@azure/msal-common 15.15.0 → 15.16.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -5
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +1 -1
- package/dist/authority/AuthorityFactory.mjs +1 -1
- package/dist/authority/AuthorityMetadata.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.mjs +1 -1
- package/dist/cache/CacheManager.mjs +1 -1
- package/dist/cache/entities/AccountEntity.mjs +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +12 -8
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/BaseClient.mjs +1 -1
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +12 -8
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.mjs +1 -1
- package/dist/config/ClientConfiguration.mjs +1 -1
- package/dist/constants/AADServerParamKeys.mjs +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +1 -1
- package/dist/error/AuthError.mjs +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +1 -1
- package/dist/error/ClientConfigurationError.mjs +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.d.ts +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/PlatformBrokerError.mjs +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/index-browser.mjs +1 -1
- package/dist/index-node.mjs +1 -1
- package/dist/index.mjs +1 -1
- package/dist/logger/Logger.mjs +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts.map +1 -1
- package/dist/protocol/Authorize.mjs +11 -8
- package/dist/protocol/Authorize.mjs.map +1 -1
- package/dist/request/AuthenticationHeaderParser.mjs +1 -1
- package/dist/request/BaseAuthRequest.d.ts +2 -0
- package/dist/request/BaseAuthRequest.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +1 -1
- package/dist/request/ScopeSet.mjs +1 -1
- package/dist/response/ResponseHandler.mjs +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.d.ts +20 -0
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +6 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist/url/UrlString.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.mjs +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +1 -1
- package/dist/utils/StringUtils.d.ts +25 -0
- package/dist/utils/StringUtils.d.ts.map +1 -1
- package/dist/utils/StringUtils.mjs +40 -1
- package/dist/utils/StringUtils.mjs.map +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.mjs +1 -1
- package/lib/index-browser.cjs +2 -2
- package/lib/{index-node-BtzY9XyU.js → index-node-DcRBQUZQ.js} +73 -18
- package/lib/index-node-DcRBQUZQ.js.map +1 -0
- package/lib/index-node.cjs +2 -2
- package/lib/index.cjs +2 -2
- package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/error/InteractionRequiredAuthError.d.ts +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts.map +1 -1
- package/lib/types/request/BaseAuthRequest.d.ts +2 -0
- package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts +20 -0
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/lib/types/utils/StringUtils.d.ts +25 -0
- package/lib/types/utils/StringUtils.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/client/AuthorizationCodeClient.ts +19 -12
- package/src/client/RefreshTokenClient.ts +19 -12
- package/src/error/InteractionRequiredAuthError.ts +1 -1
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +15 -12
- package/src/request/BaseAuthRequest.ts +2 -0
- package/src/telemetry/performance/PerformanceEvent.ts +27 -0
- package/src/utils/StringUtils.ts +48 -0
- package/lib/index-node-BtzY9XyU.js.map +0 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-common v15.
|
|
1
|
+
/*! @azure/msal-common v15.16.1 2026-03-13 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
@@ -1149,6 +1149,45 @@ class StringUtils {
|
|
|
1149
1149
|
.replace(/\?/g, "\\?"));
|
|
1150
1150
|
return regex.test(input);
|
|
1151
1151
|
}
|
|
1152
|
+
/**
|
|
1153
|
+
* Tests if a given string matches a given pattern using stricter, anchored matching semantics.
|
|
1154
|
+
*
|
|
1155
|
+
* Differences from `matchPattern` (legacy):
|
|
1156
|
+
* - All regex metacharacters (including `.`) in the pattern are treated as literals,
|
|
1157
|
+
* so `example.com` matches only `example.com` and not `exampleXcom`.
|
|
1158
|
+
* - The generated regex is anchored with `^` and `$` so partial/substring matches
|
|
1159
|
+
* are not allowed.
|
|
1160
|
+
* - `*` is the only supported wildcard. Its behaviour depends on the URL component:
|
|
1161
|
+
* - `host` component: `*` matches any sequence of characters that does NOT include
|
|
1162
|
+
* a dot (`.`), keeping wildcards within a single DNS label boundary.
|
|
1163
|
+
* - All other components: `*` matches any sequence of characters (including `/`).
|
|
1164
|
+
*
|
|
1165
|
+
* @param pattern - The `protectedResourceMap` key pattern to match against. `*` is a
|
|
1166
|
+
* multi-character wildcard; all other characters are treated as literals.
|
|
1167
|
+
* @param input - The URL component value (e.g. host, pathname) extracted from the
|
|
1168
|
+
* outgoing request URL to test against the pattern.
|
|
1169
|
+
* @param options - Optional. Provide `component` to enable component-aware wildcard
|
|
1170
|
+
* semantics. Accepted values: `"host"`, `"path"`, `"protocol"`, `"search"`,
|
|
1171
|
+
* `"hash"`. Defaults to path-style (permissive) matching when omitted.
|
|
1172
|
+
* @returns `true` if the full input string matches the pattern; `false` otherwise.
|
|
1173
|
+
*/
|
|
1174
|
+
static matchPatternStrict(pattern, input, options) {
|
|
1175
|
+
const component = options?.component;
|
|
1176
|
+
// Step 1: Escape all regex special characters so literals are matched literally.
|
|
1177
|
+
let regexBody = pattern.replace(/[.+^${}()|[\]\\*?]/g, "\\$&");
|
|
1178
|
+
// Step 2: Replace the escaped '*' with its component-aware regex equivalent.
|
|
1179
|
+
if (component === "host") {
|
|
1180
|
+
regexBody = regexBody.replace(/\\\*/g, "[^.]*");
|
|
1181
|
+
}
|
|
1182
|
+
else {
|
|
1183
|
+
// PATH, PROTOCOL, SEARCH, HASH, or unspecified: '*' matches any characters.
|
|
1184
|
+
regexBody = regexBody.replace(/\\\*/g, ".*");
|
|
1185
|
+
}
|
|
1186
|
+
// Step 3: Anchor for full-string matching.
|
|
1187
|
+
// eslint-disable-next-line security/detect-non-literal-regexp
|
|
1188
|
+
const regex = new RegExp(`^${regexBody}$`);
|
|
1189
|
+
return regex.test(input);
|
|
1190
|
+
}
|
|
1152
1191
|
}
|
|
1153
1192
|
|
|
1154
1193
|
/*
|
|
@@ -2199,6 +2238,11 @@ const IntFields = new Set([
|
|
|
2199
2238
|
"currRefreshCount",
|
|
2200
2239
|
"expiredCacheRemovedCount",
|
|
2201
2240
|
"upgradedCacheCount",
|
|
2241
|
+
"networkRtt",
|
|
2242
|
+
"iframePollIntervalMs",
|
|
2243
|
+
"iframeTimeoutMs",
|
|
2244
|
+
"iframeTickCount",
|
|
2245
|
+
"crossOriginTickCount",
|
|
2202
2246
|
]);
|
|
2203
2247
|
|
|
2204
2248
|
/*
|
|
@@ -3987,7 +4031,7 @@ class Logger {
|
|
|
3987
4031
|
|
|
3988
4032
|
/* eslint-disable header/header */
|
|
3989
4033
|
const name = "@azure/msal-common";
|
|
3990
|
-
const version = "15.
|
|
4034
|
+
const version = "15.16.1";
|
|
3991
4035
|
|
|
3992
4036
|
/*
|
|
3993
4037
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -7504,11 +7548,6 @@ class AuthorizationCodeClient extends BaseClient {
|
|
|
7504
7548
|
throw createClientConfigurationError(missingSshJwk);
|
|
7505
7549
|
}
|
|
7506
7550
|
}
|
|
7507
|
-
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
7508
|
-
(this.config.authOptions.clientCapabilities &&
|
|
7509
|
-
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
7510
|
-
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
7511
|
-
}
|
|
7512
7551
|
let ccsCred = undefined;
|
|
7513
7552
|
if (request.clientInfo) {
|
|
7514
7553
|
try {
|
|
@@ -7558,6 +7597,15 @@ class AuthorizationCodeClient extends BaseClient {
|
|
|
7558
7597
|
});
|
|
7559
7598
|
}
|
|
7560
7599
|
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
7600
|
+
// ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
|
|
7601
|
+
const configClaims = request.skipBrokerClaims &&
|
|
7602
|
+
parameters.has(BROKER_CLIENT_ID)
|
|
7603
|
+
? undefined
|
|
7604
|
+
: this.config.authOptions.clientCapabilities;
|
|
7605
|
+
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
7606
|
+
(configClaims && configClaims.length > 0)) {
|
|
7607
|
+
addClaims(parameters, request.claims, configClaims);
|
|
7608
|
+
}
|
|
7561
7609
|
return mapToQueryString(parameters);
|
|
7562
7610
|
}
|
|
7563
7611
|
/**
|
|
@@ -7767,11 +7815,6 @@ class RefreshTokenClient extends BaseClient {
|
|
|
7767
7815
|
throw createClientConfigurationError(missingSshJwk);
|
|
7768
7816
|
}
|
|
7769
7817
|
}
|
|
7770
|
-
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
7771
|
-
(this.config.authOptions.clientCapabilities &&
|
|
7772
|
-
this.config.authOptions.clientCapabilities.length > 0)) {
|
|
7773
|
-
addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
|
|
7774
|
-
}
|
|
7775
7818
|
if (this.config.systemOptions.preventCorsPreflight &&
|
|
7776
7819
|
request.ccsCredential) {
|
|
7777
7820
|
switch (request.ccsCredential.type) {
|
|
@@ -7797,6 +7840,15 @@ class RefreshTokenClient extends BaseClient {
|
|
|
7797
7840
|
addExtraQueryParameters(parameters, request.tokenBodyParameters);
|
|
7798
7841
|
}
|
|
7799
7842
|
instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
|
|
7843
|
+
// ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
|
|
7844
|
+
const configClaims = request.skipBrokerClaims &&
|
|
7845
|
+
parameters.has(BROKER_CLIENT_ID)
|
|
7846
|
+
? undefined
|
|
7847
|
+
: this.config.authOptions.clientCapabilities;
|
|
7848
|
+
if (!StringUtils.isEmptyObj(request.claims) ||
|
|
7849
|
+
(configClaims && configClaims.length > 0)) {
|
|
7850
|
+
addClaims(parameters, request.claims, configClaims);
|
|
7851
|
+
}
|
|
7800
7852
|
return mapToQueryString(parameters);
|
|
7801
7853
|
}
|
|
7802
7854
|
}
|
|
@@ -8029,14 +8081,17 @@ function getStandardAuthorizeRequestParameters(authOptions, request, logger, per
|
|
|
8029
8081
|
if (request.state) {
|
|
8030
8082
|
addState(parameters, request.state);
|
|
8031
8083
|
}
|
|
8032
|
-
if (request.claims ||
|
|
8033
|
-
(authOptions.clientCapabilities &&
|
|
8034
|
-
authOptions.clientCapabilities.length > 0)) {
|
|
8035
|
-
addClaims(parameters, request.claims, authOptions.clientCapabilities);
|
|
8036
|
-
}
|
|
8037
8084
|
if (request.embeddedClientId) {
|
|
8038
8085
|
addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
|
|
8039
8086
|
}
|
|
8087
|
+
// ignore config claims if skipBrokerClaims is set to true and this is a brokered authentication flow
|
|
8088
|
+
const configClaims = request.skipBrokerClaims &&
|
|
8089
|
+
parameters.has(BROKER_CLIENT_ID)
|
|
8090
|
+
? undefined
|
|
8091
|
+
: authOptions.clientCapabilities;
|
|
8092
|
+
if (request.claims || (configClaims && configClaims.length > 0)) {
|
|
8093
|
+
addClaims(parameters, request.claims, configClaims);
|
|
8094
|
+
}
|
|
8040
8095
|
// If extraQueryParameters includes instance_aware its value will be added when extraQueryParameters are added
|
|
8041
8096
|
if (authOptions.instanceAware &&
|
|
8042
8097
|
(!request.extraQueryParameters ||
|
|
@@ -8604,4 +8659,4 @@ exports.invokeAsync = invokeAsync;
|
|
|
8604
8659
|
exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
|
|
8605
8660
|
exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
|
|
8606
8661
|
exports.version = version;
|
|
8607
|
-
//# sourceMappingURL=index-node-
|
|
8662
|
+
//# sourceMappingURL=index-node-DcRBQUZQ.js.map
|