@azure/msal-common 14.13.1 → 14.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (193) hide show
  1. package/dist/account/AccountInfo.d.ts +66 -66
  2. package/dist/account/AccountInfo.mjs +77 -77
  3. package/dist/account/AuthToken.d.ts +17 -17
  4. package/dist/account/AuthToken.mjs +58 -58
  5. package/dist/account/CcsCredential.d.ts +9 -9
  6. package/dist/account/CcsCredential.mjs +8 -8
  7. package/dist/account/ClientCredentials.d.ts +19 -19
  8. package/dist/account/ClientInfo.d.ts +18 -18
  9. package/dist/account/ClientInfo.mjs +37 -37
  10. package/dist/account/TokenClaims.d.ts +83 -83
  11. package/dist/account/TokenClaims.mjs +20 -20
  12. package/dist/authority/Authority.d.ts +254 -254
  13. package/dist/authority/Authority.mjs +836 -836
  14. package/dist/authority/AuthorityFactory.d.ts +18 -18
  15. package/dist/authority/AuthorityFactory.mjs +28 -28
  16. package/dist/authority/AuthorityMetadata.d.ts +43 -43
  17. package/dist/authority/AuthorityMetadata.mjs +137 -137
  18. package/dist/authority/AuthorityOptions.d.ts +27 -27
  19. package/dist/authority/AuthorityOptions.mjs +18 -18
  20. package/dist/authority/AuthorityType.d.ts +10 -10
  21. package/dist/authority/AuthorityType.mjs +13 -13
  22. package/dist/authority/AzureRegion.d.ts +1 -1
  23. package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
  24. package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
  25. package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
  26. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
  27. package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
  28. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
  29. package/dist/authority/ImdsOptions.d.ts +5 -5
  30. package/dist/authority/OIDCOptions.d.ts +8 -8
  31. package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
  32. package/dist/authority/OpenIdConfigResponse.mjs +10 -10
  33. package/dist/authority/ProtocolMode.d.ts +8 -8
  34. package/dist/authority/ProtocolMode.mjs +11 -11
  35. package/dist/authority/RegionDiscovery.d.ts +32 -32
  36. package/dist/authority/RegionDiscovery.mjs +106 -106
  37. package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
  38. package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
  39. package/dist/cache/CacheManager.d.ts +497 -497
  40. package/dist/cache/CacheManager.mjs +1249 -1249
  41. package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
  42. package/dist/cache/entities/AccountEntity.d.ts +106 -106
  43. package/dist/cache/entities/AccountEntity.mjs +240 -240
  44. package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
  45. package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
  46. package/dist/cache/entities/CacheRecord.d.ts +13 -13
  47. package/dist/cache/entities/CredentialEntity.d.ts +30 -30
  48. package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
  49. package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
  50. package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -5
  51. package/dist/cache/entities/ServerTelemetryEntity.d.ts.map +1 -1
  52. package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
  53. package/dist/cache/interface/ICacheManager.d.ts +166 -166
  54. package/dist/cache/interface/ICachePlugin.d.ts +5 -5
  55. package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
  56. package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
  57. package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
  58. package/dist/cache/utils/CacheHelpers.d.ts +94 -94
  59. package/dist/cache/utils/CacheHelpers.mjs +324 -324
  60. package/dist/cache/utils/CacheTypes.d.ts +69 -69
  61. package/dist/client/AuthorizationCodeClient.d.ts +74 -74
  62. package/dist/client/AuthorizationCodeClient.mjs +420 -420
  63. package/dist/client/BaseClient.d.ts +51 -51
  64. package/dist/client/BaseClient.mjs +100 -100
  65. package/dist/client/RefreshTokenClient.d.ts +35 -35
  66. package/dist/client/RefreshTokenClient.mjs +211 -211
  67. package/dist/client/SilentFlowClient.d.ts +27 -27
  68. package/dist/client/SilentFlowClient.mjs +133 -133
  69. package/dist/config/AppTokenProvider.d.ts +38 -38
  70. package/dist/config/ClientConfiguration.d.ts +150 -150
  71. package/dist/config/ClientConfiguration.mjs +95 -95
  72. package/dist/constants/AADServerParamKeys.d.ts +53 -52
  73. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  74. package/dist/constants/AADServerParamKeys.mjs +59 -58
  75. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  76. package/dist/crypto/ICrypto.d.ts +68 -68
  77. package/dist/crypto/ICrypto.mjs +36 -36
  78. package/dist/crypto/IGuidGenerator.d.ts +4 -4
  79. package/dist/crypto/JoseHeader.d.ts +22 -22
  80. package/dist/crypto/JoseHeader.mjs +37 -37
  81. package/dist/crypto/PopTokenGenerator.d.ts +59 -59
  82. package/dist/crypto/PopTokenGenerator.mjs +81 -81
  83. package/dist/crypto/SignedHttpRequest.d.ts +15 -15
  84. package/dist/error/AuthError.d.ts +44 -44
  85. package/dist/error/AuthError.mjs +46 -46
  86. package/dist/error/AuthErrorCodes.d.ts +5 -5
  87. package/dist/error/AuthErrorCodes.mjs +9 -9
  88. package/dist/error/CacheError.d.ts +20 -20
  89. package/dist/error/CacheError.mjs +24 -24
  90. package/dist/error/CacheErrorCodes.d.ts +2 -2
  91. package/dist/error/CacheErrorCodes.mjs +6 -6
  92. package/dist/error/ClientAuthError.d.ts +237 -237
  93. package/dist/error/ClientAuthError.mjs +249 -249
  94. package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
  95. package/dist/error/ClientAuthErrorCodes.mjs +48 -48
  96. package/dist/error/ClientConfigurationError.d.ts +128 -128
  97. package/dist/error/ClientConfigurationError.mjs +135 -135
  98. package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
  99. package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
  100. package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
  101. package/dist/error/InteractionRequiredAuthError.mjs +85 -85
  102. package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
  103. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
  104. package/dist/error/JoseHeaderError.d.ts +15 -15
  105. package/dist/error/JoseHeaderError.mjs +22 -22
  106. package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
  107. package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
  108. package/dist/error/ServerError.d.ts +15 -15
  109. package/dist/error/ServerError.mjs +16 -16
  110. package/dist/index.cjs +8664 -8599
  111. package/dist/index.cjs.map +1 -1
  112. package/dist/index.d.ts +107 -107
  113. package/dist/index.mjs +1 -1
  114. package/dist/logger/Logger.d.ts +95 -95
  115. package/dist/logger/Logger.mjs +188 -188
  116. package/dist/network/INetworkModule.d.ts +29 -29
  117. package/dist/network/INetworkModule.mjs +12 -12
  118. package/dist/network/NetworkManager.d.ts +33 -33
  119. package/dist/network/NetworkManager.mjs +34 -34
  120. package/dist/network/RequestThumbprint.d.ts +18 -18
  121. package/dist/network/ThrottlingUtils.d.ts +42 -42
  122. package/dist/network/ThrottlingUtils.mjs +95 -95
  123. package/dist/packageMetadata.d.ts +2 -2
  124. package/dist/packageMetadata.mjs +4 -4
  125. package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
  126. package/dist/request/AuthenticationHeaderParser.mjs +55 -55
  127. package/dist/request/BaseAuthRequest.d.ts +47 -47
  128. package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
  129. package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
  130. package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
  131. package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
  132. package/dist/request/CommonEndSessionRequest.d.ts +21 -21
  133. package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
  134. package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
  135. package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
  136. package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
  137. package/dist/request/NativeRequest.d.ts +19 -19
  138. package/dist/request/NativeSignOutRequest.d.ts +5 -5
  139. package/dist/request/RequestParameterBuilder.d.ts +217 -217
  140. package/dist/request/RequestParameterBuilder.mjs +382 -382
  141. package/dist/request/RequestValidator.d.ts +27 -27
  142. package/dist/request/RequestValidator.mjs +64 -64
  143. package/dist/request/ScopeSet.d.ts +88 -88
  144. package/dist/request/ScopeSet.mjs +197 -197
  145. package/dist/request/StoreInCache.d.ts +8 -8
  146. package/dist/response/AuthenticationResult.d.ts +41 -41
  147. package/dist/response/AuthorizationCodePayload.d.ts +13 -13
  148. package/dist/response/DeviceCodeResponse.d.ts +25 -25
  149. package/dist/response/ExternalTokenResponse.d.ts +15 -15
  150. package/dist/response/IMDSBadResponse.d.ts +4 -4
  151. package/dist/response/ResponseHandler.d.ts +69 -69
  152. package/dist/response/ResponseHandler.mjs +374 -374
  153. package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
  154. package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
  155. package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
  156. package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
  157. package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
  158. package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
  159. package/dist/telemetry/performance/PerformanceEvent.d.ts +515 -505
  160. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  161. package/dist/telemetry/performance/PerformanceEvent.mjs +484 -480
  162. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  163. package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
  164. package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
  165. package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -66
  166. package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
  167. package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -201
  168. package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  169. package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
  170. package/dist/url/IUri.d.ts +12 -12
  171. package/dist/url/UrlString.d.ts +48 -48
  172. package/dist/url/UrlString.mjs +161 -161
  173. package/dist/utils/ClientAssertionUtils.d.ts +2 -2
  174. package/dist/utils/ClientAssertionUtils.mjs +16 -16
  175. package/dist/utils/Constants.d.ts +309 -309
  176. package/dist/utils/Constants.mjs +322 -322
  177. package/dist/utils/FunctionWrappers.d.ts +27 -27
  178. package/dist/utils/FunctionWrappers.mjs +94 -94
  179. package/dist/utils/MsalTypes.d.ts +6 -6
  180. package/dist/utils/ProtocolUtils.d.ts +42 -42
  181. package/dist/utils/ProtocolUtils.mjs +69 -69
  182. package/dist/utils/StringUtils.d.ts +40 -40
  183. package/dist/utils/StringUtils.mjs +95 -95
  184. package/dist/utils/TimeUtils.d.ts +25 -25
  185. package/dist/utils/TimeUtils.mjs +43 -43
  186. package/dist/utils/UrlUtils.d.ts +10 -10
  187. package/dist/utils/UrlUtils.mjs +44 -44
  188. package/package.json +1 -1
  189. package/src/cache/entities/ServerTelemetryEntity.ts +1 -0
  190. package/src/constants/AADServerParamKeys.ts +1 -0
  191. package/src/packageMetadata.ts +1 -1
  192. package/src/telemetry/performance/PerformanceEvent.ts +12 -0
  193. package/src/telemetry/server/ServerTelemetryManager.ts +95 -1
@@ -1,67 +1,67 @@
1
- import { TokenClaims } from "./TokenClaims";
2
- /**
3
- * Account object with the following signature:
4
- * - homeAccountId - Home account identifier for this account object
5
- * - environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)
6
- * - tenantId - Full tenant or organizational id that this account belongs to
7
- * - username - preferred_username claim of the id_token that represents this account
8
- * - localAccountId - Local, tenant-specific account identifer for this account object, usually used in legacy cases
9
- * - name - Full name for the account, including given name and family name
10
- * - idToken - raw ID token
11
- * - idTokenClaims - Object contains claims from ID token
12
- * - nativeAccountId - The user's native account ID
13
- * - tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser
14
- */
15
- export type AccountInfo = {
16
- homeAccountId: string;
17
- environment: string;
18
- tenantId: string;
19
- username: string;
20
- localAccountId: string;
21
- name?: string;
22
- idToken?: string;
23
- idTokenClaims?: TokenClaims & {
24
- [key: string]: string | number | string[] | object | undefined | unknown;
25
- };
26
- nativeAccountId?: string;
27
- authorityType?: string;
28
- tenantProfiles?: Map<string, TenantProfile>;
29
- };
30
- /**
31
- * Account details that vary across tenants for the same user
32
- */
33
- export type TenantProfile = Pick<AccountInfo, "tenantId" | "localAccountId" | "name"> & {
34
- /**
35
- * - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
36
- */
37
- isHomeTenant?: boolean;
38
- };
39
- export type ActiveAccountFilters = {
40
- homeAccountId: string;
41
- localAccountId: string;
42
- tenantId?: string;
43
- };
44
- /**
45
- * Returns true if tenantId matches the utid portion of homeAccountId
46
- * @param tenantId
47
- * @param homeAccountId
48
- * @returns
49
- */
50
- export declare function tenantIdMatchesHomeTenant(tenantId?: string, homeAccountId?: string): boolean;
51
- /**
52
- * Build tenant profile
53
- * @param homeAccountId - Home account identifier for this account object
54
- * @param localAccountId - Local account identifer for this account object
55
- * @param tenantId - Full tenant or organizational id that this account belongs to
56
- * @param idTokenClaims - Claims from the ID token
57
- * @returns
58
- */
59
- export declare function buildTenantProfile(homeAccountId: string, localAccountId: string, tenantId: string, idTokenClaims?: TokenClaims): TenantProfile;
60
- /**
61
- * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
62
- * @param baseAccountInfo
63
- * @param idTokenClaims
64
- * @returns
65
- */
66
- export declare function updateAccountTenantProfileData(baseAccountInfo: AccountInfo, tenantProfile?: TenantProfile, idTokenClaims?: TokenClaims, idTokenSecret?: string): AccountInfo;
1
+ import { TokenClaims } from "./TokenClaims";
2
+ /**
3
+ * Account object with the following signature:
4
+ * - homeAccountId - Home account identifier for this account object
5
+ * - environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)
6
+ * - tenantId - Full tenant or organizational id that this account belongs to
7
+ * - username - preferred_username claim of the id_token that represents this account
8
+ * - localAccountId - Local, tenant-specific account identifer for this account object, usually used in legacy cases
9
+ * - name - Full name for the account, including given name and family name
10
+ * - idToken - raw ID token
11
+ * - idTokenClaims - Object contains claims from ID token
12
+ * - nativeAccountId - The user's native account ID
13
+ * - tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser
14
+ */
15
+ export type AccountInfo = {
16
+ homeAccountId: string;
17
+ environment: string;
18
+ tenantId: string;
19
+ username: string;
20
+ localAccountId: string;
21
+ name?: string;
22
+ idToken?: string;
23
+ idTokenClaims?: TokenClaims & {
24
+ [key: string]: string | number | string[] | object | undefined | unknown;
25
+ };
26
+ nativeAccountId?: string;
27
+ authorityType?: string;
28
+ tenantProfiles?: Map<string, TenantProfile>;
29
+ };
30
+ /**
31
+ * Account details that vary across tenants for the same user
32
+ */
33
+ export type TenantProfile = Pick<AccountInfo, "tenantId" | "localAccountId" | "name"> & {
34
+ /**
35
+ * - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
36
+ */
37
+ isHomeTenant?: boolean;
38
+ };
39
+ export type ActiveAccountFilters = {
40
+ homeAccountId: string;
41
+ localAccountId: string;
42
+ tenantId?: string;
43
+ };
44
+ /**
45
+ * Returns true if tenantId matches the utid portion of homeAccountId
46
+ * @param tenantId
47
+ * @param homeAccountId
48
+ * @returns
49
+ */
50
+ export declare function tenantIdMatchesHomeTenant(tenantId?: string, homeAccountId?: string): boolean;
51
+ /**
52
+ * Build tenant profile
53
+ * @param homeAccountId - Home account identifier for this account object
54
+ * @param localAccountId - Local account identifer for this account object
55
+ * @param tenantId - Full tenant or organizational id that this account belongs to
56
+ * @param idTokenClaims - Claims from the ID token
57
+ * @returns
58
+ */
59
+ export declare function buildTenantProfile(homeAccountId: string, localAccountId: string, tenantId: string, idTokenClaims?: TokenClaims): TenantProfile;
60
+ /**
61
+ * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
62
+ * @param baseAccountInfo
63
+ * @param idTokenClaims
64
+ * @returns
65
+ */
66
+ export declare function updateAccountTenantProfileData(baseAccountInfo: AccountInfo, tenantProfile?: TenantProfile, idTokenClaims?: TokenClaims, idTokenSecret?: string): AccountInfo;
67
67
  //# sourceMappingURL=AccountInfo.d.ts.map
@@ -1,81 +1,81 @@
1
- /*! @azure/msal-common v14.13.1 2024-07-16 */
1
+ /*! @azure/msal-common v14.14.1 2024-08-13 */
2
2
  'use strict';
3
- /*
4
- * Copyright (c) Microsoft Corporation. All rights reserved.
5
- * Licensed under the MIT License.
6
- */
7
- /**
8
- * Returns true if tenantId matches the utid portion of homeAccountId
9
- * @param tenantId
10
- * @param homeAccountId
11
- * @returns
12
- */
13
- function tenantIdMatchesHomeTenant(tenantId, homeAccountId) {
14
- return (!!tenantId &&
15
- !!homeAccountId &&
16
- tenantId === homeAccountId.split(".")[1]);
17
- }
18
- /**
19
- * Build tenant profile
20
- * @param homeAccountId - Home account identifier for this account object
21
- * @param localAccountId - Local account identifer for this account object
22
- * @param tenantId - Full tenant or organizational id that this account belongs to
23
- * @param idTokenClaims - Claims from the ID token
24
- * @returns
25
- */
26
- function buildTenantProfile(homeAccountId, localAccountId, tenantId, idTokenClaims) {
27
- if (idTokenClaims) {
28
- const { oid, sub, tid, name, tfp, acr } = idTokenClaims;
29
- /**
30
- * Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:
31
- * tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens.
32
- * tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios.
33
- * acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway.
34
- */
35
- const tenantId = tid || tfp || acr || "";
36
- return {
37
- tenantId: tenantId,
38
- localAccountId: oid || sub || "",
39
- name: name,
40
- isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
41
- };
42
- }
43
- else {
44
- return {
45
- tenantId,
46
- localAccountId,
47
- isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
48
- };
49
- }
50
- }
51
- /**
52
- * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
53
- * @param baseAccountInfo
54
- * @param idTokenClaims
55
- * @returns
56
- */
57
- function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenClaims, idTokenSecret) {
58
- let updatedAccountInfo = baseAccountInfo;
59
- // Tenant Profile overrides passed in account info
60
- if (tenantProfile) {
61
- // eslint-disable-next-line @typescript-eslint/no-unused-vars
62
- const { isHomeTenant, ...tenantProfileOverride } = tenantProfile;
63
- updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride };
64
- }
65
- // ID token claims override passed in account info and tenant profile
66
- if (idTokenClaims) {
67
- // Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info
68
- // eslint-disable-next-line @typescript-eslint/no-unused-vars
69
- const { isHomeTenant, ...claimsSourcedTenantProfile } = buildTenantProfile(baseAccountInfo.homeAccountId, baseAccountInfo.localAccountId, baseAccountInfo.tenantId, idTokenClaims);
70
- updatedAccountInfo = {
71
- ...updatedAccountInfo,
72
- ...claimsSourcedTenantProfile,
73
- idTokenClaims: idTokenClaims,
74
- idToken: idTokenSecret,
75
- };
76
- return updatedAccountInfo;
77
- }
78
- return updatedAccountInfo;
3
+ /*
4
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5
+ * Licensed under the MIT License.
6
+ */
7
+ /**
8
+ * Returns true if tenantId matches the utid portion of homeAccountId
9
+ * @param tenantId
10
+ * @param homeAccountId
11
+ * @returns
12
+ */
13
+ function tenantIdMatchesHomeTenant(tenantId, homeAccountId) {
14
+ return (!!tenantId &&
15
+ !!homeAccountId &&
16
+ tenantId === homeAccountId.split(".")[1]);
17
+ }
18
+ /**
19
+ * Build tenant profile
20
+ * @param homeAccountId - Home account identifier for this account object
21
+ * @param localAccountId - Local account identifer for this account object
22
+ * @param tenantId - Full tenant or organizational id that this account belongs to
23
+ * @param idTokenClaims - Claims from the ID token
24
+ * @returns
25
+ */
26
+ function buildTenantProfile(homeAccountId, localAccountId, tenantId, idTokenClaims) {
27
+ if (idTokenClaims) {
28
+ const { oid, sub, tid, name, tfp, acr } = idTokenClaims;
29
+ /**
30
+ * Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:
31
+ * tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens.
32
+ * tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios.
33
+ * acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway.
34
+ */
35
+ const tenantId = tid || tfp || acr || "";
36
+ return {
37
+ tenantId: tenantId,
38
+ localAccountId: oid || sub || "",
39
+ name: name,
40
+ isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
41
+ };
42
+ }
43
+ else {
44
+ return {
45
+ tenantId,
46
+ localAccountId,
47
+ isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
48
+ };
49
+ }
50
+ }
51
+ /**
52
+ * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
53
+ * @param baseAccountInfo
54
+ * @param idTokenClaims
55
+ * @returns
56
+ */
57
+ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenClaims, idTokenSecret) {
58
+ let updatedAccountInfo = baseAccountInfo;
59
+ // Tenant Profile overrides passed in account info
60
+ if (tenantProfile) {
61
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
62
+ const { isHomeTenant, ...tenantProfileOverride } = tenantProfile;
63
+ updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride };
64
+ }
65
+ // ID token claims override passed in account info and tenant profile
66
+ if (idTokenClaims) {
67
+ // Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info
68
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
69
+ const { isHomeTenant, ...claimsSourcedTenantProfile } = buildTenantProfile(baseAccountInfo.homeAccountId, baseAccountInfo.localAccountId, baseAccountInfo.tenantId, idTokenClaims);
70
+ updatedAccountInfo = {
71
+ ...updatedAccountInfo,
72
+ ...claimsSourcedTenantProfile,
73
+ idTokenClaims: idTokenClaims,
74
+ idToken: idTokenSecret,
75
+ };
76
+ return updatedAccountInfo;
77
+ }
78
+ return updatedAccountInfo;
79
79
  }
80
80
 
81
81
  export { buildTenantProfile, tenantIdMatchesHomeTenant, updateAccountTenantProfileData };
@@ -1,18 +1,18 @@
1
- import { TokenClaims } from "./TokenClaims";
2
- /**
3
- * Extract token by decoding the rawToken
4
- *
5
- * @param encodedToken
6
- */
7
- export declare function extractTokenClaims(encodedToken: string, base64Decode: (input: string) => string): TokenClaims;
8
- /**
9
- * decode a JWT
10
- *
11
- * @param authToken
12
- */
13
- export declare function getJWSPayload(authToken: string): string;
14
- /**
15
- * Determine if the token's max_age has transpired
16
- */
17
- export declare function checkMaxAge(authTime: number, maxAge: number): void;
1
+ import { TokenClaims } from "./TokenClaims";
2
+ /**
3
+ * Extract token by decoding the rawToken
4
+ *
5
+ * @param encodedToken
6
+ */
7
+ export declare function extractTokenClaims(encodedToken: string, base64Decode: (input: string) => string): TokenClaims;
8
+ /**
9
+ * decode a JWT
10
+ *
11
+ * @param authToken
12
+ */
13
+ export declare function getJWSPayload(authToken: string): string;
14
+ /**
15
+ * Determine if the token's max_age has transpired
16
+ */
17
+ export declare function checkMaxAge(authTime: number, maxAge: number): void;
18
18
  //# sourceMappingURL=AuthToken.d.ts.map
@@ -1,65 +1,65 @@
1
- /*! @azure/msal-common v14.13.1 2024-07-16 */
1
+ /*! @azure/msal-common v14.14.1 2024-08-13 */
2
2
  'use strict';
3
3
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
4
4
  import { tokenParsingError, nullOrEmptyToken, maxAgeTranspired } from '../error/ClientAuthErrorCodes.mjs';
5
5
 
6
- /*
7
- * Copyright (c) Microsoft Corporation. All rights reserved.
8
- * Licensed under the MIT License.
9
- */
10
- /**
11
- * Extract token by decoding the rawToken
12
- *
13
- * @param encodedToken
14
- */
15
- function extractTokenClaims(encodedToken, base64Decode) {
16
- const jswPayload = getJWSPayload(encodedToken);
17
- // token will be decoded to get the username
18
- try {
19
- // base64Decode() should throw an error if there is an issue
20
- const base64Decoded = base64Decode(jswPayload);
21
- return JSON.parse(base64Decoded);
22
- }
23
- catch (err) {
24
- throw createClientAuthError(tokenParsingError);
25
- }
26
- }
27
- /**
28
- * decode a JWT
29
- *
30
- * @param authToken
31
- */
32
- function getJWSPayload(authToken) {
33
- if (!authToken) {
34
- throw createClientAuthError(nullOrEmptyToken);
35
- }
36
- const tokenPartsRegex = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/;
37
- const matches = tokenPartsRegex.exec(authToken);
38
- if (!matches || matches.length < 4) {
39
- throw createClientAuthError(tokenParsingError);
40
- }
41
- /**
42
- * const crackedToken = {
43
- * header: matches[1],
44
- * JWSPayload: matches[2],
45
- * JWSSig: matches[3],
46
- * };
47
- */
48
- return matches[2];
49
- }
50
- /**
51
- * Determine if the token's max_age has transpired
52
- */
53
- function checkMaxAge(authTime, maxAge) {
54
- /*
55
- * per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
56
- * To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,
57
- * provide a value of 0 for the max_age parameter and the AS will force a fresh login.
58
- */
59
- const fiveMinuteSkew = 300000; // five minutes in milliseconds
60
- if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) {
61
- throw createClientAuthError(maxAgeTranspired);
62
- }
6
+ /*
7
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8
+ * Licensed under the MIT License.
9
+ */
10
+ /**
11
+ * Extract token by decoding the rawToken
12
+ *
13
+ * @param encodedToken
14
+ */
15
+ function extractTokenClaims(encodedToken, base64Decode) {
16
+ const jswPayload = getJWSPayload(encodedToken);
17
+ // token will be decoded to get the username
18
+ try {
19
+ // base64Decode() should throw an error if there is an issue
20
+ const base64Decoded = base64Decode(jswPayload);
21
+ return JSON.parse(base64Decoded);
22
+ }
23
+ catch (err) {
24
+ throw createClientAuthError(tokenParsingError);
25
+ }
26
+ }
27
+ /**
28
+ * decode a JWT
29
+ *
30
+ * @param authToken
31
+ */
32
+ function getJWSPayload(authToken) {
33
+ if (!authToken) {
34
+ throw createClientAuthError(nullOrEmptyToken);
35
+ }
36
+ const tokenPartsRegex = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/;
37
+ const matches = tokenPartsRegex.exec(authToken);
38
+ if (!matches || matches.length < 4) {
39
+ throw createClientAuthError(tokenParsingError);
40
+ }
41
+ /**
42
+ * const crackedToken = {
43
+ * header: matches[1],
44
+ * JWSPayload: matches[2],
45
+ * JWSSig: matches[3],
46
+ * };
47
+ */
48
+ return matches[2];
49
+ }
50
+ /**
51
+ * Determine if the token's max_age has transpired
52
+ */
53
+ function checkMaxAge(authTime, maxAge) {
54
+ /*
55
+ * per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
56
+ * To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,
57
+ * provide a value of 0 for the max_age parameter and the AS will force a fresh login.
58
+ */
59
+ const fiveMinuteSkew = 300000; // five minutes in milliseconds
60
+ if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) {
61
+ throw createClientAuthError(maxAgeTranspired);
62
+ }
63
63
  }
64
64
 
65
65
  export { checkMaxAge, extractTokenClaims, getJWSPayload };
@@ -1,10 +1,10 @@
1
- export type CcsCredential = {
2
- credential: string;
3
- type: CcsCredentialType;
4
- };
5
- export declare const CcsCredentialType: {
6
- readonly HOME_ACCOUNT_ID: "home_account_id";
7
- readonly UPN: "UPN";
8
- };
9
- export type CcsCredentialType = (typeof CcsCredentialType)[keyof typeof CcsCredentialType];
1
+ export type CcsCredential = {
2
+ credential: string;
3
+ type: CcsCredentialType;
4
+ };
5
+ export declare const CcsCredentialType: {
6
+ readonly HOME_ACCOUNT_ID: "home_account_id";
7
+ readonly UPN: "UPN";
8
+ };
9
+ export type CcsCredentialType = (typeof CcsCredentialType)[keyof typeof CcsCredentialType];
10
10
  //# sourceMappingURL=CcsCredential.d.ts.map
@@ -1,12 +1,12 @@
1
- /*! @azure/msal-common v14.13.1 2024-07-16 */
1
+ /*! @azure/msal-common v14.14.1 2024-08-13 */
2
2
  'use strict';
3
- /*
4
- * Copyright (c) Microsoft Corporation. All rights reserved.
5
- * Licensed under the MIT License.
6
- */
7
- const CcsCredentialType = {
8
- HOME_ACCOUNT_ID: "home_account_id",
9
- UPN: "UPN",
3
+ /*
4
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5
+ * Licensed under the MIT License.
6
+ */
7
+ const CcsCredentialType = {
8
+ HOME_ACCOUNT_ID: "home_account_id",
9
+ UPN: "UPN",
10
10
  };
11
11
 
12
12
  export { CcsCredentialType };
@@ -1,20 +1,20 @@
1
- export type ClientAssertionConfig = {
2
- clientId: string;
3
- tokenEndpoint?: string;
4
- };
5
- export type ClientAssertionCallback = (config: ClientAssertionConfig) => Promise<string>;
6
- /**
7
- * Client Assertion credential for Confidential Clients
8
- */
9
- export type ClientAssertion = {
10
- assertion: string | ClientAssertionCallback;
11
- assertionType: string;
12
- };
13
- /**
14
- * Client Credentials set for Confidential Clients
15
- */
16
- export type ClientCredentials = {
17
- clientSecret?: string;
18
- clientAssertion?: ClientAssertion;
19
- };
1
+ export type ClientAssertionConfig = {
2
+ clientId: string;
3
+ tokenEndpoint?: string;
4
+ };
5
+ export type ClientAssertionCallback = (config: ClientAssertionConfig) => Promise<string>;
6
+ /**
7
+ * Client Assertion credential for Confidential Clients
8
+ */
9
+ export type ClientAssertion = {
10
+ assertion: string | ClientAssertionCallback;
11
+ assertionType: string;
12
+ };
13
+ /**
14
+ * Client Credentials set for Confidential Clients
15
+ */
16
+ export type ClientCredentials = {
17
+ clientSecret?: string;
18
+ clientAssertion?: ClientAssertion;
19
+ };
20
20
  //# sourceMappingURL=ClientCredentials.d.ts.map
@@ -1,19 +1,19 @@
1
- /**
2
- * Client info object which consists of two IDs. Need to add more info here.
3
- */
4
- export type ClientInfo = {
5
- uid: string;
6
- utid: string;
7
- };
8
- /**
9
- * Function to build a client info object from server clientInfo string
10
- * @param rawClientInfo
11
- * @param crypto
12
- */
13
- export declare function buildClientInfo(rawClientInfo: string, base64Decode: (input: string) => string): ClientInfo;
14
- /**
15
- * Function to build a client info object from cached homeAccountId string
16
- * @param homeAccountId
17
- */
18
- export declare function buildClientInfoFromHomeAccountId(homeAccountId: string): ClientInfo;
1
+ /**
2
+ * Client info object which consists of two IDs. Need to add more info here.
3
+ */
4
+ export type ClientInfo = {
5
+ uid: string;
6
+ utid: string;
7
+ };
8
+ /**
9
+ * Function to build a client info object from server clientInfo string
10
+ * @param rawClientInfo
11
+ * @param crypto
12
+ */
13
+ export declare function buildClientInfo(rawClientInfo: string, base64Decode: (input: string) => string): ClientInfo;
14
+ /**
15
+ * Function to build a client info object from cached homeAccountId string
16
+ * @param homeAccountId
17
+ */
18
+ export declare function buildClientInfoFromHomeAccountId(homeAccountId: string): ClientInfo;
19
19
  //# sourceMappingURL=ClientInfo.d.ts.map
@@ -1,45 +1,45 @@
1
- /*! @azure/msal-common v14.13.1 2024-07-16 */
1
+ /*! @azure/msal-common v14.14.1 2024-08-13 */
2
2
  'use strict';
3
3
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
4
4
  import { Separators, Constants } from '../utils/Constants.mjs';
5
5
  import { clientInfoEmptyError, clientInfoDecodingError } from '../error/ClientAuthErrorCodes.mjs';
6
6
 
7
- /*
8
- * Copyright (c) Microsoft Corporation. All rights reserved.
9
- * Licensed under the MIT License.
10
- */
11
- /**
12
- * Function to build a client info object from server clientInfo string
13
- * @param rawClientInfo
14
- * @param crypto
15
- */
16
- function buildClientInfo(rawClientInfo, base64Decode) {
17
- if (!rawClientInfo) {
18
- throw createClientAuthError(clientInfoEmptyError);
19
- }
20
- try {
21
- const decodedClientInfo = base64Decode(rawClientInfo);
22
- return JSON.parse(decodedClientInfo);
23
- }
24
- catch (e) {
25
- throw createClientAuthError(clientInfoDecodingError);
26
- }
27
- }
28
- /**
29
- * Function to build a client info object from cached homeAccountId string
30
- * @param homeAccountId
31
- */
32
- function buildClientInfoFromHomeAccountId(homeAccountId) {
33
- if (!homeAccountId) {
34
- throw createClientAuthError(clientInfoDecodingError);
35
- }
36
- const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2);
37
- return {
38
- uid: clientInfoParts[0],
39
- utid: clientInfoParts.length < 2
40
- ? Constants.EMPTY_STRING
41
- : clientInfoParts[1],
42
- };
7
+ /*
8
+ * Copyright (c) Microsoft Corporation. All rights reserved.
9
+ * Licensed under the MIT License.
10
+ */
11
+ /**
12
+ * Function to build a client info object from server clientInfo string
13
+ * @param rawClientInfo
14
+ * @param crypto
15
+ */
16
+ function buildClientInfo(rawClientInfo, base64Decode) {
17
+ if (!rawClientInfo) {
18
+ throw createClientAuthError(clientInfoEmptyError);
19
+ }
20
+ try {
21
+ const decodedClientInfo = base64Decode(rawClientInfo);
22
+ return JSON.parse(decodedClientInfo);
23
+ }
24
+ catch (e) {
25
+ throw createClientAuthError(clientInfoDecodingError);
26
+ }
27
+ }
28
+ /**
29
+ * Function to build a client info object from cached homeAccountId string
30
+ * @param homeAccountId
31
+ */
32
+ function buildClientInfoFromHomeAccountId(homeAccountId) {
33
+ if (!homeAccountId) {
34
+ throw createClientAuthError(clientInfoDecodingError);
35
+ }
36
+ const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2);
37
+ return {
38
+ uid: clientInfoParts[0],
39
+ utid: clientInfoParts.length < 2
40
+ ? Constants.EMPTY_STRING
41
+ : clientInfoParts[1],
42
+ };
43
43
  }
44
44
 
45
45
  export { buildClientInfo, buildClientInfoFromHomeAccountId };