@azure/msal-common 14.15.0 → 14.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (225) hide show
  1. package/dist/account/AccountInfo.d.ts +1 -0
  2. package/dist/account/AccountInfo.d.ts.map +1 -1
  3. package/dist/account/AccountInfo.mjs +1 -1
  4. package/dist/account/AccountInfo.mjs.map +1 -1
  5. package/dist/account/AuthToken.mjs +1 -1
  6. package/dist/account/CcsCredential.mjs +1 -1
  7. package/dist/account/ClientInfo.mjs +1 -1
  8. package/dist/account/TokenClaims.mjs +1 -1
  9. package/dist/authority/Authority.mjs +1 -1
  10. package/dist/authority/AuthorityFactory.mjs +1 -1
  11. package/dist/authority/AuthorityMetadata.mjs +1 -1
  12. package/dist/authority/AuthorityOptions.mjs +1 -1
  13. package/dist/authority/AuthorityType.mjs +1 -1
  14. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  15. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  16. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  17. package/dist/authority/ProtocolMode.mjs +1 -1
  18. package/dist/authority/RegionDiscovery.mjs +1 -1
  19. package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +1 -0
  20. package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts.map +1 -1
  21. package/dist/cache/CacheManager.d.ts +34 -39
  22. package/dist/cache/CacheManager.d.ts.map +1 -1
  23. package/dist/cache/CacheManager.mjs +84 -102
  24. package/dist/cache/CacheManager.mjs.map +1 -1
  25. package/dist/cache/entities/AccountEntity.d.ts +1 -0
  26. package/dist/cache/entities/AccountEntity.d.ts.map +1 -1
  27. package/dist/cache/entities/AccountEntity.mjs +1 -1
  28. package/dist/cache/entities/AccountEntity.mjs.map +1 -1
  29. package/dist/cache/entities/CredentialEntity.d.ts +2 -0
  30. package/dist/cache/entities/CredentialEntity.d.ts.map +1 -1
  31. package/dist/cache/interface/ICacheManager.d.ts +21 -21
  32. package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
  33. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  34. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  35. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  36. package/dist/client/AuthorizationCodeClient.mjs +24 -13
  37. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  38. package/dist/client/BaseClient.d.ts +10 -3
  39. package/dist/client/BaseClient.d.ts.map +1 -1
  40. package/dist/client/BaseClient.mjs +62 -10
  41. package/dist/client/BaseClient.mjs.map +1 -1
  42. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  43. package/dist/client/RefreshTokenClient.mjs +12 -6
  44. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  45. package/dist/client/SilentFlowClient.d.ts.map +1 -1
  46. package/dist/client/SilentFlowClient.mjs +4 -4
  47. package/dist/client/SilentFlowClient.mjs.map +1 -1
  48. package/dist/config/ClientConfiguration.d.ts +2 -0
  49. package/dist/config/ClientConfiguration.d.ts.map +1 -1
  50. package/dist/config/ClientConfiguration.mjs +1 -1
  51. package/dist/config/ClientConfiguration.mjs.map +1 -1
  52. package/dist/constants/AADServerParamKeys.d.ts +2 -0
  53. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  54. package/dist/constants/AADServerParamKeys.mjs +5 -3
  55. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  56. package/dist/crypto/ICrypto.mjs +1 -1
  57. package/dist/crypto/JoseHeader.mjs +1 -1
  58. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  59. package/dist/error/AuthError.mjs +1 -1
  60. package/dist/error/AuthErrorCodes.mjs +1 -1
  61. package/dist/error/CacheError.d.ts +6 -0
  62. package/dist/error/CacheError.d.ts.map +1 -1
  63. package/dist/error/CacheError.mjs +24 -6
  64. package/dist/error/CacheError.mjs.map +1 -1
  65. package/dist/error/CacheErrorCodes.d.ts +2 -2
  66. package/dist/error/CacheErrorCodes.d.ts.map +1 -1
  67. package/dist/error/CacheErrorCodes.mjs +4 -4
  68. package/dist/error/CacheErrorCodes.mjs.map +1 -1
  69. package/dist/error/ClientAuthError.mjs +1 -1
  70. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  71. package/dist/error/ClientConfigurationError.mjs +1 -1
  72. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  73. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  74. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  75. package/dist/error/JoseHeaderError.mjs +1 -1
  76. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  77. package/dist/error/NetworkError.d.ts +19 -0
  78. package/dist/error/NetworkError.d.ts.map +1 -0
  79. package/dist/error/NetworkError.mjs +34 -0
  80. package/dist/error/NetworkError.mjs.map +1 -0
  81. package/dist/error/ServerError.mjs +1 -1
  82. package/dist/exports-common.d.ts +3 -2
  83. package/dist/exports-common.d.ts.map +1 -1
  84. package/dist/index-browser.mjs +3 -3
  85. package/dist/index-node.mjs +3 -3
  86. package/dist/index.mjs +3 -3
  87. package/dist/logger/Logger.mjs +1 -1
  88. package/dist/network/INetworkModule.d.ts +1 -1
  89. package/dist/network/INetworkModule.d.ts.map +1 -1
  90. package/dist/network/INetworkModule.mjs +1 -1
  91. package/dist/network/NetworkResponse.d.ts +6 -0
  92. package/dist/network/NetworkResponse.d.ts.map +1 -0
  93. package/dist/network/ThrottlingUtils.d.ts +3 -3
  94. package/dist/network/ThrottlingUtils.d.ts.map +1 -1
  95. package/dist/network/ThrottlingUtils.mjs +6 -6
  96. package/dist/network/ThrottlingUtils.mjs.map +1 -1
  97. package/dist/packageMetadata.d.ts +1 -1
  98. package/dist/packageMetadata.mjs +2 -2
  99. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  100. package/dist/request/BaseAuthRequest.d.ts +2 -0
  101. package/dist/request/BaseAuthRequest.d.ts.map +1 -1
  102. package/dist/request/RequestParameterBuilder.d.ts +8 -1
  103. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  104. package/dist/request/RequestParameterBuilder.mjs +26 -3
  105. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  106. package/dist/request/RequestValidator.mjs +1 -1
  107. package/dist/request/ScopeSet.mjs +1 -1
  108. package/dist/response/ResponseHandler.d.ts +1 -1
  109. package/dist/response/ResponseHandler.d.ts.map +1 -1
  110. package/dist/response/ResponseHandler.mjs +6 -6
  111. package/dist/response/ResponseHandler.mjs.map +1 -1
  112. package/dist/telemetry/performance/PerformanceClient.d.ts.map +1 -1
  113. package/dist/telemetry/performance/PerformanceClient.mjs +29 -10
  114. package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
  115. package/dist/telemetry/performance/PerformanceEvent.d.ts +9 -0
  116. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  117. package/dist/telemetry/performance/PerformanceEvent.mjs +6 -1
  118. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  119. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  120. package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
  121. package/dist/telemetry/server/ServerTelemetryManager.mjs +7 -7
  122. package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  123. package/dist/url/UrlString.mjs +1 -1
  124. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  125. package/dist/utils/Constants.d.ts +1 -0
  126. package/dist/utils/Constants.d.ts.map +1 -1
  127. package/dist/utils/Constants.mjs +2 -1
  128. package/dist/utils/Constants.mjs.map +1 -1
  129. package/dist/utils/FunctionWrappers.mjs +1 -1
  130. package/dist/utils/ProtocolUtils.mjs +1 -1
  131. package/dist/utils/StringUtils.mjs +1 -1
  132. package/dist/utils/TimeUtils.mjs +1 -1
  133. package/dist/utils/UrlUtils.mjs +1 -1
  134. package/lib/index-browser.cjs +34 -13
  135. package/lib/index-browser.cjs.map +1 -1
  136. package/lib/{index-node-aee3f7b6.js → index-node-CebvEPer.js} +390 -298
  137. package/lib/index-node-CebvEPer.js.map +1 -0
  138. package/lib/index-node.cjs +6 -4
  139. package/lib/index-node.cjs.map +1 -1
  140. package/lib/index.cjs +6 -4
  141. package/lib/index.cjs.map +1 -1
  142. package/lib/types/account/AccountInfo.d.ts +1 -0
  143. package/lib/types/account/AccountInfo.d.ts.map +1 -1
  144. package/lib/types/broker/nativeBroker/INativeBrokerPlugin.d.ts +1 -0
  145. package/lib/types/broker/nativeBroker/INativeBrokerPlugin.d.ts.map +1 -1
  146. package/lib/types/cache/CacheManager.d.ts +34 -39
  147. package/lib/types/cache/CacheManager.d.ts.map +1 -1
  148. package/lib/types/cache/entities/AccountEntity.d.ts +1 -0
  149. package/lib/types/cache/entities/AccountEntity.d.ts.map +1 -1
  150. package/lib/types/cache/entities/CredentialEntity.d.ts +2 -0
  151. package/lib/types/cache/entities/CredentialEntity.d.ts.map +1 -1
  152. package/lib/types/cache/interface/ICacheManager.d.ts +21 -21
  153. package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
  154. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  155. package/lib/types/client/BaseClient.d.ts +10 -3
  156. package/lib/types/client/BaseClient.d.ts.map +1 -1
  157. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  158. package/lib/types/client/SilentFlowClient.d.ts.map +1 -1
  159. package/lib/types/config/ClientConfiguration.d.ts +2 -0
  160. package/lib/types/config/ClientConfiguration.d.ts.map +1 -1
  161. package/lib/types/constants/AADServerParamKeys.d.ts +2 -0
  162. package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
  163. package/lib/types/error/CacheError.d.ts +6 -0
  164. package/lib/types/error/CacheError.d.ts.map +1 -1
  165. package/lib/types/error/CacheErrorCodes.d.ts +2 -2
  166. package/lib/types/error/CacheErrorCodes.d.ts.map +1 -1
  167. package/lib/types/error/NetworkError.d.ts +19 -0
  168. package/lib/types/error/NetworkError.d.ts.map +1 -0
  169. package/lib/types/exports-common.d.ts +3 -2
  170. package/lib/types/exports-common.d.ts.map +1 -1
  171. package/lib/types/network/INetworkModule.d.ts +1 -1
  172. package/lib/types/network/INetworkModule.d.ts.map +1 -1
  173. package/lib/types/network/NetworkResponse.d.ts +6 -0
  174. package/lib/types/network/NetworkResponse.d.ts.map +1 -0
  175. package/lib/types/network/ThrottlingUtils.d.ts +3 -3
  176. package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
  177. package/lib/types/packageMetadata.d.ts +1 -1
  178. package/lib/types/request/BaseAuthRequest.d.ts +2 -0
  179. package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
  180. package/lib/types/request/RequestParameterBuilder.d.ts +8 -1
  181. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  182. package/lib/types/response/ResponseHandler.d.ts +1 -1
  183. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  184. package/lib/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
  185. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +9 -0
  186. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  187. package/lib/types/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
  188. package/lib/types/utils/Constants.d.ts +1 -0
  189. package/lib/types/utils/Constants.d.ts.map +1 -1
  190. package/package.json +2 -4
  191. package/src/account/AccountInfo.ts +1 -0
  192. package/src/authority/RegionDiscovery.ts +1 -1
  193. package/src/cache/CacheManager.ts +184 -131
  194. package/src/cache/entities/AccountEntity.ts +1 -0
  195. package/src/cache/entities/CredentialEntity.ts +2 -0
  196. package/src/cache/interface/ICacheManager.ts +45 -20
  197. package/src/client/AuthorizationCodeClient.ts +37 -16
  198. package/src/client/BaseClient.ts +113 -22
  199. package/src/client/RefreshTokenClient.ts +20 -8
  200. package/src/client/SilentFlowClient.ts +7 -5
  201. package/src/config/ClientConfiguration.ts +2 -0
  202. package/src/constants/AADServerParamKeys.ts +2 -0
  203. package/src/error/CacheError.ts +24 -4
  204. package/src/error/CacheErrorCodes.ts +2 -2
  205. package/src/error/NetworkError.ts +44 -0
  206. package/src/exports-common.ts +7 -6
  207. package/src/network/INetworkModule.ts +1 -1
  208. package/src/network/NetworkResponse.ts +10 -0
  209. package/src/network/ThrottlingUtils.ts +9 -6
  210. package/src/packageMetadata.ts +1 -1
  211. package/src/request/BaseAuthRequest.ts +2 -0
  212. package/src/request/RequestParameterBuilder.ts +51 -1
  213. package/src/response/ResponseHandler.ts +14 -4
  214. package/src/telemetry/performance/PerformanceClient.ts +42 -12
  215. package/src/telemetry/performance/PerformanceEvent.ts +15 -0
  216. package/src/telemetry/server/ServerTelemetryManager.ts +14 -6
  217. package/src/utils/Constants.ts +1 -0
  218. package/dist/network/NetworkManager.d.ts +0 -34
  219. package/dist/network/NetworkManager.d.ts.map +0 -1
  220. package/dist/network/NetworkManager.mjs +0 -44
  221. package/dist/network/NetworkManager.mjs.map +0 -1
  222. package/lib/index-node-aee3f7b6.js.map +0 -1
  223. package/lib/types/network/NetworkManager.d.ts +0 -34
  224. package/lib/types/network/NetworkManager.d.ts.map +0 -1
  225. package/src/network/NetworkManager.ts +0 -76
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v14.15.0 2024-09-20 */
1
+ /*! @azure/msal-common v14.16.1 2025-08-05 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -96,6 +96,7 @@ const OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, Constants.EMAIL_SCOPE];
96
96
  */
97
97
  const HeaderNames = {
98
98
  CONTENT_TYPE: "Content-Type",
99
+ CONTENT_LENGTH: "Content-Length",
99
100
  RETRY_AFTER: "Retry-After",
100
101
  CCS_HEADER: "X-AnchorMailbox",
101
102
  WWWAuthenticate: "WWW-Authenticate",
@@ -1612,6 +1613,7 @@ const PerformanceEvents = {
1612
1613
  /**
1613
1614
  * Time spent sending/waiting for the response of a request to the token endpoint
1614
1615
  */
1616
+ NetworkClientSendPostRequestAsync: "networkClientSendPostRequestAsync",
1615
1617
  RefreshTokenClientExecutePostToTokenEndpoint: "refreshTokenClientExecutePostToTokenEndpoint",
1616
1618
  AuthorizationCodeClientExecutePostToTokenEndpoint: "authorizationCodeClientExecutePostToTokenEndpoint",
1617
1619
  /**
@@ -1785,6 +1787,10 @@ const PerformanceEventAbbreviations = new Map([
1785
1787
  PerformanceEvents.BaseClientCreateTokenRequestHeaders,
1786
1788
  "BaseClientCreateTReqHead",
1787
1789
  ],
1790
+ [
1791
+ PerformanceEvents.NetworkClientSendPostRequestAsync,
1792
+ "NetClientSendPost",
1793
+ ],
1788
1794
  [
1789
1795
  PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint,
1790
1796
  "RTClientExecPost",
@@ -3519,11 +3525,15 @@ const LOGOUT_HINT = "logout_hint";
3519
3525
  const SID = "sid";
3520
3526
  const LOGIN_HINT = "login_hint";
3521
3527
  const DOMAIN_HINT = "domain_hint";
3522
- const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
3528
+ const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
3529
+ const BROKER_CLIENT_ID = "brk_client_id";
3530
+ const BROKER_REDIRECT_URI = "brk_redirect_uri";
3523
3531
 
3524
3532
  var AADServerParamKeys = /*#__PURE__*/Object.freeze({
3525
3533
  __proto__: null,
3526
3534
  ACCESS_TOKEN: ACCESS_TOKEN,
3535
+ BROKER_CLIENT_ID: BROKER_CLIENT_ID,
3536
+ BROKER_REDIRECT_URI: BROKER_REDIRECT_URI,
3527
3537
  CCS_HEADER: CCS_HEADER,
3528
3538
  CLAIMS: CLAIMS,
3529
3539
  CLIENT_ASSERTION: CLIENT_ASSERTION,
@@ -3806,7 +3816,7 @@ class Logger {
3806
3816
 
3807
3817
  /* eslint-disable header/header */
3808
3818
  const name = "@azure/msal-common";
3809
- const version = "14.15.0";
3819
+ const version = "14.16.1";
3810
3820
 
3811
3821
  /*
3812
3822
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4388,13 +4398,13 @@ class AccountEntity {
4388
4398
  * Copyright (c) Microsoft Corporation. All rights reserved.
4389
4399
  * Licensed under the MIT License.
4390
4400
  */
4391
- const cacheQuotaExceededErrorCode = "cache_quota_exceeded";
4392
- const cacheUnknownErrorCode = "cache_error_unknown";
4401
+ const cacheQuotaExceeded = "cache_quota_exceeded";
4402
+ const cacheErrorUnknown = "cache_error_unknown";
4393
4403
 
4394
4404
  var CacheErrorCodes = /*#__PURE__*/Object.freeze({
4395
4405
  __proto__: null,
4396
- cacheQuotaExceededErrorCode: cacheQuotaExceededErrorCode,
4397
- cacheUnknownErrorCode: cacheUnknownErrorCode
4406
+ cacheErrorUnknown: cacheErrorUnknown,
4407
+ cacheQuotaExceeded: cacheQuotaExceeded
4398
4408
  });
4399
4409
 
4400
4410
  /*
@@ -4402,8 +4412,8 @@ var CacheErrorCodes = /*#__PURE__*/Object.freeze({
4402
4412
  * Licensed under the MIT License.
4403
4413
  */
4404
4414
  const CacheErrorMessages = {
4405
- [cacheQuotaExceededErrorCode]: "Exceeded cache storage capacity.",
4406
- [cacheUnknownErrorCode]: "Unexpected error occurred when using cache storage.",
4415
+ [cacheQuotaExceeded]: "Exceeded cache storage capacity.",
4416
+ [cacheErrorUnknown]: "Unexpected error occurred when using cache storage.",
4407
4417
  };
4408
4418
  /**
4409
4419
  * Error thrown when there is an error with the cache
@@ -4413,13 +4423,31 @@ class CacheError extends Error {
4413
4423
  const message = errorMessage ||
4414
4424
  (CacheErrorMessages[errorCode]
4415
4425
  ? CacheErrorMessages[errorCode]
4416
- : CacheErrorMessages[cacheUnknownErrorCode]);
4426
+ : CacheErrorMessages[cacheErrorUnknown]);
4417
4427
  super(`${errorCode}: ${message}`);
4418
4428
  Object.setPrototypeOf(this, CacheError.prototype);
4419
4429
  this.name = "CacheError";
4420
4430
  this.errorCode = errorCode;
4421
4431
  this.errorMessage = message;
4422
4432
  }
4433
+ }
4434
+ /**
4435
+ * Helper function to wrap browser errors in a CacheError object
4436
+ * @param e
4437
+ * @returns
4438
+ */
4439
+ function createCacheError(e) {
4440
+ if (!(e instanceof Error)) {
4441
+ return new CacheError(cacheErrorUnknown);
4442
+ }
4443
+ if (e.name === "QuotaExceededError" ||
4444
+ e.name === "NS_ERROR_DOM_QUOTA_REACHED" ||
4445
+ e.message.includes("exceeded the quota")) {
4446
+ return new CacheError(cacheQuotaExceeded);
4447
+ }
4448
+ else {
4449
+ return new CacheError(e.name, e.message);
4450
+ }
4423
4451
  }
4424
4452
 
4425
4453
  /*
@@ -4442,14 +4470,14 @@ class CacheManager {
4442
4470
  * @param accountFilter - (Optional) filter to narrow down the accounts returned
4443
4471
  * @returns Array of AccountInfo objects in cache
4444
4472
  */
4445
- getAllAccounts(accountFilter) {
4446
- return this.buildTenantProfiles(this.getAccountsFilteredBy(accountFilter || {}), accountFilter);
4473
+ getAllAccounts(correlationId, accountFilter) {
4474
+ return this.buildTenantProfiles(this.getAccountsFilteredBy(accountFilter || {}, correlationId), correlationId, accountFilter);
4447
4475
  }
4448
4476
  /**
4449
4477
  * Gets first tenanted AccountInfo object found based on provided filters
4450
4478
  */
4451
- getAccountInfoFilteredBy(accountFilter) {
4452
- const allAccounts = this.getAllAccounts(accountFilter);
4479
+ getAccountInfoFilteredBy(accountFilter, correlationId) {
4480
+ const allAccounts = this.getAllAccounts(correlationId, accountFilter);
4453
4481
  if (allAccounts.length > 1) {
4454
4482
  // If one or more accounts are found, prioritize accounts that have an ID token
4455
4483
  const sortedAccounts = allAccounts.sort((account) => {
@@ -4470,8 +4498,8 @@ class CacheManager {
4470
4498
  * @param accountFilter
4471
4499
  * @returns
4472
4500
  */
4473
- getBaseAccountInfo(accountFilter) {
4474
- const accountEntities = this.getAccountsFilteredBy(accountFilter);
4501
+ getBaseAccountInfo(accountFilter, correlationId) {
4502
+ const accountEntities = this.getAccountsFilteredBy(accountFilter, correlationId);
4475
4503
  if (accountEntities.length > 0) {
4476
4504
  return accountEntities[0].getAccountInfo();
4477
4505
  }
@@ -4486,12 +4514,12 @@ class CacheManager {
4486
4514
  * @param accountFilter
4487
4515
  * @returns Array of AccountInfo objects that match account and tenant profile filters
4488
4516
  */
4489
- buildTenantProfiles(cachedAccounts, accountFilter) {
4517
+ buildTenantProfiles(cachedAccounts, correlationId, accountFilter) {
4490
4518
  return cachedAccounts.flatMap((accountEntity) => {
4491
- return this.getTenantProfilesFromAccountEntity(accountEntity, accountFilter?.tenantId, accountFilter);
4519
+ return this.getTenantProfilesFromAccountEntity(accountEntity, correlationId, accountFilter?.tenantId, accountFilter);
4492
4520
  });
4493
4521
  }
4494
- getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter) {
4522
+ getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, correlationId, tenantProfileFilter) {
4495
4523
  let tenantedAccountInfo = null;
4496
4524
  let idTokenClaims;
4497
4525
  if (tenantProfileFilter) {
@@ -4499,7 +4527,7 @@ class CacheManager {
4499
4527
  return null;
4500
4528
  }
4501
4529
  }
4502
- const idToken = this.getIdToken(accountInfo, tokenKeys, tenantProfile.tenantId);
4530
+ const idToken = this.getIdToken(accountInfo, correlationId, tokenKeys, tenantProfile.tenantId);
4503
4531
  if (idToken) {
4504
4532
  idTokenClaims = extractTokenClaims(idToken.secret, this.cryptoImpl.base64Decode);
4505
4533
  if (!this.idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter)) {
@@ -4511,7 +4539,7 @@ class CacheManager {
4511
4539
  tenantedAccountInfo = updateAccountTenantProfileData(accountInfo, tenantProfile, idTokenClaims, idToken?.secret);
4512
4540
  return tenantedAccountInfo;
4513
4541
  }
4514
- getTenantProfilesFromAccountEntity(accountEntity, targetTenantId, tenantProfileFilter) {
4542
+ getTenantProfilesFromAccountEntity(accountEntity, correlationId, targetTenantId, tenantProfileFilter) {
4515
4543
  const accountInfo = accountEntity.getAccountInfo();
4516
4544
  let searchTenantProfiles = accountInfo.tenantProfiles || new Map();
4517
4545
  const tokenKeys = this.getTokenKeys();
@@ -4531,7 +4559,7 @@ class CacheManager {
4531
4559
  }
4532
4560
  const matchingTenantProfiles = [];
4533
4561
  searchTenantProfiles.forEach((tenantProfile) => {
4534
- const tenantedAccountInfo = this.getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter);
4562
+ const tenantedAccountInfo = this.getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, correlationId, tenantProfileFilter);
4535
4563
  if (tenantedAccountInfo) {
4536
4564
  matchingTenantProfiles.push(tenantedAccountInfo);
4537
4565
  }
@@ -4585,46 +4613,36 @@ class CacheManager {
4585
4613
  * @param storeInCache {?StoreInCache}
4586
4614
  * @param correlationId {?string} correlation id
4587
4615
  */
4588
- async saveCacheRecord(cacheRecord, storeInCache, correlationId) {
4616
+ async saveCacheRecord(cacheRecord, correlationId, storeInCache) {
4589
4617
  if (!cacheRecord) {
4590
4618
  throw createClientAuthError(invalidCacheRecord);
4591
4619
  }
4592
4620
  try {
4593
4621
  if (!!cacheRecord.account) {
4594
- this.setAccount(cacheRecord.account);
4622
+ this.setAccount(cacheRecord.account, correlationId);
4595
4623
  }
4596
4624
  if (!!cacheRecord.idToken && storeInCache?.idToken !== false) {
4597
- this.setIdTokenCredential(cacheRecord.idToken);
4625
+ this.setIdTokenCredential(cacheRecord.idToken, correlationId);
4598
4626
  }
4599
4627
  if (!!cacheRecord.accessToken &&
4600
4628
  storeInCache?.accessToken !== false) {
4601
- await this.saveAccessToken(cacheRecord.accessToken);
4629
+ await this.saveAccessToken(cacheRecord.accessToken, correlationId);
4602
4630
  }
4603
4631
  if (!!cacheRecord.refreshToken &&
4604
4632
  storeInCache?.refreshToken !== false) {
4605
- this.setRefreshTokenCredential(cacheRecord.refreshToken);
4633
+ this.setRefreshTokenCredential(cacheRecord.refreshToken, correlationId);
4606
4634
  }
4607
4635
  if (!!cacheRecord.appMetadata) {
4608
- this.setAppMetadata(cacheRecord.appMetadata);
4636
+ this.setAppMetadata(cacheRecord.appMetadata, correlationId);
4609
4637
  }
4610
4638
  }
4611
4639
  catch (e) {
4612
4640
  this.commonLogger?.error(`CacheManager.saveCacheRecord: failed`);
4613
- if (e instanceof Error) {
4614
- this.commonLogger?.errorPii(`CacheManager.saveCacheRecord: ${e.message}`, correlationId);
4615
- if (e.name === "QuotaExceededError" ||
4616
- e.name === "NS_ERROR_DOM_QUOTA_REACHED" ||
4617
- e.message.includes("exceeded the quota")) {
4618
- this.commonLogger?.error(`CacheManager.saveCacheRecord: exceeded storage quota`, correlationId);
4619
- throw new CacheError(cacheQuotaExceededErrorCode);
4620
- }
4621
- else {
4622
- throw new CacheError(e.name, e.message);
4623
- }
4641
+ if (e instanceof AuthError) {
4642
+ throw e;
4624
4643
  }
4625
4644
  else {
4626
- this.commonLogger?.errorPii(`CacheManager.saveCacheRecord: ${e}`, correlationId);
4627
- throw new CacheError(cacheUnknownErrorCode);
4645
+ throw createCacheError(e);
4628
4646
  }
4629
4647
  }
4630
4648
  }
@@ -4632,7 +4650,7 @@ class CacheManager {
4632
4650
  * saves access token credential
4633
4651
  * @param credential
4634
4652
  */
4635
- async saveAccessToken(credential) {
4653
+ async saveAccessToken(credential, correlationId) {
4636
4654
  const accessTokenFilter = {
4637
4655
  clientId: credential.clientId,
4638
4656
  credentialType: credential.credentialType,
@@ -4644,29 +4662,27 @@ class CacheManager {
4644
4662
  };
4645
4663
  const tokenKeys = this.getTokenKeys();
4646
4664
  const currentScopes = ScopeSet.fromString(credential.target);
4647
- const removedAccessTokens = [];
4648
4665
  tokenKeys.accessToken.forEach((key) => {
4649
4666
  if (!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) {
4650
4667
  return;
4651
4668
  }
4652
- const tokenEntity = this.getAccessTokenCredential(key);
4669
+ const tokenEntity = this.getAccessTokenCredential(key, correlationId);
4653
4670
  if (tokenEntity &&
4654
4671
  this.credentialMatchesFilter(tokenEntity, accessTokenFilter)) {
4655
4672
  const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
4656
4673
  if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
4657
- removedAccessTokens.push(this.removeAccessToken(key));
4674
+ this.removeAccessToken(key, correlationId);
4658
4675
  }
4659
4676
  }
4660
4677
  });
4661
- await Promise.all(removedAccessTokens);
4662
- this.setAccessTokenCredential(credential);
4678
+ this.setAccessTokenCredential(credential, correlationId);
4663
4679
  }
4664
4680
  /**
4665
4681
  * Retrieve account entities matching all provided tenant-agnostic filters; if no filter is set, get all account entities in the cache
4666
4682
  * Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared
4667
4683
  * @param accountFilter - An object containing Account properties to filter by
4668
4684
  */
4669
- getAccountsFilteredBy(accountFilter) {
4685
+ getAccountsFilteredBy(accountFilter, correlationId) {
4670
4686
  const allAccountKeys = this.getAccountKeys();
4671
4687
  const matchingAccounts = [];
4672
4688
  allAccountKeys.forEach((cacheKey) => {
@@ -4674,7 +4690,7 @@ class CacheManager {
4674
4690
  // Don't parse value if the key doesn't match the account filters
4675
4691
  return;
4676
4692
  }
4677
- const entity = this.getAccount(cacheKey, this.commonLogger);
4693
+ const entity = this.getAccount(cacheKey, correlationId, this.commonLogger);
4678
4694
  // Match base account fields
4679
4695
  if (!entity) {
4680
4696
  return;
@@ -4900,11 +4916,11 @@ class CacheManager {
4900
4916
  /**
4901
4917
  * Removes all accounts and related tokens from cache.
4902
4918
  */
4903
- async removeAllAccounts() {
4919
+ async removeAllAccounts(correlationId) {
4904
4920
  const allAccountKeys = this.getAccountKeys();
4905
4921
  const removedAccounts = [];
4906
4922
  allAccountKeys.forEach((cacheKey) => {
4907
- removedAccounts.push(this.removeAccount(cacheKey));
4923
+ removedAccounts.push(this.removeAccount(cacheKey, correlationId));
4908
4924
  });
4909
4925
  await Promise.all(removedAccounts);
4910
4926
  }
@@ -4912,38 +4928,41 @@ class CacheManager {
4912
4928
  * Removes the account and related tokens for a given account key
4913
4929
  * @param account
4914
4930
  */
4915
- async removeAccount(accountKey) {
4916
- const account = this.getAccount(accountKey, this.commonLogger);
4931
+ async removeAccount(accountKey, correlationId) {
4932
+ const account = this.getAccount(accountKey, correlationId, this.commonLogger);
4917
4933
  if (!account) {
4918
4934
  return;
4919
4935
  }
4920
- await this.removeAccountContext(account);
4921
- this.removeItem(accountKey);
4936
+ await this.removeAccountContext(account, correlationId);
4937
+ this.removeItem(accountKey, correlationId);
4922
4938
  }
4923
4939
  /**
4924
4940
  * Removes credentials associated with the provided account
4925
4941
  * @param account
4926
4942
  */
4927
- async removeAccountContext(account) {
4943
+ async removeAccountContext(account, correlationId) {
4928
4944
  const allTokenKeys = this.getTokenKeys();
4929
4945
  const accountId = account.generateAccountId();
4930
- const removedCredentials = [];
4931
4946
  allTokenKeys.idToken.forEach((key) => {
4932
4947
  if (key.indexOf(accountId) === 0) {
4933
- this.removeIdToken(key);
4948
+ this.removeIdToken(key, correlationId);
4934
4949
  }
4935
4950
  });
4936
4951
  allTokenKeys.accessToken.forEach((key) => {
4937
4952
  if (key.indexOf(accountId) === 0) {
4938
- removedCredentials.push(this.removeAccessToken(key));
4953
+ this.removeAccessToken(key, correlationId);
4939
4954
  }
4940
4955
  });
4941
4956
  allTokenKeys.refreshToken.forEach((key) => {
4942
4957
  if (key.indexOf(accountId) === 0) {
4943
- this.removeRefreshToken(key);
4958
+ this.removeRefreshToken(key, correlationId);
4959
+ }
4960
+ });
4961
+ this.getKeys().forEach((key) => {
4962
+ if (key.includes(accountId)) {
4963
+ this.removeItem(key, correlationId);
4944
4964
  }
4945
4965
  });
4946
- await Promise.all(removedCredentials);
4947
4966
  }
4948
4967
  /**
4949
4968
  * Migrates a single-tenant account and all it's associated alternate cross-tenant account objects in the
@@ -4953,7 +4972,7 @@ class CacheManager {
4953
4972
  * @param logger
4954
4973
  * @returns
4955
4974
  */
4956
- updateOutdatedCachedAccount(accountKey, accountEntity, logger) {
4975
+ updateOutdatedCachedAccount(accountKey, accountEntity, correlationId, logger) {
4957
4976
  // Only update if account entity is defined and has no tenantProfiles object (is outdated)
4958
4977
  if (accountEntity && accountEntity.isSingleTenant()) {
4959
4978
  this.commonLogger?.verbose("updateOutdatedCachedAccount: Found a single-tenant (outdated) account entity in the cache, migrating to multi-tenant account entity");
@@ -4964,7 +4983,7 @@ class CacheManager {
4964
4983
  // Get all account entities belonging to user
4965
4984
  const accountsToMerge = [];
4966
4985
  matchingAccountKeys.forEach((key) => {
4967
- const account = this.getCachedAccountEntity(key);
4986
+ const account = this.getCachedAccountEntity(key, correlationId);
4968
4987
  if (account) {
4969
4988
  accountsToMerge.push(account);
4970
4989
  }
@@ -4989,11 +5008,11 @@ class CacheManager {
4989
5008
  // Clear cache of legacy account objects that have been collpsed into tenant profiles
4990
5009
  matchingAccountKeys.forEach((key) => {
4991
5010
  if (key !== newAccountKey) {
4992
- this.removeOutdatedAccount(accountKey);
5011
+ this.removeOutdatedAccount(accountKey, correlationId);
4993
5012
  }
4994
5013
  });
4995
5014
  // Cache updated account object
4996
- this.setAccount(updatedAccount);
5015
+ this.setAccount(updatedAccount, correlationId);
4997
5016
  logger?.verbose("Updated an outdated account entity in the cache");
4998
5017
  return updatedAccount;
4999
5018
  }
@@ -5004,37 +5023,31 @@ class CacheManager {
5004
5023
  * returns a boolean if the given credential is removed
5005
5024
  * @param credential
5006
5025
  */
5007
- async removeAccessToken(key) {
5008
- const credential = this.getAccessTokenCredential(key);
5009
- if (!credential) {
5026
+ removeAccessToken(key, correlationId) {
5027
+ const credential = this.getAccessTokenCredential(key, correlationId);
5028
+ this.removeItem(key, correlationId);
5029
+ if (!credential ||
5030
+ credential.credentialType.toLowerCase() !==
5031
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase() ||
5032
+ credential.tokenType !== AuthenticationScheme.POP) {
5010
5033
  return;
5011
5034
  }
5012
5035
  // Remove Token Binding Key from key store for PoP Tokens Credentials
5013
- if (credential.credentialType.toLowerCase() ===
5014
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) {
5015
- if (credential.tokenType === AuthenticationScheme.POP) {
5016
- const accessTokenWithAuthSchemeEntity = credential;
5017
- const kid = accessTokenWithAuthSchemeEntity.keyId;
5018
- if (kid) {
5019
- try {
5020
- await this.cryptoImpl.removeTokenBindingKey(kid);
5021
- }
5022
- catch (error) {
5023
- throw createClientAuthError(bindingKeyNotRemoved);
5024
- }
5025
- }
5026
- }
5036
+ const kid = credential.keyId;
5037
+ if (kid) {
5038
+ void this.cryptoImpl.removeTokenBindingKey(kid).catch(() => {
5039
+ this.commonLogger.error("Binding key could not be removed");
5040
+ });
5027
5041
  }
5028
- return this.removeItem(key);
5029
5042
  }
5030
5043
  /**
5031
5044
  * Removes all app metadata objects from cache.
5032
5045
  */
5033
- removeAppMetadata() {
5046
+ removeAppMetadata(correlationId) {
5034
5047
  const allCacheKeys = this.getKeys();
5035
5048
  allCacheKeys.forEach((cacheKey) => {
5036
5049
  if (this.isAppMetadata(cacheKey)) {
5037
- this.removeItem(cacheKey);
5050
+ this.removeItem(cacheKey, correlationId);
5038
5051
  }
5039
5052
  });
5040
5053
  return true;
@@ -5043,9 +5056,9 @@ class CacheManager {
5043
5056
  * Retrieve AccountEntity from cache
5044
5057
  * @param account
5045
5058
  */
5046
- readAccountFromCache(account) {
5059
+ readAccountFromCache(account, correlationId) {
5047
5060
  const accountKey = AccountEntity.generateAccountCacheKey(account);
5048
- return this.getAccount(accountKey, this.commonLogger);
5061
+ return this.getAccount(accountKey, correlationId, this.commonLogger);
5049
5062
  }
5050
5063
  /**
5051
5064
  * Retrieve IdTokenEntity from cache
@@ -5055,7 +5068,7 @@ class CacheManager {
5055
5068
  * @param performanceClient {?IPerformanceClient}
5056
5069
  * @param correlationId {?string}
5057
5070
  */
5058
- getIdToken(account, tokenKeys, targetRealm, performanceClient, correlationId) {
5071
+ getIdToken(account, correlationId, tokenKeys, targetRealm, performanceClient) {
5059
5072
  this.commonLogger.trace("CacheManager - getIdToken called");
5060
5073
  const idTokenFilter = {
5061
5074
  homeAccountId: account.homeAccountId,
@@ -5064,7 +5077,7 @@ class CacheManager {
5064
5077
  clientId: this.clientId,
5065
5078
  realm: targetRealm,
5066
5079
  };
5067
- const idTokenMap = this.getIdTokensByFilter(idTokenFilter, tokenKeys);
5080
+ const idTokenMap = this.getIdTokensByFilter(idTokenFilter, correlationId, tokenKeys);
5068
5081
  const numIdTokens = idTokenMap.size;
5069
5082
  if (numIdTokens < 1) {
5070
5083
  this.commonLogger.info("CacheManager:getIdToken - No token found");
@@ -5097,7 +5110,7 @@ class CacheManager {
5097
5110
  // Multiple tokens for a single tenant profile, remove all and return null
5098
5111
  this.commonLogger.info("CacheManager:getIdToken - Multiple matching ID tokens found, clearing them");
5099
5112
  tokensToBeRemoved.forEach((idToken, key) => {
5100
- this.removeIdToken(key);
5113
+ this.removeIdToken(key, correlationId);
5101
5114
  });
5102
5115
  if (performanceClient && correlationId) {
5103
5116
  performanceClient.addFields({ multiMatchedID: idTokenMap.size }, correlationId);
@@ -5112,7 +5125,7 @@ class CacheManager {
5112
5125
  * @param filter
5113
5126
  * @returns
5114
5127
  */
5115
- getIdTokensByFilter(filter, tokenKeys) {
5128
+ getIdTokensByFilter(filter, correlationId, tokenKeys) {
5116
5129
  const idTokenKeys = (tokenKeys && tokenKeys.idToken) || this.getTokenKeys().idToken;
5117
5130
  const idTokens = new Map();
5118
5131
  idTokenKeys.forEach((key) => {
@@ -5122,7 +5135,7 @@ class CacheManager {
5122
5135
  })) {
5123
5136
  return;
5124
5137
  }
5125
- const idToken = this.getIdTokenCredential(key);
5138
+ const idToken = this.getIdTokenCredential(key, correlationId);
5126
5139
  if (idToken && this.credentialMatchesFilter(idToken, filter)) {
5127
5140
  idTokens.set(key, idToken);
5128
5141
  }
@@ -5151,15 +5164,15 @@ class CacheManager {
5151
5164
  * Removes idToken from the cache
5152
5165
  * @param key
5153
5166
  */
5154
- removeIdToken(key) {
5155
- this.removeItem(key);
5167
+ removeIdToken(key, correlationId) {
5168
+ this.removeItem(key, correlationId);
5156
5169
  }
5157
5170
  /**
5158
5171
  * Removes refresh token from the cache
5159
5172
  * @param key
5160
5173
  */
5161
- removeRefreshToken(key) {
5162
- this.removeItem(key);
5174
+ removeRefreshToken(key, correlationId) {
5175
+ this.removeItem(key, correlationId);
5163
5176
  }
5164
5177
  /**
5165
5178
  * Retrieve AccessTokenEntity from cache
@@ -5169,7 +5182,7 @@ class CacheManager {
5169
5182
  * @param performanceClient {?IPerformanceClient}
5170
5183
  * @param correlationId {?string}
5171
5184
  */
5172
- getAccessToken(account, request, tokenKeys, targetRealm, performanceClient, correlationId) {
5185
+ getAccessToken(account, request, tokenKeys, targetRealm, performanceClient) {
5173
5186
  this.commonLogger.trace("CacheManager - getAccessToken called");
5174
5187
  const scopes = ScopeSet.createSearchScopes(request.scopes);
5175
5188
  const authScheme = request.authenticationScheme || AuthenticationScheme.BEARER;
@@ -5199,7 +5212,7 @@ class CacheManager {
5199
5212
  accessTokenKeys.forEach((key) => {
5200
5213
  // Validate key
5201
5214
  if (this.accessTokenKeyMatchesFilter(key, accessTokenFilter, true)) {
5202
- const accessToken = this.getAccessTokenCredential(key);
5215
+ const accessToken = this.getAccessTokenCredential(key, request.correlationId);
5203
5216
  // Validate value
5204
5217
  if (accessToken &&
5205
5218
  this.credentialMatchesFilter(accessToken, accessTokenFilter)) {
@@ -5215,10 +5228,10 @@ class CacheManager {
5215
5228
  else if (numAccessTokens > 1) {
5216
5229
  this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them");
5217
5230
  accessTokens.forEach((accessToken) => {
5218
- void this.removeAccessToken(generateCredentialKey(accessToken));
5231
+ void this.removeAccessToken(generateCredentialKey(accessToken), request.correlationId);
5219
5232
  });
5220
- if (performanceClient && correlationId) {
5221
- performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
5233
+ if (performanceClient && request.correlationId) {
5234
+ performanceClient.addFields({ multiMatchedAT: accessTokens.length }, request.correlationId);
5222
5235
  }
5223
5236
  return null;
5224
5237
  }
@@ -5271,14 +5284,14 @@ class CacheManager {
5271
5284
  * @param filter
5272
5285
  * @returns
5273
5286
  */
5274
- getAccessTokensByFilter(filter) {
5287
+ getAccessTokensByFilter(filter, correlationId) {
5275
5288
  const tokenKeys = this.getTokenKeys();
5276
5289
  const accessTokens = [];
5277
5290
  tokenKeys.accessToken.forEach((key) => {
5278
5291
  if (!this.accessTokenKeyMatchesFilter(key, filter, true)) {
5279
5292
  return;
5280
5293
  }
5281
- const accessToken = this.getAccessTokenCredential(key);
5294
+ const accessToken = this.getAccessTokenCredential(key, correlationId);
5282
5295
  if (accessToken &&
5283
5296
  this.credentialMatchesFilter(accessToken, filter)) {
5284
5297
  accessTokens.push(accessToken);
@@ -5294,7 +5307,7 @@ class CacheManager {
5294
5307
  * @param performanceClient {?IPerformanceClient}
5295
5308
  * @param correlationId {?string}
5296
5309
  */
5297
- getRefreshToken(account, familyRT, tokenKeys, performanceClient, correlationId) {
5310
+ getRefreshToken(account, familyRT, correlationId, tokenKeys, performanceClient) {
5298
5311
  this.commonLogger.trace("CacheManager - getRefreshToken called");
5299
5312
  const id = familyRT ? THE_FAMILY_ID : undefined;
5300
5313
  const refreshTokenFilter = {
@@ -5310,7 +5323,7 @@ class CacheManager {
5310
5323
  refreshTokenKeys.forEach((key) => {
5311
5324
  // Validate key
5312
5325
  if (this.refreshTokenKeyMatchesFilter(key, refreshTokenFilter)) {
5313
- const refreshToken = this.getRefreshTokenCredential(key);
5326
+ const refreshToken = this.getRefreshTokenCredential(key, correlationId);
5314
5327
  // Validate value
5315
5328
  if (refreshToken &&
5316
5329
  this.credentialMatchesFilter(refreshToken, refreshTokenFilter)) {
@@ -5661,9 +5674,6 @@ class DefaultStorageClass extends CacheManager {
5661
5674
  getTokenKeys() {
5662
5675
  throw createClientAuthError(methodNotImplemented);
5663
5676
  }
5664
- async clear() {
5665
- throw createClientAuthError(methodNotImplemented);
5666
- }
5667
5677
  updateCredentialCacheKey() {
5668
5678
  throw createClientAuthError(methodNotImplemented);
5669
5679
  }
@@ -5769,154 +5779,6 @@ function isOidcProtocolMode(config) {
5769
5779
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
5770
5780
  }
5771
5781
 
5772
- /*
5773
- * Copyright (c) Microsoft Corporation. All rights reserved.
5774
- * Licensed under the MIT License.
5775
- */
5776
- /**
5777
- * Error thrown when there is an error with the server code, for example, unavailability.
5778
- */
5779
- class ServerError extends AuthError {
5780
- constructor(errorCode, errorMessage, subError, errorNo, status) {
5781
- super(errorCode, errorMessage, subError);
5782
- this.name = "ServerError";
5783
- this.errorNo = errorNo;
5784
- this.status = status;
5785
- Object.setPrototypeOf(this, ServerError.prototype);
5786
- }
5787
- }
5788
-
5789
- /*
5790
- * Copyright (c) Microsoft Corporation. All rights reserved.
5791
- * Licensed under the MIT License.
5792
- */
5793
- /** @internal */
5794
- class ThrottlingUtils {
5795
- /**
5796
- * Prepares a RequestThumbprint to be stored as a key.
5797
- * @param thumbprint
5798
- */
5799
- static generateThrottlingStorageKey(thumbprint) {
5800
- return `${ThrottlingConstants.THROTTLING_PREFIX}.${JSON.stringify(thumbprint)}`;
5801
- }
5802
- /**
5803
- * Performs necessary throttling checks before a network request.
5804
- * @param cacheManager
5805
- * @param thumbprint
5806
- */
5807
- static preProcess(cacheManager, thumbprint) {
5808
- const key = ThrottlingUtils.generateThrottlingStorageKey(thumbprint);
5809
- const value = cacheManager.getThrottlingCache(key);
5810
- if (value) {
5811
- if (value.throttleTime < Date.now()) {
5812
- cacheManager.removeItem(key);
5813
- return;
5814
- }
5815
- throw new ServerError(value.errorCodes?.join(" ") || Constants.EMPTY_STRING, value.errorMessage, value.subError);
5816
- }
5817
- }
5818
- /**
5819
- * Performs necessary throttling checks after a network request.
5820
- * @param cacheManager
5821
- * @param thumbprint
5822
- * @param response
5823
- */
5824
- static postProcess(cacheManager, thumbprint, response) {
5825
- if (ThrottlingUtils.checkResponseStatus(response) ||
5826
- ThrottlingUtils.checkResponseForRetryAfter(response)) {
5827
- const thumbprintValue = {
5828
- throttleTime: ThrottlingUtils.calculateThrottleTime(parseInt(response.headers[HeaderNames.RETRY_AFTER])),
5829
- error: response.body.error,
5830
- errorCodes: response.body.error_codes,
5831
- errorMessage: response.body.error_description,
5832
- subError: response.body.suberror,
5833
- };
5834
- cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue);
5835
- }
5836
- }
5837
- /**
5838
- * Checks a NetworkResponse object's status codes against 429 or 5xx
5839
- * @param response
5840
- */
5841
- static checkResponseStatus(response) {
5842
- return (response.status === 429 ||
5843
- (response.status >= 500 && response.status < 600));
5844
- }
5845
- /**
5846
- * Checks a NetworkResponse object's RetryAfter header
5847
- * @param response
5848
- */
5849
- static checkResponseForRetryAfter(response) {
5850
- if (response.headers) {
5851
- return (response.headers.hasOwnProperty(HeaderNames.RETRY_AFTER) &&
5852
- (response.status < 200 || response.status >= 300));
5853
- }
5854
- return false;
5855
- }
5856
- /**
5857
- * Calculates the Unix-time value for a throttle to expire given throttleTime in seconds.
5858
- * @param throttleTime
5859
- */
5860
- static calculateThrottleTime(throttleTime) {
5861
- const time = throttleTime <= 0 ? 0 : throttleTime;
5862
- const currentSeconds = Date.now() / 1000;
5863
- return Math.floor(Math.min(currentSeconds +
5864
- (time || ThrottlingConstants.DEFAULT_THROTTLE_TIME_SECONDS), currentSeconds +
5865
- ThrottlingConstants.DEFAULT_MAX_THROTTLE_TIME_SECONDS) * 1000);
5866
- }
5867
- static removeThrottle(cacheManager, clientId, request, homeAccountIdentifier) {
5868
- const thumbprint = {
5869
- clientId: clientId,
5870
- authority: request.authority,
5871
- scopes: request.scopes,
5872
- homeAccountIdentifier: homeAccountIdentifier,
5873
- claims: request.claims,
5874
- authenticationScheme: request.authenticationScheme,
5875
- resourceRequestMethod: request.resourceRequestMethod,
5876
- resourceRequestUri: request.resourceRequestUri,
5877
- shrClaims: request.shrClaims,
5878
- sshKid: request.sshKid,
5879
- };
5880
- const key = this.generateThrottlingStorageKey(thumbprint);
5881
- cacheManager.removeItem(key);
5882
- }
5883
- }
5884
-
5885
- /*
5886
- * Copyright (c) Microsoft Corporation. All rights reserved.
5887
- * Licensed under the MIT License.
5888
- */
5889
- /** @internal */
5890
- class NetworkManager {
5891
- constructor(networkClient, cacheManager) {
5892
- this.networkClient = networkClient;
5893
- this.cacheManager = cacheManager;
5894
- }
5895
- /**
5896
- * Wraps sendPostRequestAsync with necessary preflight and postflight logic
5897
- * @param thumbprint
5898
- * @param tokenEndpoint
5899
- * @param options
5900
- */
5901
- async sendPostRequest(thumbprint, tokenEndpoint, options) {
5902
- ThrottlingUtils.preProcess(this.cacheManager, thumbprint);
5903
- let response;
5904
- try {
5905
- response = await this.networkClient.sendPostRequestAsync(tokenEndpoint, options);
5906
- }
5907
- catch (e) {
5908
- if (e instanceof AuthError) {
5909
- throw e;
5910
- }
5911
- else {
5912
- throw createClientAuthError(networkError);
5913
- }
5914
- }
5915
- ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response);
5916
- return response;
5917
- }
5918
- }
5919
-
5920
5782
  /*
5921
5783
  * Copyright (c) Microsoft Corporation. All rights reserved.
5922
5784
  * Licensed under the MIT License.
@@ -5995,10 +5857,24 @@ class RequestValidator {
5995
5857
  * Copyright (c) Microsoft Corporation. All rights reserved.
5996
5858
  * Licensed under the MIT License.
5997
5859
  */
5860
+ function instrumentBrokerParams(parameters, correlationId, performanceClient) {
5861
+ if (!correlationId) {
5862
+ return;
5863
+ }
5864
+ const clientId = parameters.get(CLIENT_ID);
5865
+ if (clientId && parameters.has(BROKER_CLIENT_ID)) {
5866
+ performanceClient?.addFields({
5867
+ embeddedClientId: clientId,
5868
+ embeddedRedirectUri: parameters.get(REDIRECT_URI),
5869
+ }, correlationId);
5870
+ }
5871
+ }
5998
5872
  /** @internal */
5999
5873
  class RequestParameterBuilder {
6000
- constructor() {
5874
+ constructor(correlationId, performanceClient) {
6001
5875
  this.parameters = new Map();
5876
+ this.performanceClient = performanceClient;
5877
+ this.correlationId = correlationId;
6002
5878
  }
6003
5879
  /**
6004
5880
  * add response_type = code
@@ -6362,6 +6238,14 @@ class RequestParameterBuilder {
6362
6238
  addLogoutHint(logoutHint) {
6363
6239
  this.parameters.set(LOGOUT_HINT, encodeURIComponent(logoutHint));
6364
6240
  }
6241
+ addBrokerParameters(params) {
6242
+ const brokerParams = {};
6243
+ brokerParams[BROKER_CLIENT_ID] =
6244
+ params.brokerClientId;
6245
+ brokerParams[BROKER_REDIRECT_URI] =
6246
+ params.brokerRedirectUri;
6247
+ this.addExtraQueryParameters(brokerParams);
6248
+ }
6365
6249
  /**
6366
6250
  * Utility to create a URL from the params map
6367
6251
  */
@@ -6370,10 +6254,152 @@ class RequestParameterBuilder {
6370
6254
  this.parameters.forEach((value, key) => {
6371
6255
  queryParameterArray.push(`${key}=${value}`);
6372
6256
  });
6257
+ instrumentBrokerParams(this.parameters, this.correlationId, this.performanceClient);
6373
6258
  return queryParameterArray.join("&");
6374
6259
  }
6375
6260
  }
6376
6261
 
6262
+ /*
6263
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6264
+ * Licensed under the MIT License.
6265
+ */
6266
+ /**
6267
+ * Error thrown when there is an error with the server code, for example, unavailability.
6268
+ */
6269
+ class ServerError extends AuthError {
6270
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
6271
+ super(errorCode, errorMessage, subError);
6272
+ this.name = "ServerError";
6273
+ this.errorNo = errorNo;
6274
+ this.status = status;
6275
+ Object.setPrototypeOf(this, ServerError.prototype);
6276
+ }
6277
+ }
6278
+
6279
+ /*
6280
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6281
+ * Licensed under the MIT License.
6282
+ */
6283
+ /** @internal */
6284
+ class ThrottlingUtils {
6285
+ /**
6286
+ * Prepares a RequestThumbprint to be stored as a key.
6287
+ * @param thumbprint
6288
+ */
6289
+ static generateThrottlingStorageKey(thumbprint) {
6290
+ return `${ThrottlingConstants.THROTTLING_PREFIX}.${JSON.stringify(thumbprint)}`;
6291
+ }
6292
+ /**
6293
+ * Performs necessary throttling checks before a network request.
6294
+ * @param cacheManager
6295
+ * @param thumbprint
6296
+ */
6297
+ static preProcess(cacheManager, thumbprint, correlationId) {
6298
+ const key = ThrottlingUtils.generateThrottlingStorageKey(thumbprint);
6299
+ const value = cacheManager.getThrottlingCache(key);
6300
+ if (value) {
6301
+ if (value.throttleTime < Date.now()) {
6302
+ cacheManager.removeItem(key, correlationId);
6303
+ return;
6304
+ }
6305
+ throw new ServerError(value.errorCodes?.join(" ") || Constants.EMPTY_STRING, value.errorMessage, value.subError);
6306
+ }
6307
+ }
6308
+ /**
6309
+ * Performs necessary throttling checks after a network request.
6310
+ * @param cacheManager
6311
+ * @param thumbprint
6312
+ * @param response
6313
+ */
6314
+ static postProcess(cacheManager, thumbprint, response, correlationId) {
6315
+ if (ThrottlingUtils.checkResponseStatus(response) ||
6316
+ ThrottlingUtils.checkResponseForRetryAfter(response)) {
6317
+ const thumbprintValue = {
6318
+ throttleTime: ThrottlingUtils.calculateThrottleTime(parseInt(response.headers[HeaderNames.RETRY_AFTER])),
6319
+ error: response.body.error,
6320
+ errorCodes: response.body.error_codes,
6321
+ errorMessage: response.body.error_description,
6322
+ subError: response.body.suberror,
6323
+ };
6324
+ cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue, correlationId);
6325
+ }
6326
+ }
6327
+ /**
6328
+ * Checks a NetworkResponse object's status codes against 429 or 5xx
6329
+ * @param response
6330
+ */
6331
+ static checkResponseStatus(response) {
6332
+ return (response.status === 429 ||
6333
+ (response.status >= 500 && response.status < 600));
6334
+ }
6335
+ /**
6336
+ * Checks a NetworkResponse object's RetryAfter header
6337
+ * @param response
6338
+ */
6339
+ static checkResponseForRetryAfter(response) {
6340
+ if (response.headers) {
6341
+ return (response.headers.hasOwnProperty(HeaderNames.RETRY_AFTER) &&
6342
+ (response.status < 200 || response.status >= 300));
6343
+ }
6344
+ return false;
6345
+ }
6346
+ /**
6347
+ * Calculates the Unix-time value for a throttle to expire given throttleTime in seconds.
6348
+ * @param throttleTime
6349
+ */
6350
+ static calculateThrottleTime(throttleTime) {
6351
+ const time = throttleTime <= 0 ? 0 : throttleTime;
6352
+ const currentSeconds = Date.now() / 1000;
6353
+ return Math.floor(Math.min(currentSeconds +
6354
+ (time || ThrottlingConstants.DEFAULT_THROTTLE_TIME_SECONDS), currentSeconds +
6355
+ ThrottlingConstants.DEFAULT_MAX_THROTTLE_TIME_SECONDS) * 1000);
6356
+ }
6357
+ static removeThrottle(cacheManager, clientId, request, homeAccountIdentifier) {
6358
+ const thumbprint = {
6359
+ clientId: clientId,
6360
+ authority: request.authority,
6361
+ scopes: request.scopes,
6362
+ homeAccountIdentifier: homeAccountIdentifier,
6363
+ claims: request.claims,
6364
+ authenticationScheme: request.authenticationScheme,
6365
+ resourceRequestMethod: request.resourceRequestMethod,
6366
+ resourceRequestUri: request.resourceRequestUri,
6367
+ shrClaims: request.shrClaims,
6368
+ sshKid: request.sshKid,
6369
+ };
6370
+ const key = this.generateThrottlingStorageKey(thumbprint);
6371
+ cacheManager.removeItem(key, request.correlationId);
6372
+ }
6373
+ }
6374
+
6375
+ /*
6376
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6377
+ * Licensed under the MIT License.
6378
+ */
6379
+ /**
6380
+ * Represents network related errors
6381
+ */
6382
+ class NetworkError extends AuthError {
6383
+ constructor(error, httpStatus, responseHeaders) {
6384
+ super(error.errorCode, error.errorMessage, error.subError);
6385
+ Object.setPrototypeOf(this, NetworkError.prototype);
6386
+ this.name = "NetworkError";
6387
+ this.error = error;
6388
+ this.httpStatus = httpStatus;
6389
+ this.responseHeaders = responseHeaders;
6390
+ }
6391
+ }
6392
+ /**
6393
+ * Creates NetworkError object for a failed network request
6394
+ * @param error - Error to be thrown back to the caller
6395
+ * @param httpStatus - Status code of the network request
6396
+ * @param responseHeaders - Response headers of the network request, when available
6397
+ * @returns NetworkError object
6398
+ */
6399
+ function createNetworkError(error, httpStatus, responseHeaders) {
6400
+ return new NetworkError(error, httpStatus, responseHeaders);
6401
+ }
6402
+
6377
6403
  /*
6378
6404
  * Copyright (c) Microsoft Corporation. All rights reserved.
6379
6405
  * Licensed under the MIT License.
@@ -6394,8 +6420,6 @@ class BaseClient {
6394
6420
  this.cacheManager = this.config.storageInterface;
6395
6421
  // Set the network interface
6396
6422
  this.networkClient = this.config.networkInterface;
6397
- // Set the NetworkManager
6398
- this.networkManager = new NetworkManager(this.networkClient, this.cacheManager);
6399
6423
  // Set TelemetryManager
6400
6424
  this.serverTelemetryManager = this.config.serverTelemetryManager;
6401
6425
  // set Authority
@@ -6439,11 +6463,7 @@ class BaseClient {
6439
6463
  if (queuedEvent) {
6440
6464
  this.performanceClient?.addQueueMeasurement(queuedEvent, correlationId);
6441
6465
  }
6442
- const response = await this.networkManager.sendPostRequest(thumbprint, tokenEndpoint, { body: queryString, headers: headers });
6443
- this.performanceClient?.addFields({
6444
- refreshTokenSize: response.body.refresh_token?.length || 0,
6445
- httpVerToken: response.headers?.[HeaderNames.X_MS_HTTP_VERSION] || "",
6446
- }, correlationId);
6466
+ const response = await this.sendPostRequest(thumbprint, tokenEndpoint, { body: queryString, headers: headers }, correlationId);
6447
6467
  if (this.config.serverTelemetryManager &&
6448
6468
  response.status < 500 &&
6449
6469
  response.status !== 429) {
@@ -6452,6 +6472,52 @@ class BaseClient {
6452
6472
  }
6453
6473
  return response;
6454
6474
  }
6475
+ /**
6476
+ * Wraps sendPostRequestAsync with necessary preflight and postflight logic
6477
+ * @param thumbprint - Request thumbprint for throttling
6478
+ * @param tokenEndpoint - Endpoint to make the POST to
6479
+ * @param options - Body and Headers to include on the POST request
6480
+ * @param correlationId - CorrelationId for telemetry
6481
+ */
6482
+ async sendPostRequest(thumbprint, tokenEndpoint, options, correlationId) {
6483
+ ThrottlingUtils.preProcess(this.cacheManager, thumbprint, correlationId);
6484
+ let response;
6485
+ try {
6486
+ response = await invokeAsync((this.networkClient.sendPostRequestAsync.bind(this.networkClient)), PerformanceEvents.NetworkClientSendPostRequestAsync, this.logger, this.performanceClient, correlationId)(tokenEndpoint, options);
6487
+ const responseHeaders = response.headers || {};
6488
+ this.performanceClient?.addFields({
6489
+ refreshTokenSize: response.body.refresh_token?.length || 0,
6490
+ httpVerToken: responseHeaders[HeaderNames.X_MS_HTTP_VERSION] || "",
6491
+ requestId: responseHeaders[HeaderNames.X_MS_REQUEST_ID] || "",
6492
+ }, correlationId);
6493
+ }
6494
+ catch (e) {
6495
+ if (e instanceof NetworkError) {
6496
+ const responseHeaders = e.responseHeaders;
6497
+ if (responseHeaders) {
6498
+ this.performanceClient?.addFields({
6499
+ httpVerToken: responseHeaders[HeaderNames.X_MS_HTTP_VERSION] || "",
6500
+ requestId: responseHeaders[HeaderNames.X_MS_REQUEST_ID] ||
6501
+ "",
6502
+ contentTypeHeader: responseHeaders[HeaderNames.CONTENT_TYPE] ||
6503
+ undefined,
6504
+ contentLengthHeader: responseHeaders[HeaderNames.CONTENT_LENGTH] ||
6505
+ undefined,
6506
+ httpStatus: e.httpStatus,
6507
+ }, correlationId);
6508
+ }
6509
+ throw e.error;
6510
+ }
6511
+ if (e instanceof AuthError) {
6512
+ throw e;
6513
+ }
6514
+ else {
6515
+ throw createClientAuthError(networkError);
6516
+ }
6517
+ }
6518
+ ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response, correlationId);
6519
+ return response;
6520
+ }
6455
6521
  /**
6456
6522
  * Updates the authority object of the client. Endpoint discovery must be completed.
6457
6523
  * @param updatedAuthority
@@ -6467,10 +6533,17 @@ class BaseClient {
6467
6533
  * @param request
6468
6534
  */
6469
6535
  createTokenQueryParameters(request) {
6470
- const parameterBuilder = new RequestParameterBuilder();
6536
+ const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
6537
+ if (request.embeddedClientId) {
6538
+ parameterBuilder.addBrokerParameters({
6539
+ brokerClientId: this.config.authOptions.clientId,
6540
+ brokerRedirectUri: this.config.authOptions.redirectUri,
6541
+ });
6542
+ }
6471
6543
  if (request.tokenQueryParameters) {
6472
6544
  parameterBuilder.addExtraQueryParameters(request.tokenQueryParameters);
6473
6545
  }
6546
+ parameterBuilder.addCorrelationId(request.correlationId);
6474
6547
  return parameterBuilder.createQueryString();
6475
6548
  }
6476
6549
  }
@@ -6922,13 +6995,13 @@ class ResponseHandler {
6922
6995
  !forceCacheRefreshTokenResponse &&
6923
6996
  cacheRecord.account) {
6924
6997
  const key = cacheRecord.account.generateAccountKey();
6925
- const account = this.cacheStorage.getAccount(key, this.logger);
6998
+ const account = this.cacheStorage.getAccount(key, request.correlationId, this.logger);
6926
6999
  if (!account) {
6927
7000
  this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache");
6928
7001
  return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId);
6929
7002
  }
6930
7003
  }
6931
- await this.cacheStorage.saveCacheRecord(cacheRecord, request.storeInCache, request.correlationId);
7004
+ await this.cacheStorage.saveCacheRecord(cacheRecord, request.correlationId, request.storeInCache);
6932
7005
  }
6933
7006
  finally {
6934
7007
  if (this.persistencePlugin &&
@@ -6957,7 +7030,7 @@ class ResponseHandler {
6957
7030
  let cachedAccount;
6958
7031
  if (serverTokenResponse.id_token && !!idTokenClaims) {
6959
7032
  cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
6960
- cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
7033
+ cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
6961
7034
  this.logger);
6962
7035
  }
6963
7036
  // AccessToken
@@ -7105,7 +7178,7 @@ class ResponseHandler {
7105
7178
  };
7106
7179
  }
7107
7180
  }
7108
- function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
7181
+ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
7109
7182
  logger?.verbose("setCachedAccount called");
7110
7183
  // Check if base account is already cached
7111
7184
  const accountKeys = cacheStorage.getAccountKeys();
@@ -7114,7 +7187,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
7114
7187
  });
7115
7188
  let cachedAccount = null;
7116
7189
  if (baseAccountKey) {
7117
- cachedAccount = cacheStorage.getAccount(baseAccountKey, logger);
7190
+ cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId, logger);
7118
7191
  }
7119
7192
  const baseAccount = cachedAccount ||
7120
7193
  AccountEntity.createAccount({
@@ -7285,8 +7358,9 @@ class AuthorizationCodeClient extends BaseClient {
7285
7358
  */
7286
7359
  async createTokenRequestBody(request) {
7287
7360
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateTokenRequestBody, request.correlationId);
7288
- const parameterBuilder = new RequestParameterBuilder();
7289
- parameterBuilder.addClientId(request.tokenBodyParameters?.[CLIENT_ID] ||
7361
+ const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
7362
+ parameterBuilder.addClientId(request.embeddedClientId ||
7363
+ request.tokenBodyParameters?.[CLIENT_ID] ||
7290
7364
  this.config.authOptions.clientId);
7291
7365
  /*
7292
7366
  * For hybrid spa flow, there will be a code but no verifier
@@ -7346,9 +7420,6 @@ class AuthorizationCodeClient extends BaseClient {
7346
7420
  throw createClientConfigurationError(missingSshJwk);
7347
7421
  }
7348
7422
  }
7349
- const correlationId = request.correlationId ||
7350
- this.config.cryptoInterface.createNewGuid();
7351
- parameterBuilder.addCorrelationId(correlationId);
7352
7423
  if (!StringUtils.isEmptyObj(request.claims) ||
7353
7424
  (this.config.authOptions.clientCapabilities &&
7354
7425
  this.config.authOptions.clientCapabilities.length > 0)) {
@@ -7388,6 +7459,12 @@ class AuthorizationCodeClient extends BaseClient {
7388
7459
  break;
7389
7460
  }
7390
7461
  }
7462
+ if (request.embeddedClientId) {
7463
+ parameterBuilder.addBrokerParameters({
7464
+ brokerClientId: this.config.authOptions.clientId,
7465
+ brokerRedirectUri: this.config.authOptions.redirectUri,
7466
+ });
7467
+ }
7391
7468
  if (request.tokenBodyParameters) {
7392
7469
  parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters);
7393
7470
  }
@@ -7406,9 +7483,13 @@ class AuthorizationCodeClient extends BaseClient {
7406
7483
  * @param request
7407
7484
  */
7408
7485
  async createAuthCodeUrlQueryString(request) {
7409
- this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, request.correlationId);
7410
- const parameterBuilder = new RequestParameterBuilder();
7411
- parameterBuilder.addClientId(request.extraQueryParameters?.[CLIENT_ID] ||
7486
+ // generate the correlationId if not set by the user and add
7487
+ const correlationId = request.correlationId ||
7488
+ this.config.cryptoInterface.createNewGuid();
7489
+ this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, correlationId);
7490
+ const parameterBuilder = new RequestParameterBuilder(correlationId, this.performanceClient);
7491
+ parameterBuilder.addClientId(request.embeddedClientId ||
7492
+ request.extraQueryParameters?.[CLIENT_ID] ||
7412
7493
  this.config.authOptions.clientId);
7413
7494
  const requestScopes = [
7414
7495
  ...(request.scopes || []),
@@ -7417,9 +7498,6 @@ class AuthorizationCodeClient extends BaseClient {
7417
7498
  parameterBuilder.addScopes(requestScopes, true, this.oidcDefaultScopes);
7418
7499
  // validate the redirectUri (to be a non null value)
7419
7500
  parameterBuilder.addRedirectUri(request.redirectUri);
7420
- // generate the correlationId if not set by the user and add
7421
- const correlationId = request.correlationId ||
7422
- this.config.cryptoInterface.createNewGuid();
7423
7501
  parameterBuilder.addCorrelationId(correlationId);
7424
7502
  // add response_mode. If not passed in it defaults to query.
7425
7503
  parameterBuilder.addResponseMode(request.responseMode);
@@ -7521,6 +7599,12 @@ class AuthorizationCodeClient extends BaseClient {
7521
7599
  this.config.authOptions.clientCapabilities.length > 0)) {
7522
7600
  parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);
7523
7601
  }
7602
+ if (request.embeddedClientId) {
7603
+ parameterBuilder.addBrokerParameters({
7604
+ brokerClientId: this.config.authOptions.clientId,
7605
+ brokerRedirectUri: this.config.authOptions.redirectUri,
7606
+ });
7607
+ }
7524
7608
  this.addExtraQueryParams(request, parameterBuilder);
7525
7609
  if (request.nativeBroker) {
7526
7610
  // signal ests that this is a WAM call
@@ -7547,7 +7631,7 @@ class AuthorizationCodeClient extends BaseClient {
7547
7631
  * @param request
7548
7632
  */
7549
7633
  createLogoutUrlQueryString(request) {
7550
- const parameterBuilder = new RequestParameterBuilder();
7634
+ const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
7551
7635
  if (request.postLogoutRedirectUri) {
7552
7636
  parameterBuilder.addPostLogoutRedirectUri(request.postLogoutRedirectUri);
7553
7637
  }
@@ -7661,7 +7745,7 @@ class RefreshTokenClient extends BaseClient {
7661
7745
  async acquireTokenWithCachedRefreshToken(request, foci) {
7662
7746
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, request.correlationId);
7663
7747
  // fetches family RT or application RT based on FOCI value
7664
- const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, undefined, this.performanceClient, request.correlationId);
7748
+ const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, request.correlationId, undefined, this.performanceClient);
7665
7749
  if (!refreshToken) {
7666
7750
  throw createInteractionRequiredAuthError(noTokensFound);
7667
7751
  }
@@ -7689,7 +7773,7 @@ class RefreshTokenClient extends BaseClient {
7689
7773
  // Remove bad refresh token from cache
7690
7774
  this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");
7691
7775
  const badRefreshTokenKey = generateCredentialKey(refreshToken);
7692
- this.cacheManager.removeRefreshToken(badRefreshTokenKey);
7776
+ this.cacheManager.removeRefreshToken(badRefreshTokenKey, request.correlationId);
7693
7777
  }
7694
7778
  throw e;
7695
7779
  }
@@ -7726,8 +7810,9 @@ class RefreshTokenClient extends BaseClient {
7726
7810
  async createTokenRequestBody(request) {
7727
7811
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, request.correlationId);
7728
7812
  const correlationId = request.correlationId;
7729
- const parameterBuilder = new RequestParameterBuilder();
7730
- parameterBuilder.addClientId(request.tokenBodyParameters?.[CLIENT_ID] ||
7813
+ const parameterBuilder = new RequestParameterBuilder(correlationId, this.performanceClient);
7814
+ parameterBuilder.addClientId(request.embeddedClientId ||
7815
+ request.tokenBodyParameters?.[CLIENT_ID] ||
7731
7816
  this.config.authOptions.clientId);
7732
7817
  if (request.redirectUri) {
7733
7818
  parameterBuilder.addRedirectUri(request.redirectUri);
@@ -7741,7 +7826,6 @@ class RefreshTokenClient extends BaseClient {
7741
7826
  if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {
7742
7827
  parameterBuilder.addServerTelemetry(this.serverTelemetryManager);
7743
7828
  }
7744
- parameterBuilder.addCorrelationId(correlationId);
7745
7829
  parameterBuilder.addRefreshToken(request.refreshToken);
7746
7830
  if (this.config.clientCredentials.clientSecret) {
7747
7831
  parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);
@@ -7795,6 +7879,12 @@ class RefreshTokenClient extends BaseClient {
7795
7879
  break;
7796
7880
  }
7797
7881
  }
7882
+ if (request.embeddedClientId) {
7883
+ parameterBuilder.addBrokerParameters({
7884
+ brokerClientId: this.config.authOptions.clientId,
7885
+ brokerRedirectUri: this.config.authOptions.redirectUri,
7886
+ });
7887
+ }
7798
7888
  if (request.tokenBodyParameters) {
7799
7889
  parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters);
7800
7890
  }
@@ -7870,7 +7960,7 @@ class SilentFlowClient extends BaseClient {
7870
7960
  const requestTenantId = request.account.tenantId ||
7871
7961
  getTenantFromAuthorityString(request.authority);
7872
7962
  const tokenKeys = this.cacheManager.getTokenKeys();
7873
- const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId, this.performanceClient, request.correlationId);
7963
+ const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId, this.performanceClient);
7874
7964
  if (!cachedAccessToken) {
7875
7965
  // must refresh due to non-existent access_token
7876
7966
  this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
@@ -7890,9 +7980,9 @@ class SilentFlowClient extends BaseClient {
7890
7980
  }
7891
7981
  const environment = request.authority || this.authority.getPreferredCache();
7892
7982
  const cacheRecord = {
7893
- account: this.cacheManager.readAccountFromCache(request.account),
7983
+ account: this.cacheManager.readAccountFromCache(request.account, request.correlationId),
7894
7984
  accessToken: cachedAccessToken,
7895
- idToken: this.cacheManager.getIdToken(request.account, tokenKeys, requestTenantId, this.performanceClient, request.correlationId),
7985
+ idToken: this.cacheManager.getIdToken(request.account, request.correlationId, tokenKeys, requestTenantId, this.performanceClient),
7896
7986
  refreshToken: null,
7897
7987
  appMetadata: this.cacheManager.readAppMetadataFromCache(environment),
7898
7988
  };
@@ -8142,7 +8232,7 @@ class ServerTelemetryManager {
8142
8232
  else {
8143
8233
  lastRequests.errors.push(SERVER_TELEM_CONSTANTS.UNKNOWN_ERROR);
8144
8234
  }
8145
- this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
8235
+ this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
8146
8236
  return;
8147
8237
  }
8148
8238
  /**
@@ -8151,7 +8241,7 @@ class ServerTelemetryManager {
8151
8241
  incrementCacheHits() {
8152
8242
  const lastRequests = this.getLastRequests();
8153
8243
  lastRequests.cacheHits += 1;
8154
- this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
8244
+ this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
8155
8245
  return lastRequests.cacheHits;
8156
8246
  }
8157
8247
  /**
@@ -8175,7 +8265,7 @@ class ServerTelemetryManager {
8175
8265
  const errorCount = lastRequests.errors.length;
8176
8266
  if (numErrorsFlushed === errorCount) {
8177
8267
  // All errors were sent on last request, clear Telemetry cache
8178
- this.cacheManager.removeItem(this.telemetryCacheKey);
8268
+ this.cacheManager.removeItem(this.telemetryCacheKey, this.correlationId);
8179
8269
  }
8180
8270
  else {
8181
8271
  // Partial data was flushed to server, construct a new telemetry cache item with errors that were not flushed
@@ -8184,7 +8274,7 @@ class ServerTelemetryManager {
8184
8274
  errors: lastRequests.errors.slice(numErrorsFlushed),
8185
8275
  cacheHits: 0,
8186
8276
  };
8187
- this.cacheManager.setServerTelemetry(this.telemetryCacheKey, serverTelemEntity);
8277
+ this.cacheManager.setServerTelemetry(this.telemetryCacheKey, serverTelemEntity, this.correlationId);
8188
8278
  }
8189
8279
  }
8190
8280
  /**
@@ -8251,7 +8341,7 @@ class ServerTelemetryManager {
8251
8341
  setNativeBrokerErrorCode(errorCode) {
8252
8342
  const lastRequests = this.getLastRequests();
8253
8343
  lastRequests.nativeBrokerErrorCode = errorCode;
8254
- this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
8344
+ this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
8255
8345
  }
8256
8346
  getNativeBrokerErrorCode() {
8257
8347
  return this.getLastRequests().nativeBrokerErrorCode;
@@ -8259,7 +8349,7 @@ class ServerTelemetryManager {
8259
8349
  clearNativeBrokerErrorCode() {
8260
8350
  const lastRequests = this.getLastRequests();
8261
8351
  delete lastRequests.nativeBrokerErrorCode;
8262
- this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
8352
+ this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
8263
8353
  }
8264
8354
  static makeExtraSkuString(params) {
8265
8355
  return makeExtraSkuString(params);
@@ -8314,7 +8404,7 @@ exports.InteractionRequiredAuthErrorCodes = InteractionRequiredAuthErrorCodes;
8314
8404
  exports.InteractionRequiredAuthErrorMessage = InteractionRequiredAuthErrorMessage;
8315
8405
  exports.JsonWebTokenTypes = JsonWebTokenTypes;
8316
8406
  exports.Logger = Logger;
8317
- exports.NetworkManager = NetworkManager;
8407
+ exports.NetworkError = NetworkError;
8318
8408
  exports.OIDC_DEFAULT_SCOPES = OIDC_DEFAULT_SCOPES;
8319
8409
  exports.ONE_DAY_IN_MS = ONE_DAY_IN_MS;
8320
8410
  exports.PasswordGrantConstants = PasswordGrantConstants;
@@ -8350,9 +8440,11 @@ exports.buildClientInfoFromHomeAccountId = buildClientInfoFromHomeAccountId;
8350
8440
  exports.buildStaticAuthorityOptions = buildStaticAuthorityOptions;
8351
8441
  exports.buildTenantProfile = buildTenantProfile;
8352
8442
  exports.createAuthError = createAuthError;
8443
+ exports.createCacheError = createCacheError;
8353
8444
  exports.createClientAuthError = createClientAuthError;
8354
8445
  exports.createClientConfigurationError = createClientConfigurationError;
8355
8446
  exports.createInteractionRequiredAuthError = createInteractionRequiredAuthError;
8447
+ exports.createNetworkError = createNetworkError;
8356
8448
  exports.formatAuthorityUri = formatAuthorityUri;
8357
8449
  exports.getClientAssertion = getClientAssertion;
8358
8450
  exports.getTenantIdFromIdTokenClaims = getTenantIdFromIdTokenClaims;
@@ -8361,4 +8453,4 @@ exports.invokeAsync = invokeAsync;
8361
8453
  exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
8362
8454
  exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
8363
8455
  exports.version = version;
8364
- //# sourceMappingURL=index-node-aee3f7b6.js.map
8456
+ //# sourceMappingURL=index-node-CebvEPer.js.map