@azure/msal-common 15.2.1 → 15.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (149) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +1 -1
  7. package/dist/authority/AuthorityFactory.mjs +1 -1
  8. package/dist/authority/AuthorityMetadata.mjs +1 -1
  9. package/dist/authority/AuthorityOptions.mjs +1 -1
  10. package/dist/authority/AuthorityType.mjs +1 -1
  11. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  13. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  14. package/dist/authority/ProtocolMode.mjs +1 -1
  15. package/dist/authority/RegionDiscovery.mjs +1 -1
  16. package/dist/cache/CacheManager.mjs +1 -1
  17. package/dist/cache/entities/AccountEntity.mjs +1 -1
  18. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  19. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  20. package/dist/client/AuthorizationCodeClient.d.ts +0 -31
  21. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  22. package/dist/client/AuthorizationCodeClient.mjs +41 -246
  23. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  24. package/dist/client/BaseClient.d.ts.map +1 -1
  25. package/dist/client/BaseClient.mjs +9 -10
  26. package/dist/client/BaseClient.mjs.map +1 -1
  27. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  28. package/dist/client/RefreshTokenClient.mjs +27 -29
  29. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  30. package/dist/client/SilentFlowClient.mjs +1 -1
  31. package/dist/config/ClientConfiguration.mjs +1 -1
  32. package/dist/constants/AADServerParamKeys.d.ts +1 -0
  33. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  34. package/dist/constants/AADServerParamKeys.mjs +4 -3
  35. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  36. package/dist/crypto/ICrypto.mjs +1 -1
  37. package/dist/crypto/JoseHeader.mjs +1 -1
  38. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  39. package/dist/error/AuthError.mjs +1 -1
  40. package/dist/error/AuthErrorCodes.mjs +1 -1
  41. package/dist/error/CacheError.mjs +1 -1
  42. package/dist/error/CacheErrorCodes.mjs +1 -1
  43. package/dist/error/ClientAuthError.mjs +1 -1
  44. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  45. package/dist/error/ClientConfigurationError.mjs +1 -1
  46. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  47. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  48. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  49. package/dist/error/JoseHeaderError.mjs +1 -1
  50. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  51. package/dist/error/NetworkError.mjs +1 -1
  52. package/dist/error/ServerError.mjs +1 -1
  53. package/dist/exports-common.d.ts +3 -2
  54. package/dist/exports-common.d.ts.map +1 -1
  55. package/dist/index-browser.mjs +5 -2
  56. package/dist/index-browser.mjs.map +1 -1
  57. package/dist/index-node.mjs +5 -2
  58. package/dist/index-node.mjs.map +1 -1
  59. package/dist/index.mjs +5 -2
  60. package/dist/index.mjs.map +1 -1
  61. package/dist/logger/Logger.mjs +1 -1
  62. package/dist/network/INetworkModule.mjs +1 -1
  63. package/dist/network/RequestThumbprint.mjs +1 -1
  64. package/dist/network/ThrottlingUtils.mjs +1 -1
  65. package/dist/packageMetadata.d.ts +1 -1
  66. package/dist/packageMetadata.mjs +2 -2
  67. package/dist/protocol/Authorize.d.ts +37 -0
  68. package/dist/protocol/Authorize.d.ts.map +1 -0
  69. package/dist/protocol/Authorize.mjs +237 -0
  70. package/dist/protocol/Authorize.mjs.map +1 -0
  71. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  72. package/dist/request/RequestParameterBuilder.d.ts +206 -218
  73. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  74. package/dist/request/RequestParameterBuilder.mjs +356 -369
  75. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  76. package/dist/request/RequestValidator.mjs +1 -1
  77. package/dist/request/ScopeSet.mjs +1 -1
  78. package/dist/response/AuthorizeResponse.d.ts +72 -0
  79. package/dist/response/AuthorizeResponse.d.ts.map +1 -0
  80. package/dist/response/ResponseHandler.d.ts +0 -8
  81. package/dist/response/ResponseHandler.d.ts.map +1 -1
  82. package/dist/response/ResponseHandler.mjs +2 -49
  83. package/dist/response/ResponseHandler.mjs.map +1 -1
  84. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  85. package/dist/telemetry/performance/PerformanceEvent.d.ts +1 -2
  86. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  87. package/dist/telemetry/performance/PerformanceEvent.mjs +2 -11
  88. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  89. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  90. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  91. package/dist/url/UrlString.mjs +1 -1
  92. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  93. package/dist/utils/Constants.mjs +1 -1
  94. package/dist/utils/FunctionWrappers.mjs +1 -1
  95. package/dist/utils/ProtocolUtils.mjs +1 -1
  96. package/dist/utils/StringUtils.mjs +1 -1
  97. package/dist/utils/TimeUtils.mjs +1 -1
  98. package/dist/utils/UrlUtils.d.ts +6 -2
  99. package/dist/utils/UrlUtils.d.ts.map +1 -1
  100. package/dist/utils/UrlUtils.mjs +12 -2
  101. package/dist/utils/UrlUtils.mjs.map +1 -1
  102. package/lib/index-browser.cjs +3 -2
  103. package/lib/index-browser.cjs.map +1 -1
  104. package/lib/{index-node--LMD5Re1.js → index-node-BjtDFnOl.js} +782 -768
  105. package/lib/index-node-BjtDFnOl.js.map +1 -0
  106. package/lib/index-node.cjs +3 -2
  107. package/lib/index-node.cjs.map +1 -1
  108. package/lib/index.cjs +3 -2
  109. package/lib/index.cjs.map +1 -1
  110. package/lib/types/client/AuthorizationCodeClient.d.ts +0 -31
  111. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  112. package/lib/types/client/BaseClient.d.ts.map +1 -1
  113. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  114. package/lib/types/constants/AADServerParamKeys.d.ts +1 -0
  115. package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
  116. package/lib/types/exports-common.d.ts +3 -2
  117. package/lib/types/exports-common.d.ts.map +1 -1
  118. package/lib/types/packageMetadata.d.ts +1 -1
  119. package/lib/types/protocol/Authorize.d.ts +37 -0
  120. package/lib/types/protocol/Authorize.d.ts.map +1 -0
  121. package/lib/types/request/RequestParameterBuilder.d.ts +206 -218
  122. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  123. package/lib/types/response/AuthorizeResponse.d.ts +72 -0
  124. package/lib/types/response/AuthorizeResponse.d.ts.map +1 -0
  125. package/lib/types/response/ResponseHandler.d.ts +0 -8
  126. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  127. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +1 -2
  128. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  129. package/lib/types/utils/UrlUtils.d.ts +6 -2
  130. package/lib/types/utils/UrlUtils.d.ts.map +1 -1
  131. package/package.json +1 -1
  132. package/src/client/AuthorizationCodeClient.ts +84 -395
  133. package/src/client/BaseClient.ts +20 -12
  134. package/src/client/RefreshTokenClient.ts +60 -30
  135. package/src/constants/AADServerParamKeys.ts +1 -0
  136. package/src/exports-common.ts +4 -2
  137. package/src/packageMetadata.ts +1 -1
  138. package/src/protocol/Authorize.ts +409 -0
  139. package/src/request/RequestParameterBuilder.ts +508 -543
  140. package/src/response/AuthorizeResponse.ts +76 -0
  141. package/src/response/ResponseHandler.ts +0 -98
  142. package/src/telemetry/performance/PerformanceEvent.ts +1 -11
  143. package/src/utils/UrlUtils.ts +18 -4
  144. package/dist/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  145. package/dist/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  146. package/lib/index-node--LMD5Re1.js.map +0 -1
  147. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  148. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  149. package/src/response/ServerAuthorizationCodeResponse.ts +0 -34
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
4
4
  import { tokenParsingError, nullOrEmptyToken, maxAgeTranspired } from '../error/ClientAuthErrorCodes.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
4
4
  import { Separators, Constants } from '../utils/Constants.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { AuthorityType } from './AuthorityType.mjs';
4
4
  import { isOpenIdConfigResponse } from './OpenIdConfigResponse.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { Authority, formatAuthorityUri } from './Authority.mjs';
4
4
  import { createClientAuthError } from '../error/ClientAuthError.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { UrlString } from '../url/UrlString.mjs';
4
4
  import { AuthorityMetadataSource } from '../utils/Constants.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { Constants, ResponseCodes, RegionDiscoverySources } from '../utils/Constants.mjs';
4
4
  import { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { Separators, CredentialType, AuthenticationScheme, THE_FAMILY_ID, APP_METADATA, AUTHORITY_METADATA_CONSTANTS } from '../utils/Constants.mjs';
4
4
  import { generateCredentialKey } from './utils/CacheHelpers.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { Separators, CacheAccountType } from '../../utils/Constants.mjs';
4
4
  import { buildClientInfo } from '../../account/ClientInfo.mjs';
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  /*
4
4
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { extractTokenClaims } from '../../account/AuthToken.mjs';
4
4
  import { createClientAuthError } from '../../error/ClientAuthError.mjs';
@@ -1,9 +1,7 @@
1
1
  import { BaseClient } from "./BaseClient.js";
2
- import { CommonAuthorizationUrlRequest } from "../request/CommonAuthorizationUrlRequest.js";
3
2
  import { CommonAuthorizationCodeRequest } from "../request/CommonAuthorizationCodeRequest.js";
4
3
  import { ClientConfiguration } from "../config/ClientConfiguration.js";
5
4
  import { AuthenticationResult } from "../response/AuthenticationResult.js";
6
- import { ServerAuthorizationCodeResponse } from "../response/ServerAuthorizationCodeResponse.js";
7
5
  import { CommonEndSessionRequest } from "../request/CommonEndSessionRequest.js";
8
6
  import { AuthorizationCodePayload } from "../response/AuthorizationCodePayload.js";
9
7
  import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
@@ -15,29 +13,12 @@ export declare class AuthorizationCodeClient extends BaseClient {
15
13
  protected includeRedirectUri: boolean;
16
14
  private oidcDefaultScopes;
17
15
  constructor(configuration: ClientConfiguration, performanceClient?: IPerformanceClient);
18
- /**
19
- * Creates the URL of the authorization request letting the user input credentials and consent to the
20
- * application. The URL target the /authorize endpoint of the authority configured in the
21
- * application object.
22
- *
23
- * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI
24
- * sent in the request and should contain an authorization code, which can then be used to acquire tokens via
25
- * acquireToken(AuthorizationCodeRequest)
26
- * @param request
27
- */
28
- getAuthCodeUrl(request: CommonAuthorizationUrlRequest): Promise<string>;
29
16
  /**
30
17
  * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
31
18
  * authorization_code_grant
32
19
  * @param request
33
20
  */
34
21
  acquireToken(request: CommonAuthorizationCodeRequest, authCodePayload?: AuthorizationCodePayload): Promise<AuthenticationResult>;
35
- /**
36
- * Handles the hash fragment response from public client code request. Returns a code response used by
37
- * the client to exchange for a token in acquireToken.
38
- * @param hashFragment
39
- */
40
- handleFragmentResponse(serverParams: ServerAuthorizationCodeResponse, cachedState: string): AuthorizationCodePayload;
41
22
  /**
42
23
  * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
43
24
  * Default behaviour is to redirect the user to `window.location.href`.
@@ -55,22 +36,10 @@ export declare class AuthorizationCodeClient extends BaseClient {
55
36
  * @param request
56
37
  */
57
38
  private createTokenRequestBody;
58
- /**
59
- * This API validates the `AuthorizationCodeUrlRequest` and creates a URL
60
- * @param request
61
- */
62
- private createAuthCodeUrlQueryString;
63
39
  /**
64
40
  * This API validates the `EndSessionRequest` and creates a URL
65
41
  * @param request
66
42
  */
67
43
  private createLogoutUrlQueryString;
68
- private addExtraQueryParams;
69
- /**
70
- * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.
71
- * @param account
72
- */
73
- private extractAccountSid;
74
- private extractLoginHint;
75
44
  }
76
45
  //# sourceMappingURL=AuthorizationCodeClient.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../../src/client/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,6BAA6B,EAAE,MAAM,6CAA6C,CAAC;AAC5F,OAAO,EAAE,8BAA8B,EAAE,MAAM,8CAA8C,CAAC;AAW9F,OAAO,EACH,mBAAmB,EAEtB,MAAM,kCAAkC,CAAC;AAI1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAO3E,OAAO,EAAE,+BAA+B,EAAE,MAAM,gDAAgD,CAAC;AACjG,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAEhF,OAAO,EAAE,wBAAwB,EAAE,MAAM,yCAAyC,CAAC;AAanF,OAAO,EAAE,kBAAkB,EAAE,MAAM,gDAAgD,CAAC;AAOpF;;;GAGG;AACH,qBAAa,uBAAwB,SAAQ,UAAU;IAEnD,SAAS,CAAC,kBAAkB,EAAE,OAAO,CAAQ;IAC7C,OAAO,CAAC,iBAAiB,CAAC;gBAGtB,aAAa,EAAE,mBAAmB,EAClC,iBAAiB,CAAC,EAAE,kBAAkB;IAO1C;;;;;;;;;OASG;IACG,cAAc,CAChB,OAAO,EAAE,6BAA6B,GACvC,OAAO,CAAC,MAAM,CAAC;IAoBlB;;;;OAIG;IACG,YAAY,CACd,OAAO,EAAE,8BAA8B,EACvC,eAAe,CAAC,EAAE,wBAAwB,GAC3C,OAAO,CAAC,oBAAoB,CAAC;IAwDhC;;;;OAIG;IACH,sBAAsB,CAClB,YAAY,EAAE,+BAA+B,EAC7C,WAAW,EAAE,MAAM,GACpB,wBAAwB;IA2B3B;;;;OAIG;IACH,YAAY,CAAC,aAAa,EAAE,uBAAuB,GAAG,MAAM;IAgB5D;;;;OAIG;YACW,mBAAmB;IAiEjC;;;OAGG;YACW,sBAAsB;IAoMpC;;;OAGG;YACW,4BAA4B;IA4P1C;;;OAGG;IACH,OAAO,CAAC,0BAA0B;IAmClC,OAAO,CAAC,mBAAmB;IAqB3B;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAIzB,OAAO,CAAC,gBAAgB;CAG3B"}
1
+ {"version":3,"file":"AuthorizationCodeClient.d.ts","sourceRoot":"","sources":["../../src/client/AuthorizationCodeClient.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,8BAA8B,EAAE,MAAM,8CAA8C,CAAC;AAW9F,OAAO,EACH,mBAAmB,EAEtB,MAAM,kCAAkC,CAAC;AAI1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,qCAAqC,CAAC;AAO3E,OAAO,EAAE,uBAAuB,EAAE,MAAM,uCAAuC,CAAC;AAEhF,OAAO,EAAE,wBAAwB,EAAE,MAAM,yCAAyC,CAAC;AAYnF,OAAO,EAAE,kBAAkB,EAAE,MAAM,gDAAgD,CAAC;AAOpF;;;GAGG;AACH,qBAAa,uBAAwB,SAAQ,UAAU;IAEnD,SAAS,CAAC,kBAAkB,EAAE,OAAO,CAAQ;IAC7C,OAAO,CAAC,iBAAiB,CAAC;gBAGtB,aAAa,EAAE,mBAAmB,EAClC,iBAAiB,CAAC,EAAE,kBAAkB;IAO1C;;;;OAIG;IACG,YAAY,CACd,OAAO,EAAE,8BAA8B,EACvC,eAAe,CAAC,EAAE,wBAAwB,GAC3C,OAAO,CAAC,oBAAoB,CAAC;IAwDhC;;;;OAIG;IACH,YAAY,CAAC,aAAa,EAAE,uBAAuB,GAAG,MAAM;IAgB5D;;;;OAIG;YACW,mBAAmB;IAiEjC;;;OAGG;YACW,sBAAsB;IAoOpC;;;OAGG;IACH,OAAO,CAAC,0BAA0B;CAkDrC"}
@@ -1,8 +1,9 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  import { BaseClient } from './BaseClient.mjs';
4
- import { RequestParameterBuilder } from '../request/RequestParameterBuilder.mjs';
5
- import { Separators, GrantType, AuthenticationScheme, PromptValue, HeaderNames } from '../utils/Constants.mjs';
4
+ import { addClientId, addRedirectUri, addScopes, addAuthorizationCode, addLibraryInfo, addApplicationTelemetry, addThrottling, addServerTelemetry, addCodeVerifier, addClientSecret, addClientAssertion, addClientAssertionType, addGrantType, addClientInfo, addPopToken, addSshJwk, addClaims, addCcsUpn, addCcsOid, addBrokerParameters, addExtraQueryParameters, instrumentBrokerParams, addPostLogoutRedirectUri, addCorrelationId, addIdTokenHint, addState, addLogoutHint, addInstanceAware } from '../request/RequestParameterBuilder.mjs';
5
+ import { mapToQueryString } from '../utils/UrlUtils.mjs';
6
+ import { Separators, GrantType, AuthenticationScheme, HeaderNames } from '../utils/Constants.mjs';
6
7
  import { CLIENT_ID, RETURN_SPA_CODE } from '../constants/AADServerParamKeys.mjs';
7
8
  import { isOidcProtocolMode } from '../config/ClientConfiguration.mjs';
8
9
  import { ResponseHandler } from '../response/ResponseHandler.mjs';
@@ -19,7 +20,7 @@ import { PerformanceEvents } from '../telemetry/performance/PerformanceEvent.mjs
19
20
  import { invokeAsync } from '../utils/FunctionWrappers.mjs';
20
21
  import { getClientAssertion } from '../utils/ClientAssertionUtils.mjs';
21
22
  import { getRequestThumbprint } from '../network/RequestThumbprint.mjs';
22
- import { requestCannotBeMade, authorizationCodeMissingFromServerResponse } from '../error/ClientAuthErrorCodes.mjs';
23
+ import { requestCannotBeMade } from '../error/ClientAuthErrorCodes.mjs';
23
24
  import { logoutRequestEmpty, missingSshJwk } from '../error/ClientConfigurationErrorCodes.mjs';
24
25
 
25
26
  /*
@@ -38,21 +39,6 @@ class AuthorizationCodeClient extends BaseClient {
38
39
  this.oidcDefaultScopes =
39
40
  this.config.authOptions.authority.options.OIDCOptions?.defaultScopes;
40
41
  }
41
- /**
42
- * Creates the URL of the authorization request letting the user input credentials and consent to the
43
- * application. The URL target the /authorize endpoint of the authority configured in the
44
- * application object.
45
- *
46
- * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI
47
- * sent in the request and should contain an authorization code, which can then be used to acquire tokens via
48
- * acquireToken(AuthorizationCodeRequest)
49
- * @param request
50
- */
51
- async getAuthCodeUrl(request) {
52
- this.performanceClient?.addQueueMeasurement(PerformanceEvents.GetAuthCodeUrl, request.correlationId);
53
- const queryString = await invokeAsync(this.createAuthCodeUrlQueryString.bind(this), PerformanceEvents.AuthClientCreateQueryString, this.logger, this.performanceClient, request.correlationId)(request);
54
- return UrlString.appendQueryString(this.authority.authorizationEndpoint, queryString);
55
- }
56
42
  /**
57
43
  * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
58
44
  * authorization_code_grant
@@ -72,22 +58,6 @@ class AuthorizationCodeClient extends BaseClient {
72
58
  responseHandler.validateTokenResponse(response.body);
73
59
  return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, undefined, undefined, undefined, requestId);
74
60
  }
75
- /**
76
- * Handles the hash fragment response from public client code request. Returns a code response used by
77
- * the client to exchange for a token in acquireToken.
78
- * @param hashFragment
79
- */
80
- handleFragmentResponse(serverParams, cachedState) {
81
- // Handle responses.
82
- const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, null, null);
83
- // Get code response
84
- responseHandler.validateServerAuthorizationCodeResponse(serverParams, cachedState);
85
- // throw when there is no auth code in the response
86
- if (!serverParams.code) {
87
- throw createClientAuthError(authorizationCodeMissingFromServerResponse);
88
- }
89
- return serverParams;
90
- }
91
61
  /**
92
62
  * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
93
63
  * Default behaviour is to redirect the user to `window.location.href`.
@@ -135,8 +105,8 @@ class AuthorizationCodeClient extends BaseClient {
135
105
  */
136
106
  async createTokenRequestBody(request) {
137
107
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateTokenRequestBody, request.correlationId);
138
- const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
139
- parameterBuilder.addClientId(request.embeddedClientId ||
108
+ const parameters = new Map();
109
+ addClientId(parameters, request.embeddedClientId ||
140
110
  request.tokenBodyParameters?.[CLIENT_ID] ||
141
111
  this.config.authOptions.clientId);
142
112
  /*
@@ -149,33 +119,33 @@ class AuthorizationCodeClient extends BaseClient {
149
119
  }
150
120
  else {
151
121
  // Validate and include redirect uri
152
- parameterBuilder.addRedirectUri(request.redirectUri);
122
+ addRedirectUri(parameters, request.redirectUri);
153
123
  }
154
124
  // Add scope array, parameter builder will add default scopes and dedupe
155
- parameterBuilder.addScopes(request.scopes, true, this.oidcDefaultScopes);
125
+ addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
156
126
  // add code: user set, not validated
157
- parameterBuilder.addAuthorizationCode(request.code);
127
+ addAuthorizationCode(parameters, request.code);
158
128
  // Add library metadata
159
- parameterBuilder.addLibraryInfo(this.config.libraryInfo);
160
- parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);
161
- parameterBuilder.addThrottling();
129
+ addLibraryInfo(parameters, this.config.libraryInfo);
130
+ addApplicationTelemetry(parameters, this.config.telemetry.application);
131
+ addThrottling(parameters);
162
132
  if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {
163
- parameterBuilder.addServerTelemetry(this.serverTelemetryManager);
133
+ addServerTelemetry(parameters, this.serverTelemetryManager);
164
134
  }
165
135
  // add code_verifier if passed
166
136
  if (request.codeVerifier) {
167
- parameterBuilder.addCodeVerifier(request.codeVerifier);
137
+ addCodeVerifier(parameters, request.codeVerifier);
168
138
  }
169
139
  if (this.config.clientCredentials.clientSecret) {
170
- parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);
140
+ addClientSecret(parameters, this.config.clientCredentials.clientSecret);
171
141
  }
172
142
  if (this.config.clientCredentials.clientAssertion) {
173
143
  const clientAssertion = this.config.clientCredentials.clientAssertion;
174
- parameterBuilder.addClientAssertion(await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri));
175
- parameterBuilder.addClientAssertionType(clientAssertion.assertionType);
144
+ addClientAssertion(parameters, await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri));
145
+ addClientAssertionType(parameters, clientAssertion.assertionType);
176
146
  }
177
- parameterBuilder.addGrantType(GrantType.AUTHORIZATION_CODE_GRANT);
178
- parameterBuilder.addClientInfo();
147
+ addGrantType(parameters, GrantType.AUTHORIZATION_CODE_GRANT);
148
+ addClientInfo(parameters);
179
149
  if (request.authenticationScheme === AuthenticationScheme.POP) {
180
150
  const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient);
181
151
  let reqCnfData;
@@ -187,11 +157,11 @@ class AuthorizationCodeClient extends BaseClient {
187
157
  reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
188
158
  }
189
159
  // SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
190
- parameterBuilder.addPopToken(reqCnfData);
160
+ addPopToken(parameters, reqCnfData);
191
161
  }
192
162
  else if (request.authenticationScheme === AuthenticationScheme.SSH) {
193
163
  if (request.sshJwk) {
194
- parameterBuilder.addSshJwk(request.sshJwk);
164
+ addSshJwk(parameters, request.sshJwk);
195
165
  }
196
166
  else {
197
167
  throw createClientConfigurationError(missingSshJwk);
@@ -200,7 +170,7 @@ class AuthorizationCodeClient extends BaseClient {
200
170
  if (!StringUtils.isEmptyObj(request.claims) ||
201
171
  (this.config.authOptions.clientCapabilities &&
202
172
  this.config.authOptions.clientCapabilities.length > 0)) {
203
- parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);
173
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
204
174
  }
205
175
  let ccsCred = undefined;
206
176
  if (request.clientInfo) {
@@ -224,7 +194,7 @@ class AuthorizationCodeClient extends BaseClient {
224
194
  case CcsCredentialType.HOME_ACCOUNT_ID:
225
195
  try {
226
196
  const clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential);
227
- parameterBuilder.addCcsOid(clientInfo);
197
+ addCcsOid(parameters, clientInfo);
228
198
  }
229
199
  catch (e) {
230
200
  this.logger.verbose("Could not parse home account ID for CCS Header: " +
@@ -232,230 +202,55 @@ class AuthorizationCodeClient extends BaseClient {
232
202
  }
233
203
  break;
234
204
  case CcsCredentialType.UPN:
235
- parameterBuilder.addCcsUpn(ccsCred.credential);
205
+ addCcsUpn(parameters, ccsCred.credential);
236
206
  break;
237
207
  }
238
208
  }
239
209
  if (request.embeddedClientId) {
240
- parameterBuilder.addBrokerParameters({
241
- brokerClientId: this.config.authOptions.clientId,
242
- brokerRedirectUri: this.config.authOptions.redirectUri,
243
- });
210
+ addBrokerParameters(parameters, this.config.authOptions.clientId, this.config.authOptions.redirectUri);
244
211
  }
245
212
  if (request.tokenBodyParameters) {
246
- parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters);
213
+ addExtraQueryParameters(parameters, request.tokenBodyParameters);
247
214
  }
248
215
  // Add hybrid spa parameters if not already provided
249
216
  if (request.enableSpaAuthorizationCode &&
250
217
  (!request.tokenBodyParameters ||
251
218
  !request.tokenBodyParameters[RETURN_SPA_CODE])) {
252
- parameterBuilder.addExtraQueryParameters({
219
+ addExtraQueryParameters(parameters, {
253
220
  [RETURN_SPA_CODE]: "1",
254
221
  });
255
222
  }
256
- return parameterBuilder.createQueryString();
257
- }
258
- /**
259
- * This API validates the `AuthorizationCodeUrlRequest` and creates a URL
260
- * @param request
261
- */
262
- async createAuthCodeUrlQueryString(request) {
263
- // generate the correlationId if not set by the user and add
264
- const correlationId = request.correlationId ||
265
- this.config.cryptoInterface.createNewGuid();
266
- this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, correlationId);
267
- const parameterBuilder = new RequestParameterBuilder(correlationId, this.performanceClient);
268
- parameterBuilder.addClientId(request.embeddedClientId ||
269
- request.extraQueryParameters?.[CLIENT_ID] ||
270
- this.config.authOptions.clientId);
271
- const requestScopes = [
272
- ...(request.scopes || []),
273
- ...(request.extraScopesToConsent || []),
274
- ];
275
- parameterBuilder.addScopes(requestScopes, true, this.oidcDefaultScopes);
276
- // validate the redirectUri (to be a non null value)
277
- parameterBuilder.addRedirectUri(request.redirectUri);
278
- parameterBuilder.addCorrelationId(correlationId);
279
- // add response_mode. If not passed in it defaults to query.
280
- parameterBuilder.addResponseMode(request.responseMode);
281
- // add response_type = code
282
- parameterBuilder.addResponseTypeCode();
283
- // add library info parameters
284
- parameterBuilder.addLibraryInfo(this.config.libraryInfo);
285
- if (!isOidcProtocolMode(this.config)) {
286
- parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);
287
- }
288
- // add client_info=1
289
- parameterBuilder.addClientInfo();
290
- if (request.codeChallenge && request.codeChallengeMethod) {
291
- parameterBuilder.addCodeChallengeParams(request.codeChallenge, request.codeChallengeMethod);
292
- }
293
- if (request.prompt) {
294
- parameterBuilder.addPrompt(request.prompt);
295
- }
296
- if (request.domainHint) {
297
- parameterBuilder.addDomainHint(request.domainHint);
298
- this.performanceClient?.addFields({ domainHintFromRequest: true }, correlationId);
299
- }
300
- this.performanceClient?.addFields({ prompt: request.prompt }, correlationId);
301
- // Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object
302
- if (request.prompt !== PromptValue.SELECT_ACCOUNT) {
303
- // AAD will throw if prompt=select_account is passed with an account hint
304
- if (request.sid && request.prompt === PromptValue.NONE) {
305
- // SessionID is only used in silent calls
306
- this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request");
307
- parameterBuilder.addSid(request.sid);
308
- this.performanceClient?.addFields({ sidFromRequest: true }, correlationId);
309
- }
310
- else if (request.account) {
311
- const accountSid = this.extractAccountSid(request.account);
312
- let accountLoginHintClaim = this.extractLoginHint(request.account);
313
- if (accountLoginHintClaim && request.domainHint) {
314
- this.logger.warning(`AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint`);
315
- accountLoginHintClaim = null;
316
- }
317
- // If login_hint claim is present, use it over sid/username
318
- if (accountLoginHintClaim) {
319
- this.logger.verbose("createAuthCodeUrlQueryString: login_hint claim present on account");
320
- parameterBuilder.addLoginHint(accountLoginHintClaim);
321
- this.performanceClient?.addFields({ loginHintFromClaim: true }, correlationId);
322
- try {
323
- const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
324
- parameterBuilder.addCcsOid(clientInfo);
325
- }
326
- catch (e) {
327
- this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
328
- }
329
- }
330
- else if (accountSid && request.prompt === PromptValue.NONE) {
331
- /*
332
- * If account and loginHint are provided, we will check account first for sid before adding loginHint
333
- * SessionId is only used in silent calls
334
- */
335
- this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account");
336
- parameterBuilder.addSid(accountSid);
337
- this.performanceClient?.addFields({ sidFromClaim: true }, correlationId);
338
- try {
339
- const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
340
- parameterBuilder.addCcsOid(clientInfo);
341
- }
342
- catch (e) {
343
- this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
344
- }
345
- }
346
- else if (request.loginHint) {
347
- this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from request");
348
- parameterBuilder.addLoginHint(request.loginHint);
349
- parameterBuilder.addCcsUpn(request.loginHint);
350
- this.performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
351
- }
352
- else if (request.account.username) {
353
- // Fallback to account username if provided
354
- this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from account");
355
- parameterBuilder.addLoginHint(request.account.username);
356
- this.performanceClient?.addFields({ loginHintFromUpn: true }, correlationId);
357
- try {
358
- const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
359
- parameterBuilder.addCcsOid(clientInfo);
360
- }
361
- catch (e) {
362
- this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
363
- }
364
- }
365
- }
366
- else if (request.loginHint) {
367
- this.logger.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request");
368
- parameterBuilder.addLoginHint(request.loginHint);
369
- parameterBuilder.addCcsUpn(request.loginHint);
370
- this.performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
371
- }
372
- }
373
- else {
374
- this.logger.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");
375
- }
376
- if (request.nonce) {
377
- parameterBuilder.addNonce(request.nonce);
378
- }
379
- if (request.state) {
380
- parameterBuilder.addState(request.state);
381
- }
382
- if (request.claims ||
383
- (this.config.authOptions.clientCapabilities &&
384
- this.config.authOptions.clientCapabilities.length > 0)) {
385
- parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);
386
- }
387
- if (request.embeddedClientId) {
388
- parameterBuilder.addBrokerParameters({
389
- brokerClientId: this.config.authOptions.clientId,
390
- brokerRedirectUri: this.config.authOptions.redirectUri,
391
- });
392
- }
393
- this.addExtraQueryParams(request, parameterBuilder);
394
- if (request.platformBroker) {
395
- // signal ests that this is a WAM call
396
- parameterBuilder.addNativeBroker();
397
- // pass the req_cnf for POP
398
- if (request.authenticationScheme === AuthenticationScheme.POP) {
399
- const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils);
400
- // req_cnf is always sent as a string for SPAs
401
- let reqCnfData;
402
- if (!request.popKid) {
403
- const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger);
404
- reqCnfData = generatedReqCnfData.reqCnfString;
405
- }
406
- else {
407
- reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
408
- }
409
- parameterBuilder.addPopToken(reqCnfData);
410
- }
411
- }
412
- return parameterBuilder.createQueryString();
223
+ instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
224
+ return mapToQueryString(parameters);
413
225
  }
414
226
  /**
415
227
  * This API validates the `EndSessionRequest` and creates a URL
416
228
  * @param request
417
229
  */
418
230
  createLogoutUrlQueryString(request) {
419
- const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
231
+ const parameters = new Map();
420
232
  if (request.postLogoutRedirectUri) {
421
- parameterBuilder.addPostLogoutRedirectUri(request.postLogoutRedirectUri);
233
+ addPostLogoutRedirectUri(parameters, request.postLogoutRedirectUri);
422
234
  }
423
235
  if (request.correlationId) {
424
- parameterBuilder.addCorrelationId(request.correlationId);
236
+ addCorrelationId(parameters, request.correlationId);
425
237
  }
426
238
  if (request.idTokenHint) {
427
- parameterBuilder.addIdTokenHint(request.idTokenHint);
239
+ addIdTokenHint(parameters, request.idTokenHint);
428
240
  }
429
241
  if (request.state) {
430
- parameterBuilder.addState(request.state);
242
+ addState(parameters, request.state);
431
243
  }
432
244
  if (request.logoutHint) {
433
- parameterBuilder.addLogoutHint(request.logoutHint);
434
- }
435
- this.addExtraQueryParams(request, parameterBuilder);
436
- return parameterBuilder.createQueryString();
437
- }
438
- addExtraQueryParams(request, parameterBuilder) {
439
- const hasRequestInstanceAware = request.extraQueryParameters &&
440
- request.extraQueryParameters.hasOwnProperty("instance_aware");
441
- // Set instance_aware flag if config auth param is set
442
- if (!hasRequestInstanceAware && this.config.authOptions.instanceAware) {
443
- request.extraQueryParameters = request.extraQueryParameters || {};
444
- request.extraQueryParameters["instance_aware"] = "true";
245
+ addLogoutHint(parameters, request.logoutHint);
445
246
  }
446
247
  if (request.extraQueryParameters) {
447
- parameterBuilder.addExtraQueryParameters(request.extraQueryParameters);
248
+ addExtraQueryParameters(parameters, request.extraQueryParameters);
448
249
  }
449
- }
450
- /**
451
- * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.
452
- * @param account
453
- */
454
- extractAccountSid(account) {
455
- return account.idTokenClaims?.sid || null;
456
- }
457
- extractLoginHint(account) {
458
- return account.idTokenClaims?.login_hint || null;
250
+ if (this.config.authOptions.instanceAware) {
251
+ addInstanceAware(parameters);
252
+ }
253
+ return mapToQueryString(parameters);
459
254
  }
460
255
  }
461
256