@azure/msal-common 15.2.1 → 15.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +3 -3
- package/dist/authority/Authority.mjs.map +1 -1
- package/dist/authority/AuthorityFactory.mjs +1 -1
- package/dist/authority/AuthorityMetadata.mjs +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.d.ts +11 -0
- package/dist/authority/ProtocolMode.d.ts.map +1 -1
- package/dist/authority/ProtocolMode.mjs +12 -1
- package/dist/authority/ProtocolMode.mjs.map +1 -1
- package/dist/authority/RegionDiscovery.mjs +1 -1
- package/dist/cache/CacheManager.mjs +1 -1
- package/dist/cache/entities/AccountEntity.mjs +4 -4
- package/dist/cache/entities/AccountEntity.mjs.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts +0 -31
- package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +41 -246
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/BaseClient.d.ts.map +1 -1
- package/dist/client/BaseClient.mjs +9 -10
- package/dist/client/BaseClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +27 -29
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.mjs +1 -1
- package/dist/config/ClientConfiguration.mjs +1 -1
- package/dist/constants/AADServerParamKeys.d.ts +3 -0
- package/dist/constants/AADServerParamKeys.d.ts.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +6 -3
- package/dist/constants/AADServerParamKeys.mjs.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +1 -1
- package/dist/error/AuthError.mjs +1 -1
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.mjs +1 -1
- package/dist/error/CacheErrorCodes.mjs +1 -1
- package/dist/error/ClientAuthError.mjs +1 -1
- package/dist/error/ClientAuthErrorCodes.mjs +1 -1
- package/dist/error/ClientConfigurationError.mjs +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +1 -1
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/exports-common.d.ts +4 -3
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/index-browser.mjs +6 -3
- package/dist/index-browser.mjs.map +1 -1
- package/dist/index-node.mjs +6 -3
- package/dist/index-node.mjs.map +1 -1
- package/dist/index.mjs +6 -3
- package/dist/index.mjs.map +1 -1
- package/dist/logger/Logger.mjs +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.mjs +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.d.ts +37 -0
- package/dist/protocol/Authorize.d.ts.map +1 -0
- package/dist/protocol/Authorize.mjs +237 -0
- package/dist/protocol/Authorize.mjs.map +1 -0
- package/dist/request/AuthenticationHeaderParser.mjs +1 -1
- package/dist/request/CommonAuthorizationUrlRequest.d.ts +3 -2
- package/dist/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.d.ts +211 -219
- package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
- package/dist/request/RequestParameterBuilder.mjs +364 -370
- package/dist/request/RequestParameterBuilder.mjs.map +1 -1
- package/dist/request/RequestValidator.mjs +1 -1
- package/dist/request/ScopeSet.mjs +1 -1
- package/dist/response/AuthorizeResponse.d.ts +76 -0
- package/dist/response/AuthorizeResponse.d.ts.map +1 -0
- package/dist/response/ResponseHandler.d.ts +0 -8
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +2 -49
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.d.ts +6 -2
- package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +15 -11
- package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
- package/dist/url/UrlString.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.d.ts +11 -5
- package/dist/utils/Constants.d.ts.map +1 -1
- package/dist/utils/Constants.mjs +13 -8
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.d.ts +6 -2
- package/dist/utils/UrlUtils.d.ts.map +1 -1
- package/dist/utils/UrlUtils.mjs +13 -2
- package/dist/utils/UrlUtils.mjs.map +1 -1
- package/lib/index-browser.cjs +4 -2
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node--LMD5Re1.js → index-node-C56U0Gkp.js} +833 -777
- package/lib/index-node-C56U0Gkp.js.map +1 -0
- package/lib/index-node.cjs +4 -2
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +4 -2
- package/lib/index.cjs.map +1 -1
- package/lib/types/authority/ProtocolMode.d.ts +11 -0
- package/lib/types/authority/ProtocolMode.d.ts.map +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts +0 -31
- package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/lib/types/client/BaseClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/constants/AADServerParamKeys.d.ts +3 -0
- package/lib/types/constants/AADServerParamKeys.d.ts.map +1 -1
- package/lib/types/exports-common.d.ts +4 -3
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/protocol/Authorize.d.ts +37 -0
- package/lib/types/protocol/Authorize.d.ts.map +1 -0
- package/lib/types/request/CommonAuthorizationUrlRequest.d.ts +3 -2
- package/lib/types/request/CommonAuthorizationUrlRequest.d.ts.map +1 -1
- package/lib/types/request/RequestParameterBuilder.d.ts +211 -219
- package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
- package/lib/types/response/AuthorizeResponse.d.ts +76 -0
- package/lib/types/response/AuthorizeResponse.d.ts.map +1 -0
- package/lib/types/response/ResponseHandler.d.ts +0 -8
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts +6 -2
- package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
- package/lib/types/utils/Constants.d.ts +11 -5
- package/lib/types/utils/Constants.d.ts.map +1 -1
- package/lib/types/utils/UrlUtils.d.ts +6 -2
- package/lib/types/utils/UrlUtils.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/authority/Authority.ts +2 -2
- package/src/authority/ProtocolMode.ts +11 -0
- package/src/cache/entities/AccountEntity.ts +3 -3
- package/src/client/AuthorizationCodeClient.ts +84 -395
- package/src/client/BaseClient.ts +20 -12
- package/src/client/RefreshTokenClient.ts +60 -30
- package/src/constants/AADServerParamKeys.ts +3 -0
- package/src/exports-common.ts +5 -2
- package/src/packageMetadata.ts +1 -1
- package/src/protocol/Authorize.ts +409 -0
- package/src/request/CommonAuthorizationUrlRequest.ts +3 -2
- package/src/request/RequestParameterBuilder.ts +516 -545
- package/src/response/AuthorizeResponse.ts +80 -0
- package/src/response/ResponseHandler.ts +0 -98
- package/src/telemetry/performance/PerformanceEvent.ts +14 -11
- package/src/utils/Constants.ts +14 -6
- package/src/utils/UrlUtils.ts +19 -4
- package/dist/response/ServerAuthorizationCodeResponse.d.ts +0 -27
- package/dist/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
- package/lib/index-node--LMD5Re1.js.map +0 -1
- package/lib/types/response/ServerAuthorizationCodeResponse.d.ts +0 -27
- package/lib/types/response/ServerAuthorizationCodeResponse.d.ts.map +0 -1
- package/src/response/ServerAuthorizationCodeResponse.ts +0 -34
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
* Licensed under the MIT License.
|
|
4
|
+
*/
|
|
5
|
+
|
|
6
|
+
/**
|
|
7
|
+
* Response properties that may be returned by the /authorize endpoint
|
|
8
|
+
*/
|
|
9
|
+
export type AuthorizeResponse = {
|
|
10
|
+
/**
|
|
11
|
+
* Authorization Code to be exchanged for tokens
|
|
12
|
+
*/
|
|
13
|
+
code?: string;
|
|
14
|
+
/**
|
|
15
|
+
* Encrypted Authorize Response (EAR) JWE
|
|
16
|
+
*/
|
|
17
|
+
ear_jwe?: string;
|
|
18
|
+
/**
|
|
19
|
+
* Client info object containing UserId and TenantId
|
|
20
|
+
*/
|
|
21
|
+
client_info?: string;
|
|
22
|
+
/**
|
|
23
|
+
* State string, should match what was sent on request
|
|
24
|
+
*/
|
|
25
|
+
state?: string;
|
|
26
|
+
/**
|
|
27
|
+
* Cloud instance returned when application is instance aware
|
|
28
|
+
*/
|
|
29
|
+
cloud_instance_name?: string;
|
|
30
|
+
/**
|
|
31
|
+
* Cloud instance hostname returned when application is instance aware
|
|
32
|
+
*/
|
|
33
|
+
cloud_instance_host_name?: string;
|
|
34
|
+
/**
|
|
35
|
+
* AAD Graph hostname returned when application is instance aware
|
|
36
|
+
* https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api
|
|
37
|
+
*/
|
|
38
|
+
cloud_graph_host_name?: string;
|
|
39
|
+
/**
|
|
40
|
+
* Microsoft Graph hostname returned when application is instance aware
|
|
41
|
+
* https://docs.microsoft.com/en-us/graph/overview
|
|
42
|
+
*/
|
|
43
|
+
msgraph_host?: string;
|
|
44
|
+
/**
|
|
45
|
+
* Server error code
|
|
46
|
+
*/
|
|
47
|
+
error?: string;
|
|
48
|
+
/**
|
|
49
|
+
* Server error URI
|
|
50
|
+
*/
|
|
51
|
+
error_uri?: string;
|
|
52
|
+
/**
|
|
53
|
+
* Server error description
|
|
54
|
+
*/
|
|
55
|
+
error_description?: string;
|
|
56
|
+
/**
|
|
57
|
+
* Server Sub-Error
|
|
58
|
+
*/
|
|
59
|
+
suberror?: string;
|
|
60
|
+
/**
|
|
61
|
+
* Timestamp of request
|
|
62
|
+
*/
|
|
63
|
+
timestamp?: string;
|
|
64
|
+
/**
|
|
65
|
+
* Trace Id used to look up request in logs
|
|
66
|
+
*/
|
|
67
|
+
trace_id?: string;
|
|
68
|
+
/**
|
|
69
|
+
* Correlation ID use to look up request in logs
|
|
70
|
+
*/
|
|
71
|
+
correlation_id?: string;
|
|
72
|
+
/**
|
|
73
|
+
* Claims
|
|
74
|
+
*/
|
|
75
|
+
claims?: string;
|
|
76
|
+
/**
|
|
77
|
+
* AccountId for the user, returned when platform broker is available to use
|
|
78
|
+
*/
|
|
79
|
+
accountId?: string;
|
|
80
|
+
};
|
|
@@ -9,7 +9,6 @@ import {
|
|
|
9
9
|
ClientAuthErrorCodes,
|
|
10
10
|
createClientAuthError,
|
|
11
11
|
} from "../error/ClientAuthError.js";
|
|
12
|
-
import { ServerAuthorizationCodeResponse } from "./ServerAuthorizationCodeResponse.js";
|
|
13
12
|
import { Logger } from "../logger/Logger.js";
|
|
14
13
|
import { ServerError } from "../error/ServerError.js";
|
|
15
14
|
import { ScopeSet } from "../request/ScopeSet.js";
|
|
@@ -54,19 +53,6 @@ import {
|
|
|
54
53
|
import * as CacheHelpers from "../cache/utils/CacheHelpers.js";
|
|
55
54
|
import * as TimeUtils from "../utils/TimeUtils.js";
|
|
56
55
|
|
|
57
|
-
function parseServerErrorNo(
|
|
58
|
-
serverResponse: ServerAuthorizationCodeResponse
|
|
59
|
-
): string | undefined {
|
|
60
|
-
const errorCodePrefix = "code=";
|
|
61
|
-
const errorCodePrefixIndex =
|
|
62
|
-
serverResponse.error_uri?.lastIndexOf(errorCodePrefix);
|
|
63
|
-
return errorCodePrefixIndex && errorCodePrefixIndex >= 0
|
|
64
|
-
? serverResponse.error_uri?.substring(
|
|
65
|
-
errorCodePrefixIndex + errorCodePrefix.length
|
|
66
|
-
)
|
|
67
|
-
: undefined;
|
|
68
|
-
}
|
|
69
|
-
|
|
70
56
|
/**
|
|
71
57
|
* Class that handles response parsing.
|
|
72
58
|
* @internal
|
|
@@ -99,90 +85,6 @@ export class ResponseHandler {
|
|
|
99
85
|
this.performanceClient = performanceClient;
|
|
100
86
|
}
|
|
101
87
|
|
|
102
|
-
/**
|
|
103
|
-
* Function which validates server authorization code response.
|
|
104
|
-
* @param serverResponseHash
|
|
105
|
-
* @param requestState
|
|
106
|
-
* @param cryptoObj
|
|
107
|
-
*/
|
|
108
|
-
validateServerAuthorizationCodeResponse(
|
|
109
|
-
serverResponse: ServerAuthorizationCodeResponse,
|
|
110
|
-
requestState: string
|
|
111
|
-
): void {
|
|
112
|
-
if (!serverResponse.state || !requestState) {
|
|
113
|
-
throw serverResponse.state
|
|
114
|
-
? createClientAuthError(
|
|
115
|
-
ClientAuthErrorCodes.stateNotFound,
|
|
116
|
-
"Cached State"
|
|
117
|
-
)
|
|
118
|
-
: createClientAuthError(
|
|
119
|
-
ClientAuthErrorCodes.stateNotFound,
|
|
120
|
-
"Server State"
|
|
121
|
-
);
|
|
122
|
-
}
|
|
123
|
-
|
|
124
|
-
let decodedServerResponseState: string;
|
|
125
|
-
let decodedRequestState: string;
|
|
126
|
-
|
|
127
|
-
try {
|
|
128
|
-
decodedServerResponseState = decodeURIComponent(
|
|
129
|
-
serverResponse.state
|
|
130
|
-
);
|
|
131
|
-
} catch (e) {
|
|
132
|
-
throw createClientAuthError(
|
|
133
|
-
ClientAuthErrorCodes.invalidState,
|
|
134
|
-
serverResponse.state
|
|
135
|
-
);
|
|
136
|
-
}
|
|
137
|
-
|
|
138
|
-
try {
|
|
139
|
-
decodedRequestState = decodeURIComponent(requestState);
|
|
140
|
-
} catch (e) {
|
|
141
|
-
throw createClientAuthError(
|
|
142
|
-
ClientAuthErrorCodes.invalidState,
|
|
143
|
-
serverResponse.state
|
|
144
|
-
);
|
|
145
|
-
}
|
|
146
|
-
|
|
147
|
-
if (decodedServerResponseState !== decodedRequestState) {
|
|
148
|
-
throw createClientAuthError(ClientAuthErrorCodes.stateMismatch);
|
|
149
|
-
}
|
|
150
|
-
|
|
151
|
-
// Check for error
|
|
152
|
-
if (
|
|
153
|
-
serverResponse.error ||
|
|
154
|
-
serverResponse.error_description ||
|
|
155
|
-
serverResponse.suberror
|
|
156
|
-
) {
|
|
157
|
-
const serverErrorNo = parseServerErrorNo(serverResponse);
|
|
158
|
-
if (
|
|
159
|
-
isInteractionRequiredError(
|
|
160
|
-
serverResponse.error,
|
|
161
|
-
serverResponse.error_description,
|
|
162
|
-
serverResponse.suberror
|
|
163
|
-
)
|
|
164
|
-
) {
|
|
165
|
-
throw new InteractionRequiredAuthError(
|
|
166
|
-
serverResponse.error || "",
|
|
167
|
-
serverResponse.error_description,
|
|
168
|
-
serverResponse.suberror,
|
|
169
|
-
serverResponse.timestamp || "",
|
|
170
|
-
serverResponse.trace_id || "",
|
|
171
|
-
serverResponse.correlation_id || "",
|
|
172
|
-
serverResponse.claims || "",
|
|
173
|
-
serverErrorNo
|
|
174
|
-
);
|
|
175
|
-
}
|
|
176
|
-
|
|
177
|
-
throw new ServerError(
|
|
178
|
-
serverResponse.error || "",
|
|
179
|
-
serverResponse.error_description,
|
|
180
|
-
serverResponse.suberror,
|
|
181
|
-
serverErrorNo
|
|
182
|
-
);
|
|
183
|
-
}
|
|
184
|
-
}
|
|
185
|
-
|
|
186
88
|
/**
|
|
187
89
|
* Function which validates server authorization token response.
|
|
188
90
|
* @param serverResponse
|
|
@@ -214,19 +214,21 @@ export const PerformanceEvents = {
|
|
|
214
214
|
"standardInteractionClientGetClientConfiguration",
|
|
215
215
|
StandardInteractionClientInitializeAuthorizationRequest:
|
|
216
216
|
"standardInteractionClientInitializeAuthorizationRequest",
|
|
217
|
-
StandardInteractionClientInitializeAuthorizationCodeRequest:
|
|
218
|
-
"standardInteractionClientInitializeAuthorizationCodeRequest",
|
|
219
217
|
|
|
220
218
|
/**
|
|
221
219
|
* getAuthCodeUrl API (msal-browser and msal-node).
|
|
222
220
|
*/
|
|
223
221
|
GetAuthCodeUrl: "getAuthCodeUrl",
|
|
222
|
+
GetStandardParams: "getStandardParams",
|
|
224
223
|
|
|
225
224
|
/**
|
|
226
225
|
* Functions from InteractionHandler (msal-browser)
|
|
227
226
|
*/
|
|
228
227
|
HandleCodeResponseFromServer: "handleCodeResponseFromServer",
|
|
229
228
|
HandleCodeResponse: "handleCodeResponse",
|
|
229
|
+
HandleResponseEar: "handleResponseEar",
|
|
230
|
+
HandleResponsePlatformBroker: "handleResponsePlatformBroker",
|
|
231
|
+
HandleResponseCode: "handleResponseCode",
|
|
230
232
|
UpdateTokenEndpointAuthority: "updateTokenEndpointAuthority",
|
|
231
233
|
|
|
232
234
|
/**
|
|
@@ -235,7 +237,6 @@ export const PerformanceEvents = {
|
|
|
235
237
|
AuthClientAcquireToken: "authClientAcquireToken",
|
|
236
238
|
AuthClientExecuteTokenRequest: "authClientExecuteTokenRequest",
|
|
237
239
|
AuthClientCreateTokenRequestBody: "authClientCreateTokenRequestBody",
|
|
238
|
-
AuthClientCreateQueryString: "authClientCreateQueryString",
|
|
239
240
|
|
|
240
241
|
/**
|
|
241
242
|
* Generate functions in PopTokenGenerator (msal-common)
|
|
@@ -317,6 +318,8 @@ export const PerformanceEvents = {
|
|
|
317
318
|
UrlEncodeArr: "urlEncodeArr",
|
|
318
319
|
Encrypt: "encrypt",
|
|
319
320
|
Decrypt: "decrypt",
|
|
321
|
+
GenerateEarKey: "generateEarKey",
|
|
322
|
+
DecryptEarResponse: "decryptEarResponse",
|
|
320
323
|
} as const;
|
|
321
324
|
export type PerformanceEvents =
|
|
322
325
|
(typeof PerformanceEvents)[keyof typeof PerformanceEvents];
|
|
@@ -433,10 +436,6 @@ export const PerformanceEventAbbreviations: ReadonlyMap<string, string> =
|
|
|
433
436
|
PerformanceEvents.StandardInteractionClientInitializeAuthorizationRequest,
|
|
434
437
|
"StdIntClientInitAuthReq",
|
|
435
438
|
],
|
|
436
|
-
[
|
|
437
|
-
PerformanceEvents.StandardInteractionClientInitializeAuthorizationCodeRequest,
|
|
438
|
-
"StdIntClientInitAuthCodeReq",
|
|
439
|
-
],
|
|
440
439
|
|
|
441
440
|
[PerformanceEvents.GetAuthCodeUrl, "GetAuthCodeUrl"],
|
|
442
441
|
|
|
@@ -445,6 +444,12 @@ export const PerformanceEventAbbreviations: ReadonlyMap<string, string> =
|
|
|
445
444
|
"HandleCodeResFromServer",
|
|
446
445
|
],
|
|
447
446
|
[PerformanceEvents.HandleCodeResponse, "HandleCodeResp"],
|
|
447
|
+
[PerformanceEvents.HandleResponseEar, "HandleRespEar"],
|
|
448
|
+
[PerformanceEvents.HandleResponseCode, "HandleRespCode"],
|
|
449
|
+
[
|
|
450
|
+
PerformanceEvents.HandleResponsePlatformBroker,
|
|
451
|
+
"HandleRespPlatBroker",
|
|
452
|
+
],
|
|
448
453
|
[PerformanceEvents.UpdateTokenEndpointAuthority, "UpdTEndpointAuth"],
|
|
449
454
|
|
|
450
455
|
[PerformanceEvents.AuthClientAcquireToken, "AuthClientAT"],
|
|
@@ -453,10 +458,6 @@ export const PerformanceEventAbbreviations: ReadonlyMap<string, string> =
|
|
|
453
458
|
PerformanceEvents.AuthClientCreateTokenRequestBody,
|
|
454
459
|
"AuthClientCreateTReqBody",
|
|
455
460
|
],
|
|
456
|
-
[
|
|
457
|
-
PerformanceEvents.AuthClientCreateQueryString,
|
|
458
|
-
"AuthClientCreateQueryStr",
|
|
459
|
-
],
|
|
460
461
|
[PerformanceEvents.PopTokenGenerateCnf, "PopTGenCnf"],
|
|
461
462
|
[PerformanceEvents.PopTokenGenerateKid, "PopTGenKid"],
|
|
462
463
|
[PerformanceEvents.HandleServerTokenResponse, "HandleServerTRes"],
|
|
@@ -552,6 +553,8 @@ export const PerformanceEventAbbreviations: ReadonlyMap<string, string> =
|
|
|
552
553
|
[PerformanceEvents.UrlEncodeArr, "urlEncArr"],
|
|
553
554
|
[PerformanceEvents.Encrypt, "encrypt"],
|
|
554
555
|
[PerformanceEvents.Decrypt, "decrypt"],
|
|
556
|
+
[PerformanceEvents.GenerateEarKey, "genEarKey"],
|
|
557
|
+
[PerformanceEvents.DecryptEarResponse, "decryptEarResp"],
|
|
555
558
|
]);
|
|
556
559
|
|
|
557
560
|
/**
|
package/src/utils/Constants.ts
CHANGED
|
@@ -34,11 +34,8 @@ export const Constants = {
|
|
|
34
34
|
PROFILE_SCOPE: "profile",
|
|
35
35
|
OFFLINE_ACCESS_SCOPE: "offline_access",
|
|
36
36
|
EMAIL_SCOPE: "email",
|
|
37
|
-
// Default response type for authorization code flow
|
|
38
|
-
CODE_RESPONSE_TYPE: "code",
|
|
39
37
|
CODE_GRANT_TYPE: "authorization_code",
|
|
40
38
|
RT_GRANT_TYPE: "refresh_token",
|
|
41
|
-
FRAGMENT_RESPONSE_MODE: "fragment",
|
|
42
39
|
S256_CODE_CHALLENGE_METHOD: "S256",
|
|
43
40
|
URL_FORM_CONTENT_TYPE: "application/x-www-form-urlencoded;charset=utf-8",
|
|
44
41
|
AUTHORIZATION_PENDING: "authorization_pending",
|
|
@@ -58,8 +55,6 @@ export const Constants = {
|
|
|
58
55
|
"login.microsoft.com",
|
|
59
56
|
"sts.windows.net",
|
|
60
57
|
],
|
|
61
|
-
TOKEN_RESPONSE_TYPE: "token",
|
|
62
|
-
ID_TOKEN_RESPONSE_TYPE: "id_token",
|
|
63
58
|
SHR_NONCE_VALIDITY: 240,
|
|
64
59
|
INVALID_INSTANCE: "invalid_instance",
|
|
65
60
|
};
|
|
@@ -161,8 +156,20 @@ export const CodeChallengeMethodValues = {
|
|
|
161
156
|
S256: "S256",
|
|
162
157
|
};
|
|
163
158
|
|
|
159
|
+
/**
|
|
160
|
+
* Allowed values for response_type
|
|
161
|
+
*/
|
|
162
|
+
export const OAuthResponseType = {
|
|
163
|
+
CODE: "code",
|
|
164
|
+
IDTOKEN_TOKEN: "id_token token",
|
|
165
|
+
IDTOKEN_TOKEN_REFRESHTOKEN: "id_token token refresh_token",
|
|
166
|
+
} as const;
|
|
167
|
+
export type OAuthResponseType =
|
|
168
|
+
(typeof OAuthResponseType)[keyof typeof OAuthResponseType];
|
|
169
|
+
|
|
164
170
|
/**
|
|
165
171
|
* allowed values for server response type
|
|
172
|
+
* @deprecated Use ResponseMode instead
|
|
166
173
|
*/
|
|
167
174
|
export const ServerResponseType = {
|
|
168
175
|
QUERY: "query",
|
|
@@ -175,7 +182,8 @@ export type ServerResponseType =
|
|
|
175
182
|
* allowed values for response_mode
|
|
176
183
|
*/
|
|
177
184
|
export const ResponseMode = {
|
|
178
|
-
|
|
185
|
+
QUERY: "query",
|
|
186
|
+
FRAGMENT: "fragment",
|
|
179
187
|
FORM_POST: "form_post",
|
|
180
188
|
} as const;
|
|
181
189
|
export type ResponseMode = (typeof ResponseMode)[keyof typeof ResponseMode];
|
package/src/utils/UrlUtils.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
* Licensed under the MIT License.
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
|
-
import {
|
|
6
|
+
import { AuthorizeResponse } from "../response/AuthorizeResponse.js";
|
|
7
7
|
import {
|
|
8
8
|
ClientAuthErrorCodes,
|
|
9
9
|
createClientAuthError,
|
|
@@ -31,7 +31,7 @@ export function stripLeadingHashOrQuery(responseString: string): string {
|
|
|
31
31
|
*/
|
|
32
32
|
export function getDeserializedResponse(
|
|
33
33
|
responseString: string
|
|
34
|
-
):
|
|
34
|
+
): AuthorizeResponse | null {
|
|
35
35
|
// Check if given hash is empty
|
|
36
36
|
if (!responseString || responseString.indexOf("=") < 0) {
|
|
37
37
|
return null;
|
|
@@ -40,12 +40,14 @@ export function getDeserializedResponse(
|
|
|
40
40
|
// Strip the # or ? symbol if present
|
|
41
41
|
const normalizedResponse = stripLeadingHashOrQuery(responseString);
|
|
42
42
|
// If # symbol was not present, above will return empty string, so give original hash value
|
|
43
|
-
const deserializedHash:
|
|
44
|
-
|
|
43
|
+
const deserializedHash: AuthorizeResponse = Object.fromEntries(
|
|
44
|
+
new URLSearchParams(normalizedResponse)
|
|
45
|
+
);
|
|
45
46
|
|
|
46
47
|
// Check for known response properties
|
|
47
48
|
if (
|
|
48
49
|
deserializedHash.code ||
|
|
50
|
+
deserializedHash.ear_jwe ||
|
|
49
51
|
deserializedHash.error ||
|
|
50
52
|
deserializedHash.error_description ||
|
|
51
53
|
deserializedHash.state
|
|
@@ -58,3 +60,16 @@ export function getDeserializedResponse(
|
|
|
58
60
|
|
|
59
61
|
return null;
|
|
60
62
|
}
|
|
63
|
+
|
|
64
|
+
/**
|
|
65
|
+
* Utility to create a URL from the params map
|
|
66
|
+
*/
|
|
67
|
+
export function mapToQueryString(parameters: Map<string, string>): string {
|
|
68
|
+
const queryParameterArray: Array<string> = new Array<string>();
|
|
69
|
+
|
|
70
|
+
parameters.forEach((value, key) => {
|
|
71
|
+
queryParameterArray.push(`${key}=${encodeURIComponent(value)}`);
|
|
72
|
+
});
|
|
73
|
+
|
|
74
|
+
return queryParameterArray.join("&");
|
|
75
|
+
}
|
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Deserialized response object from server authorization code request.
|
|
3
|
-
* - code: authorization code from server
|
|
4
|
-
* - client_info: client info object
|
|
5
|
-
* - state: OAuth2 request state
|
|
6
|
-
* - error: error sent back in hash
|
|
7
|
-
* - error: description
|
|
8
|
-
*/
|
|
9
|
-
export type ServerAuthorizationCodeResponse = {
|
|
10
|
-
code?: string;
|
|
11
|
-
client_info?: string;
|
|
12
|
-
state?: string;
|
|
13
|
-
cloud_instance_name?: string;
|
|
14
|
-
cloud_instance_host_name?: string;
|
|
15
|
-
cloud_graph_host_name?: string;
|
|
16
|
-
msgraph_host?: string;
|
|
17
|
-
error?: string;
|
|
18
|
-
error_uri?: string;
|
|
19
|
-
error_description?: string;
|
|
20
|
-
suberror?: string;
|
|
21
|
-
timestamp?: string;
|
|
22
|
-
trace_id?: string;
|
|
23
|
-
correlation_id?: string;
|
|
24
|
-
claims?: string;
|
|
25
|
-
accountId?: string;
|
|
26
|
-
};
|
|
27
|
-
//# sourceMappingURL=ServerAuthorizationCodeResponse.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"ServerAuthorizationCodeResponse.d.ts","sourceRoot":"","sources":["../../src/response/ServerAuthorizationCodeResponse.ts"],"names":[],"mappings":"AAKA;;;;;;;GAOG;AACH,MAAM,MAAM,+BAA+B,GAAG;IAE1C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,SAAS,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC"}
|