@azure/msal-browser 4.7.0 → 4.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (132) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeMessageHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  6. package/dist/cache/AccountManager.mjs +1 -1
  7. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  8. package/dist/cache/BrowserCacheManager.mjs +1 -1
  9. package/dist/cache/CacheHelpers.mjs +1 -1
  10. package/dist/cache/CookieStorage.mjs +1 -1
  11. package/dist/cache/DatabaseStorage.mjs +1 -1
  12. package/dist/cache/LocalStorage.mjs +1 -1
  13. package/dist/cache/MemoryStorage.mjs +1 -1
  14. package/dist/cache/SessionStorage.mjs +1 -1
  15. package/dist/cache/TokenCache.mjs +1 -1
  16. package/dist/config/Configuration.mjs +1 -1
  17. package/dist/controllers/ControllerFactory.mjs +1 -1
  18. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  19. package/dist/controllers/StandardController.mjs +1 -1
  20. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  21. package/dist/crypto/BrowserCrypto.mjs +1 -1
  22. package/dist/crypto/CryptoOps.mjs +1 -1
  23. package/dist/crypto/PkceGenerator.mjs +1 -1
  24. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  25. package/dist/encode/Base64Decode.mjs +1 -1
  26. package/dist/encode/Base64Encode.mjs +1 -1
  27. package/dist/error/BrowserAuthError.mjs +1 -1
  28. package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
  29. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  30. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  31. package/dist/error/NativeAuthError.mjs +1 -1
  32. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  33. package/dist/error/NestedAppAuthError.mjs +1 -1
  34. package/dist/event/EventHandler.mjs +1 -1
  35. package/dist/event/EventMessage.mjs +1 -1
  36. package/dist/event/EventType.mjs +1 -1
  37. package/dist/index.mjs +1 -1
  38. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  39. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  40. package/dist/interaction_client/NativeInteractionClient.d.ts.map +1 -1
  41. package/dist/interaction_client/NativeInteractionClient.mjs +9 -2
  42. package/dist/interaction_client/NativeInteractionClient.mjs.map +1 -1
  43. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  44. package/dist/interaction_client/PopupClient.mjs +16 -8
  45. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  46. package/dist/interaction_client/RedirectClient.d.ts +3 -3
  47. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  48. package/dist/interaction_client/RedirectClient.mjs +12 -5
  49. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  50. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  51. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  52. package/dist/interaction_client/SilentIframeClient.d.ts +1 -1
  53. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  54. package/dist/interaction_client/SilentIframeClient.mjs +19 -9
  55. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  56. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  57. package/dist/interaction_client/StandardInteractionClient.d.ts +1 -7
  58. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  59. package/dist/interaction_client/StandardInteractionClient.mjs +2 -22
  60. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  61. package/dist/interaction_handler/InteractionHandler.d.ts +2 -2
  62. package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
  63. package/dist/interaction_handler/InteractionHandler.mjs +3 -3
  64. package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
  65. package/dist/interaction_handler/RedirectHandler.d.ts +2 -2
  66. package/dist/interaction_handler/RedirectHandler.d.ts.map +1 -1
  67. package/dist/interaction_handler/RedirectHandler.mjs +3 -3
  68. package/dist/interaction_handler/RedirectHandler.mjs.map +1 -1
  69. package/dist/interaction_handler/SilentHandler.mjs +1 -1
  70. package/dist/naa/BridgeError.mjs +1 -1
  71. package/dist/naa/BridgeProxy.mjs +1 -1
  72. package/dist/naa/BridgeStatusCode.mjs +1 -1
  73. package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  74. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -3
  75. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  76. package/dist/navigation/NavigationClient.mjs +1 -1
  77. package/dist/network/FetchClient.mjs +1 -1
  78. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  79. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  80. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  81. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  82. package/dist/packageMetadata.d.ts +1 -1
  83. package/dist/packageMetadata.mjs +2 -2
  84. package/dist/protocol/Authorize.d.ts +13 -0
  85. package/dist/protocol/Authorize.d.ts.map +1 -0
  86. package/dist/protocol/Authorize.mjs +74 -0
  87. package/dist/protocol/Authorize.mjs.map +1 -0
  88. package/dist/request/RequestHelpers.mjs +1 -1
  89. package/dist/response/ResponseHandler.d.ts +3 -3
  90. package/dist/response/ResponseHandler.d.ts.map +1 -1
  91. package/dist/response/ResponseHandler.mjs +1 -1
  92. package/dist/response/ResponseHandler.mjs.map +1 -1
  93. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  94. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  95. package/dist/utils/BrowserConstants.mjs +1 -1
  96. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  97. package/dist/utils/BrowserUtils.mjs +1 -1
  98. package/lib/msal-browser.cjs +949 -973
  99. package/lib/msal-browser.cjs.map +1 -1
  100. package/lib/msal-browser.js +949 -973
  101. package/lib/msal-browser.js.map +1 -1
  102. package/lib/msal-browser.min.js +67 -66
  103. package/lib/types/interaction_client/NativeInteractionClient.d.ts.map +1 -1
  104. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  105. package/lib/types/interaction_client/RedirectClient.d.ts +3 -3
  106. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  107. package/lib/types/interaction_client/SilentIframeClient.d.ts +1 -1
  108. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  109. package/lib/types/interaction_client/StandardInteractionClient.d.ts +1 -7
  110. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  111. package/lib/types/interaction_handler/InteractionHandler.d.ts +2 -2
  112. package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  113. package/lib/types/interaction_handler/RedirectHandler.d.ts +2 -2
  114. package/lib/types/interaction_handler/RedirectHandler.d.ts.map +1 -1
  115. package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  116. package/lib/types/packageMetadata.d.ts +1 -1
  117. package/lib/types/protocol/Authorize.d.ts +13 -0
  118. package/lib/types/protocol/Authorize.d.ts.map +1 -0
  119. package/lib/types/response/ResponseHandler.d.ts +3 -3
  120. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  121. package/package.json +2 -2
  122. package/src/interaction_client/NativeInteractionClient.ts +11 -0
  123. package/src/interaction_client/PopupClient.ts +40 -21
  124. package/src/interaction_client/RedirectClient.ts +41 -22
  125. package/src/interaction_client/SilentIframeClient.ts +42 -29
  126. package/src/interaction_client/StandardInteractionClient.ts +0 -40
  127. package/src/interaction_handler/InteractionHandler.ts +4 -3
  128. package/src/interaction_handler/RedirectHandler.ts +4 -3
  129. package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -2
  130. package/src/packageMetadata.ts +1 -1
  131. package/src/protocol/Authorize.ts +136 -0
  132. package/src/response/ResponseHandler.ts +3 -3
@@ -5,7 +5,6 @@
5
5
 
6
6
  import {
7
7
  ServerTelemetryManager,
8
- CommonAuthorizationCodeRequest,
9
8
  Constants,
10
9
  AuthorizationCodeClient,
11
10
  ClientConfiguration,
@@ -20,7 +19,6 @@ import {
20
19
  invokeAsync,
21
20
  BaseAuthRequest,
22
21
  StringDict,
23
- PkceCodes,
24
22
  } from "@azure/msal-common/browser";
25
23
  import { BaseInteractionClient } from "./BaseInteractionClient.js";
26
24
  import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest.js";
@@ -35,7 +33,6 @@ import * as BrowserUtils from "../utils/BrowserUtils.js";
35
33
  import { RedirectRequest } from "../request/RedirectRequest.js";
36
34
  import { PopupRequest } from "../request/PopupRequest.js";
37
35
  import { SsoSilentRequest } from "../request/SsoSilentRequest.js";
38
- import { generatePkceCodes } from "../crypto/PkceGenerator.js";
39
36
  import { createNewGuid } from "../crypto/BrowserCrypto.js";
40
37
  import { initializeBaseRequest } from "../request/RequestHelpers.js";
41
38
 
@@ -43,43 +40,6 @@ import { initializeBaseRequest } from "../request/RequestHelpers.js";
43
40
  * Defines the class structure and helper functions used by the "standard", non-brokered auth flows (popup, redirect, silent (RT), silent (iframe))
44
41
  */
45
42
  export abstract class StandardInteractionClient extends BaseInteractionClient {
46
- /**
47
- * Generates an auth code request tied to the url request.
48
- * @param request
49
- * @param pkceCodes
50
- */
51
- protected async initializeAuthorizationCodeRequest(
52
- request: AuthorizationUrlRequest,
53
- pkceCodes?: PkceCodes
54
- ): Promise<CommonAuthorizationCodeRequest> {
55
- this.performanceClient.addQueueMeasurement(
56
- PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
57
- this.correlationId
58
- );
59
-
60
- const generatedPkceParams: PkceCodes =
61
- pkceCodes ||
62
- (await invokeAsync(
63
- generatePkceCodes,
64
- PerformanceEvents.GeneratePkceCodes,
65
- this.logger,
66
- this.performanceClient,
67
- this.correlationId
68
- )(this.performanceClient, this.logger, this.correlationId));
69
-
70
- const authCodeRequest: CommonAuthorizationCodeRequest = {
71
- ...request,
72
- redirectUri: request.redirectUri,
73
- code: Constants.EMPTY_STRING,
74
- codeVerifier: generatedPkceParams.verifier,
75
- };
76
-
77
- request.codeChallenge = generatedPkceParams.challenge;
78
- request.codeChallengeMethod = Constants.S256_CODE_CHALLENGE_METHOD;
79
-
80
- return authCodeRequest;
81
- }
82
-
83
43
  /**
84
44
  * Initializer for the logout request.
85
45
  * @param logoutRequest
@@ -14,7 +14,8 @@ import {
14
14
  PerformanceEvents,
15
15
  invokeAsync,
16
16
  CcsCredentialType,
17
- ServerAuthorizationCodeResponse,
17
+ AuthorizeResponse,
18
+ AuthorizeProtocol,
18
19
  } from "@azure/msal-common/browser";
19
20
 
20
21
  import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
@@ -54,7 +55,7 @@ export class InteractionHandler {
54
55
  * @param locationHash
55
56
  */
56
57
  async handleCodeResponse(
57
- response: ServerAuthorizationCodeResponse,
58
+ response: AuthorizeResponse,
58
59
  request: AuthorizationUrlRequest
59
60
  ): Promise<AuthenticationResult> {
60
61
  this.performanceClient.addQueueMeasurement(
@@ -64,7 +65,7 @@ export class InteractionHandler {
64
65
 
65
66
  let authCodeResponse;
66
67
  try {
67
- authCodeResponse = this.authModule.handleFragmentResponse(
68
+ authCodeResponse = AuthorizeProtocol.getAuthorizationCodePayload(
68
69
  response,
69
70
  request.state
70
71
  );
@@ -14,7 +14,8 @@ import {
14
14
  CcsCredential,
15
15
  invokeAsync,
16
16
  PerformanceEvents,
17
- ServerAuthorizationCodeResponse,
17
+ AuthorizeResponse,
18
+ AuthorizeProtocol,
18
19
  } from "@azure/msal-common/browser";
19
20
  import {
20
21
  createBrowserAuthError,
@@ -143,7 +144,7 @@ export class RedirectHandler {
143
144
  * @param hash
144
145
  */
145
146
  async handleCodeResponse(
146
- response: ServerAuthorizationCodeResponse,
147
+ response: AuthorizeResponse,
147
148
  state: string
148
149
  ): Promise<AuthenticationResult> {
149
150
  this.logger.verbose("RedirectHandler.handleCodeResponse called");
@@ -163,7 +164,7 @@ export class RedirectHandler {
163
164
 
164
165
  let authCodeResponse;
165
166
  try {
166
- authCodeResponse = this.authModule.handleFragmentResponse(
167
+ authCodeResponse = AuthorizeProtocol.getAuthorizationCodePayload(
167
168
  response,
168
169
  requestState
169
170
  );
@@ -75,8 +75,7 @@ export class NestedAppAuthAdapter {
75
75
 
76
76
  const correlationId =
77
77
  request.correlationId || this.crypto.createNewGuid();
78
- const requestBuilder = new RequestParameterBuilder(correlationId);
79
- const claims = requestBuilder.addClientCapabilitiesToClaims(
78
+ const claims = RequestParameterBuilder.addClientCapabilitiesToClaims(
80
79
  request.claims,
81
80
  this.clientCapabilities
82
81
  );
@@ -1,3 +1,3 @@
1
1
  /* eslint-disable header/header */
2
2
  export const name = "@azure/msal-browser";
3
- export const version = "4.7.0";
3
+ export const version = "4.8.0";
@@ -0,0 +1,136 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ import {
7
+ AuthenticationScheme,
8
+ Authority,
9
+ AuthorizeProtocol,
10
+ ClientConfigurationErrorCodes,
11
+ CommonAuthorizationUrlRequest,
12
+ createClientConfigurationError,
13
+ invokeAsync,
14
+ IPerformanceClient,
15
+ Logger,
16
+ PerformanceEvents,
17
+ PopTokenGenerator,
18
+ ProtocolMode,
19
+ RequestParameterBuilder,
20
+ Constants,
21
+ } from "@azure/msal-common/browser";
22
+ import { BrowserConfiguration } from "../config/Configuration.js";
23
+ import { BrowserConstants } from "../utils/BrowserConstants.js";
24
+ import { version } from "../packageMetadata.js";
25
+ import { CryptoOps } from "../crypto/CryptoOps.js";
26
+
27
+ /**
28
+ * Returns map of parameters that are applicable to all calls to /authorize whether using PKCE or EAR
29
+ * @param config
30
+ * @param authority
31
+ * @param request
32
+ * @param logger
33
+ * @param performanceClient
34
+ * @returns
35
+ */
36
+ async function getStandardParameters(
37
+ config: BrowserConfiguration,
38
+ authority: Authority,
39
+ request: CommonAuthorizationUrlRequest,
40
+ logger: Logger,
41
+ performanceClient: IPerformanceClient
42
+ ): Promise<Map<string, string>> {
43
+ const parameters = AuthorizeProtocol.getStandardAuthorizeRequestParameters(
44
+ { ...config.auth, authority: authority },
45
+ request,
46
+ logger,
47
+ performanceClient
48
+ );
49
+ RequestParameterBuilder.addLibraryInfo(parameters, {
50
+ sku: BrowserConstants.MSAL_SKU,
51
+ version: version,
52
+ os: "",
53
+ cpu: "",
54
+ });
55
+ if (config.auth.protocolMode !== ProtocolMode.OIDC) {
56
+ RequestParameterBuilder.addApplicationTelemetry(
57
+ parameters,
58
+ config.telemetry.application
59
+ );
60
+ }
61
+
62
+ if (request.platformBroker) {
63
+ // signal ests that this is a WAM call
64
+ RequestParameterBuilder.addNativeBroker(parameters);
65
+
66
+ // pass the req_cnf for POP
67
+ if (request.authenticationScheme === AuthenticationScheme.POP) {
68
+ const cryptoOps = new CryptoOps(logger, performanceClient);
69
+ const popTokenGenerator = new PopTokenGenerator(cryptoOps);
70
+
71
+ // req_cnf is always sent as a string for SPAs
72
+ let reqCnfData;
73
+ if (!request.popKid) {
74
+ const generatedReqCnfData = await invokeAsync(
75
+ popTokenGenerator.generateCnf.bind(popTokenGenerator),
76
+ PerformanceEvents.PopTokenGenerateCnf,
77
+ logger,
78
+ performanceClient,
79
+ request.correlationId
80
+ )(request, logger);
81
+ reqCnfData = generatedReqCnfData.reqCnfString;
82
+ } else {
83
+ reqCnfData = cryptoOps.encodeKid(request.popKid);
84
+ }
85
+ RequestParameterBuilder.addPopToken(parameters, reqCnfData);
86
+ }
87
+ }
88
+
89
+ RequestParameterBuilder.instrumentBrokerParams(
90
+ parameters,
91
+ request.correlationId,
92
+ performanceClient
93
+ );
94
+
95
+ return parameters;
96
+ }
97
+
98
+ /**
99
+ * Gets the full /authorize URL with request parameters when using Auth Code + PKCE
100
+ * @param config
101
+ * @param authority
102
+ * @param request
103
+ * @param logger
104
+ * @param performanceClient
105
+ * @returns
106
+ */
107
+ export async function getAuthCodeRequestUrl(
108
+ config: BrowserConfiguration,
109
+ authority: Authority,
110
+ request: CommonAuthorizationUrlRequest,
111
+ logger: Logger,
112
+ performanceClient: IPerformanceClient
113
+ ): Promise<string> {
114
+ if (!request.codeChallenge) {
115
+ throw createClientConfigurationError(
116
+ ClientConfigurationErrorCodes.pkceParamsMissing
117
+ );
118
+ }
119
+
120
+ const parameters = await invokeAsync(
121
+ getStandardParameters,
122
+ PerformanceEvents.GetStandardParams,
123
+ logger,
124
+ performanceClient,
125
+ request.correlationId
126
+ )(config, authority, request, logger, performanceClient);
127
+ RequestParameterBuilder.addResponseTypeCode(parameters);
128
+
129
+ RequestParameterBuilder.addCodeChallengeParams(
130
+ parameters,
131
+ request.codeChallenge,
132
+ Constants.S256_CODE_CHALLENGE_METHOD
133
+ );
134
+
135
+ return AuthorizeProtocol.getAuthorizeUrl(authority, parameters);
136
+ }
@@ -6,7 +6,7 @@
6
6
  import {
7
7
  ICrypto,
8
8
  Logger,
9
- ServerAuthorizationCodeResponse,
9
+ AuthorizeResponse,
10
10
  UrlUtils,
11
11
  } from "@azure/msal-common/browser";
12
12
  import {
@@ -20,7 +20,7 @@ export function deserializeResponse(
20
20
  responseString: string,
21
21
  responseLocation: string,
22
22
  logger: Logger
23
- ): ServerAuthorizationCodeResponse {
23
+ ): AuthorizeResponse {
24
24
  // Deserialize hash fragment response parameters.
25
25
  const serverParams = UrlUtils.getDeserializedResponse(responseString);
26
26
  if (!serverParams) {
@@ -49,7 +49,7 @@ export function deserializeResponse(
49
49
  * Returns the interaction type that the response object belongs to
50
50
  */
51
51
  export function validateInteractionType(
52
- response: ServerAuthorizationCodeResponse,
52
+ response: AuthorizeResponse,
53
53
  browserCrypto: ICrypto,
54
54
  interactionType: InteractionType
55
55
  ): void {