@azure/msal-common 14.14.0 → 14.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (185) hide show
  1. package/dist/account/AccountInfo.d.ts +66 -66
  2. package/dist/account/AccountInfo.mjs +77 -77
  3. package/dist/account/AuthToken.d.ts +17 -17
  4. package/dist/account/AuthToken.mjs +58 -58
  5. package/dist/account/CcsCredential.d.ts +9 -9
  6. package/dist/account/CcsCredential.mjs +8 -8
  7. package/dist/account/ClientCredentials.d.ts +19 -19
  8. package/dist/account/ClientInfo.d.ts +18 -18
  9. package/dist/account/ClientInfo.mjs +37 -37
  10. package/dist/account/TokenClaims.d.ts +83 -83
  11. package/dist/account/TokenClaims.mjs +20 -20
  12. package/dist/authority/Authority.d.ts +254 -254
  13. package/dist/authority/Authority.mjs +836 -836
  14. package/dist/authority/AuthorityFactory.d.ts +18 -18
  15. package/dist/authority/AuthorityFactory.mjs +28 -28
  16. package/dist/authority/AuthorityMetadata.d.ts +43 -43
  17. package/dist/authority/AuthorityMetadata.mjs +137 -137
  18. package/dist/authority/AuthorityOptions.d.ts +27 -27
  19. package/dist/authority/AuthorityOptions.mjs +18 -18
  20. package/dist/authority/AuthorityType.d.ts +10 -10
  21. package/dist/authority/AuthorityType.mjs +13 -13
  22. package/dist/authority/AzureRegion.d.ts +1 -1
  23. package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
  24. package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
  25. package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
  26. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
  27. package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
  28. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
  29. package/dist/authority/ImdsOptions.d.ts +5 -5
  30. package/dist/authority/OIDCOptions.d.ts +8 -8
  31. package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
  32. package/dist/authority/OpenIdConfigResponse.mjs +10 -10
  33. package/dist/authority/ProtocolMode.d.ts +8 -8
  34. package/dist/authority/ProtocolMode.mjs +11 -11
  35. package/dist/authority/RegionDiscovery.d.ts +32 -32
  36. package/dist/authority/RegionDiscovery.mjs +106 -106
  37. package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
  38. package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
  39. package/dist/cache/CacheManager.d.ts +497 -497
  40. package/dist/cache/CacheManager.mjs +1249 -1249
  41. package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
  42. package/dist/cache/entities/AccountEntity.d.ts +106 -106
  43. package/dist/cache/entities/AccountEntity.mjs +240 -240
  44. package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
  45. package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
  46. package/dist/cache/entities/CacheRecord.d.ts +13 -13
  47. package/dist/cache/entities/CredentialEntity.d.ts +30 -30
  48. package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
  49. package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
  50. package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -6
  51. package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
  52. package/dist/cache/interface/ICacheManager.d.ts +166 -166
  53. package/dist/cache/interface/ICachePlugin.d.ts +5 -5
  54. package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
  55. package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
  56. package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
  57. package/dist/cache/utils/CacheHelpers.d.ts +94 -94
  58. package/dist/cache/utils/CacheHelpers.mjs +324 -324
  59. package/dist/cache/utils/CacheTypes.d.ts +69 -69
  60. package/dist/client/AuthorizationCodeClient.d.ts +74 -74
  61. package/dist/client/AuthorizationCodeClient.mjs +420 -420
  62. package/dist/client/BaseClient.d.ts +51 -51
  63. package/dist/client/BaseClient.mjs +100 -100
  64. package/dist/client/RefreshTokenClient.d.ts +35 -35
  65. package/dist/client/RefreshTokenClient.mjs +211 -211
  66. package/dist/client/SilentFlowClient.d.ts +27 -27
  67. package/dist/client/SilentFlowClient.mjs +133 -133
  68. package/dist/config/AppTokenProvider.d.ts +38 -38
  69. package/dist/config/ClientConfiguration.d.ts +150 -150
  70. package/dist/config/ClientConfiguration.mjs +95 -95
  71. package/dist/constants/AADServerParamKeys.d.ts +53 -53
  72. package/dist/constants/AADServerParamKeys.mjs +57 -57
  73. package/dist/crypto/ICrypto.d.ts +68 -68
  74. package/dist/crypto/ICrypto.mjs +36 -36
  75. package/dist/crypto/IGuidGenerator.d.ts +4 -4
  76. package/dist/crypto/JoseHeader.d.ts +22 -22
  77. package/dist/crypto/JoseHeader.mjs +37 -37
  78. package/dist/crypto/PopTokenGenerator.d.ts +59 -59
  79. package/dist/crypto/PopTokenGenerator.mjs +81 -81
  80. package/dist/crypto/SignedHttpRequest.d.ts +15 -15
  81. package/dist/error/AuthError.d.ts +44 -44
  82. package/dist/error/AuthError.mjs +46 -46
  83. package/dist/error/AuthErrorCodes.d.ts +5 -5
  84. package/dist/error/AuthErrorCodes.mjs +9 -9
  85. package/dist/error/CacheError.d.ts +20 -20
  86. package/dist/error/CacheError.mjs +24 -24
  87. package/dist/error/CacheErrorCodes.d.ts +2 -2
  88. package/dist/error/CacheErrorCodes.mjs +6 -6
  89. package/dist/error/ClientAuthError.d.ts +237 -237
  90. package/dist/error/ClientAuthError.mjs +249 -249
  91. package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
  92. package/dist/error/ClientAuthErrorCodes.mjs +48 -48
  93. package/dist/error/ClientConfigurationError.d.ts +128 -128
  94. package/dist/error/ClientConfigurationError.mjs +135 -135
  95. package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
  96. package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
  97. package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
  98. package/dist/error/InteractionRequiredAuthError.mjs +85 -85
  99. package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
  100. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
  101. package/dist/error/JoseHeaderError.d.ts +15 -15
  102. package/dist/error/JoseHeaderError.mjs +22 -22
  103. package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
  104. package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
  105. package/dist/error/ServerError.d.ts +15 -15
  106. package/dist/error/ServerError.mjs +16 -16
  107. package/dist/index.cjs +8662 -8658
  108. package/dist/index.cjs.map +1 -1
  109. package/dist/index.d.ts +107 -107
  110. package/dist/index.mjs +1 -1
  111. package/dist/logger/Logger.d.ts +95 -95
  112. package/dist/logger/Logger.mjs +188 -188
  113. package/dist/network/INetworkModule.d.ts +29 -29
  114. package/dist/network/INetworkModule.mjs +12 -12
  115. package/dist/network/NetworkManager.d.ts +33 -33
  116. package/dist/network/NetworkManager.mjs +34 -34
  117. package/dist/network/RequestThumbprint.d.ts +18 -18
  118. package/dist/network/ThrottlingUtils.d.ts +42 -42
  119. package/dist/network/ThrottlingUtils.mjs +95 -95
  120. package/dist/packageMetadata.d.ts +2 -2
  121. package/dist/packageMetadata.mjs +4 -4
  122. package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
  123. package/dist/request/AuthenticationHeaderParser.mjs +55 -55
  124. package/dist/request/BaseAuthRequest.d.ts +47 -47
  125. package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
  126. package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
  127. package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
  128. package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
  129. package/dist/request/CommonEndSessionRequest.d.ts +21 -21
  130. package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
  131. package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
  132. package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
  133. package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
  134. package/dist/request/NativeRequest.d.ts +19 -19
  135. package/dist/request/NativeSignOutRequest.d.ts +5 -5
  136. package/dist/request/RequestParameterBuilder.d.ts +217 -217
  137. package/dist/request/RequestParameterBuilder.mjs +382 -382
  138. package/dist/request/RequestValidator.d.ts +27 -27
  139. package/dist/request/RequestValidator.mjs +64 -64
  140. package/dist/request/ScopeSet.d.ts +88 -88
  141. package/dist/request/ScopeSet.mjs +197 -197
  142. package/dist/request/StoreInCache.d.ts +8 -8
  143. package/dist/response/AuthenticationResult.d.ts +41 -41
  144. package/dist/response/AuthorizationCodePayload.d.ts +13 -13
  145. package/dist/response/DeviceCodeResponse.d.ts +25 -25
  146. package/dist/response/ExternalTokenResponse.d.ts +15 -15
  147. package/dist/response/IMDSBadResponse.d.ts +4 -4
  148. package/dist/response/ResponseHandler.d.ts +69 -69
  149. package/dist/response/ResponseHandler.mjs +374 -374
  150. package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
  151. package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
  152. package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
  153. package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
  154. package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
  155. package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
  156. package/dist/telemetry/performance/PerformanceEvent.d.ts +515 -505
  157. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  158. package/dist/telemetry/performance/PerformanceEvent.mjs +484 -480
  159. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  160. package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
  161. package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
  162. package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -78
  163. package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -260
  164. package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
  165. package/dist/url/IUri.d.ts +12 -12
  166. package/dist/url/UrlString.d.ts +48 -48
  167. package/dist/url/UrlString.mjs +161 -161
  168. package/dist/utils/ClientAssertionUtils.d.ts +2 -2
  169. package/dist/utils/ClientAssertionUtils.mjs +16 -16
  170. package/dist/utils/Constants.d.ts +309 -309
  171. package/dist/utils/Constants.mjs +322 -322
  172. package/dist/utils/FunctionWrappers.d.ts +27 -27
  173. package/dist/utils/FunctionWrappers.mjs +94 -94
  174. package/dist/utils/MsalTypes.d.ts +6 -6
  175. package/dist/utils/ProtocolUtils.d.ts +42 -42
  176. package/dist/utils/ProtocolUtils.mjs +69 -69
  177. package/dist/utils/StringUtils.d.ts +40 -40
  178. package/dist/utils/StringUtils.mjs +95 -95
  179. package/dist/utils/TimeUtils.d.ts +25 -25
  180. package/dist/utils/TimeUtils.mjs +43 -43
  181. package/dist/utils/UrlUtils.d.ts +10 -10
  182. package/dist/utils/UrlUtils.mjs +44 -44
  183. package/package.json +1 -1
  184. package/src/packageMetadata.ts +1 -1
  185. package/src/telemetry/performance/PerformanceEvent.ts +12 -0
@@ -1,67 +1,67 @@
1
- import { TokenClaims } from "./TokenClaims";
2
- /**
3
- * Account object with the following signature:
4
- * - homeAccountId - Home account identifier for this account object
5
- * - environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)
6
- * - tenantId - Full tenant or organizational id that this account belongs to
7
- * - username - preferred_username claim of the id_token that represents this account
8
- * - localAccountId - Local, tenant-specific account identifer for this account object, usually used in legacy cases
9
- * - name - Full name for the account, including given name and family name
10
- * - idToken - raw ID token
11
- * - idTokenClaims - Object contains claims from ID token
12
- * - nativeAccountId - The user's native account ID
13
- * - tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser
14
- */
15
- export type AccountInfo = {
16
- homeAccountId: string;
17
- environment: string;
18
- tenantId: string;
19
- username: string;
20
- localAccountId: string;
21
- name?: string;
22
- idToken?: string;
23
- idTokenClaims?: TokenClaims & {
24
- [key: string]: string | number | string[] | object | undefined | unknown;
25
- };
26
- nativeAccountId?: string;
27
- authorityType?: string;
28
- tenantProfiles?: Map<string, TenantProfile>;
29
- };
30
- /**
31
- * Account details that vary across tenants for the same user
32
- */
33
- export type TenantProfile = Pick<AccountInfo, "tenantId" | "localAccountId" | "name"> & {
34
- /**
35
- * - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
36
- */
37
- isHomeTenant?: boolean;
38
- };
39
- export type ActiveAccountFilters = {
40
- homeAccountId: string;
41
- localAccountId: string;
42
- tenantId?: string;
43
- };
44
- /**
45
- * Returns true if tenantId matches the utid portion of homeAccountId
46
- * @param tenantId
47
- * @param homeAccountId
48
- * @returns
49
- */
50
- export declare function tenantIdMatchesHomeTenant(tenantId?: string, homeAccountId?: string): boolean;
51
- /**
52
- * Build tenant profile
53
- * @param homeAccountId - Home account identifier for this account object
54
- * @param localAccountId - Local account identifer for this account object
55
- * @param tenantId - Full tenant or organizational id that this account belongs to
56
- * @param idTokenClaims - Claims from the ID token
57
- * @returns
58
- */
59
- export declare function buildTenantProfile(homeAccountId: string, localAccountId: string, tenantId: string, idTokenClaims?: TokenClaims): TenantProfile;
60
- /**
61
- * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
62
- * @param baseAccountInfo
63
- * @param idTokenClaims
64
- * @returns
65
- */
66
- export declare function updateAccountTenantProfileData(baseAccountInfo: AccountInfo, tenantProfile?: TenantProfile, idTokenClaims?: TokenClaims, idTokenSecret?: string): AccountInfo;
1
+ import { TokenClaims } from "./TokenClaims";
2
+ /**
3
+ * Account object with the following signature:
4
+ * - homeAccountId - Home account identifier for this account object
5
+ * - environment - Entity which issued the token represented by the domain of the issuer (e.g. login.microsoftonline.com)
6
+ * - tenantId - Full tenant or organizational id that this account belongs to
7
+ * - username - preferred_username claim of the id_token that represents this account
8
+ * - localAccountId - Local, tenant-specific account identifer for this account object, usually used in legacy cases
9
+ * - name - Full name for the account, including given name and family name
10
+ * - idToken - raw ID token
11
+ * - idTokenClaims - Object contains claims from ID token
12
+ * - nativeAccountId - The user's native account ID
13
+ * - tenantProfiles - Map of tenant profile objects for each tenant that the account has authenticated with in the browser
14
+ */
15
+ export type AccountInfo = {
16
+ homeAccountId: string;
17
+ environment: string;
18
+ tenantId: string;
19
+ username: string;
20
+ localAccountId: string;
21
+ name?: string;
22
+ idToken?: string;
23
+ idTokenClaims?: TokenClaims & {
24
+ [key: string]: string | number | string[] | object | undefined | unknown;
25
+ };
26
+ nativeAccountId?: string;
27
+ authorityType?: string;
28
+ tenantProfiles?: Map<string, TenantProfile>;
29
+ };
30
+ /**
31
+ * Account details that vary across tenants for the same user
32
+ */
33
+ export type TenantProfile = Pick<AccountInfo, "tenantId" | "localAccountId" | "name"> & {
34
+ /**
35
+ * - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
36
+ */
37
+ isHomeTenant?: boolean;
38
+ };
39
+ export type ActiveAccountFilters = {
40
+ homeAccountId: string;
41
+ localAccountId: string;
42
+ tenantId?: string;
43
+ };
44
+ /**
45
+ * Returns true if tenantId matches the utid portion of homeAccountId
46
+ * @param tenantId
47
+ * @param homeAccountId
48
+ * @returns
49
+ */
50
+ export declare function tenantIdMatchesHomeTenant(tenantId?: string, homeAccountId?: string): boolean;
51
+ /**
52
+ * Build tenant profile
53
+ * @param homeAccountId - Home account identifier for this account object
54
+ * @param localAccountId - Local account identifer for this account object
55
+ * @param tenantId - Full tenant or organizational id that this account belongs to
56
+ * @param idTokenClaims - Claims from the ID token
57
+ * @returns
58
+ */
59
+ export declare function buildTenantProfile(homeAccountId: string, localAccountId: string, tenantId: string, idTokenClaims?: TokenClaims): TenantProfile;
60
+ /**
61
+ * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
62
+ * @param baseAccountInfo
63
+ * @param idTokenClaims
64
+ * @returns
65
+ */
66
+ export declare function updateAccountTenantProfileData(baseAccountInfo: AccountInfo, tenantProfile?: TenantProfile, idTokenClaims?: TokenClaims, idTokenSecret?: string): AccountInfo;
67
67
  //# sourceMappingURL=AccountInfo.d.ts.map
@@ -1,81 +1,81 @@
1
- /*! @azure/msal-common v14.14.0 2024-07-23 */
1
+ /*! @azure/msal-common v14.14.1 2024-08-13 */
2
2
  'use strict';
3
- /*
4
- * Copyright (c) Microsoft Corporation. All rights reserved.
5
- * Licensed under the MIT License.
6
- */
7
- /**
8
- * Returns true if tenantId matches the utid portion of homeAccountId
9
- * @param tenantId
10
- * @param homeAccountId
11
- * @returns
12
- */
13
- function tenantIdMatchesHomeTenant(tenantId, homeAccountId) {
14
- return (!!tenantId &&
15
- !!homeAccountId &&
16
- tenantId === homeAccountId.split(".")[1]);
17
- }
18
- /**
19
- * Build tenant profile
20
- * @param homeAccountId - Home account identifier for this account object
21
- * @param localAccountId - Local account identifer for this account object
22
- * @param tenantId - Full tenant or organizational id that this account belongs to
23
- * @param idTokenClaims - Claims from the ID token
24
- * @returns
25
- */
26
- function buildTenantProfile(homeAccountId, localAccountId, tenantId, idTokenClaims) {
27
- if (idTokenClaims) {
28
- const { oid, sub, tid, name, tfp, acr } = idTokenClaims;
29
- /**
30
- * Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:
31
- * tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens.
32
- * tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios.
33
- * acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway.
34
- */
35
- const tenantId = tid || tfp || acr || "";
36
- return {
37
- tenantId: tenantId,
38
- localAccountId: oid || sub || "",
39
- name: name,
40
- isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
41
- };
42
- }
43
- else {
44
- return {
45
- tenantId,
46
- localAccountId,
47
- isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
48
- };
49
- }
50
- }
51
- /**
52
- * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
53
- * @param baseAccountInfo
54
- * @param idTokenClaims
55
- * @returns
56
- */
57
- function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenClaims, idTokenSecret) {
58
- let updatedAccountInfo = baseAccountInfo;
59
- // Tenant Profile overrides passed in account info
60
- if (tenantProfile) {
61
- // eslint-disable-next-line @typescript-eslint/no-unused-vars
62
- const { isHomeTenant, ...tenantProfileOverride } = tenantProfile;
63
- updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride };
64
- }
65
- // ID token claims override passed in account info and tenant profile
66
- if (idTokenClaims) {
67
- // Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info
68
- // eslint-disable-next-line @typescript-eslint/no-unused-vars
69
- const { isHomeTenant, ...claimsSourcedTenantProfile } = buildTenantProfile(baseAccountInfo.homeAccountId, baseAccountInfo.localAccountId, baseAccountInfo.tenantId, idTokenClaims);
70
- updatedAccountInfo = {
71
- ...updatedAccountInfo,
72
- ...claimsSourcedTenantProfile,
73
- idTokenClaims: idTokenClaims,
74
- idToken: idTokenSecret,
75
- };
76
- return updatedAccountInfo;
77
- }
78
- return updatedAccountInfo;
3
+ /*
4
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5
+ * Licensed under the MIT License.
6
+ */
7
+ /**
8
+ * Returns true if tenantId matches the utid portion of homeAccountId
9
+ * @param tenantId
10
+ * @param homeAccountId
11
+ * @returns
12
+ */
13
+ function tenantIdMatchesHomeTenant(tenantId, homeAccountId) {
14
+ return (!!tenantId &&
15
+ !!homeAccountId &&
16
+ tenantId === homeAccountId.split(".")[1]);
17
+ }
18
+ /**
19
+ * Build tenant profile
20
+ * @param homeAccountId - Home account identifier for this account object
21
+ * @param localAccountId - Local account identifer for this account object
22
+ * @param tenantId - Full tenant or organizational id that this account belongs to
23
+ * @param idTokenClaims - Claims from the ID token
24
+ * @returns
25
+ */
26
+ function buildTenantProfile(homeAccountId, localAccountId, tenantId, idTokenClaims) {
27
+ if (idTokenClaims) {
28
+ const { oid, sub, tid, name, tfp, acr } = idTokenClaims;
29
+ /**
30
+ * Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:
31
+ * tid - TenantID claim that identifies the tenant that issued the token in AAD. Expected in all AAD ID tokens, not present in B2C ID Tokens.
32
+ * tfp - Trust Framework Policy claim that identifies the policy that was used to authenticate the user. Functions as tenant for B2C scenarios.
33
+ * acr - Authentication Context Class Reference claim used only with older B2C policies. Fallback in case tfp is not present, but likely won't be present anyway.
34
+ */
35
+ const tenantId = tid || tfp || acr || "";
36
+ return {
37
+ tenantId: tenantId,
38
+ localAccountId: oid || sub || "",
39
+ name: name,
40
+ isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
41
+ };
42
+ }
43
+ else {
44
+ return {
45
+ tenantId,
46
+ localAccountId,
47
+ isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
48
+ };
49
+ }
50
+ }
51
+ /**
52
+ * Replaces account info that varies by tenant profile sourced from the ID token claims passed in with the tenant-specific account info
53
+ * @param baseAccountInfo
54
+ * @param idTokenClaims
55
+ * @returns
56
+ */
57
+ function updateAccountTenantProfileData(baseAccountInfo, tenantProfile, idTokenClaims, idTokenSecret) {
58
+ let updatedAccountInfo = baseAccountInfo;
59
+ // Tenant Profile overrides passed in account info
60
+ if (tenantProfile) {
61
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
62
+ const { isHomeTenant, ...tenantProfileOverride } = tenantProfile;
63
+ updatedAccountInfo = { ...baseAccountInfo, ...tenantProfileOverride };
64
+ }
65
+ // ID token claims override passed in account info and tenant profile
66
+ if (idTokenClaims) {
67
+ // Ignore isHomeTenant, loginHint, and sid which are part of tenant profile but not base account info
68
+ // eslint-disable-next-line @typescript-eslint/no-unused-vars
69
+ const { isHomeTenant, ...claimsSourcedTenantProfile } = buildTenantProfile(baseAccountInfo.homeAccountId, baseAccountInfo.localAccountId, baseAccountInfo.tenantId, idTokenClaims);
70
+ updatedAccountInfo = {
71
+ ...updatedAccountInfo,
72
+ ...claimsSourcedTenantProfile,
73
+ idTokenClaims: idTokenClaims,
74
+ idToken: idTokenSecret,
75
+ };
76
+ return updatedAccountInfo;
77
+ }
78
+ return updatedAccountInfo;
79
79
  }
80
80
 
81
81
  export { buildTenantProfile, tenantIdMatchesHomeTenant, updateAccountTenantProfileData };
@@ -1,18 +1,18 @@
1
- import { TokenClaims } from "./TokenClaims";
2
- /**
3
- * Extract token by decoding the rawToken
4
- *
5
- * @param encodedToken
6
- */
7
- export declare function extractTokenClaims(encodedToken: string, base64Decode: (input: string) => string): TokenClaims;
8
- /**
9
- * decode a JWT
10
- *
11
- * @param authToken
12
- */
13
- export declare function getJWSPayload(authToken: string): string;
14
- /**
15
- * Determine if the token's max_age has transpired
16
- */
17
- export declare function checkMaxAge(authTime: number, maxAge: number): void;
1
+ import { TokenClaims } from "./TokenClaims";
2
+ /**
3
+ * Extract token by decoding the rawToken
4
+ *
5
+ * @param encodedToken
6
+ */
7
+ export declare function extractTokenClaims(encodedToken: string, base64Decode: (input: string) => string): TokenClaims;
8
+ /**
9
+ * decode a JWT
10
+ *
11
+ * @param authToken
12
+ */
13
+ export declare function getJWSPayload(authToken: string): string;
14
+ /**
15
+ * Determine if the token's max_age has transpired
16
+ */
17
+ export declare function checkMaxAge(authTime: number, maxAge: number): void;
18
18
  //# sourceMappingURL=AuthToken.d.ts.map
@@ -1,65 +1,65 @@
1
- /*! @azure/msal-common v14.14.0 2024-07-23 */
1
+ /*! @azure/msal-common v14.14.1 2024-08-13 */
2
2
  'use strict';
3
3
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
4
4
  import { tokenParsingError, nullOrEmptyToken, maxAgeTranspired } from '../error/ClientAuthErrorCodes.mjs';
5
5
 
6
- /*
7
- * Copyright (c) Microsoft Corporation. All rights reserved.
8
- * Licensed under the MIT License.
9
- */
10
- /**
11
- * Extract token by decoding the rawToken
12
- *
13
- * @param encodedToken
14
- */
15
- function extractTokenClaims(encodedToken, base64Decode) {
16
- const jswPayload = getJWSPayload(encodedToken);
17
- // token will be decoded to get the username
18
- try {
19
- // base64Decode() should throw an error if there is an issue
20
- const base64Decoded = base64Decode(jswPayload);
21
- return JSON.parse(base64Decoded);
22
- }
23
- catch (err) {
24
- throw createClientAuthError(tokenParsingError);
25
- }
26
- }
27
- /**
28
- * decode a JWT
29
- *
30
- * @param authToken
31
- */
32
- function getJWSPayload(authToken) {
33
- if (!authToken) {
34
- throw createClientAuthError(nullOrEmptyToken);
35
- }
36
- const tokenPartsRegex = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/;
37
- const matches = tokenPartsRegex.exec(authToken);
38
- if (!matches || matches.length < 4) {
39
- throw createClientAuthError(tokenParsingError);
40
- }
41
- /**
42
- * const crackedToken = {
43
- * header: matches[1],
44
- * JWSPayload: matches[2],
45
- * JWSSig: matches[3],
46
- * };
47
- */
48
- return matches[2];
49
- }
50
- /**
51
- * Determine if the token's max_age has transpired
52
- */
53
- function checkMaxAge(authTime, maxAge) {
54
- /*
55
- * per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
56
- * To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,
57
- * provide a value of 0 for the max_age parameter and the AS will force a fresh login.
58
- */
59
- const fiveMinuteSkew = 300000; // five minutes in milliseconds
60
- if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) {
61
- throw createClientAuthError(maxAgeTranspired);
62
- }
6
+ /*
7
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8
+ * Licensed under the MIT License.
9
+ */
10
+ /**
11
+ * Extract token by decoding the rawToken
12
+ *
13
+ * @param encodedToken
14
+ */
15
+ function extractTokenClaims(encodedToken, base64Decode) {
16
+ const jswPayload = getJWSPayload(encodedToken);
17
+ // token will be decoded to get the username
18
+ try {
19
+ // base64Decode() should throw an error if there is an issue
20
+ const base64Decoded = base64Decode(jswPayload);
21
+ return JSON.parse(base64Decoded);
22
+ }
23
+ catch (err) {
24
+ throw createClientAuthError(tokenParsingError);
25
+ }
26
+ }
27
+ /**
28
+ * decode a JWT
29
+ *
30
+ * @param authToken
31
+ */
32
+ function getJWSPayload(authToken) {
33
+ if (!authToken) {
34
+ throw createClientAuthError(nullOrEmptyToken);
35
+ }
36
+ const tokenPartsRegex = /^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/;
37
+ const matches = tokenPartsRegex.exec(authToken);
38
+ if (!matches || matches.length < 4) {
39
+ throw createClientAuthError(tokenParsingError);
40
+ }
41
+ /**
42
+ * const crackedToken = {
43
+ * header: matches[1],
44
+ * JWSPayload: matches[2],
45
+ * JWSSig: matches[3],
46
+ * };
47
+ */
48
+ return matches[2];
49
+ }
50
+ /**
51
+ * Determine if the token's max_age has transpired
52
+ */
53
+ function checkMaxAge(authTime, maxAge) {
54
+ /*
55
+ * per https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
56
+ * To force an immediate re-authentication: If an app requires that a user re-authenticate prior to access,
57
+ * provide a value of 0 for the max_age parameter and the AS will force a fresh login.
58
+ */
59
+ const fiveMinuteSkew = 300000; // five minutes in milliseconds
60
+ if (maxAge === 0 || Date.now() - fiveMinuteSkew > authTime + maxAge) {
61
+ throw createClientAuthError(maxAgeTranspired);
62
+ }
63
63
  }
64
64
 
65
65
  export { checkMaxAge, extractTokenClaims, getJWSPayload };
@@ -1,10 +1,10 @@
1
- export type CcsCredential = {
2
- credential: string;
3
- type: CcsCredentialType;
4
- };
5
- export declare const CcsCredentialType: {
6
- readonly HOME_ACCOUNT_ID: "home_account_id";
7
- readonly UPN: "UPN";
8
- };
9
- export type CcsCredentialType = (typeof CcsCredentialType)[keyof typeof CcsCredentialType];
1
+ export type CcsCredential = {
2
+ credential: string;
3
+ type: CcsCredentialType;
4
+ };
5
+ export declare const CcsCredentialType: {
6
+ readonly HOME_ACCOUNT_ID: "home_account_id";
7
+ readonly UPN: "UPN";
8
+ };
9
+ export type CcsCredentialType = (typeof CcsCredentialType)[keyof typeof CcsCredentialType];
10
10
  //# sourceMappingURL=CcsCredential.d.ts.map
@@ -1,12 +1,12 @@
1
- /*! @azure/msal-common v14.14.0 2024-07-23 */
1
+ /*! @azure/msal-common v14.14.1 2024-08-13 */
2
2
  'use strict';
3
- /*
4
- * Copyright (c) Microsoft Corporation. All rights reserved.
5
- * Licensed under the MIT License.
6
- */
7
- const CcsCredentialType = {
8
- HOME_ACCOUNT_ID: "home_account_id",
9
- UPN: "UPN",
3
+ /*
4
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5
+ * Licensed under the MIT License.
6
+ */
7
+ const CcsCredentialType = {
8
+ HOME_ACCOUNT_ID: "home_account_id",
9
+ UPN: "UPN",
10
10
  };
11
11
 
12
12
  export { CcsCredentialType };
@@ -1,20 +1,20 @@
1
- export type ClientAssertionConfig = {
2
- clientId: string;
3
- tokenEndpoint?: string;
4
- };
5
- export type ClientAssertionCallback = (config: ClientAssertionConfig) => Promise<string>;
6
- /**
7
- * Client Assertion credential for Confidential Clients
8
- */
9
- export type ClientAssertion = {
10
- assertion: string | ClientAssertionCallback;
11
- assertionType: string;
12
- };
13
- /**
14
- * Client Credentials set for Confidential Clients
15
- */
16
- export type ClientCredentials = {
17
- clientSecret?: string;
18
- clientAssertion?: ClientAssertion;
19
- };
1
+ export type ClientAssertionConfig = {
2
+ clientId: string;
3
+ tokenEndpoint?: string;
4
+ };
5
+ export type ClientAssertionCallback = (config: ClientAssertionConfig) => Promise<string>;
6
+ /**
7
+ * Client Assertion credential for Confidential Clients
8
+ */
9
+ export type ClientAssertion = {
10
+ assertion: string | ClientAssertionCallback;
11
+ assertionType: string;
12
+ };
13
+ /**
14
+ * Client Credentials set for Confidential Clients
15
+ */
16
+ export type ClientCredentials = {
17
+ clientSecret?: string;
18
+ clientAssertion?: ClientAssertion;
19
+ };
20
20
  //# sourceMappingURL=ClientCredentials.d.ts.map
@@ -1,19 +1,19 @@
1
- /**
2
- * Client info object which consists of two IDs. Need to add more info here.
3
- */
4
- export type ClientInfo = {
5
- uid: string;
6
- utid: string;
7
- };
8
- /**
9
- * Function to build a client info object from server clientInfo string
10
- * @param rawClientInfo
11
- * @param crypto
12
- */
13
- export declare function buildClientInfo(rawClientInfo: string, base64Decode: (input: string) => string): ClientInfo;
14
- /**
15
- * Function to build a client info object from cached homeAccountId string
16
- * @param homeAccountId
17
- */
18
- export declare function buildClientInfoFromHomeAccountId(homeAccountId: string): ClientInfo;
1
+ /**
2
+ * Client info object which consists of two IDs. Need to add more info here.
3
+ */
4
+ export type ClientInfo = {
5
+ uid: string;
6
+ utid: string;
7
+ };
8
+ /**
9
+ * Function to build a client info object from server clientInfo string
10
+ * @param rawClientInfo
11
+ * @param crypto
12
+ */
13
+ export declare function buildClientInfo(rawClientInfo: string, base64Decode: (input: string) => string): ClientInfo;
14
+ /**
15
+ * Function to build a client info object from cached homeAccountId string
16
+ * @param homeAccountId
17
+ */
18
+ export declare function buildClientInfoFromHomeAccountId(homeAccountId: string): ClientInfo;
19
19
  //# sourceMappingURL=ClientInfo.d.ts.map
@@ -1,45 +1,45 @@
1
- /*! @azure/msal-common v14.14.0 2024-07-23 */
1
+ /*! @azure/msal-common v14.14.1 2024-08-13 */
2
2
  'use strict';
3
3
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
4
4
  import { Separators, Constants } from '../utils/Constants.mjs';
5
5
  import { clientInfoEmptyError, clientInfoDecodingError } from '../error/ClientAuthErrorCodes.mjs';
6
6
 
7
- /*
8
- * Copyright (c) Microsoft Corporation. All rights reserved.
9
- * Licensed under the MIT License.
10
- */
11
- /**
12
- * Function to build a client info object from server clientInfo string
13
- * @param rawClientInfo
14
- * @param crypto
15
- */
16
- function buildClientInfo(rawClientInfo, base64Decode) {
17
- if (!rawClientInfo) {
18
- throw createClientAuthError(clientInfoEmptyError);
19
- }
20
- try {
21
- const decodedClientInfo = base64Decode(rawClientInfo);
22
- return JSON.parse(decodedClientInfo);
23
- }
24
- catch (e) {
25
- throw createClientAuthError(clientInfoDecodingError);
26
- }
27
- }
28
- /**
29
- * Function to build a client info object from cached homeAccountId string
30
- * @param homeAccountId
31
- */
32
- function buildClientInfoFromHomeAccountId(homeAccountId) {
33
- if (!homeAccountId) {
34
- throw createClientAuthError(clientInfoDecodingError);
35
- }
36
- const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2);
37
- return {
38
- uid: clientInfoParts[0],
39
- utid: clientInfoParts.length < 2
40
- ? Constants.EMPTY_STRING
41
- : clientInfoParts[1],
42
- };
7
+ /*
8
+ * Copyright (c) Microsoft Corporation. All rights reserved.
9
+ * Licensed under the MIT License.
10
+ */
11
+ /**
12
+ * Function to build a client info object from server clientInfo string
13
+ * @param rawClientInfo
14
+ * @param crypto
15
+ */
16
+ function buildClientInfo(rawClientInfo, base64Decode) {
17
+ if (!rawClientInfo) {
18
+ throw createClientAuthError(clientInfoEmptyError);
19
+ }
20
+ try {
21
+ const decodedClientInfo = base64Decode(rawClientInfo);
22
+ return JSON.parse(decodedClientInfo);
23
+ }
24
+ catch (e) {
25
+ throw createClientAuthError(clientInfoDecodingError);
26
+ }
27
+ }
28
+ /**
29
+ * Function to build a client info object from cached homeAccountId string
30
+ * @param homeAccountId
31
+ */
32
+ function buildClientInfoFromHomeAccountId(homeAccountId) {
33
+ if (!homeAccountId) {
34
+ throw createClientAuthError(clientInfoDecodingError);
35
+ }
36
+ const clientInfoParts = homeAccountId.split(Separators.CLIENT_INFO_SEPARATOR, 2);
37
+ return {
38
+ uid: clientInfoParts[0],
39
+ utid: clientInfoParts.length < 2
40
+ ? Constants.EMPTY_STRING
41
+ : clientInfoParts[1],
42
+ };
43
43
  }
44
44
 
45
45
  export { buildClientInfo, buildClientInfoFromHomeAccountId };