@azure/msal-browser 4.25.1 → 4.26.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientNext.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.d.ts +64 -7
- package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +400 -141
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.d.ts +3 -3
- package/dist/cache/CacheKeys.mjs +4 -4
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/IWindowStorage.d.ts +1 -1
- package/dist/cache/IWindowStorage.d.ts.map +1 -1
- package/dist/cache/LocalStorage.d.ts +1 -1
- package/dist/cache/LocalStorage.d.ts.map +1 -1
- package/dist/cache/LocalStorage.mjs +21 -12
- package/dist/cache/LocalStorage.mjs.map +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.d.ts.map +1 -1
- package/dist/cache/TokenCache.mjs +14 -13
- package/dist/cache/TokenCache.mjs.map +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/ControllerFactory.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +3 -3
- package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +3 -3
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom-auth-path/app/PublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/custom-auth-path/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/custom-auth-path/cache/AccountManager.mjs +1 -1
- package/dist/custom-auth-path/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts +64 -7
- package/dist/custom-auth-path/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs +400 -141
- package/dist/custom-auth-path/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/custom-auth-path/cache/CacheHelpers.mjs +1 -1
- package/dist/custom-auth-path/cache/CacheKeys.d.ts +3 -3
- package/dist/custom-auth-path/cache/CacheKeys.mjs +4 -4
- package/dist/custom-auth-path/cache/CookieStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/DatabaseStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/EncryptedData.mjs +1 -1
- package/dist/custom-auth-path/cache/IWindowStorage.d.ts +1 -1
- package/dist/custom-auth-path/cache/IWindowStorage.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.d.ts +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/LocalStorage.mjs +21 -12
- package/dist/custom-auth-path/cache/LocalStorage.mjs.map +1 -1
- package/dist/custom-auth-path/cache/MemoryStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/SessionStorage.mjs +1 -1
- package/dist/custom-auth-path/cache/TokenCache.d.ts.map +1 -1
- package/dist/custom-auth-path/cache/TokenCache.mjs +14 -13
- package/dist/custom-auth-path/cache/TokenCache.mjs.map +1 -1
- package/dist/custom-auth-path/config/Configuration.mjs +1 -1
- package/dist/custom-auth-path/controllers/ControllerFactory.mjs +1 -1
- package/dist/custom-auth-path/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.d.ts.map +1 -1
- package/dist/custom-auth-path/controllers/StandardController.mjs +3 -3
- package/dist/custom-auth-path/controllers/StandardController.mjs.map +1 -1
- package/dist/custom-auth-path/crypto/BrowserCrypto.mjs +1 -1
- package/dist/custom-auth-path/crypto/CryptoOps.mjs +1 -1
- package/dist/custom-auth-path/crypto/PkceGenerator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/index.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom-auth-path/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Decode.mjs +1 -1
- package/dist/custom-auth-path/encode/Base64Encode.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthError.mjs +1 -1
- package/dist/custom-auth-path/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/custom-auth-path/event/EventHandler.mjs +1 -1
- package/dist/custom-auth-path/event/EventType.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs +7 -7
- package/dist/custom-auth-path/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/custom-auth-path/interaction_client/PopupClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/RedirectClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs +2 -1
- package/dist/custom-auth-path/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/custom-auth-path/navigation/NavigationClient.mjs +1 -1
- package/dist/custom-auth-path/network/FetchClient.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/custom-auth-path/packageMetadata.d.ts +1 -1
- package/dist/custom-auth-path/packageMetadata.mjs +2 -2
- package/dist/custom-auth-path/protocol/Authorize.mjs +1 -1
- package/dist/custom-auth-path/request/RequestHelpers.mjs +1 -1
- package/dist/custom-auth-path/response/ResponseHandler.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserConstants.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/BrowserUtils.mjs +1 -1
- package/dist/custom-auth-path/utils/Helpers.mjs +1 -1
- package/dist/custom-auth-path/utils/MsalFrameStatsUtils.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +7 -7
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +2 -1
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/msal-custom-auth.cjs +1238 -947
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts +64 -7
- package/lib/custom-auth-path/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/custom-auth-path/types/cache/CacheKeys.d.ts +3 -3
- package/lib/custom-auth-path/types/cache/IWindowStorage.d.ts +1 -1
- package/lib/custom-auth-path/types/cache/IWindowStorage.d.ts.map +1 -1
- package/lib/custom-auth-path/types/cache/LocalStorage.d.ts +1 -1
- package/lib/custom-auth-path/types/cache/LocalStorage.d.ts.map +1 -1
- package/lib/custom-auth-path/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/custom-auth-path/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
- package/lib/custom-auth-path/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/custom-auth-path/types/packageMetadata.d.ts +1 -1
- package/lib/msal-browser.cjs +947 -656
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +947 -656
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +67 -67
- package/lib/types/cache/BrowserCacheManager.d.ts +64 -7
- package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/types/cache/CacheKeys.d.ts +3 -3
- package/lib/types/cache/IWindowStorage.d.ts +1 -1
- package/lib/types/cache/IWindowStorage.d.ts.map +1 -1
- package/lib/types/cache/LocalStorage.d.ts +1 -1
- package/lib/types/cache/LocalStorage.d.ts.map +1 -1
- package/lib/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts +1 -1
- package/lib/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/package.json +2 -2
- package/src/cache/BrowserCacheManager.ts +738 -225
- package/src/cache/CacheKeys.ts +3 -3
- package/src/cache/IWindowStorage.ts +2 -1
- package/src/cache/LocalStorage.ts +30 -17
- package/src/cache/TokenCache.ts +33 -12
- package/src/controllers/NestedAppAuthController.ts +3 -1
- package/src/controllers/StandardController.ts +3 -1
- package/src/interaction_client/PlatformAuthInteractionClient.ts +15 -5
- package/src/interaction_handler/SilentHandler.ts +1 -0
- package/src/packageMetadata.ts +1 -1
|
@@ -38,6 +38,9 @@ import {
|
|
|
38
38
|
CredentialEntity,
|
|
39
39
|
CredentialType,
|
|
40
40
|
DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
|
|
41
|
+
AuthToken,
|
|
42
|
+
getTenantIdFromIdTokenClaims,
|
|
43
|
+
buildTenantProfile,
|
|
41
44
|
} from "@azure/msal-common/browser";
|
|
42
45
|
import { CacheOptions } from "../config/Configuration.js";
|
|
43
46
|
import {
|
|
@@ -72,6 +75,8 @@ import { version } from "../packageMetadata.js";
|
|
|
72
75
|
import { removeElementFromArray } from "../utils/Helpers.js";
|
|
73
76
|
import { EncryptedData, isEncrypted } from "./EncryptedData.js";
|
|
74
77
|
|
|
78
|
+
type KmsiMap = { [homeAccountId: string]: boolean };
|
|
79
|
+
|
|
75
80
|
/**
|
|
76
81
|
* This class implements the cache storage interface for MSAL through browser local or session storage.
|
|
77
82
|
* Cookies are only used if storeAuthStateInCookie is true, and are only used for
|
|
@@ -145,200 +150,637 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
145
150
|
* Migrates any existing cache data from previous versions of MSAL.js into the current cache structure.
|
|
146
151
|
*/
|
|
147
152
|
async migrateExistingCache(correlationId: string): Promise<void> {
|
|
148
|
-
|
|
149
|
-
|
|
153
|
+
let accountKeys = getAccountKeys(this.browserStorage);
|
|
154
|
+
let tokenKeys = getTokenKeys(this.clientId, this.browserStorage);
|
|
150
155
|
this.performanceClient.addFields(
|
|
151
156
|
{
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
157
|
+
preMigrateAcntCount: accountKeys.length,
|
|
158
|
+
preMigrateATCount: tokenKeys.accessToken.length,
|
|
159
|
+
preMigrateITCount: tokenKeys.idToken.length,
|
|
160
|
+
preMigrateRTCount: tokenKeys.refreshToken.length,
|
|
156
161
|
},
|
|
157
162
|
correlationId
|
|
158
163
|
);
|
|
159
164
|
|
|
160
|
-
|
|
161
|
-
|
|
165
|
+
for (let i = 0; i < CacheKeys.ACCOUNT_SCHEMA_VERSION; i++) {
|
|
166
|
+
const credentialSchema = i; // For now account and credential schemas are the same, but may diverge in future
|
|
167
|
+
await this.removeStaleAccounts(i, credentialSchema, correlationId);
|
|
168
|
+
}
|
|
169
|
+
// Must migrate idTokens first to ensure we have KMSI info for the rest
|
|
170
|
+
for (let i = 0; i < CacheKeys.CREDENTIAL_SCHEMA_VERSION; i++) {
|
|
171
|
+
const accountSchema = i; // For now account and credential schemas are the same, but may diverge in future
|
|
172
|
+
await this.migrateIdTokens(i, accountSchema, correlationId);
|
|
173
|
+
}
|
|
174
|
+
const kmsiMap = this.getKMSIValues();
|
|
175
|
+
for (let i = 0; i < CacheKeys.CREDENTIAL_SCHEMA_VERSION; i++) {
|
|
176
|
+
await this.migrateAccessTokens(i, kmsiMap, correlationId);
|
|
177
|
+
await this.migrateRefreshTokens(i, kmsiMap, correlationId);
|
|
178
|
+
}
|
|
179
|
+
|
|
180
|
+
accountKeys = getAccountKeys(this.browserStorage);
|
|
181
|
+
tokenKeys = getTokenKeys(this.clientId, this.browserStorage);
|
|
162
182
|
this.performanceClient.addFields(
|
|
163
183
|
{
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
184
|
+
postMigrateAcntCount: accountKeys.length,
|
|
185
|
+
postMigrateATCount: tokenKeys.accessToken.length,
|
|
186
|
+
postMigrateITCount: tokenKeys.idToken.length,
|
|
187
|
+
postMigrateRTCount: tokenKeys.refreshToken.length,
|
|
168
188
|
},
|
|
169
189
|
correlationId
|
|
170
190
|
);
|
|
191
|
+
}
|
|
171
192
|
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
193
|
+
/**
|
|
194
|
+
* Parses entry, adds lastUpdatedAt if it doesn't exist, removes entry if expired or invalid
|
|
195
|
+
* @param key
|
|
196
|
+
* @param correlationId
|
|
197
|
+
* @returns
|
|
198
|
+
*/
|
|
199
|
+
async updateOldEntry(
|
|
200
|
+
key: string,
|
|
201
|
+
correlationId: string
|
|
202
|
+
): Promise<CredentialEntity | null> {
|
|
203
|
+
const rawValue = this.browserStorage.getItem(key);
|
|
204
|
+
const parsedValue = this.validateAndParseJson(rawValue || "") as
|
|
205
|
+
| CredentialEntity
|
|
206
|
+
| EncryptedData
|
|
207
|
+
| null;
|
|
208
|
+
|
|
209
|
+
if (!parsedValue) {
|
|
210
|
+
this.browserStorage.removeItem(key);
|
|
211
|
+
return null;
|
|
212
|
+
}
|
|
213
|
+
|
|
214
|
+
if (!parsedValue.lastUpdatedAt) {
|
|
215
|
+
// Add lastUpdatedAt to the existing v0 entry if it doesnt exist so we know when it's safe to remove it
|
|
216
|
+
parsedValue.lastUpdatedAt = Date.now().toString();
|
|
217
|
+
this.setItem(key, JSON.stringify(parsedValue), correlationId);
|
|
218
|
+
} else if (
|
|
219
|
+
TimeUtils.isCacheExpired(
|
|
220
|
+
parsedValue.lastUpdatedAt,
|
|
221
|
+
this.cacheConfig.cacheRetentionDays
|
|
222
|
+
)
|
|
223
|
+
) {
|
|
224
|
+
this.browserStorage.removeItem(key);
|
|
225
|
+
this.performanceClient.incrementFields(
|
|
226
|
+
{ expiredCacheRemovedCount: 1 },
|
|
195
227
|
correlationId
|
|
196
|
-
)
|
|
197
|
-
|
|
228
|
+
);
|
|
229
|
+
return null;
|
|
230
|
+
}
|
|
198
231
|
|
|
199
|
-
|
|
200
|
-
this.browserStorage.
|
|
201
|
-
|
|
202
|
-
|
|
232
|
+
const decryptedData = isEncrypted(parsedValue)
|
|
233
|
+
? await this.browserStorage.decryptData(
|
|
234
|
+
key,
|
|
235
|
+
parsedValue,
|
|
236
|
+
correlationId
|
|
237
|
+
)
|
|
238
|
+
: parsedValue;
|
|
239
|
+
if (!decryptedData || !CacheHelpers.isCredentialEntity(decryptedData)) {
|
|
240
|
+
this.performanceClient.incrementFields(
|
|
241
|
+
{ invalidCacheCount: 1 },
|
|
242
|
+
correlationId
|
|
203
243
|
);
|
|
204
|
-
|
|
205
|
-
this.browserStorage.removeItem(CacheKeys.getAccountKeysCacheKey(0));
|
|
244
|
+
return null;
|
|
206
245
|
}
|
|
207
246
|
|
|
208
|
-
if (
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
247
|
+
if (
|
|
248
|
+
(CacheHelpers.isAccessTokenEntity(decryptedData) ||
|
|
249
|
+
CacheHelpers.isRefreshTokenEntity(decryptedData)) &&
|
|
250
|
+
decryptedData.expiresOn &&
|
|
251
|
+
TimeUtils.isTokenExpired(
|
|
252
|
+
decryptedData.expiresOn,
|
|
253
|
+
DEFAULT_TOKEN_RENEWAL_OFFSET_SEC
|
|
254
|
+
)
|
|
255
|
+
) {
|
|
256
|
+
this.browserStorage.removeItem(key);
|
|
257
|
+
this.performanceClient.incrementFields(
|
|
258
|
+
{ expiredCacheRemovedCount: 1 },
|
|
259
|
+
correlationId
|
|
212
260
|
);
|
|
213
|
-
|
|
214
|
-
this.browserStorage.removeItem(CacheKeys.getAccountKeysCacheKey(1));
|
|
261
|
+
return null;
|
|
215
262
|
}
|
|
216
263
|
|
|
217
|
-
|
|
218
|
-
this.setTokenKeys(tokenKeys1, correlationId, 1);
|
|
264
|
+
return decryptedData;
|
|
219
265
|
}
|
|
220
266
|
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
267
|
+
/**
|
|
268
|
+
* Remove accounts from the cache for older schema versions if they have not been updated in the last cacheRetentionDays
|
|
269
|
+
* @param accountSchema
|
|
270
|
+
* @param credentialSchema
|
|
271
|
+
* @param correlationId
|
|
272
|
+
* @returns
|
|
273
|
+
*/
|
|
274
|
+
async removeStaleAccounts(
|
|
275
|
+
accountSchema: number,
|
|
276
|
+
credentialSchema: number,
|
|
225
277
|
correlationId: string
|
|
226
|
-
): Promise<void
|
|
227
|
-
const
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
278
|
+
): Promise<void> {
|
|
279
|
+
const accountKeysToCheck = getAccountKeys(
|
|
280
|
+
this.browserStorage,
|
|
281
|
+
accountSchema
|
|
282
|
+
);
|
|
283
|
+
if (accountKeysToCheck.length === 0) {
|
|
284
|
+
return;
|
|
285
|
+
}
|
|
234
286
|
|
|
235
|
-
|
|
236
|
-
|
|
287
|
+
for (const accountKey of [...accountKeysToCheck]) {
|
|
288
|
+
this.performanceClient.incrementFields(
|
|
289
|
+
{ oldAcntCount: 1 },
|
|
290
|
+
correlationId
|
|
291
|
+
);
|
|
292
|
+
const rawValue = this.browserStorage.getItem(accountKey);
|
|
293
|
+
const parsedValue = this.validateAndParseJson(rawValue || "") as
|
|
294
|
+
| AccountEntity
|
|
295
|
+
| EncryptedData
|
|
296
|
+
| null;
|
|
297
|
+
|
|
298
|
+
if (!parsedValue) {
|
|
299
|
+
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
237
300
|
continue;
|
|
238
301
|
}
|
|
239
302
|
|
|
240
|
-
if (!
|
|
241
|
-
// Add lastUpdatedAt to the existing
|
|
242
|
-
|
|
303
|
+
if (!parsedValue.lastUpdatedAt) {
|
|
304
|
+
// Add lastUpdatedAt to the existing entry if it doesnt exist so we know when it's safe to remove it
|
|
305
|
+
parsedValue.lastUpdatedAt = Date.now().toString();
|
|
243
306
|
this.setItem(
|
|
244
|
-
|
|
245
|
-
JSON.stringify(
|
|
307
|
+
accountKey,
|
|
308
|
+
JSON.stringify(parsedValue),
|
|
246
309
|
correlationId
|
|
247
310
|
);
|
|
311
|
+
continue;
|
|
312
|
+
} else if (
|
|
313
|
+
TimeUtils.isCacheExpired(
|
|
314
|
+
parsedValue.lastUpdatedAt,
|
|
315
|
+
this.cacheConfig.cacheRetentionDays
|
|
316
|
+
)
|
|
317
|
+
) {
|
|
318
|
+
// Cache expired remove account and associated tokens
|
|
319
|
+
await this.removeAccountOldSchema(
|
|
320
|
+
accountKey,
|
|
321
|
+
parsedValue,
|
|
322
|
+
credentialSchema,
|
|
323
|
+
correlationId
|
|
324
|
+
);
|
|
325
|
+
removeElementFromArray(accountKeysToCheck, accountKey);
|
|
248
326
|
}
|
|
327
|
+
}
|
|
328
|
+
|
|
329
|
+
this.setAccountKeys(accountKeysToCheck, correlationId, accountSchema);
|
|
330
|
+
}
|
|
331
|
+
|
|
332
|
+
/**
|
|
333
|
+
* Remove the given account and all associated tokens from the cache
|
|
334
|
+
* @param accountKey
|
|
335
|
+
* @param rawObject
|
|
336
|
+
* @param credentialSchema
|
|
337
|
+
* @param correlationId
|
|
338
|
+
*/
|
|
339
|
+
async removeAccountOldSchema(
|
|
340
|
+
accountKey: string,
|
|
341
|
+
rawObject: AccountEntity | EncryptedData,
|
|
342
|
+
credentialSchema: number,
|
|
343
|
+
correlationId: string
|
|
344
|
+
): Promise<void> {
|
|
345
|
+
const decryptedData = isEncrypted(rawObject)
|
|
346
|
+
? ((await this.browserStorage.decryptData(
|
|
347
|
+
accountKey,
|
|
348
|
+
rawObject,
|
|
349
|
+
correlationId
|
|
350
|
+
)) as AccountEntity | null)
|
|
351
|
+
: rawObject;
|
|
352
|
+
|
|
353
|
+
const homeAccountId = decryptedData?.homeAccountId;
|
|
354
|
+
if (homeAccountId) {
|
|
355
|
+
const tokenKeys = this.getTokenKeys(credentialSchema);
|
|
356
|
+
[...tokenKeys.idToken]
|
|
357
|
+
.filter((key) => key.includes(homeAccountId))
|
|
358
|
+
.forEach((key) => {
|
|
359
|
+
this.browserStorage.removeItem(key);
|
|
360
|
+
removeElementFromArray(tokenKeys.idToken, key);
|
|
361
|
+
});
|
|
362
|
+
[...tokenKeys.accessToken]
|
|
363
|
+
.filter((key) => key.includes(homeAccountId))
|
|
364
|
+
.forEach((key) => {
|
|
365
|
+
this.browserStorage.removeItem(key);
|
|
366
|
+
removeElementFromArray(tokenKeys.accessToken, key);
|
|
367
|
+
});
|
|
368
|
+
[...tokenKeys.refreshToken]
|
|
369
|
+
.filter((key) => key.includes(homeAccountId))
|
|
370
|
+
.forEach((key) => {
|
|
371
|
+
this.browserStorage.removeItem(key);
|
|
372
|
+
removeElementFromArray(tokenKeys.refreshToken, key);
|
|
373
|
+
});
|
|
374
|
+
this.setTokenKeys(tokenKeys, correlationId, credentialSchema);
|
|
375
|
+
}
|
|
376
|
+
|
|
377
|
+
this.performanceClient.incrementFields(
|
|
378
|
+
{ expiredAcntRemovedCount: 1 },
|
|
379
|
+
correlationId
|
|
380
|
+
);
|
|
249
381
|
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
382
|
+
this.browserStorage.removeItem(accountKey);
|
|
383
|
+
}
|
|
384
|
+
|
|
385
|
+
/**
|
|
386
|
+
* Gets key value pair mapping homeAccountId to KMSI value
|
|
387
|
+
* @returns
|
|
388
|
+
*/
|
|
389
|
+
getKMSIValues(): KmsiMap {
|
|
390
|
+
const kmsiMap: KmsiMap = {};
|
|
391
|
+
const tokenKeys = this.getTokenKeys().idToken;
|
|
392
|
+
for (const key of tokenKeys) {
|
|
393
|
+
const rawValue = this.browserStorage.getUserData(key);
|
|
394
|
+
if (rawValue) {
|
|
395
|
+
const idToken = JSON.parse(rawValue) as IdTokenEntity;
|
|
396
|
+
const claims = AuthToken.extractTokenClaims(
|
|
397
|
+
idToken.secret,
|
|
398
|
+
base64Decode
|
|
399
|
+
);
|
|
400
|
+
if (claims) {
|
|
401
|
+
kmsiMap[idToken.homeAccountId] = AuthToken.isKmsi(claims);
|
|
263
402
|
}
|
|
264
403
|
}
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
404
|
+
}
|
|
405
|
+
return kmsiMap;
|
|
406
|
+
}
|
|
407
|
+
|
|
408
|
+
/**
|
|
409
|
+
* Migrates id tokens from the old schema to the new schema, also migrates associated account object if it doesn't already exist in the new schema
|
|
410
|
+
* @param credentialSchema
|
|
411
|
+
* @param accountSchema
|
|
412
|
+
* @param correlationId
|
|
413
|
+
* @returns
|
|
414
|
+
*/
|
|
415
|
+
async migrateIdTokens(
|
|
416
|
+
credentialSchema: number,
|
|
417
|
+
accountSchema: number,
|
|
418
|
+
correlationId: string
|
|
419
|
+
): Promise<void> {
|
|
420
|
+
const credentialKeysToMigrate = getTokenKeys(
|
|
421
|
+
this.clientId,
|
|
422
|
+
this.browserStorage,
|
|
423
|
+
credentialSchema
|
|
424
|
+
);
|
|
425
|
+
if (credentialKeysToMigrate.idToken.length === 0) {
|
|
426
|
+
return;
|
|
427
|
+
}
|
|
428
|
+
|
|
429
|
+
const currentCredentialKeys = getTokenKeys(
|
|
430
|
+
this.clientId,
|
|
431
|
+
this.browserStorage,
|
|
432
|
+
CacheKeys.CREDENTIAL_SCHEMA_VERSION
|
|
433
|
+
);
|
|
434
|
+
const currentAccountKeys = getAccountKeys(this.browserStorage);
|
|
435
|
+
const previousAccountKeys = getAccountKeys(
|
|
436
|
+
this.browserStorage,
|
|
437
|
+
accountSchema
|
|
438
|
+
);
|
|
439
|
+
|
|
440
|
+
for (const idTokenKey of [...credentialKeysToMigrate.idToken]) {
|
|
441
|
+
this.performanceClient.incrementFields(
|
|
442
|
+
{ oldITCount: 1 },
|
|
443
|
+
correlationId
|
|
444
|
+
);
|
|
445
|
+
|
|
446
|
+
const oldSchemaData = (await this.updateOldEntry(
|
|
447
|
+
idTokenKey,
|
|
448
|
+
correlationId
|
|
449
|
+
)) as IdTokenEntity | null;
|
|
450
|
+
if (!oldSchemaData) {
|
|
451
|
+
removeElementFromArray(
|
|
452
|
+
credentialKeysToMigrate.idToken,
|
|
453
|
+
idTokenKey
|
|
454
|
+
);
|
|
455
|
+
continue;
|
|
456
|
+
}
|
|
457
|
+
|
|
458
|
+
const currentAccountKey = currentAccountKeys.find((key) =>
|
|
459
|
+
key.includes(oldSchemaData.homeAccountId)
|
|
460
|
+
);
|
|
461
|
+
const previousAccountKey = previousAccountKeys.find((key) =>
|
|
462
|
+
key.includes(oldSchemaData.homeAccountId)
|
|
463
|
+
);
|
|
464
|
+
|
|
465
|
+
let account: AccountEntity | null = null;
|
|
466
|
+
if (currentAccountKey) {
|
|
467
|
+
account = this.getAccount(currentAccountKey, correlationId);
|
|
468
|
+
} else if (previousAccountKey) {
|
|
469
|
+
const rawValue =
|
|
470
|
+
this.browserStorage.getItem(previousAccountKey);
|
|
471
|
+
const parsedValue = this.validateAndParseJson(
|
|
472
|
+
rawValue || ""
|
|
473
|
+
) as AccountEntity | EncryptedData | null;
|
|
474
|
+
account =
|
|
475
|
+
parsedValue && isEncrypted(parsedValue)
|
|
476
|
+
? ((await this.browserStorage.decryptData(
|
|
477
|
+
previousAccountKey,
|
|
478
|
+
parsedValue,
|
|
479
|
+
correlationId
|
|
480
|
+
)) as AccountEntity | null)
|
|
481
|
+
: parsedValue;
|
|
482
|
+
}
|
|
483
|
+
|
|
484
|
+
if (!account) {
|
|
485
|
+
// Don't migrate idToken if we don't have an account for it
|
|
279
486
|
this.performanceClient.incrementFields(
|
|
280
|
-
{
|
|
487
|
+
{ skipITMigrateCount: 1 },
|
|
281
488
|
correlationId
|
|
282
489
|
);
|
|
283
490
|
continue;
|
|
284
491
|
}
|
|
285
492
|
|
|
493
|
+
const claims = AuthToken.extractTokenClaims(
|
|
494
|
+
oldSchemaData.secret,
|
|
495
|
+
base64Decode
|
|
496
|
+
);
|
|
497
|
+
|
|
498
|
+
const newIdTokenKey = this.generateCredentialKey(oldSchemaData);
|
|
499
|
+
const currentIdToken = this.getIdTokenCredential(
|
|
500
|
+
newIdTokenKey,
|
|
501
|
+
correlationId
|
|
502
|
+
);
|
|
503
|
+
const oldTokenHasSignInState =
|
|
504
|
+
Object.keys(claims).includes("signin_state");
|
|
505
|
+
const currentTokenHasSignInState =
|
|
506
|
+
currentIdToken &&
|
|
507
|
+
Object.keys(
|
|
508
|
+
AuthToken.extractTokenClaims(
|
|
509
|
+
currentIdToken.secret,
|
|
510
|
+
base64Decode
|
|
511
|
+
) || {}
|
|
512
|
+
).includes("signin_state");
|
|
513
|
+
|
|
514
|
+
/**
|
|
515
|
+
* Only migrate if:
|
|
516
|
+
* 1. Token doesn't yet exist in current schema
|
|
517
|
+
* 2. Old schema token has been updated more recently than the current one AND migrating it won't result in loss of KMSI state
|
|
518
|
+
*/
|
|
286
519
|
if (
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
520
|
+
!currentIdToken ||
|
|
521
|
+
(oldSchemaData.lastUpdatedAt > currentIdToken.lastUpdatedAt &&
|
|
522
|
+
(oldTokenHasSignInState || !currentTokenHasSignInState))
|
|
290
523
|
) {
|
|
291
|
-
const
|
|
292
|
-
const
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
524
|
+
const tenantProfiles = account.tenantProfiles || [];
|
|
525
|
+
const tenantId =
|
|
526
|
+
getTenantIdFromIdTokenClaims(claims) || account.realm;
|
|
527
|
+
if (
|
|
528
|
+
tenantId &&
|
|
529
|
+
!tenantProfiles.find((tenantProfile) => {
|
|
530
|
+
return tenantProfile.tenantId === tenantId;
|
|
531
|
+
})
|
|
532
|
+
) {
|
|
533
|
+
const newTenantProfile = buildTenantProfile(
|
|
534
|
+
account.homeAccountId,
|
|
535
|
+
account.localAccountId,
|
|
536
|
+
tenantId,
|
|
537
|
+
claims
|
|
538
|
+
);
|
|
539
|
+
tenantProfiles.push(newTenantProfile);
|
|
540
|
+
}
|
|
541
|
+
account.tenantProfiles = tenantProfiles;
|
|
542
|
+
const newAccountKey = this.generateAccountKey(
|
|
543
|
+
AccountEntity.getAccountInfo(account)
|
|
544
|
+
);
|
|
545
|
+
const kmsi = AuthToken.isKmsi(claims);
|
|
546
|
+
await this.setUserData(
|
|
547
|
+
newAccountKey,
|
|
548
|
+
JSON.stringify(account),
|
|
549
|
+
correlationId,
|
|
550
|
+
account.lastUpdatedAt,
|
|
551
|
+
kmsi
|
|
552
|
+
);
|
|
553
|
+
if (!currentAccountKeys.includes(newAccountKey)) {
|
|
554
|
+
currentAccountKeys.push(newAccountKey);
|
|
555
|
+
}
|
|
556
|
+
await this.setUserData(
|
|
557
|
+
newIdTokenKey,
|
|
558
|
+
JSON.stringify(oldSchemaData),
|
|
559
|
+
correlationId,
|
|
560
|
+
oldSchemaData.lastUpdatedAt,
|
|
561
|
+
kmsi
|
|
562
|
+
);
|
|
563
|
+
this.performanceClient.incrementFields(
|
|
564
|
+
{ migratedITCount: 1 },
|
|
565
|
+
correlationId
|
|
566
|
+
);
|
|
567
|
+
currentCredentialKeys.idToken.push(newIdTokenKey);
|
|
568
|
+
}
|
|
569
|
+
}
|
|
570
|
+
|
|
571
|
+
this.setTokenKeys(
|
|
572
|
+
credentialKeysToMigrate,
|
|
573
|
+
correlationId,
|
|
574
|
+
credentialSchema
|
|
575
|
+
);
|
|
576
|
+
this.setTokenKeys(currentCredentialKeys, correlationId);
|
|
577
|
+
this.setAccountKeys(currentAccountKeys, correlationId);
|
|
578
|
+
}
|
|
579
|
+
|
|
580
|
+
/**
|
|
581
|
+
* Migrates access tokens from old cache schema to current schema
|
|
582
|
+
* @param credentialSchema
|
|
583
|
+
* @param kmsiMap
|
|
584
|
+
* @param correlationId
|
|
585
|
+
* @returns
|
|
586
|
+
*/
|
|
587
|
+
async migrateAccessTokens(
|
|
588
|
+
credentialSchema: number,
|
|
589
|
+
kmsiMap: KmsiMap,
|
|
590
|
+
correlationId: string
|
|
591
|
+
): Promise<void> {
|
|
592
|
+
const credentialKeysToMigrate = getTokenKeys(
|
|
593
|
+
this.clientId,
|
|
594
|
+
this.browserStorage,
|
|
595
|
+
credentialSchema
|
|
596
|
+
);
|
|
597
|
+
if (credentialKeysToMigrate.accessToken.length === 0) {
|
|
598
|
+
return;
|
|
599
|
+
}
|
|
600
|
+
|
|
601
|
+
const currentCredentialKeys = getTokenKeys(
|
|
602
|
+
this.clientId,
|
|
603
|
+
this.browserStorage,
|
|
604
|
+
CacheKeys.CREDENTIAL_SCHEMA_VERSION
|
|
605
|
+
);
|
|
606
|
+
|
|
607
|
+
for (const accessTokenKey of [...credentialKeysToMigrate.accessToken]) {
|
|
608
|
+
this.performanceClient.incrementFields(
|
|
609
|
+
{ oldATCount: 1 },
|
|
610
|
+
correlationId
|
|
611
|
+
);
|
|
612
|
+
|
|
613
|
+
const oldSchemaData = (await this.updateOldEntry(
|
|
614
|
+
accessTokenKey,
|
|
615
|
+
correlationId
|
|
616
|
+
)) as AccessTokenEntity | null;
|
|
617
|
+
if (!oldSchemaData) {
|
|
618
|
+
removeElementFromArray(
|
|
619
|
+
credentialKeysToMigrate.accessToken,
|
|
620
|
+
accessTokenKey
|
|
621
|
+
);
|
|
622
|
+
continue;
|
|
623
|
+
}
|
|
624
|
+
|
|
625
|
+
if (!Object.keys(kmsiMap).includes(oldSchemaData.homeAccountId)) {
|
|
626
|
+
// Don't migrate tokens if we don't have an idToken for them
|
|
627
|
+
this.performanceClient.incrementFields(
|
|
628
|
+
{ skipATMigrateCount: 1 },
|
|
629
|
+
correlationId
|
|
630
|
+
);
|
|
631
|
+
continue;
|
|
632
|
+
}
|
|
633
|
+
|
|
634
|
+
const newKey = this.generateCredentialKey(oldSchemaData);
|
|
635
|
+
const kmsi = kmsiMap[oldSchemaData.homeAccountId];
|
|
636
|
+
if (!currentCredentialKeys.accessToken.includes(newKey)) {
|
|
637
|
+
await this.setUserData(
|
|
638
|
+
newKey,
|
|
639
|
+
JSON.stringify(oldSchemaData),
|
|
640
|
+
correlationId,
|
|
641
|
+
oldSchemaData.lastUpdatedAt,
|
|
642
|
+
kmsi
|
|
643
|
+
);
|
|
644
|
+
this.performanceClient.incrementFields(
|
|
645
|
+
{ migratedATCount: 1 },
|
|
646
|
+
correlationId
|
|
647
|
+
);
|
|
648
|
+
currentCredentialKeys.accessToken.push(newKey);
|
|
649
|
+
} else {
|
|
650
|
+
const currentToken = this.getAccessTokenCredential(
|
|
651
|
+
newKey,
|
|
652
|
+
correlationId
|
|
653
|
+
);
|
|
654
|
+
if (
|
|
655
|
+
!currentToken ||
|
|
656
|
+
oldSchemaData.lastUpdatedAt > currentToken.lastUpdatedAt
|
|
657
|
+
) {
|
|
658
|
+
// If the token already exists, only overwrite it if the old token has a more recent lastUpdatedAt
|
|
659
|
+
await this.setUserData(
|
|
660
|
+
newKey,
|
|
661
|
+
JSON.stringify(oldSchemaData),
|
|
662
|
+
correlationId,
|
|
663
|
+
oldSchemaData.lastUpdatedAt,
|
|
664
|
+
kmsi
|
|
665
|
+
);
|
|
666
|
+
this.performanceClient.incrementFields(
|
|
667
|
+
{ migratedATCount: 1 },
|
|
668
|
+
correlationId
|
|
307
669
|
);
|
|
308
|
-
continue;
|
|
309
|
-
} else {
|
|
310
|
-
const parsedV1Entry = this.validateAndParseJson(
|
|
311
|
-
rawV1Entry
|
|
312
|
-
) as CredentialEntity | AccountEntity | EncryptedData;
|
|
313
|
-
// If the entry already exists but is older than the v0 entry, replace it
|
|
314
|
-
if (
|
|
315
|
-
Number(parsedV0Value.lastUpdatedAt) >
|
|
316
|
-
Number(parsedV1Entry.lastUpdatedAt)
|
|
317
|
-
) {
|
|
318
|
-
upgradePromises.push(
|
|
319
|
-
this.setUserData(
|
|
320
|
-
v1Key,
|
|
321
|
-
JSON.stringify(decryptedData),
|
|
322
|
-
correlationId,
|
|
323
|
-
parsedV0Value.lastUpdatedAt
|
|
324
|
-
).then(() => {
|
|
325
|
-
this.performanceClient.incrementFields(
|
|
326
|
-
{ updatedCacheFromV0Count: 1 },
|
|
327
|
-
correlationId
|
|
328
|
-
);
|
|
329
|
-
})
|
|
330
|
-
);
|
|
331
|
-
continue;
|
|
332
|
-
}
|
|
333
670
|
}
|
|
334
671
|
}
|
|
335
|
-
/*
|
|
336
|
-
* Note: If we reach here for unencrypted localStorage data, we continue without migrating
|
|
337
|
-
* as we can't migrate unencrypted localStorage data right now since we can't guarantee KMSI=no
|
|
338
|
-
*/
|
|
339
672
|
}
|
|
340
673
|
|
|
341
|
-
|
|
674
|
+
this.setTokenKeys(
|
|
675
|
+
credentialKeysToMigrate,
|
|
676
|
+
correlationId,
|
|
677
|
+
credentialSchema
|
|
678
|
+
);
|
|
679
|
+
this.setTokenKeys(currentCredentialKeys, correlationId);
|
|
680
|
+
}
|
|
681
|
+
|
|
682
|
+
/**
|
|
683
|
+
* Migrates refresh tokens from old cache schema to current schema
|
|
684
|
+
* @param credentialSchema
|
|
685
|
+
* @param kmsiMap
|
|
686
|
+
* @param correlationId
|
|
687
|
+
* @returns
|
|
688
|
+
*/
|
|
689
|
+
async migrateRefreshTokens(
|
|
690
|
+
credentialSchema: number,
|
|
691
|
+
kmsiMap: KmsiMap,
|
|
692
|
+
correlationId: string
|
|
693
|
+
): Promise<void> {
|
|
694
|
+
const credentialKeysToMigrate = getTokenKeys(
|
|
695
|
+
this.clientId,
|
|
696
|
+
this.browserStorage,
|
|
697
|
+
credentialSchema
|
|
698
|
+
);
|
|
699
|
+
if (credentialKeysToMigrate.refreshToken.length === 0) {
|
|
700
|
+
return;
|
|
701
|
+
}
|
|
702
|
+
|
|
703
|
+
const currentCredentialKeys = getTokenKeys(
|
|
704
|
+
this.clientId,
|
|
705
|
+
this.browserStorage,
|
|
706
|
+
CacheKeys.CREDENTIAL_SCHEMA_VERSION
|
|
707
|
+
);
|
|
708
|
+
|
|
709
|
+
for (const refreshTokenKey of [
|
|
710
|
+
...credentialKeysToMigrate.refreshToken,
|
|
711
|
+
]) {
|
|
712
|
+
this.performanceClient.incrementFields(
|
|
713
|
+
{ oldRTCount: 1 },
|
|
714
|
+
correlationId
|
|
715
|
+
);
|
|
716
|
+
|
|
717
|
+
const oldSchemaData = (await this.updateOldEntry(
|
|
718
|
+
refreshTokenKey,
|
|
719
|
+
correlationId
|
|
720
|
+
)) as RefreshTokenEntity | null;
|
|
721
|
+
if (!oldSchemaData) {
|
|
722
|
+
removeElementFromArray(
|
|
723
|
+
credentialKeysToMigrate.refreshToken,
|
|
724
|
+
refreshTokenKey
|
|
725
|
+
);
|
|
726
|
+
continue;
|
|
727
|
+
}
|
|
728
|
+
|
|
729
|
+
if (!Object.keys(kmsiMap).includes(oldSchemaData.homeAccountId)) {
|
|
730
|
+
// Don't migrate tokens if we don't have an idToken for them
|
|
731
|
+
this.performanceClient.incrementFields(
|
|
732
|
+
{ skipRTMigrateCount: 1 },
|
|
733
|
+
correlationId
|
|
734
|
+
);
|
|
735
|
+
continue;
|
|
736
|
+
}
|
|
737
|
+
|
|
738
|
+
const newKey = this.generateCredentialKey(oldSchemaData);
|
|
739
|
+
const kmsi = kmsiMap[oldSchemaData.homeAccountId];
|
|
740
|
+
if (!currentCredentialKeys.refreshToken.includes(newKey)) {
|
|
741
|
+
await this.setUserData(
|
|
742
|
+
newKey,
|
|
743
|
+
JSON.stringify(oldSchemaData),
|
|
744
|
+
correlationId,
|
|
745
|
+
oldSchemaData.lastUpdatedAt,
|
|
746
|
+
kmsi
|
|
747
|
+
);
|
|
748
|
+
this.performanceClient.incrementFields(
|
|
749
|
+
{ migratedRTCount: 1 },
|
|
750
|
+
correlationId
|
|
751
|
+
);
|
|
752
|
+
currentCredentialKeys.refreshToken.push(newKey);
|
|
753
|
+
} else {
|
|
754
|
+
const currentToken = this.getRefreshTokenCredential(
|
|
755
|
+
newKey,
|
|
756
|
+
correlationId
|
|
757
|
+
);
|
|
758
|
+
if (
|
|
759
|
+
!currentToken ||
|
|
760
|
+
oldSchemaData.lastUpdatedAt > currentToken.lastUpdatedAt
|
|
761
|
+
) {
|
|
762
|
+
// If the token already exists, only overwrite it if the old token has a more recent lastUpdatedAt
|
|
763
|
+
await this.setUserData(
|
|
764
|
+
newKey,
|
|
765
|
+
JSON.stringify(oldSchemaData),
|
|
766
|
+
correlationId,
|
|
767
|
+
oldSchemaData.lastUpdatedAt,
|
|
768
|
+
kmsi
|
|
769
|
+
);
|
|
770
|
+
this.performanceClient.incrementFields(
|
|
771
|
+
{ migratedRTCount: 1 },
|
|
772
|
+
correlationId
|
|
773
|
+
);
|
|
774
|
+
}
|
|
775
|
+
}
|
|
776
|
+
}
|
|
777
|
+
|
|
778
|
+
this.setTokenKeys(
|
|
779
|
+
credentialKeysToMigrate,
|
|
780
|
+
correlationId,
|
|
781
|
+
credentialSchema
|
|
782
|
+
);
|
|
783
|
+
this.setTokenKeys(currentCredentialKeys, correlationId);
|
|
342
784
|
}
|
|
343
785
|
|
|
344
786
|
/**
|
|
@@ -393,30 +835,45 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
393
835
|
* @param value
|
|
394
836
|
*/
|
|
395
837
|
setItem(key: string, value: string, correlationId: string): void {
|
|
396
|
-
|
|
397
|
-
|
|
838
|
+
const tokenKeysCount = new Array(
|
|
839
|
+
CacheKeys.CREDENTIAL_SCHEMA_VERSION + 1
|
|
840
|
+
).fill(0); // Array mapping schema version to number of token keys stored for that version
|
|
841
|
+
const accessTokenKeys: Array<string> = []; // Flat map of all access token keys stored, ordered by schema version
|
|
398
842
|
const maxRetries = 20;
|
|
399
843
|
for (let i = 0; i <= maxRetries; i++) {
|
|
844
|
+
// Attempt to store item in cache, if cache is full this call will throw and we'll attempt to clear space by removing access tokens from the cache one by one, starting with tokens stored by previous versions of MSAL.js
|
|
400
845
|
try {
|
|
401
846
|
this.browserStorage.setItem(key, value);
|
|
402
847
|
if (i > 0) {
|
|
403
|
-
//
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
848
|
+
// If any tokens were removed in order to store this item update the token keys array with the tokens removed
|
|
849
|
+
for (
|
|
850
|
+
let schemaVersion = 0;
|
|
851
|
+
schemaVersion <= CacheKeys.CREDENTIAL_SCHEMA_VERSION;
|
|
852
|
+
schemaVersion++
|
|
853
|
+
) {
|
|
854
|
+
// Get the sum of all previous token counts to use as start index for this schema version
|
|
855
|
+
const startIndex = tokenKeysCount
|
|
856
|
+
.slice(0, schemaVersion)
|
|
857
|
+
.reduce((sum, count) => sum + count, 0);
|
|
858
|
+
if (startIndex >= i) {
|
|
859
|
+
// Done removing tokens
|
|
860
|
+
break;
|
|
861
|
+
}
|
|
862
|
+
const endIndex =
|
|
863
|
+
i > startIndex + tokenKeysCount[schemaVersion]
|
|
864
|
+
? startIndex + tokenKeysCount[schemaVersion]
|
|
865
|
+
: i;
|
|
866
|
+
|
|
867
|
+
if (
|
|
868
|
+
i > startIndex &&
|
|
869
|
+
tokenKeysCount[schemaVersion] > 0
|
|
870
|
+
) {
|
|
871
|
+
this.removeAccessTokenKeys(
|
|
872
|
+
accessTokenKeys.slice(startIndex, endIndex),
|
|
873
|
+
correlationId,
|
|
874
|
+
schemaVersion
|
|
875
|
+
);
|
|
876
|
+
}
|
|
420
877
|
}
|
|
421
878
|
}
|
|
422
879
|
break; // If setItem succeeds, exit the loop
|
|
@@ -429,18 +886,27 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
429
886
|
) {
|
|
430
887
|
if (!accessTokenKeys.length) {
|
|
431
888
|
// If we are currently trying to set the token keys, use the value we're trying to set
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
CacheKeys.
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
889
|
+
for (
|
|
890
|
+
let i = 0;
|
|
891
|
+
i <= CacheKeys.CREDENTIAL_SCHEMA_VERSION;
|
|
892
|
+
i++
|
|
893
|
+
) {
|
|
894
|
+
if (
|
|
895
|
+
key ===
|
|
896
|
+
CacheKeys.getTokenKeysCacheKey(this.clientId, i)
|
|
897
|
+
) {
|
|
898
|
+
const tokenKeys = (
|
|
899
|
+
JSON.parse(value) as TokenKeys
|
|
900
|
+
).accessToken;
|
|
901
|
+
accessTokenKeys.push(...tokenKeys);
|
|
902
|
+
tokenKeysCount[i] = tokenKeys.length;
|
|
903
|
+
} else {
|
|
904
|
+
const tokenKeys =
|
|
905
|
+
this.getTokenKeys(i).accessToken;
|
|
906
|
+
accessTokenKeys.push(...tokenKeys);
|
|
907
|
+
tokenKeysCount[i] = tokenKeys.length;
|
|
908
|
+
}
|
|
909
|
+
}
|
|
444
910
|
}
|
|
445
911
|
if (accessTokenKeys.length <= i) {
|
|
446
912
|
// Nothing to remove, rethrow the error
|
|
@@ -470,37 +936,53 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
470
936
|
key: string,
|
|
471
937
|
value: string,
|
|
472
938
|
correlationId: string,
|
|
473
|
-
timestamp: string
|
|
939
|
+
timestamp: string,
|
|
940
|
+
kmsi: boolean
|
|
474
941
|
): Promise<void> {
|
|
475
|
-
|
|
476
|
-
|
|
942
|
+
const tokenKeysCount = new Array(
|
|
943
|
+
CacheKeys.CREDENTIAL_SCHEMA_VERSION + 1
|
|
944
|
+
).fill(0); // Array mapping schema version to number of token keys stored for that version
|
|
945
|
+
const accessTokenKeys: Array<string> = []; // Flat map of all access token keys stored, ordered by schema version
|
|
477
946
|
const maxRetries = 20;
|
|
478
947
|
for (let i = 0; i <= maxRetries; i++) {
|
|
479
948
|
try {
|
|
949
|
+
// Attempt to store item in cache, if cache is full this call will throw and we'll attempt to clear space by removing access tokens from the cache one by one, starting with tokens stored by previous versions of MSAL.js
|
|
480
950
|
await invokeAsync(
|
|
481
951
|
this.browserStorage.setUserData.bind(this.browserStorage),
|
|
482
952
|
PerformanceEvents.SetUserData,
|
|
483
953
|
this.logger,
|
|
484
954
|
this.performanceClient
|
|
485
|
-
)(key, value, correlationId, timestamp);
|
|
955
|
+
)(key, value, correlationId, timestamp, kmsi);
|
|
486
956
|
if (i > 0) {
|
|
487
|
-
//
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
957
|
+
// If any tokens were removed in order to store this item update the token keys array with the tokens removed
|
|
958
|
+
for (
|
|
959
|
+
let schemaVersion = 0;
|
|
960
|
+
schemaVersion <= CacheKeys.CREDENTIAL_SCHEMA_VERSION;
|
|
961
|
+
schemaVersion++
|
|
962
|
+
) {
|
|
963
|
+
// Get the sum of all previous token counts to use as start index for this schema version
|
|
964
|
+
const startIndex = tokenKeysCount
|
|
965
|
+
.slice(0, schemaVersion)
|
|
966
|
+
.reduce((sum, count) => sum + count, 0);
|
|
967
|
+
if (startIndex >= i) {
|
|
968
|
+
// Done removing tokens
|
|
969
|
+
break;
|
|
970
|
+
}
|
|
971
|
+
const endIndex =
|
|
972
|
+
i > startIndex + tokenKeysCount[schemaVersion]
|
|
973
|
+
? startIndex + tokenKeysCount[schemaVersion]
|
|
974
|
+
: i;
|
|
975
|
+
|
|
976
|
+
if (
|
|
977
|
+
i > startIndex &&
|
|
978
|
+
tokenKeysCount[schemaVersion] > 0
|
|
979
|
+
) {
|
|
980
|
+
this.removeAccessTokenKeys(
|
|
981
|
+
accessTokenKeys.slice(startIndex, endIndex),
|
|
982
|
+
correlationId,
|
|
983
|
+
schemaVersion
|
|
984
|
+
);
|
|
985
|
+
}
|
|
504
986
|
}
|
|
505
987
|
}
|
|
506
988
|
break; // If setItem succeeds, exit the loop
|
|
@@ -512,10 +994,16 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
512
994
|
i < maxRetries
|
|
513
995
|
) {
|
|
514
996
|
if (!accessTokenKeys.length) {
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
997
|
+
// If we are currently trying to set the token keys, use the value we're trying to set
|
|
998
|
+
for (
|
|
999
|
+
let i = 0;
|
|
1000
|
+
i <= CacheKeys.CREDENTIAL_SCHEMA_VERSION;
|
|
1001
|
+
i++
|
|
1002
|
+
) {
|
|
1003
|
+
const tokenKeys = this.getTokenKeys(i).accessToken;
|
|
1004
|
+
accessTokenKeys.push(...tokenKeys);
|
|
1005
|
+
tokenKeysCount[i] = tokenKeys.length;
|
|
1006
|
+
}
|
|
519
1007
|
}
|
|
520
1008
|
if (accessTokenKeys.length <= i) {
|
|
521
1009
|
// Nothing left to remove, rethrow the error
|
|
@@ -569,19 +1057,24 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
569
1057
|
*/
|
|
570
1058
|
async setAccount(
|
|
571
1059
|
account: AccountEntity,
|
|
572
|
-
correlationId: string
|
|
1060
|
+
correlationId: string,
|
|
1061
|
+
kmsi: boolean
|
|
573
1062
|
): Promise<void> {
|
|
574
1063
|
this.logger.trace("BrowserCacheManager.setAccount called");
|
|
575
|
-
const key = this.generateAccountKey(
|
|
1064
|
+
const key = this.generateAccountKey(
|
|
1065
|
+
AccountEntity.getAccountInfo(account)
|
|
1066
|
+
);
|
|
576
1067
|
const timestamp = Date.now().toString();
|
|
577
1068
|
account.lastUpdatedAt = timestamp;
|
|
578
1069
|
await this.setUserData(
|
|
579
1070
|
key,
|
|
580
1071
|
JSON.stringify(account),
|
|
581
1072
|
correlationId,
|
|
582
|
-
timestamp
|
|
1073
|
+
timestamp,
|
|
1074
|
+
kmsi
|
|
583
1075
|
);
|
|
584
1076
|
const wasAdded = this.addAccountKeyToMap(key, correlationId);
|
|
1077
|
+
this.performanceClient.addFields({ kmsi: kmsi }, correlationId);
|
|
585
1078
|
|
|
586
1079
|
/**
|
|
587
1080
|
* @deprecated - Remove this in next major version in favor of more consistent LOGIN event
|
|
@@ -594,7 +1087,7 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
594
1087
|
this.eventHandler.emitEvent(
|
|
595
1088
|
EventType.ACCOUNT_ADDED,
|
|
596
1089
|
undefined,
|
|
597
|
-
|
|
1090
|
+
AccountEntity.getAccountInfo(account)
|
|
598
1091
|
);
|
|
599
1092
|
}
|
|
600
1093
|
}
|
|
@@ -607,6 +1100,22 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
607
1100
|
return getAccountKeys(this.browserStorage);
|
|
608
1101
|
}
|
|
609
1102
|
|
|
1103
|
+
setAccountKeys(
|
|
1104
|
+
accountKeys: Array<string>,
|
|
1105
|
+
correlationId: string,
|
|
1106
|
+
schemaVersion: number = CacheKeys.ACCOUNT_SCHEMA_VERSION
|
|
1107
|
+
): void {
|
|
1108
|
+
if (accountKeys.length === 0) {
|
|
1109
|
+
this.removeItem(CacheKeys.getAccountKeysCacheKey(schemaVersion));
|
|
1110
|
+
} else {
|
|
1111
|
+
this.setItem(
|
|
1112
|
+
CacheKeys.getAccountKeysCacheKey(schemaVersion),
|
|
1113
|
+
JSON.stringify(accountKeys),
|
|
1114
|
+
correlationId
|
|
1115
|
+
);
|
|
1116
|
+
}
|
|
1117
|
+
}
|
|
1118
|
+
|
|
610
1119
|
/**
|
|
611
1120
|
* Add a new account to the key map
|
|
612
1121
|
* @param key
|
|
@@ -650,17 +1159,7 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
650
1159
|
const removalIndex = accountKeys.indexOf(key);
|
|
651
1160
|
if (removalIndex > -1) {
|
|
652
1161
|
accountKeys.splice(removalIndex, 1);
|
|
653
|
-
|
|
654
|
-
// If no keys left, remove the map
|
|
655
|
-
this.removeItem(CacheKeys.getAccountKeysCacheKey());
|
|
656
|
-
return;
|
|
657
|
-
} else {
|
|
658
|
-
this.setItem(
|
|
659
|
-
CacheKeys.getAccountKeysCacheKey(),
|
|
660
|
-
JSON.stringify(accountKeys),
|
|
661
|
-
correlationId
|
|
662
|
-
);
|
|
663
|
-
}
|
|
1162
|
+
this.setAccountKeys(accountKeys, correlationId);
|
|
664
1163
|
this.logger.trace(
|
|
665
1164
|
"BrowserCacheManager.removeAccountKeyFromMap account key removed"
|
|
666
1165
|
);
|
|
@@ -865,7 +1364,8 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
865
1364
|
*/
|
|
866
1365
|
async setIdTokenCredential(
|
|
867
1366
|
idToken: IdTokenEntity,
|
|
868
|
-
correlationId: string
|
|
1367
|
+
correlationId: string,
|
|
1368
|
+
kmsi: boolean
|
|
869
1369
|
): Promise<void> {
|
|
870
1370
|
this.logger.trace("BrowserCacheManager.setIdTokenCredential called");
|
|
871
1371
|
const idTokenKey = this.generateCredentialKey(idToken);
|
|
@@ -876,7 +1376,8 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
876
1376
|
idTokenKey,
|
|
877
1377
|
JSON.stringify(idToken),
|
|
878
1378
|
correlationId,
|
|
879
|
-
timestamp
|
|
1379
|
+
timestamp,
|
|
1380
|
+
kmsi
|
|
880
1381
|
);
|
|
881
1382
|
|
|
882
1383
|
const tokenKeys = this.getTokenKeys();
|
|
@@ -928,7 +1429,8 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
928
1429
|
*/
|
|
929
1430
|
async setAccessTokenCredential(
|
|
930
1431
|
accessToken: AccessTokenEntity,
|
|
931
|
-
correlationId: string
|
|
1432
|
+
correlationId: string,
|
|
1433
|
+
kmsi: boolean
|
|
932
1434
|
): Promise<void> {
|
|
933
1435
|
this.logger.trace(
|
|
934
1436
|
"BrowserCacheManager.setAccessTokenCredential called"
|
|
@@ -941,7 +1443,8 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
941
1443
|
accessTokenKey,
|
|
942
1444
|
JSON.stringify(accessToken),
|
|
943
1445
|
correlationId,
|
|
944
|
-
timestamp
|
|
1446
|
+
timestamp,
|
|
1447
|
+
kmsi
|
|
945
1448
|
);
|
|
946
1449
|
|
|
947
1450
|
const tokenKeys = this.getTokenKeys();
|
|
@@ -995,7 +1498,8 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
995
1498
|
*/
|
|
996
1499
|
async setRefreshTokenCredential(
|
|
997
1500
|
refreshToken: RefreshTokenEntity,
|
|
998
|
-
correlationId: string
|
|
1501
|
+
correlationId: string,
|
|
1502
|
+
kmsi: boolean
|
|
999
1503
|
): Promise<void> {
|
|
1000
1504
|
this.logger.trace(
|
|
1001
1505
|
"BrowserCacheManager.setRefreshTokenCredential called"
|
|
@@ -1008,7 +1512,8 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
1008
1512
|
refreshTokenKey,
|
|
1009
1513
|
JSON.stringify(refreshToken),
|
|
1010
1514
|
correlationId,
|
|
1011
|
-
timestamp
|
|
1515
|
+
timestamp,
|
|
1516
|
+
kmsi
|
|
1012
1517
|
);
|
|
1013
1518
|
|
|
1014
1519
|
const tokenKeys = this.getTokenKeys();
|
|
@@ -1769,7 +2274,13 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
1769
2274
|
idToken: idTokenEntity,
|
|
1770
2275
|
accessToken: accessTokenEntity,
|
|
1771
2276
|
};
|
|
1772
|
-
return this.saveCacheRecord(
|
|
2277
|
+
return this.saveCacheRecord(
|
|
2278
|
+
cacheRecord,
|
|
2279
|
+
result.correlationId,
|
|
2280
|
+
AuthToken.isKmsi(
|
|
2281
|
+
AuthToken.extractTokenClaims(result.idToken, base64Decode)
|
|
2282
|
+
)
|
|
2283
|
+
);
|
|
1773
2284
|
}
|
|
1774
2285
|
|
|
1775
2286
|
/**
|
|
@@ -1781,12 +2292,14 @@ export class BrowserCacheManager extends CacheManager {
|
|
|
1781
2292
|
async saveCacheRecord(
|
|
1782
2293
|
cacheRecord: CacheRecord,
|
|
1783
2294
|
correlationId: string,
|
|
2295
|
+
kmsi: boolean,
|
|
1784
2296
|
storeInCache?: StoreInCache
|
|
1785
2297
|
): Promise<void> {
|
|
1786
2298
|
try {
|
|
1787
2299
|
await super.saveCacheRecord(
|
|
1788
2300
|
cacheRecord,
|
|
1789
2301
|
correlationId,
|
|
2302
|
+
kmsi,
|
|
1790
2303
|
storeInCache
|
|
1791
2304
|
);
|
|
1792
2305
|
} catch (e) {
|