@azure/msal-browser 4.8.0 → 4.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (202) hide show
  1. package/dist/app/IPublicClientApplication.mjs +1 -1
  2. package/dist/app/PublicClientApplication.mjs +1 -1
  3. package/dist/app/PublicClientNext.mjs +1 -1
  4. package/dist/broker/nativeBroker/NativeMessageHandler.mjs +1 -1
  5. package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
  6. package/dist/cache/AccountManager.mjs +1 -1
  7. package/dist/cache/AsyncMemoryStorage.mjs +1 -1
  8. package/dist/cache/BrowserCacheManager.d.ts +4 -41
  9. package/dist/cache/BrowserCacheManager.d.ts.map +1 -1
  10. package/dist/cache/BrowserCacheManager.mjs +18 -143
  11. package/dist/cache/BrowserCacheManager.mjs.map +1 -1
  12. package/dist/cache/CacheHelpers.mjs +1 -1
  13. package/dist/cache/CookieStorage.mjs +1 -1
  14. package/dist/cache/DatabaseStorage.mjs +1 -1
  15. package/dist/cache/LocalStorage.mjs +2 -2
  16. package/dist/cache/MemoryStorage.mjs +1 -1
  17. package/dist/cache/SessionStorage.mjs +1 -1
  18. package/dist/cache/TokenCache.mjs +1 -1
  19. package/dist/config/Configuration.mjs +5 -5
  20. package/dist/config/Configuration.mjs.map +1 -1
  21. package/dist/controllers/ControllerFactory.mjs +1 -1
  22. package/dist/controllers/NestedAppAuthController.d.ts +2 -2
  23. package/dist/controllers/NestedAppAuthController.d.ts.map +1 -1
  24. package/dist/controllers/NestedAppAuthController.mjs +1 -1
  25. package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
  26. package/dist/controllers/StandardController.d.ts.map +1 -1
  27. package/dist/controllers/StandardController.mjs +28 -16
  28. package/dist/controllers/StandardController.mjs.map +1 -1
  29. package/dist/controllers/UnknownOperatingContextController.d.ts +2 -2
  30. package/dist/controllers/UnknownOperatingContextController.d.ts.map +1 -1
  31. package/dist/controllers/UnknownOperatingContextController.mjs +1 -1
  32. package/dist/controllers/UnknownOperatingContextController.mjs.map +1 -1
  33. package/dist/crypto/BrowserCrypto.d.ts +11 -0
  34. package/dist/crypto/BrowserCrypto.d.ts.map +1 -1
  35. package/dist/crypto/BrowserCrypto.mjs +68 -5
  36. package/dist/crypto/BrowserCrypto.mjs.map +1 -1
  37. package/dist/crypto/CryptoOps.mjs +1 -1
  38. package/dist/crypto/PkceGenerator.mjs +1 -1
  39. package/dist/crypto/SignedHttpRequest.mjs +1 -1
  40. package/dist/encode/Base64Decode.mjs +1 -1
  41. package/dist/encode/Base64Encode.mjs +1 -1
  42. package/dist/error/BrowserAuthError.d.ts +3 -5
  43. package/dist/error/BrowserAuthError.d.ts.map +1 -1
  44. package/dist/error/BrowserAuthError.mjs +5 -7
  45. package/dist/error/BrowserAuthError.mjs.map +1 -1
  46. package/dist/error/BrowserAuthErrorCodes.d.ts +3 -1
  47. package/dist/error/BrowserAuthErrorCodes.d.ts.map +1 -1
  48. package/dist/error/BrowserAuthErrorCodes.mjs +6 -4
  49. package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
  50. package/dist/error/BrowserConfigurationAuthError.mjs +2 -2
  51. package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
  52. package/dist/error/NativeAuthError.mjs +1 -1
  53. package/dist/error/NativeAuthErrorCodes.mjs +1 -1
  54. package/dist/error/NestedAppAuthError.mjs +1 -1
  55. package/dist/event/EventHandler.mjs +1 -1
  56. package/dist/event/EventMessage.mjs +1 -1
  57. package/dist/event/EventType.mjs +1 -1
  58. package/dist/index.mjs +1 -1
  59. package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
  60. package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
  61. package/dist/interaction_client/NativeInteractionClient.d.ts.map +1 -1
  62. package/dist/interaction_client/NativeInteractionClient.mjs +1 -3
  63. package/dist/interaction_client/NativeInteractionClient.mjs.map +1 -1
  64. package/dist/interaction_client/PopupClient.d.ts +14 -1
  65. package/dist/interaction_client/PopupClient.d.ts.map +1 -1
  66. package/dist/interaction_client/PopupClient.mjs +65 -64
  67. package/dist/interaction_client/PopupClient.mjs.map +1 -1
  68. package/dist/interaction_client/RedirectClient.d.ts +20 -3
  69. package/dist/interaction_client/RedirectClient.d.ts.map +1 -1
  70. package/dist/interaction_client/RedirectClient.mjs +132 -76
  71. package/dist/interaction_client/RedirectClient.mjs.map +1 -1
  72. package/dist/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  73. package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
  74. package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
  75. package/dist/interaction_client/SilentCacheClient.mjs +1 -1
  76. package/dist/interaction_client/SilentIframeClient.d.ts +13 -3
  77. package/dist/interaction_client/SilentIframeClient.d.ts.map +1 -1
  78. package/dist/interaction_client/SilentIframeClient.mjs +57 -44
  79. package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
  80. package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
  81. package/dist/interaction_client/StandardInteractionClient.d.ts +2 -3
  82. package/dist/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  83. package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
  84. package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
  85. package/dist/interaction_handler/InteractionHandler.d.ts +4 -5
  86. package/dist/interaction_handler/InteractionHandler.d.ts.map +1 -1
  87. package/dist/interaction_handler/InteractionHandler.mjs +1 -1
  88. package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
  89. package/dist/interaction_handler/SilentHandler.d.ts +4 -2
  90. package/dist/interaction_handler/SilentHandler.d.ts.map +1 -1
  91. package/dist/interaction_handler/SilentHandler.mjs +15 -5
  92. package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
  93. package/dist/naa/BridgeError.mjs +1 -1
  94. package/dist/naa/BridgeProxy.mjs +1 -1
  95. package/dist/naa/BridgeStatusCode.mjs +1 -1
  96. package/dist/naa/mapping/NestedAppAuthAdapter.mjs +2 -2
  97. package/dist/navigation/NavigationClient.mjs +1 -1
  98. package/dist/network/FetchClient.mjs +1 -1
  99. package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
  100. package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
  101. package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
  102. package/dist/operatingcontext/UnknownOperatingContext.mjs +1 -1
  103. package/dist/packageMetadata.d.ts +1 -1
  104. package/dist/packageMetadata.mjs +2 -2
  105. package/dist/protocol/Authorize.d.ts +53 -1
  106. package/dist/protocol/Authorize.d.ts.map +1 -1
  107. package/dist/protocol/Authorize.mjs +147 -4
  108. package/dist/protocol/Authorize.mjs.map +1 -1
  109. package/dist/request/AuthorizationUrlRequest.d.ts +2 -4
  110. package/dist/request/AuthorizationUrlRequest.d.ts.map +1 -1
  111. package/dist/request/PopupRequest.d.ts +1 -1
  112. package/dist/request/PopupRequest.d.ts.map +1 -1
  113. package/dist/request/RedirectRequest.d.ts +1 -1
  114. package/dist/request/RedirectRequest.d.ts.map +1 -1
  115. package/dist/request/RequestHelpers.mjs +1 -1
  116. package/dist/request/SsoSilentRequest.d.ts +1 -1
  117. package/dist/request/SsoSilentRequest.d.ts.map +1 -1
  118. package/dist/response/ResponseHandler.mjs +1 -1
  119. package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
  120. package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
  121. package/dist/utils/BrowserConstants.d.ts +1 -10
  122. package/dist/utils/BrowserConstants.d.ts.map +1 -1
  123. package/dist/utils/BrowserConstants.mjs +2 -15
  124. package/dist/utils/BrowserConstants.mjs.map +1 -1
  125. package/dist/utils/BrowserProtocolUtils.mjs +1 -1
  126. package/dist/utils/BrowserUtils.mjs +1 -1
  127. package/lib/msal-browser.cjs +1588 -1555
  128. package/lib/msal-browser.cjs.map +1 -1
  129. package/lib/msal-browser.js +1588 -1555
  130. package/lib/msal-browser.js.map +1 -1
  131. package/lib/msal-browser.min.js +68 -67
  132. package/lib/types/cache/BrowserCacheManager.d.ts +4 -41
  133. package/lib/types/cache/BrowserCacheManager.d.ts.map +1 -1
  134. package/lib/types/controllers/NestedAppAuthController.d.ts +2 -2
  135. package/lib/types/controllers/NestedAppAuthController.d.ts.map +1 -1
  136. package/lib/types/controllers/StandardController.d.ts.map +1 -1
  137. package/lib/types/controllers/UnknownOperatingContextController.d.ts +2 -2
  138. package/lib/types/controllers/UnknownOperatingContextController.d.ts.map +1 -1
  139. package/lib/types/crypto/BrowserCrypto.d.ts +11 -0
  140. package/lib/types/crypto/BrowserCrypto.d.ts.map +1 -1
  141. package/lib/types/error/BrowserAuthError.d.ts +3 -5
  142. package/lib/types/error/BrowserAuthError.d.ts.map +1 -1
  143. package/lib/types/error/BrowserAuthErrorCodes.d.ts +3 -1
  144. package/lib/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
  145. package/lib/types/interaction_client/NativeInteractionClient.d.ts.map +1 -1
  146. package/lib/types/interaction_client/PopupClient.d.ts +14 -1
  147. package/lib/types/interaction_client/PopupClient.d.ts.map +1 -1
  148. package/lib/types/interaction_client/RedirectClient.d.ts +20 -3
  149. package/lib/types/interaction_client/RedirectClient.d.ts.map +1 -1
  150. package/lib/types/interaction_client/SilentAuthCodeClient.d.ts.map +1 -1
  151. package/lib/types/interaction_client/SilentIframeClient.d.ts +13 -3
  152. package/lib/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
  153. package/lib/types/interaction_client/StandardInteractionClient.d.ts +2 -3
  154. package/lib/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
  155. package/lib/types/interaction_handler/InteractionHandler.d.ts +4 -5
  156. package/lib/types/interaction_handler/InteractionHandler.d.ts.map +1 -1
  157. package/lib/types/interaction_handler/SilentHandler.d.ts +4 -2
  158. package/lib/types/interaction_handler/SilentHandler.d.ts.map +1 -1
  159. package/lib/types/packageMetadata.d.ts +1 -1
  160. package/lib/types/protocol/Authorize.d.ts +53 -1
  161. package/lib/types/protocol/Authorize.d.ts.map +1 -1
  162. package/lib/types/request/AuthorizationUrlRequest.d.ts +2 -4
  163. package/lib/types/request/AuthorizationUrlRequest.d.ts.map +1 -1
  164. package/lib/types/request/PopupRequest.d.ts +1 -1
  165. package/lib/types/request/PopupRequest.d.ts.map +1 -1
  166. package/lib/types/request/RedirectRequest.d.ts +1 -1
  167. package/lib/types/request/RedirectRequest.d.ts.map +1 -1
  168. package/lib/types/request/SsoSilentRequest.d.ts +1 -1
  169. package/lib/types/request/SsoSilentRequest.d.ts.map +1 -1
  170. package/lib/types/utils/BrowserConstants.d.ts +1 -10
  171. package/lib/types/utils/BrowserConstants.d.ts.map +1 -1
  172. package/package.json +2 -2
  173. package/src/cache/BrowserCacheManager.ts +30 -205
  174. package/src/config/Configuration.ts +2 -2
  175. package/src/controllers/NestedAppAuthController.ts +2 -0
  176. package/src/controllers/StandardController.ts +35 -24
  177. package/src/controllers/UnknownOperatingContextController.ts +2 -0
  178. package/src/crypto/BrowserCrypto.ts +91 -2
  179. package/src/error/BrowserAuthError.ts +6 -8
  180. package/src/error/BrowserAuthErrorCodes.ts +3 -1
  181. package/src/interaction_client/NativeInteractionClient.ts +0 -2
  182. package/src/interaction_client/PopupClient.ts +163 -119
  183. package/src/interaction_client/RedirectClient.ts +258 -140
  184. package/src/interaction_client/SilentAuthCodeClient.ts +2 -2
  185. package/src/interaction_client/SilentIframeClient.ts +154 -99
  186. package/src/interaction_client/StandardInteractionClient.ts +3 -3
  187. package/src/interaction_handler/InteractionHandler.ts +4 -4
  188. package/src/interaction_handler/SilentHandler.ts +31 -2
  189. package/src/packageMetadata.ts +1 -1
  190. package/src/protocol/Authorize.ts +356 -2
  191. package/src/request/AuthorizationUrlRequest.ts +3 -5
  192. package/src/request/PopupRequest.ts +1 -0
  193. package/src/request/RedirectRequest.ts +1 -0
  194. package/src/request/SsoSilentRequest.ts +1 -0
  195. package/src/utils/BrowserConstants.ts +1 -10
  196. package/dist/interaction_handler/RedirectHandler.d.ts +0 -33
  197. package/dist/interaction_handler/RedirectHandler.d.ts.map +0 -1
  198. package/dist/interaction_handler/RedirectHandler.mjs +0 -144
  199. package/dist/interaction_handler/RedirectHandler.mjs.map +0 -1
  200. package/lib/types/interaction_handler/RedirectHandler.d.ts +0 -33
  201. package/lib/types/interaction_handler/RedirectHandler.d.ts.map +0 -1
  202. package/src/interaction_handler/RedirectHandler.ts +0 -252
@@ -4,15 +4,12 @@
4
4
  */
5
5
 
6
6
  import {
7
- CommonAuthorizationCodeRequest,
8
7
  AuthorizationCodeClient,
9
8
  UrlString,
10
9
  AuthError,
11
10
  ServerTelemetryManager,
12
11
  Constants,
13
- ProtocolUtils,
14
12
  AuthorizeResponse,
15
- ThrottlingUtils,
16
13
  ICrypto,
17
14
  Logger,
18
15
  IPerformanceClient,
@@ -22,6 +19,7 @@ import {
22
19
  ServerResponseType,
23
20
  UrlUtils,
24
21
  InProgressPerformanceEvent,
22
+ CommonAuthorizationUrlRequest,
25
23
  } from "@azure/msal-common/browser";
26
24
  import { StandardInteractionClient } from "./StandardInteractionClient.js";
27
25
  import {
@@ -29,7 +27,6 @@ import {
29
27
  InteractionType,
30
28
  TemporaryCacheKeys,
31
29
  } from "../utils/BrowserConstants.js";
32
- import { RedirectHandler } from "../interaction_handler/RedirectHandler.js";
33
30
  import * as BrowserUtils from "../utils/BrowserUtils.js";
34
31
  import { EndSessionRequest } from "../request/EndSessionRequest.js";
35
32
  import { EventType } from "../event/EventType.js";
@@ -39,7 +36,6 @@ import {
39
36
  BrowserAuthErrorCodes,
40
37
  } from "../error/BrowserAuthError.js";
41
38
  import { RedirectRequest } from "../request/RedirectRequest.js";
42
- import { NativeInteractionClient } from "./NativeInteractionClient.js";
43
39
  import { NativeMessageHandler } from "../broker/nativeBroker/NativeMessageHandler.js";
44
40
  import { BrowserConfiguration } from "../config/Configuration.js";
45
41
  import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
@@ -48,8 +44,9 @@ import { INavigationClient } from "../navigation/INavigationClient.js";
48
44
  import { EventError } from "../event/EventMessage.js";
49
45
  import { AuthenticationResult } from "../response/AuthenticationResult.js";
50
46
  import * as ResponseHandler from "../response/ResponseHandler.js";
51
- import { getAuthCodeRequestUrl } from "../protocol/Authorize.js";
47
+ import * as Authorize from "../protocol/Authorize.js";
52
48
  import { generatePkceCodes } from "../crypto/PkceGenerator.js";
49
+ import { generateEarKey } from "../crypto/BrowserCrypto.js";
53
50
 
54
51
  function getNavigationType(): NavigationTimingType | undefined {
55
52
  if (
@@ -109,25 +106,13 @@ export class RedirectClient extends StandardInteractionClient {
109
106
  this.correlationId
110
107
  )(request, InteractionType.Redirect);
111
108
 
112
- const pkceCodes = await invokeAsync(
113
- generatePkceCodes,
114
- PerformanceEvents.GeneratePkceCodes,
115
- this.logger,
116
- this.performanceClient,
117
- this.correlationId
118
- )(this.performanceClient, this.logger, this.correlationId);
119
- validRequest.codeChallenge = pkceCodes.challenge;
120
-
121
- this.browserStorage.updateCacheEntries(
122
- validRequest.state,
123
- validRequest.nonce,
124
- validRequest.authority,
125
- validRequest.loginHint || "",
126
- validRequest.account || null
127
- );
128
- const serverTelemetryManager = this.initializeServerTelemetryManager(
129
- ApiId.acquireTokenRedirect
130
- );
109
+ validRequest.platformBroker =
110
+ NativeMessageHandler.isPlatformBrokerAvailable(
111
+ this.config,
112
+ this.logger,
113
+ this.nativeMessageHandler,
114
+ request.authenticationScheme
115
+ );
131
116
 
132
117
  const handleBackButton = (event: PageTransitionEvent) => {
133
118
  // Clear temporary cache if the back button is clicked during the redirect flow.
@@ -135,7 +120,7 @@ export class RedirectClient extends StandardInteractionClient {
135
120
  this.logger.verbose(
136
121
  "Page was restored from back/forward cache. Clearing temporary cache."
137
122
  );
138
- this.browserStorage.cleanRequestByState(validRequest.state);
123
+ this.browserStorage.resetRequestCache();
139
124
  this.eventHandler.emitEvent(
140
125
  EventType.RESTORE_FROM_BFCACHE,
141
126
  InteractionType.Redirect
@@ -143,6 +128,70 @@ export class RedirectClient extends StandardInteractionClient {
143
128
  }
144
129
  };
145
130
 
131
+ const redirectStartPage = this.getRedirectStartPage(
132
+ request.redirectStartPage
133
+ );
134
+ this.logger.verbosePii(`Redirect start page: ${redirectStartPage}`);
135
+ // Cache start page, returns to this page after redirectUri if navigateToLoginRequestUrl is true
136
+ this.browserStorage.setTemporaryCache(
137
+ TemporaryCacheKeys.ORIGIN_URI,
138
+ redirectStartPage,
139
+ true
140
+ );
141
+
142
+ // Clear temporary cache if the back button is clicked during the redirect flow.
143
+ window.addEventListener("pageshow", handleBackButton);
144
+
145
+ try {
146
+ if (this.config.auth.protocolMode === ProtocolMode.EAR) {
147
+ await this.executeEarFlow(validRequest);
148
+ } else {
149
+ await this.executeCodeFlow(
150
+ validRequest,
151
+ request.onRedirectNavigate
152
+ );
153
+ }
154
+ } catch (e) {
155
+ if (e instanceof AuthError) {
156
+ e.setCorrelationId(this.correlationId);
157
+ }
158
+ window.removeEventListener("pageshow", handleBackButton);
159
+ throw e;
160
+ }
161
+ }
162
+
163
+ /**
164
+ * Executes auth code + PKCE flow
165
+ * @param request
166
+ * @returns
167
+ */
168
+ async executeCodeFlow(
169
+ request: CommonAuthorizationUrlRequest,
170
+ onRedirectNavigate?: (url: string) => boolean | void
171
+ ): Promise<void> {
172
+ const correlationId = request.correlationId;
173
+ const serverTelemetryManager = this.initializeServerTelemetryManager(
174
+ ApiId.acquireTokenRedirect
175
+ );
176
+
177
+ const pkceCodes = await invokeAsync(
178
+ generatePkceCodes,
179
+ PerformanceEvents.GeneratePkceCodes,
180
+ this.logger,
181
+ this.performanceClient,
182
+ correlationId
183
+ )(this.performanceClient, this.logger, correlationId);
184
+
185
+ const redirectRequest = {
186
+ ...request,
187
+ codeChallenge: pkceCodes.challenge,
188
+ };
189
+
190
+ this.browserStorage.cacheAuthorizeRequest(
191
+ redirectRequest,
192
+ pkceCodes.verifier
193
+ );
194
+
146
195
  try {
147
196
  // Initialize the client
148
197
  const authClient: AuthorizationCodeClient = await invokeAsync(
@@ -153,78 +202,87 @@ export class RedirectClient extends StandardInteractionClient {
153
202
  this.correlationId
154
203
  )({
155
204
  serverTelemetryManager,
156
- requestAuthority: validRequest.authority,
157
- requestAzureCloudOptions: validRequest.azureCloudOptions,
158
- requestExtraQueryParameters: validRequest.extraQueryParameters,
159
- account: validRequest.account,
205
+ requestAuthority: redirectRequest.authority,
206
+ requestAzureCloudOptions: redirectRequest.azureCloudOptions,
207
+ requestExtraQueryParameters:
208
+ redirectRequest.extraQueryParameters,
209
+ account: redirectRequest.account,
160
210
  });
161
211
 
162
- const authCodeRequest: CommonAuthorizationCodeRequest = {
163
- ...validRequest,
164
- code: "", // Will get filled in after the redirect
165
- codeVerifier: pkceCodes.verifier,
166
- };
167
- // Create redirect interaction handler.
168
- const interactionHandler = new RedirectHandler(
169
- authClient,
170
- this.browserStorage,
171
- authCodeRequest,
172
- this.logger,
173
- this.performanceClient
174
- );
175
-
176
212
  // Create acquire token url.
177
213
  const navigateUrl = await invokeAsync(
178
- getAuthCodeRequestUrl,
214
+ Authorize.getAuthCodeRequestUrl,
179
215
  PerformanceEvents.GetAuthCodeUrl,
180
216
  this.logger,
181
217
  this.performanceClient,
182
- validRequest.correlationId
218
+ request.correlationId
183
219
  )(
184
220
  this.config,
185
221
  authClient.authority,
186
- {
187
- ...validRequest,
188
- platformBroker:
189
- NativeMessageHandler.isPlatformBrokerAvailable(
190
- this.config,
191
- this.logger,
192
- this.nativeMessageHandler,
193
- request.authenticationScheme
194
- ),
195
- },
222
+ redirectRequest,
196
223
  this.logger,
197
224
  this.performanceClient
198
225
  );
199
-
200
- const redirectStartPage = this.getRedirectStartPage(
201
- request.redirectStartPage
202
- );
203
- this.logger.verbosePii(`Redirect start page: ${redirectStartPage}`);
204
-
205
- // Clear temporary cache if the back button is clicked during the redirect flow.
206
- window.addEventListener("pageshow", handleBackButton);
207
-
208
226
  // Show the UI once the url has been created. Response will come back in the hash, which will be handled in the handleRedirectCallback function.
209
- return await interactionHandler.initiateAuthRequest(navigateUrl, {
210
- navigationClient: this.navigationClient,
211
- redirectTimeout: this.config.system.redirectNavigationTimeout,
212
- redirectStartPage: redirectStartPage,
213
- onRedirectNavigate:
214
- request.onRedirectNavigate ||
215
- this.config.auth.onRedirectNavigate,
216
- });
227
+ return await this.initiateAuthRequest(
228
+ navigateUrl,
229
+ onRedirectNavigate
230
+ );
217
231
  } catch (e) {
218
232
  if (e instanceof AuthError) {
219
233
  e.setCorrelationId(this.correlationId);
220
234
  serverTelemetryManager.cacheFailedRequest(e);
221
235
  }
222
- window.removeEventListener("pageshow", handleBackButton);
223
- this.browserStorage.cleanRequestByState(validRequest.state);
224
236
  throw e;
225
237
  }
226
238
  }
227
239
 
240
+ /**
241
+ * Executes EAR flow
242
+ * @param request
243
+ */
244
+ async executeEarFlow(
245
+ request: CommonAuthorizationUrlRequest
246
+ ): Promise<void> {
247
+ const correlationId = request.correlationId;
248
+ // Get the frame handle for the silent request
249
+ const discoveredAuthority = await invokeAsync(
250
+ this.getDiscoveredAuthority.bind(this),
251
+ PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority,
252
+ this.logger,
253
+ this.performanceClient,
254
+ correlationId
255
+ )({
256
+ requestAuthority: request.authority,
257
+ requestAzureCloudOptions: request.azureCloudOptions,
258
+ requestExtraQueryParameters: request.extraQueryParameters,
259
+ account: request.account,
260
+ });
261
+
262
+ const earJwk = await invokeAsync(
263
+ generateEarKey,
264
+ PerformanceEvents.GenerateEarKey,
265
+ this.logger,
266
+ this.performanceClient,
267
+ correlationId
268
+ )();
269
+ const redirectRequest = {
270
+ ...request,
271
+ earJwk: earJwk,
272
+ };
273
+ this.browserStorage.cacheAuthorizeRequest(redirectRequest);
274
+
275
+ const form = await Authorize.getEARForm(
276
+ document,
277
+ this.config,
278
+ discoveredAuthority,
279
+ redirectRequest,
280
+ this.logger,
281
+ this.performanceClient
282
+ );
283
+ form.submit();
284
+ }
285
+
228
286
  /**
229
287
  * Checks if navigateToLoginRequestUrl is set, and:
230
288
  * - if true, performs logic to cache and navigate
@@ -234,6 +292,8 @@ export class RedirectClient extends StandardInteractionClient {
234
292
  */
235
293
  async handleRedirectPromise(
236
294
  hash: string = "",
295
+ request: CommonAuthorizationUrlRequest,
296
+ pkceVerifier: string,
237
297
  parentMeasurement: InProgressPerformanceEvent
238
298
  ): Promise<AuthenticationResult | null> {
239
299
  const serverTelemetryManager = this.initializeServerTelemetryManager(
@@ -241,12 +301,6 @@ export class RedirectClient extends StandardInteractionClient {
241
301
  );
242
302
 
243
303
  try {
244
- if (!this.browserStorage.isInteractionInProgress(true)) {
245
- this.logger.info(
246
- "handleRedirectPromise called but there is no interaction in progress, returning null."
247
- );
248
- return null;
249
- }
250
304
  const [serverParams, responseString] = this.getRedirectResponse(
251
305
  hash || ""
252
306
  );
@@ -255,9 +309,7 @@ export class RedirectClient extends StandardInteractionClient {
255
309
  this.logger.info(
256
310
  "handleRedirectPromise did not detect a response as a result of a redirect. Cleaning temporary cache."
257
311
  );
258
- this.browserStorage.cleanRequestByInteractionType(
259
- InteractionType.Redirect
260
- );
312
+ this.browserStorage.resetRequestCache();
261
313
 
262
314
  // Do not instrument "no_server_response" if user clicked back button
263
315
  if (getNavigationType() !== "back_forward") {
@@ -298,6 +350,8 @@ export class RedirectClient extends StandardInteractionClient {
298
350
 
299
351
  const handleHashResult = await this.handleResponse(
300
352
  serverParams,
353
+ request,
354
+ pkceVerifier,
301
355
  serverTelemetryManager
302
356
  );
303
357
 
@@ -308,6 +362,8 @@ export class RedirectClient extends StandardInteractionClient {
308
362
  );
309
363
  return await this.handleResponse(
310
364
  serverParams,
365
+ request,
366
+ pkceVerifier,
311
367
  serverTelemetryManager
312
368
  );
313
369
  } else if (
@@ -367,6 +423,8 @@ export class RedirectClient extends StandardInteractionClient {
367
423
  if (!processHashOnRedirect) {
368
424
  return await this.handleResponse(
369
425
  serverParams,
426
+ request,
427
+ pkceVerifier,
370
428
  serverTelemetryManager
371
429
  );
372
430
  }
@@ -378,9 +436,6 @@ export class RedirectClient extends StandardInteractionClient {
378
436
  (e as AuthError).setCorrelationId(this.correlationId);
379
437
  serverTelemetryManager.cacheFailedRequest(e);
380
438
  }
381
- this.browserStorage.cleanRequestByInteractionType(
382
- InteractionType.Redirect
383
- );
384
439
  throw e;
385
440
  }
386
441
  }
@@ -459,6 +514,8 @@ export class RedirectClient extends StandardInteractionClient {
459
514
  */
460
515
  protected async handleResponse(
461
516
  serverParams: AuthorizeResponse,
517
+ request: CommonAuthorizationUrlRequest,
518
+ codeVerifier: string,
462
519
  serverTelemetryManager: ServerTelemetryManager
463
520
  ): Promise<AuthenticationResult> {
464
521
  const state = serverParams.state;
@@ -466,52 +523,37 @@ export class RedirectClient extends StandardInteractionClient {
466
523
  throw createBrowserAuthError(BrowserAuthErrorCodes.noStateInHash);
467
524
  }
468
525
 
469
- const cachedRequest = this.browserStorage.getCachedRequest(state);
470
- this.logger.verbose("handleResponse called, retrieved cached request");
471
-
472
- if (serverParams.accountId) {
473
- this.logger.verbose(
474
- "Account id found in hash, calling WAM for token"
475
- );
476
- if (!this.nativeMessageHandler) {
477
- throw createBrowserAuthError(
478
- BrowserAuthErrorCodes.nativeConnectionNotEstablished
479
- );
480
- }
481
- const nativeInteractionClient = new NativeInteractionClient(
526
+ if (serverParams.ear_jwe) {
527
+ const discoveredAuthority = await invokeAsync(
528
+ this.getDiscoveredAuthority.bind(this),
529
+ PerformanceEvents.StandardInteractionClientGetDiscoveredAuthority,
530
+ this.logger,
531
+ this.performanceClient,
532
+ request.correlationId
533
+ )({
534
+ requestAuthority: request.authority,
535
+ requestAzureCloudOptions: request.azureCloudOptions,
536
+ requestExtraQueryParameters: request.extraQueryParameters,
537
+ account: request.account,
538
+ });
539
+ return invokeAsync(
540
+ Authorize.handleResponseEAR,
541
+ PerformanceEvents.HandleResponseEar,
542
+ this.logger,
543
+ this.performanceClient,
544
+ request.correlationId
545
+ )(
546
+ request,
547
+ serverParams,
548
+ ApiId.acquireTokenRedirect,
482
549
  this.config,
550
+ discoveredAuthority,
483
551
  this.browserStorage,
484
- this.browserCrypto,
485
- this.logger,
552
+ this.nativeStorage,
486
553
  this.eventHandler,
487
- this.navigationClient,
488
- ApiId.acquireTokenPopup,
554
+ this.logger,
489
555
  this.performanceClient,
490
- this.nativeMessageHandler,
491
- serverParams.accountId,
492
- this.nativeStorage,
493
- cachedRequest.correlationId
494
- );
495
- const { userRequestState } = ProtocolUtils.parseRequestState(
496
- this.browserCrypto,
497
- state
498
- );
499
- return nativeInteractionClient
500
- .acquireToken({
501
- ...cachedRequest,
502
- state: userRequestState,
503
- prompt: undefined, // Server should handle the prompt, ideally native broker can do this part silently
504
- })
505
- .finally(() => {
506
- this.browserStorage.cleanRequestByState(state);
507
- });
508
- }
509
-
510
- // Hash contains known properties - handle and return in callback
511
- const currentAuthority = this.browserStorage.getCachedAuthority(state);
512
- if (!currentAuthority) {
513
- throw createBrowserAuthError(
514
- BrowserAuthErrorCodes.noCachedAuthorityError
556
+ this.nativeMessageHandler
515
557
  );
516
558
  }
517
559
 
@@ -521,21 +563,97 @@ export class RedirectClient extends StandardInteractionClient {
521
563
  this.logger,
522
564
  this.performanceClient,
523
565
  this.correlationId
524
- )({ serverTelemetryManager, requestAuthority: currentAuthority });
525
-
526
- ThrottlingUtils.removeThrottle(
527
- this.browserStorage,
528
- this.config.auth.clientId,
529
- cachedRequest
530
- );
531
- const interactionHandler = new RedirectHandler(
566
+ )({ serverTelemetryManager, requestAuthority: request.authority });
567
+ return invokeAsync(
568
+ Authorize.handleResponseCode,
569
+ PerformanceEvents.HandleResponseCode,
570
+ this.logger,
571
+ this.performanceClient,
572
+ request.correlationId
573
+ )(
574
+ request,
575
+ serverParams,
576
+ codeVerifier,
577
+ ApiId.acquireTokenRedirect,
578
+ this.config,
532
579
  authClient,
533
580
  this.browserStorage,
534
- cachedRequest,
581
+ this.nativeStorage,
582
+ this.eventHandler,
535
583
  this.logger,
536
- this.performanceClient
584
+ this.performanceClient,
585
+ this.nativeMessageHandler
537
586
  );
538
- return interactionHandler.handleCodeResponse(serverParams, state);
587
+ }
588
+
589
+ /**
590
+ * Redirects window to given URL.
591
+ * @param urlNavigate
592
+ * @param onRedirectNavigateRequest - onRedirectNavigate callback provided on the request
593
+ */
594
+ async initiateAuthRequest(
595
+ requestUrl: string,
596
+ onRedirectNavigateRequest?: (url: string) => boolean | void
597
+ ): Promise<void> {
598
+ this.logger.verbose("RedirectHandler.initiateAuthRequest called");
599
+ // Navigate if valid URL
600
+ if (requestUrl) {
601
+ this.logger.infoPii(
602
+ `RedirectHandler.initiateAuthRequest: Navigate to: ${requestUrl}`
603
+ );
604
+ const navigationOptions: NavigationOptions = {
605
+ apiId: ApiId.acquireTokenRedirect,
606
+ timeout: this.config.system.redirectNavigationTimeout,
607
+ noHistory: false,
608
+ };
609
+
610
+ const onRedirectNavigate =
611
+ onRedirectNavigateRequest ||
612
+ this.config.auth.onRedirectNavigate;
613
+
614
+ // If onRedirectNavigate is implemented, invoke it and provide requestUrl
615
+ if (typeof onRedirectNavigate === "function") {
616
+ this.logger.verbose(
617
+ "RedirectHandler.initiateAuthRequest: Invoking onRedirectNavigate callback"
618
+ );
619
+ const navigate = onRedirectNavigate(requestUrl);
620
+
621
+ // Returning false from onRedirectNavigate will stop navigation
622
+ if (navigate !== false) {
623
+ this.logger.verbose(
624
+ "RedirectHandler.initiateAuthRequest: onRedirectNavigate did not return false, navigating"
625
+ );
626
+ await this.navigationClient.navigateExternal(
627
+ requestUrl,
628
+ navigationOptions
629
+ );
630
+ return;
631
+ } else {
632
+ this.logger.verbose(
633
+ "RedirectHandler.initiateAuthRequest: onRedirectNavigate returned false, stopping navigation"
634
+ );
635
+ return;
636
+ }
637
+ } else {
638
+ // Navigate window to request URL
639
+ this.logger.verbose(
640
+ "RedirectHandler.initiateAuthRequest: Navigating window to navigate url"
641
+ );
642
+ await this.navigationClient.navigateExternal(
643
+ requestUrl,
644
+ navigationOptions
645
+ );
646
+ return;
647
+ }
648
+ } else {
649
+ // Throw error if request URL is empty.
650
+ this.logger.info(
651
+ "RedirectHandler.initiateAuthRequest: Navigate url is empty"
652
+ );
653
+ throw createBrowserAuthError(
654
+ BrowserAuthErrorCodes.emptyNavigateUri
655
+ );
656
+ }
539
657
  }
540
658
 
541
659
  /**
@@ -11,9 +11,9 @@ import {
11
11
  IPerformanceClient,
12
12
  PerformanceEvents,
13
13
  invokeAsync,
14
+ CommonAuthorizationUrlRequest,
14
15
  } from "@azure/msal-common/browser";
15
16
  import { StandardInteractionClient } from "./StandardInteractionClient.js";
16
- import { AuthorizationUrlRequest } from "../request/AuthorizationUrlRequest.js";
17
17
  import { BrowserConfiguration } from "../config/Configuration.js";
18
18
  import { BrowserCacheManager } from "../cache/BrowserCacheManager.js";
19
19
  import { EventHandler } from "../event/EventHandler.js";
@@ -73,7 +73,7 @@ export class SilentAuthCodeClient extends StandardInteractionClient {
73
73
  }
74
74
 
75
75
  // Create silent request
76
- const silentRequest: AuthorizationUrlRequest = await invokeAsync(
76
+ const silentRequest: CommonAuthorizationUrlRequest = await invokeAsync(
77
77
  this.initializeAuthorizationRequest.bind(this),
78
78
  PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,
79
79
  this.logger,