@azure/msal-common 14.15.0 → 15.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (185) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +1 -1
  7. package/dist/authority/AuthorityFactory.mjs +1 -1
  8. package/dist/authority/AuthorityMetadata.mjs +1 -1
  9. package/dist/authority/AuthorityOptions.mjs +1 -1
  10. package/dist/authority/AuthorityType.mjs +1 -1
  11. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  13. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  14. package/dist/authority/ProtocolMode.mjs +1 -1
  15. package/dist/authority/RegionDiscovery.mjs +1 -1
  16. package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts +1 -0
  17. package/dist/broker/nativeBroker/INativeBrokerPlugin.d.ts.map +1 -1
  18. package/dist/cache/CacheManager.d.ts +8 -37
  19. package/dist/cache/CacheManager.d.ts.map +1 -1
  20. package/dist/cache/CacheManager.mjs +10 -77
  21. package/dist/cache/CacheManager.mjs.map +1 -1
  22. package/dist/cache/entities/AccountEntity.mjs +1 -1
  23. package/dist/cache/interface/ICacheManager.d.ts +4 -4
  24. package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
  25. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  26. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  27. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  28. package/dist/client/AuthorizationCodeClient.mjs +24 -13
  29. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  30. package/dist/client/BaseClient.d.ts +10 -3
  31. package/dist/client/BaseClient.d.ts.map +1 -1
  32. package/dist/client/BaseClient.mjs +62 -10
  33. package/dist/client/BaseClient.mjs.map +1 -1
  34. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  35. package/dist/client/RefreshTokenClient.mjs +10 -4
  36. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  37. package/dist/client/SilentFlowClient.mjs +1 -1
  38. package/dist/config/ClientConfiguration.d.ts +2 -0
  39. package/dist/config/ClientConfiguration.d.ts.map +1 -1
  40. package/dist/config/ClientConfiguration.mjs +1 -1
  41. package/dist/config/ClientConfiguration.mjs.map +1 -1
  42. package/dist/constants/AADServerParamKeys.d.ts +2 -0
  43. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  44. package/dist/constants/AADServerParamKeys.mjs +5 -3
  45. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  46. package/dist/crypto/ICrypto.mjs +1 -1
  47. package/dist/crypto/JoseHeader.mjs +1 -1
  48. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  49. package/dist/error/AuthError.mjs +1 -1
  50. package/dist/error/AuthErrorCodes.mjs +1 -1
  51. package/dist/error/CacheError.mjs +1 -1
  52. package/dist/error/CacheErrorCodes.mjs +1 -1
  53. package/dist/error/ClientAuthError.mjs +1 -1
  54. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  55. package/dist/error/ClientConfigurationError.mjs +1 -1
  56. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  57. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  58. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  59. package/dist/error/JoseHeaderError.mjs +1 -1
  60. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  61. package/dist/error/NetworkError.d.ts +19 -0
  62. package/dist/error/NetworkError.d.ts.map +1 -0
  63. package/dist/error/NetworkError.mjs +34 -0
  64. package/dist/error/NetworkError.mjs.map +1 -0
  65. package/dist/error/ServerError.mjs +1 -1
  66. package/dist/exports-common.d.ts +2 -1
  67. package/dist/exports-common.d.ts.map +1 -1
  68. package/dist/index-browser.mjs +2 -2
  69. package/dist/index-node.mjs +2 -2
  70. package/dist/index.mjs +2 -2
  71. package/dist/logger/Logger.mjs +1 -1
  72. package/dist/network/INetworkModule.d.ts +1 -1
  73. package/dist/network/INetworkModule.d.ts.map +1 -1
  74. package/dist/network/INetworkModule.mjs +1 -1
  75. package/dist/network/NetworkResponse.d.ts +6 -0
  76. package/dist/network/NetworkResponse.d.ts.map +1 -0
  77. package/dist/network/ThrottlingUtils.d.ts +1 -1
  78. package/dist/network/ThrottlingUtils.d.ts.map +1 -1
  79. package/dist/network/ThrottlingUtils.mjs +1 -1
  80. package/dist/packageMetadata.d.ts +1 -1
  81. package/dist/packageMetadata.d.ts.map +1 -1
  82. package/dist/packageMetadata.mjs +2 -2
  83. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  84. package/dist/request/BaseAuthRequest.d.ts +2 -0
  85. package/dist/request/BaseAuthRequest.d.ts.map +1 -1
  86. package/dist/request/RequestParameterBuilder.d.ts +8 -1
  87. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  88. package/dist/request/RequestParameterBuilder.mjs +26 -3
  89. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  90. package/dist/request/RequestValidator.mjs +1 -1
  91. package/dist/request/ScopeSet.mjs +1 -1
  92. package/dist/response/ResponseHandler.mjs +3 -3
  93. package/dist/response/ResponseHandler.mjs.map +1 -1
  94. package/dist/telemetry/performance/PerformanceClient.d.ts.map +1 -1
  95. package/dist/telemetry/performance/PerformanceClient.mjs +29 -10
  96. package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
  97. package/dist/telemetry/performance/PerformanceEvent.d.ts +9 -0
  98. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  99. package/dist/telemetry/performance/PerformanceEvent.mjs +6 -1
  100. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  101. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  102. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  103. package/dist/url/UrlString.mjs +1 -1
  104. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  105. package/dist/utils/Constants.d.ts +1 -6
  106. package/dist/utils/Constants.d.ts.map +1 -1
  107. package/dist/utils/Constants.mjs +2 -7
  108. package/dist/utils/Constants.mjs.map +1 -1
  109. package/dist/utils/FunctionWrappers.mjs +1 -1
  110. package/dist/utils/ProtocolUtils.mjs +1 -1
  111. package/dist/utils/StringUtils.mjs +1 -1
  112. package/dist/utils/TimeUtils.mjs +1 -1
  113. package/dist/utils/UrlUtils.mjs +1 -1
  114. package/lib/index-browser.cjs +33 -13
  115. package/lib/index-browser.cjs.map +1 -1
  116. package/lib/{index-node-aee3f7b6.js → index-node-DDJMpU-A.js} +278 -260
  117. package/lib/index-node-DDJMpU-A.js.map +1 -0
  118. package/lib/index-node.cjs +5 -4
  119. package/lib/index-node.cjs.map +1 -1
  120. package/lib/index.cjs +5 -4
  121. package/lib/index.cjs.map +1 -1
  122. package/lib/types/broker/nativeBroker/INativeBrokerPlugin.d.ts +1 -0
  123. package/lib/types/broker/nativeBroker/INativeBrokerPlugin.d.ts.map +1 -1
  124. package/lib/types/cache/CacheManager.d.ts +8 -37
  125. package/lib/types/cache/CacheManager.d.ts.map +1 -1
  126. package/lib/types/cache/interface/ICacheManager.d.ts +4 -4
  127. package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
  128. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  129. package/lib/types/client/BaseClient.d.ts +10 -3
  130. package/lib/types/client/BaseClient.d.ts.map +1 -1
  131. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  132. package/lib/types/config/ClientConfiguration.d.ts +2 -0
  133. package/lib/types/config/ClientConfiguration.d.ts.map +1 -1
  134. package/lib/types/constants/AADServerParamKeys.d.ts +2 -0
  135. package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
  136. package/lib/types/error/NetworkError.d.ts +19 -0
  137. package/lib/types/error/NetworkError.d.ts.map +1 -0
  138. package/lib/types/exports-common.d.ts +2 -1
  139. package/lib/types/exports-common.d.ts.map +1 -1
  140. package/lib/types/network/INetworkModule.d.ts +1 -1
  141. package/lib/types/network/INetworkModule.d.ts.map +1 -1
  142. package/lib/types/network/NetworkResponse.d.ts +6 -0
  143. package/lib/types/network/NetworkResponse.d.ts.map +1 -0
  144. package/lib/types/network/ThrottlingUtils.d.ts +1 -1
  145. package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
  146. package/lib/types/packageMetadata.d.ts +1 -1
  147. package/lib/types/packageMetadata.d.ts.map +1 -1
  148. package/lib/types/request/BaseAuthRequest.d.ts +2 -0
  149. package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
  150. package/lib/types/request/RequestParameterBuilder.d.ts +8 -1
  151. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  152. package/lib/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
  153. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +9 -0
  154. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  155. package/lib/types/utils/Constants.d.ts +1 -6
  156. package/lib/types/utils/Constants.d.ts.map +1 -1
  157. package/package.json +2 -4
  158. package/src/authority/RegionDiscovery.ts +1 -1
  159. package/src/cache/CacheManager.ts +16 -130
  160. package/src/cache/interface/ICacheManager.ts +4 -4
  161. package/src/client/AuthorizationCodeClient.ts +37 -16
  162. package/src/client/BaseClient.ts +104 -22
  163. package/src/client/RefreshTokenClient.ts +14 -5
  164. package/src/config/ClientConfiguration.ts +2 -0
  165. package/src/constants/AADServerParamKeys.ts +2 -0
  166. package/src/error/NetworkError.ts +44 -0
  167. package/src/exports-common.ts +2 -5
  168. package/src/network/INetworkModule.ts +1 -1
  169. package/src/network/NetworkResponse.ts +10 -0
  170. package/src/network/ThrottlingUtils.ts +1 -1
  171. package/src/packageMetadata.ts +1 -1
  172. package/src/request/BaseAuthRequest.ts +2 -0
  173. package/src/request/RequestParameterBuilder.ts +51 -1
  174. package/src/response/ResponseHandler.ts +2 -2
  175. package/src/telemetry/performance/PerformanceClient.ts +42 -12
  176. package/src/telemetry/performance/PerformanceEvent.ts +15 -0
  177. package/src/utils/Constants.ts +1 -6
  178. package/dist/network/NetworkManager.d.ts +0 -34
  179. package/dist/network/NetworkManager.d.ts.map +0 -1
  180. package/dist/network/NetworkManager.mjs +0 -44
  181. package/dist/network/NetworkManager.mjs.map +0 -1
  182. package/lib/index-node-aee3f7b6.js.map +0 -1
  183. package/lib/types/network/NetworkManager.d.ts +0 -34
  184. package/lib/types/network/NetworkManager.d.ts.map +0 -1
  185. package/src/network/NetworkManager.ts +0 -76
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v14.15.0 2024-09-20 */
1
+ /*! @azure/msal-common v15.0.0-alpha.0 2024-12-18 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -96,6 +96,7 @@ const OIDC_SCOPES = [...OIDC_DEFAULT_SCOPES, Constants.EMAIL_SCOPE];
96
96
  */
97
97
  const HeaderNames = {
98
98
  CONTENT_TYPE: "Content-Type",
99
+ CONTENT_LENGTH: "Content-Length",
99
100
  RETRY_AFTER: "Retry-After",
100
101
  CCS_HEADER: "X-AnchorMailbox",
101
102
  WWWAuthenticate: "WWW-Authenticate",
@@ -107,12 +108,6 @@ const HeaderNames = {
107
108
  * Persistent cache keys MSAL which stay while user is logged in.
108
109
  */
109
110
  const PersistentCacheKeys = {
110
- ID_TOKEN: "idtoken",
111
- CLIENT_INFO: "client.info",
112
- ADAL_ID_TOKEN: "adal.idtoken",
113
- ERROR: "error",
114
- ERROR_DESC: "error.description",
115
- ACTIVE_ACCOUNT: "active-account",
116
111
  ACTIVE_ACCOUNT_FILTERS: "active-account-filters", // new cache entry for active_account for a more robust version for browser
117
112
  };
118
113
  /**
@@ -1612,6 +1607,7 @@ const PerformanceEvents = {
1612
1607
  /**
1613
1608
  * Time spent sending/waiting for the response of a request to the token endpoint
1614
1609
  */
1610
+ NetworkClientSendPostRequestAsync: "networkClientSendPostRequestAsync",
1615
1611
  RefreshTokenClientExecutePostToTokenEndpoint: "refreshTokenClientExecutePostToTokenEndpoint",
1616
1612
  AuthorizationCodeClientExecutePostToTokenEndpoint: "authorizationCodeClientExecutePostToTokenEndpoint",
1617
1613
  /**
@@ -1785,6 +1781,10 @@ const PerformanceEventAbbreviations = new Map([
1785
1781
  PerformanceEvents.BaseClientCreateTokenRequestHeaders,
1786
1782
  "BaseClientCreateTReqHead",
1787
1783
  ],
1784
+ [
1785
+ PerformanceEvents.NetworkClientSendPostRequestAsync,
1786
+ "NetClientSendPost",
1787
+ ],
1788
1788
  [
1789
1789
  PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint,
1790
1790
  "RTClientExecPost",
@@ -3519,11 +3519,15 @@ const LOGOUT_HINT = "logout_hint";
3519
3519
  const SID = "sid";
3520
3520
  const LOGIN_HINT = "login_hint";
3521
3521
  const DOMAIN_HINT = "domain_hint";
3522
- const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
3522
+ const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
3523
+ const BROKER_CLIENT_ID = "brk_client_id";
3524
+ const BROKER_REDIRECT_URI = "brk_redirect_uri";
3523
3525
 
3524
3526
  var AADServerParamKeys = /*#__PURE__*/Object.freeze({
3525
3527
  __proto__: null,
3526
3528
  ACCESS_TOKEN: ACCESS_TOKEN,
3529
+ BROKER_CLIENT_ID: BROKER_CLIENT_ID,
3530
+ BROKER_REDIRECT_URI: BROKER_REDIRECT_URI,
3527
3531
  CCS_HEADER: CCS_HEADER,
3528
3532
  CLAIMS: CLAIMS,
3529
3533
  CLIENT_ASSERTION: CLIENT_ASSERTION,
@@ -3806,7 +3810,7 @@ class Logger {
3806
3810
 
3807
3811
  /* eslint-disable header/header */
3808
3812
  const name = "@azure/msal-common";
3809
- const version = "14.15.0";
3813
+ const version = "15.0.0-alpha.0";
3810
3814
 
3811
3815
  /*
3812
3816
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -4591,10 +4595,10 @@ class CacheManager {
4591
4595
  }
4592
4596
  try {
4593
4597
  if (!!cacheRecord.account) {
4594
- this.setAccount(cacheRecord.account);
4598
+ await this.setAccount(cacheRecord.account);
4595
4599
  }
4596
4600
  if (!!cacheRecord.idToken && storeInCache?.idToken !== false) {
4597
- this.setIdTokenCredential(cacheRecord.idToken);
4601
+ await this.setIdTokenCredential(cacheRecord.idToken);
4598
4602
  }
4599
4603
  if (!!cacheRecord.accessToken &&
4600
4604
  storeInCache?.accessToken !== false) {
@@ -4602,7 +4606,7 @@ class CacheManager {
4602
4606
  }
4603
4607
  if (!!cacheRecord.refreshToken &&
4604
4608
  storeInCache?.refreshToken !== false) {
4605
- this.setRefreshTokenCredential(cacheRecord.refreshToken);
4609
+ await this.setRefreshTokenCredential(cacheRecord.refreshToken);
4606
4610
  }
4607
4611
  if (!!cacheRecord.appMetadata) {
4608
4612
  this.setAppMetadata(cacheRecord.appMetadata);
@@ -4659,7 +4663,7 @@ class CacheManager {
4659
4663
  }
4660
4664
  });
4661
4665
  await Promise.all(removedAccessTokens);
4662
- this.setAccessTokenCredential(credential);
4666
+ await this.setAccessTokenCredential(credential);
4663
4667
  }
4664
4668
  /**
4665
4669
  * Retrieve account entities matching all provided tenant-agnostic filters; if no filter is set, get all account entities in the cache
@@ -4945,61 +4949,6 @@ class CacheManager {
4945
4949
  });
4946
4950
  await Promise.all(removedCredentials);
4947
4951
  }
4948
- /**
4949
- * Migrates a single-tenant account and all it's associated alternate cross-tenant account objects in the
4950
- * cache into a condensed multi-tenant account object with tenant profiles.
4951
- * @param accountKey
4952
- * @param accountEntity
4953
- * @param logger
4954
- * @returns
4955
- */
4956
- updateOutdatedCachedAccount(accountKey, accountEntity, logger) {
4957
- // Only update if account entity is defined and has no tenantProfiles object (is outdated)
4958
- if (accountEntity && accountEntity.isSingleTenant()) {
4959
- this.commonLogger?.verbose("updateOutdatedCachedAccount: Found a single-tenant (outdated) account entity in the cache, migrating to multi-tenant account entity");
4960
- // Get keys of all accounts belonging to user
4961
- const matchingAccountKeys = this.getAccountKeys().filter((key) => {
4962
- return key.startsWith(accountEntity.homeAccountId);
4963
- });
4964
- // Get all account entities belonging to user
4965
- const accountsToMerge = [];
4966
- matchingAccountKeys.forEach((key) => {
4967
- const account = this.getCachedAccountEntity(key);
4968
- if (account) {
4969
- accountsToMerge.push(account);
4970
- }
4971
- });
4972
- // Set base account to home account if available, any account if not
4973
- const baseAccount = accountsToMerge.find((account) => {
4974
- return tenantIdMatchesHomeTenant(account.realm, account.homeAccountId);
4975
- }) || accountsToMerge[0];
4976
- // Populate tenant profiles built from each account entity belonging to the user
4977
- baseAccount.tenantProfiles = accountsToMerge.map((account) => {
4978
- return {
4979
- tenantId: account.realm,
4980
- localAccountId: account.localAccountId,
4981
- name: account.name,
4982
- isHomeTenant: tenantIdMatchesHomeTenant(account.realm, account.homeAccountId),
4983
- };
4984
- });
4985
- const updatedAccount = CacheManager.toObject(new AccountEntity(), {
4986
- ...baseAccount,
4987
- });
4988
- const newAccountKey = updatedAccount.generateAccountKey();
4989
- // Clear cache of legacy account objects that have been collpsed into tenant profiles
4990
- matchingAccountKeys.forEach((key) => {
4991
- if (key !== newAccountKey) {
4992
- this.removeOutdatedAccount(accountKey);
4993
- }
4994
- });
4995
- // Cache updated account object
4996
- this.setAccount(updatedAccount);
4997
- logger?.verbose("Updated an outdated account entity in the cache");
4998
- return updatedAccount;
4999
- }
5000
- // No update is necessary
5001
- return accountEntity;
5002
- }
5003
4952
  /**
5004
4953
  * returns a boolean if the given credential is removed
5005
4954
  * @param credential
@@ -5595,28 +5544,25 @@ class CacheManager {
5595
5544
  }
5596
5545
  /** @internal */
5597
5546
  class DefaultStorageClass extends CacheManager {
5598
- setAccount() {
5547
+ async setAccount() {
5599
5548
  throw createClientAuthError(methodNotImplemented);
5600
5549
  }
5601
5550
  getAccount() {
5602
5551
  throw createClientAuthError(methodNotImplemented);
5603
5552
  }
5604
- getCachedAccountEntity() {
5605
- throw createClientAuthError(methodNotImplemented);
5606
- }
5607
- setIdTokenCredential() {
5553
+ async setIdTokenCredential() {
5608
5554
  throw createClientAuthError(methodNotImplemented);
5609
5555
  }
5610
5556
  getIdTokenCredential() {
5611
5557
  throw createClientAuthError(methodNotImplemented);
5612
5558
  }
5613
- setAccessTokenCredential() {
5559
+ async setAccessTokenCredential() {
5614
5560
  throw createClientAuthError(methodNotImplemented);
5615
5561
  }
5616
5562
  getAccessTokenCredential() {
5617
5563
  throw createClientAuthError(methodNotImplemented);
5618
5564
  }
5619
- setRefreshTokenCredential() {
5565
+ async setRefreshTokenCredential() {
5620
5566
  throw createClientAuthError(methodNotImplemented);
5621
5567
  }
5622
5568
  getRefreshTokenCredential() {
@@ -5661,15 +5607,6 @@ class DefaultStorageClass extends CacheManager {
5661
5607
  getTokenKeys() {
5662
5608
  throw createClientAuthError(methodNotImplemented);
5663
5609
  }
5664
- async clear() {
5665
- throw createClientAuthError(methodNotImplemented);
5666
- }
5667
- updateCredentialCacheKey() {
5668
- throw createClientAuthError(methodNotImplemented);
5669
- }
5670
- removeOutdatedAccount() {
5671
- throw createClientAuthError(methodNotImplemented);
5672
- }
5673
5610
  }
5674
5611
 
5675
5612
  /*
@@ -5769,154 +5706,6 @@ function isOidcProtocolMode(config) {
5769
5706
  return (config.authOptions.authority.options.protocolMode === ProtocolMode.OIDC);
5770
5707
  }
5771
5708
 
5772
- /*
5773
- * Copyright (c) Microsoft Corporation. All rights reserved.
5774
- * Licensed under the MIT License.
5775
- */
5776
- /**
5777
- * Error thrown when there is an error with the server code, for example, unavailability.
5778
- */
5779
- class ServerError extends AuthError {
5780
- constructor(errorCode, errorMessage, subError, errorNo, status) {
5781
- super(errorCode, errorMessage, subError);
5782
- this.name = "ServerError";
5783
- this.errorNo = errorNo;
5784
- this.status = status;
5785
- Object.setPrototypeOf(this, ServerError.prototype);
5786
- }
5787
- }
5788
-
5789
- /*
5790
- * Copyright (c) Microsoft Corporation. All rights reserved.
5791
- * Licensed under the MIT License.
5792
- */
5793
- /** @internal */
5794
- class ThrottlingUtils {
5795
- /**
5796
- * Prepares a RequestThumbprint to be stored as a key.
5797
- * @param thumbprint
5798
- */
5799
- static generateThrottlingStorageKey(thumbprint) {
5800
- return `${ThrottlingConstants.THROTTLING_PREFIX}.${JSON.stringify(thumbprint)}`;
5801
- }
5802
- /**
5803
- * Performs necessary throttling checks before a network request.
5804
- * @param cacheManager
5805
- * @param thumbprint
5806
- */
5807
- static preProcess(cacheManager, thumbprint) {
5808
- const key = ThrottlingUtils.generateThrottlingStorageKey(thumbprint);
5809
- const value = cacheManager.getThrottlingCache(key);
5810
- if (value) {
5811
- if (value.throttleTime < Date.now()) {
5812
- cacheManager.removeItem(key);
5813
- return;
5814
- }
5815
- throw new ServerError(value.errorCodes?.join(" ") || Constants.EMPTY_STRING, value.errorMessage, value.subError);
5816
- }
5817
- }
5818
- /**
5819
- * Performs necessary throttling checks after a network request.
5820
- * @param cacheManager
5821
- * @param thumbprint
5822
- * @param response
5823
- */
5824
- static postProcess(cacheManager, thumbprint, response) {
5825
- if (ThrottlingUtils.checkResponseStatus(response) ||
5826
- ThrottlingUtils.checkResponseForRetryAfter(response)) {
5827
- const thumbprintValue = {
5828
- throttleTime: ThrottlingUtils.calculateThrottleTime(parseInt(response.headers[HeaderNames.RETRY_AFTER])),
5829
- error: response.body.error,
5830
- errorCodes: response.body.error_codes,
5831
- errorMessage: response.body.error_description,
5832
- subError: response.body.suberror,
5833
- };
5834
- cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue);
5835
- }
5836
- }
5837
- /**
5838
- * Checks a NetworkResponse object's status codes against 429 or 5xx
5839
- * @param response
5840
- */
5841
- static checkResponseStatus(response) {
5842
- return (response.status === 429 ||
5843
- (response.status >= 500 && response.status < 600));
5844
- }
5845
- /**
5846
- * Checks a NetworkResponse object's RetryAfter header
5847
- * @param response
5848
- */
5849
- static checkResponseForRetryAfter(response) {
5850
- if (response.headers) {
5851
- return (response.headers.hasOwnProperty(HeaderNames.RETRY_AFTER) &&
5852
- (response.status < 200 || response.status >= 300));
5853
- }
5854
- return false;
5855
- }
5856
- /**
5857
- * Calculates the Unix-time value for a throttle to expire given throttleTime in seconds.
5858
- * @param throttleTime
5859
- */
5860
- static calculateThrottleTime(throttleTime) {
5861
- const time = throttleTime <= 0 ? 0 : throttleTime;
5862
- const currentSeconds = Date.now() / 1000;
5863
- return Math.floor(Math.min(currentSeconds +
5864
- (time || ThrottlingConstants.DEFAULT_THROTTLE_TIME_SECONDS), currentSeconds +
5865
- ThrottlingConstants.DEFAULT_MAX_THROTTLE_TIME_SECONDS) * 1000);
5866
- }
5867
- static removeThrottle(cacheManager, clientId, request, homeAccountIdentifier) {
5868
- const thumbprint = {
5869
- clientId: clientId,
5870
- authority: request.authority,
5871
- scopes: request.scopes,
5872
- homeAccountIdentifier: homeAccountIdentifier,
5873
- claims: request.claims,
5874
- authenticationScheme: request.authenticationScheme,
5875
- resourceRequestMethod: request.resourceRequestMethod,
5876
- resourceRequestUri: request.resourceRequestUri,
5877
- shrClaims: request.shrClaims,
5878
- sshKid: request.sshKid,
5879
- };
5880
- const key = this.generateThrottlingStorageKey(thumbprint);
5881
- cacheManager.removeItem(key);
5882
- }
5883
- }
5884
-
5885
- /*
5886
- * Copyright (c) Microsoft Corporation. All rights reserved.
5887
- * Licensed under the MIT License.
5888
- */
5889
- /** @internal */
5890
- class NetworkManager {
5891
- constructor(networkClient, cacheManager) {
5892
- this.networkClient = networkClient;
5893
- this.cacheManager = cacheManager;
5894
- }
5895
- /**
5896
- * Wraps sendPostRequestAsync with necessary preflight and postflight logic
5897
- * @param thumbprint
5898
- * @param tokenEndpoint
5899
- * @param options
5900
- */
5901
- async sendPostRequest(thumbprint, tokenEndpoint, options) {
5902
- ThrottlingUtils.preProcess(this.cacheManager, thumbprint);
5903
- let response;
5904
- try {
5905
- response = await this.networkClient.sendPostRequestAsync(tokenEndpoint, options);
5906
- }
5907
- catch (e) {
5908
- if (e instanceof AuthError) {
5909
- throw e;
5910
- }
5911
- else {
5912
- throw createClientAuthError(networkError);
5913
- }
5914
- }
5915
- ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response);
5916
- return response;
5917
- }
5918
- }
5919
-
5920
5709
  /*
5921
5710
  * Copyright (c) Microsoft Corporation. All rights reserved.
5922
5711
  * Licensed under the MIT License.
@@ -5995,10 +5784,24 @@ class RequestValidator {
5995
5784
  * Copyright (c) Microsoft Corporation. All rights reserved.
5996
5785
  * Licensed under the MIT License.
5997
5786
  */
5787
+ function instrumentBrokerParams(parameters, correlationId, performanceClient) {
5788
+ if (!correlationId) {
5789
+ return;
5790
+ }
5791
+ const clientId = parameters.get(CLIENT_ID);
5792
+ if (clientId && parameters.has(BROKER_CLIENT_ID)) {
5793
+ performanceClient?.addFields({
5794
+ embeddedClientId: clientId,
5795
+ embeddedRedirectUri: parameters.get(REDIRECT_URI),
5796
+ }, correlationId);
5797
+ }
5798
+ }
5998
5799
  /** @internal */
5999
5800
  class RequestParameterBuilder {
6000
- constructor() {
5801
+ constructor(correlationId, performanceClient) {
6001
5802
  this.parameters = new Map();
5803
+ this.performanceClient = performanceClient;
5804
+ this.correlationId = correlationId;
6002
5805
  }
6003
5806
  /**
6004
5807
  * add response_type = code
@@ -6362,6 +6165,14 @@ class RequestParameterBuilder {
6362
6165
  addLogoutHint(logoutHint) {
6363
6166
  this.parameters.set(LOGOUT_HINT, encodeURIComponent(logoutHint));
6364
6167
  }
6168
+ addBrokerParameters(params) {
6169
+ const brokerParams = {};
6170
+ brokerParams[BROKER_CLIENT_ID] =
6171
+ params.brokerClientId;
6172
+ brokerParams[BROKER_REDIRECT_URI] =
6173
+ params.brokerRedirectUri;
6174
+ this.addExtraQueryParameters(brokerParams);
6175
+ }
6365
6176
  /**
6366
6177
  * Utility to create a URL from the params map
6367
6178
  */
@@ -6370,10 +6181,152 @@ class RequestParameterBuilder {
6370
6181
  this.parameters.forEach((value, key) => {
6371
6182
  queryParameterArray.push(`${key}=${value}`);
6372
6183
  });
6184
+ instrumentBrokerParams(this.parameters, this.correlationId, this.performanceClient);
6373
6185
  return queryParameterArray.join("&");
6374
6186
  }
6375
6187
  }
6376
6188
 
6189
+ /*
6190
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6191
+ * Licensed under the MIT License.
6192
+ */
6193
+ /**
6194
+ * Error thrown when there is an error with the server code, for example, unavailability.
6195
+ */
6196
+ class ServerError extends AuthError {
6197
+ constructor(errorCode, errorMessage, subError, errorNo, status) {
6198
+ super(errorCode, errorMessage, subError);
6199
+ this.name = "ServerError";
6200
+ this.errorNo = errorNo;
6201
+ this.status = status;
6202
+ Object.setPrototypeOf(this, ServerError.prototype);
6203
+ }
6204
+ }
6205
+
6206
+ /*
6207
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6208
+ * Licensed under the MIT License.
6209
+ */
6210
+ /** @internal */
6211
+ class ThrottlingUtils {
6212
+ /**
6213
+ * Prepares a RequestThumbprint to be stored as a key.
6214
+ * @param thumbprint
6215
+ */
6216
+ static generateThrottlingStorageKey(thumbprint) {
6217
+ return `${ThrottlingConstants.THROTTLING_PREFIX}.${JSON.stringify(thumbprint)}`;
6218
+ }
6219
+ /**
6220
+ * Performs necessary throttling checks before a network request.
6221
+ * @param cacheManager
6222
+ * @param thumbprint
6223
+ */
6224
+ static preProcess(cacheManager, thumbprint) {
6225
+ const key = ThrottlingUtils.generateThrottlingStorageKey(thumbprint);
6226
+ const value = cacheManager.getThrottlingCache(key);
6227
+ if (value) {
6228
+ if (value.throttleTime < Date.now()) {
6229
+ cacheManager.removeItem(key);
6230
+ return;
6231
+ }
6232
+ throw new ServerError(value.errorCodes?.join(" ") || Constants.EMPTY_STRING, value.errorMessage, value.subError);
6233
+ }
6234
+ }
6235
+ /**
6236
+ * Performs necessary throttling checks after a network request.
6237
+ * @param cacheManager
6238
+ * @param thumbprint
6239
+ * @param response
6240
+ */
6241
+ static postProcess(cacheManager, thumbprint, response) {
6242
+ if (ThrottlingUtils.checkResponseStatus(response) ||
6243
+ ThrottlingUtils.checkResponseForRetryAfter(response)) {
6244
+ const thumbprintValue = {
6245
+ throttleTime: ThrottlingUtils.calculateThrottleTime(parseInt(response.headers[HeaderNames.RETRY_AFTER])),
6246
+ error: response.body.error,
6247
+ errorCodes: response.body.error_codes,
6248
+ errorMessage: response.body.error_description,
6249
+ subError: response.body.suberror,
6250
+ };
6251
+ cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue);
6252
+ }
6253
+ }
6254
+ /**
6255
+ * Checks a NetworkResponse object's status codes against 429 or 5xx
6256
+ * @param response
6257
+ */
6258
+ static checkResponseStatus(response) {
6259
+ return (response.status === 429 ||
6260
+ (response.status >= 500 && response.status < 600));
6261
+ }
6262
+ /**
6263
+ * Checks a NetworkResponse object's RetryAfter header
6264
+ * @param response
6265
+ */
6266
+ static checkResponseForRetryAfter(response) {
6267
+ if (response.headers) {
6268
+ return (response.headers.hasOwnProperty(HeaderNames.RETRY_AFTER) &&
6269
+ (response.status < 200 || response.status >= 300));
6270
+ }
6271
+ return false;
6272
+ }
6273
+ /**
6274
+ * Calculates the Unix-time value for a throttle to expire given throttleTime in seconds.
6275
+ * @param throttleTime
6276
+ */
6277
+ static calculateThrottleTime(throttleTime) {
6278
+ const time = throttleTime <= 0 ? 0 : throttleTime;
6279
+ const currentSeconds = Date.now() / 1000;
6280
+ return Math.floor(Math.min(currentSeconds +
6281
+ (time || ThrottlingConstants.DEFAULT_THROTTLE_TIME_SECONDS), currentSeconds +
6282
+ ThrottlingConstants.DEFAULT_MAX_THROTTLE_TIME_SECONDS) * 1000);
6283
+ }
6284
+ static removeThrottle(cacheManager, clientId, request, homeAccountIdentifier) {
6285
+ const thumbprint = {
6286
+ clientId: clientId,
6287
+ authority: request.authority,
6288
+ scopes: request.scopes,
6289
+ homeAccountIdentifier: homeAccountIdentifier,
6290
+ claims: request.claims,
6291
+ authenticationScheme: request.authenticationScheme,
6292
+ resourceRequestMethod: request.resourceRequestMethod,
6293
+ resourceRequestUri: request.resourceRequestUri,
6294
+ shrClaims: request.shrClaims,
6295
+ sshKid: request.sshKid,
6296
+ };
6297
+ const key = this.generateThrottlingStorageKey(thumbprint);
6298
+ cacheManager.removeItem(key);
6299
+ }
6300
+ }
6301
+
6302
+ /*
6303
+ * Copyright (c) Microsoft Corporation. All rights reserved.
6304
+ * Licensed under the MIT License.
6305
+ */
6306
+ /**
6307
+ * Represents network related errors
6308
+ */
6309
+ class NetworkError extends AuthError {
6310
+ constructor(error, httpStatus, responseHeaders) {
6311
+ super(error.errorCode, error.errorMessage, error.subError);
6312
+ Object.setPrototypeOf(this, NetworkError.prototype);
6313
+ this.name = "NetworkError";
6314
+ this.error = error;
6315
+ this.httpStatus = httpStatus;
6316
+ this.responseHeaders = responseHeaders;
6317
+ }
6318
+ }
6319
+ /**
6320
+ * Creates NetworkError object for a failed network request
6321
+ * @param error - Error to be thrown back to the caller
6322
+ * @param httpStatus - Status code of the network request
6323
+ * @param responseHeaders - Response headers of the network request, when available
6324
+ * @returns NetworkError object
6325
+ */
6326
+ function createNetworkError(error, httpStatus, responseHeaders) {
6327
+ return new NetworkError(error, httpStatus, responseHeaders);
6328
+ }
6329
+
6377
6330
  /*
6378
6331
  * Copyright (c) Microsoft Corporation. All rights reserved.
6379
6332
  * Licensed under the MIT License.
@@ -6394,8 +6347,6 @@ class BaseClient {
6394
6347
  this.cacheManager = this.config.storageInterface;
6395
6348
  // Set the network interface
6396
6349
  this.networkClient = this.config.networkInterface;
6397
- // Set the NetworkManager
6398
- this.networkManager = new NetworkManager(this.networkClient, this.cacheManager);
6399
6350
  // Set TelemetryManager
6400
6351
  this.serverTelemetryManager = this.config.serverTelemetryManager;
6401
6352
  // set Authority
@@ -6439,11 +6390,7 @@ class BaseClient {
6439
6390
  if (queuedEvent) {
6440
6391
  this.performanceClient?.addQueueMeasurement(queuedEvent, correlationId);
6441
6392
  }
6442
- const response = await this.networkManager.sendPostRequest(thumbprint, tokenEndpoint, { body: queryString, headers: headers });
6443
- this.performanceClient?.addFields({
6444
- refreshTokenSize: response.body.refresh_token?.length || 0,
6445
- httpVerToken: response.headers?.[HeaderNames.X_MS_HTTP_VERSION] || "",
6446
- }, correlationId);
6393
+ const response = await this.sendPostRequest(thumbprint, tokenEndpoint, { body: queryString, headers: headers }, correlationId);
6447
6394
  if (this.config.serverTelemetryManager &&
6448
6395
  response.status < 500 &&
6449
6396
  response.status !== 429) {
@@ -6452,6 +6399,52 @@ class BaseClient {
6452
6399
  }
6453
6400
  return response;
6454
6401
  }
6402
+ /**
6403
+ * Wraps sendPostRequestAsync with necessary preflight and postflight logic
6404
+ * @param thumbprint - Request thumbprint for throttling
6405
+ * @param tokenEndpoint - Endpoint to make the POST to
6406
+ * @param options - Body and Headers to include on the POST request
6407
+ * @param correlationId - CorrelationId for telemetry
6408
+ */
6409
+ async sendPostRequest(thumbprint, tokenEndpoint, options, correlationId) {
6410
+ ThrottlingUtils.preProcess(this.cacheManager, thumbprint);
6411
+ let response;
6412
+ try {
6413
+ response = await invokeAsync((this.networkClient.sendPostRequestAsync.bind(this.networkClient)), PerformanceEvents.NetworkClientSendPostRequestAsync, this.logger, this.performanceClient, correlationId)(tokenEndpoint, options);
6414
+ const responseHeaders = response.headers || {};
6415
+ this.performanceClient?.addFields({
6416
+ refreshTokenSize: response.body.refresh_token?.length || 0,
6417
+ httpVerToken: responseHeaders[HeaderNames.X_MS_HTTP_VERSION] || "",
6418
+ requestId: responseHeaders[HeaderNames.X_MS_REQUEST_ID] || "",
6419
+ }, correlationId);
6420
+ }
6421
+ catch (e) {
6422
+ if (e instanceof NetworkError) {
6423
+ const responseHeaders = e.responseHeaders;
6424
+ if (responseHeaders) {
6425
+ this.performanceClient?.addFields({
6426
+ httpVerToken: responseHeaders[HeaderNames.X_MS_HTTP_VERSION] || "",
6427
+ requestId: responseHeaders[HeaderNames.X_MS_REQUEST_ID] ||
6428
+ "",
6429
+ contentTypeHeader: responseHeaders[HeaderNames.CONTENT_TYPE] ||
6430
+ undefined,
6431
+ contentLengthHeader: responseHeaders[HeaderNames.CONTENT_LENGTH] ||
6432
+ undefined,
6433
+ httpStatus: e.httpStatus,
6434
+ }, correlationId);
6435
+ }
6436
+ throw e.error;
6437
+ }
6438
+ if (e instanceof AuthError) {
6439
+ throw e;
6440
+ }
6441
+ else {
6442
+ throw createClientAuthError(networkError);
6443
+ }
6444
+ }
6445
+ ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response);
6446
+ return response;
6447
+ }
6455
6448
  /**
6456
6449
  * Updates the authority object of the client. Endpoint discovery must be completed.
6457
6450
  * @param updatedAuthority
@@ -6467,10 +6460,17 @@ class BaseClient {
6467
6460
  * @param request
6468
6461
  */
6469
6462
  createTokenQueryParameters(request) {
6470
- const parameterBuilder = new RequestParameterBuilder();
6463
+ const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
6464
+ if (request.embeddedClientId) {
6465
+ parameterBuilder.addBrokerParameters({
6466
+ brokerClientId: this.config.authOptions.clientId,
6467
+ brokerRedirectUri: this.config.authOptions.redirectUri,
6468
+ });
6469
+ }
6471
6470
  if (request.tokenQueryParameters) {
6472
6471
  parameterBuilder.addExtraQueryParameters(request.tokenQueryParameters);
6473
6472
  }
6473
+ parameterBuilder.addCorrelationId(request.correlationId);
6474
6474
  return parameterBuilder.createQueryString();
6475
6475
  }
6476
6476
  }
@@ -6922,7 +6922,7 @@ class ResponseHandler {
6922
6922
  !forceCacheRefreshTokenResponse &&
6923
6923
  cacheRecord.account) {
6924
6924
  const key = cacheRecord.account.generateAccountKey();
6925
- const account = this.cacheStorage.getAccount(key, this.logger);
6925
+ const account = this.cacheStorage.getAccount(key);
6926
6926
  if (!account) {
6927
6927
  this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache");
6928
6928
  return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId);
@@ -7114,7 +7114,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
7114
7114
  });
7115
7115
  let cachedAccount = null;
7116
7116
  if (baseAccountKey) {
7117
- cachedAccount = cacheStorage.getAccount(baseAccountKey, logger);
7117
+ cachedAccount = cacheStorage.getAccount(baseAccountKey);
7118
7118
  }
7119
7119
  const baseAccount = cachedAccount ||
7120
7120
  AccountEntity.createAccount({
@@ -7285,8 +7285,9 @@ class AuthorizationCodeClient extends BaseClient {
7285
7285
  */
7286
7286
  async createTokenRequestBody(request) {
7287
7287
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateTokenRequestBody, request.correlationId);
7288
- const parameterBuilder = new RequestParameterBuilder();
7289
- parameterBuilder.addClientId(request.tokenBodyParameters?.[CLIENT_ID] ||
7288
+ const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
7289
+ parameterBuilder.addClientId(request.embeddedClientId ||
7290
+ request.tokenBodyParameters?.[CLIENT_ID] ||
7290
7291
  this.config.authOptions.clientId);
7291
7292
  /*
7292
7293
  * For hybrid spa flow, there will be a code but no verifier
@@ -7346,9 +7347,6 @@ class AuthorizationCodeClient extends BaseClient {
7346
7347
  throw createClientConfigurationError(missingSshJwk);
7347
7348
  }
7348
7349
  }
7349
- const correlationId = request.correlationId ||
7350
- this.config.cryptoInterface.createNewGuid();
7351
- parameterBuilder.addCorrelationId(correlationId);
7352
7350
  if (!StringUtils.isEmptyObj(request.claims) ||
7353
7351
  (this.config.authOptions.clientCapabilities &&
7354
7352
  this.config.authOptions.clientCapabilities.length > 0)) {
@@ -7388,6 +7386,12 @@ class AuthorizationCodeClient extends BaseClient {
7388
7386
  break;
7389
7387
  }
7390
7388
  }
7389
+ if (request.embeddedClientId) {
7390
+ parameterBuilder.addBrokerParameters({
7391
+ brokerClientId: this.config.authOptions.clientId,
7392
+ brokerRedirectUri: this.config.authOptions.redirectUri,
7393
+ });
7394
+ }
7391
7395
  if (request.tokenBodyParameters) {
7392
7396
  parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters);
7393
7397
  }
@@ -7406,9 +7410,13 @@ class AuthorizationCodeClient extends BaseClient {
7406
7410
  * @param request
7407
7411
  */
7408
7412
  async createAuthCodeUrlQueryString(request) {
7409
- this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, request.correlationId);
7410
- const parameterBuilder = new RequestParameterBuilder();
7411
- parameterBuilder.addClientId(request.extraQueryParameters?.[CLIENT_ID] ||
7413
+ // generate the correlationId if not set by the user and add
7414
+ const correlationId = request.correlationId ||
7415
+ this.config.cryptoInterface.createNewGuid();
7416
+ this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, correlationId);
7417
+ const parameterBuilder = new RequestParameterBuilder(correlationId, this.performanceClient);
7418
+ parameterBuilder.addClientId(request.embeddedClientId ||
7419
+ request.extraQueryParameters?.[CLIENT_ID] ||
7412
7420
  this.config.authOptions.clientId);
7413
7421
  const requestScopes = [
7414
7422
  ...(request.scopes || []),
@@ -7417,9 +7425,6 @@ class AuthorizationCodeClient extends BaseClient {
7417
7425
  parameterBuilder.addScopes(requestScopes, true, this.oidcDefaultScopes);
7418
7426
  // validate the redirectUri (to be a non null value)
7419
7427
  parameterBuilder.addRedirectUri(request.redirectUri);
7420
- // generate the correlationId if not set by the user and add
7421
- const correlationId = request.correlationId ||
7422
- this.config.cryptoInterface.createNewGuid();
7423
7428
  parameterBuilder.addCorrelationId(correlationId);
7424
7429
  // add response_mode. If not passed in it defaults to query.
7425
7430
  parameterBuilder.addResponseMode(request.responseMode);
@@ -7521,6 +7526,12 @@ class AuthorizationCodeClient extends BaseClient {
7521
7526
  this.config.authOptions.clientCapabilities.length > 0)) {
7522
7527
  parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);
7523
7528
  }
7529
+ if (request.embeddedClientId) {
7530
+ parameterBuilder.addBrokerParameters({
7531
+ brokerClientId: this.config.authOptions.clientId,
7532
+ brokerRedirectUri: this.config.authOptions.redirectUri,
7533
+ });
7534
+ }
7524
7535
  this.addExtraQueryParams(request, parameterBuilder);
7525
7536
  if (request.nativeBroker) {
7526
7537
  // signal ests that this is a WAM call
@@ -7547,7 +7558,7 @@ class AuthorizationCodeClient extends BaseClient {
7547
7558
  * @param request
7548
7559
  */
7549
7560
  createLogoutUrlQueryString(request) {
7550
- const parameterBuilder = new RequestParameterBuilder();
7561
+ const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
7551
7562
  if (request.postLogoutRedirectUri) {
7552
7563
  parameterBuilder.addPostLogoutRedirectUri(request.postLogoutRedirectUri);
7553
7564
  }
@@ -7726,8 +7737,9 @@ class RefreshTokenClient extends BaseClient {
7726
7737
  async createTokenRequestBody(request) {
7727
7738
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, request.correlationId);
7728
7739
  const correlationId = request.correlationId;
7729
- const parameterBuilder = new RequestParameterBuilder();
7730
- parameterBuilder.addClientId(request.tokenBodyParameters?.[CLIENT_ID] ||
7740
+ const parameterBuilder = new RequestParameterBuilder(correlationId, this.performanceClient);
7741
+ parameterBuilder.addClientId(request.embeddedClientId ||
7742
+ request.tokenBodyParameters?.[CLIENT_ID] ||
7731
7743
  this.config.authOptions.clientId);
7732
7744
  if (request.redirectUri) {
7733
7745
  parameterBuilder.addRedirectUri(request.redirectUri);
@@ -7741,7 +7753,6 @@ class RefreshTokenClient extends BaseClient {
7741
7753
  if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {
7742
7754
  parameterBuilder.addServerTelemetry(this.serverTelemetryManager);
7743
7755
  }
7744
- parameterBuilder.addCorrelationId(correlationId);
7745
7756
  parameterBuilder.addRefreshToken(request.refreshToken);
7746
7757
  if (this.config.clientCredentials.clientSecret) {
7747
7758
  parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);
@@ -7795,6 +7806,12 @@ class RefreshTokenClient extends BaseClient {
7795
7806
  break;
7796
7807
  }
7797
7808
  }
7809
+ if (request.embeddedClientId) {
7810
+ parameterBuilder.addBrokerParameters({
7811
+ brokerClientId: this.config.authOptions.clientId,
7812
+ brokerRedirectUri: this.config.authOptions.redirectUri,
7813
+ });
7814
+ }
7798
7815
  if (request.tokenBodyParameters) {
7799
7816
  parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters);
7800
7817
  }
@@ -8314,7 +8331,7 @@ exports.InteractionRequiredAuthErrorCodes = InteractionRequiredAuthErrorCodes;
8314
8331
  exports.InteractionRequiredAuthErrorMessage = InteractionRequiredAuthErrorMessage;
8315
8332
  exports.JsonWebTokenTypes = JsonWebTokenTypes;
8316
8333
  exports.Logger = Logger;
8317
- exports.NetworkManager = NetworkManager;
8334
+ exports.NetworkError = NetworkError;
8318
8335
  exports.OIDC_DEFAULT_SCOPES = OIDC_DEFAULT_SCOPES;
8319
8336
  exports.ONE_DAY_IN_MS = ONE_DAY_IN_MS;
8320
8337
  exports.PasswordGrantConstants = PasswordGrantConstants;
@@ -8353,6 +8370,7 @@ exports.createAuthError = createAuthError;
8353
8370
  exports.createClientAuthError = createClientAuthError;
8354
8371
  exports.createClientConfigurationError = createClientConfigurationError;
8355
8372
  exports.createInteractionRequiredAuthError = createInteractionRequiredAuthError;
8373
+ exports.createNetworkError = createNetworkError;
8356
8374
  exports.formatAuthorityUri = formatAuthorityUri;
8357
8375
  exports.getClientAssertion = getClientAssertion;
8358
8376
  exports.getTenantIdFromIdTokenClaims = getTenantIdFromIdTokenClaims;
@@ -8361,4 +8379,4 @@ exports.invokeAsync = invokeAsync;
8361
8379
  exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
8362
8380
  exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
8363
8381
  exports.version = version;
8364
- //# sourceMappingURL=index-node-aee3f7b6.js.map
8382
+ //# sourceMappingURL=index-node-DDJMpU-A.js.map