@azure/msal-common 14.14.0 → 14.14.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +66 -66
- package/dist/account/AccountInfo.mjs +77 -77
- package/dist/account/AuthToken.d.ts +17 -17
- package/dist/account/AuthToken.mjs +58 -58
- package/dist/account/CcsCredential.d.ts +9 -9
- package/dist/account/CcsCredential.mjs +8 -8
- package/dist/account/ClientCredentials.d.ts +19 -19
- package/dist/account/ClientInfo.d.ts +18 -18
- package/dist/account/ClientInfo.mjs +37 -37
- package/dist/account/TokenClaims.d.ts +83 -83
- package/dist/account/TokenClaims.mjs +20 -20
- package/dist/authority/Authority.d.ts +254 -254
- package/dist/authority/Authority.mjs +836 -836
- package/dist/authority/AuthorityFactory.d.ts +18 -18
- package/dist/authority/AuthorityFactory.mjs +28 -28
- package/dist/authority/AuthorityMetadata.d.ts +43 -43
- package/dist/authority/AuthorityMetadata.mjs +137 -137
- package/dist/authority/AuthorityOptions.d.ts +27 -27
- package/dist/authority/AuthorityOptions.mjs +18 -18
- package/dist/authority/AuthorityType.d.ts +10 -10
- package/dist/authority/AuthorityType.mjs +13 -13
- package/dist/authority/AzureRegion.d.ts +1 -1
- package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
- package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
- package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
- package/dist/authority/ImdsOptions.d.ts +5 -5
- package/dist/authority/OIDCOptions.d.ts +8 -8
- package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
- package/dist/authority/OpenIdConfigResponse.mjs +10 -10
- package/dist/authority/ProtocolMode.d.ts +8 -8
- package/dist/authority/ProtocolMode.mjs +11 -11
- package/dist/authority/RegionDiscovery.d.ts +32 -32
- package/dist/authority/RegionDiscovery.mjs +106 -106
- package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
- package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
- package/dist/cache/CacheManager.d.ts +497 -497
- package/dist/cache/CacheManager.mjs +1249 -1249
- package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
- package/dist/cache/entities/AccountEntity.d.ts +106 -106
- package/dist/cache/entities/AccountEntity.mjs +240 -240
- package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
- package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
- package/dist/cache/entities/CacheRecord.d.ts +13 -13
- package/dist/cache/entities/CredentialEntity.d.ts +30 -30
- package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
- package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
- package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -6
- package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
- package/dist/cache/interface/ICacheManager.d.ts +166 -166
- package/dist/cache/interface/ICachePlugin.d.ts +5 -5
- package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
- package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
- package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
- package/dist/cache/utils/CacheHelpers.d.ts +94 -94
- package/dist/cache/utils/CacheHelpers.mjs +324 -324
- package/dist/cache/utils/CacheTypes.d.ts +69 -69
- package/dist/client/AuthorizationCodeClient.d.ts +74 -74
- package/dist/client/AuthorizationCodeClient.mjs +420 -420
- package/dist/client/BaseClient.d.ts +51 -51
- package/dist/client/BaseClient.mjs +100 -100
- package/dist/client/RefreshTokenClient.d.ts +35 -35
- package/dist/client/RefreshTokenClient.mjs +211 -211
- package/dist/client/SilentFlowClient.d.ts +27 -27
- package/dist/client/SilentFlowClient.mjs +133 -133
- package/dist/config/AppTokenProvider.d.ts +38 -38
- package/dist/config/ClientConfiguration.d.ts +150 -150
- package/dist/config/ClientConfiguration.mjs +95 -95
- package/dist/constants/AADServerParamKeys.d.ts +53 -53
- package/dist/constants/AADServerParamKeys.mjs +57 -57
- package/dist/crypto/ICrypto.d.ts +68 -68
- package/dist/crypto/ICrypto.mjs +36 -36
- package/dist/crypto/IGuidGenerator.d.ts +4 -4
- package/dist/crypto/JoseHeader.d.ts +22 -22
- package/dist/crypto/JoseHeader.mjs +37 -37
- package/dist/crypto/PopTokenGenerator.d.ts +59 -59
- package/dist/crypto/PopTokenGenerator.mjs +81 -81
- package/dist/crypto/SignedHttpRequest.d.ts +15 -15
- package/dist/error/AuthError.d.ts +44 -44
- package/dist/error/AuthError.mjs +46 -46
- package/dist/error/AuthErrorCodes.d.ts +5 -5
- package/dist/error/AuthErrorCodes.mjs +9 -9
- package/dist/error/CacheError.d.ts +20 -20
- package/dist/error/CacheError.mjs +24 -24
- package/dist/error/CacheErrorCodes.d.ts +2 -2
- package/dist/error/CacheErrorCodes.mjs +6 -6
- package/dist/error/ClientAuthError.d.ts +237 -237
- package/dist/error/ClientAuthError.mjs +249 -249
- package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
- package/dist/error/ClientAuthErrorCodes.mjs +48 -48
- package/dist/error/ClientConfigurationError.d.ts +128 -128
- package/dist/error/ClientConfigurationError.mjs +135 -135
- package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
- package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
- package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
- package/dist/error/InteractionRequiredAuthError.mjs +85 -85
- package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
- package/dist/error/JoseHeaderError.d.ts +15 -15
- package/dist/error/JoseHeaderError.mjs +22 -22
- package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
- package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
- package/dist/error/ServerError.d.ts +15 -15
- package/dist/error/ServerError.mjs +16 -16
- package/dist/index.cjs +8662 -8658
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +107 -107
- package/dist/index.mjs +1 -1
- package/dist/logger/Logger.d.ts +95 -95
- package/dist/logger/Logger.mjs +188 -188
- package/dist/network/INetworkModule.d.ts +29 -29
- package/dist/network/INetworkModule.mjs +12 -12
- package/dist/network/NetworkManager.d.ts +33 -33
- package/dist/network/NetworkManager.mjs +34 -34
- package/dist/network/RequestThumbprint.d.ts +18 -18
- package/dist/network/ThrottlingUtils.d.ts +42 -42
- package/dist/network/ThrottlingUtils.mjs +95 -95
- package/dist/packageMetadata.d.ts +2 -2
- package/dist/packageMetadata.mjs +4 -4
- package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
- package/dist/request/AuthenticationHeaderParser.mjs +55 -55
- package/dist/request/BaseAuthRequest.d.ts +47 -47
- package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
- package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
- package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
- package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
- package/dist/request/CommonEndSessionRequest.d.ts +21 -21
- package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
- package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
- package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
- package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
- package/dist/request/NativeRequest.d.ts +19 -19
- package/dist/request/NativeSignOutRequest.d.ts +5 -5
- package/dist/request/RequestParameterBuilder.d.ts +217 -217
- package/dist/request/RequestParameterBuilder.mjs +382 -382
- package/dist/request/RequestValidator.d.ts +27 -27
- package/dist/request/RequestValidator.mjs +64 -64
- package/dist/request/ScopeSet.d.ts +88 -88
- package/dist/request/ScopeSet.mjs +197 -197
- package/dist/request/StoreInCache.d.ts +8 -8
- package/dist/response/AuthenticationResult.d.ts +41 -41
- package/dist/response/AuthorizationCodePayload.d.ts +13 -13
- package/dist/response/DeviceCodeResponse.d.ts +25 -25
- package/dist/response/ExternalTokenResponse.d.ts +15 -15
- package/dist/response/IMDSBadResponse.d.ts +4 -4
- package/dist/response/ResponseHandler.d.ts +69 -69
- package/dist/response/ResponseHandler.mjs +374 -374
- package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
- package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
- package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
- package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
- package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
- package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
- package/dist/telemetry/performance/PerformanceEvent.d.ts +515 -505
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +484 -480
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
- package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
- package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -78
- package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -260
- package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
- package/dist/url/IUri.d.ts +12 -12
- package/dist/url/UrlString.d.ts +48 -48
- package/dist/url/UrlString.mjs +161 -161
- package/dist/utils/ClientAssertionUtils.d.ts +2 -2
- package/dist/utils/ClientAssertionUtils.mjs +16 -16
- package/dist/utils/Constants.d.ts +309 -309
- package/dist/utils/Constants.mjs +322 -322
- package/dist/utils/FunctionWrappers.d.ts +27 -27
- package/dist/utils/FunctionWrappers.mjs +94 -94
- package/dist/utils/MsalTypes.d.ts +6 -6
- package/dist/utils/ProtocolUtils.d.ts +42 -42
- package/dist/utils/ProtocolUtils.mjs +69 -69
- package/dist/utils/StringUtils.d.ts +40 -40
- package/dist/utils/StringUtils.mjs +95 -95
- package/dist/utils/TimeUtils.d.ts +25 -25
- package/dist/utils/TimeUtils.mjs +43 -43
- package/dist/utils/UrlUtils.d.ts +10 -10
- package/dist/utils/UrlUtils.mjs +44 -44
- package/package.json +1 -1
- package/src/packageMetadata.ts +1 -1
- package/src/telemetry/performance/PerformanceEvent.ts +12 -0
|
@@ -1,67 +1,67 @@
|
|
|
1
|
-
import { TokenClaims } from "./TokenClaims";
|
|
2
|
-
/**
|
|
3
|
-
* Account object with the following signature:
|
|
4
|
-
* - homeAccountId - Home account identifier for this account object
|
|
5
|
-
* - environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)
|
|
6
|
-
* - tenantId - Full tenant or organizational id that this account belongs to
|
|
7
|
-
* - username - preferred_username claim of the id_token that represents this account
|
|
8
|
-
* - localAccountId - Local, tenant-specific account identifer for this account object, usually used in legacy cases
|
|
9
|
-
* - name - Full name for the account, including given name and family name
|
|
10
|
-
* - idToken - raw ID token
|
|
11
|
-
* - idTokenClaims - Object contains claims from ID token
|
|
12
|
-
* - nativeAccountId - The user's native account ID
|
|
13
|
-
* - tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser
|
|
14
|
-
*/
|
|
15
|
-
export type AccountInfo = {
|
|
16
|
-
homeAccountId: string;
|
|
17
|
-
environment: string;
|
|
18
|
-
tenantId: string;
|
|
19
|
-
username: string;
|
|
20
|
-
localAccountId: string;
|
|
21
|
-
name?: string;
|
|
22
|
-
idToken?: string;
|
|
23
|
-
idTokenClaims?: TokenClaims & {
|
|
24
|
-
[key: string]: string | number | string[] | object | undefined | unknown;
|
|
25
|
-
};
|
|
26
|
-
nativeAccountId?: string;
|
|
27
|
-
authorityType?: string;
|
|
28
|
-
tenantProfiles?: Map<string, TenantProfile>;
|
|
29
|
-
};
|
|
30
|
-
/**
|
|
31
|
-
* Account details that vary across tenants for the same user
|
|
32
|
-
*/
|
|
33
|
-
export type TenantProfile = Pick<AccountInfo, "tenantId" | "localAccountId" | "name"> & {
|
|
34
|
-
/**
|
|
35
|
-
* - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
|
|
36
|
-
*/
|
|
37
|
-
isHomeTenant?: boolean;
|
|
38
|
-
};
|
|
39
|
-
export type ActiveAccountFilters = {
|
|
40
|
-
homeAccountId: string;
|
|
41
|
-
localAccountId: string;
|
|
42
|
-
tenantId?: string;
|
|
43
|
-
};
|
|
44
|
-
/**
|
|
45
|
-
* Returns true if tenantId matches the utid portion of homeAccountId
|
|
46
|
-
* @param tenantId
|
|
47
|
-
* @param homeAccountId
|
|
48
|
-
* @returns
|
|
49
|
-
*/
|
|
50
|
-
export declare function tenantIdMatchesHomeTenant(tenantId?: string, homeAccountId?: string): boolean;
|
|
51
|
-
/**
|
|
52
|
-
* Build tenant profile
|
|
53
|
-
* @param homeAccountId - Home account identifier for this account object
|
|
54
|
-
* @param localAccountId - Local account identifer for this account object
|
|
55
|
-
* @param tenantId - Full tenant or organizational id that this account belongs to
|
|
56
|
-
* @param idTokenClaims - Claims from the ID token
|
|
57
|
-
* @returns
|
|
58
|
-
*/
|
|
59
|
-
export declare function buildTenantProfile(homeAccountId: string, localAccountId: string, tenantId: string, idTokenClaims?: TokenClaims): TenantProfile;
|
|
60
|
-
/**
|
|
61
|
-
* Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
|
|
62
|
-
* @param baseAccountInfo
|
|
63
|
-
* @param idTokenClaims
|
|
64
|
-
* @returns
|
|
65
|
-
*/
|
|
66
|
-
export declare function updateAccountTenantProfileData(baseAccountInfo: AccountInfo, tenantProfile?: TenantProfile, idTokenClaims?: TokenClaims, idTokenSecret?: string): AccountInfo;
|
|
1
|
+
import { TokenClaims } from "./TokenClaims";
|
|
2
|
+
/**
|
|
3
|
+
* Account object with the following signature:
|
|
4
|
+
* - homeAccountId - Home account identifier for this account object
|
|
5
|
+
* - environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)
|
|
6
|
+
* - tenantId - Full tenant or organizational id that this account belongs to
|
|
7
|
+
* - username - preferred_username claim of the id_token that represents this account
|
|
8
|
+
* - localAccountId - Local, tenant-specific account identifer for this account object, usually used in legacy cases
|
|
9
|
+
* - name - Full name for the account, including given name and family name
|
|
10
|
+
* - idToken - raw ID token
|
|
11
|
+
* - idTokenClaims - Object contains claims from ID token
|
|
12
|
+
* - nativeAccountId - The user's native account ID
|
|
13
|
+
* - tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser
|
|
14
|
+
*/
|
|
15
|
+
export type AccountInfo = {
|
|
16
|
+
homeAccountId: string;
|
|
17
|
+
environment: string;
|
|
18
|
+
tenantId: string;
|
|
19
|
+
username: string;
|
|
20
|
+
localAccountId: string;
|
|
21
|
+
name?: string;
|
|
22
|
+
idToken?: string;
|
|
23
|
+
idTokenClaims?: TokenClaims & {
|
|
24
|
+
[key: string]: string | number | string[] | object | undefined | unknown;
|
|
25
|
+
};
|
|
26
|
+
nativeAccountId?: string;
|
|
27
|
+
authorityType?: string;
|
|
28
|
+
tenantProfiles?: Map<string, TenantProfile>;
|
|
29
|
+
};
|
|
30
|
+
/**
|
|
31
|
+
* Account details that vary across tenants for the same user
|
|
32
|
+
*/
|
|
33
|
+
export type TenantProfile = Pick<AccountInfo, "tenantId" | "localAccountId" | "name"> & {
|
|
34
|
+
/**
|
|
35
|
+
* - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
|
|
36
|
+
*/
|
|
37
|
+
isHomeTenant?: boolean;
|
|
38
|
+
};
|
|
39
|
+
export type ActiveAccountFilters = {
|
|
40
|
+
homeAccountId: string;
|
|
41
|
+
localAccountId: string;
|
|
42
|
+
tenantId?: string;
|
|
43
|
+
};
|
|
44
|
+
/**
|
|
45
|
+
* Returns true if tenantId matches the utid portion of homeAccountId
|
|
46
|
+
* @param tenantId
|
|
47
|
+
* @param homeAccountId
|
|
48
|
+
* @returns
|
|
49
|
+
*/
|
|
50
|
+
export declare function tenantIdMatchesHomeTenant(tenantId?: string, homeAccountId?: string): boolean;
|
|
51
|
+
/**
|
|
52
|
+
* Build tenant profile
|
|
53
|
+
* @param homeAccountId - Home account identifier for this account object
|
|
54
|
+
* @param localAccountId - Local account identifer for this account object
|
|
55
|
+
* @param tenantId - Full tenant or organizational id that this account belongs to
|
|
56
|
+
* @param idTokenClaims - Claims from the ID token
|
|
57
|
+
* @returns
|
|
58
|
+
*/
|
|
59
|
+
export declare function buildTenantProfile(homeAccountId: string, localAccountId: string, tenantId: string, idTokenClaims?: TokenClaims): TenantProfile;
|
|
60
|
+
/**
|
|
61
|
+
* Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
|
|
62
|
+
* @param baseAccountInfo
|
|
63
|
+
* @param idTokenClaims
|
|
64
|
+
* @returns
|
|
65
|
+
*/
|
|
66
|
+
export declare function updateAccountTenantProfileData(baseAccountInfo: AccountInfo, tenantProfile?: TenantProfile, idTokenClaims?: TokenClaims, idTokenSecret?: string): AccountInfo;
|
|
67
67
|
//# sourceMappingURL=AccountInfo.d.ts.map
|
|
@@ -1,81 +1,81 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.1 2024-08-13 */
|
|
2
2
|
'use strict';
|
|
3
|
-
/*
|
|
4
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5
|
-
* Licensed under the MIT License.
|
|
6
|
-
*/
|
|
7
|
-
/**
|
|
8
|
-
* Returns true if tenantId matches the utid portion of homeAccountId
|
|
9
|
-
* @param tenantId
|
|
10
|
-
* @param homeAccountId
|
|
11
|
-
* @returns
|
|
12
|
-
*/
|
|
13
|
-
function tenantIdMatchesHomeTenant(tenantId, homeAccountId) {
|
|
14
|
-
return (!!tenantId &&
|
|
15
|
-
!!homeAccountId &&
|
|
16
|
-
tenantId === homeAccountId.split(".")[1]);
|
|
17
|
-
}
|
|
18
|
-
/**
|
|
19
|
-
* Build tenant profile
|
|
20
|
-
* @param homeAccountId - Home account identifier for this account object
|
|
21
|
-
* @param localAccountId - Local account identifer for this account object
|
|
22
|
-
* @param tenantId - Full tenant or organizational id that this account belongs to
|
|
23
|
-
* @param idTokenClaims - Claims from the ID token
|
|
24
|
-
* @returns
|
|
25
|
-
*/
|
|
26
|
-
function buildTenantProfile(homeAccountId, localAccountId, tenantId, idTokenClaims) {
|
|
27
|
-
if (idTokenClaims) {
|
|
28
|
-
const { oid, sub, tid, name, tfp, acr } = idTokenClaims;
|
|
29
|
-
/**
|
|
30
|
-
* Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:
|
|
31
|
-
* tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens.
|
|
32
|
-
* tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios.
|
|
33
|
-
* acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway.
|
|
34
|
-
*/
|
|
35
|
-
const tenantId = tid || tfp || acr || "";
|
|
36
|
-
return {
|
|
37
|
-
tenantId: tenantId,
|
|
38
|
-
localAccountId: oid || sub || "",
|
|
39
|
-
name: name,
|
|
40
|
-
isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
|
|
41
|
-
};
|
|
42
|
-
}
|
|
43
|
-
else {
|
|
44
|
-
return {
|
|
45
|
-
tenantId,
|
|
46
|
-
localAccountId,
|
|
47
|
-
isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
|
|
48
|
-
};
|
|
49
|
-
}
|
|
50
|
-
}
|
|
51
|
-
/**
|
|
52
|
-
* Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
|
|
53
|
-
* @param baseAccountInfo
|
|
54
|
-
* @param idTokenClaims
|
|
55
|
-
* @returns
|
|
56
|
-
*/
|
|
57
|
-
function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenClaims, idTokenSecret) {
|
|
58
|
-
let updatedAccountInfo = baseAccountInfo;
|
|
59
|
-
// Tenant Profile overrides passed in account info
|
|
60
|
-
if (tenantProfile) {
|
|
61
|
-
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
62
|
-
const { isHomeTenant, ...tenantProfileOverride } = tenantProfile;
|
|
63
|
-
updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride };
|
|
64
|
-
}
|
|
65
|
-
// ID token claims override passed in account info and tenant profile
|
|
66
|
-
if (idTokenClaims) {
|
|
67
|
-
// Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info
|
|
68
|
-
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
69
|
-
const { isHomeTenant, ...claimsSourcedTenantProfile } = buildTenantProfile(baseAccountInfo.homeAccountId, baseAccountInfo.localAccountId, baseAccountInfo.tenantId, idTokenClaims);
|
|
70
|
-
updatedAccountInfo = {
|
|
71
|
-
...updatedAccountInfo,
|
|
72
|
-
...claimsSourcedTenantProfile,
|
|
73
|
-
idTokenClaims: idTokenClaims,
|
|
74
|
-
idToken: idTokenSecret,
|
|
75
|
-
};
|
|
76
|
-
return updatedAccountInfo;
|
|
77
|
-
}
|
|
78
|
-
return updatedAccountInfo;
|
|
3
|
+
/*
|
|
4
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5
|
+
* Licensed under the MIT License.
|
|
6
|
+
*/
|
|
7
|
+
/**
|
|
8
|
+
* Returns true if tenantId matches the utid portion of homeAccountId
|
|
9
|
+
* @param tenantId
|
|
10
|
+
* @param homeAccountId
|
|
11
|
+
* @returns
|
|
12
|
+
*/
|
|
13
|
+
function tenantIdMatchesHomeTenant(tenantId, homeAccountId) {
|
|
14
|
+
return (!!tenantId &&
|
|
15
|
+
!!homeAccountId &&
|
|
16
|
+
tenantId === homeAccountId.split(".")[1]);
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Build tenant profile
|
|
20
|
+
* @param homeAccountId - Home account identifier for this account object
|
|
21
|
+
* @param localAccountId - Local account identifer for this account object
|
|
22
|
+
* @param tenantId - Full tenant or organizational id that this account belongs to
|
|
23
|
+
* @param idTokenClaims - Claims from the ID token
|
|
24
|
+
* @returns
|
|
25
|
+
*/
|
|
26
|
+
function buildTenantProfile(homeAccountId, localAccountId, tenantId, idTokenClaims) {
|
|
27
|
+
if (idTokenClaims) {
|
|
28
|
+
const { oid, sub, tid, name, tfp, acr } = idTokenClaims;
|
|
29
|
+
/**
|
|
30
|
+
* Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:
|
|
31
|
+
* tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens.
|
|
32
|
+
* tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios.
|
|
33
|
+
* acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway.
|
|
34
|
+
*/
|
|
35
|
+
const tenantId = tid || tfp || acr || "";
|
|
36
|
+
return {
|
|
37
|
+
tenantId: tenantId,
|
|
38
|
+
localAccountId: oid || sub || "",
|
|
39
|
+
name: name,
|
|
40
|
+
isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
else {
|
|
44
|
+
return {
|
|
45
|
+
tenantId,
|
|
46
|
+
localAccountId,
|
|
47
|
+
isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
/**
|
|
52
|
+
* Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
|
|
53
|
+
* @param baseAccountInfo
|
|
54
|
+
* @param idTokenClaims
|
|
55
|
+
* @returns
|
|
56
|
+
*/
|
|
57
|
+
function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenClaims, idTokenSecret) {
|
|
58
|
+
let updatedAccountInfo = baseAccountInfo;
|
|
59
|
+
// Tenant Profile overrides passed in account info
|
|
60
|
+
if (tenantProfile) {
|
|
61
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
62
|
+
const { isHomeTenant, ...tenantProfileOverride } = tenantProfile;
|
|
63
|
+
updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride };
|
|
64
|
+
}
|
|
65
|
+
// ID token claims override passed in account info and tenant profile
|
|
66
|
+
if (idTokenClaims) {
|
|
67
|
+
// Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info
|
|
68
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
69
|
+
const { isHomeTenant, ...claimsSourcedTenantProfile } = buildTenantProfile(baseAccountInfo.homeAccountId, baseAccountInfo.localAccountId, baseAccountInfo.tenantId, idTokenClaims);
|
|
70
|
+
updatedAccountInfo = {
|
|
71
|
+
...updatedAccountInfo,
|
|
72
|
+
...claimsSourcedTenantProfile,
|
|
73
|
+
idTokenClaims: idTokenClaims,
|
|
74
|
+
idToken: idTokenSecret,
|
|
75
|
+
};
|
|
76
|
+
return updatedAccountInfo;
|
|
77
|
+
}
|
|
78
|
+
return updatedAccountInfo;
|
|
79
79
|
}
|
|
80
80
|
|
|
81
81
|
export { buildTenantProfile, tenantIdMatchesHomeTenant, updateAccountTenantProfileData };
|
|
@@ -1,18 +1,18 @@
|
|
|
1
|
-
import { TokenClaims } from "./TokenClaims";
|
|
2
|
-
/**
|
|
3
|
-
* Extract token by decoding the rawToken
|
|
4
|
-
*
|
|
5
|
-
* @param encodedToken
|
|
6
|
-
*/
|
|
7
|
-
export declare function extractTokenClaims(encodedToken: string, base64Decode: (input: string) => string): TokenClaims;
|
|
8
|
-
/**
|
|
9
|
-
* decode a JWT
|
|
10
|
-
*
|
|
11
|
-
* @param authToken
|
|
12
|
-
*/
|
|
13
|
-
export declare function getJWSPayload(authToken: string): string;
|
|
14
|
-
/**
|
|
15
|
-
* Determine if the token's max_age has transpired
|
|
16
|
-
*/
|
|
17
|
-
export declare function checkMaxAge(authTime: number, maxAge: number): void;
|
|
1
|
+
import { TokenClaims } from "./TokenClaims";
|
|
2
|
+
/**
|
|
3
|
+
* Extract token by decoding the rawToken
|
|
4
|
+
*
|
|
5
|
+
* @param encodedToken
|
|
6
|
+
*/
|
|
7
|
+
export declare function extractTokenClaims(encodedToken: string, base64Decode: (input: string) => string): TokenClaims;
|
|
8
|
+
/**
|
|
9
|
+
* decode a JWT
|
|
10
|
+
*
|
|
11
|
+
* @param authToken
|
|
12
|
+
*/
|
|
13
|
+
export declare function getJWSPayload(authToken: string): string;
|
|
14
|
+
/**
|
|
15
|
+
* Determine if the token's max_age has transpired
|
|
16
|
+
*/
|
|
17
|
+
export declare function checkMaxAge(authTime: number, maxAge: number): void;
|
|
18
18
|
//# sourceMappingURL=AuthToken.d.ts.map
|
|
@@ -1,65 +1,65 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.1 2024-08-13 */
|
|
2
2
|
'use strict';
|
|
3
3
|
import { createClientAuthError } from '../error/ClientAuthError.mjs';
|
|
4
4
|
import { tokenParsingError, nullOrEmptyToken, maxAgeTranspired } from '../error/ClientAuthErrorCodes.mjs';
|
|
5
5
|
|
|
6
|
-
/*
|
|
7
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
|
-
* Licensed under the MIT License.
|
|
9
|
-
*/
|
|
10
|
-
/**
|
|
11
|
-
* Extract token by decoding the rawToken
|
|
12
|
-
*
|
|
13
|
-
* @param encodedToken
|
|
14
|
-
*/
|
|
15
|
-
function extractTokenClaims(encodedToken, base64Decode) {
|
|
16
|
-
const jswPayload = getJWSPayload(encodedToken);
|
|
17
|
-
// token will be decoded to get the username
|
|
18
|
-
try {
|
|
19
|
-
// base64Decode() should throw an error if there is an issue
|
|
20
|
-
const base64Decoded = base64Decode(jswPayload);
|
|
21
|
-
return JSON.parse(base64Decoded);
|
|
22
|
-
}
|
|
23
|
-
catch (err) {
|
|
24
|
-
throw createClientAuthError(tokenParsingError);
|
|
25
|
-
}
|
|
26
|
-
}
|
|
27
|
-
/**
|
|
28
|
-
* decode a JWT
|
|
29
|
-
*
|
|
30
|
-
* @param authToken
|
|
31
|
-
*/
|
|
32
|
-
function getJWSPayload(authToken) {
|
|
33
|
-
if (!authToken) {
|
|
34
|
-
throw createClientAuthError(nullOrEmptyToken);
|
|
35
|
-
}
|
|
36
|
-
const tokenPartsRegex = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/;
|
|
37
|
-
const matches = tokenPartsRegex.exec(authToken);
|
|
38
|
-
if (!matches || matches.length < 4) {
|
|
39
|
-
throw createClientAuthError(tokenParsingError);
|
|
40
|
-
}
|
|
41
|
-
/**
|
|
42
|
-
* const crackedToken = {
|
|
43
|
-
* header: matches[1],
|
|
44
|
-
* JWSPayload: matches[2],
|
|
45
|
-
* JWSSig: matches[3],
|
|
46
|
-
* };
|
|
47
|
-
*/
|
|
48
|
-
return matches[2];
|
|
49
|
-
}
|
|
50
|
-
/**
|
|
51
|
-
* Determine if the token's max_age has transpired
|
|
52
|
-
*/
|
|
53
|
-
function checkMaxAge(authTime, maxAge) {
|
|
54
|
-
/*
|
|
55
|
-
* per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
|
56
|
-
* To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,
|
|
57
|
-
* provide a value of 0 for the max_age parameter and the AS will force a fresh login.
|
|
58
|
-
*/
|
|
59
|
-
const fiveMinuteSkew = 300000; // five minutes in milliseconds
|
|
60
|
-
if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) {
|
|
61
|
-
throw createClientAuthError(maxAgeTranspired);
|
|
62
|
-
}
|
|
6
|
+
/*
|
|
7
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
|
+
* Licensed under the MIT License.
|
|
9
|
+
*/
|
|
10
|
+
/**
|
|
11
|
+
* Extract token by decoding the rawToken
|
|
12
|
+
*
|
|
13
|
+
* @param encodedToken
|
|
14
|
+
*/
|
|
15
|
+
function extractTokenClaims(encodedToken, base64Decode) {
|
|
16
|
+
const jswPayload = getJWSPayload(encodedToken);
|
|
17
|
+
// token will be decoded to get the username
|
|
18
|
+
try {
|
|
19
|
+
// base64Decode() should throw an error if there is an issue
|
|
20
|
+
const base64Decoded = base64Decode(jswPayload);
|
|
21
|
+
return JSON.parse(base64Decoded);
|
|
22
|
+
}
|
|
23
|
+
catch (err) {
|
|
24
|
+
throw createClientAuthError(tokenParsingError);
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* decode a JWT
|
|
29
|
+
*
|
|
30
|
+
* @param authToken
|
|
31
|
+
*/
|
|
32
|
+
function getJWSPayload(authToken) {
|
|
33
|
+
if (!authToken) {
|
|
34
|
+
throw createClientAuthError(nullOrEmptyToken);
|
|
35
|
+
}
|
|
36
|
+
const tokenPartsRegex = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/;
|
|
37
|
+
const matches = tokenPartsRegex.exec(authToken);
|
|
38
|
+
if (!matches || matches.length < 4) {
|
|
39
|
+
throw createClientAuthError(tokenParsingError);
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* const crackedToken = {
|
|
43
|
+
* header: matches[1],
|
|
44
|
+
* JWSPayload: matches[2],
|
|
45
|
+
* JWSSig: matches[3],
|
|
46
|
+
* };
|
|
47
|
+
*/
|
|
48
|
+
return matches[2];
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Determine if the token's max_age has transpired
|
|
52
|
+
*/
|
|
53
|
+
function checkMaxAge(authTime, maxAge) {
|
|
54
|
+
/*
|
|
55
|
+
* per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
|
56
|
+
* To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,
|
|
57
|
+
* provide a value of 0 for the max_age parameter and the AS will force a fresh login.
|
|
58
|
+
*/
|
|
59
|
+
const fiveMinuteSkew = 300000; // five minutes in milliseconds
|
|
60
|
+
if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) {
|
|
61
|
+
throw createClientAuthError(maxAgeTranspired);
|
|
62
|
+
}
|
|
63
63
|
}
|
|
64
64
|
|
|
65
65
|
export { checkMaxAge, extractTokenClaims, getJWSPayload };
|
|
@@ -1,10 +1,10 @@
|
|
|
1
|
-
export type CcsCredential = {
|
|
2
|
-
credential: string;
|
|
3
|
-
type: CcsCredentialType;
|
|
4
|
-
};
|
|
5
|
-
export declare const CcsCredentialType: {
|
|
6
|
-
readonly HOME_ACCOUNT_ID: "home_account_id";
|
|
7
|
-
readonly UPN: "UPN";
|
|
8
|
-
};
|
|
9
|
-
export type CcsCredentialType = (typeof CcsCredentialType)[keyof typeof CcsCredentialType];
|
|
1
|
+
export type CcsCredential = {
|
|
2
|
+
credential: string;
|
|
3
|
+
type: CcsCredentialType;
|
|
4
|
+
};
|
|
5
|
+
export declare const CcsCredentialType: {
|
|
6
|
+
readonly HOME_ACCOUNT_ID: "home_account_id";
|
|
7
|
+
readonly UPN: "UPN";
|
|
8
|
+
};
|
|
9
|
+
export type CcsCredentialType = (typeof CcsCredentialType)[keyof typeof CcsCredentialType];
|
|
10
10
|
//# sourceMappingURL=CcsCredential.d.ts.map
|
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.1 2024-08-13 */
|
|
2
2
|
'use strict';
|
|
3
|
-
/*
|
|
4
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5
|
-
* Licensed under the MIT License.
|
|
6
|
-
*/
|
|
7
|
-
const CcsCredentialType = {
|
|
8
|
-
HOME_ACCOUNT_ID: "home_account_id",
|
|
9
|
-
UPN: "UPN",
|
|
3
|
+
/*
|
|
4
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5
|
+
* Licensed under the MIT License.
|
|
6
|
+
*/
|
|
7
|
+
const CcsCredentialType = {
|
|
8
|
+
HOME_ACCOUNT_ID: "home_account_id",
|
|
9
|
+
UPN: "UPN",
|
|
10
10
|
};
|
|
11
11
|
|
|
12
12
|
export { CcsCredentialType };
|
|
@@ -1,20 +1,20 @@
|
|
|
1
|
-
export type ClientAssertionConfig = {
|
|
2
|
-
clientId: string;
|
|
3
|
-
tokenEndpoint?: string;
|
|
4
|
-
};
|
|
5
|
-
export type ClientAssertionCallback = (config: ClientAssertionConfig) => Promise<string>;
|
|
6
|
-
/**
|
|
7
|
-
* Client Assertion credential for Confidential Clients
|
|
8
|
-
*/
|
|
9
|
-
export type ClientAssertion = {
|
|
10
|
-
assertion: string | ClientAssertionCallback;
|
|
11
|
-
assertionType: string;
|
|
12
|
-
};
|
|
13
|
-
/**
|
|
14
|
-
* Client Credentials set for Confidential Clients
|
|
15
|
-
*/
|
|
16
|
-
export type ClientCredentials = {
|
|
17
|
-
clientSecret?: string;
|
|
18
|
-
clientAssertion?: ClientAssertion;
|
|
19
|
-
};
|
|
1
|
+
export type ClientAssertionConfig = {
|
|
2
|
+
clientId: string;
|
|
3
|
+
tokenEndpoint?: string;
|
|
4
|
+
};
|
|
5
|
+
export type ClientAssertionCallback = (config: ClientAssertionConfig) => Promise<string>;
|
|
6
|
+
/**
|
|
7
|
+
* Client Assertion credential for Confidential Clients
|
|
8
|
+
*/
|
|
9
|
+
export type ClientAssertion = {
|
|
10
|
+
assertion: string | ClientAssertionCallback;
|
|
11
|
+
assertionType: string;
|
|
12
|
+
};
|
|
13
|
+
/**
|
|
14
|
+
* Client Credentials set for Confidential Clients
|
|
15
|
+
*/
|
|
16
|
+
export type ClientCredentials = {
|
|
17
|
+
clientSecret?: string;
|
|
18
|
+
clientAssertion?: ClientAssertion;
|
|
19
|
+
};
|
|
20
20
|
//# sourceMappingURL=ClientCredentials.d.ts.map
|
|
@@ -1,19 +1,19 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Client info object which consists of two IDs. Need to add more info here.
|
|
3
|
-
*/
|
|
4
|
-
export type ClientInfo = {
|
|
5
|
-
uid: string;
|
|
6
|
-
utid: string;
|
|
7
|
-
};
|
|
8
|
-
/**
|
|
9
|
-
* Function to build a client info object from server clientInfo string
|
|
10
|
-
* @param rawClientInfo
|
|
11
|
-
* @param crypto
|
|
12
|
-
*/
|
|
13
|
-
export declare function buildClientInfo(rawClientInfo: string, base64Decode: (input: string) => string): ClientInfo;
|
|
14
|
-
/**
|
|
15
|
-
* Function to build a client info object from cached homeAccountId string
|
|
16
|
-
* @param homeAccountId
|
|
17
|
-
*/
|
|
18
|
-
export declare function buildClientInfoFromHomeAccountId(homeAccountId: string): ClientInfo;
|
|
1
|
+
/**
|
|
2
|
+
* Client info object which consists of two IDs. Need to add more info here.
|
|
3
|
+
*/
|
|
4
|
+
export type ClientInfo = {
|
|
5
|
+
uid: string;
|
|
6
|
+
utid: string;
|
|
7
|
+
};
|
|
8
|
+
/**
|
|
9
|
+
* Function to build a client info object from server clientInfo string
|
|
10
|
+
* @param rawClientInfo
|
|
11
|
+
* @param crypto
|
|
12
|
+
*/
|
|
13
|
+
export declare function buildClientInfo(rawClientInfo: string, base64Decode: (input: string) => string): ClientInfo;
|
|
14
|
+
/**
|
|
15
|
+
* Function to build a client info object from cached homeAccountId string
|
|
16
|
+
* @param homeAccountId
|
|
17
|
+
*/
|
|
18
|
+
export declare function buildClientInfoFromHomeAccountId(homeAccountId: string): ClientInfo;
|
|
19
19
|
//# sourceMappingURL=ClientInfo.d.ts.map
|
|
@@ -1,45 +1,45 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.1 2024-08-13 */
|
|
2
2
|
'use strict';
|
|
3
3
|
import { createClientAuthError } from '../error/ClientAuthError.mjs';
|
|
4
4
|
import { Separators, Constants } from '../utils/Constants.mjs';
|
|
5
5
|
import { clientInfoEmptyError, clientInfoDecodingError } from '../error/ClientAuthErrorCodes.mjs';
|
|
6
6
|
|
|
7
|
-
/*
|
|
8
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9
|
-
* Licensed under the MIT License.
|
|
10
|
-
*/
|
|
11
|
-
/**
|
|
12
|
-
* Function to build a client info object from server clientInfo string
|
|
13
|
-
* @param rawClientInfo
|
|
14
|
-
* @param crypto
|
|
15
|
-
*/
|
|
16
|
-
function buildClientInfo(rawClientInfo, base64Decode) {
|
|
17
|
-
if (!rawClientInfo) {
|
|
18
|
-
throw createClientAuthError(clientInfoEmptyError);
|
|
19
|
-
}
|
|
20
|
-
try {
|
|
21
|
-
const decodedClientInfo = base64Decode(rawClientInfo);
|
|
22
|
-
return JSON.parse(decodedClientInfo);
|
|
23
|
-
}
|
|
24
|
-
catch (e) {
|
|
25
|
-
throw createClientAuthError(clientInfoDecodingError);
|
|
26
|
-
}
|
|
27
|
-
}
|
|
28
|
-
/**
|
|
29
|
-
* Function to build a client info object from cached homeAccountId string
|
|
30
|
-
* @param homeAccountId
|
|
31
|
-
*/
|
|
32
|
-
function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
33
|
-
if (!homeAccountId) {
|
|
34
|
-
throw createClientAuthError(clientInfoDecodingError);
|
|
35
|
-
}
|
|
36
|
-
const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2);
|
|
37
|
-
return {
|
|
38
|
-
uid: clientInfoParts[0],
|
|
39
|
-
utid: clientInfoParts.length < 2
|
|
40
|
-
? Constants.EMPTY_STRING
|
|
41
|
-
: clientInfoParts[1],
|
|
42
|
-
};
|
|
7
|
+
/*
|
|
8
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9
|
+
* Licensed under the MIT License.
|
|
10
|
+
*/
|
|
11
|
+
/**
|
|
12
|
+
* Function to build a client info object from server clientInfo string
|
|
13
|
+
* @param rawClientInfo
|
|
14
|
+
* @param crypto
|
|
15
|
+
*/
|
|
16
|
+
function buildClientInfo(rawClientInfo, base64Decode) {
|
|
17
|
+
if (!rawClientInfo) {
|
|
18
|
+
throw createClientAuthError(clientInfoEmptyError);
|
|
19
|
+
}
|
|
20
|
+
try {
|
|
21
|
+
const decodedClientInfo = base64Decode(rawClientInfo);
|
|
22
|
+
return JSON.parse(decodedClientInfo);
|
|
23
|
+
}
|
|
24
|
+
catch (e) {
|
|
25
|
+
throw createClientAuthError(clientInfoDecodingError);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Function to build a client info object from cached homeAccountId string
|
|
30
|
+
* @param homeAccountId
|
|
31
|
+
*/
|
|
32
|
+
function buildClientInfoFromHomeAccountId(homeAccountId) {
|
|
33
|
+
if (!homeAccountId) {
|
|
34
|
+
throw createClientAuthError(clientInfoDecodingError);
|
|
35
|
+
}
|
|
36
|
+
const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2);
|
|
37
|
+
return {
|
|
38
|
+
uid: clientInfoParts[0],
|
|
39
|
+
utid: clientInfoParts.length < 2
|
|
40
|
+
? Constants.EMPTY_STRING
|
|
41
|
+
: clientInfoParts[1],
|
|
42
|
+
};
|
|
43
43
|
}
|
|
44
44
|
|
|
45
45
|
export { buildClientInfo, buildClientInfoFromHomeAccountId };
|