@azure/msal-common 14.13.1 → 14.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (193) hide show
  1. package/dist/account/AccountInfo.d.ts +66 -66
  2. package/dist/account/AccountInfo.mjs +77 -77
  3. package/dist/account/AuthToken.d.ts +17 -17
  4. package/dist/account/AuthToken.mjs +58 -58
  5. package/dist/account/CcsCredential.d.ts +9 -9
  6. package/dist/account/CcsCredential.mjs +8 -8
  7. package/dist/account/ClientCredentials.d.ts +19 -19
  8. package/dist/account/ClientInfo.d.ts +18 -18
  9. package/dist/account/ClientInfo.mjs +37 -37
  10. package/dist/account/TokenClaims.d.ts +83 -83
  11. package/dist/account/TokenClaims.mjs +20 -20
  12. package/dist/authority/Authority.d.ts +254 -254
  13. package/dist/authority/Authority.mjs +836 -836
  14. package/dist/authority/AuthorityFactory.d.ts +18 -18
  15. package/dist/authority/AuthorityFactory.mjs +28 -28
  16. package/dist/authority/AuthorityMetadata.d.ts +43 -43
  17. package/dist/authority/AuthorityMetadata.mjs +137 -137
  18. package/dist/authority/AuthorityOptions.d.ts +27 -27
  19. package/dist/authority/AuthorityOptions.mjs +18 -18
  20. package/dist/authority/AuthorityType.d.ts +10 -10
  21. package/dist/authority/AuthorityType.mjs +13 -13
  22. package/dist/authority/AzureRegion.d.ts +1 -1
  23. package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
  24. package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
  25. package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
  26. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
  27. package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
  28. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
  29. package/dist/authority/ImdsOptions.d.ts +5 -5
  30. package/dist/authority/OIDCOptions.d.ts +8 -8
  31. package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
  32. package/dist/authority/OpenIdConfigResponse.mjs +10 -10
  33. package/dist/authority/ProtocolMode.d.ts +8 -8
  34. package/dist/authority/ProtocolMode.mjs +11 -11
  35. package/dist/authority/RegionDiscovery.d.ts +32 -32
  36. package/dist/authority/RegionDiscovery.mjs +106 -106
  37. package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
  38. package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
  39. package/dist/cache/CacheManager.d.ts +497 -497
  40. package/dist/cache/CacheManager.mjs +1249 -1249
  41. package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
  42. package/dist/cache/entities/AccountEntity.d.ts +106 -106
  43. package/dist/cache/entities/AccountEntity.mjs +240 -240
  44. package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
  45. package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
  46. package/dist/cache/entities/CacheRecord.d.ts +13 -13
  47. package/dist/cache/entities/CredentialEntity.d.ts +30 -30
  48. package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
  49. package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
  50. package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -5
  51. package/dist/cache/entities/ServerTelemetryEntity.d.ts.map +1 -1
  52. package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
  53. package/dist/cache/interface/ICacheManager.d.ts +166 -166
  54. package/dist/cache/interface/ICachePlugin.d.ts +5 -5
  55. package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
  56. package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
  57. package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
  58. package/dist/cache/utils/CacheHelpers.d.ts +94 -94
  59. package/dist/cache/utils/CacheHelpers.mjs +324 -324
  60. package/dist/cache/utils/CacheTypes.d.ts +69 -69
  61. package/dist/client/AuthorizationCodeClient.d.ts +74 -74
  62. package/dist/client/AuthorizationCodeClient.mjs +420 -420
  63. package/dist/client/BaseClient.d.ts +51 -51
  64. package/dist/client/BaseClient.mjs +100 -100
  65. package/dist/client/RefreshTokenClient.d.ts +35 -35
  66. package/dist/client/RefreshTokenClient.mjs +211 -211
  67. package/dist/client/SilentFlowClient.d.ts +27 -27
  68. package/dist/client/SilentFlowClient.mjs +133 -133
  69. package/dist/config/AppTokenProvider.d.ts +38 -38
  70. package/dist/config/ClientConfiguration.d.ts +150 -150
  71. package/dist/config/ClientConfiguration.mjs +95 -95
  72. package/dist/constants/AADServerParamKeys.d.ts +53 -52
  73. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  74. package/dist/constants/AADServerParamKeys.mjs +59 -58
  75. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  76. package/dist/crypto/ICrypto.d.ts +68 -68
  77. package/dist/crypto/ICrypto.mjs +36 -36
  78. package/dist/crypto/IGuidGenerator.d.ts +4 -4
  79. package/dist/crypto/JoseHeader.d.ts +22 -22
  80. package/dist/crypto/JoseHeader.mjs +37 -37
  81. package/dist/crypto/PopTokenGenerator.d.ts +59 -59
  82. package/dist/crypto/PopTokenGenerator.mjs +81 -81
  83. package/dist/crypto/SignedHttpRequest.d.ts +15 -15
  84. package/dist/error/AuthError.d.ts +44 -44
  85. package/dist/error/AuthError.mjs +46 -46
  86. package/dist/error/AuthErrorCodes.d.ts +5 -5
  87. package/dist/error/AuthErrorCodes.mjs +9 -9
  88. package/dist/error/CacheError.d.ts +20 -20
  89. package/dist/error/CacheError.mjs +24 -24
  90. package/dist/error/CacheErrorCodes.d.ts +2 -2
  91. package/dist/error/CacheErrorCodes.mjs +6 -6
  92. package/dist/error/ClientAuthError.d.ts +237 -237
  93. package/dist/error/ClientAuthError.mjs +249 -249
  94. package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
  95. package/dist/error/ClientAuthErrorCodes.mjs +48 -48
  96. package/dist/error/ClientConfigurationError.d.ts +128 -128
  97. package/dist/error/ClientConfigurationError.mjs +135 -135
  98. package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
  99. package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
  100. package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
  101. package/dist/error/InteractionRequiredAuthError.mjs +85 -85
  102. package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
  103. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
  104. package/dist/error/JoseHeaderError.d.ts +15 -15
  105. package/dist/error/JoseHeaderError.mjs +22 -22
  106. package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
  107. package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
  108. package/dist/error/ServerError.d.ts +15 -15
  109. package/dist/error/ServerError.mjs +16 -16
  110. package/dist/index.cjs +8664 -8599
  111. package/dist/index.cjs.map +1 -1
  112. package/dist/index.d.ts +107 -107
  113. package/dist/index.mjs +1 -1
  114. package/dist/logger/Logger.d.ts +95 -95
  115. package/dist/logger/Logger.mjs +188 -188
  116. package/dist/network/INetworkModule.d.ts +29 -29
  117. package/dist/network/INetworkModule.mjs +12 -12
  118. package/dist/network/NetworkManager.d.ts +33 -33
  119. package/dist/network/NetworkManager.mjs +34 -34
  120. package/dist/network/RequestThumbprint.d.ts +18 -18
  121. package/dist/network/ThrottlingUtils.d.ts +42 -42
  122. package/dist/network/ThrottlingUtils.mjs +95 -95
  123. package/dist/packageMetadata.d.ts +2 -2
  124. package/dist/packageMetadata.mjs +4 -4
  125. package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
  126. package/dist/request/AuthenticationHeaderParser.mjs +55 -55
  127. package/dist/request/BaseAuthRequest.d.ts +47 -47
  128. package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
  129. package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
  130. package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
  131. package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
  132. package/dist/request/CommonEndSessionRequest.d.ts +21 -21
  133. package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
  134. package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
  135. package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
  136. package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
  137. package/dist/request/NativeRequest.d.ts +19 -19
  138. package/dist/request/NativeSignOutRequest.d.ts +5 -5
  139. package/dist/request/RequestParameterBuilder.d.ts +217 -217
  140. package/dist/request/RequestParameterBuilder.mjs +382 -382
  141. package/dist/request/RequestValidator.d.ts +27 -27
  142. package/dist/request/RequestValidator.mjs +64 -64
  143. package/dist/request/ScopeSet.d.ts +88 -88
  144. package/dist/request/ScopeSet.mjs +197 -197
  145. package/dist/request/StoreInCache.d.ts +8 -8
  146. package/dist/response/AuthenticationResult.d.ts +41 -41
  147. package/dist/response/AuthorizationCodePayload.d.ts +13 -13
  148. package/dist/response/DeviceCodeResponse.d.ts +25 -25
  149. package/dist/response/ExternalTokenResponse.d.ts +15 -15
  150. package/dist/response/IMDSBadResponse.d.ts +4 -4
  151. package/dist/response/ResponseHandler.d.ts +69 -69
  152. package/dist/response/ResponseHandler.mjs +374 -374
  153. package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
  154. package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
  155. package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
  156. package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
  157. package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
  158. package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
  159. package/dist/telemetry/performance/PerformanceEvent.d.ts +515 -505
  160. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  161. package/dist/telemetry/performance/PerformanceEvent.mjs +484 -480
  162. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  163. package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
  164. package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
  165. package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -66
  166. package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
  167. package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -201
  168. package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  169. package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
  170. package/dist/url/IUri.d.ts +12 -12
  171. package/dist/url/UrlString.d.ts +48 -48
  172. package/dist/url/UrlString.mjs +161 -161
  173. package/dist/utils/ClientAssertionUtils.d.ts +2 -2
  174. package/dist/utils/ClientAssertionUtils.mjs +16 -16
  175. package/dist/utils/Constants.d.ts +309 -309
  176. package/dist/utils/Constants.mjs +322 -322
  177. package/dist/utils/FunctionWrappers.d.ts +27 -27
  178. package/dist/utils/FunctionWrappers.mjs +94 -94
  179. package/dist/utils/MsalTypes.d.ts +6 -6
  180. package/dist/utils/ProtocolUtils.d.ts +42 -42
  181. package/dist/utils/ProtocolUtils.mjs +69 -69
  182. package/dist/utils/StringUtils.d.ts +40 -40
  183. package/dist/utils/StringUtils.mjs +95 -95
  184. package/dist/utils/TimeUtils.d.ts +25 -25
  185. package/dist/utils/TimeUtils.mjs +43 -43
  186. package/dist/utils/UrlUtils.d.ts +10 -10
  187. package/dist/utils/UrlUtils.mjs +44 -44
  188. package/package.json +1 -1
  189. package/src/cache/entities/ServerTelemetryEntity.ts +1 -0
  190. package/src/constants/AADServerParamKeys.ts +1 -0
  191. package/src/packageMetadata.ts +1 -1
  192. package/src/telemetry/performance/PerformanceEvent.ts +12 -0
  193. package/src/telemetry/server/ServerTelemetryManager.ts +95 -1
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v14.13.1 2024-07-16 */
1
+ /*! @azure/msal-common v14.14.1 2024-08-13 */
2
2
  'use strict';
3
3
  import { Separators, CacheAccountType } from '../../utils/Constants.mjs';
4
4
  import { buildClientInfo } from '../../account/ClientInfo.mjs';
@@ -9,245 +9,245 @@ import { getTenantIdFromIdTokenClaims } from '../../account/TokenClaims.mjs';
9
9
  import { ProtocolMode } from '../../authority/ProtocolMode.mjs';
10
10
  import { invalidCacheEnvironment } from '../../error/ClientAuthErrorCodes.mjs';
11
11
 
12
- /*
13
- * Copyright (c) Microsoft Corporation. All rights reserved.
14
- * Licensed under the MIT License.
15
- */
16
- /**
17
- * Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
18
- *
19
- * Key : Value Schema
20
- *
21
- * Key: <home_account_id>-<environment>-<realm*>
22
- *
23
- * Value Schema:
24
- * {
25
- * homeAccountId: home account identifier for the auth scheme,
26
- * environment: entity that issued the token, represented as a full host
27
- * realm: Full tenant or organizational identifier that the account belongs to
28
- * localAccountId: Original tenant-specific accountID, usually used for legacy cases
29
- * username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
30
- * authorityType: Accounts authority type as a string
31
- * name: Full name for the account, including given name and family name,
32
- * lastModificationTime: last time this entity was modified in the cache
33
- * lastModificationApp:
34
- * nativeAccountId: Account identifier on the native device
35
- * tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
36
- * }
37
- * @internal
38
- */
39
- class AccountEntity {
40
- /**
41
- * Generate Account Id key component as per the schema: <home_account_id>-<environment>
42
- */
43
- generateAccountId() {
44
- const accountId = [this.homeAccountId, this.environment];
45
- return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
46
- }
47
- /**
48
- * Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
49
- */
50
- generateAccountKey() {
51
- return AccountEntity.generateAccountCacheKey({
52
- homeAccountId: this.homeAccountId,
53
- environment: this.environment,
54
- tenantId: this.realm,
55
- username: this.username,
56
- localAccountId: this.localAccountId,
57
- });
58
- }
59
- /**
60
- * Returns the AccountInfo interface for this account.
61
- */
62
- getAccountInfo() {
63
- return {
64
- homeAccountId: this.homeAccountId,
65
- environment: this.environment,
66
- tenantId: this.realm,
67
- username: this.username,
68
- localAccountId: this.localAccountId,
69
- name: this.name,
70
- nativeAccountId: this.nativeAccountId,
71
- authorityType: this.authorityType,
72
- // Deserialize tenant profiles array into a Map
73
- tenantProfiles: new Map((this.tenantProfiles || []).map((tenantProfile) => {
74
- return [tenantProfile.tenantId, tenantProfile];
75
- })),
76
- };
77
- }
78
- /**
79
- * Returns true if the account entity is in single tenant format (outdated), false otherwise
80
- */
81
- isSingleTenant() {
82
- return !this.tenantProfiles;
83
- }
84
- /**
85
- * Generates account key from interface
86
- * @param accountInterface
87
- */
88
- static generateAccountCacheKey(accountInterface) {
89
- const homeTenantId = accountInterface.homeAccountId.split(".")[1];
90
- const accountKey = [
91
- accountInterface.homeAccountId,
92
- accountInterface.environment || "",
93
- homeTenantId || accountInterface.tenantId || "",
94
- ];
95
- return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
96
- }
97
- /**
98
- * Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
99
- * @param accountDetails
100
- */
101
- static createAccount(accountDetails, authority, base64Decode) {
102
- const account = new AccountEntity();
103
- if (authority.authorityType === AuthorityType.Adfs) {
104
- account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;
105
- }
106
- else if (authority.protocolMode === ProtocolMode.AAD) {
107
- account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
108
- }
109
- else {
110
- account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE;
111
- }
112
- let clientInfo;
113
- if (accountDetails.clientInfo && base64Decode) {
114
- clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode);
115
- }
116
- account.clientInfo = accountDetails.clientInfo;
117
- account.homeAccountId = accountDetails.homeAccountId;
118
- account.nativeAccountId = accountDetails.nativeAccountId;
119
- const env = accountDetails.environment ||
120
- (authority && authority.getPreferredCache());
121
- if (!env) {
122
- throw createClientAuthError(invalidCacheEnvironment);
123
- }
124
- account.environment = env;
125
- // non AAD scenarios can have empty realm
126
- account.realm =
127
- clientInfo?.utid ||
128
- getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||
129
- "";
130
- // How do you account for MSA CID here?
131
- account.localAccountId =
132
- clientInfo?.uid ||
133
- accountDetails.idTokenClaims?.oid ||
134
- accountDetails.idTokenClaims?.sub ||
135
- "";
136
- /*
137
- * In B2C scenarios the emails claim is used instead of preferred_username and it is an array.
138
- * In most cases it will contain a single email. This field should not be relied upon if a custom
139
- * policy is configured to return more than 1 email.
140
- */
141
- const preferredUsername = accountDetails.idTokenClaims?.preferred_username ||
142
- accountDetails.idTokenClaims?.upn;
143
- const email = accountDetails.idTokenClaims?.emails
144
- ? accountDetails.idTokenClaims.emails[0]
145
- : null;
146
- account.username = preferredUsername || email || "";
147
- account.name = accountDetails.idTokenClaims?.name || "";
148
- account.cloudGraphHostName = accountDetails.cloudGraphHostName;
149
- account.msGraphHost = accountDetails.msGraphHost;
150
- if (accountDetails.tenantProfiles) {
151
- account.tenantProfiles = accountDetails.tenantProfiles;
152
- }
153
- else {
154
- const tenantProfile = buildTenantProfile(accountDetails.homeAccountId, account.localAccountId, account.realm, accountDetails.idTokenClaims);
155
- account.tenantProfiles = [tenantProfile];
156
- }
157
- return account;
158
- }
159
- /**
160
- * Creates an AccountEntity object from AccountInfo
161
- * @param accountInfo
162
- * @param cloudGraphHostName
163
- * @param msGraphHost
164
- * @returns
165
- */
166
- static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {
167
- const account = new AccountEntity();
168
- account.authorityType =
169
- accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;
170
- account.homeAccountId = accountInfo.homeAccountId;
171
- account.localAccountId = accountInfo.localAccountId;
172
- account.nativeAccountId = accountInfo.nativeAccountId;
173
- account.realm = accountInfo.tenantId;
174
- account.environment = accountInfo.environment;
175
- account.username = accountInfo.username;
176
- account.name = accountInfo.name;
177
- account.cloudGraphHostName = cloudGraphHostName;
178
- account.msGraphHost = msGraphHost;
179
- // Serialize tenant profiles map into an array
180
- account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
181
- return account;
182
- }
183
- /**
184
- * Generate HomeAccountId from server response
185
- * @param serverClientInfo
186
- * @param authType
187
- */
188
- static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) {
189
- // since ADFS/DSTS do not have tid and does not set client_info
190
- if (!(authType === AuthorityType.Adfs ||
191
- authType === AuthorityType.Dsts)) {
192
- // for cases where there is clientInfo
193
- if (serverClientInfo) {
194
- try {
195
- const clientInfo = buildClientInfo(serverClientInfo, cryptoObj.base64Decode);
196
- if (clientInfo.uid && clientInfo.utid) {
197
- return `${clientInfo.uid}.${clientInfo.utid}`;
198
- }
199
- }
200
- catch (e) { }
201
- }
202
- logger.warning("No client info in response");
203
- }
204
- // default to "sub" claim
205
- return idTokenClaims?.sub || "";
206
- }
207
- /**
208
- * Validates an entity: checks for all expected params
209
- * @param entity
210
- */
211
- static isAccountEntity(entity) {
212
- if (!entity) {
213
- return false;
214
- }
215
- return (entity.hasOwnProperty("homeAccountId") &&
216
- entity.hasOwnProperty("environment") &&
217
- entity.hasOwnProperty("realm") &&
218
- entity.hasOwnProperty("localAccountId") &&
219
- entity.hasOwnProperty("username") &&
220
- entity.hasOwnProperty("authorityType"));
221
- }
222
- /**
223
- * Helper function to determine whether 2 accountInfo objects represent the same account
224
- * @param accountA
225
- * @param accountB
226
- * @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
227
- */
228
- static accountInfoIsEqual(accountA, accountB, compareClaims) {
229
- if (!accountA || !accountB) {
230
- return false;
231
- }
232
- let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false
233
- if (compareClaims) {
234
- const accountAClaims = (accountA.idTokenClaims ||
235
- {});
236
- const accountBClaims = (accountB.idTokenClaims ||
237
- {});
238
- // issued at timestamp and nonce are expected to change each time a new id token is acquired
239
- claimsMatch =
240
- accountAClaims.iat === accountBClaims.iat &&
241
- accountAClaims.nonce === accountBClaims.nonce;
242
- }
243
- return (accountA.homeAccountId === accountB.homeAccountId &&
244
- accountA.localAccountId === accountB.localAccountId &&
245
- accountA.username === accountB.username &&
246
- accountA.tenantId === accountB.tenantId &&
247
- accountA.environment === accountB.environment &&
248
- accountA.nativeAccountId === accountB.nativeAccountId &&
249
- claimsMatch);
250
- }
12
+ /*
13
+ * Copyright (c) Microsoft Corporation. All rights reserved.
14
+ * Licensed under the MIT License.
15
+ */
16
+ /**
17
+ * Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
18
+ *
19
+ * Key : Value Schema
20
+ *
21
+ * Key: <home_account_id>-<environment>-<realm*>
22
+ *
23
+ * Value Schema:
24
+ * {
25
+ * homeAccountId: home account identifier for the auth scheme,
26
+ * environment: entity that issued the token, represented as a full host
27
+ * realm: Full tenant or organizational identifier that the account belongs to
28
+ * localAccountId: Original tenant-specific accountID, usually used for legacy cases
29
+ * username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
30
+ * authorityType: Accounts authority type as a string
31
+ * name: Full name for the account, including given name and family name,
32
+ * lastModificationTime: last time this entity was modified in the cache
33
+ * lastModificationApp:
34
+ * nativeAccountId: Account identifier on the native device
35
+ * tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
36
+ * }
37
+ * @internal
38
+ */
39
+ class AccountEntity {
40
+ /**
41
+ * Generate Account Id key component as per the schema: <home_account_id>-<environment>
42
+ */
43
+ generateAccountId() {
44
+ const accountId = [this.homeAccountId, this.environment];
45
+ return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
46
+ }
47
+ /**
48
+ * Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
49
+ */
50
+ generateAccountKey() {
51
+ return AccountEntity.generateAccountCacheKey({
52
+ homeAccountId: this.homeAccountId,
53
+ environment: this.environment,
54
+ tenantId: this.realm,
55
+ username: this.username,
56
+ localAccountId: this.localAccountId,
57
+ });
58
+ }
59
+ /**
60
+ * Returns the AccountInfo interface for this account.
61
+ */
62
+ getAccountInfo() {
63
+ return {
64
+ homeAccountId: this.homeAccountId,
65
+ environment: this.environment,
66
+ tenantId: this.realm,
67
+ username: this.username,
68
+ localAccountId: this.localAccountId,
69
+ name: this.name,
70
+ nativeAccountId: this.nativeAccountId,
71
+ authorityType: this.authorityType,
72
+ // Deserialize tenant profiles array into a Map
73
+ tenantProfiles: new Map((this.tenantProfiles || []).map((tenantProfile) => {
74
+ return [tenantProfile.tenantId, tenantProfile];
75
+ })),
76
+ };
77
+ }
78
+ /**
79
+ * Returns true if the account entity is in single tenant format (outdated), false otherwise
80
+ */
81
+ isSingleTenant() {
82
+ return !this.tenantProfiles;
83
+ }
84
+ /**
85
+ * Generates account key from interface
86
+ * @param accountInterface
87
+ */
88
+ static generateAccountCacheKey(accountInterface) {
89
+ const homeTenantId = accountInterface.homeAccountId.split(".")[1];
90
+ const accountKey = [
91
+ accountInterface.homeAccountId,
92
+ accountInterface.environment || "",
93
+ homeTenantId || accountInterface.tenantId || "",
94
+ ];
95
+ return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
96
+ }
97
+ /**
98
+ * Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
99
+ * @param accountDetails
100
+ */
101
+ static createAccount(accountDetails, authority, base64Decode) {
102
+ const account = new AccountEntity();
103
+ if (authority.authorityType === AuthorityType.Adfs) {
104
+ account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;
105
+ }
106
+ else if (authority.protocolMode === ProtocolMode.AAD) {
107
+ account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
108
+ }
109
+ else {
110
+ account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE;
111
+ }
112
+ let clientInfo;
113
+ if (accountDetails.clientInfo && base64Decode) {
114
+ clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode);
115
+ }
116
+ account.clientInfo = accountDetails.clientInfo;
117
+ account.homeAccountId = accountDetails.homeAccountId;
118
+ account.nativeAccountId = accountDetails.nativeAccountId;
119
+ const env = accountDetails.environment ||
120
+ (authority && authority.getPreferredCache());
121
+ if (!env) {
122
+ throw createClientAuthError(invalidCacheEnvironment);
123
+ }
124
+ account.environment = env;
125
+ // non AAD scenarios can have empty realm
126
+ account.realm =
127
+ clientInfo?.utid ||
128
+ getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||
129
+ "";
130
+ // How do you account for MSA CID here?
131
+ account.localAccountId =
132
+ clientInfo?.uid ||
133
+ accountDetails.idTokenClaims?.oid ||
134
+ accountDetails.idTokenClaims?.sub ||
135
+ "";
136
+ /*
137
+ * In B2C scenarios the emails claim is used instead of preferred_username and it is an array.
138
+ * In most cases it will contain a single email. This field should not be relied upon if a custom
139
+ * policy is configured to return more than 1 email.
140
+ */
141
+ const preferredUsername = accountDetails.idTokenClaims?.preferred_username ||
142
+ accountDetails.idTokenClaims?.upn;
143
+ const email = accountDetails.idTokenClaims?.emails
144
+ ? accountDetails.idTokenClaims.emails[0]
145
+ : null;
146
+ account.username = preferredUsername || email || "";
147
+ account.name = accountDetails.idTokenClaims?.name || "";
148
+ account.cloudGraphHostName = accountDetails.cloudGraphHostName;
149
+ account.msGraphHost = accountDetails.msGraphHost;
150
+ if (accountDetails.tenantProfiles) {
151
+ account.tenantProfiles = accountDetails.tenantProfiles;
152
+ }
153
+ else {
154
+ const tenantProfile = buildTenantProfile(accountDetails.homeAccountId, account.localAccountId, account.realm, accountDetails.idTokenClaims);
155
+ account.tenantProfiles = [tenantProfile];
156
+ }
157
+ return account;
158
+ }
159
+ /**
160
+ * Creates an AccountEntity object from AccountInfo
161
+ * @param accountInfo
162
+ * @param cloudGraphHostName
163
+ * @param msGraphHost
164
+ * @returns
165
+ */
166
+ static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {
167
+ const account = new AccountEntity();
168
+ account.authorityType =
169
+ accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;
170
+ account.homeAccountId = accountInfo.homeAccountId;
171
+ account.localAccountId = accountInfo.localAccountId;
172
+ account.nativeAccountId = accountInfo.nativeAccountId;
173
+ account.realm = accountInfo.tenantId;
174
+ account.environment = accountInfo.environment;
175
+ account.username = accountInfo.username;
176
+ account.name = accountInfo.name;
177
+ account.cloudGraphHostName = cloudGraphHostName;
178
+ account.msGraphHost = msGraphHost;
179
+ // Serialize tenant profiles map into an array
180
+ account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
181
+ return account;
182
+ }
183
+ /**
184
+ * Generate HomeAccountId from server response
185
+ * @param serverClientInfo
186
+ * @param authType
187
+ */
188
+ static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) {
189
+ // since ADFS/DSTS do not have tid and does not set client_info
190
+ if (!(authType === AuthorityType.Adfs ||
191
+ authType === AuthorityType.Dsts)) {
192
+ // for cases where there is clientInfo
193
+ if (serverClientInfo) {
194
+ try {
195
+ const clientInfo = buildClientInfo(serverClientInfo, cryptoObj.base64Decode);
196
+ if (clientInfo.uid && clientInfo.utid) {
197
+ return `${clientInfo.uid}.${clientInfo.utid}`;
198
+ }
199
+ }
200
+ catch (e) { }
201
+ }
202
+ logger.warning("No client info in response");
203
+ }
204
+ // default to "sub" claim
205
+ return idTokenClaims?.sub || "";
206
+ }
207
+ /**
208
+ * Validates an entity: checks for all expected params
209
+ * @param entity
210
+ */
211
+ static isAccountEntity(entity) {
212
+ if (!entity) {
213
+ return false;
214
+ }
215
+ return (entity.hasOwnProperty("homeAccountId") &&
216
+ entity.hasOwnProperty("environment") &&
217
+ entity.hasOwnProperty("realm") &&
218
+ entity.hasOwnProperty("localAccountId") &&
219
+ entity.hasOwnProperty("username") &&
220
+ entity.hasOwnProperty("authorityType"));
221
+ }
222
+ /**
223
+ * Helper function to determine whether 2 accountInfo objects represent the same account
224
+ * @param accountA
225
+ * @param accountB
226
+ * @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
227
+ */
228
+ static accountInfoIsEqual(accountA, accountB, compareClaims) {
229
+ if (!accountA || !accountB) {
230
+ return false;
231
+ }
232
+ let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false
233
+ if (compareClaims) {
234
+ const accountAClaims = (accountA.idTokenClaims ||
235
+ {});
236
+ const accountBClaims = (accountB.idTokenClaims ||
237
+ {});
238
+ // issued at timestamp and nonce are expected to change each time a new id token is acquired
239
+ claimsMatch =
240
+ accountAClaims.iat === accountBClaims.iat &&
241
+ accountAClaims.nonce === accountBClaims.nonce;
242
+ }
243
+ return (accountA.homeAccountId === accountB.homeAccountId &&
244
+ accountA.localAccountId === accountB.localAccountId &&
245
+ accountA.username === accountB.username &&
246
+ accountA.tenantId === accountB.tenantId &&
247
+ accountA.environment === accountB.environment &&
248
+ accountA.nativeAccountId === accountB.nativeAccountId &&
249
+ claimsMatch);
250
+ }
251
251
  }
252
252
 
253
253
  export { AccountEntity };
@@ -1,12 +1,12 @@
1
- /**
2
- * App Metadata Cache Type
3
- */
4
- export type AppMetadataEntity = {
5
- /** clientId of the application */
6
- clientId: string;
7
- /** entity that issued the token, represented as a full host */
8
- environment: string;
9
- /** Family identifier, '1' represents Microsoft Family */
10
- familyId?: string;
11
- };
1
+ /**
2
+ * App Metadata Cache Type
3
+ */
4
+ export type AppMetadataEntity = {
5
+ /** clientId of the application */
6
+ clientId: string;
7
+ /** entity that issued the token, represented as a full host */
8
+ environment: string;
9
+ /** Family identifier, '1' represents Microsoft Family */
10
+ familyId?: string;
11
+ };
12
12
  //# sourceMappingURL=AppMetadataEntity.d.ts.map
@@ -1,16 +1,16 @@
1
- /** @internal */
2
- export type AuthorityMetadataEntity = {
3
- aliases: Array<string>;
4
- preferred_cache: string;
5
- preferred_network: string;
6
- canonical_authority: string;
7
- authorization_endpoint: string;
8
- token_endpoint: string;
9
- end_session_endpoint?: string;
10
- issuer: string;
11
- aliasesFromNetwork: boolean;
12
- endpointsFromNetwork: boolean;
13
- expiresAt: number;
14
- jwks_uri: string;
15
- };
1
+ /** @internal */
2
+ export type AuthorityMetadataEntity = {
3
+ aliases: Array<string>;
4
+ preferred_cache: string;
5
+ preferred_network: string;
6
+ canonical_authority: string;
7
+ authorization_endpoint: string;
8
+ token_endpoint: string;
9
+ end_session_endpoint?: string;
10
+ issuer: string;
11
+ aliasesFromNetwork: boolean;
12
+ endpointsFromNetwork: boolean;
13
+ expiresAt: number;
14
+ jwks_uri: string;
15
+ };
16
16
  //# sourceMappingURL=AuthorityMetadataEntity.d.ts.map
@@ -1,14 +1,14 @@
1
- import { IdTokenEntity } from "./IdTokenEntity";
2
- import { AccessTokenEntity } from "./AccessTokenEntity";
3
- import { RefreshTokenEntity } from "./RefreshTokenEntity";
4
- import { AccountEntity } from "./AccountEntity";
5
- import { AppMetadataEntity } from "./AppMetadataEntity";
6
- /** @internal */
7
- export type CacheRecord = {
8
- account?: AccountEntity | null;
9
- idToken?: IdTokenEntity | null;
10
- accessToken?: AccessTokenEntity | null;
11
- refreshToken?: RefreshTokenEntity | null;
12
- appMetadata?: AppMetadataEntity | null;
13
- };
1
+ import { IdTokenEntity } from "./IdTokenEntity";
2
+ import { AccessTokenEntity } from "./AccessTokenEntity";
3
+ import { RefreshTokenEntity } from "./RefreshTokenEntity";
4
+ import { AccountEntity } from "./AccountEntity";
5
+ import { AppMetadataEntity } from "./AppMetadataEntity";
6
+ /** @internal */
7
+ export type CacheRecord = {
8
+ account?: AccountEntity | null;
9
+ idToken?: IdTokenEntity | null;
10
+ accessToken?: AccessTokenEntity | null;
11
+ refreshToken?: RefreshTokenEntity | null;
12
+ appMetadata?: AppMetadataEntity | null;
13
+ };
14
14
  //# sourceMappingURL=CacheRecord.d.ts.map
@@ -1,31 +1,31 @@
1
- import { CredentialType, AuthenticationScheme } from "../../utils/Constants";
2
- /**
3
- * Credential Cache Type
4
- */
5
- export type CredentialEntity = {
6
- /** Identifier for the user in their home tenant*/
7
- homeAccountId: string;
8
- /** Entity that issued the token, represented as a full host */
9
- environment: string;
10
- /** Type of credential */
11
- credentialType: CredentialType;
12
- /** Client ID of the application */
13
- clientId: string;
14
- /** Actual credential as a string */
15
- secret: string;
16
- /** Family ID identifier, usually only used for refresh tokens */
17
- familyId?: string;
18
- /** Full tenant or organizational identifier that the account belongs to */
19
- realm?: string;
20
- /** Permissions that are included in the token, or for refresh tokens, the resource identifier. */
21
- target?: string;
22
- /** Matches the SHA 256 hash of the obo_assertion for the OBO flow */
23
- userAssertionHash?: string;
24
- /** Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) */
25
- tokenType?: AuthenticationScheme;
26
- /** KeyId for PoP and SSH tokens stored in the kid claim */
27
- keyId?: string;
28
- /** Matches the SHA 256 hash of the claims object included in the token request */
29
- requestedClaimsHash?: string;
30
- };
1
+ import { CredentialType, AuthenticationScheme } from "../../utils/Constants";
2
+ /**
3
+ * Credential Cache Type
4
+ */
5
+ export type CredentialEntity = {
6
+ /** Identifier for the user in their home tenant*/
7
+ homeAccountId: string;
8
+ /** Entity that issued the token, represented as a full host */
9
+ environment: string;
10
+ /** Type of credential */
11
+ credentialType: CredentialType;
12
+ /** Client ID of the application */
13
+ clientId: string;
14
+ /** Actual credential as a string */
15
+ secret: string;
16
+ /** Family ID identifier, usually only used for refresh tokens */
17
+ familyId?: string;
18
+ /** Full tenant or organizational identifier that the account belongs to */
19
+ realm?: string;
20
+ /** Permissions that are included in the token, or for refresh tokens, the resource identifier. */
21
+ target?: string;
22
+ /** Matches the SHA 256 hash of the obo_assertion for the OBO flow */
23
+ userAssertionHash?: string;
24
+ /** Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) */
25
+ tokenType?: AuthenticationScheme;
26
+ /** KeyId for PoP and SSH tokens stored in the kid claim */
27
+ keyId?: string;
28
+ /** Matches the SHA 256 hash of the claims object included in the token request */
29
+ requestedClaimsHash?: string;
30
+ };
31
31
  //# sourceMappingURL=CredentialEntity.d.ts.map
@@ -1,9 +1,9 @@
1
- import { CredentialEntity } from "./CredentialEntity";
2
- /**
3
- * Id Token Cache Type
4
- */
5
- export type IdTokenEntity = CredentialEntity & {
6
- /** Full tenant or organizational identifier that the account belongs to */
7
- realm: string;
8
- };
1
+ import { CredentialEntity } from "./CredentialEntity";
2
+ /**
3
+ * Id Token Cache Type
4
+ */
5
+ export type IdTokenEntity = CredentialEntity & {
6
+ /** Full tenant or organizational identifier that the account belongs to */
7
+ realm: string;
8
+ };
9
9
  //# sourceMappingURL=IdTokenEntity.d.ts.map