@azure/msal-browser 4.5.1 → 4.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientNext.mjs +1 -1
- package/dist/broker/nativeBroker/NativeMessageHandler.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +9 -3
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.d.ts.map +1 -1
- package/dist/cache/TokenCache.mjs +7 -7
- package/dist/cache/TokenCache.mjs.map +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/ControllerFactory.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.d.ts +8 -0
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +50 -47
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.d.ts +1 -1
- package/dist/event/EventHandler.d.ts.map +1 -1
- package/dist/event/EventHandler.mjs +7 -5
- package/dist/event/EventHandler.mjs.map +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/NativeInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/NativeInteractionClient.mjs +11 -3
- package/dist/interaction_client/NativeInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +16 -8
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts +3 -3
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +12 -5
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +19 -9
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.d.ts +1 -7
- package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +2 -22
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.d.ts +2 -2
- package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +3 -3
- package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
- package/dist/interaction_handler/RedirectHandler.d.ts +2 -2
- package/dist/interaction_handler/RedirectHandler.d.ts.map +1 -1
- package/dist/interaction_handler/RedirectHandler.mjs +3 -3
- package/dist/interaction_handler/RedirectHandler.mjs.map +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +7 -7
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +13 -0
- package/dist/protocol/Authorize.d.ts.map +1 -0
- package/dist/protocol/Authorize.mjs +74 -0
- package/dist/protocol/Authorize.mjs.map +1 -0
- package/dist/request/PopupRequest.d.ts +1 -2
- package/dist/request/PopupRequest.d.ts.map +1 -1
- package/dist/request/RedirectRequest.d.ts +1 -2
- package/dist/request/RedirectRequest.d.ts.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/request/SilentRequest.d.ts +0 -1
- package/dist/request/SilentRequest.d.ts.map +1 -1
- package/dist/request/SsoSilentRequest.d.ts +2 -4
- package/dist/request/SsoSilentRequest.d.ts.map +1 -1
- package/dist/response/ResponseHandler.d.ts +3 -3
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/lib/msal-browser.cjs +1049 -1053
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +1049 -1053
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +67 -65
- package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/types/cache/TokenCache.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts +8 -0
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/event/EventHandler.d.ts +1 -1
- package/lib/types/event/EventHandler.d.ts.map +1 -1
- package/lib/types/interaction_client/NativeInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts +3 -3
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/interaction_client/StandardInteractionClient.d.ts +1 -7
- package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_handler/InteractionHandler.d.ts +2 -2
- package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
- package/lib/types/interaction_handler/RedirectHandler.d.ts +2 -2
- package/lib/types/interaction_handler/RedirectHandler.d.ts.map +1 -1
- package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts +13 -0
- package/lib/types/protocol/Authorize.d.ts.map +1 -0
- package/lib/types/request/PopupRequest.d.ts +1 -2
- package/lib/types/request/PopupRequest.d.ts.map +1 -1
- package/lib/types/request/RedirectRequest.d.ts +1 -2
- package/lib/types/request/RedirectRequest.d.ts.map +1 -1
- package/lib/types/request/SilentRequest.d.ts +0 -1
- package/lib/types/request/SilentRequest.d.ts.map +1 -1
- package/lib/types/request/SsoSilentRequest.d.ts +2 -4
- package/lib/types/request/SsoSilentRequest.d.ts.map +1 -1
- package/lib/types/response/ResponseHandler.d.ts +3 -3
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/cache/BrowserCacheManager.ts +8 -2
- package/src/cache/TokenCache.ts +8 -7
- package/src/controllers/StandardController.ts +66 -51
- package/src/event/EventHandler.ts +9 -5
- package/src/interaction_client/NativeInteractionClient.ts +14 -2
- package/src/interaction_client/PopupClient.ts +40 -21
- package/src/interaction_client/RedirectClient.ts +41 -22
- package/src/interaction_client/SilentIframeClient.ts +42 -29
- package/src/interaction_client/StandardInteractionClient.ts +0 -40
- package/src/interaction_handler/InteractionHandler.ts +4 -3
- package/src/interaction_handler/RedirectHandler.ts +4 -3
- package/src/naa/mapping/NestedAppAuthAdapter.ts +9 -8
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +136 -0
- package/src/request/PopupRequest.ts +1 -5
- package/src/request/RedirectRequest.ts +1 -5
- package/src/request/SilentRequest.ts +0 -1
- package/src/request/SsoSilentRequest.ts +2 -7
- package/src/response/ResponseHandler.ts +3 -3
|
@@ -20,7 +20,7 @@ import {
|
|
|
20
20
|
BaseAuthRequest,
|
|
21
21
|
PromptValue,
|
|
22
22
|
InProgressPerformanceEvent,
|
|
23
|
-
|
|
23
|
+
getRequestThumbprint,
|
|
24
24
|
AccountEntity,
|
|
25
25
|
invokeAsync,
|
|
26
26
|
createClientAuthError,
|
|
@@ -1960,30 +1960,71 @@ export class StandardController implements IController {
|
|
|
1960
1960
|
}
|
|
1961
1961
|
atsMeasurement.add({ accountType: getAccountType(account) });
|
|
1962
1962
|
|
|
1963
|
-
|
|
1964
|
-
|
|
1965
|
-
|
|
1966
|
-
|
|
1967
|
-
|
|
1968
|
-
|
|
1969
|
-
|
|
1970
|
-
|
|
1971
|
-
|
|
1972
|
-
|
|
1973
|
-
|
|
1974
|
-
|
|
1975
|
-
|
|
1963
|
+
return this.acquireTokenSilentDeduped(request, account, correlationId)
|
|
1964
|
+
.then((result) => {
|
|
1965
|
+
atsMeasurement.end({
|
|
1966
|
+
success: true,
|
|
1967
|
+
fromCache: result.fromCache,
|
|
1968
|
+
isNativeBroker: result.fromNativeBroker,
|
|
1969
|
+
accessTokenSize: result.accessToken.length,
|
|
1970
|
+
idTokenSize: result.idToken.length,
|
|
1971
|
+
});
|
|
1972
|
+
return {
|
|
1973
|
+
...result,
|
|
1974
|
+
state: request.state,
|
|
1975
|
+
correlationId: correlationId, // Ensures PWB scenarios can correctly match request to response
|
|
1976
|
+
};
|
|
1977
|
+
})
|
|
1978
|
+
.catch((error: Error) => {
|
|
1979
|
+
if (error instanceof AuthError) {
|
|
1980
|
+
// Ensures PWB scenarios can correctly match request to response
|
|
1981
|
+
error.setCorrelationId(correlationId);
|
|
1982
|
+
}
|
|
1983
|
+
|
|
1984
|
+
atsMeasurement.end(
|
|
1985
|
+
{
|
|
1986
|
+
success: false,
|
|
1987
|
+
},
|
|
1988
|
+
error
|
|
1989
|
+
);
|
|
1990
|
+
throw error;
|
|
1991
|
+
});
|
|
1992
|
+
}
|
|
1993
|
+
|
|
1994
|
+
/**
|
|
1995
|
+
* Checks if identical request is already in flight and returns reference to the existing promise or fires off a new one if this is the first
|
|
1996
|
+
* @param request
|
|
1997
|
+
* @param account
|
|
1998
|
+
* @param correlationId
|
|
1999
|
+
* @returns
|
|
2000
|
+
*/
|
|
2001
|
+
private async acquireTokenSilentDeduped(
|
|
2002
|
+
request: SilentRequest,
|
|
2003
|
+
account: AccountInfo,
|
|
2004
|
+
correlationId: string
|
|
2005
|
+
): Promise<AuthenticationResult> {
|
|
2006
|
+
const thumbprint = getRequestThumbprint(
|
|
2007
|
+
this.config.auth.clientId,
|
|
2008
|
+
{
|
|
2009
|
+
...request,
|
|
2010
|
+
authority: request.authority || this.config.auth.authority,
|
|
2011
|
+
correlationId: correlationId,
|
|
2012
|
+
},
|
|
2013
|
+
account.homeAccountId
|
|
2014
|
+
);
|
|
1976
2015
|
const silentRequestKey = JSON.stringify(thumbprint);
|
|
1977
2016
|
|
|
1978
|
-
const
|
|
2017
|
+
const inProgressRequest =
|
|
1979
2018
|
this.activeSilentTokenRequests.get(silentRequestKey);
|
|
1980
|
-
|
|
2019
|
+
|
|
2020
|
+
if (typeof inProgressRequest === "undefined") {
|
|
1981
2021
|
this.logger.verbose(
|
|
1982
2022
|
"acquireTokenSilent called for the first time, storing active request",
|
|
1983
2023
|
correlationId
|
|
1984
2024
|
);
|
|
2025
|
+
this.performanceClient.addFields({ deduped: false }, correlationId);
|
|
1985
2026
|
|
|
1986
|
-
const
|
|
2027
|
+
const activeRequest = invokeAsync(
|
|
1987
2028
|
this.acquireTokenSilentAsync.bind(this),
|
|
1988
2029
|
PerformanceEvents.AcquireTokenSilentAsync,
|
|
1989
2030
|
this.logger,
|
|
@@ -1995,45 +2036,19 @@ export class StandardController implements IController {
|
|
|
1995
2036
|
correlationId,
|
|
1996
2037
|
},
|
|
1997
2038
|
account
|
|
1998
|
-
)
|
|
1999
|
-
|
|
2000
|
-
|
|
2001
|
-
|
|
2002
|
-
|
|
2003
|
-
|
|
2004
|
-
isNativeBroker: result.fromNativeBroker,
|
|
2005
|
-
cacheLookupPolicy: request.cacheLookupPolicy,
|
|
2006
|
-
accessTokenSize: result.accessToken.length,
|
|
2007
|
-
idTokenSize: result.idToken.length,
|
|
2008
|
-
});
|
|
2009
|
-
return result;
|
|
2010
|
-
})
|
|
2011
|
-
.catch((error: Error) => {
|
|
2012
|
-
this.activeSilentTokenRequests.delete(silentRequestKey);
|
|
2013
|
-
atsMeasurement.end(
|
|
2014
|
-
{
|
|
2015
|
-
success: false,
|
|
2016
|
-
},
|
|
2017
|
-
error
|
|
2018
|
-
);
|
|
2019
|
-
throw error;
|
|
2020
|
-
});
|
|
2021
|
-
this.activeSilentTokenRequests.set(silentRequestKey, response);
|
|
2022
|
-
return {
|
|
2023
|
-
...(await response),
|
|
2024
|
-
state: request.state,
|
|
2025
|
-
};
|
|
2039
|
+
);
|
|
2040
|
+
this.activeSilentTokenRequests.set(silentRequestKey, activeRequest);
|
|
2041
|
+
|
|
2042
|
+
return activeRequest.finally(() => {
|
|
2043
|
+
this.activeSilentTokenRequests.delete(silentRequestKey);
|
|
2044
|
+
});
|
|
2026
2045
|
} else {
|
|
2027
2046
|
this.logger.verbose(
|
|
2028
2047
|
"acquireTokenSilent has been called previously, returning the result from the first call",
|
|
2029
2048
|
correlationId
|
|
2030
2049
|
);
|
|
2031
|
-
|
|
2032
|
-
|
|
2033
|
-
return {
|
|
2034
|
-
...(await cachedResponse),
|
|
2035
|
-
state: request.state,
|
|
2036
|
-
};
|
|
2050
|
+
this.performanceClient.addFields({ deduped: true }, correlationId);
|
|
2051
|
+
return inProgressRequest;
|
|
2037
2052
|
}
|
|
2038
2053
|
}
|
|
2039
2054
|
|
|
@@ -23,12 +23,16 @@ export class EventHandler {
|
|
|
23
23
|
[EventCallbackFunction, Array<EventType>]
|
|
24
24
|
>;
|
|
25
25
|
private logger: Logger;
|
|
26
|
-
private broadcastChannel
|
|
26
|
+
private broadcastChannel?: BroadcastChannel;
|
|
27
27
|
|
|
28
28
|
constructor(logger?: Logger) {
|
|
29
29
|
this.eventCallbacks = new Map();
|
|
30
30
|
this.logger = logger || new Logger({});
|
|
31
|
-
|
|
31
|
+
if (typeof BroadcastChannel !== "undefined") {
|
|
32
|
+
this.broadcastChannel = new BroadcastChannel(
|
|
33
|
+
BROADCAST_CHANNEL_NAME
|
|
34
|
+
);
|
|
35
|
+
}
|
|
32
36
|
this.invokeCrossTabCallbacks = this.invokeCrossTabCallbacks.bind(this);
|
|
33
37
|
}
|
|
34
38
|
|
|
@@ -95,7 +99,7 @@ export class EventHandler {
|
|
|
95
99
|
case EventType.ACCOUNT_REMOVED:
|
|
96
100
|
case EventType.ACTIVE_ACCOUNT_CHANGED:
|
|
97
101
|
// Send event to other open tabs / MSAL instances on same domain
|
|
98
|
-
this.broadcastChannel
|
|
102
|
+
this.broadcastChannel?.postMessage(message);
|
|
99
103
|
break;
|
|
100
104
|
default:
|
|
101
105
|
// Emit event to callbacks registered in this instance
|
|
@@ -143,7 +147,7 @@ export class EventHandler {
|
|
|
143
147
|
* Listen for events broadcasted from other tabs/instances
|
|
144
148
|
*/
|
|
145
149
|
subscribeCrossTab(): void {
|
|
146
|
-
this.broadcastChannel
|
|
150
|
+
this.broadcastChannel?.addEventListener(
|
|
147
151
|
"message",
|
|
148
152
|
this.invokeCrossTabCallbacks
|
|
149
153
|
);
|
|
@@ -153,7 +157,7 @@ export class EventHandler {
|
|
|
153
157
|
* Unsubscribe from broadcast events
|
|
154
158
|
*/
|
|
155
159
|
unsubscribeCrossTab(): void {
|
|
156
|
-
this.broadcastChannel
|
|
160
|
+
this.broadcastChannel?.removeEventListener(
|
|
157
161
|
"message",
|
|
158
162
|
this.invokeCrossTabCallbacks
|
|
159
163
|
);
|
|
@@ -498,7 +498,15 @@ export class NativeInteractionClient extends BaseInteractionClient {
|
|
|
498
498
|
nativeAccountId: request.accountId,
|
|
499
499
|
})?.homeAccountId;
|
|
500
500
|
|
|
501
|
+
// add exception for double brokering, please note this is temporary and will be fortified in future
|
|
501
502
|
if (
|
|
503
|
+
request.extraParameters?.child_client_id &&
|
|
504
|
+
response.account.id !== request.accountId
|
|
505
|
+
) {
|
|
506
|
+
this.logger.info(
|
|
507
|
+
"handleNativeServerResponse: Double broker flow detected, ignoring accountId mismatch"
|
|
508
|
+
);
|
|
509
|
+
} else if (
|
|
502
510
|
homeAccountIdentifier !== cachedhomeAccountId &&
|
|
503
511
|
response.account.id !== request.accountId
|
|
504
512
|
) {
|
|
@@ -525,6 +533,9 @@ export class NativeInteractionClient extends BaseInteractionClient {
|
|
|
525
533
|
this.logger
|
|
526
534
|
);
|
|
527
535
|
|
|
536
|
+
// Ensure expires_in is in number format
|
|
537
|
+
response.expires_in = Number(response.expires_in);
|
|
538
|
+
|
|
528
539
|
// generate authenticationResult
|
|
529
540
|
const result = await this.generateAuthenticationResult(
|
|
530
541
|
response,
|
|
@@ -713,8 +724,9 @@ export class NativeInteractionClient extends BaseInteractionClient {
|
|
|
713
724
|
idTokenClaims: idTokenClaims,
|
|
714
725
|
accessToken: responseAccessToken,
|
|
715
726
|
fromCache: mats ? this.isResponseFromCache(mats) : false,
|
|
716
|
-
|
|
717
|
-
|
|
727
|
+
// Request timestamp and NativeResponse expires_in are in seconds, converting to Date for AuthenticationResult
|
|
728
|
+
expiresOn: TimeUtils.toDateFromSeconds(
|
|
729
|
+
reqTimestamp + response.expires_in
|
|
718
730
|
),
|
|
719
731
|
tokenType: tokenType,
|
|
720
732
|
correlationId: this.correlationId,
|
|
@@ -48,6 +48,8 @@ import { PopupWindowAttributes } from "../request/PopupWindowAttributes.js";
|
|
|
48
48
|
import { EventError } from "../event/EventMessage.js";
|
|
49
49
|
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
50
50
|
import * as ResponseHandler from "../response/ResponseHandler.js";
|
|
51
|
+
import { getAuthCodeRequestUrl } from "../protocol/Authorize.js";
|
|
52
|
+
import { generatePkceCodes } from "../crypto/PkceGenerator.js";
|
|
51
53
|
|
|
52
54
|
export type PopupParams = {
|
|
53
55
|
popup?: Window | null;
|
|
@@ -217,6 +219,17 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
217
219
|
this.correlationId
|
|
218
220
|
)(request, InteractionType.Popup);
|
|
219
221
|
|
|
222
|
+
const pkce =
|
|
223
|
+
pkceCodes ||
|
|
224
|
+
(await invokeAsync(
|
|
225
|
+
generatePkceCodes,
|
|
226
|
+
PerformanceEvents.GeneratePkceCodes,
|
|
227
|
+
this.logger,
|
|
228
|
+
this.performanceClient,
|
|
229
|
+
this.correlationId
|
|
230
|
+
)(this.performanceClient, this.logger, this.correlationId));
|
|
231
|
+
validRequest.codeChallenge = pkce.challenge;
|
|
232
|
+
|
|
220
233
|
/*
|
|
221
234
|
* Skip pre-connect for async popups to reduce time between user interaction and popup window creation to avoid
|
|
222
235
|
* popup from being blocked by browsers with shorter popup timers
|
|
@@ -226,16 +239,6 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
226
239
|
}
|
|
227
240
|
|
|
228
241
|
try {
|
|
229
|
-
// Create auth code request and generate PKCE params
|
|
230
|
-
const authCodeRequest: CommonAuthorizationCodeRequest =
|
|
231
|
-
await invokeAsync(
|
|
232
|
-
this.initializeAuthorizationCodeRequest.bind(this),
|
|
233
|
-
PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
|
|
234
|
-
this.logger,
|
|
235
|
-
this.performanceClient,
|
|
236
|
-
this.correlationId
|
|
237
|
-
)(validRequest, pkceCodes);
|
|
238
|
-
|
|
239
242
|
// Initialize the client
|
|
240
243
|
const authClient: AuthorizationCodeClient = await invokeAsync(
|
|
241
244
|
this.createAuthCodeClient.bind(this),
|
|
@@ -269,16 +272,19 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
269
272
|
}
|
|
270
273
|
|
|
271
274
|
// Create acquire token url.
|
|
272
|
-
const navigateUrl = await
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
275
|
+
const navigateUrl = await invokeAsync(
|
|
276
|
+
getAuthCodeRequestUrl,
|
|
277
|
+
PerformanceEvents.GetAuthCodeUrl,
|
|
278
|
+
this.logger,
|
|
279
|
+
this.performanceClient,
|
|
280
|
+
validRequest.correlationId
|
|
281
|
+
)(
|
|
282
|
+
this.config,
|
|
283
|
+
authClient.authority,
|
|
284
|
+
{
|
|
285
|
+
...validRequest,
|
|
286
|
+
platformBroker: isPlatformBroker,
|
|
287
|
+
},
|
|
282
288
|
this.logger,
|
|
283
289
|
this.performanceClient
|
|
284
290
|
);
|
|
@@ -316,7 +322,7 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
316
322
|
ThrottlingUtils.removeThrottle(
|
|
317
323
|
this.browserStorage,
|
|
318
324
|
this.config.auth.clientId,
|
|
319
|
-
|
|
325
|
+
validRequest
|
|
320
326
|
);
|
|
321
327
|
|
|
322
328
|
if (serverParams.accountId) {
|
|
@@ -361,6 +367,19 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
361
367
|
});
|
|
362
368
|
}
|
|
363
369
|
|
|
370
|
+
const authCodeRequest: CommonAuthorizationCodeRequest = {
|
|
371
|
+
...validRequest,
|
|
372
|
+
code: serverParams.code || "",
|
|
373
|
+
codeVerifier: pkce.verifier,
|
|
374
|
+
};
|
|
375
|
+
// Create popup interaction handler.
|
|
376
|
+
const interactionHandler = new InteractionHandler(
|
|
377
|
+
authClient,
|
|
378
|
+
this.browserStorage,
|
|
379
|
+
authCodeRequest,
|
|
380
|
+
this.logger,
|
|
381
|
+
this.performanceClient
|
|
382
|
+
);
|
|
364
383
|
// Handle response from hash string.
|
|
365
384
|
const result = await interactionHandler.handleCodeResponse(
|
|
366
385
|
serverParams,
|
|
@@ -11,7 +11,7 @@ import {
|
|
|
11
11
|
ServerTelemetryManager,
|
|
12
12
|
Constants,
|
|
13
13
|
ProtocolUtils,
|
|
14
|
-
|
|
14
|
+
AuthorizeResponse,
|
|
15
15
|
ThrottlingUtils,
|
|
16
16
|
ICrypto,
|
|
17
17
|
Logger,
|
|
@@ -48,6 +48,8 @@ import { INavigationClient } from "../navigation/INavigationClient.js";
|
|
|
48
48
|
import { EventError } from "../event/EventMessage.js";
|
|
49
49
|
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
50
50
|
import * as ResponseHandler from "../response/ResponseHandler.js";
|
|
51
|
+
import { getAuthCodeRequestUrl } from "../protocol/Authorize.js";
|
|
52
|
+
import { generatePkceCodes } from "../crypto/PkceGenerator.js";
|
|
51
53
|
|
|
52
54
|
function getNavigationType(): NavigationTimingType | undefined {
|
|
53
55
|
if (
|
|
@@ -107,6 +109,15 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
107
109
|
this.correlationId
|
|
108
110
|
)(request, InteractionType.Redirect);
|
|
109
111
|
|
|
112
|
+
const pkceCodes = await invokeAsync(
|
|
113
|
+
generatePkceCodes,
|
|
114
|
+
PerformanceEvents.GeneratePkceCodes,
|
|
115
|
+
this.logger,
|
|
116
|
+
this.performanceClient,
|
|
117
|
+
this.correlationId
|
|
118
|
+
)(this.performanceClient, this.logger, this.correlationId);
|
|
119
|
+
validRequest.codeChallenge = pkceCodes.challenge;
|
|
120
|
+
|
|
110
121
|
this.browserStorage.updateCacheEntries(
|
|
111
122
|
validRequest.state,
|
|
112
123
|
validRequest.nonce,
|
|
@@ -133,16 +144,6 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
133
144
|
};
|
|
134
145
|
|
|
135
146
|
try {
|
|
136
|
-
// Create auth code request and generate PKCE params
|
|
137
|
-
const authCodeRequest: CommonAuthorizationCodeRequest =
|
|
138
|
-
await invokeAsync(
|
|
139
|
-
this.initializeAuthorizationCodeRequest.bind(this),
|
|
140
|
-
PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
|
|
141
|
-
this.logger,
|
|
142
|
-
this.performanceClient,
|
|
143
|
-
this.correlationId
|
|
144
|
-
)(validRequest);
|
|
145
|
-
|
|
146
147
|
// Initialize the client
|
|
147
148
|
const authClient: AuthorizationCodeClient = await invokeAsync(
|
|
148
149
|
this.createAuthCodeClient.bind(this),
|
|
@@ -158,6 +159,11 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
158
159
|
account: validRequest.account,
|
|
159
160
|
});
|
|
160
161
|
|
|
162
|
+
const authCodeRequest: CommonAuthorizationCodeRequest = {
|
|
163
|
+
...validRequest,
|
|
164
|
+
code: "", // Will get filled in after the redirect
|
|
165
|
+
codeVerifier: pkceCodes.verifier,
|
|
166
|
+
};
|
|
161
167
|
// Create redirect interaction handler.
|
|
162
168
|
const interactionHandler = new RedirectHandler(
|
|
163
169
|
authClient,
|
|
@@ -168,15 +174,28 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
168
174
|
);
|
|
169
175
|
|
|
170
176
|
// Create acquire token url.
|
|
171
|
-
const navigateUrl = await
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
177
|
+
const navigateUrl = await invokeAsync(
|
|
178
|
+
getAuthCodeRequestUrl,
|
|
179
|
+
PerformanceEvents.GetAuthCodeUrl,
|
|
180
|
+
this.logger,
|
|
181
|
+
this.performanceClient,
|
|
182
|
+
validRequest.correlationId
|
|
183
|
+
)(
|
|
184
|
+
this.config,
|
|
185
|
+
authClient.authority,
|
|
186
|
+
{
|
|
187
|
+
...validRequest,
|
|
188
|
+
platformBroker:
|
|
189
|
+
NativeMessageHandler.isPlatformBrokerAvailable(
|
|
190
|
+
this.config,
|
|
191
|
+
this.logger,
|
|
192
|
+
this.nativeMessageHandler,
|
|
193
|
+
request.authenticationScheme
|
|
194
|
+
),
|
|
195
|
+
},
|
|
196
|
+
this.logger,
|
|
197
|
+
this.performanceClient
|
|
198
|
+
);
|
|
180
199
|
|
|
181
200
|
const redirectStartPage = this.getRedirectStartPage(
|
|
182
201
|
request.redirectStartPage
|
|
@@ -373,7 +392,7 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
373
392
|
*/
|
|
374
393
|
protected getRedirectResponse(
|
|
375
394
|
userProvidedResponse: string
|
|
376
|
-
): [
|
|
395
|
+
): [AuthorizeResponse | null, string] {
|
|
377
396
|
this.logger.verbose("getRedirectResponseHash called");
|
|
378
397
|
// Get current location hash from window or cache.
|
|
379
398
|
let responseString = userProvidedResponse;
|
|
@@ -439,7 +458,7 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
439
458
|
* @param state
|
|
440
459
|
*/
|
|
441
460
|
protected async handleResponse(
|
|
442
|
-
serverParams:
|
|
461
|
+
serverParams: AuthorizeResponse,
|
|
443
462
|
serverTelemetryManager: ServerTelemetryManager
|
|
444
463
|
): Promise<AuthenticationResult> {
|
|
445
464
|
const state = serverParams.state;
|
|
@@ -42,6 +42,8 @@ import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
|
42
42
|
import { InteractionHandler } from "../interaction_handler/InteractionHandler.js";
|
|
43
43
|
import * as BrowserUtils from "../utils/BrowserUtils.js";
|
|
44
44
|
import * as ResponseHandler from "../response/ResponseHandler.js";
|
|
45
|
+
import { getAuthCodeRequestUrl } from "../protocol/Authorize.js";
|
|
46
|
+
import { generatePkceCodes } from "../crypto/PkceGenerator.js";
|
|
45
47
|
|
|
46
48
|
export class SilentIframeClient extends StandardInteractionClient {
|
|
47
49
|
protected apiId: ApiId;
|
|
@@ -212,49 +214,47 @@ export class SilentIframeClient extends StandardInteractionClient {
|
|
|
212
214
|
*/
|
|
213
215
|
protected async silentTokenHelper(
|
|
214
216
|
authClient: AuthorizationCodeClient,
|
|
215
|
-
|
|
217
|
+
request: AuthorizationUrlRequest
|
|
216
218
|
): Promise<AuthenticationResult> {
|
|
217
|
-
const correlationId =
|
|
219
|
+
const correlationId = request.correlationId;
|
|
218
220
|
this.performanceClient.addQueueMeasurement(
|
|
219
221
|
PerformanceEvents.SilentIframeClientTokenHelper,
|
|
220
222
|
correlationId
|
|
221
223
|
);
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
224
|
+
const pkceCodes = await invokeAsync(
|
|
225
|
+
generatePkceCodes,
|
|
226
|
+
PerformanceEvents.GeneratePkceCodes,
|
|
227
|
+
this.logger,
|
|
228
|
+
this.performanceClient,
|
|
229
|
+
this.correlationId
|
|
230
|
+
)(this.performanceClient, this.logger, this.correlationId);
|
|
231
|
+
const silentRequest = {
|
|
232
|
+
...request,
|
|
233
|
+
codeChallenge: pkceCodes.challenge,
|
|
234
|
+
};
|
|
233
235
|
// Create authorize request url
|
|
234
236
|
const navigateUrl = await invokeAsync(
|
|
235
|
-
|
|
237
|
+
getAuthCodeRequestUrl,
|
|
236
238
|
PerformanceEvents.GetAuthCodeUrl,
|
|
237
239
|
this.logger,
|
|
238
240
|
this.performanceClient,
|
|
239
241
|
correlationId
|
|
240
|
-
)(
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
authClient,
|
|
253
|
-
this.browserStorage,
|
|
254
|
-
authCodeRequest,
|
|
242
|
+
)(
|
|
243
|
+
this.config,
|
|
244
|
+
authClient.authority,
|
|
245
|
+
{
|
|
246
|
+
...silentRequest,
|
|
247
|
+
platformBroker: NativeMessageHandler.isPlatformBrokerAvailable(
|
|
248
|
+
this.config,
|
|
249
|
+
this.logger,
|
|
250
|
+
this.nativeMessageHandler,
|
|
251
|
+
silentRequest.authenticationScheme
|
|
252
|
+
),
|
|
253
|
+
},
|
|
255
254
|
this.logger,
|
|
256
255
|
this.performanceClient
|
|
257
256
|
);
|
|
257
|
+
|
|
258
258
|
// Get the frame handle for the silent request
|
|
259
259
|
const msalFrame = await invokeAsync(
|
|
260
260
|
initiateAuthRequest,
|
|
@@ -335,6 +335,19 @@ export class SilentIframeClient extends StandardInteractionClient {
|
|
|
335
335
|
prompt: silentRequest.prompt || PromptValue.NONE,
|
|
336
336
|
});
|
|
337
337
|
}
|
|
338
|
+
const authCodeRequest: CommonAuthorizationCodeRequest = {
|
|
339
|
+
...silentRequest,
|
|
340
|
+
code: serverParams.code || "",
|
|
341
|
+
codeVerifier: pkceCodes.verifier,
|
|
342
|
+
};
|
|
343
|
+
// Create silent handler
|
|
344
|
+
const interactionHandler = new InteractionHandler(
|
|
345
|
+
authClient,
|
|
346
|
+
this.browserStorage,
|
|
347
|
+
authCodeRequest,
|
|
348
|
+
this.logger,
|
|
349
|
+
this.performanceClient
|
|
350
|
+
);
|
|
338
351
|
|
|
339
352
|
// Handle response from hash string
|
|
340
353
|
return invokeAsync(
|
|
@@ -5,7 +5,6 @@
|
|
|
5
5
|
|
|
6
6
|
import {
|
|
7
7
|
ServerTelemetryManager,
|
|
8
|
-
CommonAuthorizationCodeRequest,
|
|
9
8
|
Constants,
|
|
10
9
|
AuthorizationCodeClient,
|
|
11
10
|
ClientConfiguration,
|
|
@@ -20,7 +19,6 @@ import {
|
|
|
20
19
|
invokeAsync,
|
|
21
20
|
BaseAuthRequest,
|
|
22
21
|
StringDict,
|
|
23
|
-
PkceCodes,
|
|
24
22
|
} from "@azure/msal-common/browser";
|
|
25
23
|
import { BaseInteractionClient } from "./BaseInteractionClient.js";
|
|
26
24
|
import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest.js";
|
|
@@ -35,7 +33,6 @@ import * as BrowserUtils from "../utils/BrowserUtils.js";
|
|
|
35
33
|
import { RedirectRequest } from "../request/RedirectRequest.js";
|
|
36
34
|
import { PopupRequest } from "../request/PopupRequest.js";
|
|
37
35
|
import { SsoSilentRequest } from "../request/SsoSilentRequest.js";
|
|
38
|
-
import { generatePkceCodes } from "../crypto/PkceGenerator.js";
|
|
39
36
|
import { createNewGuid } from "../crypto/BrowserCrypto.js";
|
|
40
37
|
import { initializeBaseRequest } from "../request/RequestHelpers.js";
|
|
41
38
|
|
|
@@ -43,43 +40,6 @@ import { initializeBaseRequest } from "../request/RequestHelpers.js";
|
|
|
43
40
|
* Defines the class structure and helper functions used by the "standard", non-brokered auth flows (popup, redirect, silent (RT), silent (iframe))
|
|
44
41
|
*/
|
|
45
42
|
export abstract class StandardInteractionClient extends BaseInteractionClient {
|
|
46
|
-
/**
|
|
47
|
-
* Generates an auth code request tied to the url request.
|
|
48
|
-
* @param request
|
|
49
|
-
* @param pkceCodes
|
|
50
|
-
*/
|
|
51
|
-
protected async initializeAuthorizationCodeRequest(
|
|
52
|
-
request: AuthorizationUrlRequest,
|
|
53
|
-
pkceCodes?: PkceCodes
|
|
54
|
-
): Promise<CommonAuthorizationCodeRequest> {
|
|
55
|
-
this.performanceClient.addQueueMeasurement(
|
|
56
|
-
PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
|
|
57
|
-
this.correlationId
|
|
58
|
-
);
|
|
59
|
-
|
|
60
|
-
const generatedPkceParams: PkceCodes =
|
|
61
|
-
pkceCodes ||
|
|
62
|
-
(await invokeAsync(
|
|
63
|
-
generatePkceCodes,
|
|
64
|
-
PerformanceEvents.GeneratePkceCodes,
|
|
65
|
-
this.logger,
|
|
66
|
-
this.performanceClient,
|
|
67
|
-
this.correlationId
|
|
68
|
-
)(this.performanceClient, this.logger, this.correlationId));
|
|
69
|
-
|
|
70
|
-
const authCodeRequest: CommonAuthorizationCodeRequest = {
|
|
71
|
-
...request,
|
|
72
|
-
redirectUri: request.redirectUri,
|
|
73
|
-
code: Constants.EMPTY_STRING,
|
|
74
|
-
codeVerifier: generatedPkceParams.verifier,
|
|
75
|
-
};
|
|
76
|
-
|
|
77
|
-
request.codeChallenge = generatedPkceParams.challenge;
|
|
78
|
-
request.codeChallengeMethod = Constants.S256_CODE_CHALLENGE_METHOD;
|
|
79
|
-
|
|
80
|
-
return authCodeRequest;
|
|
81
|
-
}
|
|
82
|
-
|
|
83
43
|
/**
|
|
84
44
|
* Initializer for the logout request.
|
|
85
45
|
* @param logoutRequest
|
|
@@ -14,7 +14,8 @@ import {
|
|
|
14
14
|
PerformanceEvents,
|
|
15
15
|
invokeAsync,
|
|
16
16
|
CcsCredentialType,
|
|
17
|
-
|
|
17
|
+
AuthorizeResponse,
|
|
18
|
+
AuthorizeProtocol,
|
|
18
19
|
} from "@azure/msal-common/browser";
|
|
19
20
|
|
|
20
21
|
import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
|
|
@@ -54,7 +55,7 @@ export class InteractionHandler {
|
|
|
54
55
|
* @param locationHash
|
|
55
56
|
*/
|
|
56
57
|
async handleCodeResponse(
|
|
57
|
-
response:
|
|
58
|
+
response: AuthorizeResponse,
|
|
58
59
|
request: AuthorizationUrlRequest
|
|
59
60
|
): Promise<AuthenticationResult> {
|
|
60
61
|
this.performanceClient.addQueueMeasurement(
|
|
@@ -64,7 +65,7 @@ export class InteractionHandler {
|
|
|
64
65
|
|
|
65
66
|
let authCodeResponse;
|
|
66
67
|
try {
|
|
67
|
-
authCodeResponse =
|
|
68
|
+
authCodeResponse = AuthorizeProtocol.getAuthorizationCodePayload(
|
|
68
69
|
response,
|
|
69
70
|
request.state
|
|
70
71
|
);
|