@azure/msal-common 15.13.0 → 16.0.0-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +0 -4
- package/dist/account/AccountInfo.d.ts.map +1 -1
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/AuthToken.mjs.map +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/CcsCredential.mjs.map +1 -1
- package/dist/account/ClientInfo.d.ts +1 -5
- package/dist/account/ClientInfo.d.ts.map +1 -1
- package/dist/account/ClientInfo.mjs +4 -6
- package/dist/account/ClientInfo.mjs.map +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/account/TokenClaims.mjs.map +1 -1
- package/dist/authority/Authority.d.ts +2 -2
- package/dist/authority/Authority.d.ts.map +1 -1
- package/dist/authority/Authority.mjs +89 -105
- package/dist/authority/Authority.mjs.map +1 -1
- package/dist/authority/AuthorityFactory.d.ts +6 -2
- package/dist/authority/AuthorityFactory.d.ts.map +1 -1
- package/dist/authority/AuthorityFactory.mjs +8 -5
- package/dist/authority/AuthorityFactory.mjs.map +1 -1
- package/dist/authority/AuthorityMetadata.d.ts +2 -2
- package/dist/authority/AuthorityMetadata.d.ts.map +1 -1
- package/dist/authority/AuthorityMetadata.mjs +8 -8
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.d.ts +0 -1
- package/dist/authority/AuthorityOptions.d.ts.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs.map +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/AuthorityType.mjs.map +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OIDCOptions.d.ts +2 -2
- package/dist/authority/OIDCOptions.d.ts.map +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs.map +1 -1
- package/dist/authority/RegionDiscovery.d.ts +3 -3
- package/dist/authority/RegionDiscovery.d.ts.map +1 -1
- package/dist/authority/RegionDiscovery.mjs +14 -15
- package/dist/authority/RegionDiscovery.mjs.map +1 -1
- package/dist/cache/CacheManager.d.ts +25 -17
- package/dist/cache/CacheManager.d.ts.map +1 -1
- package/dist/cache/CacheManager.mjs +69 -80
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/entities/AccessTokenEntity.d.ts +0 -4
- package/dist/cache/entities/AccessTokenEntity.d.ts.map +1 -1
- package/dist/cache/entities/AccountEntity.d.ts +4 -57
- package/dist/cache/entities/AccountEntity.d.ts.map +1 -1
- package/dist/cache/entities/CredentialEntity.d.ts +0 -2
- package/dist/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/dist/cache/interface/ICacheManager.d.ts +41 -12
- package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs.map +1 -1
- package/dist/cache/utils/AccountEntityUtils.d.ts +60 -0
- package/dist/cache/utils/AccountEntityUtils.d.ts.map +1 -0
- package/dist/cache/utils/AccountEntityUtils.mjs +212 -0
- package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -0
- package/dist/cache/utils/CacheHelpers.d.ts +2 -2
- package/dist/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +10 -13
- package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist/cache/utils/CacheTypes.d.ts +0 -1
- package/dist/cache/utils/CacheTypes.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +16 -20
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/BaseClient.d.ts +3 -3
- package/dist/client/BaseClient.d.ts.map +1 -1
- package/dist/client/BaseClient.mjs +7 -12
- package/dist/client/BaseClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts +1 -1
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +22 -27
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.d.ts +1 -1
- package/dist/client/SilentFlowClient.d.ts.map +1 -1
- package/dist/client/SilentFlowClient.mjs +8 -12
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.d.ts +2 -22
- package/dist/config/ClientConfiguration.d.ts.map +1 -1
- package/dist/config/ClientConfiguration.mjs +9 -15
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +1 -1
- package/dist/crypto/ICrypto.d.ts +5 -3
- package/dist/crypto/ICrypto.d.ts.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/ICrypto.mjs.map +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs.map +1 -1
- package/dist/crypto/PopTokenGenerator.d.ts +2 -2
- package/dist/crypto/PopTokenGenerator.d.ts.map +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +3 -5
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.d.ts +1 -18
- package/dist/error/AuthError.d.ts.map +1 -1
- package/dist/error/AuthError.mjs +12 -34
- package/dist/error/AuthError.mjs.map +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.d.ts +1 -6
- package/dist/error/CacheError.d.ts.map +1 -1
- package/dist/error/CacheError.mjs +6 -13
- package/dist/error/CacheError.mjs.map +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.d.ts +0 -224
- package/dist/error/ClientAuthError.d.ts.map +1 -1
- package/dist/error/ClientAuthError.mjs +3 -235
- package/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/error/ClientAuthErrorCodes.d.ts +0 -8
- package/dist/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +2 -10
- package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/error/ClientConfigurationError.d.ts +0 -123
- package/dist/error/ClientConfigurationError.d.ts.map +1 -1
- package/dist/error/ClientConfigurationError.mjs +3 -129
- package/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.d.ts +0 -2
- package/dist/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +3 -5
- package/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthError.d.ts +1 -19
- package/dist/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +10 -35
- package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.d.ts +0 -4
- package/dist/error/JoseHeaderError.d.ts.map +1 -1
- package/dist/error/JoseHeaderError.mjs +3 -8
- package/dist/error/JoseHeaderError.mjs.map +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/NetworkError.mjs.map +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/error/ServerError.mjs.map +1 -1
- package/dist/exports-browser-only.d.ts +4 -3
- package/dist/exports-browser-only.d.ts.map +1 -1
- package/dist/exports-common.d.ts +8 -6
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/exports-node-only.d.ts +1 -4
- package/dist/exports-node-only.d.ts.map +1 -1
- package/dist/index-browser.mjs +12 -8
- package/dist/index-browser.mjs.map +1 -1
- package/dist/index-node.mjs +10 -7
- package/dist/index-node.mjs.map +1 -1
- package/dist/index.mjs +12 -8
- package/dist/index.mjs.map +1 -1
- package/dist/logger/Logger.d.ts +12 -13
- package/dist/logger/Logger.d.ts.map +1 -1
- package/dist/logger/Logger.mjs +16 -21
- package/dist/logger/Logger.mjs.map +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/INetworkModule.mjs.map +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.d.ts.map +1 -1
- package/dist/network/ThrottlingUtils.mjs +6 -7
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.d.ts.map +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +1 -2
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +14 -14
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/dist/request/AuthenticationHeaderParser.mjs +3 -3
- package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist/request/BaseAuthRequest.d.ts +1 -7
- package/dist/request/BaseAuthRequest.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.d.ts +3 -9
- package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +7 -20
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/ScopeSet.mjs +5 -5
- package/dist/request/ScopeSet.mjs.map +1 -1
- package/dist/response/AuthenticationResult.d.ts +1 -1
- package/dist/response/AuthenticationResult.d.ts.map +1 -1
- package/dist/response/ResponseHandler.d.ts +6 -5
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +39 -41
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/IPerformanceClient.d.ts +1 -31
- package/dist/telemetry/performance/IPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.d.ts +6 -85
- package/dist/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +28 -188
- package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.d.ts +0 -282
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +2 -483
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvents.d.ts +65 -0
- package/dist/telemetry/performance/PerformanceEvents.d.ts.map +1 -0
- package/dist/telemetry/performance/PerformanceEvents.mjs +73 -0
- package/dist/telemetry/performance/PerformanceEvents.mjs.map +1 -0
- package/dist/telemetry/performance/StubPerformanceClient.d.ts +0 -4
- package/dist/telemetry/performance/StubPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +2 -26
- package/dist/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.d.ts +2 -2
- package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +28 -30
- package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/url/UrlString.d.ts +0 -5
- package/dist/url/UrlString.d.ts.map +1 -1
- package/dist/url/UrlString.mjs +5 -13
- package/dist/url/UrlString.mjs.map +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs.map +1 -1
- package/dist/utils/Constants.d.ts +81 -117
- package/dist/utils/Constants.d.ts.map +1 -1
- package/dist/utils/Constants.mjs +100 -131
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.d.ts +2 -2
- package/dist/utils/FunctionWrappers.d.ts.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +19 -20
- package/dist/utils/FunctionWrappers.mjs.map +1 -1
- package/dist/utils/ProtocolUtils.mjs +7 -7
- package/dist/utils/ProtocolUtils.mjs.map +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs.map +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs.map +1 -1
- package/dist/utils/UrlUtils.d.ts +1 -2
- package/dist/utils/UrlUtils.d.ts.map +1 -1
- package/dist/utils/UrlUtils.mjs +3 -10
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +29 -222
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-D8Iaiqq3.js → index-node-FrCFfFuh.js} +1606 -2493
- package/lib/index-node-FrCFfFuh.js.map +1 -0
- package/lib/index-node.cjs +4 -33
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +3 -33
- package/lib/index.cjs.map +1 -1
- package/lib/types/account/AccountInfo.d.ts +0 -4
- package/lib/types/account/AccountInfo.d.ts.map +1 -1
- package/lib/types/account/ClientInfo.d.ts +1 -5
- package/lib/types/account/ClientInfo.d.ts.map +1 -1
- package/lib/types/authority/Authority.d.ts +2 -2
- package/lib/types/authority/Authority.d.ts.map +1 -1
- package/lib/types/authority/AuthorityFactory.d.ts +6 -2
- package/lib/types/authority/AuthorityFactory.d.ts.map +1 -1
- package/lib/types/authority/AuthorityMetadata.d.ts +2 -2
- package/lib/types/authority/AuthorityMetadata.d.ts.map +1 -1
- package/lib/types/authority/AuthorityOptions.d.ts +0 -1
- package/lib/types/authority/AuthorityOptions.d.ts.map +1 -1
- package/lib/types/authority/OIDCOptions.d.ts +2 -2
- package/lib/types/authority/OIDCOptions.d.ts.map +1 -1
- package/lib/types/authority/RegionDiscovery.d.ts +3 -3
- package/lib/types/authority/RegionDiscovery.d.ts.map +1 -1
- package/lib/types/cache/CacheManager.d.ts +25 -17
- package/lib/types/cache/CacheManager.d.ts.map +1 -1
- package/lib/types/cache/entities/AccessTokenEntity.d.ts +0 -4
- package/lib/types/cache/entities/AccessTokenEntity.d.ts.map +1 -1
- package/lib/types/cache/entities/AccountEntity.d.ts +4 -57
- package/lib/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/lib/types/cache/entities/CredentialEntity.d.ts +0 -2
- package/lib/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/lib/types/cache/interface/ICacheManager.d.ts +41 -12
- package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
- package/lib/types/cache/utils/AccountEntityUtils.d.ts +60 -0
- package/lib/types/cache/utils/AccountEntityUtils.d.ts.map +1 -0
- package/lib/types/cache/utils/CacheHelpers.d.ts +2 -2
- package/lib/types/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/lib/types/cache/utils/CacheTypes.d.ts +0 -1
- package/lib/types/cache/utils/CacheTypes.d.ts.map +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/lib/types/client/BaseClient.d.ts +3 -3
- package/lib/types/client/BaseClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/client/SilentFlowClient.d.ts +1 -1
- package/lib/types/client/SilentFlowClient.d.ts.map +1 -1
- package/lib/types/config/ClientConfiguration.d.ts +2 -22
- package/lib/types/config/ClientConfiguration.d.ts.map +1 -1
- package/lib/types/crypto/ICrypto.d.ts +5 -3
- package/lib/types/crypto/ICrypto.d.ts.map +1 -1
- package/lib/types/crypto/PopTokenGenerator.d.ts +2 -2
- package/lib/types/crypto/PopTokenGenerator.d.ts.map +1 -1
- package/lib/types/error/AuthError.d.ts +1 -18
- package/lib/types/error/AuthError.d.ts.map +1 -1
- package/lib/types/error/CacheError.d.ts +1 -6
- package/lib/types/error/CacheError.d.ts.map +1 -1
- package/lib/types/error/ClientAuthError.d.ts +0 -224
- package/lib/types/error/ClientAuthError.d.ts.map +1 -1
- package/lib/types/error/ClientAuthErrorCodes.d.ts +0 -8
- package/lib/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/lib/types/error/ClientConfigurationError.d.ts +0 -123
- package/lib/types/error/ClientConfigurationError.d.ts.map +1 -1
- package/lib/types/error/ClientConfigurationErrorCodes.d.ts +0 -2
- package/lib/types/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
- package/lib/types/error/InteractionRequiredAuthError.d.ts +1 -19
- package/lib/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/lib/types/error/JoseHeaderError.d.ts +0 -4
- package/lib/types/error/JoseHeaderError.d.ts.map +1 -1
- package/lib/types/exports-browser-only.d.ts +4 -3
- package/lib/types/exports-browser-only.d.ts.map +1 -1
- package/lib/types/exports-common.d.ts +8 -6
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/exports-node-only.d.ts +1 -4
- package/lib/types/exports-node-only.d.ts.map +1 -1
- package/lib/types/logger/Logger.d.ts +12 -13
- package/lib/types/logger/Logger.d.ts.map +1 -1
- package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/packageMetadata.d.ts.map +1 -1
- package/lib/types/protocol/Authorize.d.ts +1 -2
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/lib/types/request/BaseAuthRequest.d.ts +1 -7
- package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/lib/types/request/RequestParameterBuilder.d.ts +3 -9
- package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/lib/types/response/AuthenticationResult.d.ts +1 -1
- package/lib/types/response/AuthenticationResult.d.ts.map +1 -1
- package/lib/types/response/ResponseHandler.d.ts +6 -5
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/performance/IPerformanceClient.d.ts +1 -31
- package/lib/types/telemetry/performance/IPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceClient.d.ts +6 -85
- package/lib/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts +0 -282
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvents.d.ts +65 -0
- package/lib/types/telemetry/performance/PerformanceEvents.d.ts.map +1 -0
- package/lib/types/telemetry/performance/StubPerformanceClient.d.ts +0 -4
- package/lib/types/telemetry/performance/StubPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/server/ServerTelemetryManager.d.ts +2 -2
- package/lib/types/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/lib/types/url/UrlString.d.ts +0 -5
- package/lib/types/url/UrlString.d.ts.map +1 -1
- package/lib/types/utils/Constants.d.ts +81 -117
- package/lib/types/utils/Constants.d.ts.map +1 -1
- package/lib/types/utils/FunctionWrappers.d.ts +2 -2
- package/lib/types/utils/FunctionWrappers.d.ts.map +1 -1
- package/lib/types/utils/UrlUtils.d.ts +1 -2
- package/lib/types/utils/UrlUtils.d.ts.map +1 -1
- package/package.json +120 -122
- package/src/account/AccountInfo.ts +0 -6
- package/src/account/ClientInfo.ts +4 -11
- package/src/authority/Authority.ts +145 -146
- package/src/authority/AuthorityFactory.ts +7 -7
- package/src/authority/AuthorityMetadata.ts +21 -12
- package/src/authority/AuthorityOptions.ts +0 -1
- package/src/authority/OIDCOptions.ts +2 -2
- package/src/authority/RegionDiscovery.ts +20 -33
- package/src/cache/CacheManager.ts +176 -126
- package/src/cache/entities/AccessTokenEntity.ts +0 -4
- package/src/cache/entities/AccountEntity.ts +4 -293
- package/src/cache/entities/CredentialEntity.ts +0 -2
- package/src/cache/interface/ICacheManager.ts +61 -15
- package/src/cache/utils/AccountEntityUtils.ts +287 -0
- package/src/cache/utils/CacheHelpers.ts +23 -37
- package/src/cache/utils/CacheTypes.ts +0 -1
- package/src/client/AuthorizationCodeClient.ts +28 -49
- package/src/client/BaseClient.ts +8 -20
- package/src/client/RefreshTokenClient.ts +29 -61
- package/src/client/SilentFlowClient.ts +11 -20
- package/src/config/ClientConfiguration.ts +9 -37
- package/src/crypto/ICrypto.ts +5 -3
- package/src/crypto/PopTokenGenerator.ts +3 -13
- package/src/error/AuthError.ts +11 -30
- package/src/error/CacheError.ts +4 -15
- package/src/error/ClientAuthError.ts +1 -311
- package/src/error/ClientAuthErrorCodes.ts +0 -8
- package/src/error/ClientConfigurationError.ts +1 -194
- package/src/error/ClientConfigurationErrorCodes.ts +0 -3
- package/src/error/InteractionRequiredAuthError.ts +8 -48
- package/src/error/JoseHeaderError.ts +1 -8
- package/src/exports-browser-only.ts +2 -6
- package/src/exports-common.ts +4 -34
- package/src/exports-node-only.ts +1 -4
- package/src/logger/Logger.ts +26 -39
- package/src/network/ThrottlingUtils.ts +12 -15
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +24 -20
- package/src/request/AuthenticationHeaderParser.ts +2 -4
- package/src/request/BaseAuthRequest.ts +1 -7
- package/src/request/RequestParameterBuilder.ts +30 -45
- package/src/request/ScopeSet.ts +4 -4
- package/src/response/AuthenticationResult.ts +1 -1
- package/src/response/ResponseHandler.ts +53 -58
- package/src/telemetry/performance/IPerformanceClient.ts +1 -43
- package/src/telemetry/performance/PerformanceClient.ts +32 -295
- package/src/telemetry/performance/PerformanceEvent.ts +0 -586
- package/src/telemetry/performance/PerformanceEvents.ts +97 -0
- package/src/telemetry/performance/StubPerformanceClient.ts +0 -16
- package/src/telemetry/server/ServerTelemetryManager.ts +33 -44
- package/src/url/UrlString.ts +3 -12
- package/src/utils/Constants.ts +103 -146
- package/src/utils/FunctionWrappers.ts +28 -29
- package/src/utils/ProtocolUtils.ts +6 -6
- package/src/utils/UrlUtils.ts +2 -15
- package/dist/cache/entities/AccountEntity.mjs +0 -232
- package/dist/cache/entities/AccountEntity.mjs.map +0 -1
- package/dist/request/CommonClientCredentialRequest.d.ts +0 -18
- package/dist/request/CommonClientCredentialRequest.d.ts.map +0 -1
- package/dist/request/CommonDeviceCodeRequest.d.ts +0 -22
- package/dist/request/CommonDeviceCodeRequest.d.ts.map +0 -1
- package/dist/request/CommonOnBehalfOfRequest.d.ts +0 -14
- package/dist/request/CommonOnBehalfOfRequest.d.ts.map +0 -1
- package/dist/request/CommonUsernamePasswordRequest.d.ts +0 -18
- package/dist/request/CommonUsernamePasswordRequest.d.ts.map +0 -1
- package/lib/index-node-D8Iaiqq3.js.map +0 -1
- package/lib/types/request/CommonClientCredentialRequest.d.ts +0 -18
- package/lib/types/request/CommonClientCredentialRequest.d.ts.map +0 -1
- package/lib/types/request/CommonDeviceCodeRequest.d.ts +0 -22
- package/lib/types/request/CommonDeviceCodeRequest.d.ts.map +0 -1
- package/lib/types/request/CommonOnBehalfOfRequest.d.ts +0 -14
- package/lib/types/request/CommonOnBehalfOfRequest.d.ts.map +0 -1
- package/lib/types/request/CommonUsernamePasswordRequest.d.ts +0 -18
- package/lib/types/request/CommonUsernamePasswordRequest.d.ts.map +0 -1
- package/src/request/CommonClientCredentialRequest.ts +0 -23
- package/src/request/CommonDeviceCodeRequest.ts +0 -31
- package/src/request/CommonOnBehalfOfRequest.ts +0 -19
- package/src/request/CommonUsernamePasswordRequest.ts +0 -23
|
@@ -0,0 +1,287 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
import * as Constants from "../../utils/Constants.js";
|
|
7
|
+
import { Authority } from "../../authority/Authority.js";
|
|
8
|
+
import { ICrypto } from "../../crypto/ICrypto.js";
|
|
9
|
+
import { ClientInfo, buildClientInfo } from "../../account/ClientInfo.js";
|
|
10
|
+
import {
|
|
11
|
+
AccountInfo,
|
|
12
|
+
TenantProfile,
|
|
13
|
+
buildTenantProfile,
|
|
14
|
+
} from "../../account/AccountInfo.js";
|
|
15
|
+
import {
|
|
16
|
+
createClientAuthError,
|
|
17
|
+
ClientAuthErrorCodes,
|
|
18
|
+
} from "../../error/ClientAuthError.js";
|
|
19
|
+
import { AuthorityType } from "../../authority/AuthorityType.js";
|
|
20
|
+
import { Logger } from "../../logger/Logger.js";
|
|
21
|
+
import {
|
|
22
|
+
TokenClaims,
|
|
23
|
+
getTenantIdFromIdTokenClaims,
|
|
24
|
+
} from "../../account/TokenClaims.js";
|
|
25
|
+
import { ProtocolMode } from "../../authority/ProtocolMode.js";
|
|
26
|
+
import { AccountEntity } from "../entities/AccountEntity.js";
|
|
27
|
+
|
|
28
|
+
/**
|
|
29
|
+
* Generate Account Id key component as per the schema: <home_account_id>-<environment>
|
|
30
|
+
*/
|
|
31
|
+
export function generateAccountId(accountEntity: AccountEntity): string {
|
|
32
|
+
const accountId: Array<string> = [
|
|
33
|
+
accountEntity.homeAccountId,
|
|
34
|
+
accountEntity.environment,
|
|
35
|
+
];
|
|
36
|
+
return accountId.join(Constants.CACHE_KEY_SEPARATOR).toLowerCase();
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
/**
|
|
40
|
+
* Returns the AccountInfo interface for this account.
|
|
41
|
+
*/
|
|
42
|
+
export function getAccountInfo(accountEntity: AccountEntity): AccountInfo {
|
|
43
|
+
return {
|
|
44
|
+
homeAccountId: accountEntity.homeAccountId,
|
|
45
|
+
environment: accountEntity.environment,
|
|
46
|
+
tenantId: accountEntity.realm,
|
|
47
|
+
username: accountEntity.username,
|
|
48
|
+
localAccountId: accountEntity.localAccountId,
|
|
49
|
+
loginHint: accountEntity.loginHint,
|
|
50
|
+
name: accountEntity.name,
|
|
51
|
+
nativeAccountId: accountEntity.nativeAccountId,
|
|
52
|
+
authorityType: accountEntity.authorityType,
|
|
53
|
+
// Deserialize tenant profiles array into a Map
|
|
54
|
+
tenantProfiles: new Map(
|
|
55
|
+
(accountEntity.tenantProfiles || []).map((tenantProfile) => {
|
|
56
|
+
return [tenantProfile.tenantId, tenantProfile];
|
|
57
|
+
})
|
|
58
|
+
),
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
/**
|
|
63
|
+
* Returns true if the account entity is in single tenant format (outdated), false otherwise
|
|
64
|
+
*/
|
|
65
|
+
export function isSingleTenant(accountEntity: AccountEntity): boolean {
|
|
66
|
+
return !accountEntity.tenantProfiles;
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
/**
|
|
70
|
+
* Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
|
|
71
|
+
* @param accountDetails
|
|
72
|
+
*/
|
|
73
|
+
export function createAccountEntity(
|
|
74
|
+
accountDetails: {
|
|
75
|
+
homeAccountId: string;
|
|
76
|
+
idTokenClaims?: TokenClaims;
|
|
77
|
+
clientInfo?: string;
|
|
78
|
+
cloudGraphHostName?: string;
|
|
79
|
+
msGraphHost?: string;
|
|
80
|
+
environment?: string;
|
|
81
|
+
nativeAccountId?: string;
|
|
82
|
+
tenantProfiles?: Array<TenantProfile>;
|
|
83
|
+
},
|
|
84
|
+
authority: Authority,
|
|
85
|
+
base64Decode?: (input: string) => string
|
|
86
|
+
): AccountEntity {
|
|
87
|
+
let authorityType;
|
|
88
|
+
if (authority.authorityType === AuthorityType.Adfs) {
|
|
89
|
+
authorityType = Constants.CACHE_ACCOUNT_TYPE_ADFS;
|
|
90
|
+
} else if (authority.protocolMode === ProtocolMode.OIDC) {
|
|
91
|
+
authorityType = Constants.CACHE_ACCOUNT_TYPE_GENERIC;
|
|
92
|
+
} else {
|
|
93
|
+
authorityType = Constants.CACHE_ACCOUNT_TYPE_MSSTS;
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
let clientInfo: ClientInfo | undefined;
|
|
97
|
+
|
|
98
|
+
if (accountDetails.clientInfo && base64Decode) {
|
|
99
|
+
clientInfo = buildClientInfo(accountDetails.clientInfo, base64Decode);
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
const env =
|
|
103
|
+
accountDetails.environment ||
|
|
104
|
+
(authority && authority.getPreferredCache());
|
|
105
|
+
|
|
106
|
+
if (!env) {
|
|
107
|
+
throw createClientAuthError(
|
|
108
|
+
ClientAuthErrorCodes.invalidCacheEnvironment
|
|
109
|
+
);
|
|
110
|
+
}
|
|
111
|
+
|
|
112
|
+
/*
|
|
113
|
+
* In B2C scenarios the emails claim is used instead of preferred_username and it is an array.
|
|
114
|
+
* In most cases it will contain a single email. This field should not be relied upon if a custom
|
|
115
|
+
* policy is configured to return more than 1 email.
|
|
116
|
+
*/
|
|
117
|
+
const preferredUsername =
|
|
118
|
+
accountDetails.idTokenClaims?.preferred_username ||
|
|
119
|
+
accountDetails.idTokenClaims?.upn;
|
|
120
|
+
const email = accountDetails.idTokenClaims?.emails
|
|
121
|
+
? accountDetails.idTokenClaims.emails[0]
|
|
122
|
+
: null;
|
|
123
|
+
|
|
124
|
+
const username = preferredUsername || email || "";
|
|
125
|
+
|
|
126
|
+
const loginHint = accountDetails.idTokenClaims?.login_hint;
|
|
127
|
+
|
|
128
|
+
const realm =
|
|
129
|
+
clientInfo?.utid ||
|
|
130
|
+
getTenantIdFromIdTokenClaims(accountDetails.idTokenClaims) ||
|
|
131
|
+
""; // non-AAD scenarios can have empty realm
|
|
132
|
+
// How do you account for MSA CID here?
|
|
133
|
+
const localAccountId =
|
|
134
|
+
clientInfo?.uid ||
|
|
135
|
+
accountDetails.idTokenClaims?.oid ||
|
|
136
|
+
accountDetails.idTokenClaims?.sub ||
|
|
137
|
+
"";
|
|
138
|
+
let tenantProfiles;
|
|
139
|
+
if (accountDetails.tenantProfiles) {
|
|
140
|
+
tenantProfiles = accountDetails.tenantProfiles;
|
|
141
|
+
} else {
|
|
142
|
+
const tenantProfile = buildTenantProfile(
|
|
143
|
+
accountDetails.homeAccountId,
|
|
144
|
+
localAccountId,
|
|
145
|
+
realm,
|
|
146
|
+
accountDetails.idTokenClaims
|
|
147
|
+
);
|
|
148
|
+
tenantProfiles = [tenantProfile];
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
return {
|
|
152
|
+
homeAccountId: accountDetails.homeAccountId,
|
|
153
|
+
environment: env,
|
|
154
|
+
realm: realm,
|
|
155
|
+
localAccountId: localAccountId,
|
|
156
|
+
username: username,
|
|
157
|
+
authorityType: authorityType,
|
|
158
|
+
loginHint: loginHint,
|
|
159
|
+
clientInfo: accountDetails.clientInfo,
|
|
160
|
+
name: accountDetails.idTokenClaims?.name || "",
|
|
161
|
+
lastModificationTime: undefined,
|
|
162
|
+
lastModificationApp: undefined,
|
|
163
|
+
cloudGraphHostName: accountDetails.cloudGraphHostName,
|
|
164
|
+
msGraphHost: accountDetails.msGraphHost,
|
|
165
|
+
nativeAccountId: accountDetails.nativeAccountId,
|
|
166
|
+
tenantProfiles: tenantProfiles,
|
|
167
|
+
} as AccountEntity;
|
|
168
|
+
}
|
|
169
|
+
|
|
170
|
+
/**
|
|
171
|
+
* Creates an AccountEntity object from AccountInfo
|
|
172
|
+
* @param accountInfo
|
|
173
|
+
* @param cloudGraphHostName
|
|
174
|
+
* @param msGraphHost
|
|
175
|
+
* @returns
|
|
176
|
+
*/
|
|
177
|
+
export function createAccountEntityFromAccountInfo(
|
|
178
|
+
accountInfo: AccountInfo,
|
|
179
|
+
cloudGraphHostName?: string,
|
|
180
|
+
msGraphHost?: string
|
|
181
|
+
): AccountEntity {
|
|
182
|
+
return {
|
|
183
|
+
authorityType:
|
|
184
|
+
accountInfo.authorityType || Constants.CACHE_ACCOUNT_TYPE_GENERIC,
|
|
185
|
+
homeAccountId: accountInfo.homeAccountId,
|
|
186
|
+
localAccountId: accountInfo.localAccountId,
|
|
187
|
+
nativeAccountId: accountInfo.nativeAccountId,
|
|
188
|
+
realm: accountInfo.tenantId,
|
|
189
|
+
environment: accountInfo.environment,
|
|
190
|
+
username: accountInfo.username,
|
|
191
|
+
loginHint: accountInfo.loginHint,
|
|
192
|
+
name: accountInfo.name,
|
|
193
|
+
cloudGraphHostName: cloudGraphHostName,
|
|
194
|
+
msGraphHost: msGraphHost,
|
|
195
|
+
tenantProfiles: Array.from(accountInfo.tenantProfiles?.values() || []),
|
|
196
|
+
} as AccountEntity;
|
|
197
|
+
}
|
|
198
|
+
|
|
199
|
+
/**
|
|
200
|
+
* Generate HomeAccountId from server response
|
|
201
|
+
* @param serverClientInfo
|
|
202
|
+
* @param authType
|
|
203
|
+
*/
|
|
204
|
+
export function generateHomeAccountId(
|
|
205
|
+
serverClientInfo: string,
|
|
206
|
+
authType: AuthorityType,
|
|
207
|
+
logger: Logger,
|
|
208
|
+
cryptoObj: ICrypto,
|
|
209
|
+
correlationId: string,
|
|
210
|
+
idTokenClaims?: TokenClaims
|
|
211
|
+
): string {
|
|
212
|
+
// since ADFS/DSTS do not have tid and does not set client_info
|
|
213
|
+
if (!(authType === AuthorityType.Adfs || authType === AuthorityType.Dsts)) {
|
|
214
|
+
// for cases where there is clientInfo
|
|
215
|
+
if (serverClientInfo) {
|
|
216
|
+
try {
|
|
217
|
+
const clientInfo = buildClientInfo(
|
|
218
|
+
serverClientInfo,
|
|
219
|
+
cryptoObj.base64Decode
|
|
220
|
+
);
|
|
221
|
+
if (clientInfo.uid && clientInfo.utid) {
|
|
222
|
+
return `${clientInfo.uid}.${clientInfo.utid}`;
|
|
223
|
+
}
|
|
224
|
+
} catch (e) {}
|
|
225
|
+
}
|
|
226
|
+
logger.warning("No client info in response", correlationId);
|
|
227
|
+
}
|
|
228
|
+
|
|
229
|
+
// default to "sub" claim
|
|
230
|
+
return idTokenClaims?.sub || "";
|
|
231
|
+
}
|
|
232
|
+
|
|
233
|
+
/**
|
|
234
|
+
* Validates an entity: checks for all expected params
|
|
235
|
+
* @param entity
|
|
236
|
+
*/
|
|
237
|
+
export function isAccountEntity(entity: object): entity is AccountEntity {
|
|
238
|
+
if (!entity) {
|
|
239
|
+
return false;
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
return (
|
|
243
|
+
entity.hasOwnProperty("homeAccountId") &&
|
|
244
|
+
entity.hasOwnProperty("environment") &&
|
|
245
|
+
entity.hasOwnProperty("realm") &&
|
|
246
|
+
entity.hasOwnProperty("localAccountId") &&
|
|
247
|
+
entity.hasOwnProperty("username") &&
|
|
248
|
+
entity.hasOwnProperty("authorityType")
|
|
249
|
+
);
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
/**
|
|
253
|
+
* Helper function to determine whether 2 accountInfo objects represent the same account
|
|
254
|
+
* @param accountA
|
|
255
|
+
* @param accountB
|
|
256
|
+
* @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality
|
|
257
|
+
*/
|
|
258
|
+
export function accountInfoIsEqual(
|
|
259
|
+
accountA: AccountInfo | null,
|
|
260
|
+
accountB: AccountInfo | null,
|
|
261
|
+
compareClaims?: boolean
|
|
262
|
+
): boolean {
|
|
263
|
+
if (!accountA || !accountB) {
|
|
264
|
+
return false;
|
|
265
|
+
}
|
|
266
|
+
|
|
267
|
+
let claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false
|
|
268
|
+
if (compareClaims) {
|
|
269
|
+
const accountAClaims = (accountA.idTokenClaims || {}) as TokenClaims;
|
|
270
|
+
const accountBClaims = (accountB.idTokenClaims || {}) as TokenClaims;
|
|
271
|
+
|
|
272
|
+
// issued at timestamp and nonce are expected to change each time a new id token is acquired
|
|
273
|
+
claimsMatch =
|
|
274
|
+
accountAClaims.iat === accountBClaims.iat &&
|
|
275
|
+
accountAClaims.nonce === accountBClaims.nonce;
|
|
276
|
+
}
|
|
277
|
+
|
|
278
|
+
return (
|
|
279
|
+
accountA.homeAccountId === accountB.homeAccountId &&
|
|
280
|
+
accountA.localAccountId === accountB.localAccountId &&
|
|
281
|
+
accountA.username === accountB.username &&
|
|
282
|
+
accountA.tenantId === accountB.tenantId &&
|
|
283
|
+
accountA.environment === accountB.environment &&
|
|
284
|
+
accountA.nativeAccountId === accountB.nativeAccountId &&
|
|
285
|
+
claimsMatch
|
|
286
|
+
);
|
|
287
|
+
}
|
|
@@ -11,15 +11,7 @@ import {
|
|
|
11
11
|
ClientAuthErrorCodes,
|
|
12
12
|
createClientAuthError,
|
|
13
13
|
} from "../../error/ClientAuthError.js";
|
|
14
|
-
import
|
|
15
|
-
APP_METADATA,
|
|
16
|
-
AUTHORITY_METADATA_CONSTANTS,
|
|
17
|
-
AuthenticationScheme,
|
|
18
|
-
CredentialType,
|
|
19
|
-
SERVER_TELEM_CONSTANTS,
|
|
20
|
-
Separators,
|
|
21
|
-
ThrottlingConstants,
|
|
22
|
-
} from "../../utils/Constants.js";
|
|
14
|
+
import * as Constants from "../../utils/Constants.js";
|
|
23
15
|
import * as TimeUtils from "../../utils/TimeUtils.js";
|
|
24
16
|
import { AccessTokenEntity } from "../entities/AccessTokenEntity.js";
|
|
25
17
|
import { AppMetadataEntity } from "../entities/AppMetadataEntity.js";
|
|
@@ -43,7 +35,7 @@ export function createIdTokenEntity(
|
|
|
43
35
|
tenantId: string
|
|
44
36
|
): IdTokenEntity {
|
|
45
37
|
const idTokenEntity: IdTokenEntity = {
|
|
46
|
-
credentialType: CredentialType.ID_TOKEN,
|
|
38
|
+
credentialType: Constants.CredentialType.ID_TOKEN,
|
|
47
39
|
homeAccountId: homeAccountId,
|
|
48
40
|
environment: environment,
|
|
49
41
|
clientId: clientId,
|
|
@@ -77,15 +69,13 @@ export function createAccessTokenEntity(
|
|
|
77
69
|
extExpiresOn: number,
|
|
78
70
|
base64Decode: (input: string) => string,
|
|
79
71
|
refreshOn?: number,
|
|
80
|
-
tokenType?: AuthenticationScheme,
|
|
72
|
+
tokenType?: Constants.AuthenticationScheme,
|
|
81
73
|
userAssertionHash?: string,
|
|
82
|
-
keyId?: string
|
|
83
|
-
requestedClaims?: string,
|
|
84
|
-
requestedClaimsHash?: string
|
|
74
|
+
keyId?: string
|
|
85
75
|
): AccessTokenEntity {
|
|
86
76
|
const atEntity: AccessTokenEntity = {
|
|
87
77
|
homeAccountId: homeAccountId,
|
|
88
|
-
credentialType: CredentialType.ACCESS_TOKEN,
|
|
78
|
+
credentialType: Constants.CredentialType.ACCESS_TOKEN,
|
|
89
79
|
secret: accessToken,
|
|
90
80
|
cachedAt: TimeUtils.nowSeconds().toString(),
|
|
91
81
|
expiresOn: expiresOn.toString(),
|
|
@@ -94,7 +84,7 @@ export function createAccessTokenEntity(
|
|
|
94
84
|
clientId: clientId,
|
|
95
85
|
realm: tenantId,
|
|
96
86
|
target: scopes,
|
|
97
|
-
tokenType: tokenType || AuthenticationScheme.BEARER,
|
|
87
|
+
tokenType: tokenType || Constants.AuthenticationScheme.BEARER,
|
|
98
88
|
lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
|
|
99
89
|
};
|
|
100
90
|
|
|
@@ -106,22 +96,18 @@ export function createAccessTokenEntity(
|
|
|
106
96
|
atEntity.refreshOn = refreshOn.toString();
|
|
107
97
|
}
|
|
108
98
|
|
|
109
|
-
if (requestedClaims) {
|
|
110
|
-
atEntity.requestedClaims = requestedClaims;
|
|
111
|
-
atEntity.requestedClaimsHash = requestedClaimsHash;
|
|
112
|
-
}
|
|
113
|
-
|
|
114
99
|
/*
|
|
115
100
|
* Create Access Token With Auth Scheme instead of regular access token
|
|
116
101
|
* Cast to lower to handle "bearer" from ADFS
|
|
117
102
|
*/
|
|
118
103
|
if (
|
|
119
104
|
atEntity.tokenType?.toLowerCase() !==
|
|
120
|
-
AuthenticationScheme.BEARER.toLowerCase()
|
|
105
|
+
Constants.AuthenticationScheme.BEARER.toLowerCase()
|
|
121
106
|
) {
|
|
122
|
-
atEntity.credentialType =
|
|
107
|
+
atEntity.credentialType =
|
|
108
|
+
Constants.CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
123
109
|
switch (atEntity.tokenType) {
|
|
124
|
-
case AuthenticationScheme.POP:
|
|
110
|
+
case Constants.AuthenticationScheme.POP:
|
|
125
111
|
// Make sure keyId is present and add it to credential
|
|
126
112
|
const tokenClaims: TokenClaims | null = extractTokenClaims(
|
|
127
113
|
accessToken,
|
|
@@ -134,7 +120,7 @@ export function createAccessTokenEntity(
|
|
|
134
120
|
}
|
|
135
121
|
atEntity.keyId = tokenClaims.cnf.kid;
|
|
136
122
|
break;
|
|
137
|
-
case AuthenticationScheme.SSH:
|
|
123
|
+
case Constants.AuthenticationScheme.SSH:
|
|
138
124
|
atEntity.keyId = keyId;
|
|
139
125
|
}
|
|
140
126
|
}
|
|
@@ -159,7 +145,7 @@ export function createRefreshTokenEntity(
|
|
|
159
145
|
expiresOn?: number
|
|
160
146
|
): RefreshTokenEntity {
|
|
161
147
|
const rtEntity: RefreshTokenEntity = {
|
|
162
|
-
credentialType: CredentialType.REFRESH_TOKEN,
|
|
148
|
+
credentialType: Constants.CredentialType.REFRESH_TOKEN,
|
|
163
149
|
homeAccountId: homeAccountId,
|
|
164
150
|
environment: environment,
|
|
165
151
|
clientId: clientId,
|
|
@@ -207,9 +193,9 @@ export function isAccessTokenEntity(
|
|
|
207
193
|
isCredentialEntity(entity) &&
|
|
208
194
|
entity.hasOwnProperty("realm") &&
|
|
209
195
|
entity.hasOwnProperty("target") &&
|
|
210
|
-
(entity["credentialType"] === CredentialType.ACCESS_TOKEN ||
|
|
196
|
+
(entity["credentialType"] === Constants.CredentialType.ACCESS_TOKEN ||
|
|
211
197
|
entity["credentialType"] ===
|
|
212
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME)
|
|
198
|
+
Constants.CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME)
|
|
213
199
|
);
|
|
214
200
|
}
|
|
215
201
|
|
|
@@ -225,7 +211,7 @@ export function isIdTokenEntity(entity: object): entity is IdTokenEntity {
|
|
|
225
211
|
return (
|
|
226
212
|
isCredentialEntity(entity) &&
|
|
227
213
|
entity.hasOwnProperty("realm") &&
|
|
228
|
-
entity["credentialType"] === CredentialType.ID_TOKEN
|
|
214
|
+
entity["credentialType"] === Constants.CredentialType.ID_TOKEN
|
|
229
215
|
);
|
|
230
216
|
}
|
|
231
217
|
|
|
@@ -242,7 +228,7 @@ export function isRefreshTokenEntity(
|
|
|
242
228
|
|
|
243
229
|
return (
|
|
244
230
|
isCredentialEntity(entity) &&
|
|
245
|
-
entity["credentialType"] === CredentialType.REFRESH_TOKEN
|
|
231
|
+
entity["credentialType"] === Constants.CredentialType.REFRESH_TOKEN
|
|
246
232
|
);
|
|
247
233
|
}
|
|
248
234
|
|
|
@@ -253,7 +239,7 @@ export function isRefreshTokenEntity(
|
|
|
253
239
|
*/
|
|
254
240
|
export function isServerTelemetryEntity(key: string, entity?: object): boolean {
|
|
255
241
|
const validateKey: boolean =
|
|
256
|
-
key.indexOf(
|
|
242
|
+
key.indexOf(Constants.SERVER_TELEM_CACHE_KEY) === 0;
|
|
257
243
|
let validateEntity: boolean = true;
|
|
258
244
|
|
|
259
245
|
if (entity) {
|
|
@@ -274,7 +260,7 @@ export function isServerTelemetryEntity(key: string, entity?: object): boolean {
|
|
|
274
260
|
export function isThrottlingEntity(key: string, entity?: object): boolean {
|
|
275
261
|
let validateKey: boolean = false;
|
|
276
262
|
if (key) {
|
|
277
|
-
validateKey = key.indexOf(
|
|
263
|
+
validateKey = key.indexOf(Constants.THROTTLING_PREFIX) === 0;
|
|
278
264
|
}
|
|
279
265
|
|
|
280
266
|
let validateEntity: boolean = true;
|
|
@@ -293,12 +279,12 @@ export function generateAppMetadataKey({
|
|
|
293
279
|
clientId,
|
|
294
280
|
}: AppMetadataEntity): string {
|
|
295
281
|
const appMetaDataKeyArray: Array<string> = [
|
|
296
|
-
APP_METADATA,
|
|
282
|
+
Constants.APP_METADATA,
|
|
297
283
|
environment,
|
|
298
284
|
clientId,
|
|
299
285
|
];
|
|
300
286
|
return appMetaDataKeyArray
|
|
301
|
-
.join(
|
|
287
|
+
.join(Constants.CACHE_KEY_SEPARATOR)
|
|
302
288
|
.toLowerCase();
|
|
303
289
|
}
|
|
304
290
|
|
|
@@ -312,7 +298,7 @@ export function isAppMetadataEntity(key: string, entity: object): boolean {
|
|
|
312
298
|
}
|
|
313
299
|
|
|
314
300
|
return (
|
|
315
|
-
key.indexOf(APP_METADATA) === 0 &&
|
|
301
|
+
key.indexOf(Constants.APP_METADATA) === 0 &&
|
|
316
302
|
entity.hasOwnProperty("clientId") &&
|
|
317
303
|
entity.hasOwnProperty("environment")
|
|
318
304
|
);
|
|
@@ -331,7 +317,7 @@ export function isAuthorityMetadataEntity(
|
|
|
331
317
|
}
|
|
332
318
|
|
|
333
319
|
return (
|
|
334
|
-
key.indexOf(
|
|
320
|
+
key.indexOf(Constants.AUTHORITY_METADATA_CACHE_KEY) === 0 &&
|
|
335
321
|
entity.hasOwnProperty("aliases") &&
|
|
336
322
|
entity.hasOwnProperty("preferred_cache") &&
|
|
337
323
|
entity.hasOwnProperty("preferred_network") &&
|
|
@@ -352,7 +338,7 @@ export function isAuthorityMetadataEntity(
|
|
|
352
338
|
export function generateAuthorityMetadataExpiresAt(): number {
|
|
353
339
|
return (
|
|
354
340
|
TimeUtils.nowSeconds() +
|
|
355
|
-
|
|
341
|
+
Constants.AUTHORITY_METADATA_REFRESH_TIME_SECONDS
|
|
356
342
|
);
|
|
357
343
|
}
|
|
358
344
|
|
|
@@ -8,12 +8,7 @@ import { CommonAuthorizationCodeRequest } from "../request/CommonAuthorizationCo
|
|
|
8
8
|
import { Authority } from "../authority/Authority.js";
|
|
9
9
|
import * as RequestParameterBuilder from "../request/RequestParameterBuilder.js";
|
|
10
10
|
import * as UrlUtils from "../utils/UrlUtils.js";
|
|
11
|
-
import
|
|
12
|
-
GrantType,
|
|
13
|
-
AuthenticationScheme,
|
|
14
|
-
Separators,
|
|
15
|
-
HeaderNames,
|
|
16
|
-
} from "../utils/Constants.js";
|
|
11
|
+
import * as Constants from "../utils/Constants.js";
|
|
17
12
|
import * as AADServerParamKeys from "../constants/AADServerParamKeys.js";
|
|
18
13
|
import {
|
|
19
14
|
ClientConfiguration,
|
|
@@ -43,7 +38,7 @@ import {
|
|
|
43
38
|
ClientConfigurationErrorCodes,
|
|
44
39
|
} from "../error/ClientConfigurationError.js";
|
|
45
40
|
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
46
|
-
import
|
|
41
|
+
import * as PerformanceEvents from "../telemetry/performance/PerformanceEvents.js";
|
|
47
42
|
import { invokeAsync } from "../utils/FunctionWrappers.js";
|
|
48
43
|
import { ClientAssertion } from "../account/ClientCredentials.js";
|
|
49
44
|
import { getClientAssertion } from "../utils/ClientAssertionUtils.js";
|
|
@@ -60,7 +55,7 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
60
55
|
|
|
61
56
|
constructor(
|
|
62
57
|
configuration: ClientConfiguration,
|
|
63
|
-
performanceClient
|
|
58
|
+
performanceClient: IPerformanceClient
|
|
64
59
|
) {
|
|
65
60
|
super(configuration, performanceClient);
|
|
66
61
|
this.oidcDefaultScopes =
|
|
@@ -76,11 +71,6 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
76
71
|
request: CommonAuthorizationCodeRequest,
|
|
77
72
|
authCodePayload?: AuthorizationCodePayload
|
|
78
73
|
): Promise<AuthenticationResult> {
|
|
79
|
-
this.performanceClient?.addQueueMeasurement(
|
|
80
|
-
PerformanceEvents.AuthClientAcquireToken,
|
|
81
|
-
request.correlationId
|
|
82
|
-
);
|
|
83
|
-
|
|
84
74
|
if (!request.code) {
|
|
85
75
|
throw createClientAuthError(
|
|
86
76
|
ClientAuthErrorCodes.requestCannotBeMade
|
|
@@ -97,20 +87,24 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
97
87
|
)(this.authority, request);
|
|
98
88
|
|
|
99
89
|
// Retrieve requestId from response headers
|
|
100
|
-
const requestId =
|
|
90
|
+
const requestId =
|
|
91
|
+
response.headers?.[Constants.HeaderNames.X_MS_REQUEST_ID];
|
|
101
92
|
|
|
102
93
|
const responseHandler = new ResponseHandler(
|
|
103
94
|
this.config.authOptions.clientId,
|
|
104
95
|
this.cacheManager,
|
|
105
96
|
this.cryptoUtils,
|
|
106
97
|
this.logger,
|
|
98
|
+
this.performanceClient,
|
|
107
99
|
this.config.serializableCache,
|
|
108
|
-
this.config.persistencePlugin
|
|
109
|
-
this.performanceClient
|
|
100
|
+
this.config.persistencePlugin
|
|
110
101
|
);
|
|
111
102
|
|
|
112
103
|
// Validate response. This function throws a server error if an error is returned by the server.
|
|
113
|
-
responseHandler.validateTokenResponse(
|
|
104
|
+
responseHandler.validateTokenResponse(
|
|
105
|
+
response.body,
|
|
106
|
+
request.correlationId
|
|
107
|
+
);
|
|
114
108
|
|
|
115
109
|
return invokeAsync(
|
|
116
110
|
responseHandler.handleServerTokenResponse.bind(responseHandler),
|
|
@@ -161,11 +155,6 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
161
155
|
authority: Authority,
|
|
162
156
|
request: CommonAuthorizationCodeRequest
|
|
163
157
|
): Promise<NetworkResponse<ServerAuthorizationTokenResponse>> {
|
|
164
|
-
this.performanceClient?.addQueueMeasurement(
|
|
165
|
-
PerformanceEvents.AuthClientExecuteTokenRequest,
|
|
166
|
-
request.correlationId
|
|
167
|
-
);
|
|
168
|
-
|
|
169
158
|
const queryParametersString = this.createTokenQueryParameters(request);
|
|
170
159
|
const endpoint = UrlString.appendQueryString(
|
|
171
160
|
authority.tokenEndpoint,
|
|
@@ -188,12 +177,13 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
188
177
|
this.cryptoUtils.base64Decode
|
|
189
178
|
);
|
|
190
179
|
ccsCredential = {
|
|
191
|
-
credential: `${clientInfo.uid}${
|
|
180
|
+
credential: `${clientInfo.uid}${Constants.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`,
|
|
192
181
|
type: CcsCredentialType.HOME_ACCOUNT_ID,
|
|
193
182
|
};
|
|
194
183
|
} catch (e) {
|
|
195
184
|
this.logger.verbose(
|
|
196
|
-
|
|
185
|
+
`Could not parse client info for CCS Header: '${e}'`,
|
|
186
|
+
request.correlationId
|
|
197
187
|
);
|
|
198
188
|
}
|
|
199
189
|
}
|
|
@@ -212,14 +202,7 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
212
202
|
this.logger,
|
|
213
203
|
this.performanceClient,
|
|
214
204
|
request.correlationId
|
|
215
|
-
)(
|
|
216
|
-
endpoint,
|
|
217
|
-
requestBody,
|
|
218
|
-
headers,
|
|
219
|
-
thumbprint,
|
|
220
|
-
request.correlationId,
|
|
221
|
-
PerformanceEvents.AuthorizationCodeClientExecutePostToTokenEndpoint
|
|
222
|
-
);
|
|
205
|
+
)(endpoint, requestBody, headers, thumbprint, request.correlationId);
|
|
223
206
|
}
|
|
224
207
|
|
|
225
208
|
/**
|
|
@@ -229,11 +212,6 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
229
212
|
private async createTokenRequestBody(
|
|
230
213
|
request: CommonAuthorizationCodeRequest
|
|
231
214
|
): Promise<string> {
|
|
232
|
-
this.performanceClient?.addQueueMeasurement(
|
|
233
|
-
PerformanceEvents.AuthClientCreateTokenRequestBody,
|
|
234
|
-
request.correlationId
|
|
235
|
-
);
|
|
236
|
-
|
|
237
215
|
const parameters = new Map<string, string>();
|
|
238
216
|
|
|
239
217
|
RequestParameterBuilder.addClientId(
|
|
@@ -326,11 +304,13 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
326
304
|
|
|
327
305
|
RequestParameterBuilder.addGrantType(
|
|
328
306
|
parameters,
|
|
329
|
-
GrantType.AUTHORIZATION_CODE_GRANT
|
|
307
|
+
Constants.GrantType.AUTHORIZATION_CODE_GRANT
|
|
330
308
|
);
|
|
331
309
|
RequestParameterBuilder.addClientInfo(parameters);
|
|
332
310
|
|
|
333
|
-
if (
|
|
311
|
+
if (
|
|
312
|
+
request.authenticationScheme === Constants.AuthenticationScheme.POP
|
|
313
|
+
) {
|
|
334
314
|
const popTokenGenerator = new PopTokenGenerator(
|
|
335
315
|
this.cryptoUtils,
|
|
336
316
|
this.performanceClient
|
|
@@ -352,7 +332,9 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
352
332
|
|
|
353
333
|
// SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
|
|
354
334
|
RequestParameterBuilder.addPopToken(parameters, reqCnfData);
|
|
355
|
-
} else if (
|
|
335
|
+
} else if (
|
|
336
|
+
request.authenticationScheme === Constants.AuthenticationScheme.SSH
|
|
337
|
+
) {
|
|
356
338
|
if (request.sshJwk) {
|
|
357
339
|
RequestParameterBuilder.addSshJwk(parameters, request.sshJwk);
|
|
358
340
|
} else {
|
|
@@ -382,12 +364,13 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
382
364
|
this.cryptoUtils.base64Decode
|
|
383
365
|
);
|
|
384
366
|
ccsCred = {
|
|
385
|
-
credential: `${clientInfo.uid}${
|
|
367
|
+
credential: `${clientInfo.uid}${Constants.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`,
|
|
386
368
|
type: CcsCredentialType.HOME_ACCOUNT_ID,
|
|
387
369
|
};
|
|
388
370
|
} catch (e) {
|
|
389
371
|
this.logger.verbose(
|
|
390
|
-
|
|
372
|
+
`Could not parse client info for CCS Header: '${e}'`,
|
|
373
|
+
request.correlationId
|
|
391
374
|
);
|
|
392
375
|
}
|
|
393
376
|
} else {
|
|
@@ -408,8 +391,8 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
408
391
|
);
|
|
409
392
|
} catch (e) {
|
|
410
393
|
this.logger.verbose(
|
|
411
|
-
|
|
412
|
-
|
|
394
|
+
`Could not parse home account ID for CCS Header: '${e}'`,
|
|
395
|
+
request.correlationId
|
|
413
396
|
);
|
|
414
397
|
}
|
|
415
398
|
break;
|
|
@@ -510,10 +493,6 @@ export class AuthorizationCodeClient extends BaseClient {
|
|
|
510
493
|
RequestParameterBuilder.addInstanceAware(parameters);
|
|
511
494
|
}
|
|
512
495
|
|
|
513
|
-
return UrlUtils.mapToQueryString(
|
|
514
|
-
parameters,
|
|
515
|
-
this.config.authOptions.encodeExtraQueryParams,
|
|
516
|
-
request.extraQueryParameters
|
|
517
|
-
);
|
|
496
|
+
return UrlUtils.mapToQueryString(parameters);
|
|
518
497
|
}
|
|
519
498
|
}
|