@azure/msal-browser 4.7.0 → 4.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (214) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeMessageHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  6. package/dist/cache/AccountManager.mjs +1 -1
  7. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  8. package/dist/cache/BrowserCacheManager.d.ts +4 -41
  9. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +18 -143
  11. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  12. package/dist/cache/CacheHelpers.mjs +1 -1
  13. package/dist/cache/CookieStorage.mjs +1 -1
  14. package/dist/cache/DatabaseStorage.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +1 -1
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.mjs +1 -1
  19. package/dist/config/Configuration.d.ts.map +1 -1
  20. package/dist/config/Configuration.mjs +12 -3
  21. package/dist/config/Configuration.mjs.map +1 -1
  22. package/dist/controllers/ControllerFactory.mjs +1 -1
  23. package/dist/controllers/NestedAppAuthController.d.ts +2 -2
  24. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  25. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  26. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  27. package/dist/controllers/StandardController.d.ts.map +1 -1
  28. package/dist/controllers/StandardController.mjs +28 -16
  29. package/dist/controllers/StandardController.mjs.map +1 -1
  30. package/dist/controllers/UnknownOperatingContextController.d.ts +2 -2
  31. package/dist/controllers/UnknownOperatingContextController.d.ts.map +1 -1
  32. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  33. package/dist/controllers/UnknownOperatingContextController.mjs.map +1 -1
  34. package/dist/crypto/BrowserCrypto.d.ts +11 -0
  35. package/dist/crypto/BrowserCrypto.d.ts.map +1 -1
  36. package/dist/crypto/BrowserCrypto.mjs +68 -5
  37. package/dist/crypto/BrowserCrypto.mjs.map +1 -1
  38. package/dist/crypto/CryptoOps.mjs +1 -1
  39. package/dist/crypto/PkceGenerator.mjs +1 -1
  40. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  41. package/dist/encode/Base64Decode.mjs +1 -1
  42. package/dist/encode/Base64Encode.mjs +1 -1
  43. package/dist/error/BrowserAuthError.d.ts +3 -5
  44. package/dist/error/BrowserAuthError.d.ts.map +1 -1
  45. package/dist/error/BrowserAuthError.mjs +5 -7
  46. package/dist/error/BrowserAuthError.mjs.map +1 -1
  47. package/dist/error/BrowserAuthErrorCodes.d.ts +3 -1
  48. package/dist/error/BrowserAuthErrorCodes.d.ts.map +1 -1
  49. package/dist/error/BrowserAuthErrorCodes.mjs +6 -4
  50. package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
  51. package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
  52. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  53. package/dist/error/NativeAuthError.mjs +1 -1
  54. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  55. package/dist/error/NestedAppAuthError.mjs +1 -1
  56. package/dist/event/EventHandler.mjs +1 -1
  57. package/dist/event/EventMessage.mjs +1 -1
  58. package/dist/event/EventType.mjs +1 -1
  59. package/dist/index.mjs +1 -1
  60. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  61. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  62. package/dist/interaction_client/NativeInteractionClient.d.ts.map +1 -1
  63. package/dist/interaction_client/NativeInteractionClient.mjs +9 -4
  64. package/dist/interaction_client/NativeInteractionClient.mjs.map +1 -1
  65. package/dist/interaction_client/PopupClient.d.ts +14 -1
  66. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  67. package/dist/interaction_client/PopupClient.mjs +66 -57
  68. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  69. package/dist/interaction_client/RedirectClient.d.ts +21 -4
  70. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  71. package/dist/interaction_client/RedirectClient.mjs +133 -70
  72. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  73. package/dist/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  74. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  75. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  76. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  77. package/dist/interaction_client/SilentIframeClient.d.ts +13 -3
  78. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  79. package/dist/interaction_client/SilentIframeClient.mjs +64 -41
  80. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  81. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  82. package/dist/interaction_client/StandardInteractionClient.d.ts +2 -9
  83. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  84. package/dist/interaction_client/StandardInteractionClient.mjs +2 -22
  85. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  86. package/dist/interaction_handler/InteractionHandler.d.ts +4 -5
  87. package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
  88. package/dist/interaction_handler/InteractionHandler.mjs +3 -3
  89. package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
  90. package/dist/interaction_handler/SilentHandler.d.ts +4 -2
  91. package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
  92. package/dist/interaction_handler/SilentHandler.mjs +13 -3
  93. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  94. package/dist/naa/BridgeError.mjs +1 -1
  95. package/dist/naa/BridgeProxy.mjs +1 -1
  96. package/dist/naa/BridgeStatusCode.mjs +1 -1
  97. package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  98. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -3
  99. package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
  100. package/dist/navigation/NavigationClient.mjs +1 -1
  101. package/dist/network/FetchClient.mjs +1 -1
  102. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  103. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  104. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  105. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  106. package/dist/packageMetadata.d.ts +1 -1
  107. package/dist/packageMetadata.mjs +2 -2
  108. package/dist/protocol/Authorize.d.ts +65 -0
  109. package/dist/protocol/Authorize.d.ts.map +1 -0
  110. package/dist/protocol/Authorize.mjs +217 -0
  111. package/dist/protocol/Authorize.mjs.map +1 -0
  112. package/dist/request/AuthorizationUrlRequest.d.ts +2 -4
  113. package/dist/request/AuthorizationUrlRequest.d.ts.map +1 -1
  114. package/dist/request/PopupRequest.d.ts +1 -1
  115. package/dist/request/PopupRequest.d.ts.map +1 -1
  116. package/dist/request/RedirectRequest.d.ts +1 -1
  117. package/dist/request/RedirectRequest.d.ts.map +1 -1
  118. package/dist/request/RequestHelpers.mjs +1 -1
  119. package/dist/request/SsoSilentRequest.d.ts +1 -1
  120. package/dist/request/SsoSilentRequest.d.ts.map +1 -1
  121. package/dist/response/ResponseHandler.d.ts +3 -3
  122. package/dist/response/ResponseHandler.d.ts.map +1 -1
  123. package/dist/response/ResponseHandler.mjs +1 -1
  124. package/dist/response/ResponseHandler.mjs.map +1 -1
  125. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  126. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  127. package/dist/utils/BrowserConstants.d.ts +1 -10
  128. package/dist/utils/BrowserConstants.d.ts.map +1 -1
  129. package/dist/utils/BrowserConstants.mjs +2 -11
  130. package/dist/utils/BrowserConstants.mjs.map +1 -1
  131. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  132. package/dist/utils/BrowserUtils.mjs +1 -1
  133. package/lib/msal-browser.cjs +2402 -2345
  134. package/lib/msal-browser.cjs.map +1 -1
  135. package/lib/msal-browser.js +2402 -2345
  136. package/lib/msal-browser.js.map +1 -1
  137. package/lib/msal-browser.min.js +68 -66
  138. package/lib/types/cache/BrowserCacheManager.d.ts +4 -41
  139. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  140. package/lib/types/config/Configuration.d.ts.map +1 -1
  141. package/lib/types/controllers/NestedAppAuthController.d.ts +2 -2
  142. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  143. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  144. package/lib/types/controllers/UnknownOperatingContextController.d.ts +2 -2
  145. package/lib/types/controllers/UnknownOperatingContextController.d.ts.map +1 -1
  146. package/lib/types/crypto/BrowserCrypto.d.ts +11 -0
  147. package/lib/types/crypto/BrowserCrypto.d.ts.map +1 -1
  148. package/lib/types/error/BrowserAuthError.d.ts +3 -5
  149. package/lib/types/error/BrowserAuthError.d.ts.map +1 -1
  150. package/lib/types/error/BrowserAuthErrorCodes.d.ts +3 -1
  151. package/lib/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
  152. package/lib/types/interaction_client/NativeInteractionClient.d.ts.map +1 -1
  153. package/lib/types/interaction_client/PopupClient.d.ts +14 -1
  154. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  155. package/lib/types/interaction_client/RedirectClient.d.ts +21 -4
  156. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  157. package/lib/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  158. package/lib/types/interaction_client/SilentIframeClient.d.ts +13 -3
  159. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  160. package/lib/types/interaction_client/StandardInteractionClient.d.ts +2 -9
  161. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  162. package/lib/types/interaction_handler/InteractionHandler.d.ts +4 -5
  163. package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  164. package/lib/types/interaction_handler/SilentHandler.d.ts +4 -2
  165. package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  166. package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
  167. package/lib/types/packageMetadata.d.ts +1 -1
  168. package/lib/types/protocol/Authorize.d.ts +65 -0
  169. package/lib/types/protocol/Authorize.d.ts.map +1 -0
  170. package/lib/types/request/AuthorizationUrlRequest.d.ts +2 -4
  171. package/lib/types/request/AuthorizationUrlRequest.d.ts.map +1 -1
  172. package/lib/types/request/PopupRequest.d.ts +1 -1
  173. package/lib/types/request/PopupRequest.d.ts.map +1 -1
  174. package/lib/types/request/RedirectRequest.d.ts +1 -1
  175. package/lib/types/request/RedirectRequest.d.ts.map +1 -1
  176. package/lib/types/request/SsoSilentRequest.d.ts +1 -1
  177. package/lib/types/request/SsoSilentRequest.d.ts.map +1 -1
  178. package/lib/types/response/ResponseHandler.d.ts +3 -3
  179. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  180. package/lib/types/utils/BrowserConstants.d.ts +1 -10
  181. package/lib/types/utils/BrowserConstants.d.ts.map +1 -1
  182. package/package.json +2 -2
  183. package/src/cache/BrowserCacheManager.ts +30 -205
  184. package/src/config/Configuration.ts +14 -2
  185. package/src/controllers/NestedAppAuthController.ts +2 -0
  186. package/src/controllers/StandardController.ts +35 -24
  187. package/src/controllers/UnknownOperatingContextController.ts +2 -0
  188. package/src/crypto/BrowserCrypto.ts +91 -2
  189. package/src/error/BrowserAuthError.ts +6 -8
  190. package/src/error/BrowserAuthErrorCodes.ts +3 -1
  191. package/src/interaction_client/NativeInteractionClient.ts +11 -2
  192. package/src/interaction_client/PopupClient.ts +174 -111
  193. package/src/interaction_client/RedirectClient.ts +269 -132
  194. package/src/interaction_client/SilentAuthCodeClient.ts +2 -2
  195. package/src/interaction_client/SilentIframeClient.ts +168 -100
  196. package/src/interaction_client/StandardInteractionClient.ts +3 -43
  197. package/src/interaction_handler/InteractionHandler.ts +8 -7
  198. package/src/interaction_handler/SilentHandler.ts +31 -2
  199. package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -2
  200. package/src/packageMetadata.ts +1 -1
  201. package/src/protocol/Authorize.ts +490 -0
  202. package/src/request/AuthorizationUrlRequest.ts +3 -5
  203. package/src/request/PopupRequest.ts +1 -0
  204. package/src/request/RedirectRequest.ts +1 -0
  205. package/src/request/SsoSilentRequest.ts +1 -0
  206. package/src/response/ResponseHandler.ts +3 -3
  207. package/src/utils/BrowserConstants.ts +1 -10
  208. package/dist/interaction_handler/RedirectHandler.d.ts +0 -33
  209. package/dist/interaction_handler/RedirectHandler.d.ts.map +0 -1
  210. package/dist/interaction_handler/RedirectHandler.mjs +0 -144
  211. package/dist/interaction_handler/RedirectHandler.mjs.map +0 -1
  212. package/lib/types/interaction_handler/RedirectHandler.d.ts +0 -33
  213. package/lib/types/interaction_handler/RedirectHandler.d.ts.map +0 -1
  214. package/src/interaction_handler/RedirectHandler.ts +0 -251
@@ -0,0 +1,490 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ import {
7
+ AuthenticationScheme,
8
+ Authority,
9
+ AuthorizeProtocol,
10
+ ClientConfigurationErrorCodes,
11
+ CommonAuthorizationUrlRequest,
12
+ createClientConfigurationError,
13
+ invokeAsync,
14
+ IPerformanceClient,
15
+ Logger,
16
+ PerformanceEvents,
17
+ PopTokenGenerator,
18
+ ProtocolMode,
19
+ RequestParameterBuilder,
20
+ OAuthResponseType,
21
+ Constants,
22
+ CommonAuthorizationCodeRequest,
23
+ AuthorizationCodeClient,
24
+ ProtocolUtils,
25
+ ThrottlingUtils,
26
+ AuthorizeResponse,
27
+ ResponseHandler,
28
+ TimeUtils,
29
+ AuthorizationCodePayload,
30
+ ServerAuthorizationTokenResponse,
31
+ } from "@azure/msal-common/browser";
32
+ import { BrowserConfiguration } from "../config/Configuration.js";
33
+ import { ApiId, BrowserConstants } from "../utils/BrowserConstants.js";
34
+ import { version } from "../packageMetadata.js";
35
+ import { CryptoOps } from "../crypto/CryptoOps.js";
36
+ import {
37
+ BrowserAuthErrorCodes,
38
+ createBrowserAuthError,
39
+ } from "../error/BrowserAuthError.js";
40
+ import { AuthenticationResult } from "../response/AuthenticationResult.js";
41
+ import { InteractionHandler } from "../interaction_handler/InteractionHandler.js";
42
+ import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
43
+ import { NativeInteractionClient } from "../interaction_client/NativeInteractionClient.js";
44
+ import { NativeMessageHandler } from "../broker/nativeBroker/NativeMessageHandler.js";
45
+ import { EventHandler } from "../event/EventHandler.js";
46
+ import { decryptEarResponse } from "../crypto/BrowserCrypto.js";
47
+
48
+ /**
49
+ * Returns map of parameters that are applicable to all calls to /authorize whether using PKCE or EAR
50
+ * @param config
51
+ * @param authority
52
+ * @param request
53
+ * @param logger
54
+ * @param performanceClient
55
+ * @returns
56
+ */
57
+ async function getStandardParameters(
58
+ config: BrowserConfiguration,
59
+ authority: Authority,
60
+ request: CommonAuthorizationUrlRequest,
61
+ logger: Logger,
62
+ performanceClient: IPerformanceClient
63
+ ): Promise<Map<string, string>> {
64
+ const parameters = AuthorizeProtocol.getStandardAuthorizeRequestParameters(
65
+ { ...config.auth, authority: authority },
66
+ request,
67
+ logger,
68
+ performanceClient
69
+ );
70
+ RequestParameterBuilder.addLibraryInfo(parameters, {
71
+ sku: BrowserConstants.MSAL_SKU,
72
+ version: version,
73
+ os: "",
74
+ cpu: "",
75
+ });
76
+ if (config.auth.protocolMode !== ProtocolMode.OIDC) {
77
+ RequestParameterBuilder.addApplicationTelemetry(
78
+ parameters,
79
+ config.telemetry.application
80
+ );
81
+ }
82
+
83
+ if (request.platformBroker) {
84
+ // signal ests that this is a WAM call
85
+ RequestParameterBuilder.addNativeBroker(parameters);
86
+
87
+ // pass the req_cnf for POP
88
+ if (request.authenticationScheme === AuthenticationScheme.POP) {
89
+ const cryptoOps = new CryptoOps(logger, performanceClient);
90
+ const popTokenGenerator = new PopTokenGenerator(cryptoOps);
91
+
92
+ // req_cnf is always sent as a string for SPAs
93
+ let reqCnfData;
94
+ if (!request.popKid) {
95
+ const generatedReqCnfData = await invokeAsync(
96
+ popTokenGenerator.generateCnf.bind(popTokenGenerator),
97
+ PerformanceEvents.PopTokenGenerateCnf,
98
+ logger,
99
+ performanceClient,
100
+ request.correlationId
101
+ )(request, logger);
102
+ reqCnfData = generatedReqCnfData.reqCnfString;
103
+ } else {
104
+ reqCnfData = cryptoOps.encodeKid(request.popKid);
105
+ }
106
+ RequestParameterBuilder.addPopToken(parameters, reqCnfData);
107
+ }
108
+ }
109
+
110
+ RequestParameterBuilder.instrumentBrokerParams(
111
+ parameters,
112
+ request.correlationId,
113
+ performanceClient
114
+ );
115
+
116
+ return parameters;
117
+ }
118
+
119
+ /**
120
+ * Gets the full /authorize URL with request parameters when using Auth Code + PKCE
121
+ * @param config
122
+ * @param authority
123
+ * @param request
124
+ * @param logger
125
+ * @param performanceClient
126
+ * @returns
127
+ */
128
+ export async function getAuthCodeRequestUrl(
129
+ config: BrowserConfiguration,
130
+ authority: Authority,
131
+ request: CommonAuthorizationUrlRequest,
132
+ logger: Logger,
133
+ performanceClient: IPerformanceClient
134
+ ): Promise<string> {
135
+ if (!request.codeChallenge) {
136
+ throw createClientConfigurationError(
137
+ ClientConfigurationErrorCodes.pkceParamsMissing
138
+ );
139
+ }
140
+
141
+ const parameters = await invokeAsync(
142
+ getStandardParameters,
143
+ PerformanceEvents.GetStandardParams,
144
+ logger,
145
+ performanceClient,
146
+ request.correlationId
147
+ )(config, authority, request, logger, performanceClient);
148
+ RequestParameterBuilder.addResponseType(parameters, OAuthResponseType.CODE);
149
+
150
+ RequestParameterBuilder.addCodeChallengeParams(
151
+ parameters,
152
+ request.codeChallenge,
153
+ Constants.S256_CODE_CHALLENGE_METHOD
154
+ );
155
+
156
+ RequestParameterBuilder.addExtraQueryParameters(
157
+ parameters,
158
+ request.extraQueryParameters || {}
159
+ );
160
+
161
+ return AuthorizeProtocol.getAuthorizeUrl(authority, parameters);
162
+ }
163
+
164
+ /**
165
+ * Gets the form that will be posted to /authorize with request parameters when using EAR
166
+ */
167
+ export async function getEARForm(
168
+ frame: Document,
169
+ config: BrowserConfiguration,
170
+ authority: Authority,
171
+ request: CommonAuthorizationUrlRequest,
172
+ logger: Logger,
173
+ performanceClient: IPerformanceClient
174
+ ): Promise<HTMLFormElement> {
175
+ if (!request.earJwk) {
176
+ throw createBrowserAuthError(BrowserAuthErrorCodes.earJwkEmpty);
177
+ }
178
+
179
+ const parameters = await getStandardParameters(
180
+ config,
181
+ authority,
182
+ request,
183
+ logger,
184
+ performanceClient
185
+ );
186
+
187
+ RequestParameterBuilder.addResponseType(
188
+ parameters,
189
+ OAuthResponseType.IDTOKEN_TOKEN_REFRESHTOKEN
190
+ );
191
+ RequestParameterBuilder.addEARParameters(parameters, request.earJwk);
192
+
193
+ const queryParams = new Map<string, string>();
194
+ RequestParameterBuilder.addExtraQueryParameters(
195
+ queryParams,
196
+ request.extraQueryParameters || {}
197
+ );
198
+ const url = AuthorizeProtocol.getAuthorizeUrl(authority, queryParams);
199
+
200
+ return createForm(frame, url, parameters);
201
+ }
202
+
203
+ /**
204
+ * Creates form element in the provided document with auth parameters in the post body
205
+ * @param frame
206
+ * @param authorizeUrl
207
+ * @param parameters
208
+ * @returns
209
+ */
210
+ function createForm(
211
+ frame: Document,
212
+ authorizeUrl: string,
213
+ parameters: Map<string, string>
214
+ ): HTMLFormElement {
215
+ const form = frame.createElement("form");
216
+ form.method = "post";
217
+ form.action = authorizeUrl;
218
+
219
+ parameters.forEach((value: string, key: string) => {
220
+ const param = frame.createElement("input");
221
+ param.hidden = true;
222
+ param.name = key;
223
+ param.value = value;
224
+
225
+ form.appendChild(param);
226
+ });
227
+
228
+ frame.body.appendChild(form);
229
+ return form;
230
+ }
231
+
232
+ /**
233
+ * Response handler when server returns accountId on the /authorize request
234
+ * @param request
235
+ * @param accountId
236
+ * @param apiId
237
+ * @param config
238
+ * @param browserStorage
239
+ * @param nativeStorage
240
+ * @param eventHandler
241
+ * @param logger
242
+ * @param performanceClient
243
+ * @param nativeMessageHandler
244
+ * @returns
245
+ */
246
+ export async function handleResponsePlatformBroker(
247
+ request: CommonAuthorizationUrlRequest,
248
+ accountId: string,
249
+ apiId: ApiId,
250
+ config: BrowserConfiguration,
251
+ browserStorage: BrowserCacheManager,
252
+ nativeStorage: BrowserCacheManager,
253
+ eventHandler: EventHandler,
254
+ logger: Logger,
255
+ performanceClient: IPerformanceClient,
256
+ nativeMessageHandler?: NativeMessageHandler
257
+ ): Promise<AuthenticationResult> {
258
+ if (!nativeMessageHandler) {
259
+ throw createBrowserAuthError(
260
+ BrowserAuthErrorCodes.nativeConnectionNotEstablished
261
+ );
262
+ }
263
+ const browserCrypto = new CryptoOps(logger, performanceClient);
264
+ const nativeInteractionClient = new NativeInteractionClient(
265
+ config,
266
+ browserStorage,
267
+ browserCrypto,
268
+ logger,
269
+ eventHandler,
270
+ config.system.navigationClient,
271
+ apiId,
272
+ performanceClient,
273
+ nativeMessageHandler,
274
+ accountId,
275
+ nativeStorage,
276
+ request.correlationId
277
+ );
278
+ const { userRequestState } = ProtocolUtils.parseRequestState(
279
+ browserCrypto,
280
+ request.state
281
+ );
282
+ return invokeAsync(
283
+ nativeInteractionClient.acquireToken.bind(nativeInteractionClient),
284
+ PerformanceEvents.NativeInteractionClientAcquireToken,
285
+ logger,
286
+ performanceClient,
287
+ request.correlationId
288
+ )({
289
+ ...request,
290
+ state: userRequestState,
291
+ prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently
292
+ });
293
+ }
294
+
295
+ /**
296
+ * Response handler when server returns code on the /authorize request
297
+ * @param request
298
+ * @param response
299
+ * @param codeVerifier
300
+ * @param authClient
301
+ * @param browserStorage
302
+ * @param logger
303
+ * @param performanceClient
304
+ * @returns
305
+ */
306
+ export async function handleResponseCode(
307
+ request: CommonAuthorizationUrlRequest,
308
+ response: AuthorizeResponse,
309
+ codeVerifier: string,
310
+ apiId: ApiId,
311
+ config: BrowserConfiguration,
312
+ authClient: AuthorizationCodeClient,
313
+ browserStorage: BrowserCacheManager,
314
+ nativeStorage: BrowserCacheManager,
315
+ eventHandler: EventHandler,
316
+ logger: Logger,
317
+ performanceClient: IPerformanceClient,
318
+ nativeMessageHandler?: NativeMessageHandler
319
+ ): Promise<AuthenticationResult> {
320
+ // Remove throttle if it exists
321
+ ThrottlingUtils.removeThrottle(
322
+ browserStorage,
323
+ config.auth.clientId,
324
+ request
325
+ );
326
+ if (response.accountId) {
327
+ return invokeAsync(
328
+ handleResponsePlatformBroker,
329
+ PerformanceEvents.HandleResponsePlatformBroker,
330
+ logger,
331
+ performanceClient,
332
+ request.correlationId
333
+ )(
334
+ request,
335
+ response.accountId,
336
+ apiId,
337
+ config,
338
+ browserStorage,
339
+ nativeStorage,
340
+ eventHandler,
341
+ logger,
342
+ performanceClient,
343
+ nativeMessageHandler
344
+ );
345
+ }
346
+ const authCodeRequest: CommonAuthorizationCodeRequest = {
347
+ ...request,
348
+ code: response.code || "",
349
+ codeVerifier: codeVerifier,
350
+ };
351
+ // Create popup interaction handler.
352
+ const interactionHandler = new InteractionHandler(
353
+ authClient,
354
+ browserStorage,
355
+ authCodeRequest,
356
+ logger,
357
+ performanceClient
358
+ );
359
+ // Handle response from hash string.
360
+ const result = await invokeAsync(
361
+ interactionHandler.handleCodeResponse.bind(interactionHandler),
362
+ PerformanceEvents.HandleCodeResponse,
363
+ logger,
364
+ performanceClient,
365
+ request.correlationId
366
+ )(response, request);
367
+
368
+ return result;
369
+ }
370
+
371
+ /**
372
+ * Response handler when server returns ear_jwe on the /authorize request
373
+ * @param request
374
+ * @param response
375
+ * @param apiId
376
+ * @param config
377
+ * @param authority
378
+ * @param browserStorage
379
+ * @param nativeStorage
380
+ * @param eventHandler
381
+ * @param logger
382
+ * @param performanceClient
383
+ * @param nativeMessageHandler
384
+ * @returns
385
+ */
386
+ export async function handleResponseEAR(
387
+ request: CommonAuthorizationUrlRequest,
388
+ response: AuthorizeResponse,
389
+ apiId: ApiId,
390
+ config: BrowserConfiguration,
391
+ authority: Authority,
392
+ browserStorage: BrowserCacheManager,
393
+ nativeStorage: BrowserCacheManager,
394
+ eventHandler: EventHandler,
395
+ logger: Logger,
396
+ performanceClient: IPerformanceClient,
397
+ nativeMessageHandler?: NativeMessageHandler
398
+ ): Promise<AuthenticationResult> {
399
+ // Remove throttle if it exists
400
+ ThrottlingUtils.removeThrottle(
401
+ browserStorage,
402
+ config.auth.clientId,
403
+ request
404
+ );
405
+
406
+ // Validate state & check response for errors
407
+ AuthorizeProtocol.validateAuthorizationResponse(response, request.state);
408
+
409
+ if (!response.ear_jwe) {
410
+ throw createBrowserAuthError(BrowserAuthErrorCodes.earJweEmpty);
411
+ }
412
+
413
+ if (!request.earJwk) {
414
+ throw createBrowserAuthError(BrowserAuthErrorCodes.earJwkEmpty);
415
+ }
416
+
417
+ const decryptedData = JSON.parse(
418
+ await invokeAsync(
419
+ decryptEarResponse,
420
+ PerformanceEvents.DecryptEarResponse,
421
+ logger,
422
+ performanceClient,
423
+ request.correlationId
424
+ )(request.earJwk, response.ear_jwe)
425
+ ) as AuthorizeResponse & ServerAuthorizationTokenResponse;
426
+
427
+ if (decryptedData.accountId) {
428
+ return invokeAsync(
429
+ handleResponsePlatformBroker,
430
+ PerformanceEvents.HandleResponsePlatformBroker,
431
+ logger,
432
+ performanceClient,
433
+ request.correlationId
434
+ )(
435
+ request,
436
+ decryptedData.accountId,
437
+ apiId,
438
+ config,
439
+ browserStorage,
440
+ nativeStorage,
441
+ eventHandler,
442
+ logger,
443
+ performanceClient,
444
+ nativeMessageHandler
445
+ );
446
+ }
447
+
448
+ const responseHandler = new ResponseHandler(
449
+ config.auth.clientId,
450
+ browserStorage,
451
+ new CryptoOps(logger, performanceClient),
452
+ logger,
453
+ null,
454
+ null,
455
+ performanceClient
456
+ );
457
+
458
+ // Validate response. This function throws a server error if an error is returned by the server.
459
+ responseHandler.validateTokenResponse(decryptedData);
460
+
461
+ // Temporary until response handler is refactored to be more flow agnostic.
462
+ const additionalData: AuthorizationCodePayload = {
463
+ code: "",
464
+ state: request.state,
465
+ nonce: request.nonce,
466
+ client_info: decryptedData.client_info,
467
+ cloud_graph_host_name: decryptedData.cloud_graph_host_name,
468
+ cloud_instance_host_name: decryptedData.cloud_instance_host_name,
469
+ cloud_instance_name: decryptedData.cloud_instance_name,
470
+ msgraph_host: decryptedData.msgraph_host,
471
+ };
472
+
473
+ return (await invokeAsync(
474
+ responseHandler.handleServerTokenResponse.bind(responseHandler),
475
+ PerformanceEvents.HandleServerTokenResponse,
476
+ logger,
477
+ performanceClient,
478
+ request.correlationId
479
+ )(
480
+ decryptedData,
481
+ authority,
482
+ TimeUtils.nowSeconds(),
483
+ request,
484
+ additionalData,
485
+ undefined,
486
+ undefined,
487
+ undefined,
488
+ undefined
489
+ )) as AuthenticationResult;
490
+ }
@@ -7,11 +7,9 @@ import { CommonAuthorizationUrlRequest } from "@azure/msal-common/browser";
7
7
 
8
8
  /**
9
9
  * This type is deprecated and will be removed on the next major version update
10
+ * @deprecated Will be removed in future version
10
11
  */
11
12
  export type AuthorizationUrlRequest = Omit<
12
13
  CommonAuthorizationUrlRequest,
13
- "state" | "nonce" | "requestedClaimsHash" | "platformBroker"
14
- > & {
15
- state: string;
16
- nonce: string;
17
- };
14
+ "requestedClaimsHash" | "platformBroker"
15
+ >;
@@ -40,6 +40,7 @@ export type PopupRequest = Partial<
40
40
  CommonAuthorizationUrlRequest,
41
41
  | "responseMode"
42
42
  | "scopes"
43
+ | "earJwk"
43
44
  | "codeChallenge"
44
45
  | "codeChallengeMethod"
45
46
  | "requestedClaimsHash"
@@ -38,6 +38,7 @@ export type RedirectRequest = Partial<
38
38
  CommonAuthorizationUrlRequest,
39
39
  | "responseMode"
40
40
  | "scopes"
41
+ | "earJwk"
41
42
  | "codeChallenge"
42
43
  | "codeChallengeMethod"
43
44
  | "requestedClaimsHash"
@@ -34,6 +34,7 @@ export type SsoSilentRequest = Partial<
34
34
  Omit<
35
35
  CommonAuthorizationUrlRequest,
36
36
  | "responseMode"
37
+ | "earJwk"
37
38
  | "codeChallenge"
38
39
  | "codeChallengeMethod"
39
40
  | "requestedClaimsHash"
@@ -6,7 +6,7 @@
6
6
  import {
7
7
  ICrypto,
8
8
  Logger,
9
- ServerAuthorizationCodeResponse,
9
+ AuthorizeResponse,
10
10
  UrlUtils,
11
11
  } from "@azure/msal-common/browser";
12
12
  import {
@@ -20,7 +20,7 @@ export function deserializeResponse(
20
20
  responseString: string,
21
21
  responseLocation: string,
22
22
  logger: Logger
23
- ): ServerAuthorizationCodeResponse {
23
+ ): AuthorizeResponse {
24
24
  // Deserialize hash fragment response parameters.
25
25
  const serverParams = UrlUtils.getDeserializedResponse(responseString);
26
26
  if (!serverParams) {
@@ -49,7 +49,7 @@ export function deserializeResponse(
49
49
  * Returns the interaction type that the response object belongs to
50
50
  */
51
51
  export function validateInteractionType(
52
- response: ServerAuthorizationCodeResponse,
52
+ response: AuthorizeResponse,
53
53
  browserCrypto: ICrypto,
54
54
  interactionType: InteractionType
55
55
  ): void {
@@ -78,21 +78,12 @@ export type HTTP_REQUEST_TYPE =
78
78
  * Temporary cache keys for MSAL, deleted after any request.
79
79
  */
80
80
  export const TemporaryCacheKeys = {
81
- AUTHORITY: "authority",
82
- ACQUIRE_TOKEN_ACCOUNT: "acquireToken.account",
83
- SESSION_STATE: "session.state",
84
- REQUEST_STATE: "request.state",
85
- NONCE_IDTOKEN: "nonce.id_token",
86
81
  ORIGIN_URI: "request.origin",
87
- RENEW_STATUS: "token.renew.status",
88
82
  URL_HASH: "urlHash",
89
83
  REQUEST_PARAMS: "request.params",
90
- SCOPES: "scopes",
84
+ VERIFIER: "code.verifier",
91
85
  INTERACTION_STATUS_KEY: "interaction.status",
92
- CCS_CREDENTIAL: "ccs.credential",
93
- CORRELATION_ID: "request.correlationId",
94
86
  NATIVE_REQUEST: "request.native",
95
- REDIRECT_CONTEXT: "request.redirect.context",
96
87
  } as const;
97
88
  export type TemporaryCacheKeys =
98
89
  (typeof TemporaryCacheKeys)[keyof typeof TemporaryCacheKeys];
@@ -1,33 +0,0 @@
1
- import { AuthorizationCodeClient, CommonAuthorizationCodeRequest, Logger, IPerformanceClient, CcsCredential, ServerAuthorizationCodeResponse } from "@azure/msal-common/browser";
2
- import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
3
- import { INavigationClient } from "../navigation/INavigationClient.js";
4
- import { AuthenticationResult } from "../response/AuthenticationResult.js";
5
- export type RedirectParams = {
6
- navigationClient: INavigationClient;
7
- redirectTimeout: number;
8
- redirectStartPage: string;
9
- onRedirectNavigate?: (url: string) => void | boolean;
10
- };
11
- export declare class RedirectHandler {
12
- authModule: AuthorizationCodeClient;
13
- browserStorage: BrowserCacheManager;
14
- authCodeRequest: CommonAuthorizationCodeRequest;
15
- logger: Logger;
16
- performanceClient: IPerformanceClient;
17
- constructor(authCodeModule: AuthorizationCodeClient, storageImpl: BrowserCacheManager, authCodeRequest: CommonAuthorizationCodeRequest, logger: Logger, performanceClient: IPerformanceClient);
18
- /**
19
- * Redirects window to given URL.
20
- * @param urlNavigate
21
- */
22
- initiateAuthRequest(requestUrl: string, params: RedirectParams): Promise<void>;
23
- /**
24
- * Handle authorization code response in the window.
25
- * @param hash
26
- */
27
- handleCodeResponse(response: ServerAuthorizationCodeResponse, state: string): Promise<AuthenticationResult>;
28
- /**
29
- * Looks up ccs creds in the cache
30
- */
31
- protected checkCcsCredentials(): CcsCredential | null;
32
- }
33
- //# sourceMappingURL=RedirectHandler.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"RedirectHandler.d.ts","sourceRoot":"","sources":["../../src/interaction_handler/RedirectHandler.ts"],"names":[],"mappings":"AAKA,OAAO,EACH,uBAAuB,EACvB,8BAA8B,EAC9B,MAAM,EAEN,kBAAkB,EAGlB,aAAa,EAGb,+BAA+B,EAClC,MAAM,4BAA4B,CAAC;AAMpC,OAAO,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAEvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAE3E,MAAM,MAAM,cAAc,GAAG;IACzB,gBAAgB,EAAE,iBAAiB,CAAC;IACpC,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC;CACxD,CAAC;AAEF,qBAAa,eAAe;IACxB,UAAU,EAAE,uBAAuB,CAAC;IACpC,cAAc,EAAE,mBAAmB,CAAC;IACpC,eAAe,EAAE,8BAA8B,CAAC;IAChD,MAAM,EAAE,MAAM,CAAC;IACf,iBAAiB,EAAE,kBAAkB,CAAC;gBAGlC,cAAc,EAAE,uBAAuB,EACvC,WAAW,EAAE,mBAAmB,EAChC,eAAe,EAAE,8BAA8B,EAC/C,MAAM,EAAE,MAAM,EACd,iBAAiB,EAAE,kBAAkB;IASzC;;;OAGG;IACG,mBAAmB,CACrB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,cAAc,GACvB,OAAO,CAAC,IAAI,CAAC;IA6EhB;;;OAGG;IACG,kBAAkB,CACpB,QAAQ,EAAE,+BAA+B,EACzC,KAAK,EAAE,MAAM,GACd,OAAO,CAAC,oBAAoB,CAAC;IAgFhC;;OAEG;IACH,SAAS,CAAC,mBAAmB,IAAI,aAAa,GAAG,IAAI;CAoBxD"}