@azure/msal-common 14.14.0 → 14.14.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +66 -66
- package/dist/account/AccountInfo.mjs +77 -77
- package/dist/account/AuthToken.d.ts +17 -17
- package/dist/account/AuthToken.mjs +58 -58
- package/dist/account/CcsCredential.d.ts +9 -9
- package/dist/account/CcsCredential.mjs +8 -8
- package/dist/account/ClientCredentials.d.ts +19 -19
- package/dist/account/ClientInfo.d.ts +18 -18
- package/dist/account/ClientInfo.mjs +37 -37
- package/dist/account/TokenClaims.d.ts +83 -83
- package/dist/account/TokenClaims.mjs +20 -20
- package/dist/authority/Authority.d.ts +254 -254
- package/dist/authority/Authority.mjs +836 -836
- package/dist/authority/AuthorityFactory.d.ts +18 -18
- package/dist/authority/AuthorityFactory.mjs +28 -28
- package/dist/authority/AuthorityMetadata.d.ts +43 -43
- package/dist/authority/AuthorityMetadata.mjs +137 -137
- package/dist/authority/AuthorityOptions.d.ts +27 -27
- package/dist/authority/AuthorityOptions.mjs +18 -18
- package/dist/authority/AuthorityType.d.ts +10 -10
- package/dist/authority/AuthorityType.mjs +13 -13
- package/dist/authority/AzureRegion.d.ts +1 -1
- package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
- package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
- package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
- package/dist/authority/ImdsOptions.d.ts +5 -5
- package/dist/authority/OIDCOptions.d.ts +8 -8
- package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
- package/dist/authority/OpenIdConfigResponse.mjs +10 -10
- package/dist/authority/ProtocolMode.d.ts +8 -8
- package/dist/authority/ProtocolMode.mjs +11 -11
- package/dist/authority/RegionDiscovery.d.ts +32 -32
- package/dist/authority/RegionDiscovery.mjs +106 -106
- package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
- package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
- package/dist/cache/CacheManager.d.ts +497 -497
- package/dist/cache/CacheManager.mjs +1249 -1249
- package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
- package/dist/cache/entities/AccountEntity.d.ts +106 -106
- package/dist/cache/entities/AccountEntity.mjs +240 -240
- package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
- package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
- package/dist/cache/entities/CacheRecord.d.ts +13 -13
- package/dist/cache/entities/CredentialEntity.d.ts +30 -30
- package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
- package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
- package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -6
- package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
- package/dist/cache/interface/ICacheManager.d.ts +166 -166
- package/dist/cache/interface/ICachePlugin.d.ts +5 -5
- package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
- package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
- package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
- package/dist/cache/utils/CacheHelpers.d.ts +94 -94
- package/dist/cache/utils/CacheHelpers.mjs +324 -324
- package/dist/cache/utils/CacheTypes.d.ts +69 -69
- package/dist/client/AuthorizationCodeClient.d.ts +74 -74
- package/dist/client/AuthorizationCodeClient.mjs +420 -420
- package/dist/client/BaseClient.d.ts +51 -51
- package/dist/client/BaseClient.mjs +100 -100
- package/dist/client/RefreshTokenClient.d.ts +35 -35
- package/dist/client/RefreshTokenClient.mjs +211 -211
- package/dist/client/SilentFlowClient.d.ts +27 -27
- package/dist/client/SilentFlowClient.mjs +133 -133
- package/dist/config/AppTokenProvider.d.ts +38 -38
- package/dist/config/ClientConfiguration.d.ts +150 -150
- package/dist/config/ClientConfiguration.mjs +95 -95
- package/dist/constants/AADServerParamKeys.d.ts +53 -53
- package/dist/constants/AADServerParamKeys.mjs +57 -57
- package/dist/crypto/ICrypto.d.ts +68 -68
- package/dist/crypto/ICrypto.mjs +36 -36
- package/dist/crypto/IGuidGenerator.d.ts +4 -4
- package/dist/crypto/JoseHeader.d.ts +22 -22
- package/dist/crypto/JoseHeader.mjs +37 -37
- package/dist/crypto/PopTokenGenerator.d.ts +59 -59
- package/dist/crypto/PopTokenGenerator.mjs +81 -81
- package/dist/crypto/SignedHttpRequest.d.ts +15 -15
- package/dist/error/AuthError.d.ts +44 -44
- package/dist/error/AuthError.mjs +46 -46
- package/dist/error/AuthErrorCodes.d.ts +5 -5
- package/dist/error/AuthErrorCodes.mjs +9 -9
- package/dist/error/CacheError.d.ts +20 -20
- package/dist/error/CacheError.mjs +24 -24
- package/dist/error/CacheErrorCodes.d.ts +2 -2
- package/dist/error/CacheErrorCodes.mjs +6 -6
- package/dist/error/ClientAuthError.d.ts +237 -237
- package/dist/error/ClientAuthError.mjs +249 -249
- package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
- package/dist/error/ClientAuthErrorCodes.mjs +48 -48
- package/dist/error/ClientConfigurationError.d.ts +128 -128
- package/dist/error/ClientConfigurationError.mjs +135 -135
- package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
- package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
- package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
- package/dist/error/InteractionRequiredAuthError.mjs +85 -85
- package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
- package/dist/error/JoseHeaderError.d.ts +15 -15
- package/dist/error/JoseHeaderError.mjs +22 -22
- package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
- package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
- package/dist/error/ServerError.d.ts +15 -15
- package/dist/error/ServerError.mjs +16 -16
- package/dist/index.cjs +8658 -8658
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +107 -107
- package/dist/index.mjs +1 -1
- package/dist/logger/Logger.d.ts +95 -95
- package/dist/logger/Logger.mjs +188 -188
- package/dist/network/INetworkModule.d.ts +29 -29
- package/dist/network/INetworkModule.mjs +12 -12
- package/dist/network/NetworkManager.d.ts +33 -33
- package/dist/network/NetworkManager.mjs +34 -34
- package/dist/network/RequestThumbprint.d.ts +18 -18
- package/dist/network/ThrottlingUtils.d.ts +42 -42
- package/dist/network/ThrottlingUtils.mjs +95 -95
- package/dist/packageMetadata.d.ts +2 -2
- package/dist/packageMetadata.mjs +4 -4
- package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
- package/dist/request/AuthenticationHeaderParser.mjs +55 -55
- package/dist/request/BaseAuthRequest.d.ts +47 -47
- package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
- package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
- package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
- package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
- package/dist/request/CommonEndSessionRequest.d.ts +21 -21
- package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
- package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
- package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
- package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
- package/dist/request/NativeRequest.d.ts +19 -19
- package/dist/request/NativeSignOutRequest.d.ts +5 -5
- package/dist/request/RequestParameterBuilder.d.ts +217 -217
- package/dist/request/RequestParameterBuilder.mjs +382 -382
- package/dist/request/RequestValidator.d.ts +27 -27
- package/dist/request/RequestValidator.mjs +64 -64
- package/dist/request/ScopeSet.d.ts +88 -88
- package/dist/request/ScopeSet.mjs +197 -197
- package/dist/request/StoreInCache.d.ts +8 -8
- package/dist/response/AuthenticationResult.d.ts +41 -41
- package/dist/response/AuthorizationCodePayload.d.ts +13 -13
- package/dist/response/DeviceCodeResponse.d.ts +25 -25
- package/dist/response/ExternalTokenResponse.d.ts +15 -15
- package/dist/response/IMDSBadResponse.d.ts +4 -4
- package/dist/response/ResponseHandler.d.ts +69 -69
- package/dist/response/ResponseHandler.mjs +374 -374
- package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
- package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
- package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
- package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
- package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
- package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
- package/dist/telemetry/performance/PerformanceEvent.d.ts +511 -505
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +480 -480
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
- package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
- package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -78
- package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -260
- package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
- package/dist/url/IUri.d.ts +12 -12
- package/dist/url/UrlString.d.ts +48 -48
- package/dist/url/UrlString.mjs +161 -161
- package/dist/utils/ClientAssertionUtils.d.ts +2 -2
- package/dist/utils/ClientAssertionUtils.mjs +16 -16
- package/dist/utils/Constants.d.ts +309 -309
- package/dist/utils/Constants.mjs +322 -322
- package/dist/utils/FunctionWrappers.d.ts +27 -27
- package/dist/utils/FunctionWrappers.mjs +94 -94
- package/dist/utils/MsalTypes.d.ts +6 -6
- package/dist/utils/ProtocolUtils.d.ts +42 -42
- package/dist/utils/ProtocolUtils.mjs +69 -69
- package/dist/utils/StringUtils.d.ts +40 -40
- package/dist/utils/StringUtils.mjs +95 -95
- package/dist/utils/TimeUtils.d.ts +25 -25
- package/dist/utils/TimeUtils.mjs +43 -43
- package/dist/utils/UrlUtils.d.ts +10 -10
- package/dist/utils/UrlUtils.mjs +44 -44
- package/package.json +1 -1
- package/src/packageMetadata.ts +1 -1
- package/src/telemetry/performance/PerformanceEvent.ts +7 -0
|
@@ -1,61 +1,61 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.2 2024-08-28 */
|
|
2
2
|
'use strict';
|
|
3
|
-
/*
|
|
4
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5
|
-
* Licensed under the MIT License.
|
|
6
|
-
*/
|
|
7
|
-
const CLIENT_ID = "client_id";
|
|
8
|
-
const REDIRECT_URI = "redirect_uri";
|
|
9
|
-
const RESPONSE_TYPE = "response_type";
|
|
10
|
-
const RESPONSE_MODE = "response_mode";
|
|
11
|
-
const GRANT_TYPE = "grant_type";
|
|
12
|
-
const CLAIMS = "claims";
|
|
13
|
-
const SCOPE = "scope";
|
|
14
|
-
const ERROR = "error";
|
|
15
|
-
const ERROR_DESCRIPTION = "error_description";
|
|
16
|
-
const ACCESS_TOKEN = "access_token";
|
|
17
|
-
const ID_TOKEN = "id_token";
|
|
18
|
-
const REFRESH_TOKEN = "refresh_token";
|
|
19
|
-
const EXPIRES_IN = "expires_in";
|
|
20
|
-
const REFRESH_TOKEN_EXPIRES_IN = "refresh_token_expires_in";
|
|
21
|
-
const STATE = "state";
|
|
22
|
-
const NONCE = "nonce";
|
|
23
|
-
const PROMPT = "prompt";
|
|
24
|
-
const SESSION_STATE = "session_state";
|
|
25
|
-
const CLIENT_INFO = "client_info";
|
|
26
|
-
const CODE = "code";
|
|
27
|
-
const CODE_CHALLENGE = "code_challenge";
|
|
28
|
-
const CODE_CHALLENGE_METHOD = "code_challenge_method";
|
|
29
|
-
const CODE_VERIFIER = "code_verifier";
|
|
30
|
-
const CLIENT_REQUEST_ID = "client-request-id";
|
|
31
|
-
const X_CLIENT_SKU = "x-client-SKU";
|
|
32
|
-
const X_CLIENT_VER = "x-client-VER";
|
|
33
|
-
const X_CLIENT_OS = "x-client-OS";
|
|
34
|
-
const X_CLIENT_CPU = "x-client-CPU";
|
|
35
|
-
const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
|
|
36
|
-
const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
|
|
37
|
-
const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
|
|
38
|
-
const X_APP_NAME = "x-app-name";
|
|
39
|
-
const X_APP_VER = "x-app-ver";
|
|
40
|
-
const POST_LOGOUT_URI = "post_logout_redirect_uri";
|
|
41
|
-
const ID_TOKEN_HINT = "id_token_hint";
|
|
42
|
-
const DEVICE_CODE = "device_code";
|
|
43
|
-
const CLIENT_SECRET = "client_secret";
|
|
44
|
-
const CLIENT_ASSERTION = "client_assertion";
|
|
45
|
-
const CLIENT_ASSERTION_TYPE = "client_assertion_type";
|
|
46
|
-
const TOKEN_TYPE = "token_type";
|
|
47
|
-
const REQ_CNF = "req_cnf";
|
|
48
|
-
const OBO_ASSERTION = "assertion";
|
|
49
|
-
const REQUESTED_TOKEN_USE = "requested_token_use";
|
|
50
|
-
const ON_BEHALF_OF = "on_behalf_of";
|
|
51
|
-
const FOCI = "foci";
|
|
52
|
-
const CCS_HEADER = "X-AnchorMailbox";
|
|
53
|
-
const RETURN_SPA_CODE = "return_spa_code";
|
|
54
|
-
const NATIVE_BROKER = "nativebroker";
|
|
55
|
-
const LOGOUT_HINT = "logout_hint";
|
|
56
|
-
const SID = "sid";
|
|
57
|
-
const LOGIN_HINT = "login_hint";
|
|
58
|
-
const DOMAIN_HINT = "domain_hint";
|
|
3
|
+
/*
|
|
4
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5
|
+
* Licensed under the MIT License.
|
|
6
|
+
*/
|
|
7
|
+
const CLIENT_ID = "client_id";
|
|
8
|
+
const REDIRECT_URI = "redirect_uri";
|
|
9
|
+
const RESPONSE_TYPE = "response_type";
|
|
10
|
+
const RESPONSE_MODE = "response_mode";
|
|
11
|
+
const GRANT_TYPE = "grant_type";
|
|
12
|
+
const CLAIMS = "claims";
|
|
13
|
+
const SCOPE = "scope";
|
|
14
|
+
const ERROR = "error";
|
|
15
|
+
const ERROR_DESCRIPTION = "error_description";
|
|
16
|
+
const ACCESS_TOKEN = "access_token";
|
|
17
|
+
const ID_TOKEN = "id_token";
|
|
18
|
+
const REFRESH_TOKEN = "refresh_token";
|
|
19
|
+
const EXPIRES_IN = "expires_in";
|
|
20
|
+
const REFRESH_TOKEN_EXPIRES_IN = "refresh_token_expires_in";
|
|
21
|
+
const STATE = "state";
|
|
22
|
+
const NONCE = "nonce";
|
|
23
|
+
const PROMPT = "prompt";
|
|
24
|
+
const SESSION_STATE = "session_state";
|
|
25
|
+
const CLIENT_INFO = "client_info";
|
|
26
|
+
const CODE = "code";
|
|
27
|
+
const CODE_CHALLENGE = "code_challenge";
|
|
28
|
+
const CODE_CHALLENGE_METHOD = "code_challenge_method";
|
|
29
|
+
const CODE_VERIFIER = "code_verifier";
|
|
30
|
+
const CLIENT_REQUEST_ID = "client-request-id";
|
|
31
|
+
const X_CLIENT_SKU = "x-client-SKU";
|
|
32
|
+
const X_CLIENT_VER = "x-client-VER";
|
|
33
|
+
const X_CLIENT_OS = "x-client-OS";
|
|
34
|
+
const X_CLIENT_CPU = "x-client-CPU";
|
|
35
|
+
const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
|
|
36
|
+
const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
|
|
37
|
+
const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
|
|
38
|
+
const X_APP_NAME = "x-app-name";
|
|
39
|
+
const X_APP_VER = "x-app-ver";
|
|
40
|
+
const POST_LOGOUT_URI = "post_logout_redirect_uri";
|
|
41
|
+
const ID_TOKEN_HINT = "id_token_hint";
|
|
42
|
+
const DEVICE_CODE = "device_code";
|
|
43
|
+
const CLIENT_SECRET = "client_secret";
|
|
44
|
+
const CLIENT_ASSERTION = "client_assertion";
|
|
45
|
+
const CLIENT_ASSERTION_TYPE = "client_assertion_type";
|
|
46
|
+
const TOKEN_TYPE = "token_type";
|
|
47
|
+
const REQ_CNF = "req_cnf";
|
|
48
|
+
const OBO_ASSERTION = "assertion";
|
|
49
|
+
const REQUESTED_TOKEN_USE = "requested_token_use";
|
|
50
|
+
const ON_BEHALF_OF = "on_behalf_of";
|
|
51
|
+
const FOCI = "foci";
|
|
52
|
+
const CCS_HEADER = "X-AnchorMailbox";
|
|
53
|
+
const RETURN_SPA_CODE = "return_spa_code";
|
|
54
|
+
const NATIVE_BROKER = "nativebroker";
|
|
55
|
+
const LOGOUT_HINT = "logout_hint";
|
|
56
|
+
const SID = "sid";
|
|
57
|
+
const LOGIN_HINT = "login_hint";
|
|
58
|
+
const DOMAIN_HINT = "domain_hint";
|
|
59
59
|
const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
|
|
60
60
|
|
|
61
61
|
export { ACCESS_TOKEN, CCS_HEADER, CLAIMS, CLIENT_ASSERTION, CLIENT_ASSERTION_TYPE, CLIENT_ID, CLIENT_INFO, CLIENT_REQUEST_ID, CLIENT_SECRET, CODE, CODE_CHALLENGE, CODE_CHALLENGE_METHOD, CODE_VERIFIER, DEVICE_CODE, DOMAIN_HINT, ERROR, ERROR_DESCRIPTION, EXPIRES_IN, FOCI, GRANT_TYPE, ID_TOKEN, ID_TOKEN_HINT, LOGIN_HINT, LOGOUT_HINT, NATIVE_BROKER, NONCE, OBO_ASSERTION, ON_BEHALF_OF, POST_LOGOUT_URI, PROMPT, REDIRECT_URI, REFRESH_TOKEN, REFRESH_TOKEN_EXPIRES_IN, REQUESTED_TOKEN_USE, REQ_CNF, RESPONSE_MODE, RESPONSE_TYPE, RETURN_SPA_CODE, SCOPE, SESSION_STATE, SID, STATE, TOKEN_TYPE, X_APP_NAME, X_APP_VER, X_CLIENT_CPU, X_CLIENT_CURR_TELEM, X_CLIENT_EXTRA_SKU, X_CLIENT_LAST_TELEM, X_CLIENT_OS, X_CLIENT_SKU, X_CLIENT_VER, X_MS_LIB_CAPABILITY };
|
package/dist/crypto/ICrypto.d.ts
CHANGED
|
@@ -1,69 +1,69 @@
|
|
|
1
|
-
import { BaseAuthRequest } from "../request/BaseAuthRequest";
|
|
2
|
-
import { ShrOptions, SignedHttpRequest } from "./SignedHttpRequest";
|
|
3
|
-
/**
|
|
4
|
-
* The PkceCodes type describes the structure
|
|
5
|
-
* of objects that contain PKCE code
|
|
6
|
-
* challenge and verifier pairs
|
|
7
|
-
*/
|
|
8
|
-
export type PkceCodes = {
|
|
9
|
-
verifier: string;
|
|
10
|
-
challenge: string;
|
|
11
|
-
};
|
|
12
|
-
export type SignedHttpRequestParameters = Pick<BaseAuthRequest, "resourceRequestMethod" | "resourceRequestUri" | "shrClaims" | "shrNonce" | "shrOptions"> & {
|
|
13
|
-
correlationId?: string;
|
|
14
|
-
};
|
|
15
|
-
/**
|
|
16
|
-
* Interface for crypto functions used by library
|
|
17
|
-
*/
|
|
18
|
-
export interface ICrypto {
|
|
19
|
-
/**
|
|
20
|
-
* Creates a guid randomly.
|
|
21
|
-
*/
|
|
22
|
-
createNewGuid(): string;
|
|
23
|
-
/**
|
|
24
|
-
* base64 Encode string
|
|
25
|
-
* @param input
|
|
26
|
-
*/
|
|
27
|
-
base64Encode(input: string): string;
|
|
28
|
-
/**
|
|
29
|
-
* base64 decode string
|
|
30
|
-
* @param input
|
|
31
|
-
*/
|
|
32
|
-
base64Decode(input: string): string;
|
|
33
|
-
/**
|
|
34
|
-
* base64 URL safe encoded string
|
|
35
|
-
*/
|
|
36
|
-
base64UrlEncode(input: string): string;
|
|
37
|
-
/**
|
|
38
|
-
* Stringifies and base64Url encodes input public key
|
|
39
|
-
* @param inputKid
|
|
40
|
-
* @returns Base64Url encoded public key
|
|
41
|
-
*/
|
|
42
|
-
encodeKid(inputKid: string): string;
|
|
43
|
-
/**
|
|
44
|
-
* Generates an JWK RSA S256 Thumbprint
|
|
45
|
-
* @param request
|
|
46
|
-
*/
|
|
47
|
-
getPublicKeyThumbprint(request: SignedHttpRequestParameters): Promise<string>;
|
|
48
|
-
/**
|
|
49
|
-
* Removes cryptographic keypair from key store matching the keyId passed in
|
|
50
|
-
* @param kid
|
|
51
|
-
*/
|
|
52
|
-
removeTokenBindingKey(kid: string): Promise<boolean>;
|
|
53
|
-
/**
|
|
54
|
-
* Removes all cryptographic keys from IndexedDB storage
|
|
55
|
-
*/
|
|
56
|
-
clearKeystore(): Promise<boolean>;
|
|
57
|
-
/**
|
|
58
|
-
* Returns a signed proof-of-possession token with a given acces token that contains a cnf claim with the required kid.
|
|
59
|
-
* @param accessToken
|
|
60
|
-
*/
|
|
61
|
-
signJwt(payload: SignedHttpRequest, kid: string, shrOptions?: ShrOptions, correlationId?: string): Promise<string>;
|
|
62
|
-
/**
|
|
63
|
-
* Returns the SHA-256 hash of an input string
|
|
64
|
-
* @param plainText
|
|
65
|
-
*/
|
|
66
|
-
hashString(plainText: string): Promise<string>;
|
|
67
|
-
}
|
|
68
|
-
export declare const DEFAULT_CRYPTO_IMPLEMENTATION: ICrypto;
|
|
1
|
+
import { BaseAuthRequest } from "../request/BaseAuthRequest";
|
|
2
|
+
import { ShrOptions, SignedHttpRequest } from "./SignedHttpRequest";
|
|
3
|
+
/**
|
|
4
|
+
* The PkceCodes type describes the structure
|
|
5
|
+
* of objects that contain PKCE code
|
|
6
|
+
* challenge and verifier pairs
|
|
7
|
+
*/
|
|
8
|
+
export type PkceCodes = {
|
|
9
|
+
verifier: string;
|
|
10
|
+
challenge: string;
|
|
11
|
+
};
|
|
12
|
+
export type SignedHttpRequestParameters = Pick<BaseAuthRequest, "resourceRequestMethod" | "resourceRequestUri" | "shrClaims" | "shrNonce" | "shrOptions"> & {
|
|
13
|
+
correlationId?: string;
|
|
14
|
+
};
|
|
15
|
+
/**
|
|
16
|
+
* Interface for crypto functions used by library
|
|
17
|
+
*/
|
|
18
|
+
export interface ICrypto {
|
|
19
|
+
/**
|
|
20
|
+
* Creates a guid randomly.
|
|
21
|
+
*/
|
|
22
|
+
createNewGuid(): string;
|
|
23
|
+
/**
|
|
24
|
+
* base64 Encode string
|
|
25
|
+
* @param input
|
|
26
|
+
*/
|
|
27
|
+
base64Encode(input: string): string;
|
|
28
|
+
/**
|
|
29
|
+
* base64 decode string
|
|
30
|
+
* @param input
|
|
31
|
+
*/
|
|
32
|
+
base64Decode(input: string): string;
|
|
33
|
+
/**
|
|
34
|
+
* base64 URL safe encoded string
|
|
35
|
+
*/
|
|
36
|
+
base64UrlEncode(input: string): string;
|
|
37
|
+
/**
|
|
38
|
+
* Stringifies and base64Url encodes input public key
|
|
39
|
+
* @param inputKid
|
|
40
|
+
* @returns Base64Url encoded public key
|
|
41
|
+
*/
|
|
42
|
+
encodeKid(inputKid: string): string;
|
|
43
|
+
/**
|
|
44
|
+
* Generates an JWK RSA S256 Thumbprint
|
|
45
|
+
* @param request
|
|
46
|
+
*/
|
|
47
|
+
getPublicKeyThumbprint(request: SignedHttpRequestParameters): Promise<string>;
|
|
48
|
+
/**
|
|
49
|
+
* Removes cryptographic keypair from key store matching the keyId passed in
|
|
50
|
+
* @param kid
|
|
51
|
+
*/
|
|
52
|
+
removeTokenBindingKey(kid: string): Promise<boolean>;
|
|
53
|
+
/**
|
|
54
|
+
* Removes all cryptographic keys from IndexedDB storage
|
|
55
|
+
*/
|
|
56
|
+
clearKeystore(): Promise<boolean>;
|
|
57
|
+
/**
|
|
58
|
+
* Returns a signed proof-of-possession token with a given acces token that contains a cnf claim with the required kid.
|
|
59
|
+
* @param accessToken
|
|
60
|
+
*/
|
|
61
|
+
signJwt(payload: SignedHttpRequest, kid: string, shrOptions?: ShrOptions, correlationId?: string): Promise<string>;
|
|
62
|
+
/**
|
|
63
|
+
* Returns the SHA-256 hash of an input string
|
|
64
|
+
* @param plainText
|
|
65
|
+
*/
|
|
66
|
+
hashString(plainText: string): Promise<string>;
|
|
67
|
+
}
|
|
68
|
+
export declare const DEFAULT_CRYPTO_IMPLEMENTATION: ICrypto;
|
|
69
69
|
//# sourceMappingURL=ICrypto.d.ts.map
|
package/dist/crypto/ICrypto.mjs
CHANGED
|
@@ -1,43 +1,43 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.2 2024-08-28 */
|
|
2
2
|
'use strict';
|
|
3
3
|
import { createClientAuthError } from '../error/ClientAuthError.mjs';
|
|
4
4
|
import { methodNotImplemented } from '../error/ClientAuthErrorCodes.mjs';
|
|
5
5
|
|
|
6
|
-
/*
|
|
7
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
|
-
* Licensed under the MIT License.
|
|
9
|
-
*/
|
|
10
|
-
const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
11
|
-
createNewGuid: () => {
|
|
12
|
-
throw createClientAuthError(methodNotImplemented);
|
|
13
|
-
},
|
|
14
|
-
base64Decode: () => {
|
|
15
|
-
throw createClientAuthError(methodNotImplemented);
|
|
16
|
-
},
|
|
17
|
-
base64Encode: () => {
|
|
18
|
-
throw createClientAuthError(methodNotImplemented);
|
|
19
|
-
},
|
|
20
|
-
base64UrlEncode: () => {
|
|
21
|
-
throw createClientAuthError(methodNotImplemented);
|
|
22
|
-
},
|
|
23
|
-
encodeKid: () => {
|
|
24
|
-
throw createClientAuthError(methodNotImplemented);
|
|
25
|
-
},
|
|
26
|
-
async getPublicKeyThumbprint() {
|
|
27
|
-
throw createClientAuthError(methodNotImplemented);
|
|
28
|
-
},
|
|
29
|
-
async removeTokenBindingKey() {
|
|
30
|
-
throw createClientAuthError(methodNotImplemented);
|
|
31
|
-
},
|
|
32
|
-
async clearKeystore() {
|
|
33
|
-
throw createClientAuthError(methodNotImplemented);
|
|
34
|
-
},
|
|
35
|
-
async signJwt() {
|
|
36
|
-
throw createClientAuthError(methodNotImplemented);
|
|
37
|
-
},
|
|
38
|
-
async hashString() {
|
|
39
|
-
throw createClientAuthError(methodNotImplemented);
|
|
40
|
-
},
|
|
6
|
+
/*
|
|
7
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
|
+
* Licensed under the MIT License.
|
|
9
|
+
*/
|
|
10
|
+
const DEFAULT_CRYPTO_IMPLEMENTATION = {
|
|
11
|
+
createNewGuid: () => {
|
|
12
|
+
throw createClientAuthError(methodNotImplemented);
|
|
13
|
+
},
|
|
14
|
+
base64Decode: () => {
|
|
15
|
+
throw createClientAuthError(methodNotImplemented);
|
|
16
|
+
},
|
|
17
|
+
base64Encode: () => {
|
|
18
|
+
throw createClientAuthError(methodNotImplemented);
|
|
19
|
+
},
|
|
20
|
+
base64UrlEncode: () => {
|
|
21
|
+
throw createClientAuthError(methodNotImplemented);
|
|
22
|
+
},
|
|
23
|
+
encodeKid: () => {
|
|
24
|
+
throw createClientAuthError(methodNotImplemented);
|
|
25
|
+
},
|
|
26
|
+
async getPublicKeyThumbprint() {
|
|
27
|
+
throw createClientAuthError(methodNotImplemented);
|
|
28
|
+
},
|
|
29
|
+
async removeTokenBindingKey() {
|
|
30
|
+
throw createClientAuthError(methodNotImplemented);
|
|
31
|
+
},
|
|
32
|
+
async clearKeystore() {
|
|
33
|
+
throw createClientAuthError(methodNotImplemented);
|
|
34
|
+
},
|
|
35
|
+
async signJwt() {
|
|
36
|
+
throw createClientAuthError(methodNotImplemented);
|
|
37
|
+
},
|
|
38
|
+
async hashString() {
|
|
39
|
+
throw createClientAuthError(methodNotImplemented);
|
|
40
|
+
},
|
|
41
41
|
};
|
|
42
42
|
|
|
43
43
|
export { DEFAULT_CRYPTO_IMPLEMENTATION };
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export interface IGuidGenerator {
|
|
2
|
-
generateGuid(): string;
|
|
3
|
-
isGuid(guid: string): boolean;
|
|
4
|
-
}
|
|
1
|
+
export interface IGuidGenerator {
|
|
2
|
+
generateGuid(): string;
|
|
3
|
+
isGuid(guid: string): boolean;
|
|
4
|
+
}
|
|
5
5
|
//# sourceMappingURL=IGuidGenerator.d.ts.map
|
|
@@ -1,23 +1,23 @@
|
|
|
1
|
-
import { JsonWebTokenTypes } from "../utils/Constants";
|
|
2
|
-
export type JoseHeaderOptions = {
|
|
3
|
-
typ?: JsonWebTokenTypes;
|
|
4
|
-
alg?: string;
|
|
5
|
-
kid?: string;
|
|
6
|
-
};
|
|
7
|
-
/** @internal */
|
|
8
|
-
export declare class JoseHeader {
|
|
9
|
-
typ?: JsonWebTokenTypes;
|
|
10
|
-
alg?: string;
|
|
11
|
-
kid?: string;
|
|
12
|
-
constructor(options: JoseHeaderOptions);
|
|
13
|
-
/**
|
|
14
|
-
* Builds SignedHttpRequest formatted JOSE Header from the
|
|
15
|
-
* JOSE Header options provided or previously set on the object and returns
|
|
16
|
-
* the stringified header object.
|
|
17
|
-
* Throws if keyId or algorithm aren't provided since they are required for Access Token Binding.
|
|
18
|
-
* @param shrHeaderOptions
|
|
19
|
-
* @returns
|
|
20
|
-
*/
|
|
21
|
-
static getShrHeaderString(shrHeaderOptions: JoseHeaderOptions): string;
|
|
22
|
-
}
|
|
1
|
+
import { JsonWebTokenTypes } from "../utils/Constants";
|
|
2
|
+
export type JoseHeaderOptions = {
|
|
3
|
+
typ?: JsonWebTokenTypes;
|
|
4
|
+
alg?: string;
|
|
5
|
+
kid?: string;
|
|
6
|
+
};
|
|
7
|
+
/** @internal */
|
|
8
|
+
export declare class JoseHeader {
|
|
9
|
+
typ?: JsonWebTokenTypes;
|
|
10
|
+
alg?: string;
|
|
11
|
+
kid?: string;
|
|
12
|
+
constructor(options: JoseHeaderOptions);
|
|
13
|
+
/**
|
|
14
|
+
* Builds SignedHttpRequest formatted JOSE Header from the
|
|
15
|
+
* JOSE Header options provided or previously set on the object and returns
|
|
16
|
+
* the stringified header object.
|
|
17
|
+
* Throws if keyId or algorithm aren't provided since they are required for Access Token Binding.
|
|
18
|
+
* @param shrHeaderOptions
|
|
19
|
+
* @returns
|
|
20
|
+
*/
|
|
21
|
+
static getShrHeaderString(shrHeaderOptions: JoseHeaderOptions): string;
|
|
22
|
+
}
|
|
23
23
|
//# sourceMappingURL=JoseHeader.d.ts.map
|
|
@@ -1,45 +1,45 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.2 2024-08-28 */
|
|
2
2
|
'use strict';
|
|
3
3
|
import { createJoseHeaderError } from '../error/JoseHeaderError.mjs';
|
|
4
4
|
import { JsonWebTokenTypes } from '../utils/Constants.mjs';
|
|
5
5
|
import { missingKidError, missingAlgError } from '../error/JoseHeaderErrorCodes.mjs';
|
|
6
6
|
|
|
7
|
-
/*
|
|
8
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9
|
-
* Licensed under the MIT License.
|
|
10
|
-
*/
|
|
11
|
-
/** @internal */
|
|
12
|
-
class JoseHeader {
|
|
13
|
-
constructor(options) {
|
|
14
|
-
this.typ = options.typ;
|
|
15
|
-
this.alg = options.alg;
|
|
16
|
-
this.kid = options.kid;
|
|
17
|
-
}
|
|
18
|
-
/**
|
|
19
|
-
* Builds SignedHttpRequest formatted JOSE Header from the
|
|
20
|
-
* JOSE Header options provided or previously set on the object and returns
|
|
21
|
-
* the stringified header object.
|
|
22
|
-
* Throws if keyId or algorithm aren't provided since they are required for Access Token Binding.
|
|
23
|
-
* @param shrHeaderOptions
|
|
24
|
-
* @returns
|
|
25
|
-
*/
|
|
26
|
-
static getShrHeaderString(shrHeaderOptions) {
|
|
27
|
-
// KeyID is required on the SHR header
|
|
28
|
-
if (!shrHeaderOptions.kid) {
|
|
29
|
-
throw createJoseHeaderError(missingKidError);
|
|
30
|
-
}
|
|
31
|
-
// Alg is required on the SHR header
|
|
32
|
-
if (!shrHeaderOptions.alg) {
|
|
33
|
-
throw createJoseHeaderError(missingAlgError);
|
|
34
|
-
}
|
|
35
|
-
const shrHeader = new JoseHeader({
|
|
36
|
-
// Access Token PoP headers must have type pop, but the type header can be overriden for special cases
|
|
37
|
-
typ: shrHeaderOptions.typ || JsonWebTokenTypes.Pop,
|
|
38
|
-
kid: shrHeaderOptions.kid,
|
|
39
|
-
alg: shrHeaderOptions.alg,
|
|
40
|
-
});
|
|
41
|
-
return JSON.stringify(shrHeader);
|
|
42
|
-
}
|
|
7
|
+
/*
|
|
8
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9
|
+
* Licensed under the MIT License.
|
|
10
|
+
*/
|
|
11
|
+
/** @internal */
|
|
12
|
+
class JoseHeader {
|
|
13
|
+
constructor(options) {
|
|
14
|
+
this.typ = options.typ;
|
|
15
|
+
this.alg = options.alg;
|
|
16
|
+
this.kid = options.kid;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Builds SignedHttpRequest formatted JOSE Header from the
|
|
20
|
+
* JOSE Header options provided or previously set on the object and returns
|
|
21
|
+
* the stringified header object.
|
|
22
|
+
* Throws if keyId or algorithm aren't provided since they are required for Access Token Binding.
|
|
23
|
+
* @param shrHeaderOptions
|
|
24
|
+
* @returns
|
|
25
|
+
*/
|
|
26
|
+
static getShrHeaderString(shrHeaderOptions) {
|
|
27
|
+
// KeyID is required on the SHR header
|
|
28
|
+
if (!shrHeaderOptions.kid) {
|
|
29
|
+
throw createJoseHeaderError(missingKidError);
|
|
30
|
+
}
|
|
31
|
+
// Alg is required on the SHR header
|
|
32
|
+
if (!shrHeaderOptions.alg) {
|
|
33
|
+
throw createJoseHeaderError(missingAlgError);
|
|
34
|
+
}
|
|
35
|
+
const shrHeader = new JoseHeader({
|
|
36
|
+
// Access Token PoP headers must have type pop, but the type header can be overriden for special cases
|
|
37
|
+
typ: shrHeaderOptions.typ || JsonWebTokenTypes.Pop,
|
|
38
|
+
kid: shrHeaderOptions.kid,
|
|
39
|
+
alg: shrHeaderOptions.alg,
|
|
40
|
+
});
|
|
41
|
+
return JSON.stringify(shrHeader);
|
|
42
|
+
}
|
|
43
43
|
}
|
|
44
44
|
|
|
45
45
|
export { JoseHeader };
|
|
@@ -1,60 +1,60 @@
|
|
|
1
|
-
import { ICrypto, SignedHttpRequestParameters } from "./ICrypto";
|
|
2
|
-
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient";
|
|
3
|
-
import { Logger } from "../logger/Logger";
|
|
4
|
-
/**
|
|
5
|
-
* See eSTS docs for more info.
|
|
6
|
-
* - A kid element, with the value containing an RFC 7638-compliant JWK thumbprint that is base64 encoded.
|
|
7
|
-
* - xms_ksl element, representing the storage location of the key's secret component on the client device. One of two values:
|
|
8
|
-
* - sw: software storage
|
|
9
|
-
* - uhw: hardware storage
|
|
10
|
-
*/
|
|
11
|
-
type ReqCnf = {
|
|
12
|
-
kid: string;
|
|
13
|
-
xms_ksl: KeyLocation;
|
|
14
|
-
};
|
|
15
|
-
export type ReqCnfData = {
|
|
16
|
-
kid: string;
|
|
17
|
-
reqCnfString: string;
|
|
18
|
-
};
|
|
19
|
-
declare const KeyLocation: {
|
|
20
|
-
readonly SW: "sw";
|
|
21
|
-
readonly UHW: "uhw";
|
|
22
|
-
};
|
|
23
|
-
export type KeyLocation = (typeof KeyLocation)[keyof typeof KeyLocation];
|
|
24
|
-
/** @internal */
|
|
25
|
-
export declare class PopTokenGenerator {
|
|
26
|
-
private cryptoUtils;
|
|
27
|
-
private performanceClient?;
|
|
28
|
-
constructor(cryptoUtils: ICrypto, performanceClient?: IPerformanceClient);
|
|
29
|
-
/**
|
|
30
|
-
* Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
|
|
31
|
-
* and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
|
|
32
|
-
* @param request
|
|
33
|
-
* @returns
|
|
34
|
-
*/
|
|
35
|
-
generateCnf(request: SignedHttpRequestParameters, logger: Logger): Promise<ReqCnfData>;
|
|
36
|
-
/**
|
|
37
|
-
* Generates key_id for a SHR token request
|
|
38
|
-
* @param request
|
|
39
|
-
* @returns
|
|
40
|
-
*/
|
|
41
|
-
generateKid(request: SignedHttpRequestParameters): Promise<ReqCnf>;
|
|
42
|
-
/**
|
|
43
|
-
* Signs the POP access_token with the local generated key-pair
|
|
44
|
-
* @param accessToken
|
|
45
|
-
* @param request
|
|
46
|
-
* @returns
|
|
47
|
-
*/
|
|
48
|
-
signPopToken(accessToken: string, keyId: string, request: SignedHttpRequestParameters): Promise<string>;
|
|
49
|
-
/**
|
|
50
|
-
* Utility function to generate the signed JWT for an access_token
|
|
51
|
-
* @param payload
|
|
52
|
-
* @param kid
|
|
53
|
-
* @param request
|
|
54
|
-
* @param claims
|
|
55
|
-
* @returns
|
|
56
|
-
*/
|
|
57
|
-
signPayload(payload: string, keyId: string, request: SignedHttpRequestParameters, claims?: object): Promise<string>;
|
|
58
|
-
}
|
|
59
|
-
export {};
|
|
1
|
+
import { ICrypto, SignedHttpRequestParameters } from "./ICrypto";
|
|
2
|
+
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient";
|
|
3
|
+
import { Logger } from "../logger/Logger";
|
|
4
|
+
/**
|
|
5
|
+
* See eSTS docs for more info.
|
|
6
|
+
* - A kid element, with the value containing an RFC 7638-compliant JWK thumbprint that is base64 encoded.
|
|
7
|
+
* - xms_ksl element, representing the storage location of the key's secret component on the client device. One of two values:
|
|
8
|
+
* - sw: software storage
|
|
9
|
+
* - uhw: hardware storage
|
|
10
|
+
*/
|
|
11
|
+
type ReqCnf = {
|
|
12
|
+
kid: string;
|
|
13
|
+
xms_ksl: KeyLocation;
|
|
14
|
+
};
|
|
15
|
+
export type ReqCnfData = {
|
|
16
|
+
kid: string;
|
|
17
|
+
reqCnfString: string;
|
|
18
|
+
};
|
|
19
|
+
declare const KeyLocation: {
|
|
20
|
+
readonly SW: "sw";
|
|
21
|
+
readonly UHW: "uhw";
|
|
22
|
+
};
|
|
23
|
+
export type KeyLocation = (typeof KeyLocation)[keyof typeof KeyLocation];
|
|
24
|
+
/** @internal */
|
|
25
|
+
export declare class PopTokenGenerator {
|
|
26
|
+
private cryptoUtils;
|
|
27
|
+
private performanceClient?;
|
|
28
|
+
constructor(cryptoUtils: ICrypto, performanceClient?: IPerformanceClient);
|
|
29
|
+
/**
|
|
30
|
+
* Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
|
|
31
|
+
* and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
|
|
32
|
+
* @param request
|
|
33
|
+
* @returns
|
|
34
|
+
*/
|
|
35
|
+
generateCnf(request: SignedHttpRequestParameters, logger: Logger): Promise<ReqCnfData>;
|
|
36
|
+
/**
|
|
37
|
+
* Generates key_id for a SHR token request
|
|
38
|
+
* @param request
|
|
39
|
+
* @returns
|
|
40
|
+
*/
|
|
41
|
+
generateKid(request: SignedHttpRequestParameters): Promise<ReqCnf>;
|
|
42
|
+
/**
|
|
43
|
+
* Signs the POP access_token with the local generated key-pair
|
|
44
|
+
* @param accessToken
|
|
45
|
+
* @param request
|
|
46
|
+
* @returns
|
|
47
|
+
*/
|
|
48
|
+
signPopToken(accessToken: string, keyId: string, request: SignedHttpRequestParameters): Promise<string>;
|
|
49
|
+
/**
|
|
50
|
+
* Utility function to generate the signed JWT for an access_token
|
|
51
|
+
* @param payload
|
|
52
|
+
* @param kid
|
|
53
|
+
* @param request
|
|
54
|
+
* @param claims
|
|
55
|
+
* @returns
|
|
56
|
+
*/
|
|
57
|
+
signPayload(payload: string, keyId: string, request: SignedHttpRequestParameters, claims?: object): Promise<string>;
|
|
58
|
+
}
|
|
59
|
+
export {};
|
|
60
60
|
//# sourceMappingURL=PopTokenGenerator.d.ts.map
|