@azure/msal-browser 4.7.0 → 4.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (214) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeMessageHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  6. package/dist/cache/AccountManager.mjs +1 -1
  7. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  8. package/dist/cache/BrowserCacheManager.d.ts +4 -41
  9. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +18 -143
  11. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  12. package/dist/cache/CacheHelpers.mjs +1 -1
  13. package/dist/cache/CookieStorage.mjs +1 -1
  14. package/dist/cache/DatabaseStorage.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.mjs +1 -1
  19. package/dist/config/Configuration.d.ts.map +1 -1
  20. package/dist/config/Configuration.mjs +12 -3
  21. package/dist/config/Configuration.mjs.map +1 -1
  22. package/dist/controllers/ControllerFactory.mjs +1 -1
  23. package/dist/controllers/NestedAppAuthController.d.ts +2 -2
  24. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  25. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  26. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  27. package/dist/controllers/StandardController.d.ts.map +1 -1
  28. package/dist/controllers/StandardController.mjs +28 -16
  29. package/dist/controllers/StandardController.mjs.map +1 -1
  30. package/dist/controllers/UnknownOperatingContextController.d.ts +2 -2
  31. package/dist/controllers/UnknownOperatingContextController.d.ts.map +1 -1
  32. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  33. package/dist/controllers/UnknownOperatingContextController.mjs.map +1 -1
  34. package/dist/crypto/BrowserCrypto.d.ts +11 -0
  35. package/dist/crypto/BrowserCrypto.d.ts.map +1 -1
  36. package/dist/crypto/BrowserCrypto.mjs +68 -5
  37. package/dist/crypto/BrowserCrypto.mjs.map +1 -1
  38. package/dist/crypto/CryptoOps.mjs +1 -1
  39. package/dist/crypto/PkceGenerator.mjs +1 -1
  40. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  41. package/dist/encode/Base64Decode.mjs +1 -1
  42. package/dist/encode/Base64Encode.mjs +1 -1
  43. package/dist/error/BrowserAuthError.d.ts +3 -5
  44. package/dist/error/BrowserAuthError.d.ts.map +1 -1
  45. package/dist/error/BrowserAuthError.mjs +5 -7
  46. package/dist/error/BrowserAuthError.mjs.map +1 -1
  47. package/dist/error/BrowserAuthErrorCodes.d.ts +3 -1
  48. package/dist/error/BrowserAuthErrorCodes.d.ts.map +1 -1
  49. package/dist/error/BrowserAuthErrorCodes.mjs +6 -4
  50. package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
  51. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  52. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  53. package/dist/error/NativeAuthError.mjs +1 -1
  54. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  55. package/dist/error/NestedAppAuthError.mjs +1 -1
  56. package/dist/event/EventHandler.mjs +1 -1
  57. package/dist/event/EventMessage.mjs +1 -1
  58. package/dist/event/EventType.mjs +1 -1
  59. package/dist/index.mjs +1 -1
  60. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  61. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  62. package/dist/interaction_client/NativeInteractionClient.d.ts.map +1 -1
  63. package/dist/interaction_client/NativeInteractionClient.mjs +9 -4
  64. package/dist/interaction_client/NativeInteractionClient.mjs.map +1 -1
  65. package/dist/interaction_client/PopupClient.d.ts +14 -1
  66. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  67. package/dist/interaction_client/PopupClient.mjs +66 -57
  68. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  69. package/dist/interaction_client/RedirectClient.d.ts +21 -4
  70. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  71. package/dist/interaction_client/RedirectClient.mjs +133 -70
  72. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  73. package/dist/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  74. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  75. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  76. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  77. package/dist/interaction_client/SilentIframeClient.d.ts +13 -3
  78. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  79. package/dist/interaction_client/SilentIframeClient.mjs +64 -41
  80. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  81. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  82. package/dist/interaction_client/StandardInteractionClient.d.ts +2 -9
  83. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  84. package/dist/interaction_client/StandardInteractionClient.mjs +2 -22
  85. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  86. package/dist/interaction_handler/InteractionHandler.d.ts +4 -5
  87. package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
  88. package/dist/interaction_handler/InteractionHandler.mjs +3 -3
  89. package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
  90. package/dist/interaction_handler/SilentHandler.d.ts +4 -2
  91. package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
  92. package/dist/interaction_handler/SilentHandler.mjs +13 -3
  93. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  94. package/dist/naa/BridgeError.mjs +1 -1
  95. package/dist/naa/BridgeProxy.mjs +1 -1
  96. package/dist/naa/BridgeStatusCode.mjs +1 -1
  97. package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  98. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -3
  99. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  100. package/dist/navigation/NavigationClient.mjs +1 -1
  101. package/dist/network/FetchClient.mjs +1 -1
  102. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  103. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  104. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  105. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  106. package/dist/packageMetadata.d.ts +1 -1
  107. package/dist/packageMetadata.mjs +2 -2
  108. package/dist/protocol/Authorize.d.ts +65 -0
  109. package/dist/protocol/Authorize.d.ts.map +1 -0
  110. package/dist/protocol/Authorize.mjs +217 -0
  111. package/dist/protocol/Authorize.mjs.map +1 -0
  112. package/dist/request/AuthorizationUrlRequest.d.ts +2 -4
  113. package/dist/request/AuthorizationUrlRequest.d.ts.map +1 -1
  114. package/dist/request/PopupRequest.d.ts +1 -1
  115. package/dist/request/PopupRequest.d.ts.map +1 -1
  116. package/dist/request/RedirectRequest.d.ts +1 -1
  117. package/dist/request/RedirectRequest.d.ts.map +1 -1
  118. package/dist/request/RequestHelpers.mjs +1 -1
  119. package/dist/request/SsoSilentRequest.d.ts +1 -1
  120. package/dist/request/SsoSilentRequest.d.ts.map +1 -1
  121. package/dist/response/ResponseHandler.d.ts +3 -3
  122. package/dist/response/ResponseHandler.d.ts.map +1 -1
  123. package/dist/response/ResponseHandler.mjs +1 -1
  124. package/dist/response/ResponseHandler.mjs.map +1 -1
  125. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  126. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  127. package/dist/utils/BrowserConstants.d.ts +1 -10
  128. package/dist/utils/BrowserConstants.d.ts.map +1 -1
  129. package/dist/utils/BrowserConstants.mjs +2 -11
  130. package/dist/utils/BrowserConstants.mjs.map +1 -1
  131. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  132. package/dist/utils/BrowserUtils.mjs +1 -1
  133. package/lib/msal-browser.cjs +2402 -2345
  134. package/lib/msal-browser.cjs.map +1 -1
  135. package/lib/msal-browser.js +2402 -2345
  136. package/lib/msal-browser.js.map +1 -1
  137. package/lib/msal-browser.min.js +68 -66
  138. package/lib/types/cache/BrowserCacheManager.d.ts +4 -41
  139. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  140. package/lib/types/config/Configuration.d.ts.map +1 -1
  141. package/lib/types/controllers/NestedAppAuthController.d.ts +2 -2
  142. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  143. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  144. package/lib/types/controllers/UnknownOperatingContextController.d.ts +2 -2
  145. package/lib/types/controllers/UnknownOperatingContextController.d.ts.map +1 -1
  146. package/lib/types/crypto/BrowserCrypto.d.ts +11 -0
  147. package/lib/types/crypto/BrowserCrypto.d.ts.map +1 -1
  148. package/lib/types/error/BrowserAuthError.d.ts +3 -5
  149. package/lib/types/error/BrowserAuthError.d.ts.map +1 -1
  150. package/lib/types/error/BrowserAuthErrorCodes.d.ts +3 -1
  151. package/lib/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
  152. package/lib/types/interaction_client/NativeInteractionClient.d.ts.map +1 -1
  153. package/lib/types/interaction_client/PopupClient.d.ts +14 -1
  154. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  155. package/lib/types/interaction_client/RedirectClient.d.ts +21 -4
  156. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  157. package/lib/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  158. package/lib/types/interaction_client/SilentIframeClient.d.ts +13 -3
  159. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  160. package/lib/types/interaction_client/StandardInteractionClient.d.ts +2 -9
  161. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  162. package/lib/types/interaction_handler/InteractionHandler.d.ts +4 -5
  163. package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  164. package/lib/types/interaction_handler/SilentHandler.d.ts +4 -2
  165. package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  166. package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  167. package/lib/types/packageMetadata.d.ts +1 -1
  168. package/lib/types/protocol/Authorize.d.ts +65 -0
  169. package/lib/types/protocol/Authorize.d.ts.map +1 -0
  170. package/lib/types/request/AuthorizationUrlRequest.d.ts +2 -4
  171. package/lib/types/request/AuthorizationUrlRequest.d.ts.map +1 -1
  172. package/lib/types/request/PopupRequest.d.ts +1 -1
  173. package/lib/types/request/PopupRequest.d.ts.map +1 -1
  174. package/lib/types/request/RedirectRequest.d.ts +1 -1
  175. package/lib/types/request/RedirectRequest.d.ts.map +1 -1
  176. package/lib/types/request/SsoSilentRequest.d.ts +1 -1
  177. package/lib/types/request/SsoSilentRequest.d.ts.map +1 -1
  178. package/lib/types/response/ResponseHandler.d.ts +3 -3
  179. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  180. package/lib/types/utils/BrowserConstants.d.ts +1 -10
  181. package/lib/types/utils/BrowserConstants.d.ts.map +1 -1
  182. package/package.json +2 -2
  183. package/src/cache/BrowserCacheManager.ts +30 -205
  184. package/src/config/Configuration.ts +14 -2
  185. package/src/controllers/NestedAppAuthController.ts +2 -0
  186. package/src/controllers/StandardController.ts +35 -24
  187. package/src/controllers/UnknownOperatingContextController.ts +2 -0
  188. package/src/crypto/BrowserCrypto.ts +91 -2
  189. package/src/error/BrowserAuthError.ts +6 -8
  190. package/src/error/BrowserAuthErrorCodes.ts +3 -1
  191. package/src/interaction_client/NativeInteractionClient.ts +11 -2
  192. package/src/interaction_client/PopupClient.ts +174 -111
  193. package/src/interaction_client/RedirectClient.ts +269 -132
  194. package/src/interaction_client/SilentAuthCodeClient.ts +2 -2
  195. package/src/interaction_client/SilentIframeClient.ts +168 -100
  196. package/src/interaction_client/StandardInteractionClient.ts +3 -43
  197. package/src/interaction_handler/InteractionHandler.ts +8 -7
  198. package/src/interaction_handler/SilentHandler.ts +31 -2
  199. package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -2
  200. package/src/packageMetadata.ts +1 -1
  201. package/src/protocol/Authorize.ts +490 -0
  202. package/src/request/AuthorizationUrlRequest.ts +3 -5
  203. package/src/request/PopupRequest.ts +1 -0
  204. package/src/request/RedirectRequest.ts +1 -0
  205. package/src/request/SsoSilentRequest.ts +1 -0
  206. package/src/response/ResponseHandler.ts +3 -3
  207. package/src/utils/BrowserConstants.ts +1 -10
  208. package/dist/interaction_handler/RedirectHandler.d.ts +0 -33
  209. package/dist/interaction_handler/RedirectHandler.d.ts.map +0 -1
  210. package/dist/interaction_handler/RedirectHandler.mjs +0 -144
  211. package/dist/interaction_handler/RedirectHandler.mjs.map +0 -1
  212. package/lib/types/interaction_handler/RedirectHandler.d.ts +0 -33
  213. package/lib/types/interaction_handler/RedirectHandler.d.ts.map +0 -1
  214. package/src/interaction_handler/RedirectHandler.ts +0 -251
@@ -7,17 +7,16 @@ import {
7
7
  ICrypto,
8
8
  Logger,
9
9
  PromptValue,
10
- CommonAuthorizationCodeRequest,
11
10
  AuthorizationCodeClient,
12
11
  AuthError,
13
- ProtocolUtils,
14
12
  IPerformanceClient,
15
13
  PerformanceEvents,
16
14
  invokeAsync,
17
15
  invoke,
16
+ ProtocolMode,
17
+ CommonAuthorizationUrlRequest,
18
18
  } from "@azure/msal-common/browser";
19
19
  import { StandardInteractionClient } from "./StandardInteractionClient.js";
20
- import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest.js";
21
20
  import { BrowserConfiguration } from "../config/Configuration.js";
22
21
  import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
23
22
  import { EventHandler } from "../event/EventHandler.js";
@@ -32,16 +31,18 @@ import {
32
31
  BrowserConstants,
33
32
  } from "../utils/BrowserConstants.js";
34
33
  import {
35
- initiateAuthRequest,
34
+ initiateCodeRequest,
35
+ initiateEarRequest,
36
36
  monitorIframeForHash,
37
37
  } from "../interaction_handler/SilentHandler.js";
38
38
  import { SsoSilentRequest } from "../request/SsoSilentRequest.js";
39
39
  import { NativeMessageHandler } from "../broker/nativeBroker/NativeMessageHandler.js";
40
- import { NativeInteractionClient } from "./NativeInteractionClient.js";
41
40
  import { AuthenticationResult } from "../response/AuthenticationResult.js";
42
- import { InteractionHandler } from "../interaction_handler/InteractionHandler.js";
43
41
  import * as BrowserUtils from "../utils/BrowserUtils.js";
44
42
  import * as ResponseHandler from "../response/ResponseHandler.js";
43
+ import * as Authorize from "../protocol/Authorize.js";
44
+ import { generatePkceCodes } from "../crypto/PkceGenerator.js";
45
+ import { generateEarKey } from "../crypto/BrowserCrypto.js";
45
46
 
46
47
  export class SilentIframeClient extends StandardInteractionClient {
47
48
  protected apiId: ApiId;
@@ -114,21 +115,42 @@ export class SilentIframeClient extends StandardInteractionClient {
114
115
  }
115
116
 
116
117
  // Create silent request
117
- const silentRequest: AuthorizationUrlRequest = await invokeAsync(
118
+ const silentRequest: CommonAuthorizationUrlRequest = await invokeAsync(
118
119
  this.initializeAuthorizationRequest.bind(this),
119
120
  PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,
120
121
  this.logger,
121
122
  this.performanceClient,
122
123
  request.correlationId
123
124
  )(inputRequest, InteractionType.Silent);
125
+ silentRequest.platformBroker =
126
+ NativeMessageHandler.isPlatformBrokerAvailable(
127
+ this.config,
128
+ this.logger,
129
+ this.nativeMessageHandler,
130
+ silentRequest.authenticationScheme
131
+ );
124
132
  BrowserUtils.preconnect(silentRequest.authority);
125
133
 
134
+ if (this.config.auth.protocolMode === ProtocolMode.EAR) {
135
+ return this.executeEarFlow(silentRequest);
136
+ } else {
137
+ return this.executeCodeFlow(silentRequest);
138
+ }
139
+ }
140
+
141
+ /**
142
+ * Executes auth code + PKCE flow
143
+ * @param request
144
+ * @returns
145
+ */
146
+ async executeCodeFlow(
147
+ request: CommonAuthorizationUrlRequest
148
+ ): Promise<AuthenticationResult> {
149
+ let authClient: AuthorizationCodeClient | undefined;
126
150
  const serverTelemetryManager = this.initializeServerTelemetryManager(
127
151
  this.apiId
128
152
  );
129
153
 
130
- let authClient: AuthorizationCodeClient | undefined;
131
-
132
154
  try {
133
155
  // Initialize the client
134
156
  authClient = await invokeAsync(
@@ -139,10 +161,10 @@ export class SilentIframeClient extends StandardInteractionClient {
139
161
  request.correlationId
140
162
  )({
141
163
  serverTelemetryManager,
142
- requestAuthority: silentRequest.authority,
143
- requestAzureCloudOptions: silentRequest.azureCloudOptions,
144
- requestExtraQueryParameters: silentRequest.extraQueryParameters,
145
- account: silentRequest.account,
164
+ requestAuthority: request.authority,
165
+ requestAzureCloudOptions: request.azureCloudOptions,
166
+ requestExtraQueryParameters: request.extraQueryParameters,
167
+ account: request.account,
146
168
  });
147
169
 
148
170
  return await invokeAsync(
@@ -151,7 +173,7 @@ export class SilentIframeClient extends StandardInteractionClient {
151
173
  this.logger,
152
174
  this.performanceClient,
153
175
  request.correlationId
154
- )(authClient, silentRequest);
176
+ )(authClient, request);
155
177
  } catch (e) {
156
178
  if (e instanceof AuthError) {
157
179
  (e as AuthError).setCorrelationId(this.correlationId);
@@ -173,25 +195,109 @@ export class SilentIframeClient extends StandardInteractionClient {
173
195
  this.correlationId
174
196
  );
175
197
 
176
- const retrySilentRequest: AuthorizationUrlRequest =
177
- await invokeAsync(
178
- this.initializeAuthorizationRequest.bind(this),
179
- PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,
180
- this.logger,
181
- this.performanceClient,
182
- request.correlationId
183
- )(inputRequest, InteractionType.Silent);
184
-
185
198
  return await invokeAsync(
186
199
  this.silentTokenHelper.bind(this),
187
200
  PerformanceEvents.SilentIframeClientTokenHelper,
188
201
  this.logger,
189
202
  this.performanceClient,
190
203
  this.correlationId
191
- )(authClient, retrySilentRequest);
204
+ )(authClient, request);
192
205
  }
193
206
  }
194
207
 
208
+ /**
209
+ * Executes EAR flow
210
+ * @param request
211
+ */
212
+ async executeEarFlow(
213
+ request: CommonAuthorizationUrlRequest
214
+ ): Promise<AuthenticationResult> {
215
+ const correlationId = request.correlationId;
216
+ const discoveredAuthority = await invokeAsync(
217
+ this.getDiscoveredAuthority.bind(this),
218
+ PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority,
219
+ this.logger,
220
+ this.performanceClient,
221
+ correlationId
222
+ )({
223
+ requestAuthority: request.authority,
224
+ requestAzureCloudOptions: request.azureCloudOptions,
225
+ requestExtraQueryParameters: request.extraQueryParameters,
226
+ account: request.account,
227
+ });
228
+
229
+ const earJwk = await invokeAsync(
230
+ generateEarKey,
231
+ PerformanceEvents.GenerateEarKey,
232
+ this.logger,
233
+ this.performanceClient,
234
+ correlationId
235
+ )();
236
+ const silentRequest = {
237
+ ...request,
238
+ earJwk: earJwk,
239
+ };
240
+ const msalFrame = await invokeAsync(
241
+ initiateEarRequest,
242
+ PerformanceEvents.SilentHandlerInitiateAuthRequest,
243
+ this.logger,
244
+ this.performanceClient,
245
+ correlationId
246
+ )(
247
+ this.config,
248
+ discoveredAuthority,
249
+ silentRequest,
250
+ this.logger,
251
+ this.performanceClient
252
+ );
253
+
254
+ const responseType = this.config.auth.OIDCOptions.serverResponseType;
255
+ // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
256
+ const responseString = await invokeAsync(
257
+ monitorIframeForHash,
258
+ PerformanceEvents.SilentHandlerMonitorIframeForHash,
259
+ this.logger,
260
+ this.performanceClient,
261
+ correlationId
262
+ )(
263
+ msalFrame,
264
+ this.config.system.iframeHashTimeout,
265
+ this.config.system.pollIntervalMilliseconds,
266
+ this.performanceClient,
267
+ this.logger,
268
+ correlationId,
269
+ responseType
270
+ );
271
+
272
+ const serverParams = invoke(
273
+ ResponseHandler.deserializeResponse,
274
+ PerformanceEvents.DeserializeResponse,
275
+ this.logger,
276
+ this.performanceClient,
277
+ correlationId
278
+ )(responseString, responseType, this.logger);
279
+
280
+ return invokeAsync(
281
+ Authorize.handleResponseEAR,
282
+ PerformanceEvents.HandleResponseEar,
283
+ this.logger,
284
+ this.performanceClient,
285
+ correlationId
286
+ )(
287
+ silentRequest,
288
+ serverParams,
289
+ this.apiId,
290
+ this.config,
291
+ discoveredAuthority,
292
+ this.browserStorage,
293
+ this.nativeStorage,
294
+ this.eventHandler,
295
+ this.logger,
296
+ this.performanceClient,
297
+ this.nativeMessageHandler
298
+ );
299
+ }
300
+
195
301
  /**
196
302
  * Currently Unsupported
197
303
  */
@@ -212,52 +318,43 @@ export class SilentIframeClient extends StandardInteractionClient {
212
318
  */
213
319
  protected async silentTokenHelper(
214
320
  authClient: AuthorizationCodeClient,
215
- silentRequest: AuthorizationUrlRequest
321
+ request: CommonAuthorizationUrlRequest
216
322
  ): Promise<AuthenticationResult> {
217
- const correlationId = silentRequest.correlationId;
323
+ const correlationId = request.correlationId;
218
324
  this.performanceClient.addQueueMeasurement(
219
325
  PerformanceEvents.SilentIframeClientTokenHelper,
220
326
  correlationId
221
327
  );
328
+ const pkceCodes = await invokeAsync(
329
+ generatePkceCodes,
330
+ PerformanceEvents.GeneratePkceCodes,
331
+ this.logger,
332
+ this.performanceClient,
333
+ correlationId
334
+ )(this.performanceClient, this.logger, correlationId);
222
335
 
223
- // Create auth code request and generate PKCE params
224
- const authCodeRequest: CommonAuthorizationCodeRequest =
225
- await invokeAsync(
226
- this.initializeAuthorizationCodeRequest.bind(this),
227
- PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
228
- this.logger,
229
- this.performanceClient,
230
- correlationId
231
- )(silentRequest);
232
-
336
+ const silentRequest = {
337
+ ...request,
338
+ codeChallenge: pkceCodes.challenge,
339
+ };
233
340
  // Create authorize request url
234
341
  const navigateUrl = await invokeAsync(
235
- authClient.getAuthCodeUrl.bind(authClient),
342
+ Authorize.getAuthCodeRequestUrl,
236
343
  PerformanceEvents.GetAuthCodeUrl,
237
344
  this.logger,
238
345
  this.performanceClient,
239
346
  correlationId
240
- )({
241
- ...silentRequest,
242
- platformBroker: NativeMessageHandler.isPlatformBrokerAvailable(
243
- this.config,
244
- this.logger,
245
- this.nativeMessageHandler,
246
- silentRequest.authenticationScheme
247
- ),
248
- });
249
-
250
- // Create silent handler
251
- const interactionHandler = new InteractionHandler(
252
- authClient,
253
- this.browserStorage,
254
- authCodeRequest,
347
+ )(
348
+ this.config,
349
+ authClient.authority,
350
+ silentRequest,
255
351
  this.logger,
256
352
  this.performanceClient
257
353
  );
354
+
258
355
  // Get the frame handle for the silent request
259
356
  const msalFrame = await invokeAsync(
260
- initiateAuthRequest,
357
+ initiateCodeRequest,
261
358
  PerformanceEvents.SilentHandlerInitiateAuthRequest,
262
359
  this.logger,
263
360
  this.performanceClient,
@@ -269,6 +366,7 @@ export class SilentIframeClient extends StandardInteractionClient {
269
366
  correlationId,
270
367
  this.config.system.navigateFrameWait
271
368
  );
369
+
272
370
  const responseType = this.config.auth.OIDCOptions.serverResponseType;
273
371
  // Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
274
372
  const responseString = await invokeAsync(
@@ -291,58 +389,28 @@ export class SilentIframeClient extends StandardInteractionClient {
291
389
  PerformanceEvents.DeserializeResponse,
292
390
  this.logger,
293
391
  this.performanceClient,
294
- this.correlationId
392
+ correlationId
295
393
  )(responseString, responseType, this.logger);
296
394
 
297
- if (serverParams.accountId) {
298
- this.logger.verbose(
299
- "Account id found in hash, calling WAM for token"
300
- );
301
- if (!this.nativeMessageHandler) {
302
- throw createBrowserAuthError(
303
- BrowserAuthErrorCodes.nativeConnectionNotEstablished
304
- );
305
- }
306
- const nativeInteractionClient = new NativeInteractionClient(
307
- this.config,
308
- this.browserStorage,
309
- this.browserCrypto,
310
- this.logger,
311
- this.eventHandler,
312
- this.navigationClient,
313
- this.apiId,
314
- this.performanceClient,
315
- this.nativeMessageHandler,
316
- serverParams.accountId,
317
- this.browserStorage,
318
- correlationId
319
- );
320
- const { userRequestState } = ProtocolUtils.parseRequestState(
321
- this.browserCrypto,
322
- silentRequest.state
323
- );
324
- return invokeAsync(
325
- nativeInteractionClient.acquireToken.bind(
326
- nativeInteractionClient
327
- ),
328
- PerformanceEvents.NativeInteractionClientAcquireToken,
329
- this.logger,
330
- this.performanceClient,
331
- correlationId
332
- )({
333
- ...silentRequest,
334
- state: userRequestState,
335
- prompt: silentRequest.prompt || PromptValue.NONE,
336
- });
337
- }
338
-
339
- // Handle response from hash string
340
395
  return invokeAsync(
341
- interactionHandler.handleCodeResponse.bind(interactionHandler),
342
- PerformanceEvents.HandleCodeResponse,
396
+ Authorize.handleResponseCode,
397
+ PerformanceEvents.HandleResponseCode,
343
398
  this.logger,
344
399
  this.performanceClient,
345
400
  correlationId
346
- )(serverParams, silentRequest);
401
+ )(
402
+ request,
403
+ serverParams,
404
+ pkceCodes.verifier,
405
+ this.apiId,
406
+ this.config,
407
+ authClient,
408
+ this.browserStorage,
409
+ this.nativeStorage,
410
+ this.eventHandler,
411
+ this.logger,
412
+ this.performanceClient,
413
+ this.nativeMessageHandler
414
+ );
347
415
  }
348
416
  }
@@ -5,7 +5,6 @@
5
5
 
6
6
  import {
7
7
  ServerTelemetryManager,
8
- CommonAuthorizationCodeRequest,
9
8
  Constants,
10
9
  AuthorizationCodeClient,
11
10
  ClientConfiguration,
@@ -20,10 +19,9 @@ import {
20
19
  invokeAsync,
21
20
  BaseAuthRequest,
22
21
  StringDict,
23
- PkceCodes,
22
+ CommonAuthorizationUrlRequest,
24
23
  } from "@azure/msal-common/browser";
25
24
  import { BaseInteractionClient } from "./BaseInteractionClient.js";
26
- import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest.js";
27
25
  import {
28
26
  BrowserConstants,
29
27
  InteractionType,
@@ -35,7 +33,6 @@ import * as BrowserUtils from "../utils/BrowserUtils.js";
35
33
  import { RedirectRequest } from "../request/RedirectRequest.js";
36
34
  import { PopupRequest } from "../request/PopupRequest.js";
37
35
  import { SsoSilentRequest } from "../request/SsoSilentRequest.js";
38
- import { generatePkceCodes } from "../crypto/PkceGenerator.js";
39
36
  import { createNewGuid } from "../crypto/BrowserCrypto.js";
40
37
  import { initializeBaseRequest } from "../request/RequestHelpers.js";
41
38
 
@@ -43,43 +40,6 @@ import { initializeBaseRequest } from "../request/RequestHelpers.js";
43
40
  * Defines the class structure and helper functions used by the "standard", non-brokered auth flows (popup, redirect, silent (RT), silent (iframe))
44
41
  */
45
42
  export abstract class StandardInteractionClient extends BaseInteractionClient {
46
- /**
47
- * Generates an auth code request tied to the url request.
48
- * @param request
49
- * @param pkceCodes
50
- */
51
- protected async initializeAuthorizationCodeRequest(
52
- request: AuthorizationUrlRequest,
53
- pkceCodes?: PkceCodes
54
- ): Promise<CommonAuthorizationCodeRequest> {
55
- this.performanceClient.addQueueMeasurement(
56
- PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
57
- this.correlationId
58
- );
59
-
60
- const generatedPkceParams: PkceCodes =
61
- pkceCodes ||
62
- (await invokeAsync(
63
- generatePkceCodes,
64
- PerformanceEvents.GeneratePkceCodes,
65
- this.logger,
66
- this.performanceClient,
67
- this.correlationId
68
- )(this.performanceClient, this.logger, this.correlationId));
69
-
70
- const authCodeRequest: CommonAuthorizationCodeRequest = {
71
- ...request,
72
- redirectUri: request.redirectUri,
73
- code: Constants.EMPTY_STRING,
74
- codeVerifier: generatedPkceParams.verifier,
75
- };
76
-
77
- request.codeChallenge = generatedPkceParams.challenge;
78
- request.codeChallengeMethod = Constants.S256_CODE_CHALLENGE_METHOD;
79
-
80
- return authCodeRequest;
81
- }
82
-
83
43
  /**
84
44
  * Initializer for the logout request.
85
45
  * @param logoutRequest
@@ -330,7 +290,7 @@ export abstract class StandardInteractionClient extends BaseInteractionClient {
330
290
  protected async initializeAuthorizationRequest(
331
291
  request: RedirectRequest | PopupRequest | SsoSilentRequest,
332
292
  interactionType: InteractionType
333
- ): Promise<AuthorizationUrlRequest> {
293
+ ): Promise<CommonAuthorizationUrlRequest> {
334
294
  this.performanceClient.addQueueMeasurement(
335
295
  PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,
336
296
  this.correlationId
@@ -359,7 +319,7 @@ export abstract class StandardInteractionClient extends BaseInteractionClient {
359
319
  this.logger
360
320
  );
361
321
 
362
- const validatedRequest: AuthorizationUrlRequest = {
322
+ const validatedRequest: CommonAuthorizationUrlRequest = {
363
323
  ...baseRequest,
364
324
  redirectUri: redirectUri,
365
325
  state: state,
@@ -14,7 +14,9 @@ import {
14
14
  PerformanceEvents,
15
15
  invokeAsync,
16
16
  CcsCredentialType,
17
- ServerAuthorizationCodeResponse,
17
+ AuthorizeResponse,
18
+ AuthorizeProtocol,
19
+ CommonAuthorizationUrlRequest,
18
20
  } from "@azure/msal-common/browser";
19
21
 
20
22
  import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
@@ -23,7 +25,6 @@ import {
23
25
  BrowserAuthErrorCodes,
24
26
  } from "../error/BrowserAuthError.js";
25
27
  import { AuthenticationResult } from "../response/AuthenticationResult.js";
26
- import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest.js";
27
28
 
28
29
  /**
29
30
  * Abstract class which defines operations for a browser interaction handling class.
@@ -54,8 +55,8 @@ export class InteractionHandler {
54
55
  * @param locationHash
55
56
  */
56
57
  async handleCodeResponse(
57
- response: ServerAuthorizationCodeResponse,
58
- request: AuthorizationUrlRequest
58
+ response: AuthorizeResponse,
59
+ request: CommonAuthorizationUrlRequest
59
60
  ): Promise<AuthenticationResult> {
60
61
  this.performanceClient.addQueueMeasurement(
61
62
  PerformanceEvents.HandleCodeResponse,
@@ -64,7 +65,7 @@ export class InteractionHandler {
64
65
 
65
66
  let authCodeResponse;
66
67
  try {
67
- authCodeResponse = this.authModule.handleFragmentResponse(
68
+ authCodeResponse = AuthorizeProtocol.getAuthorizationCodePayload(
68
69
  response,
69
70
  request.state
70
71
  );
@@ -101,7 +102,7 @@ export class InteractionHandler {
101
102
  */
102
103
  async handleCodeResponseFromServer(
103
104
  authCodeResponse: AuthorizationCodePayload,
104
- request: AuthorizationUrlRequest,
105
+ request: CommonAuthorizationUrlRequest,
105
106
  validateNonce: boolean = true
106
107
  ): Promise<AuthenticationResult> {
107
108
  this.performanceClient.addQueueMeasurement(
@@ -159,7 +160,7 @@ export class InteractionHandler {
159
160
  * Build ccs creds if available
160
161
  */
161
162
  protected createCcsCredentials(
162
- request: AuthorizationUrlRequest
163
+ request: CommonAuthorizationUrlRequest
163
164
  ): CcsCredential | null {
164
165
  if (request.account) {
165
166
  return {
@@ -10,19 +10,25 @@ import {
10
10
  invokeAsync,
11
11
  invoke,
12
12
  ServerResponseType,
13
+ Authority,
14
+ CommonAuthorizationUrlRequest,
13
15
  } from "@azure/msal-common/browser";
14
16
  import {
15
17
  createBrowserAuthError,
16
18
  BrowserAuthErrorCodes,
17
19
  } from "../error/BrowserAuthError.js";
18
- import { DEFAULT_IFRAME_TIMEOUT_MS } from "../config/Configuration.js";
20
+ import {
21
+ BrowserConfiguration,
22
+ DEFAULT_IFRAME_TIMEOUT_MS,
23
+ } from "../config/Configuration.js";
24
+ import { getEARForm } from "../protocol/Authorize.js";
19
25
 
20
26
  /**
21
27
  * Creates a hidden iframe to given URL using user-requested scopes as an id.
22
28
  * @param urlNavigate
23
29
  * @param userRequestScopes
24
30
  */
25
- export async function initiateAuthRequest(
31
+ export async function initiateCodeRequest(
26
32
  requestUrl: string,
27
33
  performanceClient: IPerformanceClient,
28
34
  logger: Logger,
@@ -57,6 +63,29 @@ export async function initiateAuthRequest(
57
63
  )(requestUrl);
58
64
  }
59
65
 
66
+ export async function initiateEarRequest(
67
+ config: BrowserConfiguration,
68
+ authority: Authority,
69
+ request: CommonAuthorizationUrlRequest,
70
+ logger: Logger,
71
+ performanceClient: IPerformanceClient
72
+ ): Promise<HTMLIFrameElement> {
73
+ const frame = createHiddenIframe();
74
+ if (!frame.contentDocument) {
75
+ throw "No document associated with iframe!";
76
+ }
77
+ const form = await getEARForm(
78
+ frame.contentDocument,
79
+ config,
80
+ authority,
81
+ request,
82
+ logger,
83
+ performanceClient
84
+ );
85
+ form.submit();
86
+ return frame;
87
+ }
88
+
60
89
  /**
61
90
  * Monitors an iframe content window until it loads a url with a known hash, or hits a specified timeout.
62
91
  * @param iframe
@@ -75,8 +75,7 @@ export class NestedAppAuthAdapter {
75
75
 
76
76
  const correlationId =
77
77
  request.correlationId || this.crypto.createNewGuid();
78
- const requestBuilder = new RequestParameterBuilder(correlationId);
79
- const claims = requestBuilder.addClientCapabilitiesToClaims(
78
+ const claims = RequestParameterBuilder.addClientCapabilitiesToClaims(
80
79
  request.claims,
81
80
  this.clientCapabilities
82
81
  );
@@ -1,3 +1,3 @@
1
1
  /* eslint-disable header/header */
2
2
  export const name = "@azure/msal-browser";
3
- export const version = "4.7.0";
3
+ export const version = "4.9.0";