@azure/msal-browser 4.8.0 → 4.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientNext.mjs +1 -1
- package/dist/broker/nativeBroker/NativeMessageHandler.mjs +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.d.ts +4 -41
- package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +18 -143
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +2 -2
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +5 -5
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/ControllerFactory.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.d.ts +2 -2
- package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
- package/dist/controllers/StandardController.d.ts.map +1 -1
- package/dist/controllers/StandardController.mjs +28 -16
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.d.ts +2 -2
- package/dist/controllers/UnknownOperatingContextController.d.ts.map +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
- package/dist/controllers/UnknownOperatingContextController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.d.ts +11 -0
- package/dist/crypto/BrowserCrypto.d.ts.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +68 -5
- package/dist/crypto/BrowserCrypto.mjs.map +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.d.ts +3 -5
- package/dist/error/BrowserAuthError.d.ts.map +1 -1
- package/dist/error/BrowserAuthError.mjs +5 -7
- package/dist/error/BrowserAuthError.mjs.map +1 -1
- package/dist/error/BrowserAuthErrorCodes.d.ts +3 -1
- package/dist/error/BrowserAuthErrorCodes.d.ts.map +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +6 -4
- package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +2 -2
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/NativeInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/NativeInteractionClient.mjs +1 -3
- package/dist/interaction_client/NativeInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.d.ts +14 -1
- package/dist/interaction_client/PopupClient.d.ts.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +65 -64
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.d.ts +20 -3
- package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +132 -76
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.d.ts +13 -3
- package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +57 -44
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.d.ts +2 -3
- package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.d.ts +4 -5
- package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
- package/dist/interaction_handler/SilentHandler.d.ts +4 -2
- package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +15 -5
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -2
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +53 -1
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +147 -4
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/request/AuthorizationUrlRequest.d.ts +2 -4
- package/dist/request/AuthorizationUrlRequest.d.ts.map +1 -1
- package/dist/request/PopupRequest.d.ts +1 -1
- package/dist/request/PopupRequest.d.ts.map +1 -1
- package/dist/request/RedirectRequest.d.ts +1 -1
- package/dist/request/RedirectRequest.d.ts.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/request/SsoSilentRequest.d.ts +1 -1
- package/dist/request/SsoSilentRequest.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/utils/BrowserConstants.d.ts +1 -10
- package/dist/utils/BrowserConstants.d.ts.map +1 -1
- package/dist/utils/BrowserConstants.mjs +2 -15
- package/dist/utils/BrowserConstants.mjs.map +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +1 -1
- package/lib/msal-browser.cjs +1588 -1555
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +1588 -1555
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +68 -67
- package/lib/types/cache/BrowserCacheManager.d.ts +4 -41
- package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/lib/types/controllers/NestedAppAuthController.d.ts +2 -2
- package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
- package/lib/types/controllers/StandardController.d.ts.map +1 -1
- package/lib/types/controllers/UnknownOperatingContextController.d.ts +2 -2
- package/lib/types/controllers/UnknownOperatingContextController.d.ts.map +1 -1
- package/lib/types/crypto/BrowserCrypto.d.ts +11 -0
- package/lib/types/crypto/BrowserCrypto.d.ts.map +1 -1
- package/lib/types/error/BrowserAuthError.d.ts +3 -5
- package/lib/types/error/BrowserAuthError.d.ts.map +1 -1
- package/lib/types/error/BrowserAuthErrorCodes.d.ts +3 -1
- package/lib/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
- package/lib/types/interaction_client/NativeInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_client/PopupClient.d.ts +14 -1
- package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/lib/types/interaction_client/RedirectClient.d.ts +20 -3
- package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
- package/lib/types/interaction_client/SilentIframeClient.d.ts +13 -3
- package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/lib/types/interaction_client/StandardInteractionClient.d.ts +2 -3
- package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/lib/types/interaction_handler/InteractionHandler.d.ts +4 -5
- package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
- package/lib/types/interaction_handler/SilentHandler.d.ts +4 -2
- package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts +53 -1
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/request/AuthorizationUrlRequest.d.ts +2 -4
- package/lib/types/request/AuthorizationUrlRequest.d.ts.map +1 -1
- package/lib/types/request/PopupRequest.d.ts +1 -1
- package/lib/types/request/PopupRequest.d.ts.map +1 -1
- package/lib/types/request/RedirectRequest.d.ts +1 -1
- package/lib/types/request/RedirectRequest.d.ts.map +1 -1
- package/lib/types/request/SsoSilentRequest.d.ts +1 -1
- package/lib/types/request/SsoSilentRequest.d.ts.map +1 -1
- package/lib/types/utils/BrowserConstants.d.ts +1 -10
- package/lib/types/utils/BrowserConstants.d.ts.map +1 -1
- package/package.json +2 -2
- package/src/cache/BrowserCacheManager.ts +30 -205
- package/src/config/Configuration.ts +2 -2
- package/src/controllers/NestedAppAuthController.ts +2 -0
- package/src/controllers/StandardController.ts +35 -24
- package/src/controllers/UnknownOperatingContextController.ts +2 -0
- package/src/crypto/BrowserCrypto.ts +91 -2
- package/src/error/BrowserAuthError.ts +6 -8
- package/src/error/BrowserAuthErrorCodes.ts +3 -1
- package/src/interaction_client/NativeInteractionClient.ts +0 -2
- package/src/interaction_client/PopupClient.ts +163 -119
- package/src/interaction_client/RedirectClient.ts +258 -140
- package/src/interaction_client/SilentAuthCodeClient.ts +2 -2
- package/src/interaction_client/SilentIframeClient.ts +154 -99
- package/src/interaction_client/StandardInteractionClient.ts +3 -3
- package/src/interaction_handler/InteractionHandler.ts +4 -4
- package/src/interaction_handler/SilentHandler.ts +31 -2
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +356 -2
- package/src/request/AuthorizationUrlRequest.ts +3 -5
- package/src/request/PopupRequest.ts +1 -0
- package/src/request/RedirectRequest.ts +1 -0
- package/src/request/SsoSilentRequest.ts +1 -0
- package/src/utils/BrowserConstants.ts +1 -10
- package/dist/interaction_handler/RedirectHandler.d.ts +0 -33
- package/dist/interaction_handler/RedirectHandler.d.ts.map +0 -1
- package/dist/interaction_handler/RedirectHandler.mjs +0 -144
- package/dist/interaction_handler/RedirectHandler.mjs.map +0 -1
- package/lib/types/interaction_handler/RedirectHandler.d.ts +0 -33
- package/lib/types/interaction_handler/RedirectHandler.d.ts.map +0 -1
- package/src/interaction_handler/RedirectHandler.ts +0 -252
|
@@ -4,15 +4,12 @@
|
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
6
|
import {
|
|
7
|
-
CommonAuthorizationCodeRequest,
|
|
8
7
|
AuthorizationCodeClient,
|
|
9
8
|
UrlString,
|
|
10
9
|
AuthError,
|
|
11
10
|
ServerTelemetryManager,
|
|
12
11
|
Constants,
|
|
13
|
-
ProtocolUtils,
|
|
14
12
|
AuthorizeResponse,
|
|
15
|
-
ThrottlingUtils,
|
|
16
13
|
ICrypto,
|
|
17
14
|
Logger,
|
|
18
15
|
IPerformanceClient,
|
|
@@ -22,6 +19,7 @@ import {
|
|
|
22
19
|
ServerResponseType,
|
|
23
20
|
UrlUtils,
|
|
24
21
|
InProgressPerformanceEvent,
|
|
22
|
+
CommonAuthorizationUrlRequest,
|
|
25
23
|
} from "@azure/msal-common/browser";
|
|
26
24
|
import { StandardInteractionClient } from "./StandardInteractionClient.js";
|
|
27
25
|
import {
|
|
@@ -29,7 +27,6 @@ import {
|
|
|
29
27
|
InteractionType,
|
|
30
28
|
TemporaryCacheKeys,
|
|
31
29
|
} from "../utils/BrowserConstants.js";
|
|
32
|
-
import { RedirectHandler } from "../interaction_handler/RedirectHandler.js";
|
|
33
30
|
import * as BrowserUtils from "../utils/BrowserUtils.js";
|
|
34
31
|
import { EndSessionRequest } from "../request/EndSessionRequest.js";
|
|
35
32
|
import { EventType } from "../event/EventType.js";
|
|
@@ -39,7 +36,6 @@ import {
|
|
|
39
36
|
BrowserAuthErrorCodes,
|
|
40
37
|
} from "../error/BrowserAuthError.js";
|
|
41
38
|
import { RedirectRequest } from "../request/RedirectRequest.js";
|
|
42
|
-
import { NativeInteractionClient } from "./NativeInteractionClient.js";
|
|
43
39
|
import { NativeMessageHandler } from "../broker/nativeBroker/NativeMessageHandler.js";
|
|
44
40
|
import { BrowserConfiguration } from "../config/Configuration.js";
|
|
45
41
|
import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
|
|
@@ -48,8 +44,9 @@ import { INavigationClient } from "../navigation/INavigationClient.js";
|
|
|
48
44
|
import { EventError } from "../event/EventMessage.js";
|
|
49
45
|
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
50
46
|
import * as ResponseHandler from "../response/ResponseHandler.js";
|
|
51
|
-
import
|
|
47
|
+
import * as Authorize from "../protocol/Authorize.js";
|
|
52
48
|
import { generatePkceCodes } from "../crypto/PkceGenerator.js";
|
|
49
|
+
import { generateEarKey } from "../crypto/BrowserCrypto.js";
|
|
53
50
|
|
|
54
51
|
function getNavigationType(): NavigationTimingType | undefined {
|
|
55
52
|
if (
|
|
@@ -109,25 +106,13 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
109
106
|
this.correlationId
|
|
110
107
|
)(request, InteractionType.Redirect);
|
|
111
108
|
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
validRequest.codeChallenge = pkceCodes.challenge;
|
|
120
|
-
|
|
121
|
-
this.browserStorage.updateCacheEntries(
|
|
122
|
-
validRequest.state,
|
|
123
|
-
validRequest.nonce,
|
|
124
|
-
validRequest.authority,
|
|
125
|
-
validRequest.loginHint || "",
|
|
126
|
-
validRequest.account || null
|
|
127
|
-
);
|
|
128
|
-
const serverTelemetryManager = this.initializeServerTelemetryManager(
|
|
129
|
-
ApiId.acquireTokenRedirect
|
|
130
|
-
);
|
|
109
|
+
validRequest.platformBroker =
|
|
110
|
+
NativeMessageHandler.isPlatformBrokerAvailable(
|
|
111
|
+
this.config,
|
|
112
|
+
this.logger,
|
|
113
|
+
this.nativeMessageHandler,
|
|
114
|
+
request.authenticationScheme
|
|
115
|
+
);
|
|
131
116
|
|
|
132
117
|
const handleBackButton = (event: PageTransitionEvent) => {
|
|
133
118
|
// Clear temporary cache if the back button is clicked during the redirect flow.
|
|
@@ -135,7 +120,7 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
135
120
|
this.logger.verbose(
|
|
136
121
|
"Page was restored from back/forward cache. Clearing temporary cache."
|
|
137
122
|
);
|
|
138
|
-
this.browserStorage.
|
|
123
|
+
this.browserStorage.resetRequestCache();
|
|
139
124
|
this.eventHandler.emitEvent(
|
|
140
125
|
EventType.RESTORE_FROM_BFCACHE,
|
|
141
126
|
InteractionType.Redirect
|
|
@@ -143,6 +128,70 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
143
128
|
}
|
|
144
129
|
};
|
|
145
130
|
|
|
131
|
+
const redirectStartPage = this.getRedirectStartPage(
|
|
132
|
+
request.redirectStartPage
|
|
133
|
+
);
|
|
134
|
+
this.logger.verbosePii(`Redirect start page: ${redirectStartPage}`);
|
|
135
|
+
// Cache start page, returns to this page after redirectUri if navigateToLoginRequestUrl is true
|
|
136
|
+
this.browserStorage.setTemporaryCache(
|
|
137
|
+
TemporaryCacheKeys.ORIGIN_URI,
|
|
138
|
+
redirectStartPage,
|
|
139
|
+
true
|
|
140
|
+
);
|
|
141
|
+
|
|
142
|
+
// Clear temporary cache if the back button is clicked during the redirect flow.
|
|
143
|
+
window.addEventListener("pageshow", handleBackButton);
|
|
144
|
+
|
|
145
|
+
try {
|
|
146
|
+
if (this.config.auth.protocolMode === ProtocolMode.EAR) {
|
|
147
|
+
await this.executeEarFlow(validRequest);
|
|
148
|
+
} else {
|
|
149
|
+
await this.executeCodeFlow(
|
|
150
|
+
validRequest,
|
|
151
|
+
request.onRedirectNavigate
|
|
152
|
+
);
|
|
153
|
+
}
|
|
154
|
+
} catch (e) {
|
|
155
|
+
if (e instanceof AuthError) {
|
|
156
|
+
e.setCorrelationId(this.correlationId);
|
|
157
|
+
}
|
|
158
|
+
window.removeEventListener("pageshow", handleBackButton);
|
|
159
|
+
throw e;
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
|
|
163
|
+
/**
|
|
164
|
+
* Executes auth code + PKCE flow
|
|
165
|
+
* @param request
|
|
166
|
+
* @returns
|
|
167
|
+
*/
|
|
168
|
+
async executeCodeFlow(
|
|
169
|
+
request: CommonAuthorizationUrlRequest,
|
|
170
|
+
onRedirectNavigate?: (url: string) => boolean | void
|
|
171
|
+
): Promise<void> {
|
|
172
|
+
const correlationId = request.correlationId;
|
|
173
|
+
const serverTelemetryManager = this.initializeServerTelemetryManager(
|
|
174
|
+
ApiId.acquireTokenRedirect
|
|
175
|
+
);
|
|
176
|
+
|
|
177
|
+
const pkceCodes = await invokeAsync(
|
|
178
|
+
generatePkceCodes,
|
|
179
|
+
PerformanceEvents.GeneratePkceCodes,
|
|
180
|
+
this.logger,
|
|
181
|
+
this.performanceClient,
|
|
182
|
+
correlationId
|
|
183
|
+
)(this.performanceClient, this.logger, correlationId);
|
|
184
|
+
|
|
185
|
+
const redirectRequest = {
|
|
186
|
+
...request,
|
|
187
|
+
codeChallenge: pkceCodes.challenge,
|
|
188
|
+
};
|
|
189
|
+
|
|
190
|
+
this.browserStorage.cacheAuthorizeRequest(
|
|
191
|
+
redirectRequest,
|
|
192
|
+
pkceCodes.verifier
|
|
193
|
+
);
|
|
194
|
+
|
|
146
195
|
try {
|
|
147
196
|
// Initialize the client
|
|
148
197
|
const authClient: AuthorizationCodeClient = await invokeAsync(
|
|
@@ -153,78 +202,87 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
153
202
|
this.correlationId
|
|
154
203
|
)({
|
|
155
204
|
serverTelemetryManager,
|
|
156
|
-
requestAuthority:
|
|
157
|
-
requestAzureCloudOptions:
|
|
158
|
-
requestExtraQueryParameters:
|
|
159
|
-
|
|
205
|
+
requestAuthority: redirectRequest.authority,
|
|
206
|
+
requestAzureCloudOptions: redirectRequest.azureCloudOptions,
|
|
207
|
+
requestExtraQueryParameters:
|
|
208
|
+
redirectRequest.extraQueryParameters,
|
|
209
|
+
account: redirectRequest.account,
|
|
160
210
|
});
|
|
161
211
|
|
|
162
|
-
const authCodeRequest: CommonAuthorizationCodeRequest = {
|
|
163
|
-
...validRequest,
|
|
164
|
-
code: "", // Will get filled in after the redirect
|
|
165
|
-
codeVerifier: pkceCodes.verifier,
|
|
166
|
-
};
|
|
167
|
-
// Create redirect interaction handler.
|
|
168
|
-
const interactionHandler = new RedirectHandler(
|
|
169
|
-
authClient,
|
|
170
|
-
this.browserStorage,
|
|
171
|
-
authCodeRequest,
|
|
172
|
-
this.logger,
|
|
173
|
-
this.performanceClient
|
|
174
|
-
);
|
|
175
|
-
|
|
176
212
|
// Create acquire token url.
|
|
177
213
|
const navigateUrl = await invokeAsync(
|
|
178
|
-
getAuthCodeRequestUrl,
|
|
214
|
+
Authorize.getAuthCodeRequestUrl,
|
|
179
215
|
PerformanceEvents.GetAuthCodeUrl,
|
|
180
216
|
this.logger,
|
|
181
217
|
this.performanceClient,
|
|
182
|
-
|
|
218
|
+
request.correlationId
|
|
183
219
|
)(
|
|
184
220
|
this.config,
|
|
185
221
|
authClient.authority,
|
|
186
|
-
|
|
187
|
-
...validRequest,
|
|
188
|
-
platformBroker:
|
|
189
|
-
NativeMessageHandler.isPlatformBrokerAvailable(
|
|
190
|
-
this.config,
|
|
191
|
-
this.logger,
|
|
192
|
-
this.nativeMessageHandler,
|
|
193
|
-
request.authenticationScheme
|
|
194
|
-
),
|
|
195
|
-
},
|
|
222
|
+
redirectRequest,
|
|
196
223
|
this.logger,
|
|
197
224
|
this.performanceClient
|
|
198
225
|
);
|
|
199
|
-
|
|
200
|
-
const redirectStartPage = this.getRedirectStartPage(
|
|
201
|
-
request.redirectStartPage
|
|
202
|
-
);
|
|
203
|
-
this.logger.verbosePii(`Redirect start page: ${redirectStartPage}`);
|
|
204
|
-
|
|
205
|
-
// Clear temporary cache if the back button is clicked during the redirect flow.
|
|
206
|
-
window.addEventListener("pageshow", handleBackButton);
|
|
207
|
-
|
|
208
226
|
// Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function.
|
|
209
|
-
return await
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
onRedirectNavigate:
|
|
214
|
-
request.onRedirectNavigate ||
|
|
215
|
-
this.config.auth.onRedirectNavigate,
|
|
216
|
-
});
|
|
227
|
+
return await this.initiateAuthRequest(
|
|
228
|
+
navigateUrl,
|
|
229
|
+
onRedirectNavigate
|
|
230
|
+
);
|
|
217
231
|
} catch (e) {
|
|
218
232
|
if (e instanceof AuthError) {
|
|
219
233
|
e.setCorrelationId(this.correlationId);
|
|
220
234
|
serverTelemetryManager.cacheFailedRequest(e);
|
|
221
235
|
}
|
|
222
|
-
window.removeEventListener("pageshow", handleBackButton);
|
|
223
|
-
this.browserStorage.cleanRequestByState(validRequest.state);
|
|
224
236
|
throw e;
|
|
225
237
|
}
|
|
226
238
|
}
|
|
227
239
|
|
|
240
|
+
/**
|
|
241
|
+
* Executes EAR flow
|
|
242
|
+
* @param request
|
|
243
|
+
*/
|
|
244
|
+
async executeEarFlow(
|
|
245
|
+
request: CommonAuthorizationUrlRequest
|
|
246
|
+
): Promise<void> {
|
|
247
|
+
const correlationId = request.correlationId;
|
|
248
|
+
// Get the frame handle for the silent request
|
|
249
|
+
const discoveredAuthority = await invokeAsync(
|
|
250
|
+
this.getDiscoveredAuthority.bind(this),
|
|
251
|
+
PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority,
|
|
252
|
+
this.logger,
|
|
253
|
+
this.performanceClient,
|
|
254
|
+
correlationId
|
|
255
|
+
)({
|
|
256
|
+
requestAuthority: request.authority,
|
|
257
|
+
requestAzureCloudOptions: request.azureCloudOptions,
|
|
258
|
+
requestExtraQueryParameters: request.extraQueryParameters,
|
|
259
|
+
account: request.account,
|
|
260
|
+
});
|
|
261
|
+
|
|
262
|
+
const earJwk = await invokeAsync(
|
|
263
|
+
generateEarKey,
|
|
264
|
+
PerformanceEvents.GenerateEarKey,
|
|
265
|
+
this.logger,
|
|
266
|
+
this.performanceClient,
|
|
267
|
+
correlationId
|
|
268
|
+
)();
|
|
269
|
+
const redirectRequest = {
|
|
270
|
+
...request,
|
|
271
|
+
earJwk: earJwk,
|
|
272
|
+
};
|
|
273
|
+
this.browserStorage.cacheAuthorizeRequest(redirectRequest);
|
|
274
|
+
|
|
275
|
+
const form = await Authorize.getEARForm(
|
|
276
|
+
document,
|
|
277
|
+
this.config,
|
|
278
|
+
discoveredAuthority,
|
|
279
|
+
redirectRequest,
|
|
280
|
+
this.logger,
|
|
281
|
+
this.performanceClient
|
|
282
|
+
);
|
|
283
|
+
form.submit();
|
|
284
|
+
}
|
|
285
|
+
|
|
228
286
|
/**
|
|
229
287
|
* Checks if navigateToLoginRequestUrl is set, and:
|
|
230
288
|
* - if true, performs logic to cache and navigate
|
|
@@ -234,6 +292,8 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
234
292
|
*/
|
|
235
293
|
async handleRedirectPromise(
|
|
236
294
|
hash: string = "",
|
|
295
|
+
request: CommonAuthorizationUrlRequest,
|
|
296
|
+
pkceVerifier: string,
|
|
237
297
|
parentMeasurement: InProgressPerformanceEvent
|
|
238
298
|
): Promise<AuthenticationResult | null> {
|
|
239
299
|
const serverTelemetryManager = this.initializeServerTelemetryManager(
|
|
@@ -241,12 +301,6 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
241
301
|
);
|
|
242
302
|
|
|
243
303
|
try {
|
|
244
|
-
if (!this.browserStorage.isInteractionInProgress(true)) {
|
|
245
|
-
this.logger.info(
|
|
246
|
-
"handleRedirectPromise called but there is no interaction in progress, returning null."
|
|
247
|
-
);
|
|
248
|
-
return null;
|
|
249
|
-
}
|
|
250
304
|
const [serverParams, responseString] = this.getRedirectResponse(
|
|
251
305
|
hash || ""
|
|
252
306
|
);
|
|
@@ -255,9 +309,7 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
255
309
|
this.logger.info(
|
|
256
310
|
"handleRedirectPromise did not detect a response as a result of a redirect. Cleaning temporary cache."
|
|
257
311
|
);
|
|
258
|
-
this.browserStorage.
|
|
259
|
-
InteractionType.Redirect
|
|
260
|
-
);
|
|
312
|
+
this.browserStorage.resetRequestCache();
|
|
261
313
|
|
|
262
314
|
// Do not instrument "no_server_response" if user clicked back button
|
|
263
315
|
if (getNavigationType() !== "back_forward") {
|
|
@@ -298,6 +350,8 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
298
350
|
|
|
299
351
|
const handleHashResult = await this.handleResponse(
|
|
300
352
|
serverParams,
|
|
353
|
+
request,
|
|
354
|
+
pkceVerifier,
|
|
301
355
|
serverTelemetryManager
|
|
302
356
|
);
|
|
303
357
|
|
|
@@ -308,6 +362,8 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
308
362
|
);
|
|
309
363
|
return await this.handleResponse(
|
|
310
364
|
serverParams,
|
|
365
|
+
request,
|
|
366
|
+
pkceVerifier,
|
|
311
367
|
serverTelemetryManager
|
|
312
368
|
);
|
|
313
369
|
} else if (
|
|
@@ -367,6 +423,8 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
367
423
|
if (!processHashOnRedirect) {
|
|
368
424
|
return await this.handleResponse(
|
|
369
425
|
serverParams,
|
|
426
|
+
request,
|
|
427
|
+
pkceVerifier,
|
|
370
428
|
serverTelemetryManager
|
|
371
429
|
);
|
|
372
430
|
}
|
|
@@ -378,9 +436,6 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
378
436
|
(e as AuthError).setCorrelationId(this.correlationId);
|
|
379
437
|
serverTelemetryManager.cacheFailedRequest(e);
|
|
380
438
|
}
|
|
381
|
-
this.browserStorage.cleanRequestByInteractionType(
|
|
382
|
-
InteractionType.Redirect
|
|
383
|
-
);
|
|
384
439
|
throw e;
|
|
385
440
|
}
|
|
386
441
|
}
|
|
@@ -459,6 +514,8 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
459
514
|
*/
|
|
460
515
|
protected async handleResponse(
|
|
461
516
|
serverParams: AuthorizeResponse,
|
|
517
|
+
request: CommonAuthorizationUrlRequest,
|
|
518
|
+
codeVerifier: string,
|
|
462
519
|
serverTelemetryManager: ServerTelemetryManager
|
|
463
520
|
): Promise<AuthenticationResult> {
|
|
464
521
|
const state = serverParams.state;
|
|
@@ -466,52 +523,37 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
466
523
|
throw createBrowserAuthError(BrowserAuthErrorCodes.noStateInHash);
|
|
467
524
|
}
|
|
468
525
|
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
526
|
+
if (serverParams.ear_jwe) {
|
|
527
|
+
const discoveredAuthority = await invokeAsync(
|
|
528
|
+
this.getDiscoveredAuthority.bind(this),
|
|
529
|
+
PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority,
|
|
530
|
+
this.logger,
|
|
531
|
+
this.performanceClient,
|
|
532
|
+
request.correlationId
|
|
533
|
+
)({
|
|
534
|
+
requestAuthority: request.authority,
|
|
535
|
+
requestAzureCloudOptions: request.azureCloudOptions,
|
|
536
|
+
requestExtraQueryParameters: request.extraQueryParameters,
|
|
537
|
+
account: request.account,
|
|
538
|
+
});
|
|
539
|
+
return invokeAsync(
|
|
540
|
+
Authorize.handleResponseEAR,
|
|
541
|
+
PerformanceEvents.HandleResponseEar,
|
|
542
|
+
this.logger,
|
|
543
|
+
this.performanceClient,
|
|
544
|
+
request.correlationId
|
|
545
|
+
)(
|
|
546
|
+
request,
|
|
547
|
+
serverParams,
|
|
548
|
+
ApiId.acquireTokenRedirect,
|
|
482
549
|
this.config,
|
|
550
|
+
discoveredAuthority,
|
|
483
551
|
this.browserStorage,
|
|
484
|
-
this.
|
|
485
|
-
this.logger,
|
|
552
|
+
this.nativeStorage,
|
|
486
553
|
this.eventHandler,
|
|
487
|
-
this.
|
|
488
|
-
ApiId.acquireTokenPopup,
|
|
554
|
+
this.logger,
|
|
489
555
|
this.performanceClient,
|
|
490
|
-
this.nativeMessageHandler
|
|
491
|
-
serverParams.accountId,
|
|
492
|
-
this.nativeStorage,
|
|
493
|
-
cachedRequest.correlationId
|
|
494
|
-
);
|
|
495
|
-
const { userRequestState } = ProtocolUtils.parseRequestState(
|
|
496
|
-
this.browserCrypto,
|
|
497
|
-
state
|
|
498
|
-
);
|
|
499
|
-
return nativeInteractionClient
|
|
500
|
-
.acquireToken({
|
|
501
|
-
...cachedRequest,
|
|
502
|
-
state: userRequestState,
|
|
503
|
-
prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently
|
|
504
|
-
})
|
|
505
|
-
.finally(() => {
|
|
506
|
-
this.browserStorage.cleanRequestByState(state);
|
|
507
|
-
});
|
|
508
|
-
}
|
|
509
|
-
|
|
510
|
-
// Hash contains known properties - handle and return in callback
|
|
511
|
-
const currentAuthority = this.browserStorage.getCachedAuthority(state);
|
|
512
|
-
if (!currentAuthority) {
|
|
513
|
-
throw createBrowserAuthError(
|
|
514
|
-
BrowserAuthErrorCodes.noCachedAuthorityError
|
|
556
|
+
this.nativeMessageHandler
|
|
515
557
|
);
|
|
516
558
|
}
|
|
517
559
|
|
|
@@ -521,21 +563,97 @@ export class RedirectClient extends StandardInteractionClient {
|
|
|
521
563
|
this.logger,
|
|
522
564
|
this.performanceClient,
|
|
523
565
|
this.correlationId
|
|
524
|
-
)({ serverTelemetryManager, requestAuthority:
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
this.
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
|
|
566
|
+
)({ serverTelemetryManager, requestAuthority: request.authority });
|
|
567
|
+
return invokeAsync(
|
|
568
|
+
Authorize.handleResponseCode,
|
|
569
|
+
PerformanceEvents.HandleResponseCode,
|
|
570
|
+
this.logger,
|
|
571
|
+
this.performanceClient,
|
|
572
|
+
request.correlationId
|
|
573
|
+
)(
|
|
574
|
+
request,
|
|
575
|
+
serverParams,
|
|
576
|
+
codeVerifier,
|
|
577
|
+
ApiId.acquireTokenRedirect,
|
|
578
|
+
this.config,
|
|
532
579
|
authClient,
|
|
533
580
|
this.browserStorage,
|
|
534
|
-
|
|
581
|
+
this.nativeStorage,
|
|
582
|
+
this.eventHandler,
|
|
535
583
|
this.logger,
|
|
536
|
-
this.performanceClient
|
|
584
|
+
this.performanceClient,
|
|
585
|
+
this.nativeMessageHandler
|
|
537
586
|
);
|
|
538
|
-
|
|
587
|
+
}
|
|
588
|
+
|
|
589
|
+
/**
|
|
590
|
+
* Redirects window to given URL.
|
|
591
|
+
* @param urlNavigate
|
|
592
|
+
* @param onRedirectNavigateRequest - onRedirectNavigate callback provided on the request
|
|
593
|
+
*/
|
|
594
|
+
async initiateAuthRequest(
|
|
595
|
+
requestUrl: string,
|
|
596
|
+
onRedirectNavigateRequest?: (url: string) => boolean | void
|
|
597
|
+
): Promise<void> {
|
|
598
|
+
this.logger.verbose("RedirectHandler.initiateAuthRequest called");
|
|
599
|
+
// Navigate if valid URL
|
|
600
|
+
if (requestUrl) {
|
|
601
|
+
this.logger.infoPii(
|
|
602
|
+
`RedirectHandler.initiateAuthRequest: Navigate to: ${requestUrl}`
|
|
603
|
+
);
|
|
604
|
+
const navigationOptions: NavigationOptions = {
|
|
605
|
+
apiId: ApiId.acquireTokenRedirect,
|
|
606
|
+
timeout: this.config.system.redirectNavigationTimeout,
|
|
607
|
+
noHistory: false,
|
|
608
|
+
};
|
|
609
|
+
|
|
610
|
+
const onRedirectNavigate =
|
|
611
|
+
onRedirectNavigateRequest ||
|
|
612
|
+
this.config.auth.onRedirectNavigate;
|
|
613
|
+
|
|
614
|
+
// If onRedirectNavigate is implemented, invoke it and provide requestUrl
|
|
615
|
+
if (typeof onRedirectNavigate === "function") {
|
|
616
|
+
this.logger.verbose(
|
|
617
|
+
"RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback"
|
|
618
|
+
);
|
|
619
|
+
const navigate = onRedirectNavigate(requestUrl);
|
|
620
|
+
|
|
621
|
+
// Returning false from onRedirectNavigate will stop navigation
|
|
622
|
+
if (navigate !== false) {
|
|
623
|
+
this.logger.verbose(
|
|
624
|
+
"RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating"
|
|
625
|
+
);
|
|
626
|
+
await this.navigationClient.navigateExternal(
|
|
627
|
+
requestUrl,
|
|
628
|
+
navigationOptions
|
|
629
|
+
);
|
|
630
|
+
return;
|
|
631
|
+
} else {
|
|
632
|
+
this.logger.verbose(
|
|
633
|
+
"RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation"
|
|
634
|
+
);
|
|
635
|
+
return;
|
|
636
|
+
}
|
|
637
|
+
} else {
|
|
638
|
+
// Navigate window to request URL
|
|
639
|
+
this.logger.verbose(
|
|
640
|
+
"RedirectHandler.initiateAuthRequest: Navigating window to navigate url"
|
|
641
|
+
);
|
|
642
|
+
await this.navigationClient.navigateExternal(
|
|
643
|
+
requestUrl,
|
|
644
|
+
navigationOptions
|
|
645
|
+
);
|
|
646
|
+
return;
|
|
647
|
+
}
|
|
648
|
+
} else {
|
|
649
|
+
// Throw error if request URL is empty.
|
|
650
|
+
this.logger.info(
|
|
651
|
+
"RedirectHandler.initiateAuthRequest: Navigate url is empty"
|
|
652
|
+
);
|
|
653
|
+
throw createBrowserAuthError(
|
|
654
|
+
BrowserAuthErrorCodes.emptyNavigateUri
|
|
655
|
+
);
|
|
656
|
+
}
|
|
539
657
|
}
|
|
540
658
|
|
|
541
659
|
/**
|
|
@@ -11,9 +11,9 @@ import {
|
|
|
11
11
|
IPerformanceClient,
|
|
12
12
|
PerformanceEvents,
|
|
13
13
|
invokeAsync,
|
|
14
|
+
CommonAuthorizationUrlRequest,
|
|
14
15
|
} from "@azure/msal-common/browser";
|
|
15
16
|
import { StandardInteractionClient } from "./StandardInteractionClient.js";
|
|
16
|
-
import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest.js";
|
|
17
17
|
import { BrowserConfiguration } from "../config/Configuration.js";
|
|
18
18
|
import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
|
|
19
19
|
import { EventHandler } from "../event/EventHandler.js";
|
|
@@ -73,7 +73,7 @@ export class SilentAuthCodeClient extends StandardInteractionClient {
|
|
|
73
73
|
}
|
|
74
74
|
|
|
75
75
|
// Create silent request
|
|
76
|
-
const silentRequest:
|
|
76
|
+
const silentRequest: CommonAuthorizationUrlRequest = await invokeAsync(
|
|
77
77
|
this.initializeAuthorizationRequest.bind(this),
|
|
78
78
|
PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,
|
|
79
79
|
this.logger,
|