@azure/msal-common 15.7.0 → 15.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (176) hide show
  1. package/dist/account/AccountInfo.d.ts +1 -0
  2. package/dist/account/AccountInfo.d.ts.map +1 -1
  3. package/dist/account/AccountInfo.mjs +1 -1
  4. package/dist/account/AccountInfo.mjs.map +1 -1
  5. package/dist/account/AuthToken.mjs +1 -1
  6. package/dist/account/CcsCredential.mjs +1 -1
  7. package/dist/account/ClientInfo.mjs +1 -1
  8. package/dist/account/TokenClaims.mjs +1 -1
  9. package/dist/authority/Authority.mjs +1 -1
  10. package/dist/authority/AuthorityFactory.mjs +1 -1
  11. package/dist/authority/AuthorityMetadata.mjs +1 -2
  12. package/dist/authority/AuthorityMetadata.mjs.map +1 -1
  13. package/dist/authority/AuthorityOptions.mjs +1 -1
  14. package/dist/authority/AuthorityType.mjs +1 -1
  15. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  16. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  17. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  18. package/dist/authority/ProtocolMode.mjs +1 -1
  19. package/dist/authority/RegionDiscovery.mjs +1 -1
  20. package/dist/cache/CacheManager.d.ts +32 -30
  21. package/dist/cache/CacheManager.d.ts.map +1 -1
  22. package/dist/cache/CacheManager.mjs +83 -101
  23. package/dist/cache/CacheManager.mjs.map +1 -1
  24. package/dist/cache/entities/AccountEntity.d.ts +1 -0
  25. package/dist/cache/entities/AccountEntity.d.ts.map +1 -1
  26. package/dist/cache/entities/AccountEntity.mjs +1 -1
  27. package/dist/cache/entities/AccountEntity.mjs.map +1 -1
  28. package/dist/cache/entities/CredentialEntity.d.ts +2 -0
  29. package/dist/cache/entities/CredentialEntity.d.ts.map +1 -1
  30. package/dist/cache/interface/ICacheManager.d.ts +16 -16
  31. package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
  32. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  33. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  34. package/dist/client/AuthorizationCodeClient.mjs +3 -3
  35. package/dist/client/BaseClient.d.ts.map +1 -1
  36. package/dist/client/BaseClient.mjs +4 -4
  37. package/dist/client/BaseClient.mjs.map +1 -1
  38. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  39. package/dist/client/RefreshTokenClient.mjs +5 -5
  40. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  41. package/dist/client/SilentFlowClient.d.ts.map +1 -1
  42. package/dist/client/SilentFlowClient.mjs +4 -4
  43. package/dist/client/SilentFlowClient.mjs.map +1 -1
  44. package/dist/config/ClientConfiguration.d.ts.map +1 -1
  45. package/dist/config/ClientConfiguration.mjs +4 -3
  46. package/dist/config/ClientConfiguration.mjs.map +1 -1
  47. package/dist/constants/AADServerParamKeys.mjs +1 -1
  48. package/dist/crypto/ICrypto.d.ts +1 -1
  49. package/dist/crypto/ICrypto.d.ts.map +1 -1
  50. package/dist/crypto/ICrypto.mjs +1 -1
  51. package/dist/crypto/JoseHeader.mjs +1 -1
  52. package/dist/crypto/PopTokenGenerator.mjs +2 -4
  53. package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
  54. package/dist/error/AuthError.mjs +2 -2
  55. package/dist/error/AuthErrorCodes.mjs +1 -1
  56. package/dist/error/CacheError.d.ts +8 -1
  57. package/dist/error/CacheError.d.ts.map +1 -1
  58. package/dist/error/CacheError.mjs +26 -7
  59. package/dist/error/CacheError.mjs.map +1 -1
  60. package/dist/error/CacheErrorCodes.d.ts +2 -2
  61. package/dist/error/CacheErrorCodes.d.ts.map +1 -1
  62. package/dist/error/CacheErrorCodes.mjs +4 -4
  63. package/dist/error/CacheErrorCodes.mjs.map +1 -1
  64. package/dist/error/ClientAuthError.mjs +2 -2
  65. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  66. package/dist/error/ClientConfigurationError.mjs +2 -2
  67. package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
  68. package/dist/error/InteractionRequiredAuthError.d.ts.map +1 -1
  69. package/dist/error/InteractionRequiredAuthError.mjs +4 -2
  70. package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
  71. package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +1 -0
  72. package/dist/error/InteractionRequiredAuthErrorCodes.d.ts.map +1 -1
  73. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +3 -2
  74. package/dist/error/InteractionRequiredAuthErrorCodes.mjs.map +1 -1
  75. package/dist/error/JoseHeaderError.mjs +2 -2
  76. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  77. package/dist/error/NetworkError.mjs +1 -1
  78. package/dist/error/ServerError.mjs +1 -1
  79. package/dist/exports-common.d.ts +1 -1
  80. package/dist/exports-common.d.ts.map +1 -1
  81. package/dist/index-browser.mjs +2 -2
  82. package/dist/index-node.mjs +2 -2
  83. package/dist/index.mjs +2 -2
  84. package/dist/logger/Logger.mjs +1 -1
  85. package/dist/network/INetworkModule.mjs +1 -1
  86. package/dist/network/RequestThumbprint.mjs +1 -1
  87. package/dist/network/ThrottlingUtils.d.ts +2 -2
  88. package/dist/network/ThrottlingUtils.d.ts.map +1 -1
  89. package/dist/network/ThrottlingUtils.mjs +6 -6
  90. package/dist/network/ThrottlingUtils.mjs.map +1 -1
  91. package/dist/packageMetadata.d.ts +1 -1
  92. package/dist/packageMetadata.mjs +2 -2
  93. package/dist/protocol/Authorize.mjs +2 -2
  94. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  95. package/dist/request/RequestParameterBuilder.mjs +2 -2
  96. package/dist/request/RequestValidator.mjs +1 -1
  97. package/dist/request/ScopeSet.mjs +1 -1
  98. package/dist/response/ResponseHandler.d.ts +1 -1
  99. package/dist/response/ResponseHandler.d.ts.map +1 -1
  100. package/dist/response/ResponseHandler.mjs +6 -6
  101. package/dist/response/ResponseHandler.mjs.map +1 -1
  102. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  103. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  104. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  105. package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
  106. package/dist/telemetry/server/ServerTelemetryManager.mjs +7 -7
  107. package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  108. package/dist/url/UrlString.mjs +1 -1
  109. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  110. package/dist/utils/Constants.mjs +1 -4
  111. package/dist/utils/Constants.mjs.map +1 -1
  112. package/dist/utils/FunctionWrappers.mjs +1 -1
  113. package/dist/utils/ProtocolUtils.mjs +1 -1
  114. package/dist/utils/StringUtils.mjs +1 -1
  115. package/dist/utils/TimeUtils.mjs +1 -1
  116. package/dist/utils/UrlUtils.mjs +1 -1
  117. package/lib/index-browser.cjs +5 -81
  118. package/lib/index-browser.cjs.map +1 -1
  119. package/lib/{index-node-DNGOJ4N7.js → index-node-2PsHlOld.js} +217 -139
  120. package/lib/index-node-2PsHlOld.js.map +1 -0
  121. package/lib/index-node.cjs +3 -2
  122. package/lib/index-node.cjs.map +1 -1
  123. package/lib/index.cjs +4 -3
  124. package/lib/index.cjs.map +1 -1
  125. package/lib/types/account/AccountInfo.d.ts +1 -0
  126. package/lib/types/account/AccountInfo.d.ts.map +1 -1
  127. package/lib/types/cache/CacheManager.d.ts +32 -30
  128. package/lib/types/cache/CacheManager.d.ts.map +1 -1
  129. package/lib/types/cache/entities/AccountEntity.d.ts +1 -0
  130. package/lib/types/cache/entities/AccountEntity.d.ts.map +1 -1
  131. package/lib/types/cache/entities/CredentialEntity.d.ts +2 -0
  132. package/lib/types/cache/entities/CredentialEntity.d.ts.map +1 -1
  133. package/lib/types/cache/interface/ICacheManager.d.ts +16 -16
  134. package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
  135. package/lib/types/client/BaseClient.d.ts.map +1 -1
  136. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  137. package/lib/types/client/SilentFlowClient.d.ts.map +1 -1
  138. package/lib/types/config/ClientConfiguration.d.ts.map +1 -1
  139. package/lib/types/crypto/ICrypto.d.ts +1 -1
  140. package/lib/types/crypto/ICrypto.d.ts.map +1 -1
  141. package/lib/types/error/CacheError.d.ts +8 -1
  142. package/lib/types/error/CacheError.d.ts.map +1 -1
  143. package/lib/types/error/CacheErrorCodes.d.ts +2 -2
  144. package/lib/types/error/CacheErrorCodes.d.ts.map +1 -1
  145. package/lib/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
  146. package/lib/types/error/InteractionRequiredAuthErrorCodes.d.ts +1 -0
  147. package/lib/types/error/InteractionRequiredAuthErrorCodes.d.ts.map +1 -1
  148. package/lib/types/exports-common.d.ts +1 -1
  149. package/lib/types/exports-common.d.ts.map +1 -1
  150. package/lib/types/network/ThrottlingUtils.d.ts +2 -2
  151. package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
  152. package/lib/types/packageMetadata.d.ts +1 -1
  153. package/lib/types/response/ResponseHandler.d.ts +1 -1
  154. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  155. package/lib/types/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
  156. package/package.json +1 -1
  157. package/src/account/AccountInfo.ts +1 -0
  158. package/src/cache/CacheManager.ts +159 -123
  159. package/src/cache/entities/AccountEntity.ts +1 -0
  160. package/src/cache/entities/CredentialEntity.ts +2 -0
  161. package/src/cache/interface/ICacheManager.ts +34 -16
  162. package/src/client/BaseClient.ts +11 -2
  163. package/src/client/RefreshTokenClient.ts +6 -3
  164. package/src/client/SilentFlowClient.ts +7 -6
  165. package/src/config/ClientConfiguration.ts +3 -1
  166. package/src/crypto/ICrypto.ts +2 -2
  167. package/src/error/CacheError.ts +26 -5
  168. package/src/error/CacheErrorCodes.ts +2 -2
  169. package/src/error/InteractionRequiredAuthError.ts +3 -0
  170. package/src/error/InteractionRequiredAuthErrorCodes.ts +1 -0
  171. package/src/exports-common.ts +5 -1
  172. package/src/network/ThrottlingUtils.ts +8 -5
  173. package/src/packageMetadata.ts +1 -1
  174. package/src/response/ResponseHandler.ts +7 -2
  175. package/src/telemetry/server/ServerTelemetryManager.ts +14 -6
  176. package/lib/index-node-DNGOJ4N7.js.map +0 -1
@@ -52,7 +52,8 @@ import { getAliasesFromStaticSources } from "../authority/AuthorityMetadata.js";
52
52
  import { StaticAuthorityOptions } from "../authority/AuthorityOptions.js";
53
53
  import { TokenClaims } from "../account/TokenClaims.js";
54
54
  import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
55
- import { CacheError, CacheErrorCodes } from "../error/CacheError.js";
55
+ import { createCacheError } from "../error/CacheError.js";
56
+ import { AuthError } from "../error/AuthError.js";
56
57
 
57
58
  /**
58
59
  * Interface class which implement cache storage functions used by MSAL to perform validity checks, and store tokens.
@@ -64,17 +65,20 @@ export abstract class CacheManager implements ICacheManager {
64
65
  // Instance of logger for functions defined in the msal-common layer
65
66
  private commonLogger: Logger;
66
67
  private staticAuthorityOptions?: StaticAuthorityOptions;
68
+ protected performanceClient: IPerformanceClient;
67
69
 
68
70
  constructor(
69
71
  clientId: string,
70
72
  cryptoImpl: ICrypto,
71
73
  logger: Logger,
74
+ performanceClient: IPerformanceClient,
72
75
  staticAuthorityOptions?: StaticAuthorityOptions
73
76
  ) {
74
77
  this.clientId = clientId;
75
78
  this.cryptoImpl = cryptoImpl;
76
79
  this.commonLogger = logger.clone(name, version);
77
80
  this.staticAuthorityOptions = staticAuthorityOptions;
81
+ this.performanceClient = performanceClient;
78
82
  }
79
83
 
80
84
  /**
@@ -83,7 +87,7 @@ export abstract class CacheManager implements ICacheManager {
83
87
  */
84
88
  abstract getAccount(
85
89
  accountKey: string,
86
- logger?: Logger
90
+ correlationId: string
87
91
  ): AccountEntity | null;
88
92
 
89
93
  /**
@@ -100,7 +104,10 @@ export abstract class CacheManager implements ICacheManager {
100
104
  * fetch the idToken entity from the platform cache
101
105
  * @param idTokenKey
102
106
  */
103
- abstract getIdTokenCredential(idTokenKey: string): IdTokenEntity | null;
107
+ abstract getIdTokenCredential(
108
+ idTokenKey: string,
109
+ correlationId: string
110
+ ): IdTokenEntity | null;
104
111
 
105
112
  /**
106
113
  * set idToken entity to the platform cache
@@ -117,7 +124,8 @@ export abstract class CacheManager implements ICacheManager {
117
124
  * @param accessTokenKey
118
125
  */
119
126
  abstract getAccessTokenCredential(
120
- accessTokenKey: string
127
+ accessTokenKey: string,
128
+ correlationId: string
121
129
  ): AccessTokenEntity | null;
122
130
 
123
131
  /**
@@ -135,7 +143,8 @@ export abstract class CacheManager implements ICacheManager {
135
143
  * @param refreshTokenKey
136
144
  */
137
145
  abstract getRefreshTokenCredential(
138
- refreshTokenKey: string
146
+ refreshTokenKey: string,
147
+ correlationId: string
139
148
  ): RefreshTokenEntity | null;
140
149
 
141
150
  /**
@@ -158,7 +167,10 @@ export abstract class CacheManager implements ICacheManager {
158
167
  * set appMetadata entity to the platform cache
159
168
  * @param appMetadata
160
169
  */
161
- abstract setAppMetadata(appMetadata: AppMetadataEntity): void;
170
+ abstract setAppMetadata(
171
+ appMetadata: AppMetadataEntity,
172
+ correlationId: string
173
+ ): void;
162
174
 
163
175
  /**
164
176
  * fetch server telemetry entity from the platform cache
@@ -175,7 +187,8 @@ export abstract class CacheManager implements ICacheManager {
175
187
  */
176
188
  abstract setServerTelemetry(
177
189
  serverTelemetryKey: string,
178
- serverTelemetry: ServerTelemetryEntity
190
+ serverTelemetry: ServerTelemetryEntity,
191
+ correlationId: string
179
192
  ): void;
180
193
 
181
194
  /**
@@ -214,14 +227,15 @@ export abstract class CacheManager implements ICacheManager {
214
227
  */
215
228
  abstract setThrottlingCache(
216
229
  throttlingCacheKey: string,
217
- throttlingCache: ThrottlingEntity
230
+ throttlingCache: ThrottlingEntity,
231
+ correlationId: string
218
232
  ): void;
219
233
 
220
234
  /**
221
235
  * Function to remove an item from cache given its key.
222
236
  * @param key
223
237
  */
224
- abstract removeItem(key: string): void;
238
+ abstract removeItem(key: string, correlationId: string): void;
225
239
 
226
240
  /**
227
241
  * Function which retrieves all current keys from the cache.
@@ -243,9 +257,13 @@ export abstract class CacheManager implements ICacheManager {
243
257
  * @param accountFilter - (Optional) filter to narrow down the accounts returned
244
258
  * @returns Array of AccountInfo objects in cache
245
259
  */
246
- getAllAccounts(accountFilter?: AccountFilter): AccountInfo[] {
260
+ getAllAccounts(
261
+ accountFilter: AccountFilter,
262
+ correlationId: string
263
+ ): AccountInfo[] {
247
264
  return this.buildTenantProfiles(
248
- this.getAccountsFilteredBy(accountFilter || {}),
265
+ this.getAccountsFilteredBy(accountFilter, correlationId),
266
+ correlationId,
249
267
  accountFilter
250
268
  );
251
269
  }
@@ -253,8 +271,11 @@ export abstract class CacheManager implements ICacheManager {
253
271
  /**
254
272
  * Gets first tenanted AccountInfo object found based on provided filters
255
273
  */
256
- getAccountInfoFilteredBy(accountFilter: AccountFilter): AccountInfo | null {
257
- const allAccounts = this.getAllAccounts(accountFilter);
274
+ getAccountInfoFilteredBy(
275
+ accountFilter: AccountFilter,
276
+ correlationId: string
277
+ ): AccountInfo | null {
278
+ const allAccounts = this.getAllAccounts(accountFilter, correlationId);
258
279
  if (allAccounts.length > 1) {
259
280
  // If one or more accounts are found, prioritize accounts that have an ID token
260
281
  const sortedAccounts = allAccounts.sort((account) => {
@@ -274,8 +295,14 @@ export abstract class CacheManager implements ICacheManager {
274
295
  * @param accountFilter
275
296
  * @returns
276
297
  */
277
- getBaseAccountInfo(accountFilter: AccountFilter): AccountInfo | null {
278
- const accountEntities = this.getAccountsFilteredBy(accountFilter);
298
+ getBaseAccountInfo(
299
+ accountFilter: AccountFilter,
300
+ correlationId: string
301
+ ): AccountInfo | null {
302
+ const accountEntities = this.getAccountsFilteredBy(
303
+ accountFilter,
304
+ correlationId
305
+ );
279
306
  if (accountEntities.length > 0) {
280
307
  return accountEntities[0].getAccountInfo();
281
308
  } else {
@@ -292,11 +319,13 @@ export abstract class CacheManager implements ICacheManager {
292
319
  */
293
320
  private buildTenantProfiles(
294
321
  cachedAccounts: AccountEntity[],
322
+ correlationId: string,
295
323
  accountFilter?: AccountFilter
296
324
  ): AccountInfo[] {
297
325
  return cachedAccounts.flatMap((accountEntity) => {
298
326
  return this.getTenantProfilesFromAccountEntity(
299
327
  accountEntity,
328
+ correlationId,
300
329
  accountFilter?.tenantId,
301
330
  accountFilter
302
331
  );
@@ -307,6 +336,7 @@ export abstract class CacheManager implements ICacheManager {
307
336
  accountInfo: AccountInfo,
308
337
  tokenKeys: TokenKeys,
309
338
  tenantProfile: TenantProfile,
339
+ correlationId: string,
310
340
  tenantProfileFilter?: TenantProfileFilter
311
341
  ): AccountInfo | null {
312
342
  let tenantedAccountInfo: AccountInfo | null = null;
@@ -325,6 +355,7 @@ export abstract class CacheManager implements ICacheManager {
325
355
 
326
356
  const idToken = this.getIdToken(
327
357
  accountInfo,
358
+ correlationId,
328
359
  tokenKeys,
329
360
  tenantProfile.tenantId
330
361
  );
@@ -359,6 +390,7 @@ export abstract class CacheManager implements ICacheManager {
359
390
 
360
391
  private getTenantProfilesFromAccountEntity(
361
392
  accountEntity: AccountEntity,
393
+ correlationId: string,
362
394
  targetTenantId?: string,
363
395
  tenantProfileFilter?: TenantProfileFilter
364
396
  ): AccountInfo[] {
@@ -387,6 +419,7 @@ export abstract class CacheManager implements ICacheManager {
387
419
  accountInfo,
388
420
  tokenKeys,
389
421
  tenantProfile,
422
+ correlationId,
390
423
  tenantProfileFilter
391
424
  );
392
425
  if (tenantedAccountInfo) {
@@ -532,37 +565,14 @@ export abstract class CacheManager implements ICacheManager {
532
565
  }
533
566
 
534
567
  if (!!cacheRecord.appMetadata) {
535
- this.setAppMetadata(cacheRecord.appMetadata);
568
+ this.setAppMetadata(cacheRecord.appMetadata, correlationId);
536
569
  }
537
570
  } catch (e: unknown) {
538
571
  this.commonLogger?.error(`CacheManager.saveCacheRecord: failed`);
539
- if (e instanceof Error) {
540
- this.commonLogger?.errorPii(
541
- `CacheManager.saveCacheRecord: ${e.message}`,
542
- correlationId
543
- );
544
-
545
- if (
546
- e.name === "QuotaExceededError" ||
547
- e.name === "NS_ERROR_DOM_QUOTA_REACHED" ||
548
- e.message.includes("exceeded the quota")
549
- ) {
550
- this.commonLogger?.error(
551
- `CacheManager.saveCacheRecord: exceeded storage quota`,
552
- correlationId
553
- );
554
- throw new CacheError(
555
- CacheErrorCodes.cacheQuotaExceededErrorCode
556
- );
557
- } else {
558
- throw new CacheError(e.name, e.message);
559
- }
572
+ if (e instanceof AuthError) {
573
+ throw e;
560
574
  } else {
561
- this.commonLogger?.errorPii(
562
- `CacheManager.saveCacheRecord: ${e}`,
563
- correlationId
564
- );
565
- throw new CacheError(CacheErrorCodes.cacheUnknownErrorCode);
575
+ throw createCacheError(e);
566
576
  }
567
577
  }
568
578
  }
@@ -588,7 +598,6 @@ export abstract class CacheManager implements ICacheManager {
588
598
  const tokenKeys = this.getTokenKeys();
589
599
  const currentScopes = ScopeSet.fromString(credential.target);
590
600
 
591
- const removedAccessTokens: Array<Promise<void>> = [];
592
601
  tokenKeys.accessToken.forEach((key) => {
593
602
  if (
594
603
  !this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)
@@ -596,7 +605,10 @@ export abstract class CacheManager implements ICacheManager {
596
605
  return;
597
606
  }
598
607
 
599
- const tokenEntity = this.getAccessTokenCredential(key);
608
+ const tokenEntity = this.getAccessTokenCredential(
609
+ key,
610
+ correlationId
611
+ );
600
612
 
601
613
  if (
602
614
  tokenEntity &&
@@ -604,11 +616,10 @@ export abstract class CacheManager implements ICacheManager {
604
616
  ) {
605
617
  const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
606
618
  if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
607
- removedAccessTokens.push(this.removeAccessToken(key));
619
+ this.removeAccessToken(key, correlationId);
608
620
  }
609
621
  }
610
622
  });
611
- await Promise.all(removedAccessTokens);
612
623
  await this.setAccessTokenCredential(credential, correlationId);
613
624
  }
614
625
 
@@ -617,7 +628,10 @@ export abstract class CacheManager implements ICacheManager {
617
628
  * Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared
618
629
  * @param accountFilter - An object containing Account properties to filter by
619
630
  */
620
- getAccountsFilteredBy(accountFilter: AccountFilter): AccountEntity[] {
631
+ getAccountsFilteredBy(
632
+ accountFilter: AccountFilter,
633
+ correlationId: string
634
+ ): AccountEntity[] {
621
635
  const allAccountKeys = this.getAccountKeys();
622
636
  const matchingAccounts: AccountEntity[] = [];
623
637
  allAccountKeys.forEach((cacheKey) => {
@@ -628,7 +642,7 @@ export abstract class CacheManager implements ICacheManager {
628
642
 
629
643
  const entity: AccountEntity | null = this.getAccount(
630
644
  cacheKey,
631
- this.commonLogger
645
+ correlationId
632
646
  );
633
647
 
634
648
  // Match base account fields
@@ -959,103 +973,102 @@ export abstract class CacheManager implements ICacheManager {
959
973
  /**
960
974
  * Removes all accounts and related tokens from cache.
961
975
  */
962
- async removeAllAccounts(): Promise<void> {
976
+ removeAllAccounts(correlationId: string): void {
963
977
  const allAccountKeys = this.getAccountKeys();
964
- const removedAccounts: Array<Promise<void>> = [];
965
978
 
966
979
  allAccountKeys.forEach((cacheKey) => {
967
- removedAccounts.push(this.removeAccount(cacheKey));
980
+ this.removeAccount(cacheKey, correlationId);
968
981
  });
969
-
970
- await Promise.all(removedAccounts);
971
982
  }
972
983
 
973
984
  /**
974
985
  * Removes the account and related tokens for a given account key
975
986
  * @param account
976
987
  */
977
- async removeAccount(accountKey: string): Promise<void> {
978
- const account = this.getAccount(accountKey, this.commonLogger);
988
+ removeAccount(accountKey: string, correlationId: string): void {
989
+ const account = this.getAccount(accountKey, correlationId);
979
990
  if (!account) {
980
991
  return;
981
992
  }
982
- await this.removeAccountContext(account);
983
- this.removeItem(accountKey);
993
+ this.removeAccountContext(account, correlationId);
994
+ this.removeItem(accountKey, correlationId);
984
995
  }
985
996
 
986
997
  /**
987
998
  * Removes credentials associated with the provided account
988
999
  * @param account
989
1000
  */
990
- async removeAccountContext(account: AccountEntity): Promise<void> {
1001
+ removeAccountContext(account: AccountEntity, correlationId: string): void {
991
1002
  const allTokenKeys = this.getTokenKeys();
992
1003
  const accountId = account.generateAccountId();
993
- const removedCredentials: Array<Promise<void>> = [];
994
1004
 
995
1005
  allTokenKeys.idToken.forEach((key) => {
996
1006
  if (key.indexOf(accountId) === 0) {
997
- this.removeIdToken(key);
1007
+ this.removeIdToken(key, correlationId);
998
1008
  }
999
1009
  });
1000
1010
 
1001
1011
  allTokenKeys.accessToken.forEach((key) => {
1002
1012
  if (key.indexOf(accountId) === 0) {
1003
- removedCredentials.push(this.removeAccessToken(key));
1013
+ this.removeAccessToken(key, correlationId);
1004
1014
  }
1005
1015
  });
1006
1016
 
1007
1017
  allTokenKeys.refreshToken.forEach((key) => {
1008
1018
  if (key.indexOf(accountId) === 0) {
1009
- this.removeRefreshToken(key);
1019
+ this.removeRefreshToken(key, correlationId);
1010
1020
  }
1011
1021
  });
1012
-
1013
- await Promise.all(removedCredentials);
1014
1022
  }
1015
1023
 
1016
1024
  /**
1017
- * returns a boolean if the given credential is removed
1018
- * @param credential
1025
+ * Removes accessToken from the cache
1026
+ * @param key
1027
+ * @param correlationId
1019
1028
  */
1020
- async removeAccessToken(key: string): Promise<void> {
1021
- const credential = this.getAccessTokenCredential(key);
1022
- if (!credential) {
1023
- return;
1024
- }
1029
+ removeAccessToken(key: string, correlationId: string): void {
1030
+ const credential = this.getAccessTokenCredential(key, correlationId);
1031
+ this.removeItem(key, correlationId);
1032
+ this.performanceClient.incrementFields(
1033
+ { accessTokensRemoved: 1 },
1034
+ correlationId
1035
+ );
1025
1036
 
1026
- // Remove Token Binding Key from key store for PoP Tokens Credentials
1027
1037
  if (
1028
- credential.credentialType.toLowerCase() ===
1029
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()
1038
+ !credential ||
1039
+ credential.credentialType.toLowerCase() !==
1040
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase() ||
1041
+ credential.tokenType !== AuthenticationScheme.POP
1030
1042
  ) {
1031
- if (credential.tokenType === AuthenticationScheme.POP) {
1032
- const accessTokenWithAuthSchemeEntity =
1033
- credential as AccessTokenEntity;
1034
- const kid = accessTokenWithAuthSchemeEntity.keyId;
1035
-
1036
- if (kid) {
1037
- try {
1038
- await this.cryptoImpl.removeTokenBindingKey(kid);
1039
- } catch (error) {
1040
- throw createClientAuthError(
1041
- ClientAuthErrorCodes.bindingKeyNotRemoved
1042
- );
1043
- }
1044
- }
1045
- }
1043
+ // If the credential is not a PoP token, we can return
1044
+ return;
1046
1045
  }
1047
1046
 
1048
- return this.removeItem(key);
1047
+ // Remove Token Binding Key from key store for PoP Tokens Credentials
1048
+ const kid = credential.keyId;
1049
+
1050
+ if (kid) {
1051
+ void this.cryptoImpl.removeTokenBindingKey(kid).catch(() => {
1052
+ this.commonLogger.error(
1053
+ `Failed to remove token binding key ${kid}`,
1054
+ correlationId
1055
+ );
1056
+ this.performanceClient?.incrementFields(
1057
+ { removeTokenBindingKeyFailure: 1 },
1058
+ correlationId
1059
+ );
1060
+ });
1061
+ }
1049
1062
  }
1050
1063
 
1051
1064
  /**
1052
1065
  * Removes all app metadata objects from cache.
1053
1066
  */
1054
- removeAppMetadata(): boolean {
1067
+ removeAppMetadata(correlationId: string): boolean {
1055
1068
  const allCacheKeys = this.getKeys();
1056
1069
  allCacheKeys.forEach((cacheKey) => {
1057
1070
  if (this.isAppMetadata(cacheKey)) {
1058
- this.removeItem(cacheKey);
1071
+ this.removeItem(cacheKey, correlationId);
1059
1072
  }
1060
1073
  });
1061
1074
 
@@ -1066,10 +1079,13 @@ export abstract class CacheManager implements ICacheManager {
1066
1079
  * Retrieve AccountEntity from cache
1067
1080
  * @param account
1068
1081
  */
1069
- readAccountFromCache(account: AccountInfo): AccountEntity | null {
1082
+ readAccountFromCache(
1083
+ account: AccountInfo,
1084
+ correlationId: string
1085
+ ): AccountEntity | null {
1070
1086
  const accountKey: string =
1071
1087
  AccountEntity.generateAccountCacheKey(account);
1072
- return this.getAccount(accountKey, this.commonLogger);
1088
+ return this.getAccount(accountKey, correlationId);
1073
1089
  }
1074
1090
 
1075
1091
  /**
@@ -1082,10 +1098,10 @@ export abstract class CacheManager implements ICacheManager {
1082
1098
  */
1083
1099
  getIdToken(
1084
1100
  account: AccountInfo,
1101
+ correlationId: string,
1085
1102
  tokenKeys?: TokenKeys,
1086
1103
  targetRealm?: string,
1087
- performanceClient?: IPerformanceClient,
1088
- correlationId?: string
1104
+ performanceClient?: IPerformanceClient
1089
1105
  ): IdTokenEntity | null {
1090
1106
  this.commonLogger.trace("CacheManager - getIdToken called");
1091
1107
  const idTokenFilter: CredentialFilter = {
@@ -1098,6 +1114,7 @@ export abstract class CacheManager implements ICacheManager {
1098
1114
 
1099
1115
  const idTokenMap: Map<string, IdTokenEntity> = this.getIdTokensByFilter(
1100
1116
  idTokenFilter,
1117
+ correlationId,
1101
1118
  tokenKeys
1102
1119
  );
1103
1120
 
@@ -1140,7 +1157,7 @@ export abstract class CacheManager implements ICacheManager {
1140
1157
  "CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"
1141
1158
  );
1142
1159
  tokensToBeRemoved.forEach((idToken, key) => {
1143
- this.removeIdToken(key);
1160
+ this.removeIdToken(key, correlationId);
1144
1161
  });
1145
1162
  if (performanceClient && correlationId) {
1146
1163
  performanceClient.addFields(
@@ -1162,6 +1179,7 @@ export abstract class CacheManager implements ICacheManager {
1162
1179
  */
1163
1180
  getIdTokensByFilter(
1164
1181
  filter: CredentialFilter,
1182
+ correlationId: string,
1165
1183
  tokenKeys?: TokenKeys
1166
1184
  ): Map<string, IdTokenEntity> {
1167
1185
  const idTokenKeys =
@@ -1180,7 +1198,7 @@ export abstract class CacheManager implements ICacheManager {
1180
1198
  ) {
1181
1199
  return;
1182
1200
  }
1183
- const idToken = this.getIdTokenCredential(key);
1201
+ const idToken = this.getIdTokenCredential(key, correlationId);
1184
1202
  if (idToken && this.credentialMatchesFilter(idToken, filter)) {
1185
1203
  idTokens.set(key, idToken);
1186
1204
  }
@@ -1221,35 +1239,37 @@ export abstract class CacheManager implements ICacheManager {
1221
1239
  * Removes idToken from the cache
1222
1240
  * @param key
1223
1241
  */
1224
- removeIdToken(key: string): void {
1225
- this.removeItem(key);
1242
+ removeIdToken(key: string, correlationId: string): void {
1243
+ this.removeItem(key, correlationId);
1226
1244
  }
1227
1245
 
1228
1246
  /**
1229
1247
  * Removes refresh token from the cache
1230
1248
  * @param key
1231
1249
  */
1232
- removeRefreshToken(key: string): void {
1233
- this.removeItem(key);
1250
+ removeRefreshToken(key: string, correlationId: string): void {
1251
+ this.removeItem(key, correlationId);
1234
1252
  }
1235
1253
 
1236
1254
  /**
1237
1255
  * Retrieve AccessTokenEntity from cache
1238
1256
  * @param account {AccountInfo}
1239
1257
  * @param request {BaseAuthRequest}
1258
+ * @param correlationId {?string}
1240
1259
  * @param tokenKeys {?TokenKeys}
1241
1260
  * @param performanceClient {?IPerformanceClient}
1242
- * @param correlationId {?string}
1243
1261
  */
1244
1262
  getAccessToken(
1245
1263
  account: AccountInfo,
1246
1264
  request: BaseAuthRequest,
1247
1265
  tokenKeys?: TokenKeys,
1248
- targetRealm?: string,
1249
- performanceClient?: IPerformanceClient,
1250
- correlationId?: string
1266
+ targetRealm?: string
1251
1267
  ): AccessTokenEntity | null {
1252
- this.commonLogger.trace("CacheManager - getAccessToken called");
1268
+ const correlationId = request.correlationId;
1269
+ this.commonLogger.trace(
1270
+ "CacheManager - getAccessToken called",
1271
+ correlationId
1272
+ );
1253
1273
  const scopes = ScopeSet.createSearchScopes(request.scopes);
1254
1274
  const authScheme =
1255
1275
  request.authenticationScheme || AuthenticationScheme.BEARER;
@@ -1286,7 +1306,10 @@ export abstract class CacheManager implements ICacheManager {
1286
1306
  if (
1287
1307
  this.accessTokenKeyMatchesFilter(key, accessTokenFilter, true)
1288
1308
  ) {
1289
- const accessToken = this.getAccessTokenCredential(key);
1309
+ const accessToken = this.getAccessTokenCredential(
1310
+ key,
1311
+ correlationId
1312
+ );
1290
1313
 
1291
1314
  // Validate value
1292
1315
  if (
@@ -1301,27 +1324,31 @@ export abstract class CacheManager implements ICacheManager {
1301
1324
  const numAccessTokens = accessTokens.length;
1302
1325
  if (numAccessTokens < 1) {
1303
1326
  this.commonLogger.info(
1304
- "CacheManager:getAccessToken - No token found"
1327
+ "CacheManager:getAccessToken - No token found",
1328
+ correlationId
1305
1329
  );
1306
1330
  return null;
1307
1331
  } else if (numAccessTokens > 1) {
1308
1332
  this.commonLogger.info(
1309
- "CacheManager:getAccessToken - Multiple access tokens found, clearing them"
1333
+ "CacheManager:getAccessToken - Multiple access tokens found, clearing them",
1334
+ correlationId
1310
1335
  );
1311
1336
  accessTokens.forEach((accessToken) => {
1312
- void this.removeAccessToken(generateCredentialKey(accessToken));
1313
- });
1314
- if (performanceClient && correlationId) {
1315
- performanceClient.addFields(
1316
- { multiMatchedAT: accessTokens.length },
1337
+ this.removeAccessToken(
1338
+ generateCredentialKey(accessToken),
1317
1339
  correlationId
1318
1340
  );
1319
- }
1341
+ });
1342
+ this.performanceClient.addFields(
1343
+ { multiMatchedAT: accessTokens.length },
1344
+ correlationId
1345
+ );
1320
1346
  return null;
1321
1347
  }
1322
1348
 
1323
1349
  this.commonLogger.info(
1324
- "CacheManager:getAccessToken - Returning access token"
1350
+ "CacheManager:getAccessToken - Returning access token",
1351
+ correlationId
1325
1352
  );
1326
1353
  return accessTokens[0];
1327
1354
  }
@@ -1391,7 +1418,10 @@ export abstract class CacheManager implements ICacheManager {
1391
1418
  * @param filter
1392
1419
  * @returns
1393
1420
  */
1394
- getAccessTokensByFilter(filter: CredentialFilter): AccessTokenEntity[] {
1421
+ getAccessTokensByFilter(
1422
+ filter: CredentialFilter,
1423
+ correlationId: string
1424
+ ): AccessTokenEntity[] {
1395
1425
  const tokenKeys = this.getTokenKeys();
1396
1426
 
1397
1427
  const accessTokens: AccessTokenEntity[] = [];
@@ -1400,7 +1430,10 @@ export abstract class CacheManager implements ICacheManager {
1400
1430
  return;
1401
1431
  }
1402
1432
 
1403
- const accessToken = this.getAccessTokenCredential(key);
1433
+ const accessToken = this.getAccessTokenCredential(
1434
+ key,
1435
+ correlationId
1436
+ );
1404
1437
  if (
1405
1438
  accessToken &&
1406
1439
  this.credentialMatchesFilter(accessToken, filter)
@@ -1416,16 +1449,16 @@ export abstract class CacheManager implements ICacheManager {
1416
1449
  * Helper to retrieve the appropriate refresh token from cache
1417
1450
  * @param account {AccountInfo}
1418
1451
  * @param familyRT {boolean}
1452
+ * @param correlationId {?string}
1419
1453
  * @param tokenKeys {?TokenKeys}
1420
1454
  * @param performanceClient {?IPerformanceClient}
1421
- * @param correlationId {?string}
1422
1455
  */
1423
1456
  getRefreshToken(
1424
1457
  account: AccountInfo,
1425
1458
  familyRT: boolean,
1459
+ correlationId: string,
1426
1460
  tokenKeys?: TokenKeys,
1427
- performanceClient?: IPerformanceClient,
1428
- correlationId?: string
1461
+ performanceClient?: IPerformanceClient
1429
1462
  ): RefreshTokenEntity | null {
1430
1463
  this.commonLogger.trace("CacheManager - getRefreshToken called");
1431
1464
  const id = familyRT ? THE_FAMILY_ID : undefined;
@@ -1445,7 +1478,10 @@ export abstract class CacheManager implements ICacheManager {
1445
1478
  refreshTokenKeys.forEach((key) => {
1446
1479
  // Validate key
1447
1480
  if (this.refreshTokenKeyMatchesFilter(key, refreshTokenFilter)) {
1448
- const refreshToken = this.getRefreshTokenCredential(key);
1481
+ const refreshToken = this.getRefreshTokenCredential(
1482
+ key,
1483
+ correlationId
1484
+ );
1449
1485
  // Validate value
1450
1486
  if (
1451
1487
  refreshToken &&
@@ -62,6 +62,7 @@ export class AccountEntity {
62
62
  msGraphHost?: string;
63
63
  nativeAccountId?: string;
64
64
  tenantProfiles?: Array<TenantProfile>;
65
+ lastUpdatedAt?: string;
65
66
 
66
67
  /**
67
68
  * Generate Account Id key component as per the schema: <home_account_id>-<environment>
@@ -33,4 +33,6 @@ export type CredentialEntity = {
33
33
  keyId?: string;
34
34
  /** Matches the SHA 256 hash of the claims object included in the token request */
35
35
  requestedClaimsHash?: string;
36
+ /** Timestamp when the entry was last updated */
37
+ lastUpdatedAt?: string;
36
38
  };