@azure/msal-browser 4.7.0 → 4.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientNext.mjs +1 -1
- package/dist/broker/nativeBroker/NativeMessageHandler.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.d.ts +4 -41
- package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +18 -143
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.d.ts.map +1 -1
- package/dist/config/Configuration.mjs +12 -3
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/ControllerFactory.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.d.ts +2 -2
- package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +28 -16
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.d.ts +2 -2
- package/dist/controllers/UnknownOperatingContextController.d.ts.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.d.ts +11 -0
- package/dist/crypto/BrowserCrypto.d.ts.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +68 -5
- package/dist/crypto/BrowserCrypto.mjs.map +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.d.ts +3 -5
- package/dist/error/BrowserAuthError.d.ts.map +1 -1
- package/dist/error/BrowserAuthError.mjs +5 -7
- package/dist/error/BrowserAuthError.mjs.map +1 -1
- package/dist/error/BrowserAuthErrorCodes.d.ts +3 -1
- package/dist/error/BrowserAuthErrorCodes.d.ts.map +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +6 -4
- package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/NativeInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/NativeInteractionClient.mjs +9 -4
- package/dist/interaction_client/NativeInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts +14 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +66 -57
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts +21 -4
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +133 -70
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts +13 -3
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +64 -41
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.d.ts +2 -9
- package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +2 -22
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.d.ts +4 -5
- package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +3 -3
- package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
- package/dist/interaction_handler/SilentHandler.d.ts +4 -2
- package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +13 -3
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -3
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +65 -0
- package/dist/protocol/Authorize.d.ts.map +1 -0
- package/dist/protocol/Authorize.mjs +217 -0
- package/dist/protocol/Authorize.mjs.map +1 -0
- package/dist/request/AuthorizationUrlRequest.d.ts +2 -4
- package/dist/request/AuthorizationUrlRequest.d.ts.map +1 -1
- package/dist/request/PopupRequest.d.ts +1 -1
- package/dist/request/PopupRequest.d.ts.map +1 -1
- package/dist/request/RedirectRequest.d.ts +1 -1
- package/dist/request/RedirectRequest.d.ts.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/request/SsoSilentRequest.d.ts +1 -1
- package/dist/request/SsoSilentRequest.d.ts.map +1 -1
- package/dist/response/ResponseHandler.d.ts +3 -3
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/utils/BrowserConstants.d.ts +1 -10
- package/dist/utils/BrowserConstants.d.ts.map +1 -1
- package/dist/utils/BrowserConstants.mjs +2 -11
- package/dist/utils/BrowserConstants.mjs.map +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/lib/msal-browser.cjs +2402 -2345
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +2402 -2345
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +68 -66
- package/lib/types/cache/BrowserCacheManager.d.ts +4 -41
- package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/types/config/Configuration.d.ts.map +1 -1
- package/lib/types/controllers/NestedAppAuthController.d.ts +2 -2
- package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/controllers/UnknownOperatingContextController.d.ts +2 -2
- package/lib/types/controllers/UnknownOperatingContextController.d.ts.map +1 -1
- package/lib/types/crypto/BrowserCrypto.d.ts +11 -0
- package/lib/types/crypto/BrowserCrypto.d.ts.map +1 -1
- package/lib/types/error/BrowserAuthError.d.ts +3 -5
- package/lib/types/error/BrowserAuthError.d.ts.map +1 -1
- package/lib/types/error/BrowserAuthErrorCodes.d.ts +3 -1
- package/lib/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
- package/lib/types/interaction_client/NativeInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts +14 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts +21 -4
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts +13 -3
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/interaction_client/StandardInteractionClient.d.ts +2 -9
- package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_handler/InteractionHandler.d.ts +4 -5
- package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
- package/lib/types/interaction_handler/SilentHandler.d.ts +4 -2
- package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts +65 -0
- package/lib/types/protocol/Authorize.d.ts.map +1 -0
- package/lib/types/request/AuthorizationUrlRequest.d.ts +2 -4
- package/lib/types/request/AuthorizationUrlRequest.d.ts.map +1 -1
- package/lib/types/request/PopupRequest.d.ts +1 -1
- package/lib/types/request/PopupRequest.d.ts.map +1 -1
- package/lib/types/request/RedirectRequest.d.ts +1 -1
- package/lib/types/request/RedirectRequest.d.ts.map +1 -1
- package/lib/types/request/SsoSilentRequest.d.ts +1 -1
- package/lib/types/request/SsoSilentRequest.d.ts.map +1 -1
- package/lib/types/response/ResponseHandler.d.ts +3 -3
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/utils/BrowserConstants.d.ts +1 -10
- package/lib/types/utils/BrowserConstants.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/cache/BrowserCacheManager.ts +30 -205
- package/src/config/Configuration.ts +14 -2
- package/src/controllers/NestedAppAuthController.ts +2 -0
- package/src/controllers/StandardController.ts +35 -24
- package/src/controllers/UnknownOperatingContextController.ts +2 -0
- package/src/crypto/BrowserCrypto.ts +91 -2
- package/src/error/BrowserAuthError.ts +6 -8
- package/src/error/BrowserAuthErrorCodes.ts +3 -1
- package/src/interaction_client/NativeInteractionClient.ts +11 -2
- package/src/interaction_client/PopupClient.ts +174 -111
- package/src/interaction_client/RedirectClient.ts +269 -132
- package/src/interaction_client/SilentAuthCodeClient.ts +2 -2
- package/src/interaction_client/SilentIframeClient.ts +168 -100
- package/src/interaction_client/StandardInteractionClient.ts +3 -43
- package/src/interaction_handler/InteractionHandler.ts +8 -7
- package/src/interaction_handler/SilentHandler.ts +31 -2
- package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -2
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +490 -0
- package/src/request/AuthorizationUrlRequest.ts +3 -5
- package/src/request/PopupRequest.ts +1 -0
- package/src/request/RedirectRequest.ts +1 -0
- package/src/request/SsoSilentRequest.ts +1 -0
- package/src/response/ResponseHandler.ts +3 -3
- package/src/utils/BrowserConstants.ts +1 -10
- package/dist/interaction_handler/RedirectHandler.d.ts +0 -33
- package/dist/interaction_handler/RedirectHandler.d.ts.map +0 -1
- package/dist/interaction_handler/RedirectHandler.mjs +0 -144
- package/dist/interaction_handler/RedirectHandler.mjs.map +0 -1
- package/lib/types/interaction_handler/RedirectHandler.d.ts +0 -33
- package/lib/types/interaction_handler/RedirectHandler.d.ts.map +0 -1
- package/src/interaction_handler/RedirectHandler.ts +0 -251
|
@@ -7,17 +7,16 @@ import {
|
|
|
7
7
|
ICrypto,
|
|
8
8
|
Logger,
|
|
9
9
|
PromptValue,
|
|
10
|
-
CommonAuthorizationCodeRequest,
|
|
11
10
|
AuthorizationCodeClient,
|
|
12
11
|
AuthError,
|
|
13
|
-
ProtocolUtils,
|
|
14
12
|
IPerformanceClient,
|
|
15
13
|
PerformanceEvents,
|
|
16
14
|
invokeAsync,
|
|
17
15
|
invoke,
|
|
16
|
+
ProtocolMode,
|
|
17
|
+
CommonAuthorizationUrlRequest,
|
|
18
18
|
} from "@azure/msal-common/browser";
|
|
19
19
|
import { StandardInteractionClient } from "./StandardInteractionClient.js";
|
|
20
|
-
import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest.js";
|
|
21
20
|
import { BrowserConfiguration } from "../config/Configuration.js";
|
|
22
21
|
import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
|
|
23
22
|
import { EventHandler } from "../event/EventHandler.js";
|
|
@@ -32,16 +31,18 @@ import {
|
|
|
32
31
|
BrowserConstants,
|
|
33
32
|
} from "../utils/BrowserConstants.js";
|
|
34
33
|
import {
|
|
35
|
-
|
|
34
|
+
initiateCodeRequest,
|
|
35
|
+
initiateEarRequest,
|
|
36
36
|
monitorIframeForHash,
|
|
37
37
|
} from "../interaction_handler/SilentHandler.js";
|
|
38
38
|
import { SsoSilentRequest } from "../request/SsoSilentRequest.js";
|
|
39
39
|
import { NativeMessageHandler } from "../broker/nativeBroker/NativeMessageHandler.js";
|
|
40
|
-
import { NativeInteractionClient } from "./NativeInteractionClient.js";
|
|
41
40
|
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
42
|
-
import { InteractionHandler } from "../interaction_handler/InteractionHandler.js";
|
|
43
41
|
import * as BrowserUtils from "../utils/BrowserUtils.js";
|
|
44
42
|
import * as ResponseHandler from "../response/ResponseHandler.js";
|
|
43
|
+
import * as Authorize from "../protocol/Authorize.js";
|
|
44
|
+
import { generatePkceCodes } from "../crypto/PkceGenerator.js";
|
|
45
|
+
import { generateEarKey } from "../crypto/BrowserCrypto.js";
|
|
45
46
|
|
|
46
47
|
export class SilentIframeClient extends StandardInteractionClient {
|
|
47
48
|
protected apiId: ApiId;
|
|
@@ -114,21 +115,42 @@ export class SilentIframeClient extends StandardInteractionClient {
|
|
|
114
115
|
}
|
|
115
116
|
|
|
116
117
|
// Create silent request
|
|
117
|
-
const silentRequest:
|
|
118
|
+
const silentRequest: CommonAuthorizationUrlRequest = await invokeAsync(
|
|
118
119
|
this.initializeAuthorizationRequest.bind(this),
|
|
119
120
|
PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,
|
|
120
121
|
this.logger,
|
|
121
122
|
this.performanceClient,
|
|
122
123
|
request.correlationId
|
|
123
124
|
)(inputRequest, InteractionType.Silent);
|
|
125
|
+
silentRequest.platformBroker =
|
|
126
|
+
NativeMessageHandler.isPlatformBrokerAvailable(
|
|
127
|
+
this.config,
|
|
128
|
+
this.logger,
|
|
129
|
+
this.nativeMessageHandler,
|
|
130
|
+
silentRequest.authenticationScheme
|
|
131
|
+
);
|
|
124
132
|
BrowserUtils.preconnect(silentRequest.authority);
|
|
125
133
|
|
|
134
|
+
if (this.config.auth.protocolMode === ProtocolMode.EAR) {
|
|
135
|
+
return this.executeEarFlow(silentRequest);
|
|
136
|
+
} else {
|
|
137
|
+
return this.executeCodeFlow(silentRequest);
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
/**
|
|
142
|
+
* Executes auth code + PKCE flow
|
|
143
|
+
* @param request
|
|
144
|
+
* @returns
|
|
145
|
+
*/
|
|
146
|
+
async executeCodeFlow(
|
|
147
|
+
request: CommonAuthorizationUrlRequest
|
|
148
|
+
): Promise<AuthenticationResult> {
|
|
149
|
+
let authClient: AuthorizationCodeClient | undefined;
|
|
126
150
|
const serverTelemetryManager = this.initializeServerTelemetryManager(
|
|
127
151
|
this.apiId
|
|
128
152
|
);
|
|
129
153
|
|
|
130
|
-
let authClient: AuthorizationCodeClient | undefined;
|
|
131
|
-
|
|
132
154
|
try {
|
|
133
155
|
// Initialize the client
|
|
134
156
|
authClient = await invokeAsync(
|
|
@@ -139,10 +161,10 @@ export class SilentIframeClient extends StandardInteractionClient {
|
|
|
139
161
|
request.correlationId
|
|
140
162
|
)({
|
|
141
163
|
serverTelemetryManager,
|
|
142
|
-
requestAuthority:
|
|
143
|
-
requestAzureCloudOptions:
|
|
144
|
-
requestExtraQueryParameters:
|
|
145
|
-
account:
|
|
164
|
+
requestAuthority: request.authority,
|
|
165
|
+
requestAzureCloudOptions: request.azureCloudOptions,
|
|
166
|
+
requestExtraQueryParameters: request.extraQueryParameters,
|
|
167
|
+
account: request.account,
|
|
146
168
|
});
|
|
147
169
|
|
|
148
170
|
return await invokeAsync(
|
|
@@ -151,7 +173,7 @@ export class SilentIframeClient extends StandardInteractionClient {
|
|
|
151
173
|
this.logger,
|
|
152
174
|
this.performanceClient,
|
|
153
175
|
request.correlationId
|
|
154
|
-
)(authClient,
|
|
176
|
+
)(authClient, request);
|
|
155
177
|
} catch (e) {
|
|
156
178
|
if (e instanceof AuthError) {
|
|
157
179
|
(e as AuthError).setCorrelationId(this.correlationId);
|
|
@@ -173,25 +195,109 @@ export class SilentIframeClient extends StandardInteractionClient {
|
|
|
173
195
|
this.correlationId
|
|
174
196
|
);
|
|
175
197
|
|
|
176
|
-
const retrySilentRequest: AuthorizationUrlRequest =
|
|
177
|
-
await invokeAsync(
|
|
178
|
-
this.initializeAuthorizationRequest.bind(this),
|
|
179
|
-
PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,
|
|
180
|
-
this.logger,
|
|
181
|
-
this.performanceClient,
|
|
182
|
-
request.correlationId
|
|
183
|
-
)(inputRequest, InteractionType.Silent);
|
|
184
|
-
|
|
185
198
|
return await invokeAsync(
|
|
186
199
|
this.silentTokenHelper.bind(this),
|
|
187
200
|
PerformanceEvents.SilentIframeClientTokenHelper,
|
|
188
201
|
this.logger,
|
|
189
202
|
this.performanceClient,
|
|
190
203
|
this.correlationId
|
|
191
|
-
)(authClient,
|
|
204
|
+
)(authClient, request);
|
|
192
205
|
}
|
|
193
206
|
}
|
|
194
207
|
|
|
208
|
+
/**
|
|
209
|
+
* Executes EAR flow
|
|
210
|
+
* @param request
|
|
211
|
+
*/
|
|
212
|
+
async executeEarFlow(
|
|
213
|
+
request: CommonAuthorizationUrlRequest
|
|
214
|
+
): Promise<AuthenticationResult> {
|
|
215
|
+
const correlationId = request.correlationId;
|
|
216
|
+
const discoveredAuthority = await invokeAsync(
|
|
217
|
+
this.getDiscoveredAuthority.bind(this),
|
|
218
|
+
PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority,
|
|
219
|
+
this.logger,
|
|
220
|
+
this.performanceClient,
|
|
221
|
+
correlationId
|
|
222
|
+
)({
|
|
223
|
+
requestAuthority: request.authority,
|
|
224
|
+
requestAzureCloudOptions: request.azureCloudOptions,
|
|
225
|
+
requestExtraQueryParameters: request.extraQueryParameters,
|
|
226
|
+
account: request.account,
|
|
227
|
+
});
|
|
228
|
+
|
|
229
|
+
const earJwk = await invokeAsync(
|
|
230
|
+
generateEarKey,
|
|
231
|
+
PerformanceEvents.GenerateEarKey,
|
|
232
|
+
this.logger,
|
|
233
|
+
this.performanceClient,
|
|
234
|
+
correlationId
|
|
235
|
+
)();
|
|
236
|
+
const silentRequest = {
|
|
237
|
+
...request,
|
|
238
|
+
earJwk: earJwk,
|
|
239
|
+
};
|
|
240
|
+
const msalFrame = await invokeAsync(
|
|
241
|
+
initiateEarRequest,
|
|
242
|
+
PerformanceEvents.SilentHandlerInitiateAuthRequest,
|
|
243
|
+
this.logger,
|
|
244
|
+
this.performanceClient,
|
|
245
|
+
correlationId
|
|
246
|
+
)(
|
|
247
|
+
this.config,
|
|
248
|
+
discoveredAuthority,
|
|
249
|
+
silentRequest,
|
|
250
|
+
this.logger,
|
|
251
|
+
this.performanceClient
|
|
252
|
+
);
|
|
253
|
+
|
|
254
|
+
const responseType = this.config.auth.OIDCOptions.serverResponseType;
|
|
255
|
+
// Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
256
|
+
const responseString = await invokeAsync(
|
|
257
|
+
monitorIframeForHash,
|
|
258
|
+
PerformanceEvents.SilentHandlerMonitorIframeForHash,
|
|
259
|
+
this.logger,
|
|
260
|
+
this.performanceClient,
|
|
261
|
+
correlationId
|
|
262
|
+
)(
|
|
263
|
+
msalFrame,
|
|
264
|
+
this.config.system.iframeHashTimeout,
|
|
265
|
+
this.config.system.pollIntervalMilliseconds,
|
|
266
|
+
this.performanceClient,
|
|
267
|
+
this.logger,
|
|
268
|
+
correlationId,
|
|
269
|
+
responseType
|
|
270
|
+
);
|
|
271
|
+
|
|
272
|
+
const serverParams = invoke(
|
|
273
|
+
ResponseHandler.deserializeResponse,
|
|
274
|
+
PerformanceEvents.DeserializeResponse,
|
|
275
|
+
this.logger,
|
|
276
|
+
this.performanceClient,
|
|
277
|
+
correlationId
|
|
278
|
+
)(responseString, responseType, this.logger);
|
|
279
|
+
|
|
280
|
+
return invokeAsync(
|
|
281
|
+
Authorize.handleResponseEAR,
|
|
282
|
+
PerformanceEvents.HandleResponseEar,
|
|
283
|
+
this.logger,
|
|
284
|
+
this.performanceClient,
|
|
285
|
+
correlationId
|
|
286
|
+
)(
|
|
287
|
+
silentRequest,
|
|
288
|
+
serverParams,
|
|
289
|
+
this.apiId,
|
|
290
|
+
this.config,
|
|
291
|
+
discoveredAuthority,
|
|
292
|
+
this.browserStorage,
|
|
293
|
+
this.nativeStorage,
|
|
294
|
+
this.eventHandler,
|
|
295
|
+
this.logger,
|
|
296
|
+
this.performanceClient,
|
|
297
|
+
this.nativeMessageHandler
|
|
298
|
+
);
|
|
299
|
+
}
|
|
300
|
+
|
|
195
301
|
/**
|
|
196
302
|
* Currently Unsupported
|
|
197
303
|
*/
|
|
@@ -212,52 +318,43 @@ export class SilentIframeClient extends StandardInteractionClient {
|
|
|
212
318
|
*/
|
|
213
319
|
protected async silentTokenHelper(
|
|
214
320
|
authClient: AuthorizationCodeClient,
|
|
215
|
-
|
|
321
|
+
request: CommonAuthorizationUrlRequest
|
|
216
322
|
): Promise<AuthenticationResult> {
|
|
217
|
-
const correlationId =
|
|
323
|
+
const correlationId = request.correlationId;
|
|
218
324
|
this.performanceClient.addQueueMeasurement(
|
|
219
325
|
PerformanceEvents.SilentIframeClientTokenHelper,
|
|
220
326
|
correlationId
|
|
221
327
|
);
|
|
328
|
+
const pkceCodes = await invokeAsync(
|
|
329
|
+
generatePkceCodes,
|
|
330
|
+
PerformanceEvents.GeneratePkceCodes,
|
|
331
|
+
this.logger,
|
|
332
|
+
this.performanceClient,
|
|
333
|
+
correlationId
|
|
334
|
+
)(this.performanceClient, this.logger, correlationId);
|
|
222
335
|
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
|
|
228
|
-
this.logger,
|
|
229
|
-
this.performanceClient,
|
|
230
|
-
correlationId
|
|
231
|
-
)(silentRequest);
|
|
232
|
-
|
|
336
|
+
const silentRequest = {
|
|
337
|
+
...request,
|
|
338
|
+
codeChallenge: pkceCodes.challenge,
|
|
339
|
+
};
|
|
233
340
|
// Create authorize request url
|
|
234
341
|
const navigateUrl = await invokeAsync(
|
|
235
|
-
|
|
342
|
+
Authorize.getAuthCodeRequestUrl,
|
|
236
343
|
PerformanceEvents.GetAuthCodeUrl,
|
|
237
344
|
this.logger,
|
|
238
345
|
this.performanceClient,
|
|
239
346
|
correlationId
|
|
240
|
-
)(
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
this.logger,
|
|
245
|
-
this.nativeMessageHandler,
|
|
246
|
-
silentRequest.authenticationScheme
|
|
247
|
-
),
|
|
248
|
-
});
|
|
249
|
-
|
|
250
|
-
// Create silent handler
|
|
251
|
-
const interactionHandler = new InteractionHandler(
|
|
252
|
-
authClient,
|
|
253
|
-
this.browserStorage,
|
|
254
|
-
authCodeRequest,
|
|
347
|
+
)(
|
|
348
|
+
this.config,
|
|
349
|
+
authClient.authority,
|
|
350
|
+
silentRequest,
|
|
255
351
|
this.logger,
|
|
256
352
|
this.performanceClient
|
|
257
353
|
);
|
|
354
|
+
|
|
258
355
|
// Get the frame handle for the silent request
|
|
259
356
|
const msalFrame = await invokeAsync(
|
|
260
|
-
|
|
357
|
+
initiateCodeRequest,
|
|
261
358
|
PerformanceEvents.SilentHandlerInitiateAuthRequest,
|
|
262
359
|
this.logger,
|
|
263
360
|
this.performanceClient,
|
|
@@ -269,6 +366,7 @@ export class SilentIframeClient extends StandardInteractionClient {
|
|
|
269
366
|
correlationId,
|
|
270
367
|
this.config.system.navigateFrameWait
|
|
271
368
|
);
|
|
369
|
+
|
|
272
370
|
const responseType = this.config.auth.OIDCOptions.serverResponseType;
|
|
273
371
|
// Monitor the window for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
274
372
|
const responseString = await invokeAsync(
|
|
@@ -291,58 +389,28 @@ export class SilentIframeClient extends StandardInteractionClient {
|
|
|
291
389
|
PerformanceEvents.DeserializeResponse,
|
|
292
390
|
this.logger,
|
|
293
391
|
this.performanceClient,
|
|
294
|
-
|
|
392
|
+
correlationId
|
|
295
393
|
)(responseString, responseType, this.logger);
|
|
296
394
|
|
|
297
|
-
if (serverParams.accountId) {
|
|
298
|
-
this.logger.verbose(
|
|
299
|
-
"Account id found in hash, calling WAM for token"
|
|
300
|
-
);
|
|
301
|
-
if (!this.nativeMessageHandler) {
|
|
302
|
-
throw createBrowserAuthError(
|
|
303
|
-
BrowserAuthErrorCodes.nativeConnectionNotEstablished
|
|
304
|
-
);
|
|
305
|
-
}
|
|
306
|
-
const nativeInteractionClient = new NativeInteractionClient(
|
|
307
|
-
this.config,
|
|
308
|
-
this.browserStorage,
|
|
309
|
-
this.browserCrypto,
|
|
310
|
-
this.logger,
|
|
311
|
-
this.eventHandler,
|
|
312
|
-
this.navigationClient,
|
|
313
|
-
this.apiId,
|
|
314
|
-
this.performanceClient,
|
|
315
|
-
this.nativeMessageHandler,
|
|
316
|
-
serverParams.accountId,
|
|
317
|
-
this.browserStorage,
|
|
318
|
-
correlationId
|
|
319
|
-
);
|
|
320
|
-
const { userRequestState } = ProtocolUtils.parseRequestState(
|
|
321
|
-
this.browserCrypto,
|
|
322
|
-
silentRequest.state
|
|
323
|
-
);
|
|
324
|
-
return invokeAsync(
|
|
325
|
-
nativeInteractionClient.acquireToken.bind(
|
|
326
|
-
nativeInteractionClient
|
|
327
|
-
),
|
|
328
|
-
PerformanceEvents.NativeInteractionClientAcquireToken,
|
|
329
|
-
this.logger,
|
|
330
|
-
this.performanceClient,
|
|
331
|
-
correlationId
|
|
332
|
-
)({
|
|
333
|
-
...silentRequest,
|
|
334
|
-
state: userRequestState,
|
|
335
|
-
prompt: silentRequest.prompt || PromptValue.NONE,
|
|
336
|
-
});
|
|
337
|
-
}
|
|
338
|
-
|
|
339
|
-
// Handle response from hash string
|
|
340
395
|
return invokeAsync(
|
|
341
|
-
|
|
342
|
-
PerformanceEvents.
|
|
396
|
+
Authorize.handleResponseCode,
|
|
397
|
+
PerformanceEvents.HandleResponseCode,
|
|
343
398
|
this.logger,
|
|
344
399
|
this.performanceClient,
|
|
345
400
|
correlationId
|
|
346
|
-
)(
|
|
401
|
+
)(
|
|
402
|
+
request,
|
|
403
|
+
serverParams,
|
|
404
|
+
pkceCodes.verifier,
|
|
405
|
+
this.apiId,
|
|
406
|
+
this.config,
|
|
407
|
+
authClient,
|
|
408
|
+
this.browserStorage,
|
|
409
|
+
this.nativeStorage,
|
|
410
|
+
this.eventHandler,
|
|
411
|
+
this.logger,
|
|
412
|
+
this.performanceClient,
|
|
413
|
+
this.nativeMessageHandler
|
|
414
|
+
);
|
|
347
415
|
}
|
|
348
416
|
}
|
|
@@ -5,7 +5,6 @@
|
|
|
5
5
|
|
|
6
6
|
import {
|
|
7
7
|
ServerTelemetryManager,
|
|
8
|
-
CommonAuthorizationCodeRequest,
|
|
9
8
|
Constants,
|
|
10
9
|
AuthorizationCodeClient,
|
|
11
10
|
ClientConfiguration,
|
|
@@ -20,10 +19,9 @@ import {
|
|
|
20
19
|
invokeAsync,
|
|
21
20
|
BaseAuthRequest,
|
|
22
21
|
StringDict,
|
|
23
|
-
|
|
22
|
+
CommonAuthorizationUrlRequest,
|
|
24
23
|
} from "@azure/msal-common/browser";
|
|
25
24
|
import { BaseInteractionClient } from "./BaseInteractionClient.js";
|
|
26
|
-
import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest.js";
|
|
27
25
|
import {
|
|
28
26
|
BrowserConstants,
|
|
29
27
|
InteractionType,
|
|
@@ -35,7 +33,6 @@ import * as BrowserUtils from "../utils/BrowserUtils.js";
|
|
|
35
33
|
import { RedirectRequest } from "../request/RedirectRequest.js";
|
|
36
34
|
import { PopupRequest } from "../request/PopupRequest.js";
|
|
37
35
|
import { SsoSilentRequest } from "../request/SsoSilentRequest.js";
|
|
38
|
-
import { generatePkceCodes } from "../crypto/PkceGenerator.js";
|
|
39
36
|
import { createNewGuid } from "../crypto/BrowserCrypto.js";
|
|
40
37
|
import { initializeBaseRequest } from "../request/RequestHelpers.js";
|
|
41
38
|
|
|
@@ -43,43 +40,6 @@ import { initializeBaseRequest } from "../request/RequestHelpers.js";
|
|
|
43
40
|
* Defines the class structure and helper functions used by the "standard", non-brokered auth flows (popup, redirect, silent (RT), silent (iframe))
|
|
44
41
|
*/
|
|
45
42
|
export abstract class StandardInteractionClient extends BaseInteractionClient {
|
|
46
|
-
/**
|
|
47
|
-
* Generates an auth code request tied to the url request.
|
|
48
|
-
* @param request
|
|
49
|
-
* @param pkceCodes
|
|
50
|
-
*/
|
|
51
|
-
protected async initializeAuthorizationCodeRequest(
|
|
52
|
-
request: AuthorizationUrlRequest,
|
|
53
|
-
pkceCodes?: PkceCodes
|
|
54
|
-
): Promise<CommonAuthorizationCodeRequest> {
|
|
55
|
-
this.performanceClient.addQueueMeasurement(
|
|
56
|
-
PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
|
|
57
|
-
this.correlationId
|
|
58
|
-
);
|
|
59
|
-
|
|
60
|
-
const generatedPkceParams: PkceCodes =
|
|
61
|
-
pkceCodes ||
|
|
62
|
-
(await invokeAsync(
|
|
63
|
-
generatePkceCodes,
|
|
64
|
-
PerformanceEvents.GeneratePkceCodes,
|
|
65
|
-
this.logger,
|
|
66
|
-
this.performanceClient,
|
|
67
|
-
this.correlationId
|
|
68
|
-
)(this.performanceClient, this.logger, this.correlationId));
|
|
69
|
-
|
|
70
|
-
const authCodeRequest: CommonAuthorizationCodeRequest = {
|
|
71
|
-
...request,
|
|
72
|
-
redirectUri: request.redirectUri,
|
|
73
|
-
code: Constants.EMPTY_STRING,
|
|
74
|
-
codeVerifier: generatedPkceParams.verifier,
|
|
75
|
-
};
|
|
76
|
-
|
|
77
|
-
request.codeChallenge = generatedPkceParams.challenge;
|
|
78
|
-
request.codeChallengeMethod = Constants.S256_CODE_CHALLENGE_METHOD;
|
|
79
|
-
|
|
80
|
-
return authCodeRequest;
|
|
81
|
-
}
|
|
82
|
-
|
|
83
43
|
/**
|
|
84
44
|
* Initializer for the logout request.
|
|
85
45
|
* @param logoutRequest
|
|
@@ -330,7 +290,7 @@ export abstract class StandardInteractionClient extends BaseInteractionClient {
|
|
|
330
290
|
protected async initializeAuthorizationRequest(
|
|
331
291
|
request: RedirectRequest | PopupRequest | SsoSilentRequest,
|
|
332
292
|
interactionType: InteractionType
|
|
333
|
-
): Promise<
|
|
293
|
+
): Promise<CommonAuthorizationUrlRequest> {
|
|
334
294
|
this.performanceClient.addQueueMeasurement(
|
|
335
295
|
PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,
|
|
336
296
|
this.correlationId
|
|
@@ -359,7 +319,7 @@ export abstract class StandardInteractionClient extends BaseInteractionClient {
|
|
|
359
319
|
this.logger
|
|
360
320
|
);
|
|
361
321
|
|
|
362
|
-
const validatedRequest:
|
|
322
|
+
const validatedRequest: CommonAuthorizationUrlRequest = {
|
|
363
323
|
...baseRequest,
|
|
364
324
|
redirectUri: redirectUri,
|
|
365
325
|
state: state,
|
|
@@ -14,7 +14,9 @@ import {
|
|
|
14
14
|
PerformanceEvents,
|
|
15
15
|
invokeAsync,
|
|
16
16
|
CcsCredentialType,
|
|
17
|
-
|
|
17
|
+
AuthorizeResponse,
|
|
18
|
+
AuthorizeProtocol,
|
|
19
|
+
CommonAuthorizationUrlRequest,
|
|
18
20
|
} from "@azure/msal-common/browser";
|
|
19
21
|
|
|
20
22
|
import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
|
|
@@ -23,7 +25,6 @@ import {
|
|
|
23
25
|
BrowserAuthErrorCodes,
|
|
24
26
|
} from "../error/BrowserAuthError.js";
|
|
25
27
|
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
26
|
-
import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest.js";
|
|
27
28
|
|
|
28
29
|
/**
|
|
29
30
|
* Abstract class which defines operations for a browser interaction handling class.
|
|
@@ -54,8 +55,8 @@ export class InteractionHandler {
|
|
|
54
55
|
* @param locationHash
|
|
55
56
|
*/
|
|
56
57
|
async handleCodeResponse(
|
|
57
|
-
response:
|
|
58
|
-
request:
|
|
58
|
+
response: AuthorizeResponse,
|
|
59
|
+
request: CommonAuthorizationUrlRequest
|
|
59
60
|
): Promise<AuthenticationResult> {
|
|
60
61
|
this.performanceClient.addQueueMeasurement(
|
|
61
62
|
PerformanceEvents.HandleCodeResponse,
|
|
@@ -64,7 +65,7 @@ export class InteractionHandler {
|
|
|
64
65
|
|
|
65
66
|
let authCodeResponse;
|
|
66
67
|
try {
|
|
67
|
-
authCodeResponse =
|
|
68
|
+
authCodeResponse = AuthorizeProtocol.getAuthorizationCodePayload(
|
|
68
69
|
response,
|
|
69
70
|
request.state
|
|
70
71
|
);
|
|
@@ -101,7 +102,7 @@ export class InteractionHandler {
|
|
|
101
102
|
*/
|
|
102
103
|
async handleCodeResponseFromServer(
|
|
103
104
|
authCodeResponse: AuthorizationCodePayload,
|
|
104
|
-
request:
|
|
105
|
+
request: CommonAuthorizationUrlRequest,
|
|
105
106
|
validateNonce: boolean = true
|
|
106
107
|
): Promise<AuthenticationResult> {
|
|
107
108
|
this.performanceClient.addQueueMeasurement(
|
|
@@ -159,7 +160,7 @@ export class InteractionHandler {
|
|
|
159
160
|
* Build ccs creds if available
|
|
160
161
|
*/
|
|
161
162
|
protected createCcsCredentials(
|
|
162
|
-
request:
|
|
163
|
+
request: CommonAuthorizationUrlRequest
|
|
163
164
|
): CcsCredential | null {
|
|
164
165
|
if (request.account) {
|
|
165
166
|
return {
|
|
@@ -10,19 +10,25 @@ import {
|
|
|
10
10
|
invokeAsync,
|
|
11
11
|
invoke,
|
|
12
12
|
ServerResponseType,
|
|
13
|
+
Authority,
|
|
14
|
+
CommonAuthorizationUrlRequest,
|
|
13
15
|
} from "@azure/msal-common/browser";
|
|
14
16
|
import {
|
|
15
17
|
createBrowserAuthError,
|
|
16
18
|
BrowserAuthErrorCodes,
|
|
17
19
|
} from "../error/BrowserAuthError.js";
|
|
18
|
-
import {
|
|
20
|
+
import {
|
|
21
|
+
BrowserConfiguration,
|
|
22
|
+
DEFAULT_IFRAME_TIMEOUT_MS,
|
|
23
|
+
} from "../config/Configuration.js";
|
|
24
|
+
import { getEARForm } from "../protocol/Authorize.js";
|
|
19
25
|
|
|
20
26
|
/**
|
|
21
27
|
* Creates a hidden iframe to given URL using user-requested scopes as an id.
|
|
22
28
|
* @param urlNavigate
|
|
23
29
|
* @param userRequestScopes
|
|
24
30
|
*/
|
|
25
|
-
export async function
|
|
31
|
+
export async function initiateCodeRequest(
|
|
26
32
|
requestUrl: string,
|
|
27
33
|
performanceClient: IPerformanceClient,
|
|
28
34
|
logger: Logger,
|
|
@@ -57,6 +63,29 @@ export async function initiateAuthRequest(
|
|
|
57
63
|
)(requestUrl);
|
|
58
64
|
}
|
|
59
65
|
|
|
66
|
+
export async function initiateEarRequest(
|
|
67
|
+
config: BrowserConfiguration,
|
|
68
|
+
authority: Authority,
|
|
69
|
+
request: CommonAuthorizationUrlRequest,
|
|
70
|
+
logger: Logger,
|
|
71
|
+
performanceClient: IPerformanceClient
|
|
72
|
+
): Promise<HTMLIFrameElement> {
|
|
73
|
+
const frame = createHiddenIframe();
|
|
74
|
+
if (!frame.contentDocument) {
|
|
75
|
+
throw "No document associated with iframe!";
|
|
76
|
+
}
|
|
77
|
+
const form = await getEARForm(
|
|
78
|
+
frame.contentDocument,
|
|
79
|
+
config,
|
|
80
|
+
authority,
|
|
81
|
+
request,
|
|
82
|
+
logger,
|
|
83
|
+
performanceClient
|
|
84
|
+
);
|
|
85
|
+
form.submit();
|
|
86
|
+
return frame;
|
|
87
|
+
}
|
|
88
|
+
|
|
60
89
|
/**
|
|
61
90
|
* Monitors an iframe content window until it loads a url with a known hash, or hits a specified timeout.
|
|
62
91
|
* @param iframe
|
|
@@ -75,8 +75,7 @@ export class NestedAppAuthAdapter {
|
|
|
75
75
|
|
|
76
76
|
const correlationId =
|
|
77
77
|
request.correlationId || this.crypto.createNewGuid();
|
|
78
|
-
const
|
|
79
|
-
const claims = requestBuilder.addClientCapabilitiesToClaims(
|
|
78
|
+
const claims = RequestParameterBuilder.addClientCapabilitiesToClaims(
|
|
80
79
|
request.claims,
|
|
81
80
|
this.clientCapabilities
|
|
82
81
|
);
|
package/src/packageMetadata.ts
CHANGED