@azure/msal-common 14.14.0 → 14.14.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +66 -66
- package/dist/account/AccountInfo.mjs +77 -77
- package/dist/account/AuthToken.d.ts +17 -17
- package/dist/account/AuthToken.mjs +58 -58
- package/dist/account/CcsCredential.d.ts +9 -9
- package/dist/account/CcsCredential.mjs +8 -8
- package/dist/account/ClientCredentials.d.ts +19 -19
- package/dist/account/ClientInfo.d.ts +18 -18
- package/dist/account/ClientInfo.mjs +37 -37
- package/dist/account/TokenClaims.d.ts +83 -83
- package/dist/account/TokenClaims.mjs +20 -20
- package/dist/authority/Authority.d.ts +254 -254
- package/dist/authority/Authority.mjs +836 -836
- package/dist/authority/AuthorityFactory.d.ts +18 -18
- package/dist/authority/AuthorityFactory.mjs +28 -28
- package/dist/authority/AuthorityMetadata.d.ts +43 -43
- package/dist/authority/AuthorityMetadata.mjs +137 -137
- package/dist/authority/AuthorityOptions.d.ts +27 -27
- package/dist/authority/AuthorityOptions.mjs +18 -18
- package/dist/authority/AuthorityType.d.ts +10 -10
- package/dist/authority/AuthorityType.mjs +13 -13
- package/dist/authority/AzureRegion.d.ts +1 -1
- package/dist/authority/AzureRegionConfiguration.d.ts +5 -5
- package/dist/authority/CloudDiscoveryMetadata.d.ts +5 -5
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.d.ts +13 -13
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +8 -8
- package/dist/authority/CloudInstanceDiscoveryResponse.d.ts +9 -9
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +8 -8
- package/dist/authority/ImdsOptions.d.ts +5 -5
- package/dist/authority/OIDCOptions.d.ts +8 -8
- package/dist/authority/OpenIdConfigResponse.d.ts +11 -11
- package/dist/authority/OpenIdConfigResponse.mjs +10 -10
- package/dist/authority/ProtocolMode.d.ts +8 -8
- package/dist/authority/ProtocolMode.mjs +11 -11
- package/dist/authority/RegionDiscovery.d.ts +32 -32
- package/dist/authority/RegionDiscovery.mjs +106 -106
- package/dist/authority/RegionDiscoveryMetadata.d.ts +6 -6
- package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +15 -15
- package/dist/cache/CacheManager.d.ts +497 -497
- package/dist/cache/CacheManager.mjs +1249 -1249
- package/dist/cache/entities/AccessTokenEntity.d.ts +25 -25
- package/dist/cache/entities/AccountEntity.d.ts +106 -106
- package/dist/cache/entities/AccountEntity.mjs +240 -240
- package/dist/cache/entities/AppMetadataEntity.d.ts +11 -11
- package/dist/cache/entities/AuthorityMetadataEntity.d.ts +15 -15
- package/dist/cache/entities/CacheRecord.d.ts +13 -13
- package/dist/cache/entities/CredentialEntity.d.ts +30 -30
- package/dist/cache/entities/IdTokenEntity.d.ts +8 -8
- package/dist/cache/entities/RefreshTokenEntity.d.ts +7 -7
- package/dist/cache/entities/ServerTelemetryEntity.d.ts +6 -6
- package/dist/cache/entities/ThrottlingEntity.d.ts +7 -7
- package/dist/cache/interface/ICacheManager.d.ts +166 -166
- package/dist/cache/interface/ICachePlugin.d.ts +5 -5
- package/dist/cache/interface/ISerializableTokenCache.d.ts +4 -4
- package/dist/cache/persistence/TokenCacheContext.d.ts +23 -23
- package/dist/cache/persistence/TokenCacheContext.mjs +25 -25
- package/dist/cache/utils/CacheHelpers.d.ts +94 -94
- package/dist/cache/utils/CacheHelpers.mjs +324 -324
- package/dist/cache/utils/CacheTypes.d.ts +69 -69
- package/dist/client/AuthorizationCodeClient.d.ts +74 -74
- package/dist/client/AuthorizationCodeClient.mjs +420 -420
- package/dist/client/BaseClient.d.ts +51 -51
- package/dist/client/BaseClient.mjs +100 -100
- package/dist/client/RefreshTokenClient.d.ts +35 -35
- package/dist/client/RefreshTokenClient.mjs +211 -211
- package/dist/client/SilentFlowClient.d.ts +27 -27
- package/dist/client/SilentFlowClient.mjs +133 -133
- package/dist/config/AppTokenProvider.d.ts +38 -38
- package/dist/config/ClientConfiguration.d.ts +150 -150
- package/dist/config/ClientConfiguration.mjs +95 -95
- package/dist/constants/AADServerParamKeys.d.ts +53 -53
- package/dist/constants/AADServerParamKeys.mjs +57 -57
- package/dist/crypto/ICrypto.d.ts +68 -68
- package/dist/crypto/ICrypto.mjs +36 -36
- package/dist/crypto/IGuidGenerator.d.ts +4 -4
- package/dist/crypto/JoseHeader.d.ts +22 -22
- package/dist/crypto/JoseHeader.mjs +37 -37
- package/dist/crypto/PopTokenGenerator.d.ts +59 -59
- package/dist/crypto/PopTokenGenerator.mjs +81 -81
- package/dist/crypto/SignedHttpRequest.d.ts +15 -15
- package/dist/error/AuthError.d.ts +44 -44
- package/dist/error/AuthError.mjs +46 -46
- package/dist/error/AuthErrorCodes.d.ts +5 -5
- package/dist/error/AuthErrorCodes.mjs +9 -9
- package/dist/error/CacheError.d.ts +20 -20
- package/dist/error/CacheError.mjs +24 -24
- package/dist/error/CacheErrorCodes.d.ts +2 -2
- package/dist/error/CacheErrorCodes.mjs +6 -6
- package/dist/error/ClientAuthError.d.ts +237 -237
- package/dist/error/ClientAuthError.mjs +249 -249
- package/dist/error/ClientAuthErrorCodes.d.ts +44 -44
- package/dist/error/ClientAuthErrorCodes.mjs +48 -48
- package/dist/error/ClientConfigurationError.d.ts +128 -128
- package/dist/error/ClientConfigurationError.mjs +135 -135
- package/dist/error/ClientConfigurationErrorCodes.d.ts +22 -22
- package/dist/error/ClientConfigurationErrorCodes.mjs +26 -26
- package/dist/error/InteractionRequiredAuthError.d.ts +65 -65
- package/dist/error/InteractionRequiredAuthError.mjs +85 -85
- package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +7 -7
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +13 -13
- package/dist/error/JoseHeaderError.d.ts +15 -15
- package/dist/error/JoseHeaderError.mjs +22 -22
- package/dist/error/JoseHeaderErrorCodes.d.ts +2 -2
- package/dist/error/JoseHeaderErrorCodes.mjs +6 -6
- package/dist/error/ServerError.d.ts +15 -15
- package/dist/error/ServerError.mjs +16 -16
- package/dist/index.cjs +8658 -8658
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +107 -107
- package/dist/index.mjs +1 -1
- package/dist/logger/Logger.d.ts +95 -95
- package/dist/logger/Logger.mjs +188 -188
- package/dist/network/INetworkModule.d.ts +29 -29
- package/dist/network/INetworkModule.mjs +12 -12
- package/dist/network/NetworkManager.d.ts +33 -33
- package/dist/network/NetworkManager.mjs +34 -34
- package/dist/network/RequestThumbprint.d.ts +18 -18
- package/dist/network/ThrottlingUtils.d.ts +42 -42
- package/dist/network/ThrottlingUtils.mjs +95 -95
- package/dist/packageMetadata.d.ts +2 -2
- package/dist/packageMetadata.mjs +4 -4
- package/dist/request/AuthenticationHeaderParser.d.ts +19 -19
- package/dist/request/AuthenticationHeaderParser.mjs +55 -55
- package/dist/request/BaseAuthRequest.d.ts +47 -47
- package/dist/request/CommonAuthorizationCodeRequest.d.ts +27 -27
- package/dist/request/CommonAuthorizationUrlRequest.d.ts +50 -50
- package/dist/request/CommonClientCredentialRequest.d.ts +17 -17
- package/dist/request/CommonDeviceCodeRequest.d.ts +21 -21
- package/dist/request/CommonEndSessionRequest.d.ts +21 -21
- package/dist/request/CommonOnBehalfOfRequest.d.ts +13 -13
- package/dist/request/CommonRefreshTokenRequest.d.ts +22 -22
- package/dist/request/CommonSilentFlowRequest.d.ts +27 -27
- package/dist/request/CommonUsernamePasswordRequest.d.ts +17 -17
- package/dist/request/NativeRequest.d.ts +19 -19
- package/dist/request/NativeSignOutRequest.d.ts +5 -5
- package/dist/request/RequestParameterBuilder.d.ts +217 -217
- package/dist/request/RequestParameterBuilder.mjs +382 -382
- package/dist/request/RequestValidator.d.ts +27 -27
- package/dist/request/RequestValidator.mjs +64 -64
- package/dist/request/ScopeSet.d.ts +88 -88
- package/dist/request/ScopeSet.mjs +197 -197
- package/dist/request/StoreInCache.d.ts +8 -8
- package/dist/response/AuthenticationResult.d.ts +41 -41
- package/dist/response/AuthorizationCodePayload.d.ts +13 -13
- package/dist/response/DeviceCodeResponse.d.ts +25 -25
- package/dist/response/ExternalTokenResponse.d.ts +15 -15
- package/dist/response/IMDSBadResponse.d.ts +4 -4
- package/dist/response/ResponseHandler.d.ts +69 -69
- package/dist/response/ResponseHandler.mjs +374 -374
- package/dist/response/ServerAuthorizationCodeResponse.d.ts +26 -26
- package/dist/response/ServerAuthorizationTokenResponse.d.ts +47 -47
- package/dist/telemetry/performance/IPerformanceClient.d.ts +57 -57
- package/dist/telemetry/performance/IPerformanceMeasurement.d.ts +5 -5
- package/dist/telemetry/performance/PerformanceClient.d.ts +242 -242
- package/dist/telemetry/performance/PerformanceClient.mjs +587 -587
- package/dist/telemetry/performance/PerformanceEvent.d.ts +511 -505
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +480 -480
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.d.ts +24 -24
- package/dist/telemetry/performance/StubPerformanceClient.mjs +76 -76
- package/dist/telemetry/server/ServerTelemetryManager.d.ts +78 -78
- package/dist/telemetry/server/ServerTelemetryManager.mjs +260 -260
- package/dist/telemetry/server/ServerTelemetryRequest.d.ts +8 -8
- package/dist/url/IUri.d.ts +12 -12
- package/dist/url/UrlString.d.ts +48 -48
- package/dist/url/UrlString.mjs +161 -161
- package/dist/utils/ClientAssertionUtils.d.ts +2 -2
- package/dist/utils/ClientAssertionUtils.mjs +16 -16
- package/dist/utils/Constants.d.ts +309 -309
- package/dist/utils/Constants.mjs +322 -322
- package/dist/utils/FunctionWrappers.d.ts +27 -27
- package/dist/utils/FunctionWrappers.mjs +94 -94
- package/dist/utils/MsalTypes.d.ts +6 -6
- package/dist/utils/ProtocolUtils.d.ts +42 -42
- package/dist/utils/ProtocolUtils.mjs +69 -69
- package/dist/utils/StringUtils.d.ts +40 -40
- package/dist/utils/StringUtils.mjs +95 -95
- package/dist/utils/TimeUtils.d.ts +25 -25
- package/dist/utils/TimeUtils.mjs +43 -43
- package/dist/utils/UrlUtils.d.ts +10 -10
- package/dist/utils/UrlUtils.mjs +44 -44
- package/package.json +1 -1
- package/src/packageMetadata.ts +1 -1
- package/src/telemetry/performance/PerformanceEvent.ts +7 -0
|
@@ -1,43 +1,43 @@
|
|
|
1
|
-
import { NetworkResponse } from "./NetworkManager";
|
|
2
|
-
import { ServerAuthorizationTokenResponse } from "../response/ServerAuthorizationTokenResponse";
|
|
3
|
-
import { CacheManager } from "../cache/CacheManager";
|
|
4
|
-
import { RequestThumbprint } from "./RequestThumbprint";
|
|
5
|
-
import { BaseAuthRequest } from "../request/BaseAuthRequest";
|
|
6
|
-
/** @internal */
|
|
7
|
-
export declare class ThrottlingUtils {
|
|
8
|
-
/**
|
|
9
|
-
* Prepares a RequestThumbprint to be stored as a key.
|
|
10
|
-
* @param thumbprint
|
|
11
|
-
*/
|
|
12
|
-
static generateThrottlingStorageKey(thumbprint: RequestThumbprint): string;
|
|
13
|
-
/**
|
|
14
|
-
* Performs necessary throttling checks before a network request.
|
|
15
|
-
* @param cacheManager
|
|
16
|
-
* @param thumbprint
|
|
17
|
-
*/
|
|
18
|
-
static preProcess(cacheManager: CacheManager, thumbprint: RequestThumbprint): void;
|
|
19
|
-
/**
|
|
20
|
-
* Performs necessary throttling checks after a network request.
|
|
21
|
-
* @param cacheManager
|
|
22
|
-
* @param thumbprint
|
|
23
|
-
* @param response
|
|
24
|
-
*/
|
|
25
|
-
static postProcess(cacheManager: CacheManager, thumbprint: RequestThumbprint, response: NetworkResponse<ServerAuthorizationTokenResponse>): void;
|
|
26
|
-
/**
|
|
27
|
-
* Checks a NetworkResponse object's status codes against 429 or 5xx
|
|
28
|
-
* @param response
|
|
29
|
-
*/
|
|
30
|
-
static checkResponseStatus(response: NetworkResponse<ServerAuthorizationTokenResponse>): boolean;
|
|
31
|
-
/**
|
|
32
|
-
* Checks a NetworkResponse object's RetryAfter header
|
|
33
|
-
* @param response
|
|
34
|
-
*/
|
|
35
|
-
static checkResponseForRetryAfter(response: NetworkResponse<ServerAuthorizationTokenResponse>): boolean;
|
|
36
|
-
/**
|
|
37
|
-
* Calculates the Unix-time value for a throttle to expire given throttleTime in seconds.
|
|
38
|
-
* @param throttleTime
|
|
39
|
-
*/
|
|
40
|
-
static calculateThrottleTime(throttleTime: number): number;
|
|
41
|
-
static removeThrottle(cacheManager: CacheManager, clientId: string, request: BaseAuthRequest, homeAccountIdentifier?: string): void;
|
|
42
|
-
}
|
|
1
|
+
import { NetworkResponse } from "./NetworkManager";
|
|
2
|
+
import { ServerAuthorizationTokenResponse } from "../response/ServerAuthorizationTokenResponse";
|
|
3
|
+
import { CacheManager } from "../cache/CacheManager";
|
|
4
|
+
import { RequestThumbprint } from "./RequestThumbprint";
|
|
5
|
+
import { BaseAuthRequest } from "../request/BaseAuthRequest";
|
|
6
|
+
/** @internal */
|
|
7
|
+
export declare class ThrottlingUtils {
|
|
8
|
+
/**
|
|
9
|
+
* Prepares a RequestThumbprint to be stored as a key.
|
|
10
|
+
* @param thumbprint
|
|
11
|
+
*/
|
|
12
|
+
static generateThrottlingStorageKey(thumbprint: RequestThumbprint): string;
|
|
13
|
+
/**
|
|
14
|
+
* Performs necessary throttling checks before a network request.
|
|
15
|
+
* @param cacheManager
|
|
16
|
+
* @param thumbprint
|
|
17
|
+
*/
|
|
18
|
+
static preProcess(cacheManager: CacheManager, thumbprint: RequestThumbprint): void;
|
|
19
|
+
/**
|
|
20
|
+
* Performs necessary throttling checks after a network request.
|
|
21
|
+
* @param cacheManager
|
|
22
|
+
* @param thumbprint
|
|
23
|
+
* @param response
|
|
24
|
+
*/
|
|
25
|
+
static postProcess(cacheManager: CacheManager, thumbprint: RequestThumbprint, response: NetworkResponse<ServerAuthorizationTokenResponse>): void;
|
|
26
|
+
/**
|
|
27
|
+
* Checks a NetworkResponse object's status codes against 429 or 5xx
|
|
28
|
+
* @param response
|
|
29
|
+
*/
|
|
30
|
+
static checkResponseStatus(response: NetworkResponse<ServerAuthorizationTokenResponse>): boolean;
|
|
31
|
+
/**
|
|
32
|
+
* Checks a NetworkResponse object's RetryAfter header
|
|
33
|
+
* @param response
|
|
34
|
+
*/
|
|
35
|
+
static checkResponseForRetryAfter(response: NetworkResponse<ServerAuthorizationTokenResponse>): boolean;
|
|
36
|
+
/**
|
|
37
|
+
* Calculates the Unix-time value for a throttle to expire given throttleTime in seconds.
|
|
38
|
+
* @param throttleTime
|
|
39
|
+
*/
|
|
40
|
+
static calculateThrottleTime(throttleTime: number): number;
|
|
41
|
+
static removeThrottle(cacheManager: CacheManager, clientId: string, request: BaseAuthRequest, homeAccountIdentifier?: string): void;
|
|
42
|
+
}
|
|
43
43
|
//# sourceMappingURL=ThrottlingUtils.d.ts.map
|
|
@@ -1,102 +1,102 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.2 2024-08-28 */
|
|
2
2
|
'use strict';
|
|
3
3
|
import { ThrottlingConstants, Constants, HeaderNames } from '../utils/Constants.mjs';
|
|
4
4
|
import { ServerError } from '../error/ServerError.mjs';
|
|
5
5
|
|
|
6
|
-
/*
|
|
7
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
|
-
* Licensed under the MIT License.
|
|
9
|
-
*/
|
|
10
|
-
/** @internal */
|
|
11
|
-
class ThrottlingUtils {
|
|
12
|
-
/**
|
|
13
|
-
* Prepares a RequestThumbprint to be stored as a key.
|
|
14
|
-
* @param thumbprint
|
|
15
|
-
*/
|
|
16
|
-
static generateThrottlingStorageKey(thumbprint) {
|
|
17
|
-
return `${ThrottlingConstants.THROTTLING_PREFIX}.${JSON.stringify(thumbprint)}`;
|
|
18
|
-
}
|
|
19
|
-
/**
|
|
20
|
-
* Performs necessary throttling checks before a network request.
|
|
21
|
-
* @param cacheManager
|
|
22
|
-
* @param thumbprint
|
|
23
|
-
*/
|
|
24
|
-
static preProcess(cacheManager, thumbprint) {
|
|
25
|
-
const key = ThrottlingUtils.generateThrottlingStorageKey(thumbprint);
|
|
26
|
-
const value = cacheManager.getThrottlingCache(key);
|
|
27
|
-
if (value) {
|
|
28
|
-
if (value.throttleTime < Date.now()) {
|
|
29
|
-
cacheManager.removeItem(key);
|
|
30
|
-
return;
|
|
31
|
-
}
|
|
32
|
-
throw new ServerError(value.errorCodes?.join(" ") || Constants.EMPTY_STRING, value.errorMessage, value.subError);
|
|
33
|
-
}
|
|
34
|
-
}
|
|
35
|
-
/**
|
|
36
|
-
* Performs necessary throttling checks after a network request.
|
|
37
|
-
* @param cacheManager
|
|
38
|
-
* @param thumbprint
|
|
39
|
-
* @param response
|
|
40
|
-
*/
|
|
41
|
-
static postProcess(cacheManager, thumbprint, response) {
|
|
42
|
-
if (ThrottlingUtils.checkResponseStatus(response) ||
|
|
43
|
-
ThrottlingUtils.checkResponseForRetryAfter(response)) {
|
|
44
|
-
const thumbprintValue = {
|
|
45
|
-
throttleTime: ThrottlingUtils.calculateThrottleTime(parseInt(response.headers[HeaderNames.RETRY_AFTER])),
|
|
46
|
-
error: response.body.error,
|
|
47
|
-
errorCodes: response.body.error_codes,
|
|
48
|
-
errorMessage: response.body.error_description,
|
|
49
|
-
subError: response.body.suberror,
|
|
50
|
-
};
|
|
51
|
-
cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue);
|
|
52
|
-
}
|
|
53
|
-
}
|
|
54
|
-
/**
|
|
55
|
-
* Checks a NetworkResponse object's status codes against 429 or 5xx
|
|
56
|
-
* @param response
|
|
57
|
-
*/
|
|
58
|
-
static checkResponseStatus(response) {
|
|
59
|
-
return (response.status === 429 ||
|
|
60
|
-
(response.status >= 500 && response.status < 600));
|
|
61
|
-
}
|
|
62
|
-
/**
|
|
63
|
-
* Checks a NetworkResponse object's RetryAfter header
|
|
64
|
-
* @param response
|
|
65
|
-
*/
|
|
66
|
-
static checkResponseForRetryAfter(response) {
|
|
67
|
-
if (response.headers) {
|
|
68
|
-
return (response.headers.hasOwnProperty(HeaderNames.RETRY_AFTER) &&
|
|
69
|
-
(response.status < 200 || response.status >= 300));
|
|
70
|
-
}
|
|
71
|
-
return false;
|
|
72
|
-
}
|
|
73
|
-
/**
|
|
74
|
-
* Calculates the Unix-time value for a throttle to expire given throttleTime in seconds.
|
|
75
|
-
* @param throttleTime
|
|
76
|
-
*/
|
|
77
|
-
static calculateThrottleTime(throttleTime) {
|
|
78
|
-
const time = throttleTime <= 0 ? 0 : throttleTime;
|
|
79
|
-
const currentSeconds = Date.now() / 1000;
|
|
80
|
-
return Math.floor(Math.min(currentSeconds +
|
|
81
|
-
(time || ThrottlingConstants.DEFAULT_THROTTLE_TIME_SECONDS), currentSeconds +
|
|
82
|
-
ThrottlingConstants.DEFAULT_MAX_THROTTLE_TIME_SECONDS) * 1000);
|
|
83
|
-
}
|
|
84
|
-
static removeThrottle(cacheManager, clientId, request, homeAccountIdentifier) {
|
|
85
|
-
const thumbprint = {
|
|
86
|
-
clientId: clientId,
|
|
87
|
-
authority: request.authority,
|
|
88
|
-
scopes: request.scopes,
|
|
89
|
-
homeAccountIdentifier: homeAccountIdentifier,
|
|
90
|
-
claims: request.claims,
|
|
91
|
-
authenticationScheme: request.authenticationScheme,
|
|
92
|
-
resourceRequestMethod: request.resourceRequestMethod,
|
|
93
|
-
resourceRequestUri: request.resourceRequestUri,
|
|
94
|
-
shrClaims: request.shrClaims,
|
|
95
|
-
sshKid: request.sshKid,
|
|
96
|
-
};
|
|
97
|
-
const key = this.generateThrottlingStorageKey(thumbprint);
|
|
98
|
-
cacheManager.removeItem(key);
|
|
99
|
-
}
|
|
6
|
+
/*
|
|
7
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
8
|
+
* Licensed under the MIT License.
|
|
9
|
+
*/
|
|
10
|
+
/** @internal */
|
|
11
|
+
class ThrottlingUtils {
|
|
12
|
+
/**
|
|
13
|
+
* Prepares a RequestThumbprint to be stored as a key.
|
|
14
|
+
* @param thumbprint
|
|
15
|
+
*/
|
|
16
|
+
static generateThrottlingStorageKey(thumbprint) {
|
|
17
|
+
return `${ThrottlingConstants.THROTTLING_PREFIX}.${JSON.stringify(thumbprint)}`;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Performs necessary throttling checks before a network request.
|
|
21
|
+
* @param cacheManager
|
|
22
|
+
* @param thumbprint
|
|
23
|
+
*/
|
|
24
|
+
static preProcess(cacheManager, thumbprint) {
|
|
25
|
+
const key = ThrottlingUtils.generateThrottlingStorageKey(thumbprint);
|
|
26
|
+
const value = cacheManager.getThrottlingCache(key);
|
|
27
|
+
if (value) {
|
|
28
|
+
if (value.throttleTime < Date.now()) {
|
|
29
|
+
cacheManager.removeItem(key);
|
|
30
|
+
return;
|
|
31
|
+
}
|
|
32
|
+
throw new ServerError(value.errorCodes?.join(" ") || Constants.EMPTY_STRING, value.errorMessage, value.subError);
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Performs necessary throttling checks after a network request.
|
|
37
|
+
* @param cacheManager
|
|
38
|
+
* @param thumbprint
|
|
39
|
+
* @param response
|
|
40
|
+
*/
|
|
41
|
+
static postProcess(cacheManager, thumbprint, response) {
|
|
42
|
+
if (ThrottlingUtils.checkResponseStatus(response) ||
|
|
43
|
+
ThrottlingUtils.checkResponseForRetryAfter(response)) {
|
|
44
|
+
const thumbprintValue = {
|
|
45
|
+
throttleTime: ThrottlingUtils.calculateThrottleTime(parseInt(response.headers[HeaderNames.RETRY_AFTER])),
|
|
46
|
+
error: response.body.error,
|
|
47
|
+
errorCodes: response.body.error_codes,
|
|
48
|
+
errorMessage: response.body.error_description,
|
|
49
|
+
subError: response.body.suberror,
|
|
50
|
+
};
|
|
51
|
+
cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue);
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
/**
|
|
55
|
+
* Checks a NetworkResponse object's status codes against 429 or 5xx
|
|
56
|
+
* @param response
|
|
57
|
+
*/
|
|
58
|
+
static checkResponseStatus(response) {
|
|
59
|
+
return (response.status === 429 ||
|
|
60
|
+
(response.status >= 500 && response.status < 600));
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Checks a NetworkResponse object's RetryAfter header
|
|
64
|
+
* @param response
|
|
65
|
+
*/
|
|
66
|
+
static checkResponseForRetryAfter(response) {
|
|
67
|
+
if (response.headers) {
|
|
68
|
+
return (response.headers.hasOwnProperty(HeaderNames.RETRY_AFTER) &&
|
|
69
|
+
(response.status < 200 || response.status >= 300));
|
|
70
|
+
}
|
|
71
|
+
return false;
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Calculates the Unix-time value for a throttle to expire given throttleTime in seconds.
|
|
75
|
+
* @param throttleTime
|
|
76
|
+
*/
|
|
77
|
+
static calculateThrottleTime(throttleTime) {
|
|
78
|
+
const time = throttleTime <= 0 ? 0 : throttleTime;
|
|
79
|
+
const currentSeconds = Date.now() / 1000;
|
|
80
|
+
return Math.floor(Math.min(currentSeconds +
|
|
81
|
+
(time || ThrottlingConstants.DEFAULT_THROTTLE_TIME_SECONDS), currentSeconds +
|
|
82
|
+
ThrottlingConstants.DEFAULT_MAX_THROTTLE_TIME_SECONDS) * 1000);
|
|
83
|
+
}
|
|
84
|
+
static removeThrottle(cacheManager, clientId, request, homeAccountIdentifier) {
|
|
85
|
+
const thumbprint = {
|
|
86
|
+
clientId: clientId,
|
|
87
|
+
authority: request.authority,
|
|
88
|
+
scopes: request.scopes,
|
|
89
|
+
homeAccountIdentifier: homeAccountIdentifier,
|
|
90
|
+
claims: request.claims,
|
|
91
|
+
authenticationScheme: request.authenticationScheme,
|
|
92
|
+
resourceRequestMethod: request.resourceRequestMethod,
|
|
93
|
+
resourceRequestUri: request.resourceRequestUri,
|
|
94
|
+
shrClaims: request.shrClaims,
|
|
95
|
+
sshKid: request.sshKid,
|
|
96
|
+
};
|
|
97
|
+
const key = this.generateThrottlingStorageKey(thumbprint);
|
|
98
|
+
cacheManager.removeItem(key);
|
|
99
|
+
}
|
|
100
100
|
}
|
|
101
101
|
|
|
102
102
|
export { ThrottlingUtils };
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export declare const name = "@azure/msal-common";
|
|
2
|
-
export declare const version = "14.14.
|
|
1
|
+
export declare const name = "@azure/msal-common";
|
|
2
|
+
export declare const version = "14.14.2";
|
|
3
3
|
//# sourceMappingURL=packageMetadata.d.ts.map
|
package/dist/packageMetadata.mjs
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.2 2024-08-28 */
|
|
2
2
|
'use strict';
|
|
3
|
-
/* eslint-disable header/header */
|
|
4
|
-
const name = "@azure/msal-common";
|
|
5
|
-
const version = "14.14.
|
|
3
|
+
/* eslint-disable header/header */
|
|
4
|
+
const name = "@azure/msal-common";
|
|
5
|
+
const version = "14.14.2";
|
|
6
6
|
|
|
7
7
|
export { name, version };
|
|
8
8
|
//# sourceMappingURL=packageMetadata.mjs.map
|
|
@@ -1,20 +1,20 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* This is a helper class that parses supported HTTP response authentication headers to extract and return
|
|
3
|
-
* header challenge values that can be used outside the basic authorization flows.
|
|
4
|
-
*/
|
|
5
|
-
export declare class AuthenticationHeaderParser {
|
|
6
|
-
private headers;
|
|
7
|
-
constructor(headers: Record<string, string>);
|
|
8
|
-
/**
|
|
9
|
-
* This method parses the SHR nonce value out of either the Authentication-Info or WWW-Authenticate authentication headers.
|
|
10
|
-
* @returns
|
|
11
|
-
*/
|
|
12
|
-
getShrNonce(): string;
|
|
13
|
-
/**
|
|
14
|
-
* Parses an HTTP header's challenge set into a key/value map.
|
|
15
|
-
* @param header
|
|
16
|
-
* @returns
|
|
17
|
-
*/
|
|
18
|
-
private parseChallenges;
|
|
19
|
-
}
|
|
1
|
+
/**
|
|
2
|
+
* This is a helper class that parses supported HTTP response authentication headers to extract and return
|
|
3
|
+
* header challenge values that can be used outside the basic authorization flows.
|
|
4
|
+
*/
|
|
5
|
+
export declare class AuthenticationHeaderParser {
|
|
6
|
+
private headers;
|
|
7
|
+
constructor(headers: Record<string, string>);
|
|
8
|
+
/**
|
|
9
|
+
* This method parses the SHR nonce value out of either the Authentication-Info or WWW-Authenticate authentication headers.
|
|
10
|
+
* @returns
|
|
11
|
+
*/
|
|
12
|
+
getShrNonce(): string;
|
|
13
|
+
/**
|
|
14
|
+
* Parses an HTTP header's challenge set into a key/value map.
|
|
15
|
+
* @param header
|
|
16
|
+
* @returns
|
|
17
|
+
*/
|
|
18
|
+
private parseChallenges;
|
|
19
|
+
}
|
|
20
20
|
//# sourceMappingURL=AuthenticationHeaderParser.d.ts.map
|
|
@@ -1,63 +1,63 @@
|
|
|
1
|
-
/*! @azure/msal-common v14.14.
|
|
1
|
+
/*! @azure/msal-common v14.14.2 2024-08-28 */
|
|
2
2
|
'use strict';
|
|
3
3
|
import { createClientConfigurationError } from '../error/ClientConfigurationError.mjs';
|
|
4
4
|
import { Constants, HeaderNames } from '../utils/Constants.mjs';
|
|
5
5
|
import { invalidAuthenticationHeader, missingNonceAuthenticationHeader } from '../error/ClientConfigurationErrorCodes.mjs';
|
|
6
6
|
|
|
7
|
-
/*
|
|
8
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9
|
-
* Licensed under the MIT License.
|
|
10
|
-
*/
|
|
11
|
-
/**
|
|
12
|
-
* This is a helper class that parses supported HTTP response authentication headers to extract and return
|
|
13
|
-
* header challenge values that can be used outside the basic authorization flows.
|
|
14
|
-
*/
|
|
15
|
-
class AuthenticationHeaderParser {
|
|
16
|
-
constructor(headers) {
|
|
17
|
-
this.headers = headers;
|
|
18
|
-
}
|
|
19
|
-
/**
|
|
20
|
-
* This method parses the SHR nonce value out of either the Authentication-Info or WWW-Authenticate authentication headers.
|
|
21
|
-
* @returns
|
|
22
|
-
*/
|
|
23
|
-
getShrNonce() {
|
|
24
|
-
// Attempt to parse nonce from Authentiacation-Info
|
|
25
|
-
const authenticationInfo = this.headers[HeaderNames.AuthenticationInfo];
|
|
26
|
-
if (authenticationInfo) {
|
|
27
|
-
const authenticationInfoChallenges = this.parseChallenges(authenticationInfo);
|
|
28
|
-
if (authenticationInfoChallenges.nextnonce) {
|
|
29
|
-
return authenticationInfoChallenges.nextnonce;
|
|
30
|
-
}
|
|
31
|
-
throw createClientConfigurationError(invalidAuthenticationHeader);
|
|
32
|
-
}
|
|
33
|
-
// Attempt to parse nonce from WWW-Authenticate
|
|
34
|
-
const wwwAuthenticate = this.headers[HeaderNames.WWWAuthenticate];
|
|
35
|
-
if (wwwAuthenticate) {
|
|
36
|
-
const wwwAuthenticateChallenges = this.parseChallenges(wwwAuthenticate);
|
|
37
|
-
if (wwwAuthenticateChallenges.nonce) {
|
|
38
|
-
return wwwAuthenticateChallenges.nonce;
|
|
39
|
-
}
|
|
40
|
-
throw createClientConfigurationError(invalidAuthenticationHeader);
|
|
41
|
-
}
|
|
42
|
-
// If neither header is present, throw missing headers error
|
|
43
|
-
throw createClientConfigurationError(missingNonceAuthenticationHeader);
|
|
44
|
-
}
|
|
45
|
-
/**
|
|
46
|
-
* Parses an HTTP header's challenge set into a key/value map.
|
|
47
|
-
* @param header
|
|
48
|
-
* @returns
|
|
49
|
-
*/
|
|
50
|
-
parseChallenges(header) {
|
|
51
|
-
const schemeSeparator = header.indexOf(" ");
|
|
52
|
-
const challenges = header.substr(schemeSeparator + 1).split(",");
|
|
53
|
-
const challengeMap = {};
|
|
54
|
-
challenges.forEach((challenge) => {
|
|
55
|
-
const [key, value] = challenge.split("=");
|
|
56
|
-
// Remove escaped quotation marks (', ") from challenge string to keep only the challenge value
|
|
57
|
-
challengeMap[key] = unescape(value.replace(/['"]+/g, Constants.EMPTY_STRING));
|
|
58
|
-
});
|
|
59
|
-
return challengeMap;
|
|
60
|
-
}
|
|
7
|
+
/*
|
|
8
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
9
|
+
* Licensed under the MIT License.
|
|
10
|
+
*/
|
|
11
|
+
/**
|
|
12
|
+
* This is a helper class that parses supported HTTP response authentication headers to extract and return
|
|
13
|
+
* header challenge values that can be used outside the basic authorization flows.
|
|
14
|
+
*/
|
|
15
|
+
class AuthenticationHeaderParser {
|
|
16
|
+
constructor(headers) {
|
|
17
|
+
this.headers = headers;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* This method parses the SHR nonce value out of either the Authentication-Info or WWW-Authenticate authentication headers.
|
|
21
|
+
* @returns
|
|
22
|
+
*/
|
|
23
|
+
getShrNonce() {
|
|
24
|
+
// Attempt to parse nonce from Authentiacation-Info
|
|
25
|
+
const authenticationInfo = this.headers[HeaderNames.AuthenticationInfo];
|
|
26
|
+
if (authenticationInfo) {
|
|
27
|
+
const authenticationInfoChallenges = this.parseChallenges(authenticationInfo);
|
|
28
|
+
if (authenticationInfoChallenges.nextnonce) {
|
|
29
|
+
return authenticationInfoChallenges.nextnonce;
|
|
30
|
+
}
|
|
31
|
+
throw createClientConfigurationError(invalidAuthenticationHeader);
|
|
32
|
+
}
|
|
33
|
+
// Attempt to parse nonce from WWW-Authenticate
|
|
34
|
+
const wwwAuthenticate = this.headers[HeaderNames.WWWAuthenticate];
|
|
35
|
+
if (wwwAuthenticate) {
|
|
36
|
+
const wwwAuthenticateChallenges = this.parseChallenges(wwwAuthenticate);
|
|
37
|
+
if (wwwAuthenticateChallenges.nonce) {
|
|
38
|
+
return wwwAuthenticateChallenges.nonce;
|
|
39
|
+
}
|
|
40
|
+
throw createClientConfigurationError(invalidAuthenticationHeader);
|
|
41
|
+
}
|
|
42
|
+
// If neither header is present, throw missing headers error
|
|
43
|
+
throw createClientConfigurationError(missingNonceAuthenticationHeader);
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Parses an HTTP header's challenge set into a key/value map.
|
|
47
|
+
* @param header
|
|
48
|
+
* @returns
|
|
49
|
+
*/
|
|
50
|
+
parseChallenges(header) {
|
|
51
|
+
const schemeSeparator = header.indexOf(" ");
|
|
52
|
+
const challenges = header.substr(schemeSeparator + 1).split(",");
|
|
53
|
+
const challengeMap = {};
|
|
54
|
+
challenges.forEach((challenge) => {
|
|
55
|
+
const [key, value] = challenge.split("=");
|
|
56
|
+
// Remove escaped quotation marks (', ") from challenge string to keep only the challenge value
|
|
57
|
+
challengeMap[key] = unescape(value.replace(/['"]+/g, Constants.EMPTY_STRING));
|
|
58
|
+
});
|
|
59
|
+
return challengeMap;
|
|
60
|
+
}
|
|
61
61
|
}
|
|
62
62
|
|
|
63
63
|
export { AuthenticationHeaderParser };
|
|
@@ -1,48 +1,48 @@
|
|
|
1
|
-
import { AuthenticationScheme } from "../utils/Constants";
|
|
2
|
-
import { AzureCloudOptions } from "../config/ClientConfiguration";
|
|
3
|
-
import { StringDict } from "../utils/MsalTypes";
|
|
4
|
-
import { StoreInCache } from "./StoreInCache";
|
|
5
|
-
import { ShrOptions } from "../crypto/SignedHttpRequest";
|
|
6
|
-
/**
|
|
7
|
-
* BaseAuthRequest
|
|
8
|
-
* - authority - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. Defaults to https://login.microsoftonline.com/common. If using the same authority for all request, authority should set on client application object and not request, to avoid resolving authority endpoints multiple times.
|
|
9
|
-
* - correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
|
|
10
|
-
* - scopes - Array of scopes the application is requesting access to.
|
|
11
|
-
* - authenticationScheme - The type of token retrieved. Defaults to "Bearer". Can also be type "pop" or "SSH".
|
|
12
|
-
* - claims - A stringified claims request which will be added to all /authorize and /token calls
|
|
13
|
-
* - shrClaims - A stringified claims object which will be added to a Signed HTTP Request
|
|
14
|
-
* - shrNonce - A server-generated timestamp that has been encrypted and base64URL encoded, which will be added to a Signed HTTP Request.
|
|
15
|
-
* - shrOptions - An object containing options for the Signed HTTP Request
|
|
16
|
-
* - resourceRequestMethod - HTTP Request type used to request data from the resource (i.e. "GET", "POST", etc.). Used for proof-of-possession flows.
|
|
17
|
-
* - resourceRequestUri - URI that token will be used for. Used for proof-of-possession flows.
|
|
18
|
-
* - sshJwk - A stringified JSON Web Key representing a public key that can be signed by an SSH certificate.
|
|
19
|
-
* - sshKid - Key ID that uniquely identifies the SSH public key mentioned above.
|
|
20
|
-
* - azureCloudOptions - Convenience string enums for users to provide public/sovereign cloud ids
|
|
21
|
-
* - requestedClaimsHash - SHA 256 hash string of the requested claims string, used as part of an access token cache key so tokens can be filtered by requested claims
|
|
22
|
-
* - tokenQueryParameters - String to string map of custom query parameters added to the /token call
|
|
23
|
-
* - storeInCache - Object containing boolean values indicating whether to store tokens in the cache or not (default is true)
|
|
24
|
-
* - scenarioId - Scenario id to track custom user prompts
|
|
25
|
-
* - popKid - Key ID to identify the public key for PoP token request
|
|
26
|
-
*/
|
|
27
|
-
export type BaseAuthRequest = {
|
|
28
|
-
authority: string;
|
|
29
|
-
correlationId: string;
|
|
30
|
-
scopes: Array<string>;
|
|
31
|
-
authenticationScheme?: AuthenticationScheme;
|
|
32
|
-
claims?: string;
|
|
33
|
-
shrClaims?: string;
|
|
34
|
-
shrNonce?: string;
|
|
35
|
-
shrOptions?: ShrOptions;
|
|
36
|
-
resourceRequestMethod?: string;
|
|
37
|
-
resourceRequestUri?: string;
|
|
38
|
-
sshJwk?: string;
|
|
39
|
-
sshKid?: string;
|
|
40
|
-
azureCloudOptions?: AzureCloudOptions;
|
|
41
|
-
requestedClaimsHash?: string;
|
|
42
|
-
maxAge?: number;
|
|
43
|
-
tokenQueryParameters?: StringDict;
|
|
44
|
-
storeInCache?: StoreInCache;
|
|
45
|
-
scenarioId?: string;
|
|
46
|
-
popKid?: string;
|
|
47
|
-
};
|
|
1
|
+
import { AuthenticationScheme } from "../utils/Constants";
|
|
2
|
+
import { AzureCloudOptions } from "../config/ClientConfiguration";
|
|
3
|
+
import { StringDict } from "../utils/MsalTypes";
|
|
4
|
+
import { StoreInCache } from "./StoreInCache";
|
|
5
|
+
import { ShrOptions } from "../crypto/SignedHttpRequest";
|
|
6
|
+
/**
|
|
7
|
+
* BaseAuthRequest
|
|
8
|
+
* - authority - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. Defaults to https://login.microsoftonline.com/common. If using the same authority for all request, authority should set on client application object and not request, to avoid resolving authority endpoints multiple times.
|
|
9
|
+
* - correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
|
|
10
|
+
* - scopes - Array of scopes the application is requesting access to.
|
|
11
|
+
* - authenticationScheme - The type of token retrieved. Defaults to "Bearer". Can also be type "pop" or "SSH".
|
|
12
|
+
* - claims - A stringified claims request which will be added to all /authorize and /token calls
|
|
13
|
+
* - shrClaims - A stringified claims object which will be added to a Signed HTTP Request
|
|
14
|
+
* - shrNonce - A server-generated timestamp that has been encrypted and base64URL encoded, which will be added to a Signed HTTP Request.
|
|
15
|
+
* - shrOptions - An object containing options for the Signed HTTP Request
|
|
16
|
+
* - resourceRequestMethod - HTTP Request type used to request data from the resource (i.e. "GET", "POST", etc.). Used for proof-of-possession flows.
|
|
17
|
+
* - resourceRequestUri - URI that token will be used for. Used for proof-of-possession flows.
|
|
18
|
+
* - sshJwk - A stringified JSON Web Key representing a public key that can be signed by an SSH certificate.
|
|
19
|
+
* - sshKid - Key ID that uniquely identifies the SSH public key mentioned above.
|
|
20
|
+
* - azureCloudOptions - Convenience string enums for users to provide public/sovereign cloud ids
|
|
21
|
+
* - requestedClaimsHash - SHA 256 hash string of the requested claims string, used as part of an access token cache key so tokens can be filtered by requested claims
|
|
22
|
+
* - tokenQueryParameters - String to string map of custom query parameters added to the /token call
|
|
23
|
+
* - storeInCache - Object containing boolean values indicating whether to store tokens in the cache or not (default is true)
|
|
24
|
+
* - scenarioId - Scenario id to track custom user prompts
|
|
25
|
+
* - popKid - Key ID to identify the public key for PoP token request
|
|
26
|
+
*/
|
|
27
|
+
export type BaseAuthRequest = {
|
|
28
|
+
authority: string;
|
|
29
|
+
correlationId: string;
|
|
30
|
+
scopes: Array<string>;
|
|
31
|
+
authenticationScheme?: AuthenticationScheme;
|
|
32
|
+
claims?: string;
|
|
33
|
+
shrClaims?: string;
|
|
34
|
+
shrNonce?: string;
|
|
35
|
+
shrOptions?: ShrOptions;
|
|
36
|
+
resourceRequestMethod?: string;
|
|
37
|
+
resourceRequestUri?: string;
|
|
38
|
+
sshJwk?: string;
|
|
39
|
+
sshKid?: string;
|
|
40
|
+
azureCloudOptions?: AzureCloudOptions;
|
|
41
|
+
requestedClaimsHash?: string;
|
|
42
|
+
maxAge?: number;
|
|
43
|
+
tokenQueryParameters?: StringDict;
|
|
44
|
+
storeInCache?: StoreInCache;
|
|
45
|
+
scenarioId?: string;
|
|
46
|
+
popKid?: string;
|
|
47
|
+
};
|
|
48
48
|
//# sourceMappingURL=BaseAuthRequest.d.ts.map
|
|
@@ -1,28 +1,28 @@
|
|
|
1
|
-
import { BaseAuthRequest } from "./BaseAuthRequest";
|
|
2
|
-
import { StringDict } from "../utils/MsalTypes";
|
|
3
|
-
import { CcsCredential } from "../account/CcsCredential";
|
|
4
|
-
/**
|
|
5
|
-
* Request object passed by user to acquire a token from the server exchanging a valid authorization code (second leg of OAuth2.0 Authorization Code flow)
|
|
6
|
-
*
|
|
7
|
-
* - scopes - Array of scopes the application is requesting access to.
|
|
8
|
-
* - claims - A stringified claims request which will be added to all /authorize and /token calls
|
|
9
|
-
* - authority: - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. If authority is set on client application object, this will override that value. Overriding the value will cause for authority validation to happen each time. If the same authority will be used for all request, set on the application object instead of the requests.
|
|
10
|
-
* - correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
|
|
11
|
-
* - redirectUri - The redirect URI of your app, where the authority will redirect to after the user inputs credentials and consents. It must exactly match one of the redirect URIs you registered in the portal
|
|
12
|
-
* - code - The authorization_code that the user acquired in the first leg of the flow.
|
|
13
|
-
* - codeVerifier - The same code_verifier that was used to obtain the authorization_code. Required if PKCE was used in the authorization code grant request.For more information, see the PKCE RFC: https://tools.ietf.org/html/rfc7636
|
|
14
|
-
* - resourceRequestMethod - HTTP Request type used to request data from the resource (i.e. "GET", "POST", etc.). Used for proof-of-possession flows.
|
|
15
|
-
* - resourceRequestUri - URI that token will be used for. Used for proof-of-possession flows.
|
|
16
|
-
* - enableSpaAuthCode - Enables the acqusition of a spa authorization code (confidential clients only)
|
|
17
|
-
* - tokenQueryParameters - String to string map of custom query parameters added to the /token call
|
|
18
|
-
*/
|
|
19
|
-
export type CommonAuthorizationCodeRequest = BaseAuthRequest & {
|
|
20
|
-
code: string;
|
|
21
|
-
redirectUri: string;
|
|
22
|
-
codeVerifier?: string;
|
|
23
|
-
tokenBodyParameters?: StringDict;
|
|
24
|
-
enableSpaAuthorizationCode?: boolean;
|
|
25
|
-
clientInfo?: string;
|
|
26
|
-
ccsCredential?: CcsCredential;
|
|
27
|
-
};
|
|
1
|
+
import { BaseAuthRequest } from "./BaseAuthRequest";
|
|
2
|
+
import { StringDict } from "../utils/MsalTypes";
|
|
3
|
+
import { CcsCredential } from "../account/CcsCredential";
|
|
4
|
+
/**
|
|
5
|
+
* Request object passed by user to acquire a token from the server exchanging a valid authorization code (second leg of OAuth2.0 Authorization Code flow)
|
|
6
|
+
*
|
|
7
|
+
* - scopes - Array of scopes the application is requesting access to.
|
|
8
|
+
* - claims - A stringified claims request which will be added to all /authorize and /token calls
|
|
9
|
+
* - authority: - URL of the authority, the security token service (STS) from which MSAL will acquire tokens. If authority is set on client application object, this will override that value. Overriding the value will cause for authority validation to happen each time. If the same authority will be used for all request, set on the application object instead of the requests.
|
|
10
|
+
* - correlationId - Unique GUID set per request to trace a request end-to-end for telemetry purposes.
|
|
11
|
+
* - redirectUri - The redirect URI of your app, where the authority will redirect to after the user inputs credentials and consents. It must exactly match one of the redirect URIs you registered in the portal
|
|
12
|
+
* - code - The authorization_code that the user acquired in the first leg of the flow.
|
|
13
|
+
* - codeVerifier - The same code_verifier that was used to obtain the authorization_code. Required if PKCE was used in the authorization code grant request.For more information, see the PKCE RFC: https://tools.ietf.org/html/rfc7636
|
|
14
|
+
* - resourceRequestMethod - HTTP Request type used to request data from the resource (i.e. "GET", "POST", etc.). Used for proof-of-possession flows.
|
|
15
|
+
* - resourceRequestUri - URI that token will be used for. Used for proof-of-possession flows.
|
|
16
|
+
* - enableSpaAuthCode - Enables the acqusition of a spa authorization code (confidential clients only)
|
|
17
|
+
* - tokenQueryParameters - String to string map of custom query parameters added to the /token call
|
|
18
|
+
*/
|
|
19
|
+
export type CommonAuthorizationCodeRequest = BaseAuthRequest & {
|
|
20
|
+
code: string;
|
|
21
|
+
redirectUri: string;
|
|
22
|
+
codeVerifier?: string;
|
|
23
|
+
tokenBodyParameters?: StringDict;
|
|
24
|
+
enableSpaAuthorizationCode?: boolean;
|
|
25
|
+
clientInfo?: string;
|
|
26
|
+
ccsCredential?: CcsCredential;
|
|
27
|
+
};
|
|
28
28
|
//# sourceMappingURL=CommonAuthorizationCodeRequest.d.ts.map
|