@azure/msal-browser 4.7.0 → 4.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientNext.mjs +1 -1
- package/dist/broker/nativeBroker/NativeMessageHandler.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.d.ts +4 -41
- package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +18 -143
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.d.ts.map +1 -1
- package/dist/config/Configuration.mjs +12 -3
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/ControllerFactory.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.d.ts +2 -2
- package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +28 -16
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.d.ts +2 -2
- package/dist/controllers/UnknownOperatingContextController.d.ts.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.d.ts +11 -0
- package/dist/crypto/BrowserCrypto.d.ts.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +68 -5
- package/dist/crypto/BrowserCrypto.mjs.map +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.d.ts +3 -5
- package/dist/error/BrowserAuthError.d.ts.map +1 -1
- package/dist/error/BrowserAuthError.mjs +5 -7
- package/dist/error/BrowserAuthError.mjs.map +1 -1
- package/dist/error/BrowserAuthErrorCodes.d.ts +3 -1
- package/dist/error/BrowserAuthErrorCodes.d.ts.map +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +6 -4
- package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/NativeInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/NativeInteractionClient.mjs +9 -4
- package/dist/interaction_client/NativeInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts +14 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +66 -57
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts +21 -4
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +133 -70
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts +13 -3
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +64 -41
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.d.ts +2 -9
- package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +2 -22
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.d.ts +4 -5
- package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +3 -3
- package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
- package/dist/interaction_handler/SilentHandler.d.ts +4 -2
- package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +13 -3
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -3
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +65 -0
- package/dist/protocol/Authorize.d.ts.map +1 -0
- package/dist/protocol/Authorize.mjs +217 -0
- package/dist/protocol/Authorize.mjs.map +1 -0
- package/dist/request/AuthorizationUrlRequest.d.ts +2 -4
- package/dist/request/AuthorizationUrlRequest.d.ts.map +1 -1
- package/dist/request/PopupRequest.d.ts +1 -1
- package/dist/request/PopupRequest.d.ts.map +1 -1
- package/dist/request/RedirectRequest.d.ts +1 -1
- package/dist/request/RedirectRequest.d.ts.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/request/SsoSilentRequest.d.ts +1 -1
- package/dist/request/SsoSilentRequest.d.ts.map +1 -1
- package/dist/response/ResponseHandler.d.ts +3 -3
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/utils/BrowserConstants.d.ts +1 -10
- package/dist/utils/BrowserConstants.d.ts.map +1 -1
- package/dist/utils/BrowserConstants.mjs +2 -11
- package/dist/utils/BrowserConstants.mjs.map +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/lib/msal-browser.cjs +2402 -2345
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +2402 -2345
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +68 -66
- package/lib/types/cache/BrowserCacheManager.d.ts +4 -41
- package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/types/config/Configuration.d.ts.map +1 -1
- package/lib/types/controllers/NestedAppAuthController.d.ts +2 -2
- package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/controllers/UnknownOperatingContextController.d.ts +2 -2
- package/lib/types/controllers/UnknownOperatingContextController.d.ts.map +1 -1
- package/lib/types/crypto/BrowserCrypto.d.ts +11 -0
- package/lib/types/crypto/BrowserCrypto.d.ts.map +1 -1
- package/lib/types/error/BrowserAuthError.d.ts +3 -5
- package/lib/types/error/BrowserAuthError.d.ts.map +1 -1
- package/lib/types/error/BrowserAuthErrorCodes.d.ts +3 -1
- package/lib/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
- package/lib/types/interaction_client/NativeInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts +14 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts +21 -4
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts +13 -3
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/interaction_client/StandardInteractionClient.d.ts +2 -9
- package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_handler/InteractionHandler.d.ts +4 -5
- package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
- package/lib/types/interaction_handler/SilentHandler.d.ts +4 -2
- package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/lib/types/naa/mapping/NestedAppAuthAdapter.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts +65 -0
- package/lib/types/protocol/Authorize.d.ts.map +1 -0
- package/lib/types/request/AuthorizationUrlRequest.d.ts +2 -4
- package/lib/types/request/AuthorizationUrlRequest.d.ts.map +1 -1
- package/lib/types/request/PopupRequest.d.ts +1 -1
- package/lib/types/request/PopupRequest.d.ts.map +1 -1
- package/lib/types/request/RedirectRequest.d.ts +1 -1
- package/lib/types/request/RedirectRequest.d.ts.map +1 -1
- package/lib/types/request/SsoSilentRequest.d.ts +1 -1
- package/lib/types/request/SsoSilentRequest.d.ts.map +1 -1
- package/lib/types/response/ResponseHandler.d.ts +3 -3
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/utils/BrowserConstants.d.ts +1 -10
- package/lib/types/utils/BrowserConstants.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/cache/BrowserCacheManager.ts +30 -205
- package/src/config/Configuration.ts +14 -2
- package/src/controllers/NestedAppAuthController.ts +2 -0
- package/src/controllers/StandardController.ts +35 -24
- package/src/controllers/UnknownOperatingContextController.ts +2 -0
- package/src/crypto/BrowserCrypto.ts +91 -2
- package/src/error/BrowserAuthError.ts +6 -8
- package/src/error/BrowserAuthErrorCodes.ts +3 -1
- package/src/interaction_client/NativeInteractionClient.ts +11 -2
- package/src/interaction_client/PopupClient.ts +174 -111
- package/src/interaction_client/RedirectClient.ts +269 -132
- package/src/interaction_client/SilentAuthCodeClient.ts +2 -2
- package/src/interaction_client/SilentIframeClient.ts +168 -100
- package/src/interaction_client/StandardInteractionClient.ts +3 -43
- package/src/interaction_handler/InteractionHandler.ts +8 -7
- package/src/interaction_handler/SilentHandler.ts +31 -2
- package/src/naa/mapping/NestedAppAuthAdapter.ts +1 -2
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +490 -0
- package/src/request/AuthorizationUrlRequest.ts +3 -5
- package/src/request/PopupRequest.ts +1 -0
- package/src/request/RedirectRequest.ts +1 -0
- package/src/request/SsoSilentRequest.ts +1 -0
- package/src/response/ResponseHandler.ts +3 -3
- package/src/utils/BrowserConstants.ts +1 -10
- package/dist/interaction_handler/RedirectHandler.d.ts +0 -33
- package/dist/interaction_handler/RedirectHandler.d.ts.map +0 -1
- package/dist/interaction_handler/RedirectHandler.mjs +0 -144
- package/dist/interaction_handler/RedirectHandler.mjs.map +0 -1
- package/lib/types/interaction_handler/RedirectHandler.d.ts +0 -33
- package/lib/types/interaction_handler/RedirectHandler.d.ts.map +0 -1
- package/src/interaction_handler/RedirectHandler.ts +0 -251
|
@@ -0,0 +1,490 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
import {
|
|
7
|
+
AuthenticationScheme,
|
|
8
|
+
Authority,
|
|
9
|
+
AuthorizeProtocol,
|
|
10
|
+
ClientConfigurationErrorCodes,
|
|
11
|
+
CommonAuthorizationUrlRequest,
|
|
12
|
+
createClientConfigurationError,
|
|
13
|
+
invokeAsync,
|
|
14
|
+
IPerformanceClient,
|
|
15
|
+
Logger,
|
|
16
|
+
PerformanceEvents,
|
|
17
|
+
PopTokenGenerator,
|
|
18
|
+
ProtocolMode,
|
|
19
|
+
RequestParameterBuilder,
|
|
20
|
+
OAuthResponseType,
|
|
21
|
+
Constants,
|
|
22
|
+
CommonAuthorizationCodeRequest,
|
|
23
|
+
AuthorizationCodeClient,
|
|
24
|
+
ProtocolUtils,
|
|
25
|
+
ThrottlingUtils,
|
|
26
|
+
AuthorizeResponse,
|
|
27
|
+
ResponseHandler,
|
|
28
|
+
TimeUtils,
|
|
29
|
+
AuthorizationCodePayload,
|
|
30
|
+
ServerAuthorizationTokenResponse,
|
|
31
|
+
} from "@azure/msal-common/browser";
|
|
32
|
+
import { BrowserConfiguration } from "../config/Configuration.js";
|
|
33
|
+
import { ApiId, BrowserConstants } from "../utils/BrowserConstants.js";
|
|
34
|
+
import { version } from "../packageMetadata.js";
|
|
35
|
+
import { CryptoOps } from "../crypto/CryptoOps.js";
|
|
36
|
+
import {
|
|
37
|
+
BrowserAuthErrorCodes,
|
|
38
|
+
createBrowserAuthError,
|
|
39
|
+
} from "../error/BrowserAuthError.js";
|
|
40
|
+
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
41
|
+
import { InteractionHandler } from "../interaction_handler/InteractionHandler.js";
|
|
42
|
+
import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
|
|
43
|
+
import { NativeInteractionClient } from "../interaction_client/NativeInteractionClient.js";
|
|
44
|
+
import { NativeMessageHandler } from "../broker/nativeBroker/NativeMessageHandler.js";
|
|
45
|
+
import { EventHandler } from "../event/EventHandler.js";
|
|
46
|
+
import { decryptEarResponse } from "../crypto/BrowserCrypto.js";
|
|
47
|
+
|
|
48
|
+
/**
|
|
49
|
+
* Returns map of parameters that are applicable to all calls to /authorize whether using PKCE or EAR
|
|
50
|
+
* @param config
|
|
51
|
+
* @param authority
|
|
52
|
+
* @param request
|
|
53
|
+
* @param logger
|
|
54
|
+
* @param performanceClient
|
|
55
|
+
* @returns
|
|
56
|
+
*/
|
|
57
|
+
async function getStandardParameters(
|
|
58
|
+
config: BrowserConfiguration,
|
|
59
|
+
authority: Authority,
|
|
60
|
+
request: CommonAuthorizationUrlRequest,
|
|
61
|
+
logger: Logger,
|
|
62
|
+
performanceClient: IPerformanceClient
|
|
63
|
+
): Promise<Map<string, string>> {
|
|
64
|
+
const parameters = AuthorizeProtocol.getStandardAuthorizeRequestParameters(
|
|
65
|
+
{ ...config.auth, authority: authority },
|
|
66
|
+
request,
|
|
67
|
+
logger,
|
|
68
|
+
performanceClient
|
|
69
|
+
);
|
|
70
|
+
RequestParameterBuilder.addLibraryInfo(parameters, {
|
|
71
|
+
sku: BrowserConstants.MSAL_SKU,
|
|
72
|
+
version: version,
|
|
73
|
+
os: "",
|
|
74
|
+
cpu: "",
|
|
75
|
+
});
|
|
76
|
+
if (config.auth.protocolMode !== ProtocolMode.OIDC) {
|
|
77
|
+
RequestParameterBuilder.addApplicationTelemetry(
|
|
78
|
+
parameters,
|
|
79
|
+
config.telemetry.application
|
|
80
|
+
);
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
if (request.platformBroker) {
|
|
84
|
+
// signal ests that this is a WAM call
|
|
85
|
+
RequestParameterBuilder.addNativeBroker(parameters);
|
|
86
|
+
|
|
87
|
+
// pass the req_cnf for POP
|
|
88
|
+
if (request.authenticationScheme === AuthenticationScheme.POP) {
|
|
89
|
+
const cryptoOps = new CryptoOps(logger, performanceClient);
|
|
90
|
+
const popTokenGenerator = new PopTokenGenerator(cryptoOps);
|
|
91
|
+
|
|
92
|
+
// req_cnf is always sent as a string for SPAs
|
|
93
|
+
let reqCnfData;
|
|
94
|
+
if (!request.popKid) {
|
|
95
|
+
const generatedReqCnfData = await invokeAsync(
|
|
96
|
+
popTokenGenerator.generateCnf.bind(popTokenGenerator),
|
|
97
|
+
PerformanceEvents.PopTokenGenerateCnf,
|
|
98
|
+
logger,
|
|
99
|
+
performanceClient,
|
|
100
|
+
request.correlationId
|
|
101
|
+
)(request, logger);
|
|
102
|
+
reqCnfData = generatedReqCnfData.reqCnfString;
|
|
103
|
+
} else {
|
|
104
|
+
reqCnfData = cryptoOps.encodeKid(request.popKid);
|
|
105
|
+
}
|
|
106
|
+
RequestParameterBuilder.addPopToken(parameters, reqCnfData);
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
RequestParameterBuilder.instrumentBrokerParams(
|
|
111
|
+
parameters,
|
|
112
|
+
request.correlationId,
|
|
113
|
+
performanceClient
|
|
114
|
+
);
|
|
115
|
+
|
|
116
|
+
return parameters;
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
/**
|
|
120
|
+
* Gets the full /authorize URL with request parameters when using Auth Code + PKCE
|
|
121
|
+
* @param config
|
|
122
|
+
* @param authority
|
|
123
|
+
* @param request
|
|
124
|
+
* @param logger
|
|
125
|
+
* @param performanceClient
|
|
126
|
+
* @returns
|
|
127
|
+
*/
|
|
128
|
+
export async function getAuthCodeRequestUrl(
|
|
129
|
+
config: BrowserConfiguration,
|
|
130
|
+
authority: Authority,
|
|
131
|
+
request: CommonAuthorizationUrlRequest,
|
|
132
|
+
logger: Logger,
|
|
133
|
+
performanceClient: IPerformanceClient
|
|
134
|
+
): Promise<string> {
|
|
135
|
+
if (!request.codeChallenge) {
|
|
136
|
+
throw createClientConfigurationError(
|
|
137
|
+
ClientConfigurationErrorCodes.pkceParamsMissing
|
|
138
|
+
);
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
const parameters = await invokeAsync(
|
|
142
|
+
getStandardParameters,
|
|
143
|
+
PerformanceEvents.GetStandardParams,
|
|
144
|
+
logger,
|
|
145
|
+
performanceClient,
|
|
146
|
+
request.correlationId
|
|
147
|
+
)(config, authority, request, logger, performanceClient);
|
|
148
|
+
RequestParameterBuilder.addResponseType(parameters, OAuthResponseType.CODE);
|
|
149
|
+
|
|
150
|
+
RequestParameterBuilder.addCodeChallengeParams(
|
|
151
|
+
parameters,
|
|
152
|
+
request.codeChallenge,
|
|
153
|
+
Constants.S256_CODE_CHALLENGE_METHOD
|
|
154
|
+
);
|
|
155
|
+
|
|
156
|
+
RequestParameterBuilder.addExtraQueryParameters(
|
|
157
|
+
parameters,
|
|
158
|
+
request.extraQueryParameters || {}
|
|
159
|
+
);
|
|
160
|
+
|
|
161
|
+
return AuthorizeProtocol.getAuthorizeUrl(authority, parameters);
|
|
162
|
+
}
|
|
163
|
+
|
|
164
|
+
/**
|
|
165
|
+
* Gets the form that will be posted to /authorize with request parameters when using EAR
|
|
166
|
+
*/
|
|
167
|
+
export async function getEARForm(
|
|
168
|
+
frame: Document,
|
|
169
|
+
config: BrowserConfiguration,
|
|
170
|
+
authority: Authority,
|
|
171
|
+
request: CommonAuthorizationUrlRequest,
|
|
172
|
+
logger: Logger,
|
|
173
|
+
performanceClient: IPerformanceClient
|
|
174
|
+
): Promise<HTMLFormElement> {
|
|
175
|
+
if (!request.earJwk) {
|
|
176
|
+
throw createBrowserAuthError(BrowserAuthErrorCodes.earJwkEmpty);
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
const parameters = await getStandardParameters(
|
|
180
|
+
config,
|
|
181
|
+
authority,
|
|
182
|
+
request,
|
|
183
|
+
logger,
|
|
184
|
+
performanceClient
|
|
185
|
+
);
|
|
186
|
+
|
|
187
|
+
RequestParameterBuilder.addResponseType(
|
|
188
|
+
parameters,
|
|
189
|
+
OAuthResponseType.IDTOKEN_TOKEN_REFRESHTOKEN
|
|
190
|
+
);
|
|
191
|
+
RequestParameterBuilder.addEARParameters(parameters, request.earJwk);
|
|
192
|
+
|
|
193
|
+
const queryParams = new Map<string, string>();
|
|
194
|
+
RequestParameterBuilder.addExtraQueryParameters(
|
|
195
|
+
queryParams,
|
|
196
|
+
request.extraQueryParameters || {}
|
|
197
|
+
);
|
|
198
|
+
const url = AuthorizeProtocol.getAuthorizeUrl(authority, queryParams);
|
|
199
|
+
|
|
200
|
+
return createForm(frame, url, parameters);
|
|
201
|
+
}
|
|
202
|
+
|
|
203
|
+
/**
|
|
204
|
+
* Creates form element in the provided document with auth parameters in the post body
|
|
205
|
+
* @param frame
|
|
206
|
+
* @param authorizeUrl
|
|
207
|
+
* @param parameters
|
|
208
|
+
* @returns
|
|
209
|
+
*/
|
|
210
|
+
function createForm(
|
|
211
|
+
frame: Document,
|
|
212
|
+
authorizeUrl: string,
|
|
213
|
+
parameters: Map<string, string>
|
|
214
|
+
): HTMLFormElement {
|
|
215
|
+
const form = frame.createElement("form");
|
|
216
|
+
form.method = "post";
|
|
217
|
+
form.action = authorizeUrl;
|
|
218
|
+
|
|
219
|
+
parameters.forEach((value: string, key: string) => {
|
|
220
|
+
const param = frame.createElement("input");
|
|
221
|
+
param.hidden = true;
|
|
222
|
+
param.name = key;
|
|
223
|
+
param.value = value;
|
|
224
|
+
|
|
225
|
+
form.appendChild(param);
|
|
226
|
+
});
|
|
227
|
+
|
|
228
|
+
frame.body.appendChild(form);
|
|
229
|
+
return form;
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
/**
|
|
233
|
+
* Response handler when server returns accountId on the /authorize request
|
|
234
|
+
* @param request
|
|
235
|
+
* @param accountId
|
|
236
|
+
* @param apiId
|
|
237
|
+
* @param config
|
|
238
|
+
* @param browserStorage
|
|
239
|
+
* @param nativeStorage
|
|
240
|
+
* @param eventHandler
|
|
241
|
+
* @param logger
|
|
242
|
+
* @param performanceClient
|
|
243
|
+
* @param nativeMessageHandler
|
|
244
|
+
* @returns
|
|
245
|
+
*/
|
|
246
|
+
export async function handleResponsePlatformBroker(
|
|
247
|
+
request: CommonAuthorizationUrlRequest,
|
|
248
|
+
accountId: string,
|
|
249
|
+
apiId: ApiId,
|
|
250
|
+
config: BrowserConfiguration,
|
|
251
|
+
browserStorage: BrowserCacheManager,
|
|
252
|
+
nativeStorage: BrowserCacheManager,
|
|
253
|
+
eventHandler: EventHandler,
|
|
254
|
+
logger: Logger,
|
|
255
|
+
performanceClient: IPerformanceClient,
|
|
256
|
+
nativeMessageHandler?: NativeMessageHandler
|
|
257
|
+
): Promise<AuthenticationResult> {
|
|
258
|
+
if (!nativeMessageHandler) {
|
|
259
|
+
throw createBrowserAuthError(
|
|
260
|
+
BrowserAuthErrorCodes.nativeConnectionNotEstablished
|
|
261
|
+
);
|
|
262
|
+
}
|
|
263
|
+
const browserCrypto = new CryptoOps(logger, performanceClient);
|
|
264
|
+
const nativeInteractionClient = new NativeInteractionClient(
|
|
265
|
+
config,
|
|
266
|
+
browserStorage,
|
|
267
|
+
browserCrypto,
|
|
268
|
+
logger,
|
|
269
|
+
eventHandler,
|
|
270
|
+
config.system.navigationClient,
|
|
271
|
+
apiId,
|
|
272
|
+
performanceClient,
|
|
273
|
+
nativeMessageHandler,
|
|
274
|
+
accountId,
|
|
275
|
+
nativeStorage,
|
|
276
|
+
request.correlationId
|
|
277
|
+
);
|
|
278
|
+
const { userRequestState } = ProtocolUtils.parseRequestState(
|
|
279
|
+
browserCrypto,
|
|
280
|
+
request.state
|
|
281
|
+
);
|
|
282
|
+
return invokeAsync(
|
|
283
|
+
nativeInteractionClient.acquireToken.bind(nativeInteractionClient),
|
|
284
|
+
PerformanceEvents.NativeInteractionClientAcquireToken,
|
|
285
|
+
logger,
|
|
286
|
+
performanceClient,
|
|
287
|
+
request.correlationId
|
|
288
|
+
)({
|
|
289
|
+
...request,
|
|
290
|
+
state: userRequestState,
|
|
291
|
+
prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently
|
|
292
|
+
});
|
|
293
|
+
}
|
|
294
|
+
|
|
295
|
+
/**
|
|
296
|
+
* Response handler when server returns code on the /authorize request
|
|
297
|
+
* @param request
|
|
298
|
+
* @param response
|
|
299
|
+
* @param codeVerifier
|
|
300
|
+
* @param authClient
|
|
301
|
+
* @param browserStorage
|
|
302
|
+
* @param logger
|
|
303
|
+
* @param performanceClient
|
|
304
|
+
* @returns
|
|
305
|
+
*/
|
|
306
|
+
export async function handleResponseCode(
|
|
307
|
+
request: CommonAuthorizationUrlRequest,
|
|
308
|
+
response: AuthorizeResponse,
|
|
309
|
+
codeVerifier: string,
|
|
310
|
+
apiId: ApiId,
|
|
311
|
+
config: BrowserConfiguration,
|
|
312
|
+
authClient: AuthorizationCodeClient,
|
|
313
|
+
browserStorage: BrowserCacheManager,
|
|
314
|
+
nativeStorage: BrowserCacheManager,
|
|
315
|
+
eventHandler: EventHandler,
|
|
316
|
+
logger: Logger,
|
|
317
|
+
performanceClient: IPerformanceClient,
|
|
318
|
+
nativeMessageHandler?: NativeMessageHandler
|
|
319
|
+
): Promise<AuthenticationResult> {
|
|
320
|
+
// Remove throttle if it exists
|
|
321
|
+
ThrottlingUtils.removeThrottle(
|
|
322
|
+
browserStorage,
|
|
323
|
+
config.auth.clientId,
|
|
324
|
+
request
|
|
325
|
+
);
|
|
326
|
+
if (response.accountId) {
|
|
327
|
+
return invokeAsync(
|
|
328
|
+
handleResponsePlatformBroker,
|
|
329
|
+
PerformanceEvents.HandleResponsePlatformBroker,
|
|
330
|
+
logger,
|
|
331
|
+
performanceClient,
|
|
332
|
+
request.correlationId
|
|
333
|
+
)(
|
|
334
|
+
request,
|
|
335
|
+
response.accountId,
|
|
336
|
+
apiId,
|
|
337
|
+
config,
|
|
338
|
+
browserStorage,
|
|
339
|
+
nativeStorage,
|
|
340
|
+
eventHandler,
|
|
341
|
+
logger,
|
|
342
|
+
performanceClient,
|
|
343
|
+
nativeMessageHandler
|
|
344
|
+
);
|
|
345
|
+
}
|
|
346
|
+
const authCodeRequest: CommonAuthorizationCodeRequest = {
|
|
347
|
+
...request,
|
|
348
|
+
code: response.code || "",
|
|
349
|
+
codeVerifier: codeVerifier,
|
|
350
|
+
};
|
|
351
|
+
// Create popup interaction handler.
|
|
352
|
+
const interactionHandler = new InteractionHandler(
|
|
353
|
+
authClient,
|
|
354
|
+
browserStorage,
|
|
355
|
+
authCodeRequest,
|
|
356
|
+
logger,
|
|
357
|
+
performanceClient
|
|
358
|
+
);
|
|
359
|
+
// Handle response from hash string.
|
|
360
|
+
const result = await invokeAsync(
|
|
361
|
+
interactionHandler.handleCodeResponse.bind(interactionHandler),
|
|
362
|
+
PerformanceEvents.HandleCodeResponse,
|
|
363
|
+
logger,
|
|
364
|
+
performanceClient,
|
|
365
|
+
request.correlationId
|
|
366
|
+
)(response, request);
|
|
367
|
+
|
|
368
|
+
return result;
|
|
369
|
+
}
|
|
370
|
+
|
|
371
|
+
/**
|
|
372
|
+
* Response handler when server returns ear_jwe on the /authorize request
|
|
373
|
+
* @param request
|
|
374
|
+
* @param response
|
|
375
|
+
* @param apiId
|
|
376
|
+
* @param config
|
|
377
|
+
* @param authority
|
|
378
|
+
* @param browserStorage
|
|
379
|
+
* @param nativeStorage
|
|
380
|
+
* @param eventHandler
|
|
381
|
+
* @param logger
|
|
382
|
+
* @param performanceClient
|
|
383
|
+
* @param nativeMessageHandler
|
|
384
|
+
* @returns
|
|
385
|
+
*/
|
|
386
|
+
export async function handleResponseEAR(
|
|
387
|
+
request: CommonAuthorizationUrlRequest,
|
|
388
|
+
response: AuthorizeResponse,
|
|
389
|
+
apiId: ApiId,
|
|
390
|
+
config: BrowserConfiguration,
|
|
391
|
+
authority: Authority,
|
|
392
|
+
browserStorage: BrowserCacheManager,
|
|
393
|
+
nativeStorage: BrowserCacheManager,
|
|
394
|
+
eventHandler: EventHandler,
|
|
395
|
+
logger: Logger,
|
|
396
|
+
performanceClient: IPerformanceClient,
|
|
397
|
+
nativeMessageHandler?: NativeMessageHandler
|
|
398
|
+
): Promise<AuthenticationResult> {
|
|
399
|
+
// Remove throttle if it exists
|
|
400
|
+
ThrottlingUtils.removeThrottle(
|
|
401
|
+
browserStorage,
|
|
402
|
+
config.auth.clientId,
|
|
403
|
+
request
|
|
404
|
+
);
|
|
405
|
+
|
|
406
|
+
// Validate state & check response for errors
|
|
407
|
+
AuthorizeProtocol.validateAuthorizationResponse(response, request.state);
|
|
408
|
+
|
|
409
|
+
if (!response.ear_jwe) {
|
|
410
|
+
throw createBrowserAuthError(BrowserAuthErrorCodes.earJweEmpty);
|
|
411
|
+
}
|
|
412
|
+
|
|
413
|
+
if (!request.earJwk) {
|
|
414
|
+
throw createBrowserAuthError(BrowserAuthErrorCodes.earJwkEmpty);
|
|
415
|
+
}
|
|
416
|
+
|
|
417
|
+
const decryptedData = JSON.parse(
|
|
418
|
+
await invokeAsync(
|
|
419
|
+
decryptEarResponse,
|
|
420
|
+
PerformanceEvents.DecryptEarResponse,
|
|
421
|
+
logger,
|
|
422
|
+
performanceClient,
|
|
423
|
+
request.correlationId
|
|
424
|
+
)(request.earJwk, response.ear_jwe)
|
|
425
|
+
) as AuthorizeResponse & ServerAuthorizationTokenResponse;
|
|
426
|
+
|
|
427
|
+
if (decryptedData.accountId) {
|
|
428
|
+
return invokeAsync(
|
|
429
|
+
handleResponsePlatformBroker,
|
|
430
|
+
PerformanceEvents.HandleResponsePlatformBroker,
|
|
431
|
+
logger,
|
|
432
|
+
performanceClient,
|
|
433
|
+
request.correlationId
|
|
434
|
+
)(
|
|
435
|
+
request,
|
|
436
|
+
decryptedData.accountId,
|
|
437
|
+
apiId,
|
|
438
|
+
config,
|
|
439
|
+
browserStorage,
|
|
440
|
+
nativeStorage,
|
|
441
|
+
eventHandler,
|
|
442
|
+
logger,
|
|
443
|
+
performanceClient,
|
|
444
|
+
nativeMessageHandler
|
|
445
|
+
);
|
|
446
|
+
}
|
|
447
|
+
|
|
448
|
+
const responseHandler = new ResponseHandler(
|
|
449
|
+
config.auth.clientId,
|
|
450
|
+
browserStorage,
|
|
451
|
+
new CryptoOps(logger, performanceClient),
|
|
452
|
+
logger,
|
|
453
|
+
null,
|
|
454
|
+
null,
|
|
455
|
+
performanceClient
|
|
456
|
+
);
|
|
457
|
+
|
|
458
|
+
// Validate response. This function throws a server error if an error is returned by the server.
|
|
459
|
+
responseHandler.validateTokenResponse(decryptedData);
|
|
460
|
+
|
|
461
|
+
// Temporary until response handler is refactored to be more flow agnostic.
|
|
462
|
+
const additionalData: AuthorizationCodePayload = {
|
|
463
|
+
code: "",
|
|
464
|
+
state: request.state,
|
|
465
|
+
nonce: request.nonce,
|
|
466
|
+
client_info: decryptedData.client_info,
|
|
467
|
+
cloud_graph_host_name: decryptedData.cloud_graph_host_name,
|
|
468
|
+
cloud_instance_host_name: decryptedData.cloud_instance_host_name,
|
|
469
|
+
cloud_instance_name: decryptedData.cloud_instance_name,
|
|
470
|
+
msgraph_host: decryptedData.msgraph_host,
|
|
471
|
+
};
|
|
472
|
+
|
|
473
|
+
return (await invokeAsync(
|
|
474
|
+
responseHandler.handleServerTokenResponse.bind(responseHandler),
|
|
475
|
+
PerformanceEvents.HandleServerTokenResponse,
|
|
476
|
+
logger,
|
|
477
|
+
performanceClient,
|
|
478
|
+
request.correlationId
|
|
479
|
+
)(
|
|
480
|
+
decryptedData,
|
|
481
|
+
authority,
|
|
482
|
+
TimeUtils.nowSeconds(),
|
|
483
|
+
request,
|
|
484
|
+
additionalData,
|
|
485
|
+
undefined,
|
|
486
|
+
undefined,
|
|
487
|
+
undefined,
|
|
488
|
+
undefined
|
|
489
|
+
)) as AuthenticationResult;
|
|
490
|
+
}
|
|
@@ -7,11 +7,9 @@ import { CommonAuthorizationUrlRequest } from "@azure/msal-common/browser";
|
|
|
7
7
|
|
|
8
8
|
/**
|
|
9
9
|
* This type is deprecated and will be removed on the next major version update
|
|
10
|
+
* @deprecated Will be removed in future version
|
|
10
11
|
*/
|
|
11
12
|
export type AuthorizationUrlRequest = Omit<
|
|
12
13
|
CommonAuthorizationUrlRequest,
|
|
13
|
-
"
|
|
14
|
-
|
|
15
|
-
state: string;
|
|
16
|
-
nonce: string;
|
|
17
|
-
};
|
|
14
|
+
"requestedClaimsHash" | "platformBroker"
|
|
15
|
+
>;
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
import {
|
|
7
7
|
ICrypto,
|
|
8
8
|
Logger,
|
|
9
|
-
|
|
9
|
+
AuthorizeResponse,
|
|
10
10
|
UrlUtils,
|
|
11
11
|
} from "@azure/msal-common/browser";
|
|
12
12
|
import {
|
|
@@ -20,7 +20,7 @@ export function deserializeResponse(
|
|
|
20
20
|
responseString: string,
|
|
21
21
|
responseLocation: string,
|
|
22
22
|
logger: Logger
|
|
23
|
-
):
|
|
23
|
+
): AuthorizeResponse {
|
|
24
24
|
// Deserialize hash fragment response parameters.
|
|
25
25
|
const serverParams = UrlUtils.getDeserializedResponse(responseString);
|
|
26
26
|
if (!serverParams) {
|
|
@@ -49,7 +49,7 @@ export function deserializeResponse(
|
|
|
49
49
|
* Returns the interaction type that the response object belongs to
|
|
50
50
|
*/
|
|
51
51
|
export function validateInteractionType(
|
|
52
|
-
response:
|
|
52
|
+
response: AuthorizeResponse,
|
|
53
53
|
browserCrypto: ICrypto,
|
|
54
54
|
interactionType: InteractionType
|
|
55
55
|
): void {
|
|
@@ -78,21 +78,12 @@ export type HTTP_REQUEST_TYPE =
|
|
|
78
78
|
* Temporary cache keys for MSAL, deleted after any request.
|
|
79
79
|
*/
|
|
80
80
|
export const TemporaryCacheKeys = {
|
|
81
|
-
AUTHORITY: "authority",
|
|
82
|
-
ACQUIRE_TOKEN_ACCOUNT: "acquireToken.account",
|
|
83
|
-
SESSION_STATE: "session.state",
|
|
84
|
-
REQUEST_STATE: "request.state",
|
|
85
|
-
NONCE_IDTOKEN: "nonce.id_token",
|
|
86
81
|
ORIGIN_URI: "request.origin",
|
|
87
|
-
RENEW_STATUS: "token.renew.status",
|
|
88
82
|
URL_HASH: "urlHash",
|
|
89
83
|
REQUEST_PARAMS: "request.params",
|
|
90
|
-
|
|
84
|
+
VERIFIER: "code.verifier",
|
|
91
85
|
INTERACTION_STATUS_KEY: "interaction.status",
|
|
92
|
-
CCS_CREDENTIAL: "ccs.credential",
|
|
93
|
-
CORRELATION_ID: "request.correlationId",
|
|
94
86
|
NATIVE_REQUEST: "request.native",
|
|
95
|
-
REDIRECT_CONTEXT: "request.redirect.context",
|
|
96
87
|
} as const;
|
|
97
88
|
export type TemporaryCacheKeys =
|
|
98
89
|
(typeof TemporaryCacheKeys)[keyof typeof TemporaryCacheKeys];
|
|
@@ -1,33 +0,0 @@
|
|
|
1
|
-
import { AuthorizationCodeClient, CommonAuthorizationCodeRequest, Logger, IPerformanceClient, CcsCredential, ServerAuthorizationCodeResponse } from "@azure/msal-common/browser";
|
|
2
|
-
import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
|
|
3
|
-
import { INavigationClient } from "../navigation/INavigationClient.js";
|
|
4
|
-
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
5
|
-
export type RedirectParams = {
|
|
6
|
-
navigationClient: INavigationClient;
|
|
7
|
-
redirectTimeout: number;
|
|
8
|
-
redirectStartPage: string;
|
|
9
|
-
onRedirectNavigate?: (url: string) => void | boolean;
|
|
10
|
-
};
|
|
11
|
-
export declare class RedirectHandler {
|
|
12
|
-
authModule: AuthorizationCodeClient;
|
|
13
|
-
browserStorage: BrowserCacheManager;
|
|
14
|
-
authCodeRequest: CommonAuthorizationCodeRequest;
|
|
15
|
-
logger: Logger;
|
|
16
|
-
performanceClient: IPerformanceClient;
|
|
17
|
-
constructor(authCodeModule: AuthorizationCodeClient, storageImpl: BrowserCacheManager, authCodeRequest: CommonAuthorizationCodeRequest, logger: Logger, performanceClient: IPerformanceClient);
|
|
18
|
-
/**
|
|
19
|
-
* Redirects window to given URL.
|
|
20
|
-
* @param urlNavigate
|
|
21
|
-
*/
|
|
22
|
-
initiateAuthRequest(requestUrl: string, params: RedirectParams): Promise<void>;
|
|
23
|
-
/**
|
|
24
|
-
* Handle authorization code response in the window.
|
|
25
|
-
* @param hash
|
|
26
|
-
*/
|
|
27
|
-
handleCodeResponse(response: ServerAuthorizationCodeResponse, state: string): Promise<AuthenticationResult>;
|
|
28
|
-
/**
|
|
29
|
-
* Looks up ccs creds in the cache
|
|
30
|
-
*/
|
|
31
|
-
protected checkCcsCredentials(): CcsCredential | null;
|
|
32
|
-
}
|
|
33
|
-
//# sourceMappingURL=RedirectHandler.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"RedirectHandler.d.ts","sourceRoot":"","sources":["../../src/interaction_handler/RedirectHandler.ts"],"names":[],"mappings":"AAKA,OAAO,EACH,uBAAuB,EACvB,8BAA8B,EAC9B,MAAM,EAEN,kBAAkB,EAGlB,aAAa,EAGb,+BAA+B,EAClC,MAAM,4BAA4B,CAAC;AAMpC,OAAO,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oCAAoC,CAAC;AAEvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAE3E,MAAM,MAAM,cAAc,GAAG;IACzB,gBAAgB,EAAE,iBAAiB,CAAC;IACpC,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,kBAAkB,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC;CACxD,CAAC;AAEF,qBAAa,eAAe;IACxB,UAAU,EAAE,uBAAuB,CAAC;IACpC,cAAc,EAAE,mBAAmB,CAAC;IACpC,eAAe,EAAE,8BAA8B,CAAC;IAChD,MAAM,EAAE,MAAM,CAAC;IACf,iBAAiB,EAAE,kBAAkB,CAAC;gBAGlC,cAAc,EAAE,uBAAuB,EACvC,WAAW,EAAE,mBAAmB,EAChC,eAAe,EAAE,8BAA8B,EAC/C,MAAM,EAAE,MAAM,EACd,iBAAiB,EAAE,kBAAkB;IASzC;;;OAGG;IACG,mBAAmB,CACrB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,cAAc,GACvB,OAAO,CAAC,IAAI,CAAC;IA6EhB;;;OAGG;IACG,kBAAkB,CACpB,QAAQ,EAAE,+BAA+B,EACzC,KAAK,EAAE,MAAM,GACd,OAAO,CAAC,oBAAoB,CAAC;IAgFhC;;OAEG;IACH,SAAS,CAAC,mBAAmB,IAAI,aAAa,GAAG,IAAI;CAoBxD"}
|