@azure/msal-common 14.15.0 → 14.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +1 -1
- package/dist/authority/AuthorityFactory.mjs +1 -1
- package/dist/authority/AuthorityMetadata.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.mjs +1 -1
- package/dist/cache/CacheManager.d.ts +0 -5
- package/dist/cache/CacheManager.d.ts.map +1 -1
- package/dist/cache/CacheManager.mjs +1 -4
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/entities/AccountEntity.mjs +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +24 -13
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/BaseClient.d.ts +10 -3
- package/dist/client/BaseClient.d.ts.map +1 -1
- package/dist/client/BaseClient.mjs +62 -10
- package/dist/client/BaseClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +10 -4
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.mjs +1 -1
- package/dist/config/ClientConfiguration.d.ts +2 -0
- package/dist/config/ClientConfiguration.d.ts.map +1 -1
- package/dist/config/ClientConfiguration.mjs +1 -1
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.d.ts +2 -0
- package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +5 -3
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +1 -1
- package/dist/error/AuthError.mjs +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +1 -1
- package/dist/error/ClientConfigurationError.mjs +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.d.ts +19 -0
- package/dist/error/NetworkError.d.ts.map +1 -0
- package/dist/error/NetworkError.mjs +34 -0
- package/dist/error/NetworkError.mjs.map +1 -0
- package/dist/error/ServerError.mjs +1 -1
- package/dist/exports-common.d.ts +2 -1
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/index-browser.mjs +2 -2
- package/dist/index-node.mjs +2 -2
- package/dist/index.mjs +2 -2
- package/dist/logger/Logger.mjs +1 -1
- package/dist/network/INetworkModule.d.ts +1 -1
- package/dist/network/INetworkModule.d.ts.map +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/NetworkResponse.d.ts +6 -0
- package/dist/network/NetworkResponse.d.ts.map +1 -0
- package/dist/network/ThrottlingUtils.d.ts +1 -1
- package/dist/network/ThrottlingUtils.d.ts.map +1 -1
- package/dist/network/ThrottlingUtils.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/request/AuthenticationHeaderParser.mjs +1 -1
- package/dist/request/BaseAuthRequest.d.ts +2 -0
- package/dist/request/BaseAuthRequest.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.d.ts +8 -1
- package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +26 -3
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/RequestValidator.mjs +1 -1
- package/dist/request/ScopeSet.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +29 -10
- package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.d.ts +9 -0
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +6 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist/url/UrlString.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.d.ts +1 -0
- package/dist/utils/Constants.d.ts.map +1 -1
- package/dist/utils/Constants.mjs +2 -1
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.mjs +1 -1
- package/lib/index-browser.cjs +33 -13
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-aee3f7b6.js → index-node-C9XsExml.js} +268 -180
- package/lib/index-node-C9XsExml.js.map +1 -0
- package/lib/index-node.cjs +5 -4
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +5 -4
- package/lib/index.cjs.map +1 -1
- package/lib/types/cache/CacheManager.d.ts +0 -5
- package/lib/types/cache/CacheManager.d.ts.map +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/lib/types/client/BaseClient.d.ts +10 -3
- package/lib/types/client/BaseClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/config/ClientConfiguration.d.ts +2 -0
- package/lib/types/config/ClientConfiguration.d.ts.map +1 -1
- package/lib/types/constants/AADServerParamKeys.d.ts +2 -0
- package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
- package/lib/types/error/NetworkError.d.ts +19 -0
- package/lib/types/error/NetworkError.d.ts.map +1 -0
- package/lib/types/exports-common.d.ts +2 -1
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/network/INetworkModule.d.ts +1 -1
- package/lib/types/network/INetworkModule.d.ts.map +1 -1
- package/lib/types/network/NetworkResponse.d.ts +6 -0
- package/lib/types/network/NetworkResponse.d.ts.map +1 -0
- package/lib/types/network/ThrottlingUtils.d.ts +1 -1
- package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/request/BaseAuthRequest.d.ts +2 -0
- package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/lib/types/request/RequestParameterBuilder.d.ts +8 -1
- package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts +9 -0
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/lib/types/utils/Constants.d.ts +1 -0
- package/lib/types/utils/Constants.d.ts.map +1 -1
- package/package.json +2 -4
- package/src/authority/RegionDiscovery.ts +1 -1
- package/src/cache/CacheManager.ts +0 -8
- package/src/client/AuthorizationCodeClient.ts +37 -16
- package/src/client/BaseClient.ts +104 -22
- package/src/client/RefreshTokenClient.ts +14 -5
- package/src/config/ClientConfiguration.ts +2 -0
- package/src/constants/AADServerParamKeys.ts +2 -0
- package/src/error/NetworkError.ts +44 -0
- package/src/exports-common.ts +2 -5
- package/src/network/INetworkModule.ts +1 -1
- package/src/network/NetworkResponse.ts +10 -0
- package/src/network/ThrottlingUtils.ts +1 -1
- package/src/packageMetadata.ts +1 -1
- package/src/request/BaseAuthRequest.ts +2 -0
- package/src/request/RequestParameterBuilder.ts +51 -1
- package/src/telemetry/performance/PerformanceClient.ts +42 -12
- package/src/telemetry/performance/PerformanceEvent.ts +15 -0
- package/src/utils/Constants.ts +1 -0
- package/dist/network/NetworkManager.d.ts +0 -34
- package/dist/network/NetworkManager.d.ts.map +0 -1
- package/dist/network/NetworkManager.mjs +0 -44
- package/dist/network/NetworkManager.mjs.map +0 -1
- package/lib/index-node-aee3f7b6.js.map +0 -1
- package/lib/types/network/NetworkManager.d.ts +0 -34
- package/lib/types/network/NetworkManager.d.ts.map +0 -1
- package/src/network/NetworkManager.ts +0 -76
|
@@ -21,7 +21,7 @@ import {
|
|
|
21
21
|
isOidcProtocolMode,
|
|
22
22
|
} from "../config/ClientConfiguration.js";
|
|
23
23
|
import { ServerAuthorizationTokenResponse } from "../response/ServerAuthorizationTokenResponse.js";
|
|
24
|
-
import { NetworkResponse } from "../network/
|
|
24
|
+
import { NetworkResponse } from "../network/NetworkResponse.js";
|
|
25
25
|
import { ResponseHandler } from "../response/ResponseHandler.js";
|
|
26
26
|
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
27
27
|
import { StringUtils } from "../utils/StringUtils.js";
|
|
@@ -314,10 +314,14 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
314
314
|
request.correlationId
|
|
315
315
|
);
|
|
316
316
|
|
|
317
|
-
const parameterBuilder = new RequestParameterBuilder(
|
|
317
|
+
const parameterBuilder = new RequestParameterBuilder(
|
|
318
|
+
request.correlationId,
|
|
319
|
+
this.performanceClient
|
|
320
|
+
);
|
|
318
321
|
|
|
319
322
|
parameterBuilder.addClientId(
|
|
320
|
-
request.
|
|
323
|
+
request.embeddedClientId ||
|
|
324
|
+
request.tokenBodyParameters?.[AADServerParamKeys.CLIENT_ID] ||
|
|
321
325
|
this.config.authOptions.clientId
|
|
322
326
|
);
|
|
323
327
|
|
|
@@ -416,11 +420,6 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
416
420
|
}
|
|
417
421
|
}
|
|
418
422
|
|
|
419
|
-
const correlationId =
|
|
420
|
-
request.correlationId ||
|
|
421
|
-
this.config.cryptoInterface.createNewGuid();
|
|
422
|
-
parameterBuilder.addCorrelationId(correlationId);
|
|
423
|
-
|
|
424
423
|
if (
|
|
425
424
|
!StringUtils.isEmptyObj(request.claims) ||
|
|
426
425
|
(this.config.authOptions.clientCapabilities &&
|
|
@@ -474,6 +473,13 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
474
473
|
}
|
|
475
474
|
}
|
|
476
475
|
|
|
476
|
+
if (request.embeddedClientId) {
|
|
477
|
+
parameterBuilder.addBrokerParameters({
|
|
478
|
+
brokerClientId: this.config.authOptions.clientId,
|
|
479
|
+
brokerRedirectUri: this.config.authOptions.redirectUri,
|
|
480
|
+
});
|
|
481
|
+
}
|
|
482
|
+
|
|
477
483
|
if (request.tokenBodyParameters) {
|
|
478
484
|
parameterBuilder.addExtraQueryParameters(
|
|
479
485
|
request.tokenBodyParameters
|
|
@@ -503,15 +509,24 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
503
509
|
private async createAuthCodeUrlQueryString(
|
|
504
510
|
request: CommonAuthorizationUrlRequest
|
|
505
511
|
): Promise<string> {
|
|
512
|
+
// generate the correlationId if not set by the user and add
|
|
513
|
+
const correlationId =
|
|
514
|
+
request.correlationId ||
|
|
515
|
+
this.config.cryptoInterface.createNewGuid();
|
|
516
|
+
|
|
506
517
|
this.performanceClient?.addQueueMeasurement(
|
|
507
518
|
PerformanceEvents.AuthClientCreateQueryString,
|
|
508
|
-
|
|
519
|
+
correlationId
|
|
509
520
|
);
|
|
510
521
|
|
|
511
|
-
const parameterBuilder = new RequestParameterBuilder(
|
|
522
|
+
const parameterBuilder = new RequestParameterBuilder(
|
|
523
|
+
correlationId,
|
|
524
|
+
this.performanceClient
|
|
525
|
+
);
|
|
512
526
|
|
|
513
527
|
parameterBuilder.addClientId(
|
|
514
|
-
request.
|
|
528
|
+
request.embeddedClientId ||
|
|
529
|
+
request.extraQueryParameters?.[AADServerParamKeys.CLIENT_ID] ||
|
|
515
530
|
this.config.authOptions.clientId
|
|
516
531
|
);
|
|
517
532
|
|
|
@@ -524,10 +539,6 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
524
539
|
// validate the redirectUri (to be a non null value)
|
|
525
540
|
parameterBuilder.addRedirectUri(request.redirectUri);
|
|
526
541
|
|
|
527
|
-
// generate the correlationId if not set by the user and add
|
|
528
|
-
const correlationId =
|
|
529
|
-
request.correlationId ||
|
|
530
|
-
this.config.cryptoInterface.createNewGuid();
|
|
531
542
|
parameterBuilder.addCorrelationId(correlationId);
|
|
532
543
|
|
|
533
544
|
// add response_mode. If not passed in it defaults to query.
|
|
@@ -674,6 +685,13 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
674
685
|
);
|
|
675
686
|
}
|
|
676
687
|
|
|
688
|
+
if (request.embeddedClientId) {
|
|
689
|
+
parameterBuilder.addBrokerParameters({
|
|
690
|
+
brokerClientId: this.config.authOptions.clientId,
|
|
691
|
+
brokerRedirectUri: this.config.authOptions.redirectUri,
|
|
692
|
+
});
|
|
693
|
+
}
|
|
694
|
+
|
|
677
695
|
this.addExtraQueryParams(request, parameterBuilder);
|
|
678
696
|
|
|
679
697
|
if (request.nativeBroker) {
|
|
@@ -714,7 +732,10 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
714
732
|
private createLogoutUrlQueryString(
|
|
715
733
|
request: CommonEndSessionRequest
|
|
716
734
|
): string {
|
|
717
|
-
const parameterBuilder = new RequestParameterBuilder(
|
|
735
|
+
const parameterBuilder = new RequestParameterBuilder(
|
|
736
|
+
request.correlationId,
|
|
737
|
+
this.performanceClient
|
|
738
|
+
);
|
|
718
739
|
|
|
719
740
|
if (request.postLogoutRedirectUri) {
|
|
720
741
|
parameterBuilder.addPostLogoutRedirectUri(
|
package/src/client/BaseClient.ts
CHANGED
|
@@ -8,8 +8,11 @@ import {
|
|
|
8
8
|
buildClientConfiguration,
|
|
9
9
|
CommonClientConfiguration,
|
|
10
10
|
} from "../config/ClientConfiguration.js";
|
|
11
|
-
import {
|
|
12
|
-
|
|
11
|
+
import {
|
|
12
|
+
INetworkModule,
|
|
13
|
+
NetworkRequestOptions,
|
|
14
|
+
} from "../network/INetworkModule.js";
|
|
15
|
+
import { NetworkResponse } from "../network/NetworkResponse.js";
|
|
13
16
|
import { ICrypto } from "../crypto/ICrypto.js";
|
|
14
17
|
import { Authority } from "../authority/Authority.js";
|
|
15
18
|
import { Logger } from "../logger/Logger.js";
|
|
@@ -26,6 +29,14 @@ import { RequestParameterBuilder } from "../request/RequestParameterBuilder.js";
|
|
|
26
29
|
import { BaseAuthRequest } from "../request/BaseAuthRequest.js";
|
|
27
30
|
import { createDiscoveredInstance } from "../authority/AuthorityFactory.js";
|
|
28
31
|
import { PerformanceEvents } from "../telemetry/performance/PerformanceEvent.js";
|
|
32
|
+
import { ThrottlingUtils } from "../network/ThrottlingUtils.js";
|
|
33
|
+
import { AuthError } from "../error/AuthError.js";
|
|
34
|
+
import {
|
|
35
|
+
ClientAuthErrorCodes,
|
|
36
|
+
createClientAuthError,
|
|
37
|
+
} from "../error/ClientAuthError.js";
|
|
38
|
+
import { NetworkError } from "../error/NetworkError.js";
|
|
39
|
+
import { invokeAsync } from "../utils/FunctionWrappers.js";
|
|
29
40
|
|
|
30
41
|
/**
|
|
31
42
|
* Base application class which will construct requests to send to and handle responses from the Microsoft STS using the authorization code flow.
|
|
@@ -50,9 +61,6 @@ export abstract class BaseClient {
|
|
|
50
61
|
// Server Telemetry Manager
|
|
51
62
|
protected serverTelemetryManager: ServerTelemetryManager | null;
|
|
52
63
|
|
|
53
|
-
// Network Manager
|
|
54
|
-
protected networkManager: NetworkManager;
|
|
55
|
-
|
|
56
64
|
// Default authority object
|
|
57
65
|
public authority: Authority;
|
|
58
66
|
|
|
@@ -78,12 +86,6 @@ export abstract class BaseClient {
|
|
|
78
86
|
// Set the network interface
|
|
79
87
|
this.networkClient = this.config.networkInterface;
|
|
80
88
|
|
|
81
|
-
// Set the NetworkManager
|
|
82
|
-
this.networkManager = new NetworkManager(
|
|
83
|
-
this.networkClient,
|
|
84
|
-
this.cacheManager
|
|
85
|
-
);
|
|
86
|
-
|
|
87
89
|
// Set TelemetryManager
|
|
88
90
|
this.serverTelemetryManager = this.config.serverTelemetryManager;
|
|
89
91
|
|
|
@@ -152,19 +154,12 @@ export abstract class BaseClient {
|
|
|
152
154
|
}
|
|
153
155
|
|
|
154
156
|
const response =
|
|
155
|
-
await this.
|
|
157
|
+
await this.sendPostRequest<ServerAuthorizationTokenResponse>(
|
|
156
158
|
thumbprint,
|
|
157
159
|
tokenEndpoint,
|
|
158
|
-
{ body: queryString, headers: headers }
|
|
160
|
+
{ body: queryString, headers: headers },
|
|
161
|
+
correlationId
|
|
159
162
|
);
|
|
160
|
-
this.performanceClient?.addFields(
|
|
161
|
-
{
|
|
162
|
-
refreshTokenSize: response.body.refresh_token?.length || 0,
|
|
163
|
-
httpVerToken:
|
|
164
|
-
response.headers?.[HeaderNames.X_MS_HTTP_VERSION] || "",
|
|
165
|
-
},
|
|
166
|
-
correlationId
|
|
167
|
-
);
|
|
168
163
|
|
|
169
164
|
if (
|
|
170
165
|
this.config.serverTelemetryManager &&
|
|
@@ -178,6 +173,81 @@ export abstract class BaseClient {
|
|
|
178
173
|
return response;
|
|
179
174
|
}
|
|
180
175
|
|
|
176
|
+
/**
|
|
177
|
+
* Wraps sendPostRequestAsync with necessary preflight and postflight logic
|
|
178
|
+
* @param thumbprint - Request thumbprint for throttling
|
|
179
|
+
* @param tokenEndpoint - Endpoint to make the POST to
|
|
180
|
+
* @param options - Body and Headers to include on the POST request
|
|
181
|
+
* @param correlationId - CorrelationId for telemetry
|
|
182
|
+
*/
|
|
183
|
+
async sendPostRequest<T extends ServerAuthorizationTokenResponse>(
|
|
184
|
+
thumbprint: RequestThumbprint,
|
|
185
|
+
tokenEndpoint: string,
|
|
186
|
+
options: NetworkRequestOptions,
|
|
187
|
+
correlationId: string
|
|
188
|
+
): Promise<NetworkResponse<T>> {
|
|
189
|
+
ThrottlingUtils.preProcess(this.cacheManager, thumbprint);
|
|
190
|
+
|
|
191
|
+
let response;
|
|
192
|
+
try {
|
|
193
|
+
response = await invokeAsync(
|
|
194
|
+
this.networkClient.sendPostRequestAsync.bind(
|
|
195
|
+
this.networkClient
|
|
196
|
+
)<T>,
|
|
197
|
+
PerformanceEvents.NetworkClientSendPostRequestAsync,
|
|
198
|
+
this.logger,
|
|
199
|
+
this.performanceClient,
|
|
200
|
+
correlationId
|
|
201
|
+
)(tokenEndpoint, options);
|
|
202
|
+
const responseHeaders = response.headers || {};
|
|
203
|
+
this.performanceClient?.addFields(
|
|
204
|
+
{
|
|
205
|
+
refreshTokenSize: response.body.refresh_token?.length || 0,
|
|
206
|
+
httpVerToken:
|
|
207
|
+
responseHeaders[HeaderNames.X_MS_HTTP_VERSION] || "",
|
|
208
|
+
requestId:
|
|
209
|
+
responseHeaders[HeaderNames.X_MS_REQUEST_ID] || "",
|
|
210
|
+
},
|
|
211
|
+
correlationId
|
|
212
|
+
);
|
|
213
|
+
} catch (e) {
|
|
214
|
+
if (e instanceof NetworkError) {
|
|
215
|
+
const responseHeaders = e.responseHeaders;
|
|
216
|
+
if (responseHeaders) {
|
|
217
|
+
this.performanceClient?.addFields(
|
|
218
|
+
{
|
|
219
|
+
httpVerToken:
|
|
220
|
+
responseHeaders[
|
|
221
|
+
HeaderNames.X_MS_HTTP_VERSION
|
|
222
|
+
] || "",
|
|
223
|
+
requestId:
|
|
224
|
+
responseHeaders[HeaderNames.X_MS_REQUEST_ID] ||
|
|
225
|
+
"",
|
|
226
|
+
contentTypeHeader:
|
|
227
|
+
responseHeaders[HeaderNames.CONTENT_TYPE] ||
|
|
228
|
+
undefined,
|
|
229
|
+
contentLengthHeader:
|
|
230
|
+
responseHeaders[HeaderNames.CONTENT_LENGTH] ||
|
|
231
|
+
undefined,
|
|
232
|
+
httpStatus: e.httpStatus,
|
|
233
|
+
},
|
|
234
|
+
correlationId
|
|
235
|
+
);
|
|
236
|
+
}
|
|
237
|
+
throw e.error;
|
|
238
|
+
}
|
|
239
|
+
if (e instanceof AuthError) {
|
|
240
|
+
throw e;
|
|
241
|
+
} else {
|
|
242
|
+
throw createClientAuthError(ClientAuthErrorCodes.networkError);
|
|
243
|
+
}
|
|
244
|
+
}
|
|
245
|
+
|
|
246
|
+
ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response);
|
|
247
|
+
|
|
248
|
+
return response;
|
|
249
|
+
}
|
|
250
|
+
|
|
181
251
|
/**
|
|
182
252
|
* Updates the authority object of the client. Endpoint discovery must be completed.
|
|
183
253
|
* @param updatedAuthority
|
|
@@ -208,7 +278,17 @@ export abstract class BaseClient {
|
|
|
208
278
|
* @param request
|
|
209
279
|
*/
|
|
210
280
|
createTokenQueryParameters(request: BaseAuthRequest): string {
|
|
211
|
-
const parameterBuilder = new RequestParameterBuilder(
|
|
281
|
+
const parameterBuilder = new RequestParameterBuilder(
|
|
282
|
+
request.correlationId,
|
|
283
|
+
this.performanceClient
|
|
284
|
+
);
|
|
285
|
+
|
|
286
|
+
if (request.embeddedClientId) {
|
|
287
|
+
parameterBuilder.addBrokerParameters({
|
|
288
|
+
brokerClientId: this.config.authOptions.clientId,
|
|
289
|
+
brokerRedirectUri: this.config.authOptions.redirectUri,
|
|
290
|
+
});
|
|
291
|
+
}
|
|
212
292
|
|
|
213
293
|
if (request.tokenQueryParameters) {
|
|
214
294
|
parameterBuilder.addExtraQueryParameters(
|
|
@@ -216,6 +296,8 @@ export abstract class BaseClient {
|
|
|
216
296
|
);
|
|
217
297
|
}
|
|
218
298
|
|
|
299
|
+
parameterBuilder.addCorrelationId(request.correlationId);
|
|
300
|
+
|
|
219
301
|
return parameterBuilder.createQueryString();
|
|
220
302
|
}
|
|
221
303
|
}
|
|
@@ -24,7 +24,7 @@ import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
|
24
24
|
import { PopTokenGenerator } from "../crypto/PopTokenGenerator.js";
|
|
25
25
|
import { StringUtils } from "../utils/StringUtils.js";
|
|
26
26
|
import { RequestThumbprint } from "../network/RequestThumbprint.js";
|
|
27
|
-
import { NetworkResponse } from "../network/
|
|
27
|
+
import { NetworkResponse } from "../network/NetworkResponse.js";
|
|
28
28
|
import { CommonSilentFlowRequest } from "../request/CommonSilentFlowRequest.js";
|
|
29
29
|
import {
|
|
30
30
|
createClientConfigurationError,
|
|
@@ -345,10 +345,14 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
345
345
|
);
|
|
346
346
|
|
|
347
347
|
const correlationId = request.correlationId;
|
|
348
|
-
const parameterBuilder = new RequestParameterBuilder(
|
|
348
|
+
const parameterBuilder = new RequestParameterBuilder(
|
|
349
|
+
correlationId,
|
|
350
|
+
this.performanceClient
|
|
351
|
+
);
|
|
349
352
|
|
|
350
353
|
parameterBuilder.addClientId(
|
|
351
|
-
request.
|
|
354
|
+
request.embeddedClientId ||
|
|
355
|
+
request.tokenBodyParameters?.[AADServerParamKeys.CLIENT_ID] ||
|
|
352
356
|
this.config.authOptions.clientId
|
|
353
357
|
);
|
|
354
358
|
|
|
@@ -376,8 +380,6 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
376
380
|
parameterBuilder.addServerTelemetry(this.serverTelemetryManager);
|
|
377
381
|
}
|
|
378
382
|
|
|
379
|
-
parameterBuilder.addCorrelationId(correlationId);
|
|
380
|
-
|
|
381
383
|
parameterBuilder.addRefreshToken(request.refreshToken);
|
|
382
384
|
|
|
383
385
|
if (this.config.clientCredentials.clientSecret) {
|
|
@@ -472,6 +474,13 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
472
474
|
}
|
|
473
475
|
}
|
|
474
476
|
|
|
477
|
+
if (request.embeddedClientId) {
|
|
478
|
+
parameterBuilder.addBrokerParameters({
|
|
479
|
+
brokerClientId: this.config.authOptions.clientId,
|
|
480
|
+
brokerRedirectUri: this.config.authOptions.redirectUri,
|
|
481
|
+
});
|
|
482
|
+
}
|
|
483
|
+
|
|
475
484
|
if (request.tokenBodyParameters) {
|
|
476
485
|
parameterBuilder.addExtraQueryParameters(
|
|
477
486
|
request.tokenBodyParameters
|
|
@@ -82,11 +82,13 @@ export type CommonClientConfiguration = {
|
|
|
82
82
|
* - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
|
|
83
83
|
* - skipAuthorityMetadataCache - A flag to choose whether to use or not use the local metadata cache during authority initialization. Defaults to false.
|
|
84
84
|
* - instanceAware - A flag of whether the STS will send back additional parameters to specify where the tokens should be retrieved from.
|
|
85
|
+
* - redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
|
|
85
86
|
* @internal
|
|
86
87
|
*/
|
|
87
88
|
export type AuthOptions = {
|
|
88
89
|
clientId: string;
|
|
89
90
|
authority: Authority;
|
|
91
|
+
redirectUri: string;
|
|
90
92
|
clientCapabilities?: Array<string>;
|
|
91
93
|
azureCloudOptions?: AzureCloudOptions;
|
|
92
94
|
skipAuthorityMetadataCache?: boolean;
|
|
@@ -56,3 +56,5 @@ export const SID = "sid";
|
|
|
56
56
|
export const LOGIN_HINT = "login_hint";
|
|
57
57
|
export const DOMAIN_HINT = "domain_hint";
|
|
58
58
|
export const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
|
|
59
|
+
export const BROKER_CLIENT_ID = "brk_client_id";
|
|
60
|
+
export const BROKER_REDIRECT_URI = "brk_redirect_uri";
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
import { AuthError } from "./AuthError.js";
|
|
7
|
+
|
|
8
|
+
/**
|
|
9
|
+
* Represents network related errors
|
|
10
|
+
*/
|
|
11
|
+
export class NetworkError extends AuthError {
|
|
12
|
+
error: AuthError;
|
|
13
|
+
httpStatus?: number;
|
|
14
|
+
responseHeaders?: Record<string, string>;
|
|
15
|
+
|
|
16
|
+
constructor(
|
|
17
|
+
error: AuthError,
|
|
18
|
+
httpStatus?: number,
|
|
19
|
+
responseHeaders?: Record<string, string>
|
|
20
|
+
) {
|
|
21
|
+
super(error.errorCode, error.errorMessage, error.subError);
|
|
22
|
+
|
|
23
|
+
Object.setPrototypeOf(this, NetworkError.prototype);
|
|
24
|
+
this.name = "NetworkError";
|
|
25
|
+
this.error = error;
|
|
26
|
+
this.httpStatus = httpStatus;
|
|
27
|
+
this.responseHeaders = responseHeaders;
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
/**
|
|
32
|
+
* Creates NetworkError object for a failed network request
|
|
33
|
+
* @param error - Error to be thrown back to the caller
|
|
34
|
+
* @param httpStatus - Status code of the network request
|
|
35
|
+
* @param responseHeaders - Response headers of the network request, when available
|
|
36
|
+
* @returns NetworkError object
|
|
37
|
+
*/
|
|
38
|
+
export function createNetworkError(
|
|
39
|
+
error: AuthError,
|
|
40
|
+
httpStatus?: number,
|
|
41
|
+
responseHeaders?: Record<string, string>
|
|
42
|
+
): NetworkError {
|
|
43
|
+
return new NetworkError(error, httpStatus, responseHeaders);
|
|
44
|
+
}
|
package/src/exports-common.ts
CHANGED
|
@@ -91,11 +91,7 @@ export {
|
|
|
91
91
|
NetworkRequestOptions,
|
|
92
92
|
StubbedNetworkModule,
|
|
93
93
|
} from "./network/INetworkModule.js";
|
|
94
|
-
export {
|
|
95
|
-
NetworkManager,
|
|
96
|
-
NetworkResponse,
|
|
97
|
-
UrlToHttpRequestOptions,
|
|
98
|
-
} from "./network/NetworkManager.js";
|
|
94
|
+
export { NetworkResponse } from "./network/NetworkResponse.js";
|
|
99
95
|
export { ThrottlingUtils } from "./network/ThrottlingUtils.js";
|
|
100
96
|
export { RequestThumbprint } from "./network/RequestThumbprint.js";
|
|
101
97
|
export { IUri } from "./url/IUri.js";
|
|
@@ -140,6 +136,7 @@ export {
|
|
|
140
136
|
createAuthError,
|
|
141
137
|
} from "./error/AuthError.js";
|
|
142
138
|
export { ServerError } from "./error/ServerError.js";
|
|
139
|
+
export { NetworkError, createNetworkError } from "./error/NetworkError.js";
|
|
143
140
|
export { CacheError, CacheErrorCodes } from "./error/CacheError.js";
|
|
144
141
|
export {
|
|
145
142
|
ClientAuthError,
|
|
@@ -7,7 +7,7 @@ import {
|
|
|
7
7
|
ClientAuthErrorCodes,
|
|
8
8
|
createClientAuthError,
|
|
9
9
|
} from "../error/ClientAuthError.js";
|
|
10
|
-
import { NetworkResponse } from "./
|
|
10
|
+
import { NetworkResponse } from "./NetworkResponse.js";
|
|
11
11
|
|
|
12
12
|
/**
|
|
13
13
|
* Options allowed by network request APIs.
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Licensed under the MIT License.
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
|
-
import { NetworkResponse } from "./
|
|
6
|
+
import { NetworkResponse } from "./NetworkResponse.js";
|
|
7
7
|
import { ServerAuthorizationTokenResponse } from "../response/ServerAuthorizationTokenResponse.js";
|
|
8
8
|
import {
|
|
9
9
|
HeaderNames,
|
package/src/packageMetadata.ts
CHANGED
|
@@ -29,6 +29,7 @@ import { ShrOptions } from "../crypto/SignedHttpRequest.js";
|
|
|
29
29
|
* - storeInCache - Object containing boolean values indicating whether to store tokens in the cache or not (default is true)
|
|
30
30
|
* - scenarioId - Scenario id to track custom user prompts
|
|
31
31
|
* - popKid - Key ID to identify the public key for PoP token request
|
|
32
|
+
* - embeddedClientId - Embedded client id. When specified, broker client id (brk_client_id) and redirect uri (brk_redirect_uri) params are set with values from the config, overriding the corresponding extra parameters, if present.
|
|
32
33
|
*/
|
|
33
34
|
export type BaseAuthRequest = {
|
|
34
35
|
authority: string;
|
|
@@ -50,4 +51,5 @@ export type BaseAuthRequest = {
|
|
|
50
51
|
storeInCache?: StoreInCache;
|
|
51
52
|
scenarioId?: string;
|
|
52
53
|
popKid?: string;
|
|
54
|
+
embeddedClientId?: string;
|
|
53
55
|
};
|
|
@@ -28,13 +28,44 @@ import {
|
|
|
28
28
|
} from "../config/ClientConfiguration.js";
|
|
29
29
|
import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManager.js";
|
|
30
30
|
import { ClientInfo } from "../account/ClientInfo.js";
|
|
31
|
+
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
32
|
+
|
|
33
|
+
function instrumentBrokerParams(
|
|
34
|
+
parameters: Map<string, string>,
|
|
35
|
+
correlationId?: string,
|
|
36
|
+
performanceClient?: IPerformanceClient
|
|
37
|
+
) {
|
|
38
|
+
if (!correlationId) {
|
|
39
|
+
return;
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
const clientId = parameters.get(AADServerParamKeys.CLIENT_ID);
|
|
43
|
+
if (clientId && parameters.has(AADServerParamKeys.BROKER_CLIENT_ID)) {
|
|
44
|
+
performanceClient?.addFields(
|
|
45
|
+
{
|
|
46
|
+
embeddedClientId: clientId,
|
|
47
|
+
embeddedRedirectUri: parameters.get(
|
|
48
|
+
AADServerParamKeys.REDIRECT_URI
|
|
49
|
+
),
|
|
50
|
+
},
|
|
51
|
+
correlationId
|
|
52
|
+
);
|
|
53
|
+
}
|
|
54
|
+
}
|
|
31
55
|
|
|
32
56
|
/** @internal */
|
|
33
57
|
export class RequestParameterBuilder {
|
|
34
58
|
private parameters: Map<string, string>;
|
|
59
|
+
private readonly performanceClient?: IPerformanceClient;
|
|
60
|
+
private readonly correlationId?: string;
|
|
35
61
|
|
|
36
|
-
constructor(
|
|
62
|
+
constructor(
|
|
63
|
+
correlationId?: string,
|
|
64
|
+
performanceClient?: IPerformanceClient
|
|
65
|
+
) {
|
|
37
66
|
this.parameters = new Map<string, string>();
|
|
67
|
+
this.performanceClient = performanceClient;
|
|
68
|
+
this.correlationId = correlationId;
|
|
38
69
|
}
|
|
39
70
|
|
|
40
71
|
/**
|
|
@@ -598,6 +629,19 @@ export class RequestParameterBuilder {
|
|
|
598
629
|
);
|
|
599
630
|
}
|
|
600
631
|
|
|
632
|
+
addBrokerParameters(params: {
|
|
633
|
+
brokerClientId: string;
|
|
634
|
+
brokerRedirectUri: string;
|
|
635
|
+
}): void {
|
|
636
|
+
const brokerParams: StringDict = {};
|
|
637
|
+
brokerParams[AADServerParamKeys.BROKER_CLIENT_ID] =
|
|
638
|
+
params.brokerClientId;
|
|
639
|
+
brokerParams[AADServerParamKeys.BROKER_REDIRECT_URI] =
|
|
640
|
+
params.brokerRedirectUri;
|
|
641
|
+
|
|
642
|
+
this.addExtraQueryParameters(brokerParams);
|
|
643
|
+
}
|
|
644
|
+
|
|
601
645
|
/**
|
|
602
646
|
* Utility to create a URL from the params map
|
|
603
647
|
*/
|
|
@@ -608,6 +652,12 @@ export class RequestParameterBuilder {
|
|
|
608
652
|
queryParameterArray.push(`${key}=${value}`);
|
|
609
653
|
});
|
|
610
654
|
|
|
655
|
+
instrumentBrokerParams(
|
|
656
|
+
this.parameters,
|
|
657
|
+
this.correlationId,
|
|
658
|
+
this.performanceClient
|
|
659
|
+
);
|
|
660
|
+
|
|
611
661
|
return queryParameterArray.join("&");
|
|
612
662
|
}
|
|
613
663
|
}
|
|
@@ -198,22 +198,39 @@ export function compactStack(stack: string, stackMaxSize: number): string[] {
|
|
|
198
198
|
}
|
|
199
199
|
|
|
200
200
|
const stackArr = stack.split("\n") || [];
|
|
201
|
-
if (stackArr.length < 2) {
|
|
202
|
-
return [];
|
|
203
|
-
}
|
|
204
201
|
|
|
205
202
|
const res = [];
|
|
206
|
-
|
|
207
|
-
for (
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
203
|
+
|
|
204
|
+
// Check for a handful of known, common runtime errors and log them (with redaction where applicable).
|
|
205
|
+
const firstLine = stackArr[0];
|
|
206
|
+
if (
|
|
207
|
+
firstLine.startsWith("TypeError: Cannot read property") ||
|
|
208
|
+
firstLine.startsWith("TypeError: Cannot read properties of") ||
|
|
209
|
+
firstLine.startsWith("TypeError: Cannot set property") ||
|
|
210
|
+
firstLine.startsWith("TypeError: Cannot set properties of") ||
|
|
211
|
+
firstLine.endsWith("is not a function")
|
|
212
212
|
) {
|
|
213
|
-
|
|
213
|
+
// These types of errors are not at risk of leaking PII. They will indicate unavailable APIs
|
|
214
|
+
res.push(compactStackLine(firstLine));
|
|
215
|
+
} else if (
|
|
216
|
+
firstLine.startsWith("SyntaxError") ||
|
|
217
|
+
firstLine.startsWith("TypeError")
|
|
218
|
+
) {
|
|
219
|
+
// Prevent unintentional leaking of arbitrary info by redacting contents between both single and double quotes
|
|
220
|
+
res.push(
|
|
221
|
+
compactStackLine(
|
|
222
|
+
// Example: SyntaxError: Unexpected token 'e', "test" is not valid JSON -> SyntaxError: Unexpected token <redacted>, <redacted> is not valid JSON
|
|
223
|
+
firstLine.replace(/['].*[']|["].*["]/g, "<redacted>")
|
|
224
|
+
)
|
|
225
|
+
);
|
|
226
|
+
}
|
|
227
|
+
|
|
228
|
+
// Get top N stack lines
|
|
229
|
+
for (let ix = 1; ix < stackArr.length; ix++) {
|
|
214
230
|
if (res.length >= stackMaxSize) {
|
|
215
231
|
break;
|
|
216
232
|
}
|
|
233
|
+
const line = stackArr[ix];
|
|
217
234
|
res.push(compactStackLine(line));
|
|
218
235
|
}
|
|
219
236
|
return res;
|
|
@@ -630,14 +647,27 @@ export abstract class PerformanceClient implements IPerformanceClient {
|
|
|
630
647
|
event.correlationId
|
|
631
648
|
);
|
|
632
649
|
|
|
650
|
+
if (error) {
|
|
651
|
+
addError(error, this.logger, rootEvent);
|
|
652
|
+
}
|
|
653
|
+
|
|
633
654
|
// Add sub-measurement attribute to root event.
|
|
634
655
|
if (!isRoot) {
|
|
635
656
|
rootEvent[event.name + "DurationMs"] = Math.floor(event.durationMs);
|
|
636
657
|
return { ...rootEvent };
|
|
637
658
|
}
|
|
638
659
|
|
|
639
|
-
if (
|
|
640
|
-
|
|
660
|
+
if (
|
|
661
|
+
isRoot &&
|
|
662
|
+
!error &&
|
|
663
|
+
(rootEvent.errorCode || rootEvent.subErrorCode)
|
|
664
|
+
) {
|
|
665
|
+
this.logger.trace(
|
|
666
|
+
`PerformanceClient: Remove error and sub-error codes for root event ${event.name} as intermediate error was successfully handled`,
|
|
667
|
+
event.correlationId
|
|
668
|
+
);
|
|
669
|
+
rootEvent.errorCode = undefined;
|
|
670
|
+
rootEvent.subErrorCode = undefined;
|
|
641
671
|
}
|
|
642
672
|
|
|
643
673
|
let finalEvent: PerformanceEvent = { ...rootEvent, ...event };
|