@azure/msal-common 14.15.0 → 14.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (172) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +1 -1
  7. package/dist/authority/AuthorityFactory.mjs +1 -1
  8. package/dist/authority/AuthorityMetadata.mjs +1 -1
  9. package/dist/authority/AuthorityOptions.mjs +1 -1
  10. package/dist/authority/AuthorityType.mjs +1 -1
  11. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  13. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  14. package/dist/authority/ProtocolMode.mjs +1 -1
  15. package/dist/authority/RegionDiscovery.mjs +1 -1
  16. package/dist/cache/CacheManager.d.ts +0 -5
  17. package/dist/cache/CacheManager.d.ts.map +1 -1
  18. package/dist/cache/CacheManager.mjs +1 -4
  19. package/dist/cache/CacheManager.mjs.map +1 -1
  20. package/dist/cache/entities/AccountEntity.mjs +1 -1
  21. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  22. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  23. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  24. package/dist/client/AuthorizationCodeClient.mjs +24 -13
  25. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  26. package/dist/client/BaseClient.d.ts +10 -3
  27. package/dist/client/BaseClient.d.ts.map +1 -1
  28. package/dist/client/BaseClient.mjs +62 -10
  29. package/dist/client/BaseClient.mjs.map +1 -1
  30. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  31. package/dist/client/RefreshTokenClient.mjs +10 -4
  32. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  33. package/dist/client/SilentFlowClient.mjs +1 -1
  34. package/dist/config/ClientConfiguration.d.ts +2 -0
  35. package/dist/config/ClientConfiguration.d.ts.map +1 -1
  36. package/dist/config/ClientConfiguration.mjs +1 -1
  37. package/dist/config/ClientConfiguration.mjs.map +1 -1
  38. package/dist/constants/AADServerParamKeys.d.ts +2 -0
  39. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  40. package/dist/constants/AADServerParamKeys.mjs +5 -3
  41. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  42. package/dist/crypto/ICrypto.mjs +1 -1
  43. package/dist/crypto/JoseHeader.mjs +1 -1
  44. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  45. package/dist/error/AuthError.mjs +1 -1
  46. package/dist/error/AuthErrorCodes.mjs +1 -1
  47. package/dist/error/CacheError.mjs +1 -1
  48. package/dist/error/CacheErrorCodes.mjs +1 -1
  49. package/dist/error/ClientAuthError.mjs +1 -1
  50. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  51. package/dist/error/ClientConfigurationError.mjs +1 -1
  52. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  53. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  54. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  55. package/dist/error/JoseHeaderError.mjs +1 -1
  56. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  57. package/dist/error/NetworkError.d.ts +19 -0
  58. package/dist/error/NetworkError.d.ts.map +1 -0
  59. package/dist/error/NetworkError.mjs +34 -0
  60. package/dist/error/NetworkError.mjs.map +1 -0
  61. package/dist/error/ServerError.mjs +1 -1
  62. package/dist/exports-common.d.ts +2 -1
  63. package/dist/exports-common.d.ts.map +1 -1
  64. package/dist/index-browser.mjs +2 -2
  65. package/dist/index-node.mjs +2 -2
  66. package/dist/index.mjs +2 -2
  67. package/dist/logger/Logger.mjs +1 -1
  68. package/dist/network/INetworkModule.d.ts +1 -1
  69. package/dist/network/INetworkModule.d.ts.map +1 -1
  70. package/dist/network/INetworkModule.mjs +1 -1
  71. package/dist/network/NetworkResponse.d.ts +6 -0
  72. package/dist/network/NetworkResponse.d.ts.map +1 -0
  73. package/dist/network/ThrottlingUtils.d.ts +1 -1
  74. package/dist/network/ThrottlingUtils.d.ts.map +1 -1
  75. package/dist/network/ThrottlingUtils.mjs +1 -1
  76. package/dist/packageMetadata.d.ts +1 -1
  77. package/dist/packageMetadata.mjs +2 -2
  78. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  79. package/dist/request/BaseAuthRequest.d.ts +2 -0
  80. package/dist/request/BaseAuthRequest.d.ts.map +1 -1
  81. package/dist/request/RequestParameterBuilder.d.ts +8 -1
  82. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  83. package/dist/request/RequestParameterBuilder.mjs +26 -3
  84. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  85. package/dist/request/RequestValidator.mjs +1 -1
  86. package/dist/request/ScopeSet.mjs +1 -1
  87. package/dist/response/ResponseHandler.mjs +1 -1
  88. package/dist/telemetry/performance/PerformanceClient.d.ts.map +1 -1
  89. package/dist/telemetry/performance/PerformanceClient.mjs +29 -10
  90. package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
  91. package/dist/telemetry/performance/PerformanceEvent.d.ts +9 -0
  92. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  93. package/dist/telemetry/performance/PerformanceEvent.mjs +6 -1
  94. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  95. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  96. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  97. package/dist/url/UrlString.mjs +1 -1
  98. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  99. package/dist/utils/Constants.d.ts +1 -0
  100. package/dist/utils/Constants.d.ts.map +1 -1
  101. package/dist/utils/Constants.mjs +2 -1
  102. package/dist/utils/Constants.mjs.map +1 -1
  103. package/dist/utils/FunctionWrappers.mjs +1 -1
  104. package/dist/utils/ProtocolUtils.mjs +1 -1
  105. package/dist/utils/StringUtils.mjs +1 -1
  106. package/dist/utils/TimeUtils.mjs +1 -1
  107. package/dist/utils/UrlUtils.mjs +1 -1
  108. package/lib/index-browser.cjs +33 -13
  109. package/lib/index-browser.cjs.map +1 -1
  110. package/lib/{index-node-aee3f7b6.js → index-node-C9XsExml.js} +268 -180
  111. package/lib/index-node-C9XsExml.js.map +1 -0
  112. package/lib/index-node.cjs +5 -4
  113. package/lib/index-node.cjs.map +1 -1
  114. package/lib/index.cjs +5 -4
  115. package/lib/index.cjs.map +1 -1
  116. package/lib/types/cache/CacheManager.d.ts +0 -5
  117. package/lib/types/cache/CacheManager.d.ts.map +1 -1
  118. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  119. package/lib/types/client/BaseClient.d.ts +10 -3
  120. package/lib/types/client/BaseClient.d.ts.map +1 -1
  121. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  122. package/lib/types/config/ClientConfiguration.d.ts +2 -0
  123. package/lib/types/config/ClientConfiguration.d.ts.map +1 -1
  124. package/lib/types/constants/AADServerParamKeys.d.ts +2 -0
  125. package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
  126. package/lib/types/error/NetworkError.d.ts +19 -0
  127. package/lib/types/error/NetworkError.d.ts.map +1 -0
  128. package/lib/types/exports-common.d.ts +2 -1
  129. package/lib/types/exports-common.d.ts.map +1 -1
  130. package/lib/types/network/INetworkModule.d.ts +1 -1
  131. package/lib/types/network/INetworkModule.d.ts.map +1 -1
  132. package/lib/types/network/NetworkResponse.d.ts +6 -0
  133. package/lib/types/network/NetworkResponse.d.ts.map +1 -0
  134. package/lib/types/network/ThrottlingUtils.d.ts +1 -1
  135. package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
  136. package/lib/types/packageMetadata.d.ts +1 -1
  137. package/lib/types/request/BaseAuthRequest.d.ts +2 -0
  138. package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
  139. package/lib/types/request/RequestParameterBuilder.d.ts +8 -1
  140. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  141. package/lib/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
  142. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +9 -0
  143. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  144. package/lib/types/utils/Constants.d.ts +1 -0
  145. package/lib/types/utils/Constants.d.ts.map +1 -1
  146. package/package.json +2 -4
  147. package/src/authority/RegionDiscovery.ts +1 -1
  148. package/src/cache/CacheManager.ts +0 -8
  149. package/src/client/AuthorizationCodeClient.ts +37 -16
  150. package/src/client/BaseClient.ts +104 -22
  151. package/src/client/RefreshTokenClient.ts +14 -5
  152. package/src/config/ClientConfiguration.ts +2 -0
  153. package/src/constants/AADServerParamKeys.ts +2 -0
  154. package/src/error/NetworkError.ts +44 -0
  155. package/src/exports-common.ts +2 -5
  156. package/src/network/INetworkModule.ts +1 -1
  157. package/src/network/NetworkResponse.ts +10 -0
  158. package/src/network/ThrottlingUtils.ts +1 -1
  159. package/src/packageMetadata.ts +1 -1
  160. package/src/request/BaseAuthRequest.ts +2 -0
  161. package/src/request/RequestParameterBuilder.ts +51 -1
  162. package/src/telemetry/performance/PerformanceClient.ts +42 -12
  163. package/src/telemetry/performance/PerformanceEvent.ts +15 -0
  164. package/src/utils/Constants.ts +1 -0
  165. package/dist/network/NetworkManager.d.ts +0 -34
  166. package/dist/network/NetworkManager.d.ts.map +0 -1
  167. package/dist/network/NetworkManager.mjs +0 -44
  168. package/dist/network/NetworkManager.mjs.map +0 -1
  169. package/lib/index-node-aee3f7b6.js.map +0 -1
  170. package/lib/types/network/NetworkManager.d.ts +0 -34
  171. package/lib/types/network/NetworkManager.d.ts.map +0 -1
  172. package/src/network/NetworkManager.ts +0 -76
@@ -21,7 +21,7 @@ import {
21
21
  isOidcProtocolMode,
22
22
  } from "../config/ClientConfiguration.js";
23
23
  import { ServerAuthorizationTokenResponse } from "../response/ServerAuthorizationTokenResponse.js";
24
- import { NetworkResponse } from "../network/NetworkManager.js";
24
+ import { NetworkResponse } from "../network/NetworkResponse.js";
25
25
  import { ResponseHandler } from "../response/ResponseHandler.js";
26
26
  import { AuthenticationResult } from "../response/AuthenticationResult.js";
27
27
  import { StringUtils } from "../utils/StringUtils.js";
@@ -314,10 +314,14 @@ export class AuthorizationCodeClient extends BaseClient {
314
314
  request.correlationId
315
315
  );
316
316
 
317
- const parameterBuilder = new RequestParameterBuilder();
317
+ const parameterBuilder = new RequestParameterBuilder(
318
+ request.correlationId,
319
+ this.performanceClient
320
+ );
318
321
 
319
322
  parameterBuilder.addClientId(
320
- request.tokenBodyParameters?.[AADServerParamKeys.CLIENT_ID] ||
323
+ request.embeddedClientId ||
324
+ request.tokenBodyParameters?.[AADServerParamKeys.CLIENT_ID] ||
321
325
  this.config.authOptions.clientId
322
326
  );
323
327
 
@@ -416,11 +420,6 @@ export class AuthorizationCodeClient extends BaseClient {
416
420
  }
417
421
  }
418
422
 
419
- const correlationId =
420
- request.correlationId ||
421
- this.config.cryptoInterface.createNewGuid();
422
- parameterBuilder.addCorrelationId(correlationId);
423
-
424
423
  if (
425
424
  !StringUtils.isEmptyObj(request.claims) ||
426
425
  (this.config.authOptions.clientCapabilities &&
@@ -474,6 +473,13 @@ export class AuthorizationCodeClient extends BaseClient {
474
473
  }
475
474
  }
476
475
 
476
+ if (request.embeddedClientId) {
477
+ parameterBuilder.addBrokerParameters({
478
+ brokerClientId: this.config.authOptions.clientId,
479
+ brokerRedirectUri: this.config.authOptions.redirectUri,
480
+ });
481
+ }
482
+
477
483
  if (request.tokenBodyParameters) {
478
484
  parameterBuilder.addExtraQueryParameters(
479
485
  request.tokenBodyParameters
@@ -503,15 +509,24 @@ export class AuthorizationCodeClient extends BaseClient {
503
509
  private async createAuthCodeUrlQueryString(
504
510
  request: CommonAuthorizationUrlRequest
505
511
  ): Promise<string> {
512
+ // generate the correlationId if not set by the user and add
513
+ const correlationId =
514
+ request.correlationId ||
515
+ this.config.cryptoInterface.createNewGuid();
516
+
506
517
  this.performanceClient?.addQueueMeasurement(
507
518
  PerformanceEvents.AuthClientCreateQueryString,
508
- request.correlationId
519
+ correlationId
509
520
  );
510
521
 
511
- const parameterBuilder = new RequestParameterBuilder();
522
+ const parameterBuilder = new RequestParameterBuilder(
523
+ correlationId,
524
+ this.performanceClient
525
+ );
512
526
 
513
527
  parameterBuilder.addClientId(
514
- request.extraQueryParameters?.[AADServerParamKeys.CLIENT_ID] ||
528
+ request.embeddedClientId ||
529
+ request.extraQueryParameters?.[AADServerParamKeys.CLIENT_ID] ||
515
530
  this.config.authOptions.clientId
516
531
  );
517
532
 
@@ -524,10 +539,6 @@ export class AuthorizationCodeClient extends BaseClient {
524
539
  // validate the redirectUri (to be a non null value)
525
540
  parameterBuilder.addRedirectUri(request.redirectUri);
526
541
 
527
- // generate the correlationId if not set by the user and add
528
- const correlationId =
529
- request.correlationId ||
530
- this.config.cryptoInterface.createNewGuid();
531
542
  parameterBuilder.addCorrelationId(correlationId);
532
543
 
533
544
  // add response_mode. If not passed in it defaults to query.
@@ -674,6 +685,13 @@ export class AuthorizationCodeClient extends BaseClient {
674
685
  );
675
686
  }
676
687
 
688
+ if (request.embeddedClientId) {
689
+ parameterBuilder.addBrokerParameters({
690
+ brokerClientId: this.config.authOptions.clientId,
691
+ brokerRedirectUri: this.config.authOptions.redirectUri,
692
+ });
693
+ }
694
+
677
695
  this.addExtraQueryParams(request, parameterBuilder);
678
696
 
679
697
  if (request.nativeBroker) {
@@ -714,7 +732,10 @@ export class AuthorizationCodeClient extends BaseClient {
714
732
  private createLogoutUrlQueryString(
715
733
  request: CommonEndSessionRequest
716
734
  ): string {
717
- const parameterBuilder = new RequestParameterBuilder();
735
+ const parameterBuilder = new RequestParameterBuilder(
736
+ request.correlationId,
737
+ this.performanceClient
738
+ );
718
739
 
719
740
  if (request.postLogoutRedirectUri) {
720
741
  parameterBuilder.addPostLogoutRedirectUri(
@@ -8,8 +8,11 @@ import {
8
8
  buildClientConfiguration,
9
9
  CommonClientConfiguration,
10
10
  } from "../config/ClientConfiguration.js";
11
- import { INetworkModule } from "../network/INetworkModule.js";
12
- import { NetworkManager, NetworkResponse } from "../network/NetworkManager.js";
11
+ import {
12
+ INetworkModule,
13
+ NetworkRequestOptions,
14
+ } from "../network/INetworkModule.js";
15
+ import { NetworkResponse } from "../network/NetworkResponse.js";
13
16
  import { ICrypto } from "../crypto/ICrypto.js";
14
17
  import { Authority } from "../authority/Authority.js";
15
18
  import { Logger } from "../logger/Logger.js";
@@ -26,6 +29,14 @@ import { RequestParameterBuilder } from "../request/RequestParameterBuilder.js";
26
29
  import { BaseAuthRequest } from "../request/BaseAuthRequest.js";
27
30
  import { createDiscoveredInstance } from "../authority/AuthorityFactory.js";
28
31
  import { PerformanceEvents } from "../telemetry/performance/PerformanceEvent.js";
32
+ import { ThrottlingUtils } from "../network/ThrottlingUtils.js";
33
+ import { AuthError } from "../error/AuthError.js";
34
+ import {
35
+ ClientAuthErrorCodes,
36
+ createClientAuthError,
37
+ } from "../error/ClientAuthError.js";
38
+ import { NetworkError } from "../error/NetworkError.js";
39
+ import { invokeAsync } from "../utils/FunctionWrappers.js";
29
40
 
30
41
  /**
31
42
  * Base application class which will construct requests to send to and handle responses from the Microsoft STS using the authorization code flow.
@@ -50,9 +61,6 @@ export abstract class BaseClient {
50
61
  // Server Telemetry Manager
51
62
  protected serverTelemetryManager: ServerTelemetryManager | null;
52
63
 
53
- // Network Manager
54
- protected networkManager: NetworkManager;
55
-
56
64
  // Default authority object
57
65
  public authority: Authority;
58
66
 
@@ -78,12 +86,6 @@ export abstract class BaseClient {
78
86
  // Set the network interface
79
87
  this.networkClient = this.config.networkInterface;
80
88
 
81
- // Set the NetworkManager
82
- this.networkManager = new NetworkManager(
83
- this.networkClient,
84
- this.cacheManager
85
- );
86
-
87
89
  // Set TelemetryManager
88
90
  this.serverTelemetryManager = this.config.serverTelemetryManager;
89
91
 
@@ -152,19 +154,12 @@ export abstract class BaseClient {
152
154
  }
153
155
 
154
156
  const response =
155
- await this.networkManager.sendPostRequest<ServerAuthorizationTokenResponse>(
157
+ await this.sendPostRequest<ServerAuthorizationTokenResponse>(
156
158
  thumbprint,
157
159
  tokenEndpoint,
158
- { body: queryString, headers: headers }
160
+ { body: queryString, headers: headers },
161
+ correlationId
159
162
  );
160
- this.performanceClient?.addFields(
161
- {
162
- refreshTokenSize: response.body.refresh_token?.length || 0,
163
- httpVerToken:
164
- response.headers?.[HeaderNames.X_MS_HTTP_VERSION] || "",
165
- },
166
- correlationId
167
- );
168
163
 
169
164
  if (
170
165
  this.config.serverTelemetryManager &&
@@ -178,6 +173,81 @@ export abstract class BaseClient {
178
173
  return response;
179
174
  }
180
175
 
176
+ /**
177
+ * Wraps sendPostRequestAsync with necessary preflight and postflight logic
178
+ * @param thumbprint - Request thumbprint for throttling
179
+ * @param tokenEndpoint - Endpoint to make the POST to
180
+ * @param options - Body and Headers to include on the POST request
181
+ * @param correlationId - CorrelationId for telemetry
182
+ */
183
+ async sendPostRequest<T extends ServerAuthorizationTokenResponse>(
184
+ thumbprint: RequestThumbprint,
185
+ tokenEndpoint: string,
186
+ options: NetworkRequestOptions,
187
+ correlationId: string
188
+ ): Promise<NetworkResponse<T>> {
189
+ ThrottlingUtils.preProcess(this.cacheManager, thumbprint);
190
+
191
+ let response;
192
+ try {
193
+ response = await invokeAsync(
194
+ this.networkClient.sendPostRequestAsync.bind(
195
+ this.networkClient
196
+ )<T>,
197
+ PerformanceEvents.NetworkClientSendPostRequestAsync,
198
+ this.logger,
199
+ this.performanceClient,
200
+ correlationId
201
+ )(tokenEndpoint, options);
202
+ const responseHeaders = response.headers || {};
203
+ this.performanceClient?.addFields(
204
+ {
205
+ refreshTokenSize: response.body.refresh_token?.length || 0,
206
+ httpVerToken:
207
+ responseHeaders[HeaderNames.X_MS_HTTP_VERSION] || "",
208
+ requestId:
209
+ responseHeaders[HeaderNames.X_MS_REQUEST_ID] || "",
210
+ },
211
+ correlationId
212
+ );
213
+ } catch (e) {
214
+ if (e instanceof NetworkError) {
215
+ const responseHeaders = e.responseHeaders;
216
+ if (responseHeaders) {
217
+ this.performanceClient?.addFields(
218
+ {
219
+ httpVerToken:
220
+ responseHeaders[
221
+ HeaderNames.X_MS_HTTP_VERSION
222
+ ] || "",
223
+ requestId:
224
+ responseHeaders[HeaderNames.X_MS_REQUEST_ID] ||
225
+ "",
226
+ contentTypeHeader:
227
+ responseHeaders[HeaderNames.CONTENT_TYPE] ||
228
+ undefined,
229
+ contentLengthHeader:
230
+ responseHeaders[HeaderNames.CONTENT_LENGTH] ||
231
+ undefined,
232
+ httpStatus: e.httpStatus,
233
+ },
234
+ correlationId
235
+ );
236
+ }
237
+ throw e.error;
238
+ }
239
+ if (e instanceof AuthError) {
240
+ throw e;
241
+ } else {
242
+ throw createClientAuthError(ClientAuthErrorCodes.networkError);
243
+ }
244
+ }
245
+
246
+ ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response);
247
+
248
+ return response;
249
+ }
250
+
181
251
  /**
182
252
  * Updates the authority object of the client. Endpoint discovery must be completed.
183
253
  * @param updatedAuthority
@@ -208,7 +278,17 @@ export abstract class BaseClient {
208
278
  * @param request
209
279
  */
210
280
  createTokenQueryParameters(request: BaseAuthRequest): string {
211
- const parameterBuilder = new RequestParameterBuilder();
281
+ const parameterBuilder = new RequestParameterBuilder(
282
+ request.correlationId,
283
+ this.performanceClient
284
+ );
285
+
286
+ if (request.embeddedClientId) {
287
+ parameterBuilder.addBrokerParameters({
288
+ brokerClientId: this.config.authOptions.clientId,
289
+ brokerRedirectUri: this.config.authOptions.redirectUri,
290
+ });
291
+ }
212
292
 
213
293
  if (request.tokenQueryParameters) {
214
294
  parameterBuilder.addExtraQueryParameters(
@@ -216,6 +296,8 @@ export abstract class BaseClient {
216
296
  );
217
297
  }
218
298
 
299
+ parameterBuilder.addCorrelationId(request.correlationId);
300
+
219
301
  return parameterBuilder.createQueryString();
220
302
  }
221
303
  }
@@ -24,7 +24,7 @@ import { AuthenticationResult } from "../response/AuthenticationResult.js";
24
24
  import { PopTokenGenerator } from "../crypto/PopTokenGenerator.js";
25
25
  import { StringUtils } from "../utils/StringUtils.js";
26
26
  import { RequestThumbprint } from "../network/RequestThumbprint.js";
27
- import { NetworkResponse } from "../network/NetworkManager.js";
27
+ import { NetworkResponse } from "../network/NetworkResponse.js";
28
28
  import { CommonSilentFlowRequest } from "../request/CommonSilentFlowRequest.js";
29
29
  import {
30
30
  createClientConfigurationError,
@@ -345,10 +345,14 @@ export class RefreshTokenClient extends BaseClient {
345
345
  );
346
346
 
347
347
  const correlationId = request.correlationId;
348
- const parameterBuilder = new RequestParameterBuilder();
348
+ const parameterBuilder = new RequestParameterBuilder(
349
+ correlationId,
350
+ this.performanceClient
351
+ );
349
352
 
350
353
  parameterBuilder.addClientId(
351
- request.tokenBodyParameters?.[AADServerParamKeys.CLIENT_ID] ||
354
+ request.embeddedClientId ||
355
+ request.tokenBodyParameters?.[AADServerParamKeys.CLIENT_ID] ||
352
356
  this.config.authOptions.clientId
353
357
  );
354
358
 
@@ -376,8 +380,6 @@ export class RefreshTokenClient extends BaseClient {
376
380
  parameterBuilder.addServerTelemetry(this.serverTelemetryManager);
377
381
  }
378
382
 
379
- parameterBuilder.addCorrelationId(correlationId);
380
-
381
383
  parameterBuilder.addRefreshToken(request.refreshToken);
382
384
 
383
385
  if (this.config.clientCredentials.clientSecret) {
@@ -472,6 +474,13 @@ export class RefreshTokenClient extends BaseClient {
472
474
  }
473
475
  }
474
476
 
477
+ if (request.embeddedClientId) {
478
+ parameterBuilder.addBrokerParameters({
479
+ brokerClientId: this.config.authOptions.clientId,
480
+ brokerRedirectUri: this.config.authOptions.redirectUri,
481
+ });
482
+ }
483
+
475
484
  if (request.tokenBodyParameters) {
476
485
  parameterBuilder.addExtraQueryParameters(
477
486
  request.tokenBodyParameters
@@ -82,11 +82,13 @@ export type CommonClientConfiguration = {
82
82
  * - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
83
83
  * - skipAuthorityMetadataCache - A flag to choose whether to use or not use the local metadata cache during authority initialization. Defaults to false.
84
84
  * - instanceAware - A flag of whether the STS will send back additional parameters to specify where the tokens should be retrieved from.
85
+ * - redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
85
86
  * @internal
86
87
  */
87
88
  export type AuthOptions = {
88
89
  clientId: string;
89
90
  authority: Authority;
91
+ redirectUri: string;
90
92
  clientCapabilities?: Array<string>;
91
93
  azureCloudOptions?: AzureCloudOptions;
92
94
  skipAuthorityMetadataCache?: boolean;
@@ -56,3 +56,5 @@ export const SID = "sid";
56
56
  export const LOGIN_HINT = "login_hint";
57
57
  export const DOMAIN_HINT = "domain_hint";
58
58
  export const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
59
+ export const BROKER_CLIENT_ID = "brk_client_id";
60
+ export const BROKER_REDIRECT_URI = "brk_redirect_uri";
@@ -0,0 +1,44 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ import { AuthError } from "./AuthError.js";
7
+
8
+ /**
9
+ * Represents network related errors
10
+ */
11
+ export class NetworkError extends AuthError {
12
+ error: AuthError;
13
+ httpStatus?: number;
14
+ responseHeaders?: Record<string, string>;
15
+
16
+ constructor(
17
+ error: AuthError,
18
+ httpStatus?: number,
19
+ responseHeaders?: Record<string, string>
20
+ ) {
21
+ super(error.errorCode, error.errorMessage, error.subError);
22
+
23
+ Object.setPrototypeOf(this, NetworkError.prototype);
24
+ this.name = "NetworkError";
25
+ this.error = error;
26
+ this.httpStatus = httpStatus;
27
+ this.responseHeaders = responseHeaders;
28
+ }
29
+ }
30
+
31
+ /**
32
+ * Creates NetworkError object for a failed network request
33
+ * @param error - Error to be thrown back to the caller
34
+ * @param httpStatus - Status code of the network request
35
+ * @param responseHeaders - Response headers of the network request, when available
36
+ * @returns NetworkError object
37
+ */
38
+ export function createNetworkError(
39
+ error: AuthError,
40
+ httpStatus?: number,
41
+ responseHeaders?: Record<string, string>
42
+ ): NetworkError {
43
+ return new NetworkError(error, httpStatus, responseHeaders);
44
+ }
@@ -91,11 +91,7 @@ export {
91
91
  NetworkRequestOptions,
92
92
  StubbedNetworkModule,
93
93
  } from "./network/INetworkModule.js";
94
- export {
95
- NetworkManager,
96
- NetworkResponse,
97
- UrlToHttpRequestOptions,
98
- } from "./network/NetworkManager.js";
94
+ export { NetworkResponse } from "./network/NetworkResponse.js";
99
95
  export { ThrottlingUtils } from "./network/ThrottlingUtils.js";
100
96
  export { RequestThumbprint } from "./network/RequestThumbprint.js";
101
97
  export { IUri } from "./url/IUri.js";
@@ -140,6 +136,7 @@ export {
140
136
  createAuthError,
141
137
  } from "./error/AuthError.js";
142
138
  export { ServerError } from "./error/ServerError.js";
139
+ export { NetworkError, createNetworkError } from "./error/NetworkError.js";
143
140
  export { CacheError, CacheErrorCodes } from "./error/CacheError.js";
144
141
  export {
145
142
  ClientAuthError,
@@ -7,7 +7,7 @@ import {
7
7
  ClientAuthErrorCodes,
8
8
  createClientAuthError,
9
9
  } from "../error/ClientAuthError.js";
10
- import { NetworkResponse } from "./NetworkManager.js";
10
+ import { NetworkResponse } from "./NetworkResponse.js";
11
11
 
12
12
  /**
13
13
  * Options allowed by network request APIs.
@@ -0,0 +1,10 @@
1
+ /*
2
+ * Copyright (c) Microsoft Corporation. All rights reserved.
3
+ * Licensed under the MIT License.
4
+ */
5
+
6
+ export type NetworkResponse<T> = {
7
+ headers: Record<string, string>;
8
+ body: T;
9
+ status: number;
10
+ };
@@ -3,7 +3,7 @@
3
3
  * Licensed under the MIT License.
4
4
  */
5
5
 
6
- import { NetworkResponse } from "./NetworkManager.js";
6
+ import { NetworkResponse } from "./NetworkResponse.js";
7
7
  import { ServerAuthorizationTokenResponse } from "../response/ServerAuthorizationTokenResponse.js";
8
8
  import {
9
9
  HeaderNames,
@@ -1,3 +1,3 @@
1
1
  /* eslint-disable header/header */
2
2
  export const name = "@azure/msal-common";
3
- export const version = "14.15.0";
3
+ export const version = "14.16.0";
@@ -29,6 +29,7 @@ import { ShrOptions } from "../crypto/SignedHttpRequest.js";
29
29
  * - storeInCache - Object containing boolean values indicating whether to store tokens in the cache or not (default is true)
30
30
  * - scenarioId - Scenario id to track custom user prompts
31
31
  * - popKid - Key ID to identify the public key for PoP token request
32
+ * - embeddedClientId - Embedded client id. When specified, broker client id (brk_client_id) and redirect uri (brk_redirect_uri) params are set with values from the config, overriding the corresponding extra parameters, if present.
32
33
  */
33
34
  export type BaseAuthRequest = {
34
35
  authority: string;
@@ -50,4 +51,5 @@ export type BaseAuthRequest = {
50
51
  storeInCache?: StoreInCache;
51
52
  scenarioId?: string;
52
53
  popKid?: string;
54
+ embeddedClientId?: string;
53
55
  };
@@ -28,13 +28,44 @@ import {
28
28
  } from "../config/ClientConfiguration.js";
29
29
  import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManager.js";
30
30
  import { ClientInfo } from "../account/ClientInfo.js";
31
+ import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
32
+
33
+ function instrumentBrokerParams(
34
+ parameters: Map<string, string>,
35
+ correlationId?: string,
36
+ performanceClient?: IPerformanceClient
37
+ ) {
38
+ if (!correlationId) {
39
+ return;
40
+ }
41
+
42
+ const clientId = parameters.get(AADServerParamKeys.CLIENT_ID);
43
+ if (clientId && parameters.has(AADServerParamKeys.BROKER_CLIENT_ID)) {
44
+ performanceClient?.addFields(
45
+ {
46
+ embeddedClientId: clientId,
47
+ embeddedRedirectUri: parameters.get(
48
+ AADServerParamKeys.REDIRECT_URI
49
+ ),
50
+ },
51
+ correlationId
52
+ );
53
+ }
54
+ }
31
55
 
32
56
  /** @internal */
33
57
  export class RequestParameterBuilder {
34
58
  private parameters: Map<string, string>;
59
+ private readonly performanceClient?: IPerformanceClient;
60
+ private readonly correlationId?: string;
35
61
 
36
- constructor() {
62
+ constructor(
63
+ correlationId?: string,
64
+ performanceClient?: IPerformanceClient
65
+ ) {
37
66
  this.parameters = new Map<string, string>();
67
+ this.performanceClient = performanceClient;
68
+ this.correlationId = correlationId;
38
69
  }
39
70
 
40
71
  /**
@@ -598,6 +629,19 @@ export class RequestParameterBuilder {
598
629
  );
599
630
  }
600
631
 
632
+ addBrokerParameters(params: {
633
+ brokerClientId: string;
634
+ brokerRedirectUri: string;
635
+ }): void {
636
+ const brokerParams: StringDict = {};
637
+ brokerParams[AADServerParamKeys.BROKER_CLIENT_ID] =
638
+ params.brokerClientId;
639
+ brokerParams[AADServerParamKeys.BROKER_REDIRECT_URI] =
640
+ params.brokerRedirectUri;
641
+
642
+ this.addExtraQueryParameters(brokerParams);
643
+ }
644
+
601
645
  /**
602
646
  * Utility to create a URL from the params map
603
647
  */
@@ -608,6 +652,12 @@ export class RequestParameterBuilder {
608
652
  queryParameterArray.push(`${key}=${value}`);
609
653
  });
610
654
 
655
+ instrumentBrokerParams(
656
+ this.parameters,
657
+ this.correlationId,
658
+ this.performanceClient
659
+ );
660
+
611
661
  return queryParameterArray.join("&");
612
662
  }
613
663
  }
@@ -198,22 +198,39 @@ export function compactStack(stack: string, stackMaxSize: number): string[] {
198
198
  }
199
199
 
200
200
  const stackArr = stack.split("\n") || [];
201
- if (stackArr.length < 2) {
202
- return [];
203
- }
204
201
 
205
202
  const res = [];
206
- // Get top N stack lines
207
- for (
208
- // Skip first line as it may contain PII data
209
- let ix = Math.max(stackArr.length - stackMaxSize - 1, 1);
210
- ix < stackArr.length;
211
- ix++
203
+
204
+ // Check for a handful of known, common runtime errors and log them (with redaction where applicable).
205
+ const firstLine = stackArr[0];
206
+ if (
207
+ firstLine.startsWith("TypeError: Cannot read property") ||
208
+ firstLine.startsWith("TypeError: Cannot read properties of") ||
209
+ firstLine.startsWith("TypeError: Cannot set property") ||
210
+ firstLine.startsWith("TypeError: Cannot set properties of") ||
211
+ firstLine.endsWith("is not a function")
212
212
  ) {
213
- const line = stackArr[ix];
213
+ // These types of errors are not at risk of leaking PII. They will indicate unavailable APIs
214
+ res.push(compactStackLine(firstLine));
215
+ } else if (
216
+ firstLine.startsWith("SyntaxError") ||
217
+ firstLine.startsWith("TypeError")
218
+ ) {
219
+ // Prevent unintentional leaking of arbitrary info by redacting contents between both single and double quotes
220
+ res.push(
221
+ compactStackLine(
222
+ // Example: SyntaxError: Unexpected token 'e', "test" is not valid JSON -> SyntaxError: Unexpected token <redacted>, <redacted> is not valid JSON
223
+ firstLine.replace(/['].*[']|["].*["]/g, "<redacted>")
224
+ )
225
+ );
226
+ }
227
+
228
+ // Get top N stack lines
229
+ for (let ix = 1; ix < stackArr.length; ix++) {
214
230
  if (res.length >= stackMaxSize) {
215
231
  break;
216
232
  }
233
+ const line = stackArr[ix];
217
234
  res.push(compactStackLine(line));
218
235
  }
219
236
  return res;
@@ -630,14 +647,27 @@ export abstract class PerformanceClient implements IPerformanceClient {
630
647
  event.correlationId
631
648
  );
632
649
 
650
+ if (error) {
651
+ addError(error, this.logger, rootEvent);
652
+ }
653
+
633
654
  // Add sub-measurement attribute to root event.
634
655
  if (!isRoot) {
635
656
  rootEvent[event.name + "DurationMs"] = Math.floor(event.durationMs);
636
657
  return { ...rootEvent };
637
658
  }
638
659
 
639
- if (error) {
640
- addError(error, this.logger, rootEvent);
660
+ if (
661
+ isRoot &&
662
+ !error &&
663
+ (rootEvent.errorCode || rootEvent.subErrorCode)
664
+ ) {
665
+ this.logger.trace(
666
+ `PerformanceClient: Remove error and sub-error codes for root event ${event.name} as intermediate error was successfully handled`,
667
+ event.correlationId
668
+ );
669
+ rootEvent.errorCode = undefined;
670
+ rootEvent.subErrorCode = undefined;
641
671
  }
642
672
 
643
673
  let finalEvent: PerformanceEvent = { ...rootEvent, ...event };