@azure/msal-common 15.13.3 → 16.0.0-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +0 -1
- package/dist/account/AccountInfo.d.ts.map +1 -1
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.d.ts.map +1 -1
- package/dist/account/AuthToken.mjs +2 -3
- package/dist/account/AuthToken.mjs.map +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.d.ts.map +1 -1
- package/dist/account/ClientInfo.mjs +4 -6
- package/dist/account/ClientInfo.mjs.map +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.d.ts +2 -2
- package/dist/authority/Authority.d.ts.map +1 -1
- package/dist/authority/Authority.mjs +89 -105
- package/dist/authority/Authority.mjs.map +1 -1
- package/dist/authority/AuthorityFactory.d.ts +6 -2
- package/dist/authority/AuthorityFactory.d.ts.map +1 -1
- package/dist/authority/AuthorityFactory.mjs +8 -5
- package/dist/authority/AuthorityFactory.mjs.map +1 -1
- package/dist/authority/AuthorityMetadata.d.ts +2 -2
- package/dist/authority/AuthorityMetadata.d.ts.map +1 -1
- package/dist/authority/AuthorityMetadata.mjs +34 -31
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.d.ts +0 -1
- package/dist/authority/AuthorityOptions.d.ts.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs.map +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OIDCOptions.d.ts +2 -2
- package/dist/authority/OIDCOptions.d.ts.map +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.d.ts +3 -3
- package/dist/authority/RegionDiscovery.d.ts.map +1 -1
- package/dist/authority/RegionDiscovery.mjs +14 -15
- package/dist/authority/RegionDiscovery.mjs.map +1 -1
- package/dist/cache/CacheManager.d.ts +26 -19
- package/dist/cache/CacheManager.d.ts.map +1 -1
- package/dist/cache/CacheManager.mjs +70 -83
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/entities/AccessTokenEntity.d.ts +0 -4
- package/dist/cache/entities/AccessTokenEntity.d.ts.map +1 -1
- package/dist/cache/entities/AccountEntity.d.ts +4 -56
- package/dist/cache/entities/AccountEntity.d.ts.map +1 -1
- package/dist/cache/entities/CredentialEntity.d.ts +0 -2
- package/dist/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/dist/cache/interface/ICacheManager.d.ts +35 -17
- package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/AccountEntityUtils.d.ts +53 -0
- package/dist/cache/utils/AccountEntityUtils.d.ts.map +1 -0
- package/dist/cache/utils/AccountEntityUtils.mjs +192 -0
- package/dist/cache/utils/AccountEntityUtils.mjs.map +1 -0
- package/dist/cache/utils/CacheHelpers.d.ts +2 -2
- package/dist/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +10 -13
- package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
- package/dist/cache/utils/CacheTypes.d.ts +0 -1
- package/dist/cache/utils/CacheTypes.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts +23 -4
- package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +63 -35
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts +17 -4
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +51 -37
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.d.ts +17 -4
- package/dist/client/SilentFlowClient.d.ts.map +1 -1
- package/dist/client/SilentFlowClient.mjs +28 -15
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.d.ts +2 -22
- package/dist/config/ClientConfiguration.d.ts.map +1 -1
- package/dist/config/ClientConfiguration.mjs +9 -15
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +1 -1
- package/dist/crypto/ICrypto.d.ts +5 -3
- package/dist/crypto/ICrypto.d.ts.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/ICrypto.mjs.map +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.d.ts +2 -2
- package/dist/crypto/PopTokenGenerator.d.ts.map +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +3 -5
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.d.ts +1 -18
- package/dist/error/AuthError.d.ts.map +1 -1
- package/dist/error/AuthError.mjs +12 -34
- package/dist/error/AuthError.mjs.map +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.d.ts +1 -6
- package/dist/error/CacheError.d.ts.map +1 -1
- package/dist/error/CacheError.mjs +6 -13
- package/dist/error/CacheError.mjs.map +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.d.ts +0 -229
- package/dist/error/ClientAuthError.d.ts.map +1 -1
- package/dist/error/ClientAuthError.mjs +3 -240
- package/dist/error/ClientAuthError.mjs.map +1 -1
- package/dist/error/ClientAuthErrorCodes.d.ts +0 -8
- package/dist/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +2 -10
- package/dist/error/ClientAuthErrorCodes.mjs.map +1 -1
- package/dist/error/ClientConfigurationError.d.ts +0 -128
- package/dist/error/ClientConfigurationError.d.ts.map +1 -1
- package/dist/error/ClientConfigurationError.mjs +3 -134
- package/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.d.ts +0 -2
- package/dist/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +3 -5
- package/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthError.d.ts +1 -19
- package/dist/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +10 -35
- package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.d.ts +0 -4
- package/dist/error/JoseHeaderError.d.ts.map +1 -1
- package/dist/error/JoseHeaderError.mjs +3 -8
- package/dist/error/JoseHeaderError.mjs.map +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/PlatformBrokerError.d.ts.map +1 -1
- package/dist/error/PlatformBrokerError.mjs +3 -2
- package/dist/error/PlatformBrokerError.mjs.map +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/exports-browser-only.d.ts +4 -3
- package/dist/exports-browser-only.d.ts.map +1 -1
- package/dist/exports-common.d.ts +11 -8
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/exports-node-only.d.ts +2 -4
- package/dist/exports-node-only.d.ts.map +1 -1
- package/dist/index-node.mjs +15 -10
- package/dist/index-node.mjs.map +1 -1
- package/dist/index.mjs +17 -11
- package/dist/index.mjs.map +1 -1
- package/dist/logger/Logger.d.ts +36 -13
- package/dist/logger/Logger.d.ts.map +1 -1
- package/dist/logger/Logger.mjs +105 -22
- package/dist/logger/Logger.mjs.map +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/RequestThumbprint.mjs +2 -2
- package/dist/network/RequestThumbprint.mjs.map +1 -1
- package/dist/network/ThrottlingUtils.d.ts.map +1 -1
- package/dist/network/ThrottlingUtils.mjs +6 -7
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.d.ts.map +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +1 -2
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +14 -14
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/protocol/Token.d.ts +40 -0
- package/dist/protocol/Token.d.ts.map +1 -0
- package/dist/protocol/Token.mjs +129 -0
- package/dist/protocol/Token.mjs.map +1 -0
- package/dist/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/dist/request/AuthenticationHeaderParser.mjs +3 -3
- package/dist/request/AuthenticationHeaderParser.mjs.map +1 -1
- package/dist/request/BaseAuthRequest.d.ts +4 -8
- package/dist/request/BaseAuthRequest.d.ts.map +1 -1
- package/dist/request/CommonAuthorizationCodeRequest.d.ts +2 -1
- package/dist/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
- package/dist/request/CommonAuthorizationUrlRequest.d.ts +2 -4
- package/dist/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
- package/dist/request/CommonRefreshTokenRequest.d.ts +2 -1
- package/dist/request/CommonRefreshTokenRequest.d.ts.map +1 -1
- package/dist/request/CommonSilentFlowRequest.d.ts +2 -1
- package/dist/request/CommonSilentFlowRequest.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.d.ts +6 -12
- package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +11 -24
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/ScopeSet.mjs +5 -5
- package/dist/request/ScopeSet.mjs.map +1 -1
- package/dist/response/AuthenticationResult.d.ts +1 -1
- package/dist/response/AuthenticationResult.d.ts.map +1 -1
- package/dist/response/ResponseHandler.d.ts +7 -6
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +41 -43
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/IPerformanceClient.d.ts +0 -29
- package/dist/telemetry/performance/IPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.d.ts +5 -81
- package/dist/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +24 -170
- package/dist/telemetry/performance/PerformanceClient.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.d.ts +1 -280
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +2 -483
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceEvents.d.ts +66 -0
- package/dist/telemetry/performance/PerformanceEvents.d.ts.map +1 -0
- package/dist/telemetry/performance/PerformanceEvents.mjs +74 -0
- package/dist/telemetry/performance/PerformanceEvents.mjs.map +1 -0
- package/dist/telemetry/performance/StubPerformanceClient.d.ts +0 -4
- package/dist/telemetry/performance/StubPerformanceClient.d.ts.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +2 -26
- package/dist/telemetry/performance/StubPerformanceClient.mjs.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.d.ts +2 -2
- package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +28 -30
- package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/url/UrlString.d.ts +0 -5
- package/dist/url/UrlString.d.ts.map +1 -1
- package/dist/url/UrlString.mjs +5 -13
- package/dist/url/UrlString.mjs.map +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.d.ts +81 -112
- package/dist/utils/Constants.d.ts.map +1 -1
- package/dist/utils/Constants.mjs +100 -127
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.d.ts +2 -2
- package/dist/utils/FunctionWrappers.d.ts.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +19 -20
- package/dist/utils/FunctionWrappers.mjs.map +1 -1
- package/dist/utils/ProtocolUtils.d.ts +14 -35
- package/dist/utils/ProtocolUtils.d.ts.map +1 -1
- package/dist/utils/ProtocolUtils.mjs +57 -61
- package/dist/utils/ProtocolUtils.mjs.map +1 -1
- package/dist/utils/StateTypes.d.ts +15 -0
- package/dist/utils/StateTypes.d.ts.map +1 -0
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.d.ts +1 -2
- package/dist/utils/UrlUtils.d.ts.map +1 -1
- package/dist/utils/UrlUtils.mjs +3 -10
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +26 -206
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-4Jss3kYh.js → index-node-B7mR4APO.js} +3494 -4270
- package/lib/index-node-B7mR4APO.js.map +1 -0
- package/lib/index-node.cjs +6 -34
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +5 -34
- package/lib/index.cjs.map +1 -1
- package/lib/types/account/AccountInfo.d.ts +0 -1
- package/lib/types/account/AccountInfo.d.ts.map +1 -1
- package/lib/types/account/AuthToken.d.ts.map +1 -1
- package/lib/types/account/ClientInfo.d.ts.map +1 -1
- package/lib/types/authority/Authority.d.ts +2 -2
- package/lib/types/authority/Authority.d.ts.map +1 -1
- package/lib/types/authority/AuthorityFactory.d.ts +6 -2
- package/lib/types/authority/AuthorityFactory.d.ts.map +1 -1
- package/lib/types/authority/AuthorityMetadata.d.ts +2 -2
- package/lib/types/authority/AuthorityMetadata.d.ts.map +1 -1
- package/lib/types/authority/AuthorityOptions.d.ts +0 -1
- package/lib/types/authority/AuthorityOptions.d.ts.map +1 -1
- package/lib/types/authority/OIDCOptions.d.ts +2 -2
- package/lib/types/authority/OIDCOptions.d.ts.map +1 -1
- package/lib/types/authority/RegionDiscovery.d.ts +3 -3
- package/lib/types/authority/RegionDiscovery.d.ts.map +1 -1
- package/lib/types/cache/CacheManager.d.ts +26 -19
- package/lib/types/cache/CacheManager.d.ts.map +1 -1
- package/lib/types/cache/entities/AccessTokenEntity.d.ts +0 -4
- package/lib/types/cache/entities/AccessTokenEntity.d.ts.map +1 -1
- package/lib/types/cache/entities/AccountEntity.d.ts +4 -56
- package/lib/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/lib/types/cache/entities/CredentialEntity.d.ts +0 -2
- package/lib/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/lib/types/cache/interface/ICacheManager.d.ts +35 -17
- package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
- package/lib/types/cache/utils/AccountEntityUtils.d.ts +53 -0
- package/lib/types/cache/utils/AccountEntityUtils.d.ts.map +1 -0
- package/lib/types/cache/utils/CacheHelpers.d.ts +2 -2
- package/lib/types/cache/utils/CacheHelpers.d.ts.map +1 -1
- package/lib/types/cache/utils/CacheTypes.d.ts +0 -1
- package/lib/types/cache/utils/CacheTypes.d.ts.map +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts +23 -4
- package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts +17 -4
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/client/SilentFlowClient.d.ts +17 -4
- package/lib/types/client/SilentFlowClient.d.ts.map +1 -1
- package/lib/types/config/ClientConfiguration.d.ts +2 -22
- package/lib/types/config/ClientConfiguration.d.ts.map +1 -1
- package/lib/types/crypto/ICrypto.d.ts +5 -3
- package/lib/types/crypto/ICrypto.d.ts.map +1 -1
- package/lib/types/crypto/PopTokenGenerator.d.ts +2 -2
- package/lib/types/crypto/PopTokenGenerator.d.ts.map +1 -1
- package/lib/types/error/AuthError.d.ts +1 -18
- package/lib/types/error/AuthError.d.ts.map +1 -1
- package/lib/types/error/CacheError.d.ts +1 -6
- package/lib/types/error/CacheError.d.ts.map +1 -1
- package/lib/types/error/ClientAuthError.d.ts +0 -229
- package/lib/types/error/ClientAuthError.d.ts.map +1 -1
- package/lib/types/error/ClientAuthErrorCodes.d.ts +0 -8
- package/lib/types/error/ClientAuthErrorCodes.d.ts.map +1 -1
- package/lib/types/error/ClientConfigurationError.d.ts +0 -128
- package/lib/types/error/ClientConfigurationError.d.ts.map +1 -1
- package/lib/types/error/ClientConfigurationErrorCodes.d.ts +0 -2
- package/lib/types/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
- package/lib/types/error/InteractionRequiredAuthError.d.ts +1 -19
- package/lib/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/lib/types/error/JoseHeaderError.d.ts +0 -4
- package/lib/types/error/JoseHeaderError.d.ts.map +1 -1
- package/lib/types/error/PlatformBrokerError.d.ts.map +1 -1
- package/lib/types/exports-browser-only.d.ts +4 -3
- package/lib/types/exports-browser-only.d.ts.map +1 -1
- package/lib/types/exports-common.d.ts +11 -8
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/exports-node-only.d.ts +2 -4
- package/lib/types/exports-node-only.d.ts.map +1 -1
- package/lib/types/logger/Logger.d.ts +36 -13
- package/lib/types/logger/Logger.d.ts.map +1 -1
- package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/packageMetadata.d.ts.map +1 -1
- package/lib/types/protocol/Authorize.d.ts +1 -2
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/protocol/Token.d.ts +40 -0
- package/lib/types/protocol/Token.d.ts.map +1 -0
- package/lib/types/request/AuthenticationHeaderParser.d.ts.map +1 -1
- package/lib/types/request/BaseAuthRequest.d.ts +4 -8
- package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/lib/types/request/CommonAuthorizationCodeRequest.d.ts +2 -1
- package/lib/types/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
- package/lib/types/request/CommonAuthorizationUrlRequest.d.ts +2 -4
- package/lib/types/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
- package/lib/types/request/CommonRefreshTokenRequest.d.ts +2 -1
- package/lib/types/request/CommonRefreshTokenRequest.d.ts.map +1 -1
- package/lib/types/request/CommonSilentFlowRequest.d.ts +2 -1
- package/lib/types/request/CommonSilentFlowRequest.d.ts.map +1 -1
- package/lib/types/request/RequestParameterBuilder.d.ts +6 -12
- package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/lib/types/response/AuthenticationResult.d.ts +1 -1
- package/lib/types/response/AuthenticationResult.d.ts.map +1 -1
- package/lib/types/response/ResponseHandler.d.ts +7 -6
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/performance/IPerformanceClient.d.ts +0 -29
- package/lib/types/telemetry/performance/IPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceClient.d.ts +5 -81
- package/lib/types/telemetry/performance/PerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts +1 -280
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvents.d.ts +66 -0
- package/lib/types/telemetry/performance/PerformanceEvents.d.ts.map +1 -0
- package/lib/types/telemetry/performance/StubPerformanceClient.d.ts +0 -4
- package/lib/types/telemetry/performance/StubPerformanceClient.d.ts.map +1 -1
- package/lib/types/telemetry/server/ServerTelemetryManager.d.ts +2 -2
- package/lib/types/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/lib/types/url/UrlString.d.ts +0 -5
- package/lib/types/url/UrlString.d.ts.map +1 -1
- package/lib/types/utils/Constants.d.ts +81 -112
- package/lib/types/utils/Constants.d.ts.map +1 -1
- package/lib/types/utils/FunctionWrappers.d.ts +2 -2
- package/lib/types/utils/FunctionWrappers.d.ts.map +1 -1
- package/lib/types/utils/ProtocolUtils.d.ts +14 -35
- package/lib/types/utils/ProtocolUtils.d.ts.map +1 -1
- package/lib/types/utils/StateTypes.d.ts +15 -0
- package/lib/types/utils/StateTypes.d.ts.map +1 -0
- package/lib/types/utils/UrlUtils.d.ts +1 -2
- package/lib/types/utils/UrlUtils.d.ts.map +1 -1
- package/package.json +7 -7
- package/src/account/AccountInfo.ts +0 -1
- package/src/account/AuthToken.ts +1 -2
- package/src/account/ClientInfo.ts +3 -6
- package/src/authority/Authority.ts +145 -146
- package/src/authority/AuthorityFactory.ts +7 -7
- package/src/authority/AuthorityMetadata.ts +54 -47
- package/src/authority/AuthorityOptions.ts +0 -1
- package/src/authority/OIDCOptions.ts +2 -2
- package/src/authority/RegionDiscovery.ts +20 -33
- package/src/cache/CacheManager.ts +177 -128
- package/src/cache/entities/AccessTokenEntity.ts +0 -4
- package/src/cache/entities/AccountEntity.ts +4 -292
- package/src/cache/entities/CredentialEntity.ts +0 -2
- package/src/cache/interface/ICacheManager.ts +55 -20
- package/src/cache/utils/AccountEntityUtils.ts +258 -0
- package/src/cache/utils/CacheHelpers.ts +23 -37
- package/src/cache/utils/CacheTypes.ts +0 -1
- package/src/client/AuthorizationCodeClient.ts +146 -58
- package/src/client/RefreshTokenClient.ts +108 -65
- package/src/client/SilentFlowClient.ts +74 -25
- package/src/config/ClientConfiguration.ts +9 -37
- package/src/crypto/ICrypto.ts +5 -3
- package/src/crypto/PopTokenGenerator.ts +3 -13
- package/src/error/AuthError.ts +11 -30
- package/src/error/CacheError.ts +4 -15
- package/src/error/ClientAuthError.ts +1 -317
- package/src/error/ClientAuthErrorCodes.ts +0 -8
- package/src/error/ClientConfigurationError.ts +1 -202
- package/src/error/ClientConfigurationErrorCodes.ts +0 -4
- package/src/error/InteractionRequiredAuthError.ts +8 -48
- package/src/error/JoseHeaderError.ts +1 -8
- package/src/error/PlatformBrokerError.ts +2 -1
- package/src/exports-browser-only.ts +2 -6
- package/src/exports-common.ts +8 -40
- package/src/exports-node-only.ts +5 -4
- package/src/logger/Logger.ts +174 -39
- package/src/network/RequestThumbprint.ts +1 -1
- package/src/network/ThrottlingUtils.ts +12 -15
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +24 -20
- package/src/protocol/Token.ts +230 -0
- package/src/request/AuthenticationHeaderParser.ts +2 -4
- package/src/request/BaseAuthRequest.ts +4 -8
- package/src/request/CommonAuthorizationCodeRequest.ts +2 -1
- package/src/request/CommonAuthorizationUrlRequest.ts +2 -4
- package/src/request/CommonRefreshTokenRequest.ts +2 -1
- package/src/request/CommonSilentFlowRequest.ts +2 -1
- package/src/request/RequestParameterBuilder.ts +35 -50
- package/src/request/ScopeSet.ts +4 -4
- package/src/response/AuthenticationResult.ts +1 -1
- package/src/response/ResponseHandler.ts +56 -60
- package/src/telemetry/performance/IPerformanceClient.ts +0 -40
- package/src/telemetry/performance/PerformanceClient.ts +26 -295
- package/src/telemetry/performance/PerformanceEvent.ts +3 -582
- package/src/telemetry/performance/PerformanceEvents.ts +98 -0
- package/src/telemetry/performance/StubPerformanceClient.ts +0 -16
- package/src/telemetry/server/ServerTelemetryManager.ts +33 -44
- package/src/url/UrlString.ts +3 -12
- package/src/utils/Constants.ts +103 -140
- package/src/utils/FunctionWrappers.ts +28 -29
- package/src/utils/ProtocolUtils.ts +67 -93
- package/src/utils/StateTypes.ts +20 -0
- package/src/utils/UrlUtils.ts +2 -15
- package/dist/cache/entities/AccountEntity.mjs +0 -232
- package/dist/cache/entities/AccountEntity.mjs.map +0 -1
- package/dist/client/BaseClient.d.ts +0 -59
- package/dist/client/BaseClient.d.ts.map +0 -1
- package/dist/client/BaseClient.mjs +0 -167
- package/dist/client/BaseClient.mjs.map +0 -1
- package/dist/index-browser.mjs +0 -72
- package/dist/index-browser.mjs.map +0 -1
- package/dist/request/CommonClientCredentialRequest.d.ts +0 -18
- package/dist/request/CommonClientCredentialRequest.d.ts.map +0 -1
- package/dist/request/CommonDeviceCodeRequest.d.ts +0 -22
- package/dist/request/CommonDeviceCodeRequest.d.ts.map +0 -1
- package/dist/request/CommonOnBehalfOfRequest.d.ts +0 -14
- package/dist/request/CommonOnBehalfOfRequest.d.ts.map +0 -1
- package/dist/request/CommonUsernamePasswordRequest.d.ts +0 -18
- package/dist/request/CommonUsernamePasswordRequest.d.ts.map +0 -1
- package/lib/index-node-4Jss3kYh.js.map +0 -1
- package/lib/types/client/BaseClient.d.ts +0 -59
- package/lib/types/client/BaseClient.d.ts.map +0 -1
- package/lib/types/request/CommonClientCredentialRequest.d.ts +0 -18
- package/lib/types/request/CommonClientCredentialRequest.d.ts.map +0 -1
- package/lib/types/request/CommonDeviceCodeRequest.d.ts +0 -22
- package/lib/types/request/CommonDeviceCodeRequest.d.ts.map +0 -1
- package/lib/types/request/CommonOnBehalfOfRequest.d.ts +0 -14
- package/lib/types/request/CommonOnBehalfOfRequest.d.ts.map +0 -1
- package/lib/types/request/CommonUsernamePasswordRequest.d.ts +0 -18
- package/lib/types/request/CommonUsernamePasswordRequest.d.ts.map +0 -1
- package/src/client/BaseClient.ts +0 -320
- package/src/request/CommonClientCredentialRequest.ts +0 -23
- package/src/request/CommonDeviceCodeRequest.ts +0 -31
- package/src/request/CommonOnBehalfOfRequest.ts +0 -19
- package/src/request/CommonUsernamePasswordRequest.ts +0 -23
|
@@ -4,21 +4,17 @@
|
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
6
|
import {
|
|
7
|
+
buildClientConfiguration,
|
|
7
8
|
ClientConfiguration,
|
|
9
|
+
CommonClientConfiguration,
|
|
8
10
|
isOidcProtocolMode,
|
|
9
11
|
} from "../config/ClientConfiguration.js";
|
|
10
|
-
import { BaseClient } from "./BaseClient.js";
|
|
11
12
|
import { CommonRefreshTokenRequest } from "../request/CommonRefreshTokenRequest.js";
|
|
12
13
|
import { Authority } from "../authority/Authority.js";
|
|
13
14
|
import { ServerAuthorizationTokenResponse } from "../response/ServerAuthorizationTokenResponse.js";
|
|
14
15
|
import * as RequestParameterBuilder from "../request/RequestParameterBuilder.js";
|
|
15
16
|
import * as UrlUtils from "../utils/UrlUtils.js";
|
|
16
|
-
import
|
|
17
|
-
GrantType,
|
|
18
|
-
AuthenticationScheme,
|
|
19
|
-
Errors,
|
|
20
|
-
HeaderNames,
|
|
21
|
-
} from "../utils/Constants.js";
|
|
17
|
+
import * as Constants from "../utils/Constants.js";
|
|
22
18
|
import * as AADServerParamKeys from "../constants/AADServerParamKeys.js";
|
|
23
19
|
import { ResponseHandler } from "../response/ResponseHandler.js";
|
|
24
20
|
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
@@ -44,12 +40,23 @@ import {
|
|
|
44
40
|
InteractionRequiredAuthErrorCodes,
|
|
45
41
|
createInteractionRequiredAuthError,
|
|
46
42
|
} from "../error/InteractionRequiredAuthError.js";
|
|
47
|
-
import
|
|
43
|
+
import * as PerformanceEvents from "../telemetry/performance/PerformanceEvents.js";
|
|
48
44
|
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
49
45
|
import { invoke, invokeAsync } from "../utils/FunctionWrappers.js";
|
|
50
46
|
import { ClientAssertion } from "../account/ClientCredentials.js";
|
|
51
47
|
import { getClientAssertion } from "../utils/ClientAssertionUtils.js";
|
|
52
48
|
import { getRequestThumbprint } from "../network/RequestThumbprint.js";
|
|
49
|
+
import {
|
|
50
|
+
createTokenQueryParameters,
|
|
51
|
+
createTokenRequestHeaders,
|
|
52
|
+
executePostToTokenEndpoint,
|
|
53
|
+
} from "../protocol/Token.js";
|
|
54
|
+
import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManager.js";
|
|
55
|
+
import { INetworkModule } from "../network/INetworkModule.js";
|
|
56
|
+
import { CacheManager } from "../cache/CacheManager.js";
|
|
57
|
+
import { ICrypto } from "../crypto/ICrypto.js";
|
|
58
|
+
import { Logger } from "../logger/Logger.js";
|
|
59
|
+
import { version, name } from "../packageMetadata.js";
|
|
53
60
|
|
|
54
61
|
const DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS = 300; // 5 Minutes
|
|
55
62
|
|
|
@@ -57,21 +64,62 @@ const DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS = 300; // 5 Minutes
|
|
|
57
64
|
* OAuth2.0 refresh token client
|
|
58
65
|
* @internal
|
|
59
66
|
*/
|
|
60
|
-
export class RefreshTokenClient
|
|
67
|
+
export class RefreshTokenClient {
|
|
68
|
+
// Logger object
|
|
69
|
+
public logger: Logger;
|
|
70
|
+
|
|
71
|
+
// Application config
|
|
72
|
+
protected config: CommonClientConfiguration;
|
|
73
|
+
|
|
74
|
+
// Crypto Interface
|
|
75
|
+
protected cryptoUtils: ICrypto;
|
|
76
|
+
|
|
77
|
+
// Storage Interface
|
|
78
|
+
protected cacheManager: CacheManager;
|
|
79
|
+
|
|
80
|
+
// Network Interface
|
|
81
|
+
protected networkClient: INetworkModule;
|
|
82
|
+
|
|
83
|
+
// Server Telemetry Manager
|
|
84
|
+
protected serverTelemetryManager: ServerTelemetryManager | null;
|
|
85
|
+
|
|
86
|
+
// Default authority object
|
|
87
|
+
public authority: Authority;
|
|
88
|
+
|
|
89
|
+
// Performance telemetry client
|
|
90
|
+
protected performanceClient: IPerformanceClient;
|
|
91
|
+
|
|
61
92
|
constructor(
|
|
62
93
|
configuration: ClientConfiguration,
|
|
63
|
-
performanceClient
|
|
94
|
+
performanceClient: IPerformanceClient
|
|
64
95
|
) {
|
|
65
|
-
|
|
96
|
+
// Set the configuration
|
|
97
|
+
this.config = buildClientConfiguration(configuration);
|
|
98
|
+
|
|
99
|
+
// Initialize the logger
|
|
100
|
+
this.logger = new Logger(this.config.loggerOptions, name, version);
|
|
101
|
+
|
|
102
|
+
// Initialize crypto
|
|
103
|
+
this.cryptoUtils = this.config.cryptoInterface;
|
|
104
|
+
|
|
105
|
+
// Initialize storage interface
|
|
106
|
+
this.cacheManager = this.config.storageInterface;
|
|
107
|
+
|
|
108
|
+
// Set the network interface
|
|
109
|
+
this.networkClient = this.config.networkInterface;
|
|
110
|
+
|
|
111
|
+
// Set TelemetryManager
|
|
112
|
+
this.serverTelemetryManager = this.config.serverTelemetryManager;
|
|
113
|
+
|
|
114
|
+
// set Authority
|
|
115
|
+
this.authority = this.config.authOptions.authority;
|
|
116
|
+
|
|
117
|
+
// set performance telemetry client
|
|
118
|
+
this.performanceClient = performanceClient;
|
|
66
119
|
}
|
|
67
120
|
public async acquireToken(
|
|
68
121
|
request: CommonRefreshTokenRequest
|
|
69
122
|
): Promise<AuthenticationResult> {
|
|
70
|
-
this.performanceClient?.addQueueMeasurement(
|
|
71
|
-
PerformanceEvents.RefreshTokenClientAcquireToken,
|
|
72
|
-
request.correlationId
|
|
73
|
-
);
|
|
74
|
-
|
|
75
123
|
const reqTimestamp = TimeUtils.nowSeconds();
|
|
76
124
|
const response = await invokeAsync(
|
|
77
125
|
this.executeTokenRequest.bind(this),
|
|
@@ -82,16 +130,21 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
82
130
|
)(request, this.authority);
|
|
83
131
|
|
|
84
132
|
// Retrieve requestId from response headers
|
|
85
|
-
const requestId =
|
|
133
|
+
const requestId =
|
|
134
|
+
response.headers?.[Constants.HeaderNames.X_MS_REQUEST_ID];
|
|
86
135
|
const responseHandler = new ResponseHandler(
|
|
87
136
|
this.config.authOptions.clientId,
|
|
88
137
|
this.cacheManager,
|
|
89
138
|
this.cryptoUtils,
|
|
90
139
|
this.logger,
|
|
140
|
+
this.performanceClient,
|
|
91
141
|
this.config.serializableCache,
|
|
92
142
|
this.config.persistencePlugin
|
|
93
143
|
);
|
|
94
|
-
responseHandler.validateTokenResponse(
|
|
144
|
+
responseHandler.validateTokenResponse(
|
|
145
|
+
response.body,
|
|
146
|
+
request.correlationId
|
|
147
|
+
);
|
|
95
148
|
|
|
96
149
|
return invokeAsync(
|
|
97
150
|
responseHandler.handleServerTokenResponse.bind(responseHandler),
|
|
@@ -125,12 +178,6 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
125
178
|
ClientConfigurationErrorCodes.tokenRequestEmpty
|
|
126
179
|
);
|
|
127
180
|
}
|
|
128
|
-
|
|
129
|
-
this.performanceClient?.addQueueMeasurement(
|
|
130
|
-
PerformanceEvents.RefreshTokenClientAcquireTokenByRefreshToken,
|
|
131
|
-
request.correlationId
|
|
132
|
-
);
|
|
133
|
-
|
|
134
181
|
// We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases
|
|
135
182
|
if (!request.account) {
|
|
136
183
|
throw createClientAuthError(
|
|
@@ -140,7 +187,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
140
187
|
|
|
141
188
|
// try checking if FOCI is enabled for the given application
|
|
142
189
|
const isFOCI = this.cacheManager.isAppMetadataFOCI(
|
|
143
|
-
request.account.environment
|
|
190
|
+
request.account.environment,
|
|
191
|
+
request.correlationId
|
|
144
192
|
);
|
|
145
193
|
|
|
146
194
|
// if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest
|
|
@@ -160,8 +208,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
160
208
|
InteractionRequiredAuthErrorCodes.noTokensFound;
|
|
161
209
|
const clientMismatchErrorWithFamilyRT =
|
|
162
210
|
e instanceof ServerError &&
|
|
163
|
-
e.errorCode ===
|
|
164
|
-
e.subError ===
|
|
211
|
+
e.errorCode === Constants.INVALID_GRANT_ERROR &&
|
|
212
|
+
e.subError === Constants.CLIENT_MISMATCH_ERROR;
|
|
165
213
|
|
|
166
214
|
// if family Refresh Token (FRT) cache acquisition fails or if client_mismatch error is seen with FRT, reattempt with application Refresh Token (ART)
|
|
167
215
|
if (noFamilyRTInCache || clientMismatchErrorWithFamilyRT) {
|
|
@@ -196,11 +244,6 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
196
244
|
request: CommonSilentFlowRequest,
|
|
197
245
|
foci: boolean
|
|
198
246
|
) {
|
|
199
|
-
this.performanceClient?.addQueueMeasurement(
|
|
200
|
-
PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken,
|
|
201
|
-
request.correlationId
|
|
202
|
-
);
|
|
203
|
-
|
|
204
247
|
// fetches family RT or application RT based on FOCI value
|
|
205
248
|
const refreshToken = invoke(
|
|
206
249
|
this.cacheManager.getRefreshToken.bind(this.cacheManager),
|
|
@@ -208,13 +251,7 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
208
251
|
this.logger,
|
|
209
252
|
this.performanceClient,
|
|
210
253
|
request.correlationId
|
|
211
|
-
)(
|
|
212
|
-
request.account,
|
|
213
|
-
foci,
|
|
214
|
-
request.correlationId,
|
|
215
|
-
undefined,
|
|
216
|
-
this.performanceClient
|
|
217
|
-
);
|
|
254
|
+
)(request.account, foci, request.correlationId, undefined);
|
|
218
255
|
|
|
219
256
|
if (!refreshToken) {
|
|
220
257
|
throw createInteractionRequiredAuthError(
|
|
@@ -244,7 +281,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
244
281
|
...request,
|
|
245
282
|
refreshToken: refreshToken.secret,
|
|
246
283
|
authenticationScheme:
|
|
247
|
-
request.authenticationScheme ||
|
|
284
|
+
request.authenticationScheme ||
|
|
285
|
+
Constants.AuthenticationScheme.BEARER,
|
|
248
286
|
ccsCredential: {
|
|
249
287
|
credential: request.account.homeAccountId,
|
|
250
288
|
type: CcsCredentialType.HOME_ACCOUNT_ID,
|
|
@@ -269,7 +307,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
269
307
|
if (e.subError === InteractionRequiredAuthErrorCodes.badToken) {
|
|
270
308
|
// Remove bad refresh token from cache
|
|
271
309
|
this.logger.verbose(
|
|
272
|
-
"acquireTokenWithRefreshToken: bad refresh token, removing from cache"
|
|
310
|
+
"acquireTokenWithRefreshToken: bad refresh token, removing from cache",
|
|
311
|
+
request.correlationId
|
|
273
312
|
);
|
|
274
313
|
const badRefreshTokenKey =
|
|
275
314
|
this.cacheManager.generateCredentialKey(refreshToken);
|
|
@@ -293,12 +332,12 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
293
332
|
request: CommonRefreshTokenRequest,
|
|
294
333
|
authority: Authority
|
|
295
334
|
): Promise<NetworkResponse<ServerAuthorizationTokenResponse>> {
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
335
|
+
const queryParametersString = createTokenQueryParameters(
|
|
336
|
+
request,
|
|
337
|
+
this.config.authOptions.clientId,
|
|
338
|
+
this.config.authOptions.redirectUri,
|
|
339
|
+
this.performanceClient
|
|
299
340
|
);
|
|
300
|
-
|
|
301
|
-
const queryParametersString = this.createTokenQueryParameters(request);
|
|
302
341
|
const endpoint = UrlString.appendQueryString(
|
|
303
342
|
authority.tokenEndpoint,
|
|
304
343
|
queryParametersString
|
|
@@ -311,7 +350,9 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
311
350
|
this.performanceClient,
|
|
312
351
|
request.correlationId
|
|
313
352
|
)(request);
|
|
314
|
-
const headers: Record<string, string> =
|
|
353
|
+
const headers: Record<string, string> = createTokenRequestHeaders(
|
|
354
|
+
this.logger,
|
|
355
|
+
this.config.systemOptions.preventCorsPreflight,
|
|
315
356
|
request.ccsCredential
|
|
316
357
|
);
|
|
317
358
|
|
|
@@ -321,7 +362,7 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
321
362
|
);
|
|
322
363
|
|
|
323
364
|
return invokeAsync(
|
|
324
|
-
|
|
365
|
+
executePostToTokenEndpoint,
|
|
325
366
|
PerformanceEvents.RefreshTokenClientExecutePostToTokenEndpoint,
|
|
326
367
|
this.logger,
|
|
327
368
|
this.performanceClient,
|
|
@@ -332,7 +373,11 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
332
373
|
headers,
|
|
333
374
|
thumbprint,
|
|
334
375
|
request.correlationId,
|
|
335
|
-
|
|
376
|
+
this.cacheManager,
|
|
377
|
+
this.networkClient,
|
|
378
|
+
this.logger,
|
|
379
|
+
this.performanceClient,
|
|
380
|
+
this.serverTelemetryManager
|
|
336
381
|
);
|
|
337
382
|
}
|
|
338
383
|
|
|
@@ -343,17 +388,12 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
343
388
|
private async createTokenRequestBody(
|
|
344
389
|
request: CommonRefreshTokenRequest
|
|
345
390
|
): Promise<string> {
|
|
346
|
-
this.performanceClient?.addQueueMeasurement(
|
|
347
|
-
PerformanceEvents.RefreshTokenClientCreateTokenRequestBody,
|
|
348
|
-
request.correlationId
|
|
349
|
-
);
|
|
350
|
-
|
|
351
391
|
const parameters = new Map<string, string>();
|
|
352
392
|
|
|
353
393
|
RequestParameterBuilder.addClientId(
|
|
354
394
|
parameters,
|
|
355
395
|
request.embeddedClientId ||
|
|
356
|
-
request.
|
|
396
|
+
request.extraParameters?.[AADServerParamKeys.CLIENT_ID] ||
|
|
357
397
|
this.config.authOptions.clientId
|
|
358
398
|
);
|
|
359
399
|
|
|
@@ -373,7 +413,7 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
373
413
|
|
|
374
414
|
RequestParameterBuilder.addGrantType(
|
|
375
415
|
parameters,
|
|
376
|
-
GrantType.REFRESH_TOKEN_GRANT
|
|
416
|
+
Constants.GrantType.REFRESH_TOKEN_GRANT
|
|
377
417
|
);
|
|
378
418
|
|
|
379
419
|
RequestParameterBuilder.addClientInfo(parameters);
|
|
@@ -425,7 +465,9 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
425
465
|
);
|
|
426
466
|
}
|
|
427
467
|
|
|
428
|
-
if (
|
|
468
|
+
if (
|
|
469
|
+
request.authenticationScheme === Constants.AuthenticationScheme.POP
|
|
470
|
+
) {
|
|
429
471
|
const popTokenGenerator = new PopTokenGenerator(
|
|
430
472
|
this.cryptoUtils,
|
|
431
473
|
this.performanceClient
|
|
@@ -448,7 +490,9 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
448
490
|
|
|
449
491
|
// SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
|
|
450
492
|
RequestParameterBuilder.addPopToken(parameters, reqCnfData);
|
|
451
|
-
} else if (
|
|
493
|
+
} else if (
|
|
494
|
+
request.authenticationScheme === Constants.AuthenticationScheme.SSH
|
|
495
|
+
) {
|
|
452
496
|
if (request.sshJwk) {
|
|
453
497
|
RequestParameterBuilder.addSshJwk(parameters, request.sshJwk);
|
|
454
498
|
} else {
|
|
@@ -486,8 +530,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
486
530
|
);
|
|
487
531
|
} catch (e) {
|
|
488
532
|
this.logger.verbose(
|
|
489
|
-
|
|
490
|
-
|
|
533
|
+
`Could not parse home account ID for CCS Header: '${e}'`,
|
|
534
|
+
request.correlationId
|
|
491
535
|
);
|
|
492
536
|
}
|
|
493
537
|
break;
|
|
@@ -508,11 +552,10 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
508
552
|
);
|
|
509
553
|
}
|
|
510
554
|
|
|
511
|
-
if (request.
|
|
512
|
-
RequestParameterBuilder.
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
);
|
|
555
|
+
if (request.extraParameters) {
|
|
556
|
+
RequestParameterBuilder.addExtraParameters(parameters, {
|
|
557
|
+
...request.extraParameters,
|
|
558
|
+
});
|
|
516
559
|
}
|
|
517
560
|
|
|
518
561
|
RequestParameterBuilder.instrumentBrokerParams(
|
|
@@ -3,8 +3,11 @@
|
|
|
3
3
|
* Licensed under the MIT License.
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
|
-
import {
|
|
7
|
-
|
|
6
|
+
import {
|
|
7
|
+
buildClientConfiguration,
|
|
8
|
+
ClientConfiguration,
|
|
9
|
+
CommonClientConfiguration,
|
|
10
|
+
} from "../config/ClientConfiguration.js";
|
|
8
11
|
import { CommonSilentFlowRequest } from "../request/CommonSilentFlowRequest.js";
|
|
9
12
|
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
10
13
|
import * as TimeUtils from "../utils/TimeUtils.js";
|
|
@@ -19,17 +22,72 @@ import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.
|
|
|
19
22
|
import { StringUtils } from "../utils/StringUtils.js";
|
|
20
23
|
import { checkMaxAge, extractTokenClaims } from "../account/AuthToken.js";
|
|
21
24
|
import { TokenClaims } from "../account/TokenClaims.js";
|
|
22
|
-
import
|
|
25
|
+
import * as PerformanceEvents from "../telemetry/performance/PerformanceEvents.js";
|
|
23
26
|
import { invokeAsync } from "../utils/FunctionWrappers.js";
|
|
24
|
-
import {
|
|
27
|
+
import {
|
|
28
|
+
Authority,
|
|
29
|
+
getTenantFromAuthorityString,
|
|
30
|
+
} from "../authority/Authority.js";
|
|
31
|
+
import { Logger } from "../logger/Logger.js";
|
|
32
|
+
import { ICrypto } from "../crypto/ICrypto.js";
|
|
33
|
+
import { CacheManager } from "../cache/CacheManager.js";
|
|
34
|
+
import { INetworkModule } from "../network/INetworkModule.js";
|
|
35
|
+
import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManager.js";
|
|
36
|
+
import { version, name } from "../packageMetadata.js";
|
|
25
37
|
|
|
26
38
|
/** @internal */
|
|
27
|
-
export class SilentFlowClient
|
|
39
|
+
export class SilentFlowClient {
|
|
40
|
+
// Logger object
|
|
41
|
+
public logger: Logger;
|
|
42
|
+
|
|
43
|
+
// Application config
|
|
44
|
+
protected config: CommonClientConfiguration;
|
|
45
|
+
|
|
46
|
+
// Crypto Interface
|
|
47
|
+
protected cryptoUtils: ICrypto;
|
|
48
|
+
|
|
49
|
+
// Storage Interface
|
|
50
|
+
protected cacheManager: CacheManager;
|
|
51
|
+
|
|
52
|
+
// Network Interface
|
|
53
|
+
protected networkClient: INetworkModule;
|
|
54
|
+
|
|
55
|
+
// Server Telemetry Manager
|
|
56
|
+
protected serverTelemetryManager: ServerTelemetryManager | null;
|
|
57
|
+
|
|
58
|
+
// Default authority object
|
|
59
|
+
public authority: Authority;
|
|
60
|
+
|
|
61
|
+
// Performance telemetry client
|
|
62
|
+
protected performanceClient: IPerformanceClient;
|
|
63
|
+
|
|
28
64
|
constructor(
|
|
29
65
|
configuration: ClientConfiguration,
|
|
30
|
-
performanceClient
|
|
66
|
+
performanceClient: IPerformanceClient
|
|
31
67
|
) {
|
|
32
|
-
|
|
68
|
+
// Set the configuration
|
|
69
|
+
this.config = buildClientConfiguration(configuration);
|
|
70
|
+
|
|
71
|
+
// Initialize the logger
|
|
72
|
+
this.logger = new Logger(this.config.loggerOptions, name, version);
|
|
73
|
+
|
|
74
|
+
// Initialize crypto
|
|
75
|
+
this.cryptoUtils = this.config.cryptoInterface;
|
|
76
|
+
|
|
77
|
+
// Initialize storage interface
|
|
78
|
+
this.cacheManager = this.config.storageInterface;
|
|
79
|
+
|
|
80
|
+
// Set the network interface
|
|
81
|
+
this.networkClient = this.config.networkInterface;
|
|
82
|
+
|
|
83
|
+
// Set TelemetryManager
|
|
84
|
+
this.serverTelemetryManager = this.config.serverTelemetryManager;
|
|
85
|
+
|
|
86
|
+
// set Authority
|
|
87
|
+
this.authority = this.config.authOptions.authority;
|
|
88
|
+
|
|
89
|
+
// set performance telemetry client
|
|
90
|
+
this.performanceClient = performanceClient;
|
|
33
91
|
}
|
|
34
92
|
|
|
35
93
|
/**
|
|
@@ -39,17 +97,9 @@ export class SilentFlowClient extends BaseClient {
|
|
|
39
97
|
async acquireCachedToken(
|
|
40
98
|
request: CommonSilentFlowRequest
|
|
41
99
|
): Promise<[AuthenticationResult, CacheOutcome]> {
|
|
42
|
-
this.performanceClient?.addQueueMeasurement(
|
|
43
|
-
PerformanceEvents.SilentFlowClientAcquireCachedToken,
|
|
44
|
-
request.correlationId
|
|
45
|
-
);
|
|
46
100
|
let lastCacheOutcome: CacheOutcome = CacheOutcome.NOT_APPLICABLE;
|
|
47
101
|
|
|
48
|
-
if (
|
|
49
|
-
request.forceRefresh ||
|
|
50
|
-
(!this.config.cacheOptions.claimsBasedCachingEnabled &&
|
|
51
|
-
!StringUtils.isEmptyObj(request.claims))
|
|
52
|
-
) {
|
|
102
|
+
if (request.forceRefresh || !StringUtils.isEmptyObj(request.claims)) {
|
|
53
103
|
// Must refresh due to present force_refresh flag.
|
|
54
104
|
this.setCacheOutcome(
|
|
55
105
|
CacheOutcome.FORCE_REFRESH_OR_CLAIMS,
|
|
@@ -124,12 +174,13 @@ export class SilentFlowClient extends BaseClient {
|
|
|
124
174
|
request.account,
|
|
125
175
|
request.correlationId,
|
|
126
176
|
tokenKeys,
|
|
127
|
-
requestTenantId
|
|
128
|
-
this.performanceClient
|
|
177
|
+
requestTenantId
|
|
129
178
|
),
|
|
130
179
|
refreshToken: null,
|
|
131
|
-
appMetadata:
|
|
132
|
-
|
|
180
|
+
appMetadata: this.cacheManager.readAppMetadataFromCache(
|
|
181
|
+
environment,
|
|
182
|
+
request.correlationId
|
|
183
|
+
),
|
|
133
184
|
};
|
|
134
185
|
|
|
135
186
|
this.setCacheOutcome(lastCacheOutcome, request.correlationId);
|
|
@@ -163,7 +214,8 @@ export class SilentFlowClient extends BaseClient {
|
|
|
163
214
|
);
|
|
164
215
|
if (cacheOutcome !== CacheOutcome.NOT_APPLICABLE) {
|
|
165
216
|
this.logger.info(
|
|
166
|
-
`Token refresh is required due to cache outcome: ${cacheOutcome}
|
|
217
|
+
`Token refresh is required due to cache outcome: '${cacheOutcome}'`,
|
|
218
|
+
correlationId
|
|
167
219
|
);
|
|
168
220
|
}
|
|
169
221
|
}
|
|
@@ -176,10 +228,6 @@ export class SilentFlowClient extends BaseClient {
|
|
|
176
228
|
cacheRecord: CacheRecord,
|
|
177
229
|
request: CommonSilentFlowRequest
|
|
178
230
|
): Promise<AuthenticationResult> {
|
|
179
|
-
this.performanceClient?.addQueueMeasurement(
|
|
180
|
-
PerformanceEvents.SilentFlowClientGenerateResultFromCacheRecord,
|
|
181
|
-
request.correlationId
|
|
182
|
-
);
|
|
183
231
|
let idTokenClaims: TokenClaims | undefined;
|
|
184
232
|
if (cacheRecord.idToken) {
|
|
185
233
|
idTokenClaims = extractTokenClaims(
|
|
@@ -206,6 +254,7 @@ export class SilentFlowClient extends BaseClient {
|
|
|
206
254
|
cacheRecord,
|
|
207
255
|
true,
|
|
208
256
|
request,
|
|
257
|
+
this.performanceClient,
|
|
209
258
|
idTokenClaims
|
|
210
259
|
);
|
|
211
260
|
}
|
|
@@ -7,8 +7,9 @@ import { INetworkModule } from "../network/INetworkModule.js";
|
|
|
7
7
|
import { DEFAULT_CRYPTO_IMPLEMENTATION, ICrypto } from "../crypto/ICrypto.js";
|
|
8
8
|
import { ILoggerCallback, Logger, LogLevel } from "../logger/Logger.js";
|
|
9
9
|
import {
|
|
10
|
-
|
|
10
|
+
DEFAULT_COMMON_TENANT,
|
|
11
11
|
DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
|
|
12
|
+
SKU,
|
|
12
13
|
} from "../utils/Constants.js";
|
|
13
14
|
import { version } from "../packageMetadata.js";
|
|
14
15
|
import type { Authority } from "../authority/Authority.js";
|
|
@@ -44,7 +45,6 @@ export type ClientConfiguration = {
|
|
|
44
45
|
authOptions: AuthOptions;
|
|
45
46
|
systemOptions?: SystemOptions;
|
|
46
47
|
loggerOptions?: LoggerOptions;
|
|
47
|
-
cacheOptions?: CacheOptions;
|
|
48
48
|
storageInterface?: CacheManager;
|
|
49
49
|
networkInterface?: INetworkModule;
|
|
50
50
|
cryptoInterface?: ICrypto;
|
|
@@ -60,7 +60,6 @@ export type CommonClientConfiguration = {
|
|
|
60
60
|
authOptions: Required<AuthOptions>;
|
|
61
61
|
systemOptions: Required<SystemOptions>;
|
|
62
62
|
loggerOptions: Required<LoggerOptions>;
|
|
63
|
-
cacheOptions: Required<CacheOptions>;
|
|
64
63
|
storageInterface: CacheManager;
|
|
65
64
|
networkInterface: INetworkModule;
|
|
66
65
|
cryptoInterface: Required<ICrypto>;
|
|
@@ -80,11 +79,8 @@ export type CommonClientConfiguration = {
|
|
|
80
79
|
* - knownAuthorities - An array of URIs that are known to be valid. Used in B2C scenarios.
|
|
81
80
|
* - cloudDiscoveryMetadata - A string containing the cloud discovery response. Used in AAD scenarios.
|
|
82
81
|
* - clientCapabilities - Array of capabilities which will be added to the claims.access_token.xms_cc request property on every network request.
|
|
83
|
-
* - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
|
|
84
|
-
* - skipAuthorityMetadataCache - A flag to choose whether to use or not use the local metadata cache during authority initialization. Defaults to false.
|
|
85
82
|
* - instanceAware - A flag of whether the STS will send back additional parameters to specify where the tokens should be retrieved from.
|
|
86
83
|
* - redirectUri - The redirect URI where authentication responses can be received by your application. It must exactly match one of the redirect URIs registered in the Azure portal.
|
|
87
|
-
* - encodeExtraQueryParams - A flag to choose whether to encode the extra query parameters or not. Defaults to false.
|
|
88
84
|
* @internal
|
|
89
85
|
*/
|
|
90
86
|
export type AuthOptions = {
|
|
@@ -93,18 +89,14 @@ export type AuthOptions = {
|
|
|
93
89
|
redirectUri: string;
|
|
94
90
|
clientCapabilities?: Array<string>;
|
|
95
91
|
azureCloudOptions?: AzureCloudOptions;
|
|
96
|
-
skipAuthorityMetadataCache?: boolean;
|
|
97
92
|
instanceAware?: boolean;
|
|
98
|
-
/**
|
|
99
|
-
* @deprecated This flag is deprecated and will be removed in the next major version where all extra query params will be encoded by default.
|
|
100
|
-
*/
|
|
101
|
-
encodeExtraQueryParams?: boolean;
|
|
102
93
|
};
|
|
103
94
|
|
|
104
95
|
/**
|
|
105
96
|
* Use this to configure token renewal info in the Configuration object
|
|
106
97
|
*
|
|
107
98
|
* - tokenRenewalOffsetSeconds - Sets the window of offset needed to renew the token before expiry
|
|
99
|
+
* - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.
|
|
108
100
|
*/
|
|
109
101
|
export type SystemOptions = {
|
|
110
102
|
tokenRenewalOffsetSeconds?: number;
|
|
@@ -126,18 +118,6 @@ export type LoggerOptions = {
|
|
|
126
118
|
correlationId?: string;
|
|
127
119
|
};
|
|
128
120
|
|
|
129
|
-
/**
|
|
130
|
-
* Use this to configure credential cache preferences in the ClientConfiguration object
|
|
131
|
-
*
|
|
132
|
-
* - claimsBasedCachingEnabled - Sets whether tokens should be cached based on the claims hash. Default is false.
|
|
133
|
-
*/
|
|
134
|
-
export type CacheOptions = {
|
|
135
|
-
/**
|
|
136
|
-
* @deprecated claimsBasedCachingEnabled is deprecated and will be removed in the next major version.
|
|
137
|
-
*/
|
|
138
|
-
claimsBasedCachingEnabled?: boolean;
|
|
139
|
-
};
|
|
140
|
-
|
|
141
121
|
/**
|
|
142
122
|
* Library-specific options
|
|
143
123
|
*/
|
|
@@ -184,11 +164,7 @@ const DEFAULT_LOGGER_IMPLEMENTATION: Required<LoggerOptions> = {
|
|
|
184
164
|
},
|
|
185
165
|
piiLoggingEnabled: false,
|
|
186
166
|
logLevel: LogLevel.Info,
|
|
187
|
-
correlationId:
|
|
188
|
-
};
|
|
189
|
-
|
|
190
|
-
const DEFAULT_CACHE_OPTIONS: Required<CacheOptions> = {
|
|
191
|
-
claimsBasedCachingEnabled: false,
|
|
167
|
+
correlationId: "",
|
|
192
168
|
};
|
|
193
169
|
|
|
194
170
|
const DEFAULT_NETWORK_IMPLEMENTATION: INetworkModule = {
|
|
@@ -201,20 +177,20 @@ const DEFAULT_NETWORK_IMPLEMENTATION: INetworkModule = {
|
|
|
201
177
|
};
|
|
202
178
|
|
|
203
179
|
const DEFAULT_LIBRARY_INFO: LibraryInfo = {
|
|
204
|
-
sku:
|
|
180
|
+
sku: SKU,
|
|
205
181
|
version: version,
|
|
206
|
-
cpu:
|
|
207
|
-
os:
|
|
182
|
+
cpu: "",
|
|
183
|
+
os: "",
|
|
208
184
|
};
|
|
209
185
|
|
|
210
186
|
const DEFAULT_CLIENT_CREDENTIALS: ClientCredentials = {
|
|
211
|
-
clientSecret:
|
|
187
|
+
clientSecret: "",
|
|
212
188
|
clientAssertion: undefined,
|
|
213
189
|
};
|
|
214
190
|
|
|
215
191
|
const DEFAULT_AZURE_CLOUD_OPTIONS: AzureCloudOptions = {
|
|
216
192
|
azureCloudInstance: AzureCloudInstance.None,
|
|
217
|
-
tenant: `${
|
|
193
|
+
tenant: `${DEFAULT_COMMON_TENANT}`,
|
|
218
194
|
};
|
|
219
195
|
|
|
220
196
|
const DEFAULT_TELEMETRY_OPTIONS: Required<TelemetryOptions> = {
|
|
@@ -235,7 +211,6 @@ export function buildClientConfiguration({
|
|
|
235
211
|
authOptions: userAuthOptions,
|
|
236
212
|
systemOptions: userSystemOptions,
|
|
237
213
|
loggerOptions: userLoggerOption,
|
|
238
|
-
cacheOptions: userCacheOptions,
|
|
239
214
|
storageInterface: storageImplementation,
|
|
240
215
|
networkInterface: networkImplementation,
|
|
241
216
|
cryptoInterface: cryptoImplementation,
|
|
@@ -255,7 +230,6 @@ export function buildClientConfiguration({
|
|
|
255
230
|
authOptions: buildAuthOptions(userAuthOptions),
|
|
256
231
|
systemOptions: { ...DEFAULT_SYSTEM_OPTIONS, ...userSystemOptions },
|
|
257
232
|
loggerOptions: loggerOptions,
|
|
258
|
-
cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },
|
|
259
233
|
storageInterface:
|
|
260
234
|
storageImplementation ||
|
|
261
235
|
new DefaultStorageClass(
|
|
@@ -284,9 +258,7 @@ function buildAuthOptions(authOptions: AuthOptions): Required<AuthOptions> {
|
|
|
284
258
|
return {
|
|
285
259
|
clientCapabilities: [],
|
|
286
260
|
azureCloudOptions: DEFAULT_AZURE_CLOUD_OPTIONS,
|
|
287
|
-
skipAuthorityMetadataCache: false,
|
|
288
261
|
instanceAware: false,
|
|
289
|
-
encodeExtraQueryParams: false,
|
|
290
262
|
...authOptions,
|
|
291
263
|
};
|
|
292
264
|
}
|
package/src/crypto/ICrypto.ts
CHANGED
|
@@ -28,7 +28,7 @@ export type SignedHttpRequestParameters = Pick<
|
|
|
28
28
|
| "shrNonce"
|
|
29
29
|
| "shrOptions"
|
|
30
30
|
> & {
|
|
31
|
-
correlationId
|
|
31
|
+
correlationId: string;
|
|
32
32
|
};
|
|
33
33
|
|
|
34
34
|
/**
|
|
@@ -69,12 +69,14 @@ export interface ICrypto {
|
|
|
69
69
|
/**
|
|
70
70
|
* Removes cryptographic keypair from key store matching the keyId passed in
|
|
71
71
|
* @param kid
|
|
72
|
+
* @param correlationId
|
|
72
73
|
*/
|
|
73
|
-
removeTokenBindingKey(kid: string): Promise<void>;
|
|
74
|
+
removeTokenBindingKey(kid: string, correlationId: string): Promise<void>;
|
|
74
75
|
/**
|
|
75
76
|
* Removes all cryptographic keys from IndexedDB storage
|
|
77
|
+
* @param correlationId
|
|
76
78
|
*/
|
|
77
|
-
clearKeystore(): Promise<boolean>;
|
|
79
|
+
clearKeystore(correlationId: string): Promise<boolean>;
|
|
78
80
|
/**
|
|
79
81
|
* Returns a signed proof-of-possession token with a given acces token that contains a cnf claim with the required kid.
|
|
80
82
|
* @param accessToken
|