@azure/msal-common 15.2.0 → 15.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (190) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +1 -1
  7. package/dist/authority/AuthorityFactory.mjs +1 -1
  8. package/dist/authority/AuthorityMetadata.mjs +1 -1
  9. package/dist/authority/AuthorityOptions.mjs +1 -1
  10. package/dist/authority/AuthorityType.mjs +1 -1
  11. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  13. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  14. package/dist/authority/ProtocolMode.mjs +1 -1
  15. package/dist/authority/RegionDiscovery.mjs +1 -1
  16. package/dist/cache/CacheManager.mjs +1 -1
  17. package/dist/cache/entities/AccountEntity.mjs +1 -1
  18. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  19. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  20. package/dist/client/AuthorizationCodeClient.d.ts +0 -31
  21. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  22. package/dist/client/AuthorizationCodeClient.mjs +43 -258
  23. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  24. package/dist/client/BaseClient.d.ts.map +1 -1
  25. package/dist/client/BaseClient.mjs +9 -10
  26. package/dist/client/BaseClient.mjs.map +1 -1
  27. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  28. package/dist/client/RefreshTokenClient.mjs +29 -41
  29. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  30. package/dist/client/SilentFlowClient.mjs +1 -1
  31. package/dist/config/ClientConfiguration.mjs +1 -1
  32. package/dist/constants/AADServerParamKeys.d.ts +1 -0
  33. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  34. package/dist/constants/AADServerParamKeys.mjs +4 -3
  35. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  36. package/dist/crypto/ICrypto.mjs +1 -1
  37. package/dist/crypto/JoseHeader.mjs +1 -1
  38. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  39. package/dist/error/AuthError.mjs +1 -1
  40. package/dist/error/AuthErrorCodes.mjs +1 -1
  41. package/dist/error/CacheError.mjs +1 -1
  42. package/dist/error/CacheErrorCodes.mjs +1 -1
  43. package/dist/error/ClientAuthError.mjs +1 -1
  44. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  45. package/dist/error/ClientConfigurationError.mjs +1 -1
  46. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  47. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  48. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  49. package/dist/error/JoseHeaderError.mjs +1 -1
  50. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  51. package/dist/error/NetworkError.mjs +1 -1
  52. package/dist/error/ServerError.mjs +1 -1
  53. package/dist/exports-common.d.ts +4 -3
  54. package/dist/exports-common.d.ts.map +1 -1
  55. package/dist/index-browser.mjs +6 -2
  56. package/dist/index-browser.mjs.map +1 -1
  57. package/dist/index-node.mjs +6 -2
  58. package/dist/index-node.mjs.map +1 -1
  59. package/dist/index.mjs +6 -2
  60. package/dist/index.mjs.map +1 -1
  61. package/dist/logger/Logger.mjs +1 -1
  62. package/dist/network/INetworkModule.mjs +1 -1
  63. package/dist/network/RequestThumbprint.d.ts +3 -0
  64. package/dist/network/RequestThumbprint.d.ts.map +1 -1
  65. package/dist/network/RequestThumbprint.mjs +24 -0
  66. package/dist/network/RequestThumbprint.mjs.map +1 -0
  67. package/dist/network/ThrottlingUtils.d.ts.map +1 -1
  68. package/dist/network/ThrottlingUtils.mjs +3 -13
  69. package/dist/network/ThrottlingUtils.mjs.map +1 -1
  70. package/dist/packageMetadata.d.ts +1 -1
  71. package/dist/packageMetadata.mjs +2 -2
  72. package/dist/protocol/Authorize.d.ts +37 -0
  73. package/dist/protocol/Authorize.d.ts.map +1 -0
  74. package/dist/protocol/Authorize.mjs +237 -0
  75. package/dist/protocol/Authorize.mjs.map +1 -0
  76. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  77. package/dist/request/BaseAuthRequest.d.ts +2 -0
  78. package/dist/request/BaseAuthRequest.d.ts.map +1 -1
  79. package/dist/request/CommonAuthorizationCodeRequest.d.ts +0 -2
  80. package/dist/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
  81. package/dist/request/CommonDeviceCodeRequest.d.ts +1 -1
  82. package/dist/request/CommonDeviceCodeRequest.d.ts.map +1 -1
  83. package/dist/request/CommonRefreshTokenRequest.d.ts +0 -2
  84. package/dist/request/CommonRefreshTokenRequest.d.ts.map +1 -1
  85. package/dist/request/CommonSilentFlowRequest.d.ts +0 -3
  86. package/dist/request/CommonSilentFlowRequest.d.ts.map +1 -1
  87. package/dist/request/RequestParameterBuilder.d.ts +206 -218
  88. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  89. package/dist/request/RequestParameterBuilder.mjs +356 -369
  90. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  91. package/dist/request/RequestValidator.mjs +1 -1
  92. package/dist/request/ScopeSet.mjs +1 -1
  93. package/dist/response/AuthorizeResponse.d.ts +72 -0
  94. package/dist/response/AuthorizeResponse.d.ts.map +1 -0
  95. package/dist/response/ResponseHandler.d.ts +0 -8
  96. package/dist/response/ResponseHandler.d.ts.map +1 -1
  97. package/dist/response/ResponseHandler.mjs +7 -52
  98. package/dist/response/ResponseHandler.mjs.map +1 -1
  99. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  100. package/dist/telemetry/performance/PerformanceEvent.d.ts +1 -2
  101. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  102. package/dist/telemetry/performance/PerformanceEvent.mjs +2 -11
  103. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  104. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  105. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  106. package/dist/url/UrlString.mjs +1 -1
  107. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  108. package/dist/utils/Constants.mjs +1 -1
  109. package/dist/utils/FunctionWrappers.mjs +1 -1
  110. package/dist/utils/ProtocolUtils.mjs +1 -1
  111. package/dist/utils/StringUtils.mjs +1 -1
  112. package/dist/utils/TimeUtils.d.ts +10 -0
  113. package/dist/utils/TimeUtils.d.ts.map +1 -1
  114. package/dist/utils/TimeUtils.mjs +20 -2
  115. package/dist/utils/TimeUtils.mjs.map +1 -1
  116. package/dist/utils/UrlUtils.d.ts +6 -2
  117. package/dist/utils/UrlUtils.d.ts.map +1 -1
  118. package/dist/utils/UrlUtils.mjs +12 -2
  119. package/dist/utils/UrlUtils.mjs.map +1 -1
  120. package/lib/index-browser.cjs +4 -2
  121. package/lib/index-browser.cjs.map +1 -1
  122. package/lib/{index-node-0IMDqzO0.js → index-node-BjtDFnOl.js} +828 -805
  123. package/lib/index-node-BjtDFnOl.js.map +1 -0
  124. package/lib/index-node.cjs +4 -2
  125. package/lib/index-node.cjs.map +1 -1
  126. package/lib/index.cjs +4 -2
  127. package/lib/index.cjs.map +1 -1
  128. package/lib/types/client/AuthorizationCodeClient.d.ts +0 -31
  129. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  130. package/lib/types/client/BaseClient.d.ts.map +1 -1
  131. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  132. package/lib/types/constants/AADServerParamKeys.d.ts +1 -0
  133. package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
  134. package/lib/types/exports-common.d.ts +4 -3
  135. package/lib/types/exports-common.d.ts.map +1 -1
  136. package/lib/types/network/RequestThumbprint.d.ts +3 -0
  137. package/lib/types/network/RequestThumbprint.d.ts.map +1 -1
  138. package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
  139. package/lib/types/packageMetadata.d.ts +1 -1
  140. package/lib/types/protocol/Authorize.d.ts +37 -0
  141. package/lib/types/protocol/Authorize.d.ts.map +1 -0
  142. package/lib/types/request/BaseAuthRequest.d.ts +2 -0
  143. package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
  144. package/lib/types/request/CommonAuthorizationCodeRequest.d.ts +0 -2
  145. package/lib/types/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
  146. package/lib/types/request/CommonDeviceCodeRequest.d.ts +1 -1
  147. package/lib/types/request/CommonDeviceCodeRequest.d.ts.map +1 -1
  148. package/lib/types/request/CommonRefreshTokenRequest.d.ts +0 -2
  149. package/lib/types/request/CommonRefreshTokenRequest.d.ts.map +1 -1
  150. package/lib/types/request/CommonSilentFlowRequest.d.ts +0 -3
  151. package/lib/types/request/CommonSilentFlowRequest.d.ts.map +1 -1
  152. package/lib/types/request/RequestParameterBuilder.d.ts +206 -218
  153. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  154. package/lib/types/response/AuthorizeResponse.d.ts +72 -0
  155. package/lib/types/response/AuthorizeResponse.d.ts.map +1 -0
  156. package/lib/types/response/ResponseHandler.d.ts +0 -8
  157. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  158. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +1 -2
  159. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  160. package/lib/types/utils/TimeUtils.d.ts +10 -0
  161. package/lib/types/utils/TimeUtils.d.ts.map +1 -1
  162. package/lib/types/utils/UrlUtils.d.ts +6 -2
  163. package/lib/types/utils/UrlUtils.d.ts.map +1 -1
  164. package/package.json +1 -1
  165. package/src/client/AuthorizationCodeClient.ts +89 -409
  166. package/src/client/BaseClient.ts +20 -12
  167. package/src/client/RefreshTokenClient.ts +66 -44
  168. package/src/constants/AADServerParamKeys.ts +1 -0
  169. package/src/exports-common.ts +8 -3
  170. package/src/network/RequestThumbprint.ts +23 -0
  171. package/src/network/ThrottlingUtils.ts +9 -14
  172. package/src/packageMetadata.ts +1 -1
  173. package/src/protocol/Authorize.ts +409 -0
  174. package/src/request/BaseAuthRequest.ts +2 -0
  175. package/src/request/CommonAuthorizationCodeRequest.ts +0 -2
  176. package/src/request/CommonDeviceCodeRequest.ts +1 -1
  177. package/src/request/CommonRefreshTokenRequest.ts +0 -2
  178. package/src/request/CommonSilentFlowRequest.ts +0 -3
  179. package/src/request/RequestParameterBuilder.ts +508 -543
  180. package/src/response/AuthorizeResponse.ts +76 -0
  181. package/src/response/ResponseHandler.ts +8 -104
  182. package/src/telemetry/performance/PerformanceEvent.ts +1 -11
  183. package/src/utils/TimeUtils.ts +20 -0
  184. package/src/utils/UrlUtils.ts +18 -4
  185. package/dist/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  186. package/dist/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  187. package/lib/index-node-0IMDqzO0.js.map +0 -1
  188. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  189. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  190. package/src/response/ServerAuthorizationCodeResponse.ts +0 -34
@@ -4,14 +4,13 @@
4
4
  */
5
5
 
6
6
  import { BaseClient } from "./BaseClient.js";
7
- import { CommonAuthorizationUrlRequest } from "../request/CommonAuthorizationUrlRequest.js";
8
7
  import { CommonAuthorizationCodeRequest } from "../request/CommonAuthorizationCodeRequest.js";
9
8
  import { Authority } from "../authority/Authority.js";
10
- import { RequestParameterBuilder } from "../request/RequestParameterBuilder.js";
9
+ import * as RequestParameterBuilder from "../request/RequestParameterBuilder.js";
10
+ import * as UrlUtils from "../utils/UrlUtils.js";
11
11
  import {
12
12
  GrantType,
13
13
  AuthenticationScheme,
14
- PromptValue,
15
14
  Separators,
16
15
  HeaderNames,
17
16
  } from "../utils/Constants.js";
@@ -30,13 +29,10 @@ import {
30
29
  createClientAuthError,
31
30
  } from "../error/ClientAuthError.js";
32
31
  import { UrlString } from "../url/UrlString.js";
33
- import { ServerAuthorizationCodeResponse } from "../response/ServerAuthorizationCodeResponse.js";
34
32
  import { CommonEndSessionRequest } from "../request/CommonEndSessionRequest.js";
35
33
  import { PopTokenGenerator } from "../crypto/PopTokenGenerator.js";
36
- import { RequestThumbprint } from "../network/RequestThumbprint.js";
37
34
  import { AuthorizationCodePayload } from "../response/AuthorizationCodePayload.js";
38
35
  import * as TimeUtils from "../utils/TimeUtils.js";
39
- import { AccountInfo } from "../account/AccountInfo.js";
40
36
  import {
41
37
  buildClientInfoFromHomeAccountId,
42
38
  buildClientInfo,
@@ -52,6 +48,7 @@ import { PerformanceEvents } from "../telemetry/performance/PerformanceEvent.js"
52
48
  import { invokeAsync } from "../utils/FunctionWrappers.js";
53
49
  import { ClientAssertion } from "../account/ClientCredentials.js";
54
50
  import { getClientAssertion } from "../utils/ClientAssertionUtils.js";
51
+ import { getRequestThumbprint } from "../network/RequestThumbprint.js";
55
52
 
56
53
  /**
57
54
  * Oauth2.0 Authorization Code client
@@ -71,38 +68,6 @@ export class AuthorizationCodeClient extends BaseClient {
71
68
  this.config.authOptions.authority.options.OIDCOptions?.defaultScopes;
72
69
  }
73
70
 
74
- /**
75
- * Creates the URL of the authorization request letting the user input credentials and consent to the
76
- * application. The URL target the /authorize endpoint of the authority configured in the
77
- * application object.
78
- *
79
- * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI
80
- * sent in the request and should contain an authorization code, which can then be used to acquire tokens via
81
- * acquireToken(AuthorizationCodeRequest)
82
- * @param request
83
- */
84
- async getAuthCodeUrl(
85
- request: CommonAuthorizationUrlRequest
86
- ): Promise<string> {
87
- this.performanceClient?.addQueueMeasurement(
88
- PerformanceEvents.GetAuthCodeUrl,
89
- request.correlationId
90
- );
91
-
92
- const queryString = await invokeAsync(
93
- this.createAuthCodeUrlQueryString.bind(this),
94
- PerformanceEvents.AuthClientCreateQueryString,
95
- this.logger,
96
- this.performanceClient,
97
- request.correlationId
98
- )(request);
99
-
100
- return UrlString.appendQueryString(
101
- this.authority.authorizationEndpoint,
102
- queryString
103
- );
104
- }
105
-
106
71
  /**
107
72
  * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
108
73
  * authorization_code_grant
@@ -167,41 +132,6 @@ export class AuthorizationCodeClient extends BaseClient {
167
132
  );
168
133
  }
169
134
 
170
- /**
171
- * Handles the hash fragment response from public client code request. Returns a code response used by
172
- * the client to exchange for a token in acquireToken.
173
- * @param hashFragment
174
- */
175
- handleFragmentResponse(
176
- serverParams: ServerAuthorizationCodeResponse,
177
- cachedState: string
178
- ): AuthorizationCodePayload {
179
- // Handle responses.
180
- const responseHandler = new ResponseHandler(
181
- this.config.authOptions.clientId,
182
- this.cacheManager,
183
- this.cryptoUtils,
184
- this.logger,
185
- null,
186
- null
187
- );
188
-
189
- // Get code response
190
- responseHandler.validateServerAuthorizationCodeResponse(
191
- serverParams,
192
- cachedState
193
- );
194
-
195
- // throw when there is no auth code in the response
196
- if (!serverParams.code) {
197
- throw createClientAuthError(
198
- ClientAuthErrorCodes.authorizationCodeMissingFromServerResponse
199
- );
200
- }
201
-
202
- return serverParams as AuthorizationCodePayload;
203
- }
204
-
205
135
  /**
206
136
  * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
207
137
  * Default behaviour is to redirect the user to `window.location.href`.
@@ -272,19 +202,10 @@ export class AuthorizationCodeClient extends BaseClient {
272
202
  ccsCredential || request.ccsCredential
273
203
  );
274
204
 
275
- const thumbprint: RequestThumbprint = {
276
- clientId:
277
- request.tokenBodyParameters?.clientId ||
278
- this.config.authOptions.clientId,
279
- authority: authority.canonicalAuthority,
280
- scopes: request.scopes,
281
- claims: request.claims,
282
- authenticationScheme: request.authenticationScheme,
283
- resourceRequestMethod: request.resourceRequestMethod,
284
- resourceRequestUri: request.resourceRequestUri,
285
- shrClaims: request.shrClaims,
286
- sshKid: request.sshKid,
287
- };
205
+ const thumbprint = getRequestThumbprint(
206
+ this.config.authOptions.clientId,
207
+ request
208
+ );
288
209
 
289
210
  return invokeAsync(
290
211
  this.executePostToTokenEndpoint.bind(this),
@@ -314,12 +235,10 @@ export class AuthorizationCodeClient extends BaseClient {
314
235
  request.correlationId
315
236
  );
316
237
 
317
- const parameterBuilder = new RequestParameterBuilder(
318
- request.correlationId,
319
- this.performanceClient
320
- );
238
+ const parameters = new Map<string, string>();
321
239
 
322
- parameterBuilder.addClientId(
240
+ RequestParameterBuilder.addClientId(
241
+ parameters,
323
242
  request.embeddedClientId ||
324
243
  request.tokenBodyParameters?.[AADServerParamKeys.CLIENT_ID] ||
325
244
  this.config.authOptions.clientId
@@ -334,37 +253,52 @@ export class AuthorizationCodeClient extends BaseClient {
334
253
  RequestValidator.validateRedirectUri(request.redirectUri);
335
254
  } else {
336
255
  // Validate and include redirect uri
337
- parameterBuilder.addRedirectUri(request.redirectUri);
256
+ RequestParameterBuilder.addRedirectUri(
257
+ parameters,
258
+ request.redirectUri
259
+ );
338
260
  }
339
261
 
340
262
  // Add scope array, parameter builder will add default scopes and dedupe
341
- parameterBuilder.addScopes(
263
+ RequestParameterBuilder.addScopes(
264
+ parameters,
342
265
  request.scopes,
343
266
  true,
344
267
  this.oidcDefaultScopes
345
268
  );
346
269
 
347
270
  // add code: user set, not validated
348
- parameterBuilder.addAuthorizationCode(request.code);
271
+ RequestParameterBuilder.addAuthorizationCode(parameters, request.code);
349
272
 
350
273
  // Add library metadata
351
- parameterBuilder.addLibraryInfo(this.config.libraryInfo);
352
- parameterBuilder.addApplicationTelemetry(
274
+ RequestParameterBuilder.addLibraryInfo(
275
+ parameters,
276
+ this.config.libraryInfo
277
+ );
278
+ RequestParameterBuilder.addApplicationTelemetry(
279
+ parameters,
353
280
  this.config.telemetry.application
354
281
  );
355
- parameterBuilder.addThrottling();
282
+ RequestParameterBuilder.addThrottling(parameters);
356
283
 
357
284
  if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {
358
- parameterBuilder.addServerTelemetry(this.serverTelemetryManager);
285
+ RequestParameterBuilder.addServerTelemetry(
286
+ parameters,
287
+ this.serverTelemetryManager
288
+ );
359
289
  }
360
290
 
361
291
  // add code_verifier if passed
362
292
  if (request.codeVerifier) {
363
- parameterBuilder.addCodeVerifier(request.codeVerifier);
293
+ RequestParameterBuilder.addCodeVerifier(
294
+ parameters,
295
+ request.codeVerifier
296
+ );
364
297
  }
365
298
 
366
299
  if (this.config.clientCredentials.clientSecret) {
367
- parameterBuilder.addClientSecret(
300
+ RequestParameterBuilder.addClientSecret(
301
+ parameters,
368
302
  this.config.clientCredentials.clientSecret
369
303
  );
370
304
  }
@@ -373,20 +307,25 @@ export class AuthorizationCodeClient extends BaseClient {
373
307
  const clientAssertion: ClientAssertion =
374
308
  this.config.clientCredentials.clientAssertion;
375
309
 
376
- parameterBuilder.addClientAssertion(
310
+ RequestParameterBuilder.addClientAssertion(
311
+ parameters,
377
312
  await getClientAssertion(
378
313
  clientAssertion.assertion,
379
314
  this.config.authOptions.clientId,
380
315
  request.resourceRequestUri
381
316
  )
382
317
  );
383
- parameterBuilder.addClientAssertionType(
318
+ RequestParameterBuilder.addClientAssertionType(
319
+ parameters,
384
320
  clientAssertion.assertionType
385
321
  );
386
322
  }
387
323
 
388
- parameterBuilder.addGrantType(GrantType.AUTHORIZATION_CODE_GRANT);
389
- parameterBuilder.addClientInfo();
324
+ RequestParameterBuilder.addGrantType(
325
+ parameters,
326
+ GrantType.AUTHORIZATION_CODE_GRANT
327
+ );
328
+ RequestParameterBuilder.addClientInfo(parameters);
390
329
 
391
330
  if (request.authenticationScheme === AuthenticationScheme.POP) {
392
331
  const popTokenGenerator = new PopTokenGenerator(
@@ -409,10 +348,10 @@ export class AuthorizationCodeClient extends BaseClient {
409
348
  }
410
349
 
411
350
  // SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
412
- parameterBuilder.addPopToken(reqCnfData);
351
+ RequestParameterBuilder.addPopToken(parameters, reqCnfData);
413
352
  } else if (request.authenticationScheme === AuthenticationScheme.SSH) {
414
353
  if (request.sshJwk) {
415
- parameterBuilder.addSshJwk(request.sshJwk);
354
+ RequestParameterBuilder.addSshJwk(parameters, request.sshJwk);
416
355
  } else {
417
356
  throw createClientConfigurationError(
418
357
  ClientConfigurationErrorCodes.missingSshJwk
@@ -425,7 +364,8 @@ export class AuthorizationCodeClient extends BaseClient {
425
364
  (this.config.authOptions.clientCapabilities &&
426
365
  this.config.authOptions.clientCapabilities.length > 0)
427
366
  ) {
428
- parameterBuilder.addClaims(
367
+ RequestParameterBuilder.addClaims(
368
+ parameters,
429
369
  request.claims,
430
370
  this.config.authOptions.clientCapabilities
431
371
  );
@@ -459,7 +399,10 @@ export class AuthorizationCodeClient extends BaseClient {
459
399
  const clientInfo = buildClientInfoFromHomeAccountId(
460
400
  ccsCred.credential
461
401
  );
462
- parameterBuilder.addCcsOid(clientInfo);
402
+ RequestParameterBuilder.addCcsOid(
403
+ parameters,
404
+ clientInfo
405
+ );
463
406
  } catch (e) {
464
407
  this.logger.verbose(
465
408
  "Could not parse home account ID for CCS Header: " +
@@ -468,20 +411,25 @@ export class AuthorizationCodeClient extends BaseClient {
468
411
  }
469
412
  break;
470
413
  case CcsCredentialType.UPN:
471
- parameterBuilder.addCcsUpn(ccsCred.credential);
414
+ RequestParameterBuilder.addCcsUpn(
415
+ parameters,
416
+ ccsCred.credential
417
+ );
472
418
  break;
473
419
  }
474
420
  }
475
421
 
476
422
  if (request.embeddedClientId) {
477
- parameterBuilder.addBrokerParameters({
478
- brokerClientId: this.config.authOptions.clientId,
479
- brokerRedirectUri: this.config.authOptions.redirectUri,
480
- });
423
+ RequestParameterBuilder.addBrokerParameters(
424
+ parameters,
425
+ this.config.authOptions.clientId,
426
+ this.config.authOptions.redirectUri
427
+ );
481
428
  }
482
429
 
483
430
  if (request.tokenBodyParameters) {
484
- parameterBuilder.addExtraQueryParameters(
431
+ RequestParameterBuilder.addExtraQueryParameters(
432
+ parameters,
485
433
  request.tokenBodyParameters
486
434
  );
487
435
  }
@@ -494,268 +442,17 @@ export class AuthorizationCodeClient extends BaseClient {
494
442
  AADServerParamKeys.RETURN_SPA_CODE
495
443
  ])
496
444
  ) {
497
- parameterBuilder.addExtraQueryParameters({
445
+ RequestParameterBuilder.addExtraQueryParameters(parameters, {
498
446
  [AADServerParamKeys.RETURN_SPA_CODE]: "1",
499
447
  });
500
448
  }
501
449
 
502
- return parameterBuilder.createQueryString();
503
- }
504
-
505
- /**
506
- * This API validates the `AuthorizationCodeUrlRequest` and creates a URL
507
- * @param request
508
- */
509
- private async createAuthCodeUrlQueryString(
510
- request: CommonAuthorizationUrlRequest
511
- ): Promise<string> {
512
- // generate the correlationId if not set by the user and add
513
- const correlationId =
514
- request.correlationId ||
515
- this.config.cryptoInterface.createNewGuid();
516
-
517
- this.performanceClient?.addQueueMeasurement(
518
- PerformanceEvents.AuthClientCreateQueryString,
519
- correlationId
520
- );
521
-
522
- const parameterBuilder = new RequestParameterBuilder(
523
- correlationId,
450
+ RequestParameterBuilder.instrumentBrokerParams(
451
+ parameters,
452
+ request.correlationId,
524
453
  this.performanceClient
525
454
  );
526
-
527
- parameterBuilder.addClientId(
528
- request.embeddedClientId ||
529
- request.extraQueryParameters?.[AADServerParamKeys.CLIENT_ID] ||
530
- this.config.authOptions.clientId
531
- );
532
-
533
- const requestScopes = [
534
- ...(request.scopes || []),
535
- ...(request.extraScopesToConsent || []),
536
- ];
537
- parameterBuilder.addScopes(requestScopes, true, this.oidcDefaultScopes);
538
-
539
- // validate the redirectUri (to be a non null value)
540
- parameterBuilder.addRedirectUri(request.redirectUri);
541
-
542
- parameterBuilder.addCorrelationId(correlationId);
543
-
544
- // add response_mode. If not passed in it defaults to query.
545
- parameterBuilder.addResponseMode(request.responseMode);
546
-
547
- // add response_type = code
548
- parameterBuilder.addResponseTypeCode();
549
-
550
- // add library info parameters
551
- parameterBuilder.addLibraryInfo(this.config.libraryInfo);
552
- if (!isOidcProtocolMode(this.config)) {
553
- parameterBuilder.addApplicationTelemetry(
554
- this.config.telemetry.application
555
- );
556
- }
557
-
558
- // add client_info=1
559
- parameterBuilder.addClientInfo();
560
-
561
- if (request.codeChallenge && request.codeChallengeMethod) {
562
- parameterBuilder.addCodeChallengeParams(
563
- request.codeChallenge,
564
- request.codeChallengeMethod
565
- );
566
- }
567
-
568
- if (request.prompt) {
569
- parameterBuilder.addPrompt(request.prompt);
570
- }
571
-
572
- if (request.domainHint) {
573
- parameterBuilder.addDomainHint(request.domainHint);
574
- this.performanceClient?.addFields(
575
- { domainHintFromRequest: true },
576
- correlationId
577
- );
578
- }
579
-
580
- this.performanceClient?.addFields(
581
- { prompt: request.prompt },
582
- correlationId
583
- );
584
-
585
- // Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object
586
- if (request.prompt !== PromptValue.SELECT_ACCOUNT) {
587
- // AAD will throw if prompt=select_account is passed with an account hint
588
- if (request.sid && request.prompt === PromptValue.NONE) {
589
- // SessionID is only used in silent calls
590
- this.logger.verbose(
591
- "createAuthCodeUrlQueryString: Prompt is none, adding sid from request"
592
- );
593
- parameterBuilder.addSid(request.sid);
594
- this.performanceClient?.addFields(
595
- { sidFromRequest: true },
596
- correlationId
597
- );
598
- } else if (request.account) {
599
- const accountSid = this.extractAccountSid(request.account);
600
- let accountLoginHintClaim = this.extractLoginHint(
601
- request.account
602
- );
603
-
604
- if (accountLoginHintClaim && request.domainHint) {
605
- this.logger.warning(
606
- `AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint`
607
- );
608
- accountLoginHintClaim = null;
609
- }
610
-
611
- // If login_hint claim is present, use it over sid/username
612
- if (accountLoginHintClaim) {
613
- this.logger.verbose(
614
- "createAuthCodeUrlQueryString: login_hint claim present on account"
615
- );
616
- parameterBuilder.addLoginHint(accountLoginHintClaim);
617
- this.performanceClient?.addFields(
618
- { loginHintFromClaim: true },
619
- correlationId
620
- );
621
- try {
622
- const clientInfo = buildClientInfoFromHomeAccountId(
623
- request.account.homeAccountId
624
- );
625
- parameterBuilder.addCcsOid(clientInfo);
626
- } catch (e) {
627
- this.logger.verbose(
628
- "createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"
629
- );
630
- }
631
- } else if (accountSid && request.prompt === PromptValue.NONE) {
632
- /*
633
- * If account and loginHint are provided, we will check account first for sid before adding loginHint
634
- * SessionId is only used in silent calls
635
- */
636
- this.logger.verbose(
637
- "createAuthCodeUrlQueryString: Prompt is none, adding sid from account"
638
- );
639
- parameterBuilder.addSid(accountSid);
640
- this.performanceClient?.addFields(
641
- { sidFromClaim: true },
642
- correlationId
643
- );
644
- try {
645
- const clientInfo = buildClientInfoFromHomeAccountId(
646
- request.account.homeAccountId
647
- );
648
- parameterBuilder.addCcsOid(clientInfo);
649
- } catch (e) {
650
- this.logger.verbose(
651
- "createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"
652
- );
653
- }
654
- } else if (request.loginHint) {
655
- this.logger.verbose(
656
- "createAuthCodeUrlQueryString: Adding login_hint from request"
657
- );
658
- parameterBuilder.addLoginHint(request.loginHint);
659
- parameterBuilder.addCcsUpn(request.loginHint);
660
- this.performanceClient?.addFields(
661
- { loginHintFromRequest: true },
662
- correlationId
663
- );
664
- } else if (request.account.username) {
665
- // Fallback to account username if provided
666
- this.logger.verbose(
667
- "createAuthCodeUrlQueryString: Adding login_hint from account"
668
- );
669
- parameterBuilder.addLoginHint(request.account.username);
670
- this.performanceClient?.addFields(
671
- { loginHintFromUpn: true },
672
- correlationId
673
- );
674
- try {
675
- const clientInfo = buildClientInfoFromHomeAccountId(
676
- request.account.homeAccountId
677
- );
678
- parameterBuilder.addCcsOid(clientInfo);
679
- } catch (e) {
680
- this.logger.verbose(
681
- "createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"
682
- );
683
- }
684
- }
685
- } else if (request.loginHint) {
686
- this.logger.verbose(
687
- "createAuthCodeUrlQueryString: No account, adding login_hint from request"
688
- );
689
- parameterBuilder.addLoginHint(request.loginHint);
690
- parameterBuilder.addCcsUpn(request.loginHint);
691
- this.performanceClient?.addFields(
692
- { loginHintFromRequest: true },
693
- correlationId
694
- );
695
- }
696
- } else {
697
- this.logger.verbose(
698
- "createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints"
699
- );
700
- }
701
-
702
- if (request.nonce) {
703
- parameterBuilder.addNonce(request.nonce);
704
- }
705
-
706
- if (request.state) {
707
- parameterBuilder.addState(request.state);
708
- }
709
-
710
- if (
711
- request.claims ||
712
- (this.config.authOptions.clientCapabilities &&
713
- this.config.authOptions.clientCapabilities.length > 0)
714
- ) {
715
- parameterBuilder.addClaims(
716
- request.claims,
717
- this.config.authOptions.clientCapabilities
718
- );
719
- }
720
-
721
- if (request.embeddedClientId) {
722
- parameterBuilder.addBrokerParameters({
723
- brokerClientId: this.config.authOptions.clientId,
724
- brokerRedirectUri: this.config.authOptions.redirectUri,
725
- });
726
- }
727
-
728
- this.addExtraQueryParams(request, parameterBuilder);
729
-
730
- if (request.platformBroker) {
731
- // signal ests that this is a WAM call
732
- parameterBuilder.addNativeBroker();
733
-
734
- // pass the req_cnf for POP
735
- if (request.authenticationScheme === AuthenticationScheme.POP) {
736
- const popTokenGenerator = new PopTokenGenerator(
737
- this.cryptoUtils
738
- );
739
-
740
- // req_cnf is always sent as a string for SPAs
741
- let reqCnfData;
742
- if (!request.popKid) {
743
- const generatedReqCnfData = await invokeAsync(
744
- popTokenGenerator.generateCnf.bind(popTokenGenerator),
745
- PerformanceEvents.PopTokenGenerateCnf,
746
- this.logger,
747
- this.performanceClient,
748
- request.correlationId
749
- )(request, this.logger);
750
- reqCnfData = generatedReqCnfData.reqCnfString;
751
- } else {
752
- reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
753
- }
754
- parameterBuilder.addPopToken(reqCnfData);
755
- }
756
- }
757
-
758
- return parameterBuilder.createQueryString();
455
+ return UrlUtils.mapToQueryString(parameters);
759
456
  }
760
457
 
761
458
  /**
@@ -765,68 +462,51 @@ export class AuthorizationCodeClient extends BaseClient {
765
462
  private createLogoutUrlQueryString(
766
463
  request: CommonEndSessionRequest
767
464
  ): string {
768
- const parameterBuilder = new RequestParameterBuilder(
769
- request.correlationId,
770
- this.performanceClient
771
- );
465
+ const parameters = new Map<string, string>();
772
466
 
773
467
  if (request.postLogoutRedirectUri) {
774
- parameterBuilder.addPostLogoutRedirectUri(
468
+ RequestParameterBuilder.addPostLogoutRedirectUri(
469
+ parameters,
775
470
  request.postLogoutRedirectUri
776
471
  );
777
472
  }
778
473
 
779
474
  if (request.correlationId) {
780
- parameterBuilder.addCorrelationId(request.correlationId);
475
+ RequestParameterBuilder.addCorrelationId(
476
+ parameters,
477
+ request.correlationId
478
+ );
781
479
  }
782
480
 
783
481
  if (request.idTokenHint) {
784
- parameterBuilder.addIdTokenHint(request.idTokenHint);
482
+ RequestParameterBuilder.addIdTokenHint(
483
+ parameters,
484
+ request.idTokenHint
485
+ );
785
486
  }
786
487
 
787
488
  if (request.state) {
788
- parameterBuilder.addState(request.state);
489
+ RequestParameterBuilder.addState(parameters, request.state);
789
490
  }
790
491
 
791
492
  if (request.logoutHint) {
792
- parameterBuilder.addLogoutHint(request.logoutHint);
793
- }
794
-
795
- this.addExtraQueryParams(request, parameterBuilder);
796
-
797
- return parameterBuilder.createQueryString();
798
- }
799
-
800
- private addExtraQueryParams(
801
- request: CommonAuthorizationUrlRequest | CommonEndSessionRequest,
802
- parameterBuilder: RequestParameterBuilder
803
- ) {
804
- const hasRequestInstanceAware =
805
- request.extraQueryParameters &&
806
- request.extraQueryParameters.hasOwnProperty("instance_aware");
807
-
808
- // Set instance_aware flag if config auth param is set
809
- if (!hasRequestInstanceAware && this.config.authOptions.instanceAware) {
810
- request.extraQueryParameters = request.extraQueryParameters || {};
811
- request.extraQueryParameters["instance_aware"] = "true";
493
+ RequestParameterBuilder.addLogoutHint(
494
+ parameters,
495
+ request.logoutHint
496
+ );
812
497
  }
813
498
 
814
499
  if (request.extraQueryParameters) {
815
- parameterBuilder.addExtraQueryParameters(
500
+ RequestParameterBuilder.addExtraQueryParameters(
501
+ parameters,
816
502
  request.extraQueryParameters
817
503
  );
818
504
  }
819
- }
820
505
 
821
- /**
822
- * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.
823
- * @param account
824
- */
825
- private extractAccountSid(account: AccountInfo): string | null {
826
- return account.idTokenClaims?.sid || null;
827
- }
506
+ if (this.config.authOptions.instanceAware) {
507
+ RequestParameterBuilder.addInstanceAware(parameters);
508
+ }
828
509
 
829
- private extractLoginHint(account: AccountInfo): string | null {
830
- return account.idTokenClaims?.login_hint || null;
510
+ return UrlUtils.mapToQueryString(parameters);
831
511
  }
832
512
  }