@azure/msal-common 15.8.1 → 15.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (174) hide show
  1. package/dist/account/AccountInfo.d.ts +2 -1
  2. package/dist/account/AccountInfo.d.ts.map +1 -1
  3. package/dist/account/AccountInfo.mjs +5 -2
  4. package/dist/account/AccountInfo.mjs.map +1 -1
  5. package/dist/account/AuthToken.mjs +1 -1
  6. package/dist/account/CcsCredential.mjs +1 -1
  7. package/dist/account/ClientInfo.mjs +1 -1
  8. package/dist/account/TokenClaims.mjs +1 -1
  9. package/dist/authority/Authority.mjs +1 -1
  10. package/dist/authority/AuthorityFactory.mjs +1 -1
  11. package/dist/authority/AuthorityMetadata.mjs +1 -1
  12. package/dist/authority/AuthorityOptions.mjs +1 -1
  13. package/dist/authority/AuthorityType.mjs +1 -1
  14. package/dist/authority/CloudInstanceDiscoveryErrorResponse.mjs +1 -1
  15. package/dist/authority/CloudInstanceDiscoveryResponse.mjs +1 -1
  16. package/dist/authority/OpenIdConfigResponse.mjs +1 -1
  17. package/dist/authority/ProtocolMode.mjs +1 -1
  18. package/dist/authority/RegionDiscovery.mjs +1 -1
  19. package/dist/cache/CacheManager.d.ts +15 -20
  20. package/dist/cache/CacheManager.d.ts.map +1 -1
  21. package/dist/cache/CacheManager.mjs +32 -97
  22. package/dist/cache/CacheManager.mjs.map +1 -1
  23. package/dist/cache/entities/AccountEntity.d.ts +2 -14
  24. package/dist/cache/entities/AccountEntity.d.ts.map +1 -1
  25. package/dist/cache/entities/AccountEntity.mjs +6 -34
  26. package/dist/cache/entities/AccountEntity.mjs.map +1 -1
  27. package/dist/cache/entities/CredentialEntity.d.ts +1 -1
  28. package/dist/cache/entities/CredentialEntity.d.ts.map +1 -1
  29. package/dist/cache/interface/ICacheManager.d.ts +2 -10
  30. package/dist/cache/interface/ICacheManager.d.ts.map +1 -1
  31. package/dist/cache/persistence/TokenCacheContext.mjs +1 -1
  32. package/dist/cache/utils/CacheHelpers.d.ts +4 -13
  33. package/dist/cache/utils/CacheHelpers.d.ts.map +1 -1
  34. package/dist/cache/utils/CacheHelpers.mjs +6 -71
  35. package/dist/cache/utils/CacheHelpers.mjs.map +1 -1
  36. package/dist/client/AuthorizationCodeClient.mjs +1 -1
  37. package/dist/client/BaseClient.mjs +1 -1
  38. package/dist/client/RefreshTokenClient.d.ts.map +1 -1
  39. package/dist/client/RefreshTokenClient.mjs +2 -3
  40. package/dist/client/RefreshTokenClient.mjs.map +1 -1
  41. package/dist/client/SilentFlowClient.mjs +2 -2
  42. package/dist/client/SilentFlowClient.mjs.map +1 -1
  43. package/dist/config/ClientConfiguration.mjs +1 -1
  44. package/dist/constants/AADServerParamKeys.mjs +1 -1
  45. package/dist/crypto/ICrypto.mjs +1 -1
  46. package/dist/crypto/JoseHeader.mjs +1 -1
  47. package/dist/crypto/PopTokenGenerator.mjs +1 -1
  48. package/dist/error/AuthError.mjs +1 -1
  49. package/dist/error/AuthErrorCodes.mjs +1 -1
  50. package/dist/error/CacheError.mjs +1 -1
  51. package/dist/error/CacheErrorCodes.mjs +1 -1
  52. package/dist/error/ClientAuthError.mjs +1 -1
  53. package/dist/error/ClientAuthErrorCodes.mjs +1 -1
  54. package/dist/error/ClientConfigurationError.d.ts +10 -0
  55. package/dist/error/ClientConfigurationError.d.ts.map +1 -1
  56. package/dist/error/ClientConfigurationError.mjs +12 -2
  57. package/dist/error/ClientConfigurationError.mjs.map +1 -1
  58. package/dist/error/ClientConfigurationErrorCodes.d.ts +2 -0
  59. package/dist/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
  60. package/dist/error/ClientConfigurationErrorCodes.mjs +5 -3
  61. package/dist/error/ClientConfigurationErrorCodes.mjs.map +1 -1
  62. package/dist/error/InteractionRequiredAuthError.mjs +1 -1
  63. package/dist/error/InteractionRequiredAuthErrorCodes.mjs +1 -1
  64. package/dist/error/JoseHeaderError.mjs +1 -1
  65. package/dist/error/JoseHeaderErrorCodes.mjs +1 -1
  66. package/dist/error/NetworkError.mjs +1 -1
  67. package/dist/error/ServerError.mjs +1 -1
  68. package/dist/exports-common.d.ts +1 -1
  69. package/dist/exports-common.d.ts.map +1 -1
  70. package/dist/index-browser.mjs +2 -2
  71. package/dist/index-node.mjs +2 -2
  72. package/dist/index.mjs +2 -2
  73. package/dist/logger/Logger.mjs +1 -1
  74. package/dist/network/INetworkModule.mjs +1 -1
  75. package/dist/network/RequestThumbprint.mjs +1 -1
  76. package/dist/network/ThrottlingUtils.mjs +1 -1
  77. package/dist/packageMetadata.d.ts +1 -1
  78. package/dist/packageMetadata.d.ts.map +1 -1
  79. package/dist/packageMetadata.mjs +2 -2
  80. package/dist/protocol/Authorize.mjs +2 -2
  81. package/dist/protocol/Authorize.mjs.map +1 -1
  82. package/dist/request/AuthenticationHeaderParser.mjs +1 -1
  83. package/dist/request/BaseAuthRequest.d.ts +5 -1
  84. package/dist/request/BaseAuthRequest.d.ts.map +1 -1
  85. package/dist/request/RequestParameterBuilder.d.ts +6 -0
  86. package/dist/request/RequestParameterBuilder.d.ts.map +1 -1
  87. package/dist/request/RequestParameterBuilder.mjs +14 -2
  88. package/dist/request/RequestParameterBuilder.mjs.map +1 -1
  89. package/dist/request/ScopeSet.mjs +1 -1
  90. package/dist/response/ResponseHandler.d.ts.map +1 -1
  91. package/dist/response/ResponseHandler.mjs +3 -3
  92. package/dist/response/ResponseHandler.mjs.map +1 -1
  93. package/dist/telemetry/performance/PerformanceClient.mjs +1 -1
  94. package/dist/telemetry/performance/PerformanceEvent.d.ts +2 -0
  95. package/dist/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  96. package/dist/telemetry/performance/PerformanceEvent.mjs +11 -1
  97. package/dist/telemetry/performance/PerformanceEvent.mjs.map +1 -1
  98. package/dist/telemetry/performance/StubPerformanceClient.mjs +1 -1
  99. package/dist/telemetry/server/ServerTelemetryManager.mjs +1 -1
  100. package/dist/url/UrlString.mjs +1 -1
  101. package/dist/utils/ClientAssertionUtils.mjs +1 -1
  102. package/dist/utils/Constants.d.ts +5 -1
  103. package/dist/utils/Constants.d.ts.map +1 -1
  104. package/dist/utils/Constants.mjs +6 -4
  105. package/dist/utils/Constants.mjs.map +1 -1
  106. package/dist/utils/FunctionWrappers.mjs +1 -1
  107. package/dist/utils/ProtocolUtils.mjs +1 -1
  108. package/dist/utils/StringUtils.mjs +1 -1
  109. package/dist/utils/TimeUtils.d.ts +7 -0
  110. package/dist/utils/TimeUtils.d.ts.map +1 -1
  111. package/dist/utils/TimeUtils.mjs +12 -2
  112. package/dist/utils/TimeUtils.mjs.map +1 -1
  113. package/dist/utils/UrlUtils.mjs +1 -1
  114. package/lib/index-browser.cjs +3 -2
  115. package/lib/index-browser.cjs.map +1 -1
  116. package/lib/{index-node-BCM1mkg5.js → index-node-Dy4fVJGl.js} +496 -599
  117. package/lib/index-node-Dy4fVJGl.js.map +1 -0
  118. package/lib/index-node.cjs +3 -2
  119. package/lib/index-node.cjs.map +1 -1
  120. package/lib/index.cjs +3 -2
  121. package/lib/index.cjs.map +1 -1
  122. package/lib/types/account/AccountInfo.d.ts +2 -1
  123. package/lib/types/account/AccountInfo.d.ts.map +1 -1
  124. package/lib/types/cache/CacheManager.d.ts +15 -20
  125. package/lib/types/cache/CacheManager.d.ts.map +1 -1
  126. package/lib/types/cache/entities/AccountEntity.d.ts +2 -14
  127. package/lib/types/cache/entities/AccountEntity.d.ts.map +1 -1
  128. package/lib/types/cache/entities/CredentialEntity.d.ts +1 -1
  129. package/lib/types/cache/entities/CredentialEntity.d.ts.map +1 -1
  130. package/lib/types/cache/interface/ICacheManager.d.ts +2 -10
  131. package/lib/types/cache/interface/ICacheManager.d.ts.map +1 -1
  132. package/lib/types/cache/utils/CacheHelpers.d.ts +4 -13
  133. package/lib/types/cache/utils/CacheHelpers.d.ts.map +1 -1
  134. package/lib/types/client/RefreshTokenClient.d.ts.map +1 -1
  135. package/lib/types/error/ClientConfigurationError.d.ts +10 -0
  136. package/lib/types/error/ClientConfigurationError.d.ts.map +1 -1
  137. package/lib/types/error/ClientConfigurationErrorCodes.d.ts +2 -0
  138. package/lib/types/error/ClientConfigurationErrorCodes.d.ts.map +1 -1
  139. package/lib/types/exports-common.d.ts +1 -1
  140. package/lib/types/exports-common.d.ts.map +1 -1
  141. package/lib/types/packageMetadata.d.ts +1 -1
  142. package/lib/types/packageMetadata.d.ts.map +1 -1
  143. package/lib/types/request/BaseAuthRequest.d.ts +5 -1
  144. package/lib/types/request/BaseAuthRequest.d.ts.map +1 -1
  145. package/lib/types/request/RequestParameterBuilder.d.ts +6 -0
  146. package/lib/types/request/RequestParameterBuilder.d.ts.map +1 -1
  147. package/lib/types/response/ResponseHandler.d.ts.map +1 -1
  148. package/lib/types/telemetry/performance/PerformanceEvent.d.ts +2 -0
  149. package/lib/types/telemetry/performance/PerformanceEvent.d.ts.map +1 -1
  150. package/lib/types/utils/Constants.d.ts +5 -1
  151. package/lib/types/utils/Constants.d.ts.map +1 -1
  152. package/lib/types/utils/TimeUtils.d.ts +7 -0
  153. package/lib/types/utils/TimeUtils.d.ts.map +1 -1
  154. package/package.json +1 -1
  155. package/src/account/AccountInfo.ts +16 -2
  156. package/src/cache/CacheManager.ts +50 -125
  157. package/src/cache/entities/AccountEntity.ts +7 -38
  158. package/src/cache/entities/CredentialEntity.ts +1 -1
  159. package/src/cache/interface/ICacheManager.ts +2 -15
  160. package/src/cache/utils/CacheHelpers.ts +11 -83
  161. package/src/client/RefreshTokenClient.ts +1 -2
  162. package/src/client/SilentFlowClient.ts +2 -2
  163. package/src/error/ClientConfigurationError.ts +16 -0
  164. package/src/error/ClientConfigurationErrorCodes.ts +3 -0
  165. package/src/exports-common.ts +1 -0
  166. package/src/packageMetadata.ts +1 -1
  167. package/src/protocol/Authorize.ts +1 -1
  168. package/src/request/BaseAuthRequest.ts +5 -1
  169. package/src/request/RequestParameterBuilder.ts +16 -0
  170. package/src/response/ResponseHandler.ts +3 -1
  171. package/src/telemetry/performance/PerformanceEvent.ts +14 -0
  172. package/src/utils/Constants.ts +6 -2
  173. package/src/utils/TimeUtils.ts +15 -0
  174. package/lib/index-node-BCM1mkg5.js.map +0 -1
@@ -23,6 +23,7 @@ export type AccountInfo = {
23
23
  tenantId: string;
24
24
  username: string;
25
25
  localAccountId: string;
26
+ loginHint?: string;
26
27
  name?: string;
27
28
  idToken?: string;
28
29
  idTokenClaims?: TokenClaims & {
@@ -44,7 +45,7 @@ export type AccountInfo = {
44
45
  */
45
46
  export type TenantProfile = Pick<
46
47
  AccountInfo,
47
- "tenantId" | "localAccountId" | "name"
48
+ "tenantId" | "localAccountId" | "name" | "username" | "loginHint"
48
49
  > & {
49
50
  /**
50
51
  * - isHomeTenant - True if this is the home tenant profile of the account, false if it's a guest tenant profile
@@ -91,7 +92,17 @@ export function buildTenantProfile(
91
92
  idTokenClaims?: TokenClaims
92
93
  ): TenantProfile {
93
94
  if (idTokenClaims) {
94
- const { oid, sub, tid, name, tfp, acr } = idTokenClaims;
95
+ const {
96
+ oid,
97
+ sub,
98
+ tid,
99
+ name,
100
+ tfp,
101
+ acr,
102
+ preferred_username,
103
+ upn,
104
+ login_hint,
105
+ } = idTokenClaims;
95
106
 
96
107
  /**
97
108
  * Since there is no way to determine if the authority is AAD or B2C, we exhaust all the possible claims that can serve as tenant ID with the following precedence:
@@ -105,12 +116,15 @@ export function buildTenantProfile(
105
116
  tenantId: tenantId,
106
117
  localAccountId: oid || sub || "",
107
118
  name: name,
119
+ username: preferred_username || upn || "",
120
+ loginHint: login_hint,
108
121
  isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
109
122
  };
110
123
  } else {
111
124
  return {
112
125
  tenantId,
113
126
  localAccountId,
127
+ username: "",
114
128
  isHomeTenant: tenantIdMatchesHomeTenant(tenantId, homeAccountId),
115
129
  };
116
130
  }
@@ -19,10 +19,8 @@ import {
19
19
  THE_FAMILY_ID,
20
20
  AUTHORITY_METADATA_CONSTANTS,
21
21
  AuthenticationScheme,
22
- Separators,
23
22
  } from "../utils/Constants.js";
24
23
  import { CredentialEntity } from "./entities/CredentialEntity.js";
25
- import { generateCredentialKey } from "./utils/CacheHelpers.js";
26
24
  import { ScopeSet } from "../request/ScopeSet.js";
27
25
  import { AccountEntity } from "./entities/AccountEntity.js";
28
26
  import { AccessTokenEntity } from "./entities/AccessTokenEntity.js";
@@ -252,6 +250,18 @@ export abstract class CacheManager implements ICacheManager {
252
250
  */
253
251
  abstract getTokenKeys(): TokenKeys;
254
252
 
253
+ /**
254
+ * Returns credential cache key from the entity
255
+ * @param credential
256
+ */
257
+ abstract generateCredentialKey(credential: CredentialEntity): string;
258
+
259
+ /**
260
+ * Returns the account cache key from the account info
261
+ * @param account
262
+ */
263
+ abstract generateAccountKey(account: AccountInfo): string;
264
+
255
265
  /**
256
266
  * Returns all the accounts in the cache that match the optional filter. If no filter is provided, all accounts are returned.
257
267
  * @param accountFilter - (Optional) filter to narrow down the accounts returned
@@ -635,11 +645,6 @@ export abstract class CacheManager implements ICacheManager {
635
645
  const allAccountKeys = this.getAccountKeys();
636
646
  const matchingAccounts: AccountEntity[] = [];
637
647
  allAccountKeys.forEach((cacheKey) => {
638
- if (!this.isAccountKey(cacheKey, accountFilter.homeAccountId)) {
639
- // Don't parse value if the key doesn't match the account filters
640
- return;
641
- }
642
-
643
648
  const entity: AccountEntity | null = this.getAccount(
644
649
  cacheKey,
645
650
  correlationId
@@ -722,86 +727,6 @@ export abstract class CacheManager implements ICacheManager {
722
727
  return matchingAccounts;
723
728
  }
724
729
 
725
- /**
726
- * Returns true if the given key matches our account key schema. Also matches homeAccountId and/or tenantId if provided
727
- * @param key
728
- * @param homeAccountId
729
- * @param tenantId
730
- * @returns
731
- */
732
- isAccountKey(
733
- key: string,
734
- homeAccountId?: string,
735
- tenantId?: string
736
- ): boolean {
737
- if (key.split(Separators.CACHE_KEY_SEPARATOR).length < 3) {
738
- // Account cache keys contain 3 items separated by '-' (each item may also contain '-')
739
- return false;
740
- }
741
-
742
- if (
743
- homeAccountId &&
744
- !key.toLowerCase().includes(homeAccountId.toLowerCase())
745
- ) {
746
- return false;
747
- }
748
-
749
- if (tenantId && !key.toLowerCase().includes(tenantId.toLowerCase())) {
750
- return false;
751
- }
752
-
753
- // Do not check environment as aliasing can cause false negatives
754
-
755
- return true;
756
- }
757
-
758
- /**
759
- * Returns true if the given key matches our credential key schema.
760
- * @param key
761
- */
762
- isCredentialKey(key: string): boolean {
763
- if (key.split(Separators.CACHE_KEY_SEPARATOR).length < 6) {
764
- // Credential cache keys contain 6 items separated by '-' (each item may also contain '-')
765
- return false;
766
- }
767
-
768
- const lowerCaseKey = key.toLowerCase();
769
- // Credential keys must indicate what credential type they represent
770
- if (
771
- lowerCaseKey.indexOf(CredentialType.ID_TOKEN.toLowerCase()) ===
772
- -1 &&
773
- lowerCaseKey.indexOf(CredentialType.ACCESS_TOKEN.toLowerCase()) ===
774
- -1 &&
775
- lowerCaseKey.indexOf(
776
- CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()
777
- ) === -1 &&
778
- lowerCaseKey.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) ===
779
- -1
780
- ) {
781
- return false;
782
- }
783
-
784
- if (
785
- lowerCaseKey.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) >
786
- -1
787
- ) {
788
- // Refresh tokens must contain the client id or family id
789
- const clientIdValidation = `${CredentialType.REFRESH_TOKEN}${Separators.CACHE_KEY_SEPARATOR}${this.clientId}${Separators.CACHE_KEY_SEPARATOR}`;
790
- const familyIdValidation = `${CredentialType.REFRESH_TOKEN}${Separators.CACHE_KEY_SEPARATOR}${THE_FAMILY_ID}${Separators.CACHE_KEY_SEPARATOR}`;
791
- if (
792
- lowerCaseKey.indexOf(clientIdValidation.toLowerCase()) === -1 &&
793
- lowerCaseKey.indexOf(familyIdValidation.toLowerCase()) === -1
794
- ) {
795
- return false;
796
- }
797
- } else if (lowerCaseKey.indexOf(this.clientId.toLowerCase()) === -1) {
798
- // Tokens must contain the clientId
799
- return false;
800
- }
801
-
802
- return true;
803
- }
804
-
805
730
  /**
806
731
  * Returns whether or not the given credential entity matches the filter
807
732
  * @param entity
@@ -974,10 +899,9 @@ export abstract class CacheManager implements ICacheManager {
974
899
  * Removes all accounts and related tokens from cache.
975
900
  */
976
901
  removeAllAccounts(correlationId: string): void {
977
- const allAccountKeys = this.getAccountKeys();
978
-
979
- allAccountKeys.forEach((cacheKey) => {
980
- this.removeAccount(cacheKey, correlationId);
902
+ const accounts = this.getAllAccounts({}, correlationId);
903
+ accounts.forEach((account) => {
904
+ this.removeAccount(account, correlationId);
981
905
  });
982
906
  }
983
907
 
@@ -985,39 +909,47 @@ export abstract class CacheManager implements ICacheManager {
985
909
  * Removes the account and related tokens for a given account key
986
910
  * @param account
987
911
  */
988
- removeAccount(accountKey: string, correlationId: string): void {
989
- const account = this.getAccount(accountKey, correlationId);
990
- if (!account) {
991
- return;
992
- }
912
+ removeAccount(account: AccountInfo, correlationId: string): void {
993
913
  this.removeAccountContext(account, correlationId);
994
- this.removeItem(accountKey, correlationId);
914
+ const accountKeys = this.getAccountKeys();
915
+ const keyFilter = (key: string): boolean => {
916
+ return (
917
+ key.includes(account.homeAccountId) &&
918
+ key.includes(account.environment)
919
+ );
920
+ };
921
+ accountKeys.filter(keyFilter).forEach((key) => {
922
+ this.removeItem(key, correlationId);
923
+ this.performanceClient.incrementFields(
924
+ { accountsRemoved: 1 },
925
+ correlationId
926
+ );
927
+ });
995
928
  }
996
929
 
997
930
  /**
998
931
  * Removes credentials associated with the provided account
999
932
  * @param account
1000
933
  */
1001
- removeAccountContext(account: AccountEntity, correlationId: string): void {
934
+ removeAccountContext(account: AccountInfo, correlationId: string): void {
1002
935
  const allTokenKeys = this.getTokenKeys();
1003
- const accountId = account.generateAccountId();
936
+ const keyFilter = (key: string): boolean => {
937
+ return (
938
+ key.includes(account.homeAccountId) &&
939
+ key.includes(account.environment)
940
+ );
941
+ };
1004
942
 
1005
- allTokenKeys.idToken.forEach((key) => {
1006
- if (key.indexOf(accountId) === 0) {
1007
- this.removeIdToken(key, correlationId);
1008
- }
943
+ allTokenKeys.idToken.filter(keyFilter).forEach((key) => {
944
+ this.removeIdToken(key, correlationId);
1009
945
  });
1010
946
 
1011
- allTokenKeys.accessToken.forEach((key) => {
1012
- if (key.indexOf(accountId) === 0) {
1013
- this.removeAccessToken(key, correlationId);
1014
- }
947
+ allTokenKeys.accessToken.filter(keyFilter).forEach((key) => {
948
+ this.removeAccessToken(key, correlationId);
1015
949
  });
1016
950
 
1017
- allTokenKeys.refreshToken.forEach((key) => {
1018
- if (key.indexOf(accountId) === 0) {
1019
- this.removeRefreshToken(key, correlationId);
1020
- }
951
+ allTokenKeys.refreshToken.filter(keyFilter).forEach((key) => {
952
+ this.removeRefreshToken(key, correlationId);
1021
953
  });
1022
954
  }
1023
955
 
@@ -1075,19 +1007,6 @@ export abstract class CacheManager implements ICacheManager {
1075
1007
  return true;
1076
1008
  }
1077
1009
 
1078
- /**
1079
- * Retrieve AccountEntity from cache
1080
- * @param account
1081
- */
1082
- readAccountFromCache(
1083
- account: AccountInfo,
1084
- correlationId: string
1085
- ): AccountEntity | null {
1086
- const accountKey: string =
1087
- AccountEntity.generateAccountCacheKey(account);
1088
- return this.getAccount(accountKey, correlationId);
1089
- }
1090
-
1091
1010
  /**
1092
1011
  * Retrieve IdTokenEntity from cache
1093
1012
  * @param account {AccountInfo}
@@ -1335,7 +1254,7 @@ export abstract class CacheManager implements ICacheManager {
1335
1254
  );
1336
1255
  accessTokens.forEach((accessToken) => {
1337
1256
  this.removeAccessToken(
1338
- generateCredentialKey(accessToken),
1257
+ this.generateCredentialKey(accessToken),
1339
1258
  correlationId
1340
1259
  );
1341
1260
  });
@@ -1958,4 +1877,10 @@ export class DefaultStorageClass extends CacheManager {
1958
1877
  getTokenKeys(): TokenKeys {
1959
1878
  throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
1960
1879
  }
1880
+ generateCredentialKey(): string {
1881
+ throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
1882
+ }
1883
+ generateAccountKey(): string {
1884
+ throw createClientAuthError(ClientAuthErrorCodes.methodNotImplemented);
1885
+ }
1961
1886
  }
@@ -3,7 +3,7 @@
3
3
  * Licensed under the MIT License.
4
4
  */
5
5
 
6
- import { CacheAccountType, Separators } from "../../utils/Constants.js";
6
+ import { CacheAccountType } from "../../utils/Constants.js";
7
7
  import type { Authority } from "../../authority/Authority.js";
8
8
  import { ICrypto } from "../../crypto/ICrypto.js";
9
9
  import { ClientInfo, buildClientInfo } from "../../account/ClientInfo.js";
@@ -54,6 +54,7 @@ export class AccountEntity {
54
54
  localAccountId: string;
55
55
  username: string;
56
56
  authorityType: string;
57
+ loginHint?: string;
57
58
  clientInfo?: string;
58
59
  name?: string;
59
60
  lastModificationTime?: string;
@@ -62,28 +63,7 @@ export class AccountEntity {
62
63
  msGraphHost?: string;
63
64
  nativeAccountId?: string;
64
65
  tenantProfiles?: Array<TenantProfile>;
65
- lastUpdatedAt?: string;
66
-
67
- /**
68
- * Generate Account Id key component as per the schema: <home_account_id>-<environment>
69
- */
70
- generateAccountId(): string {
71
- const accountId: Array<string> = [this.homeAccountId, this.environment];
72
- return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
73
- }
74
-
75
- /**
76
- * Generate Account Cache Key as per the schema: <home_account_id>-<environment>-<realm*>
77
- */
78
- generateAccountKey(): string {
79
- return AccountEntity.generateAccountCacheKey({
80
- homeAccountId: this.homeAccountId,
81
- environment: this.environment,
82
- tenantId: this.realm,
83
- username: this.username,
84
- localAccountId: this.localAccountId,
85
- });
86
- }
66
+ lastUpdatedAt: string;
87
67
 
88
68
  /**
89
69
  * Returns the AccountInfo interface for this account.
@@ -95,6 +75,7 @@ export class AccountEntity {
95
75
  tenantId: this.realm,
96
76
  username: this.username,
97
77
  localAccountId: this.localAccountId,
78
+ loginHint: this.loginHint,
98
79
  name: this.name,
99
80
  nativeAccountId: this.nativeAccountId,
100
81
  authorityType: this.authorityType,
@@ -114,21 +95,6 @@ export class AccountEntity {
114
95
  return !this.tenantProfiles;
115
96
  }
116
97
 
117
- /**
118
- * Generates account key from interface
119
- * @param accountInterface
120
- */
121
- static generateAccountCacheKey(accountInterface: AccountInfo): string {
122
- const homeTenantId = accountInterface.homeAccountId.split(".")[1];
123
- const accountKey = [
124
- accountInterface.homeAccountId,
125
- accountInterface.environment || "",
126
- homeTenantId || accountInterface.tenantId || "",
127
- ];
128
-
129
- return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
130
- }
131
-
132
98
  /**
133
99
  * Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.
134
100
  * @param accountDetails
@@ -207,6 +173,7 @@ export class AccountEntity {
207
173
  : null;
208
174
 
209
175
  account.username = preferredUsername || email || "";
176
+ account.loginHint = accountDetails.idTokenClaims?.login_hint;
210
177
  account.name = accountDetails.idTokenClaims?.name || "";
211
178
 
212
179
  account.cloudGraphHostName = accountDetails.cloudGraphHostName;
@@ -252,6 +219,7 @@ export class AccountEntity {
252
219
 
253
220
  account.username = accountInfo.username;
254
221
  account.name = accountInfo.name;
222
+ account.loginHint = accountInfo.loginHint;
255
223
 
256
224
  account.cloudGraphHostName = cloudGraphHostName;
257
225
  account.msGraphHost = msGraphHost;
@@ -353,6 +321,7 @@ export class AccountEntity {
353
321
  accountA.localAccountId === accountB.localAccountId &&
354
322
  accountA.username === accountB.username &&
355
323
  accountA.tenantId === accountB.tenantId &&
324
+ accountA.loginHint === accountB.loginHint &&
356
325
  accountA.environment === accountB.environment &&
357
326
  accountA.nativeAccountId === accountB.nativeAccountId &&
358
327
  claimsMatch
@@ -34,5 +34,5 @@ export type CredentialEntity = {
34
34
  /** Matches the SHA 256 hash of the claims object included in the token request */
35
35
  requestedClaimsHash?: string;
36
36
  /** Timestamp when the entry was last updated */
37
- lastUpdatedAt?: string;
37
+ lastUpdatedAt: string;
38
38
  };
@@ -29,19 +29,6 @@ export interface ICacheManager {
29
29
  */
30
30
  setAccount(account: AccountEntity, correlationId: string): Promise<void>;
31
31
 
32
- /**
33
- * Returns true if the given key matches our account key schema. Also matches homeAccountId and/or tenantId if provided
34
- * @param key
35
- * @param homeAccountId
36
- * @param tenantId
37
- * @returns
38
- */
39
- isAccountKey(
40
- key: string,
41
- homeAccountId?: string,
42
- tenantId?: string
43
- ): boolean;
44
-
45
32
  /**
46
33
  * fetch the idToken entity from the platform cache
47
34
  * @param idTokenKey
@@ -221,13 +208,13 @@ export interface ICacheManager {
221
208
  * returns a boolean if the given account is removed
222
209
  * @param account
223
210
  */
224
- removeAccount(accountKey: string, correlationId: string): void;
211
+ removeAccount(account: AccountInfo, correlationId: string): void;
225
212
 
226
213
  /**
227
214
  * returns a boolean if the given account is removed
228
215
  * @param account
229
216
  */
230
- removeAccountContext(account: AccountEntity, correlationId: string): void;
217
+ removeAccountContext(account: AccountInfo, correlationId: string): void;
231
218
 
232
219
  /**
233
220
  * @param key
@@ -28,28 +28,6 @@ import { CredentialEntity } from "../entities/CredentialEntity.js";
28
28
  import { IdTokenEntity } from "../entities/IdTokenEntity.js";
29
29
  import { RefreshTokenEntity } from "../entities/RefreshTokenEntity.js";
30
30
 
31
- /**
32
- * Cache Key: <home_account_id>-<environment>-<credential_type>-<client_id or familyId>-<realm>-<scopes>-<claims hash>-<scheme>
33
- * IdToken Example: uid.utid-login.microsoftonline.com-idtoken-app_client_id-contoso.com
34
- * AccessToken Example: uid.utid-login.microsoftonline.com-accesstoken-app_client_id-contoso.com-scope1 scope2--pop
35
- * RefreshToken Example: uid.utid-login.microsoftonline.com-refreshtoken-1-contoso.com
36
- * @param credentialEntity
37
- * @returns
38
- */
39
- export function generateCredentialKey(
40
- credentialEntity: CredentialEntity
41
- ): string {
42
- const credentialKey = [
43
- generateAccountId(credentialEntity),
44
- generateCredentialId(credentialEntity),
45
- generateTarget(credentialEntity),
46
- generateClaimsHash(credentialEntity),
47
- generateScheme(credentialEntity),
48
- ];
49
-
50
- return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
51
- }
52
-
53
31
  /**
54
32
  * Create IdTokenEntity
55
33
  * @param homeAccountId
@@ -71,6 +49,7 @@ export function createIdTokenEntity(
71
49
  clientId: clientId,
72
50
  secret: idToken,
73
51
  realm: tenantId,
52
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
74
53
  };
75
54
 
76
55
  return idTokenEntity;
@@ -116,6 +95,7 @@ export function createAccessTokenEntity(
116
95
  realm: tenantId,
117
96
  target: scopes,
118
97
  tokenType: tokenType || AuthenticationScheme.BEARER,
98
+ lastUpdatedAt: Date.now().toString(), // Set the last updated time to now
119
99
  };
120
100
 
121
101
  if (userAssertionHash) {
@@ -184,6 +164,7 @@ export function createRefreshTokenEntity(
184
164
  environment: environment,
185
165
  clientId: clientId,
186
166
  secret: refreshToken,
167
+ lastUpdatedAt: Date.now().toString(),
187
168
  };
188
169
 
189
170
  if (userAssertionHash) {
@@ -201,7 +182,7 @@ export function createRefreshTokenEntity(
201
182
  return rtEntity;
202
183
  }
203
184
 
204
- export function isCredentialEntity(entity: object): boolean {
185
+ export function isCredentialEntity(entity: object): entity is CredentialEntity {
205
186
  return (
206
187
  entity.hasOwnProperty("homeAccountId") &&
207
188
  entity.hasOwnProperty("environment") &&
@@ -215,7 +196,9 @@ export function isCredentialEntity(entity: object): boolean {
215
196
  * Validates an entity: checks for all expected params
216
197
  * @param entity
217
198
  */
218
- export function isAccessTokenEntity(entity: object): boolean {
199
+ export function isAccessTokenEntity(
200
+ entity: object
201
+ ): entity is AccessTokenEntity {
219
202
  if (!entity) {
220
203
  return false;
221
204
  }
@@ -234,7 +217,7 @@ export function isAccessTokenEntity(entity: object): boolean {
234
217
  * Validates an entity: checks for all expected params
235
218
  * @param entity
236
219
  */
237
- export function isIdTokenEntity(entity: object): boolean {
220
+ export function isIdTokenEntity(entity: object): entity is IdTokenEntity {
238
221
  if (!entity) {
239
222
  return false;
240
223
  }
@@ -250,7 +233,9 @@ export function isIdTokenEntity(entity: object): boolean {
250
233
  * Validates an entity: checks for all expected params
251
234
  * @param entity
252
235
  */
253
- export function isRefreshTokenEntity(entity: object): boolean {
236
+ export function isRefreshTokenEntity(
237
+ entity: object
238
+ ): entity is RefreshTokenEntity {
254
239
  if (!entity) {
255
240
  return false;
256
241
  }
@@ -261,63 +246,6 @@ export function isRefreshTokenEntity(entity: object): boolean {
261
246
  );
262
247
  }
263
248
 
264
- /**
265
- * Generate Account Id key component as per the schema: <home_account_id>-<environment>
266
- */
267
- function generateAccountId(credentialEntity: CredentialEntity): string {
268
- const accountId: Array<string> = [
269
- credentialEntity.homeAccountId,
270
- credentialEntity.environment,
271
- ];
272
- return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
273
- }
274
-
275
- /**
276
- * Generate Credential Id key component as per the schema: <credential_type>-<client_id>-<realm>
277
- */
278
- function generateCredentialId(credentialEntity: CredentialEntity): string {
279
- const clientOrFamilyId =
280
- credentialEntity.credentialType === CredentialType.REFRESH_TOKEN
281
- ? credentialEntity.familyId || credentialEntity.clientId
282
- : credentialEntity.clientId;
283
- const credentialId: Array<string> = [
284
- credentialEntity.credentialType,
285
- clientOrFamilyId,
286
- credentialEntity.realm || "",
287
- ];
288
-
289
- return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();
290
- }
291
-
292
- /**
293
- * Generate target key component as per schema: <target>
294
- */
295
- function generateTarget(credentialEntity: CredentialEntity): string {
296
- return (credentialEntity.target || "").toLowerCase();
297
- }
298
-
299
- /**
300
- * Generate requested claims key component as per schema: <requestedClaims>
301
- */
302
- function generateClaimsHash(credentialEntity: CredentialEntity): string {
303
- return (credentialEntity.requestedClaimsHash || "").toLowerCase();
304
- }
305
-
306
- /**
307
- * Generate scheme key componenet as per schema: <scheme>
308
- */
309
- function generateScheme(credentialEntity: CredentialEntity): string {
310
- /*
311
- * PoP Tokens and SSH certs include scheme in cache key
312
- * Cast to lowercase to handle "bearer" from ADFS
313
- */
314
- return credentialEntity.tokenType &&
315
- credentialEntity.tokenType.toLowerCase() !==
316
- AuthenticationScheme.BEARER.toLowerCase()
317
- ? credentialEntity.tokenType.toLowerCase()
318
- : "";
319
- }
320
-
321
249
  /**
322
250
  * validates if a given cache entry is "Telemetry", parses <key,value>
323
251
  * @param key
@@ -47,7 +47,6 @@ import {
47
47
  import { PerformanceEvents } from "../telemetry/performance/PerformanceEvent.js";
48
48
  import { IPerformanceClient } from "../telemetry/performance/IPerformanceClient.js";
49
49
  import { invoke, invokeAsync } from "../utils/FunctionWrappers.js";
50
- import { generateCredentialKey } from "../cache/utils/CacheHelpers.js";
51
50
  import { ClientAssertion } from "../account/ClientCredentials.js";
52
51
  import { getClientAssertion } from "../utils/ClientAssertionUtils.js";
53
52
  import { getRequestThumbprint } from "../network/RequestThumbprint.js";
@@ -273,7 +272,7 @@ export class RefreshTokenClient extends BaseClient {
273
272
  "acquireTokenWithRefreshToken: bad refresh token, removing from cache"
274
273
  );
275
274
  const badRefreshTokenKey =
276
- generateCredentialKey(refreshToken);
275
+ this.cacheManager.generateCredentialKey(refreshToken);
277
276
  this.cacheManager.removeRefreshToken(
278
277
  badRefreshTokenKey,
279
278
  request.correlationId
@@ -115,8 +115,8 @@ export class SilentFlowClient extends BaseClient {
115
115
  const environment =
116
116
  request.authority || this.authority.getPreferredCache();
117
117
  const cacheRecord: CacheRecord = {
118
- account: this.cacheManager.readAccountFromCache(
119
- request.account,
118
+ account: this.cacheManager.getAccount(
119
+ this.cacheManager.generateAccountKey(request.account),
120
120
  request.correlationId
121
121
  ),
122
122
  accessToken: cachedAccessToken,
@@ -49,6 +49,10 @@ export const ClientConfigurationErrorMessages = {
49
49
  "Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",
50
50
  [ClientConfigurationErrorCodes.authorityMismatch]:
51
51
  "Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",
52
+ [ClientConfigurationErrorCodes.invalidAuthorizePostBodyParameters]:
53
+ "Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",
54
+ [ClientConfigurationErrorCodes.invalidRequestMethodForEAR]:
55
+ "Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST.",
52
56
  };
53
57
 
54
58
  /**
@@ -182,6 +186,18 @@ export const ClientConfigurationErrorMessage = {
182
186
  ClientConfigurationErrorCodes.authorityMismatch
183
187
  ],
184
188
  },
189
+ invalidAuthorizePostBodyParameters: {
190
+ code: ClientConfigurationErrorCodes.invalidAuthorizePostBodyParameters,
191
+ desc: ClientConfigurationErrorMessages[
192
+ ClientConfigurationErrorCodes.invalidAuthorizePostBodyParameters
193
+ ],
194
+ },
195
+ invalidRequestMethodForEAR: {
196
+ code: ClientConfigurationErrorCodes.invalidRequestMethodForEAR,
197
+ desc: ClientConfigurationErrorMessages[
198
+ ClientConfigurationErrorCodes.invalidRequestMethodForEAR
199
+ ],
200
+ },
185
201
  };
186
202
 
187
203
  /**
@@ -25,3 +25,6 @@ export const invalidAuthenticationHeader = "invalid_authentication_header";
25
25
  export const cannotSetOIDCOptions = "cannot_set_OIDCOptions";
26
26
  export const cannotAllowPlatformBroker = "cannot_allow_platform_broker";
27
27
  export const authorityMismatch = "authority_mismatch";
28
+ export const invalidRequestMethodForEAR = "invalid_request_method_for_EAR";
29
+ export const invalidAuthorizePostBodyParameters =
30
+ "invalid_authorize_post_body_parameters";
@@ -183,6 +183,7 @@ export {
183
183
  GrantType,
184
184
  AADAuthorityConstants,
185
185
  HttpStatus,
186
+ HttpMethod,
186
187
  DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,
187
188
  JsonWebTokenTypes,
188
189
  EncodingTypes,
@@ -1,3 +1,3 @@
1
1
  /* eslint-disable header/header */
2
2
  export const name = "@azure/msal-common";
3
- export const version = "15.8.1";
3
+ export const version = "15.10.0";