@azure/msal-common 15.2.1 → 15.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (149) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +1 -1
  7. package/dist/authority/AuthorityFactory.mjs +1 -1
  8. package/dist/authority/AuthorityMetadata.mjs +1 -1
  9. package/dist/authority/AuthorityOptions.mjs +1 -1
  10. package/dist/authority/AuthorityType.mjs +1 -1
  11. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  13. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  14. package/dist/authority/ProtocolMode.mjs +1 -1
  15. package/dist/authority/RegionDiscovery.mjs +1 -1
  16. package/dist/cache/CacheManager.mjs +1 -1
  17. package/dist/cache/entities/AccountEntity.mjs +1 -1
  18. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  19. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  20. package/dist/client/AuthorizationCodeClient.d.ts +0 -31
  21. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  22. package/dist/client/AuthorizationCodeClient.mjs +41 -246
  23. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  24. package/dist/client/BaseClient.d.ts.map +1 -1
  25. package/dist/client/BaseClient.mjs +9 -10
  26. package/dist/client/BaseClient.mjs.map +1 -1
  27. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  28. package/dist/client/RefreshTokenClient.mjs +27 -29
  29. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  30. package/dist/client/SilentFlowClient.mjs +1 -1
  31. package/dist/config/ClientConfiguration.mjs +1 -1
  32. package/dist/constants/AADServerParamKeys.d.ts +1 -0
  33. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  34. package/dist/constants/AADServerParamKeys.mjs +4 -3
  35. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  36. package/dist/crypto/ICrypto.mjs +1 -1
  37. package/dist/crypto/JoseHeader.mjs +1 -1
  38. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  39. package/dist/error/AuthError.mjs +1 -1
  40. package/dist/error/AuthErrorCodes.mjs +1 -1
  41. package/dist/error/CacheError.mjs +1 -1
  42. package/dist/error/CacheErrorCodes.mjs +1 -1
  43. package/dist/error/ClientAuthError.mjs +1 -1
  44. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  45. package/dist/error/ClientConfigurationError.mjs +1 -1
  46. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  47. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  48. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  49. package/dist/error/JoseHeaderError.mjs +1 -1
  50. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  51. package/dist/error/NetworkError.mjs +1 -1
  52. package/dist/error/ServerError.mjs +1 -1
  53. package/dist/exports-common.d.ts +3 -2
  54. package/dist/exports-common.d.ts.map +1 -1
  55. package/dist/index-browser.mjs +5 -2
  56. package/dist/index-browser.mjs.map +1 -1
  57. package/dist/index-node.mjs +5 -2
  58. package/dist/index-node.mjs.map +1 -1
  59. package/dist/index.mjs +5 -2
  60. package/dist/index.mjs.map +1 -1
  61. package/dist/logger/Logger.mjs +1 -1
  62. package/dist/network/INetworkModule.mjs +1 -1
  63. package/dist/network/RequestThumbprint.mjs +1 -1
  64. package/dist/network/ThrottlingUtils.mjs +1 -1
  65. package/dist/packageMetadata.d.ts +1 -1
  66. package/dist/packageMetadata.mjs +2 -2
  67. package/dist/protocol/Authorize.d.ts +37 -0
  68. package/dist/protocol/Authorize.d.ts.map +1 -0
  69. package/dist/protocol/Authorize.mjs +237 -0
  70. package/dist/protocol/Authorize.mjs.map +1 -0
  71. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  72. package/dist/request/RequestParameterBuilder.d.ts +206 -218
  73. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  74. package/dist/request/RequestParameterBuilder.mjs +356 -369
  75. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  76. package/dist/request/RequestValidator.mjs +1 -1
  77. package/dist/request/ScopeSet.mjs +1 -1
  78. package/dist/response/AuthorizeResponse.d.ts +72 -0
  79. package/dist/response/AuthorizeResponse.d.ts.map +1 -0
  80. package/dist/response/ResponseHandler.d.ts +0 -8
  81. package/dist/response/ResponseHandler.d.ts.map +1 -1
  82. package/dist/response/ResponseHandler.mjs +2 -49
  83. package/dist/response/ResponseHandler.mjs.map +1 -1
  84. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  85. package/dist/telemetry/performance/PerformanceEvent.d.ts +1 -2
  86. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  87. package/dist/telemetry/performance/PerformanceEvent.mjs +2 -11
  88. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  89. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  90. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  91. package/dist/url/UrlString.mjs +1 -1
  92. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  93. package/dist/utils/Constants.mjs +1 -1
  94. package/dist/utils/FunctionWrappers.mjs +1 -1
  95. package/dist/utils/ProtocolUtils.mjs +1 -1
  96. package/dist/utils/StringUtils.mjs +1 -1
  97. package/dist/utils/TimeUtils.mjs +1 -1
  98. package/dist/utils/UrlUtils.d.ts +6 -2
  99. package/dist/utils/UrlUtils.d.ts.map +1 -1
  100. package/dist/utils/UrlUtils.mjs +12 -2
  101. package/dist/utils/UrlUtils.mjs.map +1 -1
  102. package/lib/index-browser.cjs +3 -2
  103. package/lib/index-browser.cjs.map +1 -1
  104. package/lib/{index-node--LMD5Re1.js → index-node-BjtDFnOl.js} +782 -768
  105. package/lib/index-node-BjtDFnOl.js.map +1 -0
  106. package/lib/index-node.cjs +3 -2
  107. package/lib/index-node.cjs.map +1 -1
  108. package/lib/index.cjs +3 -2
  109. package/lib/index.cjs.map +1 -1
  110. package/lib/types/client/AuthorizationCodeClient.d.ts +0 -31
  111. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  112. package/lib/types/client/BaseClient.d.ts.map +1 -1
  113. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  114. package/lib/types/constants/AADServerParamKeys.d.ts +1 -0
  115. package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
  116. package/lib/types/exports-common.d.ts +3 -2
  117. package/lib/types/exports-common.d.ts.map +1 -1
  118. package/lib/types/packageMetadata.d.ts +1 -1
  119. package/lib/types/protocol/Authorize.d.ts +37 -0
  120. package/lib/types/protocol/Authorize.d.ts.map +1 -0
  121. package/lib/types/request/RequestParameterBuilder.d.ts +206 -218
  122. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  123. package/lib/types/response/AuthorizeResponse.d.ts +72 -0
  124. package/lib/types/response/AuthorizeResponse.d.ts.map +1 -0
  125. package/lib/types/response/ResponseHandler.d.ts +0 -8
  126. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  127. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +1 -2
  128. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  129. package/lib/types/utils/UrlUtils.d.ts +6 -2
  130. package/lib/types/utils/UrlUtils.d.ts.map +1 -1
  131. package/package.json +1 -1
  132. package/src/client/AuthorizationCodeClient.ts +84 -395
  133. package/src/client/BaseClient.ts +20 -12
  134. package/src/client/RefreshTokenClient.ts +60 -30
  135. package/src/constants/AADServerParamKeys.ts +1 -0
  136. package/src/exports-common.ts +4 -2
  137. package/src/packageMetadata.ts +1 -1
  138. package/src/protocol/Authorize.ts +409 -0
  139. package/src/request/RequestParameterBuilder.ts +508 -543
  140. package/src/response/AuthorizeResponse.ts +76 -0
  141. package/src/response/ResponseHandler.ts +0 -98
  142. package/src/telemetry/performance/PerformanceEvent.ts +1 -11
  143. package/src/utils/UrlUtils.ts +18 -4
  144. package/dist/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  145. package/dist/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  146. package/lib/index-node--LMD5Re1.js.map +0 -1
  147. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  148. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  149. package/src/response/ServerAuthorizationCodeResponse.ts +0 -34
@@ -1,4 +1,4 @@
1
- /*! @azure/msal-common v15.2.1 2025-03-11 */
1
+ /*! @azure/msal-common v15.3.0 2025-03-20 */
2
2
  'use strict';
3
3
  'use strict';
4
4
 
@@ -1149,11 +1149,22 @@ function getDeserializedResponse(responseString) {
1149
1149
  throw createClientAuthError(hashNotDeserialized);
1150
1150
  }
1151
1151
  return null;
1152
+ }
1153
+ /**
1154
+ * Utility to create a URL from the params map
1155
+ */
1156
+ function mapToQueryString(parameters) {
1157
+ const queryParameterArray = new Array();
1158
+ parameters.forEach((value, key) => {
1159
+ queryParameterArray.push(`${key}=${encodeURIComponent(value)}`);
1160
+ });
1161
+ return queryParameterArray.join("&");
1152
1162
  }
1153
1163
 
1154
1164
  var UrlUtils = /*#__PURE__*/Object.freeze({
1155
1165
  __proto__: null,
1156
1166
  getDeserializedResponse: getDeserializedResponse,
1167
+ mapToQueryString: mapToQueryString,
1157
1168
  stripLeadingHashOrQuery: stripLeadingHashOrQuery
1158
1169
  });
1159
1170
 
@@ -1681,11 +1692,11 @@ const PerformanceEvents = {
1681
1692
  StandardInteractionClientCreateAuthCodeClient: "standardInteractionClientCreateAuthCodeClient",
1682
1693
  StandardInteractionClientGetClientConfiguration: "standardInteractionClientGetClientConfiguration",
1683
1694
  StandardInteractionClientInitializeAuthorizationRequest: "standardInteractionClientInitializeAuthorizationRequest",
1684
- StandardInteractionClientInitializeAuthorizationCodeRequest: "standardInteractionClientInitializeAuthorizationCodeRequest",
1685
1695
  /**
1686
1696
  * getAuthCodeUrl API (msal-browser and msal-node).
1687
1697
  */
1688
1698
  GetAuthCodeUrl: "getAuthCodeUrl",
1699
+ GetStandardParams: "getStandardParams",
1689
1700
  /**
1690
1701
  * Functions from InteractionHandler (msal-browser)
1691
1702
  */
@@ -1698,7 +1709,6 @@ const PerformanceEvents = {
1698
1709
  AuthClientAcquireToken: "authClientAcquireToken",
1699
1710
  AuthClientExecuteTokenRequest: "authClientExecuteTokenRequest",
1700
1711
  AuthClientCreateTokenRequestBody: "authClientCreateTokenRequestBody",
1701
- AuthClientCreateQueryString: "authClientCreateQueryString",
1702
1712
  /**
1703
1713
  * Generate functions in PopTokenGenerator (msal-common)
1704
1714
  */
@@ -1869,10 +1879,6 @@ const PerformanceEventAbbreviations = new Map([
1869
1879
  PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,
1870
1880
  "StdIntClientInitAuthReq",
1871
1881
  ],
1872
- [
1873
- PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
1874
- "StdIntClientInitAuthCodeReq",
1875
- ],
1876
1882
  [PerformanceEvents.GetAuthCodeUrl, "GetAuthCodeUrl"],
1877
1883
  [
1878
1884
  PerformanceEvents.HandleCodeResponseFromServer,
@@ -1886,10 +1892,6 @@ const PerformanceEventAbbreviations = new Map([
1886
1892
  PerformanceEvents.AuthClientCreateTokenRequestBody,
1887
1893
  "AuthClientCreateTReqBody",
1888
1894
  ],
1889
- [
1890
- PerformanceEvents.AuthClientCreateQueryString,
1891
- "AuthClientCreateQueryStr",
1892
- ],
1893
1895
  [PerformanceEvents.PopTokenGenerateCnf, "PopTGenCnf"],
1894
1896
  [PerformanceEvents.PopTokenGenerateKid, "PopTGenKid"],
1895
1897
  [PerformanceEvents.HandleServerTokenResponse, "HandleServerTRes"],
@@ -3563,7 +3565,8 @@ const LOGIN_HINT = "login_hint";
3563
3565
  const DOMAIN_HINT = "domain_hint";
3564
3566
  const X_CLIENT_EXTRA_SKU = "x-client-xtra-sku";
3565
3567
  const BROKER_CLIENT_ID = "brk_client_id";
3566
- const BROKER_REDIRECT_URI = "brk_redirect_uri";
3568
+ const BROKER_REDIRECT_URI = "brk_redirect_uri";
3569
+ const INSTANCE_AWARE = "instance_aware";
3567
3570
 
3568
3571
  var AADServerParamKeys = /*#__PURE__*/Object.freeze({
3569
3572
  __proto__: null,
@@ -3591,6 +3594,7 @@ var AADServerParamKeys = /*#__PURE__*/Object.freeze({
3591
3594
  GRANT_TYPE: GRANT_TYPE,
3592
3595
  ID_TOKEN: ID_TOKEN,
3593
3596
  ID_TOKEN_HINT: ID_TOKEN_HINT,
3597
+ INSTANCE_AWARE: INSTANCE_AWARE,
3594
3598
  LOGIN_HINT: LOGIN_HINT,
3595
3599
  LOGOUT_HINT: LOGOUT_HINT,
3596
3600
  NATIVE_BROKER: NATIVE_BROKER,
@@ -3852,7 +3856,7 @@ class Logger {
3852
3856
 
3853
3857
  /* eslint-disable header/header */
3854
3858
  const name = "@azure/msal-common";
3855
- const version = "15.2.1";
3859
+ const version = "15.3.0";
3856
3860
 
3857
3861
  /*
3858
3862
  * Copyright (c) Microsoft Corporation. All rights reserved.
@@ -5748,71 +5752,6 @@ const CcsCredentialType = {
5748
5752
  UPN: "UPN",
5749
5753
  };
5750
5754
 
5751
- /*
5752
- * Copyright (c) Microsoft Corporation. All rights reserved.
5753
- * Licensed under the MIT License.
5754
- */
5755
- /**
5756
- * Validates server consumable params from the "request" objects
5757
- */
5758
- class RequestValidator {
5759
- /**
5760
- * Utility to check if the `redirectUri` in the request is a non-null value
5761
- * @param redirectUri
5762
- */
5763
- static validateRedirectUri(redirectUri) {
5764
- if (!redirectUri) {
5765
- throw createClientConfigurationError(redirectUriEmpty);
5766
- }
5767
- }
5768
- /**
5769
- * Utility to validate prompt sent by the user in the request
5770
- * @param prompt
5771
- */
5772
- static validatePrompt(prompt) {
5773
- const promptValues = [];
5774
- for (const value in PromptValue) {
5775
- promptValues.push(PromptValue[value]);
5776
- }
5777
- if (promptValues.indexOf(prompt) < 0) {
5778
- throw createClientConfigurationError(invalidPromptValue);
5779
- }
5780
- }
5781
- static validateClaims(claims) {
5782
- try {
5783
- JSON.parse(claims);
5784
- }
5785
- catch (e) {
5786
- throw createClientConfigurationError(invalidClaims);
5787
- }
5788
- }
5789
- /**
5790
- * Utility to validate code_challenge and code_challenge_method
5791
- * @param codeChallenge
5792
- * @param codeChallengeMethod
5793
- */
5794
- static validateCodeChallengeParams(codeChallenge, codeChallengeMethod) {
5795
- if (!codeChallenge || !codeChallengeMethod) {
5796
- throw createClientConfigurationError(pkceParamsMissing);
5797
- }
5798
- else {
5799
- this.validateCodeChallengeMethod(codeChallengeMethod);
5800
- }
5801
- }
5802
- /**
5803
- * Utility to validate code_challenge_method
5804
- * @param codeChallengeMethod
5805
- */
5806
- static validateCodeChallengeMethod(codeChallengeMethod) {
5807
- if ([
5808
- CodeChallengeMethodValues.PLAIN,
5809
- CodeChallengeMethodValues.S256,
5810
- ].indexOf(codeChallengeMethod) < 0) {
5811
- throw createClientConfigurationError(invalidCodeChallengeMethod);
5812
- }
5813
- }
5814
- }
5815
-
5816
5755
  /*
5817
5756
  * Copyright (c) Microsoft Corporation. All rights reserved.
5818
5757
  * Licensed under the MIT License.
@@ -5829,396 +5768,433 @@ function instrumentBrokerParams(parameters, correlationId, performanceClient) {
5829
5768
  }, correlationId);
5830
5769
  }
5831
5770
  }
5832
- /** @internal */
5833
- class RequestParameterBuilder {
5834
- constructor(correlationId, performanceClient) {
5835
- this.parameters = new Map();
5836
- this.performanceClient = performanceClient;
5837
- this.correlationId = correlationId;
5838
- }
5839
- /**
5840
- * add response_type = code
5841
- */
5842
- addResponseTypeCode() {
5843
- this.parameters.set(RESPONSE_TYPE, encodeURIComponent(Constants.CODE_RESPONSE_TYPE));
5844
- }
5845
- /**
5846
- * add response_type = token id_token
5847
- */
5848
- addResponseTypeForTokenAndIdToken() {
5849
- this.parameters.set(RESPONSE_TYPE, encodeURIComponent(`${Constants.TOKEN_RESPONSE_TYPE} ${Constants.ID_TOKEN_RESPONSE_TYPE}`));
5850
- }
5851
- /**
5852
- * add response_mode. defaults to query.
5853
- * @param responseMode
5854
- */
5855
- addResponseMode(responseMode) {
5856
- this.parameters.set(RESPONSE_MODE, encodeURIComponent(responseMode ? responseMode : ResponseMode.QUERY));
5857
- }
5858
- /**
5859
- * Add flag to indicate STS should attempt to use WAM if available
5860
- */
5861
- addNativeBroker() {
5862
- this.parameters.set(NATIVE_BROKER, encodeURIComponent("1"));
5863
- }
5864
- /**
5865
- * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
5866
- * @param scopeSet
5867
- * @param addOidcScopes
5868
- */
5869
- addScopes(scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {
5870
- // Always add openid to the scopes when adding OIDC scopes
5871
- if (addOidcScopes &&
5872
- !defaultScopes.includes("openid") &&
5873
- !scopes.includes("openid")) {
5874
- defaultScopes.push("openid");
5875
- }
5876
- const requestScopes = addOidcScopes
5877
- ? [...(scopes || []), ...defaultScopes]
5878
- : scopes || [];
5879
- const scopeSet = new ScopeSet(requestScopes);
5880
- this.parameters.set(SCOPE, encodeURIComponent(scopeSet.printScopes()));
5771
+ /**
5772
+ * add response_type = code
5773
+ */
5774
+ function addResponseTypeCode(parameters) {
5775
+ parameters.set(RESPONSE_TYPE, Constants.CODE_RESPONSE_TYPE);
5776
+ }
5777
+ /**
5778
+ * add response_type = token id_token
5779
+ */
5780
+ function addResponseTypeForTokenAndIdToken(parameters) {
5781
+ parameters.set(RESPONSE_TYPE, `${Constants.TOKEN_RESPONSE_TYPE} ${Constants.ID_TOKEN_RESPONSE_TYPE}`);
5782
+ }
5783
+ /**
5784
+ * add response_mode. defaults to query.
5785
+ * @param responseMode
5786
+ */
5787
+ function addResponseMode(parameters, responseMode) {
5788
+ parameters.set(RESPONSE_MODE, responseMode ? responseMode : ResponseMode.QUERY);
5789
+ }
5790
+ /**
5791
+ * Add flag to indicate STS should attempt to use WAM if available
5792
+ */
5793
+ function addNativeBroker(parameters) {
5794
+ parameters.set(NATIVE_BROKER, "1");
5795
+ }
5796
+ /**
5797
+ * add scopes. set addOidcScopes to false to prevent default scopes in non-user scenarios
5798
+ * @param scopeSet
5799
+ * @param addOidcScopes
5800
+ */
5801
+ function addScopes(parameters, scopes, addOidcScopes = true, defaultScopes = OIDC_DEFAULT_SCOPES) {
5802
+ // Always add openid to the scopes when adding OIDC scopes
5803
+ if (addOidcScopes &&
5804
+ !defaultScopes.includes("openid") &&
5805
+ !scopes.includes("openid")) {
5806
+ defaultScopes.push("openid");
5807
+ }
5808
+ const requestScopes = addOidcScopes
5809
+ ? [...(scopes || []), ...defaultScopes]
5810
+ : scopes || [];
5811
+ const scopeSet = new ScopeSet(requestScopes);
5812
+ parameters.set(SCOPE, scopeSet.printScopes());
5813
+ }
5814
+ /**
5815
+ * add clientId
5816
+ * @param clientId
5817
+ */
5818
+ function addClientId(parameters, clientId) {
5819
+ parameters.set(CLIENT_ID, clientId);
5820
+ }
5821
+ /**
5822
+ * add redirect_uri
5823
+ * @param redirectUri
5824
+ */
5825
+ function addRedirectUri(parameters, redirectUri) {
5826
+ parameters.set(REDIRECT_URI, redirectUri);
5827
+ }
5828
+ /**
5829
+ * add post logout redirectUri
5830
+ * @param redirectUri
5831
+ */
5832
+ function addPostLogoutRedirectUri(parameters, redirectUri) {
5833
+ parameters.set(POST_LOGOUT_URI, redirectUri);
5834
+ }
5835
+ /**
5836
+ * add id_token_hint to logout request
5837
+ * @param idTokenHint
5838
+ */
5839
+ function addIdTokenHint(parameters, idTokenHint) {
5840
+ parameters.set(ID_TOKEN_HINT, idTokenHint);
5841
+ }
5842
+ /**
5843
+ * add domain_hint
5844
+ * @param domainHint
5845
+ */
5846
+ function addDomainHint(parameters, domainHint) {
5847
+ parameters.set(DOMAIN_HINT, domainHint);
5848
+ }
5849
+ /**
5850
+ * add login_hint
5851
+ * @param loginHint
5852
+ */
5853
+ function addLoginHint(parameters, loginHint) {
5854
+ parameters.set(LOGIN_HINT, loginHint);
5855
+ }
5856
+ /**
5857
+ * Adds the CCS (Cache Credential Service) query parameter for login_hint
5858
+ * @param loginHint
5859
+ */
5860
+ function addCcsUpn(parameters, loginHint) {
5861
+ parameters.set(HeaderNames.CCS_HEADER, `UPN:${loginHint}`);
5862
+ }
5863
+ /**
5864
+ * Adds the CCS (Cache Credential Service) query parameter for account object
5865
+ * @param loginHint
5866
+ */
5867
+ function addCcsOid(parameters, clientInfo) {
5868
+ parameters.set(HeaderNames.CCS_HEADER, `Oid:${clientInfo.uid}@${clientInfo.utid}`);
5869
+ }
5870
+ /**
5871
+ * add sid
5872
+ * @param sid
5873
+ */
5874
+ function addSid(parameters, sid) {
5875
+ parameters.set(SID, sid);
5876
+ }
5877
+ /**
5878
+ * add claims
5879
+ * @param claims
5880
+ */
5881
+ function addClaims(parameters, claims, clientCapabilities) {
5882
+ const mergedClaims = addClientCapabilitiesToClaims(claims, clientCapabilities);
5883
+ try {
5884
+ JSON.parse(mergedClaims);
5881
5885
  }
5882
- /**
5883
- * add clientId
5884
- * @param clientId
5885
- */
5886
- addClientId(clientId) {
5887
- this.parameters.set(CLIENT_ID, encodeURIComponent(clientId));
5886
+ catch (e) {
5887
+ throw createClientConfigurationError(invalidClaims);
5888
5888
  }
5889
- /**
5890
- * add redirect_uri
5891
- * @param redirectUri
5892
- */
5893
- addRedirectUri(redirectUri) {
5894
- RequestValidator.validateRedirectUri(redirectUri);
5895
- this.parameters.set(REDIRECT_URI, encodeURIComponent(redirectUri));
5889
+ parameters.set(CLAIMS, mergedClaims);
5890
+ }
5891
+ /**
5892
+ * add correlationId
5893
+ * @param correlationId
5894
+ */
5895
+ function addCorrelationId(parameters, correlationId) {
5896
+ parameters.set(CLIENT_REQUEST_ID, correlationId);
5897
+ }
5898
+ /**
5899
+ * add library info query params
5900
+ * @param libraryInfo
5901
+ */
5902
+ function addLibraryInfo(parameters, libraryInfo) {
5903
+ // Telemetry Info
5904
+ parameters.set(X_CLIENT_SKU, libraryInfo.sku);
5905
+ parameters.set(X_CLIENT_VER, libraryInfo.version);
5906
+ if (libraryInfo.os) {
5907
+ parameters.set(X_CLIENT_OS, libraryInfo.os);
5896
5908
  }
5897
- /**
5898
- * add post logout redirectUri
5899
- * @param redirectUri
5900
- */
5901
- addPostLogoutRedirectUri(redirectUri) {
5902
- RequestValidator.validateRedirectUri(redirectUri);
5903
- this.parameters.set(POST_LOGOUT_URI, encodeURIComponent(redirectUri));
5909
+ if (libraryInfo.cpu) {
5910
+ parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
5904
5911
  }
5905
- /**
5906
- * add id_token_hint to logout request
5907
- * @param idTokenHint
5908
- */
5909
- addIdTokenHint(idTokenHint) {
5910
- this.parameters.set(ID_TOKEN_HINT, encodeURIComponent(idTokenHint));
5912
+ }
5913
+ /**
5914
+ * Add client telemetry parameters
5915
+ * @param appTelemetry
5916
+ */
5917
+ function addApplicationTelemetry(parameters, appTelemetry) {
5918
+ if (appTelemetry?.appName) {
5919
+ parameters.set(X_APP_NAME, appTelemetry.appName);
5911
5920
  }
5912
- /**
5913
- * add domain_hint
5914
- * @param domainHint
5915
- */
5916
- addDomainHint(domainHint) {
5917
- this.parameters.set(DOMAIN_HINT, encodeURIComponent(domainHint));
5921
+ if (appTelemetry?.appVersion) {
5922
+ parameters.set(X_APP_VER, appTelemetry.appVersion);
5918
5923
  }
5919
- /**
5920
- * add login_hint
5921
- * @param loginHint
5922
- */
5923
- addLoginHint(loginHint) {
5924
- this.parameters.set(LOGIN_HINT, encodeURIComponent(loginHint));
5924
+ }
5925
+ /**
5926
+ * add prompt
5927
+ * @param prompt
5928
+ */
5929
+ function addPrompt(parameters, prompt) {
5930
+ parameters.set(PROMPT, prompt);
5931
+ }
5932
+ /**
5933
+ * add state
5934
+ * @param state
5935
+ */
5936
+ function addState(parameters, state) {
5937
+ if (state) {
5938
+ parameters.set(STATE, state);
5925
5939
  }
5926
- /**
5927
- * Adds the CCS (Cache Credential Service) query parameter for login_hint
5928
- * @param loginHint
5929
- */
5930
- addCcsUpn(loginHint) {
5931
- this.parameters.set(HeaderNames.CCS_HEADER, encodeURIComponent(`UPN:${loginHint}`));
5940
+ }
5941
+ /**
5942
+ * add nonce
5943
+ * @param nonce
5944
+ */
5945
+ function addNonce(parameters, nonce) {
5946
+ parameters.set(NONCE, nonce);
5947
+ }
5948
+ /**
5949
+ * add code_challenge and code_challenge_method
5950
+ * - throw if either of them are not passed
5951
+ * @param codeChallenge
5952
+ * @param codeChallengeMethod
5953
+ */
5954
+ function addCodeChallengeParams(parameters, codeChallenge, codeChallengeMethod) {
5955
+ if (codeChallenge && codeChallengeMethod) {
5956
+ parameters.set(CODE_CHALLENGE, codeChallenge);
5957
+ parameters.set(CODE_CHALLENGE_METHOD, codeChallengeMethod);
5932
5958
  }
5933
- /**
5934
- * Adds the CCS (Cache Credential Service) query parameter for account object
5935
- * @param loginHint
5936
- */
5937
- addCcsOid(clientInfo) {
5938
- this.parameters.set(HeaderNames.CCS_HEADER, encodeURIComponent(`Oid:${clientInfo.uid}@${clientInfo.utid}`));
5959
+ else {
5960
+ throw createClientConfigurationError(pkceParamsMissing);
5939
5961
  }
5940
- /**
5941
- * add sid
5942
- * @param sid
5943
- */
5944
- addSid(sid) {
5945
- this.parameters.set(SID, encodeURIComponent(sid));
5962
+ }
5963
+ /**
5964
+ * add the `authorization_code` passed by the user to exchange for a token
5965
+ * @param code
5966
+ */
5967
+ function addAuthorizationCode(parameters, code) {
5968
+ parameters.set(CODE, code);
5969
+ }
5970
+ /**
5971
+ * add the `authorization_code` passed by the user to exchange for a token
5972
+ * @param code
5973
+ */
5974
+ function addDeviceCode(parameters, code) {
5975
+ parameters.set(DEVICE_CODE, code);
5976
+ }
5977
+ /**
5978
+ * add the `refreshToken` passed by the user
5979
+ * @param refreshToken
5980
+ */
5981
+ function addRefreshToken(parameters, refreshToken) {
5982
+ parameters.set(REFRESH_TOKEN, refreshToken);
5983
+ }
5984
+ /**
5985
+ * add the `code_verifier` passed by the user to exchange for a token
5986
+ * @param codeVerifier
5987
+ */
5988
+ function addCodeVerifier(parameters, codeVerifier) {
5989
+ parameters.set(CODE_VERIFIER, codeVerifier);
5990
+ }
5991
+ /**
5992
+ * add client_secret
5993
+ * @param clientSecret
5994
+ */
5995
+ function addClientSecret(parameters, clientSecret) {
5996
+ parameters.set(CLIENT_SECRET, clientSecret);
5997
+ }
5998
+ /**
5999
+ * add clientAssertion for confidential client flows
6000
+ * @param clientAssertion
6001
+ */
6002
+ function addClientAssertion(parameters, clientAssertion) {
6003
+ if (clientAssertion) {
6004
+ parameters.set(CLIENT_ASSERTION, clientAssertion);
5946
6005
  }
5947
- /**
5948
- * add claims
5949
- * @param claims
5950
- */
5951
- addClaims(claims, clientCapabilities) {
5952
- const mergedClaims = this.addClientCapabilitiesToClaims(claims, clientCapabilities);
5953
- RequestValidator.validateClaims(mergedClaims);
5954
- this.parameters.set(CLAIMS, encodeURIComponent(mergedClaims));
6006
+ }
6007
+ /**
6008
+ * add clientAssertionType for confidential client flows
6009
+ * @param clientAssertionType
6010
+ */
6011
+ function addClientAssertionType(parameters, clientAssertionType) {
6012
+ if (clientAssertionType) {
6013
+ parameters.set(CLIENT_ASSERTION_TYPE, clientAssertionType);
5955
6014
  }
5956
- /**
5957
- * add correlationId
5958
- * @param correlationId
5959
- */
5960
- addCorrelationId(correlationId) {
5961
- this.parameters.set(CLIENT_REQUEST_ID, encodeURIComponent(correlationId));
6015
+ }
6016
+ /**
6017
+ * add OBO assertion for confidential client flows
6018
+ * @param clientAssertion
6019
+ */
6020
+ function addOboAssertion(parameters, oboAssertion) {
6021
+ parameters.set(OBO_ASSERTION, oboAssertion);
6022
+ }
6023
+ /**
6024
+ * add grant type
6025
+ * @param grantType
6026
+ */
6027
+ function addRequestTokenUse(parameters, tokenUse) {
6028
+ parameters.set(REQUESTED_TOKEN_USE, tokenUse);
6029
+ }
6030
+ /**
6031
+ * add grant type
6032
+ * @param grantType
6033
+ */
6034
+ function addGrantType(parameters, grantType) {
6035
+ parameters.set(GRANT_TYPE, grantType);
6036
+ }
6037
+ /**
6038
+ * add client info
6039
+ *
6040
+ */
6041
+ function addClientInfo(parameters) {
6042
+ parameters.set(CLIENT_INFO$1, "1");
6043
+ }
6044
+ function addInstanceAware(parameters) {
6045
+ if (!parameters.has(INSTANCE_AWARE)) {
6046
+ parameters.set(INSTANCE_AWARE, "true");
5962
6047
  }
5963
- /**
5964
- * add library info query params
5965
- * @param libraryInfo
5966
- */
5967
- addLibraryInfo(libraryInfo) {
5968
- // Telemetry Info
5969
- this.parameters.set(X_CLIENT_SKU, libraryInfo.sku);
5970
- this.parameters.set(X_CLIENT_VER, libraryInfo.version);
5971
- if (libraryInfo.os) {
5972
- this.parameters.set(X_CLIENT_OS, libraryInfo.os);
5973
- }
5974
- if (libraryInfo.cpu) {
5975
- this.parameters.set(X_CLIENT_CPU, libraryInfo.cpu);
6048
+ }
6049
+ /**
6050
+ * add extraQueryParams
6051
+ * @param eQParams
6052
+ */
6053
+ function addExtraQueryParameters(parameters, eQParams) {
6054
+ Object.entries(eQParams).forEach(([key, value]) => {
6055
+ if (!parameters.has(key) && value) {
6056
+ parameters.set(key, value);
5976
6057
  }
6058
+ });
6059
+ }
6060
+ function addClientCapabilitiesToClaims(claims, clientCapabilities) {
6061
+ let mergedClaims;
6062
+ // Parse provided claims into JSON object or initialize empty object
6063
+ if (!claims) {
6064
+ mergedClaims = {};
5977
6065
  }
5978
- /**
5979
- * Add client telemetry parameters
5980
- * @param appTelemetry
5981
- */
5982
- addApplicationTelemetry(appTelemetry) {
5983
- if (appTelemetry?.appName) {
5984
- this.parameters.set(X_APP_NAME, appTelemetry.appName);
6066
+ else {
6067
+ try {
6068
+ mergedClaims = JSON.parse(claims);
5985
6069
  }
5986
- if (appTelemetry?.appVersion) {
5987
- this.parameters.set(X_APP_VER, appTelemetry.appVersion);
6070
+ catch (e) {
6071
+ throw createClientConfigurationError(invalidClaims);
5988
6072
  }
5989
6073
  }
5990
- /**
5991
- * add prompt
5992
- * @param prompt
5993
- */
5994
- addPrompt(prompt) {
5995
- RequestValidator.validatePrompt(prompt);
5996
- this.parameters.set(`${PROMPT}`, encodeURIComponent(prompt));
5997
- }
5998
- /**
5999
- * add state
6000
- * @param state
6001
- */
6002
- addState(state) {
6003
- if (state) {
6004
- this.parameters.set(STATE, encodeURIComponent(state));
6074
+ if (clientCapabilities && clientCapabilities.length > 0) {
6075
+ if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
6076
+ // Add access_token key to claims object
6077
+ mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
6005
6078
  }
6079
+ // Add xms_cc claim with provided clientCapabilities to access_token key
6080
+ mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] =
6081
+ {
6082
+ values: clientCapabilities,
6083
+ };
6006
6084
  }
6007
- /**
6008
- * add nonce
6009
- * @param nonce
6010
- */
6011
- addNonce(nonce) {
6012
- this.parameters.set(NONCE, encodeURIComponent(nonce));
6013
- }
6014
- /**
6015
- * add code_challenge and code_challenge_method
6016
- * - throw if either of them are not passed
6017
- * @param codeChallenge
6018
- * @param codeChallengeMethod
6019
- */
6020
- addCodeChallengeParams(codeChallenge, codeChallengeMethod) {
6021
- RequestValidator.validateCodeChallengeParams(codeChallenge, codeChallengeMethod);
6022
- if (codeChallenge && codeChallengeMethod) {
6023
- this.parameters.set(CODE_CHALLENGE, encodeURIComponent(codeChallenge));
6024
- this.parameters.set(CODE_CHALLENGE_METHOD, encodeURIComponent(codeChallengeMethod));
6025
- }
6026
- else {
6027
- throw createClientConfigurationError(pkceParamsMissing);
6028
- }
6029
- }
6030
- /**
6031
- * add the `authorization_code` passed by the user to exchange for a token
6032
- * @param code
6033
- */
6034
- addAuthorizationCode(code) {
6035
- this.parameters.set(CODE, encodeURIComponent(code));
6036
- }
6037
- /**
6038
- * add the `authorization_code` passed by the user to exchange for a token
6039
- * @param code
6040
- */
6041
- addDeviceCode(code) {
6042
- this.parameters.set(DEVICE_CODE, encodeURIComponent(code));
6043
- }
6044
- /**
6045
- * add the `refreshToken` passed by the user
6046
- * @param refreshToken
6047
- */
6048
- addRefreshToken(refreshToken) {
6049
- this.parameters.set(REFRESH_TOKEN, encodeURIComponent(refreshToken));
6050
- }
6051
- /**
6052
- * add the `code_verifier` passed by the user to exchange for a token
6053
- * @param codeVerifier
6054
- */
6055
- addCodeVerifier(codeVerifier) {
6056
- this.parameters.set(CODE_VERIFIER, encodeURIComponent(codeVerifier));
6057
- }
6058
- /**
6059
- * add client_secret
6060
- * @param clientSecret
6061
- */
6062
- addClientSecret(clientSecret) {
6063
- this.parameters.set(CLIENT_SECRET, encodeURIComponent(clientSecret));
6064
- }
6065
- /**
6066
- * add clientAssertion for confidential client flows
6067
- * @param clientAssertion
6068
- */
6069
- addClientAssertion(clientAssertion) {
6070
- if (clientAssertion) {
6071
- this.parameters.set(CLIENT_ASSERTION, encodeURIComponent(clientAssertion));
6072
- }
6073
- }
6074
- /**
6075
- * add clientAssertionType for confidential client flows
6076
- * @param clientAssertionType
6077
- */
6078
- addClientAssertionType(clientAssertionType) {
6079
- if (clientAssertionType) {
6080
- this.parameters.set(CLIENT_ASSERTION_TYPE, encodeURIComponent(clientAssertionType));
6081
- }
6082
- }
6083
- /**
6084
- * add OBO assertion for confidential client flows
6085
- * @param clientAssertion
6086
- */
6087
- addOboAssertion(oboAssertion) {
6088
- this.parameters.set(OBO_ASSERTION, encodeURIComponent(oboAssertion));
6089
- }
6090
- /**
6091
- * add grant type
6092
- * @param grantType
6093
- */
6094
- addRequestTokenUse(tokenUse) {
6095
- this.parameters.set(REQUESTED_TOKEN_USE, encodeURIComponent(tokenUse));
6096
- }
6097
- /**
6098
- * add grant type
6099
- * @param grantType
6100
- */
6101
- addGrantType(grantType) {
6102
- this.parameters.set(GRANT_TYPE, encodeURIComponent(grantType));
6103
- }
6104
- /**
6105
- * add client info
6106
- *
6107
- */
6108
- addClientInfo() {
6109
- this.parameters.set(CLIENT_INFO$1, "1");
6110
- }
6111
- /**
6112
- * add extraQueryParams
6113
- * @param eQParams
6114
- */
6115
- addExtraQueryParameters(eQParams) {
6116
- Object.entries(eQParams).forEach(([key, value]) => {
6117
- if (!this.parameters.has(key) && value) {
6118
- this.parameters.set(key, value);
6119
- }
6120
- });
6121
- }
6122
- addClientCapabilitiesToClaims(claims, clientCapabilities) {
6123
- let mergedClaims;
6124
- // Parse provided claims into JSON object or initialize empty object
6125
- if (!claims) {
6126
- mergedClaims = {};
6127
- }
6128
- else {
6129
- try {
6130
- mergedClaims = JSON.parse(claims);
6131
- }
6132
- catch (e) {
6133
- throw createClientConfigurationError(invalidClaims);
6134
- }
6135
- }
6136
- if (clientCapabilities && clientCapabilities.length > 0) {
6137
- if (!mergedClaims.hasOwnProperty(ClaimsRequestKeys.ACCESS_TOKEN)) {
6138
- // Add access_token key to claims object
6139
- mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN] = {};
6140
- }
6141
- // Add xms_cc claim with provided clientCapabilities to access_token key
6142
- mergedClaims[ClaimsRequestKeys.ACCESS_TOKEN][ClaimsRequestKeys.XMS_CC] = {
6143
- values: clientCapabilities,
6144
- };
6145
- }
6146
- return JSON.stringify(mergedClaims);
6147
- }
6148
- /**
6149
- * adds `username` for Password Grant flow
6150
- * @param username
6151
- */
6152
- addUsername(username) {
6153
- this.parameters.set(PasswordGrantConstants.username, encodeURIComponent(username));
6154
- }
6155
- /**
6156
- * adds `password` for Password Grant flow
6157
- * @param password
6158
- */
6159
- addPassword(password) {
6160
- this.parameters.set(PasswordGrantConstants.password, encodeURIComponent(password));
6161
- }
6162
- /**
6163
- * add pop_jwk to query params
6164
- * @param cnfString
6165
- */
6166
- addPopToken(cnfString) {
6167
- if (cnfString) {
6168
- this.parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
6169
- this.parameters.set(REQ_CNF, encodeURIComponent(cnfString));
6170
- }
6171
- }
6172
- /**
6173
- * add SSH JWK and key ID to query params
6174
- */
6175
- addSshJwk(sshJwkString) {
6176
- if (sshJwkString) {
6177
- this.parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
6178
- this.parameters.set(REQ_CNF, encodeURIComponent(sshJwkString));
6179
- }
6180
- }
6181
- /**
6182
- * add server telemetry fields
6183
- * @param serverTelemetryManager
6184
- */
6185
- addServerTelemetry(serverTelemetryManager) {
6186
- this.parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
6187
- this.parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
6188
- }
6189
- /**
6190
- * Adds parameter that indicates to the server that throttling is supported
6191
- */
6192
- addThrottling() {
6193
- this.parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
6085
+ return JSON.stringify(mergedClaims);
6086
+ }
6087
+ /**
6088
+ * adds `username` for Password Grant flow
6089
+ * @param username
6090
+ */
6091
+ function addUsername(parameters, username) {
6092
+ parameters.set(PasswordGrantConstants.username, username);
6093
+ }
6094
+ /**
6095
+ * adds `password` for Password Grant flow
6096
+ * @param password
6097
+ */
6098
+ function addPassword(parameters, password) {
6099
+ parameters.set(PasswordGrantConstants.password, password);
6100
+ }
6101
+ /**
6102
+ * add pop_jwk to query params
6103
+ * @param cnfString
6104
+ */
6105
+ function addPopToken(parameters, cnfString) {
6106
+ if (cnfString) {
6107
+ parameters.set(TOKEN_TYPE, AuthenticationScheme.POP);
6108
+ parameters.set(REQ_CNF, cnfString);
6194
6109
  }
6195
- /**
6196
- * Adds logout_hint parameter for "silent" logout which prevent server account picker
6197
- */
6198
- addLogoutHint(logoutHint) {
6199
- this.parameters.set(LOGOUT_HINT, encodeURIComponent(logoutHint));
6110
+ }
6111
+ /**
6112
+ * add SSH JWK and key ID to query params
6113
+ */
6114
+ function addSshJwk(parameters, sshJwkString) {
6115
+ if (sshJwkString) {
6116
+ parameters.set(TOKEN_TYPE, AuthenticationScheme.SSH);
6117
+ parameters.set(REQ_CNF, sshJwkString);
6200
6118
  }
6201
- addBrokerParameters(params) {
6202
- const brokerParams = {};
6203
- brokerParams[BROKER_CLIENT_ID] =
6204
- params.brokerClientId;
6205
- brokerParams[BROKER_REDIRECT_URI] =
6206
- params.brokerRedirectUri;
6207
- this.addExtraQueryParameters(brokerParams);
6119
+ }
6120
+ /**
6121
+ * add server telemetry fields
6122
+ * @param serverTelemetryManager
6123
+ */
6124
+ function addServerTelemetry(parameters, serverTelemetryManager) {
6125
+ parameters.set(X_CLIENT_CURR_TELEM, serverTelemetryManager.generateCurrentRequestHeaderValue());
6126
+ parameters.set(X_CLIENT_LAST_TELEM, serverTelemetryManager.generateLastRequestHeaderValue());
6127
+ }
6128
+ /**
6129
+ * Adds parameter that indicates to the server that throttling is supported
6130
+ */
6131
+ function addThrottling(parameters) {
6132
+ parameters.set(X_MS_LIB_CAPABILITY, ThrottlingConstants.X_MS_LIB_CAPABILITY_VALUE);
6133
+ }
6134
+ /**
6135
+ * Adds logout_hint parameter for "silent" logout which prevent server account picker
6136
+ */
6137
+ function addLogoutHint(parameters, logoutHint) {
6138
+ parameters.set(LOGOUT_HINT, logoutHint);
6139
+ }
6140
+ function addBrokerParameters(parameters, brokerClientId, brokerRedirectUri) {
6141
+ if (!parameters.has(BROKER_CLIENT_ID)) {
6142
+ parameters.set(BROKER_CLIENT_ID, brokerClientId);
6208
6143
  }
6209
- /**
6210
- * Utility to create a URL from the params map
6211
- */
6212
- createQueryString() {
6213
- const queryParameterArray = new Array();
6214
- this.parameters.forEach((value, key) => {
6215
- queryParameterArray.push(`${key}=${value}`);
6216
- });
6217
- instrumentBrokerParams(this.parameters, this.correlationId, this.performanceClient);
6218
- return queryParameterArray.join("&");
6144
+ if (!parameters.has(BROKER_REDIRECT_URI)) {
6145
+ parameters.set(BROKER_REDIRECT_URI, brokerRedirectUri);
6219
6146
  }
6220
6147
  }
6221
6148
 
6149
+ var RequestParameterBuilder = /*#__PURE__*/Object.freeze({
6150
+ __proto__: null,
6151
+ addApplicationTelemetry: addApplicationTelemetry,
6152
+ addAuthorizationCode: addAuthorizationCode,
6153
+ addBrokerParameters: addBrokerParameters,
6154
+ addCcsOid: addCcsOid,
6155
+ addCcsUpn: addCcsUpn,
6156
+ addClaims: addClaims,
6157
+ addClientAssertion: addClientAssertion,
6158
+ addClientAssertionType: addClientAssertionType,
6159
+ addClientCapabilitiesToClaims: addClientCapabilitiesToClaims,
6160
+ addClientId: addClientId,
6161
+ addClientInfo: addClientInfo,
6162
+ addClientSecret: addClientSecret,
6163
+ addCodeChallengeParams: addCodeChallengeParams,
6164
+ addCodeVerifier: addCodeVerifier,
6165
+ addCorrelationId: addCorrelationId,
6166
+ addDeviceCode: addDeviceCode,
6167
+ addDomainHint: addDomainHint,
6168
+ addExtraQueryParameters: addExtraQueryParameters,
6169
+ addGrantType: addGrantType,
6170
+ addIdTokenHint: addIdTokenHint,
6171
+ addInstanceAware: addInstanceAware,
6172
+ addLibraryInfo: addLibraryInfo,
6173
+ addLoginHint: addLoginHint,
6174
+ addLogoutHint: addLogoutHint,
6175
+ addNativeBroker: addNativeBroker,
6176
+ addNonce: addNonce,
6177
+ addOboAssertion: addOboAssertion,
6178
+ addPassword: addPassword,
6179
+ addPopToken: addPopToken,
6180
+ addPostLogoutRedirectUri: addPostLogoutRedirectUri,
6181
+ addPrompt: addPrompt,
6182
+ addRedirectUri: addRedirectUri,
6183
+ addRefreshToken: addRefreshToken,
6184
+ addRequestTokenUse: addRequestTokenUse,
6185
+ addResponseMode: addResponseMode,
6186
+ addResponseTypeCode: addResponseTypeCode,
6187
+ addResponseTypeForTokenAndIdToken: addResponseTypeForTokenAndIdToken,
6188
+ addScopes: addScopes,
6189
+ addServerTelemetry: addServerTelemetry,
6190
+ addSid: addSid,
6191
+ addSshJwk: addSshJwk,
6192
+ addState: addState,
6193
+ addThrottling: addThrottling,
6194
+ addUsername: addUsername,
6195
+ instrumentBrokerParams: instrumentBrokerParams
6196
+ });
6197
+
6222
6198
  /*
6223
6199
  * Copyright (c) Microsoft Corporation. All rights reserved.
6224
6200
  * Licensed under the MIT License.
@@ -6502,18 +6478,16 @@ class BaseClient {
6502
6478
  * @param request
6503
6479
  */
6504
6480
  createTokenQueryParameters(request) {
6505
- const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
6481
+ const parameters = new Map();
6506
6482
  if (request.embeddedClientId) {
6507
- parameterBuilder.addBrokerParameters({
6508
- brokerClientId: this.config.authOptions.clientId,
6509
- brokerRedirectUri: this.config.authOptions.redirectUri,
6510
- });
6483
+ addBrokerParameters(parameters, this.config.authOptions.clientId, this.config.authOptions.redirectUri);
6511
6484
  }
6512
6485
  if (request.tokenQueryParameters) {
6513
- parameterBuilder.addExtraQueryParameters(request.tokenQueryParameters);
6486
+ addExtraQueryParameters(parameters, request.tokenQueryParameters);
6514
6487
  }
6515
- parameterBuilder.addCorrelationId(request.correlationId);
6516
- return parameterBuilder.createQueryString();
6488
+ addCorrelationId(parameters, request.correlationId);
6489
+ instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
6490
+ return mapToQueryString(parameters);
6517
6491
  }
6518
6492
  }
6519
6493
 
@@ -6810,13 +6784,6 @@ class PopTokenGenerator {
6810
6784
  * Copyright (c) Microsoft Corporation. All rights reserved.
6811
6785
  * Licensed under the MIT License.
6812
6786
  */
6813
- function parseServerErrorNo(serverResponse) {
6814
- const errorCodePrefix = "code=";
6815
- const errorCodePrefixIndex = serverResponse.error_uri?.lastIndexOf(errorCodePrefix);
6816
- return errorCodePrefixIndex && errorCodePrefixIndex >= 0
6817
- ? serverResponse.error_uri?.substring(errorCodePrefixIndex + errorCodePrefix.length)
6818
- : undefined;
6819
- }
6820
6787
  /**
6821
6788
  * Class that handles response parsing.
6822
6789
  * @internal
@@ -6831,46 +6798,6 @@ class ResponseHandler {
6831
6798
  this.persistencePlugin = persistencePlugin;
6832
6799
  this.performanceClient = performanceClient;
6833
6800
  }
6834
- /**
6835
- * Function which validates server authorization code response.
6836
- * @param serverResponseHash
6837
- * @param requestState
6838
- * @param cryptoObj
6839
- */
6840
- validateServerAuthorizationCodeResponse(serverResponse, requestState) {
6841
- if (!serverResponse.state || !requestState) {
6842
- throw serverResponse.state
6843
- ? createClientAuthError(stateNotFound, "Cached State")
6844
- : createClientAuthError(stateNotFound, "Server State");
6845
- }
6846
- let decodedServerResponseState;
6847
- let decodedRequestState;
6848
- try {
6849
- decodedServerResponseState = decodeURIComponent(serverResponse.state);
6850
- }
6851
- catch (e) {
6852
- throw createClientAuthError(invalidState, serverResponse.state);
6853
- }
6854
- try {
6855
- decodedRequestState = decodeURIComponent(requestState);
6856
- }
6857
- catch (e) {
6858
- throw createClientAuthError(invalidState, serverResponse.state);
6859
- }
6860
- if (decodedServerResponseState !== decodedRequestState) {
6861
- throw createClientAuthError(stateMismatch);
6862
- }
6863
- // Check for error
6864
- if (serverResponse.error ||
6865
- serverResponse.error_description ||
6866
- serverResponse.suberror) {
6867
- const serverErrorNo = parseServerErrorNo(serverResponse);
6868
- if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) {
6869
- throw new InteractionRequiredAuthError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || "", serverResponse.trace_id || "", serverResponse.correlation_id || "", serverResponse.claims || "", serverErrorNo);
6870
- }
6871
- throw new ServerError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverErrorNo);
6872
- }
6873
- }
6874
6801
  /**
6875
6802
  * Function which validates server authorization token response.
6876
6803
  * @param serverResponse
@@ -7182,6 +7109,71 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
7182
7109
  return baseAccount;
7183
7110
  }
7184
7111
 
7112
+ /*
7113
+ * Copyright (c) Microsoft Corporation. All rights reserved.
7114
+ * Licensed under the MIT License.
7115
+ */
7116
+ /**
7117
+ * Validates server consumable params from the "request" objects
7118
+ */
7119
+ class RequestValidator {
7120
+ /**
7121
+ * Utility to check if the `redirectUri` in the request is a non-null value
7122
+ * @param redirectUri
7123
+ */
7124
+ static validateRedirectUri(redirectUri) {
7125
+ if (!redirectUri) {
7126
+ throw createClientConfigurationError(redirectUriEmpty);
7127
+ }
7128
+ }
7129
+ /**
7130
+ * Utility to validate prompt sent by the user in the request
7131
+ * @param prompt
7132
+ */
7133
+ static validatePrompt(prompt) {
7134
+ const promptValues = [];
7135
+ for (const value in PromptValue) {
7136
+ promptValues.push(PromptValue[value]);
7137
+ }
7138
+ if (promptValues.indexOf(prompt) < 0) {
7139
+ throw createClientConfigurationError(invalidPromptValue);
7140
+ }
7141
+ }
7142
+ static validateClaims(claims) {
7143
+ try {
7144
+ JSON.parse(claims);
7145
+ }
7146
+ catch (e) {
7147
+ throw createClientConfigurationError(invalidClaims);
7148
+ }
7149
+ }
7150
+ /**
7151
+ * Utility to validate code_challenge and code_challenge_method
7152
+ * @param codeChallenge
7153
+ * @param codeChallengeMethod
7154
+ */
7155
+ static validateCodeChallengeParams(codeChallenge, codeChallengeMethod) {
7156
+ if (!codeChallenge || !codeChallengeMethod) {
7157
+ throw createClientConfigurationError(pkceParamsMissing);
7158
+ }
7159
+ else {
7160
+ this.validateCodeChallengeMethod(codeChallengeMethod);
7161
+ }
7162
+ }
7163
+ /**
7164
+ * Utility to validate code_challenge_method
7165
+ * @param codeChallengeMethod
7166
+ */
7167
+ static validateCodeChallengeMethod(codeChallengeMethod) {
7168
+ if ([
7169
+ CodeChallengeMethodValues.PLAIN,
7170
+ CodeChallengeMethodValues.S256,
7171
+ ].indexOf(codeChallengeMethod) < 0) {
7172
+ throw createClientConfigurationError(invalidCodeChallengeMethod);
7173
+ }
7174
+ }
7175
+ }
7176
+
7185
7177
  /*
7186
7178
  * Copyright (c) Microsoft Corporation. All rights reserved.
7187
7179
  * Licensed under the MIT License.
@@ -7220,21 +7212,6 @@ class AuthorizationCodeClient extends BaseClient {
7220
7212
  this.oidcDefaultScopes =
7221
7213
  this.config.authOptions.authority.options.OIDCOptions?.defaultScopes;
7222
7214
  }
7223
- /**
7224
- * Creates the URL of the authorization request letting the user input credentials and consent to the
7225
- * application. The URL target the /authorize endpoint of the authority configured in the
7226
- * application object.
7227
- *
7228
- * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI
7229
- * sent in the request and should contain an authorization code, which can then be used to acquire tokens via
7230
- * acquireToken(AuthorizationCodeRequest)
7231
- * @param request
7232
- */
7233
- async getAuthCodeUrl(request) {
7234
- this.performanceClient?.addQueueMeasurement(PerformanceEvents.GetAuthCodeUrl, request.correlationId);
7235
- const queryString = await invokeAsync(this.createAuthCodeUrlQueryString.bind(this), PerformanceEvents.AuthClientCreateQueryString, this.logger, this.performanceClient, request.correlationId)(request);
7236
- return UrlString.appendQueryString(this.authority.authorizationEndpoint, queryString);
7237
- }
7238
7215
  /**
7239
7216
  * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
7240
7217
  * authorization_code_grant
@@ -7254,22 +7231,6 @@ class AuthorizationCodeClient extends BaseClient {
7254
7231
  responseHandler.validateTokenResponse(response.body);
7255
7232
  return invokeAsync(responseHandler.handleServerTokenResponse.bind(responseHandler), PerformanceEvents.HandleServerTokenResponse, this.logger, this.performanceClient, request.correlationId)(response.body, this.authority, reqTimestamp, request, authCodePayload, undefined, undefined, undefined, requestId);
7256
7233
  }
7257
- /**
7258
- * Handles the hash fragment response from public client code request. Returns a code response used by
7259
- * the client to exchange for a token in acquireToken.
7260
- * @param hashFragment
7261
- */
7262
- handleFragmentResponse(serverParams, cachedState) {
7263
- // Handle responses.
7264
- const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, null, null);
7265
- // Get code response
7266
- responseHandler.validateServerAuthorizationCodeResponse(serverParams, cachedState);
7267
- // throw when there is no auth code in the response
7268
- if (!serverParams.code) {
7269
- throw createClientAuthError(authorizationCodeMissingFromServerResponse);
7270
- }
7271
- return serverParams;
7272
- }
7273
7234
  /**
7274
7235
  * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
7275
7236
  * Default behaviour is to redirect the user to `window.location.href`.
@@ -7317,8 +7278,8 @@ class AuthorizationCodeClient extends BaseClient {
7317
7278
  */
7318
7279
  async createTokenRequestBody(request) {
7319
7280
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateTokenRequestBody, request.correlationId);
7320
- const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
7321
- parameterBuilder.addClientId(request.embeddedClientId ||
7281
+ const parameters = new Map();
7282
+ addClientId(parameters, request.embeddedClientId ||
7322
7283
  request.tokenBodyParameters?.[CLIENT_ID] ||
7323
7284
  this.config.authOptions.clientId);
7324
7285
  /*
@@ -7331,33 +7292,33 @@ class AuthorizationCodeClient extends BaseClient {
7331
7292
  }
7332
7293
  else {
7333
7294
  // Validate and include redirect uri
7334
- parameterBuilder.addRedirectUri(request.redirectUri);
7295
+ addRedirectUri(parameters, request.redirectUri);
7335
7296
  }
7336
7297
  // Add scope array, parameter builder will add default scopes and dedupe
7337
- parameterBuilder.addScopes(request.scopes, true, this.oidcDefaultScopes);
7298
+ addScopes(parameters, request.scopes, true, this.oidcDefaultScopes);
7338
7299
  // add code: user set, not validated
7339
- parameterBuilder.addAuthorizationCode(request.code);
7300
+ addAuthorizationCode(parameters, request.code);
7340
7301
  // Add library metadata
7341
- parameterBuilder.addLibraryInfo(this.config.libraryInfo);
7342
- parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);
7343
- parameterBuilder.addThrottling();
7302
+ addLibraryInfo(parameters, this.config.libraryInfo);
7303
+ addApplicationTelemetry(parameters, this.config.telemetry.application);
7304
+ addThrottling(parameters);
7344
7305
  if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {
7345
- parameterBuilder.addServerTelemetry(this.serverTelemetryManager);
7306
+ addServerTelemetry(parameters, this.serverTelemetryManager);
7346
7307
  }
7347
7308
  // add code_verifier if passed
7348
7309
  if (request.codeVerifier) {
7349
- parameterBuilder.addCodeVerifier(request.codeVerifier);
7310
+ addCodeVerifier(parameters, request.codeVerifier);
7350
7311
  }
7351
7312
  if (this.config.clientCredentials.clientSecret) {
7352
- parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);
7313
+ addClientSecret(parameters, this.config.clientCredentials.clientSecret);
7353
7314
  }
7354
7315
  if (this.config.clientCredentials.clientAssertion) {
7355
7316
  const clientAssertion = this.config.clientCredentials.clientAssertion;
7356
- parameterBuilder.addClientAssertion(await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri));
7357
- parameterBuilder.addClientAssertionType(clientAssertion.assertionType);
7317
+ addClientAssertion(parameters, await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri));
7318
+ addClientAssertionType(parameters, clientAssertion.assertionType);
7358
7319
  }
7359
- parameterBuilder.addGrantType(GrantType.AUTHORIZATION_CODE_GRANT);
7360
- parameterBuilder.addClientInfo();
7320
+ addGrantType(parameters, GrantType.AUTHORIZATION_CODE_GRANT);
7321
+ addClientInfo(parameters);
7361
7322
  if (request.authenticationScheme === AuthenticationScheme.POP) {
7362
7323
  const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient);
7363
7324
  let reqCnfData;
@@ -7369,11 +7330,11 @@ class AuthorizationCodeClient extends BaseClient {
7369
7330
  reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
7370
7331
  }
7371
7332
  // SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
7372
- parameterBuilder.addPopToken(reqCnfData);
7333
+ addPopToken(parameters, reqCnfData);
7373
7334
  }
7374
7335
  else if (request.authenticationScheme === AuthenticationScheme.SSH) {
7375
7336
  if (request.sshJwk) {
7376
- parameterBuilder.addSshJwk(request.sshJwk);
7337
+ addSshJwk(parameters, request.sshJwk);
7377
7338
  }
7378
7339
  else {
7379
7340
  throw createClientConfigurationError(missingSshJwk);
@@ -7382,7 +7343,7 @@ class AuthorizationCodeClient extends BaseClient {
7382
7343
  if (!StringUtils.isEmptyObj(request.claims) ||
7383
7344
  (this.config.authOptions.clientCapabilities &&
7384
7345
  this.config.authOptions.clientCapabilities.length > 0)) {
7385
- parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);
7346
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
7386
7347
  }
7387
7348
  let ccsCred = undefined;
7388
7349
  if (request.clientInfo) {
@@ -7406,7 +7367,7 @@ class AuthorizationCodeClient extends BaseClient {
7406
7367
  case CcsCredentialType.HOME_ACCOUNT_ID:
7407
7368
  try {
7408
7369
  const clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential);
7409
- parameterBuilder.addCcsOid(clientInfo);
7370
+ addCcsOid(parameters, clientInfo);
7410
7371
  }
7411
7372
  catch (e) {
7412
7373
  this.logger.verbose("Could not parse home account ID for CCS Header: " +
@@ -7414,230 +7375,55 @@ class AuthorizationCodeClient extends BaseClient {
7414
7375
  }
7415
7376
  break;
7416
7377
  case CcsCredentialType.UPN:
7417
- parameterBuilder.addCcsUpn(ccsCred.credential);
7378
+ addCcsUpn(parameters, ccsCred.credential);
7418
7379
  break;
7419
7380
  }
7420
7381
  }
7421
7382
  if (request.embeddedClientId) {
7422
- parameterBuilder.addBrokerParameters({
7423
- brokerClientId: this.config.authOptions.clientId,
7424
- brokerRedirectUri: this.config.authOptions.redirectUri,
7425
- });
7383
+ addBrokerParameters(parameters, this.config.authOptions.clientId, this.config.authOptions.redirectUri);
7426
7384
  }
7427
7385
  if (request.tokenBodyParameters) {
7428
- parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters);
7386
+ addExtraQueryParameters(parameters, request.tokenBodyParameters);
7429
7387
  }
7430
7388
  // Add hybrid spa parameters if not already provided
7431
7389
  if (request.enableSpaAuthorizationCode &&
7432
7390
  (!request.tokenBodyParameters ||
7433
7391
  !request.tokenBodyParameters[RETURN_SPA_CODE])) {
7434
- parameterBuilder.addExtraQueryParameters({
7392
+ addExtraQueryParameters(parameters, {
7435
7393
  [RETURN_SPA_CODE]: "1",
7436
7394
  });
7437
7395
  }
7438
- return parameterBuilder.createQueryString();
7439
- }
7440
- /**
7441
- * This API validates the `AuthorizationCodeUrlRequest` and creates a URL
7442
- * @param request
7443
- */
7444
- async createAuthCodeUrlQueryString(request) {
7445
- // generate the correlationId if not set by the user and add
7446
- const correlationId = request.correlationId ||
7447
- this.config.cryptoInterface.createNewGuid();
7448
- this.performanceClient?.addQueueMeasurement(PerformanceEvents.AuthClientCreateQueryString, correlationId);
7449
- const parameterBuilder = new RequestParameterBuilder(correlationId, this.performanceClient);
7450
- parameterBuilder.addClientId(request.embeddedClientId ||
7451
- request.extraQueryParameters?.[CLIENT_ID] ||
7452
- this.config.authOptions.clientId);
7453
- const requestScopes = [
7454
- ...(request.scopes || []),
7455
- ...(request.extraScopesToConsent || []),
7456
- ];
7457
- parameterBuilder.addScopes(requestScopes, true, this.oidcDefaultScopes);
7458
- // validate the redirectUri (to be a non null value)
7459
- parameterBuilder.addRedirectUri(request.redirectUri);
7460
- parameterBuilder.addCorrelationId(correlationId);
7461
- // add response_mode. If not passed in it defaults to query.
7462
- parameterBuilder.addResponseMode(request.responseMode);
7463
- // add response_type = code
7464
- parameterBuilder.addResponseTypeCode();
7465
- // add library info parameters
7466
- parameterBuilder.addLibraryInfo(this.config.libraryInfo);
7467
- if (!isOidcProtocolMode(this.config)) {
7468
- parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);
7469
- }
7470
- // add client_info=1
7471
- parameterBuilder.addClientInfo();
7472
- if (request.codeChallenge && request.codeChallengeMethod) {
7473
- parameterBuilder.addCodeChallengeParams(request.codeChallenge, request.codeChallengeMethod);
7474
- }
7475
- if (request.prompt) {
7476
- parameterBuilder.addPrompt(request.prompt);
7477
- }
7478
- if (request.domainHint) {
7479
- parameterBuilder.addDomainHint(request.domainHint);
7480
- this.performanceClient?.addFields({ domainHintFromRequest: true }, correlationId);
7481
- }
7482
- this.performanceClient?.addFields({ prompt: request.prompt }, correlationId);
7483
- // Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object
7484
- if (request.prompt !== PromptValue.SELECT_ACCOUNT) {
7485
- // AAD will throw if prompt=select_account is passed with an account hint
7486
- if (request.sid && request.prompt === PromptValue.NONE) {
7487
- // SessionID is only used in silent calls
7488
- this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request");
7489
- parameterBuilder.addSid(request.sid);
7490
- this.performanceClient?.addFields({ sidFromRequest: true }, correlationId);
7491
- }
7492
- else if (request.account) {
7493
- const accountSid = this.extractAccountSid(request.account);
7494
- let accountLoginHintClaim = this.extractLoginHint(request.account);
7495
- if (accountLoginHintClaim && request.domainHint) {
7496
- this.logger.warning(`AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint`);
7497
- accountLoginHintClaim = null;
7498
- }
7499
- // If login_hint claim is present, use it over sid/username
7500
- if (accountLoginHintClaim) {
7501
- this.logger.verbose("createAuthCodeUrlQueryString: login_hint claim present on account");
7502
- parameterBuilder.addLoginHint(accountLoginHintClaim);
7503
- this.performanceClient?.addFields({ loginHintFromClaim: true }, correlationId);
7504
- try {
7505
- const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
7506
- parameterBuilder.addCcsOid(clientInfo);
7507
- }
7508
- catch (e) {
7509
- this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
7510
- }
7511
- }
7512
- else if (accountSid && request.prompt === PromptValue.NONE) {
7513
- /*
7514
- * If account and loginHint are provided, we will check account first for sid before adding loginHint
7515
- * SessionId is only used in silent calls
7516
- */
7517
- this.logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account");
7518
- parameterBuilder.addSid(accountSid);
7519
- this.performanceClient?.addFields({ sidFromClaim: true }, correlationId);
7520
- try {
7521
- const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
7522
- parameterBuilder.addCcsOid(clientInfo);
7523
- }
7524
- catch (e) {
7525
- this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
7526
- }
7527
- }
7528
- else if (request.loginHint) {
7529
- this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from request");
7530
- parameterBuilder.addLoginHint(request.loginHint);
7531
- parameterBuilder.addCcsUpn(request.loginHint);
7532
- this.performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
7533
- }
7534
- else if (request.account.username) {
7535
- // Fallback to account username if provided
7536
- this.logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from account");
7537
- parameterBuilder.addLoginHint(request.account.username);
7538
- this.performanceClient?.addFields({ loginHintFromUpn: true }, correlationId);
7539
- try {
7540
- const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
7541
- parameterBuilder.addCcsOid(clientInfo);
7542
- }
7543
- catch (e) {
7544
- this.logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
7545
- }
7546
- }
7547
- }
7548
- else if (request.loginHint) {
7549
- this.logger.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request");
7550
- parameterBuilder.addLoginHint(request.loginHint);
7551
- parameterBuilder.addCcsUpn(request.loginHint);
7552
- this.performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
7553
- }
7554
- }
7555
- else {
7556
- this.logger.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");
7557
- }
7558
- if (request.nonce) {
7559
- parameterBuilder.addNonce(request.nonce);
7560
- }
7561
- if (request.state) {
7562
- parameterBuilder.addState(request.state);
7563
- }
7564
- if (request.claims ||
7565
- (this.config.authOptions.clientCapabilities &&
7566
- this.config.authOptions.clientCapabilities.length > 0)) {
7567
- parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);
7568
- }
7569
- if (request.embeddedClientId) {
7570
- parameterBuilder.addBrokerParameters({
7571
- brokerClientId: this.config.authOptions.clientId,
7572
- brokerRedirectUri: this.config.authOptions.redirectUri,
7573
- });
7574
- }
7575
- this.addExtraQueryParams(request, parameterBuilder);
7576
- if (request.platformBroker) {
7577
- // signal ests that this is a WAM call
7578
- parameterBuilder.addNativeBroker();
7579
- // pass the req_cnf for POP
7580
- if (request.authenticationScheme === AuthenticationScheme.POP) {
7581
- const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils);
7582
- // req_cnf is always sent as a string for SPAs
7583
- let reqCnfData;
7584
- if (!request.popKid) {
7585
- const generatedReqCnfData = await invokeAsync(popTokenGenerator.generateCnf.bind(popTokenGenerator), PerformanceEvents.PopTokenGenerateCnf, this.logger, this.performanceClient, request.correlationId)(request, this.logger);
7586
- reqCnfData = generatedReqCnfData.reqCnfString;
7587
- }
7588
- else {
7589
- reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
7590
- }
7591
- parameterBuilder.addPopToken(reqCnfData);
7592
- }
7593
- }
7594
- return parameterBuilder.createQueryString();
7396
+ instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
7397
+ return mapToQueryString(parameters);
7595
7398
  }
7596
7399
  /**
7597
7400
  * This API validates the `EndSessionRequest` and creates a URL
7598
7401
  * @param request
7599
7402
  */
7600
7403
  createLogoutUrlQueryString(request) {
7601
- const parameterBuilder = new RequestParameterBuilder(request.correlationId, this.performanceClient);
7404
+ const parameters = new Map();
7602
7405
  if (request.postLogoutRedirectUri) {
7603
- parameterBuilder.addPostLogoutRedirectUri(request.postLogoutRedirectUri);
7406
+ addPostLogoutRedirectUri(parameters, request.postLogoutRedirectUri);
7604
7407
  }
7605
7408
  if (request.correlationId) {
7606
- parameterBuilder.addCorrelationId(request.correlationId);
7409
+ addCorrelationId(parameters, request.correlationId);
7607
7410
  }
7608
7411
  if (request.idTokenHint) {
7609
- parameterBuilder.addIdTokenHint(request.idTokenHint);
7412
+ addIdTokenHint(parameters, request.idTokenHint);
7610
7413
  }
7611
7414
  if (request.state) {
7612
- parameterBuilder.addState(request.state);
7415
+ addState(parameters, request.state);
7613
7416
  }
7614
7417
  if (request.logoutHint) {
7615
- parameterBuilder.addLogoutHint(request.logoutHint);
7616
- }
7617
- this.addExtraQueryParams(request, parameterBuilder);
7618
- return parameterBuilder.createQueryString();
7619
- }
7620
- addExtraQueryParams(request, parameterBuilder) {
7621
- const hasRequestInstanceAware = request.extraQueryParameters &&
7622
- request.extraQueryParameters.hasOwnProperty("instance_aware");
7623
- // Set instance_aware flag if config auth param is set
7624
- if (!hasRequestInstanceAware && this.config.authOptions.instanceAware) {
7625
- request.extraQueryParameters = request.extraQueryParameters || {};
7626
- request.extraQueryParameters["instance_aware"] = "true";
7418
+ addLogoutHint(parameters, request.logoutHint);
7627
7419
  }
7628
7420
  if (request.extraQueryParameters) {
7629
- parameterBuilder.addExtraQueryParameters(request.extraQueryParameters);
7421
+ addExtraQueryParameters(parameters, request.extraQueryParameters);
7630
7422
  }
7631
- }
7632
- /**
7633
- * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.
7634
- * @param account
7635
- */
7636
- extractAccountSid(account) {
7637
- return account.idTokenClaims?.sid || null;
7638
- }
7639
- extractLoginHint(account) {
7640
- return account.idTokenClaims?.login_hint || null;
7423
+ if (this.config.authOptions.instanceAware) {
7424
+ addInstanceAware(parameters);
7425
+ }
7426
+ return mapToQueryString(parameters);
7641
7427
  }
7642
7428
  }
7643
7429
 
@@ -7768,31 +7554,30 @@ class RefreshTokenClient extends BaseClient {
7768
7554
  */
7769
7555
  async createTokenRequestBody(request) {
7770
7556
  this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientCreateTokenRequestBody, request.correlationId);
7771
- const correlationId = request.correlationId;
7772
- const parameterBuilder = new RequestParameterBuilder(correlationId, this.performanceClient);
7773
- parameterBuilder.addClientId(request.embeddedClientId ||
7557
+ const parameters = new Map();
7558
+ addClientId(parameters, request.embeddedClientId ||
7774
7559
  request.tokenBodyParameters?.[CLIENT_ID] ||
7775
7560
  this.config.authOptions.clientId);
7776
7561
  if (request.redirectUri) {
7777
- parameterBuilder.addRedirectUri(request.redirectUri);
7778
- }
7779
- parameterBuilder.addScopes(request.scopes, true, this.config.authOptions.authority.options.OIDCOptions?.defaultScopes);
7780
- parameterBuilder.addGrantType(GrantType.REFRESH_TOKEN_GRANT);
7781
- parameterBuilder.addClientInfo();
7782
- parameterBuilder.addLibraryInfo(this.config.libraryInfo);
7783
- parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);
7784
- parameterBuilder.addThrottling();
7562
+ addRedirectUri(parameters, request.redirectUri);
7563
+ }
7564
+ addScopes(parameters, request.scopes, true, this.config.authOptions.authority.options.OIDCOptions?.defaultScopes);
7565
+ addGrantType(parameters, GrantType.REFRESH_TOKEN_GRANT);
7566
+ addClientInfo(parameters);
7567
+ addLibraryInfo(parameters, this.config.libraryInfo);
7568
+ addApplicationTelemetry(parameters, this.config.telemetry.application);
7569
+ addThrottling(parameters);
7785
7570
  if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {
7786
- parameterBuilder.addServerTelemetry(this.serverTelemetryManager);
7571
+ addServerTelemetry(parameters, this.serverTelemetryManager);
7787
7572
  }
7788
- parameterBuilder.addRefreshToken(request.refreshToken);
7573
+ addRefreshToken(parameters, request.refreshToken);
7789
7574
  if (this.config.clientCredentials.clientSecret) {
7790
- parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);
7575
+ addClientSecret(parameters, this.config.clientCredentials.clientSecret);
7791
7576
  }
7792
7577
  if (this.config.clientCredentials.clientAssertion) {
7793
7578
  const clientAssertion = this.config.clientCredentials.clientAssertion;
7794
- parameterBuilder.addClientAssertion(await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri));
7795
- parameterBuilder.addClientAssertionType(clientAssertion.assertionType);
7579
+ addClientAssertion(parameters, await getClientAssertion(clientAssertion.assertion, this.config.authOptions.clientId, request.resourceRequestUri));
7580
+ addClientAssertionType(parameters, clientAssertion.assertionType);
7796
7581
  }
7797
7582
  if (request.authenticationScheme === AuthenticationScheme.POP) {
7798
7583
  const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils, this.performanceClient);
@@ -7805,11 +7590,11 @@ class RefreshTokenClient extends BaseClient {
7805
7590
  reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
7806
7591
  }
7807
7592
  // SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
7808
- parameterBuilder.addPopToken(reqCnfData);
7593
+ addPopToken(parameters, reqCnfData);
7809
7594
  }
7810
7595
  else if (request.authenticationScheme === AuthenticationScheme.SSH) {
7811
7596
  if (request.sshJwk) {
7812
- parameterBuilder.addSshJwk(request.sshJwk);
7597
+ addSshJwk(parameters, request.sshJwk);
7813
7598
  }
7814
7599
  else {
7815
7600
  throw createClientConfigurationError(missingSshJwk);
@@ -7818,7 +7603,7 @@ class RefreshTokenClient extends BaseClient {
7818
7603
  if (!StringUtils.isEmptyObj(request.claims) ||
7819
7604
  (this.config.authOptions.clientCapabilities &&
7820
7605
  this.config.authOptions.clientCapabilities.length > 0)) {
7821
- parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);
7606
+ addClaims(parameters, request.claims, this.config.authOptions.clientCapabilities);
7822
7607
  }
7823
7608
  if (this.config.systemOptions.preventCorsPreflight &&
7824
7609
  request.ccsCredential) {
@@ -7826,7 +7611,7 @@ class RefreshTokenClient extends BaseClient {
7826
7611
  case CcsCredentialType.HOME_ACCOUNT_ID:
7827
7612
  try {
7828
7613
  const clientInfo = buildClientInfoFromHomeAccountId(request.ccsCredential.credential);
7829
- parameterBuilder.addCcsOid(clientInfo);
7614
+ addCcsOid(parameters, clientInfo);
7830
7615
  }
7831
7616
  catch (e) {
7832
7617
  this.logger.verbose("Could not parse home account ID for CCS Header: " +
@@ -7834,20 +7619,18 @@ class RefreshTokenClient extends BaseClient {
7834
7619
  }
7835
7620
  break;
7836
7621
  case CcsCredentialType.UPN:
7837
- parameterBuilder.addCcsUpn(request.ccsCredential.credential);
7622
+ addCcsUpn(parameters, request.ccsCredential.credential);
7838
7623
  break;
7839
7624
  }
7840
7625
  }
7841
7626
  if (request.embeddedClientId) {
7842
- parameterBuilder.addBrokerParameters({
7843
- brokerClientId: this.config.authOptions.clientId,
7844
- brokerRedirectUri: this.config.authOptions.redirectUri,
7845
- });
7627
+ addBrokerParameters(parameters, this.config.authOptions.clientId, this.config.authOptions.redirectUri);
7846
7628
  }
7847
7629
  if (request.tokenBodyParameters) {
7848
- parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters);
7630
+ addExtraQueryParameters(parameters, request.tokenBodyParameters);
7849
7631
  }
7850
- return parameterBuilder.createQueryString();
7632
+ instrumentBrokerParams(parameters, request.correlationId, this.performanceClient);
7633
+ return mapToQueryString(parameters);
7851
7634
  }
7852
7635
  }
7853
7636
 
@@ -7960,6 +7743,236 @@ const StubbedNetworkModule = {
7960
7743
  },
7961
7744
  };
7962
7745
 
7746
+ /*
7747
+ * Copyright (c) Microsoft Corporation. All rights reserved.
7748
+ * Licensed under the MIT License.
7749
+ */
7750
+ /**
7751
+ * Returns map of parameters that are applicable to all calls to /authorize whether using PKCE or EAR
7752
+ * @param config
7753
+ * @param request
7754
+ * @param logger
7755
+ * @param performanceClient
7756
+ * @returns
7757
+ */
7758
+ function getStandardAuthorizeRequestParameters(authOptions, request, logger, performanceClient) {
7759
+ // generate the correlationId if not set by the user and add
7760
+ const correlationId = request.correlationId;
7761
+ const parameters = new Map();
7762
+ addClientId(parameters, request.embeddedClientId ||
7763
+ request.extraQueryParameters?.[CLIENT_ID] ||
7764
+ authOptions.clientId);
7765
+ const requestScopes = [
7766
+ ...(request.scopes || []),
7767
+ ...(request.extraScopesToConsent || []),
7768
+ ];
7769
+ addScopes(parameters, requestScopes, true, authOptions.authority.options.OIDCOptions?.defaultScopes);
7770
+ addRedirectUri(parameters, request.redirectUri);
7771
+ addCorrelationId(parameters, correlationId);
7772
+ // add response_mode. If not passed in it defaults to query.
7773
+ addResponseMode(parameters, request.responseMode);
7774
+ // add client_info=1
7775
+ addClientInfo(parameters);
7776
+ if (request.prompt) {
7777
+ addPrompt(parameters, request.prompt);
7778
+ performanceClient?.addFields({ prompt: request.prompt }, correlationId);
7779
+ }
7780
+ if (request.domainHint) {
7781
+ addDomainHint(parameters, request.domainHint);
7782
+ performanceClient?.addFields({ domainHintFromRequest: true }, correlationId);
7783
+ }
7784
+ // Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object
7785
+ if (request.prompt !== PromptValue.SELECT_ACCOUNT) {
7786
+ // AAD will throw if prompt=select_account is passed with an account hint
7787
+ if (request.sid && request.prompt === PromptValue.NONE) {
7788
+ // SessionID is only used in silent calls
7789
+ logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request");
7790
+ addSid(parameters, request.sid);
7791
+ performanceClient?.addFields({ sidFromRequest: true }, correlationId);
7792
+ }
7793
+ else if (request.account) {
7794
+ const accountSid = extractAccountSid(request.account);
7795
+ let accountLoginHintClaim = extractLoginHint(request.account);
7796
+ if (accountLoginHintClaim && request.domainHint) {
7797
+ logger.warning(`AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint`);
7798
+ accountLoginHintClaim = null;
7799
+ }
7800
+ // If login_hint claim is present, use it over sid/username
7801
+ if (accountLoginHintClaim) {
7802
+ logger.verbose("createAuthCodeUrlQueryString: login_hint claim present on account");
7803
+ addLoginHint(parameters, accountLoginHintClaim);
7804
+ performanceClient?.addFields({ loginHintFromClaim: true }, correlationId);
7805
+ try {
7806
+ const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
7807
+ addCcsOid(parameters, clientInfo);
7808
+ }
7809
+ catch (e) {
7810
+ logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
7811
+ }
7812
+ }
7813
+ else if (accountSid && request.prompt === PromptValue.NONE) {
7814
+ /*
7815
+ * If account and loginHint are provided, we will check account first for sid before adding loginHint
7816
+ * SessionId is only used in silent calls
7817
+ */
7818
+ logger.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account");
7819
+ addSid(parameters, accountSid);
7820
+ performanceClient?.addFields({ sidFromClaim: true }, correlationId);
7821
+ try {
7822
+ const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
7823
+ addCcsOid(parameters, clientInfo);
7824
+ }
7825
+ catch (e) {
7826
+ logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
7827
+ }
7828
+ }
7829
+ else if (request.loginHint) {
7830
+ logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from request");
7831
+ addLoginHint(parameters, request.loginHint);
7832
+ addCcsUpn(parameters, request.loginHint);
7833
+ performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
7834
+ }
7835
+ else if (request.account.username) {
7836
+ // Fallback to account username if provided
7837
+ logger.verbose("createAuthCodeUrlQueryString: Adding login_hint from account");
7838
+ addLoginHint(parameters, request.account.username);
7839
+ performanceClient?.addFields({ loginHintFromUpn: true }, correlationId);
7840
+ try {
7841
+ const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);
7842
+ addCcsOid(parameters, clientInfo);
7843
+ }
7844
+ catch (e) {
7845
+ logger.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header");
7846
+ }
7847
+ }
7848
+ }
7849
+ else if (request.loginHint) {
7850
+ logger.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request");
7851
+ addLoginHint(parameters, request.loginHint);
7852
+ addCcsUpn(parameters, request.loginHint);
7853
+ performanceClient?.addFields({ loginHintFromRequest: true }, correlationId);
7854
+ }
7855
+ }
7856
+ else {
7857
+ logger.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");
7858
+ }
7859
+ if (request.nonce) {
7860
+ addNonce(parameters, request.nonce);
7861
+ }
7862
+ if (request.state) {
7863
+ addState(parameters, request.state);
7864
+ }
7865
+ if (request.claims ||
7866
+ (authOptions.clientCapabilities &&
7867
+ authOptions.clientCapabilities.length > 0)) {
7868
+ addClaims(parameters, request.claims, authOptions.clientCapabilities);
7869
+ }
7870
+ if (request.embeddedClientId) {
7871
+ addBrokerParameters(parameters, authOptions.clientId, authOptions.redirectUri);
7872
+ }
7873
+ if (request.extraQueryParameters) {
7874
+ addExtraQueryParameters(parameters, request.extraQueryParameters);
7875
+ }
7876
+ if (authOptions.instanceAware) {
7877
+ addInstanceAware(parameters);
7878
+ }
7879
+ return parameters;
7880
+ }
7881
+ /**
7882
+ * Returns authorize endpoint with given request parameters in the query string
7883
+ * @param authority
7884
+ * @param requestParameters
7885
+ * @returns
7886
+ */
7887
+ function getAuthorizeUrl(authority, requestParameters) {
7888
+ const queryString = mapToQueryString(requestParameters);
7889
+ return UrlString.appendQueryString(authority.authorizationEndpoint, queryString);
7890
+ }
7891
+ /**
7892
+ * Handles the hash fragment response from public client code request. Returns a code response used by
7893
+ * the client to exchange for a token in acquireToken.
7894
+ * @param serverParams
7895
+ * @param cachedState
7896
+ */
7897
+ function getAuthorizationCodePayload(serverParams, cachedState) {
7898
+ // Get code response
7899
+ validateAuthorizationResponse(serverParams, cachedState);
7900
+ // throw when there is no auth code in the response
7901
+ if (!serverParams.code) {
7902
+ throw createClientAuthError(authorizationCodeMissingFromServerResponse);
7903
+ }
7904
+ return serverParams;
7905
+ }
7906
+ /**
7907
+ * Function which validates server authorization code response.
7908
+ * @param serverResponseHash
7909
+ * @param requestState
7910
+ */
7911
+ function validateAuthorizationResponse(serverResponse, requestState) {
7912
+ if (!serverResponse.state || !requestState) {
7913
+ throw serverResponse.state
7914
+ ? createClientAuthError(stateNotFound, "Cached State")
7915
+ : createClientAuthError(stateNotFound, "Server State");
7916
+ }
7917
+ let decodedServerResponseState;
7918
+ let decodedRequestState;
7919
+ try {
7920
+ decodedServerResponseState = decodeURIComponent(serverResponse.state);
7921
+ }
7922
+ catch (e) {
7923
+ throw createClientAuthError(invalidState, serverResponse.state);
7924
+ }
7925
+ try {
7926
+ decodedRequestState = decodeURIComponent(requestState);
7927
+ }
7928
+ catch (e) {
7929
+ throw createClientAuthError(invalidState, serverResponse.state);
7930
+ }
7931
+ if (decodedServerResponseState !== decodedRequestState) {
7932
+ throw createClientAuthError(stateMismatch);
7933
+ }
7934
+ // Check for error
7935
+ if (serverResponse.error ||
7936
+ serverResponse.error_description ||
7937
+ serverResponse.suberror) {
7938
+ const serverErrorNo = parseServerErrorNo(serverResponse);
7939
+ if (isInteractionRequiredError(serverResponse.error, serverResponse.error_description, serverResponse.suberror)) {
7940
+ throw new InteractionRequiredAuthError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverResponse.timestamp || "", serverResponse.trace_id || "", serverResponse.correlation_id || "", serverResponse.claims || "", serverErrorNo);
7941
+ }
7942
+ throw new ServerError(serverResponse.error || "", serverResponse.error_description, serverResponse.suberror, serverErrorNo);
7943
+ }
7944
+ }
7945
+ /**
7946
+ * Get server error No from the error_uri
7947
+ * @param serverResponse
7948
+ * @returns
7949
+ */
7950
+ function parseServerErrorNo(serverResponse) {
7951
+ const errorCodePrefix = "code=";
7952
+ const errorCodePrefixIndex = serverResponse.error_uri?.lastIndexOf(errorCodePrefix);
7953
+ return errorCodePrefixIndex && errorCodePrefixIndex >= 0
7954
+ ? serverResponse.error_uri?.substring(errorCodePrefixIndex + errorCodePrefix.length)
7955
+ : undefined;
7956
+ }
7957
+ /**
7958
+ * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.
7959
+ * @param account
7960
+ */
7961
+ function extractAccountSid(account) {
7962
+ return account.idTokenClaims?.sid || null;
7963
+ }
7964
+ function extractLoginHint(account) {
7965
+ return account.idTokenClaims?.login_hint || null;
7966
+ }
7967
+
7968
+ var Authorize = /*#__PURE__*/Object.freeze({
7969
+ __proto__: null,
7970
+ getAuthorizationCodePayload: getAuthorizationCodePayload,
7971
+ getAuthorizeUrl: getAuthorizeUrl,
7972
+ getStandardAuthorizeRequestParameters: getStandardAuthorizeRequestParameters,
7973
+ validateAuthorizationResponse: validateAuthorizationResponse
7974
+ });
7975
+
7963
7976
  /*
7964
7977
  * Copyright (c) Microsoft Corporation. All rights reserved.
7965
7978
  * Licensed under the MIT License.
@@ -8290,6 +8303,7 @@ exports.Authority = Authority;
8290
8303
  exports.AuthorityFactory = AuthorityFactory;
8291
8304
  exports.AuthorityType = AuthorityType;
8292
8305
  exports.AuthorizationCodeClient = AuthorizationCodeClient;
8306
+ exports.Authorize = Authorize;
8293
8307
  exports.AzureCloudInstance = AzureCloudInstance;
8294
8308
  exports.BaseClient = BaseClient;
8295
8309
  exports.CacheAccountType = CacheAccountType;
@@ -8374,4 +8388,4 @@ exports.invokeAsync = invokeAsync;
8374
8388
  exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
8375
8389
  exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
8376
8390
  exports.version = version;
8377
- //# sourceMappingURL=index-node--LMD5Re1.js.map
8391
+ //# sourceMappingURL=index-node-BjtDFnOl.js.map