@azure/msal-common 14.13.1 → 14.14.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +66 -66
- package/dist/account/AccountInfo.mjs +77 -77
- package/dist/account/AuthToken.d.ts +17 -17
- package/dist/account/AuthToken.mjs +58 -58
- package/dist/account/CcsCredential.d.ts +9 -9
- package/dist/account/CcsCredential.mjs +8 -8
- package/dist/account/ClientCredentials.d.ts +19 -19
- package/dist/account/ClientInfo.d.ts +18 -18
- package/dist/account/ClientInfo.mjs +37 -37
- package/dist/account/TokenClaims.d.ts +83 -83
- package/dist/account/TokenClaims.mjs +20 -20
- package/dist/authority/Authority.d.ts +254 -254
- package/dist/authority/Authority.mjs +836 -836
- package/dist/authority/AuthorityFactory.d.ts +18 -18
- package/dist/authority/AuthorityFactory.mjs +28 -28
- package/dist/authority/AuthorityMetadata.d.ts +43 -43
- package/dist/authority/AuthorityMetadata.mjs +137 -137
- package/dist/authority/AuthorityOptions.d.ts +27 -27
- package/dist/authority/AuthorityOptions.mjs +18 -18
- package/dist/authority/AuthorityType.d.ts +10 -10
- package/dist/authority/AuthorityType.mjs +13 -13
- package/dist/authority/AzureRegion.d.ts +1 -1
- package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
- package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
- package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
- package/dist/authority/ImdsOptions.d.ts +5 -5
- package/dist/authority/OIDCOptions.d.ts +8 -8
- package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
- package/dist/authority/OpenIdConfigResponse.mjs +10 -10
- package/dist/authority/ProtocolMode.d.ts +8 -8
- package/dist/authority/ProtocolMode.mjs +11 -11
- package/dist/authority/RegionDiscovery.d.ts +32 -32
- package/dist/authority/RegionDiscovery.mjs +106 -106
- package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
- package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
- package/dist/cache/CacheManager.d.ts +497 -497
- package/dist/cache/CacheManager.mjs +1249 -1249
- package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
- package/dist/cache/entities/AccountEntity.d.ts +106 -106
- package/dist/cache/entities/AccountEntity.mjs +240 -240
- package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
- package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
- package/dist/cache/entities/CacheRecord.d.ts +13 -13
- package/dist/cache/entities/CredentialEntity.d.ts +30 -30
- package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
- package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
- package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -5
- package/dist/cache/entities/ServerTelemetryEntity.d.ts.map +1 -1
- package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
- package/dist/cache/interface/ICacheManager.d.ts +166 -166
- package/dist/cache/interface/ICachePlugin.d.ts +5 -5
- package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
- package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
- package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
- package/dist/cache/utils/CacheHelpers.d.ts +94 -94
- package/dist/cache/utils/CacheHelpers.mjs +324 -324
- package/dist/cache/utils/CacheTypes.d.ts +69 -69
- package/dist/client/AuthorizationCodeClient.d.ts +74 -74
- package/dist/client/AuthorizationCodeClient.mjs +420 -420
- package/dist/client/BaseClient.d.ts +51 -51
- package/dist/client/BaseClient.mjs +100 -100
- package/dist/client/RefreshTokenClient.d.ts +35 -35
- package/dist/client/RefreshTokenClient.mjs +211 -211
- package/dist/client/SilentFlowClient.d.ts +27 -27
- package/dist/client/SilentFlowClient.mjs +133 -133
- package/dist/config/AppTokenProvider.d.ts +38 -38
- package/dist/config/ClientConfiguration.d.ts +150 -150
- package/dist/config/ClientConfiguration.mjs +95 -95
- package/dist/constants/AADServerParamKeys.d.ts +53 -52
- package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +59 -58
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.d.ts +68 -68
- package/dist/crypto/ICrypto.mjs +36 -36
- package/dist/crypto/IGuidGenerator.d.ts +4 -4
- package/dist/crypto/JoseHeader.d.ts +22 -22
- package/dist/crypto/JoseHeader.mjs +37 -37
- package/dist/crypto/PopTokenGenerator.d.ts +59 -59
- package/dist/crypto/PopTokenGenerator.mjs +81 -81
- package/dist/crypto/SignedHttpRequest.d.ts +15 -15
- package/dist/error/AuthError.d.ts +44 -44
- package/dist/error/AuthError.mjs +46 -46
- package/dist/error/AuthErrorCodes.d.ts +5 -5
- package/dist/error/AuthErrorCodes.mjs +9 -9
- package/dist/error/CacheError.d.ts +20 -20
- package/dist/error/CacheError.mjs +24 -24
- package/dist/error/CacheErrorCodes.d.ts +2 -2
- package/dist/error/CacheErrorCodes.mjs +6 -6
- package/dist/error/ClientAuthError.d.ts +237 -237
- package/dist/error/ClientAuthError.mjs +249 -249
- package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
- package/dist/error/ClientAuthErrorCodes.mjs +48 -48
- package/dist/error/ClientConfigurationError.d.ts +128 -128
- package/dist/error/ClientConfigurationError.mjs +135 -135
- package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
- package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
- package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
- package/dist/error/InteractionRequiredAuthError.mjs +85 -85
- package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
- package/dist/error/JoseHeaderError.d.ts +15 -15
- package/dist/error/JoseHeaderError.mjs +22 -22
- package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
- package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
- package/dist/error/ServerError.d.ts +15 -15
- package/dist/error/ServerError.mjs +16 -16
- package/dist/index.cjs +8664 -8599
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +107 -107
- package/dist/index.mjs +1 -1
- package/dist/logger/Logger.d.ts +95 -95
- package/dist/logger/Logger.mjs +188 -188
- package/dist/network/INetworkModule.d.ts +29 -29
- package/dist/network/INetworkModule.mjs +12 -12
- package/dist/network/NetworkManager.d.ts +33 -33
- package/dist/network/NetworkManager.mjs +34 -34
- package/dist/network/RequestThumbprint.d.ts +18 -18
- package/dist/network/ThrottlingUtils.d.ts +42 -42
- package/dist/network/ThrottlingUtils.mjs +95 -95
- package/dist/packageMetadata.d.ts +2 -2
- package/dist/packageMetadata.mjs +4 -4
- package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
- package/dist/request/AuthenticationHeaderParser.mjs +55 -55
- package/dist/request/BaseAuthRequest.d.ts +47 -47
- package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
- package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
- package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
- package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
- package/dist/request/CommonEndSessionRequest.d.ts +21 -21
- package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
- package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
- package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
- package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
- package/dist/request/NativeRequest.d.ts +19 -19
- package/dist/request/NativeSignOutRequest.d.ts +5 -5
- package/dist/request/RequestParameterBuilder.d.ts +217 -217
- package/dist/request/RequestParameterBuilder.mjs +382 -382
- package/dist/request/RequestValidator.d.ts +27 -27
- package/dist/request/RequestValidator.mjs +64 -64
- package/dist/request/ScopeSet.d.ts +88 -88
- package/dist/request/ScopeSet.mjs +197 -197
- package/dist/request/StoreInCache.d.ts +8 -8
- package/dist/response/AuthenticationResult.d.ts +41 -41
- package/dist/response/AuthorizationCodePayload.d.ts +13 -13
- package/dist/response/DeviceCodeResponse.d.ts +25 -25
- package/dist/response/ExternalTokenResponse.d.ts +15 -15
- package/dist/response/IMDSBadResponse.d.ts +4 -4
- package/dist/response/ResponseHandler.d.ts +69 -69
- package/dist/response/ResponseHandler.mjs +374 -374
- package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
- package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
- package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
- package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
- package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
- package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
- package/dist/telemetry/performance/PerformanceEvent.d.ts +515 -505
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +484 -480
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
- package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
- package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -66
- package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -201
- package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
- package/dist/url/IUri.d.ts +12 -12
- package/dist/url/UrlString.d.ts +48 -48
- package/dist/url/UrlString.mjs +161 -161
- package/dist/utils/ClientAssertionUtils.d.ts +2 -2
- package/dist/utils/ClientAssertionUtils.mjs +16 -16
- package/dist/utils/Constants.d.ts +309 -309
- package/dist/utils/Constants.mjs +322 -322
- package/dist/utils/FunctionWrappers.d.ts +27 -27
- package/dist/utils/FunctionWrappers.mjs +94 -94
- package/dist/utils/MsalTypes.d.ts +6 -6
- package/dist/utils/ProtocolUtils.d.ts +42 -42
- package/dist/utils/ProtocolUtils.mjs +69 -69
- package/dist/utils/StringUtils.d.ts +40 -40
- package/dist/utils/StringUtils.mjs +95 -95
- package/dist/utils/TimeUtils.d.ts +25 -25
- package/dist/utils/TimeUtils.mjs +43 -43
- package/dist/utils/UrlUtils.d.ts +10 -10
- package/dist/utils/UrlUtils.mjs +44 -44
- package/package.json +1 -1
- package/src/cache/entities/ServerTelemetryEntity.ts +1 -0
- package/src/constants/AADServerParamKeys.ts +1 -0
- package/src/packageMetadata.ts +1 -1
- package/src/telemetry/performance/PerformanceEvent.ts +12 -0
- package/src/telemetry/server/ServerTelemetryManager.ts +95 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.
|
|
1
|
+
/*! @azure/msal-common v14.14.1 2024-08-13 */
|
|
2
2
|
'use strict';
|
|
3
3
|
import { extractTokenClaims } from '../../account/AuthToken.mjs';
|
|
4
4
|
import { createClientAuthError } from '../../error/ClientAuthError.mjs';
|
|
@@ -6,329 +6,329 @@ import { Separators, CredentialType, AuthenticationScheme, SERVER_TELEM_CONSTANT
|
|
|
6
6
|
import { nowSeconds } from '../../utils/TimeUtils.mjs';
|
|
7
7
|
import { tokenClaimsCnfRequiredForSignedJwt } from '../../error/ClientAuthErrorCodes.mjs';
|
|
8
8
|
|
|
9
|
-
/*
|
|
10
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
11
|
-
* Licensed under the MIT License.
|
|
12
|
-
*/
|
|
13
|
-
/**
|
|
14
|
-
* Cache Key: <home_account_id>-<environment>-<credential_type>-<client_id or familyId>-<realm>-<scopes>-<claims hash>-<scheme>
|
|
15
|
-
* IdToken Example: uid.utid-login.microsoftonline.com-idtoken-app_client_id-contoso.com
|
|
16
|
-
* AccessToken Example: uid.utid-login.microsoftonline.com-accesstoken-app_client_id-contoso.com-scope1 scope2--pop
|
|
17
|
-
* RefreshToken Example: uid.utid-login.microsoftonline.com-refreshtoken-1-contoso.com
|
|
18
|
-
* @param credentialEntity
|
|
19
|
-
* @returns
|
|
20
|
-
*/
|
|
21
|
-
function generateCredentialKey(credentialEntity) {
|
|
22
|
-
const credentialKey = [
|
|
23
|
-
generateAccountId(credentialEntity),
|
|
24
|
-
generateCredentialId(credentialEntity),
|
|
25
|
-
generateTarget(credentialEntity),
|
|
26
|
-
generateClaimsHash(credentialEntity),
|
|
27
|
-
generateScheme(credentialEntity),
|
|
28
|
-
];
|
|
29
|
-
return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
30
|
-
}
|
|
31
|
-
/**
|
|
32
|
-
* Create IdTokenEntity
|
|
33
|
-
* @param homeAccountId
|
|
34
|
-
* @param authenticationResult
|
|
35
|
-
* @param clientId
|
|
36
|
-
* @param authority
|
|
37
|
-
*/
|
|
38
|
-
function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
|
|
39
|
-
const idTokenEntity = {
|
|
40
|
-
credentialType: CredentialType.ID_TOKEN,
|
|
41
|
-
homeAccountId: homeAccountId,
|
|
42
|
-
environment: environment,
|
|
43
|
-
clientId: clientId,
|
|
44
|
-
secret: idToken,
|
|
45
|
-
realm: tenantId,
|
|
46
|
-
};
|
|
47
|
-
return idTokenEntity;
|
|
48
|
-
}
|
|
49
|
-
/**
|
|
50
|
-
* Create AccessTokenEntity
|
|
51
|
-
* @param homeAccountId
|
|
52
|
-
* @param environment
|
|
53
|
-
* @param accessToken
|
|
54
|
-
* @param clientId
|
|
55
|
-
* @param tenantId
|
|
56
|
-
* @param scopes
|
|
57
|
-
* @param expiresOn
|
|
58
|
-
* @param extExpiresOn
|
|
59
|
-
*/
|
|
60
|
-
function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId, requestedClaims, requestedClaimsHash) {
|
|
61
|
-
const atEntity = {
|
|
62
|
-
homeAccountId: homeAccountId,
|
|
63
|
-
credentialType: CredentialType.ACCESS_TOKEN,
|
|
64
|
-
secret: accessToken,
|
|
65
|
-
cachedAt: nowSeconds().toString(),
|
|
66
|
-
expiresOn: expiresOn.toString(),
|
|
67
|
-
extendedExpiresOn: extExpiresOn.toString(),
|
|
68
|
-
environment: environment,
|
|
69
|
-
clientId: clientId,
|
|
70
|
-
realm: tenantId,
|
|
71
|
-
target: scopes,
|
|
72
|
-
tokenType: tokenType || AuthenticationScheme.BEARER,
|
|
73
|
-
};
|
|
74
|
-
if (userAssertionHash) {
|
|
75
|
-
atEntity.userAssertionHash = userAssertionHash;
|
|
76
|
-
}
|
|
77
|
-
if (refreshOn) {
|
|
78
|
-
atEntity.refreshOn = refreshOn.toString();
|
|
79
|
-
}
|
|
80
|
-
if (requestedClaims) {
|
|
81
|
-
atEntity.requestedClaims = requestedClaims;
|
|
82
|
-
atEntity.requestedClaimsHash = requestedClaimsHash;
|
|
83
|
-
}
|
|
84
|
-
/*
|
|
85
|
-
* Create Access Token With Auth Scheme instead of regular access token
|
|
86
|
-
* Cast to lower to handle "bearer" from ADFS
|
|
87
|
-
*/
|
|
88
|
-
if (atEntity.tokenType?.toLowerCase() !==
|
|
89
|
-
AuthenticationScheme.BEARER.toLowerCase()) {
|
|
90
|
-
atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
91
|
-
switch (atEntity.tokenType) {
|
|
92
|
-
case AuthenticationScheme.POP:
|
|
93
|
-
// Make sure keyId is present and add it to credential
|
|
94
|
-
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
95
|
-
if (!tokenClaims?.cnf?.kid) {
|
|
96
|
-
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
97
|
-
}
|
|
98
|
-
atEntity.keyId = tokenClaims.cnf.kid;
|
|
99
|
-
break;
|
|
100
|
-
case AuthenticationScheme.SSH:
|
|
101
|
-
atEntity.keyId = keyId;
|
|
102
|
-
}
|
|
103
|
-
}
|
|
104
|
-
return atEntity;
|
|
105
|
-
}
|
|
106
|
-
/**
|
|
107
|
-
* Create RefreshTokenEntity
|
|
108
|
-
* @param homeAccountId
|
|
109
|
-
* @param authenticationResult
|
|
110
|
-
* @param clientId
|
|
111
|
-
* @param authority
|
|
112
|
-
*/
|
|
113
|
-
function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
|
|
114
|
-
const rtEntity = {
|
|
115
|
-
credentialType: CredentialType.REFRESH_TOKEN,
|
|
116
|
-
homeAccountId: homeAccountId,
|
|
117
|
-
environment: environment,
|
|
118
|
-
clientId: clientId,
|
|
119
|
-
secret: refreshToken,
|
|
120
|
-
};
|
|
121
|
-
if (userAssertionHash) {
|
|
122
|
-
rtEntity.userAssertionHash = userAssertionHash;
|
|
123
|
-
}
|
|
124
|
-
if (familyId) {
|
|
125
|
-
rtEntity.familyId = familyId;
|
|
126
|
-
}
|
|
127
|
-
if (expiresOn) {
|
|
128
|
-
rtEntity.expiresOn = expiresOn.toString();
|
|
129
|
-
}
|
|
130
|
-
return rtEntity;
|
|
131
|
-
}
|
|
132
|
-
function isCredentialEntity(entity) {
|
|
133
|
-
return (entity.hasOwnProperty("homeAccountId") &&
|
|
134
|
-
entity.hasOwnProperty("environment") &&
|
|
135
|
-
entity.hasOwnProperty("credentialType") &&
|
|
136
|
-
entity.hasOwnProperty("clientId") &&
|
|
137
|
-
entity.hasOwnProperty("secret"));
|
|
138
|
-
}
|
|
139
|
-
/**
|
|
140
|
-
* Validates an entity: checks for all expected params
|
|
141
|
-
* @param entity
|
|
142
|
-
*/
|
|
143
|
-
function isAccessTokenEntity(entity) {
|
|
144
|
-
if (!entity) {
|
|
145
|
-
return false;
|
|
146
|
-
}
|
|
147
|
-
return (isCredentialEntity(entity) &&
|
|
148
|
-
entity.hasOwnProperty("realm") &&
|
|
149
|
-
entity.hasOwnProperty("target") &&
|
|
150
|
-
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
151
|
-
entity["credentialType"] ===
|
|
152
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
153
|
-
}
|
|
154
|
-
/**
|
|
155
|
-
* Validates an entity: checks for all expected params
|
|
156
|
-
* @param entity
|
|
157
|
-
*/
|
|
158
|
-
function isIdTokenEntity(entity) {
|
|
159
|
-
if (!entity) {
|
|
160
|
-
return false;
|
|
161
|
-
}
|
|
162
|
-
return (isCredentialEntity(entity) &&
|
|
163
|
-
entity.hasOwnProperty("realm") &&
|
|
164
|
-
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
165
|
-
}
|
|
166
|
-
/**
|
|
167
|
-
* Validates an entity: checks for all expected params
|
|
168
|
-
* @param entity
|
|
169
|
-
*/
|
|
170
|
-
function isRefreshTokenEntity(entity) {
|
|
171
|
-
if (!entity) {
|
|
172
|
-
return false;
|
|
173
|
-
}
|
|
174
|
-
return (isCredentialEntity(entity) &&
|
|
175
|
-
entity["credentialType"] === CredentialType.REFRESH_TOKEN);
|
|
176
|
-
}
|
|
177
|
-
/**
|
|
178
|
-
* Generate Account Id key component as per the schema: <home_account_id>-<environment>
|
|
179
|
-
*/
|
|
180
|
-
function generateAccountId(credentialEntity) {
|
|
181
|
-
const accountId = [
|
|
182
|
-
credentialEntity.homeAccountId,
|
|
183
|
-
credentialEntity.environment,
|
|
184
|
-
];
|
|
185
|
-
return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
186
|
-
}
|
|
187
|
-
/**
|
|
188
|
-
* Generate Credential Id key component as per the schema: <credential_type>-<client_id>-<realm>
|
|
189
|
-
*/
|
|
190
|
-
function generateCredentialId(credentialEntity) {
|
|
191
|
-
const clientOrFamilyId = credentialEntity.credentialType === CredentialType.REFRESH_TOKEN
|
|
192
|
-
? credentialEntity.familyId || credentialEntity.clientId
|
|
193
|
-
: credentialEntity.clientId;
|
|
194
|
-
const credentialId = [
|
|
195
|
-
credentialEntity.credentialType,
|
|
196
|
-
clientOrFamilyId,
|
|
197
|
-
credentialEntity.realm || "",
|
|
198
|
-
];
|
|
199
|
-
return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
200
|
-
}
|
|
201
|
-
/**
|
|
202
|
-
* Generate target key component as per schema: <target>
|
|
203
|
-
*/
|
|
204
|
-
function generateTarget(credentialEntity) {
|
|
205
|
-
return (credentialEntity.target || "").toLowerCase();
|
|
206
|
-
}
|
|
207
|
-
/**
|
|
208
|
-
* Generate requested claims key component as per schema: <requestedClaims>
|
|
209
|
-
*/
|
|
210
|
-
function generateClaimsHash(credentialEntity) {
|
|
211
|
-
return (credentialEntity.requestedClaimsHash || "").toLowerCase();
|
|
212
|
-
}
|
|
213
|
-
/**
|
|
214
|
-
* Generate scheme key componenet as per schema: <scheme>
|
|
215
|
-
*/
|
|
216
|
-
function generateScheme(credentialEntity) {
|
|
217
|
-
/*
|
|
218
|
-
* PoP Tokens and SSH certs include scheme in cache key
|
|
219
|
-
* Cast to lowercase to handle "bearer" from ADFS
|
|
220
|
-
*/
|
|
221
|
-
return credentialEntity.tokenType &&
|
|
222
|
-
credentialEntity.tokenType.toLowerCase() !==
|
|
223
|
-
AuthenticationScheme.BEARER.toLowerCase()
|
|
224
|
-
? credentialEntity.tokenType.toLowerCase()
|
|
225
|
-
: "";
|
|
226
|
-
}
|
|
227
|
-
/**
|
|
228
|
-
* validates if a given cache entry is "Telemetry", parses <key,value>
|
|
229
|
-
* @param key
|
|
230
|
-
* @param entity
|
|
231
|
-
*/
|
|
232
|
-
function isServerTelemetryEntity(key, entity) {
|
|
233
|
-
const validateKey = key.indexOf(SERVER_TELEM_CONSTANTS.CACHE_KEY) === 0;
|
|
234
|
-
let validateEntity = true;
|
|
235
|
-
if (entity) {
|
|
236
|
-
validateEntity =
|
|
237
|
-
entity.hasOwnProperty("failedRequests") &&
|
|
238
|
-
entity.hasOwnProperty("errors") &&
|
|
239
|
-
entity.hasOwnProperty("cacheHits");
|
|
240
|
-
}
|
|
241
|
-
return validateKey && validateEntity;
|
|
242
|
-
}
|
|
243
|
-
/**
|
|
244
|
-
* validates if a given cache entry is "Throttling", parses <key,value>
|
|
245
|
-
* @param key
|
|
246
|
-
* @param entity
|
|
247
|
-
*/
|
|
248
|
-
function isThrottlingEntity(key, entity) {
|
|
249
|
-
let validateKey = false;
|
|
250
|
-
if (key) {
|
|
251
|
-
validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0;
|
|
252
|
-
}
|
|
253
|
-
let validateEntity = true;
|
|
254
|
-
if (entity) {
|
|
255
|
-
validateEntity = entity.hasOwnProperty("throttleTime");
|
|
256
|
-
}
|
|
257
|
-
return validateKey && validateEntity;
|
|
258
|
-
}
|
|
259
|
-
/**
|
|
260
|
-
* Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
|
|
261
|
-
*/
|
|
262
|
-
function generateAppMetadataKey({ environment, clientId, }) {
|
|
263
|
-
const appMetaDataKeyArray = [
|
|
264
|
-
APP_METADATA,
|
|
265
|
-
environment,
|
|
266
|
-
clientId,
|
|
267
|
-
];
|
|
268
|
-
return appMetaDataKeyArray
|
|
269
|
-
.join(Separators.CACHE_KEY_SEPARATOR)
|
|
270
|
-
.toLowerCase();
|
|
271
|
-
}
|
|
272
|
-
/*
|
|
273
|
-
* Validates an entity: checks for all expected params
|
|
274
|
-
* @param entity
|
|
275
|
-
*/
|
|
276
|
-
function isAppMetadataEntity(key, entity) {
|
|
277
|
-
if (!entity) {
|
|
278
|
-
return false;
|
|
279
|
-
}
|
|
280
|
-
return (key.indexOf(APP_METADATA) === 0 &&
|
|
281
|
-
entity.hasOwnProperty("clientId") &&
|
|
282
|
-
entity.hasOwnProperty("environment"));
|
|
283
|
-
}
|
|
284
|
-
/**
|
|
285
|
-
* Validates an entity: checks for all expected params
|
|
286
|
-
* @param entity
|
|
287
|
-
*/
|
|
288
|
-
function isAuthorityMetadataEntity(key, entity) {
|
|
289
|
-
if (!entity) {
|
|
290
|
-
return false;
|
|
291
|
-
}
|
|
292
|
-
return (key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) === 0 &&
|
|
293
|
-
entity.hasOwnProperty("aliases") &&
|
|
294
|
-
entity.hasOwnProperty("preferred_cache") &&
|
|
295
|
-
entity.hasOwnProperty("preferred_network") &&
|
|
296
|
-
entity.hasOwnProperty("canonical_authority") &&
|
|
297
|
-
entity.hasOwnProperty("authorization_endpoint") &&
|
|
298
|
-
entity.hasOwnProperty("token_endpoint") &&
|
|
299
|
-
entity.hasOwnProperty("issuer") &&
|
|
300
|
-
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
301
|
-
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
302
|
-
entity.hasOwnProperty("expiresAt") &&
|
|
303
|
-
entity.hasOwnProperty("jwks_uri"));
|
|
304
|
-
}
|
|
305
|
-
/**
|
|
306
|
-
* Reset the exiresAt value
|
|
307
|
-
*/
|
|
308
|
-
function generateAuthorityMetadataExpiresAt() {
|
|
309
|
-
return (nowSeconds() +
|
|
310
|
-
AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS);
|
|
311
|
-
}
|
|
312
|
-
function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
313
|
-
authorityMetadata.authorization_endpoint =
|
|
314
|
-
updatedValues.authorization_endpoint;
|
|
315
|
-
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
316
|
-
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
317
|
-
authorityMetadata.issuer = updatedValues.issuer;
|
|
318
|
-
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
319
|
-
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
320
|
-
}
|
|
321
|
-
function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
322
|
-
authorityMetadata.aliases = updatedValues.aliases;
|
|
323
|
-
authorityMetadata.preferred_cache = updatedValues.preferred_cache;
|
|
324
|
-
authorityMetadata.preferred_network = updatedValues.preferred_network;
|
|
325
|
-
authorityMetadata.aliasesFromNetwork = fromNetwork;
|
|
326
|
-
}
|
|
327
|
-
/**
|
|
328
|
-
* Returns whether or not the data needs to be refreshed
|
|
329
|
-
*/
|
|
330
|
-
function isAuthorityMetadataExpired(metadata) {
|
|
331
|
-
return metadata.expiresAt <= nowSeconds();
|
|
9
|
+
/*
|
|
10
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
11
|
+
* Licensed under the MIT License.
|
|
12
|
+
*/
|
|
13
|
+
/**
|
|
14
|
+
* Cache Key: <home_account_id>-<environment>-<credential_type>-<client_id or familyId>-<realm>-<scopes>-<claims hash>-<scheme>
|
|
15
|
+
* IdToken Example: uid.utid-login.microsoftonline.com-idtoken-app_client_id-contoso.com
|
|
16
|
+
* AccessToken Example: uid.utid-login.microsoftonline.com-accesstoken-app_client_id-contoso.com-scope1 scope2--pop
|
|
17
|
+
* RefreshToken Example: uid.utid-login.microsoftonline.com-refreshtoken-1-contoso.com
|
|
18
|
+
* @param credentialEntity
|
|
19
|
+
* @returns
|
|
20
|
+
*/
|
|
21
|
+
function generateCredentialKey(credentialEntity) {
|
|
22
|
+
const credentialKey = [
|
|
23
|
+
generateAccountId(credentialEntity),
|
|
24
|
+
generateCredentialId(credentialEntity),
|
|
25
|
+
generateTarget(credentialEntity),
|
|
26
|
+
generateClaimsHash(credentialEntity),
|
|
27
|
+
generateScheme(credentialEntity),
|
|
28
|
+
];
|
|
29
|
+
return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Create IdTokenEntity
|
|
33
|
+
* @param homeAccountId
|
|
34
|
+
* @param authenticationResult
|
|
35
|
+
* @param clientId
|
|
36
|
+
* @param authority
|
|
37
|
+
*/
|
|
38
|
+
function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
|
|
39
|
+
const idTokenEntity = {
|
|
40
|
+
credentialType: CredentialType.ID_TOKEN,
|
|
41
|
+
homeAccountId: homeAccountId,
|
|
42
|
+
environment: environment,
|
|
43
|
+
clientId: clientId,
|
|
44
|
+
secret: idToken,
|
|
45
|
+
realm: tenantId,
|
|
46
|
+
};
|
|
47
|
+
return idTokenEntity;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Create AccessTokenEntity
|
|
51
|
+
* @param homeAccountId
|
|
52
|
+
* @param environment
|
|
53
|
+
* @param accessToken
|
|
54
|
+
* @param clientId
|
|
55
|
+
* @param tenantId
|
|
56
|
+
* @param scopes
|
|
57
|
+
* @param expiresOn
|
|
58
|
+
* @param extExpiresOn
|
|
59
|
+
*/
|
|
60
|
+
function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId, requestedClaims, requestedClaimsHash) {
|
|
61
|
+
const atEntity = {
|
|
62
|
+
homeAccountId: homeAccountId,
|
|
63
|
+
credentialType: CredentialType.ACCESS_TOKEN,
|
|
64
|
+
secret: accessToken,
|
|
65
|
+
cachedAt: nowSeconds().toString(),
|
|
66
|
+
expiresOn: expiresOn.toString(),
|
|
67
|
+
extendedExpiresOn: extExpiresOn.toString(),
|
|
68
|
+
environment: environment,
|
|
69
|
+
clientId: clientId,
|
|
70
|
+
realm: tenantId,
|
|
71
|
+
target: scopes,
|
|
72
|
+
tokenType: tokenType || AuthenticationScheme.BEARER,
|
|
73
|
+
};
|
|
74
|
+
if (userAssertionHash) {
|
|
75
|
+
atEntity.userAssertionHash = userAssertionHash;
|
|
76
|
+
}
|
|
77
|
+
if (refreshOn) {
|
|
78
|
+
atEntity.refreshOn = refreshOn.toString();
|
|
79
|
+
}
|
|
80
|
+
if (requestedClaims) {
|
|
81
|
+
atEntity.requestedClaims = requestedClaims;
|
|
82
|
+
atEntity.requestedClaimsHash = requestedClaimsHash;
|
|
83
|
+
}
|
|
84
|
+
/*
|
|
85
|
+
* Create Access Token With Auth Scheme instead of regular access token
|
|
86
|
+
* Cast to lower to handle "bearer" from ADFS
|
|
87
|
+
*/
|
|
88
|
+
if (atEntity.tokenType?.toLowerCase() !==
|
|
89
|
+
AuthenticationScheme.BEARER.toLowerCase()) {
|
|
90
|
+
atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
91
|
+
switch (atEntity.tokenType) {
|
|
92
|
+
case AuthenticationScheme.POP:
|
|
93
|
+
// Make sure keyId is present and add it to credential
|
|
94
|
+
const tokenClaims = extractTokenClaims(accessToken, base64Decode);
|
|
95
|
+
if (!tokenClaims?.cnf?.kid) {
|
|
96
|
+
throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
|
|
97
|
+
}
|
|
98
|
+
atEntity.keyId = tokenClaims.cnf.kid;
|
|
99
|
+
break;
|
|
100
|
+
case AuthenticationScheme.SSH:
|
|
101
|
+
atEntity.keyId = keyId;
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
return atEntity;
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Create RefreshTokenEntity
|
|
108
|
+
* @param homeAccountId
|
|
109
|
+
* @param authenticationResult
|
|
110
|
+
* @param clientId
|
|
111
|
+
* @param authority
|
|
112
|
+
*/
|
|
113
|
+
function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
|
|
114
|
+
const rtEntity = {
|
|
115
|
+
credentialType: CredentialType.REFRESH_TOKEN,
|
|
116
|
+
homeAccountId: homeAccountId,
|
|
117
|
+
environment: environment,
|
|
118
|
+
clientId: clientId,
|
|
119
|
+
secret: refreshToken,
|
|
120
|
+
};
|
|
121
|
+
if (userAssertionHash) {
|
|
122
|
+
rtEntity.userAssertionHash = userAssertionHash;
|
|
123
|
+
}
|
|
124
|
+
if (familyId) {
|
|
125
|
+
rtEntity.familyId = familyId;
|
|
126
|
+
}
|
|
127
|
+
if (expiresOn) {
|
|
128
|
+
rtEntity.expiresOn = expiresOn.toString();
|
|
129
|
+
}
|
|
130
|
+
return rtEntity;
|
|
131
|
+
}
|
|
132
|
+
function isCredentialEntity(entity) {
|
|
133
|
+
return (entity.hasOwnProperty("homeAccountId") &&
|
|
134
|
+
entity.hasOwnProperty("environment") &&
|
|
135
|
+
entity.hasOwnProperty("credentialType") &&
|
|
136
|
+
entity.hasOwnProperty("clientId") &&
|
|
137
|
+
entity.hasOwnProperty("secret"));
|
|
138
|
+
}
|
|
139
|
+
/**
|
|
140
|
+
* Validates an entity: checks for all expected params
|
|
141
|
+
* @param entity
|
|
142
|
+
*/
|
|
143
|
+
function isAccessTokenEntity(entity) {
|
|
144
|
+
if (!entity) {
|
|
145
|
+
return false;
|
|
146
|
+
}
|
|
147
|
+
return (isCredentialEntity(entity) &&
|
|
148
|
+
entity.hasOwnProperty("realm") &&
|
|
149
|
+
entity.hasOwnProperty("target") &&
|
|
150
|
+
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
151
|
+
entity["credentialType"] ===
|
|
152
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
|
|
153
|
+
}
|
|
154
|
+
/**
|
|
155
|
+
* Validates an entity: checks for all expected params
|
|
156
|
+
* @param entity
|
|
157
|
+
*/
|
|
158
|
+
function isIdTokenEntity(entity) {
|
|
159
|
+
if (!entity) {
|
|
160
|
+
return false;
|
|
161
|
+
}
|
|
162
|
+
return (isCredentialEntity(entity) &&
|
|
163
|
+
entity.hasOwnProperty("realm") &&
|
|
164
|
+
entity["credentialType"] === CredentialType.ID_TOKEN);
|
|
165
|
+
}
|
|
166
|
+
/**
|
|
167
|
+
* Validates an entity: checks for all expected params
|
|
168
|
+
* @param entity
|
|
169
|
+
*/
|
|
170
|
+
function isRefreshTokenEntity(entity) {
|
|
171
|
+
if (!entity) {
|
|
172
|
+
return false;
|
|
173
|
+
}
|
|
174
|
+
return (isCredentialEntity(entity) &&
|
|
175
|
+
entity["credentialType"] === CredentialType.REFRESH_TOKEN);
|
|
176
|
+
}
|
|
177
|
+
/**
|
|
178
|
+
* Generate Account Id key component as per the schema: <home_account_id>-<environment>
|
|
179
|
+
*/
|
|
180
|
+
function generateAccountId(credentialEntity) {
|
|
181
|
+
const accountId = [
|
|
182
|
+
credentialEntity.homeAccountId,
|
|
183
|
+
credentialEntity.environment,
|
|
184
|
+
];
|
|
185
|
+
return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
186
|
+
}
|
|
187
|
+
/**
|
|
188
|
+
* Generate Credential Id key component as per the schema: <credential_type>-<client_id>-<realm>
|
|
189
|
+
*/
|
|
190
|
+
function generateCredentialId(credentialEntity) {
|
|
191
|
+
const clientOrFamilyId = credentialEntity.credentialType === CredentialType.REFRESH_TOKEN
|
|
192
|
+
? credentialEntity.familyId || credentialEntity.clientId
|
|
193
|
+
: credentialEntity.clientId;
|
|
194
|
+
const credentialId = [
|
|
195
|
+
credentialEntity.credentialType,
|
|
196
|
+
clientOrFamilyId,
|
|
197
|
+
credentialEntity.realm || "",
|
|
198
|
+
];
|
|
199
|
+
return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
200
|
+
}
|
|
201
|
+
/**
|
|
202
|
+
* Generate target key component as per schema: <target>
|
|
203
|
+
*/
|
|
204
|
+
function generateTarget(credentialEntity) {
|
|
205
|
+
return (credentialEntity.target || "").toLowerCase();
|
|
206
|
+
}
|
|
207
|
+
/**
|
|
208
|
+
* Generate requested claims key component as per schema: <requestedClaims>
|
|
209
|
+
*/
|
|
210
|
+
function generateClaimsHash(credentialEntity) {
|
|
211
|
+
return (credentialEntity.requestedClaimsHash || "").toLowerCase();
|
|
212
|
+
}
|
|
213
|
+
/**
|
|
214
|
+
* Generate scheme key componenet as per schema: <scheme>
|
|
215
|
+
*/
|
|
216
|
+
function generateScheme(credentialEntity) {
|
|
217
|
+
/*
|
|
218
|
+
* PoP Tokens and SSH certs include scheme in cache key
|
|
219
|
+
* Cast to lowercase to handle "bearer" from ADFS
|
|
220
|
+
*/
|
|
221
|
+
return credentialEntity.tokenType &&
|
|
222
|
+
credentialEntity.tokenType.toLowerCase() !==
|
|
223
|
+
AuthenticationScheme.BEARER.toLowerCase()
|
|
224
|
+
? credentialEntity.tokenType.toLowerCase()
|
|
225
|
+
: "";
|
|
226
|
+
}
|
|
227
|
+
/**
|
|
228
|
+
* validates if a given cache entry is "Telemetry", parses <key,value>
|
|
229
|
+
* @param key
|
|
230
|
+
* @param entity
|
|
231
|
+
*/
|
|
232
|
+
function isServerTelemetryEntity(key, entity) {
|
|
233
|
+
const validateKey = key.indexOf(SERVER_TELEM_CONSTANTS.CACHE_KEY) === 0;
|
|
234
|
+
let validateEntity = true;
|
|
235
|
+
if (entity) {
|
|
236
|
+
validateEntity =
|
|
237
|
+
entity.hasOwnProperty("failedRequests") &&
|
|
238
|
+
entity.hasOwnProperty("errors") &&
|
|
239
|
+
entity.hasOwnProperty("cacheHits");
|
|
240
|
+
}
|
|
241
|
+
return validateKey && validateEntity;
|
|
242
|
+
}
|
|
243
|
+
/**
|
|
244
|
+
* validates if a given cache entry is "Throttling", parses <key,value>
|
|
245
|
+
* @param key
|
|
246
|
+
* @param entity
|
|
247
|
+
*/
|
|
248
|
+
function isThrottlingEntity(key, entity) {
|
|
249
|
+
let validateKey = false;
|
|
250
|
+
if (key) {
|
|
251
|
+
validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0;
|
|
252
|
+
}
|
|
253
|
+
let validateEntity = true;
|
|
254
|
+
if (entity) {
|
|
255
|
+
validateEntity = entity.hasOwnProperty("throttleTime");
|
|
256
|
+
}
|
|
257
|
+
return validateKey && validateEntity;
|
|
258
|
+
}
|
|
259
|
+
/**
|
|
260
|
+
* Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
|
|
261
|
+
*/
|
|
262
|
+
function generateAppMetadataKey({ environment, clientId, }) {
|
|
263
|
+
const appMetaDataKeyArray = [
|
|
264
|
+
APP_METADATA,
|
|
265
|
+
environment,
|
|
266
|
+
clientId,
|
|
267
|
+
];
|
|
268
|
+
return appMetaDataKeyArray
|
|
269
|
+
.join(Separators.CACHE_KEY_SEPARATOR)
|
|
270
|
+
.toLowerCase();
|
|
271
|
+
}
|
|
272
|
+
/*
|
|
273
|
+
* Validates an entity: checks for all expected params
|
|
274
|
+
* @param entity
|
|
275
|
+
*/
|
|
276
|
+
function isAppMetadataEntity(key, entity) {
|
|
277
|
+
if (!entity) {
|
|
278
|
+
return false;
|
|
279
|
+
}
|
|
280
|
+
return (key.indexOf(APP_METADATA) === 0 &&
|
|
281
|
+
entity.hasOwnProperty("clientId") &&
|
|
282
|
+
entity.hasOwnProperty("environment"));
|
|
283
|
+
}
|
|
284
|
+
/**
|
|
285
|
+
* Validates an entity: checks for all expected params
|
|
286
|
+
* @param entity
|
|
287
|
+
*/
|
|
288
|
+
function isAuthorityMetadataEntity(key, entity) {
|
|
289
|
+
if (!entity) {
|
|
290
|
+
return false;
|
|
291
|
+
}
|
|
292
|
+
return (key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) === 0 &&
|
|
293
|
+
entity.hasOwnProperty("aliases") &&
|
|
294
|
+
entity.hasOwnProperty("preferred_cache") &&
|
|
295
|
+
entity.hasOwnProperty("preferred_network") &&
|
|
296
|
+
entity.hasOwnProperty("canonical_authority") &&
|
|
297
|
+
entity.hasOwnProperty("authorization_endpoint") &&
|
|
298
|
+
entity.hasOwnProperty("token_endpoint") &&
|
|
299
|
+
entity.hasOwnProperty("issuer") &&
|
|
300
|
+
entity.hasOwnProperty("aliasesFromNetwork") &&
|
|
301
|
+
entity.hasOwnProperty("endpointsFromNetwork") &&
|
|
302
|
+
entity.hasOwnProperty("expiresAt") &&
|
|
303
|
+
entity.hasOwnProperty("jwks_uri"));
|
|
304
|
+
}
|
|
305
|
+
/**
|
|
306
|
+
* Reset the exiresAt value
|
|
307
|
+
*/
|
|
308
|
+
function generateAuthorityMetadataExpiresAt() {
|
|
309
|
+
return (nowSeconds() +
|
|
310
|
+
AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS);
|
|
311
|
+
}
|
|
312
|
+
function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
313
|
+
authorityMetadata.authorization_endpoint =
|
|
314
|
+
updatedValues.authorization_endpoint;
|
|
315
|
+
authorityMetadata.token_endpoint = updatedValues.token_endpoint;
|
|
316
|
+
authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
|
|
317
|
+
authorityMetadata.issuer = updatedValues.issuer;
|
|
318
|
+
authorityMetadata.endpointsFromNetwork = fromNetwork;
|
|
319
|
+
authorityMetadata.jwks_uri = updatedValues.jwks_uri;
|
|
320
|
+
}
|
|
321
|
+
function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
|
|
322
|
+
authorityMetadata.aliases = updatedValues.aliases;
|
|
323
|
+
authorityMetadata.preferred_cache = updatedValues.preferred_cache;
|
|
324
|
+
authorityMetadata.preferred_network = updatedValues.preferred_network;
|
|
325
|
+
authorityMetadata.aliasesFromNetwork = fromNetwork;
|
|
326
|
+
}
|
|
327
|
+
/**
|
|
328
|
+
* Returns whether or not the data needs to be refreshed
|
|
329
|
+
*/
|
|
330
|
+
function isAuthorityMetadataExpired(metadata) {
|
|
331
|
+
return metadata.expiresAt <= nowSeconds();
|
|
332
332
|
}
|
|
333
333
|
|
|
334
334
|
export { createAccessTokenEntity, createIdTokenEntity, createRefreshTokenEntity, generateAppMetadataKey, generateAuthorityMetadataExpiresAt, generateCredentialKey, isAccessTokenEntity, isAppMetadataEntity, isAuthorityMetadataEntity, isAuthorityMetadataExpired, isCredentialEntity, isIdTokenEntity, isRefreshTokenEntity, isServerTelemetryEntity, isThrottlingEntity, updateAuthorityEndpointMetadata, updateCloudDiscoveryMetadata };
|