@azure/msal-common 15.7.0 → 15.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +1 -0
- package/dist/account/AccountInfo.d.ts.map +1 -1
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +1 -1
- package/dist/authority/AuthorityFactory.mjs +1 -1
- package/dist/authority/AuthorityMetadata.mjs +1 -2
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.mjs +1 -1
- package/dist/cache/CacheManager.d.ts +32 -30
- package/dist/cache/CacheManager.d.ts.map +1 -1
- package/dist/cache/CacheManager.mjs +83 -101
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/entities/AccountEntity.d.ts +1 -0
- package/dist/cache/entities/AccountEntity.d.ts.map +1 -1
- package/dist/cache/entities/AccountEntity.mjs +1 -1
- package/dist/cache/entities/AccountEntity.mjs.map +1 -1
- package/dist/cache/entities/CredentialEntity.d.ts +2 -0
- package/dist/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/dist/cache/interface/ICacheManager.d.ts +16 -16
- package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +3 -3
- package/dist/client/BaseClient.d.ts.map +1 -1
- package/dist/client/BaseClient.mjs +4 -4
- package/dist/client/BaseClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +5 -5
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.d.ts.map +1 -1
- package/dist/client/SilentFlowClient.mjs +4 -4
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.d.ts.map +1 -1
- package/dist/config/ClientConfiguration.mjs +4 -3
- package/dist/config/ClientConfiguration.mjs.map +1 -1
- package/dist/constants/AADServerParamKeys.mjs +1 -1
- package/dist/crypto/ICrypto.d.ts +1 -1
- package/dist/crypto/ICrypto.d.ts.map +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +2 -4
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.mjs +2 -2
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.d.ts +8 -1
- package/dist/error/CacheError.d.ts.map +1 -1
- package/dist/error/CacheError.mjs +26 -7
- package/dist/error/CacheError.mjs.map +1 -1
- package/dist/error/CacheErrorCodes.d.ts +2 -2
- package/dist/error/CacheErrorCodes.d.ts.map +1 -1
- package/dist/error/CacheErrorCodes.mjs +4 -4
- package/dist/error/CacheErrorCodes.mjs.map +1 -1
- package/dist/error/ClientAuthError.mjs +2 -2
- package/dist/error/ClientAuthErrorCodes.mjs +1 -1
- package/dist/error/ClientConfigurationError.mjs +2 -2
- package/dist/error/ClientConfigurationErrorCodes.mjs +1 -1
- package/dist/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +4 -2
- package/dist/error/InteractionRequiredAuthError.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.d.ts +1 -0
- package/dist/error/InteractionRequiredAuthErrorCodes.d.ts.map +1 -1
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +3 -2
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs.map +1 -1
- package/dist/error/JoseHeaderError.mjs +2 -2
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/exports-common.d.ts +1 -1
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/index-browser.mjs +2 -2
- package/dist/index-node.mjs +2 -2
- package/dist/index.mjs +2 -2
- package/dist/logger/Logger.mjs +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.d.ts +2 -2
- package/dist/network/ThrottlingUtils.d.ts.map +1 -1
- package/dist/network/ThrottlingUtils.mjs +6 -6
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +2 -2
- package/dist/request/AuthenticationHeaderParser.mjs +1 -1
- package/dist/request/RequestParameterBuilder.mjs +2 -2
- package/dist/request/RequestValidator.mjs +1 -1
- package/dist/request/ScopeSet.mjs +1 -1
- package/dist/response/ResponseHandler.d.ts +1 -1
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +6 -6
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +7 -7
- package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/url/UrlString.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.mjs +1 -4
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.mjs +1 -1
- package/lib/index-browser.cjs +5 -81
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-DNGOJ4N7.js → index-node-2PsHlOld.js} +217 -139
- package/lib/index-node-2PsHlOld.js.map +1 -0
- package/lib/index-node.cjs +3 -2
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +4 -3
- package/lib/index.cjs.map +1 -1
- package/lib/types/account/AccountInfo.d.ts +1 -0
- package/lib/types/account/AccountInfo.d.ts.map +1 -1
- package/lib/types/cache/CacheManager.d.ts +32 -30
- package/lib/types/cache/CacheManager.d.ts.map +1 -1
- package/lib/types/cache/entities/AccountEntity.d.ts +1 -0
- package/lib/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/lib/types/cache/entities/CredentialEntity.d.ts +2 -0
- package/lib/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/lib/types/cache/interface/ICacheManager.d.ts +16 -16
- package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
- package/lib/types/client/BaseClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/client/SilentFlowClient.d.ts.map +1 -1
- package/lib/types/config/ClientConfiguration.d.ts.map +1 -1
- package/lib/types/crypto/ICrypto.d.ts +1 -1
- package/lib/types/crypto/ICrypto.d.ts.map +1 -1
- package/lib/types/error/CacheError.d.ts +8 -1
- package/lib/types/error/CacheError.d.ts.map +1 -1
- package/lib/types/error/CacheErrorCodes.d.ts +2 -2
- package/lib/types/error/CacheErrorCodes.d.ts.map +1 -1
- package/lib/types/error/InteractionRequiredAuthError.d.ts.map +1 -1
- package/lib/types/error/InteractionRequiredAuthErrorCodes.d.ts +1 -0
- package/lib/types/error/InteractionRequiredAuthErrorCodes.d.ts.map +1 -1
- package/lib/types/exports-common.d.ts +1 -1
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/network/ThrottlingUtils.d.ts +2 -2
- package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/response/ResponseHandler.d.ts +1 -1
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/account/AccountInfo.ts +1 -0
- package/src/cache/CacheManager.ts +159 -123
- package/src/cache/entities/AccountEntity.ts +1 -0
- package/src/cache/entities/CredentialEntity.ts +2 -0
- package/src/cache/interface/ICacheManager.ts +34 -16
- package/src/client/BaseClient.ts +11 -2
- package/src/client/RefreshTokenClient.ts +6 -3
- package/src/client/SilentFlowClient.ts +7 -6
- package/src/config/ClientConfiguration.ts +3 -1
- package/src/crypto/ICrypto.ts +2 -2
- package/src/error/CacheError.ts +26 -5
- package/src/error/CacheErrorCodes.ts +2 -2
- package/src/error/InteractionRequiredAuthError.ts +3 -0
- package/src/error/InteractionRequiredAuthErrorCodes.ts +1 -0
- package/src/exports-common.ts +5 -1
- package/src/network/ThrottlingUtils.ts +8 -5
- package/src/packageMetadata.ts +1 -1
- package/src/response/ResponseHandler.ts +7 -2
- package/src/telemetry/server/ServerTelemetryManager.ts +14 -6
- package/lib/index-node-DNGOJ4N7.js.map +0 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-common v15.
|
|
1
|
+
/*! @azure/msal-common v15.8.0 2025-07-01 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
@@ -234,7 +234,6 @@ const AuthorityMetadataSource = {
|
|
|
234
234
|
};
|
|
235
235
|
const SERVER_TELEM_CONSTANTS = {
|
|
236
236
|
SCHEMA_VERSION: 5,
|
|
237
|
-
MAX_CUR_HEADER_BYTES: 80,
|
|
238
237
|
MAX_LAST_HEADER_BYTES: 330,
|
|
239
238
|
MAX_CACHED_ERRORS: 50,
|
|
240
239
|
CACHE_KEY: "server-telemetry",
|
|
@@ -289,9 +288,7 @@ const RegionDiscoverySources = {
|
|
|
289
288
|
* Region Discovery Outcomes
|
|
290
289
|
*/
|
|
291
290
|
const RegionDiscoveryOutcomes = {
|
|
292
|
-
CONFIGURED_MATCHES_DETECTED: "1",
|
|
293
291
|
CONFIGURED_NO_AUTO_DETECTION: "2",
|
|
294
|
-
CONFIGURED_NOT_DETECTED: "3",
|
|
295
292
|
AUTO_DETECTION_REQUESTED_SUCCESSFUL: "4",
|
|
296
293
|
AUTO_DETECTION_REQUESTED_FAILED: "5",
|
|
297
294
|
};
|
|
@@ -1371,7 +1368,6 @@ const rawMetdataJSON = {
|
|
|
1371
1368
|
},
|
|
1372
1369
|
},
|
|
1373
1370
|
instanceDiscoveryMetadata: {
|
|
1374
|
-
tenant_discovery_endpoint: "https://{canonicalAuthority}/v2.0/.well-known/openid-configuration",
|
|
1375
1371
|
metadata: [
|
|
1376
1372
|
{
|
|
1377
1373
|
preferred_network: "login.microsoftonline.com",
|
|
@@ -3893,7 +3889,7 @@ class Logger {
|
|
|
3893
3889
|
|
|
3894
3890
|
/* eslint-disable header/header */
|
|
3895
3891
|
const name = "@azure/msal-common";
|
|
3896
|
-
const version = "15.
|
|
3892
|
+
const version = "15.8.0";
|
|
3897
3893
|
|
|
3898
3894
|
/*
|
|
3899
3895
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4466,13 +4462,13 @@ class AccountEntity {
|
|
|
4466
4462
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4467
4463
|
* Licensed under the MIT License.
|
|
4468
4464
|
*/
|
|
4469
|
-
const
|
|
4470
|
-
const
|
|
4465
|
+
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
4466
|
+
const cacheErrorUnknown = "cache_error_unknown";
|
|
4471
4467
|
|
|
4472
4468
|
var CacheErrorCodes = /*#__PURE__*/Object.freeze({
|
|
4473
4469
|
__proto__: null,
|
|
4474
|
-
|
|
4475
|
-
|
|
4470
|
+
cacheErrorUnknown: cacheErrorUnknown,
|
|
4471
|
+
cacheQuotaExceeded: cacheQuotaExceeded
|
|
4476
4472
|
});
|
|
4477
4473
|
|
|
4478
4474
|
/*
|
|
@@ -4480,24 +4476,42 @@ var CacheErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
4480
4476
|
* Licensed under the MIT License.
|
|
4481
4477
|
*/
|
|
4482
4478
|
const CacheErrorMessages = {
|
|
4483
|
-
[
|
|
4484
|
-
[
|
|
4479
|
+
[cacheQuotaExceeded]: "Exceeded cache storage capacity.",
|
|
4480
|
+
[cacheErrorUnknown]: "Unexpected error occurred when using cache storage.",
|
|
4485
4481
|
};
|
|
4486
4482
|
/**
|
|
4487
4483
|
* Error thrown when there is an error with the cache
|
|
4488
4484
|
*/
|
|
4489
|
-
class CacheError extends
|
|
4485
|
+
class CacheError extends AuthError {
|
|
4490
4486
|
constructor(errorCode, errorMessage) {
|
|
4491
4487
|
const message = errorMessage ||
|
|
4492
4488
|
(CacheErrorMessages[errorCode]
|
|
4493
4489
|
? CacheErrorMessages[errorCode]
|
|
4494
|
-
: CacheErrorMessages[
|
|
4490
|
+
: CacheErrorMessages[cacheErrorUnknown]);
|
|
4495
4491
|
super(`${errorCode}: ${message}`);
|
|
4496
4492
|
Object.setPrototypeOf(this, CacheError.prototype);
|
|
4497
4493
|
this.name = "CacheError";
|
|
4498
4494
|
this.errorCode = errorCode;
|
|
4499
4495
|
this.errorMessage = message;
|
|
4500
4496
|
}
|
|
4497
|
+
}
|
|
4498
|
+
/**
|
|
4499
|
+
* Helper function to wrap browser errors in a CacheError object
|
|
4500
|
+
* @param e
|
|
4501
|
+
* @returns
|
|
4502
|
+
*/
|
|
4503
|
+
function createCacheError(e) {
|
|
4504
|
+
if (!(e instanceof Error)) {
|
|
4505
|
+
return new CacheError(cacheErrorUnknown);
|
|
4506
|
+
}
|
|
4507
|
+
if (e.name === "QuotaExceededError" ||
|
|
4508
|
+
e.name === "NS_ERROR_DOM_QUOTA_REACHED" ||
|
|
4509
|
+
e.message.includes("exceeded the quota")) {
|
|
4510
|
+
return new CacheError(cacheQuotaExceeded);
|
|
4511
|
+
}
|
|
4512
|
+
else {
|
|
4513
|
+
return new CacheError(e.name, e.message);
|
|
4514
|
+
}
|
|
4501
4515
|
}
|
|
4502
4516
|
|
|
4503
4517
|
/*
|
|
@@ -4509,25 +4523,26 @@ class CacheError extends Error {
|
|
|
4509
4523
|
* @internal
|
|
4510
4524
|
*/
|
|
4511
4525
|
class CacheManager {
|
|
4512
|
-
constructor(clientId, cryptoImpl, logger, staticAuthorityOptions) {
|
|
4526
|
+
constructor(clientId, cryptoImpl, logger, performanceClient, staticAuthorityOptions) {
|
|
4513
4527
|
this.clientId = clientId;
|
|
4514
4528
|
this.cryptoImpl = cryptoImpl;
|
|
4515
4529
|
this.commonLogger = logger.clone(name, version);
|
|
4516
4530
|
this.staticAuthorityOptions = staticAuthorityOptions;
|
|
4531
|
+
this.performanceClient = performanceClient;
|
|
4517
4532
|
}
|
|
4518
4533
|
/**
|
|
4519
4534
|
* Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.
|
|
4520
4535
|
* @param accountFilter - (Optional) filter to narrow down the accounts returned
|
|
4521
4536
|
* @returns Array of AccountInfo objects in cache
|
|
4522
4537
|
*/
|
|
4523
|
-
getAllAccounts(accountFilter) {
|
|
4524
|
-
return this.buildTenantProfiles(this.getAccountsFilteredBy(accountFilter
|
|
4538
|
+
getAllAccounts(accountFilter, correlationId) {
|
|
4539
|
+
return this.buildTenantProfiles(this.getAccountsFilteredBy(accountFilter, correlationId), correlationId, accountFilter);
|
|
4525
4540
|
}
|
|
4526
4541
|
/**
|
|
4527
4542
|
* Gets first tenanted AccountInfo object found based on provided filters
|
|
4528
4543
|
*/
|
|
4529
|
-
getAccountInfoFilteredBy(accountFilter) {
|
|
4530
|
-
const allAccounts = this.getAllAccounts(accountFilter);
|
|
4544
|
+
getAccountInfoFilteredBy(accountFilter, correlationId) {
|
|
4545
|
+
const allAccounts = this.getAllAccounts(accountFilter, correlationId);
|
|
4531
4546
|
if (allAccounts.length > 1) {
|
|
4532
4547
|
// If one or more accounts are found, prioritize accounts that have an ID token
|
|
4533
4548
|
const sortedAccounts = allAccounts.sort((account) => {
|
|
@@ -4548,8 +4563,8 @@ class CacheManager {
|
|
|
4548
4563
|
* @param accountFilter
|
|
4549
4564
|
* @returns
|
|
4550
4565
|
*/
|
|
4551
|
-
getBaseAccountInfo(accountFilter) {
|
|
4552
|
-
const accountEntities = this.getAccountsFilteredBy(accountFilter);
|
|
4566
|
+
getBaseAccountInfo(accountFilter, correlationId) {
|
|
4567
|
+
const accountEntities = this.getAccountsFilteredBy(accountFilter, correlationId);
|
|
4553
4568
|
if (accountEntities.length > 0) {
|
|
4554
4569
|
return accountEntities[0].getAccountInfo();
|
|
4555
4570
|
}
|
|
@@ -4564,12 +4579,12 @@ class CacheManager {
|
|
|
4564
4579
|
* @param accountFilter
|
|
4565
4580
|
* @returns Array of AccountInfo objects that match account and tenant profile filters
|
|
4566
4581
|
*/
|
|
4567
|
-
buildTenantProfiles(cachedAccounts, accountFilter) {
|
|
4582
|
+
buildTenantProfiles(cachedAccounts, correlationId, accountFilter) {
|
|
4568
4583
|
return cachedAccounts.flatMap((accountEntity) => {
|
|
4569
|
-
return this.getTenantProfilesFromAccountEntity(accountEntity, accountFilter?.tenantId, accountFilter);
|
|
4584
|
+
return this.getTenantProfilesFromAccountEntity(accountEntity, correlationId, accountFilter?.tenantId, accountFilter);
|
|
4570
4585
|
});
|
|
4571
4586
|
}
|
|
4572
|
-
getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter) {
|
|
4587
|
+
getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, correlationId, tenantProfileFilter) {
|
|
4573
4588
|
let tenantedAccountInfo = null;
|
|
4574
4589
|
let idTokenClaims;
|
|
4575
4590
|
if (tenantProfileFilter) {
|
|
@@ -4577,7 +4592,7 @@ class CacheManager {
|
|
|
4577
4592
|
return null;
|
|
4578
4593
|
}
|
|
4579
4594
|
}
|
|
4580
|
-
const idToken = this.getIdToken(accountInfo, tokenKeys, tenantProfile.tenantId);
|
|
4595
|
+
const idToken = this.getIdToken(accountInfo, correlationId, tokenKeys, tenantProfile.tenantId);
|
|
4581
4596
|
if (idToken) {
|
|
4582
4597
|
idTokenClaims = extractTokenClaims(idToken.secret, this.cryptoImpl.base64Decode);
|
|
4583
4598
|
if (!this.idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter)) {
|
|
@@ -4589,7 +4604,7 @@ class CacheManager {
|
|
|
4589
4604
|
tenantedAccountInfo = updateAccountTenantProfileData(accountInfo, tenantProfile, idTokenClaims, idToken?.secret);
|
|
4590
4605
|
return tenantedAccountInfo;
|
|
4591
4606
|
}
|
|
4592
|
-
getTenantProfilesFromAccountEntity(accountEntity, targetTenantId, tenantProfileFilter) {
|
|
4607
|
+
getTenantProfilesFromAccountEntity(accountEntity, correlationId, targetTenantId, tenantProfileFilter) {
|
|
4593
4608
|
const accountInfo = accountEntity.getAccountInfo();
|
|
4594
4609
|
let searchTenantProfiles = accountInfo.tenantProfiles || new Map();
|
|
4595
4610
|
const tokenKeys = this.getTokenKeys();
|
|
@@ -4609,7 +4624,7 @@ class CacheManager {
|
|
|
4609
4624
|
}
|
|
4610
4625
|
const matchingTenantProfiles = [];
|
|
4611
4626
|
searchTenantProfiles.forEach((tenantProfile) => {
|
|
4612
|
-
const tenantedAccountInfo = this.getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter);
|
|
4627
|
+
const tenantedAccountInfo = this.getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, correlationId, tenantProfileFilter);
|
|
4613
4628
|
if (tenantedAccountInfo) {
|
|
4614
4629
|
matchingTenantProfiles.push(tenantedAccountInfo);
|
|
4615
4630
|
}
|
|
@@ -4683,26 +4698,16 @@ class CacheManager {
|
|
|
4683
4698
|
await this.setRefreshTokenCredential(cacheRecord.refreshToken, correlationId);
|
|
4684
4699
|
}
|
|
4685
4700
|
if (!!cacheRecord.appMetadata) {
|
|
4686
|
-
this.setAppMetadata(cacheRecord.appMetadata);
|
|
4701
|
+
this.setAppMetadata(cacheRecord.appMetadata, correlationId);
|
|
4687
4702
|
}
|
|
4688
4703
|
}
|
|
4689
4704
|
catch (e) {
|
|
4690
4705
|
this.commonLogger?.error(`CacheManager.saveCacheRecord: failed`);
|
|
4691
|
-
if (e instanceof
|
|
4692
|
-
|
|
4693
|
-
if (e.name === "QuotaExceededError" ||
|
|
4694
|
-
e.name === "NS_ERROR_DOM_QUOTA_REACHED" ||
|
|
4695
|
-
e.message.includes("exceeded the quota")) {
|
|
4696
|
-
this.commonLogger?.error(`CacheManager.saveCacheRecord: exceeded storage quota`, correlationId);
|
|
4697
|
-
throw new CacheError(cacheQuotaExceededErrorCode);
|
|
4698
|
-
}
|
|
4699
|
-
else {
|
|
4700
|
-
throw new CacheError(e.name, e.message);
|
|
4701
|
-
}
|
|
4706
|
+
if (e instanceof AuthError) {
|
|
4707
|
+
throw e;
|
|
4702
4708
|
}
|
|
4703
4709
|
else {
|
|
4704
|
-
|
|
4705
|
-
throw new CacheError(cacheUnknownErrorCode);
|
|
4710
|
+
throw createCacheError(e);
|
|
4706
4711
|
}
|
|
4707
4712
|
}
|
|
4708
4713
|
}
|
|
@@ -4722,21 +4727,19 @@ class CacheManager {
|
|
|
4722
4727
|
};
|
|
4723
4728
|
const tokenKeys = this.getTokenKeys();
|
|
4724
4729
|
const currentScopes = ScopeSet.fromString(credential.target);
|
|
4725
|
-
const removedAccessTokens = [];
|
|
4726
4730
|
tokenKeys.accessToken.forEach((key) => {
|
|
4727
4731
|
if (!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) {
|
|
4728
4732
|
return;
|
|
4729
4733
|
}
|
|
4730
|
-
const tokenEntity = this.getAccessTokenCredential(key);
|
|
4734
|
+
const tokenEntity = this.getAccessTokenCredential(key, correlationId);
|
|
4731
4735
|
if (tokenEntity &&
|
|
4732
4736
|
this.credentialMatchesFilter(tokenEntity, accessTokenFilter)) {
|
|
4733
4737
|
const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
|
|
4734
4738
|
if (tokenScopeSet.intersectingScopeSets(currentScopes)) {
|
|
4735
|
-
|
|
4739
|
+
this.removeAccessToken(key, correlationId);
|
|
4736
4740
|
}
|
|
4737
4741
|
}
|
|
4738
4742
|
});
|
|
4739
|
-
await Promise.all(removedAccessTokens);
|
|
4740
4743
|
await this.setAccessTokenCredential(credential, correlationId);
|
|
4741
4744
|
}
|
|
4742
4745
|
/**
|
|
@@ -4744,7 +4747,7 @@ class CacheManager {
|
|
|
4744
4747
|
* Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared
|
|
4745
4748
|
* @param accountFilter - An object containing Account properties to filter by
|
|
4746
4749
|
*/
|
|
4747
|
-
getAccountsFilteredBy(accountFilter) {
|
|
4750
|
+
getAccountsFilteredBy(accountFilter, correlationId) {
|
|
4748
4751
|
const allAccountKeys = this.getAccountKeys();
|
|
4749
4752
|
const matchingAccounts = [];
|
|
4750
4753
|
allAccountKeys.forEach((cacheKey) => {
|
|
@@ -4752,7 +4755,7 @@ class CacheManager {
|
|
|
4752
4755
|
// Don't parse value if the key doesn't match the account filters
|
|
4753
4756
|
return;
|
|
4754
4757
|
}
|
|
4755
|
-
const entity = this.getAccount(cacheKey,
|
|
4758
|
+
const entity = this.getAccount(cacheKey, correlationId);
|
|
4756
4759
|
// Match base account fields
|
|
4757
4760
|
if (!entity) {
|
|
4758
4761
|
return;
|
|
@@ -4978,86 +4981,80 @@ class CacheManager {
|
|
|
4978
4981
|
/**
|
|
4979
4982
|
* Removes all accounts and related tokens from cache.
|
|
4980
4983
|
*/
|
|
4981
|
-
|
|
4984
|
+
removeAllAccounts(correlationId) {
|
|
4982
4985
|
const allAccountKeys = this.getAccountKeys();
|
|
4983
|
-
const removedAccounts = [];
|
|
4984
4986
|
allAccountKeys.forEach((cacheKey) => {
|
|
4985
|
-
|
|
4987
|
+
this.removeAccount(cacheKey, correlationId);
|
|
4986
4988
|
});
|
|
4987
|
-
await Promise.all(removedAccounts);
|
|
4988
4989
|
}
|
|
4989
4990
|
/**
|
|
4990
4991
|
* Removes the account and related tokens for a given account key
|
|
4991
4992
|
* @param account
|
|
4992
4993
|
*/
|
|
4993
|
-
|
|
4994
|
-
const account = this.getAccount(accountKey,
|
|
4994
|
+
removeAccount(accountKey, correlationId) {
|
|
4995
|
+
const account = this.getAccount(accountKey, correlationId);
|
|
4995
4996
|
if (!account) {
|
|
4996
4997
|
return;
|
|
4997
4998
|
}
|
|
4998
|
-
|
|
4999
|
-
this.removeItem(accountKey);
|
|
4999
|
+
this.removeAccountContext(account, correlationId);
|
|
5000
|
+
this.removeItem(accountKey, correlationId);
|
|
5000
5001
|
}
|
|
5001
5002
|
/**
|
|
5002
5003
|
* Removes credentials associated with the provided account
|
|
5003
5004
|
* @param account
|
|
5004
5005
|
*/
|
|
5005
|
-
|
|
5006
|
+
removeAccountContext(account, correlationId) {
|
|
5006
5007
|
const allTokenKeys = this.getTokenKeys();
|
|
5007
5008
|
const accountId = account.generateAccountId();
|
|
5008
|
-
const removedCredentials = [];
|
|
5009
5009
|
allTokenKeys.idToken.forEach((key) => {
|
|
5010
5010
|
if (key.indexOf(accountId) === 0) {
|
|
5011
|
-
this.removeIdToken(key);
|
|
5011
|
+
this.removeIdToken(key, correlationId);
|
|
5012
5012
|
}
|
|
5013
5013
|
});
|
|
5014
5014
|
allTokenKeys.accessToken.forEach((key) => {
|
|
5015
5015
|
if (key.indexOf(accountId) === 0) {
|
|
5016
|
-
|
|
5016
|
+
this.removeAccessToken(key, correlationId);
|
|
5017
5017
|
}
|
|
5018
5018
|
});
|
|
5019
5019
|
allTokenKeys.refreshToken.forEach((key) => {
|
|
5020
5020
|
if (key.indexOf(accountId) === 0) {
|
|
5021
|
-
this.removeRefreshToken(key);
|
|
5021
|
+
this.removeRefreshToken(key, correlationId);
|
|
5022
5022
|
}
|
|
5023
5023
|
});
|
|
5024
|
-
await Promise.all(removedCredentials);
|
|
5025
5024
|
}
|
|
5026
5025
|
/**
|
|
5027
|
-
*
|
|
5028
|
-
* @param
|
|
5029
|
-
|
|
5030
|
-
|
|
5031
|
-
|
|
5032
|
-
|
|
5026
|
+
* Removes accessToken from the cache
|
|
5027
|
+
* @param key
|
|
5028
|
+
* @param correlationId
|
|
5029
|
+
*/
|
|
5030
|
+
removeAccessToken(key, correlationId) {
|
|
5031
|
+
const credential = this.getAccessTokenCredential(key, correlationId);
|
|
5032
|
+
this.removeItem(key, correlationId);
|
|
5033
|
+
this.performanceClient.incrementFields({ accessTokensRemoved: 1 }, correlationId);
|
|
5034
|
+
if (!credential ||
|
|
5035
|
+
credential.credentialType.toLowerCase() !==
|
|
5036
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase() ||
|
|
5037
|
+
credential.tokenType !== AuthenticationScheme.POP) {
|
|
5038
|
+
// If the credential is not a PoP token, we can return
|
|
5033
5039
|
return;
|
|
5034
5040
|
}
|
|
5035
5041
|
// Remove Token Binding Key from key store for PoP Tokens Credentials
|
|
5036
|
-
|
|
5037
|
-
|
|
5038
|
-
|
|
5039
|
-
|
|
5040
|
-
|
|
5041
|
-
|
|
5042
|
-
try {
|
|
5043
|
-
await this.cryptoImpl.removeTokenBindingKey(kid);
|
|
5044
|
-
}
|
|
5045
|
-
catch (error) {
|
|
5046
|
-
throw createClientAuthError(bindingKeyNotRemoved);
|
|
5047
|
-
}
|
|
5048
|
-
}
|
|
5049
|
-
}
|
|
5042
|
+
const kid = credential.keyId;
|
|
5043
|
+
if (kid) {
|
|
5044
|
+
void this.cryptoImpl.removeTokenBindingKey(kid).catch(() => {
|
|
5045
|
+
this.commonLogger.error(`Failed to remove token binding key ${kid}`, correlationId);
|
|
5046
|
+
this.performanceClient?.incrementFields({ removeTokenBindingKeyFailure: 1 }, correlationId);
|
|
5047
|
+
});
|
|
5050
5048
|
}
|
|
5051
|
-
return this.removeItem(key);
|
|
5052
5049
|
}
|
|
5053
5050
|
/**
|
|
5054
5051
|
* Removes all app metadata objects from cache.
|
|
5055
5052
|
*/
|
|
5056
|
-
removeAppMetadata() {
|
|
5053
|
+
removeAppMetadata(correlationId) {
|
|
5057
5054
|
const allCacheKeys = this.getKeys();
|
|
5058
5055
|
allCacheKeys.forEach((cacheKey) => {
|
|
5059
5056
|
if (this.isAppMetadata(cacheKey)) {
|
|
5060
|
-
this.removeItem(cacheKey);
|
|
5057
|
+
this.removeItem(cacheKey, correlationId);
|
|
5061
5058
|
}
|
|
5062
5059
|
});
|
|
5063
5060
|
return true;
|
|
@@ -5066,9 +5063,9 @@ class CacheManager {
|
|
|
5066
5063
|
* Retrieve AccountEntity from cache
|
|
5067
5064
|
* @param account
|
|
5068
5065
|
*/
|
|
5069
|
-
readAccountFromCache(account) {
|
|
5066
|
+
readAccountFromCache(account, correlationId) {
|
|
5070
5067
|
const accountKey = AccountEntity.generateAccountCacheKey(account);
|
|
5071
|
-
return this.getAccount(accountKey,
|
|
5068
|
+
return this.getAccount(accountKey, correlationId);
|
|
5072
5069
|
}
|
|
5073
5070
|
/**
|
|
5074
5071
|
* Retrieve IdTokenEntity from cache
|
|
@@ -5078,7 +5075,7 @@ class CacheManager {
|
|
|
5078
5075
|
* @param performanceClient {?IPerformanceClient}
|
|
5079
5076
|
* @param correlationId {?string}
|
|
5080
5077
|
*/
|
|
5081
|
-
getIdToken(account, tokenKeys, targetRealm, performanceClient
|
|
5078
|
+
getIdToken(account, correlationId, tokenKeys, targetRealm, performanceClient) {
|
|
5082
5079
|
this.commonLogger.trace("CacheManager - getIdToken called");
|
|
5083
5080
|
const idTokenFilter = {
|
|
5084
5081
|
homeAccountId: account.homeAccountId,
|
|
@@ -5087,7 +5084,7 @@ class CacheManager {
|
|
|
5087
5084
|
clientId: this.clientId,
|
|
5088
5085
|
realm: targetRealm,
|
|
5089
5086
|
};
|
|
5090
|
-
const idTokenMap = this.getIdTokensByFilter(idTokenFilter, tokenKeys);
|
|
5087
|
+
const idTokenMap = this.getIdTokensByFilter(idTokenFilter, correlationId, tokenKeys);
|
|
5091
5088
|
const numIdTokens = idTokenMap.size;
|
|
5092
5089
|
if (numIdTokens < 1) {
|
|
5093
5090
|
this.commonLogger.info("CacheManager:getIdToken - No token found");
|
|
@@ -5120,7 +5117,7 @@ class CacheManager {
|
|
|
5120
5117
|
// Multiple tokens for a single tenant profile, remove all and return null
|
|
5121
5118
|
this.commonLogger.info("CacheManager:getIdToken - Multiple matching ID tokens found, clearing them");
|
|
5122
5119
|
tokensToBeRemoved.forEach((idToken, key) => {
|
|
5123
|
-
this.removeIdToken(key);
|
|
5120
|
+
this.removeIdToken(key, correlationId);
|
|
5124
5121
|
});
|
|
5125
5122
|
if (performanceClient && correlationId) {
|
|
5126
5123
|
performanceClient.addFields({ multiMatchedID: idTokenMap.size }, correlationId);
|
|
@@ -5135,7 +5132,7 @@ class CacheManager {
|
|
|
5135
5132
|
* @param filter
|
|
5136
5133
|
* @returns
|
|
5137
5134
|
*/
|
|
5138
|
-
getIdTokensByFilter(filter, tokenKeys) {
|
|
5135
|
+
getIdTokensByFilter(filter, correlationId, tokenKeys) {
|
|
5139
5136
|
const idTokenKeys = (tokenKeys && tokenKeys.idToken) || this.getTokenKeys().idToken;
|
|
5140
5137
|
const idTokens = new Map();
|
|
5141
5138
|
idTokenKeys.forEach((key) => {
|
|
@@ -5145,7 +5142,7 @@ class CacheManager {
|
|
|
5145
5142
|
})) {
|
|
5146
5143
|
return;
|
|
5147
5144
|
}
|
|
5148
|
-
const idToken = this.getIdTokenCredential(key);
|
|
5145
|
+
const idToken = this.getIdTokenCredential(key, correlationId);
|
|
5149
5146
|
if (idToken && this.credentialMatchesFilter(idToken, filter)) {
|
|
5150
5147
|
idTokens.set(key, idToken);
|
|
5151
5148
|
}
|
|
@@ -5174,26 +5171,27 @@ class CacheManager {
|
|
|
5174
5171
|
* Removes idToken from the cache
|
|
5175
5172
|
* @param key
|
|
5176
5173
|
*/
|
|
5177
|
-
removeIdToken(key) {
|
|
5178
|
-
this.removeItem(key);
|
|
5174
|
+
removeIdToken(key, correlationId) {
|
|
5175
|
+
this.removeItem(key, correlationId);
|
|
5179
5176
|
}
|
|
5180
5177
|
/**
|
|
5181
5178
|
* Removes refresh token from the cache
|
|
5182
5179
|
* @param key
|
|
5183
5180
|
*/
|
|
5184
|
-
removeRefreshToken(key) {
|
|
5185
|
-
this.removeItem(key);
|
|
5181
|
+
removeRefreshToken(key, correlationId) {
|
|
5182
|
+
this.removeItem(key, correlationId);
|
|
5186
5183
|
}
|
|
5187
5184
|
/**
|
|
5188
5185
|
* Retrieve AccessTokenEntity from cache
|
|
5189
5186
|
* @param account {AccountInfo}
|
|
5190
5187
|
* @param request {BaseAuthRequest}
|
|
5188
|
+
* @param correlationId {?string}
|
|
5191
5189
|
* @param tokenKeys {?TokenKeys}
|
|
5192
5190
|
* @param performanceClient {?IPerformanceClient}
|
|
5193
|
-
* @param correlationId {?string}
|
|
5194
5191
|
*/
|
|
5195
|
-
getAccessToken(account, request, tokenKeys, targetRealm
|
|
5196
|
-
|
|
5192
|
+
getAccessToken(account, request, tokenKeys, targetRealm) {
|
|
5193
|
+
const correlationId = request.correlationId;
|
|
5194
|
+
this.commonLogger.trace("CacheManager - getAccessToken called", correlationId);
|
|
5197
5195
|
const scopes = ScopeSet.createSearchScopes(request.scopes);
|
|
5198
5196
|
const authScheme = request.authenticationScheme || AuthenticationScheme.BEARER;
|
|
5199
5197
|
/*
|
|
@@ -5222,7 +5220,7 @@ class CacheManager {
|
|
|
5222
5220
|
accessTokenKeys.forEach((key) => {
|
|
5223
5221
|
// Validate key
|
|
5224
5222
|
if (this.accessTokenKeyMatchesFilter(key, accessTokenFilter, true)) {
|
|
5225
|
-
const accessToken = this.getAccessTokenCredential(key);
|
|
5223
|
+
const accessToken = this.getAccessTokenCredential(key, correlationId);
|
|
5226
5224
|
// Validate value
|
|
5227
5225
|
if (accessToken &&
|
|
5228
5226
|
this.credentialMatchesFilter(accessToken, accessTokenFilter)) {
|
|
@@ -5232,20 +5230,18 @@ class CacheManager {
|
|
|
5232
5230
|
});
|
|
5233
5231
|
const numAccessTokens = accessTokens.length;
|
|
5234
5232
|
if (numAccessTokens < 1) {
|
|
5235
|
-
this.commonLogger.info("CacheManager:getAccessToken - No token found");
|
|
5233
|
+
this.commonLogger.info("CacheManager:getAccessToken - No token found", correlationId);
|
|
5236
5234
|
return null;
|
|
5237
5235
|
}
|
|
5238
5236
|
else if (numAccessTokens > 1) {
|
|
5239
|
-
this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them");
|
|
5237
|
+
this.commonLogger.info("CacheManager:getAccessToken - Multiple access tokens found, clearing them", correlationId);
|
|
5240
5238
|
accessTokens.forEach((accessToken) => {
|
|
5241
|
-
|
|
5239
|
+
this.removeAccessToken(generateCredentialKey(accessToken), correlationId);
|
|
5242
5240
|
});
|
|
5243
|
-
|
|
5244
|
-
performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
|
|
5245
|
-
}
|
|
5241
|
+
this.performanceClient.addFields({ multiMatchedAT: accessTokens.length }, correlationId);
|
|
5246
5242
|
return null;
|
|
5247
5243
|
}
|
|
5248
|
-
this.commonLogger.info("CacheManager:getAccessToken - Returning access token");
|
|
5244
|
+
this.commonLogger.info("CacheManager:getAccessToken - Returning access token", correlationId);
|
|
5249
5245
|
return accessTokens[0];
|
|
5250
5246
|
}
|
|
5251
5247
|
/**
|
|
@@ -5294,14 +5290,14 @@ class CacheManager {
|
|
|
5294
5290
|
* @param filter
|
|
5295
5291
|
* @returns
|
|
5296
5292
|
*/
|
|
5297
|
-
getAccessTokensByFilter(filter) {
|
|
5293
|
+
getAccessTokensByFilter(filter, correlationId) {
|
|
5298
5294
|
const tokenKeys = this.getTokenKeys();
|
|
5299
5295
|
const accessTokens = [];
|
|
5300
5296
|
tokenKeys.accessToken.forEach((key) => {
|
|
5301
5297
|
if (!this.accessTokenKeyMatchesFilter(key, filter, true)) {
|
|
5302
5298
|
return;
|
|
5303
5299
|
}
|
|
5304
|
-
const accessToken = this.getAccessTokenCredential(key);
|
|
5300
|
+
const accessToken = this.getAccessTokenCredential(key, correlationId);
|
|
5305
5301
|
if (accessToken &&
|
|
5306
5302
|
this.credentialMatchesFilter(accessToken, filter)) {
|
|
5307
5303
|
accessTokens.push(accessToken);
|
|
@@ -5313,11 +5309,11 @@ class CacheManager {
|
|
|
5313
5309
|
* Helper to retrieve the appropriate refresh token from cache
|
|
5314
5310
|
* @param account {AccountInfo}
|
|
5315
5311
|
* @param familyRT {boolean}
|
|
5312
|
+
* @param correlationId {?string}
|
|
5316
5313
|
* @param tokenKeys {?TokenKeys}
|
|
5317
5314
|
* @param performanceClient {?IPerformanceClient}
|
|
5318
|
-
* @param correlationId {?string}
|
|
5319
5315
|
*/
|
|
5320
|
-
getRefreshToken(account, familyRT, tokenKeys, performanceClient
|
|
5316
|
+
getRefreshToken(account, familyRT, correlationId, tokenKeys, performanceClient) {
|
|
5321
5317
|
this.commonLogger.trace("CacheManager - getRefreshToken called");
|
|
5322
5318
|
const id = familyRT ? THE_FAMILY_ID : undefined;
|
|
5323
5319
|
const refreshTokenFilter = {
|
|
@@ -5333,7 +5329,7 @@ class CacheManager {
|
|
|
5333
5329
|
refreshTokenKeys.forEach((key) => {
|
|
5334
5330
|
// Validate key
|
|
5335
5331
|
if (this.refreshTokenKeyMatchesFilter(key, refreshTokenFilter)) {
|
|
5336
|
-
const refreshToken = this.getRefreshTokenCredential(key);
|
|
5332
|
+
const refreshToken = this.getRefreshTokenCredential(key, correlationId);
|
|
5337
5333
|
// Validate value
|
|
5338
5334
|
if (refreshToken &&
|
|
5339
5335
|
this.credentialMatchesFilter(refreshToken, refreshTokenFilter)) {
|
|
@@ -5683,6 +5679,83 @@ class DefaultStorageClass extends CacheManager {
|
|
|
5683
5679
|
}
|
|
5684
5680
|
}
|
|
5685
5681
|
|
|
5682
|
+
/*
|
|
5683
|
+
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5684
|
+
* Licensed under the MIT License.
|
|
5685
|
+
*/
|
|
5686
|
+
class StubPerformanceMeasurement {
|
|
5687
|
+
startMeasurement() {
|
|
5688
|
+
return;
|
|
5689
|
+
}
|
|
5690
|
+
endMeasurement() {
|
|
5691
|
+
return;
|
|
5692
|
+
}
|
|
5693
|
+
flushMeasurement() {
|
|
5694
|
+
return null;
|
|
5695
|
+
}
|
|
5696
|
+
}
|
|
5697
|
+
class StubPerformanceClient {
|
|
5698
|
+
generateId() {
|
|
5699
|
+
return "callback-id";
|
|
5700
|
+
}
|
|
5701
|
+
startMeasurement(measureName, correlationId) {
|
|
5702
|
+
return {
|
|
5703
|
+
end: () => null,
|
|
5704
|
+
discard: () => { },
|
|
5705
|
+
add: () => { },
|
|
5706
|
+
increment: () => { },
|
|
5707
|
+
event: {
|
|
5708
|
+
eventId: this.generateId(),
|
|
5709
|
+
status: PerformanceEventStatus.InProgress,
|
|
5710
|
+
authority: "",
|
|
5711
|
+
libraryName: "",
|
|
5712
|
+
libraryVersion: "",
|
|
5713
|
+
clientId: "",
|
|
5714
|
+
name: measureName,
|
|
5715
|
+
startTimeMs: Date.now(),
|
|
5716
|
+
correlationId: correlationId || "",
|
|
5717
|
+
},
|
|
5718
|
+
measurement: new StubPerformanceMeasurement(),
|
|
5719
|
+
};
|
|
5720
|
+
}
|
|
5721
|
+
startPerformanceMeasurement() {
|
|
5722
|
+
return new StubPerformanceMeasurement();
|
|
5723
|
+
}
|
|
5724
|
+
calculateQueuedTime() {
|
|
5725
|
+
return 0;
|
|
5726
|
+
}
|
|
5727
|
+
addQueueMeasurement() {
|
|
5728
|
+
return;
|
|
5729
|
+
}
|
|
5730
|
+
setPreQueueTime() {
|
|
5731
|
+
return;
|
|
5732
|
+
}
|
|
5733
|
+
endMeasurement() {
|
|
5734
|
+
return null;
|
|
5735
|
+
}
|
|
5736
|
+
discardMeasurements() {
|
|
5737
|
+
return;
|
|
5738
|
+
}
|
|
5739
|
+
removePerformanceCallback() {
|
|
5740
|
+
return true;
|
|
5741
|
+
}
|
|
5742
|
+
addPerformanceCallback() {
|
|
5743
|
+
return "";
|
|
5744
|
+
}
|
|
5745
|
+
emitEvents() {
|
|
5746
|
+
return;
|
|
5747
|
+
}
|
|
5748
|
+
addFields() {
|
|
5749
|
+
return;
|
|
5750
|
+
}
|
|
5751
|
+
incrementFields() {
|
|
5752
|
+
return;
|
|
5753
|
+
}
|
|
5754
|
+
cacheEventByCorrelationId() {
|
|
5755
|
+
return;
|
|
5756
|
+
}
|
|
5757
|
+
}
|
|
5758
|
+
|
|
5686
5759
|
/*
|
|
5687
5760
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
5688
5761
|
* Licensed under the MIT License.
|
|
@@ -5748,7 +5821,7 @@ function buildClientConfiguration({ authOptions: userAuthOptions, systemOptions:
|
|
|
5748
5821
|
loggerOptions: loggerOptions,
|
|
5749
5822
|
cacheOptions: { ...DEFAULT_CACHE_OPTIONS, ...userCacheOptions },
|
|
5750
5823
|
storageInterface: storageImplementation ||
|
|
5751
|
-
new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions)),
|
|
5824
|
+
new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION, new Logger(loggerOptions), new StubPerformanceClient()),
|
|
5752
5825
|
networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION,
|
|
5753
5826
|
cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION,
|
|
5754
5827
|
clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS,
|
|
@@ -6295,12 +6368,12 @@ class ThrottlingUtils {
|
|
|
6295
6368
|
* @param cacheManager
|
|
6296
6369
|
* @param thumbprint
|
|
6297
6370
|
*/
|
|
6298
|
-
static preProcess(cacheManager, thumbprint) {
|
|
6371
|
+
static preProcess(cacheManager, thumbprint, correlationId) {
|
|
6299
6372
|
const key = ThrottlingUtils.generateThrottlingStorageKey(thumbprint);
|
|
6300
6373
|
const value = cacheManager.getThrottlingCache(key);
|
|
6301
6374
|
if (value) {
|
|
6302
6375
|
if (value.throttleTime < Date.now()) {
|
|
6303
|
-
cacheManager.removeItem(key);
|
|
6376
|
+
cacheManager.removeItem(key, correlationId);
|
|
6304
6377
|
return;
|
|
6305
6378
|
}
|
|
6306
6379
|
throw new ServerError(value.errorCodes?.join(" ") || Constants.EMPTY_STRING, value.errorMessage, value.subError);
|
|
@@ -6312,7 +6385,7 @@ class ThrottlingUtils {
|
|
|
6312
6385
|
* @param thumbprint
|
|
6313
6386
|
* @param response
|
|
6314
6387
|
*/
|
|
6315
|
-
static postProcess(cacheManager, thumbprint, response) {
|
|
6388
|
+
static postProcess(cacheManager, thumbprint, response, correlationId) {
|
|
6316
6389
|
if (ThrottlingUtils.checkResponseStatus(response) ||
|
|
6317
6390
|
ThrottlingUtils.checkResponseForRetryAfter(response)) {
|
|
6318
6391
|
const thumbprintValue = {
|
|
@@ -6322,7 +6395,7 @@ class ThrottlingUtils {
|
|
|
6322
6395
|
errorMessage: response.body.error_description,
|
|
6323
6396
|
subError: response.body.suberror,
|
|
6324
6397
|
};
|
|
6325
|
-
cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue);
|
|
6398
|
+
cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue, correlationId);
|
|
6326
6399
|
}
|
|
6327
6400
|
}
|
|
6328
6401
|
/**
|
|
@@ -6358,7 +6431,7 @@ class ThrottlingUtils {
|
|
|
6358
6431
|
static removeThrottle(cacheManager, clientId, request, homeAccountIdentifier) {
|
|
6359
6432
|
const thumbprint = getRequestThumbprint(clientId, request, homeAccountIdentifier);
|
|
6360
6433
|
const key = this.generateThrottlingStorageKey(thumbprint);
|
|
6361
|
-
cacheManager.removeItem(key);
|
|
6434
|
+
cacheManager.removeItem(key, request.correlationId);
|
|
6362
6435
|
}
|
|
6363
6436
|
}
|
|
6364
6437
|
|
|
@@ -6471,7 +6544,7 @@ class BaseClient {
|
|
|
6471
6544
|
* @param correlationId - CorrelationId for telemetry
|
|
6472
6545
|
*/
|
|
6473
6546
|
async sendPostRequest(thumbprint, tokenEndpoint, options, correlationId) {
|
|
6474
|
-
ThrottlingUtils.preProcess(this.cacheManager, thumbprint);
|
|
6547
|
+
ThrottlingUtils.preProcess(this.cacheManager, thumbprint, correlationId);
|
|
6475
6548
|
let response;
|
|
6476
6549
|
try {
|
|
6477
6550
|
response = await invokeAsync((this.networkClient.sendPostRequestAsync.bind(this.networkClient)), PerformanceEvents.NetworkClientSendPostRequestAsync, this.logger, this.performanceClient, correlationId)(tokenEndpoint, options);
|
|
@@ -6506,7 +6579,7 @@ class BaseClient {
|
|
|
6506
6579
|
throw createClientAuthError(networkError);
|
|
6507
6580
|
}
|
|
6508
6581
|
}
|
|
6509
|
-
ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response);
|
|
6582
|
+
ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response, correlationId);
|
|
6510
6583
|
return response;
|
|
6511
6584
|
}
|
|
6512
6585
|
/**
|
|
@@ -6545,6 +6618,7 @@ class BaseClient {
|
|
|
6545
6618
|
const noTokensFound = "no_tokens_found";
|
|
6546
6619
|
const nativeAccountUnavailable = "native_account_unavailable";
|
|
6547
6620
|
const refreshTokenExpired = "refresh_token_expired";
|
|
6621
|
+
const uxNotAllowed = "ux_not_allowed";
|
|
6548
6622
|
// Codes potentially returned by server
|
|
6549
6623
|
const interactionRequired = "interaction_required";
|
|
6550
6624
|
const consentRequired = "consent_required";
|
|
@@ -6559,7 +6633,8 @@ var InteractionRequiredAuthErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
6559
6633
|
loginRequired: loginRequired,
|
|
6560
6634
|
nativeAccountUnavailable: nativeAccountUnavailable,
|
|
6561
6635
|
noTokensFound: noTokensFound,
|
|
6562
|
-
refreshTokenExpired: refreshTokenExpired
|
|
6636
|
+
refreshTokenExpired: refreshTokenExpired,
|
|
6637
|
+
uxNotAllowed: uxNotAllowed
|
|
6563
6638
|
});
|
|
6564
6639
|
|
|
6565
6640
|
/*
|
|
@@ -6574,6 +6649,7 @@ const InteractionRequiredServerErrorMessage = [
|
|
|
6574
6649
|
consentRequired,
|
|
6575
6650
|
loginRequired,
|
|
6576
6651
|
badToken,
|
|
6652
|
+
uxNotAllowed,
|
|
6577
6653
|
];
|
|
6578
6654
|
const InteractionRequiredAuthSubErrorMessage = [
|
|
6579
6655
|
"message_only",
|
|
@@ -6588,6 +6664,7 @@ const InteractionRequiredAuthErrorMessages = {
|
|
|
6588
6664
|
[nativeAccountUnavailable]: "The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",
|
|
6589
6665
|
[refreshTokenExpired]: "Refresh token has expired.",
|
|
6590
6666
|
[badToken]: "Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.",
|
|
6667
|
+
[uxNotAllowed]: "`canShowUI` flag in Edge was set to false. User interaction required on web page. Please invoke an interactive API to resolve.",
|
|
6591
6668
|
};
|
|
6592
6669
|
/**
|
|
6593
6670
|
* Interaction required errors defined by the SDK
|
|
@@ -6723,9 +6800,7 @@ class ProtocolUtils {
|
|
|
6723
6800
|
* Licensed under the MIT License.
|
|
6724
6801
|
*/
|
|
6725
6802
|
const KeyLocation = {
|
|
6726
|
-
SW: "sw"
|
|
6727
|
-
UHW: "uhw",
|
|
6728
|
-
};
|
|
6803
|
+
SW: "sw"};
|
|
6729
6804
|
/** @internal */
|
|
6730
6805
|
class PopTokenGenerator {
|
|
6731
6806
|
constructor(cryptoUtils, performanceClient) {
|
|
@@ -6937,7 +7012,7 @@ class ResponseHandler {
|
|
|
6937
7012
|
!forceCacheRefreshTokenResponse &&
|
|
6938
7013
|
cacheRecord.account) {
|
|
6939
7014
|
const key = cacheRecord.account.generateAccountKey();
|
|
6940
|
-
const account = this.cacheStorage.getAccount(key);
|
|
7015
|
+
const account = this.cacheStorage.getAccount(key, request.correlationId);
|
|
6941
7016
|
if (!account) {
|
|
6942
7017
|
this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache");
|
|
6943
7018
|
return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId);
|
|
@@ -6972,7 +7047,7 @@ class ResponseHandler {
|
|
|
6972
7047
|
let cachedAccount;
|
|
6973
7048
|
if (serverTokenResponse.id_token && !!idTokenClaims) {
|
|
6974
7049
|
cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
|
|
6975
|
-
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
|
|
7050
|
+
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
|
|
6976
7051
|
this.logger);
|
|
6977
7052
|
}
|
|
6978
7053
|
// AccessToken
|
|
@@ -7121,7 +7196,7 @@ class ResponseHandler {
|
|
|
7121
7196
|
};
|
|
7122
7197
|
}
|
|
7123
7198
|
}
|
|
7124
|
-
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
7199
|
+
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
7125
7200
|
logger?.verbose("setCachedAccount called");
|
|
7126
7201
|
// Check if base account is already cached
|
|
7127
7202
|
const accountKeys = cacheStorage.getAccountKeys();
|
|
@@ -7130,7 +7205,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
7130
7205
|
});
|
|
7131
7206
|
let cachedAccount = null;
|
|
7132
7207
|
if (baseAccountKey) {
|
|
7133
|
-
cachedAccount = cacheStorage.getAccount(baseAccountKey);
|
|
7208
|
+
cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
|
|
7134
7209
|
}
|
|
7135
7210
|
const baseAccount = cachedAccount ||
|
|
7136
7211
|
AccountEntity.createAccount({
|
|
@@ -7544,7 +7619,7 @@ class RefreshTokenClient extends BaseClient {
|
|
|
7544
7619
|
async acquireTokenWithCachedRefreshToken(request, foci) {
|
|
7545
7620
|
this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, request.correlationId);
|
|
7546
7621
|
// fetches family RT or application RT based on FOCI value
|
|
7547
|
-
const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, undefined, this.performanceClient
|
|
7622
|
+
const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, request.correlationId, undefined, this.performanceClient);
|
|
7548
7623
|
if (!refreshToken) {
|
|
7549
7624
|
throw createInteractionRequiredAuthError(noTokensFound);
|
|
7550
7625
|
}
|
|
@@ -7574,7 +7649,7 @@ class RefreshTokenClient extends BaseClient {
|
|
|
7574
7649
|
// Remove bad refresh token from cache
|
|
7575
7650
|
this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");
|
|
7576
7651
|
const badRefreshTokenKey = generateCredentialKey(refreshToken);
|
|
7577
|
-
this.cacheManager.removeRefreshToken(badRefreshTokenKey);
|
|
7652
|
+
this.cacheManager.removeRefreshToken(badRefreshTokenKey, request.correlationId);
|
|
7578
7653
|
}
|
|
7579
7654
|
}
|
|
7580
7655
|
throw e;
|
|
@@ -7710,7 +7785,7 @@ class SilentFlowClient extends BaseClient {
|
|
|
7710
7785
|
const requestTenantId = request.account.tenantId ||
|
|
7711
7786
|
getTenantFromAuthorityString(request.authority);
|
|
7712
7787
|
const tokenKeys = this.cacheManager.getTokenKeys();
|
|
7713
|
-
const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId
|
|
7788
|
+
const cachedAccessToken = this.cacheManager.getAccessToken(request.account, request, tokenKeys, requestTenantId);
|
|
7714
7789
|
if (!cachedAccessToken) {
|
|
7715
7790
|
// must refresh due to non-existent access_token
|
|
7716
7791
|
this.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN, request.correlationId);
|
|
@@ -7730,9 +7805,9 @@ class SilentFlowClient extends BaseClient {
|
|
|
7730
7805
|
}
|
|
7731
7806
|
const environment = request.authority || this.authority.getPreferredCache();
|
|
7732
7807
|
const cacheRecord = {
|
|
7733
|
-
account: this.cacheManager.readAccountFromCache(request.account),
|
|
7808
|
+
account: this.cacheManager.readAccountFromCache(request.account, request.correlationId),
|
|
7734
7809
|
accessToken: cachedAccessToken,
|
|
7735
|
-
idToken: this.cacheManager.getIdToken(request.account, tokenKeys, requestTenantId, this.performanceClient
|
|
7810
|
+
idToken: this.cacheManager.getIdToken(request.account, request.correlationId, tokenKeys, requestTenantId, this.performanceClient),
|
|
7736
7811
|
refreshToken: null,
|
|
7737
7812
|
appMetadata: this.cacheManager.readAppMetadataFromCache(environment),
|
|
7738
7813
|
};
|
|
@@ -8212,7 +8287,7 @@ class ServerTelemetryManager {
|
|
|
8212
8287
|
else {
|
|
8213
8288
|
lastRequests.errors.push(SERVER_TELEM_CONSTANTS.UNKNOWN_ERROR);
|
|
8214
8289
|
}
|
|
8215
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
|
|
8290
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
8216
8291
|
return;
|
|
8217
8292
|
}
|
|
8218
8293
|
/**
|
|
@@ -8221,7 +8296,7 @@ class ServerTelemetryManager {
|
|
|
8221
8296
|
incrementCacheHits() {
|
|
8222
8297
|
const lastRequests = this.getLastRequests();
|
|
8223
8298
|
lastRequests.cacheHits += 1;
|
|
8224
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
|
|
8299
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
8225
8300
|
return lastRequests.cacheHits;
|
|
8226
8301
|
}
|
|
8227
8302
|
/**
|
|
@@ -8245,7 +8320,7 @@ class ServerTelemetryManager {
|
|
|
8245
8320
|
const errorCount = lastRequests.errors.length;
|
|
8246
8321
|
if (numErrorsFlushed === errorCount) {
|
|
8247
8322
|
// All errors were sent on last request, clear Telemetry cache
|
|
8248
|
-
this.cacheManager.removeItem(this.telemetryCacheKey);
|
|
8323
|
+
this.cacheManager.removeItem(this.telemetryCacheKey, this.correlationId);
|
|
8249
8324
|
}
|
|
8250
8325
|
else {
|
|
8251
8326
|
// Partial data was flushed to server, construct a new telemetry cache item with errors that were not flushed
|
|
@@ -8254,7 +8329,7 @@ class ServerTelemetryManager {
|
|
|
8254
8329
|
errors: lastRequests.errors.slice(numErrorsFlushed),
|
|
8255
8330
|
cacheHits: 0,
|
|
8256
8331
|
};
|
|
8257
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, serverTelemEntity);
|
|
8332
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, serverTelemEntity, this.correlationId);
|
|
8258
8333
|
}
|
|
8259
8334
|
}
|
|
8260
8335
|
/**
|
|
@@ -8321,7 +8396,7 @@ class ServerTelemetryManager {
|
|
|
8321
8396
|
setNativeBrokerErrorCode(errorCode) {
|
|
8322
8397
|
const lastRequests = this.getLastRequests();
|
|
8323
8398
|
lastRequests.nativeBrokerErrorCode = errorCode;
|
|
8324
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
|
|
8399
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
8325
8400
|
}
|
|
8326
8401
|
getNativeBrokerErrorCode() {
|
|
8327
8402
|
return this.getLastRequests().nativeBrokerErrorCode;
|
|
@@ -8329,7 +8404,7 @@ class ServerTelemetryManager {
|
|
|
8329
8404
|
clearNativeBrokerErrorCode() {
|
|
8330
8405
|
const lastRequests = this.getLastRequests();
|
|
8331
8406
|
delete lastRequests.nativeBrokerErrorCode;
|
|
8332
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
|
|
8407
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
8333
8408
|
}
|
|
8334
8409
|
static makeExtraSkuString(params) {
|
|
8335
8410
|
return makeExtraSkuString(params);
|
|
@@ -8409,6 +8484,8 @@ exports.ServerResponseType = ServerResponseType;
|
|
|
8409
8484
|
exports.ServerTelemetryManager = ServerTelemetryManager;
|
|
8410
8485
|
exports.SilentFlowClient = SilentFlowClient;
|
|
8411
8486
|
exports.StringUtils = StringUtils;
|
|
8487
|
+
exports.StubPerformanceClient = StubPerformanceClient;
|
|
8488
|
+
exports.StubPerformanceMeasurement = StubPerformanceMeasurement;
|
|
8412
8489
|
exports.StubbedNetworkModule = StubbedNetworkModule;
|
|
8413
8490
|
exports.THE_FAMILY_ID = THE_FAMILY_ID;
|
|
8414
8491
|
exports.ThrottlingConstants = ThrottlingConstants;
|
|
@@ -8423,6 +8500,7 @@ exports.buildClientInfoFromHomeAccountId = buildClientInfoFromHomeAccountId;
|
|
|
8423
8500
|
exports.buildStaticAuthorityOptions = buildStaticAuthorityOptions;
|
|
8424
8501
|
exports.buildTenantProfile = buildTenantProfile;
|
|
8425
8502
|
exports.createAuthError = createAuthError;
|
|
8503
|
+
exports.createCacheError = createCacheError;
|
|
8426
8504
|
exports.createClientAuthError = createClientAuthError;
|
|
8427
8505
|
exports.createClientConfigurationError = createClientConfigurationError;
|
|
8428
8506
|
exports.createInteractionRequiredAuthError = createInteractionRequiredAuthError;
|
|
@@ -8436,4 +8514,4 @@ exports.invokeAsync = invokeAsync;
|
|
|
8436
8514
|
exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
|
|
8437
8515
|
exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
|
|
8438
8516
|
exports.version = version;
|
|
8439
|
-
//# sourceMappingURL=index-node-
|
|
8517
|
+
//# sourceMappingURL=index-node-2PsHlOld.js.map
|