@azure/msal-common 15.13.3 → 16.0.0-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +0 -1
- package/dist/account/AccountInfo.d.ts.map +1 -1
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.d.ts.map +1 -1
- package/dist/account/AuthToken.mjs +2 -3
- package/dist/account/AuthToken.mjs.map +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.d.ts.map +1 -1
- package/dist/account/ClientInfo.mjs +4 -6
- package/dist/account/ClientInfo.mjs.map +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.d.ts +2 -2
- package/dist/authority/Authority.d.ts.map +1 -1
- package/dist/authority/Authority.mjs +89 -105
- package/dist/authority/Authority.mjs.map +1 -1
- package/dist/authority/AuthorityFactory.d.ts +6 -2
- package/dist/authority/AuthorityFactory.d.ts.map +1 -1
- package/dist/authority/AuthorityFactory.mjs +8 -5
- package/dist/authority/AuthorityFactory.mjs.map +1 -1
- package/dist/authority/AuthorityMetadata.d.ts +2 -2
- package/dist/authority/AuthorityMetadata.d.ts.map +1 -1
- package/dist/authority/AuthorityMetadata.mjs +34 -31
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.d.ts +0 -1
- package/dist/authority/AuthorityOptions.d.ts.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs.map +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OIDCOptions.d.ts +2 -2
- package/dist/authority/OIDCOptions.d.ts.map +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.d.ts +3 -3
- package/dist/authority/RegionDiscovery.d.ts.map +1 -1
- package/dist/authority/RegionDiscovery.mjs +14 -15
- package/dist/authority/RegionDiscovery.mjs.map +1 -1
- package/dist/cache/CacheManager.d.ts +26 -19
- package/dist/cache/CacheManager.d.ts.map +1 -1
- package/dist/cache/CacheManager.mjs +70 -83
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/entities/AccessTokenEntity.d.ts +0 -4
- package/dist/cache/entities/AccessTokenEntity.d.ts.map +1 -1
- package/dist/cache/entities/AccountEntity.d.ts +4 -56
- package/dist/cache/entities/AccountEntity.d.ts.map +1 -1
- package/dist/cache/entities/CredentialEntity.d.ts +0 -2
- package/dist/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/dist/cache/interface/ICacheManager.d.ts +35 -17
- package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/AccountEntityUtils.d.ts +53 -0
- package/dist/cache/utils/AccountEntityUtils.d.ts.map +1 -0
- package/dist/cache/utils/AccountEntityUtils.mjs +192 -0
- package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -0
- package/dist/cache/utils/CacheHelpers.d.ts +2 -2
- package/dist/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +10 -13
- package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist/cache/utils/CacheTypes.d.ts +0 -1
- package/dist/cache/utils/CacheTypes.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts +23 -4
- package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +63 -35
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts +17 -4
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +51 -37
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.d.ts +17 -4
- package/dist/client/SilentFlowClient.d.ts.map +1 -1
- package/dist/client/SilentFlowClient.mjs +28 -15
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.d.ts +2 -22
- package/dist/config/ClientConfiguration.d.ts.map +1 -1
- package/dist/config/ClientConfiguration.mjs +9 -15
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +1 -1
- package/dist/crypto/ICrypto.d.ts +5 -3
- package/dist/crypto/ICrypto.d.ts.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/ICrypto.mjs.map +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.d.ts +2 -2
- package/dist/crypto/PopTokenGenerator.d.ts.map +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +3 -5
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.d.ts +1 -18
- package/dist/error/AuthError.d.ts.map +1 -1
- package/dist/error/AuthError.mjs +12 -34
- package/dist/error/AuthError.mjs.map +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.d.ts +1 -6
- package/dist/error/CacheError.d.ts.map +1 -1
- package/dist/error/CacheError.mjs +6 -13
- package/dist/error/CacheError.mjs.map +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.d.ts +0 -229
- package/dist/error/ClientAuthError.d.ts.map +1 -1
- package/dist/error/ClientAuthError.mjs +3 -240
- package/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/error/ClientAuthErrorCodes.d.ts +0 -8
- package/dist/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +2 -10
- package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/error/ClientConfigurationError.d.ts +0 -128
- package/dist/error/ClientConfigurationError.d.ts.map +1 -1
- package/dist/error/ClientConfigurationError.mjs +3 -134
- package/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.d.ts +0 -2
- package/dist/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +3 -5
- package/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthError.d.ts +1 -19
- package/dist/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +10 -35
- package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.d.ts +0 -4
- package/dist/error/JoseHeaderError.d.ts.map +1 -1
- package/dist/error/JoseHeaderError.mjs +3 -8
- package/dist/error/JoseHeaderError.mjs.map +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/PlatformBrokerError.d.ts.map +1 -1
- package/dist/error/PlatformBrokerError.mjs +3 -2
- package/dist/error/PlatformBrokerError.mjs.map +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/exports-browser-only.d.ts +4 -3
- package/dist/exports-browser-only.d.ts.map +1 -1
- package/dist/exports-common.d.ts +11 -8
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/exports-node-only.d.ts +2 -4
- package/dist/exports-node-only.d.ts.map +1 -1
- package/dist/index-node.mjs +15 -10
- package/dist/index-node.mjs.map +1 -1
- package/dist/index.mjs +17 -11
- package/dist/index.mjs.map +1 -1
- package/dist/logger/Logger.d.ts +36 -13
- package/dist/logger/Logger.d.ts.map +1 -1
- package/dist/logger/Logger.mjs +105 -22
- package/dist/logger/Logger.mjs.map +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/RequestThumbprint.mjs +2 -2
- package/dist/network/RequestThumbprint.mjs.map +1 -1
- package/dist/network/ThrottlingUtils.d.ts.map +1 -1
- package/dist/network/ThrottlingUtils.mjs +6 -7
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.d.ts.map +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +1 -2
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +14 -14
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/protocol/Token.d.ts +40 -0
- package/dist/protocol/Token.d.ts.map +1 -0
- package/dist/protocol/Token.mjs +129 -0
- package/dist/protocol/Token.mjs.map +1 -0
- package/dist/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/dist/request/AuthenticationHeaderParser.mjs +3 -3
- package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist/request/BaseAuthRequest.d.ts +4 -8
- package/dist/request/BaseAuthRequest.d.ts.map +1 -1
- package/dist/request/CommonAuthorizationCodeRequest.d.ts +2 -1
- package/dist/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
- package/dist/request/CommonAuthorizationUrlRequest.d.ts +2 -4
- package/dist/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
- package/dist/request/CommonRefreshTokenRequest.d.ts +2 -1
- package/dist/request/CommonRefreshTokenRequest.d.ts.map +1 -1
- package/dist/request/CommonSilentFlowRequest.d.ts +2 -1
- package/dist/request/CommonSilentFlowRequest.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.d.ts +6 -12
- package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +11 -24
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/ScopeSet.mjs +5 -5
- package/dist/request/ScopeSet.mjs.map +1 -1
- package/dist/response/AuthenticationResult.d.ts +1 -1
- package/dist/response/AuthenticationResult.d.ts.map +1 -1
- package/dist/response/ResponseHandler.d.ts +7 -6
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +41 -43
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/IPerformanceClient.d.ts +0 -29
- package/dist/telemetry/performance/IPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.d.ts +5 -81
- package/dist/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +24 -170
- package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.d.ts +1 -280
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +2 -483
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvents.d.ts +66 -0
- package/dist/telemetry/performance/PerformanceEvents.d.ts.map +1 -0
- package/dist/telemetry/performance/PerformanceEvents.mjs +74 -0
- package/dist/telemetry/performance/PerformanceEvents.mjs.map +1 -0
- package/dist/telemetry/performance/StubPerformanceClient.d.ts +0 -4
- package/dist/telemetry/performance/StubPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +2 -26
- package/dist/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.d.ts +2 -2
- package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +28 -30
- package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/url/UrlString.d.ts +0 -5
- package/dist/url/UrlString.d.ts.map +1 -1
- package/dist/url/UrlString.mjs +5 -13
- package/dist/url/UrlString.mjs.map +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.d.ts +81 -112
- package/dist/utils/Constants.d.ts.map +1 -1
- package/dist/utils/Constants.mjs +100 -127
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.d.ts +2 -2
- package/dist/utils/FunctionWrappers.d.ts.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +19 -20
- package/dist/utils/FunctionWrappers.mjs.map +1 -1
- package/dist/utils/ProtocolUtils.d.ts +14 -35
- package/dist/utils/ProtocolUtils.d.ts.map +1 -1
- package/dist/utils/ProtocolUtils.mjs +57 -61
- package/dist/utils/ProtocolUtils.mjs.map +1 -1
- package/dist/utils/StateTypes.d.ts +15 -0
- package/dist/utils/StateTypes.d.ts.map +1 -0
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.d.ts +1 -2
- package/dist/utils/UrlUtils.d.ts.map +1 -1
- package/dist/utils/UrlUtils.mjs +3 -10
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +26 -206
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-4Jss3kYh.js → index-node-B7mR4APO.js} +3494 -4270
- package/lib/index-node-B7mR4APO.js.map +1 -0
- package/lib/index-node.cjs +6 -34
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +5 -34
- package/lib/index.cjs.map +1 -1
- package/lib/types/account/AccountInfo.d.ts +0 -1
- package/lib/types/account/AccountInfo.d.ts.map +1 -1
- package/lib/types/account/AuthToken.d.ts.map +1 -1
- package/lib/types/account/ClientInfo.d.ts.map +1 -1
- package/lib/types/authority/Authority.d.ts +2 -2
- package/lib/types/authority/Authority.d.ts.map +1 -1
- package/lib/types/authority/AuthorityFactory.d.ts +6 -2
- package/lib/types/authority/AuthorityFactory.d.ts.map +1 -1
- package/lib/types/authority/AuthorityMetadata.d.ts +2 -2
- package/lib/types/authority/AuthorityMetadata.d.ts.map +1 -1
- package/lib/types/authority/AuthorityOptions.d.ts +0 -1
- package/lib/types/authority/AuthorityOptions.d.ts.map +1 -1
- package/lib/types/authority/OIDCOptions.d.ts +2 -2
- package/lib/types/authority/OIDCOptions.d.ts.map +1 -1
- package/lib/types/authority/RegionDiscovery.d.ts +3 -3
- package/lib/types/authority/RegionDiscovery.d.ts.map +1 -1
- package/lib/types/cache/CacheManager.d.ts +26 -19
- package/lib/types/cache/CacheManager.d.ts.map +1 -1
- package/lib/types/cache/entities/AccessTokenEntity.d.ts +0 -4
- package/lib/types/cache/entities/AccessTokenEntity.d.ts.map +1 -1
- package/lib/types/cache/entities/AccountEntity.d.ts +4 -56
- package/lib/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/lib/types/cache/entities/CredentialEntity.d.ts +0 -2
- package/lib/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/lib/types/cache/interface/ICacheManager.d.ts +35 -17
- package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
- package/lib/types/cache/utils/AccountEntityUtils.d.ts +53 -0
- package/lib/types/cache/utils/AccountEntityUtils.d.ts.map +1 -0
- package/lib/types/cache/utils/CacheHelpers.d.ts +2 -2
- package/lib/types/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/lib/types/cache/utils/CacheTypes.d.ts +0 -1
- package/lib/types/cache/utils/CacheTypes.d.ts.map +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts +23 -4
- package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts +17 -4
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/client/SilentFlowClient.d.ts +17 -4
- package/lib/types/client/SilentFlowClient.d.ts.map +1 -1
- package/lib/types/config/ClientConfiguration.d.ts +2 -22
- package/lib/types/config/ClientConfiguration.d.ts.map +1 -1
- package/lib/types/crypto/ICrypto.d.ts +5 -3
- package/lib/types/crypto/ICrypto.d.ts.map +1 -1
- package/lib/types/crypto/PopTokenGenerator.d.ts +2 -2
- package/lib/types/crypto/PopTokenGenerator.d.ts.map +1 -1
- package/lib/types/error/AuthError.d.ts +1 -18
- package/lib/types/error/AuthError.d.ts.map +1 -1
- package/lib/types/error/CacheError.d.ts +1 -6
- package/lib/types/error/CacheError.d.ts.map +1 -1
- package/lib/types/error/ClientAuthError.d.ts +0 -229
- package/lib/types/error/ClientAuthError.d.ts.map +1 -1
- package/lib/types/error/ClientAuthErrorCodes.d.ts +0 -8
- package/lib/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/lib/types/error/ClientConfigurationError.d.ts +0 -128
- package/lib/types/error/ClientConfigurationError.d.ts.map +1 -1
- package/lib/types/error/ClientConfigurationErrorCodes.d.ts +0 -2
- package/lib/types/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
- package/lib/types/error/InteractionRequiredAuthError.d.ts +1 -19
- package/lib/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/lib/types/error/JoseHeaderError.d.ts +0 -4
- package/lib/types/error/JoseHeaderError.d.ts.map +1 -1
- package/lib/types/error/PlatformBrokerError.d.ts.map +1 -1
- package/lib/types/exports-browser-only.d.ts +4 -3
- package/lib/types/exports-browser-only.d.ts.map +1 -1
- package/lib/types/exports-common.d.ts +11 -8
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/exports-node-only.d.ts +2 -4
- package/lib/types/exports-node-only.d.ts.map +1 -1
- package/lib/types/logger/Logger.d.ts +36 -13
- package/lib/types/logger/Logger.d.ts.map +1 -1
- package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/packageMetadata.d.ts.map +1 -1
- package/lib/types/protocol/Authorize.d.ts +1 -2
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/protocol/Token.d.ts +40 -0
- package/lib/types/protocol/Token.d.ts.map +1 -0
- package/lib/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/lib/types/request/BaseAuthRequest.d.ts +4 -8
- package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/lib/types/request/CommonAuthorizationCodeRequest.d.ts +2 -1
- package/lib/types/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
- package/lib/types/request/CommonAuthorizationUrlRequest.d.ts +2 -4
- package/lib/types/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
- package/lib/types/request/CommonRefreshTokenRequest.d.ts +2 -1
- package/lib/types/request/CommonRefreshTokenRequest.d.ts.map +1 -1
- package/lib/types/request/CommonSilentFlowRequest.d.ts +2 -1
- package/lib/types/request/CommonSilentFlowRequest.d.ts.map +1 -1
- package/lib/types/request/RequestParameterBuilder.d.ts +6 -12
- package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/lib/types/response/AuthenticationResult.d.ts +1 -1
- package/lib/types/response/AuthenticationResult.d.ts.map +1 -1
- package/lib/types/response/ResponseHandler.d.ts +7 -6
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/performance/IPerformanceClient.d.ts +0 -29
- package/lib/types/telemetry/performance/IPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceClient.d.ts +5 -81
- package/lib/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts +1 -280
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvents.d.ts +66 -0
- package/lib/types/telemetry/performance/PerformanceEvents.d.ts.map +1 -0
- package/lib/types/telemetry/performance/StubPerformanceClient.d.ts +0 -4
- package/lib/types/telemetry/performance/StubPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/server/ServerTelemetryManager.d.ts +2 -2
- package/lib/types/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/lib/types/url/UrlString.d.ts +0 -5
- package/lib/types/url/UrlString.d.ts.map +1 -1
- package/lib/types/utils/Constants.d.ts +81 -112
- package/lib/types/utils/Constants.d.ts.map +1 -1
- package/lib/types/utils/FunctionWrappers.d.ts +2 -2
- package/lib/types/utils/FunctionWrappers.d.ts.map +1 -1
- package/lib/types/utils/ProtocolUtils.d.ts +14 -35
- package/lib/types/utils/ProtocolUtils.d.ts.map +1 -1
- package/lib/types/utils/StateTypes.d.ts +15 -0
- package/lib/types/utils/StateTypes.d.ts.map +1 -0
- package/lib/types/utils/UrlUtils.d.ts +1 -2
- package/lib/types/utils/UrlUtils.d.ts.map +1 -1
- package/package.json +7 -7
- package/src/account/AccountInfo.ts +0 -1
- package/src/account/AuthToken.ts +1 -2
- package/src/account/ClientInfo.ts +3 -6
- package/src/authority/Authority.ts +145 -146
- package/src/authority/AuthorityFactory.ts +7 -7
- package/src/authority/AuthorityMetadata.ts +54 -47
- package/src/authority/AuthorityOptions.ts +0 -1
- package/src/authority/OIDCOptions.ts +2 -2
- package/src/authority/RegionDiscovery.ts +20 -33
- package/src/cache/CacheManager.ts +177 -128
- package/src/cache/entities/AccessTokenEntity.ts +0 -4
- package/src/cache/entities/AccountEntity.ts +4 -292
- package/src/cache/entities/CredentialEntity.ts +0 -2
- package/src/cache/interface/ICacheManager.ts +55 -20
- package/src/cache/utils/AccountEntityUtils.ts +258 -0
- package/src/cache/utils/CacheHelpers.ts +23 -37
- package/src/cache/utils/CacheTypes.ts +0 -1
- package/src/client/AuthorizationCodeClient.ts +146 -58
- package/src/client/RefreshTokenClient.ts +108 -65
- package/src/client/SilentFlowClient.ts +74 -25
- package/src/config/ClientConfiguration.ts +9 -37
- package/src/crypto/ICrypto.ts +5 -3
- package/src/crypto/PopTokenGenerator.ts +3 -13
- package/src/error/AuthError.ts +11 -30
- package/src/error/CacheError.ts +4 -15
- package/src/error/ClientAuthError.ts +1 -317
- package/src/error/ClientAuthErrorCodes.ts +0 -8
- package/src/error/ClientConfigurationError.ts +1 -202
- package/src/error/ClientConfigurationErrorCodes.ts +0 -4
- package/src/error/InteractionRequiredAuthError.ts +8 -48
- package/src/error/JoseHeaderError.ts +1 -8
- package/src/error/PlatformBrokerError.ts +2 -1
- package/src/exports-browser-only.ts +2 -6
- package/src/exports-common.ts +8 -40
- package/src/exports-node-only.ts +5 -4
- package/src/logger/Logger.ts +174 -39
- package/src/network/RequestThumbprint.ts +1 -1
- package/src/network/ThrottlingUtils.ts +12 -15
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +24 -20
- package/src/protocol/Token.ts +230 -0
- package/src/request/AuthenticationHeaderParser.ts +2 -4
- package/src/request/BaseAuthRequest.ts +4 -8
- package/src/request/CommonAuthorizationCodeRequest.ts +2 -1
- package/src/request/CommonAuthorizationUrlRequest.ts +2 -4
- package/src/request/CommonRefreshTokenRequest.ts +2 -1
- package/src/request/CommonSilentFlowRequest.ts +2 -1
- package/src/request/RequestParameterBuilder.ts +35 -50
- package/src/request/ScopeSet.ts +4 -4
- package/src/response/AuthenticationResult.ts +1 -1
- package/src/response/ResponseHandler.ts +56 -60
- package/src/telemetry/performance/IPerformanceClient.ts +0 -40
- package/src/telemetry/performance/PerformanceClient.ts +26 -295
- package/src/telemetry/performance/PerformanceEvent.ts +3 -582
- package/src/telemetry/performance/PerformanceEvents.ts +98 -0
- package/src/telemetry/performance/StubPerformanceClient.ts +0 -16
- package/src/telemetry/server/ServerTelemetryManager.ts +33 -44
- package/src/url/UrlString.ts +3 -12
- package/src/utils/Constants.ts +103 -140
- package/src/utils/FunctionWrappers.ts +28 -29
- package/src/utils/ProtocolUtils.ts +67 -93
- package/src/utils/StateTypes.ts +20 -0
- package/src/utils/UrlUtils.ts +2 -15
- package/dist/cache/entities/AccountEntity.mjs +0 -232
- package/dist/cache/entities/AccountEntity.mjs.map +0 -1
- package/dist/client/BaseClient.d.ts +0 -59
- package/dist/client/BaseClient.d.ts.map +0 -1
- package/dist/client/BaseClient.mjs +0 -167
- package/dist/client/BaseClient.mjs.map +0 -1
- package/dist/index-browser.mjs +0 -72
- package/dist/index-browser.mjs.map +0 -1
- package/dist/request/CommonClientCredentialRequest.d.ts +0 -18
- package/dist/request/CommonClientCredentialRequest.d.ts.map +0 -1
- package/dist/request/CommonDeviceCodeRequest.d.ts +0 -22
- package/dist/request/CommonDeviceCodeRequest.d.ts.map +0 -1
- package/dist/request/CommonOnBehalfOfRequest.d.ts +0 -14
- package/dist/request/CommonOnBehalfOfRequest.d.ts.map +0 -1
- package/dist/request/CommonUsernamePasswordRequest.d.ts +0 -18
- package/dist/request/CommonUsernamePasswordRequest.d.ts.map +0 -1
- package/lib/index-node-4Jss3kYh.js.map +0 -1
- package/lib/types/client/BaseClient.d.ts +0 -59
- package/lib/types/client/BaseClient.d.ts.map +0 -1
- package/lib/types/request/CommonClientCredentialRequest.d.ts +0 -18
- package/lib/types/request/CommonClientCredentialRequest.d.ts.map +0 -1
- package/lib/types/request/CommonDeviceCodeRequest.d.ts +0 -22
- package/lib/types/request/CommonDeviceCodeRequest.d.ts.map +0 -1
- package/lib/types/request/CommonOnBehalfOfRequest.d.ts +0 -14
- package/lib/types/request/CommonOnBehalfOfRequest.d.ts.map +0 -1
- package/lib/types/request/CommonUsernamePasswordRequest.d.ts +0 -18
- package/lib/types/request/CommonUsernamePasswordRequest.d.ts.map +0 -1
- package/src/client/BaseClient.ts +0 -320
- package/src/request/CommonClientCredentialRequest.ts +0 -23
- package/src/request/CommonDeviceCodeRequest.ts +0 -31
- package/src/request/CommonOnBehalfOfRequest.ts +0 -19
- package/src/request/CommonUsernamePasswordRequest.ts +0 -23
|
@@ -13,13 +13,7 @@ import {
|
|
|
13
13
|
TenantProfileFilter,
|
|
14
14
|
} from "./utils/CacheTypes.js";
|
|
15
15
|
import { CacheRecord } from "./entities/CacheRecord.js";
|
|
16
|
-
import
|
|
17
|
-
CredentialType,
|
|
18
|
-
APP_METADATA,
|
|
19
|
-
THE_FAMILY_ID,
|
|
20
|
-
AUTHORITY_METADATA_CONSTANTS,
|
|
21
|
-
AuthenticationScheme,
|
|
22
|
-
} from "../utils/Constants.js";
|
|
16
|
+
import * as Constants from "../utils/Constants.js";
|
|
23
17
|
import { CredentialEntity } from "./entities/CredentialEntity.js";
|
|
24
18
|
import { ScopeSet } from "../request/ScopeSet.js";
|
|
25
19
|
import { AccountEntity } from "./entities/AccountEntity.js";
|
|
@@ -51,6 +45,7 @@ import { StaticAuthorityOptions } from "../authority/AuthorityOptions.js";
|
|
|
51
45
|
import { TokenClaims } from "../account/TokenClaims.js";
|
|
52
46
|
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
53
47
|
import { createCacheError } from "../error/CacheError.js";
|
|
48
|
+
import * as AccountEntityUtils from "./utils/AccountEntityUtils.js";
|
|
54
49
|
import { AuthError } from "../error/AuthError.js";
|
|
55
50
|
|
|
56
51
|
/**
|
|
@@ -162,8 +157,12 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
162
157
|
/**
|
|
163
158
|
* fetch appMetadata entity from the platform cache
|
|
164
159
|
* @param appMetadataKey
|
|
160
|
+
* @param correlationId
|
|
165
161
|
*/
|
|
166
|
-
abstract getAppMetadata(
|
|
162
|
+
abstract getAppMetadata(
|
|
163
|
+
appMetadataKey: string,
|
|
164
|
+
correlationId: string
|
|
165
|
+
): AppMetadataEntity | null;
|
|
167
166
|
|
|
168
167
|
/**
|
|
169
168
|
* set appMetadata entity to the platform cache
|
|
@@ -177,15 +176,18 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
177
176
|
/**
|
|
178
177
|
* fetch server telemetry entity from the platform cache
|
|
179
178
|
* @param serverTelemetryKey
|
|
179
|
+
* @param correlationId
|
|
180
180
|
*/
|
|
181
181
|
abstract getServerTelemetry(
|
|
182
|
-
serverTelemetryKey: string
|
|
182
|
+
serverTelemetryKey: string,
|
|
183
|
+
correlationId: string
|
|
183
184
|
): ServerTelemetryEntity | null;
|
|
184
185
|
|
|
185
186
|
/**
|
|
186
187
|
* set server telemetry entity to the platform cache
|
|
187
188
|
* @param serverTelemetryKey
|
|
188
189
|
* @param serverTelemetry
|
|
190
|
+
* @param correlationId
|
|
189
191
|
*/
|
|
190
192
|
abstract setServerTelemetry(
|
|
191
193
|
serverTelemetryKey: string,
|
|
@@ -196,8 +198,12 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
196
198
|
/**
|
|
197
199
|
* fetch cloud discovery metadata entity from the platform cache
|
|
198
200
|
* @param key
|
|
201
|
+
* @param correlationId
|
|
199
202
|
*/
|
|
200
|
-
abstract getAuthorityMetadata(
|
|
203
|
+
abstract getAuthorityMetadata(
|
|
204
|
+
key: string,
|
|
205
|
+
correlationId: string
|
|
206
|
+
): AuthorityMetadataEntity | null;
|
|
201
207
|
|
|
202
208
|
/**
|
|
203
209
|
*
|
|
@@ -208,18 +214,22 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
208
214
|
* set cloud discovery metadata entity to the platform cache
|
|
209
215
|
* @param key
|
|
210
216
|
* @param value
|
|
217
|
+
* @param correlationId
|
|
211
218
|
*/
|
|
212
219
|
abstract setAuthorityMetadata(
|
|
213
220
|
key: string,
|
|
214
|
-
value: AuthorityMetadataEntity
|
|
221
|
+
value: AuthorityMetadataEntity,
|
|
222
|
+
correlationId: string
|
|
215
223
|
): void;
|
|
216
224
|
|
|
217
225
|
/**
|
|
218
226
|
* fetch throttling entity from the platform cache
|
|
219
227
|
* @param throttlingCacheKey
|
|
228
|
+
* @param correlationId
|
|
220
229
|
*/
|
|
221
230
|
abstract getThrottlingCache(
|
|
222
|
-
throttlingCacheKey: string
|
|
231
|
+
throttlingCacheKey: string,
|
|
232
|
+
correlationId: string
|
|
223
233
|
): ThrottlingEntity | null;
|
|
224
234
|
|
|
225
235
|
/**
|
|
@@ -272,7 +282,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
272
282
|
* @returns Array of AccountInfo objects in cache
|
|
273
283
|
*/
|
|
274
284
|
getAllAccounts(
|
|
275
|
-
accountFilter: AccountFilter,
|
|
285
|
+
accountFilter: AccountFilter = {},
|
|
276
286
|
correlationId: string
|
|
277
287
|
): AccountInfo[] {
|
|
278
288
|
return this.buildTenantProfiles(
|
|
@@ -289,15 +299,6 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
289
299
|
accountFilter: AccountFilter,
|
|
290
300
|
correlationId: string
|
|
291
301
|
): AccountInfo | null {
|
|
292
|
-
if (
|
|
293
|
-
Object.keys(accountFilter).length === 0 ||
|
|
294
|
-
Object.values(accountFilter).every((value) => !value)
|
|
295
|
-
) {
|
|
296
|
-
this.commonLogger.warning(
|
|
297
|
-
"getAccountInfoFilteredBy: Account filter is empty or invalid, returning null"
|
|
298
|
-
);
|
|
299
|
-
return null;
|
|
300
|
-
}
|
|
301
302
|
const allAccounts = this.getAllAccounts(accountFilter, correlationId);
|
|
302
303
|
if (allAccounts.length > 1) {
|
|
303
304
|
// If one or more accounts are found, prioritize accounts that have an ID token
|
|
@@ -327,7 +328,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
327
328
|
correlationId
|
|
328
329
|
);
|
|
329
330
|
if (accountEntities.length > 0) {
|
|
330
|
-
return
|
|
331
|
+
return AccountEntityUtils.getAccountInfo(accountEntities[0]);
|
|
331
332
|
} else {
|
|
332
333
|
return null;
|
|
333
334
|
}
|
|
@@ -417,7 +418,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
417
418
|
targetTenantId?: string,
|
|
418
419
|
tenantProfileFilter?: TenantProfileFilter
|
|
419
420
|
): AccountInfo[] {
|
|
420
|
-
const accountInfo =
|
|
421
|
+
const accountInfo = AccountEntityUtils.getAccountInfo(accountEntity);
|
|
421
422
|
let searchTenantProfiles: Map<string, TenantProfile> =
|
|
422
423
|
accountInfo.tenantProfiles || new Map<string, TenantProfile>();
|
|
423
424
|
const tokenKeys = this.getTokenKeys();
|
|
@@ -541,9 +542,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
541
542
|
/**
|
|
542
543
|
* saves a cache record
|
|
543
544
|
* @param cacheRecord {CacheRecord}
|
|
544
|
-
* @param correlationId {?string} correlation id
|
|
545
|
-
* @param kmsi - Keep Me Signed In
|
|
546
545
|
* @param storeInCache {?StoreInCache}
|
|
546
|
+
* @param correlationId {?string} correlation id
|
|
547
547
|
*/
|
|
548
548
|
async saveCacheRecord(
|
|
549
549
|
cacheRecord: CacheRecord,
|
|
@@ -596,7 +596,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
596
596
|
this.setAppMetadata(cacheRecord.appMetadata, correlationId);
|
|
597
597
|
}
|
|
598
598
|
} catch (e: unknown) {
|
|
599
|
-
this.commonLogger?.error(
|
|
599
|
+
this.commonLogger?.error(
|
|
600
|
+
`CacheManager.saveCacheRecord: failed`,
|
|
601
|
+
correlationId
|
|
602
|
+
);
|
|
600
603
|
if (e instanceof AuthError) {
|
|
601
604
|
throw e;
|
|
602
605
|
} else {
|
|
@@ -621,7 +624,6 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
621
624
|
homeAccountId: credential.homeAccountId,
|
|
622
625
|
realm: credential.realm,
|
|
623
626
|
tokenType: credential.tokenType,
|
|
624
|
-
requestedClaimsHash: credential.requestedClaimsHash,
|
|
625
627
|
};
|
|
626
628
|
|
|
627
629
|
const tokenKeys = this.getTokenKeys();
|
|
@@ -641,7 +643,11 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
641
643
|
|
|
642
644
|
if (
|
|
643
645
|
tokenEntity &&
|
|
644
|
-
this.credentialMatchesFilter(
|
|
646
|
+
this.credentialMatchesFilter(
|
|
647
|
+
tokenEntity,
|
|
648
|
+
accessTokenFilter,
|
|
649
|
+
correlationId
|
|
650
|
+
)
|
|
645
651
|
) {
|
|
646
652
|
const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
|
|
647
653
|
if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
|
|
@@ -691,7 +697,11 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
691
697
|
|
|
692
698
|
if (
|
|
693
699
|
!!accountFilter.environment &&
|
|
694
|
-
!this.matchEnvironment(
|
|
700
|
+
!this.matchEnvironment(
|
|
701
|
+
entity,
|
|
702
|
+
accountFilter.environment,
|
|
703
|
+
correlationId
|
|
704
|
+
)
|
|
695
705
|
) {
|
|
696
706
|
return;
|
|
697
707
|
}
|
|
@@ -750,11 +760,13 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
750
760
|
* Returns whether or not the given credential entity matches the filter
|
|
751
761
|
* @param entity
|
|
752
762
|
* @param filter
|
|
763
|
+
* @param correlationId
|
|
753
764
|
* @returns
|
|
754
765
|
*/
|
|
755
766
|
credentialMatchesFilter(
|
|
756
767
|
entity: ValidCredentialType,
|
|
757
|
-
filter: CredentialFilter
|
|
768
|
+
filter: CredentialFilter,
|
|
769
|
+
correlationId: string
|
|
758
770
|
): boolean {
|
|
759
771
|
if (!!filter.clientId && !this.matchClientId(entity, filter.clientId)) {
|
|
760
772
|
return false;
|
|
@@ -780,7 +792,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
780
792
|
|
|
781
793
|
if (
|
|
782
794
|
!!filter.environment &&
|
|
783
|
-
!this.matchEnvironment(entity, filter.environment)
|
|
795
|
+
!this.matchEnvironment(entity, filter.environment, correlationId)
|
|
784
796
|
) {
|
|
785
797
|
return false;
|
|
786
798
|
}
|
|
@@ -808,18 +820,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
808
820
|
return false;
|
|
809
821
|
}
|
|
810
822
|
|
|
811
|
-
// If request OR cached entity has requested Claims Hash, check if they match
|
|
812
|
-
if (filter.requestedClaimsHash || entity.requestedClaimsHash) {
|
|
813
|
-
// Don't match if either is undefined or they are different
|
|
814
|
-
if (entity.requestedClaimsHash !== filter.requestedClaimsHash) {
|
|
815
|
-
return false;
|
|
816
|
-
}
|
|
817
|
-
}
|
|
818
|
-
|
|
819
823
|
// Access Token with Auth Scheme specific matching
|
|
820
824
|
if (
|
|
821
825
|
entity.credentialType ===
|
|
822
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME
|
|
826
|
+
Constants.CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME
|
|
823
827
|
) {
|
|
824
828
|
if (
|
|
825
829
|
!!filter.tokenType &&
|
|
@@ -829,7 +833,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
829
833
|
}
|
|
830
834
|
|
|
831
835
|
// KeyId (sshKid) in request must match cached SSH certificate keyId because SSH cert is bound to a specific key
|
|
832
|
-
if (filter.tokenType === AuthenticationScheme.SSH) {
|
|
836
|
+
if (filter.tokenType === Constants.AuthenticationScheme.SSH) {
|
|
833
837
|
if (filter.keyId && !this.matchKeyId(entity, filter.keyId)) {
|
|
834
838
|
return false;
|
|
835
839
|
}
|
|
@@ -842,8 +846,12 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
842
846
|
/**
|
|
843
847
|
* retrieve appMetadata matching all provided filters; if no filter is set, get all appMetadata
|
|
844
848
|
* @param filter
|
|
849
|
+
* @param correlationId
|
|
845
850
|
*/
|
|
846
|
-
getAppMetadataFilteredBy(
|
|
851
|
+
getAppMetadataFilteredBy(
|
|
852
|
+
filter: AppMetadataFilter,
|
|
853
|
+
correlationId: string
|
|
854
|
+
): AppMetadataCache {
|
|
847
855
|
const allCacheKeys = this.getKeys();
|
|
848
856
|
const matchingAppMetadata: AppMetadataCache = {};
|
|
849
857
|
|
|
@@ -854,7 +862,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
854
862
|
}
|
|
855
863
|
|
|
856
864
|
// Attempt retrieval
|
|
857
|
-
const entity = this.getAppMetadata(cacheKey);
|
|
865
|
+
const entity = this.getAppMetadata(cacheKey, correlationId);
|
|
858
866
|
|
|
859
867
|
if (!entity) {
|
|
860
868
|
return;
|
|
@@ -862,7 +870,11 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
862
870
|
|
|
863
871
|
if (
|
|
864
872
|
!!filter.environment &&
|
|
865
|
-
!this.matchEnvironment(
|
|
873
|
+
!this.matchEnvironment(
|
|
874
|
+
entity,
|
|
875
|
+
filter.environment,
|
|
876
|
+
correlationId
|
|
877
|
+
)
|
|
866
878
|
) {
|
|
867
879
|
return;
|
|
868
880
|
}
|
|
@@ -882,9 +894,13 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
882
894
|
|
|
883
895
|
/**
|
|
884
896
|
* retrieve authorityMetadata that contains a matching alias
|
|
885
|
-
* @param
|
|
897
|
+
* @param host
|
|
898
|
+
* @param correlationId
|
|
886
899
|
*/
|
|
887
|
-
getAuthorityMetadataByAlias(
|
|
900
|
+
getAuthorityMetadataByAlias(
|
|
901
|
+
host: string,
|
|
902
|
+
correlationId: string
|
|
903
|
+
): AuthorityMetadataEntity | null {
|
|
888
904
|
const allCacheKeys = this.getAuthorityMetadataKeys();
|
|
889
905
|
let matchedEntity = null;
|
|
890
906
|
|
|
@@ -898,7 +914,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
898
914
|
}
|
|
899
915
|
|
|
900
916
|
// Attempt retrieval
|
|
901
|
-
const entity = this.getAuthorityMetadata(cacheKey);
|
|
917
|
+
const entity = this.getAuthorityMetadata(cacheKey, correlationId);
|
|
902
918
|
|
|
903
919
|
if (!entity) {
|
|
904
920
|
return;
|
|
@@ -973,42 +989,47 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
973
989
|
}
|
|
974
990
|
|
|
975
991
|
/**
|
|
976
|
-
*
|
|
992
|
+
* returns a boolean if the given credential is removed
|
|
977
993
|
* @param key
|
|
978
994
|
* @param correlationId
|
|
979
995
|
*/
|
|
980
996
|
removeAccessToken(key: string, correlationId: string): void {
|
|
981
997
|
const credential = this.getAccessTokenCredential(key, correlationId);
|
|
998
|
+
if (!credential) {
|
|
999
|
+
return;
|
|
1000
|
+
}
|
|
1001
|
+
|
|
982
1002
|
this.removeItem(key, correlationId);
|
|
983
1003
|
this.performanceClient.incrementFields(
|
|
984
1004
|
{ accessTokensRemoved: 1 },
|
|
985
1005
|
correlationId
|
|
986
1006
|
);
|
|
987
1007
|
|
|
1008
|
+
// Remove Token Binding Key from key store for PoP Tokens Credentials
|
|
988
1009
|
if (
|
|
989
|
-
|
|
990
|
-
|
|
991
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase() ||
|
|
992
|
-
credential.tokenType !== AuthenticationScheme.POP
|
|
1010
|
+
credential.credentialType.toLowerCase() ===
|
|
1011
|
+
Constants.CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()
|
|
993
1012
|
) {
|
|
994
|
-
|
|
995
|
-
|
|
996
|
-
|
|
997
|
-
|
|
998
|
-
|
|
999
|
-
|
|
1000
|
-
|
|
1001
|
-
|
|
1002
|
-
|
|
1003
|
-
|
|
1004
|
-
|
|
1005
|
-
|
|
1006
|
-
|
|
1007
|
-
|
|
1008
|
-
|
|
1009
|
-
|
|
1010
|
-
|
|
1011
|
-
|
|
1013
|
+
if (credential.tokenType === Constants.AuthenticationScheme.POP) {
|
|
1014
|
+
const accessTokenWithAuthSchemeEntity =
|
|
1015
|
+
credential as AccessTokenEntity;
|
|
1016
|
+
const kid = accessTokenWithAuthSchemeEntity.keyId;
|
|
1017
|
+
|
|
1018
|
+
if (kid) {
|
|
1019
|
+
void this.cryptoImpl
|
|
1020
|
+
.removeTokenBindingKey(kid, correlationId)
|
|
1021
|
+
.catch(() => {
|
|
1022
|
+
this.commonLogger.error(
|
|
1023
|
+
`Failed to remove token binding key '${kid}'`,
|
|
1024
|
+
correlationId
|
|
1025
|
+
);
|
|
1026
|
+
this.performanceClient?.incrementFields(
|
|
1027
|
+
{ removeTokenBindingKeyFailure: 1 },
|
|
1028
|
+
correlationId
|
|
1029
|
+
);
|
|
1030
|
+
});
|
|
1031
|
+
}
|
|
1032
|
+
}
|
|
1012
1033
|
}
|
|
1013
1034
|
}
|
|
1014
1035
|
|
|
@@ -1038,14 +1059,16 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1038
1059
|
account: AccountInfo,
|
|
1039
1060
|
correlationId: string,
|
|
1040
1061
|
tokenKeys?: TokenKeys,
|
|
1041
|
-
targetRealm?: string
|
|
1042
|
-
performanceClient?: IPerformanceClient
|
|
1062
|
+
targetRealm?: string
|
|
1043
1063
|
): IdTokenEntity | null {
|
|
1044
|
-
this.commonLogger.trace(
|
|
1064
|
+
this.commonLogger.trace(
|
|
1065
|
+
"CacheManager - getIdToken called",
|
|
1066
|
+
correlationId
|
|
1067
|
+
);
|
|
1045
1068
|
const idTokenFilter: CredentialFilter = {
|
|
1046
1069
|
homeAccountId: account.homeAccountId,
|
|
1047
1070
|
environment: account.environment,
|
|
1048
|
-
credentialType: CredentialType.ID_TOKEN,
|
|
1071
|
+
credentialType: Constants.CredentialType.ID_TOKEN,
|
|
1049
1072
|
clientId: this.clientId,
|
|
1050
1073
|
realm: targetRealm,
|
|
1051
1074
|
};
|
|
@@ -1059,7 +1082,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1059
1082
|
const numIdTokens = idTokenMap.size;
|
|
1060
1083
|
|
|
1061
1084
|
if (numIdTokens < 1) {
|
|
1062
|
-
this.commonLogger.info(
|
|
1085
|
+
this.commonLogger.info(
|
|
1086
|
+
"CacheManager:getIdToken - No token found",
|
|
1087
|
+
correlationId
|
|
1088
|
+
);
|
|
1063
1089
|
return null;
|
|
1064
1090
|
} else if (numIdTokens > 1) {
|
|
1065
1091
|
let tokensToBeRemoved: Map<string, IdTokenEntity> = idTokenMap;
|
|
@@ -1077,12 +1103,14 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1077
1103
|
const numHomeIdTokens = homeIdTokenMap.size;
|
|
1078
1104
|
if (numHomeIdTokens < 1) {
|
|
1079
1105
|
this.commonLogger.info(
|
|
1080
|
-
"CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result"
|
|
1106
|
+
"CacheManager:getIdToken - Multiple ID tokens found for account but none match account entity tenant id, returning first result",
|
|
1107
|
+
correlationId
|
|
1081
1108
|
);
|
|
1082
1109
|
return idTokenMap.values().next().value;
|
|
1083
1110
|
} else if (numHomeIdTokens === 1) {
|
|
1084
1111
|
this.commonLogger.info(
|
|
1085
|
-
"CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile"
|
|
1112
|
+
"CacheManager:getIdToken - Multiple ID tokens found for account, defaulting to home tenant profile",
|
|
1113
|
+
correlationId
|
|
1086
1114
|
);
|
|
1087
1115
|
return homeIdTokenMap.values().next().value;
|
|
1088
1116
|
} else {
|
|
@@ -1092,21 +1120,23 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1092
1120
|
}
|
|
1093
1121
|
// Multiple tokens for a single tenant profile, remove all and return null
|
|
1094
1122
|
this.commonLogger.info(
|
|
1095
|
-
"CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"
|
|
1123
|
+
"CacheManager:getIdToken - Multiple matching ID tokens found, clearing them",
|
|
1124
|
+
correlationId
|
|
1096
1125
|
);
|
|
1097
1126
|
tokensToBeRemoved.forEach((idToken, key) => {
|
|
1098
1127
|
this.removeIdToken(key, correlationId);
|
|
1099
1128
|
});
|
|
1100
|
-
|
|
1101
|
-
|
|
1102
|
-
|
|
1103
|
-
|
|
1104
|
-
);
|
|
1105
|
-
}
|
|
1129
|
+
this.performanceClient.addFields(
|
|
1130
|
+
{ multiMatchedID: idTokenMap.size },
|
|
1131
|
+
correlationId
|
|
1132
|
+
);
|
|
1106
1133
|
return null;
|
|
1107
1134
|
}
|
|
1108
1135
|
|
|
1109
|
-
this.commonLogger.info(
|
|
1136
|
+
this.commonLogger.info(
|
|
1137
|
+
"CacheManager:getIdToken - Returning ID token",
|
|
1138
|
+
correlationId
|
|
1139
|
+
);
|
|
1110
1140
|
return idTokenMap.values().next().value;
|
|
1111
1141
|
}
|
|
1112
1142
|
|
|
@@ -1137,7 +1167,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1137
1167
|
return;
|
|
1138
1168
|
}
|
|
1139
1169
|
const idToken = this.getIdTokenCredential(key, correlationId);
|
|
1140
|
-
if (
|
|
1170
|
+
if (
|
|
1171
|
+
idToken &&
|
|
1172
|
+
this.credentialMatchesFilter(idToken, filter, correlationId)
|
|
1173
|
+
) {
|
|
1141
1174
|
idTokens.set(key, idToken);
|
|
1142
1175
|
}
|
|
1143
1176
|
});
|
|
@@ -1193,7 +1226,6 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1193
1226
|
* Retrieve AccessTokenEntity from cache
|
|
1194
1227
|
* @param account {AccountInfo}
|
|
1195
1228
|
* @param request {BaseAuthRequest}
|
|
1196
|
-
* @param correlationId {?string}
|
|
1197
1229
|
* @param tokenKeys {?TokenKeys}
|
|
1198
1230
|
* @param performanceClient {?IPerformanceClient}
|
|
1199
1231
|
*/
|
|
@@ -1210,7 +1242,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1210
1242
|
);
|
|
1211
1243
|
const scopes = ScopeSet.createSearchScopes(request.scopes);
|
|
1212
1244
|
const authScheme =
|
|
1213
|
-
request.authenticationScheme ||
|
|
1245
|
+
request.authenticationScheme ||
|
|
1246
|
+
Constants.AuthenticationScheme.BEARER;
|
|
1214
1247
|
/*
|
|
1215
1248
|
* Distinguish between Bearer and PoP/SSH token cache types
|
|
1216
1249
|
* Cast to lowercase to handle "bearer" from ADFS
|
|
@@ -1218,9 +1251,9 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1218
1251
|
const credentialType =
|
|
1219
1252
|
authScheme &&
|
|
1220
1253
|
authScheme.toLowerCase() !==
|
|
1221
|
-
AuthenticationScheme.BEARER.toLowerCase()
|
|
1222
|
-
? CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME
|
|
1223
|
-
: CredentialType.ACCESS_TOKEN;
|
|
1254
|
+
Constants.AuthenticationScheme.BEARER.toLowerCase()
|
|
1255
|
+
? Constants.CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME
|
|
1256
|
+
: Constants.CredentialType.ACCESS_TOKEN;
|
|
1224
1257
|
|
|
1225
1258
|
const accessTokenFilter: CredentialFilter = {
|
|
1226
1259
|
homeAccountId: account.homeAccountId,
|
|
@@ -1231,7 +1264,6 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1231
1264
|
target: scopes,
|
|
1232
1265
|
tokenType: authScheme,
|
|
1233
1266
|
keyId: request.sshKid,
|
|
1234
|
-
requestedClaimsHash: request.requestedClaimsHash,
|
|
1235
1267
|
};
|
|
1236
1268
|
|
|
1237
1269
|
const accessTokenKeys =
|
|
@@ -1252,7 +1284,11 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1252
1284
|
// Validate value
|
|
1253
1285
|
if (
|
|
1254
1286
|
accessToken &&
|
|
1255
|
-
this.credentialMatchesFilter(
|
|
1287
|
+
this.credentialMatchesFilter(
|
|
1288
|
+
accessToken,
|
|
1289
|
+
accessTokenFilter,
|
|
1290
|
+
correlationId
|
|
1291
|
+
)
|
|
1256
1292
|
) {
|
|
1257
1293
|
accessTokens.push(accessToken);
|
|
1258
1294
|
}
|
|
@@ -1322,13 +1358,6 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1322
1358
|
return false;
|
|
1323
1359
|
}
|
|
1324
1360
|
|
|
1325
|
-
if (
|
|
1326
|
-
filter.requestedClaimsHash &&
|
|
1327
|
-
key.indexOf(filter.requestedClaimsHash.toLowerCase()) === -1
|
|
1328
|
-
) {
|
|
1329
|
-
return false;
|
|
1330
|
-
}
|
|
1331
|
-
|
|
1332
1361
|
if (filter.target) {
|
|
1333
1362
|
const scopes = filter.target.asArray();
|
|
1334
1363
|
for (let i = 0; i < scopes.length; i++) {
|
|
@@ -1374,7 +1403,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1374
1403
|
);
|
|
1375
1404
|
if (
|
|
1376
1405
|
accessToken &&
|
|
1377
|
-
this.credentialMatchesFilter(accessToken, filter)
|
|
1406
|
+
this.credentialMatchesFilter(accessToken, filter, correlationId)
|
|
1378
1407
|
) {
|
|
1379
1408
|
accessTokens.push(accessToken);
|
|
1380
1409
|
}
|
|
@@ -1387,23 +1416,25 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1387
1416
|
* Helper to retrieve the appropriate refresh token from cache
|
|
1388
1417
|
* @param account {AccountInfo}
|
|
1389
1418
|
* @param familyRT {boolean}
|
|
1390
|
-
* @param correlationId {?string}
|
|
1391
1419
|
* @param tokenKeys {?TokenKeys}
|
|
1392
1420
|
* @param performanceClient {?IPerformanceClient}
|
|
1421
|
+
* @param correlationId {?string}
|
|
1393
1422
|
*/
|
|
1394
1423
|
getRefreshToken(
|
|
1395
1424
|
account: AccountInfo,
|
|
1396
1425
|
familyRT: boolean,
|
|
1397
1426
|
correlationId: string,
|
|
1398
|
-
tokenKeys?: TokenKeys
|
|
1399
|
-
performanceClient?: IPerformanceClient
|
|
1427
|
+
tokenKeys?: TokenKeys
|
|
1400
1428
|
): RefreshTokenEntity | null {
|
|
1401
|
-
this.commonLogger.trace(
|
|
1402
|
-
|
|
1429
|
+
this.commonLogger.trace(
|
|
1430
|
+
"CacheManager - getRefreshToken called",
|
|
1431
|
+
correlationId
|
|
1432
|
+
);
|
|
1433
|
+
const id = familyRT ? Constants.THE_FAMILY_ID : undefined;
|
|
1403
1434
|
const refreshTokenFilter: CredentialFilter = {
|
|
1404
1435
|
homeAccountId: account.homeAccountId,
|
|
1405
1436
|
environment: account.environment,
|
|
1406
|
-
credentialType: CredentialType.REFRESH_TOKEN,
|
|
1437
|
+
credentialType: Constants.CredentialType.REFRESH_TOKEN,
|
|
1407
1438
|
clientId: this.clientId,
|
|
1408
1439
|
familyId: id,
|
|
1409
1440
|
};
|
|
@@ -1425,7 +1456,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1425
1456
|
refreshToken &&
|
|
1426
1457
|
this.credentialMatchesFilter(
|
|
1427
1458
|
refreshToken,
|
|
1428
|
-
refreshTokenFilter
|
|
1459
|
+
refreshTokenFilter,
|
|
1460
|
+
correlationId
|
|
1429
1461
|
)
|
|
1430
1462
|
) {
|
|
1431
1463
|
refreshTokens.push(refreshToken);
|
|
@@ -1436,21 +1468,23 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1436
1468
|
const numRefreshTokens = refreshTokens.length;
|
|
1437
1469
|
if (numRefreshTokens < 1) {
|
|
1438
1470
|
this.commonLogger.info(
|
|
1439
|
-
"CacheManager:getRefreshToken - No refresh token found."
|
|
1471
|
+
"CacheManager:getRefreshToken - No refresh token found.",
|
|
1472
|
+
correlationId
|
|
1440
1473
|
);
|
|
1441
1474
|
return null;
|
|
1442
1475
|
}
|
|
1443
1476
|
// address the else case after remove functions address environment aliases
|
|
1444
1477
|
|
|
1445
|
-
if (numRefreshTokens > 1
|
|
1446
|
-
performanceClient.addFields(
|
|
1478
|
+
if (numRefreshTokens > 1) {
|
|
1479
|
+
this.performanceClient.addFields(
|
|
1447
1480
|
{ multiMatchedRT: numRefreshTokens },
|
|
1448
1481
|
correlationId
|
|
1449
1482
|
);
|
|
1450
1483
|
}
|
|
1451
1484
|
|
|
1452
1485
|
this.commonLogger.info(
|
|
1453
|
-
"CacheManager:getRefreshToken - returning refresh token"
|
|
1486
|
+
"CacheManager:getRefreshToken - returning refresh token",
|
|
1487
|
+
correlationId
|
|
1454
1488
|
);
|
|
1455
1489
|
return refreshTokens[0] as RefreshTokenEntity;
|
|
1456
1490
|
}
|
|
@@ -1494,14 +1528,19 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1494
1528
|
/**
|
|
1495
1529
|
* Retrieve AppMetadataEntity from cache
|
|
1496
1530
|
*/
|
|
1497
|
-
readAppMetadataFromCache(
|
|
1531
|
+
readAppMetadataFromCache(
|
|
1532
|
+
environment: string,
|
|
1533
|
+
correlationId: string
|
|
1534
|
+
): AppMetadataEntity | null {
|
|
1498
1535
|
const appMetadataFilter: AppMetadataFilter = {
|
|
1499
1536
|
environment,
|
|
1500
1537
|
clientId: this.clientId,
|
|
1501
1538
|
};
|
|
1502
1539
|
|
|
1503
|
-
const appMetadata: AppMetadataCache =
|
|
1504
|
-
|
|
1540
|
+
const appMetadata: AppMetadataCache = this.getAppMetadataFilteredBy(
|
|
1541
|
+
appMetadataFilter,
|
|
1542
|
+
correlationId
|
|
1543
|
+
);
|
|
1505
1544
|
const appMetadataEntries: AppMetadataEntity[] = Object.keys(
|
|
1506
1545
|
appMetadata
|
|
1507
1546
|
).map((key) => appMetadata[key]);
|
|
@@ -1523,9 +1562,14 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1523
1562
|
* @param environment
|
|
1524
1563
|
* @param clientId
|
|
1525
1564
|
*/
|
|
1526
|
-
isAppMetadataFOCI(environment: string): boolean {
|
|
1527
|
-
const appMetadata = this.readAppMetadataFromCache(
|
|
1528
|
-
|
|
1565
|
+
isAppMetadataFOCI(environment: string, correlationId: string): boolean {
|
|
1566
|
+
const appMetadata = this.readAppMetadataFromCache(
|
|
1567
|
+
environment,
|
|
1568
|
+
correlationId
|
|
1569
|
+
);
|
|
1570
|
+
return !!(
|
|
1571
|
+
appMetadata && appMetadata.familyId === Constants.THE_FAMILY_ID
|
|
1572
|
+
);
|
|
1529
1573
|
}
|
|
1530
1574
|
|
|
1531
1575
|
/**
|
|
@@ -1613,13 +1657,15 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1613
1657
|
*/
|
|
1614
1658
|
private matchEnvironment(
|
|
1615
1659
|
entity: AccountEntity | CredentialEntity | AppMetadataEntity,
|
|
1616
|
-
environment: string
|
|
1660
|
+
environment: string,
|
|
1661
|
+
correlationId: string
|
|
1617
1662
|
): boolean {
|
|
1618
1663
|
// Check static authority options first for cases where authority metadata has not been resolved and cached yet
|
|
1619
1664
|
if (this.staticAuthorityOptions) {
|
|
1620
1665
|
const staticAliases = getAliasesFromStaticSources(
|
|
1621
1666
|
this.staticAuthorityOptions,
|
|
1622
|
-
this.commonLogger
|
|
1667
|
+
this.commonLogger,
|
|
1668
|
+
correlationId
|
|
1623
1669
|
);
|
|
1624
1670
|
if (
|
|
1625
1671
|
staticAliases.includes(environment) &&
|
|
@@ -1630,7 +1676,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1630
1676
|
}
|
|
1631
1677
|
|
|
1632
1678
|
// Query metadata cache if no static authority configuration has aliases that match enviroment
|
|
1633
|
-
const cloudMetadata = this.getAuthorityMetadataByAlias(
|
|
1679
|
+
const cloudMetadata = this.getAuthorityMetadataByAlias(
|
|
1680
|
+
environment,
|
|
1681
|
+
correlationId
|
|
1682
|
+
);
|
|
1634
1683
|
if (
|
|
1635
1684
|
cloudMetadata &&
|
|
1636
1685
|
cloudMetadata.aliases.indexOf(entity.environment) > -1
|
|
@@ -1761,9 +1810,9 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1761
1810
|
*/
|
|
1762
1811
|
private matchTarget(entity: CredentialEntity, target: ScopeSet): boolean {
|
|
1763
1812
|
const isNotAccessTokenCredential =
|
|
1764
|
-
entity.credentialType !== CredentialType.ACCESS_TOKEN &&
|
|
1813
|
+
entity.credentialType !== Constants.CredentialType.ACCESS_TOKEN &&
|
|
1765
1814
|
entity.credentialType !==
|
|
1766
|
-
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
1815
|
+
Constants.CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;
|
|
1767
1816
|
|
|
1768
1817
|
if (isNotAccessTokenCredential || !entity.target) {
|
|
1769
1818
|
return false;
|
|
@@ -1781,7 +1830,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1781
1830
|
*/
|
|
1782
1831
|
private matchTokenType(
|
|
1783
1832
|
entity: CredentialEntity,
|
|
1784
|
-
tokenType: AuthenticationScheme
|
|
1833
|
+
tokenType: Constants.AuthenticationScheme
|
|
1785
1834
|
): boolean {
|
|
1786
1835
|
return !!(entity.tokenType && entity.tokenType === tokenType);
|
|
1787
1836
|
}
|
|
@@ -1800,7 +1849,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1800
1849
|
* @param key
|
|
1801
1850
|
*/
|
|
1802
1851
|
private isAppMetadata(key: string): boolean {
|
|
1803
|
-
return key.indexOf(APP_METADATA) !== -1;
|
|
1852
|
+
return key.indexOf(Constants.APP_METADATA) !== -1;
|
|
1804
1853
|
}
|
|
1805
1854
|
|
|
1806
1855
|
/**
|
|
@@ -1808,14 +1857,14 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1808
1857
|
* @param key
|
|
1809
1858
|
*/
|
|
1810
1859
|
protected isAuthorityMetadata(key: string): boolean {
|
|
1811
|
-
return key.indexOf(
|
|
1860
|
+
return key.indexOf(Constants.AUTHORITY_METADATA_CACHE_KEY) !== -1;
|
|
1812
1861
|
}
|
|
1813
1862
|
|
|
1814
1863
|
/**
|
|
1815
1864
|
* returns cache key used for cloud instance metadata
|
|
1816
1865
|
*/
|
|
1817
1866
|
generateAuthorityMetadataCacheKey(authority: string): string {
|
|
1818
|
-
return `${
|
|
1867
|
+
return `${Constants.AUTHORITY_METADATA_CACHE_KEY}-${this.clientId}-${authority}`;
|
|
1819
1868
|
}
|
|
1820
1869
|
|
|
1821
1870
|
/**
|