@azure/msal-browser 4.7.0 → 4.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientNext.mjs +1 -1
- package/dist/broker/nativeBroker/NativeMessageHandler.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +1 -1
- package/dist/controllers/ControllerFactory.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/NativeInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/NativeInteractionClient.mjs +9 -2
- package/dist/interaction_client/NativeInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +16 -8
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts +3 -3
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +12 -5
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +19 -9
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.d.ts +1 -7
- package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +2 -22
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.d.ts +2 -2
- package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +3 -3
- package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
- package/dist/interaction_handler/RedirectHandler.d.ts +2 -2
- package/dist/interaction_handler/RedirectHandler.d.ts.map +1 -1
- package/dist/interaction_handler/RedirectHandler.mjs +3 -3
- package/dist/interaction_handler/RedirectHandler.mjs.map +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -3
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +13 -0
- package/dist/protocol/Authorize.d.ts.map +1 -0
- package/dist/protocol/Authorize.mjs +74 -0
- package/dist/protocol/Authorize.mjs.map +1 -0
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.d.ts +3 -3
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/lib/msal-browser.cjs +949 -973
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +949 -973
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +67 -66
- package/lib/types/interaction_client/NativeInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts +3 -3
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/interaction_client/StandardInteractionClient.d.ts +1 -7
- package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_handler/InteractionHandler.d.ts +2 -2
- package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
- package/lib/types/interaction_handler/RedirectHandler.d.ts +2 -2
- package/lib/types/interaction_handler/RedirectHandler.d.ts.map +1 -1
- package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts +13 -0
- package/lib/types/protocol/Authorize.d.ts.map +1 -0
- package/lib/types/response/ResponseHandler.d.ts +3 -3
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/interaction_client/NativeInteractionClient.ts +11 -0
- package/src/interaction_client/PopupClient.ts +40 -21
- package/src/interaction_client/RedirectClient.ts +41 -22
- package/src/interaction_client/SilentIframeClient.ts +42 -29
- package/src/interaction_client/StandardInteractionClient.ts +0 -40
- package/src/interaction_handler/InteractionHandler.ts +4 -3
- package/src/interaction_handler/RedirectHandler.ts +4 -3
- package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -2
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +136 -0
- package/src/response/ResponseHandler.ts +3 -3
package/lib/msal-browser.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-browser v4.
|
|
1
|
+
/*! @azure/msal-browser v4.8.0 2025-03-20 */
|
|
2
2
|
'use strict';
|
|
3
3
|
(function (global, factory) {
|
|
4
4
|
typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports) :
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
(global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.msal = {}));
|
|
7
7
|
})(this, (function (exports) { 'use strict';
|
|
8
8
|
|
|
9
|
-
/*! @azure/msal-common v15.
|
|
9
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
10
10
|
/*
|
|
11
11
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
12
|
* Licensed under the MIT License.
|
|
@@ -254,13 +254,6 @@
|
|
|
254
254
|
INVALID_GRANT_ERROR: "invalid_grant",
|
|
255
255
|
CLIENT_MISMATCH_ERROR: "client_mismatch",
|
|
256
256
|
};
|
|
257
|
-
/**
|
|
258
|
-
* Password grant parameters
|
|
259
|
-
*/
|
|
260
|
-
const PasswordGrantConstants = {
|
|
261
|
-
username: "username",
|
|
262
|
-
password: "password",
|
|
263
|
-
};
|
|
264
257
|
/**
|
|
265
258
|
* Response codes
|
|
266
259
|
*/
|
|
@@ -310,7 +303,7 @@
|
|
|
310
303
|
// Token renewal offset default in seconds
|
|
311
304
|
const DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;
|
|
312
305
|
|
|
313
|
-
/*! @azure/msal-common v15.
|
|
306
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
314
307
|
/*
|
|
315
308
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
316
309
|
* Licensed under the MIT License.
|
|
@@ -327,7 +320,7 @@
|
|
|
327
320
|
unexpectedError: unexpectedError
|
|
328
321
|
});
|
|
329
322
|
|
|
330
|
-
/*! @azure/msal-common v15.
|
|
323
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
331
324
|
|
|
332
325
|
/*
|
|
333
326
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -376,7 +369,7 @@
|
|
|
376
369
|
: AuthErrorMessages[code]);
|
|
377
370
|
}
|
|
378
371
|
|
|
379
|
-
/*! @azure/msal-common v15.
|
|
372
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
380
373
|
/*
|
|
381
374
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
382
375
|
* Licensed under the MIT License.
|
|
@@ -474,7 +467,7 @@
|
|
|
474
467
|
userTimeoutReached: userTimeoutReached
|
|
475
468
|
});
|
|
476
469
|
|
|
477
|
-
/*! @azure/msal-common v15.
|
|
470
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
478
471
|
|
|
479
472
|
/*
|
|
480
473
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -726,7 +719,7 @@
|
|
|
726
719
|
return new ClientAuthError(errorCode, additionalMessage);
|
|
727
720
|
}
|
|
728
721
|
|
|
729
|
-
/*! @azure/msal-common v15.
|
|
722
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
730
723
|
|
|
731
724
|
/*
|
|
732
725
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -765,7 +758,7 @@
|
|
|
765
758
|
},
|
|
766
759
|
};
|
|
767
760
|
|
|
768
|
-
/*! @azure/msal-common v15.
|
|
761
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
769
762
|
|
|
770
763
|
/*
|
|
771
764
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -956,12 +949,12 @@
|
|
|
956
949
|
}
|
|
957
950
|
}
|
|
958
951
|
|
|
959
|
-
/*! @azure/msal-common v15.
|
|
952
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
960
953
|
/* eslint-disable header/header */
|
|
961
954
|
const name$1 = "@azure/msal-common";
|
|
962
|
-
const version$1 = "15.
|
|
955
|
+
const version$1 = "15.3.0";
|
|
963
956
|
|
|
964
|
-
/*! @azure/msal-common v15.
|
|
957
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
965
958
|
/*
|
|
966
959
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
967
960
|
* Licensed under the MIT License.
|
|
@@ -981,7 +974,7 @@
|
|
|
981
974
|
AzureUsGovernment: "https://login.microsoftonline.us",
|
|
982
975
|
};
|
|
983
976
|
|
|
984
|
-
/*! @azure/msal-common v15.
|
|
977
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
985
978
|
|
|
986
979
|
/*
|
|
987
980
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1042,7 +1035,7 @@
|
|
|
1042
1035
|
}
|
|
1043
1036
|
}
|
|
1044
1037
|
|
|
1045
|
-
/*! @azure/msal-common v15.
|
|
1038
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
1046
1039
|
/*
|
|
1047
1040
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1048
1041
|
* Licensed under the MIT License.
|
|
@@ -1097,7 +1090,7 @@
|
|
|
1097
1090
|
return cachedAtSec > nowSeconds();
|
|
1098
1091
|
}
|
|
1099
1092
|
|
|
1100
|
-
/*! @azure/msal-common v15.
|
|
1093
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
1101
1094
|
|
|
1102
1095
|
/*
|
|
1103
1096
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1424,7 +1417,7 @@
|
|
|
1424
1417
|
return metadata.expiresAt <= nowSeconds();
|
|
1425
1418
|
}
|
|
1426
1419
|
|
|
1427
|
-
/*! @azure/msal-common v15.
|
|
1420
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
1428
1421
|
/*
|
|
1429
1422
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1430
1423
|
* Licensed under the MIT License.
|
|
@@ -1478,7 +1471,7 @@
|
|
|
1478
1471
|
urlParseError: urlParseError
|
|
1479
1472
|
});
|
|
1480
1473
|
|
|
1481
|
-
/*! @azure/msal-common v15.
|
|
1474
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
1482
1475
|
|
|
1483
1476
|
/*
|
|
1484
1477
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1616,7 +1609,7 @@
|
|
|
1616
1609
|
return new ClientConfigurationError(errorCode);
|
|
1617
1610
|
}
|
|
1618
1611
|
|
|
1619
|
-
/*! @azure/msal-common v15.
|
|
1612
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
1620
1613
|
/*
|
|
1621
1614
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1622
1615
|
* Licensed under the MIT License.
|
|
@@ -1713,7 +1706,7 @@
|
|
|
1713
1706
|
}
|
|
1714
1707
|
}
|
|
1715
1708
|
|
|
1716
|
-
/*! @azure/msal-common v15.
|
|
1709
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
1717
1710
|
|
|
1718
1711
|
/*
|
|
1719
1712
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1904,7 +1897,7 @@
|
|
|
1904
1897
|
}
|
|
1905
1898
|
}
|
|
1906
1899
|
|
|
1907
|
-
/*! @azure/msal-common v15.
|
|
1900
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
1908
1901
|
|
|
1909
1902
|
/*
|
|
1910
1903
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -1944,7 +1937,7 @@
|
|
|
1944
1937
|
};
|
|
1945
1938
|
}
|
|
1946
1939
|
|
|
1947
|
-
/*! @azure/msal-common v15.
|
|
1940
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
1948
1941
|
/*
|
|
1949
1942
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
1950
1943
|
* Licensed under the MIT License.
|
|
@@ -2023,7 +2016,7 @@
|
|
|
2023
2016
|
return updatedAccountInfo;
|
|
2024
2017
|
}
|
|
2025
2018
|
|
|
2026
|
-
/*! @azure/msal-common v15.
|
|
2019
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
2027
2020
|
/*
|
|
2028
2021
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2029
2022
|
* Licensed under the MIT License.
|
|
@@ -2038,7 +2031,7 @@
|
|
|
2038
2031
|
Ciam: 3,
|
|
2039
2032
|
};
|
|
2040
2033
|
|
|
2041
|
-
/*! @azure/msal-common v15.
|
|
2034
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
2042
2035
|
/*
|
|
2043
2036
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2044
2037
|
* Licensed under the MIT License.
|
|
@@ -2060,7 +2053,7 @@
|
|
|
2060
2053
|
return null;
|
|
2061
2054
|
}
|
|
2062
2055
|
|
|
2063
|
-
/*! @azure/msal-common v15.
|
|
2056
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
2064
2057
|
/*
|
|
2065
2058
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2066
2059
|
* Licensed under the MIT License.
|
|
@@ -2073,7 +2066,7 @@
|
|
|
2073
2066
|
OIDC: "OIDC",
|
|
2074
2067
|
};
|
|
2075
2068
|
|
|
2076
|
-
/*! @azure/msal-common v15.
|
|
2069
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
2077
2070
|
|
|
2078
2071
|
/*
|
|
2079
2072
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2316,7 +2309,7 @@
|
|
|
2316
2309
|
}
|
|
2317
2310
|
}
|
|
2318
2311
|
|
|
2319
|
-
/*! @azure/msal-common v15.
|
|
2312
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
2320
2313
|
|
|
2321
2314
|
/*
|
|
2322
2315
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2361,9 +2354,19 @@
|
|
|
2361
2354
|
throw createClientAuthError(hashNotDeserialized);
|
|
2362
2355
|
}
|
|
2363
2356
|
return null;
|
|
2357
|
+
}
|
|
2358
|
+
/**
|
|
2359
|
+
* Utility to create a URL from the params map
|
|
2360
|
+
*/
|
|
2361
|
+
function mapToQueryString(parameters) {
|
|
2362
|
+
const queryParameterArray = new Array();
|
|
2363
|
+
parameters.forEach((value, key) => {
|
|
2364
|
+
queryParameterArray.push(`${key}=${encodeURIComponent(value)}`);
|
|
2365
|
+
});
|
|
2366
|
+
return queryParameterArray.join("&");
|
|
2364
2367
|
}
|
|
2365
2368
|
|
|
2366
|
-
/*! @azure/msal-common v15.
|
|
2369
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
2367
2370
|
|
|
2368
2371
|
/*
|
|
2369
2372
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2527,7 +2530,7 @@
|
|
|
2527
2530
|
}
|
|
2528
2531
|
}
|
|
2529
2532
|
|
|
2530
|
-
/*! @azure/msal-common v15.
|
|
2533
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
2531
2534
|
|
|
2532
2535
|
/*
|
|
2533
2536
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2667,7 +2670,7 @@
|
|
|
2667
2670
|
return null;
|
|
2668
2671
|
}
|
|
2669
2672
|
|
|
2670
|
-
/*! @azure/msal-common v15.
|
|
2673
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
2671
2674
|
/*
|
|
2672
2675
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
2673
2676
|
* Licensed under the MIT License.
|
|
@@ -2675,7 +2678,7 @@
|
|
|
2675
2678
|
const cacheQuotaExceededErrorCode = "cache_quota_exceeded";
|
|
2676
2679
|
const cacheUnknownErrorCode = "cache_error_unknown";
|
|
2677
2680
|
|
|
2678
|
-
/*! @azure/msal-common v15.
|
|
2681
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
2679
2682
|
|
|
2680
2683
|
/*
|
|
2681
2684
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -2702,7 +2705,7 @@
|
|
|
2702
2705
|
}
|
|
2703
2706
|
}
|
|
2704
2707
|
|
|
2705
|
-
/*! @azure/msal-common v15.
|
|
2708
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
2706
2709
|
|
|
2707
2710
|
/*
|
|
2708
2711
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3887,7 +3890,7 @@
|
|
|
3887
3890
|
}
|
|
3888
3891
|
}
|
|
3889
3892
|
|
|
3890
|
-
/*! @azure/msal-common v15.
|
|
3893
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
3891
3894
|
|
|
3892
3895
|
/*
|
|
3893
3896
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -3986,7 +3989,7 @@
|
|
|
3986
3989
|
return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
|
|
3987
3990
|
}
|
|
3988
3991
|
|
|
3989
|
-
/*! @azure/msal-common v15.
|
|
3992
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
3990
3993
|
/*
|
|
3991
3994
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3992
3995
|
* Licensed under the MIT License.
|
|
@@ -3996,7 +3999,7 @@
|
|
|
3996
3999
|
UPN: "UPN",
|
|
3997
4000
|
};
|
|
3998
4001
|
|
|
3999
|
-
/*! @azure/msal-common v15.
|
|
4002
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
4000
4003
|
/*
|
|
4001
4004
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4002
4005
|
* Licensed under the MIT License.
|
|
@@ -4028,14 +4031,11 @@
|
|
|
4028
4031
|
const X_APP_VER = "x-app-ver";
|
|
4029
4032
|
const POST_LOGOUT_URI = "post_logout_redirect_uri";
|
|
4030
4033
|
const ID_TOKEN_HINT = "id_token_hint";
|
|
4031
|
-
const DEVICE_CODE = "device_code";
|
|
4032
4034
|
const CLIENT_SECRET = "client_secret";
|
|
4033
4035
|
const CLIENT_ASSERTION = "client_assertion";
|
|
4034
4036
|
const CLIENT_ASSERTION_TYPE = "client_assertion_type";
|
|
4035
4037
|
const TOKEN_TYPE = "token_type";
|
|
4036
4038
|
const REQ_CNF = "req_cnf";
|
|
4037
|
-
const OBO_ASSERTION = "assertion";
|
|
4038
|
-
const REQUESTED_TOKEN_USE = "requested_token_use";
|
|
4039
4039
|
const RETURN_SPA_CODE = "return_spa_code";
|
|
4040
4040
|
const NATIVE_BROKER = "nativebroker";
|
|
4041
4041
|
const LOGOUT_HINT = "logout_hint";
|
|
@@ -4044,76 +4044,10 @@
|
|
|
4044
4044
|
const DOMAIN_HINT = "domain_hint";
|
|
4045
4045
|
const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
|
|
4046
4046
|
const BROKER_CLIENT_ID = "brk_client_id";
|
|
4047
|
-
const BROKER_REDIRECT_URI = "brk_redirect_uri";
|
|
4048
|
-
|
|
4049
|
-
/*! @azure/msal-common v15.2.1 2025-03-11 */
|
|
4050
|
-
|
|
4051
|
-
/*
|
|
4052
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4053
|
-
* Licensed under the MIT License.
|
|
4054
|
-
*/
|
|
4055
|
-
/**
|
|
4056
|
-
* Validates server consumable params from the "request" objects
|
|
4057
|
-
*/
|
|
4058
|
-
class RequestValidator {
|
|
4059
|
-
/**
|
|
4060
|
-
* Utility to check if the `redirectUri` in the request is a non-null value
|
|
4061
|
-
* @param redirectUri
|
|
4062
|
-
*/
|
|
4063
|
-
static validateRedirectUri(redirectUri) {
|
|
4064
|
-
if (!redirectUri) {
|
|
4065
|
-
throw createClientConfigurationError(redirectUriEmpty);
|
|
4066
|
-
}
|
|
4067
|
-
}
|
|
4068
|
-
/**
|
|
4069
|
-
* Utility to validate prompt sent by the user in the request
|
|
4070
|
-
* @param prompt
|
|
4071
|
-
*/
|
|
4072
|
-
static validatePrompt(prompt) {
|
|
4073
|
-
const promptValues = [];
|
|
4074
|
-
for (const value in PromptValue) {
|
|
4075
|
-
promptValues.push(PromptValue[value]);
|
|
4076
|
-
}
|
|
4077
|
-
if (promptValues.indexOf(prompt) < 0) {
|
|
4078
|
-
throw createClientConfigurationError(invalidPromptValue);
|
|
4079
|
-
}
|
|
4080
|
-
}
|
|
4081
|
-
static validateClaims(claims) {
|
|
4082
|
-
try {
|
|
4083
|
-
JSON.parse(claims);
|
|
4084
|
-
}
|
|
4085
|
-
catch (e) {
|
|
4086
|
-
throw createClientConfigurationError(invalidClaims);
|
|
4087
|
-
}
|
|
4088
|
-
}
|
|
4089
|
-
/**
|
|
4090
|
-
* Utility to validate code_challenge and code_challenge_method
|
|
4091
|
-
* @param codeChallenge
|
|
4092
|
-
* @param codeChallengeMethod
|
|
4093
|
-
*/
|
|
4094
|
-
static validateCodeChallengeParams(codeChallenge, codeChallengeMethod) {
|
|
4095
|
-
if (!codeChallenge || !codeChallengeMethod) {
|
|
4096
|
-
throw createClientConfigurationError(pkceParamsMissing);
|
|
4097
|
-
}
|
|
4098
|
-
else {
|
|
4099
|
-
this.validateCodeChallengeMethod(codeChallengeMethod);
|
|
4100
|
-
}
|
|
4101
|
-
}
|
|
4102
|
-
/**
|
|
4103
|
-
* Utility to validate code_challenge_method
|
|
4104
|
-
* @param codeChallengeMethod
|
|
4105
|
-
*/
|
|
4106
|
-
static validateCodeChallengeMethod(codeChallengeMethod) {
|
|
4107
|
-
if ([
|
|
4108
|
-
CodeChallengeMethodValues.PLAIN,
|
|
4109
|
-
CodeChallengeMethodValues.S256,
|
|
4110
|
-
].indexOf(codeChallengeMethod) < 0) {
|
|
4111
|
-
throw createClientConfigurationError(invalidCodeChallengeMethod);
|
|
4112
|
-
}
|
|
4113
|
-
}
|
|
4114
|
-
}
|
|
4047
|
+
const BROKER_REDIRECT_URI = "brk_redirect_uri";
|
|
4048
|
+
const INSTANCE_AWARE = "instance_aware";
|
|
4115
4049
|
|
|
4116
|
-
/*! @azure/msal-common v15.
|
|
4050
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
4117
4051
|
|
|
4118
4052
|
/*
|
|
4119
4053
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4131,397 +4065,344 @@
|
|
|
4131
4065
|
}, correlationId);
|
|
4132
4066
|
}
|
|
4133
4067
|
}
|
|
4134
|
-
/**
|
|
4135
|
-
|
|
4136
|
-
|
|
4137
|
-
|
|
4138
|
-
|
|
4139
|
-
|
|
4140
|
-
|
|
4141
|
-
|
|
4142
|
-
|
|
4143
|
-
|
|
4144
|
-
|
|
4145
|
-
|
|
4146
|
-
|
|
4147
|
-
|
|
4148
|
-
|
|
4149
|
-
|
|
4150
|
-
|
|
4151
|
-
|
|
4152
|
-
|
|
4153
|
-
|
|
4154
|
-
|
|
4155
|
-
|
|
4156
|
-
|
|
4157
|
-
|
|
4158
|
-
|
|
4159
|
-
|
|
4160
|
-
|
|
4161
|
-
|
|
4162
|
-
|
|
4163
|
-
|
|
4164
|
-
|
|
4165
|
-
|
|
4166
|
-
|
|
4167
|
-
|
|
4168
|
-
|
|
4169
|
-
|
|
4170
|
-
|
|
4171
|
-
|
|
4172
|
-
|
|
4173
|
-
|
|
4174
|
-
|
|
4175
|
-
|
|
4176
|
-
|
|
4177
|
-
|
|
4178
|
-
|
|
4179
|
-
|
|
4180
|
-
|
|
4181
|
-
|
|
4182
|
-
|
|
4068
|
+
/**
|
|
4069
|
+
* add response_type = code
|
|
4070
|
+
*/
|
|
4071
|
+
function addResponseTypeCode(parameters) {
|
|
4072
|
+
parameters.set(RESPONSE_TYPE, Constants.CODE_RESPONSE_TYPE);
|
|
4073
|
+
}
|
|
4074
|
+
/**
|
|
4075
|
+
* add response_mode. defaults to query.
|
|
4076
|
+
* @param responseMode
|
|
4077
|
+
*/
|
|
4078
|
+
function addResponseMode(parameters, responseMode) {
|
|
4079
|
+
parameters.set(RESPONSE_MODE, responseMode ? responseMode : ResponseMode.QUERY);
|
|
4080
|
+
}
|
|
4081
|
+
/**
|
|
4082
|
+
* Add flag to indicate STS should attempt to use WAM if available
|
|
4083
|
+
*/
|
|
4084
|
+
function addNativeBroker(parameters) {
|
|
4085
|
+
parameters.set(NATIVE_BROKER, "1");
|
|
4086
|
+
}
|
|
4087
|
+
/**
|
|
4088
|
+
* add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
|
|
4089
|
+
* @param scopeSet
|
|
4090
|
+
* @param addOidcScopes
|
|
4091
|
+
*/
|
|
4092
|
+
function addScopes(parameters, scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {
|
|
4093
|
+
// Always add openid to the scopes when adding OIDC scopes
|
|
4094
|
+
if (addOidcScopes &&
|
|
4095
|
+
!defaultScopes.includes("openid") &&
|
|
4096
|
+
!scopes.includes("openid")) {
|
|
4097
|
+
defaultScopes.push("openid");
|
|
4098
|
+
}
|
|
4099
|
+
const requestScopes = addOidcScopes
|
|
4100
|
+
? [...(scopes || []), ...defaultScopes]
|
|
4101
|
+
: scopes || [];
|
|
4102
|
+
const scopeSet = new ScopeSet(requestScopes);
|
|
4103
|
+
parameters.set(SCOPE, scopeSet.printScopes());
|
|
4104
|
+
}
|
|
4105
|
+
/**
|
|
4106
|
+
* add clientId
|
|
4107
|
+
* @param clientId
|
|
4108
|
+
*/
|
|
4109
|
+
function addClientId(parameters, clientId) {
|
|
4110
|
+
parameters.set(CLIENT_ID, clientId);
|
|
4111
|
+
}
|
|
4112
|
+
/**
|
|
4113
|
+
* add redirect_uri
|
|
4114
|
+
* @param redirectUri
|
|
4115
|
+
*/
|
|
4116
|
+
function addRedirectUri(parameters, redirectUri) {
|
|
4117
|
+
parameters.set(REDIRECT_URI, redirectUri);
|
|
4118
|
+
}
|
|
4119
|
+
/**
|
|
4120
|
+
* add post logout redirectUri
|
|
4121
|
+
* @param redirectUri
|
|
4122
|
+
*/
|
|
4123
|
+
function addPostLogoutRedirectUri(parameters, redirectUri) {
|
|
4124
|
+
parameters.set(POST_LOGOUT_URI, redirectUri);
|
|
4125
|
+
}
|
|
4126
|
+
/**
|
|
4127
|
+
* add id_token_hint to logout request
|
|
4128
|
+
* @param idTokenHint
|
|
4129
|
+
*/
|
|
4130
|
+
function addIdTokenHint(parameters, idTokenHint) {
|
|
4131
|
+
parameters.set(ID_TOKEN_HINT, idTokenHint);
|
|
4132
|
+
}
|
|
4133
|
+
/**
|
|
4134
|
+
* add domain_hint
|
|
4135
|
+
* @param domainHint
|
|
4136
|
+
*/
|
|
4137
|
+
function addDomainHint(parameters, domainHint) {
|
|
4138
|
+
parameters.set(DOMAIN_HINT, domainHint);
|
|
4139
|
+
}
|
|
4140
|
+
/**
|
|
4141
|
+
* add login_hint
|
|
4142
|
+
* @param loginHint
|
|
4143
|
+
*/
|
|
4144
|
+
function addLoginHint(parameters, loginHint) {
|
|
4145
|
+
parameters.set(LOGIN_HINT, loginHint);
|
|
4146
|
+
}
|
|
4147
|
+
/**
|
|
4148
|
+
* Adds the CCS (Cache Credential Service) query parameter for login_hint
|
|
4149
|
+
* @param loginHint
|
|
4150
|
+
*/
|
|
4151
|
+
function addCcsUpn(parameters, loginHint) {
|
|
4152
|
+
parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
|
|
4153
|
+
}
|
|
4154
|
+
/**
|
|
4155
|
+
* Adds the CCS (Cache Credential Service) query parameter for account object
|
|
4156
|
+
* @param loginHint
|
|
4157
|
+
*/
|
|
4158
|
+
function addCcsOid(parameters, clientInfo) {
|
|
4159
|
+
parameters.set(HeaderNames.CCS_HEADER, `Oid:${clientInfo.uid}@${clientInfo.utid}`);
|
|
4160
|
+
}
|
|
4161
|
+
/**
|
|
4162
|
+
* add sid
|
|
4163
|
+
* @param sid
|
|
4164
|
+
*/
|
|
4165
|
+
function addSid(parameters, sid) {
|
|
4166
|
+
parameters.set(SID, sid);
|
|
4167
|
+
}
|
|
4168
|
+
/**
|
|
4169
|
+
* add claims
|
|
4170
|
+
* @param claims
|
|
4171
|
+
*/
|
|
4172
|
+
function addClaims(parameters, claims, clientCapabilities) {
|
|
4173
|
+
const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
|
|
4174
|
+
try {
|
|
4175
|
+
JSON.parse(mergedClaims);
|
|
4183
4176
|
}
|
|
4184
|
-
|
|
4185
|
-
|
|
4186
|
-
* @param clientId
|
|
4187
|
-
*/
|
|
4188
|
-
addClientId(clientId) {
|
|
4189
|
-
this.parameters.set(CLIENT_ID, encodeURIComponent(clientId));
|
|
4177
|
+
catch (e) {
|
|
4178
|
+
throw createClientConfigurationError(invalidClaims);
|
|
4190
4179
|
}
|
|
4191
|
-
|
|
4192
|
-
|
|
4193
|
-
|
|
4194
|
-
|
|
4195
|
-
|
|
4196
|
-
|
|
4197
|
-
|
|
4180
|
+
parameters.set(CLAIMS, mergedClaims);
|
|
4181
|
+
}
|
|
4182
|
+
/**
|
|
4183
|
+
* add correlationId
|
|
4184
|
+
* @param correlationId
|
|
4185
|
+
*/
|
|
4186
|
+
function addCorrelationId(parameters, correlationId) {
|
|
4187
|
+
parameters.set(CLIENT_REQUEST_ID, correlationId);
|
|
4188
|
+
}
|
|
4189
|
+
/**
|
|
4190
|
+
* add library info query params
|
|
4191
|
+
* @param libraryInfo
|
|
4192
|
+
*/
|
|
4193
|
+
function addLibraryInfo(parameters, libraryInfo) {
|
|
4194
|
+
// Telemetry Info
|
|
4195
|
+
parameters.set(X_CLIENT_SKU, libraryInfo.sku);
|
|
4196
|
+
parameters.set(X_CLIENT_VER, libraryInfo.version);
|
|
4197
|
+
if (libraryInfo.os) {
|
|
4198
|
+
parameters.set(X_CLIENT_OS, libraryInfo.os);
|
|
4198
4199
|
}
|
|
4199
|
-
|
|
4200
|
-
|
|
4201
|
-
* @param redirectUri
|
|
4202
|
-
*/
|
|
4203
|
-
addPostLogoutRedirectUri(redirectUri) {
|
|
4204
|
-
RequestValidator.validateRedirectUri(redirectUri);
|
|
4205
|
-
this.parameters.set(POST_LOGOUT_URI, encodeURIComponent(redirectUri));
|
|
4200
|
+
if (libraryInfo.cpu) {
|
|
4201
|
+
parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
|
|
4206
4202
|
}
|
|
4207
|
-
|
|
4208
|
-
|
|
4209
|
-
|
|
4210
|
-
|
|
4211
|
-
|
|
4212
|
-
|
|
4203
|
+
}
|
|
4204
|
+
/**
|
|
4205
|
+
* Add client telemetry parameters
|
|
4206
|
+
* @param appTelemetry
|
|
4207
|
+
*/
|
|
4208
|
+
function addApplicationTelemetry(parameters, appTelemetry) {
|
|
4209
|
+
if (appTelemetry?.appName) {
|
|
4210
|
+
parameters.set(X_APP_NAME, appTelemetry.appName);
|
|
4213
4211
|
}
|
|
4214
|
-
|
|
4215
|
-
|
|
4216
|
-
* @param domainHint
|
|
4217
|
-
*/
|
|
4218
|
-
addDomainHint(domainHint) {
|
|
4219
|
-
this.parameters.set(DOMAIN_HINT, encodeURIComponent(domainHint));
|
|
4212
|
+
if (appTelemetry?.appVersion) {
|
|
4213
|
+
parameters.set(X_APP_VER, appTelemetry.appVersion);
|
|
4220
4214
|
}
|
|
4221
|
-
|
|
4222
|
-
|
|
4223
|
-
|
|
4224
|
-
|
|
4225
|
-
|
|
4226
|
-
|
|
4215
|
+
}
|
|
4216
|
+
/**
|
|
4217
|
+
* add prompt
|
|
4218
|
+
* @param prompt
|
|
4219
|
+
*/
|
|
4220
|
+
function addPrompt(parameters, prompt) {
|
|
4221
|
+
parameters.set(PROMPT, prompt);
|
|
4222
|
+
}
|
|
4223
|
+
/**
|
|
4224
|
+
* add state
|
|
4225
|
+
* @param state
|
|
4226
|
+
*/
|
|
4227
|
+
function addState(parameters, state) {
|
|
4228
|
+
if (state) {
|
|
4229
|
+
parameters.set(STATE, state);
|
|
4227
4230
|
}
|
|
4228
|
-
|
|
4229
|
-
|
|
4230
|
-
|
|
4231
|
-
|
|
4232
|
-
|
|
4233
|
-
|
|
4231
|
+
}
|
|
4232
|
+
/**
|
|
4233
|
+
* add nonce
|
|
4234
|
+
* @param nonce
|
|
4235
|
+
*/
|
|
4236
|
+
function addNonce(parameters, nonce) {
|
|
4237
|
+
parameters.set(NONCE, nonce);
|
|
4238
|
+
}
|
|
4239
|
+
/**
|
|
4240
|
+
* add code_challenge and code_challenge_method
|
|
4241
|
+
* - throw if either of them are not passed
|
|
4242
|
+
* @param codeChallenge
|
|
4243
|
+
* @param codeChallengeMethod
|
|
4244
|
+
*/
|
|
4245
|
+
function addCodeChallengeParams(parameters, codeChallenge, codeChallengeMethod) {
|
|
4246
|
+
if (codeChallenge && codeChallengeMethod) {
|
|
4247
|
+
parameters.set(CODE_CHALLENGE, codeChallenge);
|
|
4248
|
+
parameters.set(CODE_CHALLENGE_METHOD, codeChallengeMethod);
|
|
4234
4249
|
}
|
|
4235
|
-
|
|
4236
|
-
|
|
4237
|
-
* @param loginHint
|
|
4238
|
-
*/
|
|
4239
|
-
addCcsOid(clientInfo) {
|
|
4240
|
-
this.parameters.set(HeaderNames.CCS_HEADER, encodeURIComponent(`Oid:${clientInfo.uid}@${clientInfo.utid}`));
|
|
4250
|
+
else {
|
|
4251
|
+
throw createClientConfigurationError(pkceParamsMissing);
|
|
4241
4252
|
}
|
|
4242
|
-
|
|
4243
|
-
|
|
4244
|
-
|
|
4245
|
-
|
|
4246
|
-
|
|
4247
|
-
|
|
4253
|
+
}
|
|
4254
|
+
/**
|
|
4255
|
+
* add the `authorization_code` passed by the user to exchange for a token
|
|
4256
|
+
* @param code
|
|
4257
|
+
*/
|
|
4258
|
+
function addAuthorizationCode(parameters, code) {
|
|
4259
|
+
parameters.set(CODE, code);
|
|
4260
|
+
}
|
|
4261
|
+
/**
|
|
4262
|
+
* add the `refreshToken` passed by the user
|
|
4263
|
+
* @param refreshToken
|
|
4264
|
+
*/
|
|
4265
|
+
function addRefreshToken(parameters, refreshToken) {
|
|
4266
|
+
parameters.set(REFRESH_TOKEN, refreshToken);
|
|
4267
|
+
}
|
|
4268
|
+
/**
|
|
4269
|
+
* add the `code_verifier` passed by the user to exchange for a token
|
|
4270
|
+
* @param codeVerifier
|
|
4271
|
+
*/
|
|
4272
|
+
function addCodeVerifier(parameters, codeVerifier) {
|
|
4273
|
+
parameters.set(CODE_VERIFIER, codeVerifier);
|
|
4274
|
+
}
|
|
4275
|
+
/**
|
|
4276
|
+
* add client_secret
|
|
4277
|
+
* @param clientSecret
|
|
4278
|
+
*/
|
|
4279
|
+
function addClientSecret(parameters, clientSecret) {
|
|
4280
|
+
parameters.set(CLIENT_SECRET, clientSecret);
|
|
4281
|
+
}
|
|
4282
|
+
/**
|
|
4283
|
+
* add clientAssertion for confidential client flows
|
|
4284
|
+
* @param clientAssertion
|
|
4285
|
+
*/
|
|
4286
|
+
function addClientAssertion(parameters, clientAssertion) {
|
|
4287
|
+
if (clientAssertion) {
|
|
4288
|
+
parameters.set(CLIENT_ASSERTION, clientAssertion);
|
|
4248
4289
|
}
|
|
4249
|
-
|
|
4250
|
-
|
|
4251
|
-
|
|
4252
|
-
|
|
4253
|
-
|
|
4254
|
-
|
|
4255
|
-
|
|
4256
|
-
|
|
4290
|
+
}
|
|
4291
|
+
/**
|
|
4292
|
+
* add clientAssertionType for confidential client flows
|
|
4293
|
+
* @param clientAssertionType
|
|
4294
|
+
*/
|
|
4295
|
+
function addClientAssertionType(parameters, clientAssertionType) {
|
|
4296
|
+
if (clientAssertionType) {
|
|
4297
|
+
parameters.set(CLIENT_ASSERTION_TYPE, clientAssertionType);
|
|
4257
4298
|
}
|
|
4258
|
-
|
|
4259
|
-
|
|
4260
|
-
|
|
4261
|
-
|
|
4262
|
-
|
|
4263
|
-
|
|
4299
|
+
}
|
|
4300
|
+
/**
|
|
4301
|
+
* add grant type
|
|
4302
|
+
* @param grantType
|
|
4303
|
+
*/
|
|
4304
|
+
function addGrantType(parameters, grantType) {
|
|
4305
|
+
parameters.set(GRANT_TYPE, grantType);
|
|
4306
|
+
}
|
|
4307
|
+
/**
|
|
4308
|
+
* add client info
|
|
4309
|
+
*
|
|
4310
|
+
*/
|
|
4311
|
+
function addClientInfo(parameters) {
|
|
4312
|
+
parameters.set(CLIENT_INFO, "1");
|
|
4313
|
+
}
|
|
4314
|
+
function addInstanceAware(parameters) {
|
|
4315
|
+
if (!parameters.has(INSTANCE_AWARE)) {
|
|
4316
|
+
parameters.set(INSTANCE_AWARE, "true");
|
|
4264
4317
|
}
|
|
4265
|
-
|
|
4266
|
-
|
|
4267
|
-
|
|
4268
|
-
|
|
4269
|
-
|
|
4270
|
-
|
|
4271
|
-
|
|
4272
|
-
|
|
4273
|
-
|
|
4274
|
-
this.parameters.set(X_CLIENT_OS, libraryInfo.os);
|
|
4275
|
-
}
|
|
4276
|
-
if (libraryInfo.cpu) {
|
|
4277
|
-
this.parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
|
|
4318
|
+
}
|
|
4319
|
+
/**
|
|
4320
|
+
* add extraQueryParams
|
|
4321
|
+
* @param eQParams
|
|
4322
|
+
*/
|
|
4323
|
+
function addExtraQueryParameters(parameters, eQParams) {
|
|
4324
|
+
Object.entries(eQParams).forEach(([key, value]) => {
|
|
4325
|
+
if (!parameters.has(key) && value) {
|
|
4326
|
+
parameters.set(key, value);
|
|
4278
4327
|
}
|
|
4328
|
+
});
|
|
4329
|
+
}
|
|
4330
|
+
function addClientCapabilitiesToClaims(claims, clientCapabilities) {
|
|
4331
|
+
let mergedClaims;
|
|
4332
|
+
// Parse provided claims into JSON object or initialize empty object
|
|
4333
|
+
if (!claims) {
|
|
4334
|
+
mergedClaims = {};
|
|
4279
4335
|
}
|
|
4280
|
-
|
|
4281
|
-
|
|
4282
|
-
|
|
4283
|
-
*/
|
|
4284
|
-
addApplicationTelemetry(appTelemetry) {
|
|
4285
|
-
if (appTelemetry?.appName) {
|
|
4286
|
-
this.parameters.set(X_APP_NAME, appTelemetry.appName);
|
|
4336
|
+
else {
|
|
4337
|
+
try {
|
|
4338
|
+
mergedClaims = JSON.parse(claims);
|
|
4287
4339
|
}
|
|
4288
|
-
|
|
4289
|
-
|
|
4340
|
+
catch (e) {
|
|
4341
|
+
throw createClientConfigurationError(invalidClaims);
|
|
4290
4342
|
}
|
|
4291
4343
|
}
|
|
4292
|
-
|
|
4293
|
-
|
|
4294
|
-
|
|
4295
|
-
|
|
4296
|
-
addPrompt(prompt) {
|
|
4297
|
-
RequestValidator.validatePrompt(prompt);
|
|
4298
|
-
this.parameters.set(`${PROMPT}`, encodeURIComponent(prompt));
|
|
4299
|
-
}
|
|
4300
|
-
/**
|
|
4301
|
-
* add state
|
|
4302
|
-
* @param state
|
|
4303
|
-
*/
|
|
4304
|
-
addState(state) {
|
|
4305
|
-
if (state) {
|
|
4306
|
-
this.parameters.set(STATE, encodeURIComponent(state));
|
|
4344
|
+
if (clientCapabilities && clientCapabilities.length > 0) {
|
|
4345
|
+
if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
|
|
4346
|
+
// Add access_token key to claims object
|
|
4347
|
+
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
|
|
4307
4348
|
}
|
|
4349
|
+
// Add xms_cc claim with provided clientCapabilities to access_token key
|
|
4350
|
+
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
|
|
4351
|
+
{
|
|
4352
|
+
values: clientCapabilities,
|
|
4353
|
+
};
|
|
4308
4354
|
}
|
|
4309
|
-
|
|
4310
|
-
|
|
4311
|
-
|
|
4312
|
-
|
|
4313
|
-
|
|
4314
|
-
|
|
4355
|
+
return JSON.stringify(mergedClaims);
|
|
4356
|
+
}
|
|
4357
|
+
/**
|
|
4358
|
+
* add pop_jwk to query params
|
|
4359
|
+
* @param cnfString
|
|
4360
|
+
*/
|
|
4361
|
+
function addPopToken(parameters, cnfString) {
|
|
4362
|
+
if (cnfString) {
|
|
4363
|
+
parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
|
|
4364
|
+
parameters.set(REQ_CNF, cnfString);
|
|
4315
4365
|
}
|
|
4316
|
-
|
|
4317
|
-
|
|
4318
|
-
|
|
4319
|
-
|
|
4320
|
-
|
|
4321
|
-
|
|
4322
|
-
|
|
4323
|
-
|
|
4324
|
-
if (codeChallenge && codeChallengeMethod) {
|
|
4325
|
-
this.parameters.set(CODE_CHALLENGE, encodeURIComponent(codeChallenge));
|
|
4326
|
-
this.parameters.set(CODE_CHALLENGE_METHOD, encodeURIComponent(codeChallengeMethod));
|
|
4327
|
-
}
|
|
4328
|
-
else {
|
|
4329
|
-
throw createClientConfigurationError(pkceParamsMissing);
|
|
4330
|
-
}
|
|
4331
|
-
}
|
|
4332
|
-
/**
|
|
4333
|
-
* add the `authorization_code` passed by the user to exchange for a token
|
|
4334
|
-
* @param code
|
|
4335
|
-
*/
|
|
4336
|
-
addAuthorizationCode(code) {
|
|
4337
|
-
this.parameters.set(CODE, encodeURIComponent(code));
|
|
4338
|
-
}
|
|
4339
|
-
/**
|
|
4340
|
-
* add the `authorization_code` passed by the user to exchange for a token
|
|
4341
|
-
* @param code
|
|
4342
|
-
*/
|
|
4343
|
-
addDeviceCode(code) {
|
|
4344
|
-
this.parameters.set(DEVICE_CODE, encodeURIComponent(code));
|
|
4345
|
-
}
|
|
4346
|
-
/**
|
|
4347
|
-
* add the `refreshToken` passed by the user
|
|
4348
|
-
* @param refreshToken
|
|
4349
|
-
*/
|
|
4350
|
-
addRefreshToken(refreshToken) {
|
|
4351
|
-
this.parameters.set(REFRESH_TOKEN, encodeURIComponent(refreshToken));
|
|
4352
|
-
}
|
|
4353
|
-
/**
|
|
4354
|
-
* add the `code_verifier` passed by the user to exchange for a token
|
|
4355
|
-
* @param codeVerifier
|
|
4356
|
-
*/
|
|
4357
|
-
addCodeVerifier(codeVerifier) {
|
|
4358
|
-
this.parameters.set(CODE_VERIFIER, encodeURIComponent(codeVerifier));
|
|
4359
|
-
}
|
|
4360
|
-
/**
|
|
4361
|
-
* add client_secret
|
|
4362
|
-
* @param clientSecret
|
|
4363
|
-
*/
|
|
4364
|
-
addClientSecret(clientSecret) {
|
|
4365
|
-
this.parameters.set(CLIENT_SECRET, encodeURIComponent(clientSecret));
|
|
4366
|
-
}
|
|
4367
|
-
/**
|
|
4368
|
-
* add clientAssertion for confidential client flows
|
|
4369
|
-
* @param clientAssertion
|
|
4370
|
-
*/
|
|
4371
|
-
addClientAssertion(clientAssertion) {
|
|
4372
|
-
if (clientAssertion) {
|
|
4373
|
-
this.parameters.set(CLIENT_ASSERTION, encodeURIComponent(clientAssertion));
|
|
4374
|
-
}
|
|
4375
|
-
}
|
|
4376
|
-
/**
|
|
4377
|
-
* add clientAssertionType for confidential client flows
|
|
4378
|
-
* @param clientAssertionType
|
|
4379
|
-
*/
|
|
4380
|
-
addClientAssertionType(clientAssertionType) {
|
|
4381
|
-
if (clientAssertionType) {
|
|
4382
|
-
this.parameters.set(CLIENT_ASSERTION_TYPE, encodeURIComponent(clientAssertionType));
|
|
4383
|
-
}
|
|
4384
|
-
}
|
|
4385
|
-
/**
|
|
4386
|
-
* add OBO assertion for confidential client flows
|
|
4387
|
-
* @param clientAssertion
|
|
4388
|
-
*/
|
|
4389
|
-
addOboAssertion(oboAssertion) {
|
|
4390
|
-
this.parameters.set(OBO_ASSERTION, encodeURIComponent(oboAssertion));
|
|
4391
|
-
}
|
|
4392
|
-
/**
|
|
4393
|
-
* add grant type
|
|
4394
|
-
* @param grantType
|
|
4395
|
-
*/
|
|
4396
|
-
addRequestTokenUse(tokenUse) {
|
|
4397
|
-
this.parameters.set(REQUESTED_TOKEN_USE, encodeURIComponent(tokenUse));
|
|
4398
|
-
}
|
|
4399
|
-
/**
|
|
4400
|
-
* add grant type
|
|
4401
|
-
* @param grantType
|
|
4402
|
-
*/
|
|
4403
|
-
addGrantType(grantType) {
|
|
4404
|
-
this.parameters.set(GRANT_TYPE, encodeURIComponent(grantType));
|
|
4405
|
-
}
|
|
4406
|
-
/**
|
|
4407
|
-
* add client info
|
|
4408
|
-
*
|
|
4409
|
-
*/
|
|
4410
|
-
addClientInfo() {
|
|
4411
|
-
this.parameters.set(CLIENT_INFO, "1");
|
|
4412
|
-
}
|
|
4413
|
-
/**
|
|
4414
|
-
* add extraQueryParams
|
|
4415
|
-
* @param eQParams
|
|
4416
|
-
*/
|
|
4417
|
-
addExtraQueryParameters(eQParams) {
|
|
4418
|
-
Object.entries(eQParams).forEach(([key, value]) => {
|
|
4419
|
-
if (!this.parameters.has(key) && value) {
|
|
4420
|
-
this.parameters.set(key, value);
|
|
4421
|
-
}
|
|
4422
|
-
});
|
|
4423
|
-
}
|
|
4424
|
-
addClientCapabilitiesToClaims(claims, clientCapabilities) {
|
|
4425
|
-
let mergedClaims;
|
|
4426
|
-
// Parse provided claims into JSON object or initialize empty object
|
|
4427
|
-
if (!claims) {
|
|
4428
|
-
mergedClaims = {};
|
|
4429
|
-
}
|
|
4430
|
-
else {
|
|
4431
|
-
try {
|
|
4432
|
-
mergedClaims = JSON.parse(claims);
|
|
4433
|
-
}
|
|
4434
|
-
catch (e) {
|
|
4435
|
-
throw createClientConfigurationError(invalidClaims);
|
|
4436
|
-
}
|
|
4437
|
-
}
|
|
4438
|
-
if (clientCapabilities && clientCapabilities.length > 0) {
|
|
4439
|
-
if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
|
|
4440
|
-
// Add access_token key to claims object
|
|
4441
|
-
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
|
|
4442
|
-
}
|
|
4443
|
-
// Add xms_cc claim with provided clientCapabilities to access_token key
|
|
4444
|
-
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] = {
|
|
4445
|
-
values: clientCapabilities,
|
|
4446
|
-
};
|
|
4447
|
-
}
|
|
4448
|
-
return JSON.stringify(mergedClaims);
|
|
4449
|
-
}
|
|
4450
|
-
/**
|
|
4451
|
-
* adds `username` for Password Grant flow
|
|
4452
|
-
* @param username
|
|
4453
|
-
*/
|
|
4454
|
-
addUsername(username) {
|
|
4455
|
-
this.parameters.set(PasswordGrantConstants.username, encodeURIComponent(username));
|
|
4456
|
-
}
|
|
4457
|
-
/**
|
|
4458
|
-
* adds `password` for Password Grant flow
|
|
4459
|
-
* @param password
|
|
4460
|
-
*/
|
|
4461
|
-
addPassword(password) {
|
|
4462
|
-
this.parameters.set(PasswordGrantConstants.password, encodeURIComponent(password));
|
|
4463
|
-
}
|
|
4464
|
-
/**
|
|
4465
|
-
* add pop_jwk to query params
|
|
4466
|
-
* @param cnfString
|
|
4467
|
-
*/
|
|
4468
|
-
addPopToken(cnfString) {
|
|
4469
|
-
if (cnfString) {
|
|
4470
|
-
this.parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
|
|
4471
|
-
this.parameters.set(REQ_CNF, encodeURIComponent(cnfString));
|
|
4472
|
-
}
|
|
4473
|
-
}
|
|
4474
|
-
/**
|
|
4475
|
-
* add SSH JWK and key ID to query params
|
|
4476
|
-
*/
|
|
4477
|
-
addSshJwk(sshJwkString) {
|
|
4478
|
-
if (sshJwkString) {
|
|
4479
|
-
this.parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
|
|
4480
|
-
this.parameters.set(REQ_CNF, encodeURIComponent(sshJwkString));
|
|
4481
|
-
}
|
|
4482
|
-
}
|
|
4483
|
-
/**
|
|
4484
|
-
* add server telemetry fields
|
|
4485
|
-
* @param serverTelemetryManager
|
|
4486
|
-
*/
|
|
4487
|
-
addServerTelemetry(serverTelemetryManager) {
|
|
4488
|
-
this.parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
|
|
4489
|
-
this.parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
|
|
4490
|
-
}
|
|
4491
|
-
/**
|
|
4492
|
-
* Adds parameter that indicates to the server that throttling is supported
|
|
4493
|
-
*/
|
|
4494
|
-
addThrottling() {
|
|
4495
|
-
this.parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
|
|
4496
|
-
}
|
|
4497
|
-
/**
|
|
4498
|
-
* Adds logout_hint parameter for "silent" logout which prevent server account picker
|
|
4499
|
-
*/
|
|
4500
|
-
addLogoutHint(logoutHint) {
|
|
4501
|
-
this.parameters.set(LOGOUT_HINT, encodeURIComponent(logoutHint));
|
|
4366
|
+
}
|
|
4367
|
+
/**
|
|
4368
|
+
* add SSH JWK and key ID to query params
|
|
4369
|
+
*/
|
|
4370
|
+
function addSshJwk(parameters, sshJwkString) {
|
|
4371
|
+
if (sshJwkString) {
|
|
4372
|
+
parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
|
|
4373
|
+
parameters.set(REQ_CNF, sshJwkString);
|
|
4502
4374
|
}
|
|
4503
|
-
|
|
4504
|
-
|
|
4505
|
-
|
|
4506
|
-
|
|
4507
|
-
|
|
4508
|
-
|
|
4509
|
-
|
|
4375
|
+
}
|
|
4376
|
+
/**
|
|
4377
|
+
* add server telemetry fields
|
|
4378
|
+
* @param serverTelemetryManager
|
|
4379
|
+
*/
|
|
4380
|
+
function addServerTelemetry(parameters, serverTelemetryManager) {
|
|
4381
|
+
parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
|
|
4382
|
+
parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
|
|
4383
|
+
}
|
|
4384
|
+
/**
|
|
4385
|
+
* Adds parameter that indicates to the server that throttling is supported
|
|
4386
|
+
*/
|
|
4387
|
+
function addThrottling(parameters) {
|
|
4388
|
+
parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
|
|
4389
|
+
}
|
|
4390
|
+
/**
|
|
4391
|
+
* Adds logout_hint parameter for "silent" logout which prevent server account picker
|
|
4392
|
+
*/
|
|
4393
|
+
function addLogoutHint(parameters, logoutHint) {
|
|
4394
|
+
parameters.set(LOGOUT_HINT, logoutHint);
|
|
4395
|
+
}
|
|
4396
|
+
function addBrokerParameters(parameters, brokerClientId, brokerRedirectUri) {
|
|
4397
|
+
if (!parameters.has(BROKER_CLIENT_ID)) {
|
|
4398
|
+
parameters.set(BROKER_CLIENT_ID, brokerClientId);
|
|
4510
4399
|
}
|
|
4511
|
-
|
|
4512
|
-
|
|
4513
|
-
*/
|
|
4514
|
-
createQueryString() {
|
|
4515
|
-
const queryParameterArray = new Array();
|
|
4516
|
-
this.parameters.forEach((value, key) => {
|
|
4517
|
-
queryParameterArray.push(`${key}=${value}`);
|
|
4518
|
-
});
|
|
4519
|
-
instrumentBrokerParams(this.parameters, this.correlationId, this.performanceClient);
|
|
4520
|
-
return queryParameterArray.join("&");
|
|
4400
|
+
if (!parameters.has(BROKER_REDIRECT_URI)) {
|
|
4401
|
+
parameters.set(BROKER_REDIRECT_URI, brokerRedirectUri);
|
|
4521
4402
|
}
|
|
4522
4403
|
}
|
|
4523
4404
|
|
|
4524
|
-
/*! @azure/msal-common v15.
|
|
4405
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
4525
4406
|
/*
|
|
4526
4407
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4527
4408
|
* Licensed under the MIT License.
|
|
@@ -4533,7 +4414,7 @@
|
|
|
4533
4414
|
response.hasOwnProperty("jwks_uri"));
|
|
4534
4415
|
}
|
|
4535
4416
|
|
|
4536
|
-
/*! @azure/msal-common v15.
|
|
4417
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
4537
4418
|
/*
|
|
4538
4419
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4539
4420
|
* Licensed under the MIT License.
|
|
@@ -4543,7 +4424,7 @@
|
|
|
4543
4424
|
response.hasOwnProperty("metadata"));
|
|
4544
4425
|
}
|
|
4545
4426
|
|
|
4546
|
-
/*! @azure/msal-common v15.
|
|
4427
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
4547
4428
|
/*
|
|
4548
4429
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4549
4430
|
* Licensed under the MIT License.
|
|
@@ -4553,7 +4434,7 @@
|
|
|
4553
4434
|
response.hasOwnProperty("error_description"));
|
|
4554
4435
|
}
|
|
4555
4436
|
|
|
4556
|
-
/*! @azure/msal-common v15.
|
|
4437
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
4557
4438
|
/*
|
|
4558
4439
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4559
4440
|
* Licensed under the MIT License.
|
|
@@ -4729,11 +4610,11 @@
|
|
|
4729
4610
|
StandardInteractionClientCreateAuthCodeClient: "standardInteractionClientCreateAuthCodeClient",
|
|
4730
4611
|
StandardInteractionClientGetClientConfiguration: "standardInteractionClientGetClientConfiguration",
|
|
4731
4612
|
StandardInteractionClientInitializeAuthorizationRequest: "standardInteractionClientInitializeAuthorizationRequest",
|
|
4732
|
-
StandardInteractionClientInitializeAuthorizationCodeRequest: "standardInteractionClientInitializeAuthorizationCodeRequest",
|
|
4733
4613
|
/**
|
|
4734
4614
|
* getAuthCodeUrl API (msal-browser and msal-node).
|
|
4735
4615
|
*/
|
|
4736
4616
|
GetAuthCodeUrl: "getAuthCodeUrl",
|
|
4617
|
+
GetStandardParams: "getStandardParams",
|
|
4737
4618
|
/**
|
|
4738
4619
|
* Functions from InteractionHandler (msal-browser)
|
|
4739
4620
|
*/
|
|
@@ -4746,7 +4627,6 @@
|
|
|
4746
4627
|
AuthClientAcquireToken: "authClientAcquireToken",
|
|
4747
4628
|
AuthClientExecuteTokenRequest: "authClientExecuteTokenRequest",
|
|
4748
4629
|
AuthClientCreateTokenRequestBody: "authClientCreateTokenRequestBody",
|
|
4749
|
-
AuthClientCreateQueryString: "authClientCreateQueryString",
|
|
4750
4630
|
/**
|
|
4751
4631
|
* Generate functions in PopTokenGenerator (msal-common)
|
|
4752
4632
|
*/
|
|
@@ -4917,10 +4797,6 @@
|
|
|
4917
4797
|
PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,
|
|
4918
4798
|
"StdIntClientInitAuthReq",
|
|
4919
4799
|
],
|
|
4920
|
-
[
|
|
4921
|
-
PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
|
|
4922
|
-
"StdIntClientInitAuthCodeReq",
|
|
4923
|
-
],
|
|
4924
4800
|
[PerformanceEvents.GetAuthCodeUrl, "GetAuthCodeUrl"],
|
|
4925
4801
|
[
|
|
4926
4802
|
PerformanceEvents.HandleCodeResponseFromServer,
|
|
@@ -4934,10 +4810,6 @@
|
|
|
4934
4810
|
PerformanceEvents.AuthClientCreateTokenRequestBody,
|
|
4935
4811
|
"AuthClientCreateTReqBody",
|
|
4936
4812
|
],
|
|
4937
|
-
[
|
|
4938
|
-
PerformanceEvents.AuthClientCreateQueryString,
|
|
4939
|
-
"AuthClientCreateQueryStr",
|
|
4940
|
-
],
|
|
4941
4813
|
[PerformanceEvents.PopTokenGenerateCnf, "PopTGenCnf"],
|
|
4942
4814
|
[PerformanceEvents.PopTokenGenerateKid, "PopTGenKid"],
|
|
4943
4815
|
[PerformanceEvents.HandleServerTokenResponse, "HandleServerTRes"],
|
|
@@ -5062,7 +4934,7 @@
|
|
|
5062
4934
|
"encryptedCacheExpiredCount",
|
|
5063
4935
|
]);
|
|
5064
4936
|
|
|
5065
|
-
/*! @azure/msal-common v15.
|
|
4937
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
5066
4938
|
/*
|
|
5067
4939
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5068
4940
|
* Licensed under the MIT License.
|
|
@@ -5158,7 +5030,7 @@
|
|
|
5158
5030
|
};
|
|
5159
5031
|
};
|
|
5160
5032
|
|
|
5161
|
-
/*! @azure/msal-common v15.
|
|
5033
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
5162
5034
|
|
|
5163
5035
|
/*
|
|
5164
5036
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -5267,7 +5139,7 @@
|
|
|
5267
5139
|
},
|
|
5268
5140
|
};
|
|
5269
5141
|
|
|
5270
|
-
/*! @azure/msal-common v15.
|
|
5142
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
5271
5143
|
|
|
5272
5144
|
/*
|
|
5273
5145
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6106,7 +5978,7 @@
|
|
|
6106
5978
|
};
|
|
6107
5979
|
}
|
|
6108
5980
|
|
|
6109
|
-
/*! @azure/msal-common v15.
|
|
5981
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6110
5982
|
|
|
6111
5983
|
/*
|
|
6112
5984
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6137,7 +6009,7 @@
|
|
|
6137
6009
|
}
|
|
6138
6010
|
}
|
|
6139
6011
|
|
|
6140
|
-
/*! @azure/msal-common v15.
|
|
6012
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6141
6013
|
|
|
6142
6014
|
/*
|
|
6143
6015
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6156,7 +6028,7 @@
|
|
|
6156
6028
|
}
|
|
6157
6029
|
}
|
|
6158
6030
|
|
|
6159
|
-
/*! @azure/msal-common v15.
|
|
6031
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6160
6032
|
/*
|
|
6161
6033
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6162
6034
|
* Licensed under the MIT License.
|
|
@@ -6177,7 +6049,7 @@
|
|
|
6177
6049
|
};
|
|
6178
6050
|
}
|
|
6179
6051
|
|
|
6180
|
-
/*! @azure/msal-common v15.
|
|
6052
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6181
6053
|
|
|
6182
6054
|
/*
|
|
6183
6055
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6264,7 +6136,7 @@
|
|
|
6264
6136
|
}
|
|
6265
6137
|
}
|
|
6266
6138
|
|
|
6267
|
-
/*! @azure/msal-common v15.
|
|
6139
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6268
6140
|
|
|
6269
6141
|
/*
|
|
6270
6142
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6294,7 +6166,7 @@
|
|
|
6294
6166
|
return new NetworkError(error, httpStatus, responseHeaders);
|
|
6295
6167
|
}
|
|
6296
6168
|
|
|
6297
|
-
/*! @azure/msal-common v15.
|
|
6169
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6298
6170
|
|
|
6299
6171
|
/*
|
|
6300
6172
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6429,22 +6301,20 @@
|
|
|
6429
6301
|
* @param request
|
|
6430
6302
|
*/
|
|
6431
6303
|
createTokenQueryParameters(request) {
|
|
6432
|
-
const
|
|
6304
|
+
const parameters = new Map();
|
|
6433
6305
|
if (request.embeddedClientId) {
|
|
6434
|
-
|
|
6435
|
-
brokerClientId: this.config.authOptions.clientId,
|
|
6436
|
-
brokerRedirectUri: this.config.authOptions.redirectUri,
|
|
6437
|
-
});
|
|
6306
|
+
addBrokerParameters(parameters, this.config.authOptions.clientId, this.config.authOptions.redirectUri);
|
|
6438
6307
|
}
|
|
6439
6308
|
if (request.tokenQueryParameters) {
|
|
6440
|
-
|
|
6309
|
+
addExtraQueryParameters(parameters, request.tokenQueryParameters);
|
|
6441
6310
|
}
|
|
6442
|
-
|
|
6443
|
-
|
|
6311
|
+
addCorrelationId(parameters, request.correlationId);
|
|
6312
|
+
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
6313
|
+
return mapToQueryString(parameters);
|
|
6444
6314
|
}
|
|
6445
6315
|
}
|
|
6446
6316
|
|
|
6447
|
-
/*! @azure/msal-common v15.
|
|
6317
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6448
6318
|
/*
|
|
6449
6319
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6450
6320
|
* Licensed under the MIT License.
|
|
@@ -6470,7 +6340,7 @@
|
|
|
6470
6340
|
refreshTokenExpired: refreshTokenExpired
|
|
6471
6341
|
});
|
|
6472
6342
|
|
|
6473
|
-
/*! @azure/msal-common v15.
|
|
6343
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6474
6344
|
|
|
6475
6345
|
/*
|
|
6476
6346
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6558,7 +6428,7 @@
|
|
|
6558
6428
|
return new InteractionRequiredAuthError(errorCode, InteractionRequiredAuthErrorMessages[errorCode]);
|
|
6559
6429
|
}
|
|
6560
6430
|
|
|
6561
|
-
/*! @azure/msal-common v15.
|
|
6431
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6562
6432
|
|
|
6563
6433
|
/*
|
|
6564
6434
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6630,7 +6500,7 @@
|
|
|
6630
6500
|
}
|
|
6631
6501
|
}
|
|
6632
6502
|
|
|
6633
|
-
/*! @azure/msal-common v15.
|
|
6503
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6634
6504
|
|
|
6635
6505
|
/*
|
|
6636
6506
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -6714,7 +6584,7 @@
|
|
|
6714
6584
|
}
|
|
6715
6585
|
}
|
|
6716
6586
|
|
|
6717
|
-
/*! @azure/msal-common v15.
|
|
6587
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6718
6588
|
/*
|
|
6719
6589
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6720
6590
|
* Licensed under the MIT License.
|
|
@@ -6741,19 +6611,12 @@
|
|
|
6741
6611
|
}
|
|
6742
6612
|
}
|
|
6743
6613
|
|
|
6744
|
-
/*! @azure/msal-common v15.
|
|
6614
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6745
6615
|
|
|
6746
6616
|
/*
|
|
6747
6617
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6748
6618
|
* Licensed under the MIT License.
|
|
6749
6619
|
*/
|
|
6750
|
-
function parseServerErrorNo(serverResponse) {
|
|
6751
|
-
const errorCodePrefix = "code=";
|
|
6752
|
-
const errorCodePrefixIndex = serverResponse.error_uri?.lastIndexOf(errorCodePrefix);
|
|
6753
|
-
return errorCodePrefixIndex && errorCodePrefixIndex >= 0
|
|
6754
|
-
? serverResponse.error_uri?.substring(errorCodePrefixIndex + errorCodePrefix.length)
|
|
6755
|
-
: undefined;
|
|
6756
|
-
}
|
|
6757
6620
|
/**
|
|
6758
6621
|
* Class that handles response parsing.
|
|
6759
6622
|
* @internal
|
|
@@ -6768,46 +6631,6 @@
|
|
|
6768
6631
|
this.persistencePlugin = persistencePlugin;
|
|
6769
6632
|
this.performanceClient = performanceClient;
|
|
6770
6633
|
}
|
|
6771
|
-
/**
|
|
6772
|
-
* Function which validates server authorization code response.
|
|
6773
|
-
* @param serverResponseHash
|
|
6774
|
-
* @param requestState
|
|
6775
|
-
* @param cryptoObj
|
|
6776
|
-
*/
|
|
6777
|
-
validateServerAuthorizationCodeResponse(serverResponse, requestState) {
|
|
6778
|
-
if (!serverResponse.state || !requestState) {
|
|
6779
|
-
throw serverResponse.state
|
|
6780
|
-
? createClientAuthError(stateNotFound, "Cached State")
|
|
6781
|
-
: createClientAuthError(stateNotFound, "Server State");
|
|
6782
|
-
}
|
|
6783
|
-
let decodedServerResponseState;
|
|
6784
|
-
let decodedRequestState;
|
|
6785
|
-
try {
|
|
6786
|
-
decodedServerResponseState = decodeURIComponent(serverResponse.state);
|
|
6787
|
-
}
|
|
6788
|
-
catch (e) {
|
|
6789
|
-
throw createClientAuthError(invalidState, serverResponse.state);
|
|
6790
|
-
}
|
|
6791
|
-
try {
|
|
6792
|
-
decodedRequestState = decodeURIComponent(requestState);
|
|
6793
|
-
}
|
|
6794
|
-
catch (e) {
|
|
6795
|
-
throw createClientAuthError(invalidState, serverResponse.state);
|
|
6796
|
-
}
|
|
6797
|
-
if (decodedServerResponseState !== decodedRequestState) {
|
|
6798
|
-
throw createClientAuthError(stateMismatch);
|
|
6799
|
-
}
|
|
6800
|
-
// Check for error
|
|
6801
|
-
if (serverResponse.error ||
|
|
6802
|
-
serverResponse.error_description ||
|
|
6803
|
-
serverResponse.suberror) {
|
|
6804
|
-
const serverErrorNo = parseServerErrorNo(serverResponse);
|
|
6805
|
-
if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) {
|
|
6806
|
-
throw new InteractionRequiredAuthError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || "", serverResponse.trace_id || "", serverResponse.correlation_id || "", serverResponse.claims || "", serverErrorNo);
|
|
6807
|
-
}
|
|
6808
|
-
throw new ServerError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverErrorNo);
|
|
6809
|
-
}
|
|
6810
|
-
}
|
|
6811
6634
|
/**
|
|
6812
6635
|
* Function which validates server authorization token response.
|
|
6813
6636
|
* @param serverResponse
|
|
@@ -7119,7 +6942,74 @@
|
|
|
7119
6942
|
return baseAccount;
|
|
7120
6943
|
}
|
|
7121
6944
|
|
|
7122
|
-
/*! @azure/msal-common v15.
|
|
6945
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
6946
|
+
|
|
6947
|
+
/*
|
|
6948
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
6949
|
+
* Licensed under the MIT License.
|
|
6950
|
+
*/
|
|
6951
|
+
/**
|
|
6952
|
+
* Validates server consumable params from the "request" objects
|
|
6953
|
+
*/
|
|
6954
|
+
class RequestValidator {
|
|
6955
|
+
/**
|
|
6956
|
+
* Utility to check if the `redirectUri` in the request is a non-null value
|
|
6957
|
+
* @param redirectUri
|
|
6958
|
+
*/
|
|
6959
|
+
static validateRedirectUri(redirectUri) {
|
|
6960
|
+
if (!redirectUri) {
|
|
6961
|
+
throw createClientConfigurationError(redirectUriEmpty);
|
|
6962
|
+
}
|
|
6963
|
+
}
|
|
6964
|
+
/**
|
|
6965
|
+
* Utility to validate prompt sent by the user in the request
|
|
6966
|
+
* @param prompt
|
|
6967
|
+
*/
|
|
6968
|
+
static validatePrompt(prompt) {
|
|
6969
|
+
const promptValues = [];
|
|
6970
|
+
for (const value in PromptValue) {
|
|
6971
|
+
promptValues.push(PromptValue[value]);
|
|
6972
|
+
}
|
|
6973
|
+
if (promptValues.indexOf(prompt) < 0) {
|
|
6974
|
+
throw createClientConfigurationError(invalidPromptValue);
|
|
6975
|
+
}
|
|
6976
|
+
}
|
|
6977
|
+
static validateClaims(claims) {
|
|
6978
|
+
try {
|
|
6979
|
+
JSON.parse(claims);
|
|
6980
|
+
}
|
|
6981
|
+
catch (e) {
|
|
6982
|
+
throw createClientConfigurationError(invalidClaims);
|
|
6983
|
+
}
|
|
6984
|
+
}
|
|
6985
|
+
/**
|
|
6986
|
+
* Utility to validate code_challenge and code_challenge_method
|
|
6987
|
+
* @param codeChallenge
|
|
6988
|
+
* @param codeChallengeMethod
|
|
6989
|
+
*/
|
|
6990
|
+
static validateCodeChallengeParams(codeChallenge, codeChallengeMethod) {
|
|
6991
|
+
if (!codeChallenge || !codeChallengeMethod) {
|
|
6992
|
+
throw createClientConfigurationError(pkceParamsMissing);
|
|
6993
|
+
}
|
|
6994
|
+
else {
|
|
6995
|
+
this.validateCodeChallengeMethod(codeChallengeMethod);
|
|
6996
|
+
}
|
|
6997
|
+
}
|
|
6998
|
+
/**
|
|
6999
|
+
* Utility to validate code_challenge_method
|
|
7000
|
+
* @param codeChallengeMethod
|
|
7001
|
+
*/
|
|
7002
|
+
static validateCodeChallengeMethod(codeChallengeMethod) {
|
|
7003
|
+
if ([
|
|
7004
|
+
CodeChallengeMethodValues.PLAIN,
|
|
7005
|
+
CodeChallengeMethodValues.S256,
|
|
7006
|
+
].indexOf(codeChallengeMethod) < 0) {
|
|
7007
|
+
throw createClientConfigurationError(invalidCodeChallengeMethod);
|
|
7008
|
+
}
|
|
7009
|
+
}
|
|
7010
|
+
}
|
|
7011
|
+
|
|
7012
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
7123
7013
|
/*
|
|
7124
7014
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7125
7015
|
* Licensed under the MIT License.
|
|
@@ -7137,7 +7027,7 @@
|
|
|
7137
7027
|
}
|
|
7138
7028
|
}
|
|
7139
7029
|
|
|
7140
|
-
/*! @azure/msal-common v15.
|
|
7030
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
7141
7031
|
|
|
7142
7032
|
/*
|
|
7143
7033
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7155,21 +7045,6 @@
|
|
|
7155
7045
|
this.oidcDefaultScopes =
|
|
7156
7046
|
this.config.authOptions.authority.options.OIDCOptions?.defaultScopes;
|
|
7157
7047
|
}
|
|
7158
|
-
/**
|
|
7159
|
-
* Creates the URL of the authorization request letting the user input credentials and consent to the
|
|
7160
|
-
* application. The URL target the /authorize endpoint of the authority configured in the
|
|
7161
|
-
* application object.
|
|
7162
|
-
*
|
|
7163
|
-
* Once the user inputs their credentials and consents, the authority will send a response to the redirect URI
|
|
7164
|
-
* sent in the request and should contain an authorization code, which can then be used to acquire tokens via
|
|
7165
|
-
* acquireToken(AuthorizationCodeRequest)
|
|
7166
|
-
* @param request
|
|
7167
|
-
*/
|
|
7168
|
-
async getAuthCodeUrl(request) {
|
|
7169
|
-
this.performanceClient?.addQueueMeasurement(PerformanceEvents.GetAuthCodeUrl, request.correlationId);
|
|
7170
|
-
const queryString = await invokeAsync(this.createAuthCodeUrlQueryString.bind(this), PerformanceEvents.AuthClientCreateQueryString, this.logger, this.performanceClient, request.correlationId)(request);
|
|
7171
|
-
return UrlString.appendQueryString(this.authority.authorizationEndpoint, queryString);
|
|
7172
|
-
}
|
|
7173
7048
|
/**
|
|
7174
7049
|
* API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
|
|
7175
7050
|
* authorization_code_grant
|
|
@@ -7189,22 +7064,6 @@
|
|
|
7189
7064
|
responseHandler.validateTokenResponse(response.body);
|
|
7190
7065
|
return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, undefined, undefined, undefined, requestId);
|
|
7191
7066
|
}
|
|
7192
|
-
/**
|
|
7193
|
-
* Handles the hash fragment response from public client code request. Returns a code response used by
|
|
7194
|
-
* the client to exchange for a token in acquireToken.
|
|
7195
|
-
* @param hashFragment
|
|
7196
|
-
*/
|
|
7197
|
-
handleFragmentResponse(serverParams, cachedState) {
|
|
7198
|
-
// Handle responses.
|
|
7199
|
-
const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, null, null);
|
|
7200
|
-
// Get code response
|
|
7201
|
-
responseHandler.validateServerAuthorizationCodeResponse(serverParams, cachedState);
|
|
7202
|
-
// throw when there is no auth code in the response
|
|
7203
|
-
if (!serverParams.code) {
|
|
7204
|
-
throw createClientAuthError(authorizationCodeMissingFromServerResponse);
|
|
7205
|
-
}
|
|
7206
|
-
return serverParams;
|
|
7207
|
-
}
|
|
7208
7067
|
/**
|
|
7209
7068
|
* Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
|
|
7210
7069
|
* Default behaviour is to redirect the user to `window.location.href`.
|
|
@@ -7252,8 +7111,8 @@
|
|
|
7252
7111
|
*/
|
|
7253
7112
|
async createTokenRequestBody(request) {
|
|
7254
7113
|
this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateTokenRequestBody, request.correlationId);
|
|
7255
|
-
const
|
|
7256
|
-
|
|
7114
|
+
const parameters = new Map();
|
|
7115
|
+
addClientId(parameters, request.embeddedClientId ||
|
|
7257
7116
|
request.tokenBodyParameters?.[CLIENT_ID] ||
|
|
7258
7117
|
this.config.authOptions.clientId);
|
|
7259
7118
|
/*
|
|
@@ -7266,33 +7125,33 @@
|
|
|
7266
7125
|
}
|
|
7267
7126
|
else {
|
|
7268
7127
|
// Validate and include redirect uri
|
|
7269
|
-
|
|
7128
|
+
addRedirectUri(parameters, request.redirectUri);
|
|
7270
7129
|
}
|
|
7271
7130
|
// Add scope array, parameter builder will add default scopes and dedupe
|
|
7272
|
-
|
|
7131
|
+
addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
|
|
7273
7132
|
// add code: user set, not validated
|
|
7274
|
-
|
|
7133
|
+
addAuthorizationCode(parameters, request.code);
|
|
7275
7134
|
// Add library metadata
|
|
7276
|
-
|
|
7277
|
-
|
|
7278
|
-
|
|
7135
|
+
addLibraryInfo(parameters, this.config.libraryInfo);
|
|
7136
|
+
addApplicationTelemetry(parameters, this.config.telemetry.application);
|
|
7137
|
+
addThrottling(parameters);
|
|
7279
7138
|
if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {
|
|
7280
|
-
|
|
7139
|
+
addServerTelemetry(parameters, this.serverTelemetryManager);
|
|
7281
7140
|
}
|
|
7282
7141
|
// add code_verifier if passed
|
|
7283
7142
|
if (request.codeVerifier) {
|
|
7284
|
-
|
|
7143
|
+
addCodeVerifier(parameters, request.codeVerifier);
|
|
7285
7144
|
}
|
|
7286
7145
|
if (this.config.clientCredentials.clientSecret) {
|
|
7287
|
-
|
|
7146
|
+
addClientSecret(parameters, this.config.clientCredentials.clientSecret);
|
|
7288
7147
|
}
|
|
7289
7148
|
if (this.config.clientCredentials.clientAssertion) {
|
|
7290
7149
|
const clientAssertion = this.config.clientCredentials.clientAssertion;
|
|
7291
|
-
|
|
7292
|
-
|
|
7150
|
+
addClientAssertion(parameters, await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri));
|
|
7151
|
+
addClientAssertionType(parameters, clientAssertion.assertionType);
|
|
7293
7152
|
}
|
|
7294
|
-
|
|
7295
|
-
|
|
7153
|
+
addGrantType(parameters, GrantType.AUTHORIZATION_CODE_GRANT);
|
|
7154
|
+
addClientInfo(parameters);
|
|
7296
7155
|
if (request.authenticationScheme === AuthenticationScheme.POP) {
|
|
7297
7156
|
const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient);
|
|
7298
7157
|
let reqCnfData;
|
|
@@ -7304,11 +7163,11 @@
|
|
|
7304
7163
|
reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
|
|
7305
7164
|
}
|
|
7306
7165
|
// SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
|
|
7307
|
-
|
|
7166
|
+
addPopToken(parameters, reqCnfData);
|
|
7308
7167
|
}
|
|
7309
7168
|
else if (request.authenticationScheme === AuthenticationScheme.SSH) {
|
|
7310
7169
|
if (request.sshJwk) {
|
|
7311
|
-
|
|
7170
|
+
addSshJwk(parameters, request.sshJwk);
|
|
7312
7171
|
}
|
|
7313
7172
|
else {
|
|
7314
7173
|
throw createClientConfigurationError(missingSshJwk);
|
|
@@ -7317,7 +7176,7 @@
|
|
|
7317
7176
|
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
7318
7177
|
(this.config.authOptions.clientCapabilities &&
|
|
7319
7178
|
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
7320
|
-
|
|
7179
|
+
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
7321
7180
|
}
|
|
7322
7181
|
let ccsCred = undefined;
|
|
7323
7182
|
if (request.clientInfo) {
|
|
@@ -7341,7 +7200,7 @@
|
|
|
7341
7200
|
case CcsCredentialType.HOME_ACCOUNT_ID:
|
|
7342
7201
|
try {
|
|
7343
7202
|
const clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential);
|
|
7344
|
-
|
|
7203
|
+
addCcsOid(parameters, clientInfo);
|
|
7345
7204
|
}
|
|
7346
7205
|
catch (e) {
|
|
7347
7206
|
this.logger.verbose("Could not parse home account ID for CCS Header: " +
|
|
@@ -7349,234 +7208,59 @@
|
|
|
7349
7208
|
}
|
|
7350
7209
|
break;
|
|
7351
7210
|
case CcsCredentialType.UPN:
|
|
7352
|
-
|
|
7211
|
+
addCcsUpn(parameters, ccsCred.credential);
|
|
7353
7212
|
break;
|
|
7354
7213
|
}
|
|
7355
7214
|
}
|
|
7356
7215
|
if (request.embeddedClientId) {
|
|
7357
|
-
|
|
7358
|
-
brokerClientId: this.config.authOptions.clientId,
|
|
7359
|
-
brokerRedirectUri: this.config.authOptions.redirectUri,
|
|
7360
|
-
});
|
|
7216
|
+
addBrokerParameters(parameters, this.config.authOptions.clientId, this.config.authOptions.redirectUri);
|
|
7361
7217
|
}
|
|
7362
7218
|
if (request.tokenBodyParameters) {
|
|
7363
|
-
|
|
7219
|
+
addExtraQueryParameters(parameters, request.tokenBodyParameters);
|
|
7364
7220
|
}
|
|
7365
7221
|
// Add hybrid spa parameters if not already provided
|
|
7366
7222
|
if (request.enableSpaAuthorizationCode &&
|
|
7367
7223
|
(!request.tokenBodyParameters ||
|
|
7368
7224
|
!request.tokenBodyParameters[RETURN_SPA_CODE])) {
|
|
7369
|
-
|
|
7225
|
+
addExtraQueryParameters(parameters, {
|
|
7370
7226
|
[RETURN_SPA_CODE]: "1",
|
|
7371
7227
|
});
|
|
7372
7228
|
}
|
|
7373
|
-
|
|
7374
|
-
|
|
7375
|
-
/**
|
|
7376
|
-
* This API validates the `AuthorizationCodeUrlRequest` and creates a URL
|
|
7377
|
-
* @param request
|
|
7378
|
-
*/
|
|
7379
|
-
async createAuthCodeUrlQueryString(request) {
|
|
7380
|
-
// generate the correlationId if not set by the user and add
|
|
7381
|
-
const correlationId = request.correlationId ||
|
|
7382
|
-
this.config.cryptoInterface.createNewGuid();
|
|
7383
|
-
this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, correlationId);
|
|
7384
|
-
const parameterBuilder = new RequestParameterBuilder(correlationId, this.performanceClient);
|
|
7385
|
-
parameterBuilder.addClientId(request.embeddedClientId ||
|
|
7386
|
-
request.extraQueryParameters?.[CLIENT_ID] ||
|
|
7387
|
-
this.config.authOptions.clientId);
|
|
7388
|
-
const requestScopes = [
|
|
7389
|
-
...(request.scopes || []),
|
|
7390
|
-
...(request.extraScopesToConsent || []),
|
|
7391
|
-
];
|
|
7392
|
-
parameterBuilder.addScopes(requestScopes, true, this.oidcDefaultScopes);
|
|
7393
|
-
// validate the redirectUri (to be a non null value)
|
|
7394
|
-
parameterBuilder.addRedirectUri(request.redirectUri);
|
|
7395
|
-
parameterBuilder.addCorrelationId(correlationId);
|
|
7396
|
-
// add response_mode. If not passed in it defaults to query.
|
|
7397
|
-
parameterBuilder.addResponseMode(request.responseMode);
|
|
7398
|
-
// add response_type = code
|
|
7399
|
-
parameterBuilder.addResponseTypeCode();
|
|
7400
|
-
// add library info parameters
|
|
7401
|
-
parameterBuilder.addLibraryInfo(this.config.libraryInfo);
|
|
7402
|
-
if (!isOidcProtocolMode(this.config)) {
|
|
7403
|
-
parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);
|
|
7404
|
-
}
|
|
7405
|
-
// add client_info=1
|
|
7406
|
-
parameterBuilder.addClientInfo();
|
|
7407
|
-
if (request.codeChallenge && request.codeChallengeMethod) {
|
|
7408
|
-
parameterBuilder.addCodeChallengeParams(request.codeChallenge, request.codeChallengeMethod);
|
|
7409
|
-
}
|
|
7410
|
-
if (request.prompt) {
|
|
7411
|
-
parameterBuilder.addPrompt(request.prompt);
|
|
7412
|
-
}
|
|
7413
|
-
if (request.domainHint) {
|
|
7414
|
-
parameterBuilder.addDomainHint(request.domainHint);
|
|
7415
|
-
this.performanceClient?.addFields({ domainHintFromRequest: true }, correlationId);
|
|
7416
|
-
}
|
|
7417
|
-
this.performanceClient?.addFields({ prompt: request.prompt }, correlationId);
|
|
7418
|
-
// Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object
|
|
7419
|
-
if (request.prompt !== PromptValue.SELECT_ACCOUNT) {
|
|
7420
|
-
// AAD will throw if prompt=select_account is passed with an account hint
|
|
7421
|
-
if (request.sid && request.prompt === PromptValue.NONE) {
|
|
7422
|
-
// SessionID is only used in silent calls
|
|
7423
|
-
this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request");
|
|
7424
|
-
parameterBuilder.addSid(request.sid);
|
|
7425
|
-
this.performanceClient?.addFields({ sidFromRequest: true }, correlationId);
|
|
7426
|
-
}
|
|
7427
|
-
else if (request.account) {
|
|
7428
|
-
const accountSid = this.extractAccountSid(request.account);
|
|
7429
|
-
let accountLoginHintClaim = this.extractLoginHint(request.account);
|
|
7430
|
-
if (accountLoginHintClaim && request.domainHint) {
|
|
7431
|
-
this.logger.warning(`AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint`);
|
|
7432
|
-
accountLoginHintClaim = null;
|
|
7433
|
-
}
|
|
7434
|
-
// If login_hint claim is present, use it over sid/username
|
|
7435
|
-
if (accountLoginHintClaim) {
|
|
7436
|
-
this.logger.verbose("createAuthCodeUrlQueryString: login_hint claim present on account");
|
|
7437
|
-
parameterBuilder.addLoginHint(accountLoginHintClaim);
|
|
7438
|
-
this.performanceClient?.addFields({ loginHintFromClaim: true }, correlationId);
|
|
7439
|
-
try {
|
|
7440
|
-
const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
|
|
7441
|
-
parameterBuilder.addCcsOid(clientInfo);
|
|
7442
|
-
}
|
|
7443
|
-
catch (e) {
|
|
7444
|
-
this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
|
|
7445
|
-
}
|
|
7446
|
-
}
|
|
7447
|
-
else if (accountSid && request.prompt === PromptValue.NONE) {
|
|
7448
|
-
/*
|
|
7449
|
-
* If account and loginHint are provided, we will check account first for sid before adding loginHint
|
|
7450
|
-
* SessionId is only used in silent calls
|
|
7451
|
-
*/
|
|
7452
|
-
this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account");
|
|
7453
|
-
parameterBuilder.addSid(accountSid);
|
|
7454
|
-
this.performanceClient?.addFields({ sidFromClaim: true }, correlationId);
|
|
7455
|
-
try {
|
|
7456
|
-
const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
|
|
7457
|
-
parameterBuilder.addCcsOid(clientInfo);
|
|
7458
|
-
}
|
|
7459
|
-
catch (e) {
|
|
7460
|
-
this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
|
|
7461
|
-
}
|
|
7462
|
-
}
|
|
7463
|
-
else if (request.loginHint) {
|
|
7464
|
-
this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from request");
|
|
7465
|
-
parameterBuilder.addLoginHint(request.loginHint);
|
|
7466
|
-
parameterBuilder.addCcsUpn(request.loginHint);
|
|
7467
|
-
this.performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
|
|
7468
|
-
}
|
|
7469
|
-
else if (request.account.username) {
|
|
7470
|
-
// Fallback to account username if provided
|
|
7471
|
-
this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from account");
|
|
7472
|
-
parameterBuilder.addLoginHint(request.account.username);
|
|
7473
|
-
this.performanceClient?.addFields({ loginHintFromUpn: true }, correlationId);
|
|
7474
|
-
try {
|
|
7475
|
-
const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
|
|
7476
|
-
parameterBuilder.addCcsOid(clientInfo);
|
|
7477
|
-
}
|
|
7478
|
-
catch (e) {
|
|
7479
|
-
this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
|
|
7480
|
-
}
|
|
7481
|
-
}
|
|
7482
|
-
}
|
|
7483
|
-
else if (request.loginHint) {
|
|
7484
|
-
this.logger.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request");
|
|
7485
|
-
parameterBuilder.addLoginHint(request.loginHint);
|
|
7486
|
-
parameterBuilder.addCcsUpn(request.loginHint);
|
|
7487
|
-
this.performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
|
|
7488
|
-
}
|
|
7489
|
-
}
|
|
7490
|
-
else {
|
|
7491
|
-
this.logger.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");
|
|
7492
|
-
}
|
|
7493
|
-
if (request.nonce) {
|
|
7494
|
-
parameterBuilder.addNonce(request.nonce);
|
|
7495
|
-
}
|
|
7496
|
-
if (request.state) {
|
|
7497
|
-
parameterBuilder.addState(request.state);
|
|
7498
|
-
}
|
|
7499
|
-
if (request.claims ||
|
|
7500
|
-
(this.config.authOptions.clientCapabilities &&
|
|
7501
|
-
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
7502
|
-
parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);
|
|
7503
|
-
}
|
|
7504
|
-
if (request.embeddedClientId) {
|
|
7505
|
-
parameterBuilder.addBrokerParameters({
|
|
7506
|
-
brokerClientId: this.config.authOptions.clientId,
|
|
7507
|
-
brokerRedirectUri: this.config.authOptions.redirectUri,
|
|
7508
|
-
});
|
|
7509
|
-
}
|
|
7510
|
-
this.addExtraQueryParams(request, parameterBuilder);
|
|
7511
|
-
if (request.platformBroker) {
|
|
7512
|
-
// signal ests that this is a WAM call
|
|
7513
|
-
parameterBuilder.addNativeBroker();
|
|
7514
|
-
// pass the req_cnf for POP
|
|
7515
|
-
if (request.authenticationScheme === AuthenticationScheme.POP) {
|
|
7516
|
-
const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils);
|
|
7517
|
-
// req_cnf is always sent as a string for SPAs
|
|
7518
|
-
let reqCnfData;
|
|
7519
|
-
if (!request.popKid) {
|
|
7520
|
-
const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger);
|
|
7521
|
-
reqCnfData = generatedReqCnfData.reqCnfString;
|
|
7522
|
-
}
|
|
7523
|
-
else {
|
|
7524
|
-
reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
|
|
7525
|
-
}
|
|
7526
|
-
parameterBuilder.addPopToken(reqCnfData);
|
|
7527
|
-
}
|
|
7528
|
-
}
|
|
7529
|
-
return parameterBuilder.createQueryString();
|
|
7229
|
+
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
7230
|
+
return mapToQueryString(parameters);
|
|
7530
7231
|
}
|
|
7531
7232
|
/**
|
|
7532
7233
|
* This API validates the `EndSessionRequest` and creates a URL
|
|
7533
7234
|
* @param request
|
|
7534
7235
|
*/
|
|
7535
7236
|
createLogoutUrlQueryString(request) {
|
|
7536
|
-
const
|
|
7237
|
+
const parameters = new Map();
|
|
7537
7238
|
if (request.postLogoutRedirectUri) {
|
|
7538
|
-
|
|
7239
|
+
addPostLogoutRedirectUri(parameters, request.postLogoutRedirectUri);
|
|
7539
7240
|
}
|
|
7540
7241
|
if (request.correlationId) {
|
|
7541
|
-
|
|
7242
|
+
addCorrelationId(parameters, request.correlationId);
|
|
7542
7243
|
}
|
|
7543
7244
|
if (request.idTokenHint) {
|
|
7544
|
-
|
|
7245
|
+
addIdTokenHint(parameters, request.idTokenHint);
|
|
7545
7246
|
}
|
|
7546
7247
|
if (request.state) {
|
|
7547
|
-
|
|
7248
|
+
addState(parameters, request.state);
|
|
7548
7249
|
}
|
|
7549
7250
|
if (request.logoutHint) {
|
|
7550
|
-
|
|
7551
|
-
}
|
|
7552
|
-
this.addExtraQueryParams(request, parameterBuilder);
|
|
7553
|
-
return parameterBuilder.createQueryString();
|
|
7554
|
-
}
|
|
7555
|
-
addExtraQueryParams(request, parameterBuilder) {
|
|
7556
|
-
const hasRequestInstanceAware = request.extraQueryParameters &&
|
|
7557
|
-
request.extraQueryParameters.hasOwnProperty("instance_aware");
|
|
7558
|
-
// Set instance_aware flag if config auth param is set
|
|
7559
|
-
if (!hasRequestInstanceAware && this.config.authOptions.instanceAware) {
|
|
7560
|
-
request.extraQueryParameters = request.extraQueryParameters || {};
|
|
7561
|
-
request.extraQueryParameters["instance_aware"] = "true";
|
|
7251
|
+
addLogoutHint(parameters, request.logoutHint);
|
|
7562
7252
|
}
|
|
7563
7253
|
if (request.extraQueryParameters) {
|
|
7564
|
-
|
|
7254
|
+
addExtraQueryParameters(parameters, request.extraQueryParameters);
|
|
7565
7255
|
}
|
|
7566
|
-
|
|
7567
|
-
|
|
7568
|
-
|
|
7569
|
-
|
|
7570
|
-
*/
|
|
7571
|
-
extractAccountSid(account) {
|
|
7572
|
-
return account.idTokenClaims?.sid || null;
|
|
7573
|
-
}
|
|
7574
|
-
extractLoginHint(account) {
|
|
7575
|
-
return account.idTokenClaims?.login_hint || null;
|
|
7256
|
+
if (this.config.authOptions.instanceAware) {
|
|
7257
|
+
addInstanceAware(parameters);
|
|
7258
|
+
}
|
|
7259
|
+
return mapToQueryString(parameters);
|
|
7576
7260
|
}
|
|
7577
7261
|
}
|
|
7578
7262
|
|
|
7579
|
-
/*! @azure/msal-common v15.
|
|
7263
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
7580
7264
|
|
|
7581
7265
|
/*
|
|
7582
7266
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7705,31 +7389,30 @@
|
|
|
7705
7389
|
*/
|
|
7706
7390
|
async createTokenRequestBody(request) {
|
|
7707
7391
|
this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, request.correlationId);
|
|
7708
|
-
const
|
|
7709
|
-
|
|
7710
|
-
parameterBuilder.addClientId(request.embeddedClientId ||
|
|
7392
|
+
const parameters = new Map();
|
|
7393
|
+
addClientId(parameters, request.embeddedClientId ||
|
|
7711
7394
|
request.tokenBodyParameters?.[CLIENT_ID] ||
|
|
7712
7395
|
this.config.authOptions.clientId);
|
|
7713
7396
|
if (request.redirectUri) {
|
|
7714
|
-
|
|
7715
|
-
}
|
|
7716
|
-
|
|
7717
|
-
|
|
7718
|
-
|
|
7719
|
-
|
|
7720
|
-
|
|
7721
|
-
|
|
7397
|
+
addRedirectUri(parameters, request.redirectUri);
|
|
7398
|
+
}
|
|
7399
|
+
addScopes(parameters, request.scopes, true, this.config.authOptions.authority.options.OIDCOptions?.defaultScopes);
|
|
7400
|
+
addGrantType(parameters, GrantType.REFRESH_TOKEN_GRANT);
|
|
7401
|
+
addClientInfo(parameters);
|
|
7402
|
+
addLibraryInfo(parameters, this.config.libraryInfo);
|
|
7403
|
+
addApplicationTelemetry(parameters, this.config.telemetry.application);
|
|
7404
|
+
addThrottling(parameters);
|
|
7722
7405
|
if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {
|
|
7723
|
-
|
|
7406
|
+
addServerTelemetry(parameters, this.serverTelemetryManager);
|
|
7724
7407
|
}
|
|
7725
|
-
|
|
7408
|
+
addRefreshToken(parameters, request.refreshToken);
|
|
7726
7409
|
if (this.config.clientCredentials.clientSecret) {
|
|
7727
|
-
|
|
7410
|
+
addClientSecret(parameters, this.config.clientCredentials.clientSecret);
|
|
7728
7411
|
}
|
|
7729
7412
|
if (this.config.clientCredentials.clientAssertion) {
|
|
7730
7413
|
const clientAssertion = this.config.clientCredentials.clientAssertion;
|
|
7731
|
-
|
|
7732
|
-
|
|
7414
|
+
addClientAssertion(parameters, await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri));
|
|
7415
|
+
addClientAssertionType(parameters, clientAssertion.assertionType);
|
|
7733
7416
|
}
|
|
7734
7417
|
if (request.authenticationScheme === AuthenticationScheme.POP) {
|
|
7735
7418
|
const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient);
|
|
@@ -7742,11 +7425,11 @@
|
|
|
7742
7425
|
reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
|
|
7743
7426
|
}
|
|
7744
7427
|
// SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
|
|
7745
|
-
|
|
7428
|
+
addPopToken(parameters, reqCnfData);
|
|
7746
7429
|
}
|
|
7747
7430
|
else if (request.authenticationScheme === AuthenticationScheme.SSH) {
|
|
7748
7431
|
if (request.sshJwk) {
|
|
7749
|
-
|
|
7432
|
+
addSshJwk(parameters, request.sshJwk);
|
|
7750
7433
|
}
|
|
7751
7434
|
else {
|
|
7752
7435
|
throw createClientConfigurationError(missingSshJwk);
|
|
@@ -7755,7 +7438,7 @@
|
|
|
7755
7438
|
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
7756
7439
|
(this.config.authOptions.clientCapabilities &&
|
|
7757
7440
|
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
7758
|
-
|
|
7441
|
+
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
7759
7442
|
}
|
|
7760
7443
|
if (this.config.systemOptions.preventCorsPreflight &&
|
|
7761
7444
|
request.ccsCredential) {
|
|
@@ -7763,7 +7446,7 @@
|
|
|
7763
7446
|
case CcsCredentialType.HOME_ACCOUNT_ID:
|
|
7764
7447
|
try {
|
|
7765
7448
|
const clientInfo = buildClientInfoFromHomeAccountId(request.ccsCredential.credential);
|
|
7766
|
-
|
|
7449
|
+
addCcsOid(parameters, clientInfo);
|
|
7767
7450
|
}
|
|
7768
7451
|
catch (e) {
|
|
7769
7452
|
this.logger.verbose("Could not parse home account ID for CCS Header: " +
|
|
@@ -7771,24 +7454,22 @@
|
|
|
7771
7454
|
}
|
|
7772
7455
|
break;
|
|
7773
7456
|
case CcsCredentialType.UPN:
|
|
7774
|
-
|
|
7457
|
+
addCcsUpn(parameters, request.ccsCredential.credential);
|
|
7775
7458
|
break;
|
|
7776
7459
|
}
|
|
7777
7460
|
}
|
|
7778
7461
|
if (request.embeddedClientId) {
|
|
7779
|
-
|
|
7780
|
-
brokerClientId: this.config.authOptions.clientId,
|
|
7781
|
-
brokerRedirectUri: this.config.authOptions.redirectUri,
|
|
7782
|
-
});
|
|
7462
|
+
addBrokerParameters(parameters, this.config.authOptions.clientId, this.config.authOptions.redirectUri);
|
|
7783
7463
|
}
|
|
7784
7464
|
if (request.tokenBodyParameters) {
|
|
7785
|
-
|
|
7465
|
+
addExtraQueryParameters(parameters, request.tokenBodyParameters);
|
|
7786
7466
|
}
|
|
7787
|
-
|
|
7467
|
+
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
7468
|
+
return mapToQueryString(parameters);
|
|
7788
7469
|
}
|
|
7789
7470
|
}
|
|
7790
7471
|
|
|
7791
|
-
/*! @azure/msal-common v15.
|
|
7472
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
7792
7473
|
|
|
7793
7474
|
/*
|
|
7794
7475
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7863,45 +7544,269 @@
|
|
|
7863
7544
|
if (cacheOutcome !== CacheOutcome.NOT_APPLICABLE) {
|
|
7864
7545
|
this.logger.info(`Token refresh is required due to cache outcome: ${cacheOutcome}`);
|
|
7865
7546
|
}
|
|
7866
|
-
}
|
|
7867
|
-
/**
|
|
7868
|
-
* Helper function to build response object from the CacheRecord
|
|
7869
|
-
* @param cacheRecord
|
|
7870
|
-
*/
|
|
7871
|
-
async generateResultFromCacheRecord(cacheRecord, request) {
|
|
7872
|
-
this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, request.correlationId);
|
|
7873
|
-
let idTokenClaims;
|
|
7874
|
-
if (cacheRecord.idToken) {
|
|
7875
|
-
idTokenClaims = extractTokenClaims(cacheRecord.idToken.secret, this.config.cryptoInterface.base64Decode);
|
|
7547
|
+
}
|
|
7548
|
+
/**
|
|
7549
|
+
* Helper function to build response object from the CacheRecord
|
|
7550
|
+
* @param cacheRecord
|
|
7551
|
+
*/
|
|
7552
|
+
async generateResultFromCacheRecord(cacheRecord, request) {
|
|
7553
|
+
this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, request.correlationId);
|
|
7554
|
+
let idTokenClaims;
|
|
7555
|
+
if (cacheRecord.idToken) {
|
|
7556
|
+
idTokenClaims = extractTokenClaims(cacheRecord.idToken.secret, this.config.cryptoInterface.base64Decode);
|
|
7557
|
+
}
|
|
7558
|
+
// token max_age check
|
|
7559
|
+
if (request.maxAge || request.maxAge === 0) {
|
|
7560
|
+
const authTime = idTokenClaims?.auth_time;
|
|
7561
|
+
if (!authTime) {
|
|
7562
|
+
throw createClientAuthError(authTimeNotFound);
|
|
7563
|
+
}
|
|
7564
|
+
checkMaxAge(authTime, request.maxAge);
|
|
7565
|
+
}
|
|
7566
|
+
return ResponseHandler.generateAuthenticationResult(this.cryptoUtils, this.authority, cacheRecord, true, request, idTokenClaims);
|
|
7567
|
+
}
|
|
7568
|
+
}
|
|
7569
|
+
|
|
7570
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
7571
|
+
|
|
7572
|
+
/*
|
|
7573
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7574
|
+
* Licensed under the MIT License.
|
|
7575
|
+
*/
|
|
7576
|
+
const StubbedNetworkModule = {
|
|
7577
|
+
sendGetRequestAsync: () => {
|
|
7578
|
+
return Promise.reject(createClientAuthError(methodNotImplemented));
|
|
7579
|
+
},
|
|
7580
|
+
sendPostRequestAsync: () => {
|
|
7581
|
+
return Promise.reject(createClientAuthError(methodNotImplemented));
|
|
7582
|
+
},
|
|
7583
|
+
};
|
|
7584
|
+
|
|
7585
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
7586
|
+
|
|
7587
|
+
/*
|
|
7588
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7589
|
+
* Licensed under the MIT License.
|
|
7590
|
+
*/
|
|
7591
|
+
/**
|
|
7592
|
+
* Returns map of parameters that are applicable to all calls to /authorize whether using PKCE or EAR
|
|
7593
|
+
* @param config
|
|
7594
|
+
* @param request
|
|
7595
|
+
* @param logger
|
|
7596
|
+
* @param performanceClient
|
|
7597
|
+
* @returns
|
|
7598
|
+
*/
|
|
7599
|
+
function getStandardAuthorizeRequestParameters(authOptions, request, logger, performanceClient) {
|
|
7600
|
+
// generate the correlationId if not set by the user and add
|
|
7601
|
+
const correlationId = request.correlationId;
|
|
7602
|
+
const parameters = new Map();
|
|
7603
|
+
addClientId(parameters, request.embeddedClientId ||
|
|
7604
|
+
request.extraQueryParameters?.[CLIENT_ID] ||
|
|
7605
|
+
authOptions.clientId);
|
|
7606
|
+
const requestScopes = [
|
|
7607
|
+
...(request.scopes || []),
|
|
7608
|
+
...(request.extraScopesToConsent || []),
|
|
7609
|
+
];
|
|
7610
|
+
addScopes(parameters, requestScopes, true, authOptions.authority.options.OIDCOptions?.defaultScopes);
|
|
7611
|
+
addRedirectUri(parameters, request.redirectUri);
|
|
7612
|
+
addCorrelationId(parameters, correlationId);
|
|
7613
|
+
// add response_mode. If not passed in it defaults to query.
|
|
7614
|
+
addResponseMode(parameters, request.responseMode);
|
|
7615
|
+
// add client_info=1
|
|
7616
|
+
addClientInfo(parameters);
|
|
7617
|
+
if (request.prompt) {
|
|
7618
|
+
addPrompt(parameters, request.prompt);
|
|
7619
|
+
performanceClient?.addFields({ prompt: request.prompt }, correlationId);
|
|
7620
|
+
}
|
|
7621
|
+
if (request.domainHint) {
|
|
7622
|
+
addDomainHint(parameters, request.domainHint);
|
|
7623
|
+
performanceClient?.addFields({ domainHintFromRequest: true }, correlationId);
|
|
7624
|
+
}
|
|
7625
|
+
// Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object
|
|
7626
|
+
if (request.prompt !== PromptValue.SELECT_ACCOUNT) {
|
|
7627
|
+
// AAD will throw if prompt=select_account is passed with an account hint
|
|
7628
|
+
if (request.sid && request.prompt === PromptValue.NONE) {
|
|
7629
|
+
// SessionID is only used in silent calls
|
|
7630
|
+
logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request");
|
|
7631
|
+
addSid(parameters, request.sid);
|
|
7632
|
+
performanceClient?.addFields({ sidFromRequest: true }, correlationId);
|
|
7633
|
+
}
|
|
7634
|
+
else if (request.account) {
|
|
7635
|
+
const accountSid = extractAccountSid(request.account);
|
|
7636
|
+
let accountLoginHintClaim = extractLoginHint(request.account);
|
|
7637
|
+
if (accountLoginHintClaim && request.domainHint) {
|
|
7638
|
+
logger.warning(`AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint`);
|
|
7639
|
+
accountLoginHintClaim = null;
|
|
7640
|
+
}
|
|
7641
|
+
// If login_hint claim is present, use it over sid/username
|
|
7642
|
+
if (accountLoginHintClaim) {
|
|
7643
|
+
logger.verbose("createAuthCodeUrlQueryString: login_hint claim present on account");
|
|
7644
|
+
addLoginHint(parameters, accountLoginHintClaim);
|
|
7645
|
+
performanceClient?.addFields({ loginHintFromClaim: true }, correlationId);
|
|
7646
|
+
try {
|
|
7647
|
+
const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
|
|
7648
|
+
addCcsOid(parameters, clientInfo);
|
|
7649
|
+
}
|
|
7650
|
+
catch (e) {
|
|
7651
|
+
logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
|
|
7652
|
+
}
|
|
7653
|
+
}
|
|
7654
|
+
else if (accountSid && request.prompt === PromptValue.NONE) {
|
|
7655
|
+
/*
|
|
7656
|
+
* If account and loginHint are provided, we will check account first for sid before adding loginHint
|
|
7657
|
+
* SessionId is only used in silent calls
|
|
7658
|
+
*/
|
|
7659
|
+
logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account");
|
|
7660
|
+
addSid(parameters, accountSid);
|
|
7661
|
+
performanceClient?.addFields({ sidFromClaim: true }, correlationId);
|
|
7662
|
+
try {
|
|
7663
|
+
const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
|
|
7664
|
+
addCcsOid(parameters, clientInfo);
|
|
7665
|
+
}
|
|
7666
|
+
catch (e) {
|
|
7667
|
+
logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
|
|
7668
|
+
}
|
|
7669
|
+
}
|
|
7670
|
+
else if (request.loginHint) {
|
|
7671
|
+
logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from request");
|
|
7672
|
+
addLoginHint(parameters, request.loginHint);
|
|
7673
|
+
addCcsUpn(parameters, request.loginHint);
|
|
7674
|
+
performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
|
|
7675
|
+
}
|
|
7676
|
+
else if (request.account.username) {
|
|
7677
|
+
// Fallback to account username if provided
|
|
7678
|
+
logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from account");
|
|
7679
|
+
addLoginHint(parameters, request.account.username);
|
|
7680
|
+
performanceClient?.addFields({ loginHintFromUpn: true }, correlationId);
|
|
7681
|
+
try {
|
|
7682
|
+
const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
|
|
7683
|
+
addCcsOid(parameters, clientInfo);
|
|
7684
|
+
}
|
|
7685
|
+
catch (e) {
|
|
7686
|
+
logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
|
|
7687
|
+
}
|
|
7688
|
+
}
|
|
7689
|
+
}
|
|
7690
|
+
else if (request.loginHint) {
|
|
7691
|
+
logger.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request");
|
|
7692
|
+
addLoginHint(parameters, request.loginHint);
|
|
7693
|
+
addCcsUpn(parameters, request.loginHint);
|
|
7694
|
+
performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
|
|
7876
7695
|
}
|
|
7877
|
-
|
|
7878
|
-
|
|
7879
|
-
|
|
7880
|
-
|
|
7881
|
-
|
|
7882
|
-
|
|
7883
|
-
|
|
7696
|
+
}
|
|
7697
|
+
else {
|
|
7698
|
+
logger.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");
|
|
7699
|
+
}
|
|
7700
|
+
if (request.nonce) {
|
|
7701
|
+
addNonce(parameters, request.nonce);
|
|
7702
|
+
}
|
|
7703
|
+
if (request.state) {
|
|
7704
|
+
addState(parameters, request.state);
|
|
7705
|
+
}
|
|
7706
|
+
if (request.claims ||
|
|
7707
|
+
(authOptions.clientCapabilities &&
|
|
7708
|
+
authOptions.clientCapabilities.length > 0)) {
|
|
7709
|
+
addClaims(parameters, request.claims, authOptions.clientCapabilities);
|
|
7710
|
+
}
|
|
7711
|
+
if (request.embeddedClientId) {
|
|
7712
|
+
addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
|
|
7713
|
+
}
|
|
7714
|
+
if (request.extraQueryParameters) {
|
|
7715
|
+
addExtraQueryParameters(parameters, request.extraQueryParameters);
|
|
7716
|
+
}
|
|
7717
|
+
if (authOptions.instanceAware) {
|
|
7718
|
+
addInstanceAware(parameters);
|
|
7719
|
+
}
|
|
7720
|
+
return parameters;
|
|
7721
|
+
}
|
|
7722
|
+
/**
|
|
7723
|
+
* Returns authorize endpoint with given request parameters in the query string
|
|
7724
|
+
* @param authority
|
|
7725
|
+
* @param requestParameters
|
|
7726
|
+
* @returns
|
|
7727
|
+
*/
|
|
7728
|
+
function getAuthorizeUrl(authority, requestParameters) {
|
|
7729
|
+
const queryString = mapToQueryString(requestParameters);
|
|
7730
|
+
return UrlString.appendQueryString(authority.authorizationEndpoint, queryString);
|
|
7731
|
+
}
|
|
7732
|
+
/**
|
|
7733
|
+
* Handles the hash fragment response from public client code request. Returns a code response used by
|
|
7734
|
+
* the client to exchange for a token in acquireToken.
|
|
7735
|
+
* @param serverParams
|
|
7736
|
+
* @param cachedState
|
|
7737
|
+
*/
|
|
7738
|
+
function getAuthorizationCodePayload(serverParams, cachedState) {
|
|
7739
|
+
// Get code response
|
|
7740
|
+
validateAuthorizationResponse(serverParams, cachedState);
|
|
7741
|
+
// throw when there is no auth code in the response
|
|
7742
|
+
if (!serverParams.code) {
|
|
7743
|
+
throw createClientAuthError(authorizationCodeMissingFromServerResponse);
|
|
7744
|
+
}
|
|
7745
|
+
return serverParams;
|
|
7746
|
+
}
|
|
7747
|
+
/**
|
|
7748
|
+
* Function which validates server authorization code response.
|
|
7749
|
+
* @param serverResponseHash
|
|
7750
|
+
* @param requestState
|
|
7751
|
+
*/
|
|
7752
|
+
function validateAuthorizationResponse(serverResponse, requestState) {
|
|
7753
|
+
if (!serverResponse.state || !requestState) {
|
|
7754
|
+
throw serverResponse.state
|
|
7755
|
+
? createClientAuthError(stateNotFound, "Cached State")
|
|
7756
|
+
: createClientAuthError(stateNotFound, "Server State");
|
|
7757
|
+
}
|
|
7758
|
+
let decodedServerResponseState;
|
|
7759
|
+
let decodedRequestState;
|
|
7760
|
+
try {
|
|
7761
|
+
decodedServerResponseState = decodeURIComponent(serverResponse.state);
|
|
7762
|
+
}
|
|
7763
|
+
catch (e) {
|
|
7764
|
+
throw createClientAuthError(invalidState, serverResponse.state);
|
|
7765
|
+
}
|
|
7766
|
+
try {
|
|
7767
|
+
decodedRequestState = decodeURIComponent(requestState);
|
|
7768
|
+
}
|
|
7769
|
+
catch (e) {
|
|
7770
|
+
throw createClientAuthError(invalidState, serverResponse.state);
|
|
7771
|
+
}
|
|
7772
|
+
if (decodedServerResponseState !== decodedRequestState) {
|
|
7773
|
+
throw createClientAuthError(stateMismatch);
|
|
7774
|
+
}
|
|
7775
|
+
// Check for error
|
|
7776
|
+
if (serverResponse.error ||
|
|
7777
|
+
serverResponse.error_description ||
|
|
7778
|
+
serverResponse.suberror) {
|
|
7779
|
+
const serverErrorNo = parseServerErrorNo(serverResponse);
|
|
7780
|
+
if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) {
|
|
7781
|
+
throw new InteractionRequiredAuthError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || "", serverResponse.trace_id || "", serverResponse.correlation_id || "", serverResponse.claims || "", serverErrorNo);
|
|
7884
7782
|
}
|
|
7885
|
-
|
|
7783
|
+
throw new ServerError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverErrorNo);
|
|
7886
7784
|
}
|
|
7887
|
-
}
|
|
7888
|
-
|
|
7889
|
-
|
|
7890
|
-
|
|
7891
|
-
|
|
7892
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7893
|
-
* Licensed under the MIT License.
|
|
7785
|
+
}
|
|
7786
|
+
/**
|
|
7787
|
+
* Get server error No from the error_uri
|
|
7788
|
+
* @param serverResponse
|
|
7789
|
+
* @returns
|
|
7894
7790
|
*/
|
|
7895
|
-
|
|
7896
|
-
|
|
7897
|
-
|
|
7898
|
-
|
|
7899
|
-
|
|
7900
|
-
|
|
7901
|
-
|
|
7902
|
-
|
|
7791
|
+
function parseServerErrorNo(serverResponse) {
|
|
7792
|
+
const errorCodePrefix = "code=";
|
|
7793
|
+
const errorCodePrefixIndex = serverResponse.error_uri?.lastIndexOf(errorCodePrefix);
|
|
7794
|
+
return errorCodePrefixIndex && errorCodePrefixIndex >= 0
|
|
7795
|
+
? serverResponse.error_uri?.substring(errorCodePrefixIndex + errorCodePrefix.length)
|
|
7796
|
+
: undefined;
|
|
7797
|
+
}
|
|
7798
|
+
/**
|
|
7799
|
+
* Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.
|
|
7800
|
+
* @param account
|
|
7801
|
+
*/
|
|
7802
|
+
function extractAccountSid(account) {
|
|
7803
|
+
return account.idTokenClaims?.sid || null;
|
|
7804
|
+
}
|
|
7805
|
+
function extractLoginHint(account) {
|
|
7806
|
+
return account.idTokenClaims?.login_hint || null;
|
|
7807
|
+
}
|
|
7903
7808
|
|
|
7904
|
-
/*! @azure/msal-common v15.
|
|
7809
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
7905
7810
|
|
|
7906
7811
|
/*
|
|
7907
7812
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7959,7 +7864,7 @@
|
|
|
7959
7864
|
}
|
|
7960
7865
|
}
|
|
7961
7866
|
|
|
7962
|
-
/*! @azure/msal-common v15.
|
|
7867
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
7963
7868
|
|
|
7964
7869
|
/*
|
|
7965
7870
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8222,7 +8127,7 @@
|
|
|
8222
8127
|
}
|
|
8223
8128
|
}
|
|
8224
8129
|
|
|
8225
|
-
/*! @azure/msal-common v15.
|
|
8130
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
8226
8131
|
/*
|
|
8227
8132
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8228
8133
|
* Licensed under the MIT License.
|
|
@@ -8230,7 +8135,7 @@
|
|
|
8230
8135
|
const missingKidError = "missing_kid_error";
|
|
8231
8136
|
const missingAlgError = "missing_alg_error";
|
|
8232
8137
|
|
|
8233
|
-
/*! @azure/msal-common v15.
|
|
8138
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
8234
8139
|
|
|
8235
8140
|
/*
|
|
8236
8141
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8255,7 +8160,7 @@
|
|
|
8255
8160
|
return new JoseHeaderError(code, JoseHeaderErrorMessages[code]);
|
|
8256
8161
|
}
|
|
8257
8162
|
|
|
8258
|
-
/*! @azure/msal-common v15.
|
|
8163
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
8259
8164
|
|
|
8260
8165
|
/*
|
|
8261
8166
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8295,7 +8200,7 @@
|
|
|
8295
8200
|
}
|
|
8296
8201
|
}
|
|
8297
8202
|
|
|
8298
|
-
/*! @azure/msal-common v15.
|
|
8203
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
8299
8204
|
|
|
8300
8205
|
/*
|
|
8301
8206
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -8374,7 +8279,7 @@
|
|
|
8374
8279
|
}
|
|
8375
8280
|
}
|
|
8376
8281
|
|
|
8377
|
-
/*! @azure/msal-common v15.
|
|
8282
|
+
/*! @azure/msal-common v15.3.0 2025-03-20 */
|
|
8378
8283
|
|
|
8379
8284
|
/*
|
|
8380
8285
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -10411,7 +10316,7 @@
|
|
|
10411
10316
|
|
|
10412
10317
|
/* eslint-disable header/header */
|
|
10413
10318
|
const name = "@azure/msal-browser";
|
|
10414
|
-
const version = "4.
|
|
10319
|
+
const version = "4.8.0";
|
|
10415
10320
|
|
|
10416
10321
|
/*
|
|
10417
10322
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -13115,61 +13020,6 @@
|
|
|
13115
13020
|
}
|
|
13116
13021
|
}
|
|
13117
13022
|
|
|
13118
|
-
/*
|
|
13119
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
13120
|
-
* Licensed under the MIT License.
|
|
13121
|
-
*/
|
|
13122
|
-
// Constant byte array length
|
|
13123
|
-
const RANDOM_BYTE_ARR_LENGTH = 32;
|
|
13124
|
-
/**
|
|
13125
|
-
* This file defines APIs to generate PKCE codes and code verifiers.
|
|
13126
|
-
*/
|
|
13127
|
-
/**
|
|
13128
|
-
* Generates PKCE Codes. See the RFC for more information: https://tools.ietf.org/html/rfc7636
|
|
13129
|
-
*/
|
|
13130
|
-
async function generatePkceCodes(performanceClient, logger, correlationId) {
|
|
13131
|
-
performanceClient.addQueueMeasurement(PerformanceEvents.GeneratePkceCodes, correlationId);
|
|
13132
|
-
const codeVerifier = invoke(generateCodeVerifier, PerformanceEvents.GenerateCodeVerifier, logger, performanceClient, correlationId)(performanceClient, logger, correlationId);
|
|
13133
|
-
const codeChallenge = await invokeAsync(generateCodeChallengeFromVerifier, PerformanceEvents.GenerateCodeChallengeFromVerifier, logger, performanceClient, correlationId)(codeVerifier, performanceClient, logger, correlationId);
|
|
13134
|
-
return {
|
|
13135
|
-
verifier: codeVerifier,
|
|
13136
|
-
challenge: codeChallenge,
|
|
13137
|
-
};
|
|
13138
|
-
}
|
|
13139
|
-
/**
|
|
13140
|
-
* Generates a random 32 byte buffer and returns the base64
|
|
13141
|
-
* encoded string to be used as a PKCE Code Verifier
|
|
13142
|
-
*/
|
|
13143
|
-
function generateCodeVerifier(performanceClient, logger, correlationId) {
|
|
13144
|
-
try {
|
|
13145
|
-
// Generate random values as utf-8
|
|
13146
|
-
const buffer = new Uint8Array(RANDOM_BYTE_ARR_LENGTH);
|
|
13147
|
-
invoke(getRandomValues, PerformanceEvents.GetRandomValues, logger, performanceClient, correlationId)(buffer);
|
|
13148
|
-
// encode verifier as base64
|
|
13149
|
-
const pkceCodeVerifierB64 = urlEncodeArr(buffer);
|
|
13150
|
-
return pkceCodeVerifierB64;
|
|
13151
|
-
}
|
|
13152
|
-
catch (e) {
|
|
13153
|
-
throw createBrowserAuthError(pkceNotCreated);
|
|
13154
|
-
}
|
|
13155
|
-
}
|
|
13156
|
-
/**
|
|
13157
|
-
* Creates a base64 encoded PKCE Code Challenge string from the
|
|
13158
|
-
* hash created from the PKCE Code Verifier supplied
|
|
13159
|
-
*/
|
|
13160
|
-
async function generateCodeChallengeFromVerifier(pkceCodeVerifier, performanceClient, logger, correlationId) {
|
|
13161
|
-
performanceClient.addQueueMeasurement(PerformanceEvents.GenerateCodeChallengeFromVerifier, correlationId);
|
|
13162
|
-
try {
|
|
13163
|
-
// hashed verifier
|
|
13164
|
-
const pkceHashedCodeVerifier = await invokeAsync(sha256Digest, PerformanceEvents.Sha256Digest, logger, performanceClient, correlationId)(pkceCodeVerifier, performanceClient, correlationId);
|
|
13165
|
-
// encode hash as base64
|
|
13166
|
-
return urlEncodeArr(new Uint8Array(pkceHashedCodeVerifier));
|
|
13167
|
-
}
|
|
13168
|
-
catch (e) {
|
|
13169
|
-
throw createBrowserAuthError(pkceNotCreated);
|
|
13170
|
-
}
|
|
13171
|
-
}
|
|
13172
|
-
|
|
13173
13023
|
/*
|
|
13174
13024
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
13175
13025
|
* Licensed under the MIT License.
|
|
@@ -13232,25 +13082,6 @@
|
|
|
13232
13082
|
* Defines the class structure and helper functions used by the "standard", non-brokered auth flows (popup, redirect, silent (RT), silent (iframe))
|
|
13233
13083
|
*/
|
|
13234
13084
|
class StandardInteractionClient extends BaseInteractionClient {
|
|
13235
|
-
/**
|
|
13236
|
-
* Generates an auth code request tied to the url request.
|
|
13237
|
-
* @param request
|
|
13238
|
-
* @param pkceCodes
|
|
13239
|
-
*/
|
|
13240
|
-
async initializeAuthorizationCodeRequest(request, pkceCodes) {
|
|
13241
|
-
this.performanceClient.addQueueMeasurement(PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, this.correlationId);
|
|
13242
|
-
const generatedPkceParams = pkceCodes ||
|
|
13243
|
-
(await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, this.correlationId)(this.performanceClient, this.logger, this.correlationId));
|
|
13244
|
-
const authCodeRequest = {
|
|
13245
|
-
...request,
|
|
13246
|
-
redirectUri: request.redirectUri,
|
|
13247
|
-
code: Constants.EMPTY_STRING,
|
|
13248
|
-
codeVerifier: generatedPkceParams.verifier,
|
|
13249
|
-
};
|
|
13250
|
-
request.codeChallenge = generatedPkceParams.challenge;
|
|
13251
|
-
request.codeChallengeMethod = Constants.S256_CODE_CHALLENGE_METHOD;
|
|
13252
|
-
return authCodeRequest;
|
|
13253
|
-
}
|
|
13254
13085
|
/**
|
|
13255
13086
|
* Initializer for the logout request.
|
|
13256
13087
|
* @param logoutRequest
|
|
@@ -13829,7 +13660,12 @@
|
|
|
13829
13660
|
const cachedhomeAccountId = this.browserStorage.getAccountInfoFilteredBy({
|
|
13830
13661
|
nativeAccountId: request.accountId,
|
|
13831
13662
|
})?.homeAccountId;
|
|
13832
|
-
|
|
13663
|
+
// add exception for double brokering, please note this is temporary and will be fortified in future
|
|
13664
|
+
if (request.extraParameters?.child_client_id &&
|
|
13665
|
+
response.account.id !== request.accountId) {
|
|
13666
|
+
this.logger.info("handleNativeServerResponse: Double broker flow detected, ignoring accountId mismatch");
|
|
13667
|
+
}
|
|
13668
|
+
else if (homeAccountIdentifier !== cachedhomeAccountId &&
|
|
13833
13669
|
response.account.id !== request.accountId) {
|
|
13834
13670
|
// User switch in native broker prompt is not supported. All users must first sign in through web flow to ensure server state is in sync
|
|
13835
13671
|
throw createNativeAuthError(userSwitch);
|
|
@@ -13841,6 +13677,8 @@
|
|
|
13841
13677
|
const baseAccount = buildAccountToCache(this.browserStorage, authority, homeAccountIdentifier, base64Decode, idTokenClaims, response.client_info, undefined, // environment
|
|
13842
13678
|
idTokenClaims.tid, undefined, // auth code payload
|
|
13843
13679
|
response.account.id, this.logger);
|
|
13680
|
+
// Ensure expires_in is in number format
|
|
13681
|
+
response.expires_in = Number(response.expires_in);
|
|
13844
13682
|
// generate authenticationResult
|
|
13845
13683
|
const result = await this.generateAuthenticationResult(response, request, idTokenClaims, baseAccount, authority.canonicalAuthority, reqTimestamp);
|
|
13846
13684
|
// cache accounts and tokens in the appropriate storage
|
|
@@ -14488,7 +14326,7 @@
|
|
|
14488
14326
|
this.performanceClient.addQueueMeasurement(PerformanceEvents.HandleCodeResponse, request.correlationId);
|
|
14489
14327
|
let authCodeResponse;
|
|
14490
14328
|
try {
|
|
14491
|
-
authCodeResponse =
|
|
14329
|
+
authCodeResponse = getAuthorizationCodePayload(response, request.state);
|
|
14492
14330
|
}
|
|
14493
14331
|
catch (e) {
|
|
14494
14332
|
if (e instanceof ServerError &&
|
|
@@ -14596,6 +14434,126 @@
|
|
|
14596
14434
|
}
|
|
14597
14435
|
}
|
|
14598
14436
|
|
|
14437
|
+
/*
|
|
14438
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
14439
|
+
* Licensed under the MIT License.
|
|
14440
|
+
*/
|
|
14441
|
+
/**
|
|
14442
|
+
* Returns map of parameters that are applicable to all calls to /authorize whether using PKCE or EAR
|
|
14443
|
+
* @param config
|
|
14444
|
+
* @param authority
|
|
14445
|
+
* @param request
|
|
14446
|
+
* @param logger
|
|
14447
|
+
* @param performanceClient
|
|
14448
|
+
* @returns
|
|
14449
|
+
*/
|
|
14450
|
+
async function getStandardParameters(config, authority, request, logger, performanceClient) {
|
|
14451
|
+
const parameters = getStandardAuthorizeRequestParameters({ ...config.auth, authority: authority }, request, logger, performanceClient);
|
|
14452
|
+
addLibraryInfo(parameters, {
|
|
14453
|
+
sku: BrowserConstants.MSAL_SKU,
|
|
14454
|
+
version: version,
|
|
14455
|
+
os: "",
|
|
14456
|
+
cpu: "",
|
|
14457
|
+
});
|
|
14458
|
+
if (config.auth.protocolMode !== ProtocolMode.OIDC) {
|
|
14459
|
+
addApplicationTelemetry(parameters, config.telemetry.application);
|
|
14460
|
+
}
|
|
14461
|
+
if (request.platformBroker) {
|
|
14462
|
+
// signal ests that this is a WAM call
|
|
14463
|
+
addNativeBroker(parameters);
|
|
14464
|
+
// pass the req_cnf for POP
|
|
14465
|
+
if (request.authenticationScheme === AuthenticationScheme.POP) {
|
|
14466
|
+
const cryptoOps = new CryptoOps(logger, performanceClient);
|
|
14467
|
+
const popTokenGenerator = new PopTokenGenerator(cryptoOps);
|
|
14468
|
+
// req_cnf is always sent as a string for SPAs
|
|
14469
|
+
let reqCnfData;
|
|
14470
|
+
if (!request.popKid) {
|
|
14471
|
+
const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, logger, performanceClient, request.correlationId)(request, logger);
|
|
14472
|
+
reqCnfData = generatedReqCnfData.reqCnfString;
|
|
14473
|
+
}
|
|
14474
|
+
else {
|
|
14475
|
+
reqCnfData = cryptoOps.encodeKid(request.popKid);
|
|
14476
|
+
}
|
|
14477
|
+
addPopToken(parameters, reqCnfData);
|
|
14478
|
+
}
|
|
14479
|
+
}
|
|
14480
|
+
instrumentBrokerParams(parameters, request.correlationId, performanceClient);
|
|
14481
|
+
return parameters;
|
|
14482
|
+
}
|
|
14483
|
+
/**
|
|
14484
|
+
* Gets the full /authorize URL with request parameters when using Auth Code + PKCE
|
|
14485
|
+
* @param config
|
|
14486
|
+
* @param authority
|
|
14487
|
+
* @param request
|
|
14488
|
+
* @param logger
|
|
14489
|
+
* @param performanceClient
|
|
14490
|
+
* @returns
|
|
14491
|
+
*/
|
|
14492
|
+
async function getAuthCodeRequestUrl(config, authority, request, logger, performanceClient) {
|
|
14493
|
+
if (!request.codeChallenge) {
|
|
14494
|
+
throw createClientConfigurationError(pkceParamsMissing);
|
|
14495
|
+
}
|
|
14496
|
+
const parameters = await invokeAsync(getStandardParameters, PerformanceEvents.GetStandardParams, logger, performanceClient, request.correlationId)(config, authority, request, logger, performanceClient);
|
|
14497
|
+
addResponseTypeCode(parameters);
|
|
14498
|
+
addCodeChallengeParams(parameters, request.codeChallenge, Constants.S256_CODE_CHALLENGE_METHOD);
|
|
14499
|
+
return getAuthorizeUrl(authority, parameters);
|
|
14500
|
+
}
|
|
14501
|
+
|
|
14502
|
+
/*
|
|
14503
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
14504
|
+
* Licensed under the MIT License.
|
|
14505
|
+
*/
|
|
14506
|
+
// Constant byte array length
|
|
14507
|
+
const RANDOM_BYTE_ARR_LENGTH = 32;
|
|
14508
|
+
/**
|
|
14509
|
+
* This file defines APIs to generate PKCE codes and code verifiers.
|
|
14510
|
+
*/
|
|
14511
|
+
/**
|
|
14512
|
+
* Generates PKCE Codes. See the RFC for more information: https://tools.ietf.org/html/rfc7636
|
|
14513
|
+
*/
|
|
14514
|
+
async function generatePkceCodes(performanceClient, logger, correlationId) {
|
|
14515
|
+
performanceClient.addQueueMeasurement(PerformanceEvents.GeneratePkceCodes, correlationId);
|
|
14516
|
+
const codeVerifier = invoke(generateCodeVerifier, PerformanceEvents.GenerateCodeVerifier, logger, performanceClient, correlationId)(performanceClient, logger, correlationId);
|
|
14517
|
+
const codeChallenge = await invokeAsync(generateCodeChallengeFromVerifier, PerformanceEvents.GenerateCodeChallengeFromVerifier, logger, performanceClient, correlationId)(codeVerifier, performanceClient, logger, correlationId);
|
|
14518
|
+
return {
|
|
14519
|
+
verifier: codeVerifier,
|
|
14520
|
+
challenge: codeChallenge,
|
|
14521
|
+
};
|
|
14522
|
+
}
|
|
14523
|
+
/**
|
|
14524
|
+
* Generates a random 32 byte buffer and returns the base64
|
|
14525
|
+
* encoded string to be used as a PKCE Code Verifier
|
|
14526
|
+
*/
|
|
14527
|
+
function generateCodeVerifier(performanceClient, logger, correlationId) {
|
|
14528
|
+
try {
|
|
14529
|
+
// Generate random values as utf-8
|
|
14530
|
+
const buffer = new Uint8Array(RANDOM_BYTE_ARR_LENGTH);
|
|
14531
|
+
invoke(getRandomValues, PerformanceEvents.GetRandomValues, logger, performanceClient, correlationId)(buffer);
|
|
14532
|
+
// encode verifier as base64
|
|
14533
|
+
const pkceCodeVerifierB64 = urlEncodeArr(buffer);
|
|
14534
|
+
return pkceCodeVerifierB64;
|
|
14535
|
+
}
|
|
14536
|
+
catch (e) {
|
|
14537
|
+
throw createBrowserAuthError(pkceNotCreated);
|
|
14538
|
+
}
|
|
14539
|
+
}
|
|
14540
|
+
/**
|
|
14541
|
+
* Creates a base64 encoded PKCE Code Challenge string from the
|
|
14542
|
+
* hash created from the PKCE Code Verifier supplied
|
|
14543
|
+
*/
|
|
14544
|
+
async function generateCodeChallengeFromVerifier(pkceCodeVerifier, performanceClient, logger, correlationId) {
|
|
14545
|
+
performanceClient.addQueueMeasurement(PerformanceEvents.GenerateCodeChallengeFromVerifier, correlationId);
|
|
14546
|
+
try {
|
|
14547
|
+
// hashed verifier
|
|
14548
|
+
const pkceHashedCodeVerifier = await invokeAsync(sha256Digest, PerformanceEvents.Sha256Digest, logger, performanceClient, correlationId)(pkceCodeVerifier, performanceClient, correlationId);
|
|
14549
|
+
// encode hash as base64
|
|
14550
|
+
return urlEncodeArr(new Uint8Array(pkceHashedCodeVerifier));
|
|
14551
|
+
}
|
|
14552
|
+
catch (e) {
|
|
14553
|
+
throw createBrowserAuthError(pkceNotCreated);
|
|
14554
|
+
}
|
|
14555
|
+
}
|
|
14556
|
+
|
|
14599
14557
|
/*
|
|
14600
14558
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
14601
14559
|
* Licensed under the MIT License.
|
|
@@ -14683,6 +14641,9 @@
|
|
|
14683
14641
|
this.logger.verbose("acquireTokenPopupAsync called");
|
|
14684
14642
|
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenPopup);
|
|
14685
14643
|
const validRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(request, exports.InteractionType.Popup);
|
|
14644
|
+
const pkce = pkceCodes ||
|
|
14645
|
+
(await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, this.correlationId)(this.performanceClient, this.logger, this.correlationId));
|
|
14646
|
+
validRequest.codeChallenge = pkce.challenge;
|
|
14686
14647
|
/*
|
|
14687
14648
|
* Skip pre-connect for async popups to reduce time between user interaction and popup window creation to avoid
|
|
14688
14649
|
* popup from being blocked by browsers with shorter popup timers
|
|
@@ -14691,8 +14652,6 @@
|
|
|
14691
14652
|
preconnect(validRequest.authority);
|
|
14692
14653
|
}
|
|
14693
14654
|
try {
|
|
14694
|
-
// Create auth code request and generate PKCE params
|
|
14695
|
-
const authCodeRequest = await invokeAsync(this.initializeAuthorizationCodeRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, this.logger, this.performanceClient, this.correlationId)(validRequest, pkceCodes);
|
|
14696
14655
|
// Initialize the client
|
|
14697
14656
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
14698
14657
|
serverTelemetryManager,
|
|
@@ -14709,12 +14668,10 @@
|
|
|
14709
14668
|
this.performanceClient.startMeasurement(PerformanceEvents.FetchAccountIdWithNativeBroker, request.correlationId);
|
|
14710
14669
|
}
|
|
14711
14670
|
// Create acquire token url.
|
|
14712
|
-
const navigateUrl = await authClient.
|
|
14671
|
+
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, validRequest.correlationId)(this.config, authClient.authority, {
|
|
14713
14672
|
...validRequest,
|
|
14714
14673
|
platformBroker: isPlatformBroker,
|
|
14715
|
-
});
|
|
14716
|
-
// Create popup interaction handler.
|
|
14717
|
-
const interactionHandler = new InteractionHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient);
|
|
14674
|
+
}, this.logger, this.performanceClient);
|
|
14718
14675
|
// Show the UI once the url has been created. Get the window handle for the popup.
|
|
14719
14676
|
const popupWindow = this.initiateAuthRequest(navigateUrl, popupParams);
|
|
14720
14677
|
this.eventHandler.emitEvent(EventType.POPUP_OPENED, exports.InteractionType.Popup, { popupWindow }, null);
|
|
@@ -14722,7 +14679,7 @@
|
|
|
14722
14679
|
const responseString = await this.monitorPopupForHash(popupWindow, popupParams.popupWindowParent);
|
|
14723
14680
|
const serverParams = invoke(deserializeResponse, PerformanceEvents.DeserializeResponse, this.logger, this.performanceClient, this.correlationId)(responseString, this.config.auth.OIDCOptions.serverResponseType, this.logger);
|
|
14724
14681
|
// Remove throttle if it exists
|
|
14725
|
-
ThrottlingUtils.removeThrottle(this.browserStorage, this.config.auth.clientId,
|
|
14682
|
+
ThrottlingUtils.removeThrottle(this.browserStorage, this.config.auth.clientId, validRequest);
|
|
14726
14683
|
if (serverParams.accountId) {
|
|
14727
14684
|
this.logger.verbose("Account id found in hash, calling WAM for token");
|
|
14728
14685
|
// end measurement for server call with native brokering enabled
|
|
@@ -14743,6 +14700,13 @@
|
|
|
14743
14700
|
prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently
|
|
14744
14701
|
});
|
|
14745
14702
|
}
|
|
14703
|
+
const authCodeRequest = {
|
|
14704
|
+
...validRequest,
|
|
14705
|
+
code: serverParams.code || "",
|
|
14706
|
+
codeVerifier: pkce.verifier,
|
|
14707
|
+
};
|
|
14708
|
+
// Create popup interaction handler.
|
|
14709
|
+
const interactionHandler = new InteractionHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient);
|
|
14746
14710
|
// Handle response from hash string.
|
|
14747
14711
|
const result = await interactionHandler.handleCodeResponse(serverParams, validRequest);
|
|
14748
14712
|
return result;
|
|
@@ -15118,7 +15082,7 @@
|
|
|
15118
15082
|
}
|
|
15119
15083
|
let authCodeResponse;
|
|
15120
15084
|
try {
|
|
15121
|
-
authCodeResponse =
|
|
15085
|
+
authCodeResponse = getAuthorizationCodePayload(response, requestState);
|
|
15122
15086
|
}
|
|
15123
15087
|
catch (e) {
|
|
15124
15088
|
if (e instanceof ServerError &&
|
|
@@ -15202,6 +15166,8 @@
|
|
|
15202
15166
|
*/
|
|
15203
15167
|
async acquireToken(request) {
|
|
15204
15168
|
const validRequest = await invokeAsync(this.initializeAuthorizationRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest, this.logger, this.performanceClient, this.correlationId)(request, exports.InteractionType.Redirect);
|
|
15169
|
+
const pkceCodes = await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, this.correlationId)(this.performanceClient, this.logger, this.correlationId);
|
|
15170
|
+
validRequest.codeChallenge = pkceCodes.challenge;
|
|
15205
15171
|
this.browserStorage.updateCacheEntries(validRequest.state, validRequest.nonce, validRequest.authority, validRequest.loginHint || "", validRequest.account || null);
|
|
15206
15172
|
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenRedirect);
|
|
15207
15173
|
const handleBackButton = (event) => {
|
|
@@ -15213,8 +15179,6 @@
|
|
|
15213
15179
|
}
|
|
15214
15180
|
};
|
|
15215
15181
|
try {
|
|
15216
|
-
// Create auth code request and generate PKCE params
|
|
15217
|
-
const authCodeRequest = await invokeAsync(this.initializeAuthorizationCodeRequest.bind(this), PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest, this.logger, this.performanceClient, this.correlationId)(validRequest);
|
|
15218
15182
|
// Initialize the client
|
|
15219
15183
|
const authClient = await invokeAsync(this.createAuthCodeClient.bind(this), PerformanceEvents.StandardInteractionClientCreateAuthCodeClient, this.logger, this.performanceClient, this.correlationId)({
|
|
15220
15184
|
serverTelemetryManager,
|
|
@@ -15223,13 +15187,18 @@
|
|
|
15223
15187
|
requestExtraQueryParameters: validRequest.extraQueryParameters,
|
|
15224
15188
|
account: validRequest.account,
|
|
15225
15189
|
});
|
|
15190
|
+
const authCodeRequest = {
|
|
15191
|
+
...validRequest,
|
|
15192
|
+
code: "",
|
|
15193
|
+
codeVerifier: pkceCodes.verifier,
|
|
15194
|
+
};
|
|
15226
15195
|
// Create redirect interaction handler.
|
|
15227
15196
|
const interactionHandler = new RedirectHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient);
|
|
15228
15197
|
// Create acquire token url.
|
|
15229
|
-
const navigateUrl = await authClient.
|
|
15198
|
+
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, validRequest.correlationId)(this.config, authClient.authority, {
|
|
15230
15199
|
...validRequest,
|
|
15231
15200
|
platformBroker: NativeMessageHandler.isPlatformBrokerAvailable(this.config, this.logger, this.nativeMessageHandler, request.authenticationScheme),
|
|
15232
|
-
});
|
|
15201
|
+
}, this.logger, this.performanceClient);
|
|
15233
15202
|
const redirectStartPage = this.getRedirectStartPage(request.redirectStartPage);
|
|
15234
15203
|
this.logger.verbosePii(`Redirect start page: ${redirectStartPage}`);
|
|
15235
15204
|
// Clear temporary cache if the back button is clicked during the redirect flow.
|
|
@@ -15734,18 +15703,19 @@
|
|
|
15734
15703
|
* @param navigateUrl
|
|
15735
15704
|
* @param userRequestScopes
|
|
15736
15705
|
*/
|
|
15737
|
-
async silentTokenHelper(authClient,
|
|
15738
|
-
const correlationId =
|
|
15706
|
+
async silentTokenHelper(authClient, request) {
|
|
15707
|
+
const correlationId = request.correlationId;
|
|
15739
15708
|
this.performanceClient.addQueueMeasurement(PerformanceEvents.SilentIframeClientTokenHelper, correlationId);
|
|
15740
|
-
|
|
15741
|
-
const
|
|
15709
|
+
const pkceCodes = await invokeAsync(generatePkceCodes, PerformanceEvents.GeneratePkceCodes, this.logger, this.performanceClient, this.correlationId)(this.performanceClient, this.logger, this.correlationId);
|
|
15710
|
+
const silentRequest = {
|
|
15711
|
+
...request,
|
|
15712
|
+
codeChallenge: pkceCodes.challenge,
|
|
15713
|
+
};
|
|
15742
15714
|
// Create authorize request url
|
|
15743
|
-
const navigateUrl = await invokeAsync(
|
|
15715
|
+
const navigateUrl = await invokeAsync(getAuthCodeRequestUrl, PerformanceEvents.GetAuthCodeUrl, this.logger, this.performanceClient, correlationId)(this.config, authClient.authority, {
|
|
15744
15716
|
...silentRequest,
|
|
15745
15717
|
platformBroker: NativeMessageHandler.isPlatformBrokerAvailable(this.config, this.logger, this.nativeMessageHandler, silentRequest.authenticationScheme),
|
|
15746
|
-
});
|
|
15747
|
-
// Create silent handler
|
|
15748
|
-
const interactionHandler = new InteractionHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient);
|
|
15718
|
+
}, this.logger, this.performanceClient);
|
|
15749
15719
|
// Get the frame handle for the silent request
|
|
15750
15720
|
const msalFrame = await invokeAsync(initiateAuthRequest, PerformanceEvents.SilentHandlerInitiateAuthRequest, this.logger, this.performanceClient, correlationId)(navigateUrl, this.performanceClient, this.logger, correlationId, this.config.system.navigateFrameWait);
|
|
15751
15721
|
const responseType = this.config.auth.OIDCOptions.serverResponseType;
|
|
@@ -15765,6 +15735,13 @@
|
|
|
15765
15735
|
prompt: silentRequest.prompt || PromptValue.NONE,
|
|
15766
15736
|
});
|
|
15767
15737
|
}
|
|
15738
|
+
const authCodeRequest = {
|
|
15739
|
+
...silentRequest,
|
|
15740
|
+
code: serverParams.code || "",
|
|
15741
|
+
codeVerifier: pkceCodes.verifier,
|
|
15742
|
+
};
|
|
15743
|
+
// Create silent handler
|
|
15744
|
+
const interactionHandler = new InteractionHandler(authClient, this.browserStorage, authCodeRequest, this.logger, this.performanceClient);
|
|
15768
15745
|
// Handle response from hash string
|
|
15769
15746
|
return invokeAsync(interactionHandler.handleCodeResponse.bind(interactionHandler), PerformanceEvents.HandleCodeResponse, this.logger, this.performanceClient, correlationId)(serverParams, silentRequest);
|
|
15770
15747
|
}
|
|
@@ -17518,8 +17495,7 @@
|
|
|
17518
17495
|
extraParams = new Map(Object.entries(request.extraQueryParameters));
|
|
17519
17496
|
}
|
|
17520
17497
|
const correlationId = request.correlationId || this.crypto.createNewGuid();
|
|
17521
|
-
const
|
|
17522
|
-
const claims = requestBuilder.addClientCapabilitiesToClaims(request.claims, this.clientCapabilities);
|
|
17498
|
+
const claims = addClientCapabilitiesToClaims(request.claims, this.clientCapabilities);
|
|
17523
17499
|
const scopes = request.scopes || OIDC_DEFAULT_SCOPES;
|
|
17524
17500
|
const tokenRequest = {
|
|
17525
17501
|
platformBrokerId: request.account?.homeAccountId,
|