@azure/msal-common 15.2.0 → 15.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +1 -1
- package/dist/authority/AuthorityFactory.mjs +1 -1
- package/dist/authority/AuthorityMetadata.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.mjs +1 -1
- package/dist/cache/CacheManager.mjs +1 -1
- package/dist/cache/entities/AccountEntity.mjs +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts +0 -31
- package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +43 -258
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/BaseClient.d.ts.map +1 -1
- package/dist/client/BaseClient.mjs +9 -10
- package/dist/client/BaseClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +29 -41
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.mjs +1 -1
- package/dist/config/ClientConfiguration.mjs +1 -1
- package/dist/constants/AADServerParamKeys.d.ts +1 -0
- package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +4 -3
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +1 -1
- package/dist/error/AuthError.mjs +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +1 -1
- package/dist/error/ClientConfigurationError.mjs +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/exports-common.d.ts +4 -3
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/index-browser.mjs +6 -2
- package/dist/index-browser.mjs.map +1 -1
- package/dist/index-node.mjs +6 -2
- package/dist/index-node.mjs.map +1 -1
- package/dist/index.mjs +6 -2
- package/dist/index.mjs.map +1 -1
- package/dist/logger/Logger.mjs +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/RequestThumbprint.d.ts +3 -0
- package/dist/network/RequestThumbprint.d.ts.map +1 -1
- package/dist/network/RequestThumbprint.mjs +24 -0
- package/dist/network/RequestThumbprint.mjs.map +1 -0
- package/dist/network/ThrottlingUtils.d.ts.map +1 -1
- package/dist/network/ThrottlingUtils.mjs +3 -13
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +37 -0
- package/dist/protocol/Authorize.d.ts.map +1 -0
- package/dist/protocol/Authorize.mjs +237 -0
- package/dist/protocol/Authorize.mjs.map +1 -0
- package/dist/request/AuthenticationHeaderParser.mjs +1 -1
- package/dist/request/BaseAuthRequest.d.ts +2 -0
- package/dist/request/BaseAuthRequest.d.ts.map +1 -1
- package/dist/request/CommonAuthorizationCodeRequest.d.ts +0 -2
- package/dist/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
- package/dist/request/CommonDeviceCodeRequest.d.ts +1 -1
- package/dist/request/CommonDeviceCodeRequest.d.ts.map +1 -1
- package/dist/request/CommonRefreshTokenRequest.d.ts +0 -2
- package/dist/request/CommonRefreshTokenRequest.d.ts.map +1 -1
- package/dist/request/CommonSilentFlowRequest.d.ts +0 -3
- package/dist/request/CommonSilentFlowRequest.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.d.ts +206 -218
- package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +356 -369
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/RequestValidator.mjs +1 -1
- package/dist/request/ScopeSet.mjs +1 -1
- package/dist/response/AuthorizeResponse.d.ts +72 -0
- package/dist/response/AuthorizeResponse.d.ts.map +1 -0
- package/dist/response/ResponseHandler.d.ts +0 -8
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +7 -52
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.d.ts +1 -2
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +2 -11
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist/url/UrlString.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.mjs +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.d.ts +10 -0
- package/dist/utils/TimeUtils.d.ts.map +1 -1
- package/dist/utils/TimeUtils.mjs +20 -2
- package/dist/utils/TimeUtils.mjs.map +1 -1
- package/dist/utils/UrlUtils.d.ts +6 -2
- package/dist/utils/UrlUtils.d.ts.map +1 -1
- package/dist/utils/UrlUtils.mjs +12 -2
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +4 -2
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-0IMDqzO0.js → index-node-BjtDFnOl.js} +828 -805
- package/lib/index-node-BjtDFnOl.js.map +1 -0
- package/lib/index-node.cjs +4 -2
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +4 -2
- package/lib/index.cjs.map +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts +0 -31
- package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/lib/types/client/BaseClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/constants/AADServerParamKeys.d.ts +1 -0
- package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
- package/lib/types/exports-common.d.ts +4 -3
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/network/RequestThumbprint.d.ts +3 -0
- package/lib/types/network/RequestThumbprint.d.ts.map +1 -1
- package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts +37 -0
- package/lib/types/protocol/Authorize.d.ts.map +1 -0
- package/lib/types/request/BaseAuthRequest.d.ts +2 -0
- package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/lib/types/request/CommonAuthorizationCodeRequest.d.ts +0 -2
- package/lib/types/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
- package/lib/types/request/CommonDeviceCodeRequest.d.ts +1 -1
- package/lib/types/request/CommonDeviceCodeRequest.d.ts.map +1 -1
- package/lib/types/request/CommonRefreshTokenRequest.d.ts +0 -2
- package/lib/types/request/CommonRefreshTokenRequest.d.ts.map +1 -1
- package/lib/types/request/CommonSilentFlowRequest.d.ts +0 -3
- package/lib/types/request/CommonSilentFlowRequest.d.ts.map +1 -1
- package/lib/types/request/RequestParameterBuilder.d.ts +206 -218
- package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/lib/types/response/AuthorizeResponse.d.ts +72 -0
- package/lib/types/response/AuthorizeResponse.d.ts.map +1 -0
- package/lib/types/response/ResponseHandler.d.ts +0 -8
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts +1 -2
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/lib/types/utils/TimeUtils.d.ts +10 -0
- package/lib/types/utils/TimeUtils.d.ts.map +1 -1
- package/lib/types/utils/UrlUtils.d.ts +6 -2
- package/lib/types/utils/UrlUtils.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/client/AuthorizationCodeClient.ts +89 -409
- package/src/client/BaseClient.ts +20 -12
- package/src/client/RefreshTokenClient.ts +66 -44
- package/src/constants/AADServerParamKeys.ts +1 -0
- package/src/exports-common.ts +8 -3
- package/src/network/RequestThumbprint.ts +23 -0
- package/src/network/ThrottlingUtils.ts +9 -14
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +409 -0
- package/src/request/BaseAuthRequest.ts +2 -0
- package/src/request/CommonAuthorizationCodeRequest.ts +0 -2
- package/src/request/CommonDeviceCodeRequest.ts +1 -1
- package/src/request/CommonRefreshTokenRequest.ts +0 -2
- package/src/request/CommonSilentFlowRequest.ts +0 -3
- package/src/request/RequestParameterBuilder.ts +508 -543
- package/src/response/AuthorizeResponse.ts +76 -0
- package/src/response/ResponseHandler.ts +8 -104
- package/src/telemetry/performance/PerformanceEvent.ts +1 -11
- package/src/utils/TimeUtils.ts +20 -0
- package/src/utils/UrlUtils.ts +18 -4
- package/dist/response/ServerAuthorizationCodeResponse.d.ts +0 -27
- package/dist/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
- package/lib/index-node-0IMDqzO0.js.map +0 -1
- package/lib/types/response/ServerAuthorizationCodeResponse.d.ts +0 -27
- package/lib/types/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
- package/src/response/ServerAuthorizationCodeResponse.ts +0 -34
package/src/client/BaseClient.ts
CHANGED
|
@@ -25,7 +25,8 @@ import { version, name } from "../packageMetadata.js";
|
|
|
25
25
|
import { CcsCredential, CcsCredentialType } from "../account/CcsCredential.js";
|
|
26
26
|
import { buildClientInfoFromHomeAccountId } from "../account/ClientInfo.js";
|
|
27
27
|
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
28
|
-
import
|
|
28
|
+
import * as RequestParameterBuilder from "../request/RequestParameterBuilder.js";
|
|
29
|
+
import * as UrlUtils from "../utils/UrlUtils.js";
|
|
29
30
|
import { BaseAuthRequest } from "../request/BaseAuthRequest.js";
|
|
30
31
|
import { createDiscoveredInstance } from "../authority/AuthorityFactory.js";
|
|
31
32
|
import { PerformanceEvents } from "../telemetry/performance/PerformanceEvent.js";
|
|
@@ -278,26 +279,33 @@ export abstract class BaseClient {
|
|
|
278
279
|
* @param request
|
|
279
280
|
*/
|
|
280
281
|
createTokenQueryParameters(request: BaseAuthRequest): string {
|
|
281
|
-
const
|
|
282
|
-
request.correlationId,
|
|
283
|
-
this.performanceClient
|
|
284
|
-
);
|
|
282
|
+
const parameters = new Map<string, string>();
|
|
285
283
|
|
|
286
284
|
if (request.embeddedClientId) {
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
285
|
+
RequestParameterBuilder.addBrokerParameters(
|
|
286
|
+
parameters,
|
|
287
|
+
this.config.authOptions.clientId,
|
|
288
|
+
this.config.authOptions.redirectUri
|
|
289
|
+
);
|
|
291
290
|
}
|
|
292
291
|
|
|
293
292
|
if (request.tokenQueryParameters) {
|
|
294
|
-
|
|
293
|
+
RequestParameterBuilder.addExtraQueryParameters(
|
|
294
|
+
parameters,
|
|
295
295
|
request.tokenQueryParameters
|
|
296
296
|
);
|
|
297
297
|
}
|
|
298
298
|
|
|
299
|
-
|
|
299
|
+
RequestParameterBuilder.addCorrelationId(
|
|
300
|
+
parameters,
|
|
301
|
+
request.correlationId
|
|
302
|
+
);
|
|
300
303
|
|
|
301
|
-
|
|
304
|
+
RequestParameterBuilder.instrumentBrokerParams(
|
|
305
|
+
parameters,
|
|
306
|
+
request.correlationId,
|
|
307
|
+
this.performanceClient
|
|
308
|
+
);
|
|
309
|
+
return UrlUtils.mapToQueryString(parameters);
|
|
302
310
|
}
|
|
303
311
|
}
|
|
@@ -11,7 +11,8 @@ import { BaseClient } from "./BaseClient.js";
|
|
|
11
11
|
import { CommonRefreshTokenRequest } from "../request/CommonRefreshTokenRequest.js";
|
|
12
12
|
import { Authority } from "../authority/Authority.js";
|
|
13
13
|
import { ServerAuthorizationTokenResponse } from "../response/ServerAuthorizationTokenResponse.js";
|
|
14
|
-
import
|
|
14
|
+
import * as RequestParameterBuilder from "../request/RequestParameterBuilder.js";
|
|
15
|
+
import * as UrlUtils from "../utils/UrlUtils.js";
|
|
15
16
|
import {
|
|
16
17
|
GrantType,
|
|
17
18
|
AuthenticationScheme,
|
|
@@ -23,7 +24,6 @@ import { ResponseHandler } from "../response/ResponseHandler.js";
|
|
|
23
24
|
import { AuthenticationResult } from "../response/AuthenticationResult.js";
|
|
24
25
|
import { PopTokenGenerator } from "../crypto/PopTokenGenerator.js";
|
|
25
26
|
import { StringUtils } from "../utils/StringUtils.js";
|
|
26
|
-
import { RequestThumbprint } from "../network/RequestThumbprint.js";
|
|
27
27
|
import { NetworkResponse } from "../network/NetworkResponse.js";
|
|
28
28
|
import { CommonSilentFlowRequest } from "../request/CommonSilentFlowRequest.js";
|
|
29
29
|
import {
|
|
@@ -50,6 +50,7 @@ import { invoke, invokeAsync } from "../utils/FunctionWrappers.js";
|
|
|
50
50
|
import { generateCredentialKey } from "../cache/utils/CacheHelpers.js";
|
|
51
51
|
import { ClientAssertion } from "../account/ClientCredentials.js";
|
|
52
52
|
import { getClientAssertion } from "../utils/ClientAssertionUtils.js";
|
|
53
|
+
import { getRequestThumbprint } from "../network/RequestThumbprint.js";
|
|
53
54
|
|
|
54
55
|
const DEFAULT_REFRESH_TOKEN_EXPIRATION_OFFSET_SECONDS = 300; // 5 Minutes
|
|
55
56
|
|
|
@@ -311,19 +312,11 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
311
312
|
const headers: Record<string, string> = this.createTokenRequestHeaders(
|
|
312
313
|
request.ccsCredential
|
|
313
314
|
);
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
scopes: request.scopes,
|
|
320
|
-
claims: request.claims,
|
|
321
|
-
authenticationScheme: request.authenticationScheme,
|
|
322
|
-
resourceRequestMethod: request.resourceRequestMethod,
|
|
323
|
-
resourceRequestUri: request.resourceRequestUri,
|
|
324
|
-
shrClaims: request.shrClaims,
|
|
325
|
-
sshKid: request.sshKid,
|
|
326
|
-
};
|
|
315
|
+
|
|
316
|
+
const thumbprint = getRequestThumbprint(
|
|
317
|
+
this.config.authOptions.clientId,
|
|
318
|
+
request
|
|
319
|
+
);
|
|
327
320
|
|
|
328
321
|
return invokeAsync(
|
|
329
322
|
this.executePostToTokenEndpoint.bind(this),
|
|
@@ -353,46 +346,61 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
353
346
|
request.correlationId
|
|
354
347
|
);
|
|
355
348
|
|
|
356
|
-
const
|
|
357
|
-
const parameterBuilder = new RequestParameterBuilder(
|
|
358
|
-
correlationId,
|
|
359
|
-
this.performanceClient
|
|
360
|
-
);
|
|
349
|
+
const parameters = new Map<string, string>();
|
|
361
350
|
|
|
362
|
-
|
|
351
|
+
RequestParameterBuilder.addClientId(
|
|
352
|
+
parameters,
|
|
363
353
|
request.embeddedClientId ||
|
|
364
354
|
request.tokenBodyParameters?.[AADServerParamKeys.CLIENT_ID] ||
|
|
365
355
|
this.config.authOptions.clientId
|
|
366
356
|
);
|
|
367
357
|
|
|
368
358
|
if (request.redirectUri) {
|
|
369
|
-
|
|
359
|
+
RequestParameterBuilder.addRedirectUri(
|
|
360
|
+
parameters,
|
|
361
|
+
request.redirectUri
|
|
362
|
+
);
|
|
370
363
|
}
|
|
371
364
|
|
|
372
|
-
|
|
365
|
+
RequestParameterBuilder.addScopes(
|
|
366
|
+
parameters,
|
|
373
367
|
request.scopes,
|
|
374
368
|
true,
|
|
375
369
|
this.config.authOptions.authority.options.OIDCOptions?.defaultScopes
|
|
376
370
|
);
|
|
377
371
|
|
|
378
|
-
|
|
372
|
+
RequestParameterBuilder.addGrantType(
|
|
373
|
+
parameters,
|
|
374
|
+
GrantType.REFRESH_TOKEN_GRANT
|
|
375
|
+
);
|
|
379
376
|
|
|
380
|
-
|
|
377
|
+
RequestParameterBuilder.addClientInfo(parameters);
|
|
381
378
|
|
|
382
|
-
|
|
383
|
-
|
|
379
|
+
RequestParameterBuilder.addLibraryInfo(
|
|
380
|
+
parameters,
|
|
381
|
+
this.config.libraryInfo
|
|
382
|
+
);
|
|
383
|
+
RequestParameterBuilder.addApplicationTelemetry(
|
|
384
|
+
parameters,
|
|
384
385
|
this.config.telemetry.application
|
|
385
386
|
);
|
|
386
|
-
|
|
387
|
+
RequestParameterBuilder.addThrottling(parameters);
|
|
387
388
|
|
|
388
389
|
if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {
|
|
389
|
-
|
|
390
|
+
RequestParameterBuilder.addServerTelemetry(
|
|
391
|
+
parameters,
|
|
392
|
+
this.serverTelemetryManager
|
|
393
|
+
);
|
|
390
394
|
}
|
|
391
395
|
|
|
392
|
-
|
|
396
|
+
RequestParameterBuilder.addRefreshToken(
|
|
397
|
+
parameters,
|
|
398
|
+
request.refreshToken
|
|
399
|
+
);
|
|
393
400
|
|
|
394
401
|
if (this.config.clientCredentials.clientSecret) {
|
|
395
|
-
|
|
402
|
+
RequestParameterBuilder.addClientSecret(
|
|
403
|
+
parameters,
|
|
396
404
|
this.config.clientCredentials.clientSecret
|
|
397
405
|
);
|
|
398
406
|
}
|
|
@@ -401,14 +409,16 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
401
409
|
const clientAssertion: ClientAssertion =
|
|
402
410
|
this.config.clientCredentials.clientAssertion;
|
|
403
411
|
|
|
404
|
-
|
|
412
|
+
RequestParameterBuilder.addClientAssertion(
|
|
413
|
+
parameters,
|
|
405
414
|
await getClientAssertion(
|
|
406
415
|
clientAssertion.assertion,
|
|
407
416
|
this.config.authOptions.clientId,
|
|
408
417
|
request.resourceRequestUri
|
|
409
418
|
)
|
|
410
419
|
);
|
|
411
|
-
|
|
420
|
+
RequestParameterBuilder.addClientAssertionType(
|
|
421
|
+
parameters,
|
|
412
422
|
clientAssertion.assertionType
|
|
413
423
|
);
|
|
414
424
|
}
|
|
@@ -435,10 +445,10 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
435
445
|
}
|
|
436
446
|
|
|
437
447
|
// SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
|
|
438
|
-
|
|
448
|
+
RequestParameterBuilder.addPopToken(parameters, reqCnfData);
|
|
439
449
|
} else if (request.authenticationScheme === AuthenticationScheme.SSH) {
|
|
440
450
|
if (request.sshJwk) {
|
|
441
|
-
|
|
451
|
+
RequestParameterBuilder.addSshJwk(parameters, request.sshJwk);
|
|
442
452
|
} else {
|
|
443
453
|
throw createClientConfigurationError(
|
|
444
454
|
ClientConfigurationErrorCodes.missingSshJwk
|
|
@@ -451,7 +461,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
451
461
|
(this.config.authOptions.clientCapabilities &&
|
|
452
462
|
this.config.authOptions.clientCapabilities.length > 0)
|
|
453
463
|
) {
|
|
454
|
-
|
|
464
|
+
RequestParameterBuilder.addClaims(
|
|
465
|
+
parameters,
|
|
455
466
|
request.claims,
|
|
456
467
|
this.config.authOptions.clientCapabilities
|
|
457
468
|
);
|
|
@@ -467,7 +478,10 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
467
478
|
const clientInfo = buildClientInfoFromHomeAccountId(
|
|
468
479
|
request.ccsCredential.credential
|
|
469
480
|
);
|
|
470
|
-
|
|
481
|
+
RequestParameterBuilder.addCcsOid(
|
|
482
|
+
parameters,
|
|
483
|
+
clientInfo
|
|
484
|
+
);
|
|
471
485
|
} catch (e) {
|
|
472
486
|
this.logger.verbose(
|
|
473
487
|
"Could not parse home account ID for CCS Header: " +
|
|
@@ -476,7 +490,8 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
476
490
|
}
|
|
477
491
|
break;
|
|
478
492
|
case CcsCredentialType.UPN:
|
|
479
|
-
|
|
493
|
+
RequestParameterBuilder.addCcsUpn(
|
|
494
|
+
parameters,
|
|
480
495
|
request.ccsCredential.credential
|
|
481
496
|
);
|
|
482
497
|
break;
|
|
@@ -484,18 +499,25 @@ export class RefreshTokenClient extends BaseClient {
|
|
|
484
499
|
}
|
|
485
500
|
|
|
486
501
|
if (request.embeddedClientId) {
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
502
|
+
RequestParameterBuilder.addBrokerParameters(
|
|
503
|
+
parameters,
|
|
504
|
+
this.config.authOptions.clientId,
|
|
505
|
+
this.config.authOptions.redirectUri
|
|
506
|
+
);
|
|
491
507
|
}
|
|
492
508
|
|
|
493
509
|
if (request.tokenBodyParameters) {
|
|
494
|
-
|
|
510
|
+
RequestParameterBuilder.addExtraQueryParameters(
|
|
511
|
+
parameters,
|
|
495
512
|
request.tokenBodyParameters
|
|
496
513
|
);
|
|
497
514
|
}
|
|
498
515
|
|
|
499
|
-
|
|
516
|
+
RequestParameterBuilder.instrumentBrokerParams(
|
|
517
|
+
parameters,
|
|
518
|
+
request.correlationId,
|
|
519
|
+
this.performanceClient
|
|
520
|
+
);
|
|
521
|
+
return UrlUtils.mapToQueryString(parameters);
|
|
500
522
|
}
|
|
501
523
|
}
|
package/src/exports-common.ts
CHANGED
|
@@ -93,7 +93,10 @@ export {
|
|
|
93
93
|
} from "./network/INetworkModule.js";
|
|
94
94
|
export { NetworkResponse } from "./network/NetworkResponse.js";
|
|
95
95
|
export { ThrottlingUtils } from "./network/ThrottlingUtils.js";
|
|
96
|
-
export {
|
|
96
|
+
export {
|
|
97
|
+
RequestThumbprint,
|
|
98
|
+
getRequestThumbprint,
|
|
99
|
+
} from "./network/RequestThumbprint.js";
|
|
97
100
|
export { IUri } from "./url/IUri.js";
|
|
98
101
|
export { UrlString } from "./url/UrlString.js";
|
|
99
102
|
export {
|
|
@@ -102,19 +105,21 @@ export {
|
|
|
102
105
|
DEFAULT_CRYPTO_IMPLEMENTATION,
|
|
103
106
|
SignedHttpRequestParameters,
|
|
104
107
|
} from "./crypto/ICrypto.js";
|
|
108
|
+
|
|
109
|
+
export * as AuthorizeProtocol from "./protocol/Authorize.js";
|
|
105
110
|
export { BaseAuthRequest } from "./request/BaseAuthRequest.js";
|
|
106
111
|
export { CommonAuthorizationUrlRequest } from "./request/CommonAuthorizationUrlRequest.js";
|
|
107
112
|
export { CommonAuthorizationCodeRequest } from "./request/CommonAuthorizationCodeRequest.js";
|
|
108
113
|
export { CommonRefreshTokenRequest } from "./request/CommonRefreshTokenRequest.js";
|
|
109
114
|
export { CommonSilentFlowRequest } from "./request/CommonSilentFlowRequest.js";
|
|
110
115
|
export { CommonEndSessionRequest } from "./request/CommonEndSessionRequest.js";
|
|
111
|
-
export
|
|
116
|
+
export * as RequestParameterBuilder from "./request/RequestParameterBuilder.js";
|
|
112
117
|
export { StoreInCache } from "./request/StoreInCache.js";
|
|
113
118
|
export { AzureRegion } from "./authority/AzureRegion.js";
|
|
114
119
|
export { AzureRegionConfiguration } from "./authority/AzureRegionConfiguration.js";
|
|
115
120
|
export { AuthenticationResult } from "./response/AuthenticationResult.js";
|
|
116
121
|
export { AuthorizationCodePayload } from "./response/AuthorizationCodePayload.js";
|
|
117
|
-
export {
|
|
122
|
+
export { AuthorizeResponse } from "./response/AuthorizeResponse.js";
|
|
118
123
|
export { ServerAuthorizationTokenResponse } from "./response/ServerAuthorizationTokenResponse.js";
|
|
119
124
|
export {
|
|
120
125
|
ResponseHandler,
|
|
@@ -4,6 +4,7 @@
|
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
6
|
import { ShrOptions } from "../crypto/SignedHttpRequest.js";
|
|
7
|
+
import { BaseAuthRequest } from "../request/BaseAuthRequest.js";
|
|
7
8
|
import { AuthenticationScheme } from "../utils/Constants.js";
|
|
8
9
|
|
|
9
10
|
/**
|
|
@@ -21,4 +22,26 @@ export type RequestThumbprint = {
|
|
|
21
22
|
shrClaims?: string;
|
|
22
23
|
sshKid?: string;
|
|
23
24
|
shrOptions?: ShrOptions;
|
|
25
|
+
embeddedClientId?: string;
|
|
24
26
|
};
|
|
27
|
+
|
|
28
|
+
export function getRequestThumbprint(
|
|
29
|
+
clientId: string,
|
|
30
|
+
request: BaseAuthRequest,
|
|
31
|
+
homeAccountId?: string
|
|
32
|
+
): RequestThumbprint {
|
|
33
|
+
return {
|
|
34
|
+
clientId: clientId,
|
|
35
|
+
authority: request.authority,
|
|
36
|
+
scopes: request.scopes,
|
|
37
|
+
homeAccountIdentifier: homeAccountId,
|
|
38
|
+
claims: request.claims,
|
|
39
|
+
authenticationScheme: request.authenticationScheme,
|
|
40
|
+
resourceRequestMethod: request.resourceRequestMethod,
|
|
41
|
+
resourceRequestUri: request.resourceRequestUri,
|
|
42
|
+
shrClaims: request.shrClaims,
|
|
43
|
+
sshKid: request.sshKid,
|
|
44
|
+
embeddedClientId:
|
|
45
|
+
request.embeddedClientId || request.tokenBodyParameters?.clientId,
|
|
46
|
+
};
|
|
47
|
+
}
|
|
@@ -12,7 +12,10 @@ import {
|
|
|
12
12
|
} from "../utils/Constants.js";
|
|
13
13
|
import { CacheManager } from "../cache/CacheManager.js";
|
|
14
14
|
import { ServerError } from "../error/ServerError.js";
|
|
15
|
-
import {
|
|
15
|
+
import {
|
|
16
|
+
getRequestThumbprint,
|
|
17
|
+
RequestThumbprint,
|
|
18
|
+
} from "./RequestThumbprint.js";
|
|
16
19
|
import { ThrottlingEntity } from "../cache/entities/ThrottlingEntity.js";
|
|
17
20
|
import { BaseAuthRequest } from "../request/BaseAuthRequest.js";
|
|
18
21
|
|
|
@@ -137,19 +140,11 @@ export class ThrottlingUtils {
|
|
|
137
140
|
request: BaseAuthRequest,
|
|
138
141
|
homeAccountIdentifier?: string
|
|
139
142
|
): void {
|
|
140
|
-
const thumbprint
|
|
141
|
-
clientId
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
claims: request.claims,
|
|
146
|
-
authenticationScheme: request.authenticationScheme,
|
|
147
|
-
resourceRequestMethod: request.resourceRequestMethod,
|
|
148
|
-
resourceRequestUri: request.resourceRequestUri,
|
|
149
|
-
shrClaims: request.shrClaims,
|
|
150
|
-
sshKid: request.sshKid,
|
|
151
|
-
};
|
|
152
|
-
|
|
143
|
+
const thumbprint = getRequestThumbprint(
|
|
144
|
+
clientId,
|
|
145
|
+
request,
|
|
146
|
+
homeAccountIdentifier
|
|
147
|
+
);
|
|
153
148
|
const key = this.generateThrottlingStorageKey(thumbprint);
|
|
154
149
|
cacheManager.removeItem(key);
|
|
155
150
|
}
|
package/src/packageMetadata.ts
CHANGED