@azure/msal-common 14.14.0 → 14.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (185) hide show
  1. package/dist/account/AccountInfo.d.ts +66 -66
  2. package/dist/account/AccountInfo.mjs +77 -77
  3. package/dist/account/AuthToken.d.ts +17 -17
  4. package/dist/account/AuthToken.mjs +58 -58
  5. package/dist/account/CcsCredential.d.ts +9 -9
  6. package/dist/account/CcsCredential.mjs +8 -8
  7. package/dist/account/ClientCredentials.d.ts +19 -19
  8. package/dist/account/ClientInfo.d.ts +18 -18
  9. package/dist/account/ClientInfo.mjs +37 -37
  10. package/dist/account/TokenClaims.d.ts +83 -83
  11. package/dist/account/TokenClaims.mjs +20 -20
  12. package/dist/authority/Authority.d.ts +254 -254
  13. package/dist/authority/Authority.mjs +836 -836
  14. package/dist/authority/AuthorityFactory.d.ts +18 -18
  15. package/dist/authority/AuthorityFactory.mjs +28 -28
  16. package/dist/authority/AuthorityMetadata.d.ts +43 -43
  17. package/dist/authority/AuthorityMetadata.mjs +137 -137
  18. package/dist/authority/AuthorityOptions.d.ts +27 -27
  19. package/dist/authority/AuthorityOptions.mjs +18 -18
  20. package/dist/authority/AuthorityType.d.ts +10 -10
  21. package/dist/authority/AuthorityType.mjs +13 -13
  22. package/dist/authority/AzureRegion.d.ts +1 -1
  23. package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
  24. package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
  25. package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
  26. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
  27. package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
  28. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
  29. package/dist/authority/ImdsOptions.d.ts +5 -5
  30. package/dist/authority/OIDCOptions.d.ts +8 -8
  31. package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
  32. package/dist/authority/OpenIdConfigResponse.mjs +10 -10
  33. package/dist/authority/ProtocolMode.d.ts +8 -8
  34. package/dist/authority/ProtocolMode.mjs +11 -11
  35. package/dist/authority/RegionDiscovery.d.ts +32 -32
  36. package/dist/authority/RegionDiscovery.mjs +106 -106
  37. package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
  38. package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
  39. package/dist/cache/CacheManager.d.ts +497 -497
  40. package/dist/cache/CacheManager.mjs +1249 -1249
  41. package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
  42. package/dist/cache/entities/AccountEntity.d.ts +106 -106
  43. package/dist/cache/entities/AccountEntity.mjs +240 -240
  44. package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
  45. package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
  46. package/dist/cache/entities/CacheRecord.d.ts +13 -13
  47. package/dist/cache/entities/CredentialEntity.d.ts +30 -30
  48. package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
  49. package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
  50. package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -6
  51. package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
  52. package/dist/cache/interface/ICacheManager.d.ts +166 -166
  53. package/dist/cache/interface/ICachePlugin.d.ts +5 -5
  54. package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
  55. package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
  56. package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
  57. package/dist/cache/utils/CacheHelpers.d.ts +94 -94
  58. package/dist/cache/utils/CacheHelpers.mjs +324 -324
  59. package/dist/cache/utils/CacheTypes.d.ts +69 -69
  60. package/dist/client/AuthorizationCodeClient.d.ts +74 -74
  61. package/dist/client/AuthorizationCodeClient.mjs +420 -420
  62. package/dist/client/BaseClient.d.ts +51 -51
  63. package/dist/client/BaseClient.mjs +100 -100
  64. package/dist/client/RefreshTokenClient.d.ts +35 -35
  65. package/dist/client/RefreshTokenClient.mjs +211 -211
  66. package/dist/client/SilentFlowClient.d.ts +27 -27
  67. package/dist/client/SilentFlowClient.mjs +133 -133
  68. package/dist/config/AppTokenProvider.d.ts +38 -38
  69. package/dist/config/ClientConfiguration.d.ts +150 -150
  70. package/dist/config/ClientConfiguration.mjs +95 -95
  71. package/dist/constants/AADServerParamKeys.d.ts +53 -53
  72. package/dist/constants/AADServerParamKeys.mjs +57 -57
  73. package/dist/crypto/ICrypto.d.ts +68 -68
  74. package/dist/crypto/ICrypto.mjs +36 -36
  75. package/dist/crypto/IGuidGenerator.d.ts +4 -4
  76. package/dist/crypto/JoseHeader.d.ts +22 -22
  77. package/dist/crypto/JoseHeader.mjs +37 -37
  78. package/dist/crypto/PopTokenGenerator.d.ts +59 -59
  79. package/dist/crypto/PopTokenGenerator.mjs +81 -81
  80. package/dist/crypto/SignedHttpRequest.d.ts +15 -15
  81. package/dist/error/AuthError.d.ts +44 -44
  82. package/dist/error/AuthError.mjs +46 -46
  83. package/dist/error/AuthErrorCodes.d.ts +5 -5
  84. package/dist/error/AuthErrorCodes.mjs +9 -9
  85. package/dist/error/CacheError.d.ts +20 -20
  86. package/dist/error/CacheError.mjs +24 -24
  87. package/dist/error/CacheErrorCodes.d.ts +2 -2
  88. package/dist/error/CacheErrorCodes.mjs +6 -6
  89. package/dist/error/ClientAuthError.d.ts +237 -237
  90. package/dist/error/ClientAuthError.mjs +249 -249
  91. package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
  92. package/dist/error/ClientAuthErrorCodes.mjs +48 -48
  93. package/dist/error/ClientConfigurationError.d.ts +128 -128
  94. package/dist/error/ClientConfigurationError.mjs +135 -135
  95. package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
  96. package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
  97. package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
  98. package/dist/error/InteractionRequiredAuthError.mjs +85 -85
  99. package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
  100. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
  101. package/dist/error/JoseHeaderError.d.ts +15 -15
  102. package/dist/error/JoseHeaderError.mjs +22 -22
  103. package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
  104. package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
  105. package/dist/error/ServerError.d.ts +15 -15
  106. package/dist/error/ServerError.mjs +16 -16
  107. package/dist/index.cjs +8662 -8658
  108. package/dist/index.cjs.map +1 -1
  109. package/dist/index.d.ts +107 -107
  110. package/dist/index.mjs +1 -1
  111. package/dist/logger/Logger.d.ts +95 -95
  112. package/dist/logger/Logger.mjs +188 -188
  113. package/dist/network/INetworkModule.d.ts +29 -29
  114. package/dist/network/INetworkModule.mjs +12 -12
  115. package/dist/network/NetworkManager.d.ts +33 -33
  116. package/dist/network/NetworkManager.mjs +34 -34
  117. package/dist/network/RequestThumbprint.d.ts +18 -18
  118. package/dist/network/ThrottlingUtils.d.ts +42 -42
  119. package/dist/network/ThrottlingUtils.mjs +95 -95
  120. package/dist/packageMetadata.d.ts +2 -2
  121. package/dist/packageMetadata.mjs +4 -4
  122. package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
  123. package/dist/request/AuthenticationHeaderParser.mjs +55 -55
  124. package/dist/request/BaseAuthRequest.d.ts +47 -47
  125. package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
  126. package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
  127. package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
  128. package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
  129. package/dist/request/CommonEndSessionRequest.d.ts +21 -21
  130. package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
  131. package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
  132. package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
  133. package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
  134. package/dist/request/NativeRequest.d.ts +19 -19
  135. package/dist/request/NativeSignOutRequest.d.ts +5 -5
  136. package/dist/request/RequestParameterBuilder.d.ts +217 -217
  137. package/dist/request/RequestParameterBuilder.mjs +382 -382
  138. package/dist/request/RequestValidator.d.ts +27 -27
  139. package/dist/request/RequestValidator.mjs +64 -64
  140. package/dist/request/ScopeSet.d.ts +88 -88
  141. package/dist/request/ScopeSet.mjs +197 -197
  142. package/dist/request/StoreInCache.d.ts +8 -8
  143. package/dist/response/AuthenticationResult.d.ts +41 -41
  144. package/dist/response/AuthorizationCodePayload.d.ts +13 -13
  145. package/dist/response/DeviceCodeResponse.d.ts +25 -25
  146. package/dist/response/ExternalTokenResponse.d.ts +15 -15
  147. package/dist/response/IMDSBadResponse.d.ts +4 -4
  148. package/dist/response/ResponseHandler.d.ts +69 -69
  149. package/dist/response/ResponseHandler.mjs +374 -374
  150. package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
  151. package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
  152. package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
  153. package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
  154. package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
  155. package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
  156. package/dist/telemetry/performance/PerformanceEvent.d.ts +515 -505
  157. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  158. package/dist/telemetry/performance/PerformanceEvent.mjs +484 -480
  159. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  160. package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
  161. package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
  162. package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -78
  163. package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -260
  164. package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
  165. package/dist/url/IUri.d.ts +12 -12
  166. package/dist/url/UrlString.d.ts +48 -48
  167. package/dist/url/UrlString.mjs +161 -161
  168. package/dist/utils/ClientAssertionUtils.d.ts +2 -2
  169. package/dist/utils/ClientAssertionUtils.mjs +16 -16
  170. package/dist/utils/Constants.d.ts +309 -309
  171. package/dist/utils/Constants.mjs +322 -322
  172. package/dist/utils/FunctionWrappers.d.ts +27 -27
  173. package/dist/utils/FunctionWrappers.mjs +94 -94
  174. package/dist/utils/MsalTypes.d.ts +6 -6
  175. package/dist/utils/ProtocolUtils.d.ts +42 -42
  176. package/dist/utils/ProtocolUtils.mjs +69 -69
  177. package/dist/utils/StringUtils.d.ts +40 -40
  178. package/dist/utils/StringUtils.mjs +95 -95
  179. package/dist/utils/TimeUtils.d.ts +25 -25
  180. package/dist/utils/TimeUtils.mjs +43 -43
  181. package/dist/utils/UrlUtils.d.ts +10 -10
  182. package/dist/utils/UrlUtils.mjs +44 -44
  183. package/package.json +1 -1
  184. package/src/packageMetadata.ts +1 -1
  185. package/src/telemetry/performance/PerformanceEvent.ts +12 -0
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v14.14.0 2024-07-23 */
1
+ /*! @azure/msal-common v14.14.1 2024-08-13 */
2
2
  'use strict';
3
3
  import { extractTokenClaims } from '../../account/AuthToken.mjs';
4
4
  import { createClientAuthError } from '../../error/ClientAuthError.mjs';
@@ -6,329 +6,329 @@ import { Separators, CredentialType, AuthenticationScheme, SERVER_TELEM_CONSTANT
6
6
  import { nowSeconds } from '../../utils/TimeUtils.mjs';
7
7
  import { tokenClaimsCnfRequiredForSignedJwt } from '../../error/ClientAuthErrorCodes.mjs';
8
8
 
9
- /*
10
- * Copyright (c) Microsoft Corporation. All rights reserved.
11
- * Licensed under the MIT License.
12
- */
13
- /**
14
- * Cache Key: <home_account_id>-<environment>-<credential_type>-<client_id or familyId>-<realm>-<scopes>-<claims hash>-<scheme>
15
- * IdToken Example: uid.utid-login.microsoftonline.com-idtoken-app_client_id-contoso.com
16
- * AccessToken Example: uid.utid-login.microsoftonline.com-accesstoken-app_client_id-contoso.com-scope1 scope2--pop
17
- * RefreshToken Example: uid.utid-login.microsoftonline.com-refreshtoken-1-contoso.com
18
- * @param credentialEntity
19
- * @returns
20
- */
21
- function generateCredentialKey(credentialEntity) {
22
- const credentialKey = [
23
- generateAccountId(credentialEntity),
24
- generateCredentialId(credentialEntity),
25
- generateTarget(credentialEntity),
26
- generateClaimsHash(credentialEntity),
27
- generateScheme(credentialEntity),
28
- ];
29
- return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
30
- }
31
- /**
32
- * Create IdTokenEntity
33
- * @param homeAccountId
34
- * @param authenticationResult
35
- * @param clientId
36
- * @param authority
37
- */
38
- function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
39
- const idTokenEntity = {
40
- credentialType: CredentialType.ID_TOKEN,
41
- homeAccountId: homeAccountId,
42
- environment: environment,
43
- clientId: clientId,
44
- secret: idToken,
45
- realm: tenantId,
46
- };
47
- return idTokenEntity;
48
- }
49
- /**
50
- * Create AccessTokenEntity
51
- * @param homeAccountId
52
- * @param environment
53
- * @param accessToken
54
- * @param clientId
55
- * @param tenantId
56
- * @param scopes
57
- * @param expiresOn
58
- * @param extExpiresOn
59
- */
60
- function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId, requestedClaims, requestedClaimsHash) {
61
- const atEntity = {
62
- homeAccountId: homeAccountId,
63
- credentialType: CredentialType.ACCESS_TOKEN,
64
- secret: accessToken,
65
- cachedAt: nowSeconds().toString(),
66
- expiresOn: expiresOn.toString(),
67
- extendedExpiresOn: extExpiresOn.toString(),
68
- environment: environment,
69
- clientId: clientId,
70
- realm: tenantId,
71
- target: scopes,
72
- tokenType: tokenType || AuthenticationScheme.BEARER,
73
- };
74
- if (userAssertionHash) {
75
- atEntity.userAssertionHash = userAssertionHash;
76
- }
77
- if (refreshOn) {
78
- atEntity.refreshOn = refreshOn.toString();
79
- }
80
- if (requestedClaims) {
81
- atEntity.requestedClaims = requestedClaims;
82
- atEntity.requestedClaimsHash = requestedClaimsHash;
83
- }
84
- /*
85
- * Create Access Token With Auth Scheme instead of regular access token
86
- * Cast to lower to handle "bearer" from ADFS
87
- */
88
- if (atEntity.tokenType?.toLowerCase() !==
89
- AuthenticationScheme.BEARER.toLowerCase()) {
90
- atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
91
- switch (atEntity.tokenType) {
92
- case AuthenticationScheme.POP:
93
- // Make sure keyId is present and add it to credential
94
- const tokenClaims = extractTokenClaims(accessToken, base64Decode);
95
- if (!tokenClaims?.cnf?.kid) {
96
- throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
97
- }
98
- atEntity.keyId = tokenClaims.cnf.kid;
99
- break;
100
- case AuthenticationScheme.SSH:
101
- atEntity.keyId = keyId;
102
- }
103
- }
104
- return atEntity;
105
- }
106
- /**
107
- * Create RefreshTokenEntity
108
- * @param homeAccountId
109
- * @param authenticationResult
110
- * @param clientId
111
- * @param authority
112
- */
113
- function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
114
- const rtEntity = {
115
- credentialType: CredentialType.REFRESH_TOKEN,
116
- homeAccountId: homeAccountId,
117
- environment: environment,
118
- clientId: clientId,
119
- secret: refreshToken,
120
- };
121
- if (userAssertionHash) {
122
- rtEntity.userAssertionHash = userAssertionHash;
123
- }
124
- if (familyId) {
125
- rtEntity.familyId = familyId;
126
- }
127
- if (expiresOn) {
128
- rtEntity.expiresOn = expiresOn.toString();
129
- }
130
- return rtEntity;
131
- }
132
- function isCredentialEntity(entity) {
133
- return (entity.hasOwnProperty("homeAccountId") &&
134
- entity.hasOwnProperty("environment") &&
135
- entity.hasOwnProperty("credentialType") &&
136
- entity.hasOwnProperty("clientId") &&
137
- entity.hasOwnProperty("secret"));
138
- }
139
- /**
140
- * Validates an entity: checks for all expected params
141
- * @param entity
142
- */
143
- function isAccessTokenEntity(entity) {
144
- if (!entity) {
145
- return false;
146
- }
147
- return (isCredentialEntity(entity) &&
148
- entity.hasOwnProperty("realm") &&
149
- entity.hasOwnProperty("target") &&
150
- (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
151
- entity["credentialType"] ===
152
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
153
- }
154
- /**
155
- * Validates an entity: checks for all expected params
156
- * @param entity
157
- */
158
- function isIdTokenEntity(entity) {
159
- if (!entity) {
160
- return false;
161
- }
162
- return (isCredentialEntity(entity) &&
163
- entity.hasOwnProperty("realm") &&
164
- entity["credentialType"] === CredentialType.ID_TOKEN);
165
- }
166
- /**
167
- * Validates an entity: checks for all expected params
168
- * @param entity
169
- */
170
- function isRefreshTokenEntity(entity) {
171
- if (!entity) {
172
- return false;
173
- }
174
- return (isCredentialEntity(entity) &&
175
- entity["credentialType"] === CredentialType.REFRESH_TOKEN);
176
- }
177
- /**
178
- * Generate Account Id key component as per the schema: <home_account_id>-<environment>
179
- */
180
- function generateAccountId(credentialEntity) {
181
- const accountId = [
182
- credentialEntity.homeAccountId,
183
- credentialEntity.environment,
184
- ];
185
- return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
186
- }
187
- /**
188
- * Generate Credential Id key component as per the schema: <credential_type>-<client_id>-<realm>
189
- */
190
- function generateCredentialId(credentialEntity) {
191
- const clientOrFamilyId = credentialEntity.credentialType === CredentialType.REFRESH_TOKEN
192
- ? credentialEntity.familyId || credentialEntity.clientId
193
- : credentialEntity.clientId;
194
- const credentialId = [
195
- credentialEntity.credentialType,
196
- clientOrFamilyId,
197
- credentialEntity.realm || "",
198
- ];
199
- return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
200
- }
201
- /**
202
- * Generate target key component as per schema: <target>
203
- */
204
- function generateTarget(credentialEntity) {
205
- return (credentialEntity.target || "").toLowerCase();
206
- }
207
- /**
208
- * Generate requested claims key component as per schema: <requestedClaims>
209
- */
210
- function generateClaimsHash(credentialEntity) {
211
- return (credentialEntity.requestedClaimsHash || "").toLowerCase();
212
- }
213
- /**
214
- * Generate scheme key componenet as per schema: <scheme>
215
- */
216
- function generateScheme(credentialEntity) {
217
- /*
218
- * PoP Tokens and SSH certs include scheme in cache key
219
- * Cast to lowercase to handle "bearer" from ADFS
220
- */
221
- return credentialEntity.tokenType &&
222
- credentialEntity.tokenType.toLowerCase() !==
223
- AuthenticationScheme.BEARER.toLowerCase()
224
- ? credentialEntity.tokenType.toLowerCase()
225
- : "";
226
- }
227
- /**
228
- * validates if a given cache entry is "Telemetry", parses <key,value>
229
- * @param key
230
- * @param entity
231
- */
232
- function isServerTelemetryEntity(key, entity) {
233
- const validateKey = key.indexOf(SERVER_TELEM_CONSTANTS.CACHE_KEY) === 0;
234
- let validateEntity = true;
235
- if (entity) {
236
- validateEntity =
237
- entity.hasOwnProperty("failedRequests") &&
238
- entity.hasOwnProperty("errors") &&
239
- entity.hasOwnProperty("cacheHits");
240
- }
241
- return validateKey && validateEntity;
242
- }
243
- /**
244
- * validates if a given cache entry is "Throttling", parses <key,value>
245
- * @param key
246
- * @param entity
247
- */
248
- function isThrottlingEntity(key, entity) {
249
- let validateKey = false;
250
- if (key) {
251
- validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0;
252
- }
253
- let validateEntity = true;
254
- if (entity) {
255
- validateEntity = entity.hasOwnProperty("throttleTime");
256
- }
257
- return validateKey && validateEntity;
258
- }
259
- /**
260
- * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
261
- */
262
- function generateAppMetadataKey({ environment, clientId, }) {
263
- const appMetaDataKeyArray = [
264
- APP_METADATA,
265
- environment,
266
- clientId,
267
- ];
268
- return appMetaDataKeyArray
269
- .join(Separators.CACHE_KEY_SEPARATOR)
270
- .toLowerCase();
271
- }
272
- /*
273
- * Validates an entity: checks for all expected params
274
- * @param entity
275
- */
276
- function isAppMetadataEntity(key, entity) {
277
- if (!entity) {
278
- return false;
279
- }
280
- return (key.indexOf(APP_METADATA) === 0 &&
281
- entity.hasOwnProperty("clientId") &&
282
- entity.hasOwnProperty("environment"));
283
- }
284
- /**
285
- * Validates an entity: checks for all expected params
286
- * @param entity
287
- */
288
- function isAuthorityMetadataEntity(key, entity) {
289
- if (!entity) {
290
- return false;
291
- }
292
- return (key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) === 0 &&
293
- entity.hasOwnProperty("aliases") &&
294
- entity.hasOwnProperty("preferred_cache") &&
295
- entity.hasOwnProperty("preferred_network") &&
296
- entity.hasOwnProperty("canonical_authority") &&
297
- entity.hasOwnProperty("authorization_endpoint") &&
298
- entity.hasOwnProperty("token_endpoint") &&
299
- entity.hasOwnProperty("issuer") &&
300
- entity.hasOwnProperty("aliasesFromNetwork") &&
301
- entity.hasOwnProperty("endpointsFromNetwork") &&
302
- entity.hasOwnProperty("expiresAt") &&
303
- entity.hasOwnProperty("jwks_uri"));
304
- }
305
- /**
306
- * Reset the exiresAt value
307
- */
308
- function generateAuthorityMetadataExpiresAt() {
309
- return (nowSeconds() +
310
- AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS);
311
- }
312
- function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
313
- authorityMetadata.authorization_endpoint =
314
- updatedValues.authorization_endpoint;
315
- authorityMetadata.token_endpoint = updatedValues.token_endpoint;
316
- authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
317
- authorityMetadata.issuer = updatedValues.issuer;
318
- authorityMetadata.endpointsFromNetwork = fromNetwork;
319
- authorityMetadata.jwks_uri = updatedValues.jwks_uri;
320
- }
321
- function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
322
- authorityMetadata.aliases = updatedValues.aliases;
323
- authorityMetadata.preferred_cache = updatedValues.preferred_cache;
324
- authorityMetadata.preferred_network = updatedValues.preferred_network;
325
- authorityMetadata.aliasesFromNetwork = fromNetwork;
326
- }
327
- /**
328
- * Returns whether or not the data needs to be refreshed
329
- */
330
- function isAuthorityMetadataExpired(metadata) {
331
- return metadata.expiresAt <= nowSeconds();
9
+ /*
10
+ * Copyright (c) Microsoft Corporation. All rights reserved.
11
+ * Licensed under the MIT License.
12
+ */
13
+ /**
14
+ * Cache Key: <home_account_id>-<environment>-<credential_type>-<client_id or familyId>-<realm>-<scopes>-<claims hash>-<scheme>
15
+ * IdToken Example: uid.utid-login.microsoftonline.com-idtoken-app_client_id-contoso.com
16
+ * AccessToken Example: uid.utid-login.microsoftonline.com-accesstoken-app_client_id-contoso.com-scope1 scope2--pop
17
+ * RefreshToken Example: uid.utid-login.microsoftonline.com-refreshtoken-1-contoso.com
18
+ * @param credentialEntity
19
+ * @returns
20
+ */
21
+ function generateCredentialKey(credentialEntity) {
22
+ const credentialKey = [
23
+ generateAccountId(credentialEntity),
24
+ generateCredentialId(credentialEntity),
25
+ generateTarget(credentialEntity),
26
+ generateClaimsHash(credentialEntity),
27
+ generateScheme(credentialEntity),
28
+ ];
29
+ return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
30
+ }
31
+ /**
32
+ * Create IdTokenEntity
33
+ * @param homeAccountId
34
+ * @param authenticationResult
35
+ * @param clientId
36
+ * @param authority
37
+ */
38
+ function createIdTokenEntity(homeAccountId, environment, idToken, clientId, tenantId) {
39
+ const idTokenEntity = {
40
+ credentialType: CredentialType.ID_TOKEN,
41
+ homeAccountId: homeAccountId,
42
+ environment: environment,
43
+ clientId: clientId,
44
+ secret: idToken,
45
+ realm: tenantId,
46
+ };
47
+ return idTokenEntity;
48
+ }
49
+ /**
50
+ * Create AccessTokenEntity
51
+ * @param homeAccountId
52
+ * @param environment
53
+ * @param accessToken
54
+ * @param clientId
55
+ * @param tenantId
56
+ * @param scopes
57
+ * @param expiresOn
58
+ * @param extExpiresOn
59
+ */
60
+ function createAccessTokenEntity(homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, base64Decode, refreshOn, tokenType, userAssertionHash, keyId, requestedClaims, requestedClaimsHash) {
61
+ const atEntity = {
62
+ homeAccountId: homeAccountId,
63
+ credentialType: CredentialType.ACCESS_TOKEN,
64
+ secret: accessToken,
65
+ cachedAt: nowSeconds().toString(),
66
+ expiresOn: expiresOn.toString(),
67
+ extendedExpiresOn: extExpiresOn.toString(),
68
+ environment: environment,
69
+ clientId: clientId,
70
+ realm: tenantId,
71
+ target: scopes,
72
+ tokenType: tokenType || AuthenticationScheme.BEARER,
73
+ };
74
+ if (userAssertionHash) {
75
+ atEntity.userAssertionHash = userAssertionHash;
76
+ }
77
+ if (refreshOn) {
78
+ atEntity.refreshOn = refreshOn.toString();
79
+ }
80
+ if (requestedClaims) {
81
+ atEntity.requestedClaims = requestedClaims;
82
+ atEntity.requestedClaimsHash = requestedClaimsHash;
83
+ }
84
+ /*
85
+ * Create Access Token With Auth Scheme instead of regular access token
86
+ * Cast to lower to handle "bearer" from ADFS
87
+ */
88
+ if (atEntity.tokenType?.toLowerCase() !==
89
+ AuthenticationScheme.BEARER.toLowerCase()) {
90
+ atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
91
+ switch (atEntity.tokenType) {
92
+ case AuthenticationScheme.POP:
93
+ // Make sure keyId is present and add it to credential
94
+ const tokenClaims = extractTokenClaims(accessToken, base64Decode);
95
+ if (!tokenClaims?.cnf?.kid) {
96
+ throw createClientAuthError(tokenClaimsCnfRequiredForSignedJwt);
97
+ }
98
+ atEntity.keyId = tokenClaims.cnf.kid;
99
+ break;
100
+ case AuthenticationScheme.SSH:
101
+ atEntity.keyId = keyId;
102
+ }
103
+ }
104
+ return atEntity;
105
+ }
106
+ /**
107
+ * Create RefreshTokenEntity
108
+ * @param homeAccountId
109
+ * @param authenticationResult
110
+ * @param clientId
111
+ * @param authority
112
+ */
113
+ function createRefreshTokenEntity(homeAccountId, environment, refreshToken, clientId, familyId, userAssertionHash, expiresOn) {
114
+ const rtEntity = {
115
+ credentialType: CredentialType.REFRESH_TOKEN,
116
+ homeAccountId: homeAccountId,
117
+ environment: environment,
118
+ clientId: clientId,
119
+ secret: refreshToken,
120
+ };
121
+ if (userAssertionHash) {
122
+ rtEntity.userAssertionHash = userAssertionHash;
123
+ }
124
+ if (familyId) {
125
+ rtEntity.familyId = familyId;
126
+ }
127
+ if (expiresOn) {
128
+ rtEntity.expiresOn = expiresOn.toString();
129
+ }
130
+ return rtEntity;
131
+ }
132
+ function isCredentialEntity(entity) {
133
+ return (entity.hasOwnProperty("homeAccountId") &&
134
+ entity.hasOwnProperty("environment") &&
135
+ entity.hasOwnProperty("credentialType") &&
136
+ entity.hasOwnProperty("clientId") &&
137
+ entity.hasOwnProperty("secret"));
138
+ }
139
+ /**
140
+ * Validates an entity: checks for all expected params
141
+ * @param entity
142
+ */
143
+ function isAccessTokenEntity(entity) {
144
+ if (!entity) {
145
+ return false;
146
+ }
147
+ return (isCredentialEntity(entity) &&
148
+ entity.hasOwnProperty("realm") &&
149
+ entity.hasOwnProperty("target") &&
150
+ (entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
151
+ entity["credentialType"] ===
152
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));
153
+ }
154
+ /**
155
+ * Validates an entity: checks for all expected params
156
+ * @param entity
157
+ */
158
+ function isIdTokenEntity(entity) {
159
+ if (!entity) {
160
+ return false;
161
+ }
162
+ return (isCredentialEntity(entity) &&
163
+ entity.hasOwnProperty("realm") &&
164
+ entity["credentialType"] === CredentialType.ID_TOKEN);
165
+ }
166
+ /**
167
+ * Validates an entity: checks for all expected params
168
+ * @param entity
169
+ */
170
+ function isRefreshTokenEntity(entity) {
171
+ if (!entity) {
172
+ return false;
173
+ }
174
+ return (isCredentialEntity(entity) &&
175
+ entity["credentialType"] === CredentialType.REFRESH_TOKEN);
176
+ }
177
+ /**
178
+ * Generate Account Id key component as per the schema: <home_account_id>-<environment>
179
+ */
180
+ function generateAccountId(credentialEntity) {
181
+ const accountId = [
182
+ credentialEntity.homeAccountId,
183
+ credentialEntity.environment,
184
+ ];
185
+ return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
186
+ }
187
+ /**
188
+ * Generate Credential Id key component as per the schema: <credential_type>-<client_id>-<realm>
189
+ */
190
+ function generateCredentialId(credentialEntity) {
191
+ const clientOrFamilyId = credentialEntity.credentialType === CredentialType.REFRESH_TOKEN
192
+ ? credentialEntity.familyId || credentialEntity.clientId
193
+ : credentialEntity.clientId;
194
+ const credentialId = [
195
+ credentialEntity.credentialType,
196
+ clientOrFamilyId,
197
+ credentialEntity.realm || "",
198
+ ];
199
+ return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
200
+ }
201
+ /**
202
+ * Generate target key component as per schema: <target>
203
+ */
204
+ function generateTarget(credentialEntity) {
205
+ return (credentialEntity.target || "").toLowerCase();
206
+ }
207
+ /**
208
+ * Generate requested claims key component as per schema: <requestedClaims>
209
+ */
210
+ function generateClaimsHash(credentialEntity) {
211
+ return (credentialEntity.requestedClaimsHash || "").toLowerCase();
212
+ }
213
+ /**
214
+ * Generate scheme key componenet as per schema: <scheme>
215
+ */
216
+ function generateScheme(credentialEntity) {
217
+ /*
218
+ * PoP Tokens and SSH certs include scheme in cache key
219
+ * Cast to lowercase to handle "bearer" from ADFS
220
+ */
221
+ return credentialEntity.tokenType &&
222
+ credentialEntity.tokenType.toLowerCase() !==
223
+ AuthenticationScheme.BEARER.toLowerCase()
224
+ ? credentialEntity.tokenType.toLowerCase()
225
+ : "";
226
+ }
227
+ /**
228
+ * validates if a given cache entry is "Telemetry", parses <key,value>
229
+ * @param key
230
+ * @param entity
231
+ */
232
+ function isServerTelemetryEntity(key, entity) {
233
+ const validateKey = key.indexOf(SERVER_TELEM_CONSTANTS.CACHE_KEY) === 0;
234
+ let validateEntity = true;
235
+ if (entity) {
236
+ validateEntity =
237
+ entity.hasOwnProperty("failedRequests") &&
238
+ entity.hasOwnProperty("errors") &&
239
+ entity.hasOwnProperty("cacheHits");
240
+ }
241
+ return validateKey && validateEntity;
242
+ }
243
+ /**
244
+ * validates if a given cache entry is "Throttling", parses <key,value>
245
+ * @param key
246
+ * @param entity
247
+ */
248
+ function isThrottlingEntity(key, entity) {
249
+ let validateKey = false;
250
+ if (key) {
251
+ validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0;
252
+ }
253
+ let validateEntity = true;
254
+ if (entity) {
255
+ validateEntity = entity.hasOwnProperty("throttleTime");
256
+ }
257
+ return validateKey && validateEntity;
258
+ }
259
+ /**
260
+ * Generate AppMetadata Cache Key as per the schema: appmetadata-<environment>-<client_id>
261
+ */
262
+ function generateAppMetadataKey({ environment, clientId, }) {
263
+ const appMetaDataKeyArray = [
264
+ APP_METADATA,
265
+ environment,
266
+ clientId,
267
+ ];
268
+ return appMetaDataKeyArray
269
+ .join(Separators.CACHE_KEY_SEPARATOR)
270
+ .toLowerCase();
271
+ }
272
+ /*
273
+ * Validates an entity: checks for all expected params
274
+ * @param entity
275
+ */
276
+ function isAppMetadataEntity(key, entity) {
277
+ if (!entity) {
278
+ return false;
279
+ }
280
+ return (key.indexOf(APP_METADATA) === 0 &&
281
+ entity.hasOwnProperty("clientId") &&
282
+ entity.hasOwnProperty("environment"));
283
+ }
284
+ /**
285
+ * Validates an entity: checks for all expected params
286
+ * @param entity
287
+ */
288
+ function isAuthorityMetadataEntity(key, entity) {
289
+ if (!entity) {
290
+ return false;
291
+ }
292
+ return (key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) === 0 &&
293
+ entity.hasOwnProperty("aliases") &&
294
+ entity.hasOwnProperty("preferred_cache") &&
295
+ entity.hasOwnProperty("preferred_network") &&
296
+ entity.hasOwnProperty("canonical_authority") &&
297
+ entity.hasOwnProperty("authorization_endpoint") &&
298
+ entity.hasOwnProperty("token_endpoint") &&
299
+ entity.hasOwnProperty("issuer") &&
300
+ entity.hasOwnProperty("aliasesFromNetwork") &&
301
+ entity.hasOwnProperty("endpointsFromNetwork") &&
302
+ entity.hasOwnProperty("expiresAt") &&
303
+ entity.hasOwnProperty("jwks_uri"));
304
+ }
305
+ /**
306
+ * Reset the exiresAt value
307
+ */
308
+ function generateAuthorityMetadataExpiresAt() {
309
+ return (nowSeconds() +
310
+ AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS);
311
+ }
312
+ function updateAuthorityEndpointMetadata(authorityMetadata, updatedValues, fromNetwork) {
313
+ authorityMetadata.authorization_endpoint =
314
+ updatedValues.authorization_endpoint;
315
+ authorityMetadata.token_endpoint = updatedValues.token_endpoint;
316
+ authorityMetadata.end_session_endpoint = updatedValues.end_session_endpoint;
317
+ authorityMetadata.issuer = updatedValues.issuer;
318
+ authorityMetadata.endpointsFromNetwork = fromNetwork;
319
+ authorityMetadata.jwks_uri = updatedValues.jwks_uri;
320
+ }
321
+ function updateCloudDiscoveryMetadata(authorityMetadata, updatedValues, fromNetwork) {
322
+ authorityMetadata.aliases = updatedValues.aliases;
323
+ authorityMetadata.preferred_cache = updatedValues.preferred_cache;
324
+ authorityMetadata.preferred_network = updatedValues.preferred_network;
325
+ authorityMetadata.aliasesFromNetwork = fromNetwork;
326
+ }
327
+ /**
328
+ * Returns whether or not the data needs to be refreshed
329
+ */
330
+ function isAuthorityMetadataExpired(metadata) {
331
+ return metadata.expiresAt <= nowSeconds();
332
332
  }
333
333
 
334
334
  export { createAccessTokenEntity, createIdTokenEntity, createRefreshTokenEntity, generateAppMetadataKey, generateAuthorityMetadataExpiresAt, generateCredentialKey, isAccessTokenEntity, isAppMetadataEntity, isAuthorityMetadataEntity, isAuthorityMetadataExpired, isCredentialEntity, isIdTokenEntity, isRefreshTokenEntity, isServerTelemetryEntity, isThrottlingEntity, updateAuthorityEndpointMetadata, updateCloudDiscoveryMetadata };