@azure/msal-browser 5.16.0 → 5.17.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app/IPublicClientApplication.mjs +1 -1
- package/dist/app/IPublicClientApplication.mjs.map +1 -1
- package/dist/app/PublicClientApplication.mjs +1 -1
- package/dist/app/PublicClientApplication.mjs.map +1 -1
- package/dist/broker/nativeBroker/NativeStatusCodes.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthDOMHandler.mjs.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthExtensionHandler.mjs.map +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs +1 -1
- package/dist/broker/nativeBroker/PlatformAuthProvider.mjs.map +1 -1
- package/dist/cache/AccountManager.mjs +1 -1
- package/dist/cache/AccountManager.mjs.map +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs +1 -1
- package/dist/cache/AsyncMemoryStorage.mjs.map +1 -1
- package/dist/cache/BrowserCacheManager.mjs +1 -1
- package/dist/cache/BrowserCacheManager.mjs.map +1 -1
- package/dist/cache/CacheHelpers.mjs +1 -1
- package/dist/cache/CacheHelpers.mjs.map +1 -1
- package/dist/cache/CacheKeys.mjs +1 -1
- package/dist/cache/CacheKeys.mjs.map +1 -1
- package/dist/cache/CookieStorage.mjs +1 -1
- package/dist/cache/CookieStorage.mjs.map +1 -1
- package/dist/cache/DatabaseStorage.mjs +1 -1
- package/dist/cache/DatabaseStorage.mjs.map +1 -1
- package/dist/cache/EncryptedData.mjs +1 -1
- package/dist/cache/LocalStorage.mjs +1 -1
- package/dist/cache/LocalStorage.mjs.map +1 -1
- package/dist/cache/MemoryStorage.mjs +1 -1
- package/dist/cache/MemoryStorage.mjs.map +1 -1
- package/dist/cache/SessionStorage.mjs +1 -1
- package/dist/cache/SessionStorage.mjs.map +1 -1
- package/dist/cache/TokenCache.mjs +1 -1
- package/dist/cache/TokenCache.mjs.map +1 -1
- package/dist/config/Configuration.mjs +2 -1
- package/dist/config/Configuration.mjs.map +1 -1
- package/dist/controllers/NestedAppAuthController.mjs +1 -1
- package/dist/controllers/NestedAppAuthController.mjs.map +1 -1
- package/dist/controllers/StandardController.mjs +2 -2
- package/dist/controllers/StandardController.mjs.map +1 -1
- package/dist/crypto/BrowserCrypto.mjs +61 -12
- package/dist/crypto/BrowserCrypto.mjs.map +1 -1
- package/dist/crypto/CryptoOps.mjs +6 -12
- package/dist/crypto/CryptoOps.mjs.map +1 -1
- package/dist/crypto/PkceGenerator.mjs +1 -1
- package/dist/crypto/PkceGenerator.mjs.map +1 -1
- package/dist/crypto/SignedHttpRequest.mjs +1 -1
- package/dist/crypto/SignedHttpRequest.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs +1 -1
- package/dist/custom_auth/CustomAuthConstants.mjs.map +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs +1 -1
- package/dist/custom_auth/CustomAuthPublicClientApplication.mjs.map +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs +1 -1
- package/dist/custom_auth/controller/CustomAuthStandardController.mjs.map +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs +1 -1
- package/dist/custom_auth/core/CustomAuthAuthority.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowErrorBase.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowResultBase.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/AuthFlowStateTypes.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/error_type/AuthMethodRegistrationError.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationChallengeMethodResult.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/result/AuthMethodRegistrationSubmitChallengeResult.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationCompletedState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationFailedState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/jit/state/AuthMethodRegistrationState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/error_type/MfaError.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaRequestChallengeResult.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/result/MfaSubmitChallengeResult.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaCompletedState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaFailedState.mjs.map +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs +1 -1
- package/dist/custom_auth/core/auth_flow/mfa/state/MfaState.mjs.map +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthApiError.mjs.map +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/CustomAuthError.mjs.map +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs +1 -1
- package/dist/custom_auth/core/error/HttpError.mjs.map +1 -1
- package/dist/custom_auth/core/error/HttpErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidArgumentError.mjs.map +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationError.mjs.map +1 -1
- package/dist/custom_auth/core/error/InvalidConfigurationErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs +1 -1
- package/dist/custom_auth/core/error/MethodNotImplementedError.mjs.map +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs +1 -1
- package/dist/custom_auth/core/error/MsalCustomAuthError.mjs.map +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs +1 -1
- package/dist/custom_auth/core/error/NoCachedAccountFoundError.mjs.map +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs +1 -1
- package/dist/custom_auth/core/error/ParsedUrlError.mjs.map +1 -1
- package/dist/custom_auth/core/error/ParsedUrlErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs +1 -1
- package/dist/custom_auth/core/error/UnexpectedError.mjs.map +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs +1 -1
- package/dist/custom_auth/core/error/UnsupportedEnvironmentError.mjs.map +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAccountAttributeError.mjs.map +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs +1 -1
- package/dist/custom_auth/core/error/UserAlreadySignedInError.mjs.map +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInteractionClientBase.mjs.map +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/CustomAuthInterationClientFactory.mjs.map +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/jit/JitClient.mjs.map +1 -1
- package/dist/custom_auth/core/interaction_client/jit/result/JitActionResult.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/MfaClient.mjs.map +1 -1
- package/dist/custom_auth/core/interaction_client/mfa/result/MfaActionResult.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/BaseApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/CustomAuthApiEndpoint.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/RegisterApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/ResetPasswordApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignInApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/SignupApiClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiErrorCodes.mjs +1 -1
- package/dist/custom_auth/core/network_client/custom_auth_api/types/ApiSuberrors.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/FetchHttpClient.mjs.map +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs +1 -1
- package/dist/custom_auth/core/network_client/http_client/IHttpClient.mjs.map +1 -1
- package/dist/custom_auth/core/telemetry/PublicApiId.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs +1 -1
- package/dist/custom_auth/core/utils/ArgumentValidator.mjs.map +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs +1 -1
- package/dist/custom_auth/core/utils/CustomHeaderUtils.mjs.map +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs +1 -1
- package/dist/custom_auth/core/utils/UrlUtils.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/CustomAuthAccountData.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/error_type/GetAccountError.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccessTokenResult.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/GetAccountResult.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/result/SignOutResult.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccessTokenState.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/GetAccountState.mjs.map +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs +1 -1
- package/dist/custom_auth/get_account/auth_flow/state/SignOutState.mjs.map +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs +1 -1
- package/dist/custom_auth/get_account/interaction_client/CustomAuthSilentCacheClient.mjs.map +1 -1
- package/dist/custom_auth/index.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs +1 -1
- package/dist/custom_auth/operating_context/CustomAuthOperatingContext.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/error_type/ResetPasswordError.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordResendCodeResult.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordStartResult.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitCodeResult.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/result/ResetPasswordSubmitPasswordResult.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCodeRequiredState.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordCompletedState.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordFailedState.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordPasswordRequiredState.mjs.map +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs +1 -1
- package/dist/custom_auth/reset_password/auth_flow/state/ResetPasswordState.mjs.map +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs +1 -1
- package/dist/custom_auth/reset_password/interaction_client/ResetPasswordClient.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/SignInScenario.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/error_type/SignInError.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResendCodeResult.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInResult.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitCodeResult.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/result/SignInSubmitPasswordResult.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCodeRequiredState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInCompletedState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInContinuationState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInFailedState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInPasswordRequiredState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs +1 -1
- package/dist/custom_auth/sign_in/auth_flow/state/SignInState.mjs.map +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs +1 -1
- package/dist/custom_auth/sign_in/interaction_client/SignInClient.mjs.map +1 -1
- package/dist/custom_auth/sign_in/interaction_client/result/SignInActionResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/error_type/SignUpError.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResendCodeResult.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpResult.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitAttributesResult.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitCodeResult.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/result/SignUpSubmitPasswordResult.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpAttributesRequiredState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCodeRequiredState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpCompletedState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpFailedState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpPasswordRequiredState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs +1 -1
- package/dist/custom_auth/sign_up/auth_flow/state/SignUpState.mjs.map +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs +1 -1
- package/dist/custom_auth/sign_up/interaction_client/SignUpClient.mjs.map +1 -1
- package/dist/custom_auth/sign_up/interaction_client/result/SignUpActionResult.mjs +1 -1
- package/dist/encode/Base64Decode.mjs +1 -1
- package/dist/encode/Base64Encode.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs +1 -1
- package/dist/error/BrowserAuthError.mjs.map +1 -1
- package/dist/error/BrowserAuthErrorCodes.mjs +4 -2
- package/dist/error/BrowserAuthErrorCodes.mjs.map +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs +1 -1
- package/dist/error/BrowserConfigurationAuthError.mjs.map +1 -1
- package/dist/error/BrowserConfigurationAuthErrorCodes.mjs +1 -1
- package/dist/error/NativeAuthError.mjs +1 -1
- package/dist/error/NativeAuthError.mjs.map +1 -1
- package/dist/error/NativeAuthErrorCodes.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs +1 -1
- package/dist/error/NestedAppAuthError.mjs.map +1 -1
- package/dist/event/EventHandler.mjs +1 -1
- package/dist/event/EventHandler.mjs.map +1 -1
- package/dist/event/EventMessage.mjs +1 -1
- package/dist/event/EventMessage.mjs.map +1 -1
- package/dist/event/EventType.mjs +1 -1
- package/dist/event/EventType.mjs.map +1 -1
- package/dist/index.mjs +1 -1
- package/dist/index.mjs.map +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs +1 -1
- package/dist/interaction_client/BaseInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs +1 -1
- package/dist/interaction_client/HybridSpaAuthorizationCodeClient.mjs.map +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs +1 -1
- package/dist/interaction_client/PlatformAuthInteractionClient.mjs.map +1 -1
- package/dist/interaction_client/PopupClient.mjs +77 -10
- package/dist/interaction_client/PopupClient.mjs.map +1 -1
- package/dist/interaction_client/RedirectClient.mjs +1 -1
- package/dist/interaction_client/RedirectClient.mjs.map +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs +1 -1
- package/dist/interaction_client/SilentAuthCodeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs +1 -1
- package/dist/interaction_client/SilentCacheClient.mjs.map +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs +1 -1
- package/dist/interaction_client/SilentIframeClient.mjs.map +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs +1 -1
- package/dist/interaction_client/SilentRefreshClient.mjs.map +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs +1 -1
- package/dist/interaction_client/StandardInteractionClient.mjs.map +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs +1 -1
- package/dist/interaction_handler/InteractionHandler.mjs.map +1 -1
- package/dist/interaction_handler/SilentHandler.mjs +1 -1
- package/dist/interaction_handler/SilentHandler.mjs.map +1 -1
- package/dist/log-strings-mapping.json +7 -3
- package/dist/naa/BridgeError.mjs +1 -1
- package/dist/naa/BridgeProxy.mjs +2 -2
- package/dist/naa/BridgeProxy.mjs.map +1 -1
- package/dist/naa/BridgeStatusCode.mjs +1 -1
- package/dist/naa/BridgeStatusCode.mjs.map +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs +1 -1
- package/dist/naa/mapping/NestedAppAuthAdapter.mjs.map +1 -1
- package/dist/navigation/NavigationClient.mjs +1 -1
- package/dist/navigation/NavigationClient.mjs.map +1 -1
- package/dist/network/FetchClient.mjs +1 -1
- package/dist/network/FetchClient.mjs.map +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs +1 -1
- package/dist/operatingcontext/BaseOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs +1 -1
- package/dist/operatingcontext/NestedAppOperatingContext.mjs.map +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs +1 -1
- package/dist/operatingcontext/StandardOperatingContext.mjs.map +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/popup_relay/constants.mjs +21 -0
- package/dist/popup_relay/constants.mjs.map +1 -0
- package/dist/popup_relay/index.mjs +163 -0
- package/dist/popup_relay/index.mjs.map +1 -0
- package/dist/popup_relay/relayClient.mjs +114 -0
- package/dist/popup_relay/relayClient.mjs.map +1 -0
- package/dist/protocol/Authorize.mjs +42 -24
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/redirect_bridge/index.mjs +1 -1
- package/dist/redirect_bridge/index.mjs.map +1 -1
- package/dist/request/RequestHelpers.mjs +1 -1
- package/dist/request/RequestHelpers.mjs.map +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceEvents.mjs.map +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs +1 -1
- package/dist/telemetry/BrowserPerformanceMeasurement.mjs.map +1 -1
- package/dist/telemetry/BrowserRootPerformanceEvents.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs +1 -1
- package/dist/utils/BrowserConstants.mjs.map +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs +1 -1
- package/dist/utils/BrowserProtocolUtils.mjs.map +1 -1
- package/dist/utils/BrowserUtils.mjs +2 -2
- package/dist/utils/BrowserUtils.mjs.map +1 -1
- package/dist/utils/Helpers.mjs +1 -1
- package/dist/utils/Helpers.mjs.map +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs +1 -1
- package/dist/utils/MsalFrameStatsUtils.mjs.map +1 -1
- package/lib/custom-auth-path/log-strings-mapping.json +7 -3
- package/lib/custom-auth-path/msal-custom-auth.cjs +6047 -5793
- package/lib/custom-auth-path/msal-custom-auth.cjs.map +1 -1
- package/lib/custom-auth-path/msal-custom-auth.js +6047 -5793
- package/lib/custom-auth-path/msal-custom-auth.js.map +1 -1
- package/lib/log-strings-mapping.json +7 -3
- package/lib/msal-browser.cjs +6875 -6613
- package/lib/msal-browser.cjs.map +1 -1
- package/lib/msal-browser.js +6875 -6613
- package/lib/msal-browser.js.map +1 -1
- package/lib/msal-browser.min.js +2 -2
- package/lib/popup-relay/msal-popup-relay.cjs +278 -0
- package/lib/popup-relay/msal-popup-relay.cjs.map +1 -0
- package/lib/popup-relay/msal-popup-relay.js +284 -0
- package/lib/popup-relay/msal-popup-relay.js.map +1 -0
- package/lib/popup-relay/msal-popup-relay.min.js +2 -0
- package/lib/redirect-bridge/msal-redirect-bridge.cjs +39 -39
- package/lib/redirect-bridge/msal-redirect-bridge.cjs.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.js +39 -39
- package/lib/redirect-bridge/msal-redirect-bridge.js.map +1 -1
- package/lib/redirect-bridge/msal-redirect-bridge.min.js +2 -2
- package/package.json +14 -3
- package/scripts/README.md +112 -0
- package/scripts/decode-logs.cjs +822 -0
- package/src/config/Configuration.ts +18 -0
- package/src/crypto/BrowserCrypto.ts +104 -9
- package/src/crypto/CryptoOps.ts +13 -12
- package/src/error/BrowserAuthErrorCodes.ts +2 -0
- package/src/interaction_client/PopupClient.ts +137 -23
- package/src/packageMetadata.ts +1 -1
- package/src/popup_relay/constants.ts +17 -0
- package/src/popup_relay/index.ts +221 -0
- package/src/popup_relay/relayClient.ts +178 -0
- package/src/protocol/Authorize.ts +76 -27
- package/types/config/Configuration.d.ts +16 -0
- package/types/config/Configuration.d.ts.map +1 -1
- package/types/crypto/BrowserCrypto.d.ts +19 -5
- package/types/crypto/BrowserCrypto.d.ts.map +1 -1
- package/types/crypto/CryptoOps.d.ts.map +1 -1
- package/types/custom_auth/CustomAuthConstants.d.ts +1 -1
- package/types/error/BrowserAuthErrorCodes.d.ts +2 -0
- package/types/error/BrowserAuthErrorCodes.d.ts.map +1 -1
- package/types/interaction_client/PopupClient.d.ts +13 -0
- package/types/interaction_client/PopupClient.d.ts.map +1 -1
- package/types/packageMetadata.d.ts +1 -1
- package/types/popup_relay/constants.d.ts +13 -0
- package/types/popup_relay/constants.d.ts.map +1 -0
- package/types/popup_relay/index.d.cts +1 -0
- package/types/popup_relay/index.d.ts +42 -0
- package/types/popup_relay/index.d.ts.map +1 -0
- package/types/popup_relay/relayClient.d.ts +43 -0
- package/types/popup_relay/relayClient.d.ts.map +1 -0
- package/types/protocol/Authorize.d.ts +25 -0
- package/types/protocol/Authorize.d.ts.map +1 -1
|
@@ -67,6 +67,23 @@ export type BrowserAuthOptions = {
|
|
|
67
67
|
*/
|
|
68
68
|
postLogoutRedirectUri?: string | null;
|
|
69
69
|
|
|
70
|
+
/**
|
|
71
|
+
* URI of a first-party, top-level "popup-relay" page used to acquire tokens
|
|
72
|
+
* interactively from inside a cross-origin iframe that an untrusted host has
|
|
73
|
+
* embedded (where third-party storage partitioning and COOP break the normal
|
|
74
|
+
* popup flow). When set, `acquireTokenPopup` opens this page top-level
|
|
75
|
+
* instead of navigating the popup straight to the IdP, and the page must call
|
|
76
|
+
* `runPopupRelay()`. Resolved relative to the app origin, so it must be
|
|
77
|
+
* same-origin as the embedded frame.
|
|
78
|
+
*
|
|
79
|
+
* This is a browser SPA-only mechanism (`PublicClientApplication` in
|
|
80
|
+
* `@azure/msal-browser`): it brokers the standard interactive popup
|
|
81
|
+
* auth-code flow through a same-origin page. It does not apply to native
|
|
82
|
+
* app, platform broker (WAM), Nested App Auth, or confidential-client /
|
|
83
|
+
* server-side scenarios.
|
|
84
|
+
*/
|
|
85
|
+
popupRelayUri?: string;
|
|
86
|
+
|
|
70
87
|
/**
|
|
71
88
|
* Array of capabilities which will be added to the claims.access_token.xms_cc request property on every network request.
|
|
72
89
|
*/
|
|
@@ -271,6 +288,7 @@ export function buildConfiguration(
|
|
|
271
288
|
? window.location.href.split("?")[0].split("#")[0]
|
|
272
289
|
: "",
|
|
273
290
|
postLogoutRedirectUri: "",
|
|
291
|
+
popupRelayUri: "",
|
|
274
292
|
clientCapabilities: [],
|
|
275
293
|
OIDCOptions: {
|
|
276
294
|
responseMode: Constants.ResponseMode.FRAGMENT,
|
|
@@ -25,6 +25,14 @@ const AES_GCM = "AES-GCM";
|
|
|
25
25
|
const HKDF = "HKDF";
|
|
26
26
|
// SHA-256 hashing algorithm
|
|
27
27
|
const S256_HASH_ALG = "SHA-256";
|
|
28
|
+
// JWK values used by browser-internal WebCrypto helpers.
|
|
29
|
+
const JSON_WEB_KEY_CURVE_P256 = "P-256";
|
|
30
|
+
const JSON_WEB_KEY_TYPE_EC = "EC";
|
|
31
|
+
const JSON_WEB_KEY_TYPE_RSA = "RSA";
|
|
32
|
+
const MISSING_JWK_KTY_SUBERROR = "missing_jwk_kty";
|
|
33
|
+
const UNSUPPORTED_JWK_KTY_SUBERROR = "unsupported_jwk_kty";
|
|
34
|
+
const MISSING_JWK_MEMBER_SUBERROR = "missing_jwk_member";
|
|
35
|
+
const EMPTY_JWK_MEMBER_SUBERROR = "empty_jwk_member";
|
|
28
36
|
// MOD length for PoP tokens
|
|
29
37
|
const MODULUS_LENGTH = 2048;
|
|
30
38
|
// Public Exponent
|
|
@@ -44,13 +52,27 @@ const DERIVE_KEY = "deriveKey";
|
|
|
44
52
|
// Suberror
|
|
45
53
|
const SUBTLE_SUBERROR = "crypto_subtle_undefined";
|
|
46
54
|
|
|
47
|
-
const
|
|
55
|
+
export const RSA_KEYGEN_ALGORITHM_OPTIONS: RsaHashedKeyGenParams = {
|
|
48
56
|
name: PKCS1_V15_KEYGEN_ALG,
|
|
49
57
|
hash: S256_HASH_ALG,
|
|
50
58
|
modulusLength: MODULUS_LENGTH,
|
|
51
59
|
publicExponent: PUBLIC_EXPONENT,
|
|
52
60
|
};
|
|
53
61
|
|
|
62
|
+
export const RSA_SIGN_ALGORITHM_OPTIONS: Algorithm = {
|
|
63
|
+
name: PKCS1_V15_KEYGEN_ALG,
|
|
64
|
+
};
|
|
65
|
+
|
|
66
|
+
export const ECDSA_P256_KEYGEN_ALGORITHM_OPTIONS: EcKeyGenParams = {
|
|
67
|
+
name: "ECDSA",
|
|
68
|
+
namedCurve: JSON_WEB_KEY_CURVE_P256,
|
|
69
|
+
};
|
|
70
|
+
|
|
71
|
+
export const ECDSA_SHA256_SIGN_ALGORITHM_OPTIONS: EcdsaParams = {
|
|
72
|
+
name: "ECDSA",
|
|
73
|
+
hash: { name: S256_HASH_ALG },
|
|
74
|
+
};
|
|
75
|
+
|
|
54
76
|
/**
|
|
55
77
|
* Check whether browser crypto is available.
|
|
56
78
|
*/
|
|
@@ -157,16 +179,18 @@ export function createNewGuid(): string {
|
|
|
157
179
|
}
|
|
158
180
|
|
|
159
181
|
/**
|
|
160
|
-
* Generates a keypair based on
|
|
182
|
+
* Generates a keypair based on the provided algorithm config.
|
|
161
183
|
* @param extractable
|
|
162
184
|
* @param usages
|
|
185
|
+
* @param algorithm
|
|
163
186
|
*/
|
|
164
187
|
export async function generateKeyPair(
|
|
165
188
|
extractable: boolean,
|
|
166
|
-
usages: Array<KeyUsage
|
|
189
|
+
usages: Array<KeyUsage>,
|
|
190
|
+
algorithm: AlgorithmIdentifier
|
|
167
191
|
): Promise<CryptoKeyPair> {
|
|
168
192
|
return window.crypto.subtle.generateKey(
|
|
169
|
-
|
|
193
|
+
algorithm,
|
|
170
194
|
extractable,
|
|
171
195
|
usages
|
|
172
196
|
) as Promise<CryptoKeyPair>;
|
|
@@ -188,32 +212,36 @@ export async function exportJwk(key: CryptoKey): Promise<JsonWebKey> {
|
|
|
188
212
|
* @param key
|
|
189
213
|
* @param extractable
|
|
190
214
|
* @param usages
|
|
215
|
+
* @param algorithm
|
|
191
216
|
*/
|
|
192
217
|
export async function importJwk(
|
|
193
218
|
key: JsonWebKey,
|
|
194
219
|
extractable: boolean,
|
|
195
|
-
usages: Array<KeyUsage
|
|
220
|
+
usages: Array<KeyUsage>,
|
|
221
|
+
algorithm: AlgorithmIdentifier
|
|
196
222
|
): Promise<CryptoKey> {
|
|
197
223
|
return window.crypto.subtle.importKey(
|
|
198
224
|
KEY_FORMAT_JWK,
|
|
199
225
|
key,
|
|
200
|
-
|
|
226
|
+
algorithm,
|
|
201
227
|
extractable,
|
|
202
228
|
usages
|
|
203
229
|
) as Promise<CryptoKey>;
|
|
204
230
|
}
|
|
205
231
|
|
|
206
232
|
/**
|
|
207
|
-
* Signs given data with given key
|
|
233
|
+
* Signs given data with given key.
|
|
208
234
|
* @param key
|
|
209
235
|
* @param data
|
|
236
|
+
* @param algorithm
|
|
210
237
|
*/
|
|
211
238
|
export async function sign(
|
|
212
239
|
key: CryptoKey,
|
|
213
|
-
data: ArrayBuffer
|
|
240
|
+
data: ArrayBuffer,
|
|
241
|
+
algorithm: AlgorithmIdentifier
|
|
214
242
|
): Promise<ArrayBuffer> {
|
|
215
243
|
return window.crypto.subtle.sign(
|
|
216
|
-
|
|
244
|
+
algorithm,
|
|
217
245
|
key,
|
|
218
246
|
data
|
|
219
247
|
) as Promise<ArrayBuffer>;
|
|
@@ -428,3 +456,70 @@ export async function hashString(plainText: string): Promise<string> {
|
|
|
428
456
|
const hashBytes = new Uint8Array(hashBuffer);
|
|
429
457
|
return urlEncodeArr(hashBytes);
|
|
430
458
|
}
|
|
459
|
+
|
|
460
|
+
const JWK_THUMBPRINT_REQUIRED_MEMBERS: Record<string, Array<string>> = {
|
|
461
|
+
[JSON_WEB_KEY_TYPE_EC]: ["crv", "kty", "x", "y"],
|
|
462
|
+
[JSON_WEB_KEY_TYPE_RSA]: ["e", "kty", "n"],
|
|
463
|
+
};
|
|
464
|
+
|
|
465
|
+
function getJwkThumbprintMembers(
|
|
466
|
+
publicJwk: JsonWebKey
|
|
467
|
+
): Record<string, string> {
|
|
468
|
+
const kty = publicJwk.kty;
|
|
469
|
+
if (typeof kty !== "string" || kty.length === 0) {
|
|
470
|
+
throw createBrowserAuthError(
|
|
471
|
+
BrowserAuthErrorCodes.invalidPublicJwk,
|
|
472
|
+
"",
|
|
473
|
+
MISSING_JWK_KTY_SUBERROR
|
|
474
|
+
);
|
|
475
|
+
}
|
|
476
|
+
|
|
477
|
+
const requiredMembers = JWK_THUMBPRINT_REQUIRED_MEMBERS[kty];
|
|
478
|
+
if (!requiredMembers) {
|
|
479
|
+
throw createBrowserAuthError(
|
|
480
|
+
BrowserAuthErrorCodes.invalidPublicJwk,
|
|
481
|
+
"",
|
|
482
|
+
UNSUPPORTED_JWK_KTY_SUBERROR
|
|
483
|
+
);
|
|
484
|
+
}
|
|
485
|
+
|
|
486
|
+
return requiredMembers.reduce((thumbprintMembers, memberName) => {
|
|
487
|
+
const memberValue = publicJwk[memberName as keyof JsonWebKey];
|
|
488
|
+
if (typeof memberValue !== "string") {
|
|
489
|
+
throw createBrowserAuthError(
|
|
490
|
+
BrowserAuthErrorCodes.invalidPublicJwk,
|
|
491
|
+
"",
|
|
492
|
+
MISSING_JWK_MEMBER_SUBERROR
|
|
493
|
+
);
|
|
494
|
+
}
|
|
495
|
+
|
|
496
|
+
if (memberValue.length === 0) {
|
|
497
|
+
throw createBrowserAuthError(
|
|
498
|
+
BrowserAuthErrorCodes.invalidPublicJwk,
|
|
499
|
+
"",
|
|
500
|
+
EMPTY_JWK_MEMBER_SUBERROR
|
|
501
|
+
);
|
|
502
|
+
}
|
|
503
|
+
|
|
504
|
+
thumbprintMembers[memberName] = memberValue;
|
|
505
|
+
return thumbprintMembers;
|
|
506
|
+
}, {} as Record<string, string>);
|
|
507
|
+
}
|
|
508
|
+
|
|
509
|
+
/**
|
|
510
|
+
* Computes an RFC 7638 JWK thumbprint for a public key.
|
|
511
|
+
* The required members for the JWK key type are serialised in lexicographic order
|
|
512
|
+
* and the SHA-256 digest is returned as a base64url string.
|
|
513
|
+
* @internal
|
|
514
|
+
*/
|
|
515
|
+
export async function computeJwkThumbprint(
|
|
516
|
+
publicJwk: JsonWebKey
|
|
517
|
+
): Promise<string> {
|
|
518
|
+
const thumbprintMembers = getJwkThumbprintMembers(publicJwk);
|
|
519
|
+
// RFC 7638 §3.3: use only required members, sorted lexicographically
|
|
520
|
+
const thumbprintJson = JSON.stringify(
|
|
521
|
+
thumbprintMembers,
|
|
522
|
+
Object.keys(thumbprintMembers).sort()
|
|
523
|
+
);
|
|
524
|
+
return hashString(thumbprintJson);
|
|
525
|
+
}
|
package/src/crypto/CryptoOps.ts
CHANGED
|
@@ -123,7 +123,8 @@ export class CryptoOps implements ICrypto {
|
|
|
123
123
|
// Generate Keypair
|
|
124
124
|
const keyPair: CryptoKeyPair = await BrowserCrypto.generateKeyPair(
|
|
125
125
|
CryptoOps.EXTRACTABLE,
|
|
126
|
-
CryptoOps.POP_KEY_USAGES
|
|
126
|
+
CryptoOps.POP_KEY_USAGES,
|
|
127
|
+
BrowserCrypto.RSA_KEYGEN_ALGORITHM_OPTIONS
|
|
127
128
|
);
|
|
128
129
|
|
|
129
130
|
// Generate Thumbprint for Public Key
|
|
@@ -131,15 +132,9 @@ export class CryptoOps implements ICrypto {
|
|
|
131
132
|
keyPair.publicKey
|
|
132
133
|
);
|
|
133
134
|
|
|
134
|
-
const
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
n: publicKeyJwk.n,
|
|
138
|
-
};
|
|
139
|
-
|
|
140
|
-
const publicJwkString: string =
|
|
141
|
-
getSortedObjectString(pubKeyThumprintObj);
|
|
142
|
-
const publicJwkHash = await this.hashString(publicJwkString);
|
|
135
|
+
const publicJwkHash = await BrowserCrypto.computeJwkThumbprint(
|
|
136
|
+
publicKeyJwk
|
|
137
|
+
);
|
|
143
138
|
|
|
144
139
|
// Generate Thumbprint for Private Key
|
|
145
140
|
const privateKeyJwk: JsonWebKey = await BrowserCrypto.exportJwk(
|
|
@@ -147,7 +142,12 @@ export class CryptoOps implements ICrypto {
|
|
|
147
142
|
);
|
|
148
143
|
// Re-import private key to make it unextractable
|
|
149
144
|
const unextractablePrivateKey: CryptoKey =
|
|
150
|
-
await BrowserCrypto.importJwk(
|
|
145
|
+
await BrowserCrypto.importJwk(
|
|
146
|
+
privateKeyJwk,
|
|
147
|
+
false,
|
|
148
|
+
["sign"],
|
|
149
|
+
BrowserCrypto.RSA_KEYGEN_ALGORITHM_OPTIONS
|
|
150
|
+
);
|
|
151
151
|
|
|
152
152
|
// Store Keypair data in keystore
|
|
153
153
|
await this.cache.setItem(
|
|
@@ -278,7 +278,8 @@ export class CryptoOps implements ICrypto {
|
|
|
278
278
|
const tokenBuffer = encoder.encode(tokenString);
|
|
279
279
|
const signatureBuffer = await BrowserCrypto.sign(
|
|
280
280
|
cachedKeyPair.privateKey,
|
|
281
|
-
tokenBuffer
|
|
281
|
+
tokenBuffer,
|
|
282
|
+
BrowserCrypto.RSA_SIGN_ALGORITHM_OPTIONS
|
|
282
283
|
);
|
|
283
284
|
const encodedSignature = urlEncodeArr(new Uint8Array(signatureBuffer));
|
|
284
285
|
|
|
@@ -24,6 +24,7 @@ export const redirectBridgeEmptyResponse = "redirect_bridge_empty_response";
|
|
|
24
24
|
export const redirectInIframe = "redirect_in_iframe";
|
|
25
25
|
export const blockIframeReload = "block_iframe_reload";
|
|
26
26
|
export const blockNestedPopups = "block_nested_popups";
|
|
27
|
+
export const popupRelayUnsupportedFlow = "popup_relay_unsupported_flow";
|
|
27
28
|
export const iframeClosedPrematurely = "iframe_closed_prematurely";
|
|
28
29
|
export const silentLogoutUnsupported = "silent_logout_unsupported";
|
|
29
30
|
export const noAccountError = "no_account_error";
|
|
@@ -41,6 +42,7 @@ export const getRequestFailed = "get_request_failed";
|
|
|
41
42
|
export const failedToParseResponse = "failed_to_parse_response";
|
|
42
43
|
export const unableToLoadToken = "unable_to_load_token";
|
|
43
44
|
export const cryptoKeyNotFound = "crypto_key_not_found";
|
|
45
|
+
export const invalidPublicJwk = "invalid_public_jwk";
|
|
44
46
|
export const authCodeRequired = "auth_code_required";
|
|
45
47
|
export const authCodeOrNativeAccountIdRequired =
|
|
46
48
|
"auth_code_or_nativeAccountId_required";
|
|
@@ -19,6 +19,7 @@ import {
|
|
|
19
19
|
PkceCodes,
|
|
20
20
|
CommonAuthorizationUrlRequest,
|
|
21
21
|
ProtocolUtils,
|
|
22
|
+
Authority,
|
|
22
23
|
} from "@azure/msal-common/browser";
|
|
23
24
|
import {
|
|
24
25
|
initializeAuthorizationRequest,
|
|
@@ -34,6 +35,8 @@ import {
|
|
|
34
35
|
import { EndSessionPopupRequest } from "../request/EndSessionPopupRequest.js";
|
|
35
36
|
import { NavigationOptions } from "../navigation/NavigationOptions.js";
|
|
36
37
|
import * as BrowserUtils from "../utils/BrowserUtils.js";
|
|
38
|
+
import * as PopupRelay from "../popup_relay/relayClient.js";
|
|
39
|
+
import { base64Decode } from "../encode/Base64Decode.js";
|
|
37
40
|
import { PopupRequest } from "../request/PopupRequest.js";
|
|
38
41
|
import {
|
|
39
42
|
createBrowserAuthError,
|
|
@@ -375,9 +378,26 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
375
378
|
this.performanceClient
|
|
376
379
|
);
|
|
377
380
|
|
|
381
|
+
/*
|
|
382
|
+
* When a popup-relay page is configured, open it top-level
|
|
383
|
+
* (same first-party origin) instead of navigating the popup
|
|
384
|
+
* straight to the IdP, and carry the /authorize URL in its hash.
|
|
385
|
+
* The relay page opens the IdP child popup and relays the
|
|
386
|
+
* response back via postMessage (see waitForPopupResponse).
|
|
387
|
+
*/
|
|
388
|
+
const popupRelayUri = this.config.auth.popupRelayUri;
|
|
389
|
+
const popupNavigateUrl = popupRelayUri
|
|
390
|
+
? PopupRelay.buildPopupRelayUrl(
|
|
391
|
+
popupRelayUri,
|
|
392
|
+
this.getRelayStateId(request.state, correlationId),
|
|
393
|
+
{ method: "GET", url: navigateUrl },
|
|
394
|
+
correlationId
|
|
395
|
+
)
|
|
396
|
+
: navigateUrl;
|
|
397
|
+
|
|
378
398
|
// Show the UI once the url has been created. Get the window handle for the popup.
|
|
379
399
|
const popupWindow: Window = this.initiateAuthRequest(
|
|
380
|
-
|
|
400
|
+
popupNavigateUrl,
|
|
381
401
|
popupParams
|
|
382
402
|
);
|
|
383
403
|
this.eventHandler.emitEvent(
|
|
@@ -497,18 +517,13 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
497
517
|
earJwk: earJwk,
|
|
498
518
|
codeChallenge: pkce.challenge,
|
|
499
519
|
};
|
|
500
|
-
const popupWindow =
|
|
501
|
-
popupParams.popup || this.openPopup("about:blank", popupParams);
|
|
502
|
-
|
|
503
|
-
const form = await Authorize.getEARForm(
|
|
504
|
-
popupWindow.document,
|
|
505
|
-
this.config,
|
|
506
|
-
discoveredAuthority,
|
|
520
|
+
const popupWindow = await this.openPostFormPopup(
|
|
507
521
|
popupRequest,
|
|
508
|
-
|
|
509
|
-
|
|
522
|
+
discoveredAuthority,
|
|
523
|
+
popupParams,
|
|
524
|
+
correlationId,
|
|
525
|
+
true
|
|
510
526
|
);
|
|
511
|
-
form.submit();
|
|
512
527
|
|
|
513
528
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
514
529
|
const responseString = await invokeAsync(
|
|
@@ -621,20 +636,14 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
621
636
|
this.logger
|
|
622
637
|
);
|
|
623
638
|
|
|
624
|
-
const popupWindow =
|
|
625
|
-
popupParams.popup || this.openPopup("about:blank", popupParams);
|
|
626
|
-
|
|
627
|
-
const form = await Authorize.getCodeForm(
|
|
628
|
-
popupWindow.document,
|
|
629
|
-
this.config,
|
|
630
|
-
discoveredAuthority,
|
|
639
|
+
const popupWindow = await this.openPostFormPopup(
|
|
631
640
|
request,
|
|
632
|
-
|
|
633
|
-
|
|
641
|
+
discoveredAuthority,
|
|
642
|
+
popupParams,
|
|
643
|
+
correlationId,
|
|
644
|
+
false
|
|
634
645
|
);
|
|
635
646
|
|
|
636
|
-
form.submit();
|
|
637
|
-
|
|
638
647
|
// Monitor the popup for the hash. Return the string value and close the popup when the hash is received. Default timeout is 60 seconds.
|
|
639
648
|
const responseString = await invokeAsync(
|
|
640
649
|
this.waitForPopupResponse.bind(this),
|
|
@@ -794,8 +803,30 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
794
803
|
validRequest
|
|
795
804
|
);
|
|
796
805
|
|
|
806
|
+
/*
|
|
807
|
+
* When a popup-relay page is configured, open it top-level (same
|
|
808
|
+
* first-party origin) and carry the end-session URL in its hash,
|
|
809
|
+
* exactly like the login flow. The relay page opens the IdP child
|
|
810
|
+
* popup and the post-logout redirect page (running the redirect
|
|
811
|
+
* bridge) relays completion back via postMessage — so logout works
|
|
812
|
+
* from an embedded, cross-origin iframe where a direct popup to the
|
|
813
|
+
* IdP cannot. See runPopupRelay / waitForPopupResponse.
|
|
814
|
+
*/
|
|
815
|
+
const popupRelayUri = this.config.auth.popupRelayUri;
|
|
816
|
+
const popupNavigateUrl = popupRelayUri
|
|
817
|
+
? PopupRelay.buildPopupRelayUrl(
|
|
818
|
+
popupRelayUri,
|
|
819
|
+
this.getRelayStateId(
|
|
820
|
+
validRequest.state || "",
|
|
821
|
+
this.correlationId
|
|
822
|
+
),
|
|
823
|
+
{ method: "GET", url: logoutUri },
|
|
824
|
+
this.correlationId
|
|
825
|
+
)
|
|
826
|
+
: logoutUri;
|
|
827
|
+
|
|
797
828
|
// Open the popup window to requestUrl.
|
|
798
|
-
const popupWindow = this.openPopup(
|
|
829
|
+
const popupWindow = this.openPopup(popupNavigateUrl, popupParams);
|
|
799
830
|
this.eventHandler.emitEvent(
|
|
800
831
|
EventType.POPUP_OPENED,
|
|
801
832
|
validRequest.correlationId,
|
|
@@ -1074,11 +1105,94 @@ export class PopupClient extends StandardInteractionClient {
|
|
|
1074
1105
|
return `${BrowserConstants.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${homeAccountId}.${this.correlationId}`;
|
|
1075
1106
|
}
|
|
1076
1107
|
|
|
1108
|
+
/**
|
|
1109
|
+
* Decodes the per-request library-state id from the encoded request state.
|
|
1110
|
+
*/
|
|
1111
|
+
private getRelayStateId(state: string, correlationId: string): string {
|
|
1112
|
+
return ProtocolUtils.parseRequestState(
|
|
1113
|
+
base64Decode,
|
|
1114
|
+
state,
|
|
1115
|
+
correlationId
|
|
1116
|
+
).libraryState.id;
|
|
1117
|
+
}
|
|
1118
|
+
|
|
1119
|
+
/**
|
|
1120
|
+
* Opens the interactive popup for a POST-form /authorize request. Shared by
|
|
1121
|
+
* the auth-code POST and EAR flows, which are identical apart from the form
|
|
1122
|
+
* builder (`isEAR` selects the EAR vs auth-code builders). When a
|
|
1123
|
+
* popup-relay page is configured the form is carried to the relay page
|
|
1124
|
+
* (which opens the IdP child popup); otherwise the form is submitted
|
|
1125
|
+
* directly into the popup.
|
|
1126
|
+
*/
|
|
1127
|
+
private async openPostFormPopup(
|
|
1128
|
+
request: CommonAuthorizationUrlRequest,
|
|
1129
|
+
discoveredAuthority: Authority,
|
|
1130
|
+
popupParams: PopupParams,
|
|
1131
|
+
correlationId: string,
|
|
1132
|
+
isEAR: boolean
|
|
1133
|
+
): Promise<Window> {
|
|
1134
|
+
const popupRelayUri = this.config.auth.popupRelayUri;
|
|
1135
|
+
if (popupRelayUri) {
|
|
1136
|
+
const getFormData = isEAR
|
|
1137
|
+
? Authorize.getEARFormData
|
|
1138
|
+
: Authorize.getCodeFormData;
|
|
1139
|
+
const formData = await getFormData(
|
|
1140
|
+
this.config,
|
|
1141
|
+
discoveredAuthority,
|
|
1142
|
+
request,
|
|
1143
|
+
this.logger,
|
|
1144
|
+
this.performanceClient
|
|
1145
|
+
);
|
|
1146
|
+
const relayUrl = PopupRelay.buildPopupRelayUrl(
|
|
1147
|
+
popupRelayUri,
|
|
1148
|
+
this.getRelayStateId(request.state, correlationId),
|
|
1149
|
+
{
|
|
1150
|
+
method: "POST",
|
|
1151
|
+
action: formData.action,
|
|
1152
|
+
fields: formData.fields,
|
|
1153
|
+
},
|
|
1154
|
+
correlationId
|
|
1155
|
+
);
|
|
1156
|
+
return this.initiateAuthRequest(relayUrl, popupParams);
|
|
1157
|
+
}
|
|
1158
|
+
|
|
1159
|
+
const popupWindow =
|
|
1160
|
+
popupParams.popup || this.openPopup("about:blank", popupParams);
|
|
1161
|
+
const getForm = isEAR ? Authorize.getEARForm : Authorize.getCodeForm;
|
|
1162
|
+
const form = await getForm(
|
|
1163
|
+
popupWindow.document,
|
|
1164
|
+
this.config,
|
|
1165
|
+
discoveredAuthority,
|
|
1166
|
+
request,
|
|
1167
|
+
this.logger,
|
|
1168
|
+
this.performanceClient
|
|
1169
|
+
);
|
|
1170
|
+
form.submit();
|
|
1171
|
+
return popupWindow;
|
|
1172
|
+
}
|
|
1173
|
+
|
|
1077
1174
|
protected async waitForPopupResponse(
|
|
1078
1175
|
request: CommonAuthorizationUrlRequest | CommonEndSessionRequest,
|
|
1079
1176
|
popupWindow: Window,
|
|
1080
1177
|
popupWindowParent: Window
|
|
1081
1178
|
): Promise<string> {
|
|
1179
|
+
/*
|
|
1180
|
+
* When a popup-relay page is configured the response is relayed back to
|
|
1181
|
+
* this frame by the relay page via postMessage, and the relay popup's
|
|
1182
|
+
* lifecycle (including the user dismissing it before signing in) must be
|
|
1183
|
+
* tracked here. This takes precedence over the default bridge response
|
|
1184
|
+
* hook, whose BroadcastChannel cannot reach a partitioned cross-site
|
|
1185
|
+
* frame and which does not track the relay popup.
|
|
1186
|
+
*/
|
|
1187
|
+
if (this.config.auth.popupRelayUri) {
|
|
1188
|
+
return PopupRelay.waitForPopupRelayResponse(
|
|
1189
|
+
this.config.system.popupBridgeTimeout,
|
|
1190
|
+
this.logger,
|
|
1191
|
+
request,
|
|
1192
|
+
popupWindow,
|
|
1193
|
+
this.performanceClient
|
|
1194
|
+
);
|
|
1195
|
+
}
|
|
1082
1196
|
if (this.waitForPopupResponseHook) {
|
|
1083
1197
|
return this.waitForPopupResponseHook(
|
|
1084
1198
|
request,
|
package/src/packageMetadata.ts
CHANGED
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
/**
|
|
7
|
+
* postMessage envelope type used to relay an auth response from a popup-relay
|
|
8
|
+
* page (see `runPopupRelay`) back to the embedded frame that opened it. See
|
|
9
|
+
* {@link BrowserAuthOptions.popupRelayUri}.
|
|
10
|
+
*
|
|
11
|
+
* Kept dependency-free so both the relay-page entry (`./index.js`) and the
|
|
12
|
+
* client-side helpers (`./relayClient.js`) can import it without either bundle
|
|
13
|
+
* pulling in the other's dependencies.
|
|
14
|
+
*
|
|
15
|
+
* @internal
|
|
16
|
+
*/
|
|
17
|
+
export const POPUP_RELAY_RESPONSE_TYPE = "msal:popup-relay-response:v1";
|