@azure/msal-common 14.14.0 → 14.14.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +66 -66
- package/dist/account/AccountInfo.mjs +77 -77
- package/dist/account/AuthToken.d.ts +17 -17
- package/dist/account/AuthToken.mjs +58 -58
- package/dist/account/CcsCredential.d.ts +9 -9
- package/dist/account/CcsCredential.mjs +8 -8
- package/dist/account/ClientCredentials.d.ts +19 -19
- package/dist/account/ClientInfo.d.ts +18 -18
- package/dist/account/ClientInfo.mjs +37 -37
- package/dist/account/TokenClaims.d.ts +83 -83
- package/dist/account/TokenClaims.mjs +20 -20
- package/dist/authority/Authority.d.ts +254 -254
- package/dist/authority/Authority.mjs +836 -836
- package/dist/authority/AuthorityFactory.d.ts +18 -18
- package/dist/authority/AuthorityFactory.mjs +28 -28
- package/dist/authority/AuthorityMetadata.d.ts +43 -43
- package/dist/authority/AuthorityMetadata.mjs +137 -137
- package/dist/authority/AuthorityOptions.d.ts +27 -27
- package/dist/authority/AuthorityOptions.mjs +18 -18
- package/dist/authority/AuthorityType.d.ts +10 -10
- package/dist/authority/AuthorityType.mjs +13 -13
- package/dist/authority/AzureRegion.d.ts +1 -1
- package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
- package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
- package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
- package/dist/authority/ImdsOptions.d.ts +5 -5
- package/dist/authority/OIDCOptions.d.ts +8 -8
- package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
- package/dist/authority/OpenIdConfigResponse.mjs +10 -10
- package/dist/authority/ProtocolMode.d.ts +8 -8
- package/dist/authority/ProtocolMode.mjs +11 -11
- package/dist/authority/RegionDiscovery.d.ts +32 -32
- package/dist/authority/RegionDiscovery.mjs +106 -106
- package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
- package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
- package/dist/cache/CacheManager.d.ts +497 -497
- package/dist/cache/CacheManager.mjs +1249 -1249
- package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
- package/dist/cache/entities/AccountEntity.d.ts +106 -106
- package/dist/cache/entities/AccountEntity.mjs +240 -240
- package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
- package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
- package/dist/cache/entities/CacheRecord.d.ts +13 -13
- package/dist/cache/entities/CredentialEntity.d.ts +30 -30
- package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
- package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
- package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -6
- package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
- package/dist/cache/interface/ICacheManager.d.ts +166 -166
- package/dist/cache/interface/ICachePlugin.d.ts +5 -5
- package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
- package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
- package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
- package/dist/cache/utils/CacheHelpers.d.ts +94 -94
- package/dist/cache/utils/CacheHelpers.mjs +324 -324
- package/dist/cache/utils/CacheTypes.d.ts +69 -69
- package/dist/client/AuthorizationCodeClient.d.ts +74 -74
- package/dist/client/AuthorizationCodeClient.mjs +420 -420
- package/dist/client/BaseClient.d.ts +51 -51
- package/dist/client/BaseClient.mjs +100 -100
- package/dist/client/RefreshTokenClient.d.ts +35 -35
- package/dist/client/RefreshTokenClient.mjs +211 -211
- package/dist/client/SilentFlowClient.d.ts +27 -27
- package/dist/client/SilentFlowClient.mjs +133 -133
- package/dist/config/AppTokenProvider.d.ts +38 -38
- package/dist/config/ClientConfiguration.d.ts +150 -150
- package/dist/config/ClientConfiguration.mjs +95 -95
- package/dist/constants/AADServerParamKeys.d.ts +53 -53
- package/dist/constants/AADServerParamKeys.mjs +57 -57
- package/dist/crypto/ICrypto.d.ts +68 -68
- package/dist/crypto/ICrypto.mjs +36 -36
- package/dist/crypto/IGuidGenerator.d.ts +4 -4
- package/dist/crypto/JoseHeader.d.ts +22 -22
- package/dist/crypto/JoseHeader.mjs +37 -37
- package/dist/crypto/PopTokenGenerator.d.ts +59 -59
- package/dist/crypto/PopTokenGenerator.mjs +81 -81
- package/dist/crypto/SignedHttpRequest.d.ts +15 -15
- package/dist/error/AuthError.d.ts +44 -44
- package/dist/error/AuthError.mjs +46 -46
- package/dist/error/AuthErrorCodes.d.ts +5 -5
- package/dist/error/AuthErrorCodes.mjs +9 -9
- package/dist/error/CacheError.d.ts +20 -20
- package/dist/error/CacheError.mjs +24 -24
- package/dist/error/CacheErrorCodes.d.ts +2 -2
- package/dist/error/CacheErrorCodes.mjs +6 -6
- package/dist/error/ClientAuthError.d.ts +237 -237
- package/dist/error/ClientAuthError.mjs +249 -249
- package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
- package/dist/error/ClientAuthErrorCodes.mjs +48 -48
- package/dist/error/ClientConfigurationError.d.ts +128 -128
- package/dist/error/ClientConfigurationError.mjs +135 -135
- package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
- package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
- package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
- package/dist/error/InteractionRequiredAuthError.mjs +85 -85
- package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
- package/dist/error/JoseHeaderError.d.ts +15 -15
- package/dist/error/JoseHeaderError.mjs +22 -22
- package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
- package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
- package/dist/error/ServerError.d.ts +15 -15
- package/dist/error/ServerError.mjs +16 -16
- package/dist/index.cjs +8662 -8658
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +107 -107
- package/dist/index.mjs +1 -1
- package/dist/logger/Logger.d.ts +95 -95
- package/dist/logger/Logger.mjs +188 -188
- package/dist/network/INetworkModule.d.ts +29 -29
- package/dist/network/INetworkModule.mjs +12 -12
- package/dist/network/NetworkManager.d.ts +33 -33
- package/dist/network/NetworkManager.mjs +34 -34
- package/dist/network/RequestThumbprint.d.ts +18 -18
- package/dist/network/ThrottlingUtils.d.ts +42 -42
- package/dist/network/ThrottlingUtils.mjs +95 -95
- package/dist/packageMetadata.d.ts +2 -2
- package/dist/packageMetadata.mjs +4 -4
- package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
- package/dist/request/AuthenticationHeaderParser.mjs +55 -55
- package/dist/request/BaseAuthRequest.d.ts +47 -47
- package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
- package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
- package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
- package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
- package/dist/request/CommonEndSessionRequest.d.ts +21 -21
- package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
- package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
- package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
- package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
- package/dist/request/NativeRequest.d.ts +19 -19
- package/dist/request/NativeSignOutRequest.d.ts +5 -5
- package/dist/request/RequestParameterBuilder.d.ts +217 -217
- package/dist/request/RequestParameterBuilder.mjs +382 -382
- package/dist/request/RequestValidator.d.ts +27 -27
- package/dist/request/RequestValidator.mjs +64 -64
- package/dist/request/ScopeSet.d.ts +88 -88
- package/dist/request/ScopeSet.mjs +197 -197
- package/dist/request/StoreInCache.d.ts +8 -8
- package/dist/response/AuthenticationResult.d.ts +41 -41
- package/dist/response/AuthorizationCodePayload.d.ts +13 -13
- package/dist/response/DeviceCodeResponse.d.ts +25 -25
- package/dist/response/ExternalTokenResponse.d.ts +15 -15
- package/dist/response/IMDSBadResponse.d.ts +4 -4
- package/dist/response/ResponseHandler.d.ts +69 -69
- package/dist/response/ResponseHandler.mjs +374 -374
- package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
- package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
- package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
- package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
- package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
- package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
- package/dist/telemetry/performance/PerformanceEvent.d.ts +515 -505
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +484 -480
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
- package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
- package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -78
- package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -260
- package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
- package/dist/url/IUri.d.ts +12 -12
- package/dist/url/UrlString.d.ts +48 -48
- package/dist/url/UrlString.mjs +161 -161
- package/dist/utils/ClientAssertionUtils.d.ts +2 -2
- package/dist/utils/ClientAssertionUtils.mjs +16 -16
- package/dist/utils/Constants.d.ts +309 -309
- package/dist/utils/Constants.mjs +322 -322
- package/dist/utils/FunctionWrappers.d.ts +27 -27
- package/dist/utils/FunctionWrappers.mjs +94 -94
- package/dist/utils/MsalTypes.d.ts +6 -6
- package/dist/utils/ProtocolUtils.d.ts +42 -42
- package/dist/utils/ProtocolUtils.mjs +69 -69
- package/dist/utils/StringUtils.d.ts +40 -40
- package/dist/utils/StringUtils.mjs +95 -95
- package/dist/utils/TimeUtils.d.ts +25 -25
- package/dist/utils/TimeUtils.mjs +43 -43
- package/dist/utils/UrlUtils.d.ts +10 -10
- package/dist/utils/UrlUtils.mjs +44 -44
- package/package.json +1 -1
- package/src/packageMetadata.ts +1 -1
- package/src/telemetry/performance/PerformanceEvent.ts +12 -0
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.1 2024-08-13 */
|
|
2
2
|
'use strict';
|
|
3
3
|
import { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';
|
|
4
4
|
import { StringUtils } from '../utils/StringUtils.mjs';
|
|
@@ -7,202 +7,202 @@ import { Constants, OIDC_SCOPES } from '../utils/Constants.mjs';
|
|
|
7
7
|
import { emptyInputScopesError } from '../error/ClientConfigurationErrorCodes.mjs';
|
|
8
8
|
import { cannotAppendScopeSet, cannotRemoveEmptyScope, emptyInputScopeSet } from '../error/ClientAuthErrorCodes.mjs';
|
|
9
9
|
|
|
10
|
-
/*
|
|
11
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
|
-
* Licensed under the MIT License.
|
|
13
|
-
*/
|
|
14
|
-
/**
|
|
15
|
-
* The ScopeSet class creates a set of scopes. Scopes are case-insensitive, unique values, so the Set object in JS makes
|
|
16
|
-
* the most sense to implement for this class. All scopes are trimmed and converted to lower case strings in intersection and union functions
|
|
17
|
-
* to ensure uniqueness of strings.
|
|
18
|
-
*/
|
|
19
|
-
class ScopeSet {
|
|
20
|
-
constructor(inputScopes) {
|
|
21
|
-
// Filter empty string and null/undefined array items
|
|
22
|
-
const scopeArr = inputScopes
|
|
23
|
-
? StringUtils.trimArrayEntries([...inputScopes])
|
|
24
|
-
: [];
|
|
25
|
-
const filteredInput = scopeArr
|
|
26
|
-
? StringUtils.removeEmptyStringsFromArray(scopeArr)
|
|
27
|
-
: [];
|
|
28
|
-
// Validate and filter scopes (validate function throws if validation fails)
|
|
29
|
-
this.validateInputScopes(filteredInput);
|
|
30
|
-
this.scopes = new Set(); // Iterator in constructor not supported by IE11
|
|
31
|
-
filteredInput.forEach((scope) => this.scopes.add(scope));
|
|
32
|
-
}
|
|
33
|
-
/**
|
|
34
|
-
* Factory method to create ScopeSet from space-delimited string
|
|
35
|
-
* @param inputScopeString
|
|
36
|
-
* @param appClientId
|
|
37
|
-
* @param scopesRequired
|
|
38
|
-
*/
|
|
39
|
-
static fromString(inputScopeString) {
|
|
40
|
-
const scopeString = inputScopeString || Constants.EMPTY_STRING;
|
|
41
|
-
const inputScopes = scopeString.split(" ");
|
|
42
|
-
return new ScopeSet(inputScopes);
|
|
43
|
-
}
|
|
44
|
-
/**
|
|
45
|
-
* Creates the set of scopes to search for in cache lookups
|
|
46
|
-
* @param inputScopeString
|
|
47
|
-
* @returns
|
|
48
|
-
*/
|
|
49
|
-
static createSearchScopes(inputScopeString) {
|
|
50
|
-
const scopeSet = new ScopeSet(inputScopeString);
|
|
51
|
-
if (!scopeSet.containsOnlyOIDCScopes()) {
|
|
52
|
-
scopeSet.removeOIDCScopes();
|
|
53
|
-
}
|
|
54
|
-
else {
|
|
55
|
-
scopeSet.removeScope(Constants.OFFLINE_ACCESS_SCOPE);
|
|
56
|
-
}
|
|
57
|
-
return scopeSet;
|
|
58
|
-
}
|
|
59
|
-
/**
|
|
60
|
-
* Used to validate the scopes input parameter requested by the developer.
|
|
61
|
-
* @param {Array<string>} inputScopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned.
|
|
62
|
-
* @param {boolean} scopesRequired - Boolean indicating whether the scopes array is required or not
|
|
63
|
-
*/
|
|
64
|
-
validateInputScopes(inputScopes) {
|
|
65
|
-
// Check if scopes are required but not given or is an empty array
|
|
66
|
-
if (!inputScopes || inputScopes.length < 1) {
|
|
67
|
-
throw createClientConfigurationError(emptyInputScopesError);
|
|
68
|
-
}
|
|
69
|
-
}
|
|
70
|
-
/**
|
|
71
|
-
* Check if a given scope is present in this set of scopes.
|
|
72
|
-
* @param scope
|
|
73
|
-
*/
|
|
74
|
-
containsScope(scope) {
|
|
75
|
-
const lowerCaseScopes = this.printScopesLowerCase().split(" ");
|
|
76
|
-
const lowerCaseScopesSet = new ScopeSet(lowerCaseScopes);
|
|
77
|
-
// compare lowercase scopes
|
|
78
|
-
return scope
|
|
79
|
-
? lowerCaseScopesSet.scopes.has(scope.toLowerCase())
|
|
80
|
-
: false;
|
|
81
|
-
}
|
|
82
|
-
/**
|
|
83
|
-
* Check if a set of scopes is present in this set of scopes.
|
|
84
|
-
* @param scopeSet
|
|
85
|
-
*/
|
|
86
|
-
containsScopeSet(scopeSet) {
|
|
87
|
-
if (!scopeSet || scopeSet.scopes.size <= 0) {
|
|
88
|
-
return false;
|
|
89
|
-
}
|
|
90
|
-
return (this.scopes.size >= scopeSet.scopes.size &&
|
|
91
|
-
scopeSet.asArray().every((scope) => this.containsScope(scope)));
|
|
92
|
-
}
|
|
93
|
-
/**
|
|
94
|
-
* Check if set of scopes contains only the defaults
|
|
95
|
-
*/
|
|
96
|
-
containsOnlyOIDCScopes() {
|
|
97
|
-
let defaultScopeCount = 0;
|
|
98
|
-
OIDC_SCOPES.forEach((defaultScope) => {
|
|
99
|
-
if (this.containsScope(defaultScope)) {
|
|
100
|
-
defaultScopeCount += 1;
|
|
101
|
-
}
|
|
102
|
-
});
|
|
103
|
-
return this.scopes.size === defaultScopeCount;
|
|
104
|
-
}
|
|
105
|
-
/**
|
|
106
|
-
* Appends single scope if passed
|
|
107
|
-
* @param newScope
|
|
108
|
-
*/
|
|
109
|
-
appendScope(newScope) {
|
|
110
|
-
if (newScope) {
|
|
111
|
-
this.scopes.add(newScope.trim());
|
|
112
|
-
}
|
|
113
|
-
}
|
|
114
|
-
/**
|
|
115
|
-
* Appends multiple scopes if passed
|
|
116
|
-
* @param newScopes
|
|
117
|
-
*/
|
|
118
|
-
appendScopes(newScopes) {
|
|
119
|
-
try {
|
|
120
|
-
newScopes.forEach((newScope) => this.appendScope(newScope));
|
|
121
|
-
}
|
|
122
|
-
catch (e) {
|
|
123
|
-
throw createClientAuthError(cannotAppendScopeSet);
|
|
124
|
-
}
|
|
125
|
-
}
|
|
126
|
-
/**
|
|
127
|
-
* Removes element from set of scopes.
|
|
128
|
-
* @param scope
|
|
129
|
-
*/
|
|
130
|
-
removeScope(scope) {
|
|
131
|
-
if (!scope) {
|
|
132
|
-
throw createClientAuthError(cannotRemoveEmptyScope);
|
|
133
|
-
}
|
|
134
|
-
this.scopes.delete(scope.trim());
|
|
135
|
-
}
|
|
136
|
-
/**
|
|
137
|
-
* Removes default scopes from set of scopes
|
|
138
|
-
* Primarily used to prevent cache misses if the default scopes are not returned from the server
|
|
139
|
-
*/
|
|
140
|
-
removeOIDCScopes() {
|
|
141
|
-
OIDC_SCOPES.forEach((defaultScope) => {
|
|
142
|
-
this.scopes.delete(defaultScope);
|
|
143
|
-
});
|
|
144
|
-
}
|
|
145
|
-
/**
|
|
146
|
-
* Combines an array of scopes with the current set of scopes.
|
|
147
|
-
* @param otherScopes
|
|
148
|
-
*/
|
|
149
|
-
unionScopeSets(otherScopes) {
|
|
150
|
-
if (!otherScopes) {
|
|
151
|
-
throw createClientAuthError(emptyInputScopeSet);
|
|
152
|
-
}
|
|
153
|
-
const unionScopes = new Set(); // Iterator in constructor not supported in IE11
|
|
154
|
-
otherScopes.scopes.forEach((scope) => unionScopes.add(scope.toLowerCase()));
|
|
155
|
-
this.scopes.forEach((scope) => unionScopes.add(scope.toLowerCase()));
|
|
156
|
-
return unionScopes;
|
|
157
|
-
}
|
|
158
|
-
/**
|
|
159
|
-
* Check if scopes intersect between this set and another.
|
|
160
|
-
* @param otherScopes
|
|
161
|
-
*/
|
|
162
|
-
intersectingScopeSets(otherScopes) {
|
|
163
|
-
if (!otherScopes) {
|
|
164
|
-
throw createClientAuthError(emptyInputScopeSet);
|
|
165
|
-
}
|
|
166
|
-
// Do not allow OIDC scopes to be the only intersecting scopes
|
|
167
|
-
if (!otherScopes.containsOnlyOIDCScopes()) {
|
|
168
|
-
otherScopes.removeOIDCScopes();
|
|
169
|
-
}
|
|
170
|
-
const unionScopes = this.unionScopeSets(otherScopes);
|
|
171
|
-
const sizeOtherScopes = otherScopes.getScopeCount();
|
|
172
|
-
const sizeThisScopes = this.getScopeCount();
|
|
173
|
-
const sizeUnionScopes = unionScopes.size;
|
|
174
|
-
return sizeUnionScopes < sizeThisScopes + sizeOtherScopes;
|
|
175
|
-
}
|
|
176
|
-
/**
|
|
177
|
-
* Returns size of set of scopes.
|
|
178
|
-
*/
|
|
179
|
-
getScopeCount() {
|
|
180
|
-
return this.scopes.size;
|
|
181
|
-
}
|
|
182
|
-
/**
|
|
183
|
-
* Returns the scopes as an array of string values
|
|
184
|
-
*/
|
|
185
|
-
asArray() {
|
|
186
|
-
const array = [];
|
|
187
|
-
this.scopes.forEach((val) => array.push(val));
|
|
188
|
-
return array;
|
|
189
|
-
}
|
|
190
|
-
/**
|
|
191
|
-
* Prints scopes into a space-delimited string
|
|
192
|
-
*/
|
|
193
|
-
printScopes() {
|
|
194
|
-
if (this.scopes) {
|
|
195
|
-
const scopeArr = this.asArray();
|
|
196
|
-
return scopeArr.join(" ");
|
|
197
|
-
}
|
|
198
|
-
return Constants.EMPTY_STRING;
|
|
199
|
-
}
|
|
200
|
-
/**
|
|
201
|
-
* Prints scopes into a space-delimited lower-case string (used for caching)
|
|
202
|
-
*/
|
|
203
|
-
printScopesLowerCase() {
|
|
204
|
-
return this.printScopes().toLowerCase();
|
|
205
|
-
}
|
|
10
|
+
/*
|
|
11
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
12
|
+
* Licensed under the MIT License.
|
|
13
|
+
*/
|
|
14
|
+
/**
|
|
15
|
+
* The ScopeSet class creates a set of scopes. Scopes are case-insensitive, unique values, so the Set object in JS makes
|
|
16
|
+
* the most sense to implement for this class. All scopes are trimmed and converted to lower case strings in intersection and union functions
|
|
17
|
+
* to ensure uniqueness of strings.
|
|
18
|
+
*/
|
|
19
|
+
class ScopeSet {
|
|
20
|
+
constructor(inputScopes) {
|
|
21
|
+
// Filter empty string and null/undefined array items
|
|
22
|
+
const scopeArr = inputScopes
|
|
23
|
+
? StringUtils.trimArrayEntries([...inputScopes])
|
|
24
|
+
: [];
|
|
25
|
+
const filteredInput = scopeArr
|
|
26
|
+
? StringUtils.removeEmptyStringsFromArray(scopeArr)
|
|
27
|
+
: [];
|
|
28
|
+
// Validate and filter scopes (validate function throws if validation fails)
|
|
29
|
+
this.validateInputScopes(filteredInput);
|
|
30
|
+
this.scopes = new Set(); // Iterator in constructor not supported by IE11
|
|
31
|
+
filteredInput.forEach((scope) => this.scopes.add(scope));
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Factory method to create ScopeSet from space-delimited string
|
|
35
|
+
* @param inputScopeString
|
|
36
|
+
* @param appClientId
|
|
37
|
+
* @param scopesRequired
|
|
38
|
+
*/
|
|
39
|
+
static fromString(inputScopeString) {
|
|
40
|
+
const scopeString = inputScopeString || Constants.EMPTY_STRING;
|
|
41
|
+
const inputScopes = scopeString.split(" ");
|
|
42
|
+
return new ScopeSet(inputScopes);
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Creates the set of scopes to search for in cache lookups
|
|
46
|
+
* @param inputScopeString
|
|
47
|
+
* @returns
|
|
48
|
+
*/
|
|
49
|
+
static createSearchScopes(inputScopeString) {
|
|
50
|
+
const scopeSet = new ScopeSet(inputScopeString);
|
|
51
|
+
if (!scopeSet.containsOnlyOIDCScopes()) {
|
|
52
|
+
scopeSet.removeOIDCScopes();
|
|
53
|
+
}
|
|
54
|
+
else {
|
|
55
|
+
scopeSet.removeScope(Constants.OFFLINE_ACCESS_SCOPE);
|
|
56
|
+
}
|
|
57
|
+
return scopeSet;
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Used to validate the scopes input parameter requested by the developer.
|
|
61
|
+
* @param {Array<string>} inputScopes - Developer requested permissions. Not all scopes are guaranteed to be included in the access token returned.
|
|
62
|
+
* @param {boolean} scopesRequired - Boolean indicating whether the scopes array is required or not
|
|
63
|
+
*/
|
|
64
|
+
validateInputScopes(inputScopes) {
|
|
65
|
+
// Check if scopes are required but not given or is an empty array
|
|
66
|
+
if (!inputScopes || inputScopes.length < 1) {
|
|
67
|
+
throw createClientConfigurationError(emptyInputScopesError);
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Check if a given scope is present in this set of scopes.
|
|
72
|
+
* @param scope
|
|
73
|
+
*/
|
|
74
|
+
containsScope(scope) {
|
|
75
|
+
const lowerCaseScopes = this.printScopesLowerCase().split(" ");
|
|
76
|
+
const lowerCaseScopesSet = new ScopeSet(lowerCaseScopes);
|
|
77
|
+
// compare lowercase scopes
|
|
78
|
+
return scope
|
|
79
|
+
? lowerCaseScopesSet.scopes.has(scope.toLowerCase())
|
|
80
|
+
: false;
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* Check if a set of scopes is present in this set of scopes.
|
|
84
|
+
* @param scopeSet
|
|
85
|
+
*/
|
|
86
|
+
containsScopeSet(scopeSet) {
|
|
87
|
+
if (!scopeSet || scopeSet.scopes.size <= 0) {
|
|
88
|
+
return false;
|
|
89
|
+
}
|
|
90
|
+
return (this.scopes.size >= scopeSet.scopes.size &&
|
|
91
|
+
scopeSet.asArray().every((scope) => this.containsScope(scope)));
|
|
92
|
+
}
|
|
93
|
+
/**
|
|
94
|
+
* Check if set of scopes contains only the defaults
|
|
95
|
+
*/
|
|
96
|
+
containsOnlyOIDCScopes() {
|
|
97
|
+
let defaultScopeCount = 0;
|
|
98
|
+
OIDC_SCOPES.forEach((defaultScope) => {
|
|
99
|
+
if (this.containsScope(defaultScope)) {
|
|
100
|
+
defaultScopeCount += 1;
|
|
101
|
+
}
|
|
102
|
+
});
|
|
103
|
+
return this.scopes.size === defaultScopeCount;
|
|
104
|
+
}
|
|
105
|
+
/**
|
|
106
|
+
* Appends single scope if passed
|
|
107
|
+
* @param newScope
|
|
108
|
+
*/
|
|
109
|
+
appendScope(newScope) {
|
|
110
|
+
if (newScope) {
|
|
111
|
+
this.scopes.add(newScope.trim());
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
/**
|
|
115
|
+
* Appends multiple scopes if passed
|
|
116
|
+
* @param newScopes
|
|
117
|
+
*/
|
|
118
|
+
appendScopes(newScopes) {
|
|
119
|
+
try {
|
|
120
|
+
newScopes.forEach((newScope) => this.appendScope(newScope));
|
|
121
|
+
}
|
|
122
|
+
catch (e) {
|
|
123
|
+
throw createClientAuthError(cannotAppendScopeSet);
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
/**
|
|
127
|
+
* Removes element from set of scopes.
|
|
128
|
+
* @param scope
|
|
129
|
+
*/
|
|
130
|
+
removeScope(scope) {
|
|
131
|
+
if (!scope) {
|
|
132
|
+
throw createClientAuthError(cannotRemoveEmptyScope);
|
|
133
|
+
}
|
|
134
|
+
this.scopes.delete(scope.trim());
|
|
135
|
+
}
|
|
136
|
+
/**
|
|
137
|
+
* Removes default scopes from set of scopes
|
|
138
|
+
* Primarily used to prevent cache misses if the default scopes are not returned from the server
|
|
139
|
+
*/
|
|
140
|
+
removeOIDCScopes() {
|
|
141
|
+
OIDC_SCOPES.forEach((defaultScope) => {
|
|
142
|
+
this.scopes.delete(defaultScope);
|
|
143
|
+
});
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* Combines an array of scopes with the current set of scopes.
|
|
147
|
+
* @param otherScopes
|
|
148
|
+
*/
|
|
149
|
+
unionScopeSets(otherScopes) {
|
|
150
|
+
if (!otherScopes) {
|
|
151
|
+
throw createClientAuthError(emptyInputScopeSet);
|
|
152
|
+
}
|
|
153
|
+
const unionScopes = new Set(); // Iterator in constructor not supported in IE11
|
|
154
|
+
otherScopes.scopes.forEach((scope) => unionScopes.add(scope.toLowerCase()));
|
|
155
|
+
this.scopes.forEach((scope) => unionScopes.add(scope.toLowerCase()));
|
|
156
|
+
return unionScopes;
|
|
157
|
+
}
|
|
158
|
+
/**
|
|
159
|
+
* Check if scopes intersect between this set and another.
|
|
160
|
+
* @param otherScopes
|
|
161
|
+
*/
|
|
162
|
+
intersectingScopeSets(otherScopes) {
|
|
163
|
+
if (!otherScopes) {
|
|
164
|
+
throw createClientAuthError(emptyInputScopeSet);
|
|
165
|
+
}
|
|
166
|
+
// Do not allow OIDC scopes to be the only intersecting scopes
|
|
167
|
+
if (!otherScopes.containsOnlyOIDCScopes()) {
|
|
168
|
+
otherScopes.removeOIDCScopes();
|
|
169
|
+
}
|
|
170
|
+
const unionScopes = this.unionScopeSets(otherScopes);
|
|
171
|
+
const sizeOtherScopes = otherScopes.getScopeCount();
|
|
172
|
+
const sizeThisScopes = this.getScopeCount();
|
|
173
|
+
const sizeUnionScopes = unionScopes.size;
|
|
174
|
+
return sizeUnionScopes < sizeThisScopes + sizeOtherScopes;
|
|
175
|
+
}
|
|
176
|
+
/**
|
|
177
|
+
* Returns size of set of scopes.
|
|
178
|
+
*/
|
|
179
|
+
getScopeCount() {
|
|
180
|
+
return this.scopes.size;
|
|
181
|
+
}
|
|
182
|
+
/**
|
|
183
|
+
* Returns the scopes as an array of string values
|
|
184
|
+
*/
|
|
185
|
+
asArray() {
|
|
186
|
+
const array = [];
|
|
187
|
+
this.scopes.forEach((val) => array.push(val));
|
|
188
|
+
return array;
|
|
189
|
+
}
|
|
190
|
+
/**
|
|
191
|
+
* Prints scopes into a space-delimited string
|
|
192
|
+
*/
|
|
193
|
+
printScopes() {
|
|
194
|
+
if (this.scopes) {
|
|
195
|
+
const scopeArr = this.asArray();
|
|
196
|
+
return scopeArr.join(" ");
|
|
197
|
+
}
|
|
198
|
+
return Constants.EMPTY_STRING;
|
|
199
|
+
}
|
|
200
|
+
/**
|
|
201
|
+
* Prints scopes into a space-delimited lower-case string (used for caching)
|
|
202
|
+
*/
|
|
203
|
+
printScopesLowerCase() {
|
|
204
|
+
return this.printScopes().toLowerCase();
|
|
205
|
+
}
|
|
206
206
|
}
|
|
207
207
|
|
|
208
208
|
export { ScopeSet };
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Controls whether tokens should be stored in the cache or not. If set to false, tokens may still be acquired and returned but will not be cached for later retrieval.
|
|
3
|
-
*/
|
|
4
|
-
export type StoreInCache = {
|
|
5
|
-
accessToken?: boolean;
|
|
6
|
-
idToken?: boolean;
|
|
7
|
-
refreshToken?: boolean;
|
|
8
|
-
};
|
|
1
|
+
/**
|
|
2
|
+
* Controls whether tokens should be stored in the cache or not. If set to false, tokens may still be acquired and returned but will not be cached for later retrieval.
|
|
3
|
+
*/
|
|
4
|
+
export type StoreInCache = {
|
|
5
|
+
accessToken?: boolean;
|
|
6
|
+
idToken?: boolean;
|
|
7
|
+
refreshToken?: boolean;
|
|
8
|
+
};
|
|
9
9
|
//# sourceMappingURL=StoreInCache.d.ts.map
|
|
@@ -1,42 +1,42 @@
|
|
|
1
|
-
import { AccountInfo } from "../account/AccountInfo";
|
|
2
|
-
/**
|
|
3
|
-
* Result returned from the authority's token endpoint.
|
|
4
|
-
* - uniqueId - `oid` or `sub` claim from ID token
|
|
5
|
-
* - tenantId - `tid` claim from ID token
|
|
6
|
-
* - scopes - Scopes that are validated for the respective token
|
|
7
|
-
* - account - An account object representation of the currently signed-in user
|
|
8
|
-
* - idToken - Id token received as part of the response
|
|
9
|
-
* - idTokenClaims - MSAL-relevant ID token claims
|
|
10
|
-
* - accessToken - Access token or SSH certificate received as part of the response
|
|
11
|
-
* - fromCache - Boolean denoting whether token came from cache
|
|
12
|
-
* - expiresOn - Javascript Date object representing relative expiration of access token
|
|
13
|
-
* - extExpiresOn - Javascript Date object representing extended relative expiration of access token in case of server outage
|
|
14
|
-
* - refreshOn - Javascript Date object representing relative time until an access token must be refreshed
|
|
15
|
-
* - state - Value passed in by user in request
|
|
16
|
-
* - familyId - Family ID identifier, usually only used for refresh tokens
|
|
17
|
-
* - requestId - Request ID returned as part of the response
|
|
18
|
-
*/
|
|
19
|
-
export type AuthenticationResult = {
|
|
20
|
-
authority: string;
|
|
21
|
-
uniqueId: string;
|
|
22
|
-
tenantId: string;
|
|
23
|
-
scopes: Array<string>;
|
|
24
|
-
account: AccountInfo | null;
|
|
25
|
-
idToken: string;
|
|
26
|
-
idTokenClaims: object;
|
|
27
|
-
accessToken: string;
|
|
28
|
-
fromCache: boolean;
|
|
29
|
-
expiresOn: Date | null;
|
|
30
|
-
extExpiresOn?: Date;
|
|
31
|
-
refreshOn?: Date;
|
|
32
|
-
tokenType: string;
|
|
33
|
-
correlationId: string;
|
|
34
|
-
requestId?: string;
|
|
35
|
-
state?: string;
|
|
36
|
-
familyId?: string;
|
|
37
|
-
cloudGraphHostName?: string;
|
|
38
|
-
msGraphHost?: string;
|
|
39
|
-
code?: string;
|
|
40
|
-
fromNativeBroker?: boolean;
|
|
41
|
-
};
|
|
1
|
+
import { AccountInfo } from "../account/AccountInfo";
|
|
2
|
+
/**
|
|
3
|
+
* Result returned from the authority's token endpoint.
|
|
4
|
+
* - uniqueId - `oid` or `sub` claim from ID token
|
|
5
|
+
* - tenantId - `tid` claim from ID token
|
|
6
|
+
* - scopes - Scopes that are validated for the respective token
|
|
7
|
+
* - account - An account object representation of the currently signed-in user
|
|
8
|
+
* - idToken - Id token received as part of the response
|
|
9
|
+
* - idTokenClaims - MSAL-relevant ID token claims
|
|
10
|
+
* - accessToken - Access token or SSH certificate received as part of the response
|
|
11
|
+
* - fromCache - Boolean denoting whether token came from cache
|
|
12
|
+
* - expiresOn - Javascript Date object representing relative expiration of access token
|
|
13
|
+
* - extExpiresOn - Javascript Date object representing extended relative expiration of access token in case of server outage
|
|
14
|
+
* - refreshOn - Javascript Date object representing relative time until an access token must be refreshed
|
|
15
|
+
* - state - Value passed in by user in request
|
|
16
|
+
* - familyId - Family ID identifier, usually only used for refresh tokens
|
|
17
|
+
* - requestId - Request ID returned as part of the response
|
|
18
|
+
*/
|
|
19
|
+
export type AuthenticationResult = {
|
|
20
|
+
authority: string;
|
|
21
|
+
uniqueId: string;
|
|
22
|
+
tenantId: string;
|
|
23
|
+
scopes: Array<string>;
|
|
24
|
+
account: AccountInfo | null;
|
|
25
|
+
idToken: string;
|
|
26
|
+
idTokenClaims: object;
|
|
27
|
+
accessToken: string;
|
|
28
|
+
fromCache: boolean;
|
|
29
|
+
expiresOn: Date | null;
|
|
30
|
+
extExpiresOn?: Date;
|
|
31
|
+
refreshOn?: Date;
|
|
32
|
+
tokenType: string;
|
|
33
|
+
correlationId: string;
|
|
34
|
+
requestId?: string;
|
|
35
|
+
state?: string;
|
|
36
|
+
familyId?: string;
|
|
37
|
+
cloudGraphHostName?: string;
|
|
38
|
+
msGraphHost?: string;
|
|
39
|
+
code?: string;
|
|
40
|
+
fromNativeBroker?: boolean;
|
|
41
|
+
};
|
|
42
42
|
//# sourceMappingURL=AuthenticationResult.d.ts.map
|
|
@@ -1,14 +1,14 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Response returned after processing the code response query string or fragment.
|
|
3
|
-
*/
|
|
4
|
-
export type AuthorizationCodePayload = {
|
|
5
|
-
code: string;
|
|
6
|
-
cloud_instance_name?: string;
|
|
7
|
-
cloud_instance_host_name?: string;
|
|
8
|
-
cloud_graph_host_name?: string;
|
|
9
|
-
msgraph_host?: string;
|
|
10
|
-
state?: string;
|
|
11
|
-
nonce?: string;
|
|
12
|
-
client_info?: string;
|
|
13
|
-
};
|
|
1
|
+
/**
|
|
2
|
+
* Response returned after processing the code response query string or fragment.
|
|
3
|
+
*/
|
|
4
|
+
export type AuthorizationCodePayload = {
|
|
5
|
+
code: string;
|
|
6
|
+
cloud_instance_name?: string;
|
|
7
|
+
cloud_instance_host_name?: string;
|
|
8
|
+
cloud_graph_host_name?: string;
|
|
9
|
+
msgraph_host?: string;
|
|
10
|
+
state?: string;
|
|
11
|
+
nonce?: string;
|
|
12
|
+
client_info?: string;
|
|
13
|
+
};
|
|
14
14
|
//# sourceMappingURL=AuthorizationCodePayload.d.ts.map
|
|
@@ -1,26 +1,26 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* DeviceCode returned by the security token service device code endpoint containing information necessary for device code flow.
|
|
3
|
-
* - userCode: code which user needs to provide when authenticating at the verification URI
|
|
4
|
-
* - deviceCode: code which should be included in the request for the access token
|
|
5
|
-
* - verificationUri: URI where user can authenticate
|
|
6
|
-
* - expiresIn: expiration time of the device code in seconds
|
|
7
|
-
* - interval: interval at which the STS should be polled at
|
|
8
|
-
* - message: message which should be displayed to the user
|
|
9
|
-
*/
|
|
10
|
-
export type DeviceCodeResponse = {
|
|
11
|
-
userCode: string;
|
|
12
|
-
deviceCode: string;
|
|
13
|
-
verificationUri: string;
|
|
14
|
-
expiresIn: number;
|
|
15
|
-
interval: number;
|
|
16
|
-
message: string;
|
|
17
|
-
};
|
|
18
|
-
export type ServerDeviceCodeResponse = {
|
|
19
|
-
user_code: string;
|
|
20
|
-
device_code: string;
|
|
21
|
-
verification_uri: string;
|
|
22
|
-
expires_in: number;
|
|
23
|
-
interval: number;
|
|
24
|
-
message: string;
|
|
25
|
-
};
|
|
1
|
+
/**
|
|
2
|
+
* DeviceCode returned by the security token service device code endpoint containing information necessary for device code flow.
|
|
3
|
+
* - userCode: code which user needs to provide when authenticating at the verification URI
|
|
4
|
+
* - deviceCode: code which should be included in the request for the access token
|
|
5
|
+
* - verificationUri: URI where user can authenticate
|
|
6
|
+
* - expiresIn: expiration time of the device code in seconds
|
|
7
|
+
* - interval: interval at which the STS should be polled at
|
|
8
|
+
* - message: message which should be displayed to the user
|
|
9
|
+
*/
|
|
10
|
+
export type DeviceCodeResponse = {
|
|
11
|
+
userCode: string;
|
|
12
|
+
deviceCode: string;
|
|
13
|
+
verificationUri: string;
|
|
14
|
+
expiresIn: number;
|
|
15
|
+
interval: number;
|
|
16
|
+
message: string;
|
|
17
|
+
};
|
|
18
|
+
export type ServerDeviceCodeResponse = {
|
|
19
|
+
user_code: string;
|
|
20
|
+
device_code: string;
|
|
21
|
+
verification_uri: string;
|
|
22
|
+
expires_in: number;
|
|
23
|
+
interval: number;
|
|
24
|
+
message: string;
|
|
25
|
+
};
|
|
26
26
|
//# sourceMappingURL=DeviceCodeResponse.d.ts.map
|
|
@@ -1,16 +1,16 @@
|
|
|
1
|
-
import { ServerAuthorizationTokenResponse } from "./ServerAuthorizationTokenResponse";
|
|
2
|
-
/**
|
|
3
|
-
* Response object used for loading external tokens to cache.
|
|
4
|
-
* - token_type: Indicates the token type value. The only type that Azure AD supports is Bearer.
|
|
5
|
-
* - scope: The scopes that the access_token is valid for.
|
|
6
|
-
* - expires_in: How long the access token is valid (in seconds).
|
|
7
|
-
* - id_token: A JSON Web Token (JWT). The app can decode the segments of this token to request information about the user who signed in.
|
|
8
|
-
* - refresh_token: An OAuth 2.0 refresh token. The app can use this token acquire additional access tokens after the current access token expires.
|
|
9
|
-
* - access_token: The requested access token. The app can use this token to authenticate to the secured resource, such as a web API.
|
|
10
|
-
* - client_info: Client info object
|
|
11
|
-
*/
|
|
12
|
-
export type ExternalTokenResponse = Pick<ServerAuthorizationTokenResponse, "token_type" | "scope" | "expires_in" | "ext_expires_in" | "id_token" | "refresh_token" | "refresh_token_expires_in" | "foci"> & {
|
|
13
|
-
access_token?: string;
|
|
14
|
-
client_info?: string;
|
|
15
|
-
};
|
|
1
|
+
import { ServerAuthorizationTokenResponse } from "./ServerAuthorizationTokenResponse";
|
|
2
|
+
/**
|
|
3
|
+
* Response object used for loading external tokens to cache.
|
|
4
|
+
* - token_type: Indicates the token type value. The only type that Azure AD supports is Bearer.
|
|
5
|
+
* - scope: The scopes that the access_token is valid for.
|
|
6
|
+
* - expires_in: How long the access token is valid (in seconds).
|
|
7
|
+
* - id_token: A JSON Web Token (JWT). The app can decode the segments of this token to request information about the user who signed in.
|
|
8
|
+
* - refresh_token: An OAuth 2.0 refresh token. The app can use this token acquire additional access tokens after the current access token expires.
|
|
9
|
+
* - access_token: The requested access token. The app can use this token to authenticate to the secured resource, such as a web API.
|
|
10
|
+
* - client_info: Client info object
|
|
11
|
+
*/
|
|
12
|
+
export type ExternalTokenResponse = Pick<ServerAuthorizationTokenResponse, "token_type" | "scope" | "expires_in" | "ext_expires_in" | "id_token" | "refresh_token" | "refresh_token_expires_in" | "foci"> & {
|
|
13
|
+
access_token?: string;
|
|
14
|
+
client_info?: string;
|
|
15
|
+
};
|
|
16
16
|
//# sourceMappingURL=ExternalTokenResponse.d.ts.map
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export type IMDSBadResponse = {
|
|
2
|
-
error: string;
|
|
3
|
-
"newest-versions": Array<string>;
|
|
4
|
-
};
|
|
1
|
+
export type IMDSBadResponse = {
|
|
2
|
+
error: string;
|
|
3
|
+
"newest-versions": Array<string>;
|
|
4
|
+
};
|
|
5
5
|
//# sourceMappingURL=IMDSBadResponse.d.ts.map
|