@azure/msal-common 15.7.1 → 15.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (179) hide show
  1. package/dist/account/AccountInfo.d.ts +1 -0
  2. package/dist/account/AccountInfo.d.ts.map +1 -1
  3. package/dist/account/AccountInfo.mjs +1 -1
  4. package/dist/account/AccountInfo.mjs.map +1 -1
  5. package/dist/account/AuthToken.mjs +1 -1
  6. package/dist/account/CcsCredential.mjs +1 -1
  7. package/dist/account/ClientInfo.mjs +1 -1
  8. package/dist/account/TokenClaims.mjs +1 -1
  9. package/dist/authority/Authority.mjs +1 -1
  10. package/dist/authority/AuthorityFactory.mjs +1 -1
  11. package/dist/authority/AuthorityMetadata.mjs +1 -2
  12. package/dist/authority/AuthorityMetadata.mjs.map +1 -1
  13. package/dist/authority/AuthorityOptions.mjs +1 -1
  14. package/dist/authority/AuthorityType.mjs +1 -1
  15. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  16. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  17. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  18. package/dist/authority/ProtocolMode.mjs +1 -1
  19. package/dist/authority/RegionDiscovery.mjs +1 -1
  20. package/dist/cache/CacheManager.d.ts +25 -23
  21. package/dist/cache/CacheManager.d.ts.map +1 -1
  22. package/dist/cache/CacheManager.mjs +64 -75
  23. package/dist/cache/CacheManager.mjs.map +1 -1
  24. package/dist/cache/entities/AccountEntity.d.ts +1 -0
  25. package/dist/cache/entities/AccountEntity.d.ts.map +1 -1
  26. package/dist/cache/entities/AccountEntity.mjs +1 -1
  27. package/dist/cache/entities/AccountEntity.mjs.map +1 -1
  28. package/dist/cache/entities/CredentialEntity.d.ts +2 -0
  29. package/dist/cache/entities/CredentialEntity.d.ts.map +1 -1
  30. package/dist/cache/interface/ICacheManager.d.ts +12 -12
  31. package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
  32. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  33. package/dist/cache/utils/CacheHelpers.mjs +1 -1
  34. package/dist/client/AuthorizationCodeClient.d.ts.map +1 -1
  35. package/dist/client/AuthorizationCodeClient.mjs +7 -6
  36. package/dist/client/AuthorizationCodeClient.mjs.map +1 -1
  37. package/dist/client/BaseClient.d.ts.map +1 -1
  38. package/dist/client/BaseClient.mjs +4 -4
  39. package/dist/client/BaseClient.mjs.map +1 -1
  40. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  41. package/dist/client/RefreshTokenClient.mjs +5 -5
  42. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  43. package/dist/client/SilentFlowClient.d.ts.map +1 -1
  44. package/dist/client/SilentFlowClient.mjs +3 -3
  45. package/dist/client/SilentFlowClient.mjs.map +1 -1
  46. package/dist/config/ClientConfiguration.mjs +2 -2
  47. package/dist/constants/AADServerParamKeys.mjs +1 -1
  48. package/dist/crypto/ICrypto.mjs +1 -1
  49. package/dist/crypto/JoseHeader.mjs +1 -1
  50. package/dist/crypto/PopTokenGenerator.mjs +2 -4
  51. package/dist/crypto/PopTokenGenerator.mjs.map +1 -1
  52. package/dist/error/AuthError.mjs +2 -2
  53. package/dist/error/AuthErrorCodes.mjs +1 -1
  54. package/dist/error/CacheError.d.ts +8 -1
  55. package/dist/error/CacheError.d.ts.map +1 -1
  56. package/dist/error/CacheError.mjs +26 -7
  57. package/dist/error/CacheError.mjs.map +1 -1
  58. package/dist/error/CacheErrorCodes.d.ts +2 -2
  59. package/dist/error/CacheErrorCodes.d.ts.map +1 -1
  60. package/dist/error/CacheErrorCodes.mjs +4 -4
  61. package/dist/error/CacheErrorCodes.mjs.map +1 -1
  62. package/dist/error/ClientAuthError.mjs +2 -2
  63. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  64. package/dist/error/ClientConfigurationError.d.ts +0 -5
  65. package/dist/error/ClientConfigurationError.d.ts.map +1 -1
  66. package/dist/error/ClientConfigurationError.mjs +2 -7
  67. package/dist/error/ClientConfigurationError.mjs.map +1 -1
  68. package/dist/error/ClientConfigurationErrorCodes.d.ts +0 -1
  69. package/dist/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
  70. package/dist/error/ClientConfigurationErrorCodes.mjs +2 -3
  71. package/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
  72. package/dist/error/InteractionRequiredAuthError.mjs +2 -2
  73. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  74. package/dist/error/JoseHeaderError.mjs +2 -2
  75. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  76. package/dist/error/NetworkError.mjs +1 -1
  77. package/dist/error/ServerError.mjs +1 -1
  78. package/dist/exports-common.d.ts +1 -1
  79. package/dist/exports-common.d.ts.map +1 -1
  80. package/dist/index-browser.mjs +2 -2
  81. package/dist/index-node.mjs +2 -2
  82. package/dist/index.mjs +2 -2
  83. package/dist/logger/Logger.mjs +1 -1
  84. package/dist/network/INetworkModule.mjs +1 -1
  85. package/dist/network/RequestThumbprint.mjs +1 -1
  86. package/dist/network/ThrottlingUtils.d.ts +2 -2
  87. package/dist/network/ThrottlingUtils.d.ts.map +1 -1
  88. package/dist/network/ThrottlingUtils.mjs +6 -6
  89. package/dist/network/ThrottlingUtils.mjs.map +1 -1
  90. package/dist/packageMetadata.d.ts +1 -1
  91. package/dist/packageMetadata.mjs +2 -2
  92. package/dist/protocol/Authorize.mjs +2 -2
  93. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  94. package/dist/request/RequestParameterBuilder.mjs +2 -2
  95. package/dist/request/ScopeSet.mjs +1 -1
  96. package/dist/response/ResponseHandler.d.ts +1 -1
  97. package/dist/response/ResponseHandler.d.ts.map +1 -1
  98. package/dist/response/ResponseHandler.mjs +6 -6
  99. package/dist/response/ResponseHandler.mjs.map +1 -1
  100. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  101. package/dist/telemetry/performance/PerformanceEvent.mjs +1 -1
  102. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  103. package/dist/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
  104. package/dist/telemetry/server/ServerTelemetryManager.mjs +7 -7
  105. package/dist/telemetry/server/ServerTelemetryManager.mjs.map +1 -1
  106. package/dist/url/UrlString.mjs +1 -1
  107. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  108. package/dist/utils/Constants.mjs +1 -4
  109. package/dist/utils/Constants.mjs.map +1 -1
  110. package/dist/utils/FunctionWrappers.mjs +1 -1
  111. package/dist/utils/ProtocolUtils.mjs +1 -1
  112. package/dist/utils/StringUtils.mjs +1 -1
  113. package/dist/utils/TimeUtils.mjs +1 -1
  114. package/dist/utils/UrlUtils.mjs +1 -1
  115. package/lib/index-browser.cjs +3 -2
  116. package/lib/index-browser.cjs.map +1 -1
  117. package/lib/{index-node-B6ITzmFz.js → index-node-BCM1mkg5.js} +115 -183
  118. package/lib/index-node-BCM1mkg5.js.map +1 -0
  119. package/lib/index-node.cjs +3 -2
  120. package/lib/index-node.cjs.map +1 -1
  121. package/lib/index.cjs +3 -2
  122. package/lib/index.cjs.map +1 -1
  123. package/lib/types/account/AccountInfo.d.ts +1 -0
  124. package/lib/types/account/AccountInfo.d.ts.map +1 -1
  125. package/lib/types/cache/CacheManager.d.ts +25 -23
  126. package/lib/types/cache/CacheManager.d.ts.map +1 -1
  127. package/lib/types/cache/entities/AccountEntity.d.ts +1 -0
  128. package/lib/types/cache/entities/AccountEntity.d.ts.map +1 -1
  129. package/lib/types/cache/entities/CredentialEntity.d.ts +2 -0
  130. package/lib/types/cache/entities/CredentialEntity.d.ts.map +1 -1
  131. package/lib/types/cache/interface/ICacheManager.d.ts +12 -12
  132. package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
  133. package/lib/types/client/AuthorizationCodeClient.d.ts.map +1 -1
  134. package/lib/types/client/BaseClient.d.ts.map +1 -1
  135. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  136. package/lib/types/client/SilentFlowClient.d.ts.map +1 -1
  137. package/lib/types/error/CacheError.d.ts +8 -1
  138. package/lib/types/error/CacheError.d.ts.map +1 -1
  139. package/lib/types/error/CacheErrorCodes.d.ts +2 -2
  140. package/lib/types/error/CacheErrorCodes.d.ts.map +1 -1
  141. package/lib/types/error/ClientConfigurationError.d.ts +0 -5
  142. package/lib/types/error/ClientConfigurationError.d.ts.map +1 -1
  143. package/lib/types/error/ClientConfigurationErrorCodes.d.ts +0 -1
  144. package/lib/types/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
  145. package/lib/types/exports-common.d.ts +1 -1
  146. package/lib/types/exports-common.d.ts.map +1 -1
  147. package/lib/types/network/ThrottlingUtils.d.ts +2 -2
  148. package/lib/types/network/ThrottlingUtils.d.ts.map +1 -1
  149. package/lib/types/packageMetadata.d.ts +1 -1
  150. package/lib/types/response/ResponseHandler.d.ts +1 -1
  151. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  152. package/lib/types/telemetry/server/ServerTelemetryManager.d.ts.map +1 -1
  153. package/package.json +1 -1
  154. package/src/account/AccountInfo.ts +1 -0
  155. package/src/cache/CacheManager.ts +129 -98
  156. package/src/cache/entities/AccountEntity.ts +1 -0
  157. package/src/cache/entities/CredentialEntity.ts +2 -0
  158. package/src/cache/interface/ICacheManager.ts +30 -12
  159. package/src/client/AuthorizationCodeClient.ts +5 -2
  160. package/src/client/BaseClient.ts +11 -2
  161. package/src/client/RefreshTokenClient.ts +6 -3
  162. package/src/client/SilentFlowClient.ts +6 -3
  163. package/src/error/CacheError.ts +26 -5
  164. package/src/error/CacheErrorCodes.ts +2 -2
  165. package/src/error/ClientConfigurationError.ts +0 -8
  166. package/src/error/ClientConfigurationErrorCodes.ts +0 -1
  167. package/src/exports-common.ts +5 -1
  168. package/src/network/ThrottlingUtils.ts +8 -5
  169. package/src/packageMetadata.ts +1 -1
  170. package/src/response/ResponseHandler.ts +7 -2
  171. package/src/telemetry/server/ServerTelemetryManager.ts +14 -6
  172. package/dist/request/RequestValidator.d.ts +0 -28
  173. package/dist/request/RequestValidator.d.ts.map +0 -1
  174. package/dist/request/RequestValidator.mjs +0 -73
  175. package/dist/request/RequestValidator.mjs.map +0 -1
  176. package/lib/index-node-B6ITzmFz.js.map +0 -1
  177. package/lib/types/request/RequestValidator.d.ts +0 -28
  178. package/lib/types/request/RequestValidator.d.ts.map +0 -1
  179. package/src/request/RequestValidator.ts +0 -90
@@ -52,7 +52,8 @@ import { getAliasesFromStaticSources } from "../authority/AuthorityMetadata.js";
52
52
  import { StaticAuthorityOptions } from "../authority/AuthorityOptions.js";
53
53
  import { TokenClaims } from "../account/TokenClaims.js";
54
54
  import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
55
- import { CacheError, CacheErrorCodes } from "../error/CacheError.js";
55
+ import { createCacheError } from "../error/CacheError.js";
56
+ import { AuthError } from "../error/AuthError.js";
56
57
 
57
58
  /**
58
59
  * Interface class which implement cache storage functions used by MSAL to perform validity checks, and store tokens.
@@ -86,7 +87,7 @@ export abstract class CacheManager implements ICacheManager {
86
87
  */
87
88
  abstract getAccount(
88
89
  accountKey: string,
89
- logger?: Logger
90
+ correlationId: string
90
91
  ): AccountEntity | null;
91
92
 
92
93
  /**
@@ -103,7 +104,10 @@ export abstract class CacheManager implements ICacheManager {
103
104
  * fetch the idToken entity from the platform cache
104
105
  * @param idTokenKey
105
106
  */
106
- abstract getIdTokenCredential(idTokenKey: string): IdTokenEntity | null;
107
+ abstract getIdTokenCredential(
108
+ idTokenKey: string,
109
+ correlationId: string
110
+ ): IdTokenEntity | null;
107
111
 
108
112
  /**
109
113
  * set idToken entity to the platform cache
@@ -120,7 +124,8 @@ export abstract class CacheManager implements ICacheManager {
120
124
  * @param accessTokenKey
121
125
  */
122
126
  abstract getAccessTokenCredential(
123
- accessTokenKey: string
127
+ accessTokenKey: string,
128
+ correlationId: string
124
129
  ): AccessTokenEntity | null;
125
130
 
126
131
  /**
@@ -138,7 +143,8 @@ export abstract class CacheManager implements ICacheManager {
138
143
  * @param refreshTokenKey
139
144
  */
140
145
  abstract getRefreshTokenCredential(
141
- refreshTokenKey: string
146
+ refreshTokenKey: string,
147
+ correlationId: string
142
148
  ): RefreshTokenEntity | null;
143
149
 
144
150
  /**
@@ -161,7 +167,10 @@ export abstract class CacheManager implements ICacheManager {
161
167
  * set appMetadata entity to the platform cache
162
168
  * @param appMetadata
163
169
  */
164
- abstract setAppMetadata(appMetadata: AppMetadataEntity): void;
170
+ abstract setAppMetadata(
171
+ appMetadata: AppMetadataEntity,
172
+ correlationId: string
173
+ ): void;
165
174
 
166
175
  /**
167
176
  * fetch server telemetry entity from the platform cache
@@ -178,7 +187,8 @@ export abstract class CacheManager implements ICacheManager {
178
187
  */
179
188
  abstract setServerTelemetry(
180
189
  serverTelemetryKey: string,
181
- serverTelemetry: ServerTelemetryEntity
190
+ serverTelemetry: ServerTelemetryEntity,
191
+ correlationId: string
182
192
  ): void;
183
193
 
184
194
  /**
@@ -217,14 +227,15 @@ export abstract class CacheManager implements ICacheManager {
217
227
  */
218
228
  abstract setThrottlingCache(
219
229
  throttlingCacheKey: string,
220
- throttlingCache: ThrottlingEntity
230
+ throttlingCache: ThrottlingEntity,
231
+ correlationId: string
221
232
  ): void;
222
233
 
223
234
  /**
224
235
  * Function to remove an item from cache given its key.
225
236
  * @param key
226
237
  */
227
- abstract removeItem(key: string): void;
238
+ abstract removeItem(key: string, correlationId: string): void;
228
239
 
229
240
  /**
230
241
  * Function which retrieves all current keys from the cache.
@@ -246,9 +257,13 @@ export abstract class CacheManager implements ICacheManager {
246
257
  * @param accountFilter - (Optional) filter to narrow down the accounts returned
247
258
  * @returns Array of AccountInfo objects in cache
248
259
  */
249
- getAllAccounts(accountFilter?: AccountFilter): AccountInfo[] {
260
+ getAllAccounts(
261
+ accountFilter: AccountFilter,
262
+ correlationId: string
263
+ ): AccountInfo[] {
250
264
  return this.buildTenantProfiles(
251
- this.getAccountsFilteredBy(accountFilter || {}),
265
+ this.getAccountsFilteredBy(accountFilter, correlationId),
266
+ correlationId,
252
267
  accountFilter
253
268
  );
254
269
  }
@@ -256,8 +271,11 @@ export abstract class CacheManager implements ICacheManager {
256
271
  /**
257
272
  * Gets first tenanted AccountInfo object found based on provided filters
258
273
  */
259
- getAccountInfoFilteredBy(accountFilter: AccountFilter): AccountInfo | null {
260
- const allAccounts = this.getAllAccounts(accountFilter);
274
+ getAccountInfoFilteredBy(
275
+ accountFilter: AccountFilter,
276
+ correlationId: string
277
+ ): AccountInfo | null {
278
+ const allAccounts = this.getAllAccounts(accountFilter, correlationId);
261
279
  if (allAccounts.length > 1) {
262
280
  // If one or more accounts are found, prioritize accounts that have an ID token
263
281
  const sortedAccounts = allAccounts.sort((account) => {
@@ -277,8 +295,14 @@ export abstract class CacheManager implements ICacheManager {
277
295
  * @param accountFilter
278
296
  * @returns
279
297
  */
280
- getBaseAccountInfo(accountFilter: AccountFilter): AccountInfo | null {
281
- const accountEntities = this.getAccountsFilteredBy(accountFilter);
298
+ getBaseAccountInfo(
299
+ accountFilter: AccountFilter,
300
+ correlationId: string
301
+ ): AccountInfo | null {
302
+ const accountEntities = this.getAccountsFilteredBy(
303
+ accountFilter,
304
+ correlationId
305
+ );
282
306
  if (accountEntities.length > 0) {
283
307
  return accountEntities[0].getAccountInfo();
284
308
  } else {
@@ -295,11 +319,13 @@ export abstract class CacheManager implements ICacheManager {
295
319
  */
296
320
  private buildTenantProfiles(
297
321
  cachedAccounts: AccountEntity[],
322
+ correlationId: string,
298
323
  accountFilter?: AccountFilter
299
324
  ): AccountInfo[] {
300
325
  return cachedAccounts.flatMap((accountEntity) => {
301
326
  return this.getTenantProfilesFromAccountEntity(
302
327
  accountEntity,
328
+ correlationId,
303
329
  accountFilter?.tenantId,
304
330
  accountFilter
305
331
  );
@@ -310,6 +336,7 @@ export abstract class CacheManager implements ICacheManager {
310
336
  accountInfo: AccountInfo,
311
337
  tokenKeys: TokenKeys,
312
338
  tenantProfile: TenantProfile,
339
+ correlationId: string,
313
340
  tenantProfileFilter?: TenantProfileFilter
314
341
  ): AccountInfo | null {
315
342
  let tenantedAccountInfo: AccountInfo | null = null;
@@ -328,6 +355,7 @@ export abstract class CacheManager implements ICacheManager {
328
355
 
329
356
  const idToken = this.getIdToken(
330
357
  accountInfo,
358
+ correlationId,
331
359
  tokenKeys,
332
360
  tenantProfile.tenantId
333
361
  );
@@ -362,6 +390,7 @@ export abstract class CacheManager implements ICacheManager {
362
390
 
363
391
  private getTenantProfilesFromAccountEntity(
364
392
  accountEntity: AccountEntity,
393
+ correlationId: string,
365
394
  targetTenantId?: string,
366
395
  tenantProfileFilter?: TenantProfileFilter
367
396
  ): AccountInfo[] {
@@ -390,6 +419,7 @@ export abstract class CacheManager implements ICacheManager {
390
419
  accountInfo,
391
420
  tokenKeys,
392
421
  tenantProfile,
422
+ correlationId,
393
423
  tenantProfileFilter
394
424
  );
395
425
  if (tenantedAccountInfo) {
@@ -535,37 +565,14 @@ export abstract class CacheManager implements ICacheManager {
535
565
  }
536
566
 
537
567
  if (!!cacheRecord.appMetadata) {
538
- this.setAppMetadata(cacheRecord.appMetadata);
568
+ this.setAppMetadata(cacheRecord.appMetadata, correlationId);
539
569
  }
540
570
  } catch (e: unknown) {
541
571
  this.commonLogger?.error(`CacheManager.saveCacheRecord: failed`);
542
- if (e instanceof Error) {
543
- this.commonLogger?.errorPii(
544
- `CacheManager.saveCacheRecord: ${e.message}`,
545
- correlationId
546
- );
547
-
548
- if (
549
- e.name === "QuotaExceededError" ||
550
- e.name === "NS_ERROR_DOM_QUOTA_REACHED" ||
551
- e.message.includes("exceeded the quota")
552
- ) {
553
- this.commonLogger?.error(
554
- `CacheManager.saveCacheRecord: exceeded storage quota`,
555
- correlationId
556
- );
557
- throw new CacheError(
558
- CacheErrorCodes.cacheQuotaExceededErrorCode
559
- );
560
- } else {
561
- throw new CacheError(e.name, e.message);
562
- }
572
+ if (e instanceof AuthError) {
573
+ throw e;
563
574
  } else {
564
- this.commonLogger?.errorPii(
565
- `CacheManager.saveCacheRecord: ${e}`,
566
- correlationId
567
- );
568
- throw new CacheError(CacheErrorCodes.cacheUnknownErrorCode);
575
+ throw createCacheError(e);
569
576
  }
570
577
  }
571
578
  }
@@ -598,7 +605,10 @@ export abstract class CacheManager implements ICacheManager {
598
605
  return;
599
606
  }
600
607
 
601
- const tokenEntity = this.getAccessTokenCredential(key);
608
+ const tokenEntity = this.getAccessTokenCredential(
609
+ key,
610
+ correlationId
611
+ );
602
612
 
603
613
  if (
604
614
  tokenEntity &&
@@ -618,7 +628,10 @@ export abstract class CacheManager implements ICacheManager {
618
628
  * Not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared
619
629
  * @param accountFilter - An object containing Account properties to filter by
620
630
  */
621
- getAccountsFilteredBy(accountFilter: AccountFilter): AccountEntity[] {
631
+ getAccountsFilteredBy(
632
+ accountFilter: AccountFilter,
633
+ correlationId: string
634
+ ): AccountEntity[] {
622
635
  const allAccountKeys = this.getAccountKeys();
623
636
  const matchingAccounts: AccountEntity[] = [];
624
637
  allAccountKeys.forEach((cacheKey) => {
@@ -629,7 +642,7 @@ export abstract class CacheManager implements ICacheManager {
629
642
 
630
643
  const entity: AccountEntity | null = this.getAccount(
631
644
  cacheKey,
632
- this.commonLogger
645
+ correlationId
633
646
  );
634
647
 
635
648
  // Match base account fields
@@ -973,12 +986,12 @@ export abstract class CacheManager implements ICacheManager {
973
986
  * @param account
974
987
  */
975
988
  removeAccount(accountKey: string, correlationId: string): void {
976
- const account = this.getAccount(accountKey, this.commonLogger);
989
+ const account = this.getAccount(accountKey, correlationId);
977
990
  if (!account) {
978
991
  return;
979
992
  }
980
993
  this.removeAccountContext(account, correlationId);
981
- this.removeItem(accountKey);
994
+ this.removeItem(accountKey, correlationId);
982
995
  }
983
996
 
984
997
  /**
@@ -991,7 +1004,7 @@ export abstract class CacheManager implements ICacheManager {
991
1004
 
992
1005
  allTokenKeys.idToken.forEach((key) => {
993
1006
  if (key.indexOf(accountId) === 0) {
994
- this.removeIdToken(key);
1007
+ this.removeIdToken(key, correlationId);
995
1008
  }
996
1009
  });
997
1010
 
@@ -1003,59 +1016,59 @@ export abstract class CacheManager implements ICacheManager {
1003
1016
 
1004
1017
  allTokenKeys.refreshToken.forEach((key) => {
1005
1018
  if (key.indexOf(accountId) === 0) {
1006
- this.removeRefreshToken(key);
1019
+ this.removeRefreshToken(key, correlationId);
1007
1020
  }
1008
1021
  });
1009
1022
  }
1010
1023
 
1011
1024
  /**
1012
- * returns a boolean if the given credential is removed
1013
- * @param credential
1025
+ * Removes accessToken from the cache
1026
+ * @param key
1027
+ * @param correlationId
1014
1028
  */
1015
1029
  removeAccessToken(key: string, correlationId: string): void {
1016
- const credential = this.getAccessTokenCredential(key);
1017
- if (!credential) {
1030
+ const credential = this.getAccessTokenCredential(key, correlationId);
1031
+ this.removeItem(key, correlationId);
1032
+ this.performanceClient.incrementFields(
1033
+ { accessTokensRemoved: 1 },
1034
+ correlationId
1035
+ );
1036
+
1037
+ if (
1038
+ !credential ||
1039
+ credential.credentialType.toLowerCase() !==
1040
+ CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase() ||
1041
+ credential.tokenType !== AuthenticationScheme.POP
1042
+ ) {
1043
+ // If the credential is not a PoP token, we can return
1018
1044
  return;
1019
1045
  }
1020
1046
 
1021
- this.removeItem(key);
1022
-
1023
1047
  // Remove Token Binding Key from key store for PoP Tokens Credentials
1024
- if (
1025
- credential.credentialType.toLowerCase() ===
1026
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()
1027
- ) {
1028
- if (credential.tokenType === AuthenticationScheme.POP) {
1029
- const accessTokenWithAuthSchemeEntity =
1030
- credential as AccessTokenEntity;
1031
- const kid = accessTokenWithAuthSchemeEntity.keyId;
1032
-
1033
- if (kid) {
1034
- void this.cryptoImpl
1035
- .removeTokenBindingKey(kid)
1036
- .catch(() => {
1037
- this.commonLogger.error(
1038
- `Failed to remove token binding key ${kid}`,
1039
- correlationId
1040
- );
1041
- this.performanceClient?.incrementFields(
1042
- { removeTokenBindingKeyFailure: 1 },
1043
- correlationId
1044
- );
1045
- });
1046
- }
1047
- }
1048
+ const kid = credential.keyId;
1049
+
1050
+ if (kid) {
1051
+ void this.cryptoImpl.removeTokenBindingKey(kid).catch(() => {
1052
+ this.commonLogger.error(
1053
+ `Failed to remove token binding key ${kid}`,
1054
+ correlationId
1055
+ );
1056
+ this.performanceClient?.incrementFields(
1057
+ { removeTokenBindingKeyFailure: 1 },
1058
+ correlationId
1059
+ );
1060
+ });
1048
1061
  }
1049
1062
  }
1050
1063
 
1051
1064
  /**
1052
1065
  * Removes all app metadata objects from cache.
1053
1066
  */
1054
- removeAppMetadata(): boolean {
1067
+ removeAppMetadata(correlationId: string): boolean {
1055
1068
  const allCacheKeys = this.getKeys();
1056
1069
  allCacheKeys.forEach((cacheKey) => {
1057
1070
  if (this.isAppMetadata(cacheKey)) {
1058
- this.removeItem(cacheKey);
1071
+ this.removeItem(cacheKey, correlationId);
1059
1072
  }
1060
1073
  });
1061
1074
 
@@ -1066,10 +1079,13 @@ export abstract class CacheManager implements ICacheManager {
1066
1079
  * Retrieve AccountEntity from cache
1067
1080
  * @param account
1068
1081
  */
1069
- readAccountFromCache(account: AccountInfo): AccountEntity | null {
1082
+ readAccountFromCache(
1083
+ account: AccountInfo,
1084
+ correlationId: string
1085
+ ): AccountEntity | null {
1070
1086
  const accountKey: string =
1071
1087
  AccountEntity.generateAccountCacheKey(account);
1072
- return this.getAccount(accountKey, this.commonLogger);
1088
+ return this.getAccount(accountKey, correlationId);
1073
1089
  }
1074
1090
 
1075
1091
  /**
@@ -1082,10 +1098,10 @@ export abstract class CacheManager implements ICacheManager {
1082
1098
  */
1083
1099
  getIdToken(
1084
1100
  account: AccountInfo,
1101
+ correlationId: string,
1085
1102
  tokenKeys?: TokenKeys,
1086
1103
  targetRealm?: string,
1087
- performanceClient?: IPerformanceClient,
1088
- correlationId?: string
1104
+ performanceClient?: IPerformanceClient
1089
1105
  ): IdTokenEntity | null {
1090
1106
  this.commonLogger.trace("CacheManager - getIdToken called");
1091
1107
  const idTokenFilter: CredentialFilter = {
@@ -1098,6 +1114,7 @@ export abstract class CacheManager implements ICacheManager {
1098
1114
 
1099
1115
  const idTokenMap: Map<string, IdTokenEntity> = this.getIdTokensByFilter(
1100
1116
  idTokenFilter,
1117
+ correlationId,
1101
1118
  tokenKeys
1102
1119
  );
1103
1120
 
@@ -1140,7 +1157,7 @@ export abstract class CacheManager implements ICacheManager {
1140
1157
  "CacheManager:getIdToken - Multiple matching ID tokens found, clearing them"
1141
1158
  );
1142
1159
  tokensToBeRemoved.forEach((idToken, key) => {
1143
- this.removeIdToken(key);
1160
+ this.removeIdToken(key, correlationId);
1144
1161
  });
1145
1162
  if (performanceClient && correlationId) {
1146
1163
  performanceClient.addFields(
@@ -1162,6 +1179,7 @@ export abstract class CacheManager implements ICacheManager {
1162
1179
  */
1163
1180
  getIdTokensByFilter(
1164
1181
  filter: CredentialFilter,
1182
+ correlationId: string,
1165
1183
  tokenKeys?: TokenKeys
1166
1184
  ): Map<string, IdTokenEntity> {
1167
1185
  const idTokenKeys =
@@ -1180,7 +1198,7 @@ export abstract class CacheManager implements ICacheManager {
1180
1198
  ) {
1181
1199
  return;
1182
1200
  }
1183
- const idToken = this.getIdTokenCredential(key);
1201
+ const idToken = this.getIdTokenCredential(key, correlationId);
1184
1202
  if (idToken && this.credentialMatchesFilter(idToken, filter)) {
1185
1203
  idTokens.set(key, idToken);
1186
1204
  }
@@ -1221,22 +1239,23 @@ export abstract class CacheManager implements ICacheManager {
1221
1239
  * Removes idToken from the cache
1222
1240
  * @param key
1223
1241
  */
1224
- removeIdToken(key: string): void {
1225
- this.removeItem(key);
1242
+ removeIdToken(key: string, correlationId: string): void {
1243
+ this.removeItem(key, correlationId);
1226
1244
  }
1227
1245
 
1228
1246
  /**
1229
1247
  * Removes refresh token from the cache
1230
1248
  * @param key
1231
1249
  */
1232
- removeRefreshToken(key: string): void {
1233
- this.removeItem(key);
1250
+ removeRefreshToken(key: string, correlationId: string): void {
1251
+ this.removeItem(key, correlationId);
1234
1252
  }
1235
1253
 
1236
1254
  /**
1237
1255
  * Retrieve AccessTokenEntity from cache
1238
1256
  * @param account {AccountInfo}
1239
1257
  * @param request {BaseAuthRequest}
1258
+ * @param correlationId {?string}
1240
1259
  * @param tokenKeys {?TokenKeys}
1241
1260
  * @param performanceClient {?IPerformanceClient}
1242
1261
  */
@@ -1287,7 +1306,10 @@ export abstract class CacheManager implements ICacheManager {
1287
1306
  if (
1288
1307
  this.accessTokenKeyMatchesFilter(key, accessTokenFilter, true)
1289
1308
  ) {
1290
- const accessToken = this.getAccessTokenCredential(key);
1309
+ const accessToken = this.getAccessTokenCredential(
1310
+ key,
1311
+ correlationId
1312
+ );
1291
1313
 
1292
1314
  // Validate value
1293
1315
  if (
@@ -1396,7 +1418,10 @@ export abstract class CacheManager implements ICacheManager {
1396
1418
  * @param filter
1397
1419
  * @returns
1398
1420
  */
1399
- getAccessTokensByFilter(filter: CredentialFilter): AccessTokenEntity[] {
1421
+ getAccessTokensByFilter(
1422
+ filter: CredentialFilter,
1423
+ correlationId: string
1424
+ ): AccessTokenEntity[] {
1400
1425
  const tokenKeys = this.getTokenKeys();
1401
1426
 
1402
1427
  const accessTokens: AccessTokenEntity[] = [];
@@ -1405,7 +1430,10 @@ export abstract class CacheManager implements ICacheManager {
1405
1430
  return;
1406
1431
  }
1407
1432
 
1408
- const accessToken = this.getAccessTokenCredential(key);
1433
+ const accessToken = this.getAccessTokenCredential(
1434
+ key,
1435
+ correlationId
1436
+ );
1409
1437
  if (
1410
1438
  accessToken &&
1411
1439
  this.credentialMatchesFilter(accessToken, filter)
@@ -1421,16 +1449,16 @@ export abstract class CacheManager implements ICacheManager {
1421
1449
  * Helper to retrieve the appropriate refresh token from cache
1422
1450
  * @param account {AccountInfo}
1423
1451
  * @param familyRT {boolean}
1452
+ * @param correlationId {?string}
1424
1453
  * @param tokenKeys {?TokenKeys}
1425
1454
  * @param performanceClient {?IPerformanceClient}
1426
- * @param correlationId {?string}
1427
1455
  */
1428
1456
  getRefreshToken(
1429
1457
  account: AccountInfo,
1430
1458
  familyRT: boolean,
1459
+ correlationId: string,
1431
1460
  tokenKeys?: TokenKeys,
1432
- performanceClient?: IPerformanceClient,
1433
- correlationId?: string
1461
+ performanceClient?: IPerformanceClient
1434
1462
  ): RefreshTokenEntity | null {
1435
1463
  this.commonLogger.trace("CacheManager - getRefreshToken called");
1436
1464
  const id = familyRT ? THE_FAMILY_ID : undefined;
@@ -1450,7 +1478,10 @@ export abstract class CacheManager implements ICacheManager {
1450
1478
  refreshTokenKeys.forEach((key) => {
1451
1479
  // Validate key
1452
1480
  if (this.refreshTokenKeyMatchesFilter(key, refreshTokenFilter)) {
1453
- const refreshToken = this.getRefreshTokenCredential(key);
1481
+ const refreshToken = this.getRefreshTokenCredential(
1482
+ key,
1483
+ correlationId
1484
+ );
1454
1485
  // Validate value
1455
1486
  if (
1456
1487
  refreshToken &&
@@ -62,6 +62,7 @@ export class AccountEntity {
62
62
  msGraphHost?: string;
63
63
  nativeAccountId?: string;
64
64
  tenantProfiles?: Array<TenantProfile>;
65
+ lastUpdatedAt?: string;
65
66
 
66
67
  /**
67
68
  * Generate Account Id key component as per the schema: <home_account_id>-<environment>
@@ -33,4 +33,6 @@ export type CredentialEntity = {
33
33
  keyId?: string;
34
34
  /** Matches the SHA 256 hash of the claims object included in the token request */
35
35
  requestedClaimsHash?: string;
36
+ /** Timestamp when the entry was last updated */
37
+ lastUpdatedAt?: string;
36
38
  };
@@ -21,7 +21,7 @@ export interface ICacheManager {
21
21
  * fetch the account entity from the platform cache
22
22
  * @param accountKey
23
23
  */
24
- getAccount(accountKey: string): AccountEntity | null;
24
+ getAccount(accountKey: string, correlationId: string): AccountEntity | null;
25
25
 
26
26
  /**
27
27
  * set account entity in the platform cache
@@ -46,7 +46,10 @@ export interface ICacheManager {
46
46
  * fetch the idToken entity from the platform cache
47
47
  * @param idTokenKey
48
48
  */
49
- getIdTokenCredential(idTokenKey: string): IdTokenEntity | null;
49
+ getIdTokenCredential(
50
+ idTokenKey: string,
51
+ correlationId: string
52
+ ): IdTokenEntity | null;
50
53
 
51
54
  /**
52
55
  * set idToken entity to the platform cache
@@ -61,7 +64,10 @@ export interface ICacheManager {
61
64
  * fetch the idToken entity from the platform cache
62
65
  * @param accessTokenKey
63
66
  */
64
- getAccessTokenCredential(accessTokenKey: string): AccessTokenEntity | null;
67
+ getAccessTokenCredential(
68
+ accessTokenKey: string,
69
+ correlationId: string
70
+ ): AccessTokenEntity | null;
65
71
 
66
72
  /**
67
73
  * set idToken entity to the platform cache
@@ -77,7 +83,8 @@ export interface ICacheManager {
77
83
  * @param refreshTokenKey
78
84
  */
79
85
  getRefreshTokenCredential(
80
- refreshTokenKey: string
86
+ refreshTokenKey: string,
87
+ correlationId: string
81
88
  ): RefreshTokenEntity | null;
82
89
 
83
90
  /**
@@ -99,7 +106,7 @@ export interface ICacheManager {
99
106
  * set appMetadata entity to the platform cache
100
107
  * @param appMetadata
101
108
  */
102
- setAppMetadata(appMetadata: AppMetadataEntity): void;
109
+ setAppMetadata(appMetadata: AppMetadataEntity, correlationId: string): void;
103
110
 
104
111
  /**
105
112
  * fetch server telemetry entity from the platform cache
@@ -116,7 +123,8 @@ export interface ICacheManager {
116
123
  */
117
124
  setServerTelemetry(
118
125
  serverTelemetryKey: string,
119
- serverTelemetry: ServerTelemetryEntity
126
+ serverTelemetry: ServerTelemetryEntity,
127
+ correlationId: string
120
128
  ): void;
121
129
 
122
130
  /**
@@ -162,13 +170,17 @@ export interface ICacheManager {
162
170
  */
163
171
  setThrottlingCache(
164
172
  throttlingCacheKey: string,
165
- throttlingCache: ThrottlingEntity
173
+ throttlingCache: ThrottlingEntity,
174
+ correlationId: string
166
175
  ): void;
167
176
 
168
177
  /**
169
178
  * Returns all accounts in cache
170
179
  */
171
- getAllAccounts(): AccountInfo[];
180
+ getAllAccounts(
181
+ accountFilter: AccountFilter,
182
+ correlationId: string
183
+ ): AccountInfo[];
172
184
 
173
185
  /**
174
186
  * saves a cache record
@@ -186,13 +198,19 @@ export interface ICacheManager {
186
198
  * @param environment
187
199
  * @param realm
188
200
  */
189
- getAccountsFilteredBy(filter: AccountFilter): AccountEntity[];
201
+ getAccountsFilteredBy(
202
+ filter: AccountFilter,
203
+ correlationId: string
204
+ ): AccountEntity[];
190
205
 
191
206
  /**
192
207
  * Get AccountInfo object based on provided filters
193
208
  * @param filter
194
209
  */
195
- getAccountInfoFilteredBy(filter: AccountFilter): AccountInfo | null;
210
+ getAccountInfoFilteredBy(
211
+ filter: AccountFilter,
212
+ correlationId: string
213
+ ): AccountInfo | null;
196
214
 
197
215
  /**
198
216
  * Removes all accounts and related tokens from cache.
@@ -214,7 +232,7 @@ export interface ICacheManager {
214
232
  /**
215
233
  * @param key
216
234
  */
217
- removeIdToken(key: string): void;
235
+ removeIdToken(key: string, correlationId: string): void;
218
236
 
219
237
  /**
220
238
  * @param key
@@ -224,5 +242,5 @@ export interface ICacheManager {
224
242
  /**
225
243
  * @param key
226
244
  */
227
- removeRefreshToken(key: string): void;
245
+ removeRefreshToken(key: string, correlationId: string): void;
228
246
  }
@@ -42,7 +42,6 @@ import {
42
42
  createClientConfigurationError,
43
43
  ClientConfigurationErrorCodes,
44
44
  } from "../error/ClientConfigurationError.js";
45
- import { RequestValidator } from "../request/RequestValidator.js";
46
45
  import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
47
46
  import { PerformanceEvents } from "../telemetry/performance/PerformanceEvent.js";
48
47
  import { invokeAsync } from "../utils/FunctionWrappers.js";
@@ -250,7 +249,11 @@ export class AuthorizationCodeClient extends BaseClient {
250
249
  */
251
250
  if (!this.includeRedirectUri) {
252
251
  // Just validate
253
- RequestValidator.validateRedirectUri(request.redirectUri);
252
+ if (!request.redirectUri) {
253
+ throw createClientConfigurationError(
254
+ ClientConfigurationErrorCodes.redirectUriEmpty
255
+ );
256
+ }
254
257
  } else {
255
258
  // Validate and include redirect uri
256
259
  RequestParameterBuilder.addRedirectUri(