@azure/msal-common 15.7.1 → 15.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/account/AccountInfo.d.ts +1 -0
- package/dist/account/AccountInfo.d.ts.map +1 -1
- package/dist/account/AccountInfo.mjs +1 -1
- package/dist/account/AccountInfo.mjs.map +1 -1
- package/dist/account/AuthToken.mjs +1 -1
- package/dist/account/CcsCredential.mjs +1 -1
- package/dist/account/ClientInfo.mjs +1 -1
- package/dist/account/TokenClaims.mjs +1 -1
- package/dist/authority/Authority.mjs +1 -1
- package/dist/authority/AuthorityFactory.mjs +1 -1
- package/dist/authority/AuthorityMetadata.mjs +1 -2
- package/dist/authority/AuthorityMetadata.mjs.map +1 -1
- package/dist/authority/AuthorityOptions.mjs +1 -1
- package/dist/authority/AuthorityType.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
- package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
- package/dist/authority/OpenIdConfigResponse.mjs +1 -1
- package/dist/authority/ProtocolMode.mjs +1 -1
- package/dist/authority/RegionDiscovery.mjs +1 -1
- package/dist/cache/CacheManager.d.ts +25 -23
- package/dist/cache/CacheManager.d.ts.map +1 -1
- package/dist/cache/CacheManager.mjs +64 -75
- package/dist/cache/CacheManager.mjs.map +1 -1
- package/dist/cache/entities/AccountEntity.d.ts +1 -0
- package/dist/cache/entities/AccountEntity.d.ts.map +1 -1
- package/dist/cache/entities/AccountEntity.mjs +1 -1
- package/dist/cache/entities/AccountEntity.mjs.map +1 -1
- package/dist/cache/entities/CredentialEntity.d.ts +2 -0
- package/dist/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/dist/cache/interface/ICacheManager.d.ts +12 -12
- package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
- package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
- package/dist/cache/utils/CacheHelpers.mjs +1 -1
- package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/dist/client/AuthorizationCodeClient.mjs +7 -6
- package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
- package/dist/client/BaseClient.d.ts.map +1 -1
- package/dist/client/BaseClient.mjs +4 -4
- package/dist/client/BaseClient.mjs.map +1 -1
- package/dist/client/RefreshTokenClient.d.ts.map +1 -1
- package/dist/client/RefreshTokenClient.mjs +5 -5
- package/dist/client/RefreshTokenClient.mjs.map +1 -1
- package/dist/client/SilentFlowClient.d.ts.map +1 -1
- package/dist/client/SilentFlowClient.mjs +3 -3
- package/dist/client/SilentFlowClient.mjs.map +1 -1
- package/dist/config/ClientConfiguration.mjs +2 -2
- package/dist/constants/AADServerParamKeys.mjs +1 -1
- package/dist/crypto/ICrypto.mjs +1 -1
- package/dist/crypto/JoseHeader.mjs +1 -1
- package/dist/crypto/PopTokenGenerator.mjs +2 -4
- package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
- package/dist/error/AuthError.mjs +2 -2
- package/dist/error/AuthErrorCodes.mjs +1 -1
- package/dist/error/CacheError.d.ts +8 -1
- package/dist/error/CacheError.d.ts.map +1 -1
- package/dist/error/CacheError.mjs +26 -7
- package/dist/error/CacheError.mjs.map +1 -1
- package/dist/error/CacheErrorCodes.d.ts +2 -2
- package/dist/error/CacheErrorCodes.d.ts.map +1 -1
- package/dist/error/CacheErrorCodes.mjs +4 -4
- package/dist/error/CacheErrorCodes.mjs.map +1 -1
- package/dist/error/ClientAuthError.mjs +2 -2
- package/dist/error/ClientAuthErrorCodes.mjs +1 -1
- package/dist/error/ClientConfigurationError.d.ts +0 -5
- package/dist/error/ClientConfigurationError.d.ts.map +1 -1
- package/dist/error/ClientConfigurationError.mjs +2 -7
- package/dist/error/ClientConfigurationError.mjs.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.d.ts +0 -1
- package/dist/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
- package/dist/error/ClientConfigurationErrorCodes.mjs +2 -3
- package/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
- package/dist/error/InteractionRequiredAuthError.mjs +2 -2
- package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
- package/dist/error/JoseHeaderError.mjs +2 -2
- package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
- package/dist/error/NetworkError.mjs +1 -1
- package/dist/error/ServerError.mjs +1 -1
- package/dist/exports-common.d.ts +1 -1
- package/dist/exports-common.d.ts.map +1 -1
- package/dist/index-browser.mjs +2 -2
- package/dist/index-node.mjs +2 -2
- package/dist/index.mjs +2 -2
- package/dist/logger/Logger.mjs +1 -1
- package/dist/network/INetworkModule.mjs +1 -1
- package/dist/network/RequestThumbprint.mjs +1 -1
- package/dist/network/ThrottlingUtils.d.ts +2 -2
- package/dist/network/ThrottlingUtils.d.ts.map +1 -1
- package/dist/network/ThrottlingUtils.mjs +6 -6
- package/dist/network/ThrottlingUtils.mjs.map +1 -1
- package/dist/packageMetadata.d.ts +1 -1
- package/dist/packageMetadata.mjs +2 -2
- package/dist/protocol/Authorize.mjs +2 -2
- package/dist/request/AuthenticationHeaderParser.mjs +1 -1
- package/dist/request/RequestParameterBuilder.mjs +2 -2
- package/dist/request/ScopeSet.mjs +1 -1
- package/dist/response/ResponseHandler.d.ts +1 -1
- package/dist/response/ResponseHandler.d.ts.map +1 -1
- package/dist/response/ResponseHandler.mjs +6 -6
- package/dist/response/ResponseHandler.mjs.map +1 -1
- package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
- package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
- package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/dist/telemetry/server/ServerTelemetryManager.mjs +7 -7
- package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
- package/dist/url/UrlString.mjs +1 -1
- package/dist/utils/ClientAssertionUtils.mjs +1 -1
- package/dist/utils/Constants.mjs +1 -4
- package/dist/utils/Constants.mjs.map +1 -1
- package/dist/utils/FunctionWrappers.mjs +1 -1
- package/dist/utils/ProtocolUtils.mjs +1 -1
- package/dist/utils/StringUtils.mjs +1 -1
- package/dist/utils/TimeUtils.mjs +1 -1
- package/dist/utils/UrlUtils.mjs +1 -1
- package/lib/index-browser.cjs +3 -2
- package/lib/index-browser.cjs.map +1 -1
- package/lib/{index-node-B6ITzmFz.js → index-node-BCM1mkg5.js} +115 -183
- package/lib/index-node-BCM1mkg5.js.map +1 -0
- package/lib/index-node.cjs +3 -2
- package/lib/index-node.cjs.map +1 -1
- package/lib/index.cjs +3 -2
- package/lib/index.cjs.map +1 -1
- package/lib/types/account/AccountInfo.d.ts +1 -0
- package/lib/types/account/AccountInfo.d.ts.map +1 -1
- package/lib/types/cache/CacheManager.d.ts +25 -23
- package/lib/types/cache/CacheManager.d.ts.map +1 -1
- package/lib/types/cache/entities/AccountEntity.d.ts +1 -0
- package/lib/types/cache/entities/AccountEntity.d.ts.map +1 -1
- package/lib/types/cache/entities/CredentialEntity.d.ts +2 -0
- package/lib/types/cache/entities/CredentialEntity.d.ts.map +1 -1
- package/lib/types/cache/interface/ICacheManager.d.ts +12 -12
- package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
- package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
- package/lib/types/client/BaseClient.d.ts.map +1 -1
- package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
- package/lib/types/client/SilentFlowClient.d.ts.map +1 -1
- package/lib/types/error/CacheError.d.ts +8 -1
- package/lib/types/error/CacheError.d.ts.map +1 -1
- package/lib/types/error/CacheErrorCodes.d.ts +2 -2
- package/lib/types/error/CacheErrorCodes.d.ts.map +1 -1
- package/lib/types/error/ClientConfigurationError.d.ts +0 -5
- package/lib/types/error/ClientConfigurationError.d.ts.map +1 -1
- package/lib/types/error/ClientConfigurationErrorCodes.d.ts +0 -1
- package/lib/types/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
- package/lib/types/exports-common.d.ts +1 -1
- package/lib/types/exports-common.d.ts.map +1 -1
- package/lib/types/network/ThrottlingUtils.d.ts +2 -2
- package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
- package/lib/types/packageMetadata.d.ts +1 -1
- package/lib/types/response/ResponseHandler.d.ts +1 -1
- package/lib/types/response/ResponseHandler.d.ts.map +1 -1
- package/lib/types/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
- package/package.json +1 -1
- package/src/account/AccountInfo.ts +1 -0
- package/src/cache/CacheManager.ts +129 -98
- package/src/cache/entities/AccountEntity.ts +1 -0
- package/src/cache/entities/CredentialEntity.ts +2 -0
- package/src/cache/interface/ICacheManager.ts +30 -12
- package/src/client/AuthorizationCodeClient.ts +5 -2
- package/src/client/BaseClient.ts +11 -2
- package/src/client/RefreshTokenClient.ts +6 -3
- package/src/client/SilentFlowClient.ts +6 -3
- package/src/error/CacheError.ts +26 -5
- package/src/error/CacheErrorCodes.ts +2 -2
- package/src/error/ClientConfigurationError.ts +0 -8
- package/src/error/ClientConfigurationErrorCodes.ts +0 -1
- package/src/exports-common.ts +5 -1
- package/src/network/ThrottlingUtils.ts +8 -5
- package/src/packageMetadata.ts +1 -1
- package/src/response/ResponseHandler.ts +7 -2
- package/src/telemetry/server/ServerTelemetryManager.ts +14 -6
- package/dist/request/RequestValidator.d.ts +0 -28
- package/dist/request/RequestValidator.d.ts.map +0 -1
- package/dist/request/RequestValidator.mjs +0 -73
- package/dist/request/RequestValidator.mjs.map +0 -1
- package/lib/index-node-B6ITzmFz.js.map +0 -1
- package/lib/types/request/RequestValidator.d.ts +0 -28
- package/lib/types/request/RequestValidator.d.ts.map +0 -1
- package/src/request/RequestValidator.ts +0 -90
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! @azure/msal-common v15.
|
|
1
|
+
/*! @azure/msal-common v15.8.1 2025-07-08 */
|
|
2
2
|
'use strict';
|
|
3
3
|
'use strict';
|
|
4
4
|
|
|
@@ -234,7 +234,6 @@ const AuthorityMetadataSource = {
|
|
|
234
234
|
};
|
|
235
235
|
const SERVER_TELEM_CONSTANTS = {
|
|
236
236
|
SCHEMA_VERSION: 5,
|
|
237
|
-
MAX_CUR_HEADER_BYTES: 80,
|
|
238
237
|
MAX_LAST_HEADER_BYTES: 330,
|
|
239
238
|
MAX_CACHED_ERRORS: 50,
|
|
240
239
|
CACHE_KEY: "server-telemetry",
|
|
@@ -289,9 +288,7 @@ const RegionDiscoverySources = {
|
|
|
289
288
|
* Region Discovery Outcomes
|
|
290
289
|
*/
|
|
291
290
|
const RegionDiscoveryOutcomes = {
|
|
292
|
-
CONFIGURED_MATCHES_DETECTED: "1",
|
|
293
291
|
CONFIGURED_NO_AUTO_DETECTION: "2",
|
|
294
|
-
CONFIGURED_NOT_DETECTED: "3",
|
|
295
292
|
AUTO_DETECTION_REQUESTED_SUCCESSFUL: "4",
|
|
296
293
|
AUTO_DETECTION_REQUESTED_FAILED: "5",
|
|
297
294
|
};
|
|
@@ -835,7 +832,6 @@ const authorityUriInsecure = "authority_uri_insecure";
|
|
|
835
832
|
const urlParseError = "url_parse_error";
|
|
836
833
|
const urlEmptyError = "empty_url_error";
|
|
837
834
|
const emptyInputScopesError = "empty_input_scopes_error";
|
|
838
|
-
const invalidPromptValue = "invalid_prompt_value";
|
|
839
835
|
const invalidClaims = "invalid_claims";
|
|
840
836
|
const tokenRequestEmpty = "token_request_empty";
|
|
841
837
|
const logoutRequestEmpty = "logout_request_empty";
|
|
@@ -865,7 +861,6 @@ var ClientConfigurationErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
865
861
|
invalidClaims: invalidClaims,
|
|
866
862
|
invalidCloudDiscoveryMetadata: invalidCloudDiscoveryMetadata,
|
|
867
863
|
invalidCodeChallengeMethod: invalidCodeChallengeMethod,
|
|
868
|
-
invalidPromptValue: invalidPromptValue,
|
|
869
864
|
logoutRequestEmpty: logoutRequestEmpty,
|
|
870
865
|
missingNonceAuthenticationHeader: missingNonceAuthenticationHeader,
|
|
871
866
|
missingSshJwk: missingSshJwk,
|
|
@@ -889,7 +884,6 @@ const ClientConfigurationErrorMessages = {
|
|
|
889
884
|
[urlParseError]: "URL could not be parsed into appropriate segments.",
|
|
890
885
|
[urlEmptyError]: "URL was empty or null.",
|
|
891
886
|
[emptyInputScopesError]: "Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",
|
|
892
|
-
[invalidPromptValue]: "Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest",
|
|
893
887
|
[invalidClaims]: "Given claims parameter must be a stringified JSON object.",
|
|
894
888
|
[tokenRequestEmpty]: "Token request was empty and not found in cache.",
|
|
895
889
|
[logoutRequestEmpty]: "The logout request was null or undefined.",
|
|
@@ -935,10 +929,6 @@ const ClientConfigurationErrorMessage = {
|
|
|
935
929
|
code: emptyInputScopesError,
|
|
936
930
|
desc: ClientConfigurationErrorMessages[emptyInputScopesError],
|
|
937
931
|
},
|
|
938
|
-
invalidPrompt: {
|
|
939
|
-
code: invalidPromptValue,
|
|
940
|
-
desc: ClientConfigurationErrorMessages[invalidPromptValue],
|
|
941
|
-
},
|
|
942
932
|
invalidClaimsRequest: {
|
|
943
933
|
code: invalidClaims,
|
|
944
934
|
desc: ClientConfigurationErrorMessages[invalidClaims],
|
|
@@ -1371,7 +1361,6 @@ const rawMetdataJSON = {
|
|
|
1371
1361
|
},
|
|
1372
1362
|
},
|
|
1373
1363
|
instanceDiscoveryMetadata: {
|
|
1374
|
-
tenant_discovery_endpoint: "https://{canonicalAuthority}/v2.0/.well-known/openid-configuration",
|
|
1375
1364
|
metadata: [
|
|
1376
1365
|
{
|
|
1377
1366
|
preferred_network: "login.microsoftonline.com",
|
|
@@ -3893,7 +3882,7 @@ class Logger {
|
|
|
3893
3882
|
|
|
3894
3883
|
/* eslint-disable header/header */
|
|
3895
3884
|
const name = "@azure/msal-common";
|
|
3896
|
-
const version = "15.
|
|
3885
|
+
const version = "15.8.1";
|
|
3897
3886
|
|
|
3898
3887
|
/*
|
|
3899
3888
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
@@ -4466,13 +4455,13 @@ class AccountEntity {
|
|
|
4466
4455
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
4467
4456
|
* Licensed under the MIT License.
|
|
4468
4457
|
*/
|
|
4469
|
-
const
|
|
4470
|
-
const
|
|
4458
|
+
const cacheQuotaExceeded = "cache_quota_exceeded";
|
|
4459
|
+
const cacheErrorUnknown = "cache_error_unknown";
|
|
4471
4460
|
|
|
4472
4461
|
var CacheErrorCodes = /*#__PURE__*/Object.freeze({
|
|
4473
4462
|
__proto__: null,
|
|
4474
|
-
|
|
4475
|
-
|
|
4463
|
+
cacheErrorUnknown: cacheErrorUnknown,
|
|
4464
|
+
cacheQuotaExceeded: cacheQuotaExceeded
|
|
4476
4465
|
});
|
|
4477
4466
|
|
|
4478
4467
|
/*
|
|
@@ -4480,24 +4469,42 @@ var CacheErrorCodes = /*#__PURE__*/Object.freeze({
|
|
|
4480
4469
|
* Licensed under the MIT License.
|
|
4481
4470
|
*/
|
|
4482
4471
|
const CacheErrorMessages = {
|
|
4483
|
-
[
|
|
4484
|
-
[
|
|
4472
|
+
[cacheQuotaExceeded]: "Exceeded cache storage capacity.",
|
|
4473
|
+
[cacheErrorUnknown]: "Unexpected error occurred when using cache storage.",
|
|
4485
4474
|
};
|
|
4486
4475
|
/**
|
|
4487
4476
|
* Error thrown when there is an error with the cache
|
|
4488
4477
|
*/
|
|
4489
|
-
class CacheError extends
|
|
4478
|
+
class CacheError extends AuthError {
|
|
4490
4479
|
constructor(errorCode, errorMessage) {
|
|
4491
4480
|
const message = errorMessage ||
|
|
4492
4481
|
(CacheErrorMessages[errorCode]
|
|
4493
4482
|
? CacheErrorMessages[errorCode]
|
|
4494
|
-
: CacheErrorMessages[
|
|
4483
|
+
: CacheErrorMessages[cacheErrorUnknown]);
|
|
4495
4484
|
super(`${errorCode}: ${message}`);
|
|
4496
4485
|
Object.setPrototypeOf(this, CacheError.prototype);
|
|
4497
4486
|
this.name = "CacheError";
|
|
4498
4487
|
this.errorCode = errorCode;
|
|
4499
4488
|
this.errorMessage = message;
|
|
4500
4489
|
}
|
|
4490
|
+
}
|
|
4491
|
+
/**
|
|
4492
|
+
* Helper function to wrap browser errors in a CacheError object
|
|
4493
|
+
* @param e
|
|
4494
|
+
* @returns
|
|
4495
|
+
*/
|
|
4496
|
+
function createCacheError(e) {
|
|
4497
|
+
if (!(e instanceof Error)) {
|
|
4498
|
+
return new CacheError(cacheErrorUnknown);
|
|
4499
|
+
}
|
|
4500
|
+
if (e.name === "QuotaExceededError" ||
|
|
4501
|
+
e.name === "NS_ERROR_DOM_QUOTA_REACHED" ||
|
|
4502
|
+
e.message.includes("exceeded the quota")) {
|
|
4503
|
+
return new CacheError(cacheQuotaExceeded);
|
|
4504
|
+
}
|
|
4505
|
+
else {
|
|
4506
|
+
return new CacheError(e.name, e.message);
|
|
4507
|
+
}
|
|
4501
4508
|
}
|
|
4502
4509
|
|
|
4503
4510
|
/*
|
|
@@ -4521,14 +4528,14 @@ class CacheManager {
|
|
|
4521
4528
|
* @param accountFilter - (Optional) filter to narrow down the accounts returned
|
|
4522
4529
|
* @returns Array of AccountInfo objects in cache
|
|
4523
4530
|
*/
|
|
4524
|
-
getAllAccounts(accountFilter) {
|
|
4525
|
-
return this.buildTenantProfiles(this.getAccountsFilteredBy(accountFilter
|
|
4531
|
+
getAllAccounts(accountFilter, correlationId) {
|
|
4532
|
+
return this.buildTenantProfiles(this.getAccountsFilteredBy(accountFilter, correlationId), correlationId, accountFilter);
|
|
4526
4533
|
}
|
|
4527
4534
|
/**
|
|
4528
4535
|
* Gets first tenanted AccountInfo object found based on provided filters
|
|
4529
4536
|
*/
|
|
4530
|
-
getAccountInfoFilteredBy(accountFilter) {
|
|
4531
|
-
const allAccounts = this.getAllAccounts(accountFilter);
|
|
4537
|
+
getAccountInfoFilteredBy(accountFilter, correlationId) {
|
|
4538
|
+
const allAccounts = this.getAllAccounts(accountFilter, correlationId);
|
|
4532
4539
|
if (allAccounts.length > 1) {
|
|
4533
4540
|
// If one or more accounts are found, prioritize accounts that have an ID token
|
|
4534
4541
|
const sortedAccounts = allAccounts.sort((account) => {
|
|
@@ -4549,8 +4556,8 @@ class CacheManager {
|
|
|
4549
4556
|
* @param accountFilter
|
|
4550
4557
|
* @returns
|
|
4551
4558
|
*/
|
|
4552
|
-
getBaseAccountInfo(accountFilter) {
|
|
4553
|
-
const accountEntities = this.getAccountsFilteredBy(accountFilter);
|
|
4559
|
+
getBaseAccountInfo(accountFilter, correlationId) {
|
|
4560
|
+
const accountEntities = this.getAccountsFilteredBy(accountFilter, correlationId);
|
|
4554
4561
|
if (accountEntities.length > 0) {
|
|
4555
4562
|
return accountEntities[0].getAccountInfo();
|
|
4556
4563
|
}
|
|
@@ -4565,12 +4572,12 @@ class CacheManager {
|
|
|
4565
4572
|
* @param accountFilter
|
|
4566
4573
|
* @returns Array of AccountInfo objects that match account and tenant profile filters
|
|
4567
4574
|
*/
|
|
4568
|
-
buildTenantProfiles(cachedAccounts, accountFilter) {
|
|
4575
|
+
buildTenantProfiles(cachedAccounts, correlationId, accountFilter) {
|
|
4569
4576
|
return cachedAccounts.flatMap((accountEntity) => {
|
|
4570
|
-
return this.getTenantProfilesFromAccountEntity(accountEntity, accountFilter?.tenantId, accountFilter);
|
|
4577
|
+
return this.getTenantProfilesFromAccountEntity(accountEntity, correlationId, accountFilter?.tenantId, accountFilter);
|
|
4571
4578
|
});
|
|
4572
4579
|
}
|
|
4573
|
-
getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter) {
|
|
4580
|
+
getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, correlationId, tenantProfileFilter) {
|
|
4574
4581
|
let tenantedAccountInfo = null;
|
|
4575
4582
|
let idTokenClaims;
|
|
4576
4583
|
if (tenantProfileFilter) {
|
|
@@ -4578,7 +4585,7 @@ class CacheManager {
|
|
|
4578
4585
|
return null;
|
|
4579
4586
|
}
|
|
4580
4587
|
}
|
|
4581
|
-
const idToken = this.getIdToken(accountInfo, tokenKeys, tenantProfile.tenantId);
|
|
4588
|
+
const idToken = this.getIdToken(accountInfo, correlationId, tokenKeys, tenantProfile.tenantId);
|
|
4582
4589
|
if (idToken) {
|
|
4583
4590
|
idTokenClaims = extractTokenClaims(idToken.secret, this.cryptoImpl.base64Decode);
|
|
4584
4591
|
if (!this.idTokenClaimsMatchTenantProfileFilter(idTokenClaims, tenantProfileFilter)) {
|
|
@@ -4590,7 +4597,7 @@ class CacheManager {
|
|
|
4590
4597
|
tenantedAccountInfo = updateAccountTenantProfileData(accountInfo, tenantProfile, idTokenClaims, idToken?.secret);
|
|
4591
4598
|
return tenantedAccountInfo;
|
|
4592
4599
|
}
|
|
4593
|
-
getTenantProfilesFromAccountEntity(accountEntity, targetTenantId, tenantProfileFilter) {
|
|
4600
|
+
getTenantProfilesFromAccountEntity(accountEntity, correlationId, targetTenantId, tenantProfileFilter) {
|
|
4594
4601
|
const accountInfo = accountEntity.getAccountInfo();
|
|
4595
4602
|
let searchTenantProfiles = accountInfo.tenantProfiles || new Map();
|
|
4596
4603
|
const tokenKeys = this.getTokenKeys();
|
|
@@ -4610,7 +4617,7 @@ class CacheManager {
|
|
|
4610
4617
|
}
|
|
4611
4618
|
const matchingTenantProfiles = [];
|
|
4612
4619
|
searchTenantProfiles.forEach((tenantProfile) => {
|
|
4613
|
-
const tenantedAccountInfo = this.getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, tenantProfileFilter);
|
|
4620
|
+
const tenantedAccountInfo = this.getTenantedAccountInfoByFilter(accountInfo, tokenKeys, tenantProfile, correlationId, tenantProfileFilter);
|
|
4614
4621
|
if (tenantedAccountInfo) {
|
|
4615
4622
|
matchingTenantProfiles.push(tenantedAccountInfo);
|
|
4616
4623
|
}
|
|
@@ -4684,26 +4691,16 @@ class CacheManager {
|
|
|
4684
4691
|
await this.setRefreshTokenCredential(cacheRecord.refreshToken, correlationId);
|
|
4685
4692
|
}
|
|
4686
4693
|
if (!!cacheRecord.appMetadata) {
|
|
4687
|
-
this.setAppMetadata(cacheRecord.appMetadata);
|
|
4694
|
+
this.setAppMetadata(cacheRecord.appMetadata, correlationId);
|
|
4688
4695
|
}
|
|
4689
4696
|
}
|
|
4690
4697
|
catch (e) {
|
|
4691
4698
|
this.commonLogger?.error(`CacheManager.saveCacheRecord: failed`);
|
|
4692
|
-
if (e instanceof
|
|
4693
|
-
|
|
4694
|
-
if (e.name === "QuotaExceededError" ||
|
|
4695
|
-
e.name === "NS_ERROR_DOM_QUOTA_REACHED" ||
|
|
4696
|
-
e.message.includes("exceeded the quota")) {
|
|
4697
|
-
this.commonLogger?.error(`CacheManager.saveCacheRecord: exceeded storage quota`, correlationId);
|
|
4698
|
-
throw new CacheError(cacheQuotaExceededErrorCode);
|
|
4699
|
-
}
|
|
4700
|
-
else {
|
|
4701
|
-
throw new CacheError(e.name, e.message);
|
|
4702
|
-
}
|
|
4699
|
+
if (e instanceof AuthError) {
|
|
4700
|
+
throw e;
|
|
4703
4701
|
}
|
|
4704
4702
|
else {
|
|
4705
|
-
|
|
4706
|
-
throw new CacheError(cacheUnknownErrorCode);
|
|
4703
|
+
throw createCacheError(e);
|
|
4707
4704
|
}
|
|
4708
4705
|
}
|
|
4709
4706
|
}
|
|
@@ -4727,7 +4724,7 @@ class CacheManager {
|
|
|
4727
4724
|
if (!this.accessTokenKeyMatchesFilter(key, accessTokenFilter, false)) {
|
|
4728
4725
|
return;
|
|
4729
4726
|
}
|
|
4730
|
-
const tokenEntity = this.getAccessTokenCredential(key);
|
|
4727
|
+
const tokenEntity = this.getAccessTokenCredential(key, correlationId);
|
|
4731
4728
|
if (tokenEntity &&
|
|
4732
4729
|
this.credentialMatchesFilter(tokenEntity, accessTokenFilter)) {
|
|
4733
4730
|
const tokenScopeSet = ScopeSet.fromString(tokenEntity.target);
|
|
@@ -4743,7 +4740,7 @@ class CacheManager {
|
|
|
4743
4740
|
* Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared
|
|
4744
4741
|
* @param accountFilter - An object containing Account properties to filter by
|
|
4745
4742
|
*/
|
|
4746
|
-
getAccountsFilteredBy(accountFilter) {
|
|
4743
|
+
getAccountsFilteredBy(accountFilter, correlationId) {
|
|
4747
4744
|
const allAccountKeys = this.getAccountKeys();
|
|
4748
4745
|
const matchingAccounts = [];
|
|
4749
4746
|
allAccountKeys.forEach((cacheKey) => {
|
|
@@ -4751,7 +4748,7 @@ class CacheManager {
|
|
|
4751
4748
|
// Don't parse value if the key doesn't match the account filters
|
|
4752
4749
|
return;
|
|
4753
4750
|
}
|
|
4754
|
-
const entity = this.getAccount(cacheKey,
|
|
4751
|
+
const entity = this.getAccount(cacheKey, correlationId);
|
|
4755
4752
|
// Match base account fields
|
|
4756
4753
|
if (!entity) {
|
|
4757
4754
|
return;
|
|
@@ -4988,12 +4985,12 @@ class CacheManager {
|
|
|
4988
4985
|
* @param account
|
|
4989
4986
|
*/
|
|
4990
4987
|
removeAccount(accountKey, correlationId) {
|
|
4991
|
-
const account = this.getAccount(accountKey,
|
|
4988
|
+
const account = this.getAccount(accountKey, correlationId);
|
|
4992
4989
|
if (!account) {
|
|
4993
4990
|
return;
|
|
4994
4991
|
}
|
|
4995
4992
|
this.removeAccountContext(account, correlationId);
|
|
4996
|
-
this.removeItem(accountKey);
|
|
4993
|
+
this.removeItem(accountKey, correlationId);
|
|
4997
4994
|
}
|
|
4998
4995
|
/**
|
|
4999
4996
|
* Removes credentials associated with the provided account
|
|
@@ -5004,7 +5001,7 @@ class CacheManager {
|
|
|
5004
5001
|
const accountId = account.generateAccountId();
|
|
5005
5002
|
allTokenKeys.idToken.forEach((key) => {
|
|
5006
5003
|
if (key.indexOf(accountId) === 0) {
|
|
5007
|
-
this.removeIdToken(key);
|
|
5004
|
+
this.removeIdToken(key, correlationId);
|
|
5008
5005
|
}
|
|
5009
5006
|
});
|
|
5010
5007
|
allTokenKeys.accessToken.forEach((key) => {
|
|
@@ -5014,45 +5011,43 @@ class CacheManager {
|
|
|
5014
5011
|
});
|
|
5015
5012
|
allTokenKeys.refreshToken.forEach((key) => {
|
|
5016
5013
|
if (key.indexOf(accountId) === 0) {
|
|
5017
|
-
this.removeRefreshToken(key);
|
|
5014
|
+
this.removeRefreshToken(key, correlationId);
|
|
5018
5015
|
}
|
|
5019
5016
|
});
|
|
5020
5017
|
}
|
|
5021
5018
|
/**
|
|
5022
|
-
*
|
|
5023
|
-
* @param
|
|
5019
|
+
* Removes accessToken from the cache
|
|
5020
|
+
* @param key
|
|
5021
|
+
* @param correlationId
|
|
5024
5022
|
*/
|
|
5025
5023
|
removeAccessToken(key, correlationId) {
|
|
5026
|
-
const credential = this.getAccessTokenCredential(key);
|
|
5027
|
-
|
|
5024
|
+
const credential = this.getAccessTokenCredential(key, correlationId);
|
|
5025
|
+
this.removeItem(key, correlationId);
|
|
5026
|
+
this.performanceClient.incrementFields({ accessTokensRemoved: 1 }, correlationId);
|
|
5027
|
+
if (!credential ||
|
|
5028
|
+
credential.credentialType.toLowerCase() !==
|
|
5029
|
+
CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase() ||
|
|
5030
|
+
credential.tokenType !== AuthenticationScheme.POP) {
|
|
5031
|
+
// If the credential is not a PoP token, we can return
|
|
5028
5032
|
return;
|
|
5029
5033
|
}
|
|
5030
|
-
this.removeItem(key);
|
|
5031
5034
|
// Remove Token Binding Key from key store for PoP Tokens Credentials
|
|
5032
|
-
|
|
5033
|
-
|
|
5034
|
-
|
|
5035
|
-
|
|
5036
|
-
|
|
5037
|
-
|
|
5038
|
-
void this.cryptoImpl
|
|
5039
|
-
.removeTokenBindingKey(kid)
|
|
5040
|
-
.catch(() => {
|
|
5041
|
-
this.commonLogger.error(`Failed to remove token binding key ${kid}`, correlationId);
|
|
5042
|
-
this.performanceClient?.incrementFields({ removeTokenBindingKeyFailure: 1 }, correlationId);
|
|
5043
|
-
});
|
|
5044
|
-
}
|
|
5045
|
-
}
|
|
5035
|
+
const kid = credential.keyId;
|
|
5036
|
+
if (kid) {
|
|
5037
|
+
void this.cryptoImpl.removeTokenBindingKey(kid).catch(() => {
|
|
5038
|
+
this.commonLogger.error(`Failed to remove token binding key ${kid}`, correlationId);
|
|
5039
|
+
this.performanceClient?.incrementFields({ removeTokenBindingKeyFailure: 1 }, correlationId);
|
|
5040
|
+
});
|
|
5046
5041
|
}
|
|
5047
5042
|
}
|
|
5048
5043
|
/**
|
|
5049
5044
|
* Removes all app metadata objects from cache.
|
|
5050
5045
|
*/
|
|
5051
|
-
removeAppMetadata() {
|
|
5046
|
+
removeAppMetadata(correlationId) {
|
|
5052
5047
|
const allCacheKeys = this.getKeys();
|
|
5053
5048
|
allCacheKeys.forEach((cacheKey) => {
|
|
5054
5049
|
if (this.isAppMetadata(cacheKey)) {
|
|
5055
|
-
this.removeItem(cacheKey);
|
|
5050
|
+
this.removeItem(cacheKey, correlationId);
|
|
5056
5051
|
}
|
|
5057
5052
|
});
|
|
5058
5053
|
return true;
|
|
@@ -5061,9 +5056,9 @@ class CacheManager {
|
|
|
5061
5056
|
* Retrieve AccountEntity from cache
|
|
5062
5057
|
* @param account
|
|
5063
5058
|
*/
|
|
5064
|
-
readAccountFromCache(account) {
|
|
5059
|
+
readAccountFromCache(account, correlationId) {
|
|
5065
5060
|
const accountKey = AccountEntity.generateAccountCacheKey(account);
|
|
5066
|
-
return this.getAccount(accountKey,
|
|
5061
|
+
return this.getAccount(accountKey, correlationId);
|
|
5067
5062
|
}
|
|
5068
5063
|
/**
|
|
5069
5064
|
* Retrieve IdTokenEntity from cache
|
|
@@ -5073,7 +5068,7 @@ class CacheManager {
|
|
|
5073
5068
|
* @param performanceClient {?IPerformanceClient}
|
|
5074
5069
|
* @param correlationId {?string}
|
|
5075
5070
|
*/
|
|
5076
|
-
getIdToken(account, tokenKeys, targetRealm, performanceClient
|
|
5071
|
+
getIdToken(account, correlationId, tokenKeys, targetRealm, performanceClient) {
|
|
5077
5072
|
this.commonLogger.trace("CacheManager - getIdToken called");
|
|
5078
5073
|
const idTokenFilter = {
|
|
5079
5074
|
homeAccountId: account.homeAccountId,
|
|
@@ -5082,7 +5077,7 @@ class CacheManager {
|
|
|
5082
5077
|
clientId: this.clientId,
|
|
5083
5078
|
realm: targetRealm,
|
|
5084
5079
|
};
|
|
5085
|
-
const idTokenMap = this.getIdTokensByFilter(idTokenFilter, tokenKeys);
|
|
5080
|
+
const idTokenMap = this.getIdTokensByFilter(idTokenFilter, correlationId, tokenKeys);
|
|
5086
5081
|
const numIdTokens = idTokenMap.size;
|
|
5087
5082
|
if (numIdTokens < 1) {
|
|
5088
5083
|
this.commonLogger.info("CacheManager:getIdToken - No token found");
|
|
@@ -5115,7 +5110,7 @@ class CacheManager {
|
|
|
5115
5110
|
// Multiple tokens for a single tenant profile, remove all and return null
|
|
5116
5111
|
this.commonLogger.info("CacheManager:getIdToken - Multiple matching ID tokens found, clearing them");
|
|
5117
5112
|
tokensToBeRemoved.forEach((idToken, key) => {
|
|
5118
|
-
this.removeIdToken(key);
|
|
5113
|
+
this.removeIdToken(key, correlationId);
|
|
5119
5114
|
});
|
|
5120
5115
|
if (performanceClient && correlationId) {
|
|
5121
5116
|
performanceClient.addFields({ multiMatchedID: idTokenMap.size }, correlationId);
|
|
@@ -5130,7 +5125,7 @@ class CacheManager {
|
|
|
5130
5125
|
* @param filter
|
|
5131
5126
|
* @returns
|
|
5132
5127
|
*/
|
|
5133
|
-
getIdTokensByFilter(filter, tokenKeys) {
|
|
5128
|
+
getIdTokensByFilter(filter, correlationId, tokenKeys) {
|
|
5134
5129
|
const idTokenKeys = (tokenKeys && tokenKeys.idToken) || this.getTokenKeys().idToken;
|
|
5135
5130
|
const idTokens = new Map();
|
|
5136
5131
|
idTokenKeys.forEach((key) => {
|
|
@@ -5140,7 +5135,7 @@ class CacheManager {
|
|
|
5140
5135
|
})) {
|
|
5141
5136
|
return;
|
|
5142
5137
|
}
|
|
5143
|
-
const idToken = this.getIdTokenCredential(key);
|
|
5138
|
+
const idToken = this.getIdTokenCredential(key, correlationId);
|
|
5144
5139
|
if (idToken && this.credentialMatchesFilter(idToken, filter)) {
|
|
5145
5140
|
idTokens.set(key, idToken);
|
|
5146
5141
|
}
|
|
@@ -5169,20 +5164,21 @@ class CacheManager {
|
|
|
5169
5164
|
* Removes idToken from the cache
|
|
5170
5165
|
* @param key
|
|
5171
5166
|
*/
|
|
5172
|
-
removeIdToken(key) {
|
|
5173
|
-
this.removeItem(key);
|
|
5167
|
+
removeIdToken(key, correlationId) {
|
|
5168
|
+
this.removeItem(key, correlationId);
|
|
5174
5169
|
}
|
|
5175
5170
|
/**
|
|
5176
5171
|
* Removes refresh token from the cache
|
|
5177
5172
|
* @param key
|
|
5178
5173
|
*/
|
|
5179
|
-
removeRefreshToken(key) {
|
|
5180
|
-
this.removeItem(key);
|
|
5174
|
+
removeRefreshToken(key, correlationId) {
|
|
5175
|
+
this.removeItem(key, correlationId);
|
|
5181
5176
|
}
|
|
5182
5177
|
/**
|
|
5183
5178
|
* Retrieve AccessTokenEntity from cache
|
|
5184
5179
|
* @param account {AccountInfo}
|
|
5185
5180
|
* @param request {BaseAuthRequest}
|
|
5181
|
+
* @param correlationId {?string}
|
|
5186
5182
|
* @param tokenKeys {?TokenKeys}
|
|
5187
5183
|
* @param performanceClient {?IPerformanceClient}
|
|
5188
5184
|
*/
|
|
@@ -5217,7 +5213,7 @@ class CacheManager {
|
|
|
5217
5213
|
accessTokenKeys.forEach((key) => {
|
|
5218
5214
|
// Validate key
|
|
5219
5215
|
if (this.accessTokenKeyMatchesFilter(key, accessTokenFilter, true)) {
|
|
5220
|
-
const accessToken = this.getAccessTokenCredential(key);
|
|
5216
|
+
const accessToken = this.getAccessTokenCredential(key, correlationId);
|
|
5221
5217
|
// Validate value
|
|
5222
5218
|
if (accessToken &&
|
|
5223
5219
|
this.credentialMatchesFilter(accessToken, accessTokenFilter)) {
|
|
@@ -5287,14 +5283,14 @@ class CacheManager {
|
|
|
5287
5283
|
* @param filter
|
|
5288
5284
|
* @returns
|
|
5289
5285
|
*/
|
|
5290
|
-
getAccessTokensByFilter(filter) {
|
|
5286
|
+
getAccessTokensByFilter(filter, correlationId) {
|
|
5291
5287
|
const tokenKeys = this.getTokenKeys();
|
|
5292
5288
|
const accessTokens = [];
|
|
5293
5289
|
tokenKeys.accessToken.forEach((key) => {
|
|
5294
5290
|
if (!this.accessTokenKeyMatchesFilter(key, filter, true)) {
|
|
5295
5291
|
return;
|
|
5296
5292
|
}
|
|
5297
|
-
const accessToken = this.getAccessTokenCredential(key);
|
|
5293
|
+
const accessToken = this.getAccessTokenCredential(key, correlationId);
|
|
5298
5294
|
if (accessToken &&
|
|
5299
5295
|
this.credentialMatchesFilter(accessToken, filter)) {
|
|
5300
5296
|
accessTokens.push(accessToken);
|
|
@@ -5306,11 +5302,11 @@ class CacheManager {
|
|
|
5306
5302
|
* Helper to retrieve the appropriate refresh token from cache
|
|
5307
5303
|
* @param account {AccountInfo}
|
|
5308
5304
|
* @param familyRT {boolean}
|
|
5305
|
+
* @param correlationId {?string}
|
|
5309
5306
|
* @param tokenKeys {?TokenKeys}
|
|
5310
5307
|
* @param performanceClient {?IPerformanceClient}
|
|
5311
|
-
* @param correlationId {?string}
|
|
5312
5308
|
*/
|
|
5313
|
-
getRefreshToken(account, familyRT, tokenKeys, performanceClient
|
|
5309
|
+
getRefreshToken(account, familyRT, correlationId, tokenKeys, performanceClient) {
|
|
5314
5310
|
this.commonLogger.trace("CacheManager - getRefreshToken called");
|
|
5315
5311
|
const id = familyRT ? THE_FAMILY_ID : undefined;
|
|
5316
5312
|
const refreshTokenFilter = {
|
|
@@ -5326,7 +5322,7 @@ class CacheManager {
|
|
|
5326
5322
|
refreshTokenKeys.forEach((key) => {
|
|
5327
5323
|
// Validate key
|
|
5328
5324
|
if (this.refreshTokenKeyMatchesFilter(key, refreshTokenFilter)) {
|
|
5329
|
-
const refreshToken = this.getRefreshTokenCredential(key);
|
|
5325
|
+
const refreshToken = this.getRefreshTokenCredential(key, correlationId);
|
|
5330
5326
|
// Validate value
|
|
5331
5327
|
if (refreshToken &&
|
|
5332
5328
|
this.credentialMatchesFilter(refreshToken, refreshTokenFilter)) {
|
|
@@ -6365,12 +6361,12 @@ class ThrottlingUtils {
|
|
|
6365
6361
|
* @param cacheManager
|
|
6366
6362
|
* @param thumbprint
|
|
6367
6363
|
*/
|
|
6368
|
-
static preProcess(cacheManager, thumbprint) {
|
|
6364
|
+
static preProcess(cacheManager, thumbprint, correlationId) {
|
|
6369
6365
|
const key = ThrottlingUtils.generateThrottlingStorageKey(thumbprint);
|
|
6370
6366
|
const value = cacheManager.getThrottlingCache(key);
|
|
6371
6367
|
if (value) {
|
|
6372
6368
|
if (value.throttleTime < Date.now()) {
|
|
6373
|
-
cacheManager.removeItem(key);
|
|
6369
|
+
cacheManager.removeItem(key, correlationId);
|
|
6374
6370
|
return;
|
|
6375
6371
|
}
|
|
6376
6372
|
throw new ServerError(value.errorCodes?.join(" ") || Constants.EMPTY_STRING, value.errorMessage, value.subError);
|
|
@@ -6382,7 +6378,7 @@ class ThrottlingUtils {
|
|
|
6382
6378
|
* @param thumbprint
|
|
6383
6379
|
* @param response
|
|
6384
6380
|
*/
|
|
6385
|
-
static postProcess(cacheManager, thumbprint, response) {
|
|
6381
|
+
static postProcess(cacheManager, thumbprint, response, correlationId) {
|
|
6386
6382
|
if (ThrottlingUtils.checkResponseStatus(response) ||
|
|
6387
6383
|
ThrottlingUtils.checkResponseForRetryAfter(response)) {
|
|
6388
6384
|
const thumbprintValue = {
|
|
@@ -6392,7 +6388,7 @@ class ThrottlingUtils {
|
|
|
6392
6388
|
errorMessage: response.body.error_description,
|
|
6393
6389
|
subError: response.body.suberror,
|
|
6394
6390
|
};
|
|
6395
|
-
cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue);
|
|
6391
|
+
cacheManager.setThrottlingCache(ThrottlingUtils.generateThrottlingStorageKey(thumbprint), thumbprintValue, correlationId);
|
|
6396
6392
|
}
|
|
6397
6393
|
}
|
|
6398
6394
|
/**
|
|
@@ -6428,7 +6424,7 @@ class ThrottlingUtils {
|
|
|
6428
6424
|
static removeThrottle(cacheManager, clientId, request, homeAccountIdentifier) {
|
|
6429
6425
|
const thumbprint = getRequestThumbprint(clientId, request, homeAccountIdentifier);
|
|
6430
6426
|
const key = this.generateThrottlingStorageKey(thumbprint);
|
|
6431
|
-
cacheManager.removeItem(key);
|
|
6427
|
+
cacheManager.removeItem(key, request.correlationId);
|
|
6432
6428
|
}
|
|
6433
6429
|
}
|
|
6434
6430
|
|
|
@@ -6541,7 +6537,7 @@ class BaseClient {
|
|
|
6541
6537
|
* @param correlationId - CorrelationId for telemetry
|
|
6542
6538
|
*/
|
|
6543
6539
|
async sendPostRequest(thumbprint, tokenEndpoint, options, correlationId) {
|
|
6544
|
-
ThrottlingUtils.preProcess(this.cacheManager, thumbprint);
|
|
6540
|
+
ThrottlingUtils.preProcess(this.cacheManager, thumbprint, correlationId);
|
|
6545
6541
|
let response;
|
|
6546
6542
|
try {
|
|
6547
6543
|
response = await invokeAsync((this.networkClient.sendPostRequestAsync.bind(this.networkClient)), PerformanceEvents.NetworkClientSendPostRequestAsync, this.logger, this.performanceClient, correlationId)(tokenEndpoint, options);
|
|
@@ -6576,7 +6572,7 @@ class BaseClient {
|
|
|
6576
6572
|
throw createClientAuthError(networkError);
|
|
6577
6573
|
}
|
|
6578
6574
|
}
|
|
6579
|
-
ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response);
|
|
6575
|
+
ThrottlingUtils.postProcess(this.cacheManager, thumbprint, response, correlationId);
|
|
6580
6576
|
return response;
|
|
6581
6577
|
}
|
|
6582
6578
|
/**
|
|
@@ -6797,9 +6793,7 @@ class ProtocolUtils {
|
|
|
6797
6793
|
* Licensed under the MIT License.
|
|
6798
6794
|
*/
|
|
6799
6795
|
const KeyLocation = {
|
|
6800
|
-
SW: "sw"
|
|
6801
|
-
UHW: "uhw",
|
|
6802
|
-
};
|
|
6796
|
+
SW: "sw"};
|
|
6803
6797
|
/** @internal */
|
|
6804
6798
|
class PopTokenGenerator {
|
|
6805
6799
|
constructor(cryptoUtils, performanceClient) {
|
|
@@ -7011,7 +7005,7 @@ class ResponseHandler {
|
|
|
7011
7005
|
!forceCacheRefreshTokenResponse &&
|
|
7012
7006
|
cacheRecord.account) {
|
|
7013
7007
|
const key = cacheRecord.account.generateAccountKey();
|
|
7014
|
-
const account = this.cacheStorage.getAccount(key);
|
|
7008
|
+
const account = this.cacheStorage.getAccount(key, request.correlationId);
|
|
7015
7009
|
if (!account) {
|
|
7016
7010
|
this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache");
|
|
7017
7011
|
return await ResponseHandler.generateAuthenticationResult(this.cryptoObj, authority, cacheRecord, false, request, idTokenClaims, requestStateObj, undefined, serverRequestId);
|
|
@@ -7046,7 +7040,7 @@ class ResponseHandler {
|
|
|
7046
7040
|
let cachedAccount;
|
|
7047
7041
|
if (serverTokenResponse.id_token && !!idTokenClaims) {
|
|
7048
7042
|
cachedIdToken = createIdTokenEntity(this.homeAccountIdentifier, env, serverTokenResponse.id_token, this.clientId, claimsTenantId || "");
|
|
7049
|
-
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
|
|
7043
|
+
cachedAccount = buildAccountToCache(this.cacheStorage, authority, this.homeAccountIdentifier, this.cryptoObj.base64Decode, request.correlationId, idTokenClaims, serverTokenResponse.client_info, env, claimsTenantId, authCodePayload, undefined, // nativeAccountId
|
|
7050
7044
|
this.logger);
|
|
7051
7045
|
}
|
|
7052
7046
|
// AccessToken
|
|
@@ -7195,7 +7189,7 @@ class ResponseHandler {
|
|
|
7195
7189
|
};
|
|
7196
7190
|
}
|
|
7197
7191
|
}
|
|
7198
|
-
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
7192
|
+
function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decode, correlationId, idTokenClaims, clientInfo, environment, claimsTenantId, authCodePayload, nativeAccountId, logger) {
|
|
7199
7193
|
logger?.verbose("setCachedAccount called");
|
|
7200
7194
|
// Check if base account is already cached
|
|
7201
7195
|
const accountKeys = cacheStorage.getAccountKeys();
|
|
@@ -7204,7 +7198,7 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
7204
7198
|
});
|
|
7205
7199
|
let cachedAccount = null;
|
|
7206
7200
|
if (baseAccountKey) {
|
|
7207
|
-
cachedAccount = cacheStorage.getAccount(baseAccountKey);
|
|
7201
|
+
cachedAccount = cacheStorage.getAccount(baseAccountKey, correlationId);
|
|
7208
7202
|
}
|
|
7209
7203
|
const baseAccount = cachedAccount ||
|
|
7210
7204
|
AccountEntity.createAccount({
|
|
@@ -7229,71 +7223,6 @@ function buildAccountToCache(cacheStorage, authority, homeAccountId, base64Decod
|
|
|
7229
7223
|
return baseAccount;
|
|
7230
7224
|
}
|
|
7231
7225
|
|
|
7232
|
-
/*
|
|
7233
|
-
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7234
|
-
* Licensed under the MIT License.
|
|
7235
|
-
*/
|
|
7236
|
-
/**
|
|
7237
|
-
* Validates server consumable params from the "request" objects
|
|
7238
|
-
*/
|
|
7239
|
-
class RequestValidator {
|
|
7240
|
-
/**
|
|
7241
|
-
* Utility to check if the `redirectUri` in the request is a non-null value
|
|
7242
|
-
* @param redirectUri
|
|
7243
|
-
*/
|
|
7244
|
-
static validateRedirectUri(redirectUri) {
|
|
7245
|
-
if (!redirectUri) {
|
|
7246
|
-
throw createClientConfigurationError(redirectUriEmpty);
|
|
7247
|
-
}
|
|
7248
|
-
}
|
|
7249
|
-
/**
|
|
7250
|
-
* Utility to validate prompt sent by the user in the request
|
|
7251
|
-
* @param prompt
|
|
7252
|
-
*/
|
|
7253
|
-
static validatePrompt(prompt) {
|
|
7254
|
-
const promptValues = [];
|
|
7255
|
-
for (const value in PromptValue) {
|
|
7256
|
-
promptValues.push(PromptValue[value]);
|
|
7257
|
-
}
|
|
7258
|
-
if (promptValues.indexOf(prompt) < 0) {
|
|
7259
|
-
throw createClientConfigurationError(invalidPromptValue);
|
|
7260
|
-
}
|
|
7261
|
-
}
|
|
7262
|
-
static validateClaims(claims) {
|
|
7263
|
-
try {
|
|
7264
|
-
JSON.parse(claims);
|
|
7265
|
-
}
|
|
7266
|
-
catch (e) {
|
|
7267
|
-
throw createClientConfigurationError(invalidClaims);
|
|
7268
|
-
}
|
|
7269
|
-
}
|
|
7270
|
-
/**
|
|
7271
|
-
* Utility to validate code_challenge and code_challenge_method
|
|
7272
|
-
* @param codeChallenge
|
|
7273
|
-
* @param codeChallengeMethod
|
|
7274
|
-
*/
|
|
7275
|
-
static validateCodeChallengeParams(codeChallenge, codeChallengeMethod) {
|
|
7276
|
-
if (!codeChallenge || !codeChallengeMethod) {
|
|
7277
|
-
throw createClientConfigurationError(pkceParamsMissing);
|
|
7278
|
-
}
|
|
7279
|
-
else {
|
|
7280
|
-
this.validateCodeChallengeMethod(codeChallengeMethod);
|
|
7281
|
-
}
|
|
7282
|
-
}
|
|
7283
|
-
/**
|
|
7284
|
-
* Utility to validate code_challenge_method
|
|
7285
|
-
* @param codeChallengeMethod
|
|
7286
|
-
*/
|
|
7287
|
-
static validateCodeChallengeMethod(codeChallengeMethod) {
|
|
7288
|
-
if ([
|
|
7289
|
-
CodeChallengeMethodValues.PLAIN,
|
|
7290
|
-
CodeChallengeMethodValues.S256,
|
|
7291
|
-
].indexOf(codeChallengeMethod) < 0) {
|
|
7292
|
-
throw createClientConfigurationError(invalidCodeChallengeMethod);
|
|
7293
|
-
}
|
|
7294
|
-
}
|
|
7295
|
-
}
|
|
7296
|
-
|
|
7297
7226
|
/*
|
|
7298
7227
|
* Copyright (c) Microsoft Corporation. All rights reserved.
|
|
7299
7228
|
* Licensed under the MIT License.
|
|
@@ -7408,7 +7337,9 @@ class AuthorizationCodeClient extends BaseClient {
|
|
|
7408
7337
|
*/
|
|
7409
7338
|
if (!this.includeRedirectUri) {
|
|
7410
7339
|
// Just validate
|
|
7411
|
-
|
|
7340
|
+
if (!request.redirectUri) {
|
|
7341
|
+
throw createClientConfigurationError(redirectUriEmpty);
|
|
7342
|
+
}
|
|
7412
7343
|
}
|
|
7413
7344
|
else {
|
|
7414
7345
|
// Validate and include redirect uri
|
|
@@ -7618,7 +7549,7 @@ class RefreshTokenClient extends BaseClient {
|
|
|
7618
7549
|
async acquireTokenWithCachedRefreshToken(request, foci) {
|
|
7619
7550
|
this.performanceClient?.addQueueMeasurement(PerformanceEvents.RefreshTokenClientAcquireTokenWithCachedRefreshToken, request.correlationId);
|
|
7620
7551
|
// fetches family RT or application RT based on FOCI value
|
|
7621
|
-
const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, undefined, this.performanceClient
|
|
7552
|
+
const refreshToken = invoke(this.cacheManager.getRefreshToken.bind(this.cacheManager), PerformanceEvents.CacheManagerGetRefreshToken, this.logger, this.performanceClient, request.correlationId)(request.account, foci, request.correlationId, undefined, this.performanceClient);
|
|
7622
7553
|
if (!refreshToken) {
|
|
7623
7554
|
throw createInteractionRequiredAuthError(noTokensFound);
|
|
7624
7555
|
}
|
|
@@ -7648,7 +7579,7 @@ class RefreshTokenClient extends BaseClient {
|
|
|
7648
7579
|
// Remove bad refresh token from cache
|
|
7649
7580
|
this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");
|
|
7650
7581
|
const badRefreshTokenKey = generateCredentialKey(refreshToken);
|
|
7651
|
-
this.cacheManager.removeRefreshToken(badRefreshTokenKey);
|
|
7582
|
+
this.cacheManager.removeRefreshToken(badRefreshTokenKey, request.correlationId);
|
|
7652
7583
|
}
|
|
7653
7584
|
}
|
|
7654
7585
|
throw e;
|
|
@@ -7804,9 +7735,9 @@ class SilentFlowClient extends BaseClient {
|
|
|
7804
7735
|
}
|
|
7805
7736
|
const environment = request.authority || this.authority.getPreferredCache();
|
|
7806
7737
|
const cacheRecord = {
|
|
7807
|
-
account: this.cacheManager.readAccountFromCache(request.account),
|
|
7738
|
+
account: this.cacheManager.readAccountFromCache(request.account, request.correlationId),
|
|
7808
7739
|
accessToken: cachedAccessToken,
|
|
7809
|
-
idToken: this.cacheManager.getIdToken(request.account, tokenKeys, requestTenantId, this.performanceClient
|
|
7740
|
+
idToken: this.cacheManager.getIdToken(request.account, request.correlationId, tokenKeys, requestTenantId, this.performanceClient),
|
|
7810
7741
|
refreshToken: null,
|
|
7811
7742
|
appMetadata: this.cacheManager.readAppMetadataFromCache(environment),
|
|
7812
7743
|
};
|
|
@@ -8286,7 +8217,7 @@ class ServerTelemetryManager {
|
|
|
8286
8217
|
else {
|
|
8287
8218
|
lastRequests.errors.push(SERVER_TELEM_CONSTANTS.UNKNOWN_ERROR);
|
|
8288
8219
|
}
|
|
8289
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
|
|
8220
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
8290
8221
|
return;
|
|
8291
8222
|
}
|
|
8292
8223
|
/**
|
|
@@ -8295,7 +8226,7 @@ class ServerTelemetryManager {
|
|
|
8295
8226
|
incrementCacheHits() {
|
|
8296
8227
|
const lastRequests = this.getLastRequests();
|
|
8297
8228
|
lastRequests.cacheHits += 1;
|
|
8298
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
|
|
8229
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
8299
8230
|
return lastRequests.cacheHits;
|
|
8300
8231
|
}
|
|
8301
8232
|
/**
|
|
@@ -8319,7 +8250,7 @@ class ServerTelemetryManager {
|
|
|
8319
8250
|
const errorCount = lastRequests.errors.length;
|
|
8320
8251
|
if (numErrorsFlushed === errorCount) {
|
|
8321
8252
|
// All errors were sent on last request, clear Telemetry cache
|
|
8322
|
-
this.cacheManager.removeItem(this.telemetryCacheKey);
|
|
8253
|
+
this.cacheManager.removeItem(this.telemetryCacheKey, this.correlationId);
|
|
8323
8254
|
}
|
|
8324
8255
|
else {
|
|
8325
8256
|
// Partial data was flushed to server, construct a new telemetry cache item with errors that were not flushed
|
|
@@ -8328,7 +8259,7 @@ class ServerTelemetryManager {
|
|
|
8328
8259
|
errors: lastRequests.errors.slice(numErrorsFlushed),
|
|
8329
8260
|
cacheHits: 0,
|
|
8330
8261
|
};
|
|
8331
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, serverTelemEntity);
|
|
8262
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, serverTelemEntity, this.correlationId);
|
|
8332
8263
|
}
|
|
8333
8264
|
}
|
|
8334
8265
|
/**
|
|
@@ -8395,7 +8326,7 @@ class ServerTelemetryManager {
|
|
|
8395
8326
|
setNativeBrokerErrorCode(errorCode) {
|
|
8396
8327
|
const lastRequests = this.getLastRequests();
|
|
8397
8328
|
lastRequests.nativeBrokerErrorCode = errorCode;
|
|
8398
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
|
|
8329
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
8399
8330
|
}
|
|
8400
8331
|
getNativeBrokerErrorCode() {
|
|
8401
8332
|
return this.getLastRequests().nativeBrokerErrorCode;
|
|
@@ -8403,7 +8334,7 @@ class ServerTelemetryManager {
|
|
|
8403
8334
|
clearNativeBrokerErrorCode() {
|
|
8404
8335
|
const lastRequests = this.getLastRequests();
|
|
8405
8336
|
delete lastRequests.nativeBrokerErrorCode;
|
|
8406
|
-
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests);
|
|
8337
|
+
this.cacheManager.setServerTelemetry(this.telemetryCacheKey, lastRequests, this.correlationId);
|
|
8407
8338
|
}
|
|
8408
8339
|
static makeExtraSkuString(params) {
|
|
8409
8340
|
return makeExtraSkuString(params);
|
|
@@ -8499,6 +8430,7 @@ exports.buildClientInfoFromHomeAccountId = buildClientInfoFromHomeAccountId;
|
|
|
8499
8430
|
exports.buildStaticAuthorityOptions = buildStaticAuthorityOptions;
|
|
8500
8431
|
exports.buildTenantProfile = buildTenantProfile;
|
|
8501
8432
|
exports.createAuthError = createAuthError;
|
|
8433
|
+
exports.createCacheError = createCacheError;
|
|
8502
8434
|
exports.createClientAuthError = createClientAuthError;
|
|
8503
8435
|
exports.createClientConfigurationError = createClientConfigurationError;
|
|
8504
8436
|
exports.createInteractionRequiredAuthError = createInteractionRequiredAuthError;
|
|
@@ -8512,4 +8444,4 @@ exports.invokeAsync = invokeAsync;
|
|
|
8512
8444
|
exports.tenantIdMatchesHomeTenant = tenantIdMatchesHomeTenant;
|
|
8513
8445
|
exports.updateAccountTenantProfileData = updateAccountTenantProfileData;
|
|
8514
8446
|
exports.version = version;
|
|
8515
|
-
//# sourceMappingURL=index-node-
|
|
8447
|
+
//# sourceMappingURL=index-node-BCM1mkg5.js.map
|