@azure/msal-common 15.2.0 → 15.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (190) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +1 -1
  7. package/dist/authority/AuthorityFactory.mjs +1 -1
  8. package/dist/authority/AuthorityMetadata.mjs +1 -1
  9. package/dist/authority/AuthorityOptions.mjs +1 -1
  10. package/dist/authority/AuthorityType.mjs +1 -1
  11. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  13. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  14. package/dist/authority/ProtocolMode.mjs +1 -1
  15. package/dist/authority/RegionDiscovery.mjs +1 -1
  16. package/dist/cache/CacheManager.mjs +1 -1
  17. package/dist/cache/entities/AccountEntity.mjs +1 -1
  18. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  19. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  20. package/dist/client/AuthorizationCodeClient.d.ts +0 -31
  21. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  22. package/dist/client/AuthorizationCodeClient.mjs +43 -258
  23. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  24. package/dist/client/BaseClient.d.ts.map +1 -1
  25. package/dist/client/BaseClient.mjs +9 -10
  26. package/dist/client/BaseClient.mjs.map +1 -1
  27. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  28. package/dist/client/RefreshTokenClient.mjs +29 -41
  29. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  30. package/dist/client/SilentFlowClient.mjs +1 -1
  31. package/dist/config/ClientConfiguration.mjs +1 -1
  32. package/dist/constants/AADServerParamKeys.d.ts +1 -0
  33. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  34. package/dist/constants/AADServerParamKeys.mjs +4 -3
  35. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  36. package/dist/crypto/ICrypto.mjs +1 -1
  37. package/dist/crypto/JoseHeader.mjs +1 -1
  38. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  39. package/dist/error/AuthError.mjs +1 -1
  40. package/dist/error/AuthErrorCodes.mjs +1 -1
  41. package/dist/error/CacheError.mjs +1 -1
  42. package/dist/error/CacheErrorCodes.mjs +1 -1
  43. package/dist/error/ClientAuthError.mjs +1 -1
  44. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  45. package/dist/error/ClientConfigurationError.mjs +1 -1
  46. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  47. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  48. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  49. package/dist/error/JoseHeaderError.mjs +1 -1
  50. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  51. package/dist/error/NetworkError.mjs +1 -1
  52. package/dist/error/ServerError.mjs +1 -1
  53. package/dist/exports-common.d.ts +4 -3
  54. package/dist/exports-common.d.ts.map +1 -1
  55. package/dist/index-browser.mjs +6 -2
  56. package/dist/index-browser.mjs.map +1 -1
  57. package/dist/index-node.mjs +6 -2
  58. package/dist/index-node.mjs.map +1 -1
  59. package/dist/index.mjs +6 -2
  60. package/dist/index.mjs.map +1 -1
  61. package/dist/logger/Logger.mjs +1 -1
  62. package/dist/network/INetworkModule.mjs +1 -1
  63. package/dist/network/RequestThumbprint.d.ts +3 -0
  64. package/dist/network/RequestThumbprint.d.ts.map +1 -1
  65. package/dist/network/RequestThumbprint.mjs +24 -0
  66. package/dist/network/RequestThumbprint.mjs.map +1 -0
  67. package/dist/network/ThrottlingUtils.d.ts.map +1 -1
  68. package/dist/network/ThrottlingUtils.mjs +3 -13
  69. package/dist/network/ThrottlingUtils.mjs.map +1 -1
  70. package/dist/packageMetadata.d.ts +1 -1
  71. package/dist/packageMetadata.mjs +2 -2
  72. package/dist/protocol/Authorize.d.ts +37 -0
  73. package/dist/protocol/Authorize.d.ts.map +1 -0
  74. package/dist/protocol/Authorize.mjs +237 -0
  75. package/dist/protocol/Authorize.mjs.map +1 -0
  76. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  77. package/dist/request/BaseAuthRequest.d.ts +2 -0
  78. package/dist/request/BaseAuthRequest.d.ts.map +1 -1
  79. package/dist/request/CommonAuthorizationCodeRequest.d.ts +0 -2
  80. package/dist/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
  81. package/dist/request/CommonDeviceCodeRequest.d.ts +1 -1
  82. package/dist/request/CommonDeviceCodeRequest.d.ts.map +1 -1
  83. package/dist/request/CommonRefreshTokenRequest.d.ts +0 -2
  84. package/dist/request/CommonRefreshTokenRequest.d.ts.map +1 -1
  85. package/dist/request/CommonSilentFlowRequest.d.ts +0 -3
  86. package/dist/request/CommonSilentFlowRequest.d.ts.map +1 -1
  87. package/dist/request/RequestParameterBuilder.d.ts +206 -218
  88. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  89. package/dist/request/RequestParameterBuilder.mjs +356 -369
  90. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  91. package/dist/request/RequestValidator.mjs +1 -1
  92. package/dist/request/ScopeSet.mjs +1 -1
  93. package/dist/response/AuthorizeResponse.d.ts +72 -0
  94. package/dist/response/AuthorizeResponse.d.ts.map +1 -0
  95. package/dist/response/ResponseHandler.d.ts +0 -8
  96. package/dist/response/ResponseHandler.d.ts.map +1 -1
  97. package/dist/response/ResponseHandler.mjs +7 -52
  98. package/dist/response/ResponseHandler.mjs.map +1 -1
  99. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  100. package/dist/telemetry/performance/PerformanceEvent.d.ts +1 -2
  101. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  102. package/dist/telemetry/performance/PerformanceEvent.mjs +2 -11
  103. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  104. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  105. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  106. package/dist/url/UrlString.mjs +1 -1
  107. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  108. package/dist/utils/Constants.mjs +1 -1
  109. package/dist/utils/FunctionWrappers.mjs +1 -1
  110. package/dist/utils/ProtocolUtils.mjs +1 -1
  111. package/dist/utils/StringUtils.mjs +1 -1
  112. package/dist/utils/TimeUtils.d.ts +10 -0
  113. package/dist/utils/TimeUtils.d.ts.map +1 -1
  114. package/dist/utils/TimeUtils.mjs +20 -2
  115. package/dist/utils/TimeUtils.mjs.map +1 -1
  116. package/dist/utils/UrlUtils.d.ts +6 -2
  117. package/dist/utils/UrlUtils.d.ts.map +1 -1
  118. package/dist/utils/UrlUtils.mjs +12 -2
  119. package/dist/utils/UrlUtils.mjs.map +1 -1
  120. package/lib/index-browser.cjs +4 -2
  121. package/lib/index-browser.cjs.map +1 -1
  122. package/lib/{index-node-0IMDqzO0.js → index-node-BjtDFnOl.js} +828 -805
  123. package/lib/index-node-BjtDFnOl.js.map +1 -0
  124. package/lib/index-node.cjs +4 -2
  125. package/lib/index-node.cjs.map +1 -1
  126. package/lib/index.cjs +4 -2
  127. package/lib/index.cjs.map +1 -1
  128. package/lib/types/client/AuthorizationCodeClient.d.ts +0 -31
  129. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  130. package/lib/types/client/BaseClient.d.ts.map +1 -1
  131. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  132. package/lib/types/constants/AADServerParamKeys.d.ts +1 -0
  133. package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
  134. package/lib/types/exports-common.d.ts +4 -3
  135. package/lib/types/exports-common.d.ts.map +1 -1
  136. package/lib/types/network/RequestThumbprint.d.ts +3 -0
  137. package/lib/types/network/RequestThumbprint.d.ts.map +1 -1
  138. package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
  139. package/lib/types/packageMetadata.d.ts +1 -1
  140. package/lib/types/protocol/Authorize.d.ts +37 -0
  141. package/lib/types/protocol/Authorize.d.ts.map +1 -0
  142. package/lib/types/request/BaseAuthRequest.d.ts +2 -0
  143. package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
  144. package/lib/types/request/CommonAuthorizationCodeRequest.d.ts +0 -2
  145. package/lib/types/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
  146. package/lib/types/request/CommonDeviceCodeRequest.d.ts +1 -1
  147. package/lib/types/request/CommonDeviceCodeRequest.d.ts.map +1 -1
  148. package/lib/types/request/CommonRefreshTokenRequest.d.ts +0 -2
  149. package/lib/types/request/CommonRefreshTokenRequest.d.ts.map +1 -1
  150. package/lib/types/request/CommonSilentFlowRequest.d.ts +0 -3
  151. package/lib/types/request/CommonSilentFlowRequest.d.ts.map +1 -1
  152. package/lib/types/request/RequestParameterBuilder.d.ts +206 -218
  153. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  154. package/lib/types/response/AuthorizeResponse.d.ts +72 -0
  155. package/lib/types/response/AuthorizeResponse.d.ts.map +1 -0
  156. package/lib/types/response/ResponseHandler.d.ts +0 -8
  157. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  158. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +1 -2
  159. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  160. package/lib/types/utils/TimeUtils.d.ts +10 -0
  161. package/lib/types/utils/TimeUtils.d.ts.map +1 -1
  162. package/lib/types/utils/UrlUtils.d.ts +6 -2
  163. package/lib/types/utils/UrlUtils.d.ts.map +1 -1
  164. package/package.json +1 -1
  165. package/src/client/AuthorizationCodeClient.ts +89 -409
  166. package/src/client/BaseClient.ts +20 -12
  167. package/src/client/RefreshTokenClient.ts +66 -44
  168. package/src/constants/AADServerParamKeys.ts +1 -0
  169. package/src/exports-common.ts +8 -3
  170. package/src/network/RequestThumbprint.ts +23 -0
  171. package/src/network/ThrottlingUtils.ts +9 -14
  172. package/src/packageMetadata.ts +1 -1
  173. package/src/protocol/Authorize.ts +409 -0
  174. package/src/request/BaseAuthRequest.ts +2 -0
  175. package/src/request/CommonAuthorizationCodeRequest.ts +0 -2
  176. package/src/request/CommonDeviceCodeRequest.ts +1 -1
  177. package/src/request/CommonRefreshTokenRequest.ts +0 -2
  178. package/src/request/CommonSilentFlowRequest.ts +0 -3
  179. package/src/request/RequestParameterBuilder.ts +508 -543
  180. package/src/response/AuthorizeResponse.ts +76 -0
  181. package/src/response/ResponseHandler.ts +8 -104
  182. package/src/telemetry/performance/PerformanceEvent.ts +1 -11
  183. package/src/utils/TimeUtils.ts +20 -0
  184. package/src/utils/UrlUtils.ts +18 -4
  185. package/dist/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  186. package/dist/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  187. package/lib/index-node-0IMDqzO0.js.map +0 -1
  188. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  189. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  190. package/src/response/ServerAuthorizationCodeResponse.ts +0 -34
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
4
4
  import { tokenParsingError, nullOrEmptyToken, maxAgeTranspired } from '../error/ClientAuthErrorCodes.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
4
4
  import { Separators, Constants } from '../utils/Constants.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { AuthorityType } from './AuthorityType.mjs';
4
4
  import { isOpenIdConfigResponse } from './OpenIdConfigResponse.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { Authority, formatAuthorityUri } from './Authority.mjs';
4
4
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { UrlString } from '../url/UrlString.mjs';
4
4
  import { AuthorityMetadataSource } from '../utils/Constants.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { Constants, ResponseCodes, RegionDiscoverySources } from '../utils/Constants.mjs';
4
4
  import { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { Separators, CredentialType, AuthenticationScheme, THE_FAMILY_ID, APP_METADATA, AUTHORITY_METADATA_CONSTANTS } from '../utils/Constants.mjs';
4
4
  import { generateCredentialKey } from './utils/CacheHelpers.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { Separators, CacheAccountType } from '../../utils/Constants.mjs';
4
4
  import { buildClientInfo } from '../../account/ClientInfo.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { extractTokenClaims } from '../../account/AuthToken.mjs';
4
4
  import { createClientAuthError } from '../../error/ClientAuthError.mjs';
@@ -1,9 +1,7 @@
1
1
  import { BaseClient } from "./BaseClient.js";
2
- import { CommonAuthorizationUrlRequest } from "../request/CommonAuthorizationUrlRequest.js";
3
2
  import { CommonAuthorizationCodeRequest } from "../request/CommonAuthorizationCodeRequest.js";
4
3
  import { ClientConfiguration } from "../config/ClientConfiguration.js";
5
4
  import { AuthenticationResult } from "../response/AuthenticationResult.js";
6
- import { ServerAuthorizationCodeResponse } from "../response/ServerAuthorizationCodeResponse.js";
7
5
  import { CommonEndSessionRequest } from "../request/CommonEndSessionRequest.js";
8
6
  import { AuthorizationCodePayload } from "../response/AuthorizationCodePayload.js";
9
7
  import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
@@ -15,29 +13,12 @@ export declare class AuthorizationCodeClient extends BaseClient {
15
13
  protected includeRedirectUri: boolean;
16
14
  private oidcDefaultScopes;
17
15
  constructor(configuration: ClientConfiguration, performanceClient?: IPerformanceClient);
18
- /**
19
- * Creates the URL of the authorization request letting the user input credentials and consent to the
20
- * application. The URL target the /authorize endpoint of the authority configured in the
21
- * application object.
22
- *
23
- * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI
24
- * sent in the request and should contain an authorization code, which can then be used to acquire tokens via
25
- * acquireToken(AuthorizationCodeRequest)
26
- * @param request
27
- */
28
- getAuthCodeUrl(request: CommonAuthorizationUrlRequest): Promise<string>;
29
16
  /**
30
17
  * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
31
18
  * authorization_code_grant
32
19
  * @param request
33
20
  */
34
21
  acquireToken(request: CommonAuthorizationCodeRequest, authCodePayload?: AuthorizationCodePayload): Promise<AuthenticationResult>;
35
- /**
36
- * Handles the hash fragment response from public client code request. Returns a code response used by
37
- * the client to exchange for a token in acquireToken.
38
- * @param hashFragment
39
- */
40
- handleFragmentResponse(serverParams: ServerAuthorizationCodeResponse, cachedState: string): AuthorizationCodePayload;
41
22
  /**
42
23
  * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
43
24
  * Default behaviour is to redirect the user to `window.location.href`.
@@ -55,22 +36,10 @@ export declare class AuthorizationCodeClient extends BaseClient {
55
36
  * @param request
56
37
  */
57
38
  private createTokenRequestBody;
58
- /**
59
- * This API validates the `AuthorizationCodeUrlRequest` and creates a URL
60
- * @param request
61
- */
62
- private createAuthCodeUrlQueryString;
63
39
  /**
64
40
  * This API validates the `EndSessionRequest` and creates a URL
65
41
  * @param request
66
42
  */
67
43
  private createLogoutUrlQueryString;
68
- private addExtraQueryParams;
69
- /**
70
- * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.
71
- * @param account
72
- */
73
- private extractAccountSid;
74
- private extractLoginHint;
75
44
  }
76
45
  //# sourceMappingURL=AuthorizationCodeClient.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../../src/client/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,6BAA6B,EAAE,MAAM,6CAA6C,CAAC;AAC5F,OAAO,EAAE,8BAA8B,EAAE,MAAM,8CAA8C,CAAC;AAW9F,OAAO,EACH,mBAAmB,EAEtB,MAAM,kCAAkC,CAAC;AAI1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAO3E,OAAO,EAAE,+BAA+B,EAAE,MAAM,gDAAgD,CAAC;AACjG,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAGhF,OAAO,EAAE,wBAAwB,EAAE,MAAM,yCAAyC,CAAC;AAanF,OAAO,EAAE,kBAAkB,EAAE,MAAM,gDAAgD,CAAC;AAMpF;;;GAGG;AACH,qBAAa,uBAAwB,SAAQ,UAAU;IAEnD,SAAS,CAAC,kBAAkB,EAAE,OAAO,CAAQ;IAC7C,OAAO,CAAC,iBAAiB,CAAC;gBAGtB,aAAa,EAAE,mBAAmB,EAClC,iBAAiB,CAAC,EAAE,kBAAkB;IAO1C;;;;;;;;;OASG;IACG,cAAc,CAChB,OAAO,EAAE,6BAA6B,GACvC,OAAO,CAAC,MAAM,CAAC;IAoBlB;;;;OAIG;IACG,YAAY,CACd,OAAO,EAAE,8BAA8B,EACvC,eAAe,CAAC,EAAE,wBAAwB,GAC3C,OAAO,CAAC,oBAAoB,CAAC;IAwDhC;;;;OAIG;IACH,sBAAsB,CAClB,YAAY,EAAE,+BAA+B,EAC7C,WAAW,EAAE,MAAM,GACpB,wBAAwB;IA2B3B;;;;OAIG;IACH,YAAY,CAAC,aAAa,EAAE,uBAAuB,GAAG,MAAM;IAgB5D;;;;OAIG;YACW,mBAAmB;IA0EjC;;;OAGG;YACW,sBAAsB;IAoMpC;;;OAGG;YACW,4BAA4B;IA4P1C;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAmClC,OAAO,CAAC,mBAAmB;IAqB3B;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,gBAAgB;CAG3B"}
1
+ {"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../../src/client/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,8BAA8B,EAAE,MAAM,8CAA8C,CAAC;AAW9F,OAAO,EACH,mBAAmB,EAEtB,MAAM,kCAAkC,CAAC;AAI1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAO3E,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAEhF,OAAO,EAAE,wBAAwB,EAAE,MAAM,yCAAyC,CAAC;AAYnF,OAAO,EAAE,kBAAkB,EAAE,MAAM,gDAAgD,CAAC;AAOpF;;;GAGG;AACH,qBAAa,uBAAwB,SAAQ,UAAU;IAEnD,SAAS,CAAC,kBAAkB,EAAE,OAAO,CAAQ;IAC7C,OAAO,CAAC,iBAAiB,CAAC;gBAGtB,aAAa,EAAE,mBAAmB,EAClC,iBAAiB,CAAC,EAAE,kBAAkB;IAO1C;;;;OAIG;IACG,YAAY,CACd,OAAO,EAAE,8BAA8B,EACvC,eAAe,CAAC,EAAE,wBAAwB,GAC3C,OAAO,CAAC,oBAAoB,CAAC;IAwDhC;;;;OAIG;IACH,YAAY,CAAC,aAAa,EAAE,uBAAuB,GAAG,MAAM;IAgB5D;;;;OAIG;YACW,mBAAmB;IAiEjC;;;OAGG;YACW,sBAAsB;IAoOpC;;;OAGG;IACH,OAAO,CAAC,0BAA0B;CAkDrC"}
@@ -1,8 +1,9 @@
1
- /*! @azure/msal-common v15.2.0 2025-02-18 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { BaseClient } from './BaseClient.mjs';
4
- import { RequestParameterBuilder } from '../request/RequestParameterBuilder.mjs';
5
- import { Separators, GrantType, AuthenticationScheme, PromptValue, HeaderNames } from '../utils/Constants.mjs';
4
+ import { addClientId, addRedirectUri, addScopes, addAuthorizationCode, addLibraryInfo, addApplicationTelemetry, addThrottling, addServerTelemetry, addCodeVerifier, addClientSecret, addClientAssertion, addClientAssertionType, addGrantType, addClientInfo, addPopToken, addSshJwk, addClaims, addCcsUpn, addCcsOid, addBrokerParameters, addExtraQueryParameters, instrumentBrokerParams, addPostLogoutRedirectUri, addCorrelationId, addIdTokenHint, addState, addLogoutHint, addInstanceAware } from '../request/RequestParameterBuilder.mjs';
5
+ import { mapToQueryString } from '../utils/UrlUtils.mjs';
6
+ import { Separators, GrantType, AuthenticationScheme, HeaderNames } from '../utils/Constants.mjs';
6
7
  import { CLIENT_ID, RETURN_SPA_CODE } from '../constants/AADServerParamKeys.mjs';
7
8
  import { isOidcProtocolMode } from '../config/ClientConfiguration.mjs';
8
9
  import { ResponseHandler } from '../response/ResponseHandler.mjs';
@@ -18,7 +19,8 @@ import { RequestValidator } from '../request/RequestValidator.mjs';
18
19
  import { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';
19
20
  import { invokeAsync } from '../utils/FunctionWrappers.mjs';
20
21
  import { getClientAssertion } from '../utils/ClientAssertionUtils.mjs';
21
- import { requestCannotBeMade, authorizationCodeMissingFromServerResponse } from '../error/ClientAuthErrorCodes.mjs';
22
+ import { getRequestThumbprint } from '../network/RequestThumbprint.mjs';
23
+ import { requestCannotBeMade } from '../error/ClientAuthErrorCodes.mjs';
22
24
  import { logoutRequestEmpty, missingSshJwk } from '../error/ClientConfigurationErrorCodes.mjs';
23
25
 
24
26
  /*
@@ -37,21 +39,6 @@ class AuthorizationCodeClient extends BaseClient {
37
39
  this.oidcDefaultScopes =
38
40
  this.config.authOptions.authority.options.OIDCOptions?.defaultScopes;
39
41
  }
40
- /**
41
- * Creates the URL of the authorization request letting the user input credentials and consent to the
42
- * application. The URL target the /authorize endpoint of the authority configured in the
43
- * application object.
44
- *
45
- * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI
46
- * sent in the request and should contain an authorization code, which can then be used to acquire tokens via
47
- * acquireToken(AuthorizationCodeRequest)
48
- * @param request
49
- */
50
- async getAuthCodeUrl(request) {
51
- this.performanceClient?.addQueueMeasurement(PerformanceEvents.GetAuthCodeUrl, request.correlationId);
52
- const queryString = await invokeAsync(this.createAuthCodeUrlQueryString.bind(this), PerformanceEvents.AuthClientCreateQueryString, this.logger, this.performanceClient, request.correlationId)(request);
53
- return UrlString.appendQueryString(this.authority.authorizationEndpoint, queryString);
54
- }
55
42
  /**
56
43
  * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
57
44
  * authorization_code_grant
@@ -71,22 +58,6 @@ class AuthorizationCodeClient extends BaseClient {
71
58
  responseHandler.validateTokenResponse(response.body);
72
59
  return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, undefined, undefined, undefined, requestId);
73
60
  }
74
- /**
75
- * Handles the hash fragment response from public client code request. Returns a code response used by
76
- * the client to exchange for a token in acquireToken.
77
- * @param hashFragment
78
- */
79
- handleFragmentResponse(serverParams, cachedState) {
80
- // Handle responses.
81
- const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, null, null);
82
- // Get code response
83
- responseHandler.validateServerAuthorizationCodeResponse(serverParams, cachedState);
84
- // throw when there is no auth code in the response
85
- if (!serverParams.code) {
86
- throw createClientAuthError(authorizationCodeMissingFromServerResponse);
87
- }
88
- return serverParams;
89
- }
90
61
  /**
91
62
  * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
92
63
  * Default behaviour is to redirect the user to `window.location.href`.
@@ -125,18 +96,7 @@ class AuthorizationCodeClient extends BaseClient {
125
96
  }
126
97
  }
127
98
  const headers = this.createTokenRequestHeaders(ccsCredential || request.ccsCredential);
128
- const thumbprint = {
129
- clientId: request.tokenBodyParameters?.clientId ||
130
- this.config.authOptions.clientId,
131
- authority: authority.canonicalAuthority,
132
- scopes: request.scopes,
133
- claims: request.claims,
134
- authenticationScheme: request.authenticationScheme,
135
- resourceRequestMethod: request.resourceRequestMethod,
136
- resourceRequestUri: request.resourceRequestUri,
137
- shrClaims: request.shrClaims,
138
- sshKid: request.sshKid,
139
- };
99
+ const thumbprint = getRequestThumbprint(this.config.authOptions.clientId, request);
140
100
  return invokeAsync(this.executePostToTokenEndpoint.bind(this), PerformanceEvents.AuthorizationCodeClientExecutePostToTokenEndpoint, this.logger, this.performanceClient, request.correlationId)(endpoint, requestBody, headers, thumbprint, request.correlationId, PerformanceEvents.AuthorizationCodeClientExecutePostToTokenEndpoint);
141
101
  }
142
102
  /**
@@ -145,8 +105,8 @@ class AuthorizationCodeClient extends BaseClient {
145
105
  */
146
106
  async createTokenRequestBody(request) {
147
107
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateTokenRequestBody, request.correlationId);
148
- const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
149
- parameterBuilder.addClientId(request.embeddedClientId ||
108
+ const parameters = new Map();
109
+ addClientId(parameters, request.embeddedClientId ||
150
110
  request.tokenBodyParameters?.[CLIENT_ID] ||
151
111
  this.config.authOptions.clientId);
152
112
  /*
@@ -159,33 +119,33 @@ class AuthorizationCodeClient extends BaseClient {
159
119
  }
160
120
  else {
161
121
  // Validate and include redirect uri
162
- parameterBuilder.addRedirectUri(request.redirectUri);
122
+ addRedirectUri(parameters, request.redirectUri);
163
123
  }
164
124
  // Add scope array, parameter builder will add default scopes and dedupe
165
- parameterBuilder.addScopes(request.scopes, true, this.oidcDefaultScopes);
125
+ addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
166
126
  // add code: user set, not validated
167
- parameterBuilder.addAuthorizationCode(request.code);
127
+ addAuthorizationCode(parameters, request.code);
168
128
  // Add library metadata
169
- parameterBuilder.addLibraryInfo(this.config.libraryInfo);
170
- parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);
171
- parameterBuilder.addThrottling();
129
+ addLibraryInfo(parameters, this.config.libraryInfo);
130
+ addApplicationTelemetry(parameters, this.config.telemetry.application);
131
+ addThrottling(parameters);
172
132
  if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {
173
- parameterBuilder.addServerTelemetry(this.serverTelemetryManager);
133
+ addServerTelemetry(parameters, this.serverTelemetryManager);
174
134
  }
175
135
  // add code_verifier if passed
176
136
  if (request.codeVerifier) {
177
- parameterBuilder.addCodeVerifier(request.codeVerifier);
137
+ addCodeVerifier(parameters, request.codeVerifier);
178
138
  }
179
139
  if (this.config.clientCredentials.clientSecret) {
180
- parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);
140
+ addClientSecret(parameters, this.config.clientCredentials.clientSecret);
181
141
  }
182
142
  if (this.config.clientCredentials.clientAssertion) {
183
143
  const clientAssertion = this.config.clientCredentials.clientAssertion;
184
- parameterBuilder.addClientAssertion(await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri));
185
- parameterBuilder.addClientAssertionType(clientAssertion.assertionType);
144
+ addClientAssertion(parameters, await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri));
145
+ addClientAssertionType(parameters, clientAssertion.assertionType);
186
146
  }
187
- parameterBuilder.addGrantType(GrantType.AUTHORIZATION_CODE_GRANT);
188
- parameterBuilder.addClientInfo();
147
+ addGrantType(parameters, GrantType.AUTHORIZATION_CODE_GRANT);
148
+ addClientInfo(parameters);
189
149
  if (request.authenticationScheme === AuthenticationScheme.POP) {
190
150
  const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient);
191
151
  let reqCnfData;
@@ -197,11 +157,11 @@ class AuthorizationCodeClient extends BaseClient {
197
157
  reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
198
158
  }
199
159
  // SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
200
- parameterBuilder.addPopToken(reqCnfData);
160
+ addPopToken(parameters, reqCnfData);
201
161
  }
202
162
  else if (request.authenticationScheme === AuthenticationScheme.SSH) {
203
163
  if (request.sshJwk) {
204
- parameterBuilder.addSshJwk(request.sshJwk);
164
+ addSshJwk(parameters, request.sshJwk);
205
165
  }
206
166
  else {
207
167
  throw createClientConfigurationError(missingSshJwk);
@@ -210,7 +170,7 @@ class AuthorizationCodeClient extends BaseClient {
210
170
  if (!StringUtils.isEmptyObj(request.claims) ||
211
171
  (this.config.authOptions.clientCapabilities &&
212
172
  this.config.authOptions.clientCapabilities.length > 0)) {
213
- parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);
173
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
214
174
  }
215
175
  let ccsCred = undefined;
216
176
  if (request.clientInfo) {
@@ -234,7 +194,7 @@ class AuthorizationCodeClient extends BaseClient {
234
194
  case CcsCredentialType.HOME_ACCOUNT_ID:
235
195
  try {
236
196
  const clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential);
237
- parameterBuilder.addCcsOid(clientInfo);
197
+ addCcsOid(parameters, clientInfo);
238
198
  }
239
199
  catch (e) {
240
200
  this.logger.verbose("Could not parse home account ID for CCS Header: " +
@@ -242,230 +202,55 @@ class AuthorizationCodeClient extends BaseClient {
242
202
  }
243
203
  break;
244
204
  case CcsCredentialType.UPN:
245
- parameterBuilder.addCcsUpn(ccsCred.credential);
205
+ addCcsUpn(parameters, ccsCred.credential);
246
206
  break;
247
207
  }
248
208
  }
249
209
  if (request.embeddedClientId) {
250
- parameterBuilder.addBrokerParameters({
251
- brokerClientId: this.config.authOptions.clientId,
252
- brokerRedirectUri: this.config.authOptions.redirectUri,
253
- });
210
+ addBrokerParameters(parameters, this.config.authOptions.clientId, this.config.authOptions.redirectUri);
254
211
  }
255
212
  if (request.tokenBodyParameters) {
256
- parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters);
213
+ addExtraQueryParameters(parameters, request.tokenBodyParameters);
257
214
  }
258
215
  // Add hybrid spa parameters if not already provided
259
216
  if (request.enableSpaAuthorizationCode &&
260
217
  (!request.tokenBodyParameters ||
261
218
  !request.tokenBodyParameters[RETURN_SPA_CODE])) {
262
- parameterBuilder.addExtraQueryParameters({
219
+ addExtraQueryParameters(parameters, {
263
220
  [RETURN_SPA_CODE]: "1",
264
221
  });
265
222
  }
266
- return parameterBuilder.createQueryString();
267
- }
268
- /**
269
- * This API validates the `AuthorizationCodeUrlRequest` and creates a URL
270
- * @param request
271
- */
272
- async createAuthCodeUrlQueryString(request) {
273
- // generate the correlationId if not set by the user and add
274
- const correlationId = request.correlationId ||
275
- this.config.cryptoInterface.createNewGuid();
276
- this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, correlationId);
277
- const parameterBuilder = new RequestParameterBuilder(correlationId, this.performanceClient);
278
- parameterBuilder.addClientId(request.embeddedClientId ||
279
- request.extraQueryParameters?.[CLIENT_ID] ||
280
- this.config.authOptions.clientId);
281
- const requestScopes = [
282
- ...(request.scopes || []),
283
- ...(request.extraScopesToConsent || []),
284
- ];
285
- parameterBuilder.addScopes(requestScopes, true, this.oidcDefaultScopes);
286
- // validate the redirectUri (to be a non null value)
287
- parameterBuilder.addRedirectUri(request.redirectUri);
288
- parameterBuilder.addCorrelationId(correlationId);
289
- // add response_mode. If not passed in it defaults to query.
290
- parameterBuilder.addResponseMode(request.responseMode);
291
- // add response_type = code
292
- parameterBuilder.addResponseTypeCode();
293
- // add library info parameters
294
- parameterBuilder.addLibraryInfo(this.config.libraryInfo);
295
- if (!isOidcProtocolMode(this.config)) {
296
- parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);
297
- }
298
- // add client_info=1
299
- parameterBuilder.addClientInfo();
300
- if (request.codeChallenge && request.codeChallengeMethod) {
301
- parameterBuilder.addCodeChallengeParams(request.codeChallenge, request.codeChallengeMethod);
302
- }
303
- if (request.prompt) {
304
- parameterBuilder.addPrompt(request.prompt);
305
- }
306
- if (request.domainHint) {
307
- parameterBuilder.addDomainHint(request.domainHint);
308
- this.performanceClient?.addFields({ domainHintFromRequest: true }, correlationId);
309
- }
310
- this.performanceClient?.addFields({ prompt: request.prompt }, correlationId);
311
- // Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object
312
- if (request.prompt !== PromptValue.SELECT_ACCOUNT) {
313
- // AAD will throw if prompt=select_account is passed with an account hint
314
- if (request.sid && request.prompt === PromptValue.NONE) {
315
- // SessionID is only used in silent calls
316
- this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request");
317
- parameterBuilder.addSid(request.sid);
318
- this.performanceClient?.addFields({ sidFromRequest: true }, correlationId);
319
- }
320
- else if (request.account) {
321
- const accountSid = this.extractAccountSid(request.account);
322
- let accountLoginHintClaim = this.extractLoginHint(request.account);
323
- if (accountLoginHintClaim && request.domainHint) {
324
- this.logger.warning(`AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint`);
325
- accountLoginHintClaim = null;
326
- }
327
- // If login_hint claim is present, use it over sid/username
328
- if (accountLoginHintClaim) {
329
- this.logger.verbose("createAuthCodeUrlQueryString: login_hint claim present on account");
330
- parameterBuilder.addLoginHint(accountLoginHintClaim);
331
- this.performanceClient?.addFields({ loginHintFromClaim: true }, correlationId);
332
- try {
333
- const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
334
- parameterBuilder.addCcsOid(clientInfo);
335
- }
336
- catch (e) {
337
- this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
338
- }
339
- }
340
- else if (accountSid && request.prompt === PromptValue.NONE) {
341
- /*
342
- * If account and loginHint are provided, we will check account first for sid before adding loginHint
343
- * SessionId is only used in silent calls
344
- */
345
- this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account");
346
- parameterBuilder.addSid(accountSid);
347
- this.performanceClient?.addFields({ sidFromClaim: true }, correlationId);
348
- try {
349
- const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
350
- parameterBuilder.addCcsOid(clientInfo);
351
- }
352
- catch (e) {
353
- this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
354
- }
355
- }
356
- else if (request.loginHint) {
357
- this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from request");
358
- parameterBuilder.addLoginHint(request.loginHint);
359
- parameterBuilder.addCcsUpn(request.loginHint);
360
- this.performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
361
- }
362
- else if (request.account.username) {
363
- // Fallback to account username if provided
364
- this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from account");
365
- parameterBuilder.addLoginHint(request.account.username);
366
- this.performanceClient?.addFields({ loginHintFromUpn: true }, correlationId);
367
- try {
368
- const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
369
- parameterBuilder.addCcsOid(clientInfo);
370
- }
371
- catch (e) {
372
- this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
373
- }
374
- }
375
- }
376
- else if (request.loginHint) {
377
- this.logger.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request");
378
- parameterBuilder.addLoginHint(request.loginHint);
379
- parameterBuilder.addCcsUpn(request.loginHint);
380
- this.performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
381
- }
382
- }
383
- else {
384
- this.logger.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");
385
- }
386
- if (request.nonce) {
387
- parameterBuilder.addNonce(request.nonce);
388
- }
389
- if (request.state) {
390
- parameterBuilder.addState(request.state);
391
- }
392
- if (request.claims ||
393
- (this.config.authOptions.clientCapabilities &&
394
- this.config.authOptions.clientCapabilities.length > 0)) {
395
- parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);
396
- }
397
- if (request.embeddedClientId) {
398
- parameterBuilder.addBrokerParameters({
399
- brokerClientId: this.config.authOptions.clientId,
400
- brokerRedirectUri: this.config.authOptions.redirectUri,
401
- });
402
- }
403
- this.addExtraQueryParams(request, parameterBuilder);
404
- if (request.platformBroker) {
405
- // signal ests that this is a WAM call
406
- parameterBuilder.addNativeBroker();
407
- // pass the req_cnf for POP
408
- if (request.authenticationScheme === AuthenticationScheme.POP) {
409
- const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils);
410
- // req_cnf is always sent as a string for SPAs
411
- let reqCnfData;
412
- if (!request.popKid) {
413
- const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger);
414
- reqCnfData = generatedReqCnfData.reqCnfString;
415
- }
416
- else {
417
- reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
418
- }
419
- parameterBuilder.addPopToken(reqCnfData);
420
- }
421
- }
422
- return parameterBuilder.createQueryString();
223
+ instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
224
+ return mapToQueryString(parameters);
423
225
  }
424
226
  /**
425
227
  * This API validates the `EndSessionRequest` and creates a URL
426
228
  * @param request
427
229
  */
428
230
  createLogoutUrlQueryString(request) {
429
- const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
231
+ const parameters = new Map();
430
232
  if (request.postLogoutRedirectUri) {
431
- parameterBuilder.addPostLogoutRedirectUri(request.postLogoutRedirectUri);
233
+ addPostLogoutRedirectUri(parameters, request.postLogoutRedirectUri);
432
234
  }
433
235
  if (request.correlationId) {
434
- parameterBuilder.addCorrelationId(request.correlationId);
236
+ addCorrelationId(parameters, request.correlationId);
435
237
  }
436
238
  if (request.idTokenHint) {
437
- parameterBuilder.addIdTokenHint(request.idTokenHint);
239
+ addIdTokenHint(parameters, request.idTokenHint);
438
240
  }
439
241
  if (request.state) {
440
- parameterBuilder.addState(request.state);
242
+ addState(parameters, request.state);
441
243
  }
442
244
  if (request.logoutHint) {
443
- parameterBuilder.addLogoutHint(request.logoutHint);
444
- }
445
- this.addExtraQueryParams(request, parameterBuilder);
446
- return parameterBuilder.createQueryString();
447
- }
448
- addExtraQueryParams(request, parameterBuilder) {
449
- const hasRequestInstanceAware = request.extraQueryParameters &&
450
- request.extraQueryParameters.hasOwnProperty("instance_aware");
451
- // Set instance_aware flag if config auth param is set
452
- if (!hasRequestInstanceAware && this.config.authOptions.instanceAware) {
453
- request.extraQueryParameters = request.extraQueryParameters || {};
454
- request.extraQueryParameters["instance_aware"] = "true";
245
+ addLogoutHint(parameters, request.logoutHint);
455
246
  }
456
247
  if (request.extraQueryParameters) {
457
- parameterBuilder.addExtraQueryParameters(request.extraQueryParameters);
248
+ addExtraQueryParameters(parameters, request.extraQueryParameters);
458
249
  }
459
- }
460
- /**
461
- * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.
462
- * @param account
463
- */
464
- extractAccountSid(account) {
465
- return account.idTokenClaims?.sid || null;
466
- }
467
- extractLoginHint(account) {
468
- return account.idTokenClaims?.login_hint || null;
250
+ if (this.config.authOptions.instanceAware) {
251
+ addInstanceAware(parameters);
252
+ }
253
+ return mapToQueryString(parameters);
469
254
  }
470
255
  }
471
256