameters.set(REDIRECT_URI, redirectUri);
|
|
4141
|
-
}
|
|
4142
|
-
/**
|
|
4143
|
-
* add post logout redirectUri
|
|
4144
|
-
* @param redirectUri
|
|
4145
|
-
*/
|
|
4146
|
-
function addPostLogoutRedirectUri(parameters, redirectUri) {
|
|
4147
|
-
parameters.set(POST_LOGOUT_URI, redirectUri);
|
|
4148
|
-
}
|
|
4149
|
-
/**
|
|
4150
|
-
* add id_token_hint to logout request
|
|
4151
|
-
* @param idTokenHint
|
|
4152
|
-
*/
|
|
4153
|
-
function addIdTokenHint(parameters, idTokenHint) {
|
|
4154
|
-
parameters.set(ID_TOKEN_HINT, idTokenHint);
|
|
4155
|
-
}
|
|
4156
|
-
/**
|
|
4157
|
-
* add domain_hint
|
|
4158
|
-
* @param domainHint
|
|
4159
|
-
*/
|
|
4160
|
-
function addDomainHint(parameters, domainHint) {
|
|
4161
|
-
parameters.set(DOMAIN_HINT, domainHint);
|
|
4162
|
-
}
|
|
4163
|
-
/**
|
|
4164
|
-
* add login_hint
|
|
4165
|
-
* @param loginHint
|
|
4166
|
-
*/
|
|
4167
|
-
function addLoginHint(parameters, loginHint) {
|
|
4168
|
-
parameters.set(LOGIN_HINT, loginHint);
|
|
4169
|
-
}
|
|
4170
|
-
/**
|
|
4171
|
-
* Adds the CCS (Cache Credential Service) query parameter for login_hint
|
|
4172
|
-
* @param loginHint
|
|
4173
|
-
*/
|
|
4174
|
-
function addCcsUpn(parameters, loginHint) {
|
|
4175
|
-
parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
|
|
4176
|
-
}
|
|
4177
|
-
/**
|
|
4178
|
-
* Adds the CCS (Cache Credential Service) query parameter for account object
|
|
4179
|
-
* @param loginHint
|
|
4180
|
-
*/
|
|
4181
|
-
function addCcsOid(parameters, clientInfo) {
|
|
4182
|
-
parameters.set(HeaderNames.CCS_HEADER, `Oid:${clientInfo.uid}@${clientInfo.utid}`);
|
|
4183
|
-
}
|
|
4184
|
-
/**
|
|
4185
|
-
* add sid
|
|
4186
|
-
* @param sid
|
|
4187
|
-
*/
|
|
4188
|
-
function addSid(parameters, sid) {
|
|
4189
|
-
parameters.set(SID, sid);
|
|
4190
|
-
}
|
|
4191
|
-
/**
|
|
4192
|
-
* add claims
|
|
4193
|
-
* @param claims
|
|
4194
|
-
*/
|
|
4195
|
-
function addClaims(parameters, claims, clientCapabilities) {
|
|
4196
|
-
const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
|
|
4197
|
-
try {
|
|
4198
|
-
JSON.parse(mergedClaims);
|
|
4199
|
-
}
|
|
4200
|
-
catch (e) {
|
|
4201
|
-
throw createClientConfigurationError(invalidClaims);
|
|
4202
|
-
}
|
|
4203
|
-
parameters.set(CLAIMS, mergedClaims);
|
|
4204
|
-
}
|
|
4205
|
-
/**
|
|
4206
|
-
* add correlationId
|
|
4207
|
-
* @param correlationId
|
|
4208
|
-
*/
|
|
4209
|
-
function addCorrelationId(parameters, correlationId) {
|
|
4210
|
-
parameters.set(CLIENT_REQUEST_ID, correlationId);
|
|
4211
|
-
}
|
|
4212
|
-
/**
|
|
4213
|
-
* add library info query params
|
|
4214
|
-
* @param libraryInfo
|
|
4215
|
-
*/
|
|
4216
|
-
function addLibraryInfo(parameters, libraryInfo) {
|
|
4217
|
-
// Telemetry Info
|
|
4218
|
-
parameters.set(X_CLIENT_SKU, libraryInfo.sku);
|
|
4219
|
-
parameters.set(X_CLIENT_VER, libraryInfo.version);
|
|
4220
|
-
if (libraryInfo.os) {
|
|
4221
|
-
parameters.set(X_CLIENT_OS, libraryInfo.os);
|
|
4222
|
-
}
|
|
4223
|
-
if (libraryInfo.cpu) {
|
|
4224
|
-
parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
|
|
4225
|
-
}
|
|
4226
|
-
}
|
|
4227
|
-
/**
|
|
4228
|
-
* Add client telemetry parameters
|
|
4229
|
-
* @param appTelemetry
|
|
4230
|
-
*/
|
|
4231
|
-
function addApplicationTelemetry(parameters, appTelemetry) {
|
|
4232
|
-
if (appTelemetry?.appName) {
|
|
4233
|
-
parameters.set(X_APP_NAME, appTelemetry.appName);
|
|
4234
|
-
}
|
|
4235
|
-
if (appTelemetry?.appVersion) {
|
|
4236
|
-
parameters.set(X_APP_VER, appTelemetry.appVersion);
|
|
4237
|
-
}
|
|
4238
|
-
}
|
|
4239
|
-
/**
|
|
4240
|
-
* add prompt
|
|
4241
|
-
* @param prompt
|
|
4242
|
-
*/
|
|
4243
|
-
function addPrompt(parameters, prompt) {
|
|
4244
|
-
parameters.set(PROMPT, prompt);
|
|
4245
|
-
}
|
|
4246
|
-
/**
|
|
4247
|
-
* add state
|
|
4248
|
-
* @param state
|
|
4249
|
-
*/
|
|
4250
|
-
function addState(parameters, state) {
|
|
4251
|
-
if (state) {
|
|
4252
|
-
parameters.set(STATE, state);
|
|
4253
|
-
}
|
|
4254
|
-
}
|
|
4255
|
-
/**
|
|
4256
|
-
* add nonce
|
|
4257
|
-
* @param nonce
|
|
4258
|
-
*/
|
|
4259
|
-
function addNonce(parameters, nonce) {
|
|
4260
|
-
parameters.set(NONCE, nonce);
|
|
4261
|
-
}
|
|
4262
|
-
/**
|
|
4263
|
-
* add code_challenge and code_challenge_method
|
|
4264
|
-
* - throw if either of them are not passed
|
|
4265
|
-
* @param codeChallenge
|
|
4266
|
-
* @param codeChallengeMethod
|
|
4267
|
-
*/
|
|
4268
|
-
function addCodeChallengeParams(parameters, codeChallenge, codeChallengeMethod) {
|
|
4269
|
-
if (codeChallenge && codeChallengeMethod) {
|
|
4270
|
-
parameters.set(CODE_CHALLENGE, codeChallenge);
|
|
4271
|
-
parameters.set(CODE_CHALLENGE_METHOD, codeChallengeMethod);
|
|
4272
|
-
}
|
|
4273
|
-
else {
|
|
4274
|
-
throw createClientConfigurationError(pkceParamsMissing);
|
|
4275
|
-
}
|
|
4276
|
-
}
|
|
4277
|
-
/**
|
|
4278
|
-
* add the `authorization_code` passed by the user to exchange for a token
|
|
4279
|
-
* @param code
|
|
4280
|
-
*/
|
|
4281
|
-
function addAuthorizationCode(parameters, code) {
|
|
4282
|
-
parameters.set(CODE, code);
|
|
4283
|
-
}
|
|
4284
|
-
/**
|
|
4285
|
-
* add the `refreshToken` passed by the user
|
|
4286
|
-
* @param refreshToken
|
|
4287
|
-
*/
|
|
4288
|
-
function addRefreshToken(parameters, refreshToken) {
|
|
4289
|
-
parameters.set(REFRESH_TOKEN, refreshToken);
|
|
4290
|
-
}
|
|
4291
|
-
/**
|
|
4292
|
-
* add the `code_verifier` passed by the user to exchange for a token
|
|
4293
|
-
* @param codeVerifier
|
|
4294
|
-
*/
|
|
4295
|
-
function addCodeVerifier(parameters, codeVerifier) {
|
|
4296
|
-
parameters.set(CODE_VERIFIER, codeVerifier);
|
|
4297
|
-
}
|
|
4298
|
-
/**
|
|
4299
|
-
* add client_secret
|
|
4300
|
-
* @param clientSecret
|
|
4301
|
-
*/
|
|
4302
|
-
function addClientSecret(parameters, clientSecret) {
|
|
4303
|
-
parameters.set(CLIENT_SECRET, clientSecret);
|
|
4304
|
-
}
|
|
4305
|
-
/**
|
|
4306
|
-
* add clientAssertion for confidential client flows
|
|
4307
|
-
* @param clientAssertion
|
|
4308
|
-
*/
|
|
4309
|
-
function addClientAssertion(parameters, clientAssertion) {
|
|
4310
|
-
if (clientAssertion) {
|
|
4311
|
-
parameters.set(CLIENT_ASSERTION, clientAssertion);
|
|
4312
|
-
}
|
|
4313
|
-
}
|
|
4314
|
-
/**
|
|
4315
|
-
* add clientAssertionType for confidential client flows
|
|
4316
|
-
* @param clientAssertionType
|
|
4317
|
-
*/
|
|
4318
|
-
function addClientAssertionType(parameters, clientAssertionType) {
|
|
4319
|
-
if (clientAssertionType) {
|
|
4320
|
-
parameters.set(CLIENT_ASSERTION_TYPE, clientAssertionType);
|
|
4321
|
-
}
|
|
4322
|
-
}
|
|
4323
|
-
/**
|
|
4324
|
-
* add grant type
|
|
4325
|
-
* @param grantType
|
|
4326
|
-
*/
|
|
4327
|
-
function addGrantType(parameters, grantType) {
|
|
4328
|
-
parameters.set(GRANT_TYPE, grantType);
|
|
4329
|
-
}
|
|
4330
|
-
/**
|
|
4331
|
-
* add client info
|
|
4332
|
-
*
|
|
4333
|
-
*/
|
|
4334
|
-
function addClientInfo(parameters) {
|
|
4335
|
-
parameters.set(CLIENT_INFO, "1");
|
|
4336
|
-
}
|
|
4337
|
-
function addInstanceAware(parameters) {
|
|
4338
|
-
if (!parameters.has(INSTANCE_AWARE)) {
|
|
4339
|
-
parameters.set(INSTANCE_AWARE, "true");
|
|
4340
|
-
}
|
|
4341
|
-
}
|
|
4342
|
-
/**
|
|
4343
|
-
* add extraQueryParams
|
|
4344
|
-
* @param eQParams
|
|
4345
|
-
*/
|
|
4346
|
-
function addExtraQueryParameters(parameters, eQParams) {
|
|
4347
|
-
Object.entries(eQParams).forEach(([key, value]) => {
|
|
4348
|
-
if (!parameters.has(key) && value) {
|
|
4349
|
-
parameters.set(key, value);
|
|
4350
|
-
}
|
|
4351
|
-
});
|
|
4352
|
-
}
|
|
4353
|
-
function addClientCapabilitiesToClaims(claims, clientCapabilities) {
|
|
4354
|
-
let mergedClaims;
|
|
4355
|
-
// Parse provided claims into JSON object or initialize empty object
|
|
4356
|
-
if (!claims) {
|
|
4357
|
-
mergedClaims = {};
|
|
4358
|
-
}
|
|
4359
|
-
else {
|
|
4360
|
-
try {
|
|
4361
|
-
mergedClaims = JSON.parse(claims);
|
|
4362
|
-
}
|
|
4363
|
-
catch (e) {
|
|
4364
|
-
throw createClientConfigurationError(invalidClaims);
|
|
4365
|
-
}
|
|
4366
|
-
}
|
|
4367
|
-
if (clientCapabilities && clientCapabilities.length > 0) {
|
|
4368
|
-
if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
|
|
4369
|
-
// Add access_token key to claims object
|
|
4370
|
-
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
|
|
4371
|
-
}
|
|
4372
|
-
// Add xms_cc claim with provided clientCapabilities to access_token key
|
|
4373
|
-
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
|
|
4374
|
-
{
|
|
4375
|
-
values: clientCapabilities,
|
|
4376
|
-
};
|
|
4377
|
-
}
|
|
4378
|
-
return JSON.stringify(mergedClaims);
|
|
4379
|
-
}
|
|
4380
|
-
/**
|
|
4381
|
-
* add pop_jwk to query params
|
|
4382
|
-
* @param cnfString
|
|
4383
|
-
*/
|
|
4384
|
-
function addPopToken(parameters, cnfString) {
|
|
4385
|
-
if (cnfString) {
|
|
4386
|
-
parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
|
|
4387
|
-
parameters.set(REQ_CNF, cnfString);
|
|
4388
|
-
}
|
|
4389
|
-
}
|
|
4390
|
-
/**
|
|
4391
|
-
* add SSH JWK and key ID to query params
|
|
4392
|
-
*/
|
|
4393
|
-
function addSshJwk(parameters, sshJwkString) {
|
|
4394
|
-
if (sshJwkString) {
|
|
4395
|
-
parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
|
|
4396
|
-
parameters.set(REQ_CNF, sshJwkString);
|
|
4397
|
-
}
|
|
4398
|
-
}
|
|
4399
|
-
/**
|
|
4400
|
-
* add server telemetry fields
|
|
4401
|
-
* @param serverTelemetryManager
|
|
4402
|
-
*/
|
|
4403
|
-
function addServerTelemetry(parameters, serverTelemetryManager) {
|
|
4404
|
-
parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
|
|
4405
|
-
parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
|
|
4406
|
-
}
|
|
4407
|
-
/**
|
|
4408
|
-
* Adds parameter that indicates to the server that throttling is supported
|
|
4409
|
-
*/
|
|
4410
|
-
function addThrottling(parameters) {
|
|
4411
|
-
parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
|
|
4412
|
-
}
|
|
4413
|
-
/**
|
|
4414
|
-
* Adds logout_hint parameter for "silent" logout which prevent server account picker
|
|
4415
|
-
*/
|
|
4416
|
-
function addLogoutHint(parameters, logoutHint) {
|
|
4417
|
-
parameters.set(LOGOUT_HINT, logoutHint);
|
|
4418
|
-
}
|
|
4419
|
-
function addBrokerParameters(parameters, brokerClientId, brokerRedirectUri) {
|
|
4420
|
-
if (!parameters.has(BROKER_CLIENT_ID)) {
|
|
4421
|
-
parameters.set(BROKER_CLIENT_ID, brokerClientId);
|
|
4422
|
-
}
|
|
4423
|
-
if (!parameters.has(BROKER_REDIRECT_URI)) {
|
|
4424
|
-
parameters.set(BROKER_REDIRECT_URI, brokerRedirectUri);
|
|
4425
|
-
}
|
|
4426
|
-
}
|
|
4427
|
-
/**
|
|
4428
|
-
* Add EAR (Encrypted Authorize Response) request parameters
|
|
4429
|
-
* @param parameters
|
|
4430
|
-
* @param jwk
|
|
4431
|
-
*/
|
|
4432
|
-
function addEARParameters(parameters, jwk) {
|
|
4433
|
-
parameters.set(EAR_JWK, encodeURIComponent(jwk));
|
|
4434
|
-
// ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
|
|
4435
|
-
const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
|
|
4436
|
-
parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
|
|
4437
|
-
}
|
|
4438
|
-
|
|
4439
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4440
|
-
/*
|
|
4441
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4442
|
-
* Licensed under the MIT License.
|
|
4443
|
-
*/
|
|
4444
|
-
function isOpenIdConfigResponse(response) {
|
|
4445
|
-
return (response.hasOwnProperty("authorization_endpoint") &&
|
|
4446
|
-
response.hasOwnProperty("token_endpoint") &&
|
|
4447
|
-
response.hasOwnProperty("issuer") &&
|
|
4448
|
-
response.hasOwnProperty("jwks_uri"));
|
|
4449
|
-
}
|
|
4450
|
-
|
|
4451
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4452
|
-
/*
|
|
4453
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4454
|
-
* Licensed under the MIT License.
|
|
4455
|
-
*/
|
|
4456
|
-
function isCloudInstanceDiscoveryResponse(response) {
|
|
4457
|
-
return (response.hasOwnProperty("tenant_discovery_endpoint") &&
|
|
4458
|
-
response.hasOwnProperty("metadata"));
|
|
4459
|
-
}
|
|
4460
|
-
|
|
4461
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4462
|
-
/*
|
|
4463
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4464
|
-
* Licensed under the MIT License.
|
|
4465
|
-
*/
|
|
4466
|
-
function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
4467
|
-
return (response.hasOwnProperty("error") &&
|
|
4468
|
-
response.hasOwnProperty("error_description"));
|
|
4469
|
-
}
|
|
4470
|
-
|
|
4471
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
4472
|
-
/*
|
|
4473
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4474
|
-
* Licensed under the MIT License.
|
|
4475
|
-
*/
|
|
4476
|
-
/**
|
|
4477
|
-
* Enumeration of operations that are instrumented by have their performance measured by the PerformanceClient.
|
|
4478
|
-
*
|
|
4479
|
-
* @export
|
|
4480
|
-
* @enum {number}
|
|
3912
|
+
* @export
|
|
3913
|
+
* @enum {number}
|
|
4481
3914
|
*/
|
|
4482
3915
|
const PerformanceEvents = {
|
|
4483
3916
|
/**
|
|
@@ -4954,34 +4387,673 @@
|
|
|
4954
4387
|
[PerformanceEvents.DecryptEarResponse, "decryptEarResp"],
|
|
4955
4388
|
]);
|
|
4956
4389
|
/**
|
|
4957
|
-
* State of the performance event.
|
|
4390
|
+
* State of the performance event.
|
|
4391
|
+
*
|
|
4392
|
+
* @export
|
|
4393
|
+
* @enum {number}
|
|
4394
|
+
*/
|
|
4395
|
+
const PerformanceEventStatus = {
|
|
4396
|
+
NotStarted: 0,
|
|
4397
|
+
InProgress: 1,
|
|
4398
|
+
Completed: 2,
|
|
4399
|
+
};
|
|
4400
|
+
const IntFields = new Set([
|
|
4401
|
+
"accessTokenSize",
|
|
4402
|
+
"durationMs",
|
|
4403
|
+
"idTokenSize",
|
|
4404
|
+
"matsSilentStatus",
|
|
4405
|
+
"matsHttpStatus",
|
|
4406
|
+
"refreshTokenSize",
|
|
4407
|
+
"queuedTimeMs",
|
|
4408
|
+
"startTimeMs",
|
|
4409
|
+
"status",
|
|
4410
|
+
"multiMatchedAT",
|
|
4411
|
+
"multiMatchedID",
|
|
4412
|
+
"multiMatchedRT",
|
|
4413
|
+
"unencryptedCacheCount",
|
|
4414
|
+
"encryptedCacheExpiredCount",
|
|
4415
|
+
]);
|
|
4416
|
+
|
|
4417
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4418
|
+
|
|
4419
|
+
/*
|
|
4420
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4421
|
+
* Licensed under the MIT License.
|
|
4422
|
+
*/
|
|
4423
|
+
class StubPerformanceMeasurement {
|
|
4424
|
+
startMeasurement() {
|
|
4425
|
+
return;
|
|
4426
|
+
}
|
|
4427
|
+
endMeasurement() {
|
|
4428
|
+
return;
|
|
4429
|
+
}
|
|
4430
|
+
flushMeasurement() {
|
|
4431
|
+
return null;
|
|
4432
|
+
}
|
|
4433
|
+
}
|
|
4434
|
+
class StubPerformanceClient {
|
|
4435
|
+
generateId() {
|
|
4436
|
+
return "callback-id";
|
|
4437
|
+
}
|
|
4438
|
+
startMeasurement(measureName, correlationId) {
|
|
4439
|
+
return {
|
|
4440
|
+
end: () => null,
|
|
4441
|
+
discard: () => { },
|
|
4442
|
+
add: () => { },
|
|
4443
|
+
increment: () => { },
|
|
4444
|
+
event: {
|
|
4445
|
+
eventId: this.generateId(),
|
|
4446
|
+
status: PerformanceEventStatus.InProgress,
|
|
4447
|
+
authority: "",
|
|
4448
|
+
libraryName: "",
|
|
4449
|
+
libraryVersion: "",
|
|
4450
|
+
clientId: "",
|
|
4451
|
+
name: measureName,
|
|
4452
|
+
startTimeMs: Date.now(),
|
|
4453
|
+
correlationId: correlationId || "",
|
|
4454
|
+
},
|
|
4455
|
+
measurement: new StubPerformanceMeasurement(),
|
|
4456
|
+
};
|
|
4457
|
+
}
|
|
4458
|
+
startPerformanceMeasurement() {
|
|
4459
|
+
return new StubPerformanceMeasurement();
|
|
4460
|
+
}
|
|
4461
|
+
calculateQueuedTime() {
|
|
4462
|
+
return 0;
|
|
4463
|
+
}
|
|
4464
|
+
addQueueMeasurement() {
|
|
4465
|
+
return;
|
|
4466
|
+
}
|
|
4467
|
+
setPreQueueTime() {
|
|
4468
|
+
return;
|
|
4469
|
+
}
|
|
4470
|
+
endMeasurement() {
|
|
4471
|
+
return null;
|
|
4472
|
+
}
|
|
4473
|
+
discardMeasurements() {
|
|
4474
|
+
return;
|
|
4475
|
+
}
|
|
4476
|
+
removePerformanceCallback() {
|
|
4477
|
+
return true;
|
|
4478
|
+
}
|
|
4479
|
+
addPerformanceCallback() {
|
|
4480
|
+
return "";
|
|
4481
|
+
}
|
|
4482
|
+
emitEvents() {
|
|
4483
|
+
return;
|
|
4484
|
+
}
|
|
4485
|
+
addFields() {
|
|
4486
|
+
return;
|
|
4487
|
+
}
|
|
4488
|
+
incrementFields() {
|
|
4489
|
+
return;
|
|
4490
|
+
}
|
|
4491
|
+
cacheEventByCorrelationId() {
|
|
4492
|
+
return;
|
|
4493
|
+
}
|
|
4494
|
+
}
|
|
4495
|
+
|
|
4496
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4497
|
+
|
|
4498
|
+
/*
|
|
4499
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4500
|
+
* Licensed under the MIT License.
|
|
4501
|
+
*/
|
|
4502
|
+
const DEFAULT_SYSTEM_OPTIONS = {
|
|
4503
|
+
tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
|
|
4504
|
+
preventCorsPreflight: false,
|
|
4505
|
+
};
|
|
4506
|
+
const DEFAULT_LOGGER_IMPLEMENTATION = {
|
|
4507
|
+
loggerCallback: () => {
|
|
4508
|
+
// allow users to not set loggerCallback
|
|
4509
|
+
},
|
|
4510
|
+
piiLoggingEnabled: false,
|
|
4511
|
+
logLevel: exports.LogLevel.Info,
|
|
4512
|
+
correlationId: Constants.EMPTY_STRING,
|
|
4513
|
+
};
|
|
4514
|
+
const DEFAULT_CACHE_OPTIONS = {
|
|
4515
|
+
claimsBasedCachingEnabled: false,
|
|
4516
|
+
};
|
|
4517
|
+
const DEFAULT_NETWORK_IMPLEMENTATION = {
|
|
4518
|
+
async sendGetRequestAsync() {
|
|
4519
|
+
throw createClientAuthError(methodNotImplemented);
|
|
4520
|
+
},
|
|
4521
|
+
async sendPostRequestAsync() {
|
|
4522
|
+
throw createClientAuthError(methodNotImplemented);
|
|
4523
|
+
},
|
|
4524
|
+
};
|
|
4525
|
+
const DEFAULT_LIBRARY_INFO = {
|
|
4526
|
+
sku: Constants.SKU,
|
|
4527
|
+
version: version$1,
|
|
4528
|
+
cpu: Constants.EMPTY_STRING,
|
|
4529
|
+
os: Constants.EMPTY_STRING,
|
|
4530
|
+
};
|
|
4531
|
+
const DEFAULT_CLIENT_CREDENTIALS = {
|
|
4532
|
+
clientSecret: Constants.EMPTY_STRING,
|
|
4533
|
+
clientAssertion: undefined,
|
|
4534
|
+
};
|
|
4535
|
+
const DEFAULT_AZURE_CLOUD_OPTIONS = {
|
|
4536
|
+
azureCloudInstance: AzureCloudInstance.None,
|
|
4537
|
+
tenant: `${Constants.DEFAULT_COMMON_TENANT}`,
|
|
4538
|
+
};
|
|
4539
|
+
const DEFAULT_TELEMETRY_OPTIONS = {
|
|
4540
|
+
application: {
|
|
4541
|
+
appName: "",
|
|
4542
|
+
appVersion: "",
|
|
4543
|
+
},
|
|
4544
|
+
};
|
|
4545
|
+
/**
|
|
4546
|
+
* Function that sets the default options when not explicitly configured from app developer
|
|
4547
|
+
*
|
|
4548
|
+
* @param Configuration
|
|
4549
|
+
*
|
|
4550
|
+
* @returns Configuration
|
|
4551
|
+
*/
|
|
4552
|
+
function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions: userSystemOptions, loggerOptions: userLoggerOption, cacheOptions: userCacheOptions, storageInterface: storageImplementation, networkInterface: networkImplementation, cryptoInterface: cryptoImplementation, clientCredentials: clientCredentials, libraryInfo: libraryInfo, telemetry: telemetry, serverTelemetryManager: serverTelemetryManager, persistencePlugin: persistencePlugin, serializableCache: serializableCache, }) {
|
|
4553
|
+
const loggerOptions = {
|
|
4554
|
+
...DEFAULT_LOGGER_IMPLEMENTATION,
|
|
4555
|
+
...userLoggerOption,
|
|
4556
|
+
};
|
|
4557
|
+
return {
|
|
4558
|
+
authOptions: buildAuthOptions(userAuthOptions),
|
|
4559
|
+
systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions },
|
|
4560
|
+
loggerOptions: loggerOptions,
|
|
4561
|
+
cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },
|
|
4562
|
+
storageInterface: storageImplementation ||
|
|
4563
|
+
new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions), new StubPerformanceClient()),
|
|
4564
|
+
networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION,
|
|
4565
|
+
cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION,
|
|
4566
|
+
clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS,
|
|
4567
|
+
libraryInfo: { ...DEFAULT_LIBRARY_INFO, ...libraryInfo },
|
|
4568
|
+
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry },
|
|
4569
|
+
serverTelemetryManager: serverTelemetryManager || null,
|
|
4570
|
+
persistencePlugin: persistencePlugin || null,
|
|
4571
|
+
serializableCache: serializableCache || null,
|
|
4572
|
+
};
|
|
4573
|
+
}
|
|
4574
|
+
/**
|
|
4575
|
+
* Construct authoptions from the client and platform passed values
|
|
4576
|
+
* @param authOptions
|
|
4577
|
+
*/
|
|
4578
|
+
function buildAuthOptions(authOptions) {
|
|
4579
|
+
return {
|
|
4580
|
+
clientCapabilities: [],
|
|
4581
|
+
azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
|
|
4582
|
+
skipAuthorityMetadataCache: false,
|
|
4583
|
+
instanceAware: false,
|
|
4584
|
+
encodeExtraQueryParams: false,
|
|
4585
|
+
...authOptions,
|
|
4586
|
+
};
|
|
4587
|
+
}
|
|
4588
|
+
/**
|
|
4589
|
+
* Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise
|
|
4590
|
+
* @param ClientConfiguration
|
|
4591
|
+
*/
|
|
4592
|
+
function isOidcProtocolMode(config) {
|
|
4593
|
+
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
4594
|
+
}
|
|
4595
|
+
|
|
4596
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4597
|
+
/*
|
|
4598
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4599
|
+
* Licensed under the MIT License.
|
|
4600
|
+
*/
|
|
4601
|
+
const CcsCredentialType = {
|
|
4602
|
+
HOME_ACCOUNT_ID: "home_account_id",
|
|
4603
|
+
UPN: "UPN",
|
|
4604
|
+
};
|
|
4605
|
+
|
|
4606
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4607
|
+
/*
|
|
4608
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4609
|
+
* Licensed under the MIT License.
|
|
4610
|
+
*/
|
|
4611
|
+
const CLIENT_ID = "client_id";
|
|
4612
|
+
const REDIRECT_URI = "redirect_uri";
|
|
4613
|
+
const RESPONSE_TYPE = "response_type";
|
|
4614
|
+
const RESPONSE_MODE = "response_mode";
|
|
4615
|
+
const GRANT_TYPE = "grant_type";
|
|
4616
|
+
const CLAIMS = "claims";
|
|
4617
|
+
const SCOPE = "scope";
|
|
4618
|
+
const REFRESH_TOKEN = "refresh_token";
|
|
4619
|
+
const STATE = "state";
|
|
4620
|
+
const NONCE = "nonce";
|
|
4621
|
+
const PROMPT = "prompt";
|
|
4622
|
+
const CODE = "code";
|
|
4623
|
+
const CODE_CHALLENGE = "code_challenge";
|
|
4624
|
+
const CODE_CHALLENGE_METHOD = "code_challenge_method";
|
|
4625
|
+
const CODE_VERIFIER = "code_verifier";
|
|
4626
|
+
const CLIENT_REQUEST_ID = "client-request-id";
|
|
4627
|
+
const X_CLIENT_SKU = "x-client-SKU";
|
|
4628
|
+
const X_CLIENT_VER = "x-client-VER";
|
|
4629
|
+
const X_CLIENT_OS = "x-client-OS";
|
|
4630
|
+
const X_CLIENT_CPU = "x-client-CPU";
|
|
4631
|
+
const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
|
|
4632
|
+
const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
|
|
4633
|
+
const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
|
|
4634
|
+
const X_APP_NAME = "x-app-name";
|
|
4635
|
+
const X_APP_VER = "x-app-ver";
|
|
4636
|
+
const POST_LOGOUT_URI = "post_logout_redirect_uri";
|
|
4637
|
+
const ID_TOKEN_HINT = "id_token_hint";
|
|
4638
|
+
const CLIENT_SECRET = "client_secret";
|
|
4639
|
+
const CLIENT_ASSERTION = "client_assertion";
|
|
4640
|
+
const CLIENT_ASSERTION_TYPE = "client_assertion_type";
|
|
4641
|
+
const TOKEN_TYPE = "token_type";
|
|
4642
|
+
const REQ_CNF = "req_cnf";
|
|
4643
|
+
const RETURN_SPA_CODE = "return_spa_code";
|
|
4644
|
+
const NATIVE_BROKER = "nativebroker";
|
|
4645
|
+
const LOGOUT_HINT = "logout_hint";
|
|
4646
|
+
const SID = "sid";
|
|
4647
|
+
const LOGIN_HINT = "login_hint";
|
|
4648
|
+
const DOMAIN_HINT = "domain_hint";
|
|
4649
|
+
const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
|
|
4650
|
+
const BROKER_CLIENT_ID = "brk_client_id";
|
|
4651
|
+
const BROKER_REDIRECT_URI = "brk_redirect_uri";
|
|
4652
|
+
const INSTANCE_AWARE = "instance_aware";
|
|
4653
|
+
const EAR_JWK = "ear_jwk";
|
|
4654
|
+
const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
4655
|
+
|
|
4656
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4657
|
+
|
|
4658
|
+
/*
|
|
4659
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4660
|
+
* Licensed under the MIT License.
|
|
4661
|
+
*/
|
|
4662
|
+
function instrumentBrokerParams(parameters, correlationId, performanceClient) {
|
|
4663
|
+
if (!correlationId) {
|
|
4664
|
+
return;
|
|
4665
|
+
}
|
|
4666
|
+
const clientId = parameters.get(CLIENT_ID);
|
|
4667
|
+
if (clientId && parameters.has(BROKER_CLIENT_ID)) {
|
|
4668
|
+
performanceClient?.addFields({
|
|
4669
|
+
embeddedClientId: clientId,
|
|
4670
|
+
embeddedRedirectUri: parameters.get(REDIRECT_URI),
|
|
4671
|
+
}, correlationId);
|
|
4672
|
+
}
|
|
4673
|
+
}
|
|
4674
|
+
/**
|
|
4675
|
+
* Add the given response_type
|
|
4676
|
+
* @param parameters
|
|
4677
|
+
* @param responseType
|
|
4678
|
+
*/
|
|
4679
|
+
function addResponseType(parameters, responseType) {
|
|
4680
|
+
parameters.set(RESPONSE_TYPE, responseType);
|
|
4681
|
+
}
|
|
4682
|
+
/**
|
|
4683
|
+
* add response_mode. defaults to query.
|
|
4684
|
+
* @param responseMode
|
|
4685
|
+
*/
|
|
4686
|
+
function addResponseMode(parameters, responseMode) {
|
|
4687
|
+
parameters.set(RESPONSE_MODE, responseMode ? responseMode : ResponseMode.QUERY);
|
|
4688
|
+
}
|
|
4689
|
+
/**
|
|
4690
|
+
* Add flag to indicate STS should attempt to use WAM if available
|
|
4691
|
+
*/
|
|
4692
|
+
function addNativeBroker(parameters) {
|
|
4693
|
+
parameters.set(NATIVE_BROKER, "1");
|
|
4694
|
+
}
|
|
4695
|
+
/**
|
|
4696
|
+
* add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
|
|
4697
|
+
* @param scopeSet
|
|
4698
|
+
* @param addOidcScopes
|
|
4699
|
+
*/
|
|
4700
|
+
function addScopes(parameters, scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {
|
|
4701
|
+
// Always add openid to the scopes when adding OIDC scopes
|
|
4702
|
+
if (addOidcScopes &&
|
|
4703
|
+
!defaultScopes.includes("openid") &&
|
|
4704
|
+
!scopes.includes("openid")) {
|
|
4705
|
+
defaultScopes.push("openid");
|
|
4706
|
+
}
|
|
4707
|
+
const requestScopes = addOidcScopes
|
|
4708
|
+
? [...(scopes || []), ...defaultScopes]
|
|
4709
|
+
: scopes || [];
|
|
4710
|
+
const scopeSet = new ScopeSet(requestScopes);
|
|
4711
|
+
parameters.set(SCOPE, scopeSet.printScopes());
|
|
4712
|
+
}
|
|
4713
|
+
/**
|
|
4714
|
+
* add clientId
|
|
4715
|
+
* @param clientId
|
|
4716
|
+
*/
|
|
4717
|
+
function addClientId(parameters, clientId) {
|
|
4718
|
+
parameters.set(CLIENT_ID, clientId);
|
|
4719
|
+
}
|
|
4720
|
+
/**
|
|
4721
|
+
* add redirect_uri
|
|
4722
|
+
* @param redirectUri
|
|
4723
|
+
*/
|
|
4724
|
+
function addRedirectUri(parameters, redirectUri) {
|
|
4725
|
+
parameters.set(REDIRECT_URI, redirectUri);
|
|
4726
|
+
}
|
|
4727
|
+
/**
|
|
4728
|
+
* add post logout redirectUri
|
|
4729
|
+
* @param redirectUri
|
|
4730
|
+
*/
|
|
4731
|
+
function addPostLogoutRedirectUri(parameters, redirectUri) {
|
|
4732
|
+
parameters.set(POST_LOGOUT_URI, redirectUri);
|
|
4733
|
+
}
|
|
4734
|
+
/**
|
|
4735
|
+
* add id_token_hint to logout request
|
|
4736
|
+
* @param idTokenHint
|
|
4737
|
+
*/
|
|
4738
|
+
function addIdTokenHint(parameters, idTokenHint) {
|
|
4739
|
+
parameters.set(ID_TOKEN_HINT, idTokenHint);
|
|
4740
|
+
}
|
|
4741
|
+
/**
|
|
4742
|
+
* add domain_hint
|
|
4743
|
+
* @param domainHint
|
|
4744
|
+
*/
|
|
4745
|
+
function addDomainHint(parameters, domainHint) {
|
|
4746
|
+
parameters.set(DOMAIN_HINT, domainHint);
|
|
4747
|
+
}
|
|
4748
|
+
/**
|
|
4749
|
+
* add login_hint
|
|
4750
|
+
* @param loginHint
|
|
4751
|
+
*/
|
|
4752
|
+
function addLoginHint(parameters, loginHint) {
|
|
4753
|
+
parameters.set(LOGIN_HINT, loginHint);
|
|
4754
|
+
}
|
|
4755
|
+
/**
|
|
4756
|
+
* Adds the CCS (Cache Credential Service) query parameter for login_hint
|
|
4757
|
+
* @param loginHint
|
|
4758
|
+
*/
|
|
4759
|
+
function addCcsUpn(parameters, loginHint) {
|
|
4760
|
+
parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
|
|
4761
|
+
}
|
|
4762
|
+
/**
|
|
4763
|
+
* Adds the CCS (Cache Credential Service) query parameter for account object
|
|
4764
|
+
* @param loginHint
|
|
4765
|
+
*/
|
|
4766
|
+
function addCcsOid(parameters, clientInfo) {
|
|
4767
|
+
parameters.set(HeaderNames.CCS_HEADER, `Oid:${clientInfo.uid}@${clientInfo.utid}`);
|
|
4768
|
+
}
|
|
4769
|
+
/**
|
|
4770
|
+
* add sid
|
|
4771
|
+
* @param sid
|
|
4772
|
+
*/
|
|
4773
|
+
function addSid(parameters, sid) {
|
|
4774
|
+
parameters.set(SID, sid);
|
|
4775
|
+
}
|
|
4776
|
+
/**
|
|
4777
|
+
* add claims
|
|
4778
|
+
* @param claims
|
|
4779
|
+
*/
|
|
4780
|
+
function addClaims(parameters, claims, clientCapabilities) {
|
|
4781
|
+
const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
|
|
4782
|
+
try {
|
|
4783
|
+
JSON.parse(mergedClaims);
|
|
4784
|
+
}
|
|
4785
|
+
catch (e) {
|
|
4786
|
+
throw createClientConfigurationError(invalidClaims);
|
|
4787
|
+
}
|
|
4788
|
+
parameters.set(CLAIMS, mergedClaims);
|
|
4789
|
+
}
|
|
4790
|
+
/**
|
|
4791
|
+
* add correlationId
|
|
4792
|
+
* @param correlationId
|
|
4793
|
+
*/
|
|
4794
|
+
function addCorrelationId(parameters, correlationId) {
|
|
4795
|
+
parameters.set(CLIENT_REQUEST_ID, correlationId);
|
|
4796
|
+
}
|
|
4797
|
+
/**
|
|
4798
|
+
* add library info query params
|
|
4799
|
+
* @param libraryInfo
|
|
4800
|
+
*/
|
|
4801
|
+
function addLibraryInfo(parameters, libraryInfo) {
|
|
4802
|
+
// Telemetry Info
|
|
4803
|
+
parameters.set(X_CLIENT_SKU, libraryInfo.sku);
|
|
4804
|
+
parameters.set(X_CLIENT_VER, libraryInfo.version);
|
|
4805
|
+
if (libraryInfo.os) {
|
|
4806
|
+
parameters.set(X_CLIENT_OS, libraryInfo.os);
|
|
4807
|
+
}
|
|
4808
|
+
if (libraryInfo.cpu) {
|
|
4809
|
+
parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
|
|
4810
|
+
}
|
|
4811
|
+
}
|
|
4812
|
+
/**
|
|
4813
|
+
* Add client telemetry parameters
|
|
4814
|
+
* @param appTelemetry
|
|
4815
|
+
*/
|
|
4816
|
+
function addApplicationTelemetry(parameters, appTelemetry) {
|
|
4817
|
+
if (appTelemetry?.appName) {
|
|
4818
|
+
parameters.set(X_APP_NAME, appTelemetry.appName);
|
|
4819
|
+
}
|
|
4820
|
+
if (appTelemetry?.appVersion) {
|
|
4821
|
+
parameters.set(X_APP_VER, appTelemetry.appVersion);
|
|
4822
|
+
}
|
|
4823
|
+
}
|
|
4824
|
+
/**
|
|
4825
|
+
* add prompt
|
|
4826
|
+
* @param prompt
|
|
4827
|
+
*/
|
|
4828
|
+
function addPrompt(parameters, prompt) {
|
|
4829
|
+
parameters.set(PROMPT, prompt);
|
|
4830
|
+
}
|
|
4831
|
+
/**
|
|
4832
|
+
* add state
|
|
4833
|
+
* @param state
|
|
4834
|
+
*/
|
|
4835
|
+
function addState(parameters, state) {
|
|
4836
|
+
if (state) {
|
|
4837
|
+
parameters.set(STATE, state);
|
|
4838
|
+
}
|
|
4839
|
+
}
|
|
4840
|
+
/**
|
|
4841
|
+
* add nonce
|
|
4842
|
+
* @param nonce
|
|
4843
|
+
*/
|
|
4844
|
+
function addNonce(parameters, nonce) {
|
|
4845
|
+
parameters.set(NONCE, nonce);
|
|
4846
|
+
}
|
|
4847
|
+
/**
|
|
4848
|
+
* add code_challenge and code_challenge_method
|
|
4849
|
+
* - throw if either of them are not passed
|
|
4850
|
+
* @param codeChallenge
|
|
4851
|
+
* @param codeChallengeMethod
|
|
4852
|
+
*/
|
|
4853
|
+
function addCodeChallengeParams(parameters, codeChallenge, codeChallengeMethod) {
|
|
4854
|
+
if (codeChallenge && codeChallengeMethod) {
|
|
4855
|
+
parameters.set(CODE_CHALLENGE, codeChallenge);
|
|
4856
|
+
parameters.set(CODE_CHALLENGE_METHOD, codeChallengeMethod);
|
|
4857
|
+
}
|
|
4858
|
+
else {
|
|
4859
|
+
throw createClientConfigurationError(pkceParamsMissing);
|
|
4860
|
+
}
|
|
4861
|
+
}
|
|
4862
|
+
/**
|
|
4863
|
+
* add the `authorization_code` passed by the user to exchange for a token
|
|
4864
|
+
* @param code
|
|
4865
|
+
*/
|
|
4866
|
+
function addAuthorizationCode(parameters, code) {
|
|
4867
|
+
parameters.set(CODE, code);
|
|
4868
|
+
}
|
|
4869
|
+
/**
|
|
4870
|
+
* add the `refreshToken` passed by the user
|
|
4871
|
+
* @param refreshToken
|
|
4872
|
+
*/
|
|
4873
|
+
function addRefreshToken(parameters, refreshToken) {
|
|
4874
|
+
parameters.set(REFRESH_TOKEN, refreshToken);
|
|
4875
|
+
}
|
|
4876
|
+
/**
|
|
4877
|
+
* add the `code_verifier` passed by the user to exchange for a token
|
|
4878
|
+
* @param codeVerifier
|
|
4879
|
+
*/
|
|
4880
|
+
function addCodeVerifier(parameters, codeVerifier) {
|
|
4881
|
+
parameters.set(CODE_VERIFIER, codeVerifier);
|
|
4882
|
+
}
|
|
4883
|
+
/**
|
|
4884
|
+
* add client_secret
|
|
4885
|
+
* @param clientSecret
|
|
4886
|
+
*/
|
|
4887
|
+
function addClientSecret(parameters, clientSecret) {
|
|
4888
|
+
parameters.set(CLIENT_SECRET, clientSecret);
|
|
4889
|
+
}
|
|
4890
|
+
/**
|
|
4891
|
+
* add clientAssertion for confidential client flows
|
|
4892
|
+
* @param clientAssertion
|
|
4893
|
+
*/
|
|
4894
|
+
function addClientAssertion(parameters, clientAssertion) {
|
|
4895
|
+
if (clientAssertion) {
|
|
4896
|
+
parameters.set(CLIENT_ASSERTION, clientAssertion);
|
|
4897
|
+
}
|
|
4898
|
+
}
|
|
4899
|
+
/**
|
|
4900
|
+
* add clientAssertionType for confidential client flows
|
|
4901
|
+
* @param clientAssertionType
|
|
4902
|
+
*/
|
|
4903
|
+
function addClientAssertionType(parameters, clientAssertionType) {
|
|
4904
|
+
if (clientAssertionType) {
|
|
4905
|
+
parameters.set(CLIENT_ASSERTION_TYPE, clientAssertionType);
|
|
4906
|
+
}
|
|
4907
|
+
}
|
|
4908
|
+
/**
|
|
4909
|
+
* add grant type
|
|
4910
|
+
* @param grantType
|
|
4911
|
+
*/
|
|
4912
|
+
function addGrantType(parameters, grantType) {
|
|
4913
|
+
parameters.set(GRANT_TYPE, grantType);
|
|
4914
|
+
}
|
|
4915
|
+
/**
|
|
4916
|
+
* add client info
|
|
4958
4917
|
*
|
|
4959
|
-
* @export
|
|
4960
|
-
* @enum {number}
|
|
4961
4918
|
*/
|
|
4962
|
-
|
|
4963
|
-
|
|
4964
|
-
|
|
4965
|
-
|
|
4966
|
-
|
|
4967
|
-
|
|
4968
|
-
|
|
4969
|
-
|
|
4970
|
-
|
|
4971
|
-
|
|
4972
|
-
|
|
4973
|
-
|
|
4974
|
-
|
|
4975
|
-
|
|
4976
|
-
|
|
4977
|
-
|
|
4978
|
-
|
|
4979
|
-
|
|
4980
|
-
|
|
4981
|
-
|
|
4982
|
-
|
|
4919
|
+
function addClientInfo(parameters) {
|
|
4920
|
+
parameters.set(CLIENT_INFO, "1");
|
|
4921
|
+
}
|
|
4922
|
+
function addInstanceAware(parameters) {
|
|
4923
|
+
if (!parameters.has(INSTANCE_AWARE)) {
|
|
4924
|
+
parameters.set(INSTANCE_AWARE, "true");
|
|
4925
|
+
}
|
|
4926
|
+
}
|
|
4927
|
+
/**
|
|
4928
|
+
* add extraQueryParams
|
|
4929
|
+
* @param eQParams
|
|
4930
|
+
*/
|
|
4931
|
+
function addExtraQueryParameters(parameters, eQParams) {
|
|
4932
|
+
Object.entries(eQParams).forEach(([key, value]) => {
|
|
4933
|
+
if (!parameters.has(key) && value) {
|
|
4934
|
+
parameters.set(key, value);
|
|
4935
|
+
}
|
|
4936
|
+
});
|
|
4937
|
+
}
|
|
4938
|
+
function addClientCapabilitiesToClaims(claims, clientCapabilities) {
|
|
4939
|
+
let mergedClaims;
|
|
4940
|
+
// Parse provided claims into JSON object or initialize empty object
|
|
4941
|
+
if (!claims) {
|
|
4942
|
+
mergedClaims = {};
|
|
4943
|
+
}
|
|
4944
|
+
else {
|
|
4945
|
+
try {
|
|
4946
|
+
mergedClaims = JSON.parse(claims);
|
|
4947
|
+
}
|
|
4948
|
+
catch (e) {
|
|
4949
|
+
throw createClientConfigurationError(invalidClaims);
|
|
4950
|
+
}
|
|
4951
|
+
}
|
|
4952
|
+
if (clientCapabilities && clientCapabilities.length > 0) {
|
|
4953
|
+
if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
|
|
4954
|
+
// Add access_token key to claims object
|
|
4955
|
+
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
|
|
4956
|
+
}
|
|
4957
|
+
// Add xms_cc claim with provided clientCapabilities to access_token key
|
|
4958
|
+
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
|
|
4959
|
+
{
|
|
4960
|
+
values: clientCapabilities,
|
|
4961
|
+
};
|
|
4962
|
+
}
|
|
4963
|
+
return JSON.stringify(mergedClaims);
|
|
4964
|
+
}
|
|
4965
|
+
/**
|
|
4966
|
+
* add pop_jwk to query params
|
|
4967
|
+
* @param cnfString
|
|
4968
|
+
*/
|
|
4969
|
+
function addPopToken(parameters, cnfString) {
|
|
4970
|
+
if (cnfString) {
|
|
4971
|
+
parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
|
|
4972
|
+
parameters.set(REQ_CNF, cnfString);
|
|
4973
|
+
}
|
|
4974
|
+
}
|
|
4975
|
+
/**
|
|
4976
|
+
* add SSH JWK and key ID to query params
|
|
4977
|
+
*/
|
|
4978
|
+
function addSshJwk(parameters, sshJwkString) {
|
|
4979
|
+
if (sshJwkString) {
|
|
4980
|
+
parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
|
|
4981
|
+
parameters.set(REQ_CNF, sshJwkString);
|
|
4982
|
+
}
|
|
4983
|
+
}
|
|
4984
|
+
/**
|
|
4985
|
+
* add server telemetry fields
|
|
4986
|
+
* @param serverTelemetryManager
|
|
4987
|
+
*/
|
|
4988
|
+
function addServerTelemetry(parameters, serverTelemetryManager) {
|
|
4989
|
+
parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
|
|
4990
|
+
parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
|
|
4991
|
+
}
|
|
4992
|
+
/**
|
|
4993
|
+
* Adds parameter that indicates to the server that throttling is supported
|
|
4994
|
+
*/
|
|
4995
|
+
function addThrottling(parameters) {
|
|
4996
|
+
parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
|
|
4997
|
+
}
|
|
4998
|
+
/**
|
|
4999
|
+
* Adds logout_hint parameter for "silent" logout which prevent server account picker
|
|
5000
|
+
*/
|
|
5001
|
+
function addLogoutHint(parameters, logoutHint) {
|
|
5002
|
+
parameters.set(LOGOUT_HINT, logoutHint);
|
|
5003
|
+
}
|
|
5004
|
+
function addBrokerParameters(parameters, brokerClientId, brokerRedirectUri) {
|
|
5005
|
+
if (!parameters.has(BROKER_CLIENT_ID)) {
|
|
5006
|
+
parameters.set(BROKER_CLIENT_ID, brokerClientId);
|
|
5007
|
+
}
|
|
5008
|
+
if (!parameters.has(BROKER_REDIRECT_URI)) {
|
|
5009
|
+
parameters.set(BROKER_REDIRECT_URI, brokerRedirectUri);
|
|
5010
|
+
}
|
|
5011
|
+
}
|
|
5012
|
+
/**
|
|
5013
|
+
* Add EAR (Encrypted Authorize Response) request parameters
|
|
5014
|
+
* @param parameters
|
|
5015
|
+
* @param jwk
|
|
5016
|
+
*/
|
|
5017
|
+
function addEARParameters(parameters, jwk) {
|
|
5018
|
+
parameters.set(EAR_JWK, encodeURIComponent(jwk));
|
|
5019
|
+
// ear_jwe_crypto will always have value: {"alg":"dir","enc":"A256GCM"} so we can hardcode this
|
|
5020
|
+
const jweCryptoB64Encoded = "eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0";
|
|
5021
|
+
parameters.set(EAR_JWE_CRYPTO, jweCryptoB64Encoded);
|
|
5022
|
+
}
|
|
5023
|
+
|
|
5024
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
5025
|
+
/*
|
|
5026
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5027
|
+
* Licensed under the MIT License.
|
|
5028
|
+
*/
|
|
5029
|
+
function isOpenIdConfigResponse(response) {
|
|
5030
|
+
return (response.hasOwnProperty("authorization_endpoint") &&
|
|
5031
|
+
response.hasOwnProperty("token_endpoint") &&
|
|
5032
|
+
response.hasOwnProperty("issuer") &&
|
|
5033
|
+
response.hasOwnProperty("jwks_uri"));
|
|
5034
|
+
}
|
|
5035
|
+
|
|
5036
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
5037
|
+
/*
|
|
5038
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5039
|
+
* Licensed under the MIT License.
|
|
5040
|
+
*/
|
|
5041
|
+
function isCloudInstanceDiscoveryResponse(response) {
|
|
5042
|
+
return (response.hasOwnProperty("tenant_discovery_endpoint") &&
|
|
5043
|
+
response.hasOwnProperty("metadata"));
|
|
5044
|
+
}
|
|
5045
|
+
|
|
5046
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
5047
|
+
/*
|
|
5048
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5049
|
+
* Licensed under the MIT License.
|
|
5050
|
+
*/
|
|
5051
|
+
function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
5052
|
+
return (response.hasOwnProperty("error") &&
|
|
5053
|
+
response.hasOwnProperty("error_description"));
|
|
5054
|
+
}
|
|
4983
5055
|
|
|
4984
|
-
/*! @azure/msal-common v15.7.
|
|
5056
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
4985
5057
|
/*
|
|
4986
5058
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4987
5059
|
* Licensed under the MIT License.
|
|
@@ -5077,7 +5149,7 @@
|
|
|
5077
5149
|
};
|
|
5078
5150
|
};
|
|
5079
5151
|
|
|
5080
|
-
/*! @azure/msal-common v15.7.
|
|
5152
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
5081
5153
|
|
|
5082
5154
|
/*
|
|
5083
5155
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5183,7 +5255,7 @@
|
|
|
5183
5255
|
},
|
|
5184
5256
|
};
|
|
5185
5257
|
|
|
5186
|
-
/*! @azure/msal-common v15.7.
|
|
5258
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
5187
5259
|
|
|
5188
5260
|
/*
|
|
5189
5261
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6022,7 +6094,7 @@
|
|
|
6022
6094
|
};
|
|
6023
6095
|
}
|
|
6024
6096
|
|
|
6025
|
-
/*! @azure/msal-common v15.7.
|
|
6097
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6026
6098
|
|
|
6027
6099
|
/*
|
|
6028
6100
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6053,7 +6125,7 @@
|
|
|
6053
6125
|
}
|
|
6054
6126
|
}
|
|
6055
6127
|
|
|
6056
|
-
/*! @azure/msal-common v15.7.
|
|
6128
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6057
6129
|
|
|
6058
6130
|
/*
|
|
6059
6131
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6072,7 +6144,7 @@
|
|
|
6072
6144
|
}
|
|
6073
6145
|
}
|
|
6074
6146
|
|
|
6075
|
-
/*! @azure/msal-common v15.7.
|
|
6147
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6076
6148
|
/*
|
|
6077
6149
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6078
6150
|
* Licensed under the MIT License.
|
|
@@ -6093,7 +6165,7 @@
|
|
|
6093
6165
|
};
|
|
6094
6166
|
}
|
|
6095
6167
|
|
|
6096
|
-
/*! @azure/msal-common v15.7.
|
|
6168
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6097
6169
|
|
|
6098
6170
|
/*
|
|
6099
6171
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6180,7 +6252,7 @@
|
|
|
6180
6252
|
}
|
|
6181
6253
|
}
|
|
6182
6254
|
|
|
6183
|
-
/*! @azure/msal-common v15.7.
|
|
6255
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6184
6256
|
|
|
6185
6257
|
/*
|
|
6186
6258
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6211,7 +6283,7 @@
|
|
|
6211
6283
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
6212
6284
|
}
|
|
6213
6285
|
|
|
6214
|
-
/*! @azure/msal-common v15.7.
|
|
6286
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6215
6287
|
|
|
6216
6288
|
/*
|
|
6217
6289
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6359,7 +6431,7 @@
|
|
|
6359
6431
|
}
|
|
6360
6432
|
}
|
|
6361
6433
|
|
|
6362
|
-
/*! @azure/msal-common v15.7.
|
|
6434
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6363
6435
|
/*
|
|
6364
6436
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6365
6437
|
* Licensed under the MIT License.
|
|
@@ -6368,6 +6440,7 @@
|
|
|
6368
6440
|
const noTokensFound = "no_tokens_found";
|
|
6369
6441
|
const nativeAccountUnavailable = "native_account_unavailable";
|
|
6370
6442
|
const refreshTokenExpired = "refresh_token_expired";
|
|
6443
|
+
const uxNotAllowed = "ux_not_allowed";
|
|
6371
6444
|
// Codes potentially returned by server
|
|
6372
6445
|
const interactionRequired = "interaction_required";
|
|
6373
6446
|
const consentRequired = "consent_required";
|
|
@@ -6382,10 +6455,11 @@
|
|
|
6382
6455
|
loginRequired: loginRequired,
|
|
6383
6456
|
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
6384
6457
|
noTokensFound: noTokensFound,
|
|
6385
|
-
refreshTokenExpired: refreshTokenExpired
|
|
6458
|
+
refreshTokenExpired: refreshTokenExpired,
|
|
6459
|
+
uxNotAllowed: uxNotAllowed
|
|
6386
6460
|
});
|
|
6387
6461
|
|
|
6388
|
-
/*! @azure/msal-common v15.7.
|
|
6462
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6389
6463
|
|
|
6390
6464
|
/*
|
|
6391
6465
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6399,6 +6473,7 @@
|
|
|
6399
6473
|
consentRequired,
|
|
6400
6474
|
loginRequired,
|
|
6401
6475
|
badToken,
|
|
6476
|
+
uxNotAllowed,
|
|
6402
6477
|
];
|
|
6403
6478
|
const InteractionRequiredAuthSubErrorMessage = [
|
|
6404
6479
|
"message_only",
|
|
@@ -6413,6 +6488,7 @@
|
|
|
6413
6488
|
[nativeAccountUnavailable]: "The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",
|
|
6414
6489
|
[refreshTokenExpired]: "Refresh token has expired.",
|
|
6415
6490
|
[badToken]: "Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.",
|
|
6491
|
+
[uxNotAllowed]: "`canShowUI` flag in Edge was set to false. User interaction required on web page. Please invoke an interactive API to resolve.",
|
|
6416
6492
|
};
|
|
6417
6493
|
/**
|
|
6418
6494
|
* Interaction required errors defined by the SDK
|
|
@@ -6473,7 +6549,7 @@
|
|
|
6473
6549
|
return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
|
|
6474
6550
|
}
|
|
6475
6551
|
|
|
6476
|
-
/*! @azure/msal-common v15.7.
|
|
6552
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6477
6553
|
|
|
6478
6554
|
/*
|
|
6479
6555
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6545,7 +6621,7 @@
|
|
|
6545
6621
|
}
|
|
6546
6622
|
}
|
|
6547
6623
|
|
|
6548
|
-
/*! @azure/msal-common v15.7.
|
|
6624
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6549
6625
|
|
|
6550
6626
|
/*
|
|
6551
6627
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6629,7 +6705,7 @@
|
|
|
6629
6705
|
}
|
|
6630
6706
|
}
|
|
6631
6707
|
|
|
6632
|
-
/*! @azure/msal-common v15.7.
|
|
6708
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6633
6709
|
/*
|
|
6634
6710
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6635
6711
|
* Licensed under the MIT License.
|
|
@@ -6656,7 +6732,7 @@
|
|
|
6656
6732
|
}
|
|
6657
6733
|
}
|
|
6658
6734
|
|
|
6659
|
-
/*! @azure/msal-common v15.7.
|
|
6735
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6660
6736
|
|
|
6661
6737
|
/*
|
|
6662
6738
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6987,7 +7063,7 @@
|
|
|
6987
7063
|
return baseAccount;
|
|
6988
7064
|
}
|
|
6989
7065
|
|
|
6990
|
-
/*! @azure/msal-common v15.7.
|
|
7066
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
6991
7067
|
|
|
6992
7068
|
/*
|
|
6993
7069
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7054,7 +7130,7 @@
|
|
|
7054
7130
|
}
|
|
7055
7131
|
}
|
|
7056
7132
|
|
|
7057
|
-
/*! @azure/msal-common v15.7.
|
|
7133
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7058
7134
|
/*
|
|
7059
7135
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7060
7136
|
* Licensed under the MIT License.
|
|
@@ -7072,7 +7148,7 @@
|
|
|
7072
7148
|
}
|
|
7073
7149
|
}
|
|
7074
7150
|
|
|
7075
|
-
/*! @azure/msal-common v15.7.
|
|
7151
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7076
7152
|
|
|
7077
7153
|
/*
|
|
7078
7154
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7305,7 +7381,7 @@
|
|
|
7305
7381
|
}
|
|
7306
7382
|
}
|
|
7307
7383
|
|
|
7308
|
-
/*! @azure/msal-common v15.7.
|
|
7384
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7309
7385
|
|
|
7310
7386
|
/*
|
|
7311
7387
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7514,7 +7590,7 @@
|
|
|
7514
7590
|
}
|
|
7515
7591
|
}
|
|
7516
7592
|
|
|
7517
|
-
/*! @azure/msal-common v15.7.
|
|
7593
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7518
7594
|
|
|
7519
7595
|
/*
|
|
7520
7596
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7546,7 +7622,7 @@
|
|
|
7546
7622
|
const requestTenantId = request.account.tenantId ||
|
|
7547
7623
|
getTenantFromAuthorityString(request.authority);
|
|
7548
7624
|
const tokenKeys = this.cacheManager.getTokenKeys();
|
|
7549
|
-
const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId
|
|
7625
|
+
const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId);
|
|
7550
7626
|
if (!cachedAccessToken) {
|
|
7551
7627
|
// must refresh due to non-existent access_token
|
|
7552
7628
|
this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
|
|
@@ -7612,7 +7688,7 @@
|
|
|
7612
7688
|
}
|
|
7613
7689
|
}
|
|
7614
7690
|
|
|
7615
|
-
/*! @azure/msal-common v15.7.
|
|
7691
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7616
7692
|
|
|
7617
7693
|
/*
|
|
7618
7694
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7627,7 +7703,7 @@
|
|
|
7627
7703
|
},
|
|
7628
7704
|
};
|
|
7629
7705
|
|
|
7630
|
-
/*! @azure/msal-common v15.7.
|
|
7706
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7631
7707
|
|
|
7632
7708
|
/*
|
|
7633
7709
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7851,7 +7927,7 @@
|
|
|
7851
7927
|
return account.idTokenClaims?.login_hint || null;
|
|
7852
7928
|
}
|
|
7853
7929
|
|
|
7854
|
-
/*! @azure/msal-common v15.7.
|
|
7930
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7855
7931
|
|
|
7856
7932
|
/*
|
|
7857
7933
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7909,7 +7985,7 @@
|
|
|
7909
7985
|
}
|
|
7910
7986
|
}
|
|
7911
7987
|
|
|
7912
|
-
/*! @azure/msal-common v15.7.
|
|
7988
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
7913
7989
|
|
|
7914
7990
|
/*
|
|
7915
7991
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8172,7 +8248,7 @@
|
|
|
8172
8248
|
}
|
|
8173
8249
|
}
|
|
8174
8250
|
|
|
8175
|
-
/*! @azure/msal-common v15.7.
|
|
8251
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
8176
8252
|
/*
|
|
8177
8253
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8178
8254
|
* Licensed under the MIT License.
|
|
@@ -8180,7 +8256,7 @@
|
|
|
8180
8256
|
const missingKidError = "missing_kid_error";
|
|
8181
8257
|
const missingAlgError = "missing_alg_error";
|
|
8182
8258
|
|
|
8183
|
-
/*! @azure/msal-common v15.7.
|
|
8259
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
8184
8260
|
|
|
8185
8261
|
/*
|
|
8186
8262
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8205,7 +8281,7 @@
|
|
|
8205
8281
|
return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
|
|
8206
8282
|
}
|
|
8207
8283
|
|
|
8208
|
-
/*! @azure/msal-common v15.7.
|
|
8284
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
8209
8285
|
|
|
8210
8286
|
/*
|
|
8211
8287
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8245,86 +8321,7 @@
|
|
|
8245
8321
|
}
|
|
8246
8322
|
}
|
|
8247
8323
|
|
|
8248
|
-
/*! @azure/msal-common v15.7.
|
|
8249
|
-
|
|
8250
|
-
/*
|
|
8251
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8252
|
-
* Licensed under the MIT License.
|
|
8253
|
-
*/
|
|
8254
|
-
class StubPerformanceMeasurement {
|
|
8255
|
-
startMeasurement() {
|
|
8256
|
-
return;
|
|
8257
|
-
}
|
|
8258
|
-
endMeasurement() {
|
|
8259
|
-
return;
|
|
8260
|
-
}
|
|
8261
|
-
flushMeasurement() {
|
|
8262
|
-
return null;
|
|
8263
|
-
}
|
|
8264
|
-
}
|
|
8265
|
-
class StubPerformanceClient {
|
|
8266
|
-
generateId() {
|
|
8267
|
-
return "callback-id";
|
|
8268
|
-
}
|
|
8269
|
-
startMeasurement(measureName, correlationId) {
|
|
8270
|
-
return {
|
|
8271
|
-
end: () => null,
|
|
8272
|
-
discard: () => { },
|
|
8273
|
-
add: () => { },
|
|
8274
|
-
increment: () => { },
|
|
8275
|
-
event: {
|
|
8276
|
-
eventId: this.generateId(),
|
|
8277
|
-
status: PerformanceEventStatus.InProgress,
|
|
8278
|
-
authority: "",
|
|
8279
|
-
libraryName: "",
|
|
8280
|
-
libraryVersion: "",
|
|
8281
|
-
clientId: "",
|
|
8282
|
-
name: measureName,
|
|
8283
|
-
startTimeMs: Date.now(),
|
|
8284
|
-
correlationId: correlationId || "",
|
|
8285
|
-
},
|
|
8286
|
-
measurement: new StubPerformanceMeasurement(),
|
|
8287
|
-
};
|
|
8288
|
-
}
|
|
8289
|
-
startPerformanceMeasurement() {
|
|
8290
|
-
return new StubPerformanceMeasurement();
|
|
8291
|
-
}
|
|
8292
|
-
calculateQueuedTime() {
|
|
8293
|
-
return 0;
|
|
8294
|
-
}
|
|
8295
|
-
addQueueMeasurement() {
|
|
8296
|
-
return;
|
|
8297
|
-
}
|
|
8298
|
-
setPreQueueTime() {
|
|
8299
|
-
return;
|
|
8300
|
-
}
|
|
8301
|
-
endMeasurement() {
|
|
8302
|
-
return null;
|
|
8303
|
-
}
|
|
8304
|
-
discardMeasurements() {
|
|
8305
|
-
return;
|
|
8306
|
-
}
|
|
8307
|
-
removePerformanceCallback() {
|
|
8308
|
-
return true;
|
|
8309
|
-
}
|
|
8310
|
-
addPerformanceCallback() {
|
|
8311
|
-
return "";
|
|
8312
|
-
}
|
|
8313
|
-
emitEvents() {
|
|
8314
|
-
return;
|
|
8315
|
-
}
|
|
8316
|
-
addFields() {
|
|
8317
|
-
return;
|
|
8318
|
-
}
|
|
8319
|
-
incrementFields() {
|
|
8320
|
-
return;
|
|
8321
|
-
}
|
|
8322
|
-
cacheEventByCorrelationId() {
|
|
8323
|
-
return;
|
|
8324
|
-
}
|
|
8325
|
-
}
|
|
8326
|
-
|
|
8327
|
-
/*! @azure/msal-common v15.7.0 2025-06-10 */
|
|
8324
|
+
/*! @azure/msal-common v15.7.1 2025-06-18 */
|
|
8328
8325
|
|
|
8329
8326
|
/*
|
|
8330
8327
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10429,7 +10426,7 @@
|
|
|
10429
10426
|
|
|
10430
10427
|
/* eslint-disable header/header */
|
|
10431
10428
|
const name = "@azure/msal-browser";
|
|
10432
|
-
const version = "4.13.
|
|
10429
|
+
const version = "4.13.2";
|
|
10433
10430
|
|
|
10434
10431
|
/*
|
|
10435
10432
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -11273,7 +11270,9 @@
|
|
|
11273
11270
|
async removeTokenBindingKey(kid) {
|
|
11274
11271
|
await this.cache.removeItem(kid);
|
|
11275
11272
|
const keyFound = await this.cache.containsKey(kid);
|
|
11276
|
-
|
|
11273
|
+
if (keyFound) {
|
|
11274
|
+
throw createClientAuthError(bindingKeyNotRemoved);
|
|
11275
|
+
}
|
|
11277
11276
|
}
|
|
11278
11277
|
/**
|
|
11279
11278
|
* Removes all cryptographic keys from IndexedDB storage
|
|
@@ -11795,14 +11794,13 @@
|
|
|
11795
11794
|
*/
|
|
11796
11795
|
class BrowserCacheManager extends CacheManager {
|
|
11797
11796
|
constructor(clientId, cacheConfig, cryptoImpl, logger, performanceClient, eventHandler, staticAuthorityOptions) {
|
|
11798
|
-
super(clientId, cryptoImpl, logger, staticAuthorityOptions);
|
|
11797
|
+
super(clientId, cryptoImpl, logger, performanceClient, staticAuthorityOptions);
|
|
11799
11798
|
this.cacheConfig = cacheConfig;
|
|
11800
11799
|
this.logger = logger;
|
|
11801
11800
|
this.internalStorage = new MemoryStorage();
|
|
11802
11801
|
this.browserStorage = getStorageImplementation(clientId, cacheConfig.cacheLocation, logger, performanceClient);
|
|
11803
11802
|
this.temporaryCacheStorage = getStorageImplementation(clientId, cacheConfig.temporaryCacheLocation, logger, performanceClient);
|
|
11804
11803
|
this.cookieStorage = new CookieStorage();
|
|
11805
|
-
this.performanceClient = performanceClient;
|
|
11806
11804
|
this.eventHandler = eventHandler;
|
|
11807
11805
|
}
|
|
11808
11806
|
async initialize(correlationId) {
|
|
@@ -11930,16 +11928,16 @@
|
|
|
11930
11928
|
* Extends inherited removeAccount function to include removal of the account key from the map
|
|
11931
11929
|
* @param key
|
|
11932
11930
|
*/
|
|
11933
|
-
|
|
11934
|
-
|
|
11931
|
+
removeAccount(key, correlationId) {
|
|
11932
|
+
super.removeAccount(key, correlationId);
|
|
11935
11933
|
this.removeAccountKeyFromMap(key);
|
|
11936
11934
|
}
|
|
11937
11935
|
/**
|
|
11938
11936
|
* Removes credentials associated with the provided account
|
|
11939
11937
|
* @param account
|
|
11940
11938
|
*/
|
|
11941
|
-
|
|
11942
|
-
|
|
11939
|
+
removeAccountContext(account, correlationId) {
|
|
11940
|
+
super.removeAccountContext(account, correlationId);
|
|
11943
11941
|
/**
|
|
11944
11942
|
* @deprecated - Remove this in next major version in favor of more consistent LOGOUT event
|
|
11945
11943
|
*/
|
|
@@ -11959,8 +11957,8 @@
|
|
|
11959
11957
|
* Removes given accessToken from the cache and from the key map
|
|
11960
11958
|
* @param key
|
|
11961
11959
|
*/
|
|
11962
|
-
|
|
11963
|
-
|
|
11960
|
+
removeAccessToken(key, correlationId) {
|
|
11961
|
+
super.removeAccessToken(key, correlationId);
|
|
11964
11962
|
this.removeTokenKey(key, CredentialType.ACCESS_TOKEN);
|
|
11965
11963
|
}
|
|
11966
11964
|
/**
|
|
@@ -12405,9 +12403,9 @@
|
|
|
12405
12403
|
/**
|
|
12406
12404
|
* Clears all cache entries created by MSAL.
|
|
12407
12405
|
*/
|
|
12408
|
-
|
|
12406
|
+
clear(correlationId) {
|
|
12409
12407
|
// Removes all accounts and their credentials
|
|
12410
|
-
|
|
12408
|
+
this.removeAllAccounts(correlationId);
|
|
12411
12409
|
this.removeAppMetadata();
|
|
12412
12410
|
// Remove temp storage first to make sure any cookies are cleared
|
|
12413
12411
|
this.temporaryCacheStorage.getKeys().forEach((cacheKey) => {
|
|
@@ -12431,22 +12429,22 @@
|
|
|
12431
12429
|
* @param correlationId {string} correlation id
|
|
12432
12430
|
* @returns
|
|
12433
12431
|
*/
|
|
12434
|
-
|
|
12435
|
-
performanceClient.addQueueMeasurement(PerformanceEvents.ClearTokensAndKeysWithClaims, correlationId);
|
|
12432
|
+
clearTokensAndKeysWithClaims(correlationId) {
|
|
12433
|
+
this.performanceClient.addQueueMeasurement(PerformanceEvents.ClearTokensAndKeysWithClaims, correlationId);
|
|
12436
12434
|
const tokenKeys = this.getTokenKeys();
|
|
12437
|
-
|
|
12435
|
+
let removedAccessTokens = 0;
|
|
12438
12436
|
tokenKeys.accessToken.forEach((key) => {
|
|
12439
12437
|
// if the access token has claims in its key, remove the token key and the token
|
|
12440
12438
|
const credential = this.getAccessTokenCredential(key);
|
|
12441
12439
|
if (credential?.requestedClaimsHash &&
|
|
12442
12440
|
key.includes(credential.requestedClaimsHash.toLowerCase())) {
|
|
12443
|
-
|
|
12441
|
+
this.removeAccessToken(key, correlationId);
|
|
12442
|
+
removedAccessTokens++;
|
|
12444
12443
|
}
|
|
12445
12444
|
});
|
|
12446
|
-
await Promise.all(removedAccessTokens);
|
|
12447
12445
|
// warn if any access tokens are removed
|
|
12448
|
-
if (removedAccessTokens
|
|
12449
|
-
this.logger.warning(`${removedAccessTokens
|
|
12446
|
+
if (removedAccessTokens > 0) {
|
|
12447
|
+
this.logger.warning(`${removedAccessTokens} access tokens with claims in the cache keys have been removed from the cache.`);
|
|
12450
12448
|
}
|
|
12451
12449
|
}
|
|
12452
12450
|
/**
|
|
@@ -12920,7 +12918,7 @@
|
|
|
12920
12918
|
}
|
|
12921
12919
|
// Clear given account.
|
|
12922
12920
|
try {
|
|
12923
|
-
|
|
12921
|
+
this.browserStorage.removeAccount(AccountEntity.generateAccountCacheKey(account), this.correlationId);
|
|
12924
12922
|
this.logger.verbose("Cleared cache items belonging to the account provided in the logout request.");
|
|
12925
12923
|
}
|
|
12926
12924
|
catch (error) {
|
|
@@ -12931,7 +12929,7 @@
|
|
|
12931
12929
|
try {
|
|
12932
12930
|
this.logger.verbose("No account provided in logout request, clearing all cache items.", this.correlationId);
|
|
12933
12931
|
// Clear all accounts and tokens
|
|
12934
|
-
|
|
12932
|
+
this.browserStorage.clear(this.correlationId);
|
|
12935
12933
|
// Clear any stray keys from IndexedDB
|
|
12936
12934
|
await this.browserCrypto.clearKeystore();
|
|
12937
12935
|
}
|
|
@@ -13433,7 +13431,8 @@
|
|
|
13433
13431
|
const NO_NETWORK = "NO_NETWORK";
|
|
13434
13432
|
const PERSISTENT_ERROR = "PERSISTENT_ERROR";
|
|
13435
13433
|
const DISABLED = "DISABLED";
|
|
13436
|
-
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
13434
|
+
const ACCOUNT_UNAVAILABLE = "ACCOUNT_UNAVAILABLE";
|
|
13435
|
+
const UX_NOT_ALLOWED = "UX_NOT_ALLOWED";
|
|
13437
13436
|
|
|
13438
13437
|
/*
|
|
13439
13438
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -13491,6 +13490,8 @@
|
|
|
13491
13490
|
return createBrowserAuthError(userCancelled);
|
|
13492
13491
|
case NO_NETWORK:
|
|
13493
13492
|
return createBrowserAuthError(noNetworkConnectivity);
|
|
13493
|
+
case UX_NOT_ALLOWED:
|
|
13494
|
+
return createInteractionRequiredAuthError(uxNotAllowed);
|
|
13494
13495
|
}
|
|
13495
13496
|
}
|
|
13496
13497
|
return new NativeAuthError(code, NativeAuthErrorMessages[code] || description, ext);
|
|
@@ -13931,9 +13932,7 @@
|
|
|
13931
13932
|
// Store the account info and hence `nativeAccountId` in browser cache
|
|
13932
13933
|
await this.browserStorage.setAccount(accountEntity, this.correlationId);
|
|
13933
13934
|
// Remove any existing cached tokens for this account in browser storage
|
|
13934
|
-
this.browserStorage.removeAccountContext(accountEntity
|
|
13935
|
-
this.logger.error(`Error occurred while removing account context from browser storage. ${e}`);
|
|
13936
|
-
});
|
|
13935
|
+
this.browserStorage.removeAccountContext(accountEntity, this.correlationId);
|
|
13937
13936
|
}
|
|
13938
13937
|
/**
|
|
13939
13938
|
* Stores the access_token and id_token in inmemory storage
|
|
@@ -14889,14 +14888,14 @@
|
|
|
14889
14888
|
* @param authenticationScheme
|
|
14890
14889
|
*/
|
|
14891
14890
|
function isPlatformAuthAllowed(config, logger, platformAuthProvider, authenticationScheme) {
|
|
14892
|
-
logger.trace("
|
|
14891
|
+
logger.trace("isPlatformAuthAllowed called");
|
|
14893
14892
|
if (!config.system.allowPlatformBroker) {
|
|
14894
|
-
logger.trace("
|
|
14893
|
+
logger.trace("isPlatformAuthAllowed: allowPlatformBroker is not enabled, returning false");
|
|
14895
14894
|
// Developer disabled WAM
|
|
14896
14895
|
return false;
|
|
14897
14896
|
}
|
|
14898
14897
|
if (!platformAuthProvider) {
|
|
14899
|
-
logger.trace("
|
|
14898
|
+
logger.trace("isPlatformAuthAllowed: Platform auth provider is not initialized, returning false");
|
|
14900
14899
|
// Platform broker auth providers are not available
|
|
14901
14900
|
return false;
|
|
14902
14901
|
}
|
|
@@ -14904,10 +14903,10 @@
|
|
|
14904
14903
|
switch (authenticationScheme) {
|
|
14905
14904
|
case AuthenticationScheme.BEARER:
|
|
14906
14905
|
case AuthenticationScheme.POP:
|
|
14907
|
-
logger.trace("
|
|
14906
|
+
logger.trace("isPlatformAuthAllowed: authenticationScheme is supported, returning true");
|
|
14908
14907
|
return true;
|
|
14909
14908
|
default:
|
|
14910
|
-
logger.trace("
|
|
14909
|
+
logger.trace("isPlatformAuthAllowed: authenticationScheme is not supported, returning false");
|
|
14911
14910
|
return false;
|
|
14912
14911
|
}
|
|
14913
14912
|
}
|
|
@@ -15117,7 +15116,7 @@
|
|
|
15117
15116
|
if (validRequest.account?.homeAccountId &&
|
|
15118
15117
|
validRequest.postLogoutRedirectUri &&
|
|
15119
15118
|
authClient.authority.protocolMode === ProtocolMode.OIDC) {
|
|
15120
|
-
|
|
15119
|
+
this.browserStorage.removeAccount(validRequest.account?.homeAccountId, this.correlationId);
|
|
15121
15120
|
this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, exports.InteractionType.Popup, validRequest);
|
|
15122
15121
|
if (mainWindowRedirectUri) {
|
|
15123
15122
|
const navigationOptions = {
|
|
@@ -15713,7 +15712,7 @@
|
|
|
15713
15712
|
}
|
|
15714
15713
|
catch {
|
|
15715
15714
|
if (validLogoutRequest.account?.homeAccountId) {
|
|
15716
|
-
|
|
15715
|
+
this.browserStorage.removeAccount(validLogoutRequest.account?.homeAccountId, this.correlationId);
|
|
15717
15716
|
this.eventHandler.emitEvent(EventType.LOGOUT_SUCCESS, exports.InteractionType.Redirect, validLogoutRequest);
|
|
15718
15717
|
return;
|
|
15719
15718
|
}
|
|
@@ -16553,7 +16552,7 @@
|
|
|
16553
16552
|
}
|
|
16554
16553
|
if (!this.config.cache.claimsBasedCachingEnabled) {
|
|
16555
16554
|
this.logger.verbose("Claims-based caching is disabled. Clearing the previous cache with claims");
|
|
16556
|
-
|
|
16555
|
+
invoke(this.browserStorage.clearTokensAndKeysWithClaims.bind(this.browserStorage), PerformanceEvents.ClearTokensAndKeysWithClaims, this.logger, this.performanceClient, initCorrelationId)(initCorrelationId);
|
|
16557
16556
|
}
|
|
16558
16557
|
this.config.system.asyncPopups &&
|
|
16559
16558
|
(await this.preGeneratePkceCodes(initCorrelationId));
|
|
@@ -18303,7 +18302,7 @@
|
|
|
18303
18302
|
};
|
|
18304
18303
|
// fetch access token and check for expiry
|
|
18305
18304
|
const tokenKeys = this.browserStorage.getTokenKeys();
|
|
18306
|
-
const cachedAccessToken = this.browserStorage.getAccessToken(currentAccount, authRequest, tokenKeys, currentAccount.tenantId
|
|
18305
|
+
const cachedAccessToken = this.browserStorage.getAccessToken(currentAccount, authRequest, tokenKeys, currentAccount.tenantId);
|
|
18307
18306
|
// If there is no access token, log it and return null
|
|
18308
18307
|
if (!cachedAccessToken) {
|
|
18309
18308
|
this.logger.verbose("No cached access token found");
|
|
@@ -19816,7 +19815,20 @@
|
|
|
19816
19815
|
* @returns If keys are properly deleted
|
|
19817
19816
|
*/
|
|
19818
19817
|
async removeKeys(publicKeyThumbprint) {
|
|
19819
|
-
return this.cryptoOps
|
|
19818
|
+
return this.cryptoOps
|
|
19819
|
+
.removeTokenBindingKey(publicKeyThumbprint)
|
|
19820
|
+
.then(() => true)
|
|
19821
|
+
.catch((error) => {
|
|
19822
|
+
/*
|
|
19823
|
+
* @deprecated - To maintain public API signature, we return false if the error is due to the key still being present in indexedDB.
|
|
19824
|
+
*/
|
|
19825
|
+
if (error instanceof ClientAuthError &&
|
|
19826
|
+
error.errorCode ===
|
|
19827
|
+
bindingKeyNotRemoved) {
|
|
19828
|
+
return false;
|
|
19829
|
+
}
|
|
19830
|
+
throw error;
|
|
19831
|
+
});
|
|
19820
19832
|
}
|
|
19821
19833
|
}
|
|
19822
19834
|
|