@azure/msal-common 15.2.1 → 15.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (170) hide show
  1. package/dist/account/AccountInfo.mjs +1 -1
  2. package/dist/account/AuthToken.mjs +1 -1
  3. package/dist/account/CcsCredential.mjs +1 -1
  4. package/dist/account/ClientInfo.mjs +1 -1
  5. package/dist/account/TokenClaims.mjs +1 -1
  6. package/dist/authority/Authority.mjs +3 -3
  7. package/dist/authority/Authority.mjs.map +1 -1
  8. package/dist/authority/AuthorityFactory.mjs +1 -1
  9. package/dist/authority/AuthorityMetadata.mjs +1 -1
  10. package/dist/authority/AuthorityOptions.mjs +1 -1
  11. package/dist/authority/AuthorityType.mjs +1 -1
  12. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  13. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  14. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  15. package/dist/authority/ProtocolMode.d.ts +11 -0
  16. package/dist/authority/ProtocolMode.d.ts.map +1 -1
  17. package/dist/authority/ProtocolMode.mjs +12 -1
  18. package/dist/authority/ProtocolMode.mjs.map +1 -1
  19. package/dist/authority/RegionDiscovery.mjs +1 -1
  20. package/dist/cache/CacheManager.mjs +1 -1
  21. package/dist/cache/entities/AccountEntity.mjs +4 -4
  22. package/dist/cache/entities/AccountEntity.mjs.map +1 -1
  23. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  24. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  25. package/dist/client/AuthorizationCodeClient.d.ts +0 -31
  26. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  27. package/dist/client/AuthorizationCodeClient.mjs +41 -246
  28. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  29. package/dist/client/BaseClient.d.ts.map +1 -1
  30. package/dist/client/BaseClient.mjs +9 -10
  31. package/dist/client/BaseClient.mjs.map +1 -1
  32. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  33. package/dist/client/RefreshTokenClient.mjs +27 -29
  34. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  35. package/dist/client/SilentFlowClient.mjs +1 -1
  36. package/dist/config/ClientConfiguration.mjs +1 -1
  37. package/dist/constants/AADServerParamKeys.d.ts +3 -0
  38. package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
  39. package/dist/constants/AADServerParamKeys.mjs +6 -3
  40. package/dist/constants/AADServerParamKeys.mjs.map +1 -1
  41. package/dist/crypto/ICrypto.mjs +1 -1
  42. package/dist/crypto/JoseHeader.mjs +1 -1
  43. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  44. package/dist/error/AuthError.mjs +1 -1
  45. package/dist/error/AuthErrorCodes.mjs +1 -1
  46. package/dist/error/CacheError.mjs +1 -1
  47. package/dist/error/CacheErrorCodes.mjs +1 -1
  48. package/dist/error/ClientAuthError.mjs +1 -1
  49. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  50. package/dist/error/ClientConfigurationError.mjs +1 -1
  51. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  52. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  53. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  54. package/dist/error/JoseHeaderError.mjs +1 -1
  55. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  56. package/dist/error/NetworkError.mjs +1 -1
  57. package/dist/error/ServerError.mjs +1 -1
  58. package/dist/exports-common.d.ts +4 -3
  59. package/dist/exports-common.d.ts.map +1 -1
  60. package/dist/index-browser.mjs +6 -3
  61. package/dist/index-browser.mjs.map +1 -1
  62. package/dist/index-node.mjs +6 -3
  63. package/dist/index-node.mjs.map +1 -1
  64. package/dist/index.mjs +6 -3
  65. package/dist/index.mjs.map +1 -1
  66. package/dist/logger/Logger.mjs +1 -1
  67. package/dist/network/INetworkModule.mjs +1 -1
  68. package/dist/network/RequestThumbprint.mjs +1 -1
  69. package/dist/network/ThrottlingUtils.mjs +1 -1
  70. package/dist/packageMetadata.d.ts +1 -1
  71. package/dist/packageMetadata.mjs +2 -2
  72. package/dist/protocol/Authorize.d.ts +37 -0
  73. package/dist/protocol/Authorize.d.ts.map +1 -0
  74. package/dist/protocol/Authorize.mjs +237 -0
  75. package/dist/protocol/Authorize.mjs.map +1 -0
  76. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  77. package/dist/request/CommonAuthorizationUrlRequest.d.ts +3 -2
  78. package/dist/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
  79. package/dist/request/RequestParameterBuilder.d.ts +211 -219
  80. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  81. package/dist/request/RequestParameterBuilder.mjs +364 -370
  82. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  83. package/dist/request/RequestValidator.mjs +1 -1
  84. package/dist/request/ScopeSet.mjs +1 -1
  85. package/dist/response/AuthorizeResponse.d.ts +76 -0
  86. package/dist/response/AuthorizeResponse.d.ts.map +1 -0
  87. package/dist/response/ResponseHandler.d.ts +0 -8
  88. package/dist/response/ResponseHandler.d.ts.map +1 -1
  89. package/dist/response/ResponseHandler.mjs +2 -49
  90. package/dist/response/ResponseHandler.mjs.map +1 -1
  91. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  92. package/dist/telemetry/performance/PerformanceEvent.d.ts +6 -2
  93. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  94. package/dist/telemetry/performance/PerformanceEvent.mjs +15 -11
  95. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  96. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  97. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  98. package/dist/url/UrlString.mjs +1 -1
  99. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  100. package/dist/utils/Constants.d.ts +11 -5
  101. package/dist/utils/Constants.d.ts.map +1 -1
  102. package/dist/utils/Constants.mjs +13 -8
  103. package/dist/utils/Constants.mjs.map +1 -1
  104. package/dist/utils/FunctionWrappers.mjs +1 -1
  105. package/dist/utils/ProtocolUtils.mjs +1 -1
  106. package/dist/utils/StringUtils.mjs +1 -1
  107. package/dist/utils/TimeUtils.mjs +1 -1
  108. package/dist/utils/UrlUtils.d.ts +6 -2
  109. package/dist/utils/UrlUtils.d.ts.map +1 -1
  110. package/dist/utils/UrlUtils.mjs +13 -2
  111. package/dist/utils/UrlUtils.mjs.map +1 -1
  112. package/lib/index-browser.cjs +4 -2
  113. package/lib/index-browser.cjs.map +1 -1
  114. package/lib/{index-node--LMD5Re1.js → index-node-C56U0Gkp.js} +833 -777
  115. package/lib/index-node-C56U0Gkp.js.map +1 -0
  116. package/lib/index-node.cjs +4 -2
  117. package/lib/index-node.cjs.map +1 -1
  118. package/lib/index.cjs +4 -2
  119. package/lib/index.cjs.map +1 -1
  120. package/lib/types/authority/ProtocolMode.d.ts +11 -0
  121. package/lib/types/authority/ProtocolMode.d.ts.map +1 -1
  122. package/lib/types/client/AuthorizationCodeClient.d.ts +0 -31
  123. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  124. package/lib/types/client/BaseClient.d.ts.map +1 -1
  125. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  126. package/lib/types/constants/AADServerParamKeys.d.ts +3 -0
  127. package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
  128. package/lib/types/exports-common.d.ts +4 -3
  129. package/lib/types/exports-common.d.ts.map +1 -1
  130. package/lib/types/packageMetadata.d.ts +1 -1
  131. package/lib/types/protocol/Authorize.d.ts +37 -0
  132. package/lib/types/protocol/Authorize.d.ts.map +1 -0
  133. package/lib/types/request/CommonAuthorizationUrlRequest.d.ts +3 -2
  134. package/lib/types/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
  135. package/lib/types/request/RequestParameterBuilder.d.ts +211 -219
  136. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  137. package/lib/types/response/AuthorizeResponse.d.ts +76 -0
  138. package/lib/types/response/AuthorizeResponse.d.ts.map +1 -0
  139. package/lib/types/response/ResponseHandler.d.ts +0 -8
  140. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  141. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +6 -2
  142. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  143. package/lib/types/utils/Constants.d.ts +11 -5
  144. package/lib/types/utils/Constants.d.ts.map +1 -1
  145. package/lib/types/utils/UrlUtils.d.ts +6 -2
  146. package/lib/types/utils/UrlUtils.d.ts.map +1 -1
  147. package/package.json +1 -1
  148. package/src/authority/Authority.ts +2 -2
  149. package/src/authority/ProtocolMode.ts +11 -0
  150. package/src/cache/entities/AccountEntity.ts +3 -3
  151. package/src/client/AuthorizationCodeClient.ts +84 -395
  152. package/src/client/BaseClient.ts +20 -12
  153. package/src/client/RefreshTokenClient.ts +60 -30
  154. package/src/constants/AADServerParamKeys.ts +3 -0
  155. package/src/exports-common.ts +5 -2
  156. package/src/packageMetadata.ts +1 -1
  157. package/src/protocol/Authorize.ts +409 -0
  158. package/src/request/CommonAuthorizationUrlRequest.ts +3 -2
  159. package/src/request/RequestParameterBuilder.ts +516 -545
  160. package/src/response/AuthorizeResponse.ts +80 -0
  161. package/src/response/ResponseHandler.ts +0 -98
  162. package/src/telemetry/performance/PerformanceEvent.ts +14 -11
  163. package/src/utils/Constants.ts +14 -6
  164. package/src/utils/UrlUtils.ts +19 -4
  165. package/dist/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  166. package/dist/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  167. package/lib/index-node--LMD5Re1.js.map +0 -1
  168. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts +0 -27
  169. package/lib/types/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
  170. package/src/response/ServerAuthorizationCodeResponse.ts +0 -34
@@ -4,14 +4,13 @@
4
4
  */
5
5
 
6
6
  import { BaseClient } from "./BaseClient.js";
7
- import { CommonAuthorizationUrlRequest } from "../request/CommonAuthorizationUrlRequest.js";
8
7
  import { CommonAuthorizationCodeRequest } from "../request/CommonAuthorizationCodeRequest.js";
9
8
  import { Authority } from "../authority/Authority.js";
10
- import { RequestParameterBuilder } from "../request/RequestParameterBuilder.js";
9
+ import * as RequestParameterBuilder from "../request/RequestParameterBuilder.js";
10
+ import * as UrlUtils from "../utils/UrlUtils.js";
11
11
  import {
12
12
  GrantType,
13
13
  AuthenticationScheme,
14
- PromptValue,
15
14
  Separators,
16
15
  HeaderNames,
17
16
  } from "../utils/Constants.js";
@@ -30,12 +29,10 @@ import {
30
29
  createClientAuthError,
31
30
  } from "../error/ClientAuthError.js";
32
31
  import { UrlString } from "../url/UrlString.js";
33
- import { ServerAuthorizationCodeResponse } from "../response/ServerAuthorizationCodeResponse.js";
34
32
  import { CommonEndSessionRequest } from "../request/CommonEndSessionRequest.js";
35
33
  import { PopTokenGenerator } from "../crypto/PopTokenGenerator.js";
36
34
  import { AuthorizationCodePayload } from "../response/AuthorizationCodePayload.js";
37
35
  import * as TimeUtils from "../utils/TimeUtils.js";
38
- import { AccountInfo } from "../account/AccountInfo.js";
39
36
  import {
40
37
  buildClientInfoFromHomeAccountId,
41
38
  buildClientInfo,
@@ -71,38 +68,6 @@ export class AuthorizationCodeClient extends BaseClient {
71
68
  this.config.authOptions.authority.options.OIDCOptions?.defaultScopes;
72
69
  }
73
70
 
74
- /**
75
- * Creates the URL of the authorization request letting the user input credentials and consent to the
76
- * application. The URL target the /authorize endpoint of the authority configured in the
77
- * application object.
78
- *
79
- * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI
80
- * sent in the request and should contain an authorization code, which can then be used to acquire tokens via
81
- * acquireToken(AuthorizationCodeRequest)
82
- * @param request
83
- */
84
- async getAuthCodeUrl(
85
- request: CommonAuthorizationUrlRequest
86
- ): Promise<string> {
87
- this.performanceClient?.addQueueMeasurement(
88
- PerformanceEvents.GetAuthCodeUrl,
89
- request.correlationId
90
- );
91
-
92
- const queryString = await invokeAsync(
93
- this.createAuthCodeUrlQueryString.bind(this),
94
- PerformanceEvents.AuthClientCreateQueryString,
95
- this.logger,
96
- this.performanceClient,
97
- request.correlationId
98
- )(request);
99
-
100
- return UrlString.appendQueryString(
101
- this.authority.authorizationEndpoint,
102
- queryString
103
- );
104
- }
105
-
106
71
  /**
107
72
  * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the
108
73
  * authorization_code_grant
@@ -167,41 +132,6 @@ export class AuthorizationCodeClient extends BaseClient {
167
132
  );
168
133
  }
169
134
 
170
- /**
171
- * Handles the hash fragment response from public client code request. Returns a code response used by
172
- * the client to exchange for a token in acquireToken.
173
- * @param hashFragment
174
- */
175
- handleFragmentResponse(
176
- serverParams: ServerAuthorizationCodeResponse,
177
- cachedState: string
178
- ): AuthorizationCodePayload {
179
- // Handle responses.
180
- const responseHandler = new ResponseHandler(
181
- this.config.authOptions.clientId,
182
- this.cacheManager,
183
- this.cryptoUtils,
184
- this.logger,
185
- null,
186
- null
187
- );
188
-
189
- // Get code response
190
- responseHandler.validateServerAuthorizationCodeResponse(
191
- serverParams,
192
- cachedState
193
- );
194
-
195
- // throw when there is no auth code in the response
196
- if (!serverParams.code) {
197
- throw createClientAuthError(
198
- ClientAuthErrorCodes.authorizationCodeMissingFromServerResponse
199
- );
200
- }
201
-
202
- return serverParams as AuthorizationCodePayload;
203
- }
204
-
205
135
  /**
206
136
  * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.
207
137
  * Default behaviour is to redirect the user to `window.location.href`.
@@ -305,12 +235,10 @@ export class AuthorizationCodeClient extends BaseClient {
305
235
  request.correlationId
306
236
  );
307
237
 
308
- const parameterBuilder = new RequestParameterBuilder(
309
- request.correlationId,
310
- this.performanceClient
311
- );
238
+ const parameters = new Map<string, string>();
312
239
 
313
- parameterBuilder.addClientId(
240
+ RequestParameterBuilder.addClientId(
241
+ parameters,
314
242
  request.embeddedClientId ||
315
243
  request.tokenBodyParameters?.[AADServerParamKeys.CLIENT_ID] ||
316
244
  this.config.authOptions.clientId
@@ -325,37 +253,52 @@ export class AuthorizationCodeClient extends BaseClient {
325
253
  RequestValidator.validateRedirectUri(request.redirectUri);
326
254
  } else {
327
255
  // Validate and include redirect uri
328
- parameterBuilder.addRedirectUri(request.redirectUri);
256
+ RequestParameterBuilder.addRedirectUri(
257
+ parameters,
258
+ request.redirectUri
259
+ );
329
260
  }
330
261
 
331
262
  // Add scope array, parameter builder will add default scopes and dedupe
332
- parameterBuilder.addScopes(
263
+ RequestParameterBuilder.addScopes(
264
+ parameters,
333
265
  request.scopes,
334
266
  true,
335
267
  this.oidcDefaultScopes
336
268
  );
337
269
 
338
270
  // add code: user set, not validated
339
- parameterBuilder.addAuthorizationCode(request.code);
271
+ RequestParameterBuilder.addAuthorizationCode(parameters, request.code);
340
272
 
341
273
  // Add library metadata
342
- parameterBuilder.addLibraryInfo(this.config.libraryInfo);
343
- parameterBuilder.addApplicationTelemetry(
274
+ RequestParameterBuilder.addLibraryInfo(
275
+ parameters,
276
+ this.config.libraryInfo
277
+ );
278
+ RequestParameterBuilder.addApplicationTelemetry(
279
+ parameters,
344
280
  this.config.telemetry.application
345
281
  );
346
- parameterBuilder.addThrottling();
282
+ RequestParameterBuilder.addThrottling(parameters);
347
283
 
348
284
  if (this.serverTelemetryManager && !isOidcProtocolMode(this.config)) {
349
- parameterBuilder.addServerTelemetry(this.serverTelemetryManager);
285
+ RequestParameterBuilder.addServerTelemetry(
286
+ parameters,
287
+ this.serverTelemetryManager
288
+ );
350
289
  }
351
290
 
352
291
  // add code_verifier if passed
353
292
  if (request.codeVerifier) {
354
- parameterBuilder.addCodeVerifier(request.codeVerifier);
293
+ RequestParameterBuilder.addCodeVerifier(
294
+ parameters,
295
+ request.codeVerifier
296
+ );
355
297
  }
356
298
 
357
299
  if (this.config.clientCredentials.clientSecret) {
358
- parameterBuilder.addClientSecret(
300
+ RequestParameterBuilder.addClientSecret(
301
+ parameters,
359
302
  this.config.clientCredentials.clientSecret
360
303
  );
361
304
  }
@@ -364,20 +307,25 @@ export class AuthorizationCodeClient extends BaseClient {
364
307
  const clientAssertion: ClientAssertion =
365
308
  this.config.clientCredentials.clientAssertion;
366
309
 
367
- parameterBuilder.addClientAssertion(
310
+ RequestParameterBuilder.addClientAssertion(
311
+ parameters,
368
312
  await getClientAssertion(
369
313
  clientAssertion.assertion,
370
314
  this.config.authOptions.clientId,
371
315
  request.resourceRequestUri
372
316
  )
373
317
  );
374
- parameterBuilder.addClientAssertionType(
318
+ RequestParameterBuilder.addClientAssertionType(
319
+ parameters,
375
320
  clientAssertion.assertionType
376
321
  );
377
322
  }
378
323
 
379
- parameterBuilder.addGrantType(GrantType.AUTHORIZATION_CODE_GRANT);
380
- parameterBuilder.addClientInfo();
324
+ RequestParameterBuilder.addGrantType(
325
+ parameters,
326
+ GrantType.AUTHORIZATION_CODE_GRANT
327
+ );
328
+ RequestParameterBuilder.addClientInfo(parameters);
381
329
 
382
330
  if (request.authenticationScheme === AuthenticationScheme.POP) {
383
331
  const popTokenGenerator = new PopTokenGenerator(
@@ -400,10 +348,10 @@ export class AuthorizationCodeClient extends BaseClient {
400
348
  }
401
349
 
402
350
  // SPA PoP requires full Base64Url encoded req_cnf string (unhashed)
403
- parameterBuilder.addPopToken(reqCnfData);
351
+ RequestParameterBuilder.addPopToken(parameters, reqCnfData);
404
352
  } else if (request.authenticationScheme === AuthenticationScheme.SSH) {
405
353
  if (request.sshJwk) {
406
- parameterBuilder.addSshJwk(request.sshJwk);
354
+ RequestParameterBuilder.addSshJwk(parameters, request.sshJwk);
407
355
  } else {
408
356
  throw createClientConfigurationError(
409
357
  ClientConfigurationErrorCodes.missingSshJwk
@@ -416,7 +364,8 @@ export class AuthorizationCodeClient extends BaseClient {
416
364
  (this.config.authOptions.clientCapabilities &&
417
365
  this.config.authOptions.clientCapabilities.length > 0)
418
366
  ) {
419
- parameterBuilder.addClaims(
367
+ RequestParameterBuilder.addClaims(
368
+ parameters,
420
369
  request.claims,
421
370
  this.config.authOptions.clientCapabilities
422
371
  );
@@ -450,7 +399,10 @@ export class AuthorizationCodeClient extends BaseClient {
450
399
  const clientInfo = buildClientInfoFromHomeAccountId(
451
400
  ccsCred.credential
452
401
  );
453
- parameterBuilder.addCcsOid(clientInfo);
402
+ RequestParameterBuilder.addCcsOid(
403
+ parameters,
404
+ clientInfo
405
+ );
454
406
  } catch (e) {
455
407
  this.logger.verbose(
456
408
  "Could not parse home account ID for CCS Header: " +
@@ -459,20 +411,25 @@ export class AuthorizationCodeClient extends BaseClient {
459
411
  }
460
412
  break;
461
413
  case CcsCredentialType.UPN:
462
- parameterBuilder.addCcsUpn(ccsCred.credential);
414
+ RequestParameterBuilder.addCcsUpn(
415
+ parameters,
416
+ ccsCred.credential
417
+ );
463
418
  break;
464
419
  }
465
420
  }
466
421
 
467
422
  if (request.embeddedClientId) {
468
- parameterBuilder.addBrokerParameters({
469
- brokerClientId: this.config.authOptions.clientId,
470
- brokerRedirectUri: this.config.authOptions.redirectUri,
471
- });
423
+ RequestParameterBuilder.addBrokerParameters(
424
+ parameters,
425
+ this.config.authOptions.clientId,
426
+ this.config.authOptions.redirectUri
427
+ );
472
428
  }
473
429
 
474
430
  if (request.tokenBodyParameters) {
475
- parameterBuilder.addExtraQueryParameters(
431
+ RequestParameterBuilder.addExtraQueryParameters(
432
+ parameters,
476
433
  request.tokenBodyParameters
477
434
  );
478
435
  }
@@ -485,268 +442,17 @@ export class AuthorizationCodeClient extends BaseClient {
485
442
  AADServerParamKeys.RETURN_SPA_CODE
486
443
  ])
487
444
  ) {
488
- parameterBuilder.addExtraQueryParameters({
445
+ RequestParameterBuilder.addExtraQueryParameters(parameters, {
489
446
  [AADServerParamKeys.RETURN_SPA_CODE]: "1",
490
447
  });
491
448
  }
492
449
 
493
- return parameterBuilder.createQueryString();
494
- }
495
-
496
- /**
497
- * This API validates the `AuthorizationCodeUrlRequest` and creates a URL
498
- * @param request
499
- */
500
- private async createAuthCodeUrlQueryString(
501
- request: CommonAuthorizationUrlRequest
502
- ): Promise<string> {
503
- // generate the correlationId if not set by the user and add
504
- const correlationId =
505
- request.correlationId ||
506
- this.config.cryptoInterface.createNewGuid();
507
-
508
- this.performanceClient?.addQueueMeasurement(
509
- PerformanceEvents.AuthClientCreateQueryString,
510
- correlationId
511
- );
512
-
513
- const parameterBuilder = new RequestParameterBuilder(
514
- correlationId,
450
+ RequestParameterBuilder.instrumentBrokerParams(
451
+ parameters,
452
+ request.correlationId,
515
453
  this.performanceClient
516
454
  );
517
-
518
- parameterBuilder.addClientId(
519
- request.embeddedClientId ||
520
- request.extraQueryParameters?.[AADServerParamKeys.CLIENT_ID] ||
521
- this.config.authOptions.clientId
522
- );
523
-
524
- const requestScopes = [
525
- ...(request.scopes || []),
526
- ...(request.extraScopesToConsent || []),
527
- ];
528
- parameterBuilder.addScopes(requestScopes, true, this.oidcDefaultScopes);
529
-
530
- // validate the redirectUri (to be a non null value)
531
- parameterBuilder.addRedirectUri(request.redirectUri);
532
-
533
- parameterBuilder.addCorrelationId(correlationId);
534
-
535
- // add response_mode. If not passed in it defaults to query.
536
- parameterBuilder.addResponseMode(request.responseMode);
537
-
538
- // add response_type = code
539
- parameterBuilder.addResponseTypeCode();
540
-
541
- // add library info parameters
542
- parameterBuilder.addLibraryInfo(this.config.libraryInfo);
543
- if (!isOidcProtocolMode(this.config)) {
544
- parameterBuilder.addApplicationTelemetry(
545
- this.config.telemetry.application
546
- );
547
- }
548
-
549
- // add client_info=1
550
- parameterBuilder.addClientInfo();
551
-
552
- if (request.codeChallenge && request.codeChallengeMethod) {
553
- parameterBuilder.addCodeChallengeParams(
554
- request.codeChallenge,
555
- request.codeChallengeMethod
556
- );
557
- }
558
-
559
- if (request.prompt) {
560
- parameterBuilder.addPrompt(request.prompt);
561
- }
562
-
563
- if (request.domainHint) {
564
- parameterBuilder.addDomainHint(request.domainHint);
565
- this.performanceClient?.addFields(
566
- { domainHintFromRequest: true },
567
- correlationId
568
- );
569
- }
570
-
571
- this.performanceClient?.addFields(
572
- { prompt: request.prompt },
573
- correlationId
574
- );
575
-
576
- // Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object
577
- if (request.prompt !== PromptValue.SELECT_ACCOUNT) {
578
- // AAD will throw if prompt=select_account is passed with an account hint
579
- if (request.sid && request.prompt === PromptValue.NONE) {
580
- // SessionID is only used in silent calls
581
- this.logger.verbose(
582
- "createAuthCodeUrlQueryString: Prompt is none, adding sid from request"
583
- );
584
- parameterBuilder.addSid(request.sid);
585
- this.performanceClient?.addFields(
586
- { sidFromRequest: true },
587
- correlationId
588
- );
589
- } else if (request.account) {
590
- const accountSid = this.extractAccountSid(request.account);
591
- let accountLoginHintClaim = this.extractLoginHint(
592
- request.account
593
- );
594
-
595
- if (accountLoginHintClaim && request.domainHint) {
596
- this.logger.warning(
597
- `AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint`
598
- );
599
- accountLoginHintClaim = null;
600
- }
601
-
602
- // If login_hint claim is present, use it over sid/username
603
- if (accountLoginHintClaim) {
604
- this.logger.verbose(
605
- "createAuthCodeUrlQueryString: login_hint claim present on account"
606
- );
607
- parameterBuilder.addLoginHint(accountLoginHintClaim);
608
- this.performanceClient?.addFields(
609
- { loginHintFromClaim: true },
610
- correlationId
611
- );
612
- try {
613
- const clientInfo = buildClientInfoFromHomeAccountId(
614
- request.account.homeAccountId
615
- );
616
- parameterBuilder.addCcsOid(clientInfo);
617
- } catch (e) {
618
- this.logger.verbose(
619
- "createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"
620
- );
621
- }
622
- } else if (accountSid && request.prompt === PromptValue.NONE) {
623
- /*
624
- * If account and loginHint are provided, we will check account first for sid before adding loginHint
625
- * SessionId is only used in silent calls
626
- */
627
- this.logger.verbose(
628
- "createAuthCodeUrlQueryString: Prompt is none, adding sid from account"
629
- );
630
- parameterBuilder.addSid(accountSid);
631
- this.performanceClient?.addFields(
632
- { sidFromClaim: true },
633
- correlationId
634
- );
635
- try {
636
- const clientInfo = buildClientInfoFromHomeAccountId(
637
- request.account.homeAccountId
638
- );
639
- parameterBuilder.addCcsOid(clientInfo);
640
- } catch (e) {
641
- this.logger.verbose(
642
- "createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"
643
- );
644
- }
645
- } else if (request.loginHint) {
646
- this.logger.verbose(
647
- "createAuthCodeUrlQueryString: Adding login_hint from request"
648
- );
649
- parameterBuilder.addLoginHint(request.loginHint);
650
- parameterBuilder.addCcsUpn(request.loginHint);
651
- this.performanceClient?.addFields(
652
- { loginHintFromRequest: true },
653
- correlationId
654
- );
655
- } else if (request.account.username) {
656
- // Fallback to account username if provided
657
- this.logger.verbose(
658
- "createAuthCodeUrlQueryString: Adding login_hint from account"
659
- );
660
- parameterBuilder.addLoginHint(request.account.username);
661
- this.performanceClient?.addFields(
662
- { loginHintFromUpn: true },
663
- correlationId
664
- );
665
- try {
666
- const clientInfo = buildClientInfoFromHomeAccountId(
667
- request.account.homeAccountId
668
- );
669
- parameterBuilder.addCcsOid(clientInfo);
670
- } catch (e) {
671
- this.logger.verbose(
672
- "createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header"
673
- );
674
- }
675
- }
676
- } else if (request.loginHint) {
677
- this.logger.verbose(
678
- "createAuthCodeUrlQueryString: No account, adding login_hint from request"
679
- );
680
- parameterBuilder.addLoginHint(request.loginHint);
681
- parameterBuilder.addCcsUpn(request.loginHint);
682
- this.performanceClient?.addFields(
683
- { loginHintFromRequest: true },
684
- correlationId
685
- );
686
- }
687
- } else {
688
- this.logger.verbose(
689
- "createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints"
690
- );
691
- }
692
-
693
- if (request.nonce) {
694
- parameterBuilder.addNonce(request.nonce);
695
- }
696
-
697
- if (request.state) {
698
- parameterBuilder.addState(request.state);
699
- }
700
-
701
- if (
702
- request.claims ||
703
- (this.config.authOptions.clientCapabilities &&
704
- this.config.authOptions.clientCapabilities.length > 0)
705
- ) {
706
- parameterBuilder.addClaims(
707
- request.claims,
708
- this.config.authOptions.clientCapabilities
709
- );
710
- }
711
-
712
- if (request.embeddedClientId) {
713
- parameterBuilder.addBrokerParameters({
714
- brokerClientId: this.config.authOptions.clientId,
715
- brokerRedirectUri: this.config.authOptions.redirectUri,
716
- });
717
- }
718
-
719
- this.addExtraQueryParams(request, parameterBuilder);
720
-
721
- if (request.platformBroker) {
722
- // signal ests that this is a WAM call
723
- parameterBuilder.addNativeBroker();
724
-
725
- // pass the req_cnf for POP
726
- if (request.authenticationScheme === AuthenticationScheme.POP) {
727
- const popTokenGenerator = new PopTokenGenerator(
728
- this.cryptoUtils
729
- );
730
-
731
- // req_cnf is always sent as a string for SPAs
732
- let reqCnfData;
733
- if (!request.popKid) {
734
- const generatedReqCnfData = await invokeAsync(
735
- popTokenGenerator.generateCnf.bind(popTokenGenerator),
736
- PerformanceEvents.PopTokenGenerateCnf,
737
- this.logger,
738
- this.performanceClient,
739
- request.correlationId
740
- )(request, this.logger);
741
- reqCnfData = generatedReqCnfData.reqCnfString;
742
- } else {
743
- reqCnfData = this.cryptoUtils.encodeKid(request.popKid);
744
- }
745
- parameterBuilder.addPopToken(reqCnfData);
746
- }
747
- }
748
-
749
- return parameterBuilder.createQueryString();
455
+ return UrlUtils.mapToQueryString(parameters);
750
456
  }
751
457
 
752
458
  /**
@@ -756,68 +462,51 @@ export class AuthorizationCodeClient extends BaseClient {
756
462
  private createLogoutUrlQueryString(
757
463
  request: CommonEndSessionRequest
758
464
  ): string {
759
- const parameterBuilder = new RequestParameterBuilder(
760
- request.correlationId,
761
- this.performanceClient
762
- );
465
+ const parameters = new Map<string, string>();
763
466
 
764
467
  if (request.postLogoutRedirectUri) {
765
- parameterBuilder.addPostLogoutRedirectUri(
468
+ RequestParameterBuilder.addPostLogoutRedirectUri(
469
+ parameters,
766
470
  request.postLogoutRedirectUri
767
471
  );
768
472
  }
769
473
 
770
474
  if (request.correlationId) {
771
- parameterBuilder.addCorrelationId(request.correlationId);
475
+ RequestParameterBuilder.addCorrelationId(
476
+ parameters,
477
+ request.correlationId
478
+ );
772
479
  }
773
480
 
774
481
  if (request.idTokenHint) {
775
- parameterBuilder.addIdTokenHint(request.idTokenHint);
482
+ RequestParameterBuilder.addIdTokenHint(
483
+ parameters,
484
+ request.idTokenHint
485
+ );
776
486
  }
777
487
 
778
488
  if (request.state) {
779
- parameterBuilder.addState(request.state);
489
+ RequestParameterBuilder.addState(parameters, request.state);
780
490
  }
781
491
 
782
492
  if (request.logoutHint) {
783
- parameterBuilder.addLogoutHint(request.logoutHint);
784
- }
785
-
786
- this.addExtraQueryParams(request, parameterBuilder);
787
-
788
- return parameterBuilder.createQueryString();
789
- }
790
-
791
- private addExtraQueryParams(
792
- request: CommonAuthorizationUrlRequest | CommonEndSessionRequest,
793
- parameterBuilder: RequestParameterBuilder
794
- ) {
795
- const hasRequestInstanceAware =
796
- request.extraQueryParameters &&
797
- request.extraQueryParameters.hasOwnProperty("instance_aware");
798
-
799
- // Set instance_aware flag if config auth param is set
800
- if (!hasRequestInstanceAware && this.config.authOptions.instanceAware) {
801
- request.extraQueryParameters = request.extraQueryParameters || {};
802
- request.extraQueryParameters["instance_aware"] = "true";
493
+ RequestParameterBuilder.addLogoutHint(
494
+ parameters,
495
+ request.logoutHint
496
+ );
803
497
  }
804
498
 
805
499
  if (request.extraQueryParameters) {
806
- parameterBuilder.addExtraQueryParameters(
500
+ RequestParameterBuilder.addExtraQueryParameters(
501
+ parameters,
807
502
  request.extraQueryParameters
808
503
  );
809
504
  }
810
- }
811
505
 
812
- /**
813
- * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.
814
- * @param account
815
- */
816
- private extractAccountSid(account: AccountInfo): string | null {
817
- return account.idTokenClaims?.sid || null;
818
- }
506
+ if (this.config.authOptions.instanceAware) {
507
+ RequestParameterBuilder.addInstanceAware(parameters);
508
+ }
819
509
 
820
- private extractLoginHint(account: AccountInfo): string | null {
821
- return account.idTokenClaims?.login_hint || null;
510
+ return UrlUtils.mapToQueryString(parameters);
822
511
  }
823
512
  }