@azure/msal-browser 4.25.0 → 4.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientNext.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.d.ts +64 -7
- package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +400 -141
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.d.ts +3 -3
- package/dist/cache/CacheKeys.mjs +4 -4
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/IWindowStorage.d.ts +1 -1
- package/dist/cache/IWindowStorage.d.ts.map +1 -1
- package/dist/cache/LocalStorage.d.ts +1 -1
- package/dist/cache/LocalStorage.d.ts.map +1 -1
- package/dist/cache/LocalStorage.mjs +21 -12
- package/dist/cache/LocalStorage.mjs.map +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.d.ts.map +1 -1
- package/dist/cache/TokenCache.mjs +14 -13
- package/dist/cache/TokenCache.mjs.map +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/ControllerFactory.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +3 -3
- package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +3 -3
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
- package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts +64 -7
- package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +400 -141
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.d.ts +3 -3
- package/dist/custom-auth-path/cache/CacheKeys.mjs +4 -4
- package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
- package/dist/custom-auth-path/cache/IWindowStorage.d.ts +1 -1
- package/dist/custom-auth-path/cache/IWindowStorage.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.d.ts +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.mjs +21 -12
- package/dist/custom-auth-path/cache/LocalStorage.mjs.map +1 -1
- package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/TokenCache.mjs +14 -13
- package/dist/custom-auth-path/cache/TokenCache.mjs.map +1 -1
- package/dist/custom-auth-path/config/Configuration.mjs +1 -1
- package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
- package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.mjs +3 -3
- package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
- package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
- package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
- package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.d.ts +29 -0
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.d.ts.map +1 -0
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +45 -0
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs.map +1 -0
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +9 -3
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +7 -6
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +6 -2
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +5 -4
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.d.ts +7 -0
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +12 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.d.ts +7 -0
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +12 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +8 -0
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +16 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +6 -2
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +4 -3
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +6 -2
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +4 -4
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +8 -0
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +16 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +4 -3
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +4 -3
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +4 -3
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.d.ts +8 -0
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +16 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.d.ts +8 -0
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +16 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.d.ts +8 -0
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +16 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +4 -7
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +4 -4
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +4 -4
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +4 -4
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +4 -3
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +9 -12
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +7 -8
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +7 -8
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +4 -7
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +6 -8
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +4 -4
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +6 -8
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +5 -6
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.d.ts +5 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +10 -2
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts +4 -0
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +9 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs.map +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
- package/dist/custom-auth-path/event/EventType.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +7 -7
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
- package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
- package/dist/custom-auth-path/packageMetadata.mjs +2 -2
- package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
- package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
- package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.d.ts +4 -0
- package/dist/custom_auth/core/auth_flow/AuthFlowState.d.ts.map +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.d.ts +29 -0
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.d.ts.map +1 -0
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +9 -3
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +6 -2
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.d.ts +7 -0
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.d.ts.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.d.ts +7 -0
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.d.ts.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +8 -0
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +6 -2
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +6 -2
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.d.ts +4 -0
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.d.ts.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.d.ts +4 -0
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.d.ts.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +8 -0
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.d.ts.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.d.ts.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.d.ts.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.d.ts +8 -0
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.d.ts.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.d.ts +8 -0
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.d.ts.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.d.ts +8 -0
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.d.ts.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.d.ts.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.d.ts.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.d.ts.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.d.ts.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts +4 -0
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.d.ts +4 -0
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.d.ts.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.d.ts +4 -0
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.d.ts.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts +4 -0
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.d.ts.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts +4 -0
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.d.ts +4 -0
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.d.ts.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts +4 -0
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.d.ts +4 -0
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.d.ts.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts +4 -0
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.d.ts.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.d.ts.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.d.ts.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.d.ts.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.d.ts.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts +4 -0
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts +4 -0
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.d.ts +5 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.d.ts.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.d.ts +4 -0
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.d.ts.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts +4 -0
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts.map +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +7 -7
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/msal-custom-auth.cjs +6065 -5537
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts +64 -7
- package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/custom-auth-path/types/cache/CacheKeys.d.ts +3 -3
- package/lib/custom-auth-path/types/cache/IWindowStorage.d.ts +1 -1
- package/lib/custom-auth-path/types/cache/IWindowStorage.d.ts.map +1 -1
- package/lib/custom-auth-path/types/cache/LocalStorage.d.ts +1 -1
- package/lib/custom-auth-path/types/cache/LocalStorage.d.ts.map +1 -1
- package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/AuthFlowState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/AuthFlowState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/AuthFlowStateTypes.d.ts +29 -0
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/AuthFlowStateTypes.d.ts.map +1 -0
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +9 -3
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +6 -2
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.d.ts +7 -0
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.d.ts +7 -0
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +8 -0
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +6 -2
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +6 -2
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/state/MfaFailedState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/state/MfaFailedState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +8 -0
- package/lib/custom-auth-path/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/get_account/auth_flow/result/GetAccountResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/get_account/auth_flow/result/SignOutResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/get_account/auth_flow/state/GetAccessTokenState.d.ts +8 -0
- package/lib/custom-auth-path/types/custom_auth/get_account/auth_flow/state/GetAccessTokenState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/get_account/auth_flow/state/GetAccountState.d.ts +8 -0
- package/lib/custom-auth-path/types/custom_auth/get_account/auth_flow/state/GetAccountState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/get_account/auth_flow/state/SignOutState.d.ts +8 -0
- package/lib/custom-auth-path/types/custom_auth/get_account/auth_flow/state/SignOutState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInCompletedState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInCompletedState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInFailedState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInFailedState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/result/SignUpResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.d.ts +5 -1
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpFailedState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpFailedState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts +4 -0
- package/lib/custom-auth-path/types/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts.map +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
- package/lib/msal-browser.cjs +946 -656
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +946 -656
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +67 -67
- package/lib/types/cache/BrowserCacheManager.d.ts +64 -7
- package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/types/cache/CacheKeys.d.ts +3 -3
- package/lib/types/cache/IWindowStorage.d.ts +1 -1
- package/lib/types/cache/IWindowStorage.d.ts.map +1 -1
- package/lib/types/cache/LocalStorage.d.ts +1 -1
- package/lib/types/cache/LocalStorage.d.ts.map +1 -1
- package/lib/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/types/custom_auth/core/auth_flow/AuthFlowState.d.ts +4 -0
- package/lib/types/custom_auth/core/auth_flow/AuthFlowState.d.ts.map +1 -1
- package/lib/types/custom_auth/core/auth_flow/AuthFlowStateTypes.d.ts +29 -0
- package/lib/types/custom_auth/core/auth_flow/AuthFlowStateTypes.d.ts.map +1 -0
- package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts +9 -3
- package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.d.ts.map +1 -1
- package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts +6 -2
- package/lib/types/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.d.ts.map +1 -1
- package/lib/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.d.ts +7 -0
- package/lib/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.d.ts.map +1 -1
- package/lib/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.d.ts +7 -0
- package/lib/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.d.ts.map +1 -1
- package/lib/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts +8 -0
- package/lib/types/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.d.ts.map +1 -1
- package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts +6 -2
- package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.d.ts.map +1 -1
- package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts +6 -2
- package/lib/types/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.d.ts.map +1 -1
- package/lib/types/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.d.ts +4 -0
- package/lib/types/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.d.ts.map +1 -1
- package/lib/types/custom_auth/core/auth_flow/mfa/state/MfaFailedState.d.ts +4 -0
- package/lib/types/custom_auth/core/auth_flow/mfa/state/MfaFailedState.d.ts.map +1 -1
- package/lib/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts +8 -0
- package/lib/types/custom_auth/core/auth_flow/mfa/state/MfaState.d.ts.map +1 -1
- package/lib/types/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.d.ts.map +1 -1
- package/lib/types/custom_auth/get_account/auth_flow/result/GetAccountResult.d.ts.map +1 -1
- package/lib/types/custom_auth/get_account/auth_flow/result/SignOutResult.d.ts.map +1 -1
- package/lib/types/custom_auth/get_account/auth_flow/state/GetAccessTokenState.d.ts +8 -0
- package/lib/types/custom_auth/get_account/auth_flow/state/GetAccessTokenState.d.ts.map +1 -1
- package/lib/types/custom_auth/get_account/auth_flow/state/GetAccountState.d.ts +8 -0
- package/lib/types/custom_auth/get_account/auth_flow/state/GetAccountState.d.ts.map +1 -1
- package/lib/types/custom_auth/get_account/auth_flow/state/SignOutState.d.ts +8 -0
- package/lib/types/custom_auth/get_account/auth_flow/state/SignOutState.d.ts.map +1 -1
- package/lib/types/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.d.ts.map +1 -1
- package/lib/types/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.d.ts.map +1 -1
- package/lib/types/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.d.ts.map +1 -1
- package/lib/types/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.d.ts.map +1 -1
- package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts +4 -0
- package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.d.ts.map +1 -1
- package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.d.ts +4 -0
- package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.d.ts.map +1 -1
- package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.d.ts +4 -0
- package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.d.ts.map +1 -1
- package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts +4 -0
- package/lib/types/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_in/auth_flow/result/SignInResult.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts +4 -0
- package/lib/types/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_in/auth_flow/state/SignInCompletedState.d.ts +4 -0
- package/lib/types/custom_auth/sign_in/auth_flow/state/SignInCompletedState.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts +4 -0
- package/lib/types/custom_auth/sign_in/auth_flow/state/SignInContinuationState.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_in/auth_flow/state/SignInFailedState.d.ts +4 -0
- package/lib/types/custom_auth/sign_in/auth_flow/state/SignInFailedState.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts +4 -0
- package/lib/types/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_up/auth_flow/result/SignUpResult.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts +4 -0
- package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts +4 -0
- package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.d.ts +5 -1
- package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpFailedState.d.ts +4 -0
- package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpFailedState.d.ts.map +1 -1
- package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts +4 -0
- package/lib/types/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.d.ts.map +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/package.json +2 -2
- package/src/cache/BrowserCacheManager.ts +738 -225
- package/src/cache/CacheKeys.ts +3 -3
- package/src/cache/IWindowStorage.ts +2 -1
- package/src/cache/LocalStorage.ts +30 -17
- package/src/cache/TokenCache.ts +33 -12
- package/src/controllers/NestedAppAuthController.ts +3 -1
- package/src/controllers/StandardController.ts +3 -1
- package/src/custom_auth/core/auth_flow/AuthFlowState.ts +6 -1
- package/src/custom_auth/core/auth_flow/AuthFlowStateTypes.ts +60 -0
- package/src/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.ts +21 -8
- package/src/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.ts +15 -5
- package/src/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.ts +10 -1
- package/src/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.ts +10 -1
- package/src/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.ts +14 -0
- package/src/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.ts +12 -4
- package/src/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.ts +12 -4
- package/src/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.ts +7 -1
- package/src/custom_auth/core/auth_flow/mfa/state/MfaFailedState.ts +7 -1
- package/src/custom_auth/core/auth_flow/mfa/state/MfaState.ts +14 -0
- package/src/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.ts +6 -2
- package/src/custom_auth/get_account/auth_flow/result/GetAccountResult.ts +6 -2
- package/src/custom_auth/get_account/auth_flow/result/SignOutResult.ts +6 -2
- package/src/custom_auth/get_account/auth_flow/state/GetAccessTokenState.ts +16 -2
- package/src/custom_auth/get_account/auth_flow/state/GetAccountState.ts +16 -2
- package/src/custom_auth/get_account/auth_flow/state/SignOutState.ts +16 -2
- package/src/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.ts +6 -8
- package/src/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.ts +6 -2
- package/src/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.ts +8 -2
- package/src/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.ts +6 -2
- package/src/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.ts +6 -0
- package/src/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.ts +7 -1
- package/src/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.ts +7 -1
- package/src/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.ts +6 -0
- package/src/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.ts +6 -2
- package/src/custom_auth/sign_in/auth_flow/result/SignInResult.ts +17 -6
- package/src/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.ts +13 -4
- package/src/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.ts +13 -4
- package/src/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.ts +6 -0
- package/src/custom_auth/sign_in/auth_flow/state/SignInCompletedState.ts +7 -1
- package/src/custom_auth/sign_in/auth_flow/state/SignInContinuationState.ts +6 -0
- package/src/custom_auth/sign_in/auth_flow/state/SignInFailedState.ts +7 -1
- package/src/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.ts +6 -0
- package/src/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.ts +6 -6
- package/src/custom_auth/sign_up/auth_flow/result/SignUpResult.ts +10 -4
- package/src/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.ts +6 -2
- package/src/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.ts +10 -4
- package/src/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.ts +8 -3
- package/src/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.ts +6 -0
- package/src/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.ts +6 -0
- package/src/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.ts +8 -2
- package/src/custom_auth/sign_up/auth_flow/state/SignUpFailedState.ts +7 -1
- package/src/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.ts +6 -0
- package/src/interaction_client/PlatformAuthInteractionClient.ts +15 -5
- package/src/packageMetadata.ts +1 -1
package/lib/msal-browser.cjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-browser v4.
|
|
1
|
+
/*! @azure/msal-browser v4.26.0 2025-10-29 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
5
|
-
/*! @azure/msal-common v15.13.
|
|
5
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
6
6
|
/*
|
|
7
7
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
8
|
* Licensed under the MIT License.
|
|
@@ -279,7 +279,7 @@ const JsonWebTokenTypes = {
|
|
|
279
279
|
// Token renewal offset default in seconds
|
|
280
280
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
281
281
|
|
|
282
|
-
/*! @azure/msal-common v15.13.
|
|
282
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
283
283
|
/*
|
|
284
284
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
285
285
|
* Licensed under the MIT License.
|
|
@@ -296,7 +296,7 @@ var AuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
296
296
|
unexpectedError: unexpectedError
|
|
297
297
|
});
|
|
298
298
|
|
|
299
|
-
/*! @azure/msal-common v15.13.
|
|
299
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
300
300
|
|
|
301
301
|
/*
|
|
302
302
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -345,7 +345,7 @@ function createAuthError(code, additionalMessage) {
|
|
|
345
345
|
: AuthErrorMessages[code]);
|
|
346
346
|
}
|
|
347
347
|
|
|
348
|
-
/*! @azure/msal-common v15.13.
|
|
348
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
349
349
|
/*
|
|
350
350
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
351
351
|
* Licensed under the MIT License.
|
|
@@ -443,7 +443,7 @@ var ClientAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
443
443
|
userTimeoutReached: userTimeoutReached
|
|
444
444
|
});
|
|
445
445
|
|
|
446
|
-
/*! @azure/msal-common v15.13.
|
|
446
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
447
447
|
|
|
448
448
|
/*
|
|
449
449
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -695,7 +695,7 @@ function createClientAuthError(errorCode, additionalMessage) {
|
|
|
695
695
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
696
696
|
}
|
|
697
697
|
|
|
698
|
-
/*! @azure/msal-common v15.13.
|
|
698
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
699
699
|
|
|
700
700
|
/*
|
|
701
701
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -734,7 +734,7 @@ const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
|
734
734
|
},
|
|
735
735
|
};
|
|
736
736
|
|
|
737
|
-
/*! @azure/msal-common v15.13.
|
|
737
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
738
738
|
|
|
739
739
|
/*
|
|
740
740
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -925,12 +925,12 @@ class Logger {
|
|
|
925
925
|
}
|
|
926
926
|
}
|
|
927
927
|
|
|
928
|
-
/*! @azure/msal-common v15.13.
|
|
928
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
929
929
|
/* eslint-disable header/header */
|
|
930
930
|
const name$1 = "@azure/msal-common";
|
|
931
|
-
const version$1 = "15.13.
|
|
931
|
+
const version$1 = "15.13.1";
|
|
932
932
|
|
|
933
|
-
/*! @azure/msal-common v15.13.
|
|
933
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
934
934
|
/*
|
|
935
935
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
936
936
|
* Licensed under the MIT License.
|
|
@@ -950,7 +950,7 @@ const AzureCloudInstance = {
|
|
|
950
950
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
951
951
|
};
|
|
952
952
|
|
|
953
|
-
/*! @azure/msal-common v15.13.
|
|
953
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
954
954
|
/*
|
|
955
955
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
956
956
|
* Licensed under the MIT License.
|
|
@@ -1006,7 +1006,7 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
1006
1006
|
urlParseError: urlParseError
|
|
1007
1007
|
});
|
|
1008
1008
|
|
|
1009
|
-
/*! @azure/msal-common v15.13.
|
|
1009
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1010
1010
|
|
|
1011
1011
|
/*
|
|
1012
1012
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1149,7 +1149,7 @@ function createClientConfigurationError(errorCode) {
|
|
|
1149
1149
|
return new ClientConfigurationError(errorCode);
|
|
1150
1150
|
}
|
|
1151
1151
|
|
|
1152
|
-
/*! @azure/msal-common v15.13.
|
|
1152
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1153
1153
|
/*
|
|
1154
1154
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1155
1155
|
* Licensed under the MIT License.
|
|
@@ -1246,7 +1246,7 @@ class StringUtils {
|
|
|
1246
1246
|
}
|
|
1247
1247
|
}
|
|
1248
1248
|
|
|
1249
|
-
/*! @azure/msal-common v15.13.
|
|
1249
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1250
1250
|
|
|
1251
1251
|
/*
|
|
1252
1252
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1441,7 +1441,47 @@ class ScopeSet {
|
|
|
1441
1441
|
}
|
|
1442
1442
|
}
|
|
1443
1443
|
|
|
1444
|
-
/*! @azure/msal-common v15.13.
|
|
1444
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1445
|
+
|
|
1446
|
+
/*
|
|
1447
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1448
|
+
* Licensed under the MIT License.
|
|
1449
|
+
*/
|
|
1450
|
+
/**
|
|
1451
|
+
* Function to build a client info object from server clientInfo string
|
|
1452
|
+
* @param rawClientInfo
|
|
1453
|
+
* @param crypto
|
|
1454
|
+
*/
|
|
1455
|
+
function buildClientInfo(rawClientInfo, base64Decode) {
|
|
1456
|
+
if (!rawClientInfo) {
|
|
1457
|
+
throw createClientAuthError(clientInfoEmptyError);
|
|
1458
|
+
}
|
|
1459
|
+
try {
|
|
1460
|
+
const decodedClientInfo = base64Decode(rawClientInfo);
|
|
1461
|
+
return JSON.parse(decodedClientInfo);
|
|
1462
|
+
}
|
|
1463
|
+
catch (e) {
|
|
1464
|
+
throw createClientAuthError(clientInfoDecodingError);
|
|
1465
|
+
}
|
|
1466
|
+
}
|
|
1467
|
+
/**
|
|
1468
|
+
* Function to build a client info object from cached homeAccountId string
|
|
1469
|
+
* @param homeAccountId
|
|
1470
|
+
*/
|
|
1471
|
+
function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
1472
|
+
if (!homeAccountId) {
|
|
1473
|
+
throw createClientAuthError(clientInfoDecodingError);
|
|
1474
|
+
}
|
|
1475
|
+
const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2);
|
|
1476
|
+
return {
|
|
1477
|
+
uid: clientInfoParts[0],
|
|
1478
|
+
utid: clientInfoParts.length < 2
|
|
1479
|
+
? Constants.EMPTY_STRING
|
|
1480
|
+
: clientInfoParts[1],
|
|
1481
|
+
};
|
|
1482
|
+
}
|
|
1483
|
+
|
|
1484
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1445
1485
|
/*
|
|
1446
1486
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1447
1487
|
* Licensed under the MIT License.
|
|
@@ -1523,7 +1563,289 @@ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenC
|
|
|
1523
1563
|
return updatedAccountInfo;
|
|
1524
1564
|
}
|
|
1525
1565
|
|
|
1526
|
-
/*! @azure/msal-common v15.13.
|
|
1566
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1567
|
+
/*
|
|
1568
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1569
|
+
* Licensed under the MIT License.
|
|
1570
|
+
*/
|
|
1571
|
+
/**
|
|
1572
|
+
* Authority types supported by MSAL.
|
|
1573
|
+
*/
|
|
1574
|
+
const AuthorityType = {
|
|
1575
|
+
Default: 0,
|
|
1576
|
+
Adfs: 1,
|
|
1577
|
+
Dsts: 2,
|
|
1578
|
+
Ciam: 3,
|
|
1579
|
+
};
|
|
1580
|
+
|
|
1581
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1582
|
+
/*
|
|
1583
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1584
|
+
* Licensed under the MIT License.
|
|
1585
|
+
*/
|
|
1586
|
+
/**
|
|
1587
|
+
* Gets tenantId from available ID token claims to set as credential realm with the following precedence:
|
|
1588
|
+
* 1. tid - if the token is acquired from an Azure AD tenant tid will be present
|
|
1589
|
+
* 2. tfp - if the token is acquired from a modern B2C tenant tfp should be present
|
|
1590
|
+
* 3. acr - if the token is acquired from a legacy B2C tenant acr should be present
|
|
1591
|
+
* Downcased to match the realm case-insensitive comparison requirements
|
|
1592
|
+
* @param idTokenClaims
|
|
1593
|
+
* @returns
|
|
1594
|
+
*/
|
|
1595
|
+
function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
1596
|
+
if (idTokenClaims) {
|
|
1597
|
+
const tenantId = idTokenClaims.tid || idTokenClaims.tfp || idTokenClaims.acr;
|
|
1598
|
+
return tenantId || null;
|
|
1599
|
+
}
|
|
1600
|
+
return null;
|
|
1601
|
+
}
|
|
1602
|
+
|
|
1603
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1604
|
+
/*
|
|
1605
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1606
|
+
* Licensed under the MIT License.
|
|
1607
|
+
*/
|
|
1608
|
+
/**
|
|
1609
|
+
* Protocol modes supported by MSAL.
|
|
1610
|
+
*/
|
|
1611
|
+
const ProtocolMode = {
|
|
1612
|
+
/**
|
|
1613
|
+
* Auth Code + PKCE with Entra ID (formerly AAD) specific optimizations and features
|
|
1614
|
+
*/
|
|
1615
|
+
AAD: "AAD",
|
|
1616
|
+
/**
|
|
1617
|
+
* Auth Code + PKCE without Entra ID specific optimizations and features. For use only with non-Microsoft owned authorities.
|
|
1618
|
+
* Support is limited for this mode.
|
|
1619
|
+
*/
|
|
1620
|
+
OIDC: "OIDC",
|
|
1621
|
+
/**
|
|
1622
|
+
* Encrypted Authorize Response (EAR) with Entra ID specific optimizations and features
|
|
1623
|
+
*/
|
|
1624
|
+
EAR: "EAR",
|
|
1625
|
+
};
|
|
1626
|
+
|
|
1627
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1628
|
+
|
|
1629
|
+
/*
|
|
1630
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1631
|
+
* Licensed under the MIT License.
|
|
1632
|
+
*/
|
|
1633
|
+
/**
|
|
1634
|
+
* Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
|
|
1635
|
+
*
|
|
1636
|
+
* Key : Value Schema
|
|
1637
|
+
*
|
|
1638
|
+
* Key: <home_account_id>-<environment>-<realm*>
|
|
1639
|
+
*
|
|
1640
|
+
* Value Schema:
|
|
1641
|
+
* {
|
|
1642
|
+
* homeAccountId: home account identifier for the auth scheme,
|
|
1643
|
+
* environment: entity that issued the token, represented as a full host
|
|
1644
|
+
* realm: Full tenant or organizational identifier that the account belongs to
|
|
1645
|
+
* localAccountId: Original tenant-specific accountID, usually used for legacy cases
|
|
1646
|
+
* username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
|
|
1647
|
+
* authorityType: Accounts authority type as a string
|
|
1648
|
+
* name: Full name for the account, including given name and family name,
|
|
1649
|
+
* lastModificationTime: last time this entity was modified in the cache
|
|
1650
|
+
* lastModificationApp:
|
|
1651
|
+
* nativeAccountId: Account identifier on the native device
|
|
1652
|
+
* tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
|
|
1653
|
+
* }
|
|
1654
|
+
* @internal
|
|
1655
|
+
*/
|
|
1656
|
+
class AccountEntity {
|
|
1657
|
+
/**
|
|
1658
|
+
* Returns the AccountInfo interface for this account.
|
|
1659
|
+
*/
|
|
1660
|
+
static getAccountInfo(accountEntity) {
|
|
1661
|
+
return {
|
|
1662
|
+
homeAccountId: accountEntity.homeAccountId,
|
|
1663
|
+
environment: accountEntity.environment,
|
|
1664
|
+
tenantId: accountEntity.realm,
|
|
1665
|
+
username: accountEntity.username,
|
|
1666
|
+
localAccountId: accountEntity.localAccountId,
|
|
1667
|
+
loginHint: accountEntity.loginHint,
|
|
1668
|
+
name: accountEntity.name,
|
|
1669
|
+
nativeAccountId: accountEntity.nativeAccountId,
|
|
1670
|
+
authorityType: accountEntity.authorityType,
|
|
1671
|
+
// Deserialize tenant profiles array into a Map
|
|
1672
|
+
tenantProfiles: new Map((accountEntity.tenantProfiles || []).map((tenantProfile) => {
|
|
1673
|
+
return [tenantProfile.tenantId, tenantProfile];
|
|
1674
|
+
})),
|
|
1675
|
+
dataBoundary: accountEntity.dataBoundary,
|
|
1676
|
+
};
|
|
1677
|
+
}
|
|
1678
|
+
/**
|
|
1679
|
+
* Returns true if the account entity is in single tenant format (outdated), false otherwise
|
|
1680
|
+
*/
|
|
1681
|
+
isSingleTenant() {
|
|
1682
|
+
return !this.tenantProfiles;
|
|
1683
|
+
}
|
|
1684
|
+
/**
|
|
1685
|
+
* Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
|
|
1686
|
+
* @param accountDetails
|
|
1687
|
+
*/
|
|
1688
|
+
static createAccount(accountDetails, authority, base64Decode) {
|
|
1689
|
+
const account = new AccountEntity();
|
|
1690
|
+
if (authority.authorityType === AuthorityType.Adfs) {
|
|
1691
|
+
account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;
|
|
1692
|
+
}
|
|
1693
|
+
else if (authority.protocolMode === ProtocolMode.OIDC) {
|
|
1694
|
+
account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE;
|
|
1695
|
+
}
|
|
1696
|
+
else {
|
|
1697
|
+
account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
|
|
1698
|
+
}
|
|
1699
|
+
let clientInfo;
|
|
1700
|
+
if (accountDetails.clientInfo && base64Decode) {
|
|
1701
|
+
clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode);
|
|
1702
|
+
if (clientInfo.xms_tdbr) {
|
|
1703
|
+
account.dataBoundary =
|
|
1704
|
+
clientInfo.xms_tdbr === "EU" ? "EU" : "None";
|
|
1705
|
+
}
|
|
1706
|
+
}
|
|
1707
|
+
account.clientInfo = accountDetails.clientInfo;
|
|
1708
|
+
account.homeAccountId = accountDetails.homeAccountId;
|
|
1709
|
+
account.nativeAccountId = accountDetails.nativeAccountId;
|
|
1710
|
+
const env = accountDetails.environment ||
|
|
1711
|
+
(authority && authority.getPreferredCache());
|
|
1712
|
+
if (!env) {
|
|
1713
|
+
throw createClientAuthError(invalidCacheEnvironment);
|
|
1714
|
+
}
|
|
1715
|
+
account.environment = env;
|
|
1716
|
+
// non AAD scenarios can have empty realm
|
|
1717
|
+
account.realm =
|
|
1718
|
+
clientInfo?.utid ||
|
|
1719
|
+
getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||
|
|
1720
|
+
"";
|
|
1721
|
+
// How do you account for MSA CID here?
|
|
1722
|
+
account.localAccountId =
|
|
1723
|
+
clientInfo?.uid ||
|
|
1724
|
+
accountDetails.idTokenClaims?.oid ||
|
|
1725
|
+
accountDetails.idTokenClaims?.sub ||
|
|
1726
|
+
"";
|
|
1727
|
+
/*
|
|
1728
|
+
* In B2C scenarios the emails claim is used instead of preferred_username and it is an array.
|
|
1729
|
+
* In most cases it will contain a single email. This field should not be relied upon if a custom
|
|
1730
|
+
* policy is configured to return more than 1 email.
|
|
1731
|
+
*/
|
|
1732
|
+
const preferredUsername = accountDetails.idTokenClaims?.preferred_username ||
|
|
1733
|
+
accountDetails.idTokenClaims?.upn;
|
|
1734
|
+
const email = accountDetails.idTokenClaims?.emails
|
|
1735
|
+
? accountDetails.idTokenClaims.emails[0]
|
|
1736
|
+
: null;
|
|
1737
|
+
account.username = preferredUsername || email || "";
|
|
1738
|
+
account.loginHint = accountDetails.idTokenClaims?.login_hint;
|
|
1739
|
+
account.name = accountDetails.idTokenClaims?.name || "";
|
|
1740
|
+
account.cloudGraphHostName = accountDetails.cloudGraphHostName;
|
|
1741
|
+
account.msGraphHost = accountDetails.msGraphHost;
|
|
1742
|
+
if (accountDetails.tenantProfiles) {
|
|
1743
|
+
account.tenantProfiles = accountDetails.tenantProfiles;
|
|
1744
|
+
}
|
|
1745
|
+
else {
|
|
1746
|
+
const tenantProfile = buildTenantProfile(accountDetails.homeAccountId, account.localAccountId, account.realm, accountDetails.idTokenClaims);
|
|
1747
|
+
account.tenantProfiles = [tenantProfile];
|
|
1748
|
+
}
|
|
1749
|
+
return account;
|
|
1750
|
+
}
|
|
1751
|
+
/**
|
|
1752
|
+
* Creates an AccountEntity object from AccountInfo
|
|
1753
|
+
* @param accountInfo
|
|
1754
|
+
* @param cloudGraphHostName
|
|
1755
|
+
* @param msGraphHost
|
|
1756
|
+
* @returns
|
|
1757
|
+
*/
|
|
1758
|
+
static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {
|
|
1759
|
+
const account = new AccountEntity();
|
|
1760
|
+
account.authorityType =
|
|
1761
|
+
accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;
|
|
1762
|
+
account.homeAccountId = accountInfo.homeAccountId;
|
|
1763
|
+
account.localAccountId = accountInfo.localAccountId;
|
|
1764
|
+
account.nativeAccountId = accountInfo.nativeAccountId;
|
|
1765
|
+
account.realm = accountInfo.tenantId;
|
|
1766
|
+
account.environment = accountInfo.environment;
|
|
1767
|
+
account.username = accountInfo.username;
|
|
1768
|
+
account.name = accountInfo.name;
|
|
1769
|
+
account.loginHint = accountInfo.loginHint;
|
|
1770
|
+
account.cloudGraphHostName = cloudGraphHostName;
|
|
1771
|
+
account.msGraphHost = msGraphHost;
|
|
1772
|
+
// Serialize tenant profiles map into an array
|
|
1773
|
+
account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
|
|
1774
|
+
account.dataBoundary = accountInfo.dataBoundary;
|
|
1775
|
+
return account;
|
|
1776
|
+
}
|
|
1777
|
+
/**
|
|
1778
|
+
* Generate HomeAccountId from server response
|
|
1779
|
+
* @param serverClientInfo
|
|
1780
|
+
* @param authType
|
|
1781
|
+
*/
|
|
1782
|
+
static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) {
|
|
1783
|
+
// since ADFS/DSTS do not have tid and does not set client_info
|
|
1784
|
+
if (!(authType === AuthorityType.Adfs ||
|
|
1785
|
+
authType === AuthorityType.Dsts)) {
|
|
1786
|
+
// for cases where there is clientInfo
|
|
1787
|
+
if (serverClientInfo) {
|
|
1788
|
+
try {
|
|
1789
|
+
const clientInfo = buildClientInfo(serverClientInfo, cryptoObj.base64Decode);
|
|
1790
|
+
if (clientInfo.uid && clientInfo.utid) {
|
|
1791
|
+
return `${clientInfo.uid}.${clientInfo.utid}`;
|
|
1792
|
+
}
|
|
1793
|
+
}
|
|
1794
|
+
catch (e) { }
|
|
1795
|
+
}
|
|
1796
|
+
logger.warning("No client info in response");
|
|
1797
|
+
}
|
|
1798
|
+
// default to "sub" claim
|
|
1799
|
+
return idTokenClaims?.sub || "";
|
|
1800
|
+
}
|
|
1801
|
+
/**
|
|
1802
|
+
* Validates an entity: checks for all expected params
|
|
1803
|
+
* @param entity
|
|
1804
|
+
*/
|
|
1805
|
+
static isAccountEntity(entity) {
|
|
1806
|
+
if (!entity) {
|
|
1807
|
+
return false;
|
|
1808
|
+
}
|
|
1809
|
+
return (entity.hasOwnProperty("homeAccountId") &&
|
|
1810
|
+
entity.hasOwnProperty("environment") &&
|
|
1811
|
+
entity.hasOwnProperty("realm") &&
|
|
1812
|
+
entity.hasOwnProperty("localAccountId") &&
|
|
1813
|
+
entity.hasOwnProperty("username") &&
|
|
1814
|
+
entity.hasOwnProperty("authorityType"));
|
|
1815
|
+
}
|
|
1816
|
+
/**
|
|
1817
|
+
* Helper function to determine whether 2 accountInfo objects represent the same account
|
|
1818
|
+
* @param accountA
|
|
1819
|
+
* @param accountB
|
|
1820
|
+
* @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
|
|
1821
|
+
*/
|
|
1822
|
+
static accountInfoIsEqual(accountA, accountB, compareClaims) {
|
|
1823
|
+
if (!accountA || !accountB) {
|
|
1824
|
+
return false;
|
|
1825
|
+
}
|
|
1826
|
+
let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false
|
|
1827
|
+
if (compareClaims) {
|
|
1828
|
+
const accountAClaims = (accountA.idTokenClaims ||
|
|
1829
|
+
{});
|
|
1830
|
+
const accountBClaims = (accountB.idTokenClaims ||
|
|
1831
|
+
{});
|
|
1832
|
+
// issued at timestamp and nonce are expected to change each time a new id token is acquired
|
|
1833
|
+
claimsMatch =
|
|
1834
|
+
accountAClaims.iat === accountBClaims.iat &&
|
|
1835
|
+
accountAClaims.nonce === accountBClaims.nonce;
|
|
1836
|
+
}
|
|
1837
|
+
return (accountA.homeAccountId === accountB.homeAccountId &&
|
|
1838
|
+
accountA.localAccountId === accountB.localAccountId &&
|
|
1839
|
+
accountA.username === accountB.username &&
|
|
1840
|
+
accountA.tenantId === accountB.tenantId &&
|
|
1841
|
+
accountA.loginHint === accountB.loginHint &&
|
|
1842
|
+
accountA.environment === accountB.environment &&
|
|
1843
|
+
accountA.nativeAccountId === accountB.nativeAccountId &&
|
|
1844
|
+
claimsMatch);
|
|
1845
|
+
}
|
|
1846
|
+
}
|
|
1847
|
+
|
|
1848
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1527
1849
|
|
|
1528
1850
|
/*
|
|
1529
1851
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1546,6 +1868,26 @@ function extractTokenClaims(encodedToken, base64Decode) {
|
|
|
1546
1868
|
throw createClientAuthError(tokenParsingError);
|
|
1547
1869
|
}
|
|
1548
1870
|
}
|
|
1871
|
+
/**
|
|
1872
|
+
* Check if the signin_state claim contains "kmsi"
|
|
1873
|
+
* @param idTokenClaims
|
|
1874
|
+
* @returns
|
|
1875
|
+
*/
|
|
1876
|
+
function isKmsi(idTokenClaims) {
|
|
1877
|
+
if (!idTokenClaims.signin_state) {
|
|
1878
|
+
return false;
|
|
1879
|
+
}
|
|
1880
|
+
/**
|
|
1881
|
+
* Signin_state claim known values:
|
|
1882
|
+
* dvc_mngd - device is managed
|
|
1883
|
+
* dvc_dmjd - device is domain joined
|
|
1884
|
+
* kmsi - user opted to "keep me signed in"
|
|
1885
|
+
* inknownntwk - Request made inside a known network. Don't use this, use CAE instead.
|
|
1886
|
+
*/
|
|
1887
|
+
const kmsiClaims = ["kmsi", "dvc_dmjd"]; // There are some cases where kmsi may not be returned but persistent storage is still OK - allow dvc_dmjd as well
|
|
1888
|
+
const kmsi = idTokenClaims.signin_state.some((value) => kmsiClaims.includes(value.trim().toLowerCase()));
|
|
1889
|
+
return kmsi;
|
|
1890
|
+
}
|
|
1549
1891
|
/**
|
|
1550
1892
|
* decode a JWT
|
|
1551
1893
|
*
|
|
@@ -1584,7 +1926,7 @@ function checkMaxAge(authTime, maxAge) {
|
|
|
1584
1926
|
}
|
|
1585
1927
|
}
|
|
1586
1928
|
|
|
1587
|
-
/*! @azure/msal-common v15.13.
|
|
1929
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1588
1930
|
|
|
1589
1931
|
/*
|
|
1590
1932
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1700,7 +2042,7 @@ function normalizeUrlForComparison(url) {
|
|
|
1700
2042
|
}
|
|
1701
2043
|
}
|
|
1702
2044
|
|
|
1703
|
-
/*! @azure/msal-common v15.13.
|
|
2045
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1704
2046
|
|
|
1705
2047
|
/*
|
|
1706
2048
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1864,7 +2206,7 @@ class UrlString {
|
|
|
1864
2206
|
}
|
|
1865
2207
|
}
|
|
1866
2208
|
|
|
1867
|
-
/*! @azure/msal-common v15.13.
|
|
2209
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
1868
2210
|
|
|
1869
2211
|
/*
|
|
1870
2212
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2003,7 +2345,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2003
2345
|
return null;
|
|
2004
2346
|
}
|
|
2005
2347
|
|
|
2006
|
-
/*! @azure/msal-common v15.13.
|
|
2348
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
2007
2349
|
/*
|
|
2008
2350
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2009
2351
|
* Licensed under the MIT License.
|
|
@@ -2011,7 +2353,7 @@ function getCloudDiscoveryMetadataFromNetworkResponse(response, authorityHost) {
|
|
|
2011
2353
|
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
2012
2354
|
const cacheErrorUnknown = "cache_error_unknown";
|
|
2013
2355
|
|
|
2014
|
-
/*! @azure/msal-common v15.13.
|
|
2356
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
2015
2357
|
|
|
2016
2358
|
/*
|
|
2017
2359
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2056,7 +2398,7 @@ function createCacheError(e) {
|
|
|
2056
2398
|
}
|
|
2057
2399
|
}
|
|
2058
2400
|
|
|
2059
|
-
/*! @azure/msal-common v15.13.
|
|
2401
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
2060
2402
|
|
|
2061
2403
|
/*
|
|
2062
2404
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2115,7 +2457,7 @@ class CacheManager {
|
|
|
2115
2457
|
getBaseAccountInfo(accountFilter, correlationId) {
|
|
2116
2458
|
const accountEntities = this.getAccountsFilteredBy(accountFilter, correlationId);
|
|
2117
2459
|
if (accountEntities.length > 0) {
|
|
2118
|
-
return accountEntities[0]
|
|
2460
|
+
return AccountEntity.getAccountInfo(accountEntities[0]);
|
|
2119
2461
|
}
|
|
2120
2462
|
else {
|
|
2121
2463
|
return null;
|
|
@@ -2154,7 +2496,7 @@ class CacheManager {
|
|
|
2154
2496
|
return tenantedAccountInfo;
|
|
2155
2497
|
}
|
|
2156
2498
|
getTenantProfilesFromAccountEntity(accountEntity, correlationId, targetTenantId, tenantProfileFilter) {
|
|
2157
|
-
const accountInfo =
|
|
2499
|
+
const accountInfo = AccountEntity.getAccountInfo(accountEntity);
|
|
2158
2500
|
let searchTenantProfiles = accountInfo.tenantProfiles || new Map();
|
|
2159
2501
|
const tokenKeys = this.getTokenKeys();
|
|
2160
2502
|
// If a tenant ID was provided, only return the tenant profile for that tenant ID if it exists
|
|
@@ -2224,27 +2566,28 @@ class CacheManager {
|
|
|
2224
2566
|
/**
|
|
2225
2567
|
* saves a cache record
|
|
2226
2568
|
* @param cacheRecord {CacheRecord}
|
|
2227
|
-
* @param storeInCache {?StoreInCache}
|
|
2228
2569
|
* @param correlationId {?string} correlation id
|
|
2570
|
+
* @param kmsi - Keep Me Signed In
|
|
2571
|
+
* @param storeInCache {?StoreInCache}
|
|
2229
2572
|
*/
|
|
2230
|
-
async saveCacheRecord(cacheRecord, correlationId, storeInCache) {
|
|
2573
|
+
async saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache) {
|
|
2231
2574
|
if (!cacheRecord) {
|
|
2232
2575
|
throw createClientAuthError(invalidCacheRecord);
|
|
2233
2576
|
}
|
|
2234
2577
|
try {
|
|
2235
2578
|
if (!!cacheRecord.account) {
|
|
2236
|
-
await this.setAccount(cacheRecord.account, correlationId);
|
|
2579
|
+
await this.setAccount(cacheRecord.account, correlationId, kmsi);
|
|
2237
2580
|
}
|
|
2238
2581
|
if (!!cacheRecord.idToken && storeInCache?.idToken !== false) {
|
|
2239
|
-
await this.setIdTokenCredential(cacheRecord.idToken, correlationId);
|
|
2582
|
+
await this.setIdTokenCredential(cacheRecord.idToken, correlationId, kmsi);
|
|
2240
2583
|
}
|
|
2241
2584
|
if (!!cacheRecord.accessToken &&
|
|
2242
2585
|
storeInCache?.accessToken !== false) {
|
|
2243
|
-
await this.saveAccessToken(cacheRecord.accessToken, correlationId);
|
|
2586
|
+
await this.saveAccessToken(cacheRecord.accessToken, correlationId, kmsi);
|
|
2244
2587
|
}
|
|
2245
2588
|
if (!!cacheRecord.refreshToken &&
|
|
2246
2589
|
storeInCache?.refreshToken !== false) {
|
|
2247
|
-
await this.setRefreshTokenCredential(cacheRecord.refreshToken, correlationId);
|
|
2590
|
+
await this.setRefreshTokenCredential(cacheRecord.refreshToken, correlationId, kmsi);
|
|
2248
2591
|
}
|
|
2249
2592
|
if (!!cacheRecord.appMetadata) {
|
|
2250
2593
|
this.setAppMetadata(cacheRecord.appMetadata, correlationId);
|
|
@@ -2264,7 +2607,7 @@ class CacheManager {
|
|
|
2264
2607
|
* saves access token credential
|
|
2265
2608
|
* @param credential
|
|
2266
2609
|
*/
|
|
2267
|
-
async saveAccessToken(credential, correlationId) {
|
|
2610
|
+
async saveAccessToken(credential, correlationId, kmsi) {
|
|
2268
2611
|
const accessTokenFilter = {
|
|
2269
2612
|
clientId: credential.clientId,
|
|
2270
2613
|
credentialType: credential.credentialType,
|
|
@@ -2289,7 +2632,7 @@ class CacheManager {
|
|
|
2289
2632
|
}
|
|
2290
2633
|
}
|
|
2291
2634
|
});
|
|
2292
|
-
await this.setAccessTokenCredential(credential, correlationId);
|
|
2635
|
+
await this.setAccessTokenCredential(credential, correlationId, kmsi);
|
|
2293
2636
|
}
|
|
2294
2637
|
/**
|
|
2295
2638
|
* Retrieve account entities matching all provided tenant-agnostic filters; if no filter is set, get all account entities in the cache
|
|
@@ -3165,31 +3508,7 @@ class DefaultStorageClass extends CacheManager {
|
|
|
3165
3508
|
}
|
|
3166
3509
|
}
|
|
3167
3510
|
|
|
3168
|
-
/*! @azure/msal-common v15.13.
|
|
3169
|
-
/*
|
|
3170
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3171
|
-
* Licensed under the MIT License.
|
|
3172
|
-
*/
|
|
3173
|
-
/**
|
|
3174
|
-
* Protocol modes supported by MSAL.
|
|
3175
|
-
*/
|
|
3176
|
-
const ProtocolMode = {
|
|
3177
|
-
/**
|
|
3178
|
-
* Auth Code + PKCE with Entra ID (formerly AAD) specific optimizations and features
|
|
3179
|
-
*/
|
|
3180
|
-
AAD: "AAD",
|
|
3181
|
-
/**
|
|
3182
|
-
* Auth Code + PKCE without Entra ID specific optimizations and features. For use only with non-Microsoft owned authorities.
|
|
3183
|
-
* Support is limited for this mode.
|
|
3184
|
-
*/
|
|
3185
|
-
OIDC: "OIDC",
|
|
3186
|
-
/**
|
|
3187
|
-
* Encrypted Authorize Response (EAR) with Entra ID specific optimizations and features
|
|
3188
|
-
*/
|
|
3189
|
-
EAR: "EAR",
|
|
3190
|
-
};
|
|
3191
|
-
|
|
3192
|
-
/*! @azure/msal-common v15.13.0 2025-10-09 */
|
|
3511
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
3193
3512
|
/*
|
|
3194
3513
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3195
3514
|
* Licensed under the MIT License.
|
|
@@ -3711,7 +4030,7 @@ const IntFields = new Set([
|
|
|
3711
4030
|
"upgradedCacheCount",
|
|
3712
4031
|
]);
|
|
3713
4032
|
|
|
3714
|
-
/*! @azure/msal-common v15.13.
|
|
4033
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
3715
4034
|
|
|
3716
4035
|
/*
|
|
3717
4036
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3790,7 +4109,7 @@ class StubPerformanceClient {
|
|
|
3790
4109
|
}
|
|
3791
4110
|
}
|
|
3792
4111
|
|
|
3793
|
-
/*! @azure/msal-common v15.13.
|
|
4112
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
3794
4113
|
|
|
3795
4114
|
/*
|
|
3796
4115
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3868,79 +4187,39 @@ function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions:
|
|
|
3868
4187
|
serializableCache: serializableCache || null,
|
|
3869
4188
|
};
|
|
3870
4189
|
}
|
|
3871
|
-
/**
|
|
3872
|
-
* Construct authoptions from the client and platform passed values
|
|
3873
|
-
* @param authOptions
|
|
3874
|
-
*/
|
|
3875
|
-
function buildAuthOptions(authOptions) {
|
|
3876
|
-
return {
|
|
3877
|
-
clientCapabilities: [],
|
|
3878
|
-
azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
|
|
3879
|
-
skipAuthorityMetadataCache: false,
|
|
3880
|
-
instanceAware: false,
|
|
3881
|
-
encodeExtraQueryParams: false,
|
|
3882
|
-
...authOptions,
|
|
3883
|
-
};
|
|
3884
|
-
}
|
|
3885
|
-
/**
|
|
3886
|
-
* Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise
|
|
3887
|
-
* @param ClientConfiguration
|
|
3888
|
-
*/
|
|
3889
|
-
function isOidcProtocolMode(config) {
|
|
3890
|
-
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3891
|
-
}
|
|
3892
|
-
|
|
3893
|
-
/*! @azure/msal-common v15.13.0 2025-10-09 */
|
|
3894
|
-
/*
|
|
3895
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3896
|
-
* Licensed under the MIT License.
|
|
3897
|
-
*/
|
|
3898
|
-
const CcsCredentialType = {
|
|
3899
|
-
HOME_ACCOUNT_ID: "home_account_id",
|
|
3900
|
-
UPN: "UPN",
|
|
3901
|
-
};
|
|
3902
|
-
|
|
3903
|
-
/*! @azure/msal-common v15.13.0 2025-10-09 */
|
|
3904
|
-
|
|
3905
|
-
/*
|
|
3906
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3907
|
-
* Licensed under the MIT License.
|
|
3908
|
-
*/
|
|
3909
|
-
/**
|
|
3910
|
-
* Function to build a client info object from server clientInfo string
|
|
3911
|
-
* @param rawClientInfo
|
|
3912
|
-
* @param crypto
|
|
3913
|
-
*/
|
|
3914
|
-
function buildClientInfo(rawClientInfo, base64Decode) {
|
|
3915
|
-
if (!rawClientInfo) {
|
|
3916
|
-
throw createClientAuthError(clientInfoEmptyError);
|
|
3917
|
-
}
|
|
3918
|
-
try {
|
|
3919
|
-
const decodedClientInfo = base64Decode(rawClientInfo);
|
|
3920
|
-
return JSON.parse(decodedClientInfo);
|
|
3921
|
-
}
|
|
3922
|
-
catch (e) {
|
|
3923
|
-
throw createClientAuthError(clientInfoDecodingError);
|
|
3924
|
-
}
|
|
3925
|
-
}
|
|
3926
|
-
/**
|
|
3927
|
-
* Function to build a client info object from cached homeAccountId string
|
|
3928
|
-
* @param homeAccountId
|
|
4190
|
+
/**
|
|
4191
|
+
* Construct authoptions from the client and platform passed values
|
|
4192
|
+
* @param authOptions
|
|
3929
4193
|
*/
|
|
3930
|
-
function
|
|
3931
|
-
if (!homeAccountId) {
|
|
3932
|
-
throw createClientAuthError(clientInfoDecodingError);
|
|
3933
|
-
}
|
|
3934
|
-
const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2);
|
|
4194
|
+
function buildAuthOptions(authOptions) {
|
|
3935
4195
|
return {
|
|
3936
|
-
|
|
3937
|
-
|
|
3938
|
-
|
|
3939
|
-
|
|
4196
|
+
clientCapabilities: [],
|
|
4197
|
+
azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
|
|
4198
|
+
skipAuthorityMetadataCache: false,
|
|
4199
|
+
instanceAware: false,
|
|
4200
|
+
encodeExtraQueryParams: false,
|
|
4201
|
+
...authOptions,
|
|
3940
4202
|
};
|
|
4203
|
+
}
|
|
4204
|
+
/**
|
|
4205
|
+
* Returns true if config has protocolMode set to ProtocolMode.OIDC, false otherwise
|
|
4206
|
+
* @param ClientConfiguration
|
|
4207
|
+
*/
|
|
4208
|
+
function isOidcProtocolMode(config) {
|
|
4209
|
+
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3941
4210
|
}
|
|
3942
4211
|
|
|
3943
|
-
/*! @azure/msal-common v15.13.
|
|
4212
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
4213
|
+
/*
|
|
4214
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4215
|
+
* Licensed under the MIT License.
|
|
4216
|
+
*/
|
|
4217
|
+
const CcsCredentialType = {
|
|
4218
|
+
HOME_ACCOUNT_ID: "home_account_id",
|
|
4219
|
+
UPN: "UPN",
|
|
4220
|
+
};
|
|
4221
|
+
|
|
4222
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
3944
4223
|
/*
|
|
3945
4224
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3946
4225
|
* Licensed under the MIT License.
|
|
@@ -3990,7 +4269,7 @@ const INSTANCE_AWARE = "instance_aware";
|
|
|
3990
4269
|
const EAR_JWK = "ear_jwk";
|
|
3991
4270
|
const EAR_JWE_CRYPTO = "ear_jwe_crypto";
|
|
3992
4271
|
|
|
3993
|
-
/*! @azure/msal-common v15.13.
|
|
4272
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
3994
4273
|
|
|
3995
4274
|
/*
|
|
3996
4275
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4370,22 +4649,7 @@ function addPostBodyParameters(parameters, bodyParameters) {
|
|
|
4370
4649
|
});
|
|
4371
4650
|
}
|
|
4372
4651
|
|
|
4373
|
-
/*! @azure/msal-common v15.13.
|
|
4374
|
-
/*
|
|
4375
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4376
|
-
* Licensed under the MIT License.
|
|
4377
|
-
*/
|
|
4378
|
-
/**
|
|
4379
|
-
* Authority types supported by MSAL.
|
|
4380
|
-
*/
|
|
4381
|
-
const AuthorityType = {
|
|
4382
|
-
Default: 0,
|
|
4383
|
-
Adfs: 1,
|
|
4384
|
-
Dsts: 2,
|
|
4385
|
-
Ciam: 3,
|
|
4386
|
-
};
|
|
4387
|
-
|
|
4388
|
-
/*! @azure/msal-common v15.13.0 2025-10-09 */
|
|
4652
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
4389
4653
|
/*
|
|
4390
4654
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4391
4655
|
* Licensed under the MIT License.
|
|
@@ -4397,7 +4661,7 @@ function isOpenIdConfigResponse(response) {
|
|
|
4397
4661
|
response.hasOwnProperty("jwks_uri"));
|
|
4398
4662
|
}
|
|
4399
4663
|
|
|
4400
|
-
/*! @azure/msal-common v15.13.
|
|
4664
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
4401
4665
|
/*
|
|
4402
4666
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4403
4667
|
* Licensed under the MIT License.
|
|
@@ -4407,7 +4671,7 @@ function isCloudInstanceDiscoveryResponse(response) {
|
|
|
4407
4671
|
response.hasOwnProperty("metadata"));
|
|
4408
4672
|
}
|
|
4409
4673
|
|
|
4410
|
-
/*! @azure/msal-common v15.13.
|
|
4674
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
4411
4675
|
/*
|
|
4412
4676
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4413
4677
|
* Licensed under the MIT License.
|
|
@@ -4417,7 +4681,7 @@ function isCloudInstanceDiscoveryErrorResponse(response) {
|
|
|
4417
4681
|
response.hasOwnProperty("error_description"));
|
|
4418
4682
|
}
|
|
4419
4683
|
|
|
4420
|
-
/*! @azure/msal-common v15.13.
|
|
4684
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
4421
4685
|
/*
|
|
4422
4686
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4423
4687
|
* Licensed under the MIT License.
|
|
@@ -4513,7 +4777,7 @@ const invokeAsync = (callback, eventName, logger, telemetryClient, correlationId
|
|
|
4513
4777
|
};
|
|
4514
4778
|
};
|
|
4515
4779
|
|
|
4516
|
-
/*! @azure/msal-common v15.13.
|
|
4780
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
4517
4781
|
|
|
4518
4782
|
/*
|
|
4519
4783
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4619,7 +4883,7 @@ RegionDiscovery.IMDS_OPTIONS = {
|
|
|
4619
4883
|
},
|
|
4620
4884
|
};
|
|
4621
4885
|
|
|
4622
|
-
/*! @azure/msal-common v15.13.
|
|
4886
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
4623
4887
|
/*
|
|
4624
4888
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4625
4889
|
* Licensed under the MIT License.
|
|
@@ -4684,7 +4948,7 @@ function wasClockTurnedBack(cachedAt) {
|
|
|
4684
4948
|
return cachedAtSec > nowSeconds();
|
|
4685
4949
|
}
|
|
4686
4950
|
|
|
4687
|
-
/*! @azure/msal-common v15.13.
|
|
4951
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
4688
4952
|
|
|
4689
4953
|
/*
|
|
4690
4954
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4946,7 +5210,7 @@ function isAuthorityMetadataExpired(metadata) {
|
|
|
4946
5210
|
return metadata.expiresAt <= nowSeconds();
|
|
4947
5211
|
}
|
|
4948
5212
|
|
|
4949
|
-
/*! @azure/msal-common v15.13.
|
|
5213
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
4950
5214
|
|
|
4951
5215
|
/*
|
|
4952
5216
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5785,7 +6049,7 @@ function buildStaticAuthorityOptions(authOptions) {
|
|
|
5785
6049
|
};
|
|
5786
6050
|
}
|
|
5787
6051
|
|
|
5788
|
-
/*! @azure/msal-common v15.13.
|
|
6052
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
5789
6053
|
|
|
5790
6054
|
/*
|
|
5791
6055
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5816,7 +6080,7 @@ async function createDiscoveredInstance(authorityUri, networkClient, cacheManage
|
|
|
5816
6080
|
}
|
|
5817
6081
|
}
|
|
5818
6082
|
|
|
5819
|
-
/*! @azure/msal-common v15.13.
|
|
6083
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
5820
6084
|
|
|
5821
6085
|
/*
|
|
5822
6086
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5835,7 +6099,7 @@ class ServerError extends AuthError {
|
|
|
5835
6099
|
}
|
|
5836
6100
|
}
|
|
5837
6101
|
|
|
5838
|
-
/*! @azure/msal-common v15.13.
|
|
6102
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
5839
6103
|
/*
|
|
5840
6104
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5841
6105
|
* Licensed under the MIT License.
|
|
@@ -5856,7 +6120,7 @@ function getRequestThumbprint(clientId, request, homeAccountId) {
|
|
|
5856
6120
|
};
|
|
5857
6121
|
}
|
|
5858
6122
|
|
|
5859
|
-
/*! @azure/msal-common v15.13.
|
|
6123
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
5860
6124
|
|
|
5861
6125
|
/*
|
|
5862
6126
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5943,7 +6207,7 @@ class ThrottlingUtils {
|
|
|
5943
6207
|
}
|
|
5944
6208
|
}
|
|
5945
6209
|
|
|
5946
|
-
/*! @azure/msal-common v15.13.
|
|
6210
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
5947
6211
|
|
|
5948
6212
|
/*
|
|
5949
6213
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5974,7 +6238,7 @@ function createNetworkError(error, httpStatus, responseHeaders, additionalError)
|
|
|
5974
6238
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
5975
6239
|
}
|
|
5976
6240
|
|
|
5977
|
-
/*! @azure/msal-common v15.13.
|
|
6241
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
5978
6242
|
|
|
5979
6243
|
/*
|
|
5980
6244
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6044,328 +6308,85 @@ class BaseClient {
|
|
|
6044
6308
|
response.status < 500 &&
|
|
6045
6309
|
response.status !== 429) {
|
|
6046
6310
|
// Telemetry data successfully logged by server, clear Telemetry cache
|
|
6047
|
-
this.config.serverTelemetryManager.clearTelemetryCache();
|
|
6048
|
-
}
|
|
6049
|
-
return response;
|
|
6050
|
-
}
|
|
6051
|
-
/**
|
|
6052
|
-
* Wraps sendPostRequestAsync with necessary preflight and postflight logic
|
|
6053
|
-
* @param thumbprint - Request thumbprint for throttling
|
|
6054
|
-
* @param tokenEndpoint - Endpoint to make the POST to
|
|
6055
|
-
* @param options - Body and Headers to include on the POST request
|
|
6056
|
-
* @param correlationId - CorrelationId for telemetry
|
|
6057
|
-
*/
|
|
6058
|
-
async sendPostRequest(thumbprint, tokenEndpoint, options, correlationId) {
|
|
6059
|
-
ThrottlingUtils.preProcess(this.cacheManager, thumbprint, correlationId);
|
|
6060
|
-
let response;
|
|
6061
|
-
try {
|
|
6062
|
-
response = await invokeAsync((this.networkClient.sendPostRequestAsync.bind(this.networkClient)), PerformanceEvents.NetworkClientSendPostRequestAsync, this.logger, this.performanceClient, correlationId)(tokenEndpoint, options);
|
|
6063
|
-
const responseHeaders = response.headers || {};
|
|
6064
|
-
this.performanceClient?.addFields({
|
|
6065
|
-
refreshTokenSize: response.body.refresh_token?.length || 0,
|
|
6066
|
-
httpVerToken: responseHeaders[HeaderNames.X_MS_HTTP_VERSION] || "",
|
|
6067
|
-
requestId: responseHeaders[HeaderNames.X_MS_REQUEST_ID] || "",
|
|
6068
|
-
}, correlationId);
|
|
6069
|
-
}
|
|
6070
|
-
catch (e) {
|
|
6071
|
-
if (e instanceof NetworkError) {
|
|
6072
|
-
const responseHeaders = e.responseHeaders;
|
|
6073
|
-
if (responseHeaders) {
|
|
6074
|
-
this.performanceClient?.addFields({
|
|
6075
|
-
httpVerToken: responseHeaders[HeaderNames.X_MS_HTTP_VERSION] || "",
|
|
6076
|
-
requestId: responseHeaders[HeaderNames.X_MS_REQUEST_ID] ||
|
|
6077
|
-
"",
|
|
6078
|
-
contentTypeHeader: responseHeaders[HeaderNames.CONTENT_TYPE] ||
|
|
6079
|
-
undefined,
|
|
6080
|
-
contentLengthHeader: responseHeaders[HeaderNames.CONTENT_LENGTH] ||
|
|
6081
|
-
undefined,
|
|
6082
|
-
httpStatus: e.httpStatus,
|
|
6083
|
-
}, correlationId);
|
|
6084
|
-
}
|
|
6085
|
-
throw e.error;
|
|
6086
|
-
}
|
|
6087
|
-
if (e instanceof AuthError) {
|
|
6088
|
-
throw e;
|
|
6089
|
-
}
|
|
6090
|
-
else {
|
|
6091
|
-
throw createClientAuthError(networkError);
|
|
6092
|
-
}
|
|
6093
|
-
}
|
|
6094
|
-
ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response, correlationId);
|
|
6095
|
-
return response;
|
|
6096
|
-
}
|
|
6097
|
-
/**
|
|
6098
|
-
* Updates the authority object of the client. Endpoint discovery must be completed.
|
|
6099
|
-
* @param updatedAuthority
|
|
6100
|
-
*/
|
|
6101
|
-
async updateAuthority(cloudInstanceHostname, correlationId) {
|
|
6102
|
-
this.performanceClient?.addQueueMeasurement(PerformanceEvents.UpdateTokenEndpointAuthority, correlationId);
|
|
6103
|
-
const cloudInstanceAuthorityUri = `https://${cloudInstanceHostname}/${this.authority.tenant}/`;
|
|
6104
|
-
const cloudInstanceAuthority = await createDiscoveredInstance(cloudInstanceAuthorityUri, this.networkClient, this.cacheManager, this.authority.options, this.logger, correlationId, this.performanceClient);
|
|
6105
|
-
this.authority = cloudInstanceAuthority;
|
|
6106
|
-
}
|
|
6107
|
-
/**
|
|
6108
|
-
* Creates query string for the /token request
|
|
6109
|
-
* @param request
|
|
6110
|
-
*/
|
|
6111
|
-
createTokenQueryParameters(request) {
|
|
6112
|
-
const parameters = new Map();
|
|
6113
|
-
if (request.embeddedClientId) {
|
|
6114
|
-
addBrokerParameters(parameters, this.config.authOptions.clientId, this.config.authOptions.redirectUri);
|
|
6115
|
-
}
|
|
6116
|
-
if (request.tokenQueryParameters) {
|
|
6117
|
-
addExtraQueryParameters(parameters, request.tokenQueryParameters);
|
|
6118
|
-
}
|
|
6119
|
-
addCorrelationId(parameters, request.correlationId);
|
|
6120
|
-
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
6121
|
-
return mapToQueryString(parameters);
|
|
6122
|
-
}
|
|
6123
|
-
}
|
|
6124
|
-
|
|
6125
|
-
/*! @azure/msal-common v15.13.0 2025-10-09 */
|
|
6126
|
-
/*
|
|
6127
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6128
|
-
* Licensed under the MIT License.
|
|
6129
|
-
*/
|
|
6130
|
-
/**
|
|
6131
|
-
* Gets tenantId from available ID token claims to set as credential realm with the following precedence:
|
|
6132
|
-
* 1. tid - if the token is acquired from an Azure AD tenant tid will be present
|
|
6133
|
-
* 2. tfp - if the token is acquired from a modern B2C tenant tfp should be present
|
|
6134
|
-
* 3. acr - if the token is acquired from a legacy B2C tenant acr should be present
|
|
6135
|
-
* Downcased to match the realm case-insensitive comparison requirements
|
|
6136
|
-
* @param idTokenClaims
|
|
6137
|
-
* @returns
|
|
6138
|
-
*/
|
|
6139
|
-
function getTenantIdFromIdTokenClaims(idTokenClaims) {
|
|
6140
|
-
if (idTokenClaims) {
|
|
6141
|
-
const tenantId = idTokenClaims.tid || idTokenClaims.tfp || idTokenClaims.acr;
|
|
6142
|
-
return tenantId || null;
|
|
6143
|
-
}
|
|
6144
|
-
return null;
|
|
6145
|
-
}
|
|
6146
|
-
|
|
6147
|
-
/*! @azure/msal-common v15.13.0 2025-10-09 */
|
|
6148
|
-
|
|
6149
|
-
/*
|
|
6150
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6151
|
-
* Licensed under the MIT License.
|
|
6152
|
-
*/
|
|
6153
|
-
/**
|
|
6154
|
-
* Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
|
|
6155
|
-
*
|
|
6156
|
-
* Key : Value Schema
|
|
6157
|
-
*
|
|
6158
|
-
* Key: <home_account_id>-<environment>-<realm*>
|
|
6159
|
-
*
|
|
6160
|
-
* Value Schema:
|
|
6161
|
-
* {
|
|
6162
|
-
* homeAccountId: home account identifier for the auth scheme,
|
|
6163
|
-
* environment: entity that issued the token, represented as a full host
|
|
6164
|
-
* realm: Full tenant or organizational identifier that the account belongs to
|
|
6165
|
-
* localAccountId: Original tenant-specific accountID, usually used for legacy cases
|
|
6166
|
-
* username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
|
|
6167
|
-
* authorityType: Accounts authority type as a string
|
|
6168
|
-
* name: Full name for the account, including given name and family name,
|
|
6169
|
-
* lastModificationTime: last time this entity was modified in the cache
|
|
6170
|
-
* lastModificationApp:
|
|
6171
|
-
* nativeAccountId: Account identifier on the native device
|
|
6172
|
-
* tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
|
|
6173
|
-
* }
|
|
6174
|
-
* @internal
|
|
6175
|
-
*/
|
|
6176
|
-
class AccountEntity {
|
|
6177
|
-
/**
|
|
6178
|
-
* Returns the AccountInfo interface for this account.
|
|
6179
|
-
*/
|
|
6180
|
-
getAccountInfo() {
|
|
6181
|
-
return {
|
|
6182
|
-
homeAccountId: this.homeAccountId,
|
|
6183
|
-
environment: this.environment,
|
|
6184
|
-
tenantId: this.realm,
|
|
6185
|
-
username: this.username,
|
|
6186
|
-
localAccountId: this.localAccountId,
|
|
6187
|
-
loginHint: this.loginHint,
|
|
6188
|
-
name: this.name,
|
|
6189
|
-
nativeAccountId: this.nativeAccountId,
|
|
6190
|
-
authorityType: this.authorityType,
|
|
6191
|
-
// Deserialize tenant profiles array into a Map
|
|
6192
|
-
tenantProfiles: new Map((this.tenantProfiles || []).map((tenantProfile) => {
|
|
6193
|
-
return [tenantProfile.tenantId, tenantProfile];
|
|
6194
|
-
})),
|
|
6195
|
-
dataBoundary: this.dataBoundary,
|
|
6196
|
-
};
|
|
6197
|
-
}
|
|
6198
|
-
/**
|
|
6199
|
-
* Returns true if the account entity is in single tenant format (outdated), false otherwise
|
|
6200
|
-
*/
|
|
6201
|
-
isSingleTenant() {
|
|
6202
|
-
return !this.tenantProfiles;
|
|
6203
|
-
}
|
|
6204
|
-
/**
|
|
6205
|
-
* Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
|
|
6206
|
-
* @param accountDetails
|
|
6207
|
-
*/
|
|
6208
|
-
static createAccount(accountDetails, authority, base64Decode) {
|
|
6209
|
-
const account = new AccountEntity();
|
|
6210
|
-
if (authority.authorityType === AuthorityType.Adfs) {
|
|
6211
|
-
account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;
|
|
6212
|
-
}
|
|
6213
|
-
else if (authority.protocolMode === ProtocolMode.OIDC) {
|
|
6214
|
-
account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE;
|
|
6215
|
-
}
|
|
6216
|
-
else {
|
|
6217
|
-
account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
|
|
6218
|
-
}
|
|
6219
|
-
let clientInfo;
|
|
6220
|
-
if (accountDetails.clientInfo && base64Decode) {
|
|
6221
|
-
clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode);
|
|
6222
|
-
if (clientInfo.xms_tdbr) {
|
|
6223
|
-
account.dataBoundary =
|
|
6224
|
-
clientInfo.xms_tdbr === "EU" ? "EU" : "None";
|
|
6225
|
-
}
|
|
6226
|
-
}
|
|
6227
|
-
account.clientInfo = accountDetails.clientInfo;
|
|
6228
|
-
account.homeAccountId = accountDetails.homeAccountId;
|
|
6229
|
-
account.nativeAccountId = accountDetails.nativeAccountId;
|
|
6230
|
-
const env = accountDetails.environment ||
|
|
6231
|
-
(authority && authority.getPreferredCache());
|
|
6232
|
-
if (!env) {
|
|
6233
|
-
throw createClientAuthError(invalidCacheEnvironment);
|
|
6234
|
-
}
|
|
6235
|
-
account.environment = env;
|
|
6236
|
-
// non AAD scenarios can have empty realm
|
|
6237
|
-
account.realm =
|
|
6238
|
-
clientInfo?.utid ||
|
|
6239
|
-
getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||
|
|
6240
|
-
"";
|
|
6241
|
-
// How do you account for MSA CID here?
|
|
6242
|
-
account.localAccountId =
|
|
6243
|
-
clientInfo?.uid ||
|
|
6244
|
-
accountDetails.idTokenClaims?.oid ||
|
|
6245
|
-
accountDetails.idTokenClaims?.sub ||
|
|
6246
|
-
"";
|
|
6247
|
-
/*
|
|
6248
|
-
* In B2C scenarios the emails claim is used instead of preferred_username and it is an array.
|
|
6249
|
-
* In most cases it will contain a single email. This field should not be relied upon if a custom
|
|
6250
|
-
* policy is configured to return more than 1 email.
|
|
6251
|
-
*/
|
|
6252
|
-
const preferredUsername = accountDetails.idTokenClaims?.preferred_username ||
|
|
6253
|
-
accountDetails.idTokenClaims?.upn;
|
|
6254
|
-
const email = accountDetails.idTokenClaims?.emails
|
|
6255
|
-
? accountDetails.idTokenClaims.emails[0]
|
|
6256
|
-
: null;
|
|
6257
|
-
account.username = preferredUsername || email || "";
|
|
6258
|
-
account.loginHint = accountDetails.idTokenClaims?.login_hint;
|
|
6259
|
-
account.name = accountDetails.idTokenClaims?.name || "";
|
|
6260
|
-
account.cloudGraphHostName = accountDetails.cloudGraphHostName;
|
|
6261
|
-
account.msGraphHost = accountDetails.msGraphHost;
|
|
6262
|
-
if (accountDetails.tenantProfiles) {
|
|
6263
|
-
account.tenantProfiles = accountDetails.tenantProfiles;
|
|
6264
|
-
}
|
|
6265
|
-
else {
|
|
6266
|
-
const tenantProfile = buildTenantProfile(accountDetails.homeAccountId, account.localAccountId, account.realm, accountDetails.idTokenClaims);
|
|
6267
|
-
account.tenantProfiles = [tenantProfile];
|
|
6311
|
+
this.config.serverTelemetryManager.clearTelemetryCache();
|
|
6268
6312
|
}
|
|
6269
|
-
return
|
|
6270
|
-
}
|
|
6271
|
-
/**
|
|
6272
|
-
* Creates an AccountEntity object from AccountInfo
|
|
6273
|
-
* @param accountInfo
|
|
6274
|
-
* @param cloudGraphHostName
|
|
6275
|
-
* @param msGraphHost
|
|
6276
|
-
* @returns
|
|
6277
|
-
*/
|
|
6278
|
-
static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {
|
|
6279
|
-
const account = new AccountEntity();
|
|
6280
|
-
account.authorityType =
|
|
6281
|
-
accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;
|
|
6282
|
-
account.homeAccountId = accountInfo.homeAccountId;
|
|
6283
|
-
account.localAccountId = accountInfo.localAccountId;
|
|
6284
|
-
account.nativeAccountId = accountInfo.nativeAccountId;
|
|
6285
|
-
account.realm = accountInfo.tenantId;
|
|
6286
|
-
account.environment = accountInfo.environment;
|
|
6287
|
-
account.username = accountInfo.username;
|
|
6288
|
-
account.name = accountInfo.name;
|
|
6289
|
-
account.loginHint = accountInfo.loginHint;
|
|
6290
|
-
account.cloudGraphHostName = cloudGraphHostName;
|
|
6291
|
-
account.msGraphHost = msGraphHost;
|
|
6292
|
-
// Serialize tenant profiles map into an array
|
|
6293
|
-
account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
|
|
6294
|
-
account.dataBoundary = accountInfo.dataBoundary;
|
|
6295
|
-
return account;
|
|
6313
|
+
return response;
|
|
6296
6314
|
}
|
|
6297
6315
|
/**
|
|
6298
|
-
*
|
|
6299
|
-
* @param
|
|
6300
|
-
* @param
|
|
6316
|
+
* Wraps sendPostRequestAsync with necessary preflight and postflight logic
|
|
6317
|
+
* @param thumbprint - Request thumbprint for throttling
|
|
6318
|
+
* @param tokenEndpoint - Endpoint to make the POST to
|
|
6319
|
+
* @param options - Body and Headers to include on the POST request
|
|
6320
|
+
* @param correlationId - CorrelationId for telemetry
|
|
6301
6321
|
*/
|
|
6302
|
-
|
|
6303
|
-
|
|
6304
|
-
|
|
6305
|
-
|
|
6306
|
-
|
|
6307
|
-
|
|
6308
|
-
|
|
6309
|
-
|
|
6310
|
-
|
|
6311
|
-
|
|
6312
|
-
|
|
6322
|
+
async sendPostRequest(thumbprint, tokenEndpoint, options, correlationId) {
|
|
6323
|
+
ThrottlingUtils.preProcess(this.cacheManager, thumbprint, correlationId);
|
|
6324
|
+
let response;
|
|
6325
|
+
try {
|
|
6326
|
+
response = await invokeAsync((this.networkClient.sendPostRequestAsync.bind(this.networkClient)), PerformanceEvents.NetworkClientSendPostRequestAsync, this.logger, this.performanceClient, correlationId)(tokenEndpoint, options);
|
|
6327
|
+
const responseHeaders = response.headers || {};
|
|
6328
|
+
this.performanceClient?.addFields({
|
|
6329
|
+
refreshTokenSize: response.body.refresh_token?.length || 0,
|
|
6330
|
+
httpVerToken: responseHeaders[HeaderNames.X_MS_HTTP_VERSION] || "",
|
|
6331
|
+
requestId: responseHeaders[HeaderNames.X_MS_REQUEST_ID] || "",
|
|
6332
|
+
}, correlationId);
|
|
6333
|
+
}
|
|
6334
|
+
catch (e) {
|
|
6335
|
+
if (e instanceof NetworkError) {
|
|
6336
|
+
const responseHeaders = e.responseHeaders;
|
|
6337
|
+
if (responseHeaders) {
|
|
6338
|
+
this.performanceClient?.addFields({
|
|
6339
|
+
httpVerToken: responseHeaders[HeaderNames.X_MS_HTTP_VERSION] || "",
|
|
6340
|
+
requestId: responseHeaders[HeaderNames.X_MS_REQUEST_ID] ||
|
|
6341
|
+
"",
|
|
6342
|
+
contentTypeHeader: responseHeaders[HeaderNames.CONTENT_TYPE] ||
|
|
6343
|
+
undefined,
|
|
6344
|
+
contentLengthHeader: responseHeaders[HeaderNames.CONTENT_LENGTH] ||
|
|
6345
|
+
undefined,
|
|
6346
|
+
httpStatus: e.httpStatus,
|
|
6347
|
+
}, correlationId);
|
|
6313
6348
|
}
|
|
6314
|
-
|
|
6349
|
+
throw e.error;
|
|
6350
|
+
}
|
|
6351
|
+
if (e instanceof AuthError) {
|
|
6352
|
+
throw e;
|
|
6353
|
+
}
|
|
6354
|
+
else {
|
|
6355
|
+
throw createClientAuthError(networkError);
|
|
6315
6356
|
}
|
|
6316
|
-
logger.warning("No client info in response");
|
|
6317
6357
|
}
|
|
6318
|
-
|
|
6319
|
-
return
|
|
6358
|
+
ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response, correlationId);
|
|
6359
|
+
return response;
|
|
6320
6360
|
}
|
|
6321
6361
|
/**
|
|
6322
|
-
*
|
|
6323
|
-
* @param
|
|
6362
|
+
* Updates the authority object of the client. Endpoint discovery must be completed.
|
|
6363
|
+
* @param updatedAuthority
|
|
6324
6364
|
*/
|
|
6325
|
-
|
|
6326
|
-
|
|
6327
|
-
|
|
6328
|
-
|
|
6329
|
-
|
|
6330
|
-
entity.hasOwnProperty("environment") &&
|
|
6331
|
-
entity.hasOwnProperty("realm") &&
|
|
6332
|
-
entity.hasOwnProperty("localAccountId") &&
|
|
6333
|
-
entity.hasOwnProperty("username") &&
|
|
6334
|
-
entity.hasOwnProperty("authorityType"));
|
|
6365
|
+
async updateAuthority(cloudInstanceHostname, correlationId) {
|
|
6366
|
+
this.performanceClient?.addQueueMeasurement(PerformanceEvents.UpdateTokenEndpointAuthority, correlationId);
|
|
6367
|
+
const cloudInstanceAuthorityUri = `https://${cloudInstanceHostname}/${this.authority.tenant}/`;
|
|
6368
|
+
const cloudInstanceAuthority = await createDiscoveredInstance(cloudInstanceAuthorityUri, this.networkClient, this.cacheManager, this.authority.options, this.logger, correlationId, this.performanceClient);
|
|
6369
|
+
this.authority = cloudInstanceAuthority;
|
|
6335
6370
|
}
|
|
6336
6371
|
/**
|
|
6337
|
-
*
|
|
6338
|
-
* @param
|
|
6339
|
-
* @param accountB
|
|
6340
|
-
* @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
|
|
6372
|
+
* Creates query string for the /token request
|
|
6373
|
+
* @param request
|
|
6341
6374
|
*/
|
|
6342
|
-
|
|
6343
|
-
|
|
6344
|
-
|
|
6375
|
+
createTokenQueryParameters(request) {
|
|
6376
|
+
const parameters = new Map();
|
|
6377
|
+
if (request.embeddedClientId) {
|
|
6378
|
+
addBrokerParameters(parameters, this.config.authOptions.clientId, this.config.authOptions.redirectUri);
|
|
6345
6379
|
}
|
|
6346
|
-
|
|
6347
|
-
|
|
6348
|
-
const accountAClaims = (accountA.idTokenClaims ||
|
|
6349
|
-
{});
|
|
6350
|
-
const accountBClaims = (accountB.idTokenClaims ||
|
|
6351
|
-
{});
|
|
6352
|
-
// issued at timestamp and nonce are expected to change each time a new id token is acquired
|
|
6353
|
-
claimsMatch =
|
|
6354
|
-
accountAClaims.iat === accountBClaims.iat &&
|
|
6355
|
-
accountAClaims.nonce === accountBClaims.nonce;
|
|
6380
|
+
if (request.tokenQueryParameters) {
|
|
6381
|
+
addExtraQueryParameters(parameters, request.tokenQueryParameters);
|
|
6356
6382
|
}
|
|
6357
|
-
|
|
6358
|
-
|
|
6359
|
-
|
|
6360
|
-
accountA.tenantId === accountB.tenantId &&
|
|
6361
|
-
accountA.loginHint === accountB.loginHint &&
|
|
6362
|
-
accountA.environment === accountB.environment &&
|
|
6363
|
-
accountA.nativeAccountId === accountB.nativeAccountId &&
|
|
6364
|
-
claimsMatch);
|
|
6383
|
+
addCorrelationId(parameters, request.correlationId);
|
|
6384
|
+
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
6385
|
+
return mapToQueryString(parameters);
|
|
6365
6386
|
}
|
|
6366
6387
|
}
|
|
6367
6388
|
|
|
6368
|
-
/*! @azure/msal-common v15.13.
|
|
6389
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
6369
6390
|
/*
|
|
6370
6391
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6371
6392
|
* Licensed under the MIT License.
|
|
@@ -6393,7 +6414,7 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
6393
6414
|
uxNotAllowed: uxNotAllowed
|
|
6394
6415
|
});
|
|
6395
6416
|
|
|
6396
|
-
/*! @azure/msal-common v15.13.
|
|
6417
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
6397
6418
|
|
|
6398
6419
|
/*
|
|
6399
6420
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6483,7 +6504,7 @@ function createInteractionRequiredAuthError(errorCode) {
|
|
|
6483
6504
|
return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
|
|
6484
6505
|
}
|
|
6485
6506
|
|
|
6486
|
-
/*! @azure/msal-common v15.13.
|
|
6507
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
6487
6508
|
|
|
6488
6509
|
/*
|
|
6489
6510
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6555,7 +6576,7 @@ class ProtocolUtils {
|
|
|
6555
6576
|
}
|
|
6556
6577
|
}
|
|
6557
6578
|
|
|
6558
|
-
/*! @azure/msal-common v15.13.
|
|
6579
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
6559
6580
|
|
|
6560
6581
|
/*
|
|
6561
6582
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6637,7 +6658,7 @@ class PopTokenGenerator {
|
|
|
6637
6658
|
}
|
|
6638
6659
|
}
|
|
6639
6660
|
|
|
6640
|
-
/*! @azure/msal-common v15.13.
|
|
6661
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
6641
6662
|
/*
|
|
6642
6663
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6643
6664
|
* Licensed under the MIT License.
|
|
@@ -6664,7 +6685,7 @@ class PopTokenGenerator {
|
|
|
6664
6685
|
}
|
|
6665
6686
|
}
|
|
6666
6687
|
|
|
6667
|
-
/*! @azure/msal-common v15.13.
|
|
6688
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
6668
6689
|
|
|
6669
6690
|
/*
|
|
6670
6691
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6776,14 +6797,14 @@ class ResponseHandler {
|
|
|
6776
6797
|
if (handlingRefreshTokenResponse &&
|
|
6777
6798
|
!forceCacheRefreshTokenResponse &&
|
|
6778
6799
|
cacheRecord.account) {
|
|
6779
|
-
const key = this.cacheStorage.generateAccountKey(cacheRecord.account
|
|
6800
|
+
const key = this.cacheStorage.generateAccountKey(AccountEntity.getAccountInfo(cacheRecord.account));
|
|
6780
6801
|
const account = this.cacheStorage.getAccount(key, request.correlationId);
|
|
6781
6802
|
if (!account) {
|
|
6782
6803
|
this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache");
|
|
6783
6804
|
return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId);
|
|
6784
6805
|
}
|
|
6785
6806
|
}
|
|
6786
|
-
await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, request.storeInCache);
|
|
6807
|
+
await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, isKmsi(idTokenClaims || {}), request.storeInCache);
|
|
6787
6808
|
}
|
|
6788
6809
|
finally {
|
|
6789
6810
|
if (this.persistencePlugin &&
|
|
@@ -6930,7 +6951,7 @@ class ResponseHandler {
|
|
|
6930
6951
|
serverTokenResponse?.spa_accountid;
|
|
6931
6952
|
}
|
|
6932
6953
|
const accountInfo = cacheRecord.account
|
|
6933
|
-
? updateAccountTenantProfileData(cacheRecord.account
|
|
6954
|
+
? updateAccountTenantProfileData(AccountEntity.getAccountInfo(cacheRecord.account), undefined, // tenantProfile optional
|
|
6934
6955
|
idTokenClaims, cacheRecord.idToken?.secret)
|
|
6935
6956
|
: null;
|
|
6936
6957
|
return {
|
|
@@ -6995,7 +7016,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
6995
7016
|
return baseAccount;
|
|
6996
7017
|
}
|
|
6997
7018
|
|
|
6998
|
-
/*! @azure/msal-common v15.13.
|
|
7019
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
6999
7020
|
/*
|
|
7000
7021
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7001
7022
|
* Licensed under the MIT License.
|
|
@@ -7013,7 +7034,7 @@ async function getClientAssertion(clientAssertion, clientId, tokenEndpoint) {
|
|
|
7013
7034
|
}
|
|
7014
7035
|
}
|
|
7015
7036
|
|
|
7016
|
-
/*! @azure/msal-common v15.13.
|
|
7037
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
7017
7038
|
|
|
7018
7039
|
/*
|
|
7019
7040
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7248,7 +7269,7 @@ class AuthorizationCodeClient extends BaseClient {
|
|
|
7248
7269
|
}
|
|
7249
7270
|
}
|
|
7250
7271
|
|
|
7251
|
-
/*! @azure/msal-common v15.13.
|
|
7272
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
7252
7273
|
|
|
7253
7274
|
/*
|
|
7254
7275
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7457,7 +7478,7 @@ class RefreshTokenClient extends BaseClient {
|
|
|
7457
7478
|
}
|
|
7458
7479
|
}
|
|
7459
7480
|
|
|
7460
|
-
/*! @azure/msal-common v15.13.
|
|
7481
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
7461
7482
|
|
|
7462
7483
|
/*
|
|
7463
7484
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7555,7 +7576,7 @@ class SilentFlowClient extends BaseClient {
|
|
|
7555
7576
|
}
|
|
7556
7577
|
}
|
|
7557
7578
|
|
|
7558
|
-
/*! @azure/msal-common v15.13.
|
|
7579
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
7559
7580
|
|
|
7560
7581
|
/*
|
|
7561
7582
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7570,7 +7591,7 @@ const StubbedNetworkModule = {
|
|
|
7570
7591
|
},
|
|
7571
7592
|
};
|
|
7572
7593
|
|
|
7573
|
-
/*! @azure/msal-common v15.13.
|
|
7594
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
7574
7595
|
|
|
7575
7596
|
/*
|
|
7576
7597
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7794,7 +7815,7 @@ function extractLoginHint(account) {
|
|
|
7794
7815
|
return account.loginHint || account.idTokenClaims?.login_hint || null;
|
|
7795
7816
|
}
|
|
7796
7817
|
|
|
7797
|
-
/*! @azure/msal-common v15.13.
|
|
7818
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
7798
7819
|
|
|
7799
7820
|
/*
|
|
7800
7821
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7852,7 +7873,7 @@ class AuthenticationHeaderParser {
|
|
|
7852
7873
|
}
|
|
7853
7874
|
}
|
|
7854
7875
|
|
|
7855
|
-
/*! @azure/msal-common v15.13.
|
|
7876
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
7856
7877
|
|
|
7857
7878
|
/*
|
|
7858
7879
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8115,7 +8136,7 @@ class ServerTelemetryManager {
|
|
|
8115
8136
|
}
|
|
8116
8137
|
}
|
|
8117
8138
|
|
|
8118
|
-
/*! @azure/msal-common v15.13.
|
|
8139
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
8119
8140
|
/*
|
|
8120
8141
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8121
8142
|
* Licensed under the MIT License.
|
|
@@ -8123,7 +8144,7 @@ class ServerTelemetryManager {
|
|
|
8123
8144
|
const missingKidError = "missing_kid_error";
|
|
8124
8145
|
const missingAlgError = "missing_alg_error";
|
|
8125
8146
|
|
|
8126
|
-
/*! @azure/msal-common v15.13.
|
|
8147
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
8127
8148
|
|
|
8128
8149
|
/*
|
|
8129
8150
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8148,7 +8169,7 @@ function createJoseHeaderError(code) {
|
|
|
8148
8169
|
return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
|
|
8149
8170
|
}
|
|
8150
8171
|
|
|
8151
|
-
/*! @azure/msal-common v15.13.
|
|
8172
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
8152
8173
|
|
|
8153
8174
|
/*
|
|
8154
8175
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8188,7 +8209,7 @@ class JoseHeader {
|
|
|
8188
8209
|
}
|
|
8189
8210
|
}
|
|
8190
8211
|
|
|
8191
|
-
/*! @azure/msal-common v15.13.
|
|
8212
|
+
/*! @azure/msal-common v15.13.1 2025-10-29 */
|
|
8192
8213
|
|
|
8193
8214
|
/*
|
|
8194
8215
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10304,7 +10325,7 @@ function buildConfiguration({ auth: userInputAuth, cache: userInputCache, system
|
|
|
10304
10325
|
|
|
10305
10326
|
/* eslint-disable header/header */
|
|
10306
10327
|
const name = "@azure/msal-browser";
|
|
10307
|
-
const version = "4.
|
|
10328
|
+
const version = "4.26.0";
|
|
10308
10329
|
|
|
10309
10330
|
/*
|
|
10310
10331
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10312,9 +10333,9 @@ const version = "4.25.0";
|
|
|
10312
10333
|
*/
|
|
10313
10334
|
const PREFIX = "msal";
|
|
10314
10335
|
const BROWSER_PREFIX = "browser";
|
|
10315
|
-
const CACHE_KEY_SEPARATOR = "
|
|
10316
|
-
const CREDENTIAL_SCHEMA_VERSION =
|
|
10317
|
-
const ACCOUNT_SCHEMA_VERSION =
|
|
10336
|
+
const CACHE_KEY_SEPARATOR = "|";
|
|
10337
|
+
const CREDENTIAL_SCHEMA_VERSION = 2;
|
|
10338
|
+
const ACCOUNT_SCHEMA_VERSION = 2;
|
|
10318
10339
|
const LOG_LEVEL_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.level`;
|
|
10319
10340
|
const LOG_PII_CACHE_KEY = `${PREFIX}.${BROWSER_PREFIX}.log.pii`;
|
|
10320
10341
|
const BROWSER_PERF_ENABLED_KEY = `${PREFIX}.${BROWSER_PREFIX}.performance.enabled`;
|
|
@@ -11474,7 +11495,10 @@ class LocalStorage {
|
|
|
11474
11495
|
return null;
|
|
11475
11496
|
}
|
|
11476
11497
|
try {
|
|
11477
|
-
return
|
|
11498
|
+
return {
|
|
11499
|
+
...JSON.parse(decryptedData),
|
|
11500
|
+
lastUpdatedAt: data.lastUpdatedAt,
|
|
11501
|
+
};
|
|
11478
11502
|
}
|
|
11479
11503
|
catch (e) {
|
|
11480
11504
|
this.performanceClient.incrementFields({ encryptedCacheCorruptionCount: 1 }, correlationId);
|
|
@@ -11484,19 +11508,24 @@ class LocalStorage {
|
|
|
11484
11508
|
setItem(key, value) {
|
|
11485
11509
|
window.localStorage.setItem(key, value);
|
|
11486
11510
|
}
|
|
11487
|
-
async setUserData(key, value, correlationId, timestamp) {
|
|
11511
|
+
async setUserData(key, value, correlationId, timestamp, kmsi) {
|
|
11488
11512
|
if (!this.initialized || !this.encryptionCookie) {
|
|
11489
11513
|
throw createBrowserAuthError(uninitializedPublicClientApplication);
|
|
11490
11514
|
}
|
|
11491
|
-
|
|
11492
|
-
|
|
11493
|
-
|
|
11494
|
-
|
|
11495
|
-
|
|
11496
|
-
|
|
11497
|
-
|
|
11515
|
+
if (kmsi) {
|
|
11516
|
+
this.setItem(key, value);
|
|
11517
|
+
}
|
|
11518
|
+
else {
|
|
11519
|
+
const { data, nonce } = await invokeAsync(encrypt, PerformanceEvents.Encrypt, this.logger, this.performanceClient, correlationId)(this.encryptionCookie.key, value, this.getContext(key));
|
|
11520
|
+
const encryptedData = {
|
|
11521
|
+
id: this.encryptionCookie.id,
|
|
11522
|
+
nonce: nonce,
|
|
11523
|
+
data: data,
|
|
11524
|
+
lastUpdatedAt: timestamp,
|
|
11525
|
+
};
|
|
11526
|
+
this.setItem(key, JSON.stringify(encryptedData));
|
|
11527
|
+
}
|
|
11498
11528
|
this.memoryStorage.setItem(key, value);
|
|
11499
|
-
this.setItem(key, JSON.stringify(encryptedData));
|
|
11500
11529
|
// Notify other frames to update their in-memory cache
|
|
11501
11530
|
this.broadcast.postMessage({
|
|
11502
11531
|
key: key,
|
|
@@ -11596,13 +11625,14 @@ class LocalStorage {
|
|
|
11596
11625
|
if (!isEncrypted(encObj)) {
|
|
11597
11626
|
// Data is not encrypted
|
|
11598
11627
|
this.performanceClient.incrementFields({ unencryptedCacheCount: 1 }, correlationId);
|
|
11599
|
-
return
|
|
11628
|
+
return rawCache;
|
|
11600
11629
|
}
|
|
11601
11630
|
if (encObj.id !== this.encryptionCookie.id) {
|
|
11602
11631
|
// Data was encrypted with a different key. It must be removed because it is from a previous session.
|
|
11603
11632
|
this.performanceClient.incrementFields({ encryptedCacheExpiredCount: 1 }, correlationId);
|
|
11604
11633
|
return null;
|
|
11605
11634
|
}
|
|
11635
|
+
this.performanceClient.incrementFields({ encryptedCacheCount: 1 }, correlationId);
|
|
11606
11636
|
return invokeAsync(decrypt, PerformanceEvents.Decrypt, this.logger, this.performanceClient, correlationId)(this.encryptionCookie.key, encObj.nonce, this.getContext(key), encObj.data);
|
|
11607
11637
|
}
|
|
11608
11638
|
/**
|
|
@@ -11794,108 +11824,338 @@ class BrowserCacheManager extends CacheManager {
|
|
|
11794
11824
|
* Migrates any existing cache data from previous versions of MSAL.js into the current cache structure.
|
|
11795
11825
|
*/
|
|
11796
11826
|
async migrateExistingCache(correlationId) {
|
|
11797
|
-
|
|
11798
|
-
|
|
11827
|
+
let accountKeys = getAccountKeys(this.browserStorage);
|
|
11828
|
+
let tokenKeys = getTokenKeys(this.clientId, this.browserStorage);
|
|
11799
11829
|
this.performanceClient.addFields({
|
|
11800
|
-
|
|
11801
|
-
|
|
11802
|
-
|
|
11803
|
-
|
|
11830
|
+
preMigrateAcntCount: accountKeys.length,
|
|
11831
|
+
preMigrateATCount: tokenKeys.accessToken.length,
|
|
11832
|
+
preMigrateITCount: tokenKeys.idToken.length,
|
|
11833
|
+
preMigrateRTCount: tokenKeys.refreshToken.length,
|
|
11804
11834
|
}, correlationId);
|
|
11805
|
-
|
|
11806
|
-
|
|
11835
|
+
for (let i = 0; i < ACCOUNT_SCHEMA_VERSION; i++) {
|
|
11836
|
+
const credentialSchema = i; // For now account and credential schemas are the same, but may diverge in future
|
|
11837
|
+
await this.removeStaleAccounts(i, credentialSchema, correlationId);
|
|
11838
|
+
}
|
|
11839
|
+
// Must migrate idTokens first to ensure we have KMSI info for the rest
|
|
11840
|
+
for (let i = 0; i < CREDENTIAL_SCHEMA_VERSION; i++) {
|
|
11841
|
+
const accountSchema = i; // For now account and credential schemas are the same, but may diverge in future
|
|
11842
|
+
await this.migrateIdTokens(i, accountSchema, correlationId);
|
|
11843
|
+
}
|
|
11844
|
+
const kmsiMap = this.getKMSIValues();
|
|
11845
|
+
for (let i = 0; i < CREDENTIAL_SCHEMA_VERSION; i++) {
|
|
11846
|
+
await this.migrateAccessTokens(i, kmsiMap, correlationId);
|
|
11847
|
+
await this.migrateRefreshTokens(i, kmsiMap, correlationId);
|
|
11848
|
+
}
|
|
11849
|
+
accountKeys = getAccountKeys(this.browserStorage);
|
|
11850
|
+
tokenKeys = getTokenKeys(this.clientId, this.browserStorage);
|
|
11807
11851
|
this.performanceClient.addFields({
|
|
11808
|
-
|
|
11809
|
-
|
|
11810
|
-
|
|
11811
|
-
|
|
11852
|
+
postMigrateAcntCount: accountKeys.length,
|
|
11853
|
+
postMigrateATCount: tokenKeys.accessToken.length,
|
|
11854
|
+
postMigrateITCount: tokenKeys.idToken.length,
|
|
11855
|
+
postMigrateRTCount: tokenKeys.refreshToken.length,
|
|
11812
11856
|
}, correlationId);
|
|
11813
|
-
|
|
11814
|
-
|
|
11815
|
-
|
|
11816
|
-
|
|
11817
|
-
|
|
11818
|
-
|
|
11819
|
-
|
|
11820
|
-
|
|
11857
|
+
}
|
|
11858
|
+
/**
|
|
11859
|
+
* Parses entry, adds lastUpdatedAt if it doesn't exist, removes entry if expired or invalid
|
|
11860
|
+
* @param key
|
|
11861
|
+
* @param correlationId
|
|
11862
|
+
* @returns
|
|
11863
|
+
*/
|
|
11864
|
+
async updateOldEntry(key, correlationId) {
|
|
11865
|
+
const rawValue = this.browserStorage.getItem(key);
|
|
11866
|
+
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
11867
|
+
if (!parsedValue) {
|
|
11868
|
+
this.browserStorage.removeItem(key);
|
|
11869
|
+
return null;
|
|
11821
11870
|
}
|
|
11822
|
-
|
|
11823
|
-
|
|
11871
|
+
if (!parsedValue.lastUpdatedAt) {
|
|
11872
|
+
// Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
|
|
11873
|
+
parsedValue.lastUpdatedAt = Date.now().toString();
|
|
11874
|
+
this.setItem(key, JSON.stringify(parsedValue), correlationId);
|
|
11824
11875
|
}
|
|
11825
|
-
if (
|
|
11826
|
-
this.browserStorage.
|
|
11876
|
+
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
11877
|
+
this.browserStorage.removeItem(key);
|
|
11878
|
+
this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
|
|
11879
|
+
return null;
|
|
11827
11880
|
}
|
|
11828
|
-
|
|
11829
|
-
this.browserStorage.
|
|
11830
|
-
|
|
11831
|
-
|
|
11832
|
-
|
|
11833
|
-
|
|
11834
|
-
|
|
11835
|
-
|
|
11836
|
-
|
|
11837
|
-
|
|
11838
|
-
|
|
11839
|
-
|
|
11840
|
-
|
|
11881
|
+
const decryptedData = isEncrypted(parsedValue)
|
|
11882
|
+
? await this.browserStorage.decryptData(key, parsedValue, correlationId)
|
|
11883
|
+
: parsedValue;
|
|
11884
|
+
if (!decryptedData || !isCredentialEntity(decryptedData)) {
|
|
11885
|
+
this.performanceClient.incrementFields({ invalidCacheCount: 1 }, correlationId);
|
|
11886
|
+
return null;
|
|
11887
|
+
}
|
|
11888
|
+
if ((isAccessTokenEntity(decryptedData) ||
|
|
11889
|
+
isRefreshTokenEntity(decryptedData)) &&
|
|
11890
|
+
decryptedData.expiresOn &&
|
|
11891
|
+
isTokenExpired(decryptedData.expiresOn, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC)) {
|
|
11892
|
+
this.browserStorage.removeItem(key);
|
|
11893
|
+
this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
|
|
11894
|
+
return null;
|
|
11895
|
+
}
|
|
11896
|
+
return decryptedData;
|
|
11897
|
+
}
|
|
11898
|
+
/**
|
|
11899
|
+
* Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
|
|
11900
|
+
* @param accountSchema
|
|
11901
|
+
* @param credentialSchema
|
|
11902
|
+
* @param correlationId
|
|
11903
|
+
* @returns
|
|
11904
|
+
*/
|
|
11905
|
+
async removeStaleAccounts(accountSchema, credentialSchema, correlationId) {
|
|
11906
|
+
const accountKeysToCheck = getAccountKeys(this.browserStorage, accountSchema);
|
|
11907
|
+
if (accountKeysToCheck.length === 0) {
|
|
11908
|
+
return;
|
|
11909
|
+
}
|
|
11910
|
+
for (const accountKey of [...accountKeysToCheck]) {
|
|
11911
|
+
this.performanceClient.incrementFields({ oldAcntCount: 1 }, correlationId);
|
|
11912
|
+
const rawValue = this.browserStorage.getItem(accountKey);
|
|
11913
|
+
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
11914
|
+
if (!parsedValue) {
|
|
11915
|
+
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
11916
|
+
continue;
|
|
11917
|
+
}
|
|
11918
|
+
if (!parsedValue.lastUpdatedAt) {
|
|
11919
|
+
// Add lastUpdatedAt to the existing entry if it doesnt exist so we know when it's safe to remove it
|
|
11920
|
+
parsedValue.lastUpdatedAt = Date.now().toString();
|
|
11921
|
+
this.setItem(accountKey, JSON.stringify(parsedValue), correlationId);
|
|
11922
|
+
continue;
|
|
11923
|
+
}
|
|
11924
|
+
else if (isCacheExpired(parsedValue.lastUpdatedAt, this.cacheConfig.cacheRetentionDays)) {
|
|
11925
|
+
// Cache expired remove account and associated tokens
|
|
11926
|
+
await this.removeAccountOldSchema(accountKey, parsedValue, credentialSchema, correlationId);
|
|
11927
|
+
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
11928
|
+
}
|
|
11929
|
+
}
|
|
11930
|
+
this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
|
|
11931
|
+
}
|
|
11932
|
+
/**
|
|
11933
|
+
* Remove the given account and all associated tokens from the cache
|
|
11934
|
+
* @param accountKey
|
|
11935
|
+
* @param rawObject
|
|
11936
|
+
* @param credentialSchema
|
|
11937
|
+
* @param correlationId
|
|
11938
|
+
*/
|
|
11939
|
+
async removeAccountOldSchema(accountKey, rawObject, credentialSchema, correlationId) {
|
|
11940
|
+
const decryptedData = isEncrypted(rawObject)
|
|
11941
|
+
? (await this.browserStorage.decryptData(accountKey, rawObject, correlationId))
|
|
11942
|
+
: rawObject;
|
|
11943
|
+
const homeAccountId = decryptedData?.homeAccountId;
|
|
11944
|
+
if (homeAccountId) {
|
|
11945
|
+
const tokenKeys = this.getTokenKeys(credentialSchema);
|
|
11946
|
+
[...tokenKeys.idToken]
|
|
11947
|
+
.filter((key) => key.includes(homeAccountId))
|
|
11948
|
+
.forEach((key) => {
|
|
11949
|
+
this.browserStorage.removeItem(key);
|
|
11950
|
+
removeElementFromArray(tokenKeys.idToken, key);
|
|
11951
|
+
});
|
|
11952
|
+
[...tokenKeys.accessToken]
|
|
11953
|
+
.filter((key) => key.includes(homeAccountId))
|
|
11954
|
+
.forEach((key) => {
|
|
11955
|
+
this.browserStorage.removeItem(key);
|
|
11956
|
+
removeElementFromArray(tokenKeys.accessToken, key);
|
|
11957
|
+
});
|
|
11958
|
+
[...tokenKeys.refreshToken]
|
|
11959
|
+
.filter((key) => key.includes(homeAccountId))
|
|
11960
|
+
.forEach((key) => {
|
|
11961
|
+
this.browserStorage.removeItem(key);
|
|
11962
|
+
removeElementFromArray(tokenKeys.refreshToken, key);
|
|
11963
|
+
});
|
|
11964
|
+
this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
|
|
11965
|
+
}
|
|
11966
|
+
this.performanceClient.incrementFields({ expiredAcntRemovedCount: 1 }, correlationId);
|
|
11967
|
+
this.browserStorage.removeItem(accountKey);
|
|
11968
|
+
}
|
|
11969
|
+
/**
|
|
11970
|
+
* Gets key value pair mapping homeAccountId to KMSI value
|
|
11971
|
+
* @returns
|
|
11972
|
+
*/
|
|
11973
|
+
getKMSIValues() {
|
|
11974
|
+
const kmsiMap = {};
|
|
11975
|
+
const tokenKeys = this.getTokenKeys().idToken;
|
|
11976
|
+
for (const key of tokenKeys) {
|
|
11977
|
+
const rawValue = this.browserStorage.getUserData(key);
|
|
11978
|
+
if (rawValue) {
|
|
11979
|
+
const idToken = JSON.parse(rawValue);
|
|
11980
|
+
const claims = extractTokenClaims(idToken.secret, base64Decode);
|
|
11981
|
+
if (claims) {
|
|
11982
|
+
kmsiMap[idToken.homeAccountId] = isKmsi(claims);
|
|
11983
|
+
}
|
|
11984
|
+
}
|
|
11985
|
+
}
|
|
11986
|
+
return kmsiMap;
|
|
11987
|
+
}
|
|
11988
|
+
/**
|
|
11989
|
+
* Migrates id tokens from the old schema to the new schema, also migrates associated account object if it doesn't already exist in the new schema
|
|
11990
|
+
* @param credentialSchema
|
|
11991
|
+
* @param accountSchema
|
|
11992
|
+
* @param correlationId
|
|
11993
|
+
* @returns
|
|
11994
|
+
*/
|
|
11995
|
+
async migrateIdTokens(credentialSchema, accountSchema, correlationId) {
|
|
11996
|
+
const credentialKeysToMigrate = getTokenKeys(this.clientId, this.browserStorage, credentialSchema);
|
|
11997
|
+
if (credentialKeysToMigrate.idToken.length === 0) {
|
|
11998
|
+
return;
|
|
11999
|
+
}
|
|
12000
|
+
const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
|
|
12001
|
+
const currentAccountKeys = getAccountKeys(this.browserStorage);
|
|
12002
|
+
const previousAccountKeys = getAccountKeys(this.browserStorage, accountSchema);
|
|
12003
|
+
for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
|
|
12004
|
+
this.performanceClient.incrementFields({ oldITCount: 1 }, correlationId);
|
|
12005
|
+
const oldSchemaData = (await this.updateOldEntry(idTokenKey, correlationId));
|
|
12006
|
+
if (!oldSchemaData) {
|
|
12007
|
+
removeElementFromArray(credentialKeysToMigrate.idToken, idTokenKey);
|
|
12008
|
+
continue;
|
|
12009
|
+
}
|
|
12010
|
+
const currentAccountKey = currentAccountKeys.find((key) => key.includes(oldSchemaData.homeAccountId));
|
|
12011
|
+
const previousAccountKey = previousAccountKeys.find((key) => key.includes(oldSchemaData.homeAccountId));
|
|
12012
|
+
let account = null;
|
|
12013
|
+
if (currentAccountKey) {
|
|
12014
|
+
account = this.getAccount(currentAccountKey, correlationId);
|
|
12015
|
+
}
|
|
12016
|
+
else if (previousAccountKey) {
|
|
12017
|
+
const rawValue = this.browserStorage.getItem(previousAccountKey);
|
|
12018
|
+
const parsedValue = this.validateAndParseJson(rawValue || "");
|
|
12019
|
+
account =
|
|
12020
|
+
parsedValue && isEncrypted(parsedValue)
|
|
12021
|
+
? (await this.browserStorage.decryptData(previousAccountKey, parsedValue, correlationId))
|
|
12022
|
+
: parsedValue;
|
|
12023
|
+
}
|
|
12024
|
+
if (!account) {
|
|
12025
|
+
// Don't migrate idToken if we don't have an account for it
|
|
12026
|
+
this.performanceClient.incrementFields({ skipITMigrateCount: 1 }, correlationId);
|
|
11841
12027
|
continue;
|
|
11842
12028
|
}
|
|
11843
|
-
|
|
11844
|
-
|
|
11845
|
-
|
|
11846
|
-
|
|
11847
|
-
|
|
11848
|
-
|
|
11849
|
-
|
|
11850
|
-
|
|
11851
|
-
|
|
11852
|
-
|
|
11853
|
-
|
|
11854
|
-
|
|
12029
|
+
const claims = extractTokenClaims(oldSchemaData.secret, base64Decode);
|
|
12030
|
+
const newIdTokenKey = this.generateCredentialKey(oldSchemaData);
|
|
12031
|
+
const currentIdToken = this.getIdTokenCredential(newIdTokenKey, correlationId);
|
|
12032
|
+
const oldTokenHasSignInState = Object.keys(claims).includes("signin_state");
|
|
12033
|
+
const currentTokenHasSignInState = currentIdToken &&
|
|
12034
|
+
Object.keys(extractTokenClaims(currentIdToken.secret, base64Decode) || {}).includes("signin_state");
|
|
12035
|
+
/**
|
|
12036
|
+
* Only migrate if:
|
|
12037
|
+
* 1. Token doesn't yet exist in current schema
|
|
12038
|
+
* 2. Old schema token has been updated more recently than the current one AND migrating it won't result in loss of KMSI state
|
|
12039
|
+
*/
|
|
12040
|
+
if (!currentIdToken ||
|
|
12041
|
+
(oldSchemaData.lastUpdatedAt > currentIdToken.lastUpdatedAt &&
|
|
12042
|
+
(oldTokenHasSignInState || !currentTokenHasSignInState))) {
|
|
12043
|
+
const tenantProfiles = account.tenantProfiles || [];
|
|
12044
|
+
const tenantId = getTenantIdFromIdTokenClaims(claims) || account.realm;
|
|
12045
|
+
if (tenantId &&
|
|
12046
|
+
!tenantProfiles.find((tenantProfile) => {
|
|
12047
|
+
return tenantProfile.tenantId === tenantId;
|
|
12048
|
+
})) {
|
|
12049
|
+
const newTenantProfile = buildTenantProfile(account.homeAccountId, account.localAccountId, tenantId, claims);
|
|
12050
|
+
tenantProfiles.push(newTenantProfile);
|
|
11855
12051
|
}
|
|
11856
|
-
|
|
11857
|
-
|
|
12052
|
+
account.tenantProfiles = tenantProfiles;
|
|
12053
|
+
const newAccountKey = this.generateAccountKey(AccountEntity.getAccountInfo(account));
|
|
12054
|
+
const kmsi = isKmsi(claims);
|
|
12055
|
+
await this.setUserData(newAccountKey, JSON.stringify(account), correlationId, account.lastUpdatedAt, kmsi);
|
|
12056
|
+
if (!currentAccountKeys.includes(newAccountKey)) {
|
|
12057
|
+
currentAccountKeys.push(newAccountKey);
|
|
11858
12058
|
}
|
|
12059
|
+
await this.setUserData(newIdTokenKey, JSON.stringify(oldSchemaData), correlationId, oldSchemaData.lastUpdatedAt, kmsi);
|
|
12060
|
+
this.performanceClient.incrementFields({ migratedITCount: 1 }, correlationId);
|
|
12061
|
+
currentCredentialKeys.idToken.push(newIdTokenKey);
|
|
12062
|
+
}
|
|
12063
|
+
}
|
|
12064
|
+
this.setTokenKeys(credentialKeysToMigrate, correlationId, credentialSchema);
|
|
12065
|
+
this.setTokenKeys(currentCredentialKeys, correlationId);
|
|
12066
|
+
this.setAccountKeys(currentAccountKeys, correlationId);
|
|
12067
|
+
}
|
|
12068
|
+
/**
|
|
12069
|
+
* Migrates access tokens from old cache schema to current schema
|
|
12070
|
+
* @param credentialSchema
|
|
12071
|
+
* @param kmsiMap
|
|
12072
|
+
* @param correlationId
|
|
12073
|
+
* @returns
|
|
12074
|
+
*/
|
|
12075
|
+
async migrateAccessTokens(credentialSchema, kmsiMap, correlationId) {
|
|
12076
|
+
const credentialKeysToMigrate = getTokenKeys(this.clientId, this.browserStorage, credentialSchema);
|
|
12077
|
+
if (credentialKeysToMigrate.accessToken.length === 0) {
|
|
12078
|
+
return;
|
|
12079
|
+
}
|
|
12080
|
+
const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
|
|
12081
|
+
for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
|
|
12082
|
+
this.performanceClient.incrementFields({ oldATCount: 1 }, correlationId);
|
|
12083
|
+
const oldSchemaData = (await this.updateOldEntry(accessTokenKey, correlationId));
|
|
12084
|
+
if (!oldSchemaData) {
|
|
12085
|
+
removeElementFromArray(credentialKeysToMigrate.accessToken, accessTokenKey);
|
|
12086
|
+
continue;
|
|
11859
12087
|
}
|
|
11860
|
-
if (!
|
|
11861
|
-
|
|
11862
|
-
(
|
|
11863
|
-
isTokenExpired(expirationTime, DEFAULT_TOKEN_RENEWAL_OFFSET_SEC))) {
|
|
11864
|
-
this.browserStorage.removeItem(v0Key);
|
|
11865
|
-
removeElementFromArray(v0Keys, v0Key);
|
|
11866
|
-
this.performanceClient.incrementFields({ expiredCacheRemovedCount: 1 }, correlationId);
|
|
12088
|
+
if (!Object.keys(kmsiMap).includes(oldSchemaData.homeAccountId)) {
|
|
12089
|
+
// Don't migrate tokens if we don't have an idToken for them
|
|
12090
|
+
this.performanceClient.incrementFields({ skipATMigrateCount: 1 }, correlationId);
|
|
11867
12091
|
continue;
|
|
11868
12092
|
}
|
|
11869
|
-
|
|
11870
|
-
|
|
11871
|
-
|
|
11872
|
-
|
|
11873
|
-
|
|
11874
|
-
|
|
11875
|
-
|
|
11876
|
-
|
|
11877
|
-
|
|
11878
|
-
|
|
11879
|
-
|
|
12093
|
+
const newKey = this.generateCredentialKey(oldSchemaData);
|
|
12094
|
+
const kmsi = kmsiMap[oldSchemaData.homeAccountId];
|
|
12095
|
+
if (!currentCredentialKeys.accessToken.includes(newKey)) {
|
|
12096
|
+
await this.setUserData(newKey, JSON.stringify(oldSchemaData), correlationId, oldSchemaData.lastUpdatedAt, kmsi);
|
|
12097
|
+
this.performanceClient.incrementFields({ migratedATCount: 1 }, correlationId);
|
|
12098
|
+
currentCredentialKeys.accessToken.push(newKey);
|
|
12099
|
+
}
|
|
12100
|
+
else {
|
|
12101
|
+
const currentToken = this.getAccessTokenCredential(newKey, correlationId);
|
|
12102
|
+
if (!currentToken ||
|
|
12103
|
+
oldSchemaData.lastUpdatedAt > currentToken.lastUpdatedAt) {
|
|
12104
|
+
// If the token already exists, only overwrite it if the old token has a more recent lastUpdatedAt
|
|
12105
|
+
await this.setUserData(newKey, JSON.stringify(oldSchemaData), correlationId, oldSchemaData.lastUpdatedAt, kmsi);
|
|
12106
|
+
this.performanceClient.incrementFields({ migratedATCount: 1 }, correlationId);
|
|
11880
12107
|
}
|
|
11881
|
-
|
|
11882
|
-
|
|
11883
|
-
|
|
11884
|
-
|
|
11885
|
-
|
|
11886
|
-
|
|
11887
|
-
|
|
11888
|
-
|
|
11889
|
-
|
|
11890
|
-
|
|
12108
|
+
}
|
|
12109
|
+
}
|
|
12110
|
+
this.setTokenKeys(credentialKeysToMigrate, correlationId, credentialSchema);
|
|
12111
|
+
this.setTokenKeys(currentCredentialKeys, correlationId);
|
|
12112
|
+
}
|
|
12113
|
+
/**
|
|
12114
|
+
* Migrates refresh tokens from old cache schema to current schema
|
|
12115
|
+
* @param credentialSchema
|
|
12116
|
+
* @param kmsiMap
|
|
12117
|
+
* @param correlationId
|
|
12118
|
+
* @returns
|
|
12119
|
+
*/
|
|
12120
|
+
async migrateRefreshTokens(credentialSchema, kmsiMap, correlationId) {
|
|
12121
|
+
const credentialKeysToMigrate = getTokenKeys(this.clientId, this.browserStorage, credentialSchema);
|
|
12122
|
+
if (credentialKeysToMigrate.refreshToken.length === 0) {
|
|
12123
|
+
return;
|
|
12124
|
+
}
|
|
12125
|
+
const currentCredentialKeys = getTokenKeys(this.clientId, this.browserStorage, CREDENTIAL_SCHEMA_VERSION);
|
|
12126
|
+
for (const refreshTokenKey of [
|
|
12127
|
+
...credentialKeysToMigrate.refreshToken,
|
|
12128
|
+
]) {
|
|
12129
|
+
this.performanceClient.incrementFields({ oldRTCount: 1 }, correlationId);
|
|
12130
|
+
const oldSchemaData = (await this.updateOldEntry(refreshTokenKey, correlationId));
|
|
12131
|
+
if (!oldSchemaData) {
|
|
12132
|
+
removeElementFromArray(credentialKeysToMigrate.refreshToken, refreshTokenKey);
|
|
12133
|
+
continue;
|
|
12134
|
+
}
|
|
12135
|
+
if (!Object.keys(kmsiMap).includes(oldSchemaData.homeAccountId)) {
|
|
12136
|
+
// Don't migrate tokens if we don't have an idToken for them
|
|
12137
|
+
this.performanceClient.incrementFields({ skipRTMigrateCount: 1 }, correlationId);
|
|
12138
|
+
continue;
|
|
12139
|
+
}
|
|
12140
|
+
const newKey = this.generateCredentialKey(oldSchemaData);
|
|
12141
|
+
const kmsi = kmsiMap[oldSchemaData.homeAccountId];
|
|
12142
|
+
if (!currentCredentialKeys.refreshToken.includes(newKey)) {
|
|
12143
|
+
await this.setUserData(newKey, JSON.stringify(oldSchemaData), correlationId, oldSchemaData.lastUpdatedAt, kmsi);
|
|
12144
|
+
this.performanceClient.incrementFields({ migratedRTCount: 1 }, correlationId);
|
|
12145
|
+
currentCredentialKeys.refreshToken.push(newKey);
|
|
12146
|
+
}
|
|
12147
|
+
else {
|
|
12148
|
+
const currentToken = this.getRefreshTokenCredential(newKey, correlationId);
|
|
12149
|
+
if (!currentToken ||
|
|
12150
|
+
oldSchemaData.lastUpdatedAt > currentToken.lastUpdatedAt) {
|
|
12151
|
+
// If the token already exists, only overwrite it if the old token has a more recent lastUpdatedAt
|
|
12152
|
+
await this.setUserData(newKey, JSON.stringify(oldSchemaData), correlationId, oldSchemaData.lastUpdatedAt, kmsi);
|
|
12153
|
+
this.performanceClient.incrementFields({ migratedRTCount: 1 }, correlationId);
|
|
11891
12154
|
}
|
|
11892
12155
|
}
|
|
11893
|
-
/*
|
|
11894
|
-
* Note: If we reach here for unencrypted localStorage data, we continue without migrating
|
|
11895
|
-
* as we can't migrate unencrypted localStorage data right now since we can't guarantee KMSI=no
|
|
11896
|
-
*/
|
|
11897
12156
|
}
|
|
11898
|
-
|
|
12157
|
+
this.setTokenKeys(credentialKeysToMigrate, correlationId, credentialSchema);
|
|
12158
|
+
this.setTokenKeys(currentCredentialKeys, correlationId);
|
|
11899
12159
|
}
|
|
11900
12160
|
/**
|
|
11901
12161
|
* Tracks upgrades and downgrades for telemetry and debugging purposes
|
|
@@ -11940,20 +12200,31 @@ class BrowserCacheManager extends CacheManager {
|
|
|
11940
12200
|
* @param value
|
|
11941
12201
|
*/
|
|
11942
12202
|
setItem(key, value, correlationId) {
|
|
11943
|
-
|
|
11944
|
-
|
|
12203
|
+
const tokenKeysCount = new Array(CREDENTIAL_SCHEMA_VERSION + 1).fill(0); // Array mapping schema version to number of token keys stored for that version
|
|
12204
|
+
const accessTokenKeys = []; // Flat map of all access token keys stored, ordered by schema version
|
|
11945
12205
|
const maxRetries = 20;
|
|
11946
12206
|
for (let i = 0; i <= maxRetries; i++) {
|
|
12207
|
+
// Attempt to store item in cache, if cache is full this call will throw and we'll attempt to clear space by removing access tokens from the cache one by one, starting with tokens stored by previous versions of MSAL.js
|
|
11947
12208
|
try {
|
|
11948
12209
|
this.browserStorage.setItem(key, value);
|
|
11949
12210
|
if (i > 0) {
|
|
11950
|
-
//
|
|
11951
|
-
|
|
11952
|
-
this
|
|
11953
|
-
|
|
11954
|
-
|
|
11955
|
-
|
|
11956
|
-
|
|
12211
|
+
// If any tokens were removed in order to store this item update the token keys array with the tokens removed
|
|
12212
|
+
for (let schemaVersion = 0; schemaVersion <= CREDENTIAL_SCHEMA_VERSION; schemaVersion++) {
|
|
12213
|
+
// Get the sum of all previous token counts to use as start index for this schema version
|
|
12214
|
+
const startIndex = tokenKeysCount
|
|
12215
|
+
.slice(0, schemaVersion)
|
|
12216
|
+
.reduce((sum, count) => sum + count, 0);
|
|
12217
|
+
if (startIndex >= i) {
|
|
12218
|
+
// Done removing tokens
|
|
12219
|
+
break;
|
|
12220
|
+
}
|
|
12221
|
+
const endIndex = i > startIndex + tokenKeysCount[schemaVersion]
|
|
12222
|
+
? startIndex + tokenKeysCount[schemaVersion]
|
|
12223
|
+
: i;
|
|
12224
|
+
if (i > startIndex &&
|
|
12225
|
+
tokenKeysCount[schemaVersion] > 0) {
|
|
12226
|
+
this.removeAccessTokenKeys(accessTokenKeys.slice(startIndex, endIndex), correlationId, schemaVersion);
|
|
12227
|
+
}
|
|
11957
12228
|
}
|
|
11958
12229
|
}
|
|
11959
12230
|
break; // If setItem succeeds, exit the loop
|
|
@@ -11965,16 +12236,19 @@ class BrowserCacheManager extends CacheManager {
|
|
|
11965
12236
|
i < maxRetries) {
|
|
11966
12237
|
if (!accessTokenKeys.length) {
|
|
11967
12238
|
// If we are currently trying to set the token keys, use the value we're trying to set
|
|
11968
|
-
|
|
11969
|
-
|
|
11970
|
-
|
|
11971
|
-
|
|
11972
|
-
|
|
11973
|
-
|
|
11974
|
-
|
|
11975
|
-
|
|
11976
|
-
|
|
11977
|
-
|
|
12239
|
+
for (let i = 0; i <= CREDENTIAL_SCHEMA_VERSION; i++) {
|
|
12240
|
+
if (key ===
|
|
12241
|
+
getTokenKeysCacheKey(this.clientId, i)) {
|
|
12242
|
+
const tokenKeys = JSON.parse(value).accessToken;
|
|
12243
|
+
accessTokenKeys.push(...tokenKeys);
|
|
12244
|
+
tokenKeysCount[i] = tokenKeys.length;
|
|
12245
|
+
}
|
|
12246
|
+
else {
|
|
12247
|
+
const tokenKeys = this.getTokenKeys(i).accessToken;
|
|
12248
|
+
accessTokenKeys.push(...tokenKeys);
|
|
12249
|
+
tokenKeysCount[i] = tokenKeys.length;
|
|
12250
|
+
}
|
|
12251
|
+
}
|
|
11978
12252
|
}
|
|
11979
12253
|
if (accessTokenKeys.length <= i) {
|
|
11980
12254
|
// Nothing to remove, rethrow the error
|
|
@@ -11997,21 +12271,32 @@ class BrowserCacheManager extends CacheManager {
|
|
|
11997
12271
|
* @param value
|
|
11998
12272
|
* @param correlationId
|
|
11999
12273
|
*/
|
|
12000
|
-
async setUserData(key, value, correlationId, timestamp) {
|
|
12001
|
-
|
|
12002
|
-
|
|
12274
|
+
async setUserData(key, value, correlationId, timestamp, kmsi) {
|
|
12275
|
+
const tokenKeysCount = new Array(CREDENTIAL_SCHEMA_VERSION + 1).fill(0); // Array mapping schema version to number of token keys stored for that version
|
|
12276
|
+
const accessTokenKeys = []; // Flat map of all access token keys stored, ordered by schema version
|
|
12003
12277
|
const maxRetries = 20;
|
|
12004
12278
|
for (let i = 0; i <= maxRetries; i++) {
|
|
12005
12279
|
try {
|
|
12006
|
-
|
|
12280
|
+
// Attempt to store item in cache, if cache is full this call will throw and we'll attempt to clear space by removing access tokens from the cache one by one, starting with tokens stored by previous versions of MSAL.js
|
|
12281
|
+
await invokeAsync(this.browserStorage.setUserData.bind(this.browserStorage), PerformanceEvents.SetUserData, this.logger, this.performanceClient)(key, value, correlationId, timestamp, kmsi);
|
|
12007
12282
|
if (i > 0) {
|
|
12008
|
-
//
|
|
12009
|
-
|
|
12010
|
-
this
|
|
12011
|
-
|
|
12012
|
-
|
|
12013
|
-
|
|
12014
|
-
|
|
12283
|
+
// If any tokens were removed in order to store this item update the token keys array with the tokens removed
|
|
12284
|
+
for (let schemaVersion = 0; schemaVersion <= CREDENTIAL_SCHEMA_VERSION; schemaVersion++) {
|
|
12285
|
+
// Get the sum of all previous token counts to use as start index for this schema version
|
|
12286
|
+
const startIndex = tokenKeysCount
|
|
12287
|
+
.slice(0, schemaVersion)
|
|
12288
|
+
.reduce((sum, count) => sum + count, 0);
|
|
12289
|
+
if (startIndex >= i) {
|
|
12290
|
+
// Done removing tokens
|
|
12291
|
+
break;
|
|
12292
|
+
}
|
|
12293
|
+
const endIndex = i > startIndex + tokenKeysCount[schemaVersion]
|
|
12294
|
+
? startIndex + tokenKeysCount[schemaVersion]
|
|
12295
|
+
: i;
|
|
12296
|
+
if (i > startIndex &&
|
|
12297
|
+
tokenKeysCount[schemaVersion] > 0) {
|
|
12298
|
+
this.removeAccessTokenKeys(accessTokenKeys.slice(startIndex, endIndex), correlationId, schemaVersion);
|
|
12299
|
+
}
|
|
12015
12300
|
}
|
|
12016
12301
|
}
|
|
12017
12302
|
break; // If setItem succeeds, exit the loop
|
|
@@ -12022,10 +12307,12 @@ class BrowserCacheManager extends CacheManager {
|
|
|
12022
12307
|
cacheQuotaExceeded &&
|
|
12023
12308
|
i < maxRetries) {
|
|
12024
12309
|
if (!accessTokenKeys.length) {
|
|
12025
|
-
|
|
12026
|
-
|
|
12027
|
-
|
|
12028
|
-
|
|
12310
|
+
// If we are currently trying to set the token keys, use the value we're trying to set
|
|
12311
|
+
for (let i = 0; i <= CREDENTIAL_SCHEMA_VERSION; i++) {
|
|
12312
|
+
const tokenKeys = this.getTokenKeys(i).accessToken;
|
|
12313
|
+
accessTokenKeys.push(...tokenKeys);
|
|
12314
|
+
tokenKeysCount[i] = tokenKeys.length;
|
|
12315
|
+
}
|
|
12029
12316
|
}
|
|
12030
12317
|
if (accessTokenKeys.length <= i) {
|
|
12031
12318
|
// Nothing left to remove, rethrow the error
|
|
@@ -12065,20 +12352,21 @@ class BrowserCacheManager extends CacheManager {
|
|
|
12065
12352
|
* set account entity in the platform cache
|
|
12066
12353
|
* @param account
|
|
12067
12354
|
*/
|
|
12068
|
-
async setAccount(account, correlationId) {
|
|
12355
|
+
async setAccount(account, correlationId, kmsi) {
|
|
12069
12356
|
this.logger.trace("BrowserCacheManager.setAccount called");
|
|
12070
|
-
const key = this.generateAccountKey(
|
|
12357
|
+
const key = this.generateAccountKey(AccountEntity.getAccountInfo(account));
|
|
12071
12358
|
const timestamp = Date.now().toString();
|
|
12072
12359
|
account.lastUpdatedAt = timestamp;
|
|
12073
|
-
await this.setUserData(key, JSON.stringify(account), correlationId, timestamp);
|
|
12360
|
+
await this.setUserData(key, JSON.stringify(account), correlationId, timestamp, kmsi);
|
|
12074
12361
|
const wasAdded = this.addAccountKeyToMap(key, correlationId);
|
|
12362
|
+
this.performanceClient.addFields({ kmsi: kmsi }, correlationId);
|
|
12075
12363
|
/**
|
|
12076
12364
|
* @deprecated - Remove this in next major version in favor of more consistent LOGIN event
|
|
12077
12365
|
*/
|
|
12078
12366
|
if (this.cacheConfig.cacheLocation ===
|
|
12079
12367
|
BrowserCacheLocation.LocalStorage &&
|
|
12080
12368
|
wasAdded) {
|
|
12081
|
-
this.eventHandler.emitEvent(EventType.ACCOUNT_ADDED, undefined,
|
|
12369
|
+
this.eventHandler.emitEvent(EventType.ACCOUNT_ADDED, undefined, AccountEntity.getAccountInfo(account));
|
|
12082
12370
|
}
|
|
12083
12371
|
}
|
|
12084
12372
|
/**
|
|
@@ -12088,6 +12376,14 @@ class BrowserCacheManager extends CacheManager {
|
|
|
12088
12376
|
getAccountKeys() {
|
|
12089
12377
|
return getAccountKeys(this.browserStorage);
|
|
12090
12378
|
}
|
|
12379
|
+
setAccountKeys(accountKeys, correlationId, schemaVersion = ACCOUNT_SCHEMA_VERSION) {
|
|
12380
|
+
if (accountKeys.length === 0) {
|
|
12381
|
+
this.removeItem(getAccountKeysCacheKey(schemaVersion));
|
|
12382
|
+
}
|
|
12383
|
+
else {
|
|
12384
|
+
this.setItem(getAccountKeysCacheKey(schemaVersion), JSON.stringify(accountKeys), correlationId);
|
|
12385
|
+
}
|
|
12386
|
+
}
|
|
12091
12387
|
/**
|
|
12092
12388
|
* Add a new account to the key map
|
|
12093
12389
|
* @param key
|
|
@@ -12119,14 +12415,7 @@ class BrowserCacheManager extends CacheManager {
|
|
|
12119
12415
|
const removalIndex = accountKeys.indexOf(key);
|
|
12120
12416
|
if (removalIndex > -1) {
|
|
12121
12417
|
accountKeys.splice(removalIndex, 1);
|
|
12122
|
-
|
|
12123
|
-
// If no keys left, remove the map
|
|
12124
|
-
this.removeItem(getAccountKeysCacheKey());
|
|
12125
|
-
return;
|
|
12126
|
-
}
|
|
12127
|
-
else {
|
|
12128
|
-
this.setItem(getAccountKeysCacheKey(), JSON.stringify(accountKeys), correlationId);
|
|
12129
|
-
}
|
|
12418
|
+
this.setAccountKeys(accountKeys, correlationId);
|
|
12130
12419
|
this.logger.trace("BrowserCacheManager.removeAccountKeyFromMap account key removed");
|
|
12131
12420
|
}
|
|
12132
12421
|
else {
|
|
@@ -12266,12 +12555,12 @@ class BrowserCacheManager extends CacheManager {
|
|
|
12266
12555
|
* set IdToken credential to the platform cache
|
|
12267
12556
|
* @param idToken
|
|
12268
12557
|
*/
|
|
12269
|
-
async setIdTokenCredential(idToken, correlationId) {
|
|
12558
|
+
async setIdTokenCredential(idToken, correlationId, kmsi) {
|
|
12270
12559
|
this.logger.trace("BrowserCacheManager.setIdTokenCredential called");
|
|
12271
12560
|
const idTokenKey = this.generateCredentialKey(idToken);
|
|
12272
12561
|
const timestamp = Date.now().toString();
|
|
12273
12562
|
idToken.lastUpdatedAt = timestamp;
|
|
12274
|
-
await this.setUserData(idTokenKey, JSON.stringify(idToken), correlationId, timestamp);
|
|
12563
|
+
await this.setUserData(idTokenKey, JSON.stringify(idToken), correlationId, timestamp, kmsi);
|
|
12275
12564
|
const tokenKeys = this.getTokenKeys();
|
|
12276
12565
|
if (tokenKeys.idToken.indexOf(idTokenKey) === -1) {
|
|
12277
12566
|
this.logger.info("BrowserCacheManager: addTokenKey - idToken added to map");
|
|
@@ -12303,12 +12592,12 @@ class BrowserCacheManager extends CacheManager {
|
|
|
12303
12592
|
* set accessToken credential to the platform cache
|
|
12304
12593
|
* @param accessToken
|
|
12305
12594
|
*/
|
|
12306
|
-
async setAccessTokenCredential(accessToken, correlationId) {
|
|
12595
|
+
async setAccessTokenCredential(accessToken, correlationId, kmsi) {
|
|
12307
12596
|
this.logger.trace("BrowserCacheManager.setAccessTokenCredential called");
|
|
12308
12597
|
const accessTokenKey = this.generateCredentialKey(accessToken);
|
|
12309
12598
|
const timestamp = Date.now().toString();
|
|
12310
12599
|
accessToken.lastUpdatedAt = timestamp;
|
|
12311
|
-
await this.setUserData(accessTokenKey, JSON.stringify(accessToken), correlationId, timestamp);
|
|
12600
|
+
await this.setUserData(accessTokenKey, JSON.stringify(accessToken), correlationId, timestamp, kmsi);
|
|
12312
12601
|
const tokenKeys = this.getTokenKeys();
|
|
12313
12602
|
const index = tokenKeys.accessToken.indexOf(accessTokenKey);
|
|
12314
12603
|
if (index !== -1) {
|
|
@@ -12342,12 +12631,12 @@ class BrowserCacheManager extends CacheManager {
|
|
|
12342
12631
|
* set refreshToken credential to the platform cache
|
|
12343
12632
|
* @param refreshToken
|
|
12344
12633
|
*/
|
|
12345
|
-
async setRefreshTokenCredential(refreshToken, correlationId) {
|
|
12634
|
+
async setRefreshTokenCredential(refreshToken, correlationId, kmsi) {
|
|
12346
12635
|
this.logger.trace("BrowserCacheManager.setRefreshTokenCredential called");
|
|
12347
12636
|
const refreshTokenKey = this.generateCredentialKey(refreshToken);
|
|
12348
12637
|
const timestamp = Date.now().toString();
|
|
12349
12638
|
refreshToken.lastUpdatedAt = timestamp;
|
|
12350
|
-
await this.setUserData(refreshTokenKey, JSON.stringify(refreshToken), correlationId, timestamp);
|
|
12639
|
+
await this.setUserData(refreshTokenKey, JSON.stringify(refreshToken), correlationId, timestamp, kmsi);
|
|
12351
12640
|
const tokenKeys = this.getTokenKeys();
|
|
12352
12641
|
if (tokenKeys.refreshToken.indexOf(refreshTokenKey) === -1) {
|
|
12353
12642
|
this.logger.info("BrowserCacheManager: addTokenKey - refreshToken added to map");
|
|
@@ -12847,7 +13136,7 @@ class BrowserCacheManager extends CacheManager {
|
|
|
12847
13136
|
idToken: idTokenEntity,
|
|
12848
13137
|
accessToken: accessTokenEntity,
|
|
12849
13138
|
};
|
|
12850
|
-
return this.saveCacheRecord(cacheRecord, result.correlationId);
|
|
13139
|
+
return this.saveCacheRecord(cacheRecord, result.correlationId, isKmsi(extractTokenClaims(result.idToken, base64Decode)));
|
|
12851
13140
|
}
|
|
12852
13141
|
/**
|
|
12853
13142
|
* saves a cache record
|
|
@@ -12855,9 +13144,9 @@ class BrowserCacheManager extends CacheManager {
|
|
|
12855
13144
|
* @param storeInCache {?StoreInCache}
|
|
12856
13145
|
* @param correlationId {?string} correlation id
|
|
12857
13146
|
*/
|
|
12858
|
-
async saveCacheRecord(cacheRecord, correlationId, storeInCache) {
|
|
13147
|
+
async saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache) {
|
|
12859
13148
|
try {
|
|
12860
|
-
await super.saveCacheRecord(cacheRecord, correlationId, storeInCache);
|
|
13149
|
+
await super.saveCacheRecord(cacheRecord, correlationId, kmsi, storeInCache);
|
|
12861
13150
|
}
|
|
12862
13151
|
catch (e) {
|
|
12863
13152
|
if (e instanceof CacheError &&
|
|
@@ -14089,7 +14378,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
14089
14378
|
// generate authenticationResult
|
|
14090
14379
|
const result = await this.generateAuthenticationResult(response, request, idTokenClaims, baseAccount, authority.canonicalAuthority, reqTimestamp);
|
|
14091
14380
|
// cache accounts and tokens in the appropriate storage
|
|
14092
|
-
await this.cacheAccount(baseAccount, this.correlationId);
|
|
14381
|
+
await this.cacheAccount(baseAccount, this.correlationId, isKmsi(idTokenClaims));
|
|
14093
14382
|
await this.cacheNativeTokens(response, request, homeAccountIdentifier, idTokenClaims, response.access_token, result.tenantId, reqTimestamp);
|
|
14094
14383
|
return result;
|
|
14095
14384
|
}
|
|
@@ -14176,7 +14465,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
14176
14465
|
const tid = accountProperties["TenantId"] ||
|
|
14177
14466
|
idTokenClaims.tid ||
|
|
14178
14467
|
Constants.EMPTY_STRING;
|
|
14179
|
-
const accountInfo = updateAccountTenantProfileData(
|
|
14468
|
+
const accountInfo = updateAccountTenantProfileData(AccountEntity.getAccountInfo(accountEntity), undefined, // tenantProfile optional
|
|
14180
14469
|
idTokenClaims, response.id_token);
|
|
14181
14470
|
/**
|
|
14182
14471
|
* In pairwise broker flows, this check prevents the broker's native account id
|
|
@@ -14213,11 +14502,11 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
14213
14502
|
* cache the account entity in browser storage
|
|
14214
14503
|
* @param accountEntity
|
|
14215
14504
|
*/
|
|
14216
|
-
async cacheAccount(accountEntity, correlationId) {
|
|
14505
|
+
async cacheAccount(accountEntity, correlationId, kmsi) {
|
|
14217
14506
|
// Store the account info and hence `nativeAccountId` in browser cache
|
|
14218
|
-
await this.browserStorage.setAccount(accountEntity, this.correlationId);
|
|
14507
|
+
await this.browserStorage.setAccount(accountEntity, this.correlationId, kmsi);
|
|
14219
14508
|
// Remove any existing cached tokens for this account in browser storage
|
|
14220
|
-
this.browserStorage.removeAccountContext(
|
|
14509
|
+
this.browserStorage.removeAccountContext(AccountEntity.getAccountInfo(accountEntity), correlationId);
|
|
14221
14510
|
}
|
|
14222
14511
|
/**
|
|
14223
14512
|
* Stores the access_token and id_token in inmemory storage
|
|
@@ -14244,7 +14533,7 @@ class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
14244
14533
|
idToken: cachedIdToken,
|
|
14245
14534
|
accessToken: cachedAccessToken,
|
|
14246
14535
|
};
|
|
14247
|
-
return this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, this.correlationId, request.storeInCache);
|
|
14536
|
+
return this.nativeStorageManager.saveCacheRecord(nativeCacheRecord, this.correlationId, isKmsi(idTokenClaims), request.storeInCache);
|
|
14248
14537
|
}
|
|
14249
14538
|
getExpiresInValue(tokenType, expiresIn) {
|
|
14250
14539
|
return tokenType === AuthenticationScheme.POP
|
|
@@ -16522,6 +16811,7 @@ class TokenCache {
|
|
|
16522
16811
|
const idTokenClaims = response.id_token
|
|
16523
16812
|
? extractTokenClaims(response.id_token, base64Decode)
|
|
16524
16813
|
: undefined;
|
|
16814
|
+
const kmsi = isKmsi(idTokenClaims || {});
|
|
16525
16815
|
const authorityOptions = {
|
|
16526
16816
|
protocolMode: this.config.auth.protocolMode,
|
|
16527
16817
|
knownAuthorities: this.config.auth.knownAuthorities,
|
|
@@ -16533,9 +16823,9 @@ class TokenCache {
|
|
|
16533
16823
|
? new Authority(Authority.generateAuthority(request.authority, request.azureCloudOptions), this.config.system.networkClient, this.storage, authorityOptions, this.logger, request.correlationId || createNewGuid())
|
|
16534
16824
|
: undefined;
|
|
16535
16825
|
const cacheRecordAccount = await this.loadAccount(request, options.clientInfo || response.client_info || "", correlationId, idTokenClaims, authority);
|
|
16536
|
-
const idToken = await this.loadIdToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, correlationId);
|
|
16537
|
-
const accessToken = await this.loadAccessToken(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options, correlationId);
|
|
16538
|
-
const refreshToken = await this.loadRefreshToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, correlationId);
|
|
16826
|
+
const idToken = await this.loadIdToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, correlationId, kmsi);
|
|
16827
|
+
const accessToken = await this.loadAccessToken(request, response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, cacheRecordAccount.realm, options, correlationId, kmsi);
|
|
16828
|
+
const refreshToken = await this.loadRefreshToken(response, cacheRecordAccount.homeAccountId, cacheRecordAccount.environment, correlationId, kmsi);
|
|
16539
16829
|
return this.generateAuthenticationResult(request, {
|
|
16540
16830
|
account: cacheRecordAccount,
|
|
16541
16831
|
idToken,
|
|
@@ -16556,7 +16846,7 @@ class TokenCache {
|
|
|
16556
16846
|
this.logger.verbose("TokenCache - loading account");
|
|
16557
16847
|
if (request.account) {
|
|
16558
16848
|
const accountEntity = AccountEntity.createFromAccountInfo(request.account);
|
|
16559
|
-
await this.storage.setAccount(accountEntity, correlationId);
|
|
16849
|
+
await this.storage.setAccount(accountEntity, correlationId, isKmsi(idTokenClaims || {}));
|
|
16560
16850
|
return accountEntity;
|
|
16561
16851
|
}
|
|
16562
16852
|
else if (!authority || (!clientInfo && !idTokenClaims)) {
|
|
@@ -16568,7 +16858,7 @@ class TokenCache {
|
|
|
16568
16858
|
const cachedAccount = buildAccountToCache(this.storage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, authority.hostnameAndPort, claimsTenantId, undefined, // authCodePayload
|
|
16569
16859
|
undefined, // nativeAccountId
|
|
16570
16860
|
this.logger);
|
|
16571
|
-
await this.storage.setAccount(cachedAccount, correlationId);
|
|
16861
|
+
await this.storage.setAccount(cachedAccount, correlationId, isKmsi(idTokenClaims || {}));
|
|
16572
16862
|
return cachedAccount;
|
|
16573
16863
|
}
|
|
16574
16864
|
/**
|
|
@@ -16579,14 +16869,14 @@ class TokenCache {
|
|
|
16579
16869
|
* @param tenantId
|
|
16580
16870
|
* @returns `IdTokenEntity`
|
|
16581
16871
|
*/
|
|
16582
|
-
async loadIdToken(response, homeAccountId, environment, tenantId, correlationId) {
|
|
16872
|
+
async loadIdToken(response, homeAccountId, environment, tenantId, correlationId, kmsi) {
|
|
16583
16873
|
if (!response.id_token) {
|
|
16584
16874
|
this.logger.verbose("TokenCache - no id token found in response");
|
|
16585
16875
|
return null;
|
|
16586
16876
|
}
|
|
16587
16877
|
this.logger.verbose("TokenCache - loading id token");
|
|
16588
16878
|
const idTokenEntity = createIdTokenEntity(homeAccountId, environment, response.id_token, this.config.auth.clientId, tenantId);
|
|
16589
|
-
await this.storage.setIdTokenCredential(idTokenEntity, correlationId);
|
|
16879
|
+
await this.storage.setIdTokenCredential(idTokenEntity, correlationId, kmsi);
|
|
16590
16880
|
return idTokenEntity;
|
|
16591
16881
|
}
|
|
16592
16882
|
/**
|
|
@@ -16598,7 +16888,7 @@ class TokenCache {
|
|
|
16598
16888
|
* @param tenantId
|
|
16599
16889
|
* @returns `AccessTokenEntity`
|
|
16600
16890
|
*/
|
|
16601
|
-
async loadAccessToken(request, response, homeAccountId, environment, tenantId, options, correlationId) {
|
|
16891
|
+
async loadAccessToken(request, response, homeAccountId, environment, tenantId, options, correlationId, kmsi) {
|
|
16602
16892
|
if (!response.access_token) {
|
|
16603
16893
|
this.logger.verbose("TokenCache - no access token found in response");
|
|
16604
16894
|
return null;
|
|
@@ -16621,7 +16911,7 @@ class TokenCache {
|
|
|
16621
16911
|
(response.ext_expires_in || response.expires_in) +
|
|
16622
16912
|
nowSeconds();
|
|
16623
16913
|
const accessTokenEntity = createAccessTokenEntity(homeAccountId, environment, response.access_token, this.config.auth.clientId, tenantId, scopes.printScopes(), expiresOn, extendedExpiresOn, base64Decode);
|
|
16624
|
-
await this.storage.setAccessTokenCredential(accessTokenEntity, correlationId);
|
|
16914
|
+
await this.storage.setAccessTokenCredential(accessTokenEntity, correlationId, kmsi);
|
|
16625
16915
|
return accessTokenEntity;
|
|
16626
16916
|
}
|
|
16627
16917
|
/**
|
|
@@ -16632,7 +16922,7 @@ class TokenCache {
|
|
|
16632
16922
|
* @param environment
|
|
16633
16923
|
* @returns `RefreshTokenEntity`
|
|
16634
16924
|
*/
|
|
16635
|
-
async loadRefreshToken(response, homeAccountId, environment, correlationId) {
|
|
16925
|
+
async loadRefreshToken(response, homeAccountId, environment, correlationId, kmsi) {
|
|
16636
16926
|
if (!response.refresh_token) {
|
|
16637
16927
|
this.logger.verbose("TokenCache - no refresh token found in response");
|
|
16638
16928
|
return null;
|
|
@@ -16640,7 +16930,7 @@ class TokenCache {
|
|
|
16640
16930
|
this.logger.verbose("TokenCache - loading refresh token");
|
|
16641
16931
|
const refreshTokenEntity = createRefreshTokenEntity(homeAccountId, environment, response.refresh_token, this.config.auth.clientId, response.foci, undefined, // userAssertionHash
|
|
16642
16932
|
response.refresh_token_expires_in);
|
|
16643
|
-
await this.storage.setRefreshTokenCredential(refreshTokenEntity, correlationId);
|
|
16933
|
+
await this.storage.setRefreshTokenCredential(refreshTokenEntity, correlationId, kmsi);
|
|
16644
16934
|
return refreshTokenEntity;
|
|
16645
16935
|
}
|
|
16646
16936
|
/**
|
|
@@ -16669,7 +16959,7 @@ class TokenCache {
|
|
|
16669
16959
|
uniqueId: cacheRecord.account.localAccountId,
|
|
16670
16960
|
tenantId: cacheRecord.account.realm,
|
|
16671
16961
|
scopes: responseScopes,
|
|
16672
|
-
account:
|
|
16962
|
+
account: AccountEntity.getAccountInfo(accountEntity),
|
|
16673
16963
|
idToken: cacheRecord.idToken?.secret || "",
|
|
16674
16964
|
idTokenClaims: idTokenClaims || {},
|
|
16675
16965
|
accessToken: accessToken,
|
|
@@ -17687,7 +17977,7 @@ class StandardController {
|
|
|
17687
17977
|
this.logger.verbose("hydrateCache called");
|
|
17688
17978
|
// Account gets saved to browser storage regardless of native or not
|
|
17689
17979
|
const accountEntity = AccountEntity.createFromAccountInfo(result.account, result.cloudGraphHostName, result.msGraphHost);
|
|
17690
|
-
await this.browserStorage.setAccount(accountEntity, result.correlationId);
|
|
17980
|
+
await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims));
|
|
17691
17981
|
if (result.fromNativeBroker) {
|
|
17692
17982
|
this.logger.verbose("Response was from native broker, storing in-memory");
|
|
17693
17983
|
// Tokens from native broker are stored in-memory
|
|
@@ -18965,7 +19255,7 @@ class NestedAppAuthController {
|
|
|
18965
19255
|
async hydrateCache(result, request) {
|
|
18966
19256
|
this.logger.verbose("hydrateCache called");
|
|
18967
19257
|
const accountEntity = AccountEntity.createFromAccountInfo(result.account, result.cloudGraphHostName, result.msGraphHost);
|
|
18968
|
-
await this.browserStorage.setAccount(accountEntity, result.correlationId);
|
|
19258
|
+
await this.browserStorage.setAccount(accountEntity, result.correlationId, isKmsi(result.idTokenClaims));
|
|
18969
19259
|
return this.browserStorage.hydrateCache(result, request);
|
|
18970
19260
|
}
|
|
18971
19261
|
}
|