@azure/msal-common 14.14.0 → 14.14.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (185) hide show
  1. package/dist/account/AccountInfo.d.ts +66 -66
  2. package/dist/account/AccountInfo.mjs +77 -77
  3. package/dist/account/AuthToken.d.ts +17 -17
  4. package/dist/account/AuthToken.mjs +58 -58
  5. package/dist/account/CcsCredential.d.ts +9 -9
  6. package/dist/account/CcsCredential.mjs +8 -8
  7. package/dist/account/ClientCredentials.d.ts +19 -19
  8. package/dist/account/ClientInfo.d.ts +18 -18
  9. package/dist/account/ClientInfo.mjs +37 -37
  10. package/dist/account/TokenClaims.d.ts +83 -83
  11. package/dist/account/TokenClaims.mjs +20 -20
  12. package/dist/authority/Authority.d.ts +254 -254
  13. package/dist/authority/Authority.mjs +836 -836
  14. package/dist/authority/AuthorityFactory.d.ts +18 -18
  15. package/dist/authority/AuthorityFactory.mjs +28 -28
  16. package/dist/authority/AuthorityMetadata.d.ts +43 -43
  17. package/dist/authority/AuthorityMetadata.mjs +137 -137
  18. package/dist/authority/AuthorityOptions.d.ts +27 -27
  19. package/dist/authority/AuthorityOptions.mjs +18 -18
  20. package/dist/authority/AuthorityType.d.ts +10 -10
  21. package/dist/authority/AuthorityType.mjs +13 -13
  22. package/dist/authority/AzureRegion.d.ts +1 -1
  23. package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
  24. package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
  25. package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
  26. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
  27. package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
  28. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
  29. package/dist/authority/ImdsOptions.d.ts +5 -5
  30. package/dist/authority/OIDCOptions.d.ts +8 -8
  31. package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
  32. package/dist/authority/OpenIdConfigResponse.mjs +10 -10
  33. package/dist/authority/ProtocolMode.d.ts +8 -8
  34. package/dist/authority/ProtocolMode.mjs +11 -11
  35. package/dist/authority/RegionDiscovery.d.ts +32 -32
  36. package/dist/authority/RegionDiscovery.mjs +106 -106
  37. package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
  38. package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
  39. package/dist/cache/CacheManager.d.ts +497 -497
  40. package/dist/cache/CacheManager.mjs +1249 -1249
  41. package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
  42. package/dist/cache/entities/AccountEntity.d.ts +106 -106
  43. package/dist/cache/entities/AccountEntity.mjs +240 -240
  44. package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
  45. package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
  46. package/dist/cache/entities/CacheRecord.d.ts +13 -13
  47. package/dist/cache/entities/CredentialEntity.d.ts +30 -30
  48. package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
  49. package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
  50. package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -6
  51. package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
  52. package/dist/cache/interface/ICacheManager.d.ts +166 -166
  53. package/dist/cache/interface/ICachePlugin.d.ts +5 -5
  54. package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
  55. package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
  56. package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
  57. package/dist/cache/utils/CacheHelpers.d.ts +94 -94
  58. package/dist/cache/utils/CacheHelpers.mjs +324 -324
  59. package/dist/cache/utils/CacheTypes.d.ts +69 -69
  60. package/dist/client/AuthorizationCodeClient.d.ts +74 -74
  61. package/dist/client/AuthorizationCodeClient.mjs +420 -420
  62. package/dist/client/BaseClient.d.ts +51 -51
  63. package/dist/client/BaseClient.mjs +100 -100
  64. package/dist/client/RefreshTokenClient.d.ts +35 -35
  65. package/dist/client/RefreshTokenClient.mjs +211 -211
  66. package/dist/client/SilentFlowClient.d.ts +27 -27
  67. package/dist/client/SilentFlowClient.mjs +133 -133
  68. package/dist/config/AppTokenProvider.d.ts +38 -38
  69. package/dist/config/ClientConfiguration.d.ts +150 -150
  70. package/dist/config/ClientConfiguration.mjs +95 -95
  71. package/dist/constants/AADServerParamKeys.d.ts +53 -53
  72. package/dist/constants/AADServerParamKeys.mjs +57 -57
  73. package/dist/crypto/ICrypto.d.ts +68 -68
  74. package/dist/crypto/ICrypto.mjs +36 -36
  75. package/dist/crypto/IGuidGenerator.d.ts +4 -4
  76. package/dist/crypto/JoseHeader.d.ts +22 -22
  77. package/dist/crypto/JoseHeader.mjs +37 -37
  78. package/dist/crypto/PopTokenGenerator.d.ts +59 -59
  79. package/dist/crypto/PopTokenGenerator.mjs +81 -81
  80. package/dist/crypto/SignedHttpRequest.d.ts +15 -15
  81. package/dist/error/AuthError.d.ts +44 -44
  82. package/dist/error/AuthError.mjs +46 -46
  83. package/dist/error/AuthErrorCodes.d.ts +5 -5
  84. package/dist/error/AuthErrorCodes.mjs +9 -9
  85. package/dist/error/CacheError.d.ts +20 -20
  86. package/dist/error/CacheError.mjs +24 -24
  87. package/dist/error/CacheErrorCodes.d.ts +2 -2
  88. package/dist/error/CacheErrorCodes.mjs +6 -6
  89. package/dist/error/ClientAuthError.d.ts +237 -237
  90. package/dist/error/ClientAuthError.mjs +249 -249
  91. package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
  92. package/dist/error/ClientAuthErrorCodes.mjs +48 -48
  93. package/dist/error/ClientConfigurationError.d.ts +128 -128
  94. package/dist/error/ClientConfigurationError.mjs +135 -135
  95. package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
  96. package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
  97. package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
  98. package/dist/error/InteractionRequiredAuthError.mjs +85 -85
  99. package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
  100. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
  101. package/dist/error/JoseHeaderError.d.ts +15 -15
  102. package/dist/error/JoseHeaderError.mjs +22 -22
  103. package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
  104. package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
  105. package/dist/error/ServerError.d.ts +15 -15
  106. package/dist/error/ServerError.mjs +16 -16
  107. package/dist/index.cjs +8658 -8658
  108. package/dist/index.cjs.map +1 -1
  109. package/dist/index.d.ts +107 -107
  110. package/dist/index.mjs +1 -1
  111. package/dist/logger/Logger.d.ts +95 -95
  112. package/dist/logger/Logger.mjs +188 -188
  113. package/dist/network/INetworkModule.d.ts +29 -29
  114. package/dist/network/INetworkModule.mjs +12 -12
  115. package/dist/network/NetworkManager.d.ts +33 -33
  116. package/dist/network/NetworkManager.mjs +34 -34
  117. package/dist/network/RequestThumbprint.d.ts +18 -18
  118. package/dist/network/ThrottlingUtils.d.ts +42 -42
  119. package/dist/network/ThrottlingUtils.mjs +95 -95
  120. package/dist/packageMetadata.d.ts +2 -2
  121. package/dist/packageMetadata.mjs +4 -4
  122. package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
  123. package/dist/request/AuthenticationHeaderParser.mjs +55 -55
  124. package/dist/request/BaseAuthRequest.d.ts +47 -47
  125. package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
  126. package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
  127. package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
  128. package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
  129. package/dist/request/CommonEndSessionRequest.d.ts +21 -21
  130. package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
  131. package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
  132. package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
  133. package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
  134. package/dist/request/NativeRequest.d.ts +19 -19
  135. package/dist/request/NativeSignOutRequest.d.ts +5 -5
  136. package/dist/request/RequestParameterBuilder.d.ts +217 -217
  137. package/dist/request/RequestParameterBuilder.mjs +382 -382
  138. package/dist/request/RequestValidator.d.ts +27 -27
  139. package/dist/request/RequestValidator.mjs +64 -64
  140. package/dist/request/ScopeSet.d.ts +88 -88
  141. package/dist/request/ScopeSet.mjs +197 -197
  142. package/dist/request/StoreInCache.d.ts +8 -8
  143. package/dist/response/AuthenticationResult.d.ts +41 -41
  144. package/dist/response/AuthorizationCodePayload.d.ts +13 -13
  145. package/dist/response/DeviceCodeResponse.d.ts +25 -25
  146. package/dist/response/ExternalTokenResponse.d.ts +15 -15
  147. package/dist/response/IMDSBadResponse.d.ts +4 -4
  148. package/dist/response/ResponseHandler.d.ts +69 -69
  149. package/dist/response/ResponseHandler.mjs +374 -374
  150. package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
  151. package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
  152. package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
  153. package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
  154. package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
  155. package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
  156. package/dist/telemetry/performance/PerformanceEvent.d.ts +511 -505
  157. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  158. package/dist/telemetry/performance/PerformanceEvent.mjs +480 -480
  159. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  160. package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
  161. package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
  162. package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -78
  163. package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -260
  164. package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
  165. package/dist/url/IUri.d.ts +12 -12
  166. package/dist/url/UrlString.d.ts +48 -48
  167. package/dist/url/UrlString.mjs +161 -161
  168. package/dist/utils/ClientAssertionUtils.d.ts +2 -2
  169. package/dist/utils/ClientAssertionUtils.mjs +16 -16
  170. package/dist/utils/Constants.d.ts +309 -309
  171. package/dist/utils/Constants.mjs +322 -322
  172. package/dist/utils/FunctionWrappers.d.ts +27 -27
  173. package/dist/utils/FunctionWrappers.mjs +94 -94
  174. package/dist/utils/MsalTypes.d.ts +6 -6
  175. package/dist/utils/ProtocolUtils.d.ts +42 -42
  176. package/dist/utils/ProtocolUtils.mjs +69 -69
  177. package/dist/utils/StringUtils.d.ts +40 -40
  178. package/dist/utils/StringUtils.mjs +95 -95
  179. package/dist/utils/TimeUtils.d.ts +25 -25
  180. package/dist/utils/TimeUtils.mjs +43 -43
  181. package/dist/utils/UrlUtils.d.ts +10 -10
  182. package/dist/utils/UrlUtils.mjs +44 -44
  183. package/package.json +1 -1
  184. package/src/packageMetadata.ts +1 -1
  185. package/src/telemetry/performance/PerformanceEvent.ts +7 -0
@@ -1,61 +1,61 @@
1
- /*! @azure/msal-common v14.14.0 2024-07-23 */
1
+ /*! @azure/msal-common v14.14.2 2024-08-28 */
2
2
  'use strict';
3
- /*
4
- * Copyright (c) Microsoft Corporation. All rights reserved.
5
- * Licensed under the MIT License.
6
- */
7
- const CLIENT_ID = "client_id";
8
- const REDIRECT_URI = "redirect_uri";
9
- const RESPONSE_TYPE = "response_type";
10
- const RESPONSE_MODE = "response_mode";
11
- const GRANT_TYPE = "grant_type";
12
- const CLAIMS = "claims";
13
- const SCOPE = "scope";
14
- const ERROR = "error";
15
- const ERROR_DESCRIPTION = "error_description";
16
- const ACCESS_TOKEN = "access_token";
17
- const ID_TOKEN = "id_token";
18
- const REFRESH_TOKEN = "refresh_token";
19
- const EXPIRES_IN = "expires_in";
20
- const REFRESH_TOKEN_EXPIRES_IN = "refresh_token_expires_in";
21
- const STATE = "state";
22
- const NONCE = "nonce";
23
- const PROMPT = "prompt";
24
- const SESSION_STATE = "session_state";
25
- const CLIENT_INFO = "client_info";
26
- const CODE = "code";
27
- const CODE_CHALLENGE = "code_challenge";
28
- const CODE_CHALLENGE_METHOD = "code_challenge_method";
29
- const CODE_VERIFIER = "code_verifier";
30
- const CLIENT_REQUEST_ID = "client-request-id";
31
- const X_CLIENT_SKU = "x-client-SKU";
32
- const X_CLIENT_VER = "x-client-VER";
33
- const X_CLIENT_OS = "x-client-OS";
34
- const X_CLIENT_CPU = "x-client-CPU";
35
- const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
36
- const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
37
- const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
38
- const X_APP_NAME = "x-app-name";
39
- const X_APP_VER = "x-app-ver";
40
- const POST_LOGOUT_URI = "post_logout_redirect_uri";
41
- const ID_TOKEN_HINT = "id_token_hint";
42
- const DEVICE_CODE = "device_code";
43
- const CLIENT_SECRET = "client_secret";
44
- const CLIENT_ASSERTION = "client_assertion";
45
- const CLIENT_ASSERTION_TYPE = "client_assertion_type";
46
- const TOKEN_TYPE = "token_type";
47
- const REQ_CNF = "req_cnf";
48
- const OBO_ASSERTION = "assertion";
49
- const REQUESTED_TOKEN_USE = "requested_token_use";
50
- const ON_BEHALF_OF = "on_behalf_of";
51
- const FOCI = "foci";
52
- const CCS_HEADER = "X-AnchorMailbox";
53
- const RETURN_SPA_CODE = "return_spa_code";
54
- const NATIVE_BROKER = "nativebroker";
55
- const LOGOUT_HINT = "logout_hint";
56
- const SID = "sid";
57
- const LOGIN_HINT = "login_hint";
58
- const DOMAIN_HINT = "domain_hint";
3
+ /*
4
+ * Copyright (c) Microsoft Corporation. All rights reserved.
5
+ * Licensed under the MIT License.
6
+ */
7
+ const CLIENT_ID = "client_id";
8
+ const REDIRECT_URI = "redirect_uri";
9
+ const RESPONSE_TYPE = "response_type";
10
+ const RESPONSE_MODE = "response_mode";
11
+ const GRANT_TYPE = "grant_type";
12
+ const CLAIMS = "claims";
13
+ const SCOPE = "scope";
14
+ const ERROR = "error";
15
+ const ERROR_DESCRIPTION = "error_description";
16
+ const ACCESS_TOKEN = "access_token";
17
+ const ID_TOKEN = "id_token";
18
+ const REFRESH_TOKEN = "refresh_token";
19
+ const EXPIRES_IN = "expires_in";
20
+ const REFRESH_TOKEN_EXPIRES_IN = "refresh_token_expires_in";
21
+ const STATE = "state";
22
+ const NONCE = "nonce";
23
+ const PROMPT = "prompt";
24
+ const SESSION_STATE = "session_state";
25
+ const CLIENT_INFO = "client_info";
26
+ const CODE = "code";
27
+ const CODE_CHALLENGE = "code_challenge";
28
+ const CODE_CHALLENGE_METHOD = "code_challenge_method";
29
+ const CODE_VERIFIER = "code_verifier";
30
+ const CLIENT_REQUEST_ID = "client-request-id";
31
+ const X_CLIENT_SKU = "x-client-SKU";
32
+ const X_CLIENT_VER = "x-client-VER";
33
+ const X_CLIENT_OS = "x-client-OS";
34
+ const X_CLIENT_CPU = "x-client-CPU";
35
+ const X_CLIENT_CURR_TELEM = "x-client-current-telemetry";
36
+ const X_CLIENT_LAST_TELEM = "x-client-last-telemetry";
37
+ const X_MS_LIB_CAPABILITY = "x-ms-lib-capability";
38
+ const X_APP_NAME = "x-app-name";
39
+ const X_APP_VER = "x-app-ver";
40
+ const POST_LOGOUT_URI = "post_logout_redirect_uri";
41
+ const ID_TOKEN_HINT = "id_token_hint";
42
+ const DEVICE_CODE = "device_code";
43
+ const CLIENT_SECRET = "client_secret";
44
+ const CLIENT_ASSERTION = "client_assertion";
45
+ const CLIENT_ASSERTION_TYPE = "client_assertion_type";
46
+ const TOKEN_TYPE = "token_type";
47
+ const REQ_CNF = "req_cnf";
48
+ const OBO_ASSERTION = "assertion";
49
+ const REQUESTED_TOKEN_USE = "requested_token_use";
50
+ const ON_BEHALF_OF = "on_behalf_of";
51
+ const FOCI = "foci";
52
+ const CCS_HEADER = "X-AnchorMailbox";
53
+ const RETURN_SPA_CODE = "return_spa_code";
54
+ const NATIVE_BROKER = "nativebroker";
55
+ const LOGOUT_HINT = "logout_hint";
56
+ const SID = "sid";
57
+ const LOGIN_HINT = "login_hint";
58
+ const DOMAIN_HINT = "domain_hint";
59
59
  const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
60
60
 
61
61
  export { ACCESS_TOKEN, CCS_HEADER, CLAIMS, CLIENT_ASSERTION, CLIENT_ASSERTION_TYPE, CLIENT_ID, CLIENT_INFO, CLIENT_REQUEST_ID, CLIENT_SECRET, CODE, CODE_CHALLENGE, CODE_CHALLENGE_METHOD, CODE_VERIFIER, DEVICE_CODE, DOMAIN_HINT, ERROR, ERROR_DESCRIPTION, EXPIRES_IN, FOCI, GRANT_TYPE, ID_TOKEN, ID_TOKEN_HINT, LOGIN_HINT, LOGOUT_HINT, NATIVE_BROKER, NONCE, OBO_ASSERTION, ON_BEHALF_OF, POST_LOGOUT_URI, PROMPT, REDIRECT_URI, REFRESH_TOKEN, REFRESH_TOKEN_EXPIRES_IN, REQUESTED_TOKEN_USE, REQ_CNF, RESPONSE_MODE, RESPONSE_TYPE, RETURN_SPA_CODE, SCOPE, SESSION_STATE, SID, STATE, TOKEN_TYPE, X_APP_NAME, X_APP_VER, X_CLIENT_CPU, X_CLIENT_CURR_TELEM, X_CLIENT_EXTRA_SKU, X_CLIENT_LAST_TELEM, X_CLIENT_OS, X_CLIENT_SKU, X_CLIENT_VER, X_MS_LIB_CAPABILITY };
@@ -1,69 +1,69 @@
1
- import { BaseAuthRequest } from "../request/BaseAuthRequest";
2
- import { ShrOptions, SignedHttpRequest } from "./SignedHttpRequest";
3
- /**
4
- * The PkceCodes type describes the structure
5
- * of objects that contain PKCE code
6
- * challenge and verifier pairs
7
- */
8
- export type PkceCodes = {
9
- verifier: string;
10
- challenge: string;
11
- };
12
- export type SignedHttpRequestParameters = Pick<BaseAuthRequest, "resourceRequestMethod" | "resourceRequestUri" | "shrClaims" | "shrNonce" | "shrOptions"> & {
13
- correlationId?: string;
14
- };
15
- /**
16
- * Interface for crypto functions used by library
17
- */
18
- export interface ICrypto {
19
- /**
20
- * Creates a guid randomly.
21
- */
22
- createNewGuid(): string;
23
- /**
24
- * base64 Encode string
25
- * @param input
26
- */
27
- base64Encode(input: string): string;
28
- /**
29
- * base64 decode string
30
- * @param input
31
- */
32
- base64Decode(input: string): string;
33
- /**
34
- * base64 URL safe encoded string
35
- */
36
- base64UrlEncode(input: string): string;
37
- /**
38
- * Stringifies and base64Url encodes input public key
39
- * @param inputKid
40
- * @returns Base64Url encoded public key
41
- */
42
- encodeKid(inputKid: string): string;
43
- /**
44
- * Generates an JWK RSA S256 Thumbprint
45
- * @param request
46
- */
47
- getPublicKeyThumbprint(request: SignedHttpRequestParameters): Promise<string>;
48
- /**
49
- * Removes cryptographic keypair from key store matching the keyId passed in
50
- * @param kid
51
- */
52
- removeTokenBindingKey(kid: string): Promise<boolean>;
53
- /**
54
- * Removes all cryptographic keys from IndexedDB storage
55
- */
56
- clearKeystore(): Promise<boolean>;
57
- /**
58
- * Returns a signed proof-of-possession token with a given acces token that contains a cnf claim with the required kid.
59
- * @param accessToken
60
- */
61
- signJwt(payload: SignedHttpRequest, kid: string, shrOptions?: ShrOptions, correlationId?: string): Promise<string>;
62
- /**
63
- * Returns the SHA-256 hash of an input string
64
- * @param plainText
65
- */
66
- hashString(plainText: string): Promise<string>;
67
- }
68
- export declare const DEFAULT_CRYPTO_IMPLEMENTATION: ICrypto;
1
+ import { BaseAuthRequest } from "../request/BaseAuthRequest";
2
+ import { ShrOptions, SignedHttpRequest } from "./SignedHttpRequest";
3
+ /**
4
+ * The PkceCodes type describes the structure
5
+ * of objects that contain PKCE code
6
+ * challenge and verifier pairs
7
+ */
8
+ export type PkceCodes = {
9
+ verifier: string;
10
+ challenge: string;
11
+ };
12
+ export type SignedHttpRequestParameters = Pick<BaseAuthRequest, "resourceRequestMethod" | "resourceRequestUri" | "shrClaims" | "shrNonce" | "shrOptions"> & {
13
+ correlationId?: string;
14
+ };
15
+ /**
16
+ * Interface for crypto functions used by library
17
+ */
18
+ export interface ICrypto {
19
+ /**
20
+ * Creates a guid randomly.
21
+ */
22
+ createNewGuid(): string;
23
+ /**
24
+ * base64 Encode string
25
+ * @param input
26
+ */
27
+ base64Encode(input: string): string;
28
+ /**
29
+ * base64 decode string
30
+ * @param input
31
+ */
32
+ base64Decode(input: string): string;
33
+ /**
34
+ * base64 URL safe encoded string
35
+ */
36
+ base64UrlEncode(input: string): string;
37
+ /**
38
+ * Stringifies and base64Url encodes input public key
39
+ * @param inputKid
40
+ * @returns Base64Url encoded public key
41
+ */
42
+ encodeKid(inputKid: string): string;
43
+ /**
44
+ * Generates an JWK RSA S256 Thumbprint
45
+ * @param request
46
+ */
47
+ getPublicKeyThumbprint(request: SignedHttpRequestParameters): Promise<string>;
48
+ /**
49
+ * Removes cryptographic keypair from key store matching the keyId passed in
50
+ * @param kid
51
+ */
52
+ removeTokenBindingKey(kid: string): Promise<boolean>;
53
+ /**
54
+ * Removes all cryptographic keys from IndexedDB storage
55
+ */
56
+ clearKeystore(): Promise<boolean>;
57
+ /**
58
+ * Returns a signed proof-of-possession token with a given acces token that contains a cnf claim with the required kid.
59
+ * @param accessToken
60
+ */
61
+ signJwt(payload: SignedHttpRequest, kid: string, shrOptions?: ShrOptions, correlationId?: string): Promise<string>;
62
+ /**
63
+ * Returns the SHA-256 hash of an input string
64
+ * @param plainText
65
+ */
66
+ hashString(plainText: string): Promise<string>;
67
+ }
68
+ export declare const DEFAULT_CRYPTO_IMPLEMENTATION: ICrypto;
69
69
  //# sourceMappingURL=ICrypto.d.ts.map
@@ -1,43 +1,43 @@
1
- /*! @azure/msal-common v14.14.0 2024-07-23 */
1
+ /*! @azure/msal-common v14.14.2 2024-08-28 */
2
2
  'use strict';
3
3
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
4
4
  import { methodNotImplemented } from '../error/ClientAuthErrorCodes.mjs';
5
5
 
6
- /*
7
- * Copyright (c) Microsoft Corporation. All rights reserved.
8
- * Licensed under the MIT License.
9
- */
10
- const DEFAULT_CRYPTO_IMPLEMENTATION = {
11
- createNewGuid: () => {
12
- throw createClientAuthError(methodNotImplemented);
13
- },
14
- base64Decode: () => {
15
- throw createClientAuthError(methodNotImplemented);
16
- },
17
- base64Encode: () => {
18
- throw createClientAuthError(methodNotImplemented);
19
- },
20
- base64UrlEncode: () => {
21
- throw createClientAuthError(methodNotImplemented);
22
- },
23
- encodeKid: () => {
24
- throw createClientAuthError(methodNotImplemented);
25
- },
26
- async getPublicKeyThumbprint() {
27
- throw createClientAuthError(methodNotImplemented);
28
- },
29
- async removeTokenBindingKey() {
30
- throw createClientAuthError(methodNotImplemented);
31
- },
32
- async clearKeystore() {
33
- throw createClientAuthError(methodNotImplemented);
34
- },
35
- async signJwt() {
36
- throw createClientAuthError(methodNotImplemented);
37
- },
38
- async hashString() {
39
- throw createClientAuthError(methodNotImplemented);
40
- },
6
+ /*
7
+ * Copyright (c) Microsoft Corporation. All rights reserved.
8
+ * Licensed under the MIT License.
9
+ */
10
+ const DEFAULT_CRYPTO_IMPLEMENTATION = {
11
+ createNewGuid: () => {
12
+ throw createClientAuthError(methodNotImplemented);
13
+ },
14
+ base64Decode: () => {
15
+ throw createClientAuthError(methodNotImplemented);
16
+ },
17
+ base64Encode: () => {
18
+ throw createClientAuthError(methodNotImplemented);
19
+ },
20
+ base64UrlEncode: () => {
21
+ throw createClientAuthError(methodNotImplemented);
22
+ },
23
+ encodeKid: () => {
24
+ throw createClientAuthError(methodNotImplemented);
25
+ },
26
+ async getPublicKeyThumbprint() {
27
+ throw createClientAuthError(methodNotImplemented);
28
+ },
29
+ async removeTokenBindingKey() {
30
+ throw createClientAuthError(methodNotImplemented);
31
+ },
32
+ async clearKeystore() {
33
+ throw createClientAuthError(methodNotImplemented);
34
+ },
35
+ async signJwt() {
36
+ throw createClientAuthError(methodNotImplemented);
37
+ },
38
+ async hashString() {
39
+ throw createClientAuthError(methodNotImplemented);
40
+ },
41
41
  };
42
42
 
43
43
  export { DEFAULT_CRYPTO_IMPLEMENTATION };
@@ -1,5 +1,5 @@
1
- export interface IGuidGenerator {
2
- generateGuid(): string;
3
- isGuid(guid: string): boolean;
4
- }
1
+ export interface IGuidGenerator {
2
+ generateGuid(): string;
3
+ isGuid(guid: string): boolean;
4
+ }
5
5
  //# sourceMappingURL=IGuidGenerator.d.ts.map
@@ -1,23 +1,23 @@
1
- import { JsonWebTokenTypes } from "../utils/Constants";
2
- export type JoseHeaderOptions = {
3
- typ?: JsonWebTokenTypes;
4
- alg?: string;
5
- kid?: string;
6
- };
7
- /** @internal */
8
- export declare class JoseHeader {
9
- typ?: JsonWebTokenTypes;
10
- alg?: string;
11
- kid?: string;
12
- constructor(options: JoseHeaderOptions);
13
- /**
14
- * Builds SignedHttpRequest formatted JOSE Header from the
15
- * JOSE Header options provided or previously set on the object and returns
16
- * the stringified header object.
17
- * Throws if keyId or algorithm aren't provided since they are required for Access Token Binding.
18
- * @param shrHeaderOptions
19
- * @returns
20
- */
21
- static getShrHeaderString(shrHeaderOptions: JoseHeaderOptions): string;
22
- }
1
+ import { JsonWebTokenTypes } from "../utils/Constants";
2
+ export type JoseHeaderOptions = {
3
+ typ?: JsonWebTokenTypes;
4
+ alg?: string;
5
+ kid?: string;
6
+ };
7
+ /** @internal */
8
+ export declare class JoseHeader {
9
+ typ?: JsonWebTokenTypes;
10
+ alg?: string;
11
+ kid?: string;
12
+ constructor(options: JoseHeaderOptions);
13
+ /**
14
+ * Builds SignedHttpRequest formatted JOSE Header from the
15
+ * JOSE Header options provided or previously set on the object and returns
16
+ * the stringified header object.
17
+ * Throws if keyId or algorithm aren't provided since they are required for Access Token Binding.
18
+ * @param shrHeaderOptions
19
+ * @returns
20
+ */
21
+ static getShrHeaderString(shrHeaderOptions: JoseHeaderOptions): string;
22
+ }
23
23
  //# sourceMappingURL=JoseHeader.d.ts.map
@@ -1,45 +1,45 @@
1
- /*! @azure/msal-common v14.14.0 2024-07-23 */
1
+ /*! @azure/msal-common v14.14.2 2024-08-28 */
2
2
  'use strict';
3
3
  import { createJoseHeaderError } from '../error/JoseHeaderError.mjs';
4
4
  import { JsonWebTokenTypes } from '../utils/Constants.mjs';
5
5
  import { missingKidError, missingAlgError } from '../error/JoseHeaderErrorCodes.mjs';
6
6
 
7
- /*
8
- * Copyright (c) Microsoft Corporation. All rights reserved.
9
- * Licensed under the MIT License.
10
- */
11
- /** @internal */
12
- class JoseHeader {
13
- constructor(options) {
14
- this.typ = options.typ;
15
- this.alg = options.alg;
16
- this.kid = options.kid;
17
- }
18
- /**
19
- * Builds SignedHttpRequest formatted JOSE Header from the
20
- * JOSE Header options provided or previously set on the object and returns
21
- * the stringified header object.
22
- * Throws if keyId or algorithm aren't provided since they are required for Access Token Binding.
23
- * @param shrHeaderOptions
24
- * @returns
25
- */
26
- static getShrHeaderString(shrHeaderOptions) {
27
- // KeyID is required on the SHR header
28
- if (!shrHeaderOptions.kid) {
29
- throw createJoseHeaderError(missingKidError);
30
- }
31
- // Alg is required on the SHR header
32
- if (!shrHeaderOptions.alg) {
33
- throw createJoseHeaderError(missingAlgError);
34
- }
35
- const shrHeader = new JoseHeader({
36
- // Access Token PoP headers must have type pop, but the type header can be overriden for special cases
37
- typ: shrHeaderOptions.typ || JsonWebTokenTypes.Pop,
38
- kid: shrHeaderOptions.kid,
39
- alg: shrHeaderOptions.alg,
40
- });
41
- return JSON.stringify(shrHeader);
42
- }
7
+ /*
8
+ * Copyright (c) Microsoft Corporation. All rights reserved.
9
+ * Licensed under the MIT License.
10
+ */
11
+ /** @internal */
12
+ class JoseHeader {
13
+ constructor(options) {
14
+ this.typ = options.typ;
15
+ this.alg = options.alg;
16
+ this.kid = options.kid;
17
+ }
18
+ /**
19
+ * Builds SignedHttpRequest formatted JOSE Header from the
20
+ * JOSE Header options provided or previously set on the object and returns
21
+ * the stringified header object.
22
+ * Throws if keyId or algorithm aren't provided since they are required for Access Token Binding.
23
+ * @param shrHeaderOptions
24
+ * @returns
25
+ */
26
+ static getShrHeaderString(shrHeaderOptions) {
27
+ // KeyID is required on the SHR header
28
+ if (!shrHeaderOptions.kid) {
29
+ throw createJoseHeaderError(missingKidError);
30
+ }
31
+ // Alg is required on the SHR header
32
+ if (!shrHeaderOptions.alg) {
33
+ throw createJoseHeaderError(missingAlgError);
34
+ }
35
+ const shrHeader = new JoseHeader({
36
+ // Access Token PoP headers must have type pop, but the type header can be overriden for special cases
37
+ typ: shrHeaderOptions.typ || JsonWebTokenTypes.Pop,
38
+ kid: shrHeaderOptions.kid,
39
+ alg: shrHeaderOptions.alg,
40
+ });
41
+ return JSON.stringify(shrHeader);
42
+ }
43
43
  }
44
44
 
45
45
  export { JoseHeader };
@@ -1,60 +1,60 @@
1
- import { ICrypto, SignedHttpRequestParameters } from "./ICrypto";
2
- import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient";
3
- import { Logger } from "../logger/Logger";
4
- /**
5
- * See eSTS docs for more info.
6
- * - A kid element, with the value containing an RFC 7638-compliant JWK thumbprint that is base64 encoded.
7
- * - xms_ksl element, representing the storage location of the key's secret component on the client device. One of two values:
8
- * - sw: software storage
9
- * - uhw: hardware storage
10
- */
11
- type ReqCnf = {
12
- kid: string;
13
- xms_ksl: KeyLocation;
14
- };
15
- export type ReqCnfData = {
16
- kid: string;
17
- reqCnfString: string;
18
- };
19
- declare const KeyLocation: {
20
- readonly SW: "sw";
21
- readonly UHW: "uhw";
22
- };
23
- export type KeyLocation = (typeof KeyLocation)[keyof typeof KeyLocation];
24
- /** @internal */
25
- export declare class PopTokenGenerator {
26
- private cryptoUtils;
27
- private performanceClient?;
28
- constructor(cryptoUtils: ICrypto, performanceClient?: IPerformanceClient);
29
- /**
30
- * Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
31
- * and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
32
- * @param request
33
- * @returns
34
- */
35
- generateCnf(request: SignedHttpRequestParameters, logger: Logger): Promise<ReqCnfData>;
36
- /**
37
- * Generates key_id for a SHR token request
38
- * @param request
39
- * @returns
40
- */
41
- generateKid(request: SignedHttpRequestParameters): Promise<ReqCnf>;
42
- /**
43
- * Signs the POP access_token with the local generated key-pair
44
- * @param accessToken
45
- * @param request
46
- * @returns
47
- */
48
- signPopToken(accessToken: string, keyId: string, request: SignedHttpRequestParameters): Promise<string>;
49
- /**
50
- * Utility function to generate the signed JWT for an access_token
51
- * @param payload
52
- * @param kid
53
- * @param request
54
- * @param claims
55
- * @returns
56
- */
57
- signPayload(payload: string, keyId: string, request: SignedHttpRequestParameters, claims?: object): Promise<string>;
58
- }
59
- export {};
1
+ import { ICrypto, SignedHttpRequestParameters } from "./ICrypto";
2
+ import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient";
3
+ import { Logger } from "../logger/Logger";
4
+ /**
5
+ * See eSTS docs for more info.
6
+ * - A kid element, with the value containing an RFC 7638-compliant JWK thumbprint that is base64 encoded.
7
+ * - xms_ksl element, representing the storage location of the key's secret component on the client device. One of two values:
8
+ * - sw: software storage
9
+ * - uhw: hardware storage
10
+ */
11
+ type ReqCnf = {
12
+ kid: string;
13
+ xms_ksl: KeyLocation;
14
+ };
15
+ export type ReqCnfData = {
16
+ kid: string;
17
+ reqCnfString: string;
18
+ };
19
+ declare const KeyLocation: {
20
+ readonly SW: "sw";
21
+ readonly UHW: "uhw";
22
+ };
23
+ export type KeyLocation = (typeof KeyLocation)[keyof typeof KeyLocation];
24
+ /** @internal */
25
+ export declare class PopTokenGenerator {
26
+ private cryptoUtils;
27
+ private performanceClient?;
28
+ constructor(cryptoUtils: ICrypto, performanceClient?: IPerformanceClient);
29
+ /**
30
+ * Generates the req_cnf validated at the RP in the POP protocol for SHR parameters
31
+ * and returns an object containing the keyid, the full req_cnf string and the req_cnf string hash
32
+ * @param request
33
+ * @returns
34
+ */
35
+ generateCnf(request: SignedHttpRequestParameters, logger: Logger): Promise<ReqCnfData>;
36
+ /**
37
+ * Generates key_id for a SHR token request
38
+ * @param request
39
+ * @returns
40
+ */
41
+ generateKid(request: SignedHttpRequestParameters): Promise<ReqCnf>;
42
+ /**
43
+ * Signs the POP access_token with the local generated key-pair
44
+ * @param accessToken
45
+ * @param request
46
+ * @returns
47
+ */
48
+ signPopToken(accessToken: string, keyId: string, request: SignedHttpRequestParameters): Promise<string>;
49
+ /**
50
+ * Utility function to generate the signed JWT for an access_token
51
+ * @param payload
52
+ * @param kid
53
+ * @param request
54
+ * @param claims
55
+ * @returns
56
+ */
57
+ signPayload(payload: string, keyId: string, request: SignedHttpRequestParameters, claims?: object): Promise<string>;
58
+ }
59
+ export {};
60
60
  //# sourceMappingURL=PopTokenGenerator.d.ts.map