@azure/msal-common 14.14.0 → 14.14.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (185) hide show
  1. package/dist/account/AccountInfo.d.ts +66 -66
  2. package/dist/account/AccountInfo.mjs +77 -77
  3. package/dist/account/AuthToken.d.ts +17 -17
  4. package/dist/account/AuthToken.mjs +58 -58
  5. package/dist/account/CcsCredential.d.ts +9 -9
  6. package/dist/account/CcsCredential.mjs +8 -8
  7. package/dist/account/ClientCredentials.d.ts +19 -19
  8. package/dist/account/ClientInfo.d.ts +18 -18
  9. package/dist/account/ClientInfo.mjs +37 -37
  10. package/dist/account/TokenClaims.d.ts +83 -83
  11. package/dist/account/TokenClaims.mjs +20 -20
  12. package/dist/authority/Authority.d.ts +254 -254
  13. package/dist/authority/Authority.mjs +836 -836
  14. package/dist/authority/AuthorityFactory.d.ts +18 -18
  15. package/dist/authority/AuthorityFactory.mjs +28 -28
  16. package/dist/authority/AuthorityMetadata.d.ts +43 -43
  17. package/dist/authority/AuthorityMetadata.mjs +137 -137
  18. package/dist/authority/AuthorityOptions.d.ts +27 -27
  19. package/dist/authority/AuthorityOptions.mjs +18 -18
  20. package/dist/authority/AuthorityType.d.ts +10 -10
  21. package/dist/authority/AuthorityType.mjs +13 -13
  22. package/dist/authority/AzureRegion.d.ts +1 -1
  23. package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
  24. package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
  25. package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
  26. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
  27. package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
  28. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
  29. package/dist/authority/ImdsOptions.d.ts +5 -5
  30. package/dist/authority/OIDCOptions.d.ts +8 -8
  31. package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
  32. package/dist/authority/OpenIdConfigResponse.mjs +10 -10
  33. package/dist/authority/ProtocolMode.d.ts +8 -8
  34. package/dist/authority/ProtocolMode.mjs +11 -11
  35. package/dist/authority/RegionDiscovery.d.ts +32 -32
  36. package/dist/authority/RegionDiscovery.mjs +106 -106
  37. package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
  38. package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
  39. package/dist/cache/CacheManager.d.ts +497 -497
  40. package/dist/cache/CacheManager.mjs +1249 -1249
  41. package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
  42. package/dist/cache/entities/AccountEntity.d.ts +106 -106
  43. package/dist/cache/entities/AccountEntity.mjs +240 -240
  44. package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
  45. package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
  46. package/dist/cache/entities/CacheRecord.d.ts +13 -13
  47. package/dist/cache/entities/CredentialEntity.d.ts +30 -30
  48. package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
  49. package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
  50. package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -6
  51. package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
  52. package/dist/cache/interface/ICacheManager.d.ts +166 -166
  53. package/dist/cache/interface/ICachePlugin.d.ts +5 -5
  54. package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
  55. package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
  56. package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
  57. package/dist/cache/utils/CacheHelpers.d.ts +94 -94
  58. package/dist/cache/utils/CacheHelpers.mjs +324 -324
  59. package/dist/cache/utils/CacheTypes.d.ts +69 -69
  60. package/dist/client/AuthorizationCodeClient.d.ts +74 -74
  61. package/dist/client/AuthorizationCodeClient.mjs +420 -420
  62. package/dist/client/BaseClient.d.ts +51 -51
  63. package/dist/client/BaseClient.mjs +100 -100
  64. package/dist/client/RefreshTokenClient.d.ts +35 -35
  65. package/dist/client/RefreshTokenClient.mjs +211 -211
  66. package/dist/client/SilentFlowClient.d.ts +27 -27
  67. package/dist/client/SilentFlowClient.mjs +133 -133
  68. package/dist/config/AppTokenProvider.d.ts +38 -38
  69. package/dist/config/ClientConfiguration.d.ts +150 -150
  70. package/dist/config/ClientConfiguration.mjs +95 -95
  71. package/dist/constants/AADServerParamKeys.d.ts +53 -53
  72. package/dist/constants/AADServerParamKeys.mjs +57 -57
  73. package/dist/crypto/ICrypto.d.ts +68 -68
  74. package/dist/crypto/ICrypto.mjs +36 -36
  75. package/dist/crypto/IGuidGenerator.d.ts +4 -4
  76. package/dist/crypto/JoseHeader.d.ts +22 -22
  77. package/dist/crypto/JoseHeader.mjs +37 -37
  78. package/dist/crypto/PopTokenGenerator.d.ts +59 -59
  79. package/dist/crypto/PopTokenGenerator.mjs +81 -81
  80. package/dist/crypto/SignedHttpRequest.d.ts +15 -15
  81. package/dist/error/AuthError.d.ts +44 -44
  82. package/dist/error/AuthError.mjs +46 -46
  83. package/dist/error/AuthErrorCodes.d.ts +5 -5
  84. package/dist/error/AuthErrorCodes.mjs +9 -9
  85. package/dist/error/CacheError.d.ts +20 -20
  86. package/dist/error/CacheError.mjs +24 -24
  87. package/dist/error/CacheErrorCodes.d.ts +2 -2
  88. package/dist/error/CacheErrorCodes.mjs +6 -6
  89. package/dist/error/ClientAuthError.d.ts +237 -237
  90. package/dist/error/ClientAuthError.mjs +249 -249
  91. package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
  92. package/dist/error/ClientAuthErrorCodes.mjs +48 -48
  93. package/dist/error/ClientConfigurationError.d.ts +128 -128
  94. package/dist/error/ClientConfigurationError.mjs +135 -135
  95. package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
  96. package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
  97. package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
  98. package/dist/error/InteractionRequiredAuthError.mjs +85 -85
  99. package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
  100. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
  101. package/dist/error/JoseHeaderError.d.ts +15 -15
  102. package/dist/error/JoseHeaderError.mjs +22 -22
  103. package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
  104. package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
  105. package/dist/error/ServerError.d.ts +15 -15
  106. package/dist/error/ServerError.mjs +16 -16
  107. package/dist/index.cjs +8658 -8658
  108. package/dist/index.cjs.map +1 -1
  109. package/dist/index.d.ts +107 -107
  110. package/dist/index.mjs +1 -1
  111. package/dist/logger/Logger.d.ts +95 -95
  112. package/dist/logger/Logger.mjs +188 -188
  113. package/dist/network/INetworkModule.d.ts +29 -29
  114. package/dist/network/INetworkModule.mjs +12 -12
  115. package/dist/network/NetworkManager.d.ts +33 -33
  116. package/dist/network/NetworkManager.mjs +34 -34
  117. package/dist/network/RequestThumbprint.d.ts +18 -18
  118. package/dist/network/ThrottlingUtils.d.ts +42 -42
  119. package/dist/network/ThrottlingUtils.mjs +95 -95
  120. package/dist/packageMetadata.d.ts +2 -2
  121. package/dist/packageMetadata.mjs +4 -4
  122. package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
  123. package/dist/request/AuthenticationHeaderParser.mjs +55 -55
  124. package/dist/request/BaseAuthRequest.d.ts +47 -47
  125. package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
  126. package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
  127. package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
  128. package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
  129. package/dist/request/CommonEndSessionRequest.d.ts +21 -21
  130. package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
  131. package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
  132. package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
  133. package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
  134. package/dist/request/NativeRequest.d.ts +19 -19
  135. package/dist/request/NativeSignOutRequest.d.ts +5 -5
  136. package/dist/request/RequestParameterBuilder.d.ts +217 -217
  137. package/dist/request/RequestParameterBuilder.mjs +382 -382
  138. package/dist/request/RequestValidator.d.ts +27 -27
  139. package/dist/request/RequestValidator.mjs +64 -64
  140. package/dist/request/ScopeSet.d.ts +88 -88
  141. package/dist/request/ScopeSet.mjs +197 -197
  142. package/dist/request/StoreInCache.d.ts +8 -8
  143. package/dist/response/AuthenticationResult.d.ts +41 -41
  144. package/dist/response/AuthorizationCodePayload.d.ts +13 -13
  145. package/dist/response/DeviceCodeResponse.d.ts +25 -25
  146. package/dist/response/ExternalTokenResponse.d.ts +15 -15
  147. package/dist/response/IMDSBadResponse.d.ts +4 -4
  148. package/dist/response/ResponseHandler.d.ts +69 -69
  149. package/dist/response/ResponseHandler.mjs +374 -374
  150. package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
  151. package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
  152. package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
  153. package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
  154. package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
  155. package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
  156. package/dist/telemetry/performance/PerformanceEvent.d.ts +511 -505
  157. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  158. package/dist/telemetry/performance/PerformanceEvent.mjs +480 -480
  159. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  160. package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
  161. package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
  162. package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -78
  163. package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -260
  164. package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
  165. package/dist/url/IUri.d.ts +12 -12
  166. package/dist/url/UrlString.d.ts +48 -48
  167. package/dist/url/UrlString.mjs +161 -161
  168. package/dist/utils/ClientAssertionUtils.d.ts +2 -2
  169. package/dist/utils/ClientAssertionUtils.mjs +16 -16
  170. package/dist/utils/Constants.d.ts +309 -309
  171. package/dist/utils/Constants.mjs +322 -322
  172. package/dist/utils/FunctionWrappers.d.ts +27 -27
  173. package/dist/utils/FunctionWrappers.mjs +94 -94
  174. package/dist/utils/MsalTypes.d.ts +6 -6
  175. package/dist/utils/ProtocolUtils.d.ts +42 -42
  176. package/dist/utils/ProtocolUtils.mjs +69 -69
  177. package/dist/utils/StringUtils.d.ts +40 -40
  178. package/dist/utils/StringUtils.mjs +95 -95
  179. package/dist/utils/TimeUtils.d.ts +25 -25
  180. package/dist/utils/TimeUtils.mjs +43 -43
  181. package/dist/utils/UrlUtils.d.ts +10 -10
  182. package/dist/utils/UrlUtils.mjs +44 -44
  183. package/package.json +1 -1
  184. package/src/packageMetadata.ts +1 -1
  185. package/src/telemetry/performance/PerformanceEvent.ts +7 -0
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v14.14.0 2024-07-23 */
1
+ /*! @azure/msal-common v14.14.2 2024-08-28 */
2
2
  'use strict';
3
3
  import { Separators, CacheAccountType } from '../../utils/Constants.mjs';
4
4
  import { buildClientInfo } from '../../account/ClientInfo.mjs';
@@ -9,245 +9,245 @@ import { getTenantIdFromIdTokenClaims } from '../../account/TokenClaims.mjs';
9
9
  import { ProtocolMode } from '../../authority/ProtocolMode.mjs';
10
10
  import { invalidCacheEnvironment } from '../../error/ClientAuthErrorCodes.mjs';
11
11
 
12
- /*
13
- * Copyright (c) Microsoft Corporation. All rights reserved.
14
- * Licensed under the MIT License.
15
- */
16
- /**
17
- * Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
18
- *
19
- * Key : Value Schema
20
- *
21
- * Key: <home_account_id>-<environment>-<realm*>
22
- *
23
- * Value Schema:
24
- * {
25
- * homeAccountId: home account identifier for the auth scheme,
26
- * environment: entity that issued the token, represented as a full host
27
- * realm: Full tenant or organizational identifier that the account belongs to
28
- * localAccountId: Original tenant-specific accountID, usually used for legacy cases
29
- * username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
30
- * authorityType: Accounts authority type as a string
31
- * name: Full name for the account, including given name and family name,
32
- * lastModificationTime: last time this entity was modified in the cache
33
- * lastModificationApp:
34
- * nativeAccountId: Account identifier on the native device
35
- * tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
36
- * }
37
- * @internal
38
- */
39
- class AccountEntity {
40
- /**
41
- * Generate Account Id key component as per the schema: <home_account_id>-<environment>
42
- */
43
- generateAccountId() {
44
- const accountId = [this.homeAccountId, this.environment];
45
- return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
46
- }
47
- /**
48
- * Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
49
- */
50
- generateAccountKey() {
51
- return AccountEntity.generateAccountCacheKey({
52
- homeAccountId: this.homeAccountId,
53
- environment: this.environment,
54
- tenantId: this.realm,
55
- username: this.username,
56
- localAccountId: this.localAccountId,
57
- });
58
- }
59
- /**
60
- * Returns the AccountInfo interface for this account.
61
- */
62
- getAccountInfo() {
63
- return {
64
- homeAccountId: this.homeAccountId,
65
- environment: this.environment,
66
- tenantId: this.realm,
67
- username: this.username,
68
- localAccountId: this.localAccountId,
69
- name: this.name,
70
- nativeAccountId: this.nativeAccountId,
71
- authorityType: this.authorityType,
72
- // Deserialize tenant profiles array into a Map
73
- tenantProfiles: new Map((this.tenantProfiles || []).map((tenantProfile) => {
74
- return [tenantProfile.tenantId, tenantProfile];
75
- })),
76
- };
77
- }
78
- /**
79
- * Returns true if the account entity is in single tenant format (outdated), false otherwise
80
- */
81
- isSingleTenant() {
82
- return !this.tenantProfiles;
83
- }
84
- /**
85
- * Generates account key from interface
86
- * @param accountInterface
87
- */
88
- static generateAccountCacheKey(accountInterface) {
89
- const homeTenantId = accountInterface.homeAccountId.split(".")[1];
90
- const accountKey = [
91
- accountInterface.homeAccountId,
92
- accountInterface.environment || "",
93
- homeTenantId || accountInterface.tenantId || "",
94
- ];
95
- return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
96
- }
97
- /**
98
- * Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
99
- * @param accountDetails
100
- */
101
- static createAccount(accountDetails, authority, base64Decode) {
102
- const account = new AccountEntity();
103
- if (authority.authorityType === AuthorityType.Adfs) {
104
- account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;
105
- }
106
- else if (authority.protocolMode === ProtocolMode.AAD) {
107
- account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
108
- }
109
- else {
110
- account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE;
111
- }
112
- let clientInfo;
113
- if (accountDetails.clientInfo && base64Decode) {
114
- clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode);
115
- }
116
- account.clientInfo = accountDetails.clientInfo;
117
- account.homeAccountId = accountDetails.homeAccountId;
118
- account.nativeAccountId = accountDetails.nativeAccountId;
119
- const env = accountDetails.environment ||
120
- (authority && authority.getPreferredCache());
121
- if (!env) {
122
- throw createClientAuthError(invalidCacheEnvironment);
123
- }
124
- account.environment = env;
125
- // non AAD scenarios can have empty realm
126
- account.realm =
127
- clientInfo?.utid ||
128
- getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||
129
- "";
130
- // How do you account for MSA CID here?
131
- account.localAccountId =
132
- clientInfo?.uid ||
133
- accountDetails.idTokenClaims?.oid ||
134
- accountDetails.idTokenClaims?.sub ||
135
- "";
136
- /*
137
- * In B2C scenarios the emails claim is used instead of preferred_username and it is an array.
138
- * In most cases it will contain a single email. This field should not be relied upon if a custom
139
- * policy is configured to return more than 1 email.
140
- */
141
- const preferredUsername = accountDetails.idTokenClaims?.preferred_username ||
142
- accountDetails.idTokenClaims?.upn;
143
- const email = accountDetails.idTokenClaims?.emails
144
- ? accountDetails.idTokenClaims.emails[0]
145
- : null;
146
- account.username = preferredUsername || email || "";
147
- account.name = accountDetails.idTokenClaims?.name || "";
148
- account.cloudGraphHostName = accountDetails.cloudGraphHostName;
149
- account.msGraphHost = accountDetails.msGraphHost;
150
- if (accountDetails.tenantProfiles) {
151
- account.tenantProfiles = accountDetails.tenantProfiles;
152
- }
153
- else {
154
- const tenantProfile = buildTenantProfile(accountDetails.homeAccountId, account.localAccountId, account.realm, accountDetails.idTokenClaims);
155
- account.tenantProfiles = [tenantProfile];
156
- }
157
- return account;
158
- }
159
- /**
160
- * Creates an AccountEntity object from AccountInfo
161
- * @param accountInfo
162
- * @param cloudGraphHostName
163
- * @param msGraphHost
164
- * @returns
165
- */
166
- static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {
167
- const account = new AccountEntity();
168
- account.authorityType =
169
- accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;
170
- account.homeAccountId = accountInfo.homeAccountId;
171
- account.localAccountId = accountInfo.localAccountId;
172
- account.nativeAccountId = accountInfo.nativeAccountId;
173
- account.realm = accountInfo.tenantId;
174
- account.environment = accountInfo.environment;
175
- account.username = accountInfo.username;
176
- account.name = accountInfo.name;
177
- account.cloudGraphHostName = cloudGraphHostName;
178
- account.msGraphHost = msGraphHost;
179
- // Serialize tenant profiles map into an array
180
- account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
181
- return account;
182
- }
183
- /**
184
- * Generate HomeAccountId from server response
185
- * @param serverClientInfo
186
- * @param authType
187
- */
188
- static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) {
189
- // since ADFS/DSTS do not have tid and does not set client_info
190
- if (!(authType === AuthorityType.Adfs ||
191
- authType === AuthorityType.Dsts)) {
192
- // for cases where there is clientInfo
193
- if (serverClientInfo) {
194
- try {
195
- const clientInfo = buildClientInfo(serverClientInfo, cryptoObj.base64Decode);
196
- if (clientInfo.uid && clientInfo.utid) {
197
- return `${clientInfo.uid}.${clientInfo.utid}`;
198
- }
199
- }
200
- catch (e) { }
201
- }
202
- logger.warning("No client info in response");
203
- }
204
- // default to "sub" claim
205
- return idTokenClaims?.sub || "";
206
- }
207
- /**
208
- * Validates an entity: checks for all expected params
209
- * @param entity
210
- */
211
- static isAccountEntity(entity) {
212
- if (!entity) {
213
- return false;
214
- }
215
- return (entity.hasOwnProperty("homeAccountId") &&
216
- entity.hasOwnProperty("environment") &&
217
- entity.hasOwnProperty("realm") &&
218
- entity.hasOwnProperty("localAccountId") &&
219
- entity.hasOwnProperty("username") &&
220
- entity.hasOwnProperty("authorityType"));
221
- }
222
- /**
223
- * Helper function to determine whether 2 accountInfo objects represent the same account
224
- * @param accountA
225
- * @param accountB
226
- * @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
227
- */
228
- static accountInfoIsEqual(accountA, accountB, compareClaims) {
229
- if (!accountA || !accountB) {
230
- return false;
231
- }
232
- let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false
233
- if (compareClaims) {
234
- const accountAClaims = (accountA.idTokenClaims ||
235
- {});
236
- const accountBClaims = (accountB.idTokenClaims ||
237
- {});
238
- // issued at timestamp and nonce are expected to change each time a new id token is acquired
239
- claimsMatch =
240
- accountAClaims.iat === accountBClaims.iat &&
241
- accountAClaims.nonce === accountBClaims.nonce;
242
- }
243
- return (accountA.homeAccountId === accountB.homeAccountId &&
244
- accountA.localAccountId === accountB.localAccountId &&
245
- accountA.username === accountB.username &&
246
- accountA.tenantId === accountB.tenantId &&
247
- accountA.environment === accountB.environment &&
248
- accountA.nativeAccountId === accountB.nativeAccountId &&
249
- claimsMatch);
250
- }
12
+ /*
13
+ * Copyright (c) Microsoft Corporation. All rights reserved.
14
+ * Licensed under the MIT License.
15
+ */
16
+ /**
17
+ * Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).
18
+ *
19
+ * Key : Value Schema
20
+ *
21
+ * Key: <home_account_id>-<environment>-<realm*>
22
+ *
23
+ * Value Schema:
24
+ * {
25
+ * homeAccountId: home account identifier for the auth scheme,
26
+ * environment: entity that issued the token, represented as a full host
27
+ * realm: Full tenant or organizational identifier that the account belongs to
28
+ * localAccountId: Original tenant-specific accountID, usually used for legacy cases
29
+ * username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt
30
+ * authorityType: Accounts authority type as a string
31
+ * name: Full name for the account, including given name and family name,
32
+ * lastModificationTime: last time this entity was modified in the cache
33
+ * lastModificationApp:
34
+ * nativeAccountId: Account identifier on the native device
35
+ * tenantProfiles: Array of tenant profile objects for each tenant that the account has authenticated with in the browser
36
+ * }
37
+ * @internal
38
+ */
39
+ class AccountEntity {
40
+ /**
41
+ * Generate Account Id key component as per the schema: <home_account_id>-<environment>
42
+ */
43
+ generateAccountId() {
44
+ const accountId = [this.homeAccountId, this.environment];
45
+ return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
46
+ }
47
+ /**
48
+ * Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
49
+ */
50
+ generateAccountKey() {
51
+ return AccountEntity.generateAccountCacheKey({
52
+ homeAccountId: this.homeAccountId,
53
+ environment: this.environment,
54
+ tenantId: this.realm,
55
+ username: this.username,
56
+ localAccountId: this.localAccountId,
57
+ });
58
+ }
59
+ /**
60
+ * Returns the AccountInfo interface for this account.
61
+ */
62
+ getAccountInfo() {
63
+ return {
64
+ homeAccountId: this.homeAccountId,
65
+ environment: this.environment,
66
+ tenantId: this.realm,
67
+ username: this.username,
68
+ localAccountId: this.localAccountId,
69
+ name: this.name,
70
+ nativeAccountId: this.nativeAccountId,
71
+ authorityType: this.authorityType,
72
+ // Deserialize tenant profiles array into a Map
73
+ tenantProfiles: new Map((this.tenantProfiles || []).map((tenantProfile) => {
74
+ return [tenantProfile.tenantId, tenantProfile];
75
+ })),
76
+ };
77
+ }
78
+ /**
79
+ * Returns true if the account entity is in single tenant format (outdated), false otherwise
80
+ */
81
+ isSingleTenant() {
82
+ return !this.tenantProfiles;
83
+ }
84
+ /**
85
+ * Generates account key from interface
86
+ * @param accountInterface
87
+ */
88
+ static generateAccountCacheKey(accountInterface) {
89
+ const homeTenantId = accountInterface.homeAccountId.split(".")[1];
90
+ const accountKey = [
91
+ accountInterface.homeAccountId,
92
+ accountInterface.environment || "",
93
+ homeTenantId || accountInterface.tenantId || "",
94
+ ];
95
+ return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
96
+ }
97
+ /**
98
+ * Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
99
+ * @param accountDetails
100
+ */
101
+ static createAccount(accountDetails, authority, base64Decode) {
102
+ const account = new AccountEntity();
103
+ if (authority.authorityType === AuthorityType.Adfs) {
104
+ account.authorityType = CacheAccountType.ADFS_ACCOUNT_TYPE;
105
+ }
106
+ else if (authority.protocolMode === ProtocolMode.AAD) {
107
+ account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;
108
+ }
109
+ else {
110
+ account.authorityType = CacheAccountType.GENERIC_ACCOUNT_TYPE;
111
+ }
112
+ let clientInfo;
113
+ if (accountDetails.clientInfo && base64Decode) {
114
+ clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode);
115
+ }
116
+ account.clientInfo = accountDetails.clientInfo;
117
+ account.homeAccountId = accountDetails.homeAccountId;
118
+ account.nativeAccountId = accountDetails.nativeAccountId;
119
+ const env = accountDetails.environment ||
120
+ (authority && authority.getPreferredCache());
121
+ if (!env) {
122
+ throw createClientAuthError(invalidCacheEnvironment);
123
+ }
124
+ account.environment = env;
125
+ // non AAD scenarios can have empty realm
126
+ account.realm =
127
+ clientInfo?.utid ||
128
+ getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||
129
+ "";
130
+ // How do you account for MSA CID here?
131
+ account.localAccountId =
132
+ clientInfo?.uid ||
133
+ accountDetails.idTokenClaims?.oid ||
134
+ accountDetails.idTokenClaims?.sub ||
135
+ "";
136
+ /*
137
+ * In B2C scenarios the emails claim is used instead of preferred_username and it is an array.
138
+ * In most cases it will contain a single email. This field should not be relied upon if a custom
139
+ * policy is configured to return more than 1 email.
140
+ */
141
+ const preferredUsername = accountDetails.idTokenClaims?.preferred_username ||
142
+ accountDetails.idTokenClaims?.upn;
143
+ const email = accountDetails.idTokenClaims?.emails
144
+ ? accountDetails.idTokenClaims.emails[0]
145
+ : null;
146
+ account.username = preferredUsername || email || "";
147
+ account.name = accountDetails.idTokenClaims?.name || "";
148
+ account.cloudGraphHostName = accountDetails.cloudGraphHostName;
149
+ account.msGraphHost = accountDetails.msGraphHost;
150
+ if (accountDetails.tenantProfiles) {
151
+ account.tenantProfiles = accountDetails.tenantProfiles;
152
+ }
153
+ else {
154
+ const tenantProfile = buildTenantProfile(accountDetails.homeAccountId, account.localAccountId, account.realm, accountDetails.idTokenClaims);
155
+ account.tenantProfiles = [tenantProfile];
156
+ }
157
+ return account;
158
+ }
159
+ /**
160
+ * Creates an AccountEntity object from AccountInfo
161
+ * @param accountInfo
162
+ * @param cloudGraphHostName
163
+ * @param msGraphHost
164
+ * @returns
165
+ */
166
+ static createFromAccountInfo(accountInfo, cloudGraphHostName, msGraphHost) {
167
+ const account = new AccountEntity();
168
+ account.authorityType =
169
+ accountInfo.authorityType || CacheAccountType.GENERIC_ACCOUNT_TYPE;
170
+ account.homeAccountId = accountInfo.homeAccountId;
171
+ account.localAccountId = accountInfo.localAccountId;
172
+ account.nativeAccountId = accountInfo.nativeAccountId;
173
+ account.realm = accountInfo.tenantId;
174
+ account.environment = accountInfo.environment;
175
+ account.username = accountInfo.username;
176
+ account.name = accountInfo.name;
177
+ account.cloudGraphHostName = cloudGraphHostName;
178
+ account.msGraphHost = msGraphHost;
179
+ // Serialize tenant profiles map into an array
180
+ account.tenantProfiles = Array.from(accountInfo.tenantProfiles?.values() || []);
181
+ return account;
182
+ }
183
+ /**
184
+ * Generate HomeAccountId from server response
185
+ * @param serverClientInfo
186
+ * @param authType
187
+ */
188
+ static generateHomeAccountId(serverClientInfo, authType, logger, cryptoObj, idTokenClaims) {
189
+ // since ADFS/DSTS do not have tid and does not set client_info
190
+ if (!(authType === AuthorityType.Adfs ||
191
+ authType === AuthorityType.Dsts)) {
192
+ // for cases where there is clientInfo
193
+ if (serverClientInfo) {
194
+ try {
195
+ const clientInfo = buildClientInfo(serverClientInfo, cryptoObj.base64Decode);
196
+ if (clientInfo.uid && clientInfo.utid) {
197
+ return `${clientInfo.uid}.${clientInfo.utid}`;
198
+ }
199
+ }
200
+ catch (e) { }
201
+ }
202
+ logger.warning("No client info in response");
203
+ }
204
+ // default to "sub" claim
205
+ return idTokenClaims?.sub || "";
206
+ }
207
+ /**
208
+ * Validates an entity: checks for all expected params
209
+ * @param entity
210
+ */
211
+ static isAccountEntity(entity) {
212
+ if (!entity) {
213
+ return false;
214
+ }
215
+ return (entity.hasOwnProperty("homeAccountId") &&
216
+ entity.hasOwnProperty("environment") &&
217
+ entity.hasOwnProperty("realm") &&
218
+ entity.hasOwnProperty("localAccountId") &&
219
+ entity.hasOwnProperty("username") &&
220
+ entity.hasOwnProperty("authorityType"));
221
+ }
222
+ /**
223
+ * Helper function to determine whether 2 accountInfo objects represent the same account
224
+ * @param accountA
225
+ * @param accountB
226
+ * @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
227
+ */
228
+ static accountInfoIsEqual(accountA, accountB, compareClaims) {
229
+ if (!accountA || !accountB) {
230
+ return false;
231
+ }
232
+ let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false
233
+ if (compareClaims) {
234
+ const accountAClaims = (accountA.idTokenClaims ||
235
+ {});
236
+ const accountBClaims = (accountB.idTokenClaims ||
237
+ {});
238
+ // issued at timestamp and nonce are expected to change each time a new id token is acquired
239
+ claimsMatch =
240
+ accountAClaims.iat === accountBClaims.iat &&
241
+ accountAClaims.nonce === accountBClaims.nonce;
242
+ }
243
+ return (accountA.homeAccountId === accountB.homeAccountId &&
244
+ accountA.localAccountId === accountB.localAccountId &&
245
+ accountA.username === accountB.username &&
246
+ accountA.tenantId === accountB.tenantId &&
247
+ accountA.environment === accountB.environment &&
248
+ accountA.nativeAccountId === accountB.nativeAccountId &&
249
+ claimsMatch);
250
+ }
251
251
  }
252
252
 
253
253
  export { AccountEntity };
@@ -1,12 +1,12 @@
1
- /**
2
- * App Metadata Cache Type
3
- */
4
- export type AppMetadataEntity = {
5
- /** clientId of the application */
6
- clientId: string;
7
- /** entity that issued the token, represented as a full host */
8
- environment: string;
9
- /** Family identifier, '1' represents Microsoft Family */
10
- familyId?: string;
11
- };
1
+ /**
2
+ * App Metadata Cache Type
3
+ */
4
+ export type AppMetadataEntity = {
5
+ /** clientId of the application */
6
+ clientId: string;
7
+ /** entity that issued the token, represented as a full host */
8
+ environment: string;
9
+ /** Family identifier, '1' represents Microsoft Family */
10
+ familyId?: string;
11
+ };
12
12
  //# sourceMappingURL=AppMetadataEntity.d.ts.map
@@ -1,16 +1,16 @@
1
- /** @internal */
2
- export type AuthorityMetadataEntity = {
3
- aliases: Array<string>;
4
- preferred_cache: string;
5
- preferred_network: string;
6
- canonical_authority: string;
7
- authorization_endpoint: string;
8
- token_endpoint: string;
9
- end_session_endpoint?: string;
10
- issuer: string;
11
- aliasesFromNetwork: boolean;
12
- endpointsFromNetwork: boolean;
13
- expiresAt: number;
14
- jwks_uri: string;
15
- };
1
+ /** @internal */
2
+ export type AuthorityMetadataEntity = {
3
+ aliases: Array<string>;
4
+ preferred_cache: string;
5
+ preferred_network: string;
6
+ canonical_authority: string;
7
+ authorization_endpoint: string;
8
+ token_endpoint: string;
9
+ end_session_endpoint?: string;
10
+ issuer: string;
11
+ aliasesFromNetwork: boolean;
12
+ endpointsFromNetwork: boolean;
13
+ expiresAt: number;
14
+ jwks_uri: string;
15
+ };
16
16
  //# sourceMappingURL=AuthorityMetadataEntity.d.ts.map
@@ -1,14 +1,14 @@
1
- import { IdTokenEntity } from "./IdTokenEntity";
2
- import { AccessTokenEntity } from "./AccessTokenEntity";
3
- import { RefreshTokenEntity } from "./RefreshTokenEntity";
4
- import { AccountEntity } from "./AccountEntity";
5
- import { AppMetadataEntity } from "./AppMetadataEntity";
6
- /** @internal */
7
- export type CacheRecord = {
8
- account?: AccountEntity | null;
9
- idToken?: IdTokenEntity | null;
10
- accessToken?: AccessTokenEntity | null;
11
- refreshToken?: RefreshTokenEntity | null;
12
- appMetadata?: AppMetadataEntity | null;
13
- };
1
+ import { IdTokenEntity } from "./IdTokenEntity";
2
+ import { AccessTokenEntity } from "./AccessTokenEntity";
3
+ import { RefreshTokenEntity } from "./RefreshTokenEntity";
4
+ import { AccountEntity } from "./AccountEntity";
5
+ import { AppMetadataEntity } from "./AppMetadataEntity";
6
+ /** @internal */
7
+ export type CacheRecord = {
8
+ account?: AccountEntity | null;
9
+ idToken?: IdTokenEntity | null;
10
+ accessToken?: AccessTokenEntity | null;
11
+ refreshToken?: RefreshTokenEntity | null;
12
+ appMetadata?: AppMetadataEntity | null;
13
+ };
14
14
  //# sourceMappingURL=CacheRecord.d.ts.map
@@ -1,31 +1,31 @@
1
- import { CredentialType, AuthenticationScheme } from "../../utils/Constants";
2
- /**
3
- * Credential Cache Type
4
- */
5
- export type CredentialEntity = {
6
- /** Identifier for the user in their home tenant*/
7
- homeAccountId: string;
8
- /** Entity that issued the token, represented as a full host */
9
- environment: string;
10
- /** Type of credential */
11
- credentialType: CredentialType;
12
- /** Client ID of the application */
13
- clientId: string;
14
- /** Actual credential as a string */
15
- secret: string;
16
- /** Family ID identifier, usually only used for refresh tokens */
17
- familyId?: string;
18
- /** Full tenant or organizational identifier that the account belongs to */
19
- realm?: string;
20
- /** Permissions that are included in the token, or for refresh tokens, the resource identifier. */
21
- target?: string;
22
- /** Matches the SHA 256 hash of the obo_assertion for the OBO flow */
23
- userAssertionHash?: string;
24
- /** Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) */
25
- tokenType?: AuthenticationScheme;
26
- /** KeyId for PoP and SSH tokens stored in the kid claim */
27
- keyId?: string;
28
- /** Matches the SHA 256 hash of the claims object included in the token request */
29
- requestedClaimsHash?: string;
30
- };
1
+ import { CredentialType, AuthenticationScheme } from "../../utils/Constants";
2
+ /**
3
+ * Credential Cache Type
4
+ */
5
+ export type CredentialEntity = {
6
+ /** Identifier for the user in their home tenant*/
7
+ homeAccountId: string;
8
+ /** Entity that issued the token, represented as a full host */
9
+ environment: string;
10
+ /** Type of credential */
11
+ credentialType: CredentialType;
12
+ /** Client ID of the application */
13
+ clientId: string;
14
+ /** Actual credential as a string */
15
+ secret: string;
16
+ /** Family ID identifier, usually only used for refresh tokens */
17
+ familyId?: string;
18
+ /** Full tenant or organizational identifier that the account belongs to */
19
+ realm?: string;
20
+ /** Permissions that are included in the token, or for refresh tokens, the resource identifier. */
21
+ target?: string;
22
+ /** Matches the SHA 256 hash of the obo_assertion for the OBO flow */
23
+ userAssertionHash?: string;
24
+ /** Matches the authentication scheme for which the token was issued (i.e. Bearer or pop) */
25
+ tokenType?: AuthenticationScheme;
26
+ /** KeyId for PoP and SSH tokens stored in the kid claim */
27
+ keyId?: string;
28
+ /** Matches the SHA 256 hash of the claims object included in the token request */
29
+ requestedClaimsHash?: string;
30
+ };
31
31
  //# sourceMappingURL=CredentialEntity.d.ts.map
@@ -1,9 +1,9 @@
1
- import { CredentialEntity } from "./CredentialEntity";
2
- /**
3
- * Id Token Cache Type
4
- */
5
- export type IdTokenEntity = CredentialEntity & {
6
- /** Full tenant or organizational identifier that the account belongs to */
7
- realm: string;
8
- };
1
+ import { CredentialEntity } from "./CredentialEntity";
2
+ /**
3
+ * Id Token Cache Type
4
+ */
5
+ export type IdTokenEntity = CredentialEntity & {
6
+ /** Full tenant or organizational identifier that the account belongs to */
7
+ realm: string;
8
+ };
9
9
  //# sourceMappingURL=IdTokenEntity.d.ts.map