@azure/msal-browser 5.10.1 → 5.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs +44 -2
- package/dist/app/PublicClientApplication.mjs.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +3 -3
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +18 -32
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs +12 -1
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheKeys.mjs +2 -3
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/config/Configuration.mjs +3 -2
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/StandardController.mjs +4 -4
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +1 -1
- package/dist/crypto/CryptoOps.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +11 -2
- package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +2 -2
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +21 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +6 -6
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +3 -3
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +56 -0
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -0
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +4 -4
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +4 -3
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +27 -7
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +6 -1
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +11 -4
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +6 -4
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +2 -1
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +1203 -1187
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +10 -2
- package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +1 -1
- package/dist/redirect_bridge/index.mjs +4 -5
- package/dist/redirect_bridge/index.mjs.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserUtils.mjs +15 -5
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +33 -17
- package/lib/custom-auth-path/msal-custom-auth.cjs +342 -169
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +342 -169
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +13 -9
- package/lib/msal-browser.cjs +275 -167
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +275 -167
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +59 -50
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/package.json +2 -2
- package/src/app/PublicClientApplication.ts +85 -1
- package/src/broker/nativeBroker/NativeStatusCodes.ts +1 -1
- package/src/broker/nativeBroker/PlatformAuthProvider.ts +34 -30
- package/src/cache/BrowserCacheManager.ts +17 -0
- package/src/config/Configuration.ts +5 -0
- package/src/controllers/StandardController.ts +6 -3
- package/src/custom_auth/CustomAuthConstants.ts +10 -0
- package/src/custom_auth/configuration/CustomAuthConfiguration.ts +2 -0
- package/src/custom_auth/configuration/CustomAuthRequestInterceptor.ts +54 -0
- package/src/custom_auth/controller/CustomAuthStandardController.ts +3 -1
- package/src/custom_auth/core/network_client/custom_auth_api/BaseApiClient.ts +41 -2
- package/src/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.ts +17 -5
- package/src/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.ts +8 -2
- package/src/custom_auth/core/network_client/custom_auth_api/SignInApiClient.ts +8 -3
- package/src/custom_auth/core/network_client/custom_auth_api/SignupApiClient.ts +8 -2
- package/src/custom_auth/core/utils/CustomHeaderUtils.ts +75 -0
- package/src/custom_auth/index.ts +4 -0
- package/src/error/NativeAuthError.ts +2 -2
- package/src/interaction_client/PlatformAuthInteractionClient.ts +5 -1
- package/src/interaction_client/PopupClient.ts +65 -27
- package/src/interaction_client/RedirectClient.ts +5 -0
- package/src/interaction_client/SilentIframeClient.ts +49 -19
- package/src/interaction_client/StandardInteractionClient.ts +11 -5
- package/src/interaction_handler/SilentHandler.ts +1 -0
- package/src/operatingcontext/BaseOperatingContext.ts +15 -1
- package/src/packageMetadata.ts +1 -1
- package/src/redirect_bridge/index.ts +3 -7
- package/src/utils/BrowserUtils.ts +28 -7
- package/types/app/PublicClientApplication.d.ts +37 -1
- package/types/app/PublicClientApplication.d.ts.map +1 -1
- package/types/broker/nativeBroker/NativeStatusCodes.d.ts +1 -1
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts +7 -12
- package/types/broker/nativeBroker/PlatformAuthProvider.d.ts.map +1 -1
- package/types/cache/BrowserCacheManager.d.ts.map +1 -1
- package/types/config/Configuration.d.ts +4 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/controllers/StandardController.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +5 -1
- package/types/custom_auth/CustomAuthConstants.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts +2 -0
- package/types/custom_auth/configuration/CustomAuthConfiguration.d.ts.map +1 -1
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts +42 -0
- package/types/custom_auth/configuration/CustomAuthRequestInterceptor.d.ts.map +1 -0
- package/types/custom_auth/controller/CustomAuthStandardController.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts +6 -2
- package/types/custom_auth/core/network_client/custom_auth_api/BaseApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignInApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts +3 -1
- package/types/custom_auth/core/network_client/custom_auth_api/SignupApiClient.d.ts.map +1 -1
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts +21 -0
- package/types/custom_auth/core/utils/CustomHeaderUtils.d.ts.map +1 -0
- package/types/custom_auth/index.d.ts +1 -0
- package/types/custom_auth/index.d.ts.map +1 -1
- package/types/interaction_client/PlatformAuthInteractionClient.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts +11 -1
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/interaction_client/RedirectClient.d.ts.map +1 -1
- package/types/interaction_client/SilentIframeClient.d.ts +20 -1
- package/types/interaction_client/SilentIframeClient.d.ts.map +1 -1
- package/types/interaction_client/StandardInteractionClient.d.ts.map +1 -1
- package/types/interaction_handler/SilentHandler.d.ts.map +1 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts +8 -1
- package/types/operatingcontext/BaseOperatingContext.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/redirect_bridge/index.d.ts.map +1 -1
- package/types/utils/BrowserUtils.d.ts +17 -2
- package/types/utils/BrowserUtils.d.ts.map +1 -1
|
@@ -369,7 +369,8 @@ export class StandardController implements IController {
|
|
|
369
369
|
this.logger,
|
|
370
370
|
this.performanceClient,
|
|
371
371
|
correlationId,
|
|
372
|
-
this.config.system.nativeBrokerHandshakeTimeout
|
|
372
|
+
this.config.system.nativeBrokerHandshakeTimeout,
|
|
373
|
+
this.config.experimental.allowPlatformBrokerWithDOM
|
|
373
374
|
);
|
|
374
375
|
} catch (e) {
|
|
375
376
|
this.logger.verbose(e as string, correlationId);
|
|
@@ -1911,7 +1912,8 @@ export class StandardController implements IController {
|
|
|
1911
1912
|
this.performanceClient,
|
|
1912
1913
|
this.nativeInternalStorage,
|
|
1913
1914
|
correlationId,
|
|
1914
|
-
this.platformAuthProvider
|
|
1915
|
+
this.platformAuthProvider,
|
|
1916
|
+
this.operatingContext.getResponseHandlers()?.waitForPopupResponse
|
|
1915
1917
|
);
|
|
1916
1918
|
}
|
|
1917
1919
|
|
|
@@ -1950,7 +1952,8 @@ export class StandardController implements IController {
|
|
|
1950
1952
|
this.performanceClient,
|
|
1951
1953
|
this.nativeInternalStorage,
|
|
1952
1954
|
correlationId,
|
|
1953
|
-
this.platformAuthProvider
|
|
1955
|
+
this.platformAuthProvider,
|
|
1956
|
+
this.operatingContext.getResponseHandlers()?.waitForIframeResponse
|
|
1954
1957
|
);
|
|
1955
1958
|
}
|
|
1956
1959
|
|
|
@@ -33,6 +33,16 @@ export const HttpHeaderKeys = {
|
|
|
33
33
|
X_MS_REQUEST_ID: "x-ms-request-id",
|
|
34
34
|
} as const;
|
|
35
35
|
|
|
36
|
+
export const CustomHeaderConstants = {
|
|
37
|
+
REQUIRED_PREFIX: "x-",
|
|
38
|
+
RESERVED_PREFIXES: [
|
|
39
|
+
"x-client-",
|
|
40
|
+
"x-ms-",
|
|
41
|
+
"x-broker-",
|
|
42
|
+
"x-app-",
|
|
43
|
+
] as ReadonlyArray<string>,
|
|
44
|
+
} as const;
|
|
45
|
+
|
|
36
46
|
export const DefaultPackageInfo = {
|
|
37
47
|
SKU: "msal.browser",
|
|
38
48
|
VERSION: version,
|
|
@@ -7,12 +7,14 @@ import {
|
|
|
7
7
|
BrowserConfiguration,
|
|
8
8
|
Configuration,
|
|
9
9
|
} from "../../config/Configuration.js";
|
|
10
|
+
import { CustomAuthRequestInterceptor } from "./CustomAuthRequestInterceptor.js";
|
|
10
11
|
|
|
11
12
|
export type CustomAuthOptions = {
|
|
12
13
|
challengeTypes?: Array<string>;
|
|
13
14
|
authApiProxyUrl: string;
|
|
14
15
|
customAuthApiQueryParams?: Record<string, string>;
|
|
15
16
|
capabilities?: Array<string>;
|
|
17
|
+
requestInterceptor?: CustomAuthRequestInterceptor;
|
|
16
18
|
};
|
|
17
19
|
|
|
18
20
|
export type CustomAuthConfiguration = Configuration & {
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
/**
|
|
7
|
+
* Result type returned by {@link CustomAuthRequestInterceptor.addAdditionalHeaderFields}.
|
|
8
|
+
*
|
|
9
|
+
* Implementations may return either a synchronous value or a `Promise` resolving to one of
|
|
10
|
+
* the following:
|
|
11
|
+
* - A `Record<string, string>` of additional headers to add to the outgoing request.
|
|
12
|
+
* - `null` (or `undefined`) when no additional headers should be added for the request.
|
|
13
|
+
*/
|
|
14
|
+
export type CustomAuthAdditionalHeaderFieldsResult =
|
|
15
|
+
| Record<string, string>
|
|
16
|
+
| null
|
|
17
|
+
| undefined;
|
|
18
|
+
|
|
19
|
+
/**
|
|
20
|
+
* Interface for intercepting custom auth network requests in order to attach additional
|
|
21
|
+
* headers to outgoing requests.
|
|
22
|
+
*
|
|
23
|
+
* Implementations are invoked by MSAL before each backend request used by custom auth
|
|
24
|
+
* (sign-in, sign-up, reset-password, and register endpoints). Use this hook to integrate
|
|
25
|
+
* with third-party fraud and bot-detection SDKs that require custom `x-*` headers.
|
|
26
|
+
*
|
|
27
|
+
* MSAL applies the following rules when evaluating the headers you provide:
|
|
28
|
+
* - Headers must start with `x-` (case-insensitive). Headers that don't start with `x-`
|
|
29
|
+
* are ignored.
|
|
30
|
+
* - Headers that start with any of the following reserved prefixes are ignored:
|
|
31
|
+
* `x-client-`, `x-ms-`, `x-broker-`, `x-app-`.
|
|
32
|
+
* - Headers that pass both rules are added to the network request. If a header you
|
|
33
|
+
* provide has the same name as one of MSAL's own internal headers, your value takes
|
|
34
|
+
* precedence.
|
|
35
|
+
*/
|
|
36
|
+
export interface CustomAuthRequestInterceptor {
|
|
37
|
+
/**
|
|
38
|
+
* Returns additional headers to add to a custom-auth network request.
|
|
39
|
+
*
|
|
40
|
+
* Scope your headers to specific endpoints by inspecting `requestUrl`. Sending
|
|
41
|
+
* headers to unrelated endpoints can degrade signal quality and increase false
|
|
42
|
+
* positives for fraud/bot-detection vendors.
|
|
43
|
+
*
|
|
44
|
+
* @param requestUrl - The full URL of the outgoing custom-auth request.
|
|
45
|
+
* @returns A record of headers to add (or `null`/`undefined` if no extra headers
|
|
46
|
+
* are needed for the request). May be returned synchronously or as a
|
|
47
|
+
* `Promise`.
|
|
48
|
+
*/
|
|
49
|
+
addAdditionalHeaderFields(
|
|
50
|
+
requestUrl: URL
|
|
51
|
+
):
|
|
52
|
+
| CustomAuthAdditionalHeaderFieldsResult
|
|
53
|
+
| Promise<CustomAuthAdditionalHeaderFieldsResult>;
|
|
54
|
+
}
|
|
@@ -125,7 +125,9 @@ export class CustomAuthStandardController
|
|
|
125
125
|
this.customAuthConfig.auth.clientId,
|
|
126
126
|
new FetchHttpClient(this.logger),
|
|
127
127
|
this.customAuthConfig.customAuth?.capabilities?.join(" "),
|
|
128
|
-
this.customAuthConfig.customAuth?.customAuthApiQueryParams
|
|
128
|
+
this.customAuthConfig.customAuth?.customAuthApiQueryParams,
|
|
129
|
+
this.customAuthConfig.customAuth?.requestInterceptor,
|
|
130
|
+
this.logger
|
|
129
131
|
),
|
|
130
132
|
this.authority
|
|
131
133
|
);
|
|
@@ -17,9 +17,12 @@ import {
|
|
|
17
17
|
} from "../../error/CustomAuthApiError.js";
|
|
18
18
|
import {
|
|
19
19
|
AADServerParamKeys,
|
|
20
|
+
Logger,
|
|
20
21
|
ServerTelemetryManager,
|
|
21
22
|
} from "@azure/msal-common/browser";
|
|
22
23
|
import { ApiErrorResponse } from "./types/ApiErrorResponseTypes.js";
|
|
24
|
+
import { CustomAuthRequestInterceptor } from "../../../configuration/CustomAuthRequestInterceptor.js";
|
|
25
|
+
import { filterCustomHeaders } from "../../utils/CustomHeaderUtils.js";
|
|
23
26
|
|
|
24
27
|
export abstract class BaseApiClient {
|
|
25
28
|
private readonly baseRequestUrl: URL;
|
|
@@ -28,7 +31,9 @@ export abstract class BaseApiClient {
|
|
|
28
31
|
baseUrl: string,
|
|
29
32
|
private readonly clientId: string,
|
|
30
33
|
private httpClient: IHttpClient,
|
|
31
|
-
private customAuthApiQueryParams?: Record<string, string
|
|
34
|
+
private customAuthApiQueryParams?: Record<string, string>,
|
|
35
|
+
private requestInterceptor?: CustomAuthRequestInterceptor,
|
|
36
|
+
private logger?: Logger
|
|
32
37
|
) {
|
|
33
38
|
this.baseRequestUrl = parseUrl(
|
|
34
39
|
!baseUrl.endsWith("/") ? `${baseUrl}/` : baseUrl
|
|
@@ -45,13 +50,23 @@ export abstract class BaseApiClient {
|
|
|
45
50
|
client_id: this.clientId,
|
|
46
51
|
...data,
|
|
47
52
|
});
|
|
48
|
-
const
|
|
53
|
+
const commonHeaders = this.getCommonHeaders(
|
|
54
|
+
correlationId,
|
|
55
|
+
telemetryManager
|
|
56
|
+
);
|
|
49
57
|
const url = buildUrl(
|
|
50
58
|
this.baseRequestUrl.href,
|
|
51
59
|
endpoint,
|
|
52
60
|
this.customAuthApiQueryParams
|
|
53
61
|
);
|
|
54
62
|
|
|
63
|
+
const additionalHeaders = await this.getAdditionalHeaders(
|
|
64
|
+
url,
|
|
65
|
+
correlationId
|
|
66
|
+
);
|
|
67
|
+
|
|
68
|
+
const headers = { ...commonHeaders, ...additionalHeaders };
|
|
69
|
+
|
|
55
70
|
let response: Response;
|
|
56
71
|
|
|
57
72
|
try {
|
|
@@ -173,4 +188,28 @@ export abstract class BaseApiClient {
|
|
|
173
188
|
responseError.timestamp
|
|
174
189
|
);
|
|
175
190
|
}
|
|
191
|
+
|
|
192
|
+
private async getAdditionalHeaders(
|
|
193
|
+
url: URL,
|
|
194
|
+
correlationId: string
|
|
195
|
+
): Promise<Record<string, string>> {
|
|
196
|
+
if (!this.requestInterceptor) {
|
|
197
|
+
return {};
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
try {
|
|
201
|
+
const result = await Promise.resolve(
|
|
202
|
+
this.requestInterceptor.addAdditionalHeaderFields(url)
|
|
203
|
+
);
|
|
204
|
+
|
|
205
|
+
return filterCustomHeaders(result, this.logger, correlationId);
|
|
206
|
+
} catch (e) {
|
|
207
|
+
this.logger?.warningPii(
|
|
208
|
+
`CustomAuthRequestInterceptor.addAdditionalHeaderFields threw an error; continuing without additional headers: ${e}`,
|
|
209
|
+
correlationId
|
|
210
|
+
);
|
|
211
|
+
|
|
212
|
+
return {};
|
|
213
|
+
}
|
|
214
|
+
}
|
|
176
215
|
}
|
|
@@ -9,6 +9,8 @@ import { SignInApiClient } from "./SignInApiClient.js";
|
|
|
9
9
|
import { RegisterApiClient } from "./RegisterApiClient.js";
|
|
10
10
|
import { ICustomAuthApiClient } from "./ICustomAuthApiClient.js";
|
|
11
11
|
import { IHttpClient } from "../http_client/IHttpClient.js";
|
|
12
|
+
import { Logger } from "@azure/msal-common/browser";
|
|
13
|
+
import { CustomAuthRequestInterceptor } from "../../../configuration/CustomAuthRequestInterceptor.js";
|
|
12
14
|
|
|
13
15
|
export class CustomAuthApiClient implements ICustomAuthApiClient {
|
|
14
16
|
signInApi: SignInApiClient;
|
|
@@ -21,34 +23,44 @@ export class CustomAuthApiClient implements ICustomAuthApiClient {
|
|
|
21
23
|
clientId: string,
|
|
22
24
|
httpClient: IHttpClient,
|
|
23
25
|
capabilities?: string,
|
|
24
|
-
customAuthApiQueryParams?: Record<string, string
|
|
26
|
+
customAuthApiQueryParams?: Record<string, string>,
|
|
27
|
+
requestInterceptor?: CustomAuthRequestInterceptor,
|
|
28
|
+
logger?: Logger
|
|
25
29
|
) {
|
|
26
30
|
this.signInApi = new SignInApiClient(
|
|
27
31
|
customAuthApiBaseUrl,
|
|
28
32
|
clientId,
|
|
29
33
|
httpClient,
|
|
30
34
|
capabilities,
|
|
31
|
-
customAuthApiQueryParams
|
|
35
|
+
customAuthApiQueryParams,
|
|
36
|
+
requestInterceptor,
|
|
37
|
+
logger
|
|
32
38
|
);
|
|
33
39
|
this.signUpApi = new SignupApiClient(
|
|
34
40
|
customAuthApiBaseUrl,
|
|
35
41
|
clientId,
|
|
36
42
|
httpClient,
|
|
37
43
|
capabilities,
|
|
38
|
-
customAuthApiQueryParams
|
|
44
|
+
customAuthApiQueryParams,
|
|
45
|
+
requestInterceptor,
|
|
46
|
+
logger
|
|
39
47
|
);
|
|
40
48
|
this.resetPasswordApi = new ResetPasswordApiClient(
|
|
41
49
|
customAuthApiBaseUrl,
|
|
42
50
|
clientId,
|
|
43
51
|
httpClient,
|
|
44
52
|
capabilities,
|
|
45
|
-
customAuthApiQueryParams
|
|
53
|
+
customAuthApiQueryParams,
|
|
54
|
+
requestInterceptor,
|
|
55
|
+
logger
|
|
46
56
|
);
|
|
47
57
|
this.registerApi = new RegisterApiClient(
|
|
48
58
|
customAuthApiBaseUrl,
|
|
49
59
|
clientId,
|
|
50
60
|
httpClient,
|
|
51
|
-
customAuthApiQueryParams
|
|
61
|
+
customAuthApiQueryParams,
|
|
62
|
+
requestInterceptor,
|
|
63
|
+
logger
|
|
52
64
|
);
|
|
53
65
|
}
|
|
54
66
|
}
|
|
@@ -10,6 +10,7 @@ import {
|
|
|
10
10
|
import { CustomAuthApiError } from "../../error/CustomAuthApiError.js";
|
|
11
11
|
import { BaseApiClient } from "./BaseApiClient.js";
|
|
12
12
|
import { IHttpClient } from "../http_client/IHttpClient.js";
|
|
13
|
+
import { Logger } from "@azure/msal-common/browser";
|
|
13
14
|
import * as CustomAuthApiEndpoint from "./CustomAuthApiEndpoint.js";
|
|
14
15
|
import * as CustomAuthApiErrorCode from "./types/ApiErrorCodes.js";
|
|
15
16
|
import {
|
|
@@ -26,6 +27,7 @@ import {
|
|
|
26
27
|
ResetPasswordStartResponse,
|
|
27
28
|
ResetPasswordSubmitResponse,
|
|
28
29
|
} from "./types/ApiResponseTypes.js";
|
|
30
|
+
import { CustomAuthRequestInterceptor } from "../../../configuration/CustomAuthRequestInterceptor.js";
|
|
29
31
|
|
|
30
32
|
export class ResetPasswordApiClient extends BaseApiClient {
|
|
31
33
|
private readonly capabilities?: string;
|
|
@@ -35,13 +37,17 @@ export class ResetPasswordApiClient extends BaseApiClient {
|
|
|
35
37
|
clientId: string,
|
|
36
38
|
httpClient: IHttpClient,
|
|
37
39
|
capabilities?: string,
|
|
38
|
-
customAuthApiQueryParams?: Record<string, string
|
|
40
|
+
customAuthApiQueryParams?: Record<string, string>,
|
|
41
|
+
requestInterceptor?: CustomAuthRequestInterceptor,
|
|
42
|
+
logger?: Logger
|
|
39
43
|
) {
|
|
40
44
|
super(
|
|
41
45
|
customAuthApiBaseUrl,
|
|
42
46
|
clientId,
|
|
43
47
|
httpClient,
|
|
44
|
-
customAuthApiQueryParams
|
|
48
|
+
customAuthApiQueryParams,
|
|
49
|
+
requestInterceptor,
|
|
50
|
+
logger
|
|
45
51
|
);
|
|
46
52
|
this.capabilities = capabilities;
|
|
47
53
|
}
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Licensed under the MIT License.
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
|
-
import { ServerTelemetryManager } from "@azure/msal-common/browser";
|
|
6
|
+
import { Logger, ServerTelemetryManager } from "@azure/msal-common/browser";
|
|
7
7
|
import { GrantType } from "../../../CustomAuthConstants.js";
|
|
8
8
|
import { CustomAuthApiError } from "../../error/CustomAuthApiError.js";
|
|
9
9
|
import { BaseApiClient } from "./BaseApiClient.js";
|
|
@@ -24,6 +24,7 @@ import {
|
|
|
24
24
|
SignInIntrospectResponse,
|
|
25
25
|
SignInTokenResponse,
|
|
26
26
|
} from "./types/ApiResponseTypes.js";
|
|
27
|
+
import { CustomAuthRequestInterceptor } from "../../../configuration/CustomAuthRequestInterceptor.js";
|
|
27
28
|
|
|
28
29
|
export class SignInApiClient extends BaseApiClient {
|
|
29
30
|
private readonly capabilities?: string;
|
|
@@ -33,13 +34,17 @@ export class SignInApiClient extends BaseApiClient {
|
|
|
33
34
|
clientId: string,
|
|
34
35
|
httpClient: IHttpClient,
|
|
35
36
|
capabilities?: string,
|
|
36
|
-
customAuthApiQueryParams?: Record<string, string
|
|
37
|
+
customAuthApiQueryParams?: Record<string, string>,
|
|
38
|
+
requestInterceptor?: CustomAuthRequestInterceptor,
|
|
39
|
+
logger?: Logger
|
|
37
40
|
) {
|
|
38
41
|
super(
|
|
39
42
|
customAuthApiBaseUrl,
|
|
40
43
|
clientId,
|
|
41
44
|
httpClient,
|
|
42
|
-
customAuthApiQueryParams
|
|
45
|
+
customAuthApiQueryParams,
|
|
46
|
+
requestInterceptor,
|
|
47
|
+
logger
|
|
43
48
|
);
|
|
44
49
|
this.capabilities = capabilities;
|
|
45
50
|
}
|
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
import { GrantType } from "../../../CustomAuthConstants.js";
|
|
7
7
|
import { BaseApiClient } from "./BaseApiClient.js";
|
|
8
8
|
import { IHttpClient } from "../http_client/IHttpClient.js";
|
|
9
|
+
import { Logger } from "@azure/msal-common/browser";
|
|
9
10
|
import * as CustomAuthApiEndpoint from "./CustomAuthApiEndpoint.js";
|
|
10
11
|
import {
|
|
11
12
|
SignUpChallengeRequest,
|
|
@@ -19,6 +20,7 @@ import {
|
|
|
19
20
|
SignUpContinueResponse,
|
|
20
21
|
SignUpStartResponse,
|
|
21
22
|
} from "./types/ApiResponseTypes.js";
|
|
23
|
+
import { CustomAuthRequestInterceptor } from "../../../configuration/CustomAuthRequestInterceptor.js";
|
|
22
24
|
|
|
23
25
|
export class SignupApiClient extends BaseApiClient {
|
|
24
26
|
private readonly capabilities?: string;
|
|
@@ -28,13 +30,17 @@ export class SignupApiClient extends BaseApiClient {
|
|
|
28
30
|
clientId: string,
|
|
29
31
|
httpClient: IHttpClient,
|
|
30
32
|
capabilities?: string,
|
|
31
|
-
customAuthApiQueryParams?: Record<string, string
|
|
33
|
+
customAuthApiQueryParams?: Record<string, string>,
|
|
34
|
+
requestInterceptor?: CustomAuthRequestInterceptor,
|
|
35
|
+
logger?: Logger
|
|
32
36
|
) {
|
|
33
37
|
super(
|
|
34
38
|
customAuthApiBaseUrl,
|
|
35
39
|
clientId,
|
|
36
40
|
httpClient,
|
|
37
|
-
customAuthApiQueryParams
|
|
41
|
+
customAuthApiQueryParams,
|
|
42
|
+
requestInterceptor,
|
|
43
|
+
logger
|
|
38
44
|
);
|
|
39
45
|
this.capabilities = capabilities;
|
|
40
46
|
}
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
import { Logger } from "@azure/msal-common/browser";
|
|
7
|
+
import { CustomHeaderConstants } from "../../CustomAuthConstants.js";
|
|
8
|
+
|
|
9
|
+
/**
|
|
10
|
+
* Filters the headers returned by a {@link CustomAuthRequestInterceptor},
|
|
11
|
+
* keeping only those that conform to the custom-auth header naming rules.
|
|
12
|
+
*
|
|
13
|
+
* Rules (mirrors the iOS / Android native auth implementations):
|
|
14
|
+
* - Header names must start with `x-` (case-insensitive); others are dropped.
|
|
15
|
+
* - Header names that start with any reserved prefix (`x-client-`, `x-ms-`,
|
|
16
|
+
* `x-broker-`, `x-app-`) are dropped.
|
|
17
|
+
* - Headers with empty/whitespace-only names or null/undefined values are dropped.
|
|
18
|
+
*
|
|
19
|
+
* Dropped headers are logged as warnings (PII-safe) when a logger is provided.
|
|
20
|
+
*
|
|
21
|
+
* @param headers - Raw headers returned by the interceptor.
|
|
22
|
+
* @param logger - Optional logger used to emit warnings for dropped headers.
|
|
23
|
+
* @param correlationId - Optional correlation id forwarded to the logger.
|
|
24
|
+
* @returns A new record containing only the headers that pass the filter,
|
|
25
|
+
* preserving the original casing of header names.
|
|
26
|
+
*/
|
|
27
|
+
export function filterCustomHeaders(
|
|
28
|
+
headers: Record<string, string> | null | undefined,
|
|
29
|
+
logger?: Logger,
|
|
30
|
+
correlationId?: string
|
|
31
|
+
): Record<string, string> {
|
|
32
|
+
const filtered: Record<string, string> = {};
|
|
33
|
+
|
|
34
|
+
if (!headers) {
|
|
35
|
+
return filtered;
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
for (const [name, value] of Object.entries(headers)) {
|
|
39
|
+
if (!name || value === undefined || value === null) {
|
|
40
|
+
continue;
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
const trimmedName = name.trim();
|
|
44
|
+
|
|
45
|
+
if (!trimmedName) {
|
|
46
|
+
continue;
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
const lowerName = trimmedName.toLowerCase();
|
|
50
|
+
|
|
51
|
+
if (!lowerName.startsWith(CustomHeaderConstants.REQUIRED_PREFIX)) {
|
|
52
|
+
logger?.warningPii(
|
|
53
|
+
`Additional header field "${trimmedName}" must start with the "${CustomHeaderConstants.REQUIRED_PREFIX}" prefix. Ignoring.`,
|
|
54
|
+
correlationId ?? ""
|
|
55
|
+
);
|
|
56
|
+
continue;
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
const reservedPrefix = CustomHeaderConstants.RESERVED_PREFIXES.find(
|
|
60
|
+
(prefix) => lowerName.startsWith(prefix)
|
|
61
|
+
);
|
|
62
|
+
|
|
63
|
+
if (reservedPrefix) {
|
|
64
|
+
logger?.warningPii(
|
|
65
|
+
`Additional header field "${trimmedName}" uses reserved prefix "${reservedPrefix}". Ignoring.`,
|
|
66
|
+
correlationId ?? ""
|
|
67
|
+
);
|
|
68
|
+
continue;
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
filtered[trimmedName] = value;
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
return filtered;
|
|
75
|
+
}
|
package/src/custom_auth/index.ts
CHANGED
|
@@ -19,6 +19,10 @@ export { ICustomAuthPublicClientApplication } from "./ICustomAuthPublicClientApp
|
|
|
19
19
|
|
|
20
20
|
// Configuration
|
|
21
21
|
export { CustomAuthConfiguration } from "./configuration/CustomAuthConfiguration.js";
|
|
22
|
+
export {
|
|
23
|
+
CustomAuthRequestInterceptor,
|
|
24
|
+
CustomAuthAdditionalHeaderFieldsResult,
|
|
25
|
+
} from "./configuration/CustomAuthRequestInterceptor.js";
|
|
22
26
|
|
|
23
27
|
// Models
|
|
24
28
|
export { CustomAuthAccountData } from "./get_account/auth_flow/CustomAuthAccountData.js";
|
|
@@ -99,9 +99,9 @@ export function createNativeAuthError(
|
|
|
99
99
|
return createBrowserAuthError(
|
|
100
100
|
BrowserAuthErrorCodes.noNetworkConnectivity
|
|
101
101
|
);
|
|
102
|
-
case NativeStatusCodes.
|
|
102
|
+
case NativeStatusCodes.UI_NOT_ALLOWED:
|
|
103
103
|
return createInteractionRequiredAuthError(
|
|
104
|
-
InteractionRequiredAuthErrorCodes.
|
|
104
|
+
InteractionRequiredAuthErrorCodes.uiNotAllowed
|
|
105
105
|
);
|
|
106
106
|
}
|
|
107
107
|
}
|
|
@@ -72,6 +72,7 @@ import {
|
|
|
72
72
|
PlatformAuthConstants,
|
|
73
73
|
TemporaryCacheKeys,
|
|
74
74
|
} from "../utils/BrowserConstants.js";
|
|
75
|
+
import { getCurrentUri } from "../utils/BrowserUtils.js";
|
|
75
76
|
import {
|
|
76
77
|
BaseInteractionClient,
|
|
77
78
|
getDiscoveredAuthority,
|
|
@@ -388,7 +389,10 @@ export class PlatformAuthInteractionClient extends BaseInteractionClient {
|
|
|
388
389
|
noHistory: false,
|
|
389
390
|
};
|
|
390
391
|
const redirectUri = navigateToLoginRequestUrl
|
|
391
|
-
?
|
|
392
|
+
? UrlString.getAbsoluteUrl(
|
|
393
|
+
request.redirectStartPage || window.location.href,
|
|
394
|
+
getCurrentUri()
|
|
395
|
+
)
|
|
392
396
|
: getRedirectUri(
|
|
393
397
|
request.redirectUri,
|
|
394
398
|
this.config.auth.redirectUri,
|
|
@@ -59,6 +59,19 @@ import {
|
|
|
59
59
|
} from "./BaseInteractionClient.js";
|
|
60
60
|
import { validateRequestMethod } from "../request/RequestHelpers.js";
|
|
61
61
|
|
|
62
|
+
/**
|
|
63
|
+
* Signature of the popup-response handler supplied by
|
|
64
|
+
* {@link PublicClientApplication} to {@link PopupClient} via the operating
|
|
65
|
+
* context.
|
|
66
|
+
*
|
|
67
|
+
* @internal
|
|
68
|
+
*/
|
|
69
|
+
export type WaitForPopupResponseFn = (
|
|
70
|
+
request: CommonAuthorizationUrlRequest | CommonEndSessionRequest,
|
|
71
|
+
popupWindow: Window,
|
|
72
|
+
popupWindowParent: Window
|
|
73
|
+
) => Promise<string>;
|
|
74
|
+
|
|
62
75
|
export type PopupParams = {
|
|
63
76
|
popup?: Window | null;
|
|
64
77
|
popupName: string;
|
|
@@ -69,6 +82,9 @@ export type PopupParams = {
|
|
|
69
82
|
export class PopupClient extends StandardInteractionClient {
|
|
70
83
|
private currentWindow: Window | undefined;
|
|
71
84
|
protected nativeStorage: BrowserCacheManager;
|
|
85
|
+
private readonly waitForPopupResponseHook:
|
|
86
|
+
| WaitForPopupResponseFn
|
|
87
|
+
| undefined;
|
|
72
88
|
|
|
73
89
|
constructor(
|
|
74
90
|
config: BrowserConfiguration,
|
|
@@ -80,7 +96,8 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
80
96
|
performanceClient: IPerformanceClient,
|
|
81
97
|
nativeStorageImpl: BrowserCacheManager,
|
|
82
98
|
correlationId: string,
|
|
83
|
-
platformAuthHandler?: IPlatformAuthHandler
|
|
99
|
+
platformAuthHandler?: IPlatformAuthHandler,
|
|
100
|
+
waitForPopupResponseHook?: WaitForPopupResponseFn
|
|
84
101
|
) {
|
|
85
102
|
super(
|
|
86
103
|
config,
|
|
@@ -95,6 +112,7 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
95
112
|
);
|
|
96
113
|
this.nativeStorage = nativeStorageImpl;
|
|
97
114
|
this.eventHandler = eventHandler;
|
|
115
|
+
this.waitForPopupResponseHook = waitForPopupResponseHook;
|
|
98
116
|
}
|
|
99
117
|
|
|
100
118
|
/**
|
|
@@ -369,12 +387,10 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
369
387
|
);
|
|
370
388
|
|
|
371
389
|
// Wait for the redirect bridge response
|
|
372
|
-
const responseString = await
|
|
373
|
-
this.config.system.popupBridgeTimeout,
|
|
374
|
-
this.logger,
|
|
375
|
-
this.browserCrypto,
|
|
390
|
+
const responseString = await this.waitForPopupResponse(
|
|
376
391
|
request,
|
|
377
|
-
|
|
392
|
+
popupWindow,
|
|
393
|
+
popupParams.popupWindowParent
|
|
378
394
|
);
|
|
379
395
|
|
|
380
396
|
const serverParams = invoke(
|
|
@@ -494,18 +510,12 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
494
510
|
|
|
495
511
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
496
512
|
const responseString = await invokeAsync(
|
|
497
|
-
|
|
513
|
+
this.waitForPopupResponse.bind(this),
|
|
498
514
|
BrowserPerformanceEvents.SilentHandlerMonitorIframeForHash,
|
|
499
515
|
this.logger,
|
|
500
516
|
this.performanceClient,
|
|
501
517
|
correlationId
|
|
502
|
-
)(
|
|
503
|
-
this.config.system.popupBridgeTimeout,
|
|
504
|
-
this.logger,
|
|
505
|
-
this.browserCrypto,
|
|
506
|
-
popupRequest,
|
|
507
|
-
this.performanceClient
|
|
508
|
-
);
|
|
518
|
+
)(popupRequest, popupWindow, popupParams.popupWindowParent);
|
|
509
519
|
|
|
510
520
|
const serverParams = invoke(
|
|
511
521
|
ResponseHandler.deserializeResponse,
|
|
@@ -623,18 +633,12 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
623
633
|
|
|
624
634
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
625
635
|
const responseString = await invokeAsync(
|
|
626
|
-
|
|
636
|
+
this.waitForPopupResponse.bind(this),
|
|
627
637
|
BrowserPerformanceEvents.SilentHandlerMonitorIframeForHash,
|
|
628
638
|
this.logger,
|
|
629
639
|
this.performanceClient,
|
|
630
640
|
correlationId
|
|
631
|
-
)(
|
|
632
|
-
this.config.system.popupBridgeTimeout,
|
|
633
|
-
this.logger,
|
|
634
|
-
this.browserCrypto,
|
|
635
|
-
request,
|
|
636
|
-
this.performanceClient
|
|
637
|
-
);
|
|
641
|
+
)(request, popupWindow, popupParams.popupWindowParent);
|
|
638
642
|
|
|
639
643
|
const serverParams = invoke(
|
|
640
644
|
ResponseHandler.deserializeResponse,
|
|
@@ -792,12 +796,10 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
792
796
|
null
|
|
793
797
|
);
|
|
794
798
|
|
|
795
|
-
await
|
|
796
|
-
this.config.system.popupBridgeTimeout,
|
|
797
|
-
this.logger,
|
|
798
|
-
this.browserCrypto,
|
|
799
|
+
await this.waitForPopupResponse(
|
|
799
800
|
validRequest,
|
|
800
|
-
|
|
801
|
+
popupWindow,
|
|
802
|
+
popupParams.popupWindowParent
|
|
801
803
|
).catch(() => {
|
|
802
804
|
// Swallow any errors related to monitoring the window. Server logout is best effort
|
|
803
805
|
});
|
|
@@ -922,6 +924,22 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
922
924
|
BrowserAuthErrorCodes.emptyWindowError
|
|
923
925
|
);
|
|
924
926
|
}
|
|
927
|
+
try {
|
|
928
|
+
popupWindow.document.title = "Microsoft Authentication";
|
|
929
|
+
} catch (e) {
|
|
930
|
+
if (
|
|
931
|
+
typeof DOMException !== "undefined" &&
|
|
932
|
+
e instanceof DOMException &&
|
|
933
|
+
e.name === "SecurityError"
|
|
934
|
+
) {
|
|
935
|
+
// Cross-origin - title cannot be set
|
|
936
|
+
} else {
|
|
937
|
+
this.logger.verbose(
|
|
938
|
+
"Could not set document.title on popup window",
|
|
939
|
+
this.correlationId
|
|
940
|
+
);
|
|
941
|
+
}
|
|
942
|
+
}
|
|
925
943
|
if (popupWindow.focus) {
|
|
926
944
|
popupWindow.focus();
|
|
927
945
|
}
|
|
@@ -1043,4 +1061,24 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
1043
1061
|
const homeAccountId = request.account && request.account.homeAccountId;
|
|
1044
1062
|
return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
|
|
1045
1063
|
}
|
|
1064
|
+
|
|
1065
|
+
protected async waitForPopupResponse(
|
|
1066
|
+
request: CommonAuthorizationUrlRequest | CommonEndSessionRequest,
|
|
1067
|
+
popupWindow: Window,
|
|
1068
|
+
popupWindowParent: Window
|
|
1069
|
+
): Promise<string> {
|
|
1070
|
+
if (this.waitForPopupResponseHook) {
|
|
1071
|
+
return this.waitForPopupResponseHook(
|
|
1072
|
+
request,
|
|
1073
|
+
popupWindow,
|
|
1074
|
+
popupWindowParent
|
|
1075
|
+
);
|
|
1076
|
+
}
|
|
1077
|
+
return BrowserUtils.waitForBridgeResponse(
|
|
1078
|
+
this.config.system.popupBridgeTimeout,
|
|
1079
|
+
this.logger,
|
|
1080
|
+
request,
|
|
1081
|
+
this.performanceClient
|
|
1082
|
+
);
|
|
1083
|
+
}
|
|
1046
1084
|
}
|