@azure/msal-common 15.7.0 → 15.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +1 -0
- package/dist/account/AccountInfo.d.ts.map +1 -1
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +1 -1
- package/dist/authority/AuthorityFactory.mjs +1 -1
- package/dist/authority/AuthorityMetadata.mjs +1 -2
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.mjs +1 -1
- package/dist/cache/CacheManager.d.ts +32 -30
- package/dist/cache/CacheManager.d.ts.map +1 -1
- package/dist/cache/CacheManager.mjs +83 -101
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/entities/AccountEntity.d.ts +1 -0
- package/dist/cache/entities/AccountEntity.d.ts.map +1 -1
- package/dist/cache/entities/AccountEntity.mjs +1 -1
- package/dist/cache/entities/AccountEntity.mjs.map +1 -1
- package/dist/cache/entities/CredentialEntity.d.ts +2 -0
- package/dist/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/dist/cache/interface/ICacheManager.d.ts +16 -16
- package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +3 -3
- package/dist/client/BaseClient.d.ts.map +1 -1
- package/dist/client/BaseClient.mjs +4 -4
- package/dist/client/BaseClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +5 -5
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.d.ts.map +1 -1
- package/dist/client/SilentFlowClient.mjs +4 -4
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.d.ts.map +1 -1
- package/dist/config/ClientConfiguration.mjs +4 -3
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +1 -1
- package/dist/crypto/ICrypto.d.ts +1 -1
- package/dist/crypto/ICrypto.d.ts.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +2 -4
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.mjs +2 -2
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.d.ts +8 -1
- package/dist/error/CacheError.d.ts.map +1 -1
- package/dist/error/CacheError.mjs +26 -7
- package/dist/error/CacheError.mjs.map +1 -1
- package/dist/error/CacheErrorCodes.d.ts +2 -2
- package/dist/error/CacheErrorCodes.d.ts.map +1 -1
- package/dist/error/CacheErrorCodes.mjs +4 -4
- package/dist/error/CacheErrorCodes.mjs.map +1 -1
- package/dist/error/ClientAuthError.mjs +2 -2
- package/dist/error/ClientAuthErrorCodes.mjs +1 -1
- package/dist/error/ClientConfigurationError.mjs +2 -2
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +4 -2
- package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +1 -0
- package/dist/error/InteractionRequiredAuthErrorCodes.d.ts.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +3 -2
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs.map +1 -1
- package/dist/error/JoseHeaderError.mjs +2 -2
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/exports-common.d.ts +1 -1
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/index-browser.mjs +2 -2
- package/dist/index-node.mjs +2 -2
- package/dist/index.mjs +2 -2
- package/dist/logger/Logger.mjs +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.d.ts +2 -2
- package/dist/network/ThrottlingUtils.d.ts.map +1 -1
- package/dist/network/ThrottlingUtils.mjs +6 -6
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +2 -2
- package/dist/request/AuthenticationHeaderParser.mjs +1 -1
- package/dist/request/RequestParameterBuilder.mjs +2 -2
- package/dist/request/RequestValidator.mjs +1 -1
- package/dist/request/ScopeSet.mjs +1 -1
- package/dist/response/ResponseHandler.d.ts +1 -1
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +6 -6
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +7 -7
- package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/url/UrlString.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.mjs +1 -4
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.mjs +1 -1
- package/lib/index-browser.cjs +5 -81
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-DNGOJ4N7.js → index-node-2PsHlOld.js} +217 -139
- package/lib/index-node-2PsHlOld.js.map +1 -0
- package/lib/index-node.cjs +3 -2
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +4 -3
- package/lib/index.cjs.map +1 -1
- package/lib/types/account/AccountInfo.d.ts +1 -0
- package/lib/types/account/AccountInfo.d.ts.map +1 -1
- package/lib/types/cache/CacheManager.d.ts +32 -30
- package/lib/types/cache/CacheManager.d.ts.map +1 -1
- package/lib/types/cache/entities/AccountEntity.d.ts +1 -0
- package/lib/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/lib/types/cache/entities/CredentialEntity.d.ts +2 -0
- package/lib/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/lib/types/cache/interface/ICacheManager.d.ts +16 -16
- package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
- package/lib/types/client/BaseClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/client/SilentFlowClient.d.ts.map +1 -1
- package/lib/types/config/ClientConfiguration.d.ts.map +1 -1
- package/lib/types/crypto/ICrypto.d.ts +1 -1
- package/lib/types/crypto/ICrypto.d.ts.map +1 -1
- package/lib/types/error/CacheError.d.ts +8 -1
- package/lib/types/error/CacheError.d.ts.map +1 -1
- package/lib/types/error/CacheErrorCodes.d.ts +2 -2
- package/lib/types/error/CacheErrorCodes.d.ts.map +1 -1
- package/lib/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/lib/types/error/InteractionRequiredAuthErrorCodes.d.ts +1 -0
- package/lib/types/error/InteractionRequiredAuthErrorCodes.d.ts.map +1 -1
- package/lib/types/exports-common.d.ts +1 -1
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/network/ThrottlingUtils.d.ts +2 -2
- package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/response/ResponseHandler.d.ts +1 -1
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/account/AccountInfo.ts +1 -0
- package/src/cache/CacheManager.ts +159 -123
- package/src/cache/entities/AccountEntity.ts +1 -0
- package/src/cache/entities/CredentialEntity.ts +2 -0
- package/src/cache/interface/ICacheManager.ts +34 -16
- package/src/client/BaseClient.ts +11 -2
- package/src/client/RefreshTokenClient.ts +6 -3
- package/src/client/SilentFlowClient.ts +7 -6
- package/src/config/ClientConfiguration.ts +3 -1
- package/src/crypto/ICrypto.ts +2 -2
- package/src/error/CacheError.ts +26 -5
- package/src/error/CacheErrorCodes.ts +2 -2
- package/src/error/InteractionRequiredAuthError.ts +3 -0
- package/src/error/InteractionRequiredAuthErrorCodes.ts +1 -0
- package/src/exports-common.ts +5 -1
- package/src/network/ThrottlingUtils.ts +8 -5
- package/src/packageMetadata.ts +1 -1
- package/src/response/ResponseHandler.ts +7 -2
- package/src/telemetry/server/ServerTelemetryManager.ts +14 -6
- package/lib/index-node-DNGOJ4N7.js.map +0 -1
|
@@ -52,7 +52,8 @@ import { getAliasesFromStaticSources } from "../authority/AuthorityMetadata.js";
|
|
|
52
52
|
import { StaticAuthorityOptions } from "../authority/AuthorityOptions.js";
|
|
53
53
|
import { TokenClaims } from "../account/TokenClaims.js";
|
|
54
54
|
import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
|
|
55
|
-
import {
|
|
55
|
+
import { createCacheError } from "../error/CacheError.js";
|
|
56
|
+
import { AuthError } from "../error/AuthError.js";
|
|
56
57
|
|
|
57
58
|
/**
|
|
58
59
|
* Interface class which implement cache storage functions used by MSAL to perform validity checks, and store tokens.
|
|
@@ -64,17 +65,20 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
64
65
|
// Instance of logger for functions defined in the msal-common layer
|
|
65
66
|
private commonLogger: Logger;
|
|
66
67
|
private staticAuthorityOptions?: StaticAuthorityOptions;
|
|
68
|
+
protected performanceClient: IPerformanceClient;
|
|
67
69
|
|
|
68
70
|
constructor(
|
|
69
71
|
clientId: string,
|
|
70
72
|
cryptoImpl: ICrypto,
|
|
71
73
|
logger: Logger,
|
|
74
|
+
performanceClient: IPerformanceClient,
|
|
72
75
|
staticAuthorityOptions?: StaticAuthorityOptions
|
|
73
76
|
) {
|
|
74
77
|
this.clientId = clientId;
|
|
75
78
|
this.cryptoImpl = cryptoImpl;
|
|
76
79
|
this.commonLogger = logger.clone(name, version);
|
|
77
80
|
this.staticAuthorityOptions = staticAuthorityOptions;
|
|
81
|
+
this.performanceClient = performanceClient;
|
|
78
82
|
}
|
|
79
83
|
|
|
80
84
|
/**
|
|
@@ -83,7 +87,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
83
87
|
*/
|
|
84
88
|
abstract getAccount(
|
|
85
89
|
accountKey: string,
|
|
86
|
-
|
|
90
|
+
correlationId: string
|
|
87
91
|
): AccountEntity | null;
|
|
88
92
|
|
|
89
93
|
/**
|
|
@@ -100,7 +104,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
100
104
|
* fetch the idToken entity from the platform cache
|
|
101
105
|
* @param idTokenKey
|
|
102
106
|
*/
|
|
103
|
-
abstract getIdTokenCredential(
|
|
107
|
+
abstract getIdTokenCredential(
|
|
108
|
+
idTokenKey: string,
|
|
109
|
+
correlationId: string
|
|
110
|
+
): IdTokenEntity | null;
|
|
104
111
|
|
|
105
112
|
/**
|
|
106
113
|
* set idToken entity to the platform cache
|
|
@@ -117,7 +124,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
117
124
|
* @param accessTokenKey
|
|
118
125
|
*/
|
|
119
126
|
abstract getAccessTokenCredential(
|
|
120
|
-
accessTokenKey: string
|
|
127
|
+
accessTokenKey: string,
|
|
128
|
+
correlationId: string
|
|
121
129
|
): AccessTokenEntity | null;
|
|
122
130
|
|
|
123
131
|
/**
|
|
@@ -135,7 +143,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
135
143
|
* @param refreshTokenKey
|
|
136
144
|
*/
|
|
137
145
|
abstract getRefreshTokenCredential(
|
|
138
|
-
refreshTokenKey: string
|
|
146
|
+
refreshTokenKey: string,
|
|
147
|
+
correlationId: string
|
|
139
148
|
): RefreshTokenEntity | null;
|
|
140
149
|
|
|
141
150
|
/**
|
|
@@ -158,7 +167,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
158
167
|
* set appMetadata entity to the platform cache
|
|
159
168
|
* @param appMetadata
|
|
160
169
|
*/
|
|
161
|
-
abstract setAppMetadata(
|
|
170
|
+
abstract setAppMetadata(
|
|
171
|
+
appMetadata: AppMetadataEntity,
|
|
172
|
+
correlationId: string
|
|
173
|
+
): void;
|
|
162
174
|
|
|
163
175
|
/**
|
|
164
176
|
* fetch server telemetry entity from the platform cache
|
|
@@ -175,7 +187,8 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
175
187
|
*/
|
|
176
188
|
abstract setServerTelemetry(
|
|
177
189
|
serverTelemetryKey: string,
|
|
178
|
-
serverTelemetry: ServerTelemetryEntity
|
|
190
|
+
serverTelemetry: ServerTelemetryEntity,
|
|
191
|
+
correlationId: string
|
|
179
192
|
): void;
|
|
180
193
|
|
|
181
194
|
/**
|
|
@@ -214,14 +227,15 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
214
227
|
*/
|
|
215
228
|
abstract setThrottlingCache(
|
|
216
229
|
throttlingCacheKey: string,
|
|
217
|
-
throttlingCache: ThrottlingEntity
|
|
230
|
+
throttlingCache: ThrottlingEntity,
|
|
231
|
+
correlationId: string
|
|
218
232
|
): void;
|
|
219
233
|
|
|
220
234
|
/**
|
|
221
235
|
* Function to remove an item from cache given its key.
|
|
222
236
|
* @param key
|
|
223
237
|
*/
|
|
224
|
-
abstract removeItem(key: string): void;
|
|
238
|
+
abstract removeItem(key: string, correlationId: string): void;
|
|
225
239
|
|
|
226
240
|
/**
|
|
227
241
|
* Function which retrieves all current keys from the cache.
|
|
@@ -243,9 +257,13 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
243
257
|
* @param accountFilter - (Optional) filter to narrow down the accounts returned
|
|
244
258
|
* @returns Array of AccountInfo objects in cache
|
|
245
259
|
*/
|
|
246
|
-
getAllAccounts(
|
|
260
|
+
getAllAccounts(
|
|
261
|
+
accountFilter: AccountFilter,
|
|
262
|
+
correlationId: string
|
|
263
|
+
): AccountInfo[] {
|
|
247
264
|
return this.buildTenantProfiles(
|
|
248
|
-
this.getAccountsFilteredBy(accountFilter
|
|
265
|
+
this.getAccountsFilteredBy(accountFilter, correlationId),
|
|
266
|
+
correlationId,
|
|
249
267
|
accountFilter
|
|
250
268
|
);
|
|
251
269
|
}
|
|
@@ -253,8 +271,11 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
253
271
|
/**
|
|
254
272
|
* Gets first tenanted AccountInfo object found based on provided filters
|
|
255
273
|
*/
|
|
256
|
-
getAccountInfoFilteredBy(
|
|
257
|
-
|
|
274
|
+
getAccountInfoFilteredBy(
|
|
275
|
+
accountFilter: AccountFilter,
|
|
276
|
+
correlationId: string
|
|
277
|
+
): AccountInfo | null {
|
|
278
|
+
const allAccounts = this.getAllAccounts(accountFilter, correlationId);
|
|
258
279
|
if (allAccounts.length > 1) {
|
|
259
280
|
// If one or more accounts are found, prioritize accounts that have an ID token
|
|
260
281
|
const sortedAccounts = allAccounts.sort((account) => {
|
|
@@ -274,8 +295,14 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
274
295
|
* @param accountFilter
|
|
275
296
|
* @returns
|
|
276
297
|
*/
|
|
277
|
-
getBaseAccountInfo(
|
|
278
|
-
|
|
298
|
+
getBaseAccountInfo(
|
|
299
|
+
accountFilter: AccountFilter,
|
|
300
|
+
correlationId: string
|
|
301
|
+
): AccountInfo | null {
|
|
302
|
+
const accountEntities = this.getAccountsFilteredBy(
|
|
303
|
+
accountFilter,
|
|
304
|
+
correlationId
|
|
305
|
+
);
|
|
279
306
|
if (accountEntities.length > 0) {
|
|
280
307
|
return accountEntities[0].getAccountInfo();
|
|
281
308
|
} else {
|
|
@@ -292,11 +319,13 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
292
319
|
*/
|
|
293
320
|
private buildTenantProfiles(
|
|
294
321
|
cachedAccounts: AccountEntity[],
|
|
322
|
+
correlationId: string,
|
|
295
323
|
accountFilter?: AccountFilter
|
|
296
324
|
): AccountInfo[] {
|
|
297
325
|
return cachedAccounts.flatMap((accountEntity) => {
|
|
298
326
|
return this.getTenantProfilesFromAccountEntity(
|
|
299
327
|
accountEntity,
|
|
328
|
+
correlationId,
|
|
300
329
|
accountFilter?.tenantId,
|
|
301
330
|
accountFilter
|
|
302
331
|
);
|
|
@@ -307,6 +336,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
307
336
|
accountInfo: AccountInfo,
|
|
308
337
|
tokenKeys: TokenKeys,
|
|
309
338
|
tenantProfile: TenantProfile,
|
|
339
|
+
correlationId: string,
|
|
310
340
|
tenantProfileFilter?: TenantProfileFilter
|
|
311
341
|
): AccountInfo | null {
|
|
312
342
|
let tenantedAccountInfo: AccountInfo | null = null;
|
|
@@ -325,6 +355,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
325
355
|
|
|
326
356
|
const idToken = this.getIdToken(
|
|
327
357
|
accountInfo,
|
|
358
|
+
correlationId,
|
|
328
359
|
tokenKeys,
|
|
329
360
|
tenantProfile.tenantId
|
|
330
361
|
);
|
|
@@ -359,6 +390,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
359
390
|
|
|
360
391
|
private getTenantProfilesFromAccountEntity(
|
|
361
392
|
accountEntity: AccountEntity,
|
|
393
|
+
correlationId: string,
|
|
362
394
|
targetTenantId?: string,
|
|
363
395
|
tenantProfileFilter?: TenantProfileFilter
|
|
364
396
|
): AccountInfo[] {
|
|
@@ -387,6 +419,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
387
419
|
accountInfo,
|
|
388
420
|
tokenKeys,
|
|
389
421
|
tenantProfile,
|
|
422
|
+
correlationId,
|
|
390
423
|
tenantProfileFilter
|
|
391
424
|
);
|
|
392
425
|
if (tenantedAccountInfo) {
|
|
@@ -532,37 +565,14 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
532
565
|
}
|
|
533
566
|
|
|
534
567
|
if (!!cacheRecord.appMetadata) {
|
|
535
|
-
this.setAppMetadata(cacheRecord.appMetadata);
|
|
568
|
+
this.setAppMetadata(cacheRecord.appMetadata, correlationId);
|
|
536
569
|
}
|
|
537
570
|
} catch (e: unknown) {
|
|
538
571
|
this.commonLogger?.error(`CacheManager.saveCacheRecord: failed`);
|
|
539
|
-
if (e instanceof
|
|
540
|
-
|
|
541
|
-
`CacheManager.saveCacheRecord: ${e.message}`,
|
|
542
|
-
correlationId
|
|
543
|
-
);
|
|
544
|
-
|
|
545
|
-
if (
|
|
546
|
-
e.name === "QuotaExceededError" ||
|
|
547
|
-
e.name === "NS_ERROR_DOM_QUOTA_REACHED" ||
|
|
548
|
-
e.message.includes("exceeded the quota")
|
|
549
|
-
) {
|
|
550
|
-
this.commonLogger?.error(
|
|
551
|
-
`CacheManager.saveCacheRecord: exceeded storage quota`,
|
|
552
|
-
correlationId
|
|
553
|
-
);
|
|
554
|
-
throw new CacheError(
|
|
555
|
-
CacheErrorCodes.cacheQuotaExceededErrorCode
|
|
556
|
-
);
|
|
557
|
-
} else {
|
|
558
|
-
throw new CacheError(e.name, e.message);
|
|
559
|
-
}
|
|
572
|
+
if (e instanceof AuthError) {
|
|
573
|
+
throw e;
|
|
560
574
|
} else {
|
|
561
|
-
|
|
562
|
-
`CacheManager.saveCacheRecord: ${e}`,
|
|
563
|
-
correlationId
|
|
564
|
-
);
|
|
565
|
-
throw new CacheError(CacheErrorCodes.cacheUnknownErrorCode);
|
|
575
|
+
throw createCacheError(e);
|
|
566
576
|
}
|
|
567
577
|
}
|
|
568
578
|
}
|
|
@@ -588,7 +598,6 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
588
598
|
const tokenKeys = this.getTokenKeys();
|
|
589
599
|
const currentScopes = ScopeSet.fromString(credential.target);
|
|
590
600
|
|
|
591
|
-
const removedAccessTokens: Array<Promise<void>> = [];
|
|
592
601
|
tokenKeys.accessToken.forEach((key) => {
|
|
593
602
|
if (
|
|
594
603
|
!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)
|
|
@@ -596,7 +605,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
596
605
|
return;
|
|
597
606
|
}
|
|
598
607
|
|
|
599
|
-
const tokenEntity = this.getAccessTokenCredential(
|
|
608
|
+
const tokenEntity = this.getAccessTokenCredential(
|
|
609
|
+
key,
|
|
610
|
+
correlationId
|
|
611
|
+
);
|
|
600
612
|
|
|
601
613
|
if (
|
|
602
614
|
tokenEntity &&
|
|
@@ -604,11 +616,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
604
616
|
) {
|
|
605
617
|
const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
|
|
606
618
|
if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
|
|
607
|
-
|
|
619
|
+
this.removeAccessToken(key, correlationId);
|
|
608
620
|
}
|
|
609
621
|
}
|
|
610
622
|
});
|
|
611
|
-
await Promise.all(removedAccessTokens);
|
|
612
623
|
await this.setAccessTokenCredential(credential, correlationId);
|
|
613
624
|
}
|
|
614
625
|
|
|
@@ -617,7 +628,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
617
628
|
* Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared
|
|
618
629
|
* @param accountFilter - An object containing Account properties to filter by
|
|
619
630
|
*/
|
|
620
|
-
getAccountsFilteredBy(
|
|
631
|
+
getAccountsFilteredBy(
|
|
632
|
+
accountFilter: AccountFilter,
|
|
633
|
+
correlationId: string
|
|
634
|
+
): AccountEntity[] {
|
|
621
635
|
const allAccountKeys = this.getAccountKeys();
|
|
622
636
|
const matchingAccounts: AccountEntity[] = [];
|
|
623
637
|
allAccountKeys.forEach((cacheKey) => {
|
|
@@ -628,7 +642,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
628
642
|
|
|
629
643
|
const entity: AccountEntity | null = this.getAccount(
|
|
630
644
|
cacheKey,
|
|
631
|
-
|
|
645
|
+
correlationId
|
|
632
646
|
);
|
|
633
647
|
|
|
634
648
|
// Match base account fields
|
|
@@ -959,103 +973,102 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
959
973
|
/**
|
|
960
974
|
* Removes all accounts and related tokens from cache.
|
|
961
975
|
*/
|
|
962
|
-
|
|
976
|
+
removeAllAccounts(correlationId: string): void {
|
|
963
977
|
const allAccountKeys = this.getAccountKeys();
|
|
964
|
-
const removedAccounts: Array<Promise<void>> = [];
|
|
965
978
|
|
|
966
979
|
allAccountKeys.forEach((cacheKey) => {
|
|
967
|
-
|
|
980
|
+
this.removeAccount(cacheKey, correlationId);
|
|
968
981
|
});
|
|
969
|
-
|
|
970
|
-
await Promise.all(removedAccounts);
|
|
971
982
|
}
|
|
972
983
|
|
|
973
984
|
/**
|
|
974
985
|
* Removes the account and related tokens for a given account key
|
|
975
986
|
* @param account
|
|
976
987
|
*/
|
|
977
|
-
|
|
978
|
-
const account = this.getAccount(accountKey,
|
|
988
|
+
removeAccount(accountKey: string, correlationId: string): void {
|
|
989
|
+
const account = this.getAccount(accountKey, correlationId);
|
|
979
990
|
if (!account) {
|
|
980
991
|
return;
|
|
981
992
|
}
|
|
982
|
-
|
|
983
|
-
this.removeItem(accountKey);
|
|
993
|
+
this.removeAccountContext(account, correlationId);
|
|
994
|
+
this.removeItem(accountKey, correlationId);
|
|
984
995
|
}
|
|
985
996
|
|
|
986
997
|
/**
|
|
987
998
|
* Removes credentials associated with the provided account
|
|
988
999
|
* @param account
|
|
989
1000
|
*/
|
|
990
|
-
|
|
1001
|
+
removeAccountContext(account: AccountEntity, correlationId: string): void {
|
|
991
1002
|
const allTokenKeys = this.getTokenKeys();
|
|
992
1003
|
const accountId = account.generateAccountId();
|
|
993
|
-
const removedCredentials: Array<Promise<void>> = [];
|
|
994
1004
|
|
|
995
1005
|
allTokenKeys.idToken.forEach((key) => {
|
|
996
1006
|
if (key.indexOf(accountId) === 0) {
|
|
997
|
-
this.removeIdToken(key);
|
|
1007
|
+
this.removeIdToken(key, correlationId);
|
|
998
1008
|
}
|
|
999
1009
|
});
|
|
1000
1010
|
|
|
1001
1011
|
allTokenKeys.accessToken.forEach((key) => {
|
|
1002
1012
|
if (key.indexOf(accountId) === 0) {
|
|
1003
|
-
|
|
1013
|
+
this.removeAccessToken(key, correlationId);
|
|
1004
1014
|
}
|
|
1005
1015
|
});
|
|
1006
1016
|
|
|
1007
1017
|
allTokenKeys.refreshToken.forEach((key) => {
|
|
1008
1018
|
if (key.indexOf(accountId) === 0) {
|
|
1009
|
-
this.removeRefreshToken(key);
|
|
1019
|
+
this.removeRefreshToken(key, correlationId);
|
|
1010
1020
|
}
|
|
1011
1021
|
});
|
|
1012
|
-
|
|
1013
|
-
await Promise.all(removedCredentials);
|
|
1014
1022
|
}
|
|
1015
1023
|
|
|
1016
1024
|
/**
|
|
1017
|
-
*
|
|
1018
|
-
* @param
|
|
1025
|
+
* Removes accessToken from the cache
|
|
1026
|
+
* @param key
|
|
1027
|
+
* @param correlationId
|
|
1019
1028
|
*/
|
|
1020
|
-
|
|
1021
|
-
const credential = this.getAccessTokenCredential(key);
|
|
1022
|
-
|
|
1023
|
-
|
|
1024
|
-
|
|
1029
|
+
removeAccessToken(key: string, correlationId: string): void {
|
|
1030
|
+
const credential = this.getAccessTokenCredential(key, correlationId);
|
|
1031
|
+
this.removeItem(key, correlationId);
|
|
1032
|
+
this.performanceClient.incrementFields(
|
|
1033
|
+
{ accessTokensRemoved: 1 },
|
|
1034
|
+
correlationId
|
|
1035
|
+
);
|
|
1025
1036
|
|
|
1026
|
-
// Remove Token Binding Key from key store for PoP Tokens Credentials
|
|
1027
1037
|
if (
|
|
1028
|
-
credential
|
|
1029
|
-
|
|
1038
|
+
!credential ||
|
|
1039
|
+
credential.credentialType.toLowerCase() !==
|
|
1040
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase() ||
|
|
1041
|
+
credential.tokenType !== AuthenticationScheme.POP
|
|
1030
1042
|
) {
|
|
1031
|
-
|
|
1032
|
-
|
|
1033
|
-
credential as AccessTokenEntity;
|
|
1034
|
-
const kid = accessTokenWithAuthSchemeEntity.keyId;
|
|
1035
|
-
|
|
1036
|
-
if (kid) {
|
|
1037
|
-
try {
|
|
1038
|
-
await this.cryptoImpl.removeTokenBindingKey(kid);
|
|
1039
|
-
} catch (error) {
|
|
1040
|
-
throw createClientAuthError(
|
|
1041
|
-
ClientAuthErrorCodes.bindingKeyNotRemoved
|
|
1042
|
-
);
|
|
1043
|
-
}
|
|
1044
|
-
}
|
|
1045
|
-
}
|
|
1043
|
+
// If the credential is not a PoP token, we can return
|
|
1044
|
+
return;
|
|
1046
1045
|
}
|
|
1047
1046
|
|
|
1048
|
-
|
|
1047
|
+
// Remove Token Binding Key from key store for PoP Tokens Credentials
|
|
1048
|
+
const kid = credential.keyId;
|
|
1049
|
+
|
|
1050
|
+
if (kid) {
|
|
1051
|
+
void this.cryptoImpl.removeTokenBindingKey(kid).catch(() => {
|
|
1052
|
+
this.commonLogger.error(
|
|
1053
|
+
`Failed to remove token binding key ${kid}`,
|
|
1054
|
+
correlationId
|
|
1055
|
+
);
|
|
1056
|
+
this.performanceClient?.incrementFields(
|
|
1057
|
+
{ removeTokenBindingKeyFailure: 1 },
|
|
1058
|
+
correlationId
|
|
1059
|
+
);
|
|
1060
|
+
});
|
|
1061
|
+
}
|
|
1049
1062
|
}
|
|
1050
1063
|
|
|
1051
1064
|
/**
|
|
1052
1065
|
* Removes all app metadata objects from cache.
|
|
1053
1066
|
*/
|
|
1054
|
-
removeAppMetadata(): boolean {
|
|
1067
|
+
removeAppMetadata(correlationId: string): boolean {
|
|
1055
1068
|
const allCacheKeys = this.getKeys();
|
|
1056
1069
|
allCacheKeys.forEach((cacheKey) => {
|
|
1057
1070
|
if (this.isAppMetadata(cacheKey)) {
|
|
1058
|
-
this.removeItem(cacheKey);
|
|
1071
|
+
this.removeItem(cacheKey, correlationId);
|
|
1059
1072
|
}
|
|
1060
1073
|
});
|
|
1061
1074
|
|
|
@@ -1066,10 +1079,13 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1066
1079
|
* Retrieve AccountEntity from cache
|
|
1067
1080
|
* @param account
|
|
1068
1081
|
*/
|
|
1069
|
-
readAccountFromCache(
|
|
1082
|
+
readAccountFromCache(
|
|
1083
|
+
account: AccountInfo,
|
|
1084
|
+
correlationId: string
|
|
1085
|
+
): AccountEntity | null {
|
|
1070
1086
|
const accountKey: string =
|
|
1071
1087
|
AccountEntity.generateAccountCacheKey(account);
|
|
1072
|
-
return this.getAccount(accountKey,
|
|
1088
|
+
return this.getAccount(accountKey, correlationId);
|
|
1073
1089
|
}
|
|
1074
1090
|
|
|
1075
1091
|
/**
|
|
@@ -1082,10 +1098,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1082
1098
|
*/
|
|
1083
1099
|
getIdToken(
|
|
1084
1100
|
account: AccountInfo,
|
|
1101
|
+
correlationId: string,
|
|
1085
1102
|
tokenKeys?: TokenKeys,
|
|
1086
1103
|
targetRealm?: string,
|
|
1087
|
-
performanceClient?: IPerformanceClient
|
|
1088
|
-
correlationId?: string
|
|
1104
|
+
performanceClient?: IPerformanceClient
|
|
1089
1105
|
): IdTokenEntity | null {
|
|
1090
1106
|
this.commonLogger.trace("CacheManager - getIdToken called");
|
|
1091
1107
|
const idTokenFilter: CredentialFilter = {
|
|
@@ -1098,6 +1114,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1098
1114
|
|
|
1099
1115
|
const idTokenMap: Map<string, IdTokenEntity> = this.getIdTokensByFilter(
|
|
1100
1116
|
idTokenFilter,
|
|
1117
|
+
correlationId,
|
|
1101
1118
|
tokenKeys
|
|
1102
1119
|
);
|
|
1103
1120
|
|
|
@@ -1140,7 +1157,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1140
1157
|
"CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"
|
|
1141
1158
|
);
|
|
1142
1159
|
tokensToBeRemoved.forEach((idToken, key) => {
|
|
1143
|
-
this.removeIdToken(key);
|
|
1160
|
+
this.removeIdToken(key, correlationId);
|
|
1144
1161
|
});
|
|
1145
1162
|
if (performanceClient && correlationId) {
|
|
1146
1163
|
performanceClient.addFields(
|
|
@@ -1162,6 +1179,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1162
1179
|
*/
|
|
1163
1180
|
getIdTokensByFilter(
|
|
1164
1181
|
filter: CredentialFilter,
|
|
1182
|
+
correlationId: string,
|
|
1165
1183
|
tokenKeys?: TokenKeys
|
|
1166
1184
|
): Map<string, IdTokenEntity> {
|
|
1167
1185
|
const idTokenKeys =
|
|
@@ -1180,7 +1198,7 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1180
1198
|
) {
|
|
1181
1199
|
return;
|
|
1182
1200
|
}
|
|
1183
|
-
const idToken = this.getIdTokenCredential(key);
|
|
1201
|
+
const idToken = this.getIdTokenCredential(key, correlationId);
|
|
1184
1202
|
if (idToken && this.credentialMatchesFilter(idToken, filter)) {
|
|
1185
1203
|
idTokens.set(key, idToken);
|
|
1186
1204
|
}
|
|
@@ -1221,35 +1239,37 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1221
1239
|
* Removes idToken from the cache
|
|
1222
1240
|
* @param key
|
|
1223
1241
|
*/
|
|
1224
|
-
removeIdToken(key: string): void {
|
|
1225
|
-
this.removeItem(key);
|
|
1242
|
+
removeIdToken(key: string, correlationId: string): void {
|
|
1243
|
+
this.removeItem(key, correlationId);
|
|
1226
1244
|
}
|
|
1227
1245
|
|
|
1228
1246
|
/**
|
|
1229
1247
|
* Removes refresh token from the cache
|
|
1230
1248
|
* @param key
|
|
1231
1249
|
*/
|
|
1232
|
-
removeRefreshToken(key: string): void {
|
|
1233
|
-
this.removeItem(key);
|
|
1250
|
+
removeRefreshToken(key: string, correlationId: string): void {
|
|
1251
|
+
this.removeItem(key, correlationId);
|
|
1234
1252
|
}
|
|
1235
1253
|
|
|
1236
1254
|
/**
|
|
1237
1255
|
* Retrieve AccessTokenEntity from cache
|
|
1238
1256
|
* @param account {AccountInfo}
|
|
1239
1257
|
* @param request {BaseAuthRequest}
|
|
1258
|
+
* @param correlationId {?string}
|
|
1240
1259
|
* @param tokenKeys {?TokenKeys}
|
|
1241
1260
|
* @param performanceClient {?IPerformanceClient}
|
|
1242
|
-
* @param correlationId {?string}
|
|
1243
1261
|
*/
|
|
1244
1262
|
getAccessToken(
|
|
1245
1263
|
account: AccountInfo,
|
|
1246
1264
|
request: BaseAuthRequest,
|
|
1247
1265
|
tokenKeys?: TokenKeys,
|
|
1248
|
-
targetRealm?: string
|
|
1249
|
-
performanceClient?: IPerformanceClient,
|
|
1250
|
-
correlationId?: string
|
|
1266
|
+
targetRealm?: string
|
|
1251
1267
|
): AccessTokenEntity | null {
|
|
1252
|
-
|
|
1268
|
+
const correlationId = request.correlationId;
|
|
1269
|
+
this.commonLogger.trace(
|
|
1270
|
+
"CacheManager - getAccessToken called",
|
|
1271
|
+
correlationId
|
|
1272
|
+
);
|
|
1253
1273
|
const scopes = ScopeSet.createSearchScopes(request.scopes);
|
|
1254
1274
|
const authScheme =
|
|
1255
1275
|
request.authenticationScheme || AuthenticationScheme.BEARER;
|
|
@@ -1286,7 +1306,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1286
1306
|
if (
|
|
1287
1307
|
this.accessTokenKeyMatchesFilter(key, accessTokenFilter, true)
|
|
1288
1308
|
) {
|
|
1289
|
-
const accessToken = this.getAccessTokenCredential(
|
|
1309
|
+
const accessToken = this.getAccessTokenCredential(
|
|
1310
|
+
key,
|
|
1311
|
+
correlationId
|
|
1312
|
+
);
|
|
1290
1313
|
|
|
1291
1314
|
// Validate value
|
|
1292
1315
|
if (
|
|
@@ -1301,27 +1324,31 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1301
1324
|
const numAccessTokens = accessTokens.length;
|
|
1302
1325
|
if (numAccessTokens < 1) {
|
|
1303
1326
|
this.commonLogger.info(
|
|
1304
|
-
"CacheManager:getAccessToken - No token found"
|
|
1327
|
+
"CacheManager:getAccessToken - No token found",
|
|
1328
|
+
correlationId
|
|
1305
1329
|
);
|
|
1306
1330
|
return null;
|
|
1307
1331
|
} else if (numAccessTokens > 1) {
|
|
1308
1332
|
this.commonLogger.info(
|
|
1309
|
-
"CacheManager:getAccessToken - Multiple access tokens found, clearing them"
|
|
1333
|
+
"CacheManager:getAccessToken - Multiple access tokens found, clearing them",
|
|
1334
|
+
correlationId
|
|
1310
1335
|
);
|
|
1311
1336
|
accessTokens.forEach((accessToken) => {
|
|
1312
|
-
|
|
1313
|
-
|
|
1314
|
-
if (performanceClient && correlationId) {
|
|
1315
|
-
performanceClient.addFields(
|
|
1316
|
-
{ multiMatchedAT: accessTokens.length },
|
|
1337
|
+
this.removeAccessToken(
|
|
1338
|
+
generateCredentialKey(accessToken),
|
|
1317
1339
|
correlationId
|
|
1318
1340
|
);
|
|
1319
|
-
}
|
|
1341
|
+
});
|
|
1342
|
+
this.performanceClient.addFields(
|
|
1343
|
+
{ multiMatchedAT: accessTokens.length },
|
|
1344
|
+
correlationId
|
|
1345
|
+
);
|
|
1320
1346
|
return null;
|
|
1321
1347
|
}
|
|
1322
1348
|
|
|
1323
1349
|
this.commonLogger.info(
|
|
1324
|
-
"CacheManager:getAccessToken - Returning access token"
|
|
1350
|
+
"CacheManager:getAccessToken - Returning access token",
|
|
1351
|
+
correlationId
|
|
1325
1352
|
);
|
|
1326
1353
|
return accessTokens[0];
|
|
1327
1354
|
}
|
|
@@ -1391,7 +1418,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1391
1418
|
* @param filter
|
|
1392
1419
|
* @returns
|
|
1393
1420
|
*/
|
|
1394
|
-
getAccessTokensByFilter(
|
|
1421
|
+
getAccessTokensByFilter(
|
|
1422
|
+
filter: CredentialFilter,
|
|
1423
|
+
correlationId: string
|
|
1424
|
+
): AccessTokenEntity[] {
|
|
1395
1425
|
const tokenKeys = this.getTokenKeys();
|
|
1396
1426
|
|
|
1397
1427
|
const accessTokens: AccessTokenEntity[] = [];
|
|
@@ -1400,7 +1430,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1400
1430
|
return;
|
|
1401
1431
|
}
|
|
1402
1432
|
|
|
1403
|
-
const accessToken = this.getAccessTokenCredential(
|
|
1433
|
+
const accessToken = this.getAccessTokenCredential(
|
|
1434
|
+
key,
|
|
1435
|
+
correlationId
|
|
1436
|
+
);
|
|
1404
1437
|
if (
|
|
1405
1438
|
accessToken &&
|
|
1406
1439
|
this.credentialMatchesFilter(accessToken, filter)
|
|
@@ -1416,16 +1449,16 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1416
1449
|
* Helper to retrieve the appropriate refresh token from cache
|
|
1417
1450
|
* @param account {AccountInfo}
|
|
1418
1451
|
* @param familyRT {boolean}
|
|
1452
|
+
* @param correlationId {?string}
|
|
1419
1453
|
* @param tokenKeys {?TokenKeys}
|
|
1420
1454
|
* @param performanceClient {?IPerformanceClient}
|
|
1421
|
-
* @param correlationId {?string}
|
|
1422
1455
|
*/
|
|
1423
1456
|
getRefreshToken(
|
|
1424
1457
|
account: AccountInfo,
|
|
1425
1458
|
familyRT: boolean,
|
|
1459
|
+
correlationId: string,
|
|
1426
1460
|
tokenKeys?: TokenKeys,
|
|
1427
|
-
performanceClient?: IPerformanceClient
|
|
1428
|
-
correlationId?: string
|
|
1461
|
+
performanceClient?: IPerformanceClient
|
|
1429
1462
|
): RefreshTokenEntity | null {
|
|
1430
1463
|
this.commonLogger.trace("CacheManager - getRefreshToken called");
|
|
1431
1464
|
const id = familyRT ? THE_FAMILY_ID : undefined;
|
|
@@ -1445,7 +1478,10 @@ export abstract class CacheManager implements ICacheManager {
|
|
|
1445
1478
|
refreshTokenKeys.forEach((key) => {
|
|
1446
1479
|
// Validate key
|
|
1447
1480
|
if (this.refreshTokenKeyMatchesFilter(key, refreshTokenFilter)) {
|
|
1448
|
-
const refreshToken = this.getRefreshTokenCredential(
|
|
1481
|
+
const refreshToken = this.getRefreshTokenCredential(
|
|
1482
|
+
key,
|
|
1483
|
+
correlationId
|
|
1484
|
+
);
|
|
1449
1485
|
// Validate value
|
|
1450
1486
|
if (
|
|
1451
1487
|
refreshToken &&
|