@azure/msal-common 15.2.0 → 15.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +1 -1
- package/dist/authority/AuthorityFactory.mjs +1 -1
- package/dist/authority/AuthorityMetadata.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.mjs +1 -1
- package/dist/cache/CacheManager.mjs +1 -1
- package/dist/cache/entities/AccountEntity.mjs +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts +0 -31
- package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +43 -258
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/BaseClient.d.ts.map +1 -1
- package/dist/client/BaseClient.mjs +9 -10
- package/dist/client/BaseClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +29 -41
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.mjs +1 -1
- package/dist/config/ClientConfiguration.mjs +1 -1
- package/dist/constants/AADServerParamKeys.d.ts +1 -0
- package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +4 -3
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +1 -1
- package/dist/error/AuthError.mjs +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +1 -1
- package/dist/error/ClientConfigurationError.mjs +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/exports-common.d.ts +4 -3
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/index-browser.mjs +6 -2
- package/dist/index-browser.mjs.map +1 -1
- package/dist/index-node.mjs +6 -2
- package/dist/index-node.mjs.map +1 -1
- package/dist/index.mjs +6 -2
- package/dist/index.mjs.map +1 -1
- package/dist/logger/Logger.mjs +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/RequestThumbprint.d.ts +3 -0
- package/dist/network/RequestThumbprint.d.ts.map +1 -1
- package/dist/network/RequestThumbprint.mjs +24 -0
- package/dist/network/RequestThumbprint.mjs.map +1 -0
- package/dist/network/ThrottlingUtils.d.ts.map +1 -1
- package/dist/network/ThrottlingUtils.mjs +3 -13
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +37 -0
- package/dist/protocol/Authorize.d.ts.map +1 -0
- package/dist/protocol/Authorize.mjs +237 -0
- package/dist/protocol/Authorize.mjs.map +1 -0
- package/dist/request/AuthenticationHeaderParser.mjs +1 -1
- package/dist/request/BaseAuthRequest.d.ts +2 -0
- package/dist/request/BaseAuthRequest.d.ts.map +1 -1
- package/dist/request/CommonAuthorizationCodeRequest.d.ts +0 -2
- package/dist/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
- package/dist/request/CommonDeviceCodeRequest.d.ts +1 -1
- package/dist/request/CommonDeviceCodeRequest.d.ts.map +1 -1
- package/dist/request/CommonRefreshTokenRequest.d.ts +0 -2
- package/dist/request/CommonRefreshTokenRequest.d.ts.map +1 -1
- package/dist/request/CommonSilentFlowRequest.d.ts +0 -3
- package/dist/request/CommonSilentFlowRequest.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.d.ts +206 -218
- package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +356 -369
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/RequestValidator.mjs +1 -1
- package/dist/request/ScopeSet.mjs +1 -1
- package/dist/response/AuthorizeResponse.d.ts +72 -0
- package/dist/response/AuthorizeResponse.d.ts.map +1 -0
- package/dist/response/ResponseHandler.d.ts +0 -8
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +7 -52
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.d.ts +1 -2
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +2 -11
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist/url/UrlString.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.mjs +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.d.ts +10 -0
- package/dist/utils/TimeUtils.d.ts.map +1 -1
- package/dist/utils/TimeUtils.mjs +20 -2
- package/dist/utils/TimeUtils.mjs.map +1 -1
- package/dist/utils/UrlUtils.d.ts +6 -2
- package/dist/utils/UrlUtils.d.ts.map +1 -1
- package/dist/utils/UrlUtils.mjs +12 -2
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +4 -2
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-0IMDqzO0.js → index-node-BjtDFnOl.js} +828 -805
- package/lib/index-node-BjtDFnOl.js.map +1 -0
- package/lib/index-node.cjs +4 -2
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +4 -2
- package/lib/index.cjs.map +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts +0 -31
- package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/lib/types/client/BaseClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/constants/AADServerParamKeys.d.ts +1 -0
- package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
- package/lib/types/exports-common.d.ts +4 -3
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/network/RequestThumbprint.d.ts +3 -0
- package/lib/types/network/RequestThumbprint.d.ts.map +1 -1
- package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts +37 -0
- package/lib/types/protocol/Authorize.d.ts.map +1 -0
- package/lib/types/request/BaseAuthRequest.d.ts +2 -0
- package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
- package/lib/types/request/CommonAuthorizationCodeRequest.d.ts +0 -2
- package/lib/types/request/CommonAuthorizationCodeRequest.d.ts.map +1 -1
- package/lib/types/request/CommonDeviceCodeRequest.d.ts +1 -1
- package/lib/types/request/CommonDeviceCodeRequest.d.ts.map +1 -1
- package/lib/types/request/CommonRefreshTokenRequest.d.ts +0 -2
- package/lib/types/request/CommonRefreshTokenRequest.d.ts.map +1 -1
- package/lib/types/request/CommonSilentFlowRequest.d.ts +0 -3
- package/lib/types/request/CommonSilentFlowRequest.d.ts.map +1 -1
- package/lib/types/request/RequestParameterBuilder.d.ts +206 -218
- package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/lib/types/response/AuthorizeResponse.d.ts +72 -0
- package/lib/types/response/AuthorizeResponse.d.ts.map +1 -0
- package/lib/types/response/ResponseHandler.d.ts +0 -8
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts +1 -2
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/lib/types/utils/TimeUtils.d.ts +10 -0
- package/lib/types/utils/TimeUtils.d.ts.map +1 -1
- package/lib/types/utils/UrlUtils.d.ts +6 -2
- package/lib/types/utils/UrlUtils.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/client/AuthorizationCodeClient.ts +89 -409
- package/src/client/BaseClient.ts +20 -12
- package/src/client/RefreshTokenClient.ts +66 -44
- package/src/constants/AADServerParamKeys.ts +1 -0
- package/src/exports-common.ts +8 -3
- package/src/network/RequestThumbprint.ts +23 -0
- package/src/network/ThrottlingUtils.ts +9 -14
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +409 -0
- package/src/request/BaseAuthRequest.ts +2 -0
- package/src/request/CommonAuthorizationCodeRequest.ts +0 -2
- package/src/request/CommonDeviceCodeRequest.ts +1 -1
- package/src/request/CommonRefreshTokenRequest.ts +0 -2
- package/src/request/CommonSilentFlowRequest.ts +0 -3
- package/src/request/RequestParameterBuilder.ts +508 -543
- package/src/response/AuthorizeResponse.ts +76 -0
- package/src/response/ResponseHandler.ts +8 -104
- package/src/telemetry/performance/PerformanceEvent.ts +1 -11
- package/src/utils/TimeUtils.ts +20 -0
- package/src/utils/UrlUtils.ts +18 -4
- package/dist/response/ServerAuthorizationCodeResponse.d.ts +0 -27
- package/dist/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
- package/lib/index-node-0IMDqzO0.js.map +0 -1
- package/lib/types/response/ServerAuthorizationCodeResponse.d.ts +0 -27
- package/lib/types/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
- package/src/response/ServerAuthorizationCodeResponse.ts +0 -34
|
@@ -21,7 +21,6 @@ import {
|
|
|
21
21
|
ClientConfigurationErrorCodes,
|
|
22
22
|
} from "../error/ClientConfigurationError.js";
|
|
23
23
|
import { StringDict } from "../utils/MsalTypes.js";
|
|
24
|
-
import { RequestValidator } from "./RequestValidator.js";
|
|
25
24
|
import {
|
|
26
25
|
ApplicationTelemetry,
|
|
27
26
|
LibraryInfo,
|
|
@@ -30,11 +29,11 @@ import { ServerTelemetryManager } from "../telemetry/server/ServerTelemetryManag
|
|
|
30
29
|
import { ClientInfo } from "../account/ClientInfo.js";
|
|
31
30
|
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
32
31
|
|
|
33
|
-
function instrumentBrokerParams(
|
|
32
|
+
export function instrumentBrokerParams(
|
|
34
33
|
parameters: Map<string, string>,
|
|
35
34
|
correlationId?: string,
|
|
36
35
|
performanceClient?: IPerformanceClient
|
|
37
|
-
) {
|
|
36
|
+
): void {
|
|
38
37
|
if (!correlationId) {
|
|
39
38
|
return;
|
|
40
39
|
}
|
|
@@ -53,611 +52,577 @@ function instrumentBrokerParams(
|
|
|
53
52
|
}
|
|
54
53
|
}
|
|
55
54
|
|
|
56
|
-
/**
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
55
|
+
/**
|
|
56
|
+
* add response_type = code
|
|
57
|
+
*/
|
|
58
|
+
export function addResponseTypeCode(parameters: Map<string, string>): void {
|
|
59
|
+
parameters.set(
|
|
60
|
+
AADServerParamKeys.RESPONSE_TYPE,
|
|
61
|
+
Constants.CODE_RESPONSE_TYPE
|
|
62
|
+
);
|
|
63
|
+
}
|
|
61
64
|
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
65
|
+
/**
|
|
66
|
+
* add response_type = token id_token
|
|
67
|
+
*/
|
|
68
|
+
export function addResponseTypeForTokenAndIdToken(
|
|
69
|
+
parameters: Map<string, string>
|
|
70
|
+
): void {
|
|
71
|
+
parameters.set(
|
|
72
|
+
AADServerParamKeys.RESPONSE_TYPE,
|
|
73
|
+
`${Constants.TOKEN_RESPONSE_TYPE} ${Constants.ID_TOKEN_RESPONSE_TYPE}`
|
|
74
|
+
);
|
|
75
|
+
}
|
|
70
76
|
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
77
|
+
/**
|
|
78
|
+
* add response_mode. defaults to query.
|
|
79
|
+
* @param responseMode
|
|
80
|
+
*/
|
|
81
|
+
export function addResponseMode(
|
|
82
|
+
parameters: Map<string, string>,
|
|
83
|
+
responseMode?: ResponseMode
|
|
84
|
+
): void {
|
|
85
|
+
parameters.set(
|
|
86
|
+
AADServerParamKeys.RESPONSE_MODE,
|
|
87
|
+
responseMode ? responseMode : ResponseMode.QUERY
|
|
88
|
+
);
|
|
89
|
+
}
|
|
80
90
|
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
encodeURIComponent(
|
|
88
|
-
`${Constants.TOKEN_RESPONSE_TYPE} ${Constants.ID_TOKEN_RESPONSE_TYPE}`
|
|
89
|
-
)
|
|
90
|
-
);
|
|
91
|
-
}
|
|
91
|
+
/**
|
|
92
|
+
* Add flag to indicate STS should attempt to use WAM if available
|
|
93
|
+
*/
|
|
94
|
+
export function addNativeBroker(parameters: Map<string, string>): void {
|
|
95
|
+
parameters.set(AADServerParamKeys.NATIVE_BROKER, "1");
|
|
96
|
+
}
|
|
92
97
|
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
98
|
+
/**
|
|
99
|
+
* add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
|
|
100
|
+
* @param scopeSet
|
|
101
|
+
* @param addOidcScopes
|
|
102
|
+
*/
|
|
103
|
+
export function addScopes(
|
|
104
|
+
parameters: Map<string, string>,
|
|
105
|
+
scopes: string[],
|
|
106
|
+
addOidcScopes: boolean = true,
|
|
107
|
+
defaultScopes: Array<string> = OIDC_DEFAULT_SCOPES
|
|
108
|
+
): void {
|
|
109
|
+
// Always add openid to the scopes when adding OIDC scopes
|
|
110
|
+
if (
|
|
111
|
+
addOidcScopes &&
|
|
112
|
+
!defaultScopes.includes("openid") &&
|
|
113
|
+
!scopes.includes("openid")
|
|
114
|
+
) {
|
|
115
|
+
defaultScopes.push("openid");
|
|
102
116
|
}
|
|
117
|
+
const requestScopes = addOidcScopes
|
|
118
|
+
? [...(scopes || []), ...defaultScopes]
|
|
119
|
+
: scopes || [];
|
|
120
|
+
const scopeSet = new ScopeSet(requestScopes);
|
|
121
|
+
parameters.set(AADServerParamKeys.SCOPE, scopeSet.printScopes());
|
|
122
|
+
}
|
|
103
123
|
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
124
|
+
/**
|
|
125
|
+
* add clientId
|
|
126
|
+
* @param clientId
|
|
127
|
+
*/
|
|
128
|
+
export function addClientId(
|
|
129
|
+
parameters: Map<string, string>,
|
|
130
|
+
clientId: string
|
|
131
|
+
): void {
|
|
132
|
+
parameters.set(AADServerParamKeys.CLIENT_ID, clientId);
|
|
133
|
+
}
|
|
113
134
|
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
// Always add openid to the scopes when adding OIDC scopes
|
|
125
|
-
if (
|
|
126
|
-
addOidcScopes &&
|
|
127
|
-
!defaultScopes.includes("openid") &&
|
|
128
|
-
!scopes.includes("openid")
|
|
129
|
-
) {
|
|
130
|
-
defaultScopes.push("openid");
|
|
131
|
-
}
|
|
132
|
-
const requestScopes = addOidcScopes
|
|
133
|
-
? [...(scopes || []), ...defaultScopes]
|
|
134
|
-
: scopes || [];
|
|
135
|
-
const scopeSet = new ScopeSet(requestScopes);
|
|
136
|
-
this.parameters.set(
|
|
137
|
-
AADServerParamKeys.SCOPE,
|
|
138
|
-
encodeURIComponent(scopeSet.printScopes())
|
|
139
|
-
);
|
|
140
|
-
}
|
|
135
|
+
/**
|
|
136
|
+
* add redirect_uri
|
|
137
|
+
* @param redirectUri
|
|
138
|
+
*/
|
|
139
|
+
export function addRedirectUri(
|
|
140
|
+
parameters: Map<string, string>,
|
|
141
|
+
redirectUri: string
|
|
142
|
+
): void {
|
|
143
|
+
parameters.set(AADServerParamKeys.REDIRECT_URI, redirectUri);
|
|
144
|
+
}
|
|
141
145
|
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
146
|
+
/**
|
|
147
|
+
* add post logout redirectUri
|
|
148
|
+
* @param redirectUri
|
|
149
|
+
*/
|
|
150
|
+
export function addPostLogoutRedirectUri(
|
|
151
|
+
parameters: Map<string, string>,
|
|
152
|
+
redirectUri: string
|
|
153
|
+
): void {
|
|
154
|
+
parameters.set(AADServerParamKeys.POST_LOGOUT_URI, redirectUri);
|
|
155
|
+
}
|
|
152
156
|
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
}
|
|
157
|
+
/**
|
|
158
|
+
* add id_token_hint to logout request
|
|
159
|
+
* @param idTokenHint
|
|
160
|
+
*/
|
|
161
|
+
export function addIdTokenHint(
|
|
162
|
+
parameters: Map<string, string>,
|
|
163
|
+
idTokenHint: string
|
|
164
|
+
): void {
|
|
165
|
+
parameters.set(AADServerParamKeys.ID_TOKEN_HINT, idTokenHint);
|
|
166
|
+
}
|
|
164
167
|
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
}
|
|
168
|
+
/**
|
|
169
|
+
* add domain_hint
|
|
170
|
+
* @param domainHint
|
|
171
|
+
*/
|
|
172
|
+
export function addDomainHint(
|
|
173
|
+
parameters: Map<string, string>,
|
|
174
|
+
domainHint: string
|
|
175
|
+
): void {
|
|
176
|
+
parameters.set(AADServerParamKeys.DOMAIN_HINT, domainHint);
|
|
177
|
+
}
|
|
176
178
|
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
179
|
+
/**
|
|
180
|
+
* add login_hint
|
|
181
|
+
* @param loginHint
|
|
182
|
+
*/
|
|
183
|
+
export function addLoginHint(
|
|
184
|
+
parameters: Map<string, string>,
|
|
185
|
+
loginHint: string
|
|
186
|
+
): void {
|
|
187
|
+
parameters.set(AADServerParamKeys.LOGIN_HINT, loginHint);
|
|
188
|
+
}
|
|
187
189
|
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
190
|
+
/**
|
|
191
|
+
* Adds the CCS (Cache Credential Service) query parameter for login_hint
|
|
192
|
+
* @param loginHint
|
|
193
|
+
*/
|
|
194
|
+
export function addCcsUpn(
|
|
195
|
+
parameters: Map<string, string>,
|
|
196
|
+
loginHint: string
|
|
197
|
+
): void {
|
|
198
|
+
parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
|
|
199
|
+
}
|
|
198
200
|
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
201
|
+
/**
|
|
202
|
+
* Adds the CCS (Cache Credential Service) query parameter for account object
|
|
203
|
+
* @param loginHint
|
|
204
|
+
*/
|
|
205
|
+
export function addCcsOid(
|
|
206
|
+
parameters: Map<string, string>,
|
|
207
|
+
clientInfo: ClientInfo
|
|
208
|
+
): void {
|
|
209
|
+
parameters.set(
|
|
210
|
+
HeaderNames.CCS_HEADER,
|
|
211
|
+
`Oid:${clientInfo.uid}@${clientInfo.utid}`
|
|
212
|
+
);
|
|
213
|
+
}
|
|
209
214
|
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
encodeURIComponent(`UPN:${loginHint}`)
|
|
218
|
-
);
|
|
219
|
-
}
|
|
215
|
+
/**
|
|
216
|
+
* add sid
|
|
217
|
+
* @param sid
|
|
218
|
+
*/
|
|
219
|
+
export function addSid(parameters: Map<string, string>, sid: string): void {
|
|
220
|
+
parameters.set(AADServerParamKeys.SID, sid);
|
|
221
|
+
}
|
|
220
222
|
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
223
|
+
/**
|
|
224
|
+
* add claims
|
|
225
|
+
* @param claims
|
|
226
|
+
*/
|
|
227
|
+
export function addClaims(
|
|
228
|
+
parameters: Map<string, string>,
|
|
229
|
+
claims?: string,
|
|
230
|
+
clientCapabilities?: Array<string>
|
|
231
|
+
): void {
|
|
232
|
+
const mergedClaims = addClientCapabilitiesToClaims(
|
|
233
|
+
claims,
|
|
234
|
+
clientCapabilities
|
|
235
|
+
);
|
|
236
|
+
try {
|
|
237
|
+
JSON.parse(mergedClaims);
|
|
238
|
+
} catch (e) {
|
|
239
|
+
throw createClientConfigurationError(
|
|
240
|
+
ClientConfigurationErrorCodes.invalidClaims
|
|
241
|
+
);
|
|
242
|
+
}
|
|
243
|
+
parameters.set(AADServerParamKeys.CLAIMS, mergedClaims);
|
|
244
|
+
}
|
|
231
245
|
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
246
|
+
/**
|
|
247
|
+
* add correlationId
|
|
248
|
+
* @param correlationId
|
|
249
|
+
*/
|
|
250
|
+
export function addCorrelationId(
|
|
251
|
+
parameters: Map<string, string>,
|
|
252
|
+
correlationId: string
|
|
253
|
+
): void {
|
|
254
|
+
parameters.set(AADServerParamKeys.CLIENT_REQUEST_ID, correlationId);
|
|
255
|
+
}
|
|
239
256
|
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
);
|
|
257
|
+
/**
|
|
258
|
+
* add library info query params
|
|
259
|
+
* @param libraryInfo
|
|
260
|
+
*/
|
|
261
|
+
export function addLibraryInfo(
|
|
262
|
+
parameters: Map<string, string>,
|
|
263
|
+
libraryInfo: LibraryInfo
|
|
264
|
+
): void {
|
|
265
|
+
// Telemetry Info
|
|
266
|
+
parameters.set(AADServerParamKeys.X_CLIENT_SKU, libraryInfo.sku);
|
|
267
|
+
parameters.set(AADServerParamKeys.X_CLIENT_VER, libraryInfo.version);
|
|
268
|
+
if (libraryInfo.os) {
|
|
269
|
+
parameters.set(AADServerParamKeys.X_CLIENT_OS, libraryInfo.os);
|
|
254
270
|
}
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
* add correlationId
|
|
258
|
-
* @param correlationId
|
|
259
|
-
*/
|
|
260
|
-
addCorrelationId(correlationId: string): void {
|
|
261
|
-
this.parameters.set(
|
|
262
|
-
AADServerParamKeys.CLIENT_REQUEST_ID,
|
|
263
|
-
encodeURIComponent(correlationId)
|
|
264
|
-
);
|
|
271
|
+
if (libraryInfo.cpu) {
|
|
272
|
+
parameters.set(AADServerParamKeys.X_CLIENT_CPU, libraryInfo.cpu);
|
|
265
273
|
}
|
|
274
|
+
}
|
|
266
275
|
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
);
|
|
278
|
-
if (libraryInfo.os) {
|
|
279
|
-
this.parameters.set(AADServerParamKeys.X_CLIENT_OS, libraryInfo.os);
|
|
280
|
-
}
|
|
281
|
-
if (libraryInfo.cpu) {
|
|
282
|
-
this.parameters.set(
|
|
283
|
-
AADServerParamKeys.X_CLIENT_CPU,
|
|
284
|
-
libraryInfo.cpu
|
|
285
|
-
);
|
|
286
|
-
}
|
|
276
|
+
/**
|
|
277
|
+
* Add client telemetry parameters
|
|
278
|
+
* @param appTelemetry
|
|
279
|
+
*/
|
|
280
|
+
export function addApplicationTelemetry(
|
|
281
|
+
parameters: Map<string, string>,
|
|
282
|
+
appTelemetry: ApplicationTelemetry
|
|
283
|
+
): void {
|
|
284
|
+
if (appTelemetry?.appName) {
|
|
285
|
+
parameters.set(AADServerParamKeys.X_APP_NAME, appTelemetry.appName);
|
|
287
286
|
}
|
|
288
287
|
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
* @param appTelemetry
|
|
292
|
-
*/
|
|
293
|
-
addApplicationTelemetry(appTelemetry: ApplicationTelemetry): void {
|
|
294
|
-
if (appTelemetry?.appName) {
|
|
295
|
-
this.parameters.set(
|
|
296
|
-
AADServerParamKeys.X_APP_NAME,
|
|
297
|
-
appTelemetry.appName
|
|
298
|
-
);
|
|
299
|
-
}
|
|
300
|
-
|
|
301
|
-
if (appTelemetry?.appVersion) {
|
|
302
|
-
this.parameters.set(
|
|
303
|
-
AADServerParamKeys.X_APP_VER,
|
|
304
|
-
appTelemetry.appVersion
|
|
305
|
-
);
|
|
306
|
-
}
|
|
288
|
+
if (appTelemetry?.appVersion) {
|
|
289
|
+
parameters.set(AADServerParamKeys.X_APP_VER, appTelemetry.appVersion);
|
|
307
290
|
}
|
|
291
|
+
}
|
|
308
292
|
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
}
|
|
293
|
+
/**
|
|
294
|
+
* add prompt
|
|
295
|
+
* @param prompt
|
|
296
|
+
*/
|
|
297
|
+
export function addPrompt(
|
|
298
|
+
parameters: Map<string, string>,
|
|
299
|
+
prompt: string
|
|
300
|
+
): void {
|
|
301
|
+
parameters.set(AADServerParamKeys.PROMPT, prompt);
|
|
302
|
+
}
|
|
320
303
|
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
AADServerParamKeys.STATE,
|
|
329
|
-
encodeURIComponent(state)
|
|
330
|
-
);
|
|
331
|
-
}
|
|
304
|
+
/**
|
|
305
|
+
* add state
|
|
306
|
+
* @param state
|
|
307
|
+
*/
|
|
308
|
+
export function addState(parameters: Map<string, string>, state: string): void {
|
|
309
|
+
if (state) {
|
|
310
|
+
parameters.set(AADServerParamKeys.STATE, state);
|
|
332
311
|
}
|
|
312
|
+
}
|
|
333
313
|
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
encodeURIComponent(nonce)
|
|
342
|
-
);
|
|
343
|
-
}
|
|
314
|
+
/**
|
|
315
|
+
* add nonce
|
|
316
|
+
* @param nonce
|
|
317
|
+
*/
|
|
318
|
+
export function addNonce(parameters: Map<string, string>, nonce: string): void {
|
|
319
|
+
parameters.set(AADServerParamKeys.NONCE, nonce);
|
|
320
|
+
}
|
|
344
321
|
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
322
|
+
/**
|
|
323
|
+
* add code_challenge and code_challenge_method
|
|
324
|
+
* - throw if either of them are not passed
|
|
325
|
+
* @param codeChallenge
|
|
326
|
+
* @param codeChallengeMethod
|
|
327
|
+
*/
|
|
328
|
+
export function addCodeChallengeParams(
|
|
329
|
+
parameters: Map<string, string>,
|
|
330
|
+
codeChallenge?: string,
|
|
331
|
+
codeChallengeMethod?: string
|
|
332
|
+
): void {
|
|
333
|
+
if (codeChallenge && codeChallengeMethod) {
|
|
334
|
+
parameters.set(AADServerParamKeys.CODE_CHALLENGE, codeChallenge);
|
|
335
|
+
parameters.set(
|
|
336
|
+
AADServerParamKeys.CODE_CHALLENGE_METHOD,
|
|
357
337
|
codeChallengeMethod
|
|
358
338
|
);
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
encodeURIComponent(codeChallenge)
|
|
363
|
-
);
|
|
364
|
-
this.parameters.set(
|
|
365
|
-
AADServerParamKeys.CODE_CHALLENGE_METHOD,
|
|
366
|
-
encodeURIComponent(codeChallengeMethod)
|
|
367
|
-
);
|
|
368
|
-
} else {
|
|
369
|
-
throw createClientConfigurationError(
|
|
370
|
-
ClientConfigurationErrorCodes.pkceParamsMissing
|
|
371
|
-
);
|
|
372
|
-
}
|
|
373
|
-
}
|
|
374
|
-
|
|
375
|
-
/**
|
|
376
|
-
* add the `authorization_code` passed by the user to exchange for a token
|
|
377
|
-
* @param code
|
|
378
|
-
*/
|
|
379
|
-
addAuthorizationCode(code: string): void {
|
|
380
|
-
this.parameters.set(AADServerParamKeys.CODE, encodeURIComponent(code));
|
|
381
|
-
}
|
|
382
|
-
|
|
383
|
-
/**
|
|
384
|
-
* add the `authorization_code` passed by the user to exchange for a token
|
|
385
|
-
* @param code
|
|
386
|
-
*/
|
|
387
|
-
addDeviceCode(code: string): void {
|
|
388
|
-
this.parameters.set(
|
|
389
|
-
AADServerParamKeys.DEVICE_CODE,
|
|
390
|
-
encodeURIComponent(code)
|
|
391
|
-
);
|
|
392
|
-
}
|
|
393
|
-
|
|
394
|
-
/**
|
|
395
|
-
* add the `refreshToken` passed by the user
|
|
396
|
-
* @param refreshToken
|
|
397
|
-
*/
|
|
398
|
-
addRefreshToken(refreshToken: string): void {
|
|
399
|
-
this.parameters.set(
|
|
400
|
-
AADServerParamKeys.REFRESH_TOKEN,
|
|
401
|
-
encodeURIComponent(refreshToken)
|
|
339
|
+
} else {
|
|
340
|
+
throw createClientConfigurationError(
|
|
341
|
+
ClientConfigurationErrorCodes.pkceParamsMissing
|
|
402
342
|
);
|
|
403
343
|
}
|
|
344
|
+
}
|
|
404
345
|
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
346
|
+
/**
|
|
347
|
+
* add the `authorization_code` passed by the user to exchange for a token
|
|
348
|
+
* @param code
|
|
349
|
+
*/
|
|
350
|
+
export function addAuthorizationCode(
|
|
351
|
+
parameters: Map<string, string>,
|
|
352
|
+
code: string
|
|
353
|
+
): void {
|
|
354
|
+
parameters.set(AADServerParamKeys.CODE, code);
|
|
355
|
+
}
|
|
415
356
|
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
357
|
+
/**
|
|
358
|
+
* add the `authorization_code` passed by the user to exchange for a token
|
|
359
|
+
* @param code
|
|
360
|
+
*/
|
|
361
|
+
export function addDeviceCode(
|
|
362
|
+
parameters: Map<string, string>,
|
|
363
|
+
code: string
|
|
364
|
+
): void {
|
|
365
|
+
parameters.set(AADServerParamKeys.DEVICE_CODE, code);
|
|
366
|
+
}
|
|
426
367
|
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
}
|
|
438
|
-
}
|
|
368
|
+
/**
|
|
369
|
+
* add the `refreshToken` passed by the user
|
|
370
|
+
* @param refreshToken
|
|
371
|
+
*/
|
|
372
|
+
export function addRefreshToken(
|
|
373
|
+
parameters: Map<string, string>,
|
|
374
|
+
refreshToken: string
|
|
375
|
+
): void {
|
|
376
|
+
parameters.set(AADServerParamKeys.REFRESH_TOKEN, refreshToken);
|
|
377
|
+
}
|
|
439
378
|
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
}
|
|
451
|
-
}
|
|
379
|
+
/**
|
|
380
|
+
* add the `code_verifier` passed by the user to exchange for a token
|
|
381
|
+
* @param codeVerifier
|
|
382
|
+
*/
|
|
383
|
+
export function addCodeVerifier(
|
|
384
|
+
parameters: Map<string, string>,
|
|
385
|
+
codeVerifier: string
|
|
386
|
+
): void {
|
|
387
|
+
parameters.set(AADServerParamKeys.CODE_VERIFIER, codeVerifier);
|
|
388
|
+
}
|
|
452
389
|
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
390
|
+
/**
|
|
391
|
+
* add client_secret
|
|
392
|
+
* @param clientSecret
|
|
393
|
+
*/
|
|
394
|
+
export function addClientSecret(
|
|
395
|
+
parameters: Map<string, string>,
|
|
396
|
+
clientSecret: string
|
|
397
|
+
): void {
|
|
398
|
+
parameters.set(AADServerParamKeys.CLIENT_SECRET, clientSecret);
|
|
399
|
+
}
|
|
463
400
|
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
401
|
+
/**
|
|
402
|
+
* add clientAssertion for confidential client flows
|
|
403
|
+
* @param clientAssertion
|
|
404
|
+
*/
|
|
405
|
+
export function addClientAssertion(
|
|
406
|
+
parameters: Map<string, string>,
|
|
407
|
+
clientAssertion: string
|
|
408
|
+
): void {
|
|
409
|
+
if (clientAssertion) {
|
|
410
|
+
parameters.set(AADServerParamKeys.CLIENT_ASSERTION, clientAssertion);
|
|
473
411
|
}
|
|
412
|
+
}
|
|
474
413
|
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
414
|
+
/**
|
|
415
|
+
* add clientAssertionType for confidential client flows
|
|
416
|
+
* @param clientAssertionType
|
|
417
|
+
*/
|
|
418
|
+
export function addClientAssertionType(
|
|
419
|
+
parameters: Map<string, string>,
|
|
420
|
+
clientAssertionType: string
|
|
421
|
+
): void {
|
|
422
|
+
if (clientAssertionType) {
|
|
423
|
+
parameters.set(
|
|
424
|
+
AADServerParamKeys.CLIENT_ASSERTION_TYPE,
|
|
425
|
+
clientAssertionType
|
|
483
426
|
);
|
|
484
427
|
}
|
|
428
|
+
}
|
|
485
429
|
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
* @param eQParams
|
|
497
|
-
*/
|
|
498
|
-
addExtraQueryParameters(eQParams: StringDict): void {
|
|
499
|
-
Object.entries(eQParams).forEach(([key, value]) => {
|
|
500
|
-
if (!this.parameters.has(key) && value) {
|
|
501
|
-
this.parameters.set(key, value);
|
|
502
|
-
}
|
|
503
|
-
});
|
|
504
|
-
}
|
|
505
|
-
|
|
506
|
-
addClientCapabilitiesToClaims(
|
|
507
|
-
claims?: string,
|
|
508
|
-
clientCapabilities?: Array<string>
|
|
509
|
-
): string {
|
|
510
|
-
let mergedClaims: object;
|
|
511
|
-
|
|
512
|
-
// Parse provided claims into JSON object or initialize empty object
|
|
513
|
-
if (!claims) {
|
|
514
|
-
mergedClaims = {};
|
|
515
|
-
} else {
|
|
516
|
-
try {
|
|
517
|
-
mergedClaims = JSON.parse(claims);
|
|
518
|
-
} catch (e) {
|
|
519
|
-
throw createClientConfigurationError(
|
|
520
|
-
ClientConfigurationErrorCodes.invalidClaims
|
|
521
|
-
);
|
|
522
|
-
}
|
|
523
|
-
}
|
|
430
|
+
/**
|
|
431
|
+
* add OBO assertion for confidential client flows
|
|
432
|
+
* @param clientAssertion
|
|
433
|
+
*/
|
|
434
|
+
export function addOboAssertion(
|
|
435
|
+
parameters: Map<string, string>,
|
|
436
|
+
oboAssertion: string
|
|
437
|
+
): void {
|
|
438
|
+
parameters.set(AADServerParamKeys.OBO_ASSERTION, oboAssertion);
|
|
439
|
+
}
|
|
524
440
|
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
441
|
+
/**
|
|
442
|
+
* add grant type
|
|
443
|
+
* @param grantType
|
|
444
|
+
*/
|
|
445
|
+
export function addRequestTokenUse(
|
|
446
|
+
parameters: Map<string, string>,
|
|
447
|
+
tokenUse: string
|
|
448
|
+
): void {
|
|
449
|
+
parameters.set(AADServerParamKeys.REQUESTED_TOKEN_USE, tokenUse);
|
|
450
|
+
}
|
|
530
451
|
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
|
|
535
|
-
|
|
536
|
-
|
|
537
|
-
|
|
452
|
+
/**
|
|
453
|
+
* add grant type
|
|
454
|
+
* @param grantType
|
|
455
|
+
*/
|
|
456
|
+
export function addGrantType(
|
|
457
|
+
parameters: Map<string, string>,
|
|
458
|
+
grantType: string
|
|
459
|
+
): void {
|
|
460
|
+
parameters.set(AADServerParamKeys.GRANT_TYPE, grantType);
|
|
461
|
+
}
|
|
538
462
|
|
|
539
|
-
|
|
540
|
-
|
|
463
|
+
/**
|
|
464
|
+
* add client info
|
|
465
|
+
*
|
|
466
|
+
*/
|
|
467
|
+
export function addClientInfo(parameters: Map<string, string>): void {
|
|
468
|
+
parameters.set(CLIENT_INFO, "1");
|
|
469
|
+
}
|
|
541
470
|
|
|
542
|
-
|
|
543
|
-
|
|
544
|
-
|
|
545
|
-
*/
|
|
546
|
-
addUsername(username: string): void {
|
|
547
|
-
this.parameters.set(
|
|
548
|
-
PasswordGrantConstants.username,
|
|
549
|
-
encodeURIComponent(username)
|
|
550
|
-
);
|
|
471
|
+
export function addInstanceAware(parameters: Map<string, string>): void {
|
|
472
|
+
if (!parameters.has(AADServerParamKeys.INSTANCE_AWARE)) {
|
|
473
|
+
parameters.set(AADServerParamKeys.INSTANCE_AWARE, "true");
|
|
551
474
|
}
|
|
475
|
+
}
|
|
552
476
|
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
477
|
+
/**
|
|
478
|
+
* add extraQueryParams
|
|
479
|
+
* @param eQParams
|
|
480
|
+
*/
|
|
481
|
+
export function addExtraQueryParameters(
|
|
482
|
+
parameters: Map<string, string>,
|
|
483
|
+
eQParams: StringDict
|
|
484
|
+
): void {
|
|
485
|
+
Object.entries(eQParams).forEach(([key, value]) => {
|
|
486
|
+
if (!parameters.has(key) && value) {
|
|
487
|
+
parameters.set(key, value);
|
|
488
|
+
}
|
|
489
|
+
});
|
|
490
|
+
}
|
|
563
491
|
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
492
|
+
export function addClientCapabilitiesToClaims(
|
|
493
|
+
claims?: string,
|
|
494
|
+
clientCapabilities?: Array<string>
|
|
495
|
+
): string {
|
|
496
|
+
let mergedClaims: object;
|
|
497
|
+
|
|
498
|
+
// Parse provided claims into JSON object or initialize empty object
|
|
499
|
+
if (!claims) {
|
|
500
|
+
mergedClaims = {};
|
|
501
|
+
} else {
|
|
502
|
+
try {
|
|
503
|
+
mergedClaims = JSON.parse(claims);
|
|
504
|
+
} catch (e) {
|
|
505
|
+
throw createClientConfigurationError(
|
|
506
|
+
ClientConfigurationErrorCodes.invalidClaims
|
|
577
507
|
);
|
|
578
508
|
}
|
|
579
509
|
}
|
|
580
510
|
|
|
581
|
-
|
|
582
|
-
|
|
583
|
-
|
|
584
|
-
|
|
585
|
-
if (sshJwkString) {
|
|
586
|
-
this.parameters.set(
|
|
587
|
-
AADServerParamKeys.TOKEN_TYPE,
|
|
588
|
-
AuthenticationScheme.SSH
|
|
589
|
-
);
|
|
590
|
-
this.parameters.set(
|
|
591
|
-
AADServerParamKeys.REQ_CNF,
|
|
592
|
-
encodeURIComponent(sshJwkString)
|
|
593
|
-
);
|
|
511
|
+
if (clientCapabilities && clientCapabilities.length > 0) {
|
|
512
|
+
if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
|
|
513
|
+
// Add access_token key to claims object
|
|
514
|
+
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
|
|
594
515
|
}
|
|
595
|
-
}
|
|
596
516
|
|
|
597
|
-
|
|
598
|
-
|
|
599
|
-
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
this.parameters.set(
|
|
603
|
-
AADServerParamKeys.X_CLIENT_CURR_TELEM,
|
|
604
|
-
serverTelemetryManager.generateCurrentRequestHeaderValue()
|
|
605
|
-
);
|
|
606
|
-
this.parameters.set(
|
|
607
|
-
AADServerParamKeys.X_CLIENT_LAST_TELEM,
|
|
608
|
-
serverTelemetryManager.generateLastRequestHeaderValue()
|
|
609
|
-
);
|
|
517
|
+
// Add xms_cc claim with provided clientCapabilities to access_token key
|
|
518
|
+
mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
|
|
519
|
+
{
|
|
520
|
+
values: clientCapabilities,
|
|
521
|
+
};
|
|
610
522
|
}
|
|
611
523
|
|
|
612
|
-
|
|
613
|
-
|
|
614
|
-
*/
|
|
615
|
-
addThrottling(): void {
|
|
616
|
-
this.parameters.set(
|
|
617
|
-
AADServerParamKeys.X_MS_LIB_CAPABILITY,
|
|
618
|
-
ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE
|
|
619
|
-
);
|
|
620
|
-
}
|
|
524
|
+
return JSON.stringify(mergedClaims);
|
|
525
|
+
}
|
|
621
526
|
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
|
|
627
|
-
|
|
628
|
-
|
|
629
|
-
|
|
527
|
+
/**
|
|
528
|
+
* adds `username` for Password Grant flow
|
|
529
|
+
* @param username
|
|
530
|
+
*/
|
|
531
|
+
export function addUsername(
|
|
532
|
+
parameters: Map<string, string>,
|
|
533
|
+
username: string
|
|
534
|
+
): void {
|
|
535
|
+
parameters.set(PasswordGrantConstants.username, username);
|
|
536
|
+
}
|
|
537
|
+
|
|
538
|
+
/**
|
|
539
|
+
* adds `password` for Password Grant flow
|
|
540
|
+
* @param password
|
|
541
|
+
*/
|
|
542
|
+
export function addPassword(
|
|
543
|
+
parameters: Map<string, string>,
|
|
544
|
+
password: string
|
|
545
|
+
): void {
|
|
546
|
+
parameters.set(PasswordGrantConstants.password, password);
|
|
547
|
+
}
|
|
548
|
+
|
|
549
|
+
/**
|
|
550
|
+
* add pop_jwk to query params
|
|
551
|
+
* @param cnfString
|
|
552
|
+
*/
|
|
553
|
+
export function addPopToken(
|
|
554
|
+
parameters: Map<string, string>,
|
|
555
|
+
cnfString: string
|
|
556
|
+
): void {
|
|
557
|
+
if (cnfString) {
|
|
558
|
+
parameters.set(AADServerParamKeys.TOKEN_TYPE, AuthenticationScheme.POP);
|
|
559
|
+
parameters.set(AADServerParamKeys.REQ_CNF, cnfString);
|
|
630
560
|
}
|
|
561
|
+
}
|
|
631
562
|
|
|
632
|
-
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
this.addExtraQueryParameters(brokerParams);
|
|
563
|
+
/**
|
|
564
|
+
* add SSH JWK and key ID to query params
|
|
565
|
+
*/
|
|
566
|
+
export function addSshJwk(
|
|
567
|
+
parameters: Map<string, string>,
|
|
568
|
+
sshJwkString: string
|
|
569
|
+
): void {
|
|
570
|
+
if (sshJwkString) {
|
|
571
|
+
parameters.set(AADServerParamKeys.TOKEN_TYPE, AuthenticationScheme.SSH);
|
|
572
|
+
parameters.set(AADServerParamKeys.REQ_CNF, sshJwkString);
|
|
643
573
|
}
|
|
574
|
+
}
|
|
644
575
|
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
576
|
+
/**
|
|
577
|
+
* add server telemetry fields
|
|
578
|
+
* @param serverTelemetryManager
|
|
579
|
+
*/
|
|
580
|
+
export function addServerTelemetry(
|
|
581
|
+
parameters: Map<string, string>,
|
|
582
|
+
serverTelemetryManager: ServerTelemetryManager
|
|
583
|
+
): void {
|
|
584
|
+
parameters.set(
|
|
585
|
+
AADServerParamKeys.X_CLIENT_CURR_TELEM,
|
|
586
|
+
serverTelemetryManager.generateCurrentRequestHeaderValue()
|
|
587
|
+
);
|
|
588
|
+
parameters.set(
|
|
589
|
+
AADServerParamKeys.X_CLIENT_LAST_TELEM,
|
|
590
|
+
serverTelemetryManager.generateLastRequestHeaderValue()
|
|
591
|
+
);
|
|
592
|
+
}
|
|
650
593
|
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
594
|
+
/**
|
|
595
|
+
* Adds parameter that indicates to the server that throttling is supported
|
|
596
|
+
*/
|
|
597
|
+
export function addThrottling(parameters: Map<string, string>): void {
|
|
598
|
+
parameters.set(
|
|
599
|
+
AADServerParamKeys.X_MS_LIB_CAPABILITY,
|
|
600
|
+
ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE
|
|
601
|
+
);
|
|
602
|
+
}
|
|
654
603
|
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
|
|
658
|
-
|
|
659
|
-
|
|
604
|
+
/**
|
|
605
|
+
* Adds logout_hint parameter for "silent" logout which prevent server account picker
|
|
606
|
+
*/
|
|
607
|
+
export function addLogoutHint(
|
|
608
|
+
parameters: Map<string, string>,
|
|
609
|
+
logoutHint: string
|
|
610
|
+
): void {
|
|
611
|
+
parameters.set(AADServerParamKeys.LOGOUT_HINT, logoutHint);
|
|
612
|
+
}
|
|
660
613
|
|
|
661
|
-
|
|
614
|
+
export function addBrokerParameters(
|
|
615
|
+
parameters: Map<string, string>,
|
|
616
|
+
brokerClientId: string,
|
|
617
|
+
brokerRedirectUri: string
|
|
618
|
+
): void {
|
|
619
|
+
if (!parameters.has(AADServerParamKeys.BROKER_CLIENT_ID)) {
|
|
620
|
+
parameters.set(AADServerParamKeys.BROKER_CLIENT_ID, brokerClientId);
|
|
621
|
+
}
|
|
622
|
+
if (!parameters.has(AADServerParamKeys.BROKER_REDIRECT_URI)) {
|
|
623
|
+
parameters.set(
|
|
624
|
+
AADServerParamKeys.BROKER_REDIRECT_URI,
|
|
625
|
+
brokerRedirectUri
|
|
626
|
+
);
|
|
662
627
|
}
|
|
663
628
|
}
|