@azure/msal-common 15.12.0 → 16.0.0-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +0 -1
- package/dist/account/AccountInfo.d.ts.map +1 -1
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/AuthToken.mjs.map +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/CcsCredential.mjs.map +1 -1
- package/dist/account/ClientInfo.d.ts.map +1 -1
- package/dist/account/ClientInfo.mjs +4 -6
- package/dist/account/ClientInfo.mjs.map +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/account/TokenClaims.mjs.map +1 -1
- package/dist/authority/Authority.d.ts +2 -2
- package/dist/authority/Authority.d.ts.map +1 -1
- package/dist/authority/Authority.mjs +89 -105
- package/dist/authority/Authority.mjs.map +1 -1
- package/dist/authority/AuthorityFactory.d.ts +6 -2
- package/dist/authority/AuthorityFactory.d.ts.map +1 -1
- package/dist/authority/AuthorityFactory.mjs +8 -5
- package/dist/authority/AuthorityFactory.mjs.map +1 -1
- package/dist/authority/AuthorityMetadata.d.ts +2 -2
- package/dist/authority/AuthorityMetadata.d.ts.map +1 -1
- package/dist/authority/AuthorityMetadata.mjs +8 -8
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.d.ts +0 -1
- package/dist/authority/AuthorityOptions.d.ts.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs.map +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/AuthorityType.mjs.map +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OIDCOptions.d.ts +2 -2
- package/dist/authority/OIDCOptions.d.ts.map +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs.map +1 -1
- package/dist/authority/RegionDiscovery.d.ts +3 -3
- package/dist/authority/RegionDiscovery.d.ts.map +1 -1
- package/dist/authority/RegionDiscovery.mjs +14 -15
- package/dist/authority/RegionDiscovery.mjs.map +1 -1
- package/dist/cache/CacheManager.d.ts +25 -17
- package/dist/cache/CacheManager.d.ts.map +1 -1
- package/dist/cache/CacheManager.mjs +69 -80
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/entities/AccessTokenEntity.d.ts +0 -4
- package/dist/cache/entities/AccessTokenEntity.d.ts.map +1 -1
- package/dist/cache/entities/AccountEntity.d.ts +4 -56
- package/dist/cache/entities/AccountEntity.d.ts.map +1 -1
- package/dist/cache/entities/CredentialEntity.d.ts +0 -2
- package/dist/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/dist/cache/interface/ICacheManager.d.ts +41 -12
- package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs.map +1 -1
- package/dist/cache/utils/AccountEntityUtils.d.ts +60 -0
- package/dist/cache/utils/AccountEntityUtils.d.ts.map +1 -0
- package/dist/cache/utils/AccountEntityUtils.mjs +212 -0
- package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -0
- package/dist/cache/utils/CacheHelpers.d.ts +2 -2
- package/dist/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +10 -13
- package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist/cache/utils/CacheTypes.d.ts +0 -1
- package/dist/cache/utils/CacheTypes.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +16 -20
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/BaseClient.d.ts +3 -3
- package/dist/client/BaseClient.d.ts.map +1 -1
- package/dist/client/BaseClient.mjs +7 -12
- package/dist/client/BaseClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts +1 -1
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +22 -27
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.d.ts +1 -1
- package/dist/client/SilentFlowClient.d.ts.map +1 -1
- package/dist/client/SilentFlowClient.mjs +8 -12
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.d.ts +2 -22
- package/dist/config/ClientConfiguration.d.ts.map +1 -1
- package/dist/config/ClientConfiguration.mjs +9 -15
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +1 -1
- package/dist/crypto/ICrypto.d.ts +5 -3
- package/dist/crypto/ICrypto.d.ts.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/ICrypto.mjs.map +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs.map +1 -1
- package/dist/crypto/PopTokenGenerator.d.ts +2 -2
- package/dist/crypto/PopTokenGenerator.d.ts.map +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +3 -5
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.d.ts +1 -18
- package/dist/error/AuthError.d.ts.map +1 -1
- package/dist/error/AuthError.mjs +12 -34
- package/dist/error/AuthError.mjs.map +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.d.ts +1 -6
- package/dist/error/CacheError.d.ts.map +1 -1
- package/dist/error/CacheError.mjs +6 -13
- package/dist/error/CacheError.mjs.map +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.d.ts +0 -224
- package/dist/error/ClientAuthError.d.ts.map +1 -1
- package/dist/error/ClientAuthError.mjs +3 -235
- package/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/error/ClientAuthErrorCodes.d.ts +0 -8
- package/dist/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +2 -10
- package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/error/ClientConfigurationError.d.ts +0 -123
- package/dist/error/ClientConfigurationError.d.ts.map +1 -1
- package/dist/error/ClientConfigurationError.mjs +3 -129
- package/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.d.ts +0 -2
- package/dist/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +3 -5
- package/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthError.d.ts +1 -19
- package/dist/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +10 -35
- package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.d.ts +0 -4
- package/dist/error/JoseHeaderError.d.ts.map +1 -1
- package/dist/error/JoseHeaderError.mjs +3 -8
- package/dist/error/JoseHeaderError.mjs.map +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/NetworkError.mjs.map +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/error/ServerError.mjs.map +1 -1
- package/dist/exports-browser-only.d.ts +4 -3
- package/dist/exports-browser-only.d.ts.map +1 -1
- package/dist/exports-common.d.ts +8 -6
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/exports-node-only.d.ts +1 -4
- package/dist/exports-node-only.d.ts.map +1 -1
- package/dist/index-browser.mjs +12 -8
- package/dist/index-browser.mjs.map +1 -1
- package/dist/index-node.mjs +10 -7
- package/dist/index-node.mjs.map +1 -1
- package/dist/index.mjs +12 -8
- package/dist/index.mjs.map +1 -1
- package/dist/logger/Logger.d.ts +12 -13
- package/dist/logger/Logger.d.ts.map +1 -1
- package/dist/logger/Logger.mjs +16 -21
- package/dist/logger/Logger.mjs.map +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/INetworkModule.mjs.map +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.d.ts.map +1 -1
- package/dist/network/ThrottlingUtils.mjs +6 -7
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.d.ts.map +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +1 -2
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +14 -14
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/dist/request/AuthenticationHeaderParser.mjs +3 -3
- package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist/request/BaseAuthRequest.d.ts +1 -7
- package/dist/request/BaseAuthRequest.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.d.ts +3 -9
- package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +7 -20
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/ScopeSet.mjs +5 -5
- package/dist/request/ScopeSet.mjs.map +1 -1
- package/dist/response/AuthenticationResult.d.ts +1 -1
- package/dist/response/AuthenticationResult.d.ts.map +1 -1
- package/dist/response/ResponseHandler.d.ts +6 -5
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +39 -41
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/IPerformanceClient.d.ts +0 -29
- package/dist/telemetry/performance/IPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.d.ts +5 -81
- package/dist/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +24 -166
- package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.d.ts +0 -280
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +2 -483
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvents.d.ts +65 -0
- package/dist/telemetry/performance/PerformanceEvents.d.ts.map +1 -0
- package/dist/telemetry/performance/PerformanceEvents.mjs +73 -0
- package/dist/telemetry/performance/PerformanceEvents.mjs.map +1 -0
- package/dist/telemetry/performance/StubPerformanceClient.d.ts +0 -4
- package/dist/telemetry/performance/StubPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +2 -26
- package/dist/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.d.ts +2 -2
- package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +28 -30
- package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/url/UrlString.d.ts +0 -5
- package/dist/url/UrlString.d.ts.map +1 -1
- package/dist/url/UrlString.mjs +5 -13
- package/dist/url/UrlString.mjs.map +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist/utils/Constants.d.ts +81 -117
- package/dist/utils/Constants.d.ts.map +1 -1
- package/dist/utils/Constants.mjs +100 -131
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.d.ts +2 -2
- package/dist/utils/FunctionWrappers.d.ts.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +19 -20
- package/dist/utils/FunctionWrappers.mjs.map +1 -1
- package/dist/utils/ProtocolUtils.mjs +7 -7
- package/dist/utils/ProtocolUtils.mjs.map +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs.map +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs.map +1 -1
- package/dist/utils/UrlUtils.d.ts +1 -2
- package/dist/utils/UrlUtils.d.ts.map +1 -1
- package/dist/utils/UrlUtils.mjs +3 -10
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +26 -201
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-C8h2xZEM.js → index-node-FrCFfFuh.js} +1606 -2487
- package/lib/index-node-FrCFfFuh.js.map +1 -0
- package/lib/index-node.cjs +4 -33
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +3 -33
- package/lib/index.cjs.map +1 -1
- package/lib/types/account/AccountInfo.d.ts +0 -1
- package/lib/types/account/AccountInfo.d.ts.map +1 -1
- package/lib/types/account/ClientInfo.d.ts.map +1 -1
- package/lib/types/authority/Authority.d.ts +2 -2
- package/lib/types/authority/Authority.d.ts.map +1 -1
- package/lib/types/authority/AuthorityFactory.d.ts +6 -2
- package/lib/types/authority/AuthorityFactory.d.ts.map +1 -1
- package/lib/types/authority/AuthorityMetadata.d.ts +2 -2
- package/lib/types/authority/AuthorityMetadata.d.ts.map +1 -1
- package/lib/types/authority/AuthorityOptions.d.ts +0 -1
- package/lib/types/authority/AuthorityOptions.d.ts.map +1 -1
- package/lib/types/authority/OIDCOptions.d.ts +2 -2
- package/lib/types/authority/OIDCOptions.d.ts.map +1 -1
- package/lib/types/authority/RegionDiscovery.d.ts +3 -3
- package/lib/types/authority/RegionDiscovery.d.ts.map +1 -1
- package/lib/types/cache/CacheManager.d.ts +25 -17
- package/lib/types/cache/CacheManager.d.ts.map +1 -1
- package/lib/types/cache/entities/AccessTokenEntity.d.ts +0 -4
- package/lib/types/cache/entities/AccessTokenEntity.d.ts.map +1 -1
- package/lib/types/cache/entities/AccountEntity.d.ts +4 -56
- package/lib/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/lib/types/cache/entities/CredentialEntity.d.ts +0 -2
- package/lib/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/lib/types/cache/interface/ICacheManager.d.ts +41 -12
- package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
- package/lib/types/cache/utils/AccountEntityUtils.d.ts +60 -0
- package/lib/types/cache/utils/AccountEntityUtils.d.ts.map +1 -0
- package/lib/types/cache/utils/CacheHelpers.d.ts +2 -2
- package/lib/types/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/lib/types/cache/utils/CacheTypes.d.ts +0 -1
- package/lib/types/cache/utils/CacheTypes.d.ts.map +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/lib/types/client/BaseClient.d.ts +3 -3
- package/lib/types/client/BaseClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/client/SilentFlowClient.d.ts +1 -1
- package/lib/types/client/SilentFlowClient.d.ts.map +1 -1
- package/lib/types/config/ClientConfiguration.d.ts +2 -22
- package/lib/types/config/ClientConfiguration.d.ts.map +1 -1
- package/lib/types/crypto/ICrypto.d.ts +5 -3
- package/lib/types/crypto/ICrypto.d.ts.map +1 -1
- package/lib/types/crypto/PopTokenGenerator.d.ts +2 -2
- package/lib/types/crypto/PopTokenGenerator.d.ts.map +1 -1
- package/lib/types/error/AuthError.d.ts +1 -18
- package/lib/types/error/AuthError.d.ts.map +1 -1
- package/lib/types/error/CacheError.d.ts +1 -6
- package/lib/types/error/CacheError.d.ts.map +1 -1
- package/lib/types/error/ClientAuthError.d.ts +0 -224
- package/lib/types/error/ClientAuthError.d.ts.map +1 -1
- package/lib/types/error/ClientAuthErrorCodes.d.ts +0 -8
- package/lib/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/lib/types/error/ClientConfigurationError.d.ts +0 -123
- package/lib/types/error/ClientConfigurationError.d.ts.map +1 -1
- package/lib/types/error/ClientConfigurationErrorCodes.d.ts +0 -2
- package/lib/types/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
- package/lib/types/error/InteractionRequiredAuthError.d.ts +1 -19
- package/lib/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/lib/types/error/JoseHeaderError.d.ts +0 -4
- package/lib/types/error/JoseHeaderError.d.ts.map +1 -1
- package/lib/types/exports-browser-only.d.ts +4 -3
- package/lib/types/exports-browser-only.d.ts.map +1 -1
- package/lib/types/exports-common.d.ts +8 -6
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/exports-node-only.d.ts +1 -4
- package/lib/types/exports-node-only.d.ts.map +1 -1
- package/lib/types/logger/Logger.d.ts +12 -13
- package/lib/types/logger/Logger.d.ts.map +1 -1
- package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/packageMetadata.d.ts.map +1 -1
- package/lib/types/protocol/Authorize.d.ts +1 -2
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/lib/types/request/BaseAuthRequest.d.ts +1 -7
- package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/lib/types/request/RequestParameterBuilder.d.ts +3 -9
- package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/lib/types/response/AuthenticationResult.d.ts +1 -1
- package/lib/types/response/AuthenticationResult.d.ts.map +1 -1
- package/lib/types/response/ResponseHandler.d.ts +6 -5
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/performance/IPerformanceClient.d.ts +0 -29
- package/lib/types/telemetry/performance/IPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceClient.d.ts +5 -81
- package/lib/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts +0 -280
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvents.d.ts +65 -0
- package/lib/types/telemetry/performance/PerformanceEvents.d.ts.map +1 -0
- package/lib/types/telemetry/performance/StubPerformanceClient.d.ts +0 -4
- package/lib/types/telemetry/performance/StubPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/server/ServerTelemetryManager.d.ts +2 -2
- package/lib/types/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/lib/types/url/UrlString.d.ts +0 -5
- package/lib/types/url/UrlString.d.ts.map +1 -1
- package/lib/types/utils/Constants.d.ts +81 -117
- package/lib/types/utils/Constants.d.ts.map +1 -1
- package/lib/types/utils/FunctionWrappers.d.ts +2 -2
- package/lib/types/utils/FunctionWrappers.d.ts.map +1 -1
- package/lib/types/utils/UrlUtils.d.ts +1 -2
- package/lib/types/utils/UrlUtils.d.ts.map +1 -1
- package/package.json +120 -122
- package/src/account/AccountInfo.ts +0 -1
- package/src/account/ClientInfo.ts +3 -6
- package/src/authority/Authority.ts +145 -146
- package/src/authority/AuthorityFactory.ts +7 -7
- package/src/authority/AuthorityMetadata.ts +21 -12
- package/src/authority/AuthorityOptions.ts +0 -1
- package/src/authority/OIDCOptions.ts +2 -2
- package/src/authority/RegionDiscovery.ts +20 -33
- package/src/cache/CacheManager.ts +176 -126
- package/src/cache/entities/AccessTokenEntity.ts +0 -4
- package/src/cache/entities/AccountEntity.ts +4 -285
- package/src/cache/entities/CredentialEntity.ts +0 -2
- package/src/cache/interface/ICacheManager.ts +61 -15
- package/src/cache/utils/AccountEntityUtils.ts +287 -0
- package/src/cache/utils/CacheHelpers.ts +23 -37
- package/src/cache/utils/CacheTypes.ts +0 -1
- package/src/client/AuthorizationCodeClient.ts +28 -49
- package/src/client/BaseClient.ts +8 -20
- package/src/client/RefreshTokenClient.ts +29 -61
- package/src/client/SilentFlowClient.ts +11 -20
- package/src/config/ClientConfiguration.ts +9 -37
- package/src/crypto/ICrypto.ts +5 -3
- package/src/crypto/PopTokenGenerator.ts +3 -13
- package/src/error/AuthError.ts +11 -30
- package/src/error/CacheError.ts +4 -15
- package/src/error/ClientAuthError.ts +1 -311
- package/src/error/ClientAuthErrorCodes.ts +0 -8
- package/src/error/ClientConfigurationError.ts +1 -194
- package/src/error/ClientConfigurationErrorCodes.ts +0 -3
- package/src/error/InteractionRequiredAuthError.ts +8 -48
- package/src/error/JoseHeaderError.ts +1 -8
- package/src/exports-browser-only.ts +2 -6
- package/src/exports-common.ts +4 -34
- package/src/exports-node-only.ts +1 -4
- package/src/logger/Logger.ts +26 -39
- package/src/network/ThrottlingUtils.ts +12 -15
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +24 -20
- package/src/request/AuthenticationHeaderParser.ts +2 -4
- package/src/request/BaseAuthRequest.ts +1 -7
- package/src/request/RequestParameterBuilder.ts +30 -45
- package/src/request/ScopeSet.ts +4 -4
- package/src/response/AuthenticationResult.ts +1 -1
- package/src/response/ResponseHandler.ts +53 -58
- package/src/telemetry/performance/IPerformanceClient.ts +0 -40
- package/src/telemetry/performance/PerformanceClient.ts +29 -266
- package/src/telemetry/performance/PerformanceEvent.ts +0 -582
- package/src/telemetry/performance/PerformanceEvents.ts +97 -0
- package/src/telemetry/performance/StubPerformanceClient.ts +0 -16
- package/src/telemetry/server/ServerTelemetryManager.ts +33 -44
- package/src/url/UrlString.ts +3 -12
- package/src/utils/Constants.ts +103 -146
- package/src/utils/FunctionWrappers.ts +28 -29
- package/src/utils/ProtocolUtils.ts +6 -6
- package/src/utils/UrlUtils.ts +2 -15
- package/dist/cache/entities/AccountEntity.mjs +0 -226
- package/dist/cache/entities/AccountEntity.mjs.map +0 -1
- package/dist/request/CommonClientCredentialRequest.d.ts +0 -18
- package/dist/request/CommonClientCredentialRequest.d.ts.map +0 -1
- package/dist/request/CommonDeviceCodeRequest.d.ts +0 -22
- package/dist/request/CommonDeviceCodeRequest.d.ts.map +0 -1
- package/dist/request/CommonOnBehalfOfRequest.d.ts +0 -14
- package/dist/request/CommonOnBehalfOfRequest.d.ts.map +0 -1
- package/dist/request/CommonUsernamePasswordRequest.d.ts +0 -18
- package/dist/request/CommonUsernamePasswordRequest.d.ts.map +0 -1
- package/lib/index-node-C8h2xZEM.js.map +0 -1
- package/lib/types/request/CommonClientCredentialRequest.d.ts +0 -18
- package/lib/types/request/CommonClientCredentialRequest.d.ts.map +0 -1
- package/lib/types/request/CommonDeviceCodeRequest.d.ts +0 -22
- package/lib/types/request/CommonDeviceCodeRequest.d.ts.map +0 -1
- package/lib/types/request/CommonOnBehalfOfRequest.d.ts +0 -14
- package/lib/types/request/CommonOnBehalfOfRequest.d.ts.map +0 -1
- package/lib/types/request/CommonUsernamePasswordRequest.d.ts +0 -18
- package/lib/types/request/CommonUsernamePasswordRequest.d.ts.map +0 -1
- package/src/request/CommonClientCredentialRequest.ts +0 -23
- package/src/request/CommonDeviceCodeRequest.ts +0 -31
- package/src/request/CommonOnBehalfOfRequest.ts +0 -19
- package/src/request/CommonUsernamePasswordRequest.ts +0 -23
package/src/client/BaseClient.ts
CHANGED
|
@@ -16,7 +16,7 @@ import { NetworkResponse } from "../network/NetworkResponse.js";
|
|
|
16
16
|
import { ICrypto } from "../crypto/ICrypto.js";
|
|
17
17
|
import { Authority } from "../authority/Authority.js";
|
|
18
18
|
import { Logger } from "../logger/Logger.js";
|
|
19
|
-
import {
|
|
19
|
+
import { HeaderNames, URL_FORM_CONTENT_TYPE } from "../utils/Constants.js";
|
|
20
20
|
import { ServerAuthorizationTokenResponse } from "../response/ServerAuthorizationTokenResponse.js";
|
|
21
21
|
import { CacheManager } from "../cache/CacheManager.js";
|
|
22
22
|
import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManager.js";
|
|
@@ -29,7 +29,7 @@ import * as RequestParameterBuilder from "../request/RequestParameterBuilder.js"
|
|
|
29
29
|
import * as UrlUtils from "../utils/UrlUtils.js";
|
|
30
30
|
import { BaseAuthRequest } from "../request/BaseAuthRequest.js";
|
|
31
31
|
import { createDiscoveredInstance } from "../authority/AuthorityFactory.js";
|
|
32
|
-
import
|
|
32
|
+
import * as PerformanceEvents from "../telemetry/performance/PerformanceEvents.js";
|
|
33
33
|
import { ThrottlingUtils } from "../network/ThrottlingUtils.js";
|
|
34
34
|
import { AuthError } from "../error/AuthError.js";
|
|
35
35
|
import {
|
|
@@ -66,11 +66,11 @@ export abstract class BaseClient {
|
|
|
66
66
|
public authority: Authority;
|
|
67
67
|
|
|
68
68
|
// Performance telemetry client
|
|
69
|
-
protected performanceClient
|
|
69
|
+
protected performanceClient: IPerformanceClient;
|
|
70
70
|
|
|
71
71
|
protected constructor(
|
|
72
72
|
configuration: ClientConfiguration,
|
|
73
|
-
performanceClient
|
|
73
|
+
performanceClient: IPerformanceClient
|
|
74
74
|
) {
|
|
75
75
|
// Set the configuration
|
|
76
76
|
this.config = buildClientConfiguration(configuration);
|
|
@@ -104,7 +104,7 @@ export abstract class BaseClient {
|
|
|
104
104
|
ccsCred?: CcsCredential
|
|
105
105
|
): Record<string, string> {
|
|
106
106
|
const headers: Record<string, string> = {};
|
|
107
|
-
headers[HeaderNames.CONTENT_TYPE] =
|
|
107
|
+
headers[HeaderNames.CONTENT_TYPE] = URL_FORM_CONTENT_TYPE;
|
|
108
108
|
if (!this.config.systemOptions.preventCorsPreflight && ccsCred) {
|
|
109
109
|
switch (ccsCred.type) {
|
|
110
110
|
case CcsCredentialType.HOME_ACCOUNT_ID:
|
|
@@ -117,8 +117,8 @@ export abstract class BaseClient {
|
|
|
117
117
|
] = `Oid:${clientInfo.uid}@${clientInfo.utid}`;
|
|
118
118
|
} catch (e) {
|
|
119
119
|
this.logger.verbose(
|
|
120
|
-
|
|
121
|
-
|
|
120
|
+
`Could not parse home account ID for CCS Header: '${e}'`,
|
|
121
|
+
""
|
|
122
122
|
);
|
|
123
123
|
}
|
|
124
124
|
break;
|
|
@@ -144,16 +144,8 @@ export abstract class BaseClient {
|
|
|
144
144
|
queryString: string,
|
|
145
145
|
headers: Record<string, string>,
|
|
146
146
|
thumbprint: RequestThumbprint,
|
|
147
|
-
correlationId: string
|
|
148
|
-
queuedEvent?: string
|
|
147
|
+
correlationId: string
|
|
149
148
|
): Promise<NetworkResponse<ServerAuthorizationTokenResponse>> {
|
|
150
|
-
if (queuedEvent) {
|
|
151
|
-
this.performanceClient?.addQueueMeasurement(
|
|
152
|
-
queuedEvent,
|
|
153
|
-
correlationId
|
|
154
|
-
);
|
|
155
|
-
}
|
|
156
|
-
|
|
157
149
|
const response =
|
|
158
150
|
await this.sendPostRequest<ServerAuthorizationTokenResponse>(
|
|
159
151
|
thumbprint,
|
|
@@ -266,10 +258,6 @@ export abstract class BaseClient {
|
|
|
266
258
|
cloudInstanceHostname: string,
|
|
267
259
|
correlationId: string
|
|
268
260
|
): Promise<void> {
|
|
269
|
-
this.performanceClient?.addQueueMeasurement(
|
|
270
|
-
PerformanceEvents.UpdateTokenEndpointAuthority,
|
|
271
|
-
correlationId
|
|
272
|
-
);
|
|
273
261
|
const cloudInstanceAuthorityUri = `https://${cloudInstanceHostname}/${this.authority.tenant}/`;
|
|
274
262
|
const cloudInstanceAuthority = await createDiscoveredInstance(
|
|
275
263
|
cloudInstanceAuthorityUri,
|
|
@@ -13,12 +13,7 @@ import { Authority } from "../authority/Authority.js";
|
|
|
13
13
|
import { ServerAuthorizationTokenResponse } from "../response/ServerAuthorizationTokenResponse.js";
|
|
14
14
|
import * as RequestParameterBuilder from "../request/RequestParameterBuilder.js";
|
|
15
15
|
import * as UrlUtils from "../utils/UrlUtils.js";
|
|
16
|
-
import
|
|
17
|
-
GrantType,
|
|
18
|
-
AuthenticationScheme,
|
|
19
|
-
Errors,
|
|
20
|
-
HeaderNames,
|
|
21
|
-
} from "../utils/Constants.js";
|
|
16
|
+
import * as Constants from "../utils/Constants.js";
|
|
22
17
|
import * as AADServerParamKeys from "../constants/AADServerParamKeys.js";
|
|
23
18
|
import { ResponseHandler } from "../response/ResponseHandler.js";
|
|
24
19
|
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
@@ -44,7 +39,7 @@ import {
|
|
|
44
39
|
InteractionRequiredAuthErrorCodes,
|
|
45
40
|
createInteractionRequiredAuthError,
|
|
46
41
|
} from "../error/InteractionRequiredAuthError.js";
|
|
47
|
-
import
|
|
42
|
+
import * as PerformanceEvents from "../telemetry/performance/PerformanceEvents.js";
|
|
48
43
|
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
49
44
|
import { invoke, invokeAsync } from "../utils/FunctionWrappers.js";
|
|
50
45
|
import { ClientAssertion } from "../account/ClientCredentials.js";
|
|
@@ -60,18 +55,13 @@ const DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS = 300; // 5 Minutes
|
|
|
60
55
|
export class RefreshTokenClient extends BaseClient {
|
|
61
56
|
constructor(
|
|
62
57
|
configuration: ClientConfiguration,
|
|
63
|
-
performanceClient
|
|
58
|
+
performanceClient: IPerformanceClient
|
|
64
59
|
) {
|
|
65
60
|
super(configuration, performanceClient);
|
|
66
61
|
}
|
|
67
62
|
public async acquireToken(
|
|
68
63
|
request: CommonRefreshTokenRequest
|
|
69
64
|
): Promise<AuthenticationResult> {
|
|
70
|
-
this.performanceClient?.addQueueMeasurement(
|
|
71
|
-
PerformanceEvents.RefreshTokenClientAcquireToken,
|
|
72
|
-
request.correlationId
|
|
73
|
-
);
|
|
74
|
-
|
|
75
65
|
const reqTimestamp = TimeUtils.nowSeconds();
|
|
76
66
|
const response = await invokeAsync(
|
|
77
67
|
this.executeTokenRequest.bind(this),
|
|
@@ -82,16 +72,21 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
82
72
|
)(request, this.authority);
|
|
83
73
|
|
|
84
74
|
// Retrieve requestId from response headers
|
|
85
|
-
const requestId =
|
|
75
|
+
const requestId =
|
|
76
|
+
response.headers?.[Constants.HeaderNames.X_MS_REQUEST_ID];
|
|
86
77
|
const responseHandler = new ResponseHandler(
|
|
87
78
|
this.config.authOptions.clientId,
|
|
88
79
|
this.cacheManager,
|
|
89
80
|
this.cryptoUtils,
|
|
90
81
|
this.logger,
|
|
82
|
+
this.performanceClient,
|
|
91
83
|
this.config.serializableCache,
|
|
92
84
|
this.config.persistencePlugin
|
|
93
85
|
);
|
|
94
|
-
responseHandler.validateTokenResponse(
|
|
86
|
+
responseHandler.validateTokenResponse(
|
|
87
|
+
response.body,
|
|
88
|
+
request.correlationId
|
|
89
|
+
);
|
|
95
90
|
|
|
96
91
|
return invokeAsync(
|
|
97
92
|
responseHandler.handleServerTokenResponse.bind(responseHandler),
|
|
@@ -125,12 +120,6 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
125
120
|
ClientConfigurationErrorCodes.tokenRequestEmpty
|
|
126
121
|
);
|
|
127
122
|
}
|
|
128
|
-
|
|
129
|
-
this.performanceClient?.addQueueMeasurement(
|
|
130
|
-
PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken,
|
|
131
|
-
request.correlationId
|
|
132
|
-
);
|
|
133
|
-
|
|
134
123
|
// We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases
|
|
135
124
|
if (!request.account) {
|
|
136
125
|
throw createClientAuthError(
|
|
@@ -140,7 +129,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
140
129
|
|
|
141
130
|
// try checking if FOCI is enabled for the given application
|
|
142
131
|
const isFOCI = this.cacheManager.isAppMetadataFOCI(
|
|
143
|
-
request.account.environment
|
|
132
|
+
request.account.environment,
|
|
133
|
+
request.correlationId
|
|
144
134
|
);
|
|
145
135
|
|
|
146
136
|
// if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest
|
|
@@ -160,8 +150,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
160
150
|
InteractionRequiredAuthErrorCodes.noTokensFound;
|
|
161
151
|
const clientMismatchErrorWithFamilyRT =
|
|
162
152
|
e instanceof ServerError &&
|
|
163
|
-
e.errorCode ===
|
|
164
|
-
e.subError ===
|
|
153
|
+
e.errorCode === Constants.INVALID_GRANT_ERROR &&
|
|
154
|
+
e.subError === Constants.CLIENT_MISMATCH_ERROR;
|
|
165
155
|
|
|
166
156
|
// if family Refresh Token (FRT) cache acquisition fails or if client_mismatch error is seen with FRT, reattempt with application Refresh Token (ART)
|
|
167
157
|
if (noFamilyRTInCache || clientMismatchErrorWithFamilyRT) {
|
|
@@ -196,11 +186,6 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
196
186
|
request: CommonSilentFlowRequest,
|
|
197
187
|
foci: boolean
|
|
198
188
|
) {
|
|
199
|
-
this.performanceClient?.addQueueMeasurement(
|
|
200
|
-
PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken,
|
|
201
|
-
request.correlationId
|
|
202
|
-
);
|
|
203
|
-
|
|
204
189
|
// fetches family RT or application RT based on FOCI value
|
|
205
190
|
const refreshToken = invoke(
|
|
206
191
|
this.cacheManager.getRefreshToken.bind(this.cacheManager),
|
|
@@ -208,13 +193,7 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
208
193
|
this.logger,
|
|
209
194
|
this.performanceClient,
|
|
210
195
|
request.correlationId
|
|
211
|
-
)(
|
|
212
|
-
request.account,
|
|
213
|
-
foci,
|
|
214
|
-
request.correlationId,
|
|
215
|
-
undefined,
|
|
216
|
-
this.performanceClient
|
|
217
|
-
);
|
|
196
|
+
)(request.account, foci, request.correlationId, undefined);
|
|
218
197
|
|
|
219
198
|
if (!refreshToken) {
|
|
220
199
|
throw createInteractionRequiredAuthError(
|
|
@@ -244,7 +223,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
244
223
|
...request,
|
|
245
224
|
refreshToken: refreshToken.secret,
|
|
246
225
|
authenticationScheme:
|
|
247
|
-
request.authenticationScheme ||
|
|
226
|
+
request.authenticationScheme ||
|
|
227
|
+
Constants.AuthenticationScheme.BEARER,
|
|
248
228
|
ccsCredential: {
|
|
249
229
|
credential: request.account.homeAccountId,
|
|
250
230
|
type: CcsCredentialType.HOME_ACCOUNT_ID,
|
|
@@ -269,7 +249,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
269
249
|
if (e.subError === InteractionRequiredAuthErrorCodes.badToken) {
|
|
270
250
|
// Remove bad refresh token from cache
|
|
271
251
|
this.logger.verbose(
|
|
272
|
-
"acquireTokenWithRefreshToken: bad refresh token, removing from cache"
|
|
252
|
+
"acquireTokenWithRefreshToken: bad refresh token, removing from cache",
|
|
253
|
+
request.correlationId
|
|
273
254
|
);
|
|
274
255
|
const badRefreshTokenKey =
|
|
275
256
|
this.cacheManager.generateCredentialKey(refreshToken);
|
|
@@ -293,11 +274,6 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
293
274
|
request: CommonRefreshTokenRequest,
|
|
294
275
|
authority: Authority
|
|
295
276
|
): Promise<NetworkResponse<ServerAuthorizationTokenResponse>> {
|
|
296
|
-
this.performanceClient?.addQueueMeasurement(
|
|
297
|
-
PerformanceEvents.RefreshTokenClientExecuteTokenRequest,
|
|
298
|
-
request.correlationId
|
|
299
|
-
);
|
|
300
|
-
|
|
301
277
|
const queryParametersString = this.createTokenQueryParameters(request);
|
|
302
278
|
const endpoint = UrlString.appendQueryString(
|
|
303
279
|
authority.tokenEndpoint,
|
|
@@ -326,14 +302,7 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
326
302
|
this.logger,
|
|
327
303
|
this.performanceClient,
|
|
328
304
|
request.correlationId
|
|
329
|
-
)(
|
|
330
|
-
endpoint,
|
|
331
|
-
requestBody,
|
|
332
|
-
headers,
|
|
333
|
-
thumbprint,
|
|
334
|
-
request.correlationId,
|
|
335
|
-
PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint
|
|
336
|
-
);
|
|
305
|
+
)(endpoint, requestBody, headers, thumbprint, request.correlationId);
|
|
337
306
|
}
|
|
338
307
|
|
|
339
308
|
/**
|
|
@@ -343,11 +312,6 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
343
312
|
private async createTokenRequestBody(
|
|
344
313
|
request: CommonRefreshTokenRequest
|
|
345
314
|
): Promise<string> {
|
|
346
|
-
this.performanceClient?.addQueueMeasurement(
|
|
347
|
-
PerformanceEvents.RefreshTokenClientCreateTokenRequestBody,
|
|
348
|
-
request.correlationId
|
|
349
|
-
);
|
|
350
|
-
|
|
351
315
|
const parameters = new Map<string, string>();
|
|
352
316
|
|
|
353
317
|
RequestParameterBuilder.addClientId(
|
|
@@ -373,7 +337,7 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
373
337
|
|
|
374
338
|
RequestParameterBuilder.addGrantType(
|
|
375
339
|
parameters,
|
|
376
|
-
GrantType.REFRESH_TOKEN_GRANT
|
|
340
|
+
Constants.GrantType.REFRESH_TOKEN_GRANT
|
|
377
341
|
);
|
|
378
342
|
|
|
379
343
|
RequestParameterBuilder.addClientInfo(parameters);
|
|
@@ -425,7 +389,9 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
425
389
|
);
|
|
426
390
|
}
|
|
427
391
|
|
|
428
|
-
if (
|
|
392
|
+
if (
|
|
393
|
+
request.authenticationScheme === Constants.AuthenticationScheme.POP
|
|
394
|
+
) {
|
|
429
395
|
const popTokenGenerator = new PopTokenGenerator(
|
|
430
396
|
this.cryptoUtils,
|
|
431
397
|
this.performanceClient
|
|
@@ -448,7 +414,9 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
448
414
|
|
|
449
415
|
// SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
|
|
450
416
|
RequestParameterBuilder.addPopToken(parameters, reqCnfData);
|
|
451
|
-
} else if (
|
|
417
|
+
} else if (
|
|
418
|
+
request.authenticationScheme === Constants.AuthenticationScheme.SSH
|
|
419
|
+
) {
|
|
452
420
|
if (request.sshJwk) {
|
|
453
421
|
RequestParameterBuilder.addSshJwk(parameters, request.sshJwk);
|
|
454
422
|
} else {
|
|
@@ -486,8 +454,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
486
454
|
);
|
|
487
455
|
} catch (e) {
|
|
488
456
|
this.logger.verbose(
|
|
489
|
-
|
|
490
|
-
|
|
457
|
+
`Could not parse home account ID for CCS Header: '${e}'`,
|
|
458
|
+
request.correlationId
|
|
491
459
|
);
|
|
492
460
|
}
|
|
493
461
|
break;
|
|
@@ -19,7 +19,7 @@ import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.
|
|
|
19
19
|
import { StringUtils } from "../utils/StringUtils.js";
|
|
20
20
|
import { checkMaxAge, extractTokenClaims } from "../account/AuthToken.js";
|
|
21
21
|
import { TokenClaims } from "../account/TokenClaims.js";
|
|
22
|
-
import
|
|
22
|
+
import * as PerformanceEvents from "../telemetry/performance/PerformanceEvents.js";
|
|
23
23
|
import { invokeAsync } from "../utils/FunctionWrappers.js";
|
|
24
24
|
import { getTenantFromAuthorityString } from "../authority/Authority.js";
|
|
25
25
|
|
|
@@ -27,7 +27,7 @@ import { getTenantFromAuthorityString } from "../authority/Authority.js";
|
|
|
27
27
|
export class SilentFlowClient extends BaseClient {
|
|
28
28
|
constructor(
|
|
29
29
|
configuration: ClientConfiguration,
|
|
30
|
-
performanceClient
|
|
30
|
+
performanceClient: IPerformanceClient
|
|
31
31
|
) {
|
|
32
32
|
super(configuration, performanceClient);
|
|
33
33
|
}
|
|
@@ -39,17 +39,9 @@ export class SilentFlowClient extends BaseClient {
|
|
|
39
39
|
async acquireCachedToken(
|
|
40
40
|
request: CommonSilentFlowRequest
|
|
41
41
|
): Promise<[AuthenticationResult, CacheOutcome]> {
|
|
42
|
-
this.performanceClient?.addQueueMeasurement(
|
|
43
|
-
PerformanceEvents.SilentFlowClientAcquireCachedToken,
|
|
44
|
-
request.correlationId
|
|
45
|
-
);
|
|
46
42
|
let lastCacheOutcome: CacheOutcome = CacheOutcome.NOT_APPLICABLE;
|
|
47
43
|
|
|
48
|
-
if (
|
|
49
|
-
request.forceRefresh ||
|
|
50
|
-
(!this.config.cacheOptions.claimsBasedCachingEnabled &&
|
|
51
|
-
!StringUtils.isEmptyObj(request.claims))
|
|
52
|
-
) {
|
|
44
|
+
if (request.forceRefresh || !StringUtils.isEmptyObj(request.claims)) {
|
|
53
45
|
// Must refresh due to present force_refresh flag.
|
|
54
46
|
this.setCacheOutcome(
|
|
55
47
|
CacheOutcome.FORCE_REFRESH_OR_CLAIMS,
|
|
@@ -124,12 +116,13 @@ export class SilentFlowClient extends BaseClient {
|
|
|
124
116
|
request.account,
|
|
125
117
|
request.correlationId,
|
|
126
118
|
tokenKeys,
|
|
127
|
-
requestTenantId
|
|
128
|
-
this.performanceClient
|
|
119
|
+
requestTenantId
|
|
129
120
|
),
|
|
130
121
|
refreshToken: null,
|
|
131
|
-
appMetadata:
|
|
132
|
-
|
|
122
|
+
appMetadata: this.cacheManager.readAppMetadataFromCache(
|
|
123
|
+
environment,
|
|
124
|
+
request.correlationId
|
|
125
|
+
),
|
|
133
126
|
};
|
|
134
127
|
|
|
135
128
|
this.setCacheOutcome(lastCacheOutcome, request.correlationId);
|
|
@@ -163,7 +156,8 @@ export class SilentFlowClient extends BaseClient {
|
|
|
163
156
|
);
|
|
164
157
|
if (cacheOutcome !== CacheOutcome.NOT_APPLICABLE) {
|
|
165
158
|
this.logger.info(
|
|
166
|
-
`Token refresh is required due to cache outcome: ${cacheOutcome}
|
|
159
|
+
`Token refresh is required due to cache outcome: '${cacheOutcome}'`,
|
|
160
|
+
correlationId
|
|
167
161
|
);
|
|
168
162
|
}
|
|
169
163
|
}
|
|
@@ -176,10 +170,6 @@ export class SilentFlowClient extends BaseClient {
|
|
|
176
170
|
cacheRecord: CacheRecord,
|
|
177
171
|
request: CommonSilentFlowRequest
|
|
178
172
|
): Promise<AuthenticationResult> {
|
|
179
|
-
this.performanceClient?.addQueueMeasurement(
|
|
180
|
-
PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord,
|
|
181
|
-
request.correlationId
|
|
182
|
-
);
|
|
183
173
|
let idTokenClaims: TokenClaims | undefined;
|
|
184
174
|
if (cacheRecord.idToken) {
|
|
185
175
|
idTokenClaims = extractTokenClaims(
|
|
@@ -206,6 +196,7 @@ export class SilentFlowClient extends BaseClient {
|
|
|
206
196
|
cacheRecord,
|
|
207
197
|
true,
|
|
208
198
|
request,
|
|
199
|
+
this.performanceClient,
|
|
209
200
|
idTokenClaims
|
|
210
201
|
);
|
|
211
202
|
}
|
|
@@ -7,8 +7,9 @@ import { INetworkModule } from "../network/INetworkModule.js";
|
|
|
7
7
|
import { DEFAULT_CRYPTO_IMPLEMENTATION, ICrypto } from "../crypto/ICrypto.js";
|
|
8
8
|
import { ILoggerCallback, Logger, LogLevel } from "../logger/Logger.js";
|
|
9
9
|
import {
|
|
10
|
-
|
|
10
|
+
DEFAULT_COMMON_TENANT,
|
|
11
11
|
DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
|
|
12
|
+
SKU,
|
|
12
13
|
} from "../utils/Constants.js";
|
|
13
14
|
import { version } from "../packageMetadata.js";
|
|
14
15
|
import type { Authority } from "../authority/Authority.js";
|
|
@@ -44,7 +45,6 @@ export type ClientConfiguration = {
|
|
|
44
45
|
authOptions: AuthOptions;
|
|
45
46
|
systemOptions?: SystemOptions;
|
|
46
47
|
loggerOptions?: LoggerOptions;
|
|
47
|
-
cacheOptions?: CacheOptions;
|
|
48
48
|
storageInterface?: CacheManager;
|
|
49
49
|
networkInterface?: INetworkModule;
|
|
50
50
|
cryptoInterface?: ICrypto;
|
|
@@ -60,7 +60,6 @@ export type CommonClientConfiguration = {
|
|
|
60
60
|
authOptions: Required<AuthOptions>;
|
|
61
61
|
systemOptions: Required<SystemOptions>;
|
|
62
62
|
loggerOptions: Required<LoggerOptions>;
|
|
63
|
-
cacheOptions: Required<CacheOptions>;
|
|
64
63
|
storageInterface: CacheManager;
|
|
65
64
|
networkInterface: INetworkModule;
|
|
66
65
|
cryptoInterface: Required<ICrypto>;
|
|
@@ -80,11 +79,8 @@ export type CommonClientConfiguration = {
|
|
|
80
79
|
* - knownAuthorities - An array of URIs that are known to be valid. Used in B2C scenarios.
|
|
81
80
|
* - cloudDiscoveryMetadata - A string containing the cloud discovery response. Used in AAD scenarios.
|
|
82
81
|
* - clientCapabilities - Array of capabilities which will be added to the claims.access_token.xms_cc request property on every network request.
|
|
83
|
-
* - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
|
|
84
|
-
* - skipAuthorityMetadataCache - A flag to choose whether to use or not use the local metadata cache during authority initialization. Defaults to false.
|
|
85
82
|
* - instanceAware - A flag of whether the STS will send back additional parameters to specify where the tokens should be retrieved from.
|
|
86
83
|
* - redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
|
|
87
|
-
* - encodeExtraQueryParams - A flag to choose whether to encode the extra query parameters or not. Defaults to false.
|
|
88
84
|
* @internal
|
|
89
85
|
*/
|
|
90
86
|
export type AuthOptions = {
|
|
@@ -93,18 +89,14 @@ export type AuthOptions = {
|
|
|
93
89
|
redirectUri: string;
|
|
94
90
|
clientCapabilities?: Array<string>;
|
|
95
91
|
azureCloudOptions?: AzureCloudOptions;
|
|
96
|
-
skipAuthorityMetadataCache?: boolean;
|
|
97
92
|
instanceAware?: boolean;
|
|
98
|
-
/**
|
|
99
|
-
* @deprecated This flag is deprecated and will be removed in the next major version where all extra query params will be encoded by default.
|
|
100
|
-
*/
|
|
101
|
-
encodeExtraQueryParams?: boolean;
|
|
102
93
|
};
|
|
103
94
|
|
|
104
95
|
/**
|
|
105
96
|
* Use this to configure token renewal info in the Configuration object
|
|
106
97
|
*
|
|
107
98
|
* - tokenRenewalOffsetSeconds - Sets the window of offset needed to renew the token before expiry
|
|
99
|
+
* - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
|
|
108
100
|
*/
|
|
109
101
|
export type SystemOptions = {
|
|
110
102
|
tokenRenewalOffsetSeconds?: number;
|
|
@@ -126,18 +118,6 @@ export type LoggerOptions = {
|
|
|
126
118
|
correlationId?: string;
|
|
127
119
|
};
|
|
128
120
|
|
|
129
|
-
/**
|
|
130
|
-
* Use this to configure credential cache preferences in the ClientConfiguration object
|
|
131
|
-
*
|
|
132
|
-
* - claimsBasedCachingEnabled - Sets whether tokens should be cached based on the claims hash. Default is false.
|
|
133
|
-
*/
|
|
134
|
-
export type CacheOptions = {
|
|
135
|
-
/**
|
|
136
|
-
* @deprecated claimsBasedCachingEnabled is deprecated and will be removed in the next major version.
|
|
137
|
-
*/
|
|
138
|
-
claimsBasedCachingEnabled?: boolean;
|
|
139
|
-
};
|
|
140
|
-
|
|
141
121
|
/**
|
|
142
122
|
* Library-specific options
|
|
143
123
|
*/
|
|
@@ -184,11 +164,7 @@ const DEFAULT_LOGGER_IMPLEMENTATION: Required<LoggerOptions> = {
|
|
|
184
164
|
},
|
|
185
165
|
piiLoggingEnabled: false,
|
|
186
166
|
logLevel: LogLevel.Info,
|
|
187
|
-
correlationId:
|
|
188
|
-
};
|
|
189
|
-
|
|
190
|
-
const DEFAULT_CACHE_OPTIONS: Required<CacheOptions> = {
|
|
191
|
-
claimsBasedCachingEnabled: false,
|
|
167
|
+
correlationId: "",
|
|
192
168
|
};
|
|
193
169
|
|
|
194
170
|
const DEFAULT_NETWORK_IMPLEMENTATION: INetworkModule = {
|
|
@@ -201,20 +177,20 @@ const DEFAULT_NETWORK_IMPLEMENTATION: INetworkModule = {
|
|
|
201
177
|
};
|
|
202
178
|
|
|
203
179
|
const DEFAULT_LIBRARY_INFO: LibraryInfo = {
|
|
204
|
-
sku:
|
|
180
|
+
sku: SKU,
|
|
205
181
|
version: version,
|
|
206
|
-
cpu:
|
|
207
|
-
os:
|
|
182
|
+
cpu: "",
|
|
183
|
+
os: "",
|
|
208
184
|
};
|
|
209
185
|
|
|
210
186
|
const DEFAULT_CLIENT_CREDENTIALS: ClientCredentials = {
|
|
211
|
-
clientSecret:
|
|
187
|
+
clientSecret: "",
|
|
212
188
|
clientAssertion: undefined,
|
|
213
189
|
};
|
|
214
190
|
|
|
215
191
|
const DEFAULT_AZURE_CLOUD_OPTIONS: AzureCloudOptions = {
|
|
216
192
|
azureCloudInstance: AzureCloudInstance.None,
|
|
217
|
-
tenant: `${
|
|
193
|
+
tenant: `${DEFAULT_COMMON_TENANT}`,
|
|
218
194
|
};
|
|
219
195
|
|
|
220
196
|
const DEFAULT_TELEMETRY_OPTIONS: Required<TelemetryOptions> = {
|
|
@@ -235,7 +211,6 @@ export function buildClientConfiguration({
|
|
|
235
211
|
authOptions: userAuthOptions,
|
|
236
212
|
systemOptions: userSystemOptions,
|
|
237
213
|
loggerOptions: userLoggerOption,
|
|
238
|
-
cacheOptions: userCacheOptions,
|
|
239
214
|
storageInterface: storageImplementation,
|
|
240
215
|
networkInterface: networkImplementation,
|
|
241
216
|
cryptoInterface: cryptoImplementation,
|
|
@@ -255,7 +230,6 @@ export function buildClientConfiguration({
|
|
|
255
230
|
authOptions: buildAuthOptions(userAuthOptions),
|
|
256
231
|
systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions },
|
|
257
232
|
loggerOptions: loggerOptions,
|
|
258
|
-
cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },
|
|
259
233
|
storageInterface:
|
|
260
234
|
storageImplementation ||
|
|
261
235
|
new DefaultStorageClass(
|
|
@@ -284,9 +258,7 @@ function buildAuthOptions(authOptions: AuthOptions): Required<AuthOptions> {
|
|
|
284
258
|
return {
|
|
285
259
|
clientCapabilities: [],
|
|
286
260
|
azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
|
|
287
|
-
skipAuthorityMetadataCache: false,
|
|
288
261
|
instanceAware: false,
|
|
289
|
-
encodeExtraQueryParams: false,
|
|
290
262
|
...authOptions,
|
|
291
263
|
};
|
|
292
264
|
}
|
package/src/crypto/ICrypto.ts
CHANGED
|
@@ -28,7 +28,7 @@ export type SignedHttpRequestParameters = Pick<
|
|
|
28
28
|
| "shrNonce"
|
|
29
29
|
| "shrOptions"
|
|
30
30
|
> & {
|
|
31
|
-
correlationId
|
|
31
|
+
correlationId: string;
|
|
32
32
|
};
|
|
33
33
|
|
|
34
34
|
/**
|
|
@@ -69,12 +69,14 @@ export interface ICrypto {
|
|
|
69
69
|
/**
|
|
70
70
|
* Removes cryptographic keypair from key store matching the keyId passed in
|
|
71
71
|
* @param kid
|
|
72
|
+
* @param correlationId
|
|
72
73
|
*/
|
|
73
|
-
removeTokenBindingKey(kid: string): Promise<void>;
|
|
74
|
+
removeTokenBindingKey(kid: string, correlationId: string): Promise<void>;
|
|
74
75
|
/**
|
|
75
76
|
* Removes all cryptographic keys from IndexedDB storage
|
|
77
|
+
* @param correlationId
|
|
76
78
|
*/
|
|
77
|
-
clearKeystore(): Promise<boolean>;
|
|
79
|
+
clearKeystore(correlationId: string): Promise<boolean>;
|
|
78
80
|
/**
|
|
79
81
|
* Returns a signed proof-of-possession token with a given acces token that contains a cnf claim with the required kid.
|
|
80
82
|
* @param accessToken
|
|
@@ -7,7 +7,7 @@ import { ICrypto, SignedHttpRequestParameters } from "./ICrypto.js";
|
|
|
7
7
|
import * as TimeUtils from "../utils/TimeUtils.js";
|
|
8
8
|
import { UrlString } from "../url/UrlString.js";
|
|
9
9
|
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
10
|
-
import
|
|
10
|
+
import * as PerformanceEvents from "../telemetry/performance/PerformanceEvents.js";
|
|
11
11
|
import { invokeAsync } from "../utils/FunctionWrappers.js";
|
|
12
12
|
import { Logger } from "../logger/Logger.js";
|
|
13
13
|
|
|
@@ -37,9 +37,9 @@ export type KeyLocation = (typeof KeyLocation)[keyof typeof KeyLocation];
|
|
|
37
37
|
/** @internal */
|
|
38
38
|
export class PopTokenGenerator {
|
|
39
39
|
private cryptoUtils: ICrypto;
|
|
40
|
-
private performanceClient
|
|
40
|
+
private performanceClient: IPerformanceClient;
|
|
41
41
|
|
|
42
|
-
constructor(cryptoUtils: ICrypto, performanceClient
|
|
42
|
+
constructor(cryptoUtils: ICrypto, performanceClient: IPerformanceClient) {
|
|
43
43
|
this.cryptoUtils = cryptoUtils;
|
|
44
44
|
this.performanceClient = performanceClient;
|
|
45
45
|
}
|
|
@@ -54,11 +54,6 @@ export class PopTokenGenerator {
|
|
|
54
54
|
request: SignedHttpRequestParameters,
|
|
55
55
|
logger: Logger
|
|
56
56
|
): Promise<ReqCnfData> {
|
|
57
|
-
this.performanceClient?.addQueueMeasurement(
|
|
58
|
-
PerformanceEvents.PopTokenGenerateCnf,
|
|
59
|
-
request.correlationId
|
|
60
|
-
);
|
|
61
|
-
|
|
62
57
|
const reqCnf = await invokeAsync(
|
|
63
58
|
this.generateKid.bind(this),
|
|
64
59
|
PerformanceEvents.PopTokenGenerateCnf,
|
|
@@ -82,11 +77,6 @@ export class PopTokenGenerator {
|
|
|
82
77
|
* @returns
|
|
83
78
|
*/
|
|
84
79
|
async generateKid(request: SignedHttpRequestParameters): Promise<ReqCnf> {
|
|
85
|
-
this.performanceClient?.addQueueMeasurement(
|
|
86
|
-
PerformanceEvents.PopTokenGenerateKid,
|
|
87
|
-
request.correlationId
|
|
88
|
-
);
|
|
89
|
-
|
|
90
80
|
const kidThumbprint = await this.cryptoUtils.getPublicKeyThumbprint(
|
|
91
81
|
request
|
|
92
82
|
);
|
package/src/error/AuthError.ts
CHANGED
|
@@ -3,30 +3,12 @@
|
|
|
3
3
|
* Licensed under the MIT License.
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
|
-
import { Constants } from "../utils/Constants.js";
|
|
7
6
|
import * as AuthErrorCodes from "./AuthErrorCodes.js";
|
|
8
7
|
export { AuthErrorCodes };
|
|
9
8
|
|
|
10
|
-
export
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details.",
|
|
14
|
-
};
|
|
15
|
-
|
|
16
|
-
/**
|
|
17
|
-
* AuthErrorMessage class containing string constants used by error codes and messages.
|
|
18
|
-
* @deprecated Use AuthErrorCodes instead
|
|
19
|
-
*/
|
|
20
|
-
export const AuthErrorMessage = {
|
|
21
|
-
unexpectedError: {
|
|
22
|
-
code: AuthErrorCodes.unexpectedError,
|
|
23
|
-
desc: AuthErrorMessages[AuthErrorCodes.unexpectedError],
|
|
24
|
-
},
|
|
25
|
-
postRequestFailed: {
|
|
26
|
-
code: AuthErrorCodes.postRequestFailed,
|
|
27
|
-
desc: AuthErrorMessages[AuthErrorCodes.postRequestFailed],
|
|
28
|
-
},
|
|
29
|
-
};
|
|
9
|
+
export function getDefaultErrorMessage(code: string): string {
|
|
10
|
+
return `See https://aka.ms/msal.js.errors#${code} for details`;
|
|
11
|
+
}
|
|
30
12
|
|
|
31
13
|
/**
|
|
32
14
|
* General error class thrown by the MSAL.js library.
|
|
@@ -53,15 +35,16 @@ export class AuthError extends Error {
|
|
|
53
35
|
correlationId: string;
|
|
54
36
|
|
|
55
37
|
constructor(errorCode?: string, errorMessage?: string, suberror?: string) {
|
|
56
|
-
const
|
|
57
|
-
|
|
58
|
-
:
|
|
38
|
+
const message =
|
|
39
|
+
errorMessage ||
|
|
40
|
+
(errorCode ? getDefaultErrorMessage(errorCode) : "");
|
|
41
|
+
const errorString = message ? `${errorCode}: ${message}` : errorCode;
|
|
59
42
|
super(errorString);
|
|
60
43
|
Object.setPrototypeOf(this, AuthError.prototype);
|
|
61
44
|
|
|
62
|
-
this.errorCode = errorCode ||
|
|
63
|
-
this.errorMessage =
|
|
64
|
-
this.subError = suberror ||
|
|
45
|
+
this.errorCode = errorCode || "";
|
|
46
|
+
this.errorMessage = message || "";
|
|
47
|
+
this.subError = suberror || "";
|
|
65
48
|
this.name = "AuthError";
|
|
66
49
|
}
|
|
67
50
|
|
|
@@ -76,8 +59,6 @@ export function createAuthError(
|
|
|
76
59
|
): AuthError {
|
|
77
60
|
return new AuthError(
|
|
78
61
|
code,
|
|
79
|
-
additionalMessage
|
|
80
|
-
? `${AuthErrorMessages[code]} ${additionalMessage}`
|
|
81
|
-
: AuthErrorMessages[code]
|
|
62
|
+
additionalMessage || getDefaultErrorMessage(code)
|
|
82
63
|
);
|
|
83
64
|
}
|