@azure/msal-browser 4.5.1 → 4.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (172) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeMessageHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  6. package/dist/cache/AccountManager.mjs +1 -1
  7. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  8. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  9. package/dist/cache/BrowserCacheManager.mjs +9 -3
  10. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  11. package/dist/cache/CacheHelpers.mjs +1 -1
  12. package/dist/cache/CookieStorage.mjs +1 -1
  13. package/dist/cache/DatabaseStorage.mjs +1 -1
  14. package/dist/cache/LocalStorage.mjs +1 -1
  15. package/dist/cache/MemoryStorage.mjs +1 -1
  16. package/dist/cache/SessionStorage.mjs +1 -1
  17. package/dist/cache/TokenCache.d.ts.map +1 -1
  18. package/dist/cache/TokenCache.mjs +7 -7
  19. package/dist/cache/TokenCache.mjs.map +1 -1
  20. package/dist/config/Configuration.mjs +1 -1
  21. package/dist/controllers/ControllerFactory.mjs +1 -1
  22. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  23. package/dist/controllers/StandardController.d.ts +8 -0
  24. package/dist/controllers/StandardController.d.ts.map +1 -1
  25. package/dist/controllers/StandardController.mjs +50 -47
  26. package/dist/controllers/StandardController.mjs.map +1 -1
  27. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  28. package/dist/crypto/BrowserCrypto.mjs +1 -1
  29. package/dist/crypto/CryptoOps.mjs +1 -1
  30. package/dist/crypto/PkceGenerator.mjs +1 -1
  31. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  32. package/dist/encode/Base64Decode.mjs +1 -1
  33. package/dist/encode/Base64Encode.mjs +1 -1
  34. package/dist/error/BrowserAuthError.mjs +1 -1
  35. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  36. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  37. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  38. package/dist/error/NativeAuthError.mjs +1 -1
  39. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  40. package/dist/error/NestedAppAuthError.mjs +1 -1
  41. package/dist/event/EventHandler.d.ts +1 -1
  42. package/dist/event/EventHandler.d.ts.map +1 -1
  43. package/dist/event/EventHandler.mjs +7 -5
  44. package/dist/event/EventHandler.mjs.map +1 -1
  45. package/dist/event/EventMessage.mjs +1 -1
  46. package/dist/event/EventType.mjs +1 -1
  47. package/dist/index.mjs +1 -1
  48. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  49. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  50. package/dist/interaction_client/NativeInteractionClient.d.ts.map +1 -1
  51. package/dist/interaction_client/NativeInteractionClient.mjs +11 -3
  52. package/dist/interaction_client/NativeInteractionClient.mjs.map +1 -1
  53. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  54. package/dist/interaction_client/PopupClient.mjs +16 -8
  55. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  56. package/dist/interaction_client/RedirectClient.d.ts +3 -3
  57. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  58. package/dist/interaction_client/RedirectClient.mjs +12 -5
  59. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  60. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  61. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  62. package/dist/interaction_client/SilentIframeClient.d.ts +1 -1
  63. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  64. package/dist/interaction_client/SilentIframeClient.mjs +19 -9
  65. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  66. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  67. package/dist/interaction_client/StandardInteractionClient.d.ts +1 -7
  68. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  69. package/dist/interaction_client/StandardInteractionClient.mjs +2 -22
  70. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  71. package/dist/interaction_handler/InteractionHandler.d.ts +2 -2
  72. package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
  73. package/dist/interaction_handler/InteractionHandler.mjs +3 -3
  74. package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
  75. package/dist/interaction_handler/RedirectHandler.d.ts +2 -2
  76. package/dist/interaction_handler/RedirectHandler.d.ts.map +1 -1
  77. package/dist/interaction_handler/RedirectHandler.mjs +3 -3
  78. package/dist/interaction_handler/RedirectHandler.mjs.map +1 -1
  79. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  80. package/dist/naa/BridgeError.mjs +1 -1
  81. package/dist/naa/BridgeProxy.mjs +1 -1
  82. package/dist/naa/BridgeStatusCode.mjs +1 -1
  83. package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  84. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +7 -7
  85. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  86. package/dist/navigation/NavigationClient.mjs +1 -1
  87. package/dist/network/FetchClient.mjs +1 -1
  88. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  89. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  90. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  91. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  92. package/dist/packageMetadata.d.ts +1 -1
  93. package/dist/packageMetadata.mjs +2 -2
  94. package/dist/protocol/Authorize.d.ts +13 -0
  95. package/dist/protocol/Authorize.d.ts.map +1 -0
  96. package/dist/protocol/Authorize.mjs +74 -0
  97. package/dist/protocol/Authorize.mjs.map +1 -0
  98. package/dist/request/PopupRequest.d.ts +1 -2
  99. package/dist/request/PopupRequest.d.ts.map +1 -1
  100. package/dist/request/RedirectRequest.d.ts +1 -2
  101. package/dist/request/RedirectRequest.d.ts.map +1 -1
  102. package/dist/request/RequestHelpers.mjs +1 -1
  103. package/dist/request/SilentRequest.d.ts +0 -1
  104. package/dist/request/SilentRequest.d.ts.map +1 -1
  105. package/dist/request/SsoSilentRequest.d.ts +2 -4
  106. package/dist/request/SsoSilentRequest.d.ts.map +1 -1
  107. package/dist/response/ResponseHandler.d.ts +3 -3
  108. package/dist/response/ResponseHandler.d.ts.map +1 -1
  109. package/dist/response/ResponseHandler.mjs +1 -1
  110. package/dist/response/ResponseHandler.mjs.map +1 -1
  111. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  112. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  113. package/dist/utils/BrowserConstants.mjs +1 -1
  114. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  115. package/dist/utils/BrowserUtils.mjs +1 -1
  116. package/lib/msal-browser.cjs +1049 -1053
  117. package/lib/msal-browser.cjs.map +1 -1
  118. package/lib/msal-browser.js +1049 -1053
  119. package/lib/msal-browser.js.map +1 -1
  120. package/lib/msal-browser.min.js +67 -65
  121. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  122. package/lib/types/cache/TokenCache.d.ts.map +1 -1
  123. package/lib/types/controllers/StandardController.d.ts +8 -0
  124. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  125. package/lib/types/event/EventHandler.d.ts +1 -1
  126. package/lib/types/event/EventHandler.d.ts.map +1 -1
  127. package/lib/types/interaction_client/NativeInteractionClient.d.ts.map +1 -1
  128. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  129. package/lib/types/interaction_client/RedirectClient.d.ts +3 -3
  130. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  131. package/lib/types/interaction_client/SilentIframeClient.d.ts +1 -1
  132. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  133. package/lib/types/interaction_client/StandardInteractionClient.d.ts +1 -7
  134. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  135. package/lib/types/interaction_handler/InteractionHandler.d.ts +2 -2
  136. package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  137. package/lib/types/interaction_handler/RedirectHandler.d.ts +2 -2
  138. package/lib/types/interaction_handler/RedirectHandler.d.ts.map +1 -1
  139. package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  140. package/lib/types/packageMetadata.d.ts +1 -1
  141. package/lib/types/protocol/Authorize.d.ts +13 -0
  142. package/lib/types/protocol/Authorize.d.ts.map +1 -0
  143. package/lib/types/request/PopupRequest.d.ts +1 -2
  144. package/lib/types/request/PopupRequest.d.ts.map +1 -1
  145. package/lib/types/request/RedirectRequest.d.ts +1 -2
  146. package/lib/types/request/RedirectRequest.d.ts.map +1 -1
  147. package/lib/types/request/SilentRequest.d.ts +0 -1
  148. package/lib/types/request/SilentRequest.d.ts.map +1 -1
  149. package/lib/types/request/SsoSilentRequest.d.ts +2 -4
  150. package/lib/types/request/SsoSilentRequest.d.ts.map +1 -1
  151. package/lib/types/response/ResponseHandler.d.ts +3 -3
  152. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  153. package/package.json +2 -2
  154. package/src/cache/BrowserCacheManager.ts +8 -2
  155. package/src/cache/TokenCache.ts +8 -7
  156. package/src/controllers/StandardController.ts +66 -51
  157. package/src/event/EventHandler.ts +9 -5
  158. package/src/interaction_client/NativeInteractionClient.ts +14 -2
  159. package/src/interaction_client/PopupClient.ts +40 -21
  160. package/src/interaction_client/RedirectClient.ts +41 -22
  161. package/src/interaction_client/SilentIframeClient.ts +42 -29
  162. package/src/interaction_client/StandardInteractionClient.ts +0 -40
  163. package/src/interaction_handler/InteractionHandler.ts +4 -3
  164. package/src/interaction_handler/RedirectHandler.ts +4 -3
  165. package/src/naa/mapping/NestedAppAuthAdapter.ts +9 -8
  166. package/src/packageMetadata.ts +1 -1
  167. package/src/protocol/Authorize.ts +136 -0
  168. package/src/request/PopupRequest.ts +1 -5
  169. package/src/request/RedirectRequest.ts +1 -5
  170. package/src/request/SilentRequest.ts +0 -1
  171. package/src/request/SsoSilentRequest.ts +2 -7
  172. package/src/response/ResponseHandler.ts +3 -3
@@ -20,7 +20,7 @@ import {
20
20
  BaseAuthRequest,
21
21
  PromptValue,
22
22
  InProgressPerformanceEvent,
23
- RequestThumbprint,
23
+ getRequestThumbprint,
24
24
  AccountEntity,
25
25
  invokeAsync,
26
26
  createClientAuthError,
@@ -1960,30 +1960,71 @@ export class StandardController implements IController {
1960
1960
  }
1961
1961
  atsMeasurement.add({ accountType: getAccountType(account) });
1962
1962
 
1963
- const thumbprint: RequestThumbprint = {
1964
- clientId: this.config.auth.clientId,
1965
- authority: request.authority || Constants.EMPTY_STRING,
1966
- scopes: request.scopes,
1967
- homeAccountIdentifier: account.homeAccountId,
1968
- claims: request.claims,
1969
- authenticationScheme: request.authenticationScheme,
1970
- resourceRequestMethod: request.resourceRequestMethod,
1971
- resourceRequestUri: request.resourceRequestUri,
1972
- shrClaims: request.shrClaims,
1973
- sshKid: request.sshKid,
1974
- shrOptions: request.shrOptions,
1975
- };
1963
+ return this.acquireTokenSilentDeduped(request, account, correlationId)
1964
+ .then((result) => {
1965
+ atsMeasurement.end({
1966
+ success: true,
1967
+ fromCache: result.fromCache,
1968
+ isNativeBroker: result.fromNativeBroker,
1969
+ accessTokenSize: result.accessToken.length,
1970
+ idTokenSize: result.idToken.length,
1971
+ });
1972
+ return {
1973
+ ...result,
1974
+ state: request.state,
1975
+ correlationId: correlationId, // Ensures PWB scenarios can correctly match request to response
1976
+ };
1977
+ })
1978
+ .catch((error: Error) => {
1979
+ if (error instanceof AuthError) {
1980
+ // Ensures PWB scenarios can correctly match request to response
1981
+ error.setCorrelationId(correlationId);
1982
+ }
1983
+
1984
+ atsMeasurement.end(
1985
+ {
1986
+ success: false,
1987
+ },
1988
+ error
1989
+ );
1990
+ throw error;
1991
+ });
1992
+ }
1993
+
1994
+ /**
1995
+ * Checks if identical request is already in flight and returns reference to the existing promise or fires off a new one if this is the first
1996
+ * @param request
1997
+ * @param account
1998
+ * @param correlationId
1999
+ * @returns
2000
+ */
2001
+ private async acquireTokenSilentDeduped(
2002
+ request: SilentRequest,
2003
+ account: AccountInfo,
2004
+ correlationId: string
2005
+ ): Promise<AuthenticationResult> {
2006
+ const thumbprint = getRequestThumbprint(
2007
+ this.config.auth.clientId,
2008
+ {
2009
+ ...request,
2010
+ authority: request.authority || this.config.auth.authority,
2011
+ correlationId: correlationId,
2012
+ },
2013
+ account.homeAccountId
2014
+ );
1976
2015
  const silentRequestKey = JSON.stringify(thumbprint);
1977
2016
 
1978
- const cachedResponse =
2017
+ const inProgressRequest =
1979
2018
  this.activeSilentTokenRequests.get(silentRequestKey);
1980
- if (typeof cachedResponse === "undefined") {
2019
+
2020
+ if (typeof inProgressRequest === "undefined") {
1981
2021
  this.logger.verbose(
1982
2022
  "acquireTokenSilent called for the first time, storing active request",
1983
2023
  correlationId
1984
2024
  );
2025
+ this.performanceClient.addFields({ deduped: false }, correlationId);
1985
2026
 
1986
- const response = invokeAsync(
2027
+ const activeRequest = invokeAsync(
1987
2028
  this.acquireTokenSilentAsync.bind(this),
1988
2029
  PerformanceEvents.AcquireTokenSilentAsync,
1989
2030
  this.logger,
@@ -1995,45 +2036,19 @@ export class StandardController implements IController {
1995
2036
  correlationId,
1996
2037
  },
1997
2038
  account
1998
- )
1999
- .then((result) => {
2000
- this.activeSilentTokenRequests.delete(silentRequestKey);
2001
- atsMeasurement.end({
2002
- success: true,
2003
- fromCache: result.fromCache,
2004
- isNativeBroker: result.fromNativeBroker,
2005
- cacheLookupPolicy: request.cacheLookupPolicy,
2006
- accessTokenSize: result.accessToken.length,
2007
- idTokenSize: result.idToken.length,
2008
- });
2009
- return result;
2010
- })
2011
- .catch((error: Error) => {
2012
- this.activeSilentTokenRequests.delete(silentRequestKey);
2013
- atsMeasurement.end(
2014
- {
2015
- success: false,
2016
- },
2017
- error
2018
- );
2019
- throw error;
2020
- });
2021
- this.activeSilentTokenRequests.set(silentRequestKey, response);
2022
- return {
2023
- ...(await response),
2024
- state: request.state,
2025
- };
2039
+ );
2040
+ this.activeSilentTokenRequests.set(silentRequestKey, activeRequest);
2041
+
2042
+ return activeRequest.finally(() => {
2043
+ this.activeSilentTokenRequests.delete(silentRequestKey);
2044
+ });
2026
2045
  } else {
2027
2046
  this.logger.verbose(
2028
2047
  "acquireTokenSilent has been called previously, returning the result from the first call",
2029
2048
  correlationId
2030
2049
  );
2031
- // Discard measurements for memoized calls, as they are usually only a couple of ms and will artificially deflate metrics
2032
- atsMeasurement.discard();
2033
- return {
2034
- ...(await cachedResponse),
2035
- state: request.state,
2036
- };
2050
+ this.performanceClient.addFields({ deduped: true }, correlationId);
2051
+ return inProgressRequest;
2037
2052
  }
2038
2053
  }
2039
2054
 
@@ -23,12 +23,16 @@ export class EventHandler {
23
23
  [EventCallbackFunction, Array<EventType>]
24
24
  >;
25
25
  private logger: Logger;
26
- private broadcastChannel: BroadcastChannel;
26
+ private broadcastChannel?: BroadcastChannel;
27
27
 
28
28
  constructor(logger?: Logger) {
29
29
  this.eventCallbacks = new Map();
30
30
  this.logger = logger || new Logger({});
31
- this.broadcastChannel = new BroadcastChannel(BROADCAST_CHANNEL_NAME);
31
+ if (typeof BroadcastChannel !== "undefined") {
32
+ this.broadcastChannel = new BroadcastChannel(
33
+ BROADCAST_CHANNEL_NAME
34
+ );
35
+ }
32
36
  this.invokeCrossTabCallbacks = this.invokeCrossTabCallbacks.bind(this);
33
37
  }
34
38
 
@@ -95,7 +99,7 @@ export class EventHandler {
95
99
  case EventType.ACCOUNT_REMOVED:
96
100
  case EventType.ACTIVE_ACCOUNT_CHANGED:
97
101
  // Send event to other open tabs / MSAL instances on same domain
98
- this.broadcastChannel.postMessage(message);
102
+ this.broadcastChannel?.postMessage(message);
99
103
  break;
100
104
  default:
101
105
  // Emit event to callbacks registered in this instance
@@ -143,7 +147,7 @@ export class EventHandler {
143
147
  * Listen for events broadcasted from other tabs/instances
144
148
  */
145
149
  subscribeCrossTab(): void {
146
- this.broadcastChannel.addEventListener(
150
+ this.broadcastChannel?.addEventListener(
147
151
  "message",
148
152
  this.invokeCrossTabCallbacks
149
153
  );
@@ -153,7 +157,7 @@ export class EventHandler {
153
157
  * Unsubscribe from broadcast events
154
158
  */
155
159
  unsubscribeCrossTab(): void {
156
- this.broadcastChannel.removeEventListener(
160
+ this.broadcastChannel?.removeEventListener(
157
161
  "message",
158
162
  this.invokeCrossTabCallbacks
159
163
  );
@@ -498,7 +498,15 @@ export class NativeInteractionClient extends BaseInteractionClient {
498
498
  nativeAccountId: request.accountId,
499
499
  })?.homeAccountId;
500
500
 
501
+ // add exception for double brokering, please note this is temporary and will be fortified in future
501
502
  if (
503
+ request.extraParameters?.child_client_id &&
504
+ response.account.id !== request.accountId
505
+ ) {
506
+ this.logger.info(
507
+ "handleNativeServerResponse: Double broker flow detected, ignoring accountId mismatch"
508
+ );
509
+ } else if (
502
510
  homeAccountIdentifier !== cachedhomeAccountId &&
503
511
  response.account.id !== request.accountId
504
512
  ) {
@@ -525,6 +533,9 @@ export class NativeInteractionClient extends BaseInteractionClient {
525
533
  this.logger
526
534
  );
527
535
 
536
+ // Ensure expires_in is in number format
537
+ response.expires_in = Number(response.expires_in);
538
+
528
539
  // generate authenticationResult
529
540
  const result = await this.generateAuthenticationResult(
530
541
  response,
@@ -713,8 +724,9 @@ export class NativeInteractionClient extends BaseInteractionClient {
713
724
  idTokenClaims: idTokenClaims,
714
725
  accessToken: responseAccessToken,
715
726
  fromCache: mats ? this.isResponseFromCache(mats) : false,
716
- expiresOn: new Date(
717
- Number(reqTimestamp + response.expires_in) * 1000
727
+ // Request timestamp and NativeResponse expires_in are in seconds, converting to Date for AuthenticationResult
728
+ expiresOn: TimeUtils.toDateFromSeconds(
729
+ reqTimestamp + response.expires_in
718
730
  ),
719
731
  tokenType: tokenType,
720
732
  correlationId: this.correlationId,
@@ -48,6 +48,8 @@ import { PopupWindowAttributes } from "../request/PopupWindowAttributes.js";
48
48
  import { EventError } from "../event/EventMessage.js";
49
49
  import { AuthenticationResult } from "../response/AuthenticationResult.js";
50
50
  import * as ResponseHandler from "../response/ResponseHandler.js";
51
+ import { getAuthCodeRequestUrl } from "../protocol/Authorize.js";
52
+ import { generatePkceCodes } from "../crypto/PkceGenerator.js";
51
53
 
52
54
  export type PopupParams = {
53
55
  popup?: Window | null;
@@ -217,6 +219,17 @@ export class PopupClient extends StandardInteractionClient {
217
219
  this.correlationId
218
220
  )(request, InteractionType.Popup);
219
221
 
222
+ const pkce =
223
+ pkceCodes ||
224
+ (await invokeAsync(
225
+ generatePkceCodes,
226
+ PerformanceEvents.GeneratePkceCodes,
227
+ this.logger,
228
+ this.performanceClient,
229
+ this.correlationId
230
+ )(this.performanceClient, this.logger, this.correlationId));
231
+ validRequest.codeChallenge = pkce.challenge;
232
+
220
233
  /*
221
234
  * Skip pre-connect for async popups to reduce time between user interaction and popup window creation to avoid
222
235
  * popup from being blocked by browsers with shorter popup timers
@@ -226,16 +239,6 @@ export class PopupClient extends StandardInteractionClient {
226
239
  }
227
240
 
228
241
  try {
229
- // Create auth code request and generate PKCE params
230
- const authCodeRequest: CommonAuthorizationCodeRequest =
231
- await invokeAsync(
232
- this.initializeAuthorizationCodeRequest.bind(this),
233
- PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
234
- this.logger,
235
- this.performanceClient,
236
- this.correlationId
237
- )(validRequest, pkceCodes);
238
-
239
242
  // Initialize the client
240
243
  const authClient: AuthorizationCodeClient = await invokeAsync(
241
244
  this.createAuthCodeClient.bind(this),
@@ -269,16 +272,19 @@ export class PopupClient extends StandardInteractionClient {
269
272
  }
270
273
 
271
274
  // Create acquire token url.
272
- const navigateUrl = await authClient.getAuthCodeUrl({
273
- ...validRequest,
274
- platformBroker: isPlatformBroker,
275
- });
276
-
277
- // Create popup interaction handler.
278
- const interactionHandler = new InteractionHandler(
279
- authClient,
280
- this.browserStorage,
281
- authCodeRequest,
275
+ const navigateUrl = await invokeAsync(
276
+ getAuthCodeRequestUrl,
277
+ PerformanceEvents.GetAuthCodeUrl,
278
+ this.logger,
279
+ this.performanceClient,
280
+ validRequest.correlationId
281
+ )(
282
+ this.config,
283
+ authClient.authority,
284
+ {
285
+ ...validRequest,
286
+ platformBroker: isPlatformBroker,
287
+ },
282
288
  this.logger,
283
289
  this.performanceClient
284
290
  );
@@ -316,7 +322,7 @@ export class PopupClient extends StandardInteractionClient {
316
322
  ThrottlingUtils.removeThrottle(
317
323
  this.browserStorage,
318
324
  this.config.auth.clientId,
319
- authCodeRequest
325
+ validRequest
320
326
  );
321
327
 
322
328
  if (serverParams.accountId) {
@@ -361,6 +367,19 @@ export class PopupClient extends StandardInteractionClient {
361
367
  });
362
368
  }
363
369
 
370
+ const authCodeRequest: CommonAuthorizationCodeRequest = {
371
+ ...validRequest,
372
+ code: serverParams.code || "",
373
+ codeVerifier: pkce.verifier,
374
+ };
375
+ // Create popup interaction handler.
376
+ const interactionHandler = new InteractionHandler(
377
+ authClient,
378
+ this.browserStorage,
379
+ authCodeRequest,
380
+ this.logger,
381
+ this.performanceClient
382
+ );
364
383
  // Handle response from hash string.
365
384
  const result = await interactionHandler.handleCodeResponse(
366
385
  serverParams,
@@ -11,7 +11,7 @@ import {
11
11
  ServerTelemetryManager,
12
12
  Constants,
13
13
  ProtocolUtils,
14
- ServerAuthorizationCodeResponse,
14
+ AuthorizeResponse,
15
15
  ThrottlingUtils,
16
16
  ICrypto,
17
17
  Logger,
@@ -48,6 +48,8 @@ import { INavigationClient } from "../navigation/INavigationClient.js";
48
48
  import { EventError } from "../event/EventMessage.js";
49
49
  import { AuthenticationResult } from "../response/AuthenticationResult.js";
50
50
  import * as ResponseHandler from "../response/ResponseHandler.js";
51
+ import { getAuthCodeRequestUrl } from "../protocol/Authorize.js";
52
+ import { generatePkceCodes } from "../crypto/PkceGenerator.js";
51
53
 
52
54
  function getNavigationType(): NavigationTimingType | undefined {
53
55
  if (
@@ -107,6 +109,15 @@ export class RedirectClient extends StandardInteractionClient {
107
109
  this.correlationId
108
110
  )(request, InteractionType.Redirect);
109
111
 
112
+ const pkceCodes = await invokeAsync(
113
+ generatePkceCodes,
114
+ PerformanceEvents.GeneratePkceCodes,
115
+ this.logger,
116
+ this.performanceClient,
117
+ this.correlationId
118
+ )(this.performanceClient, this.logger, this.correlationId);
119
+ validRequest.codeChallenge = pkceCodes.challenge;
120
+
110
121
  this.browserStorage.updateCacheEntries(
111
122
  validRequest.state,
112
123
  validRequest.nonce,
@@ -133,16 +144,6 @@ export class RedirectClient extends StandardInteractionClient {
133
144
  };
134
145
 
135
146
  try {
136
- // Create auth code request and generate PKCE params
137
- const authCodeRequest: CommonAuthorizationCodeRequest =
138
- await invokeAsync(
139
- this.initializeAuthorizationCodeRequest.bind(this),
140
- PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
141
- this.logger,
142
- this.performanceClient,
143
- this.correlationId
144
- )(validRequest);
145
-
146
147
  // Initialize the client
147
148
  const authClient: AuthorizationCodeClient = await invokeAsync(
148
149
  this.createAuthCodeClient.bind(this),
@@ -158,6 +159,11 @@ export class RedirectClient extends StandardInteractionClient {
158
159
  account: validRequest.account,
159
160
  });
160
161
 
162
+ const authCodeRequest: CommonAuthorizationCodeRequest = {
163
+ ...validRequest,
164
+ code: "", // Will get filled in after the redirect
165
+ codeVerifier: pkceCodes.verifier,
166
+ };
161
167
  // Create redirect interaction handler.
162
168
  const interactionHandler = new RedirectHandler(
163
169
  authClient,
@@ -168,15 +174,28 @@ export class RedirectClient extends StandardInteractionClient {
168
174
  );
169
175
 
170
176
  // Create acquire token url.
171
- const navigateUrl = await authClient.getAuthCodeUrl({
172
- ...validRequest,
173
- platformBroker: NativeMessageHandler.isPlatformBrokerAvailable(
174
- this.config,
175
- this.logger,
176
- this.nativeMessageHandler,
177
- request.authenticationScheme
178
- ),
179
- });
177
+ const navigateUrl = await invokeAsync(
178
+ getAuthCodeRequestUrl,
179
+ PerformanceEvents.GetAuthCodeUrl,
180
+ this.logger,
181
+ this.performanceClient,
182
+ validRequest.correlationId
183
+ )(
184
+ this.config,
185
+ authClient.authority,
186
+ {
187
+ ...validRequest,
188
+ platformBroker:
189
+ NativeMessageHandler.isPlatformBrokerAvailable(
190
+ this.config,
191
+ this.logger,
192
+ this.nativeMessageHandler,
193
+ request.authenticationScheme
194
+ ),
195
+ },
196
+ this.logger,
197
+ this.performanceClient
198
+ );
180
199
 
181
200
  const redirectStartPage = this.getRedirectStartPage(
182
201
  request.redirectStartPage
@@ -373,7 +392,7 @@ export class RedirectClient extends StandardInteractionClient {
373
392
  */
374
393
  protected getRedirectResponse(
375
394
  userProvidedResponse: string
376
- ): [ServerAuthorizationCodeResponse | null, string] {
395
+ ): [AuthorizeResponse | null, string] {
377
396
  this.logger.verbose("getRedirectResponseHash called");
378
397
  // Get current location hash from window or cache.
379
398
  let responseString = userProvidedResponse;
@@ -439,7 +458,7 @@ export class RedirectClient extends StandardInteractionClient {
439
458
  * @param state
440
459
  */
441
460
  protected async handleResponse(
442
- serverParams: ServerAuthorizationCodeResponse,
461
+ serverParams: AuthorizeResponse,
443
462
  serverTelemetryManager: ServerTelemetryManager
444
463
  ): Promise<AuthenticationResult> {
445
464
  const state = serverParams.state;
@@ -42,6 +42,8 @@ import { AuthenticationResult } from "../response/AuthenticationResult.js";
42
42
  import { InteractionHandler } from "../interaction_handler/InteractionHandler.js";
43
43
  import * as BrowserUtils from "../utils/BrowserUtils.js";
44
44
  import * as ResponseHandler from "../response/ResponseHandler.js";
45
+ import { getAuthCodeRequestUrl } from "../protocol/Authorize.js";
46
+ import { generatePkceCodes } from "../crypto/PkceGenerator.js";
45
47
 
46
48
  export class SilentIframeClient extends StandardInteractionClient {
47
49
  protected apiId: ApiId;
@@ -212,49 +214,47 @@ export class SilentIframeClient extends StandardInteractionClient {
212
214
  */
213
215
  protected async silentTokenHelper(
214
216
  authClient: AuthorizationCodeClient,
215
- silentRequest: AuthorizationUrlRequest
217
+ request: AuthorizationUrlRequest
216
218
  ): Promise<AuthenticationResult> {
217
- const correlationId = silentRequest.correlationId;
219
+ const correlationId = request.correlationId;
218
220
  this.performanceClient.addQueueMeasurement(
219
221
  PerformanceEvents.SilentIframeClientTokenHelper,
220
222
  correlationId
221
223
  );
222
-
223
- // Create auth code request and generate PKCE params
224
- const authCodeRequest: CommonAuthorizationCodeRequest =
225
- await invokeAsync(
226
- this.initializeAuthorizationCodeRequest.bind(this),
227
- PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
228
- this.logger,
229
- this.performanceClient,
230
- correlationId
231
- )(silentRequest);
232
-
224
+ const pkceCodes = await invokeAsync(
225
+ generatePkceCodes,
226
+ PerformanceEvents.GeneratePkceCodes,
227
+ this.logger,
228
+ this.performanceClient,
229
+ this.correlationId
230
+ )(this.performanceClient, this.logger, this.correlationId);
231
+ const silentRequest = {
232
+ ...request,
233
+ codeChallenge: pkceCodes.challenge,
234
+ };
233
235
  // Create authorize request url
234
236
  const navigateUrl = await invokeAsync(
235
- authClient.getAuthCodeUrl.bind(authClient),
237
+ getAuthCodeRequestUrl,
236
238
  PerformanceEvents.GetAuthCodeUrl,
237
239
  this.logger,
238
240
  this.performanceClient,
239
241
  correlationId
240
- )({
241
- ...silentRequest,
242
- platformBroker: NativeMessageHandler.isPlatformBrokerAvailable(
243
- this.config,
244
- this.logger,
245
- this.nativeMessageHandler,
246
- silentRequest.authenticationScheme
247
- ),
248
- });
249
-
250
- // Create silent handler
251
- const interactionHandler = new InteractionHandler(
252
- authClient,
253
- this.browserStorage,
254
- authCodeRequest,
242
+ )(
243
+ this.config,
244
+ authClient.authority,
245
+ {
246
+ ...silentRequest,
247
+ platformBroker: NativeMessageHandler.isPlatformBrokerAvailable(
248
+ this.config,
249
+ this.logger,
250
+ this.nativeMessageHandler,
251
+ silentRequest.authenticationScheme
252
+ ),
253
+ },
255
254
  this.logger,
256
255
  this.performanceClient
257
256
  );
257
+
258
258
  // Get the frame handle for the silent request
259
259
  const msalFrame = await invokeAsync(
260
260
  initiateAuthRequest,
@@ -335,6 +335,19 @@ export class SilentIframeClient extends StandardInteractionClient {
335
335
  prompt: silentRequest.prompt || PromptValue.NONE,
336
336
  });
337
337
  }
338
+ const authCodeRequest: CommonAuthorizationCodeRequest = {
339
+ ...silentRequest,
340
+ code: serverParams.code || "",
341
+ codeVerifier: pkceCodes.verifier,
342
+ };
343
+ // Create silent handler
344
+ const interactionHandler = new InteractionHandler(
345
+ authClient,
346
+ this.browserStorage,
347
+ authCodeRequest,
348
+ this.logger,
349
+ this.performanceClient
350
+ );
338
351
 
339
352
  // Handle response from hash string
340
353
  return invokeAsync(
@@ -5,7 +5,6 @@
5
5
 
6
6
  import {
7
7
  ServerTelemetryManager,
8
- CommonAuthorizationCodeRequest,
9
8
  Constants,
10
9
  AuthorizationCodeClient,
11
10
  ClientConfiguration,
@@ -20,7 +19,6 @@ import {
20
19
  invokeAsync,
21
20
  BaseAuthRequest,
22
21
  StringDict,
23
- PkceCodes,
24
22
  } from "@azure/msal-common/browser";
25
23
  import { BaseInteractionClient } from "./BaseInteractionClient.js";
26
24
  import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest.js";
@@ -35,7 +33,6 @@ import * as BrowserUtils from "../utils/BrowserUtils.js";
35
33
  import { RedirectRequest } from "../request/RedirectRequest.js";
36
34
  import { PopupRequest } from "../request/PopupRequest.js";
37
35
  import { SsoSilentRequest } from "../request/SsoSilentRequest.js";
38
- import { generatePkceCodes } from "../crypto/PkceGenerator.js";
39
36
  import { createNewGuid } from "../crypto/BrowserCrypto.js";
40
37
  import { initializeBaseRequest } from "../request/RequestHelpers.js";
41
38
 
@@ -43,43 +40,6 @@ import { initializeBaseRequest } from "../request/RequestHelpers.js";
43
40
  * Defines the class structure and helper functions used by the "standard", non-brokered auth flows (popup, redirect, silent (RT), silent (iframe))
44
41
  */
45
42
  export abstract class StandardInteractionClient extends BaseInteractionClient {
46
- /**
47
- * Generates an auth code request tied to the url request.
48
- * @param request
49
- * @param pkceCodes
50
- */
51
- protected async initializeAuthorizationCodeRequest(
52
- request: AuthorizationUrlRequest,
53
- pkceCodes?: PkceCodes
54
- ): Promise<CommonAuthorizationCodeRequest> {
55
- this.performanceClient.addQueueMeasurement(
56
- PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
57
- this.correlationId
58
- );
59
-
60
- const generatedPkceParams: PkceCodes =
61
- pkceCodes ||
62
- (await invokeAsync(
63
- generatePkceCodes,
64
- PerformanceEvents.GeneratePkceCodes,
65
- this.logger,
66
- this.performanceClient,
67
- this.correlationId
68
- )(this.performanceClient, this.logger, this.correlationId));
69
-
70
- const authCodeRequest: CommonAuthorizationCodeRequest = {
71
- ...request,
72
- redirectUri: request.redirectUri,
73
- code: Constants.EMPTY_STRING,
74
- codeVerifier: generatedPkceParams.verifier,
75
- };
76
-
77
- request.codeChallenge = generatedPkceParams.challenge;
78
- request.codeChallengeMethod = Constants.S256_CODE_CHALLENGE_METHOD;
79
-
80
- return authCodeRequest;
81
- }
82
-
83
43
  /**
84
44
  * Initializer for the logout request.
85
45
  * @param logoutRequest
@@ -14,7 +14,8 @@ import {
14
14
  PerformanceEvents,
15
15
  invokeAsync,
16
16
  CcsCredentialType,
17
- ServerAuthorizationCodeResponse,
17
+ AuthorizeResponse,
18
+ AuthorizeProtocol,
18
19
  } from "@azure/msal-common/browser";
19
20
 
20
21
  import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
@@ -54,7 +55,7 @@ export class InteractionHandler {
54
55
  * @param locationHash
55
56
  */
56
57
  async handleCodeResponse(
57
- response: ServerAuthorizationCodeResponse,
58
+ response: AuthorizeResponse,
58
59
  request: AuthorizationUrlRequest
59
60
  ): Promise<AuthenticationResult> {
60
61
  this.performanceClient.addQueueMeasurement(
@@ -64,7 +65,7 @@ export class InteractionHandler {
64
65
 
65
66
  let authCodeResponse;
66
67
  try {
67
- authCodeResponse = this.authModule.handleFragmentResponse(
68
+ authCodeResponse = AuthorizeProtocol.getAuthorizationCodePayload(
68
69
  response,
69
70
  request.state
70
71
  );