@azure/msal-common 14.14.0 → 14.14.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (185) hide show
  1. package/dist/account/AccountInfo.d.ts +66 -66
  2. package/dist/account/AccountInfo.mjs +77 -77
  3. package/dist/account/AuthToken.d.ts +17 -17
  4. package/dist/account/AuthToken.mjs +58 -58
  5. package/dist/account/CcsCredential.d.ts +9 -9
  6. package/dist/account/CcsCredential.mjs +8 -8
  7. package/dist/account/ClientCredentials.d.ts +19 -19
  8. package/dist/account/ClientInfo.d.ts +18 -18
  9. package/dist/account/ClientInfo.mjs +37 -37
  10. package/dist/account/TokenClaims.d.ts +83 -83
  11. package/dist/account/TokenClaims.mjs +20 -20
  12. package/dist/authority/Authority.d.ts +254 -254
  13. package/dist/authority/Authority.mjs +836 -836
  14. package/dist/authority/AuthorityFactory.d.ts +18 -18
  15. package/dist/authority/AuthorityFactory.mjs +28 -28
  16. package/dist/authority/AuthorityMetadata.d.ts +43 -43
  17. package/dist/authority/AuthorityMetadata.mjs +137 -137
  18. package/dist/authority/AuthorityOptions.d.ts +27 -27
  19. package/dist/authority/AuthorityOptions.mjs +18 -18
  20. package/dist/authority/AuthorityType.d.ts +10 -10
  21. package/dist/authority/AuthorityType.mjs +13 -13
  22. package/dist/authority/AzureRegion.d.ts +1 -1
  23. package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
  24. package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
  25. package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
  26. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
  27. package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
  28. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
  29. package/dist/authority/ImdsOptions.d.ts +5 -5
  30. package/dist/authority/OIDCOptions.d.ts +8 -8
  31. package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
  32. package/dist/authority/OpenIdConfigResponse.mjs +10 -10
  33. package/dist/authority/ProtocolMode.d.ts +8 -8
  34. package/dist/authority/ProtocolMode.mjs +11 -11
  35. package/dist/authority/RegionDiscovery.d.ts +32 -32
  36. package/dist/authority/RegionDiscovery.mjs +106 -106
  37. package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
  38. package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
  39. package/dist/cache/CacheManager.d.ts +497 -497
  40. package/dist/cache/CacheManager.mjs +1249 -1249
  41. package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
  42. package/dist/cache/entities/AccountEntity.d.ts +106 -106
  43. package/dist/cache/entities/AccountEntity.mjs +240 -240
  44. package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
  45. package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
  46. package/dist/cache/entities/CacheRecord.d.ts +13 -13
  47. package/dist/cache/entities/CredentialEntity.d.ts +30 -30
  48. package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
  49. package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
  50. package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -6
  51. package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
  52. package/dist/cache/interface/ICacheManager.d.ts +166 -166
  53. package/dist/cache/interface/ICachePlugin.d.ts +5 -5
  54. package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
  55. package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
  56. package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
  57. package/dist/cache/utils/CacheHelpers.d.ts +94 -94
  58. package/dist/cache/utils/CacheHelpers.mjs +324 -324
  59. package/dist/cache/utils/CacheTypes.d.ts +69 -69
  60. package/dist/client/AuthorizationCodeClient.d.ts +74 -74
  61. package/dist/client/AuthorizationCodeClient.mjs +420 -420
  62. package/dist/client/BaseClient.d.ts +51 -51
  63. package/dist/client/BaseClient.mjs +100 -100
  64. package/dist/client/RefreshTokenClient.d.ts +35 -35
  65. package/dist/client/RefreshTokenClient.mjs +211 -211
  66. package/dist/client/SilentFlowClient.d.ts +27 -27
  67. package/dist/client/SilentFlowClient.mjs +133 -133
  68. package/dist/config/AppTokenProvider.d.ts +38 -38
  69. package/dist/config/ClientConfiguration.d.ts +150 -150
  70. package/dist/config/ClientConfiguration.mjs +95 -95
  71. package/dist/constants/AADServerParamKeys.d.ts +53 -53
  72. package/dist/constants/AADServerParamKeys.mjs +57 -57
  73. package/dist/crypto/ICrypto.d.ts +68 -68
  74. package/dist/crypto/ICrypto.mjs +36 -36
  75. package/dist/crypto/IGuidGenerator.d.ts +4 -4
  76. package/dist/crypto/JoseHeader.d.ts +22 -22
  77. package/dist/crypto/JoseHeader.mjs +37 -37
  78. package/dist/crypto/PopTokenGenerator.d.ts +59 -59
  79. package/dist/crypto/PopTokenGenerator.mjs +81 -81
  80. package/dist/crypto/SignedHttpRequest.d.ts +15 -15
  81. package/dist/error/AuthError.d.ts +44 -44
  82. package/dist/error/AuthError.mjs +46 -46
  83. package/dist/error/AuthErrorCodes.d.ts +5 -5
  84. package/dist/error/AuthErrorCodes.mjs +9 -9
  85. package/dist/error/CacheError.d.ts +20 -20
  86. package/dist/error/CacheError.mjs +24 -24
  87. package/dist/error/CacheErrorCodes.d.ts +2 -2
  88. package/dist/error/CacheErrorCodes.mjs +6 -6
  89. package/dist/error/ClientAuthError.d.ts +237 -237
  90. package/dist/error/ClientAuthError.mjs +249 -249
  91. package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
  92. package/dist/error/ClientAuthErrorCodes.mjs +48 -48
  93. package/dist/error/ClientConfigurationError.d.ts +128 -128
  94. package/dist/error/ClientConfigurationError.mjs +135 -135
  95. package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
  96. package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
  97. package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
  98. package/dist/error/InteractionRequiredAuthError.mjs +85 -85
  99. package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
  100. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
  101. package/dist/error/JoseHeaderError.d.ts +15 -15
  102. package/dist/error/JoseHeaderError.mjs +22 -22
  103. package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
  104. package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
  105. package/dist/error/ServerError.d.ts +15 -15
  106. package/dist/error/ServerError.mjs +16 -16
  107. package/dist/index.cjs +8658 -8658
  108. package/dist/index.cjs.map +1 -1
  109. package/dist/index.d.ts +107 -107
  110. package/dist/index.mjs +1 -1
  111. package/dist/logger/Logger.d.ts +95 -95
  112. package/dist/logger/Logger.mjs +188 -188
  113. package/dist/network/INetworkModule.d.ts +29 -29
  114. package/dist/network/INetworkModule.mjs +12 -12
  115. package/dist/network/NetworkManager.d.ts +33 -33
  116. package/dist/network/NetworkManager.mjs +34 -34
  117. package/dist/network/RequestThumbprint.d.ts +18 -18
  118. package/dist/network/ThrottlingUtils.d.ts +42 -42
  119. package/dist/network/ThrottlingUtils.mjs +95 -95
  120. package/dist/packageMetadata.d.ts +2 -2
  121. package/dist/packageMetadata.mjs +4 -4
  122. package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
  123. package/dist/request/AuthenticationHeaderParser.mjs +55 -55
  124. package/dist/request/BaseAuthRequest.d.ts +47 -47
  125. package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
  126. package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
  127. package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
  128. package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
  129. package/dist/request/CommonEndSessionRequest.d.ts +21 -21
  130. package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
  131. package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
  132. package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
  133. package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
  134. package/dist/request/NativeRequest.d.ts +19 -19
  135. package/dist/request/NativeSignOutRequest.d.ts +5 -5
  136. package/dist/request/RequestParameterBuilder.d.ts +217 -217
  137. package/dist/request/RequestParameterBuilder.mjs +382 -382
  138. package/dist/request/RequestValidator.d.ts +27 -27
  139. package/dist/request/RequestValidator.mjs +64 -64
  140. package/dist/request/ScopeSet.d.ts +88 -88
  141. package/dist/request/ScopeSet.mjs +197 -197
  142. package/dist/request/StoreInCache.d.ts +8 -8
  143. package/dist/response/AuthenticationResult.d.ts +41 -41
  144. package/dist/response/AuthorizationCodePayload.d.ts +13 -13
  145. package/dist/response/DeviceCodeResponse.d.ts +25 -25
  146. package/dist/response/ExternalTokenResponse.d.ts +15 -15
  147. package/dist/response/IMDSBadResponse.d.ts +4 -4
  148. package/dist/response/ResponseHandler.d.ts +69 -69
  149. package/dist/response/ResponseHandler.mjs +374 -374
  150. package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
  151. package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
  152. package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
  153. package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
  154. package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
  155. package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
  156. package/dist/telemetry/performance/PerformanceEvent.d.ts +511 -505
  157. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  158. package/dist/telemetry/performance/PerformanceEvent.mjs +480 -480
  159. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  160. package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
  161. package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
  162. package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -78
  163. package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -260
  164. package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
  165. package/dist/url/IUri.d.ts +12 -12
  166. package/dist/url/UrlString.d.ts +48 -48
  167. package/dist/url/UrlString.mjs +161 -161
  168. package/dist/utils/ClientAssertionUtils.d.ts +2 -2
  169. package/dist/utils/ClientAssertionUtils.mjs +16 -16
  170. package/dist/utils/Constants.d.ts +309 -309
  171. package/dist/utils/Constants.mjs +322 -322
  172. package/dist/utils/FunctionWrappers.d.ts +27 -27
  173. package/dist/utils/FunctionWrappers.mjs +94 -94
  174. package/dist/utils/MsalTypes.d.ts +6 -6
  175. package/dist/utils/ProtocolUtils.d.ts +42 -42
  176. package/dist/utils/ProtocolUtils.mjs +69 -69
  177. package/dist/utils/StringUtils.d.ts +40 -40
  178. package/dist/utils/StringUtils.mjs +95 -95
  179. package/dist/utils/TimeUtils.d.ts +25 -25
  180. package/dist/utils/TimeUtils.mjs +43 -43
  181. package/dist/utils/UrlUtils.d.ts +10 -10
  182. package/dist/utils/UrlUtils.mjs +44 -44
  183. package/package.json +1 -1
  184. package/src/packageMetadata.ts +1 -1
  185. package/src/telemetry/performance/PerformanceEvent.ts +7 -0
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v14.14.0 2024-07-23 */
1
+ /*! @azure/msal-common v14.14.2 2024-08-28 */
2
2
  'use strict';
3
3
  import { BaseClient } from './BaseClient.mjs';
4
4
  import { wasClockTurnedBack, isTokenExpired } from '../utils/TimeUtils.mjs';
@@ -13,138 +13,138 @@ import { invokeAsync } from '../utils/FunctionWrappers.mjs';
13
13
  import { getTenantFromAuthorityString } from '../authority/Authority.mjs';
14
14
  import { tokenRefreshRequired, noAccountInSilentRequest, authTimeNotFound } from '../error/ClientAuthErrorCodes.mjs';
15
15
 
16
- /*
17
- * Copyright (c) Microsoft Corporation. All rights reserved.
18
- * Licensed under the MIT License.
19
- */
20
- /** @internal */
21
- class SilentFlowClient extends BaseClient {
22
- constructor(configuration, performanceClient) {
23
- super(configuration, performanceClient);
24
- }
25
- /**
26
- * Retrieves a token from cache if it is still valid, or uses the cached refresh token to renew
27
- * the given token and returns the renewed token
28
- * @param request
29
- */
30
- async acquireToken(request) {
31
- try {
32
- const [authResponse, cacheOutcome] = await this.acquireCachedToken({
33
- ...request,
34
- scopes: request.scopes?.length
35
- ? request.scopes
36
- : [...OIDC_DEFAULT_SCOPES],
37
- });
38
- // if the token is not expired but must be refreshed; get a new one in the background
39
- if (cacheOutcome === CacheOutcome.PROACTIVELY_REFRESHED) {
40
- this.logger.info("SilentFlowClient:acquireCachedToken - Cached access token's refreshOn property has been exceeded'. It's not expired, but must be refreshed.");
41
- // refresh the access token in the background
42
- const refreshTokenClient = new RefreshTokenClient(this.config, this.performanceClient);
43
- refreshTokenClient
44
- .acquireTokenByRefreshToken(request)
45
- .catch(() => {
46
- // do nothing, this is running in the background and no action is to be taken upon success or failure
47
- });
48
- }
49
- // return the cached token
50
- return authResponse;
51
- }
52
- catch (e) {
53
- if (e instanceof ClientAuthError &&
54
- e.errorCode === tokenRefreshRequired) {
55
- const refreshTokenClient = new RefreshTokenClient(this.config, this.performanceClient);
56
- return refreshTokenClient.acquireTokenByRefreshToken(request);
57
- }
58
- else {
59
- throw e;
60
- }
61
- }
62
- }
63
- /**
64
- * Retrieves token from cache or throws an error if it must be refreshed.
65
- * @param request
66
- */
67
- async acquireCachedToken(request) {
68
- this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientAcquireCachedToken, request.correlationId);
69
- let lastCacheOutcome = CacheOutcome.NOT_APPLICABLE;
70
- if (request.forceRefresh ||
71
- (!this.config.cacheOptions.claimsBasedCachingEnabled &&
72
- !StringUtils.isEmptyObj(request.claims))) {
73
- // Must refresh due to present force_refresh flag.
74
- this.setCacheOutcome(CacheOutcome.FORCE_REFRESH_OR_CLAIMS, request.correlationId);
75
- throw createClientAuthError(tokenRefreshRequired);
76
- }
77
- // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases
78
- if (!request.account) {
79
- throw createClientAuthError(noAccountInSilentRequest);
80
- }
81
- const requestTenantId = request.account.tenantId ||
82
- getTenantFromAuthorityString(request.authority);
83
- const tokenKeys = this.cacheManager.getTokenKeys();
84
- const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId, this.performanceClient, request.correlationId);
85
- if (!cachedAccessToken) {
86
- // must refresh due to non-existent access_token
87
- this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
88
- throw createClientAuthError(tokenRefreshRequired);
89
- }
90
- else if (wasClockTurnedBack(cachedAccessToken.cachedAt) ||
91
- isTokenExpired(cachedAccessToken.expiresOn, this.config.systemOptions.tokenRenewalOffsetSeconds)) {
92
- // must refresh due to the expires_in value
93
- this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId);
94
- throw createClientAuthError(tokenRefreshRequired);
95
- }
96
- else if (cachedAccessToken.refreshOn &&
97
- isTokenExpired(cachedAccessToken.refreshOn, 0)) {
98
- // must refresh (in the background) due to the refresh_in value
99
- lastCacheOutcome = CacheOutcome.PROACTIVELY_REFRESHED;
100
- // don't throw ClientAuthError.createRefreshRequiredError(), return cached token instead
101
- }
102
- const environment = request.authority || this.authority.getPreferredCache();
103
- const cacheRecord = {
104
- account: this.cacheManager.readAccountFromCache(request.account),
105
- accessToken: cachedAccessToken,
106
- idToken: this.cacheManager.getIdToken(request.account, tokenKeys, requestTenantId, this.performanceClient, request.correlationId),
107
- refreshToken: null,
108
- appMetadata: this.cacheManager.readAppMetadataFromCache(environment),
109
- };
110
- this.setCacheOutcome(lastCacheOutcome, request.correlationId);
111
- if (this.config.serverTelemetryManager) {
112
- this.config.serverTelemetryManager.incrementCacheHits();
113
- }
114
- return [
115
- await invokeAsync(this.generateResultFromCacheRecord.bind(this), PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, this.logger, this.performanceClient, request.correlationId)(cacheRecord, request),
116
- lastCacheOutcome,
117
- ];
118
- }
119
- setCacheOutcome(cacheOutcome, correlationId) {
120
- this.serverTelemetryManager?.setCacheOutcome(cacheOutcome);
121
- this.performanceClient?.addFields({
122
- cacheOutcome: cacheOutcome,
123
- }, correlationId);
124
- if (cacheOutcome !== CacheOutcome.NOT_APPLICABLE) {
125
- this.logger.info(`Token refresh is required due to cache outcome: ${cacheOutcome}`);
126
- }
127
- }
128
- /**
129
- * Helper function to build response object from the CacheRecord
130
- * @param cacheRecord
131
- */
132
- async generateResultFromCacheRecord(cacheRecord, request) {
133
- this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, request.correlationId);
134
- let idTokenClaims;
135
- if (cacheRecord.idToken) {
136
- idTokenClaims = extractTokenClaims(cacheRecord.idToken.secret, this.config.cryptoInterface.base64Decode);
137
- }
138
- // token max_age check
139
- if (request.maxAge || request.maxAge === 0) {
140
- const authTime = idTokenClaims?.auth_time;
141
- if (!authTime) {
142
- throw createClientAuthError(authTimeNotFound);
143
- }
144
- checkMaxAge(authTime, request.maxAge);
145
- }
146
- return ResponseHandler.generateAuthenticationResult(this.cryptoUtils, this.authority, cacheRecord, true, request, idTokenClaims);
147
- }
16
+ /*
17
+ * Copyright (c) Microsoft Corporation. All rights reserved.
18
+ * Licensed under the MIT License.
19
+ */
20
+ /** @internal */
21
+ class SilentFlowClient extends BaseClient {
22
+ constructor(configuration, performanceClient) {
23
+ super(configuration, performanceClient);
24
+ }
25
+ /**
26
+ * Retrieves a token from cache if it is still valid, or uses the cached refresh token to renew
27
+ * the given token and returns the renewed token
28
+ * @param request
29
+ */
30
+ async acquireToken(request) {
31
+ try {
32
+ const [authResponse, cacheOutcome] = await this.acquireCachedToken({
33
+ ...request,
34
+ scopes: request.scopes?.length
35
+ ? request.scopes
36
+ : [...OIDC_DEFAULT_SCOPES],
37
+ });
38
+ // if the token is not expired but must be refreshed; get a new one in the background
39
+ if (cacheOutcome === CacheOutcome.PROACTIVELY_REFRESHED) {
40
+ this.logger.info("SilentFlowClient:acquireCachedToken - Cached access token's refreshOn property has been exceeded'. It's not expired, but must be refreshed.");
41
+ // refresh the access token in the background
42
+ const refreshTokenClient = new RefreshTokenClient(this.config, this.performanceClient);
43
+ refreshTokenClient
44
+ .acquireTokenByRefreshToken(request)
45
+ .catch(() => {
46
+ // do nothing, this is running in the background and no action is to be taken upon success or failure
47
+ });
48
+ }
49
+ // return the cached token
50
+ return authResponse;
51
+ }
52
+ catch (e) {
53
+ if (e instanceof ClientAuthError &&
54
+ e.errorCode === tokenRefreshRequired) {
55
+ const refreshTokenClient = new RefreshTokenClient(this.config, this.performanceClient);
56
+ return refreshTokenClient.acquireTokenByRefreshToken(request);
57
+ }
58
+ else {
59
+ throw e;
60
+ }
61
+ }
62
+ }
63
+ /**
64
+ * Retrieves token from cache or throws an error if it must be refreshed.
65
+ * @param request
66
+ */
67
+ async acquireCachedToken(request) {
68
+ this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientAcquireCachedToken, request.correlationId);
69
+ let lastCacheOutcome = CacheOutcome.NOT_APPLICABLE;
70
+ if (request.forceRefresh ||
71
+ (!this.config.cacheOptions.claimsBasedCachingEnabled &&
72
+ !StringUtils.isEmptyObj(request.claims))) {
73
+ // Must refresh due to present force_refresh flag.
74
+ this.setCacheOutcome(CacheOutcome.FORCE_REFRESH_OR_CLAIMS, request.correlationId);
75
+ throw createClientAuthError(tokenRefreshRequired);
76
+ }
77
+ // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases
78
+ if (!request.account) {
79
+ throw createClientAuthError(noAccountInSilentRequest);
80
+ }
81
+ const requestTenantId = request.account.tenantId ||
82
+ getTenantFromAuthorityString(request.authority);
83
+ const tokenKeys = this.cacheManager.getTokenKeys();
84
+ const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId, this.performanceClient, request.correlationId);
85
+ if (!cachedAccessToken) {
86
+ // must refresh due to non-existent access_token
87
+ this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
88
+ throw createClientAuthError(tokenRefreshRequired);
89
+ }
90
+ else if (wasClockTurnedBack(cachedAccessToken.cachedAt) ||
91
+ isTokenExpired(cachedAccessToken.expiresOn, this.config.systemOptions.tokenRenewalOffsetSeconds)) {
92
+ // must refresh due to the expires_in value
93
+ this.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED, request.correlationId);
94
+ throw createClientAuthError(tokenRefreshRequired);
95
+ }
96
+ else if (cachedAccessToken.refreshOn &&
97
+ isTokenExpired(cachedAccessToken.refreshOn, 0)) {
98
+ // must refresh (in the background) due to the refresh_in value
99
+ lastCacheOutcome = CacheOutcome.PROACTIVELY_REFRESHED;
100
+ // don't throw ClientAuthError.createRefreshRequiredError(), return cached token instead
101
+ }
102
+ const environment = request.authority || this.authority.getPreferredCache();
103
+ const cacheRecord = {
104
+ account: this.cacheManager.readAccountFromCache(request.account),
105
+ accessToken: cachedAccessToken,
106
+ idToken: this.cacheManager.getIdToken(request.account, tokenKeys, requestTenantId, this.performanceClient, request.correlationId),
107
+ refreshToken: null,
108
+ appMetadata: this.cacheManager.readAppMetadataFromCache(environment),
109
+ };
110
+ this.setCacheOutcome(lastCacheOutcome, request.correlationId);
111
+ if (this.config.serverTelemetryManager) {
112
+ this.config.serverTelemetryManager.incrementCacheHits();
113
+ }
114
+ return [
115
+ await invokeAsync(this.generateResultFromCacheRecord.bind(this), PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, this.logger, this.performanceClient, request.correlationId)(cacheRecord, request),
116
+ lastCacheOutcome,
117
+ ];
118
+ }
119
+ setCacheOutcome(cacheOutcome, correlationId) {
120
+ this.serverTelemetryManager?.setCacheOutcome(cacheOutcome);
121
+ this.performanceClient?.addFields({
122
+ cacheOutcome: cacheOutcome,
123
+ }, correlationId);
124
+ if (cacheOutcome !== CacheOutcome.NOT_APPLICABLE) {
125
+ this.logger.info(`Token refresh is required due to cache outcome: ${cacheOutcome}`);
126
+ }
127
+ }
128
+ /**
129
+ * Helper function to build response object from the CacheRecord
130
+ * @param cacheRecord
131
+ */
132
+ async generateResultFromCacheRecord(cacheRecord, request) {
133
+ this.performanceClient?.addQueueMeasurement(PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord, request.correlationId);
134
+ let idTokenClaims;
135
+ if (cacheRecord.idToken) {
136
+ idTokenClaims = extractTokenClaims(cacheRecord.idToken.secret, this.config.cryptoInterface.base64Decode);
137
+ }
138
+ // token max_age check
139
+ if (request.maxAge || request.maxAge === 0) {
140
+ const authTime = idTokenClaims?.auth_time;
141
+ if (!authTime) {
142
+ throw createClientAuthError(authTimeNotFound);
143
+ }
144
+ checkMaxAge(authTime, request.maxAge);
145
+ }
146
+ return ResponseHandler.generateAuthenticationResult(this.cryptoUtils, this.authority, cacheRecord, true, request, idTokenClaims);
147
+ }
148
148
  }
149
149
 
150
150
  export { SilentFlowClient };
@@ -1,39 +1,39 @@
1
- /**
2
- * Extensibility interface, which allows the app developer to return a token, based on the passed-in parameters, instead of fetching tokens from
3
- * the Identity Provider (AAD).
4
- * Developers need to construct and return an AppTokenProviderResult object back to MSAL. MSAL will cache the token response
5
- * in the same way it would do if the result were comming from AAD.
6
- * This extensibility point is only defined for the client_credential flow, i.e. acquireTokenByClientCredential and
7
- * meant for Azure SDK to enhance Managed Identity support.
8
- */
9
- export interface IAppTokenProvider {
10
- (appTokenProviderParameters: AppTokenProviderParameters): Promise<AppTokenProviderResult>;
11
- }
12
- /**
13
- * Input object for the IAppTokenProvider extensiblity. MSAL will create this object, which can be used
14
- * to help create an AppTokenProviderResult.
15
- *
16
- * - correlationId - the correlation Id associated with the request
17
- * - tenantId - the tenant Id for which the token must be provided
18
- * - scopes - the scopes for which the token must be provided
19
- * - claims - any extra claims that the token must satisfy
20
- */
21
- export type AppTokenProviderParameters = {
22
- readonly correlationId?: string;
23
- readonly tenantId: string;
24
- readonly scopes: Array<string>;
25
- readonly claims?: string;
26
- };
27
- /**
28
- * Output object for IAppTokenProvider extensiblity.
29
- *
30
- * - accessToken - the actual access token, typically in JWT format, that satisfies the request data AppTokenProviderParameters
31
- * - expiresInSeconds - how long the tokens has before expiry, in seconds. Similar to the "expires_in" field in an AAD token response.
32
- * - refreshInSeconds - how long the token has before it should be proactively refreshed. Similar to the "refresh_in" field in an AAD token response.
33
- */
34
- export type AppTokenProviderResult = {
35
- accessToken: string;
36
- expiresInSeconds: number;
37
- refreshInSeconds?: number;
38
- };
1
+ /**
2
+ * Extensibility interface, which allows the app developer to return a token, based on the passed-in parameters, instead of fetching tokens from
3
+ * the Identity Provider (AAD).
4
+ * Developers need to construct and return an AppTokenProviderResult object back to MSAL. MSAL will cache the token response
5
+ * in the same way it would do if the result were comming from AAD.
6
+ * This extensibility point is only defined for the client_credential flow, i.e. acquireTokenByClientCredential and
7
+ * meant for Azure SDK to enhance Managed Identity support.
8
+ */
9
+ export interface IAppTokenProvider {
10
+ (appTokenProviderParameters: AppTokenProviderParameters): Promise<AppTokenProviderResult>;
11
+ }
12
+ /**
13
+ * Input object for the IAppTokenProvider extensiblity. MSAL will create this object, which can be used
14
+ * to help create an AppTokenProviderResult.
15
+ *
16
+ * - correlationId - the correlation Id associated with the request
17
+ * - tenantId - the tenant Id for which the token must be provided
18
+ * - scopes - the scopes for which the token must be provided
19
+ * - claims - any extra claims that the token must satisfy
20
+ */
21
+ export type AppTokenProviderParameters = {
22
+ readonly correlationId?: string;
23
+ readonly tenantId: string;
24
+ readonly scopes: Array<string>;
25
+ readonly claims?: string;
26
+ };
27
+ /**
28
+ * Output object for IAppTokenProvider extensiblity.
29
+ *
30
+ * - accessToken - the actual access token, typically in JWT format, that satisfies the request data AppTokenProviderParameters
31
+ * - expiresInSeconds - how long the tokens has before expiry, in seconds. Similar to the "expires_in" field in an AAD token response.
32
+ * - refreshInSeconds - how long the token has before it should be proactively refreshed. Similar to the "refresh_in" field in an AAD token response.
33
+ */
34
+ export type AppTokenProviderResult = {
35
+ accessToken: string;
36
+ expiresInSeconds: number;
37
+ refreshInSeconds?: number;
38
+ };
39
39
  //# sourceMappingURL=AppTokenProvider.d.ts.map